[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips September 2, 2003



Clips September 2, 2003

ARTICLES

DVD Industry Wins Ruling
US brings film piracy fight to UK
FBI Says Teen Put Worm on Internet 
Digital Vandalism Spurs a Call for Oversight
Ashcroft Taking Fire From GOP Stalwarts 
Vendor sells Latin American citizen data to U.S.
Airport anti-terror systems flub tests
Kid's been naughty? Instead of grounding, try banning the Internet
Surprising percentage of public fears cyberattacks
Army to test force identification
Navy puts personnel system on Web
Quantum Leap tests network warfare
Portal update doubles traffic for Connecticut site 
'Open source' software trend faces barriers 
Fearing 'spam' label, advertisers wary of e-mail
Man charged with stealing tracking device
Use of RFID tags raises privacy concerns
Protests delay software patents vote 
Tone Deaf to a Moral Dilemma? [Piracy]
Parents get help limiting online time
MIT to uncork futuristic bar code
*******************************
Los Angeles Times
DVD Industry Wins Ruling
State high court holds that free speech rights don't protect computer users who enable others to copy movies illegally.
By Maura Dolan and Jon Healey
Times Staff Writers

August 26, 2003

SAN FRANCISCO  In a case pitting free speech rights against trade secrets, the California Supreme Court ruled on Monday that courts can prevent computer users from posting codes on the Internet that allow others to illegally copy DVDs.

The state high court held that constitutional free speech rights do not protect a computer user whose posting enables others to unlawfully download and copy movies.

The decision was a victory for the DVD and motion picture industries, which contend that movie companies lose more than $3 billion in annual sales to DVD copying and other forms of piracy. Much of the DVD losses stem from publication of the decryption code, the industry says.

Monday's ruling "gives trade secret holders the capability to resort to the courts to prevent and indeed deter individuals from improperly posting trade secrets," said Robert G. Sugarman, who represented the DVD industry. "If they do, they are violating court orders."

The ruling stemmed from an injunction ordering computer programmer Andrew Bunner, 26, to remove a DVD decryption code from his Web site. The code, which cracks the industry's technological locks, was first posted in 1999 by a 15-year-old in Norway who wanted to download movies at home.

More than 100 other Web sites, including Bunner's, copied the code and posted it on the Internet. Most of the other Web sites either settled the cases or simply removed the code, but free speech activists helped Bunner appeal.

David Greene, who represented Bunner, said his client still may prevail when the case returns to the Court of Appeal and the evidence is examined.

But he added that Monday's ruling was troubling for the 1st Amendment in any case and may be appealed. Greene is executive director of the First Amendment Project, which advocates free speech rights.

Under the state high court's reasoning, according to Greene, a court could order anyone to stop publishing an alleged trade secret as long as the content of the publication was not at issue, or if the publication was of technical information.

Bunner had a Web site for selling nutritional supplements and posted the decryption code because he said he thought people would find the information interesting.

Bunner said he had no idea the code was a trade secret.

"I still don't think it is a trade secret," Bunner said Monday.

The DVD Copy Control Assn., which licenses the technology for encrypting DVDs, notified Bunner and others that they were violating the law and asked them to remove the code from their site.

Bunner said he immediately removed it, but the DVD association contends he did not take it off his site until he was ordered to by a judge.

In issuing the injunction, Santa Clara Superior Court Judge William J. Elfving concluded that the DVD industry was likely to prevail in a trial and that Bunner either knew or should have known that the code had been illegally obtained.

Elfving also held that the encryption technology remained a trade secret protected by law even though the means to unravel it had been widely disseminated on the Internet.

A Court of Appeal in Santa Clara County overturned the injunction on the grounds that it violated free speech rights.

The state high court, in an opinion written by Justice Janice Rogers Brown, said the court injunction did not involve government censorship and burdened "no more speech than necessary to serve the government's interest in encouraging innovation and development.

"The protection of trade secrets and the benefits to research and development derived from the government's recognition of this property right depend on the judiciary's power to enjoin disclosures by those who know or have reason to know of their misappropriation," Brown wrote.

The court said that the content of the trade secret in the case "neither involves a matter of public concern nor implicates the core purpose of the 1st Amendment.

"He did not post them to comment on any public issue or to participate in any public debate."

The court returned the case to the Court of Appeal to look at the facts and determine whether the injunction had been properly granted. Among the questions the appeals court will have to answer is whether the encryption technology actually was a trade secret since the code to break it had been so widely publicized.

Justice Carlos R. Moreno agreed in a separate opinion that the 1st Amendment does not categorically prohibit court injunctions to stop the publication of trade secrets. But he argued that the standard for granting such injunctions should be more rigorous. In the DVD case, there was insufficient evidence that the industry would prevail in its litigation because the technology was "not demonstrably secret."

"A preliminary injunction on speech issued without a credible determination that plaintiff will prevail on the merits is a quintessential case of suppressing speech," he wrote.

The code that Bunner published remains available online and in packaged software.

"We understand from what people claim that it is still being posted" by Internet service providers and others, said Sugarman, the DVD association's lawyer. "To the best of our financial ability, we continue to go after them."

Bunner said the ruling was "not great, but I guess it's not as bad as it could have been."

He said he feared Monday's decision might deter people from posting technologies that could be used to develop products helpful to consumers.

Ann Brick, a staff attorney with the American Civil Liberties Union of Northern California, said the decision was troubling because courts may be "too quick to enter a preliminary injunction where it is not appropriate."

Dan Robbins, vice president and counsel of the Motion Picture Assn. of America, called Monday's ruling helpful.

"We think the Supreme Court got it exactly right on the 1st Amendment issue that was in front of them," Robbins said. "Now it's up to the other court to look at these other, highly factual issues involved."
*******************************
BBC Online
US brings film piracy fight to UK
Friday, 29 August, 2003, 17:58 GMT 18:58 UK

America's film industry is taking legal action in the UK against a company that distributes software that enables DVDs to be copied. 
The Motion Picture Association (MPAA) has announced it is seeking an injunction against 321 Studios, which has a UK office, seeking to prevent the sale of the software to customers. 


The MPAA alleges the software breaches the Copyright, Designs and Patents Act 1988 because it allows anti-copying protection of DVDs to be bypassed. 

Jack Valenti, President and CEO of the Motion Picture Association said: "Companies that stand to profit from the violation of copyright laws should be brought to book. 

"No one should be under any illusions about the damage that this dangerous software would do to consumer choice and film-making." 

Mr Valenti added: "The law does not allow for the copying of commercial DVDs, and technologies designed to get round copyright protection are plain unlawful." 

'Breach' 

The MPAA has been at the forefront of a campaign to crackdown on film piracy, estimating it costs the industry $3bn (£1.9bn) a year, including the copying of videos and the taping of movies in cinemas. 

The industry organisation has launched its High Court bid through Warner Home Video UK. 

Lawyer Nick Gardner alleged that the 321 Studios was in "flagrant breach" of the copyright act, which outlaws the sale of devices or software which are designed to defeat copy-protection. 

"We want the High Court to grant an injunction against 321 Studios so as to prevent the sale of this software to consumers in the UK," said Mr Gardner. 

The company, 321 Studios, could not immediately be reached for a comment. 
*******************************
Washington Post
FBI Says Teen Put Worm on Internet 
'Blaster' Variants Spread Worldwide 
By Ben White and Charles Duhigg
Saturday, August 30, 2003; Page A01 

Government investigators yesterday arrested a Minnesota teenager on charges of unleashing a version of the "Blaster" worm that snarled Internet traffic and shut down computer systems from Maryland to Sweden earlier this month.

FBI agents arrested Jeffrey Lee Parson, an 18-year-old high school senior, early yesterday at the home he shares with his parents in Hopkins, Minn. The U.S. attorney's office in Seattle, which is leading the case, charged Parson with intentionally damaging thousands of computers owned by Redmond, Wash.-based Microsoft Corp., other businesses and individuals.

The 6-foot-4, 320-pound Parson -- described by a neighbor as an academically advanced teen who often sported a Mohawk -- appeared before a U.S. magistrate judge in St. Paul but did not enter a plea. He was released without posting bail and returned home. Parson's lawyer, Lyonel Norris, an assistant federal defender for the district of Minnesota, declined to discuss the case.

Parson did little to cover his tracks, according to the criminal complaint. He appears to have boasted of unleashing viruses. According to a version of his Web site, recorded by the Internet search engine Google, Parson claimed to have created a worm called "p2p.teekid.c" that was spread by people using popular services such as Kazaa and iMesh, which are used by millions of people to share songs, video and movie files. Parson used the pseudonym "Teekid" online, according to prosecutors. The site contained no references to Blaster, however.

Prosecutors alleged that Parson modified the existing Blaster virus, which began circulating on the Internet on Aug. 11, and unleashed his own, more insidious version known as Blaster.B, among other names. Computer security experts suggested yesterday that Parson probably downloaded the original worm and simply added a bit more code.

The magistrate judge yesterday ordered that Parson be subject to house arrest and denied access to the Internet. He faces up to 10 years in prison and a $250,000 fine if convicted.

"With this arrest we want to deliver a message to cyber criminals here and around the world that the Department of Justice takes these crimes seriously," U.S. Attorney John McKay said at a news conference in Seattle. Homeland Security Secretary Tom Ridge issued a statement praising the arrest.

McKay said his office is still trying to find the author of the original Blaster.

According to a criminal complaint, the trail to Parson picked up quickly after federal investigators found a Web address -- www.t33kid.com -- embedded in the Blaster.B worm's program.

Federal agents subpoenaed California Regional Internet Inc., the owner of the Internet protocol address corresponding to the Web site, to determine who had registered the site. They found Brian Davis of Watauga, Tex.

Davis told authorities that he controlled the computer hosting www.t33kid.com, but the Web site had been set up and was operated by a user named "teekid." Davis corresponded electronically with "teekid" and provided information to federal authorities that led them to another Web site maintained by the same user, hosted on a home computer. Using public databases, authorities tracked the computer to the Parson home.

Authorities with a warrant searched the Parson home on Aug. 19, seizing seven computers that are undergoing forensic analysis. According to the complaint, Parson admitted to federal agents during the search of his house that he modified the Blaster worm. 

"He's your average high school kid who likes to play with computers, a good kid. I've never known him to get in any trouble at all," said a neighbor, Curtis Mackey. "He's definitely not trying to hurt anybody."

The original Blaster exploited a flaw in a part of Microsoft's Windows operating system, which runs more than 90 percent of the world's personal computers, that allows data files to be shared across computer networks. The fast-moving virus crippled computers around the globe, forcing the Maryland Motor Vehicle Administration to shut down on Aug. 12. Prosecutors allege that Parson's version infected at least 7,000 computers, which were instructed to attack Microsoft's Web site.

At the news conference in Seattle, Microsoft general counsel Brad Smith said all the versions of Blaster had cost the company tens of millions of dollars. McKay said the amount of damage Blaster.B did was significant but declined to elaborate.

Blaster is one of a handful of viruses that have plagued home computer users and businesses this summer and stoked fear that ever-more-savvy hackers could launch attacks that could cripple an economy that increasingly relies on e-mail and Internet access to conduct business.

Last week, officials in the United States and Canada raced to blunt the effects of Sobig.F, a new strain of a virus that has infected computers since January. Investigators said code in Sobig.F instructed infected computers to contact one of 20 other computers to download instructions for another possible cyber attack.

"A lot of the power of viruses that experts have been warning about is now being unleashed," said Aviel Rubin, a professor at the Johns Hopkins University Information Security Institute. "The combination of vulnerable platforms, such as Microsoft's Windows, combined with clever virus writers, is leading to an Internet that is quickly going to make using computers a lot less efficient."

The Blaster worms, unlike some previous viruses, do not require users to open e-mail attachments to spread. Instead, they propagate through the Microsoft vulnerability. Experts at computer security firm Symantec say infection rates of the various versions of the Blaster worms peaked a little over a week ago, infecting a total of 1.2 million machines to date.

Some computer security experts cautioned that Parson's arrest probably won't reveal the identity of the worm's original authors. "Blaster was a sophisticated and complex worm," said Sharon Ruckman, senior director at Symantec Security Response. "Whoever wrote it may be clever enough that we can't track them down."

This case illustrates how easy it is for relatively inexperienced users to launch computer attacks using tools created by others, and how easily worms and viruses can spread, experts said.

"Whoever developed the Blaster worm had to know how to write effective code," said Ken Dunham, malicious code intelligence manager for Reston-based iDefense Inc. "Anyone after that could have spread it without much technical ability."

Experts estimate there are more than 30,000 Web sites containing virus programs and tools for launching attacks. 

In 2001, a 21-year-old in the Netherlands created the Anna Kournikova virus after downloading a "worm generator" program from the Internet that allows users to create viruses by making choices from pull-down menus, Dunham said.

The virus infected hundreds of thousands of computers. The code's author was apprehended and eventually sentenced to 150 hours of community service by a Dutch court.
*******************************
New York Times
September 1, 2003
Digital Vandalism Spurs a Call for Oversight
By AMY HARMON

The teenager accused of creating a version of the Blaster worm that infected computer systems across the world last week has been arrested. SoBig.F, an e-mail virus unleashed on the Internet just as Blaster was being stamped out, is expected to expire next week.

But all is far from quiet on the electronic frontier. Security experts are already preparing for SoBig.G. Another worm may already be squirming through newly discovered flaws in computer operating systems. And in the moments between epidemics, the Internet's more run-of-the-mill annoyances  spam, scams and spyware  can be counted on to keep users on edge.

The Internet has become a vital part of commerce and culture, but it is still a free-for-all when it comes to facing computer meltdowns. As America's 156 million Internet users brace for the next round of digital vandalism, some experts say that it is time for the government to bolster a basic sense of stability in cyberspace that societies expect from their critical public resources.

"The government has essentially relied on the voluntary efforts of industry both to make less-buggy software and make systems more resilient," says Michael A. Vatis, former director of the National Infrastructure Protection Center at the Federal Bureau of Investigation. "What we're seeing is that those voluntary efforts are insufficient, and the repercussions are vast."

Proposals for government action being discussed by policy makers and computer security experts include strengthening the Department of Homeland Security's cybersecurity division and offering tax incentives to businesses for spending on security. Another proposal would require public companies to disclose potential computer security risks in Securities and Exchange Commission filings.

Unlike the airwaves or the highways, the Internet is not subject to government oversight. And even the specter of intervention can raise hackles among business leaders and technologists who see the Internet's openness as crucial to its success as a platform for innovation. 

But the increasing frequency and severity of computer virus attacks  last month's dual assault cost billions of dollars in lost productivity alone  may have muted the antiregulatory reflex.

"We need to encourage private industry and government to raise the standard of cybersecurity," said Representative Mac Thornberry, a Republican from Texas and the chairman of a House subcommittee on cybersecurity. "From my standpoint, we need to be moving more quickly on that front."

Many security experts now advocate direct regulation, in the form of legislation that makes software companies liable for damage caused by security flaws in their products. 

"There's a reason this kind of thing doesn't happen with automobiles," says Bruce Schneier, chief technical officer at Counterpane Internet Security in Cupertino, Calif. "When Firestone produces a tire with a systemic flaw, they're liable. When Microsoft produces an operating system with two systemic flaws per week, they're not liable."

Most software licenses protect vendors from problems arising from vulnerabilities in their code. That leaves many computer users at the mercy of software makers, particularly Microsoft, whose ubiquitous Windows operating system and e-mail programs serve as the starting point for many demons in cyberspace.

Microsoft concedes that its software needs to be designed better, but it also points to the need for users to help ensure their own security.

"There are three major things every consumer and user of computers needs to do," Scott Charney, the security chief for Microsoft, said. "One, get antivirus software and keep it up to date. Two, get a fire wall and turn it on. And three, patch your machines."

That does not lend much comfort to many computer users. 

"Heck, despite being libertarian in nature, I'm all for a government crackdown in this area," one frustrated Web user wrote in an online discussion about the recent virus attacks. "Obviously most home users are not going to know how to install a fire wall."

Advocates of increased regulation say a California law that went into effect in July could serve as a model: the law requires companies conducting business in the state to disclose computer security breaches if they result in unauthorized access to residents' personal information. Customers can sue businesses that violate the new law for civil damages.

What federal officials can do now is track down those who create viruses and prosecute them under existing law. But despite the arrest on Friday of Jeffrey Lee Parson, 18, of Hopkins, Minn., who the F.B.I. thinks wrote the variation of the Blaster worm that was released on Aug. 11, critics have asserted that the Bush administration has relegated Internet security to too low a priority.

The F.B.I.'s National Information Protection Center, which investigated Internet attacks and sought to issue pre-emptive warnings, has been dismantled in an effort to consolidate antiterrorism operations under the Department of Homeland Security. The role of cybersecurity adviser has also been moved out of the White House and into the new department. But no one has been named chief of its cybersecurity division since Howard Schmidt announced his resignation in April. 

"I kind of despair of the government doing anything," said Richard A. Clarke, who held the job before Mr. Schmidt and resigned in January. He warned that the nation would face a "digital Pearl Harbor" unless it took online security more seriously.

The rapidly rising level of aggravation in the face of the SoBig and Blaster attacks signals what could be a turning point for a medium that until now has been embraced as an unregulated engine of progress.

A survey released yesterday by the Pew Internet and American Life Project said that nearly 60 percent of Internet users say they favor the government's requiring American corporations  who are often reluctant to admit that their computers have been compromised  to disclose more information about their vulnerabilities. Half of those surveyed said they worried about terrorists damaging the Internet.

"It's been this nice electronic playground, but you can't help starting to wonder if maybe all this connection is not so great," said Ellen Waite-Franzen, vice president for computing and information services at Brown University. She sent teams of technical support workers into dormitory rooms to disinfect student computers after the school's network suffered a failure last week. "Now it feels like a war zone."

But some longtime Internet users worry that decisions about security, if left in private hands, may balkanize a network whose openness is precisely what has permitted it to flourish. Lawrence Lessig, a Stanford University law professor who is an expert on cyberspace, says, "There's an opportunity here for policy that would address the harms of worms and viruses and spam and invasions of privacy, without breaking the Internet."
*******************************
Washington Post
Ashcroft Taking Fire From GOP Stalwarts 
More Wish to Curb Anti-Terrorism Powers 
By Dan Eggen and Jim VandeHei
Friday, August 29, 2003; Page A01 

BOISE, Idaho -- Even here, in a bedrock Republican state in the heart of the conservative Mountain West, a lot of people think Attorney General John D. Ashcroft has gone too far.

One of this state's most prominent politicians, Rep. C.L. "Butch" Otter (R), is leading an effort in Congress to curtail the centerpiece of Ashcroft's anti-terrorism strategy, the USA Patriot Act. Sen. Larry E. Craig (R-Idaho), who used to croon alongside Ashcroft in a senatorial quartet, said this month that Congress may have to consider scaling back parts of the law. And in a state with an all-GOP congressional delegation, several city councils and the legislature are considering resolutions condemning Ashcroft's tactics in the war on terrorism.

"Ashcroft wants more power," said state Rep. Charles Eberle (R-Post Falls), who has drafted a resolution critical of the Patriot Act. "What a lot of us in Idaho are saying is, 'Let's not get rid of the checks and balances.' . . . People out here in the West are used to taking care of themselves. We don't like the government intruding on our constitutional rights."

Ashcroft has always been one of the Bush administration's most controversial figures, particularly among liberals and Democrats who fiercely opposed his nomination. But now the attorney general finds himself at odds with some fellow Republicans from Idaho to Capitol Hill who are troubled by the extent of his anti-terrorism tactics and angered by his unwillingness to compromise.

The rise of opposition within his own party could threaten Ashcroft's bid to secure even greater powers for the Justice Department's war on terrorism. 

New Harris Poll numbers released this week also show Ashcroft's overall popularity slipping below 50 percent for the first time this year, while the percentage of those who disapprove of his performance has climbed to nearly 40 percent.

The tumult has made Ashcroft a central issue in the Democratic presidential campaign, where candidates are turning to him and his terrorism policies as a sure-fire way to rally the party faithful. Democrats also hope that focusing on Ashcroft will raise doubts among undecided voters about the Bush administration's tactics in the national security arena.

During a campaign stop in New Hampshire last week, former Vermont governor Howard Dean went so far as to summon the ghosts of Watergate, calling Ashcroft perhaps the worst attorney general in history -- worse, he said, than President Richard M. Nixon's attorney general, John N. Mitchell.

"And he was a criminal," Dean told supporters.

Amid the growing controversy, Ashcroft traveled this week to Boise and two other GOP-friendly cities, Salt Lake City and Las Vegas, as part of a month-long tour to drum up support for the Patriot Act. "Make no mistake: Our strategies and tactics are working," he said. "Our tools are effective. We are winning the war on terror."

The former Missouri senator and governor, who once flirted with a presidential bid as a candidate of the religious right, says he is untroubled by the increased focus on his anti-terrorism policies, and has shown no sign of tempering his rhetoric. In his address Monday to police and prosecutors here, Ashcroft called the war on terrorism "the cause of our times" and, in a thinly veiled jab at Otter, warned that those who want to restrict the law "would tip off the terrorists that we're on to them."

In an interview after the Boise speech, Ashcroft said he pays little attention to criticism from the American Civil Liberties Union and other groups. He said he believes that the Otter amendment approved 309 to 118 by the House in July, which would cut off funding for "sneak-and-peek" warrants, "was a mistake," and that many members did not know what they were voting for.

"I don't take things personally," Ashcroft said. "Debate about civil liberties is a good thing. In no way do I want to silence debate. I want to participate in the debate, to help people understand the truth of what we're doing and how we are defending Americans against terrorists."

But Otter, who was one of only three Republicans to vote against the original Patriot legislation, said Ashcroft and the Bush administration are making a mistake by continuing to ignore objections to the Patriot Act and by implying that those with concerns are aiding terrorists. The measure, approved just weeks after the Sept. 11, 2001, attacks, dramatically expanded the ability of the government to monitor and search the belongings of people targeted in terrorism investigations. It includes provisions that allow FBI agents to conduct secret searches and to seize records from banks, libraries and other businesses without disclosing that they have done so.

"It's pretty reckless to say that 309 members of Congress want to tip off terrorists," said Otter, who noted that more than a third of the votes cast for his amendment came from Republicans. "Instead of hitting the campaign trail, the attorney general should be listening to the concerns that many Americans have about some portions of the act."

Ashcroft has often commented on the bumpiness of his life in politics, which included the embarrassment of losing his Senate seat in 2000 to a Democrat, Mel Carnahan, who remained on the Missouri ballot after he died in a plane crash. Less than three months later, Ashcroft won confirmation as President Bush's attorney general by a 58-42 margin, the narrowest in recent times. As Ashcroft wrote in an autobiography about his political career, "for every crucifixion, a resurrection is waiting to follow."

Since taking office, Ashcroft has drawn the left's ire for the reach of the government's war on terrorism; for overruling local prosecutors in death penalty cases; for altering the government's decades-old interpretation of the Second Amendment's right to bear arms; and for overseeing continued raids on facilities that provide marijuana for medical purposes. Now some conservatives, concerned that the war on terrorism has eroded civil liberties, are joining the criticism of Ashcroft's policies for the first time.

David Israelite, a longtime aide who serves as Ashcroft's deputy chief of staff, said that "being criticized is nothing new for someone who's been a senator or governor. He's more concerned about the judgment of history than the judgment of how he's portrayed in the press or by opportunists on either side."

But many civil liberties advocates and some lawmakers still bristle at Ashcroft's sharply worded testimony before the Senate Judiciary Committee in December 2001, in which he suggested that critics were aiding terrorists and endangering the safety of U.S. citizens.

ACLU Executive Director Anthony D. Romero, whose group has helped organize many of the anti-Patriot Act resolutions approved in recent months by more than 150 municipalities and states, said Ashcroft is now "clearly on the defensive. He and the Justice Department have finally understood that there are large portions of the public raising questions about their policies on terrorism and the Patriot Act. The opposition is springing up all across the country."

Yet it is still unclear whether bashing Ashcroft will be a political winner in 2004. As Ashcroft and his aides point out, most Americans and lawmakers supported the Patriot Act when it was approved in October 2001, and few voters mention it as a top concern when questioned by pollsters. Rep. Richard A. Gephardt (Mo.) and Sens. John F. Kerry (Mass.), John Edwards (N.C.) and Joseph I. Lieberman (Conn.) -- all of whom are Democrats running for president and criticizing Ashcroft -- were among those who voted for the act. 

Ed Gillespie, chairman of the Republican National Committee, said Democrats have little to gain politically from targeting the attorney general because his tactics are favored by most of the electorate.

"The Democrats who are attacking John Ashcroft and his policies to appeal to the hard-core component of the Democratic primary electorate are likely to find themselves on the opposite side of a vast majority of Americans, who are concerned about the threat of terrorist attacks in the aftermath of September 11," he said.

Ashcroft and the White House point to a July 31 Fox News/Opinion Dynamics poll showing that 91 percent of registered voters said the act had not affected their civil liberties, while 56 percent said the law is good for the country. Moreover, the Sept. 11, 2001, attacks appear to have changed U.S. attitudes over how much latitude the federal government needs and should be given to fight terrorism, pollsters from both parties said.

At the very least, Democrats believe their attacks on Ashcroft and the Patriot Act will help rally the party's base. They also aim to win over what they see as a big pool of potential voters who have deep concerns about government intrusion into their lives.

Even some Republicans are troubled by Ashcroft's visits to 18 cities in 16 states, questioning whether the tour will do more harm than good by focusing attention on the civil liberties issue. Larry D. Thompson, the departing deputy attorney general, and key White House officials reached out to several conservatives in recent weeks to enlist their help, only to hear of deep concerns about the act from some allies, sources familiar with the effort said.

One Republican who has discussed the matter with White House officials said that, at the very least, Ashcroft is taking the heat instead of Bush. "This gives Bush some distance, because this is an issue with liabilities," he said. The White House may be "sending [Ashcroft] out to see if it works, to test the waters, to see how mad people are," he added.
*******************************
USA Today
Vendor sells Latin American citizen data to U.S.
Posted 9/1/2003 12:01 AM
When Border Patrol agents came across the corpses of 14 Mexican immigrants who died trying to cross the searing Arizona desert in 2001, a brand new tool helped U.S. authorities identify the bodies and, eventually, the smugglers who abandoned them. 
The tool was a database containing the personal information of 65 million voting-age Mexican citizens. The U.S. government bought access to it for $1 million a year from a giant data vendor called ChoicePoint. 

U.S. drug and immigration investigators prized the data, accorting to the Department of Homeland Security and other law enforcement sources, because it gave them latitude to track suspects inside Mexico without alerting local authorities. 

Now ChoicePoint's database is no longer available to help U.S. authorities. An Associated Press report detailing the U.S. government's access to the data triggered a public outcry in Mexico and other Latin American countries from which ChoicuPoint had obtained citizens' private records. 

After the Mexican government complained that its federal voter rolls were the source, and were likely obtained illegally by a Mexican company that sold them to ChoicePoint, the suburban Atlanta company cut off access to that information. 

In June, ChoicePoint wiped its hard drives of Mexicans' home addresses, passport numbers and even unlisted phone numbers. The company also backed out of Costa Rica and Argentina. 

ChoicePoint had been collecting personal information on residents of 10 Latin American countries  apparently without their consent or knowledge  allowing three dozen U.S. agencies to use it to track and arrest suspects inside and outside the United States. 

The revelations helped kindle privacy movements in at least six countries where the company operates. Government officials have ordered  or threatened  inquiries into the data sales, saying ChoicePoint and the U.S. government violated national sovereignty. 

"The federal registry is Mexican patrimony. For a fistful of dollars this information goes to the United States?" asked Julio Tellez Valdes, a law professor and data protection expert at the Monterrey Technical Institute in Mexico. "Millions of Mexicans are now conscious about the necessity of a data protection law." 

The raising of Mexican awareness about personal privacy has not, however, been good for U.S. investigations of drug and immigration smuggling rings, U.S. law enforcers say. They consider foreign data an increasingly potent investigative tool, which can be uset alongside other databases to identify potential terrorists or simply unmask fake identity documents. 

In the deadly immigration case in Arizona, ChoicePoint's tool did just that, helping uncloak a smuggler masquerading as a surviving immigrant, said a person familiar with that investigation. He spoke on condition of anonymity. 

The ChoicePoint data allowed U.S. agents to run their own investigations in Mexico, while keeping Mexican police  who make the arrests  in the dark until the last }oment so corrupt local authorities couldn't tip off suspects, U.S. officials said. 

"We didn't have to rely on the Mexicans to provide us that information," said one federal investigator who used the ChoicePoint data, speaking on condition of anonymity. "You run the risk of corruption when you ask the Mexicans for something." 

Now, Homeland Security's Bureau of Immigration and Customs Enforcement uses less efficient tools, officials said. 

"There's the yin and the yang for these kinds of products," said ChoicePoint marketing director James Lee. U.S. law enforcers "love 'em but they never tell anybody that." 

One U.S. agent said he understood the Mexicans' anger. 

"I don't know that we'd like the Mexican government having the same data on us," said Octavio Duarte, a special agent with the Bureau of Immigration and Customs Enforcement in Yuma, Ariz. 

ChoicePoint also sells U.S. citizens' financial, legal and personal details to the U.S. government. Privacy advocates charge that the government uses commercial data to skirt the 1974 Privacy Act, which prevents the government from compiling the files itself. 

Federal anti-terrorism projects  including the Pentagon's Terrorism Information Awareness program  are designed to plumb databases of Americans' financial and legal records for clues to suspicious behavior. News organizations, including the AP, use ChoicePoint's data for researching stories. 

While ChoicePoint's sales of Americans' files remain strong, the outcry in Mexico appears to have torpedoed the company's largest foreign business. 

Former employee John Jordan, 41, of Jacksonville, Fla., said ChoicePoint's Latin American business was on "life support" in June when the company laid him off and deleted its Mexican data. Jordan, a data analyst, said the Mexican files attracted about two-thirds of ChoicePoint's international sales. 

Lee characterized ChoicePoint's foray into Latin America as an experiment, saying the data vendor collected less than $1 million of its $792 million in 2002 revenue from selling foreigners' personal information. 

"It's so small, it has no impact on our earnings," he said. 

Lee said ChoicePoint's business is unaffected in seven of the 10 Latin American countries where it still deals in data. And the company still sells driver's license data on 6 million residents of Mexico City. 

Mexican authorities have launched an official probe into the data sales to ChoicePoint, as have those in Colombia, Guatemala, Nicaragua and Costa Rica. In Mexico, federal investigators issued an arrest warrant for a fugitive believed to have sold the federal election records to a Mexican data firm, which resold the database to ChoicePoint. 

In May, Mexican investigators asked ChoicePoint to send representatives to Mexico City, but the company refused, fearing that its employees would be arrested, Jordan said. Instead, ChoicePoint persuaded Mexican officials to come to the Mexican consulate in Atlanta, where the company handed over the electoral data. 

In Colombia, the attorney general's office said it is trying to determine who copied and sold the data. The country's human rights ombudsman, Eduardo Cifuentes, introduced a privacy bill in Colombia's congress this month that aims to prevent the "merchandising" of citizens' personal information. 

None of the countries' officials  other than Mexico's  have contacted ChoicePoint, Lee said. 

Tellez, the Mexican data protection expert, said he believed Mexico's congress would propose privacy legislation when it returns in September. The ChoicePoint scandal broke during the deeply unpopular U.S. invasion of Iraq, which soured already mistrustful Mexicans on the motives of the United States. 

Financial analysts say the revelations inflicted only public relations damage on ChoicePoint, especially south of the Rio Grande. The furor in Latin America had no discernible effect on the data vendor's stock, which has benefited from Washington's growing appetite for personal information and background checks, analysts say. 

Still, vendors of personal data like ChoicePoint and LexisNexis operate at the mercy of privacy legislation, including measures being discussed in the United States. 

If other countries tighten privacy laws, ChoicePoint will have to stop offering data on their citizens, said Andrew Jeffrey, an analyst at Needham and Co. 

"If the risks outweigh the profitability," he said, "they'll exit that business." 
*******************************
USA Today
Airport anti-terror systems flub tests
By Richard Willing, USA TODAY
September 1, 2003

Camera technology designed to spot potential terrorists by their facial characteristics at airports failed its first major test, a report from the airport that tested the technology shows.

Last year, two separate face-recognition systems at Boston's Logan Airport failed 96 times to detect volunteers who played potential terrorists as they passed security checkpoints during a three-month test period, the airport's analysis says. The systems correctly detected them 153 times. 

The airport's report calls the rate of inaccuracy "excessive." The report was completed in July 2002 but not made public. The American Civil Liberties Union obtained a copy last month through a Freedom of Information Act request. 

Logan is where 10 of the 19 terrorists boarded the flights that were later hijacked Sept. 11, 2001.

The airport is now testing other security technology, including infrared cameras and eyeball scans, spokesman Jose Juves says.

Face recognition works by matching faces picked up by surveillance cameras with pictures stored in computer databases. Relationships between a face's identifying features, such as cheekbones and eye sockets, are converted to a mathematical formula and used to make a match. 

In the Logan Airport experiment, photographs of 40 airport employees were put into a database. The employees then attempted to pass through two security checkpoints where face-recognition cameras were used. 

The ACLU opposes facial recognition because it says the government can use the technology to invade citizens' privacy.

"But before you even get to the privacy concern, there's a fundamental question about our security," says Barry Steinhardt, who specializes in privacy issues at the ACLU's national office in New York. "The thing just plain doesn't work."

A spokesman for one of the companies whose system was tried at Logan Airport says the test was not a fair measure of the technology. Meir Kahtan of Identix of Minnetonka, Minn., says the technology is far better suited for "one-to-one" identification, such as comparing photos on passports or driver's licenses, than random searches of photo databases.

A government test in 2002 found that face-recognition systems scored correct matches more than 90% of the time when used for such one-to-one identifications.

A spokesman for Visage Technology of Littleton, Mass., the other company that failed the Logan test, declined to comment.

The Logan Airport report is the latest piece of bad news for a technology that was once touted as the state-of-the-art method for picking faces out of crowds. Last month, Tampa police announced that they were shutting down face-recognition cameras because they had failed to make any matches during a two-year test period. The cameras, which were mounted in a popular tourist area, were designed to match pictures captured at random against stored photos of wanted suspects and runaway children. Virginia Beach, police, who have operated a similar system for the past year, reported no matches as of July.

The Logan experiment was the largest test of facial-recognition technology made public. The technology has also been tested using smaller groups of volunteers at airports in Dallas/Fort Worth, Fresno, Calif., and Palm Beach County, Fla., with similar results. 

The Transportation Security Administration, which is responsible for passenger screening, has tested other airport security technology but has not made results public. Phone calls requesting comment on the Logan Airport test were not immediately returned.

Kelly Shannon, spokeswoman for the State Department's consular affairs office, said the Logan Airport results would not affect plans to use face recognition to enhance passport security. Beginning in October 2004, the United Kingdom, Japan and 25 other countries whose nationals are permitted to travel to the USA without visas are required to convert to passport photos that are compatible with face-recognition systems.
*******************************
USA Today
Kid's been naughty? Instead of grounding, try banning the Internet

Nine-year-old Megan Beatty promised to clean her room, but her mom checked and still "couldn't see the floor." 

So Megan lost her Internet privileges for a day in July  no gaming on Neopets, no chatting with a distant pen pal online.

"The room got clean first thing the next morning," Kelley Beatty recalled. "It definitely works. If she's rebellious, sarcastic or mouthy or not listening, I would say no Neopets." 

Beatty, a nurse who lives in Ontario, Canada, is among a growing number of parents who have resorted to withholding the Internet as punishment for bad behavior, online and off. 

In a UCLA survey of U.S. households with children, 37% reported last year that they have used the Internet as a punishment tool, up from 31% two years earlier. 

"When I was a child, if I misbehaved, I would be sent to bed with no supper," said Mel Lampro of Sheffield, England. "My children's punishment would likely be no Internet access for a week." 

Many parents do make exceptions for homework assignments, but not Lampro: "There are these things called 'encyclopedias,' and they may have to use one of those." 

She'll let her kids, age 13 and 15, use the computer only for word processing  but if they are really, really naughty, "they have to use old-fashioned longhand writing." 

Mark Larsen of Chicago tries to withhold the Internet only for related behavior  but that includes talking back after he complained that his younger daughter was spending too much time online. 

Banning the Internet as punishment is much like parents of past generations withholding television, telephones and supper, said Steve Jones, a communications professor at the University of Illinois at Chicago. 

Parry Aftab, an expert on child online safety, said parents want "something that will get them to say, 'Ouch,' what you know is most important to them at the moment." 

"There isn't a kid on the face of this earth (for whom) withdrawing computer privileges won't make them scream, 'Ouch,'" she said.
*******************************
Federal Computer Week
Surprising percentage of public fears cyberattacks
BY Judi Hasson 
Sept. 1, 2003  

About half of Americans fear terrorists will launch cyberattacks on the large networks that operate the banking, electrical transportation and water systems, disrupting everyday life and possibly crippling economic activity, according to a survey conducted by Federal Computer Week and the Pew Internet & American Life Project.

Some 49 percent of those surveyed said they were afraid of cyberassaults on key parts of the U.S. economy. A significant gender gap showed up in the data, as women were more likely to express fear. People in the Midwest were the most concerned about cyberterrorism.

According to experts, Americans tend to discount the devastating effects a computer virus or attack can have on the financial, transportation and health industries. But the high percentage of Americans who fear an attack  coupled with the fact the poll was taken before the Blaster worm infected millions of computers worldwide and prior to the electrical blackout in the Northeast and Canada  indicate that the public's awareness of the issue, and their fear, has increased.

Alan Paller, a leading expert on information security and research director for the SANS Institute, a training and education organization, said the high percentage of Americans worried about cyberattacks surprised him, but it indicates that the federal government has done a good job of making people aware of the issue.

"At that high level, it also helps explain why Microsoft [Corp.] is making a huge policy change in how it handles vulnerabilities and that most other vendors will be forced to follow," he wrote in an e-mail to FCW. "Instead of expecting every school child and all users to do their own security maintenance, the vendors are being forced  kicking and screaming  into taking responsibility for fixing, automatically without user knowledge or involvement, every security vulnerability that could be used in attacks on the infrastructure."

Interviewed after the blackout that hit New York and other major urban areas, Donna Day, a resident of Wagner, S.C., said she is still concerned that hackers can break into any computer network. "I'm not as worried about them breaking into banks as much as [I'm worried they may do] something like the blackout," Day, 49, said. "If they could get into a computer and cause something like that, it would shut down a whole city."

Harris Miller, president of the Information Technology Association of America, said he's not surprised by the poll results. "People are very cognizant and concerned about the risks to their information and their finances from cybersecurity threats," he said. "They realize their money can be stolen in ways other than robbing a bank."

Computer security expert Peter Neumann, a scientist with the research firm SRI International, said it's important that the public is becoming aware of how serious the threat can be. "Until now, the standard answer you get is, 'We've never had the Pearl Harbor of cybersecurity, so why worry,' " he said. "We tend not to be on our toes. And we need to be on our toes."
*******************************
Federal Computer Week
Army to test force identification 
BY Matthew French 
Aug. 28, 2003  

U.S. Joint Forces Command today announced it will test several soldier-to-soldier friendly force identification technologies at an infantry demonstration in September at Fort Benning, Ga.

The Dismounted Soldier Identification Device Demonstration will involve American and allied infantry who will test several identification systems. The demonstration will include day and night operations at Benning's training facility for military operations in urban terrain.

U.S. Army infantry, Marines and Canadian infantry will take part in the test. 

Fratricide has long been a curse of the battlefield as the so-called "fog-of-war" has led to troops inadvertently killing their own. While many instances of "friendly fire" deaths in the recent wars in Iraq have involved either aircraft or armored vehicles, dismounted soldiers have never had the protection of tracking devices that identify "blue"  or friendly -- forces. 

The demonstration is part of a coalition combat identification advanced concept technology exercise, a multiyear project aimed at accelerating the use of interoperable combat identification systems.

In July, the Army announced it would field test 100 handheld devices that give commanders and soldiers a picture of the battlefield, following the devices' success on vehicles in Iraq.

The handheld units will provide access to the Army's Force XXI Battle Command, Brigade and Below (FBCB2) system, which displays a map or aerial photo of the area in which a commander needs to move. The system, linked to a command post through satellite, provides location information, chat capabilities and route mapping that can be shared with the entire command.
*******************************
Federal Computer Week
Navy puts personnel system on Web
BY Matthew French 
Aug. 27, 2003

The Navy yesterday deployed for the first time the Navy Standard Integrated Personnel System (NSIPS) as a Web-based application, transitioning applications from a legacy client-server architecture to a PeopleSoft Inc. system.

Based on PeopleSoft's Human Capital Management (HCM) solution, the new system will allow more than 453,000 active-duty and Reserve Navy personnel to update and maintain information online through a standard Web browser.

"Now, rather than filing manual paperwork at their Personnel Support Detachment offices, our service members can update their addresses, phone numbers and emergency contact information from their home, ship or base via a standard Web browser," said Navy Cmdr. Susan Eaton, NSIPS and software engineering manager. "It represents a tremendous technological leap in our manpower and personnel systems."

Development of NSIPS began in 1995 to replace four systems. However, it is an interim human resources system that takes the place of the Navy's legacy human resources applications only until the Defense Department completes a single HR system for all services and military agencies. The Defense Integrated Military Human Resources System (DIMHRS) will use PeopleSoft applications to consolidate more than 80 legacy systems and provide service to the 3.1 million active and reserve members of the military. 

In July, the Navy began incorporating the PeopleSoft HCM's ePerformance application into NSPIS. Officials can use the software for an automated process they Navy say will speed up the promotion cycle and improve data accuracy by replacing manual reviews of officer and employee applications. Until now, the Navy's performance review system has largely been paper-based. 

NSIPS has had its share of critics throughout its development, as many have said cost overruns have negated any benefit the Navy could receive in developing an interim system.

A DOD inspector general's report released in March said the Navy would spend a total of more than $465 million on NSIPS and then still have to pay to transition to DIMHRS. DIMHRS is supposed to come online by the end of fiscal 2005, but that deadline remains tentative, as the systems integration contract for the system has not yet been awarded.

Navy Capt. Peggy Feldmann, the former NSIPS program manager, wrote in a fall 2002 article for the Navy that the service actually has a head start on DIMHRS by implementing NSIPS first.
*******************************
Federal Computer Week
Quantum Leap tests network warfare
BY Frank Tiboni 
Aug. 27, 2003

The Defense Department will conduct an experiment today to test network-centric warfare operations.

The test, called Quantum Leap, seeks to make intelligence quickly available to warfighters. The 12-hour trial is crucial to DOD's transformation to a lighter force that can be rapidly deployed and to the vision of DOD's chief information officer, John Stenbit.

The $80 million experiment is the first of five planned through 2007 that will cost almost $1 billion, a top department information technology official said. "We want to give DOD leadership a glimpse of what net-centric warfare can do short of a real military engagement."

Quantum Leap was scheduled to run from 8 a.m. to 8 p.m. at several sites, including the Defense Information Systems Agency in Washington, the Navy's Space and Naval Warfare Systems Command facility in Charleston, S.C., and the Army's top soldier training center at Fort Benning, Ga. The experiment will test 12 horizontal fusion concepts and technologies planned for 2004, including: 

* Power to the Edge computing: Posting data quickly so warfighters can access it. 

* Global Information Grid publishing: Posting information to defense networks that people trust. 

* Interoperability improvements: Integrating intelligence systems so they easily exchange information. 

* Intelligence, Surveillance and Reconnaissance data sharing: Combining intelligence to give U.S. forces clear battlefield pictures.

"Information typically has been retained in agencies' channels until the product becomes intelligence," said John Osterholz, director of architecture and interoperability for the defense CIO office. "We don't want to hoard data until it is done. We want to provide it as soon as possible."

Osterholz and Marian Cherry, the department's horizontal fusion program manager, will lead Quantum Leap.

To see grid on test, see: http://www.fcw.com/fcw/articles/2003/0825/web-quant-08-27-03.asp
*******************************
Government Computer News
Portal update doubles traffic for Connecticut site 
By Matt McLaughlin 

A new design at the Connecticut Web site has nearly doubled traffic, state officials said. Launched in January, the makeover offers easier navigation to 46 online services, free subscriptions and other services. 

After the relaunch, www.CT.gov drew more than 1.4 million visits during the first six months of this year, an increase of 700,000 over the same period in 2002. The portal connects 312,000 Web pages of 60 agencies. 

The state IT Department?s Portal Management Group used Dynamic Site Framework software from Peripherals Plus Technologies Inc. of Lancaster, Pa., to improve navigation. DSF simplifies administration, letting various agencies post information directly to the state portal. 

?The site will continue to evolve as features are added and individual agency sites convert to the new format,? state CIO Rock Regan said in a statement. ?Our end goal is a more user-friendly site for all citizens.? 

The update included reorganizing content categories. Names such as Working, Doing Business, Living, Learning and Visiting make it easier for users to find they information they want. 

The Online Services section links to pages about income tax filing, business license renewal, campground reservations, complaint filing and college planning. 

The site?s Reading Room has links to more than 1,000 publications from the state government. A Subscription Center lets users sign up to receive agencies? electronic publications such as the Garbage Gazette and the Banking Bulletin. Visitors also can register for electronic alerts. 

The Department of Motor Vehicles was the first state agency to convert to the new portal format. Seventeen other agencies also have switched, and 30 more are converting, Connecticut officials said. 

?For less than $150,000, we?ve created an entirely new Internet presence that makes it easier for us to deliver services,? state spokeswoman Nuala Ford said.
*******************************
Government Executive
August 25, 2003 
'Open source' software trend faces barriers 
By William New, National Journal's Technology Daily 

Federal, state and local governments around the world are catching "open source" fever, purchasing software that lets them view and modify source code as opposed to proprietary software such as that made by Microsoft. But whether the global trend will continue may depend upon new and old factors that could hinder the increased spread of the open-source movement. 


Barriers to growth include continued flaws in the ever-improving open-source technologieswhich is being used more for computer servers than applicationsand opposition by Microsoft, the world's dominant software player and thus the one with the most at stake if governments turn to open-source products. The leading open-source product is Linux, and the recent LinuxWorld in California conference focused heavily on product improvements. 


In addition, large software makers have been busy obtaining patents on the ideas underlying open-source software, making a more difficult path ahead. And lawsuits are on the rise, even among those firms that espouse open-source thinking. 


The issue has leapt onto the agenda of multilateral government bodies over the past year or so. The U.N. World Summit on the Information Society (WSIS) in December is probably the highest profile event because developing countries have taken a surprising degree of interest in the subject, largely on the perception that open-source software is cheaper and more easily available than proprietary products. At the WSIS, the United States has been working to trim language in the draft declaration that advocates and proposes open-source software for developing nations. 


The topic also has been addressed at the Organization for Economic Cooperation and Development, which has been developing cyber-security guidelines that encourage the use of open-source technology. The World Intellectual Property Organization plans to hold a meeting on the subject next year. And at the recent Asia Pacific Economic Cooperation (APEC) meeting in Thailand, the United States pushed for governments to promote technology "choice," which is understood to include the choice of either open-source or proprietary software. 


Even with the competitive hurdles facing open-source software, the U.S. technology industry recognizes the deep significance of its introduction into the global market and is hedging bets on the industry's evolution. Big U.S. players such as IBM, Intel and Oracle, are finding ways to accommodate open source in their products and services. U.S. industry trade associations are increasingly finding themselves straddling the traditional propriety and open-source worlds. 


The U.S. government position on open source also appears to reflect industry schism and has fallen under the existing U.S. view in international arenas that laws should not specify which technology should be used. 


"Our view on open source is that the U.S. and foreign governments need to be technology neutral in its [sic] procurement and R&D investments," said Bruce Mehlman, the Commerce Department's assistant secretary for tech policy. He added that the United States is neither for nor against open source but seeks to "give both open-source and proprietary software a fair look and go with whatever is better, faster and more cost effective." 


The U.S. government opposes mandated preferences in other nations. "We are concerned by foreign governments setting preferences or mandates in procurement or research," Mehlman said. 


Most people in the industry and in foreign governments seem to acquiesce. Governments in every region of the world are adopting open-source products, but the numerous attempts to impose rules favoring open source usually are defeated. 


The European Union has demonstrated support for open source, and many countries in Europe, including Austria, Belgium, Bulgaria, Denmark, Finland, France, Germany, Greece, Italy, the Netherlands, Portugal, Spain, Sweden, Switzerland, Ukraine and the United Kingdom, have seen proposals at some level. But only the Spanish regional government of Andalucia so far has adopted a preference for open-source software. The decree, implemented in the spring, requires certain government agencies, such as state-run universities and libraries, to use "free" software. 


The Korean government is considering an emphasis on open source in pooling research and development efforts with Japan and China, and China itself has warmed to open source. Many states in Brazil also have passed legislation permitting state agencies to procure open-source software, and the Brazilian state of Espirito Santo requires that open source be favored unless it makes systems incompatible. 


U.S. industry is watching international developments closely and is not shy about directly communicating its concerns when preferential legislation or regulations emerge. Jonathan Zuck, president of the Association for Competitive Technology, which includes Microsoft, has questioned whether preference legislation might violate World Trade Organization laws. And the Initiative for Software Choice (ISC), a coalition operated by the Computer and Telecommunications Industry Association (CompTIA) that also includes Microsoft, keeps a running tally on open-source legislative developments. 


"I think there are some people in government who believe the U.S. industry cannot be fairly competed against so they have to create unfair parameters to compete," said a representative from another U.S. industry association to which Microsoft belongs. 


Recently, a pro-open source trade association tentatively named the Open Source and Industry Alliance formed in Washington as a way to fight back. And a representative from a non-Microsoft-backed association said: "The real issue is about Linux. What Microsoft really is geared up for is defeating and creating doubt about the sale and distribution of Linux." 


How governments make their determinations is a key to the adoption of open-source products. The industry debate seems to center on how to value potential software acquisitions, as few dispute that governments can buy the products that best fit their needs. 


There is no existing open-source law that U.S. industry can cite as the model, and ISC might develop one, said Robert Kramer, vice president for public policy at CompTIA. Kramer favors New Zealand's law, which lets agencies purchase software based on cost, function, security and the ability to work with other systems. 


In April, Tony Stanco, director of the Center of Open Source and Government at George Washington University, called the proprietary software industry's alleged attempt to dissuade governments from laws requiring consideration of open source "a very subtle silencing of open source." Stanco's center cited South Africa as a model, agreeing with its explicit statement of the legitimacy of open source and its designation of a particular government agency to lead the open-source program. 


The center also agrees with South Africa's decision not to favor preferences but adds that some preference may be necessary until open source is on the same competitive footing as proprietary software. And it backs South Africa's recognition of the "social" benefits of open-source products and its phased approach to adopting them.
*******************************
USA Today
Fearing 'spam' label, advertisers wary of e-mail

NEW YORK (Reuters)  Even as they boost their budgets for online advertising, major U.S. companies will be wary of e-mail marketing campaigns until the menace of unsolicited "spam" e-mail has been tamed, top industry officials said Thursday.
"Our marketers are basically saying spam is killing (e-mail marketing)," Bob Liodice, president of the Association of National Advertisers (ANA), told Reuters.

E-mail marketing "clearly will be muted until they have a greater degree of confidence that their messages will go through in the way that they want them to," he added.

But Liodice was quick to point out that he believes using e-mail as a legitimate marketing tool "will skyrocket" once spam is under control.

In the past, leaders in the advertising industry have trailed other trade and consumer groups who are pressing for tougher legislation and enforcement against spam.

That is changing, however, as companies invest more on online advertising. Concern has arisen about spam because e-mail is easily deleted by consumers angered by the explosive growth of the often deceptive or vulgar messages.

The ANA, which represents more than 300 leading companies, and the American Association of Advertising Agencies, known as the "4As", are hammering out guidelines for using e-mail to market products and services credibly.

A nine-point proposal they have drawn up defines spam as "unsolicited, bulk, untargeted commercial e-mail," and tries to distinguish it from more legitimate, direct online marketing.

The proposal calls for commercial e-mail to be sent from working Web addresses, preferably ones which include a company or brand name to clearly identify the sender.

E-mail ads should have an easily located option which consumers can mark if they do not want to receive further mail, but the proposal does allow e-mail marketers to send targeted, unsolicited e-mail if a consumer has not "opted out".

Just saying no to "do not spam" lists

O. Burtch Drake, president of the "4As", said most leading advertisers already abide by such rules.

He said the industry prefers formal recommendations for business practices rather than advocating a "do-not-spam" list similar to the "do-not-call" list for consumers who do not want to hear from telephone marketers.

"In the case of spam, if you make up a list of all the addresses, that becomes a pretty valuable list (for spammers to send more e-mail)," Drake said.

While advertisers still prefer other online marketing tools like paid search listings, direct marketers are keen on preserving e-mail for ads, especially if a "do-not-call" list dries up other avenues for reaching customers.

"I don't think we all recognized how big the problem was going to be until six to nine months ago," said Greg Stuart, president of the Interactive Advertising Bureau. The IAB is also planning to develop e-mail ad guidelines, he said.

Stuart said some advertisers waited on the sidelines hoping that technology, in the form of spam filters, or legislation would be put in place to stem the tide of spam.

But a problem with spam filters is that they have blocked e-mail from companies with which a consumer wants to communicate.

One other problem leading to the proposals has been that new laws and stricter enforcement have been slow off the mark.
*******************************
USA Today
Man charged with stealing tracking device

JANESVILLE, Wis. (AP)  To track down this alleged thief, all police had to do was flick on a computer. 
A 40-year-old man was arrested Wednesday and charged with stealing a computerized tracking device that uses a global positioning system to keep track of jail prisoners on home detention. 

"He apparently didn't know what he had because he would be awfully stupid to steal a tracking device," said correctional officer Thomas Roth, who runs the home detention program at the Rock County Jail. 

The $2,500 device was temporarily placed outside a home by a woman serving home detention. The device, which is a little bigger than a brick in size, has a built-in GPS satellite receiver. 

Prisoners wear a transmitter about as big as a cigarette pack on the ankle, and it acts as a 100-foot tether to the portable tracking device. 

By the time the prisoner called to report the theft Monday night, the device had automatically notified the jail that it had been taken outside the prisoner's home area. 

Roth then tracked the device through the Internet on his home computer. 

A trail of electronic dots led authorities to an apartment building, where the suspect was captured. 
*******************************
Computerworld
Use of RFID tags raises privacy concerns
'Smart' tags could profile consumers, critics contend 
Story by Jaikumar Vijayan 

AUGUST 29, 2003 ( COMPUTERWORLD ) - Privacy concerns related to the use of radio frequency identification (RFID) technology got an airing at a recent California state legislative hearing. 

RFID, a nascent technology that's expected to eventually replace bar codes, uses low-powered radio transmitters to read data stored in tags that are embedded with tiny chips and antennas. 

Proponents of the technology say such "smart" tags can store more information than conventional bar codes, enabling retailers and manufacturers to track items at the unit level. 

But privacy advocates who testified at the California hearing earlier this month said the technology has the potential to seriously infringe on personal privacy. 

"If ever there was a technology calling for public-policy assessment, it is RFID," said Beth Givens, director of the Privacy Rights Clearinghouse, an advocacy organization in San Diego. "RFID is essentially invisible and can result in both profiling and locational tracking of consumers without their knowledge or consent." 

Placing RFID tags on consumer products will allow merchants to do location-based tracking or profiling of customers, Givens said. For example, the information contained on RFID tags could be picked up by RFID readers in a store to reveal where a consumer purchased an item or how much he paid for it. This could result in unacceptable profiling of consumers, she said. 

The unique information contained in each RFID tag could also be captured by various readers and used to track a person's movements through tollbooths, public transportation or airports, Givens said. 

"So far, the development and implementation of RFID has been done in a public-policy void. What is needed is a formal technology assessment process to be done by some sort of a nonpartisan body comprised of all stakeholders, including consumers," she said. 

That sentiment was echoed by Liz McIntyre, a spokeswoman for Consumers Against Supermarket Privacy Invasion and Numbering, a consumer advocacy group that also testified at the hearing. 

"Without some sort of oversight, this technology could create a very frightening society," McIntyre said. "It gives [companies] almost X-ray vision on the customers they sell to." 

Therefore, some sort of moratorium on the use of the technology should be imposed until privacy issues are addressed, she said. 

Such concerns come at a time when several bellwether corporations are piloting or evaluating the technology. Wal-Mart Stores Inc., for instance, is requiring its top 100 suppliers to affix RFID tags on all pallets used to move goods in its supply chain. Others looking at the technology include American Express Co., United Parcel Service Inc. and United Air Lines Inc. 

"RFID per se is not the big issue," said Greg Pottie, an engineer at the Center for Embedded Network Sensing at the University of California, Los Angeles. "The major questions relate to sharing of digital information, however that information is collected." 

A representative from AIM Inc., The Association for Automatic Identification and Data Capture Technologies, a Pittsburgh-based proponent of the use of RFID technology, also testified at the hearing but didn't return calls seeking comment. However, the organization has created a workgroup that's focused on addressing privacy concerns relating to RFID. 

According to the organization's Web site, it believes that "RFID presents no more of a threat to individual privacy than the use of cell phones, toll tags, credit cards, the use of ATM machines and access-control badges." 
*******************************
CNET News.com
Protests delay software patents vote 
By Matthew Broersma 
September 1, 2003, 11:50 AM PT

The European Parliament has delayed voting on a controversial software-patents directive, after protests and criticism by computer scientists and economists. 
The vote, originally planned for Monday, will now take place at a plenary session starting Sept. 22. 

Software patents have been likened to allowing a monopoly on the ideas behind stories, and opponents of the proposed Directive on the Patentability of Computer-Implemented Inventions claim it would effectively allow unlimited software patents. In the United States, large companies acquire arsenals of patents that they use to protect themselves from upstart competition. 

 

The directive, drafted by Labor Member of European Parliament Arlene McCarthy, has generated political opposition from the Greens and the European Socialist Party (PSE), among others. The German and French socialist parties are using the delay as an opportunity to raise MEPs' awareness of the issues surrounding software patents ahead of the late-September plenary session. 

A demonstration last week in Brussels, Belgium, that attracted more than 400 participants was organized by the Foundation for a Free Information Infrastructure (FFII) and Eurolinux, among other groups, which also persuaded several hundred Web sites to black out their front pages in protest. 

A June vote on the proposal was put back amid criticism by MEPs that the legislation would institute a U.S.-style patent atmosphere that would be detrimental to European small businesses and open-source software developers. 

The proposed software-patenting legislation is the result of a European Commission effort to clarify patenting rules as they apply to "computer-implemented inventions," a term that can be taken to include software. The patent offices of different EU member states have different criteria for accepting the validity of software-related patents, a situation that the Commission's proposal aims to remedy. 

MEP McCarthy said in a June analysis of the proposed directive that there were links between the patentability of computer-related inventions and the growth of IT industries in the United States. Such patents aided "in particular the growth of small and medium enterprises and independent software developers," she wrote, citing a study on the issue carried out for the European Parliament by London's Intellectual Property Institute. 

But in a recent letter criticizing the directive, a group of economists poured scorn on any notion that software patents and business growth are connected, saying most economic research does not support this claim. They argued that the directive in its current form would "have serious detrimental effects on European innovation, growth, and competitiveness." 
*******************************
Los Angeles Times
Tone Deaf to a Moral Dilemma?
Millions download songs illegally but don't feel guilty. The industry wants to shake up their consciences. Targeting parents is one tactic.
By Jon Healey and Jeff Leeds
Times Staff Writers

September 2, 2003

Susan Philips has a conscience so sensitive to ethical failings that she feels guilty if she leaves her shopping cart adrift in the grocery store parking lot.

Her influence is reflected in her elder daughter's career choice: Miriam Philips, 22, wants to be a rabbi.

On at least one moral dilemma, though, mother and daughter are on opposite sides. To Susan, downloading music on the Internet without permission is wrong. To Miriam, it's just what you do when you go to college.

"My freshman year I was like, 'No, that isn't right.' I wouldn't do that at all," Miriam said at her family's kitchen table, two blocks from the sand in Seal Beach. But by her sophomore year at Brandeis University, she said, she was steering her iMac to free music, collecting enough songs to fill 150 CDs.

Philips' shift helps explain why the record industry has been losing its battle to shape the public's definition of theft in a digital society. Music labels have won a series of court rulings and poured millions of dollars into marketing the message that downloading free songs amounts to online shoplifting  but CD sales keep sinking.

Now the record companies are readying their most desperate bid yet to shake up the public psyche: The industry plans to bombard college students, parents of teenage downloaders and other Internet users with lawsuits alleging millions of dollars in copyright violations.

One goal is to persuade parents to crack down on their children's file sharing before an entire generation comes to expect music to be free. Unlike Susan Philips, many parents see no problem if their kids download tunes, and some actively encourage it for their own ends.

Some observers argue, however, that the effort is as futile as the federal government's attempt to ban booze 80 years ago. About half of the Internet users in the United States, some 60 million people, copy music, movies and other digital goodies from each other for free through online networks such as Kazaa and Morpheus  a statistic that suggests a culture of piracy already has solidified. Said one teenage Kazaa user, "It's hard for me to see it as wrong when so many people are doing it."

She reflects the view of many downloaders. They understand that what they're doing may break the rules of copyright law, but they don't see anything immoral about it. In fact, some even argue that copying a song online isn't "stealing" because the owner still has the original track and still can sell the CD.

Miriam Philips, for example, said that she and her friends at Brandeis knew that their music copying "was illegal and why it was illegal." Similarly, two recent surveys found that a growing number of people acknowledge it's wrong to download songs without permission, but that it doesn't stop many of them from doing it.

Like countless millions, Philips said she felt no guilt about downloading music from a shared campus folder. Not downloading "is the normal ethics of my life," she said, but at college her ethical meter was, well, recalibrated.

And she offered no sympathy for the record labels or well-known artists.

"They're big. They're rich. They can deal with it," she said, adding later: "You can argue that it's illegal but not unethical once they're rich."

Said Deborah Rhode, law professor and director of the Keck Center on Legal Ethics at Stanford University: "There's a view that no one's really harmed. And that turns out to be one of the major predictors of dishonest behavior, whether people can actually draw a connection between their actions and some concrete identifiable victim."

Plus, the ephemeral nature of online music makes it difficult for some to conceive of downloading as stealing. Philips, for instance, said she would never download a movie for free. That's not acceptable even by her college standards.

What makes music different?

"I guess I don't put as high a value on it," said Philips, whose tastes run from Aaron Copland and Stephen Sondheim to Barenaked Ladies and the Byrds.

Expressing a common view, she said music was "more of a background thing," providing flavor to her day but not a focus. As a result, she said, it's "something that doesn't feel quite as tangible" as a movie.

Jonathan Zittrain, director of the Berkman Center for Internet & Society at Harvard Law School, also noted that downloaders copy songs without taking them away from the people sharing them. "Normally, we think that sharing is a good thing," Zittrain said. "It's not just, 'Hey, we're all looting.' It's not a looter's mind-set."

File sharing networks are like groups of libraries that invite people to roll photocopiers from stack to stack. To "share" songs on a "peer-to-peer" network such as Kazaa, for example, users simply put them into a folder on their computer and open the folder to others on the network. Anyone searching for those songs can use Kazaa to find the computers where they're stored, then download copies onto his or her PC.

The Recording Industry Assn. of America argues that it's illegal to share or download music without permission because the labels' copyrights give them exclusive rights to distribute and make copies of their songs. That view is widely supported when it comes to users who copy hundreds of files, but some legal experts contend that downloading a few files may prove to be legal under the "fair use" doctrine in copyright law.

"It's far too early in the day to conclude that everything everyone does with peer-to-peer, even when it comes to copyrighted MP3 files, is conclusively infringing," said Peter Jaszi, a law professor at American University.

In addition, Philips and others argue that their downloading actually can benefit labels and artists. The free songs stoked her interest in pop music, Philips said, and prompted her to buy more CDs than she ever had before. She now owns about 50, many of them from artists she discovered through downloading.

"There's really no service that provides this," she said, adding that she doesn't usually fall in love with music unless she listens to it a lot. And buying a CD without knowing the songs "is too darn expensive."

It's a common refrain from downloaders  CDs are too expensive, new releases often contain only one or two good songs, and there's no other way to satisfy their curiosity about unfamiliar bands. Another familiar argument is that they support the artists whose music they copy for free by going to their shows and buying their T-shirts.

A college-bound 17-year-old named Amber, who asked that her last name not be used, said if she wanted only one song from a CD, she wouldn't buy the disc  she would just download the track from Kazaa. Amber's parents stopped buying music for her when she landed a part-time job, she said, so she has to make every dollar she spends on music count.

If she winds up downloading several songs from the same record and liking them, she said, she'll buy the CD  as she did with recent releases by Missy Elliott, Ludacris, Tyrese and Bow Wow.

"In that sense," Amber said, "I do have a conscience."

Cody Morrow, a 13-year-old Simi Valley skateboard fan, said he had used file sharing networks to locate music he couldn't find at his local record store, such as songs from punk band Operation Ivy. By his logic, his family is paying for the privilege of access to music when it pays for Internet access.

His mother, Maryann, an accountant, has drawn a clear line: Although reselling music downloaded from the Internet is against the rules, her son's practice of copying music for personal use is fine.

The notion that record labels would sue individual kids seems to generate more anger than worry. Taking families to court for behavior like her son's, she said, is outrageous. "I'm in America. [Suing] for personal use? I think that's crazy."

Parents, she suggested, are far more concerned their children may become involved with drugs or violence than with online music.

"I pick my battles," she said. "You don't want to be nagging and harping, or they're not going to listen to anything you say."

But the major record companies remain determined to force a shift in families' dynamics. Even as the RIAA prepares to seize parents' attention with lawsuits, music executives increasingly have been trying to call attention to the fact that file swapping networks also are frequently used to share child pornography and other X-rated images.

Record executives say privately they're also aiming to use the proliferation of pornography as a means of persuading members of Congress and law enforcement officials to take a tougher stance against the file networks.

With the debate intensifying, many Internet-savvy parents are forecasting a tectonic shift for the $30-billion global music business. David Philips, Miriam's father, envisions a future "where the key to power is ownership of information and the movement of information." And Philips, a former rock 'n' roll roadie who has no love for the major record labels, worries that copyright holders' power is expanding while antitrust enforcement is diminishing.

"From the perspective of starving musicians, I think the file sharing networks are a huge plus," said Philips, a civil engineer. "It is theft, but it's probably in the public interest."

Yet he also says flatly, "If you take something without permission from someone who believes they ought to be paid for that thing, according to Jewish law, that's stealing. And you shouldn't do it because to behave unethically is spiritually degrading. You are not as good a person as you were before."

Susan Philips also condemns unauthorized file sharing, but without any qualification.

"It's not just the artist who's getting cheated" by unauthorized downloading, but also songwriters and accompanying musicians, she said. And though it's probably true that the record companies are taking advantage of their artists, she said, the artists wouldn't get very far without the labels' support.

She vaguely remembers talking to Miriam about her music copying practices and telling her, "It doesn't seem ethical to me." Miriam says if the conversation did take place  she doesn't recall it  it wouldn't have affected her downloading.

After all, that's what she would expect her mother to say.

Other downloaders say their parents encourage their file sharing and CD burning, either directly or unwittingly. Amber said her mother didn't know a thing about computers, and her father didn't object to her using Kazaa. He even asked her to make a CD for him of songs from Body & Soul, a music channel on cable TV, so she dutifully downloaded a number of R&B classics and put them on a disc.

RIAA officials hope that the coming wave of lawsuits will prompt more parents to crack down on their teens' downloading. The RIAA plans to sue the people responsible for the Internet accounts used to share files, and not necessarily the file sharers themselves. If a Kazaa-crazed teen is targeted, his or her parents are the ones who'll be named as defendants.

The lawsuits probably will change some young downloaders' attitudes too. In a recent survey by Forrester Research of 1,170 12- to 22-year-olds, nearly 70% said they would stop downloading music if there was a "serious risk" of being fined or jailed.

But James DeLong, director of the Center for the Study of Digital Property at the Progress & Freedom Foundation, a conservative think tank, said enforcement won't be effective unless the music industry offers compelling legal alternatives to file sharing.

"If they have the stuff available legitimately, then they can make the moral case that people ought to be paying the artist," he said. "And I think people will accept that."

For Miriam Philips, free music is a thing of the past. Her ethics meter has been reset since college, she said. Of course, it helps to be back home, a couple of thousand miles away from the daily temptations of the Brandeis computer network.

"It's easier to refuse to do it," she said, "because you're not doing it on a daily basis."
*******************************
MSNBC
Parents get help limiting online time

NEW YORK, Sept. 1  I am neither a parent nor a kid, but I can certainly act childish when called upon. So I tested five systems for setting limits on how long children can use the Internet.

I ALSO TRIED my best to beat them, to exceed my allotted time.
       I started with the $69.95 Time-Scout Monitor, a strictly hardware approach from Card Access Inc.
       Plug your computer monitor into the device and move a lever to lock it. Then plug the device into an electric outlet.
       You then give or take away time in half-hour increments by swiping a series of bar-code cards included with the package.
      Power to the monitor shuts off automatically when time runs out. With another swipe, you can also deactivate the monitor completely before going to bed.
       If only it weren?t so easy to bypass.
       Most monitors come with detachable cords, so even though one end is locked, the other can be replaced with a second cord that plugs directly into an outlet. And the locking mechanism is rudimentary  it only takes a paper clip to unlock the plug for use in a regular outlet.
       To gain more time, I tried to forge a bar-code card using a black marker, but the device caught me both times. And the card is covered with a red film so the bar code can?t be photocopied.
       But I noticed additional cards are sold in packs of three for $12.95. I know how I?d spend my allowance money.
       One system busted. Mua-ha-ha-ha.
      Next up is SecuriKey Personal Edition 1.0, a combination hardware and software system that Griffin Technologies LLC retails for $149. Once you set it up on your Windows 2000 or XP machine, you can run your computer only when you plug a ?key? into the computer?s USB port.
       You pull out the key when you think your child has surfed enough and take it with you to prevent any sneaking online after bedtime.
       It?s rather complicated to set up, and once you do, disabling it is rather easy. Just reboot your computer in a diagnostic ?safe mode with networking?  at least when you use default settings.
       True, a 9-year-old kid may not be able to figure out, but my money?s on the older, tech-savvy teens. It only takes one to discover it and spread the word at school or in chat rooms.
       If you block safe mode, your kid can still disable the system by unchecking ?Use SecuriKey Authentication? in the software. A kid can do it when the key?s plugged in and you?re not looking.
       Two systems busted. Next!
  Parents crack down on Internet time
       I tried the parental controls built into America Online. With its new software for Windows, AOL 9.0, parents can block Internet access for the entire computer, eliminating a loophole that before let kids still surf using a non-AOL browser.
       You set how many and at what hours your child can use the Internet each week and each day. For instance, you can give your child unlimited use on weekends, but permit only one hour between 5 p.m. and 8 p.m. on school nights.
       It?s fairly easy and straightforward. The first time you try to access the Internet, a box pops up asking for your AOL username and password, even if you?re not using AOL at the moment. If the username is tied to a controlled account, access is blocked.
       But the software does not check to make sure a particular username belongs to a user on that computer. I got a username and password from a co-worker and was able to bypass controls. I can see kids borrowing unrestricted accounts from friends.
       Three systems busted. Obviously, no system is foolproof.
       SurfControl Inc.?s CyberPatrol 6, which costs $39 per year, has a time manager included with its filtering software.
      It works like AOL?s, except you can also include specific applications  such as games or word processors  in the limits.
       CyberPatrol was smart enough to detect when I set the computer?s clock back an hour or so to try to gain more time. But it didn?t catch me when I set the clock ahead to a time I know is unrestricted.
       Four systems busted. Child?s play!
       Finally, I tried the $39.95 Cyber Sentinel 2.0 from Security Software Systems Inc. You can permit or deny Internet access at specific hours, but there?s no provision for a daily or weekly time allowance.
       It was good at catching attempts to change the clock back or forward. However, if I change the clock right after booting the computer and restart it quickly enough, I sometimes get away with it.
       And Cyber Sentinel didn?t block my AOL instant-messaging software. In trying to indirectly access Web sites using the IM program, I got Cyber Sentinel to crash once and ultimately had unfettered access.
       Five systems busted.
       Game over.
       Of course, if your kid is going to go through such lengths to try to break the rules, you probably have bigger problems.
       
       © 2003 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
*******************************
MSNBC
MIT to uncork futuristic bar code

Aug. 29  A group of academics and business executives is planning to introduce next month a next-generation bar code system, which could someday replace with a microchip the series of black vertical lines found on most merchandise.
       THE SO-CALLED EPC NETWORK, which has been under development at the Massachusetts Institute of Technology for nearly five years, will make its debut in Chicago on Sept. 15, at the EPC Symposium. At that event, MIT researchers, executives from some of the largest global companies, and U.S. government officials intend to discuss their plans for the EPC Network and invite others to join the conversation.  
      The attendee list for the conference reads like a who?s who of the Fortune 500: Colgate-Palmolive, General Mills, GlaxoSmithKline, Heinz, J.C. Penney, Kraft Foods, Nestle, PepsiCo and Sara Lee, among others. An official from the Pentagon is scheduled to speak, along with executives from Gillette, Johnson & Johnson, Procter & Gamble and UPS. 
       ?I see this (event) as a formal marker that is pretty key,? to the development of these next-generation systems, said Pete Abell, analyst at the ePC Group, a research firm tracking the technology.
       
UNIQUE SERIAL NUMBER FOR EACH ITEM
       EPC stands for electronic product code, which is the new product numbering scheme that?s at the heart of the system.
       There are several key differences between an EPC and a bar code. First, the EPC is designed to provide a unique serial number for every item in the system. By contrast, bar codes only identify groups of products. So, all cans of Diet Coke have the same bar code more or less. Under EPC, every can of Coke would have a one-of-a-kind identifier. Retailers and consumer-goods companies think a one-of-a-kind product code could help them to reduce theft and counterfeit goods and to juggle inventory more effectively. 
       The way it?s been designed, an EPC can be linked to databases that can store much more information about a particular product than is possible with the bar code. In addition to price and manufacturer, the EPC could link to information about location of an item based on a complex system of readers and microchips, or ?tags,? that communicate via radio frequency, a concept known as radio frequency identification (RFID).
       ?Put tags on every can of Coke and every car axle, and suddenly the world changes,? boasts the Web site of the Auto-ID Center, the research group at MIT leading the charge on the project. ?No more inventory counts. No more lost or misdirected shipments. No more guessing how much material is in the supply chain  or how much product is on the store shelves.?
       Another feature of the EPC is its 96-bit format, which some say is large enough to generate a unique code for every grain of rice on the planet. ?Every molecule on Earth is what the MIT boys said,? Abell said.
       The 12-digit bar code that?s used across the United States was introduced in the 1970s, and the retail industry is close to running out of new combinations. The industry is in the process of moving to a 14-digit code in the next year or so, but Abell said that?s just a stop-gap measure. ?We ran out of room? with the bar code, he said. ?The EPC solves all of that; there is plenty of space in there.?
       
COSTS STILL HIGH
       Yet, the EPC Network  the EPC specifications and technology related to them  is still very much in the laboratory stage and probably won?t begin to replace bar codes for at least a decade, said Abell. 
       That?s because the price of the EPC tags needs to fall from nickels and dimes today to fractions of a penny. Protection of consumer privacy is also a concern. Wal-Mart Stores and Britain?s largest retailer, Tesco, both ended the first in-store trials of the technology after privacy advocates spoke out against them. In addition, standards are still being developed to ensure that tags, readers and related computer programs from different technology suppliers all work together. 
      Working on the standards problem is AutoID, a new arm of the Uniform Code Council, the nonprofit that administers the bar code, or Universal Product Code. AutoID, announced in May, plans to pick up where MIT?s Auto-ID Center leaves off, assigning codes, ironing out technical standards, managing intellectual property rights, publishing specifications, and providing user support and training. Heading the group is Dicki Lulay, a former executive at Nabisco Foods and McCormick & Company.
       ?The Auto-ID Center has done a great job, but you need a global standards body,? Abell said. ?Everything from Auto-ID Center is proposed; it?s a draft. You can?t say, ?Oh I can build my systems around that.??
       Representatives from AutoID and MIT were not immediately available to comment.
       AutoID will likely release the first set of EPC specifications either at the EPC Symposium or within the next couple of months, Abell said. Wal-Mart is expecting them by November. Sometime that month, the retailer is scheduled to hold a meeting with representatives from its top 100 or so merchandise suppliers at its Bentonville, Ark., headquarters, Abell said.
       At that meeting, Wal-Mart intends to present its detailed plan for setting up an EPC system for tracking shipments to its distribution centers, he said. The company has asked the suppliers to begin attaching RFID tags to the large containers and cases they ship to Wal-Mart by 2005.
*******************************