Clips October 30, 2003

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips October 30,
2003

ARTICLES

Massachusetts eyes 'e-prescribing' regulations
Toner firm gets key support in DMCA spat
White House: Web site doesn?t steer clear of Iraq 
U.K. plans to extradite spammers
E-mail providers try to stop spam 
U.S. to Install Biometric Screens  
Spammers using Matrix as bait to plant trojans

*******************************
USA Today
Massachusetts eyes 'e-prescribing' regulations
Posted 10/29/2003 1:42 PM

BOSTON (AP)  State health officials Tuesday proposed regulations
making it easier for doctors to electronically "sign"
prescriptions. 
"E-prescriptions" are legal, but the Department of Public
Health's proposed rules would eliminate the requirement that pharmacists
verify each one. The goals are to reduce medication errors and
prescription fraud. 

"Written prescriptions can be misread, dosage information can be
misread. That can lead to mistakes being made," DPH spokeswoman
Rosanne Pawelec said. 

The state's Public Health Council must approve all regulations. A public
hearing is planned in December before a vote is taken. 

There were three million preventable "adverse drug events"
associated with the one billion prescriptions filled in the United States
in 2001, according to a report from the Massachusetts Technology
Collaborative. 

The DPH proposal would require doctors use an image digitizing device
that attaches the writing to an electronic prescription. 
*******************************
CNET News.com
Toner firm gets key support in DMCA spat
Last modified: October 29, 2003, 4:29 PM PST
By Declan McCullagh 
Staff Writer, CNET News.com

The U.S. Copyright Office has sided with Static Control Components in a
high-profile lawsuit over whether the company may sell chips that permit
Lexmark International toner cartridges to be refilled. 

As part of a 198-page opinion released late Tuesday, the office said
Lexmark's invocation of the Digital Millennium Copyright Act (DMCA) in
its lawsuit against Static Control was invalid. Lexmark is the No. 2
printer maker in the United States, behind Hewlett-Packard, and
manufactures printers under the Dell brand. 

The opinion is not binding on the judges who are considering the case,
which is now before the 6th Circuit Court of Appeals in Cincinnati, Ohio,
but it is expected to be influential. In February, U.S. District Judge
Karl Forester granted Lexmark a preliminary injunction ordering Static
Control to cease selling its Smartek chip. 

Static Control CEO Ed Swartz on Wednesday said the opinion was so
sweeping that he may begin selling a second chip with similar
functionality that would not be covered by the injunction. "It gave
us a clear-cut legal path to create a chip that there are no legal issues
with," he said. "We think we've done that, but we're going back
and double-checking everything." 

William "Skip" London, the company's general counsel, said:
"We have developed code for such a chip. We've shown this code to
Lexmark. Lexmark has taken the position that we can't sell it."
Swartz said that he has not made a final decision on public sales yet.
Static Control is a small Sanford, N.C.-based company that sells printer
parts and other business supplies. 

Lexmark did not respond to repeated requests for comment. 

When enacting the DMCA in 1998, Congress ordered the Copyright Office to
conduct regular reviews of one portion of the law. The Library of
Congress, which oversees the Copyright Office and reports to Congress,
was permitted to exempt specific groups from being covered by part of the
DMCA. 

During the October 2000 round, two exemptions were set: Filtering
researchers could study blacklisting techniques, and obsolete
copy-protection schemes could be legally bypassed. Those exemptions were
due to expire this month, but the Copyright Office renewed them and added
two additional ones covering e-books and hardware dongles. 

In an unusual move, the Copyright Office said that Static Control did not
need a specific exemption for selling toner chips, because other parts of
the DMCA already permitted it. "It appears that the congressional
scheme sufficiently enables the non-infringing uses sought without
requiring the assistance of an exemption in this rulemaking," the
Copyright Office said. 

That portion of the DMCA says engineers may bypass a technological
measure "for the sole purpose of identifying and analyzing those
elements of the program that are necessary to achieve
interoperability" with other computer programs. Under a section of
the DMCA, it is generally unlawful to circumvent technology that
restricts access to a copyrighted work. 

In hopes of boosting sales of its own brand of toner cartridges for its
T-series laser printers, Lexmark embedded a technological measure that
prevents third-party remanufacturing and consumer use of its
remanufactured "Prebate" toner cartridges. Inside those
cartridges is a simple software program called the Toner Loading Program
designed to let the printer estimate how much toner remains. Before a
T-series printer permits a cartridge to be used, it insists on performing
a secret handshake, a kind of authentication, with the Toner Loading
Program. 

This system created a problem for consumers who wished to refill their
own cartridges, but an opportunity for Static Control, which sold its
Smartek chip that mimicked the authentication sequence used in Lexmark
chips and tricked the printer into accepting aftermarket cartridges.

Swartz of Static Control said the Copyright Office was trying to send a
signal to the courts. "They're not going to allow anyone to use the
DMCA as a means to gain an electronic monopoly," he said. "They
think the DMCA applies to entertainment, not products." 

In addition to raising the DMCA claim, Lexmark's original complaint also
alleged traditional copyright infringement, saying the Smartek chips
contain "unauthorized, identical copies of Lexmark's copyrighted
Toner Loading Programs." 

If that allegation were proven to be true, the Copyright Office was
careful to say, the existence of the DMCA loophole might not save Static
Control from liability. "The wholesale copying of a copyrightable
computer program is likely to be an infringing use," the office
noted.
*******************************
Associated French Press
US cyber-diplomacy now up and running
Wed Oct 29, 5:51 PM ET

WASHINGTON (AFP) - US diplomacy has officially entered the electronic age
with the completion of a two-year, multi-million-dollar project to
provide Internet access to all US embassies and consulates, the State
Department said. 


Some 44,000 foreign service officers and other embassy staffers are now
able to surf the worldwide web at Washington's more than 260 often
far-flung diplomatic missions from Afghanistan (news - web sites) to
Zimbabwe, spokesman Richard Boucher said proudly. 


The project -- a priority of Secretary of State Colin Powell (news - web
sites) since he took office in 2001 -- was completed last week when the
last unwired mission, the US embassy in Khartoum, Sudan, came on-line on
October 23, he said. 


"One of the first things (Powell) asked for was funding to bring the
State Department into the modern, electronic age: indeed, he called for a
'state-of-the-art' State Department," Boucher told reporters.


In addition to the Internet access project, the State Department has now
linked 224 of its posts to classified e-mail and intranet systems, he
said. 


A second department official said the upgrades had cost a total of 207
million dollars and had come with warnings not to use the new capability
to download pornography or other questionable material found on the web.


"To say that is discouraged would be an understatement," the
official said. 


US diplomats, often considered stodgy in demeanor, are not generally
known to embrace new technology with enthusiasm and the State Department
has lagged behind other government agencies and private businesses in
making improvements. 


Powell, however, is a confirmed computer fanatic and has pressed hard to
bring the foreign service establishment into the cyber-age. 


Boucher said the recently completed projects were part of an overall
initiative to modernize the department, including the gradual elimination
of the time-honored staple of embassy communication: the embassy cable.


"Now that we've got to this state of the art, we've got a program to
make sure we stay there," he said.
*******************************
Government Computer News
10/29/03 
White House: Web site doesn?t steer clear of Iraq 
By Joab Jackson 

The White House today dismissed charges that its Web site was
deliberately guiding search engines away from pages about Iraq, saying
its Web team was only trying to avoid duplication. 

?It?s lubricious,? said White House spokesman Jimmy Orr, replying to
charge issued by a Democratic Party Web site. 

Search engine spiders, which index content on the Internet, were directed
away only from indexing duplicate pages, Orr said. 

?All the material on the White House Web site is fully searchable by our
search engine,? Orr said. 

Orr was responding to a minor tempest arising from a Web page authored by
Keith Spurgeon, a New York resident who works in the Internet industry.

On Oct. 24, Spurgeon noticed that the White House Web site carried
instructions for search engines not to index certain White House Web
pages about Iraq. 

Internet search engines such as Google use spiders to crawl through Web
sites and index the contents. 

Frequently indexed sites often post a file, called ROBOTS.TXT, that
instructs spiders to not index certain pages on that site. These files
usually list pages that have scripts, file-pointers and other forms of
content generally more of interest to computers than potential readers.

Spurgeon, however, said he saw that the White House?s ROBOTS.TXT file
listing 783 files or directories with the term ?Iraq? in their titles,
most of them leading to pages about the recent combat operations in that
country. 

Spurgeon had searched the ROBOTS.TXT file when he noticed that the Google
search engine, owned by Mountain View, Calif.-based Google Inc., had not
indexed all of the White House?s pages. He then found an earlier version
of the White House ROBOTS.TXT file, dating from April 2003, with only 10
instances of the word ?Iraq.? Spurgeon did not speculate on why the White
House disallowed these pages. 

But other observers had no shortage of theories. 

The Democratic National Committee Web log, linking to Spurgeon?s site,
accused the White House of historical revisionism. Google and other
engines keep copies of the pages they index. So not allowing a search
engine to cache a page means that fewer alternate copies of a page will
existand so it will be easier for the White House to change a document
without people noticing. 

Dan Gillmor, a technology columnist for the San Jose Mercury News,
speculated on his Web log: ?Perhaps the White House doesn't want to make
it easy for people to compare its older statements about Iraq with
current realities.? 

The pages that were listed were duplicate pages, Orr said. Last summer,
the White House set up a section of the site devoted of issues relating
to Iraq at
www.whitehouse.gov/infocus/iraq/index.html.

Although this section has a different look-and-feel from the rest of the
White House site, it uses many documents that are also posted elsewhere
on the site, such as press releases relating to the combat effort.

The ROBOTS.TXT file lists those documents that appear in multiple places
on the site, Orr said. The staff wanted to reduce the number of duplicate
items that someone would see by doing a search on the site. 

Although agreeing most of the pages are duplicates, Spurgeon maintains
that the file does have pointers to pages without duplicates. 

?We?ve tried to eliminate redundancies on the site,? Orr said. Orr
oversees administration of the White House site, which has about 33,000
documents. A staff of 10 people manages the site, he said.
*******************************
CNET News.com
U.K. plans to extradite spammers
Last modified: October 30, 2003, 7:54 AM PST
By Reuters 

British lawmakers hope to use a new tactic to stop the torrent of junk
e-mail that floods in from overseas: Extradite the mass-mailers and bring
them to trial in the United Kingdom. 

"Spammers are no longer an irritant; they are a threat,'' British
Member of Parliament Brian White said Thursday. The United Kingdom last
month was the second European Union country after Italy to criminalize
spam in a law that goes into effect in December.

But the law has drawn criticism from antispam crusaders who say it will
be powerless to stop the flood of messages at the source. The majority of
spam originates overseas, and in particular, the United States, industry
experts say. 

While initially, extradition would be used to target spammers, it could
be expanded to include suspects in other cybercrime cases such as
virus-writing and hacking, White added. 

White said he and fellow British lawmakers traveled to the United States
earlier this month where they talked to FBI officials about extraditing
American spammers who violate British laws. 

"The FBI's reaction was, subject to the individual case, they
couldn't see any problem with it,'' he said. 

U.K. and U.S. law enforcement authorities have a long history of
cooperation in criminal matters, a relationship that has only grown
stronger in the wake of the Sept. 11, 2001, attacks in America and their
subsequent crackdowns on subversive groups. 

The rise of spam, that flood of unsolicited e-mail offering everything
from porn and cheap mortgages to a full head of hair, has become an
urgent matter for lawmakers around the world. 

Lately, law enforcement officials have begun to crack down on spam as a
growing amount contains child pornography and as spam messages have been
used in a spate of recent fraud scams that target online banking
customers. 

White said spammers could be extradited if they violated the Computer
Misuse Act, a 13-year-old U.K. law that makes it illegal to tamper with
and damage another user's computer. 

Therefore, a spammer who sends e-mails that contain viruses or Trojans,
programs capable of taking over another user's computer, would be grounds
for extradition, White said. 

"The majority of spam is either breaking the law regarding fraud,
obscenity, child pornography, or (distribution and marketing) of
prescription drugs. We wouldn't get every spammer under all three of
those laws, but you could get a majority,'' he added. 

The challenge for prosecutors will be building a strong enough case
linking spammers with a particular crime as most operate under aliases
and have effectively disguised their whereabouts. 

Story Copyright  © 2003 Reuters Limited.  All rights
reserved.
*******************************
MSNBC
E-mail providers try to stop spam 
Engineers tinkering with technical architecture of service 
By Jonathan Krim
THE WASHINGTON POST 
 
Oct. 30  Congress recently edged closer to passing the nation?s
first law to curb e-mail spam, but those who work under the Internet?s
hood are attacking the problem from another angle.

      RATHER THAN trying to flag and prohibit
unsavory messages, as a Senate bill that passed last week would attempt,
they are tinkering with the technical architecture of e-mail so that
computers will be able to recognize good mail. 
       Then, the theory goes, it is a
relatively simple matter to block all other e-mail from getting
through.
       For the past nine months, several
separate initiatives by technologists at e-mail and Internet provider
companies have sought to crack the problem, but solutions have been
elusive. A major hurdle is that spammers exploit the very attributes of
e-mail that help make it popular: Anyone can send mail directly to anyone
else and can do so anonymously if they choose.
       The result is that it can be
difficult to sort good from bad. Not only can spammers devise fictitious
Internet addresses to mask their locations, but increasingly they are
forging the addresses of legitimate individuals and companies.
       Now, efforts to make such identity
?spoofing? more difficult are beginning to yield results. The software
code for one such approach, put forth by a small e-mail account company
in Philadelphia, was made available this week.
      Meanwhile, a trade group of direct
e-mailers issued a blueprint for its system last month. 
       And Microsoft Corp., America Online,
Yahoo Inc. and EarthLink Inc.  the top Internet provider and e-mail
account companies that joined together to work on the problem last
spring  are close to an announcement on a ?trusted sender?
system.
       ?We have to allow legitimate senders
of e-mails to distinguish themselves from spammers,? said Harry Katz, a
program manager at Microsoft.
       
DIFFERING APPROACHES
      The approaches by the different groups
vary, but they all hinge on retooling e-mail so that servers  the
computers that power networks of other computers  can mark mail that
is sent as trusted and identify those same characteristics when the
e-mail is received. 
       ?The impunity of anonymity? for bulk
mailing must be stopped, said J. Trevor Hughes, executive director of the
Network Advertising Initiative, a consortium of companies that do bulk
e-mailing for firms marketing products and services.
       Last month, the group unveiled the
first outlines of a plan, dubbed Project Lumos, to certify e-mail and to
electronically measure the reputations of bulk mailers. 
       Like other initiatives, the plan
relies on bulk e-mailers voluntarily adopting a set of technical
standards for adding information to the ?header? portion of a message,
which provides routing information for the Internet?s e-mail 
system.
       Internet account providers such as
AOL, Yahoo, Microsoft and EarthLink would adjust their incoming mail
servers to recognize the new information and block mail sent in bulk that
does not include the information.
       To be certified, bulk mailers would
have to agree to abide by rules that would require them to take certain
actions, such as providing easy ways for consumers to stop getting
messages. The system also creates an electronic scoring system that rates
mailers based on the number of complaints they receive for failing to
comply with the rules, and incoming mail servers could block mail from
mailers with low compliance.
       The proposal and other such efforts
are being followed closely by a loose federation of organizations that
govern the Internet?s plumbing.
       ?Project Lumos is a well-thought-out
proposal,? said Paul Q. Judge, chief technology officer for CipherTrust
Inc., a Georgia-based e-mail security firm. He also is co-chairman of the
Anti-Spam Research Group, one of many such groups under the umbrella of
the Internet architecture board.
       
PREVENTING ADDRESS FORGING
      Another system, known as SPF, for senders
permitted from, simply seeks to stop spammers from hiding behind
fictitious Internet addresses or forging the addresses of others, a
tactic known as ?Joe-jobbing.?
       ?People get Joe-jobbed every day,?
said Meng Wong, chief technology officer and founder of Pobox.com, a
Philadelphia-based e-mail account provider. ?Spammers forge their e-mail
address and then send huge spams. The only thing their [Internet
provider] can do is to shut off their mail.?
       Under Wong?s system, companies that
operate outgoing mail servers would electronically ?publish? the numeric
Internet addresses of all confirmed machines that send mail from its
domain.
       Every Internet-connected computer is
assigned such an address by its Internet account provider.
       When an e-mail arrives that purports
to be from an aol.com address, for example, the incoming mail server
could check to see whether it is indeed coming from a numeric Internet
location that AOL has assigned. If not, the AOL address has been spoofed,
and the mail would be rejected. 
       If AOL account holders are spamming,
they can be easily found.
       Wong acknowledged that his system
would not work if a spammer is exploiting a worm that allows him to
actually commandeer another computer and launch spam from that machine.
In that case, the spam is coming from a legitimate source, even though
the owner has nothing to do with it.
       Wong said that Internet providers
have expressed interest in his system and that one spam-blocking software
company, SpamAssassin, will include it in its next version.
       Katz of Microsoft said that the
working group of top Internet providers plan to have an announcement of
its system in the coming weeks.
       Katz said that to be effective, any
of these new initiatives will require a ?tipping point,? or a threshold
of participants after which a firm that did not join in would be at risk
of losing business.
       A spokesman for America Online said
that identifying good mail is ?an elixir, not a panacea.? He added that
his company remains committed to its filtering system as well as to
collaborative research on other approaches.
       Hans Peter Brondmo, one of the
technical architects of the Project Lumos initiative and a senior vice
president at bulk mailer Digital Impact Inc., said he does not know whose
initiative will prevail, but he thinks the first step will be an Internet
address check along the lines of Wong?s plan by the end of this
year.
       But a broader solution is at least a
year away, he said.
       ?I?m reasonably good with crystal
balls, but not so good with timing,? Brondmo said.
*******************************
Wired News
U.S. to Install Biometric Screens  
12:56 PM Oct. 29, 2003 PT

WASHINGTON -- The public got its first look Tuesday at fingerprinting and
photo equipment that will be installed at 115 airports and 14 seaports to
check identities of millions of foreign visitors. 

The equipment, which goes into use Jan. 5, will allow inspectors to check
identities of visitors against those on terrorist watch lists.

"This gives us the ability to know those who would violate a visa or
overstay a visa," said Asa Hutchinson, undersecretary for Border and
Transportation Security in Homeland Security. 

A General Accounting Office report issued last month called the system
"a very risky endeavor" with daunting goals, likely high costs
and details that had yet to be worked out. The GAO said the system could
lead to long lines at ports of entry. 

But Hutchinson said it will add only a few minutes to the inspection of a
traveler while significantly enhancing national security. 

Travel industry groups have voiced concern in the past that the system
could hurt the industry. Members of the Travel Industry Association of
America were meeting with Hutchinson about the new system Tuesday.

"It has to be effective and in fact improve security, and it has to
do it without adding a really onerous burden to travelers to the United
States," said Dexter Koehl, an association spokesman. 

The system consists of a small box that digitally scans fingerprints and
a spherical computer camera that snaps pictures. It will be used for the
estimated 24 million foreigners traveling on tourist, business and
student visas who enter through an airport or seaport. 

Fifteen of the 19 Sept. 11, 2001, hijackers entered the United States
legally on travel visas. Three were admitted with business visas. The
19th entered on a student visa. At least three of the hijackers had
expired visas. The new system will gradually phase out a paper-based
system that Congress mandated be modernized following the attacks.

The "exit" portion of the system to ensure visitors leave when
required still is being developed, but officials showed off an electronic
kiosk, much like those used to dispense e-tickets at airports. The kiosk
would allow foreigners to scan documents and provide fingerprints as they
leave. 

A person whose fingerprints or photos raise questions would not be turned
away automatically. The visa holder would be sent to secondary inspection
for further questions and checks. False hits on the system have been less
than 0.1 percent, officials said. 

Training on the system and a tryout will begin next month at the Atlanta
airport. Originally, the system was scheduled to begin operation Jan. 1,
but Hutchinson said its debut was delayed to avoid the busy holiday
travel period, a decision made after consultation with industry groups.

Congress provided $368 million to produce the system and put it in
airports, but only provided $330 million of the $400 million President
Bush requested to put the system in land borders in 2004. 

Hutchinson said the lower appropriation could affect meeting deadlines
for next year. He said he does not anticipate a user fee like the $100
foreign students may pay to cover the costs of a student tracking
system.
*******************************
Australian IT
Spammers using Matrix as bait to plant trojans
By Sam Varghese
October 29, 2003

Another day, another little bit of social engineering by spammers in a
bid to use email and trick users into downloading trojans to their
computers. 

This time the bait being used is a download of Matrix Revolutions, the
third film in the series which is due out in November. 

Canberra-based sysadmin Daniel McNamara, who did a spot of investigation
after he received one such email, said it purported to offer a download
to the first 1000 users. 

The email reads: 
Matrix Revolution is coming out on 5th of November. 
You don't have to catch your cinema ticket up. 
Only 1000 people can download its FULL movie from our site. Get it now
before too late! 

The images in the email link to a genuine movie site; the text hyperlinks
go to a bogus site. 

McNamara followed the trail using the text browser elinks on a Linux
machine to avoid getting his own machine infected. Such trojans only work
on computers running the Windows operating system.

His investigation led him to conclude that a trojan which reports back to
an internet relay chat server is planted on the computer of those who
visit the site. 

"I can't be 100 percent sure that this is the case as I don't have a
sacrificial machine to use for tracking," he said. "I'll pass a
copy of the trojan on to the major anti-virus companies and let them
complete the job."
*******************************