[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips November 21, 2003

Clips November 21, 2003

ARTICLES

Probers Say Blackout in August Was Avoidable
Dean Calls For New Controls on Business
Lawmakers Approve Expansion of F.B.I.'s Antiterrorism Powers
Court to FBI: No spying on in-car computers
Judge rules in favor of pop-up purveyor
Hollywood chief says movies could be on Internet by 2005
UN: Scandinavia Ahead in Internet Access
TSA awards Unisys airport security contract
U.S. Cracks Cown on Cybercrime
A Patented Way To Preempt The Spammers
Internet voting stirs debate in Michigan
Police go high-tech in crackdown on stolen cars
Federal Aid Urged to Boost the Domestic Workforce in Science
Hackers Live by Own Code

*******************************
Washington Post
Probers Say Blackout in August Was Avoidable
By Peter Behr
Thursday, November 20, 2003; Page A01

The massive Northeast blackout on Aug. 14 was a "preventable" failure, a U.S.-Canadian investigative report said yesterday, concluding that a major Ohio utility violated guidelines meant to protect the power grid and didn't know that its control room computer systems had stopped working two hours before the final outage.

The three-month task force investigation, headed by the Department of Energy and its Canadian counterpart, accuses FirstEnergy Corp. of Akron, Ohio, of failing to warn other control centers on the grid until it was too late.

The report also said that FirstEnergy's control room operators were not adequately trained and that the company failed to trim trees low enough to keep its transmission lines from hitting limbs, causing short circuits that tripped out crucial power lines on its system.

One power line after another went out in a chain reaction, and with each outage the heavy volume of power flowing through Ohio toward Canada and the U.S. East Coast built up on remaining lines until finally the overloading became unmanageable.

Shortly after 4:10 p.m., huge power surges swept through Michigan and then into New York, knocking out power from Manhattan to Toronto to Detroit.

The guidelines for grid operations are voluntary, and utilities that violate them are not penalized.

Energy Secretary Spencer Abraham said the blackout investigation drives home the need for operating rules, backed up by fines to punish violators.

"There need to be consequences that are well known and enforceable . . . very serious consequences," Abraham said yesterday at a news conference.

The energy bill before the Senate would impose mandatory rules and provide for penalties, and Abraham urged Congress to approved it.

Michehl Gent, president of the North American Electric Reliability Organization, which now oversees voluntary grid guidelines, said detailed audits will be made of grid control rooms around the country.

FirstEnergy's system had not been audited by his organization, he said.

The task force's findings are in line with criticism of FirstEnergy that surfaced days after the blackout.

But the Energy Department and Canadian officials heading the investigation did not examine why rules were broken or whether FirstEnergy's management had contributed to problems.

"We started to look at those issues, and then stopped," one member of the investigative team said.

Abraham said that further findings will be made after public hearings on the report are held next month in both countries. But he said the critical factor was the equipment failure that kept FirstEnergy from spotting the line outages.

"Their lack of awareness precluded them from taking the preventive steps that could have been done," Abraham said.

FirstEnergy said yesterday that the investigation had failed to take into account other disruptions on the grid outside its control.

"We believe there were hundreds of things that were abnormal on this day that have to go into the equation," said Charles E. Jones, FirstEnergy's senior vice president for delivery.

Jones said heavy loads of power being transmitted through Ohio added critically to the stress on the system, but the task force report did not agree.

The company never discussed voluntarily cutting off power to some of its customers, called "load shedding," to ease congestion on the remaining power lines, Jones said, and he questioned why FirstEnergy should have been forced to do that.

"That's another fundamental issue -- the suggestion that we should interrupt 1,500 megawatts of load to our own customers to allow the grid to make these long-distance transmissions through our system," Jones said.

The report describes the helplessness of grid operators and security coordinators whose computer systems were not operating properly, leaving them blind to the rapid deterioration of the grid.

There are no indications that computer hackers or sabotage was involved, the report said.

In one case, a technician had repaired a system earlier in the afternoon. But the technician forgot to turn on a feature that updated information every five minutes, preventing it from operating normally, the report said. "Thinking the system had been successfully restored, the analyst went to lunch," the report said.

This error at a control room of the Midwest Independent Transmission System Operator in Carmel, Ind., left it unable to track the grid's growing problems, the report said.

Another key failure involved the loss at 2:14 p.m. of alarm functions on computer systems in FirstEnergy's main control room. They monitor power conditions on its grid and are meant to alert operators to reduce overloading, the report said. With the alarms not working, operators missed readings on computer monitors that would have signaled the need to take emergency actions, the report said.

"Without a functioning alarm system, the FE [FirstEnergy] control area operators failed to detect the tripping of electrical facilities essential to maintain the security of their control area."

The loss of the alarm capability was followed by other computer malfunctions in the control room.

"However, for over an hour no one in the FE control room grasped that their computer systems were not operating properly," even though company technicians were working on the problems, the report said.

Unlike other grid control centers, FirstEnergy's does not have a computerized map board showing conditions on major lines and at power plants -- another weakness in its system, the report said.

Outside analysts studying the blackout have questioned whether FirstEnergy should have seen that its systems were malfunctioning and at least alerted others on the grid.

Jones said the company realized after about an hour that its computers weren't working as intended.

"But we had no knowledge of the extent of it," Jones said. The company sent operators to power substations to read meters on flows and report the information by telephone, but by then the situation was deteriorating too rapidly.

Abraham said that because grid guidelines were voluntary at the time of the blackout, it is not clear whether any federal action could be taken.

Ohio Gov. Bob Taft (R) has asked the state's Public Utility Commission to order FirstEnergy to upgrade its transmission maintenance and operations procedures. But state regulators' oversight covers the smaller distribution power lines within communities, not the high-voltage transmission system, which is a federal responsibility.
*******************************
Washington Post
Dean Calls For New Controls on Business
Democrat Seeks 'Re-Regulation'
By Jim VandeHei
Wednesday, November 19, 2003; Page A09

HOUSTON, Nov. 18 -- After years of government deregulation of energy markets, telecommunications, the airlines and other major industries, Democratic presidential candidate Howard Dean is proposing a significant reversal: a comprehensive "re-regulation" of U.S. businesses.

The former Vermont governor said he would reverse the trend toward deregulation pursued by recent presidents -- including, in some respects, Bill Clinton -- to help restore faith in scandal-plagued U.S. corporations and better protect U.S. workers.

In an interview around midnight Monday on his campaign plane with a small group of reporters, Dean listed likely targets for what he dubbed as his "re-regulation" campaign: utilities, large media companies and any business that offers stock options. Dean did not rule out "re-regulating" the telecommunications industry, too.

He also said a Dean administration would require new workers' standards, a much broader right to unionize and new "transparency" requirements for corporations that go beyond the recently enacted Sarbanes-Oxley law.

"In order to make capitalism work for ordinary human beings, you have to have regulation," Dean said. "Right now, workers are getting screwed."

In a speech here Tuesday night, one mile from the Enron Corp. headquarters, Dean sought to place this idea into a new and broader campaign context: a "new social contract for the 21st century" to restore public trust in corporations, national leaders and U.S. military might. Dean blamed President Bush for eroding the public's faith in these institutions with his policies over the past three years.

"At Enron, those at the top enriched themselves by deceiving everyone else and robbing ordinary people of the future they'd earned," Dean said. "The Bush administration is following their lead."

Dean has excited core Democratic voters with a relentless assault on corporations and the rich, and he is moving quickly to stake a position as the candidate with the boldest plans for tempering the influence and power of U.S. businesses. If the economy continues to rebound, Democratic strategists say, Dean's proposal may offer a way for the party to frame the debate over jobs, income and fairness.

Dean said in the interview that "re-regulation" is a key tool for restoring trust. In doing so, he drew a sharp distinction with Bush, an outspoken advocate of free markets who wants to further deregulate media companies and other key sectors of the economy.

Dean also continued his clear break from Clinton's "New Democrat" philosophy of trying to appease both business and workers with centrist policies. Earlier in the campaign, Dean reversed his prior support for Clinton's free-trade agreements with Mexico, Canada and China.

Many Republicans typically characterize looser rules and mandates on business and trade as key facilitators of economic growth.

While Bush eventually backed new regulations for, among others, the accounting industry in the wake of the Enron, WorldCom and other corporate scandals, his administration has rolled back environmental and workplace regulations many Democrats want restored. Bush is fighting some in his own party to loosen the rules for media ownership. "I certainly would reverse media deregulation," Dean said. "I would go back to the limitations on how many stations you can own in a given market."

Virtually all Democratic candidates are making the fight against corporate influence a centerpiece of their campaign. The latest example: Every Democratic presidential candidate save Sen. Joseph I. Lieberman (Conn.) has come out strongly in opposition to the GOP deals on energy and Medicare, and has criticized them as gifts to big Republican corporate campaign contributors. Yet, Dean appears to getting the most traction on this front.

Voters are clearly hungry for government efforts to force better corporate behavior, especially with scandals hitting such industries as mutual funds and accounting, pollsters say. At the same time, they are unlikely to accept the price spikes that Republicans and some Democrats warn could accompany some new regulations.

Dean, who talked at length about the historical ebb and flow of regulation, said there is a "danger" to pushing his re-regulation movement too far. But under Bush, "deregulation has increased the corporate power enormously," he said.

As governor of Vermont, Dean advocated deregulation, angering some environmentalists. But the events of the past two years have convinced him deregulation is to blame for many of the nation's problems.

"California is proving it does not work," he said. "I think the reason the grid failed is because of utility deregulation."
*******************************
New York Times
November 20, 2003
Lawmakers Approve Expansion of F.B.I.'s Antiterrorism Powers
By ERIC LICHTBLAU

WASHINGTON, Nov. 19  Congressional negotiators approved a measure on Wednesday to expand the F.B.I.'s counterterrorism powers, despite concerns from some lawmakers who said that the measure gave the government too much authority and that the public had been shut out of the debate.

The measure gives the Federal Bureau of Investigation greater authority to demand records from businesses in terrorism cases without the approval of a judge or a grand jury. While banks, credit unions and other financial institutions are currently subject to such demands, the measure expands the list to include car dealers, pawnbrokers, travel agents, casinos and other businesses.

The expansion, included in the 2004 authorization bill for intelligence agencies, has already been approved by both the House and the Senate, and lawmakers from both chambers approved the provision as part of the larger bill in a private session late Wednesday, officials said. Law enforcement officials said the F.B.I. would gain greater speed and flexibility in tracing suspected terrorist money.

Senator Richard J. Durbin, Democrat of Illinois, introduced a motion to limit the life of the new law, but it was defeated on a party-line vote.

"I'm concerned about this," Mr. Durbin said in an interview. "The idea of expanding the powers of government gives everyone pause except the Republican leadership."

The approval came despite 11th-hour concerns raised by five Democrats and a Republican on the Senate Judiciary Committee, who questioned why their panel  which has responsibility for overseeing the F.B.I.  was shut out of any discussion on the little-noticed proposal.

In a letter this week to the Senate intelligence committee, the senators urged the panel, which does much of its work in secret, not to move ahead with such a significant expansion of the F.B.I.'s powers without further review. They said public hearings, public debate and legislative protocol were essential in legislation involving the privacy rights of Americans.

The letter was signed by Senator Larry E. Craig, Republican of Idaho, and five Democrats: Mr. Durbin, and Senators Patrick J. Leahy of Vermont, Russell D. Feingold of Wisconsin, Edward M. Kennedy of Massachusetts and John Edwards of North Carolina.
*******************************
CNET News.com
Court to FBI: No spying on in-car computers
Last modified: November 19, 2003, 12:07 PM PST
By Declan McCullagh
Staff Writer, CNET News.com

The FBI and other police agencies may not eavesdrop on conversations inside automobiles equipped with OnStar or similar dashboard computing systems, a federal appeals court ruled.

The 9th Circuit Court of Appeals said Tuesday that the FBI is not legally entitled to remotely activate the system and secretly use it to snoop on passengers, because doing so would render it inoperable during an emergency.

In a split 2-1 rulingthe majority wrote that "the company could not assist the FBI without disabling the system in the monitored car" and said a district judge was wrong to have granted the FBI its request for surreptitious monitoring.

The court did not reveal which brand of remote-assistance product was being used but did say it involved "luxury cars" and, in a footnote, mentioned Cadillac, which sells General Motors' OnStar technology in all current models. After learning that the unnamed system could be remotely activated to eavesdrop on conversations after a car was reported stolen, the FBI realized it would be useful for "bugging" a vehicle, Judges Marsha Berzon and John Noonan said.

When FBI agents remotely activated the system and were listening in, passengers in the vehicle could not tell that their conversations were being monitored. After "vehicle recovery mode" was disabled, the court said, passengers were notified by the radio displaying an alert and, if the radio was not on, the system beeping.

David Sobel, general counsel at the Electronic Privacy Information Center, called the court's decision "a pyrrhic victory" for privacy.

"The problem (the court had) with the surveillance was not based on privacy grounds at all," Sobel said. "It was more interfering with the contractual relationship between the service provider and the customer, to the point that the service was being interrupted. If the surveillance was done in a way that was seamless and undetectable, the court would have no problem with it."

Under current law, the court said, companies may only be ordered to comply with wiretaps when the order would cause a "minimum of interference." After the system's spy capabilities were activated, "pressing the emergency button and activation of the car's airbags, instead of automatically contacting the company, would simply emit a tone over the already open phone line," the majority said, concluding that a wiretap would create substantial interference.

"The FBI, however well-intentioned, is not in the business of providing emergency road services and might well have better things to do when listening in than respond with such services to the electronic signal sent over the line," the majority said.

In a dissent, Judge Richard Tallman argued that a wiretap would not create unnecessary interference with emergency service and noted that "there is no evidence that any service disruption actually occurred. The record does not indicate that the subjects of the surveillance tried to use the system while the FBI was listening. One cannot disrupt a service unless and until it is being utilized.

"The record indicates that the only method of executing the intercept order in this case involved activating the car's microphone and transferring the car's cellular telephone link to the FBI. This conduct might have amounted to a service disruption, had the subjects of the surveillance attempted to use the system, but there is no evidence that they did."

The majority did point out that the FBI cannot order the system to be changed so that the emergency functions would work during surveillance. Congress ordered telephone companies to do just that in the 1994 Communications Assistance for Law Enforcement Act, but current law does not "require that the company redesign its system to facilitate surveillance by law enforcement."

General Motors did not immediately respond to a request for comment on Wednesday. Its OnStar privacy policy says: "OnStar may disclose personal information if required to do so by law on (sic) in the good faith belief that such disclosure is reasonably necessary to comply with the legal process...OnStar cannot accept any responsibility for accidental or inadvertent disclosure, unauthorized access or for other disclosure as required by law or described in this policy."

The decision is binding only in California, Oregon, Nevada, Washington, Hawaii, and other states that fall within the 9th Circuit's jurisdiction. No other appeals court appears to have ruled on the matter.
*******************************
CNET News.com
Judge rules in favor of pop-up purveyor
Last modified: November 19, 2003, 4:00 PM PST
By Stefanie Olsen
Staff Writer, CNET News.com

A federal court judge dismissed Wells Fargo's motion to block a software maker that launches rival pop-up advertisements when customers access the bank's Web site.

Judge Nancy Edmunds of the U.S. District Court of Michigan's Southern Division on Wednesday denied Wells Fargo's motion for a preliminary injunction against WhenU, a distributor of free advertising software, that was aimed at disarming the pop-up purveyor. The judge also issued a memorandum opinion on the case.

Wells Fargo and plaintiff Quicken Loans charged that WhenU violated their copyrights and trademarks by delivering ads for rival Web sites to consumers while they were visiting their own sites.

"The fact that some WhenU advertisements appear on a computer screen at the same time (the) plaintiffs' Web pages are visible in a separate window does not constitute a use in commerce of the plaintiffs' marks," Judge Edmunds wrote as one of the arguments against an injunction.

While only a preliminary opinion, it echoes an earlier judgment in favor of WhenU in its case against U-Haul International. Like Wells Fargo and a handful of other litigants, U-Haul had charged WhenU with trademark and copyright violations, among other complaints, as a result of pop-ups for competing movers that appeared on U-Haul's Web pages. In September, a Virginia U.S. District Court judge granted a motion for summary judgment in favor of WhenU.

WhenU makes software that tracks the movement of Web surfers and serves up targeted ads to those who are likely to make a purchase. For example, an ad for travel site Priceline.com might appear while a surfer is visiting Travelocity.com. The software is bundled with other popular downloads, such as peer-to-peer software BearShare or weather applications, that consumers use for free by agreeing to receive occasional ads. About 30 million Net users have WhenU's software on their desktops.

"The fact is that the computer user consented to this detour when the user downloaded WhenU's computer software," the judge's summary read. "While pop-up advertising may crowd out the U-Haul advertisement screen through a separate window, this act is not trademark or copyright infringement, or unfair competition."

These decisions could add up to approval for a controversial sector of online advertising--and lend a hand in a more well-known case that involves "adware" company Claria, formerly Gator. Like WhenU, Claria develops an Internet "helper" application that often comes bundled with popular free software such as peer-to-peer applications. When downloaded, the programs from Claria and WhenU serve pop-up and pop-under ads to people at various times while they're surfing the Web or when they visit specific sites.

Gator's software has landed it in court against The Washington Post, catalog retailer L.L. Bean and hotel chain Extended Stay America. In February, Gator settled a case brought by The Washington Post, and its other lawsuits have been consolidated and will be decided by the Judicial Panel on Multidistrict Litigation in Washington, D.C.

Wells Fargo characterized the decision as "a set back" for consumers.

"This form of advertising can create confusion for impacted customers who visit financial sites and believe the offers they are receiving are from that financial institution," according to a Wells Fargo representative. "The source of these pop-up advertisements may not always be clear to the customer. It's important for customers to know who they are dealing with online, and we took action to eliminate this source of confusion for our customers."
*******************************
USA Today
Hollywood chief says movies could be on Internet by 2005
By Sharon Theimer, Associated Press
Posted 11/19/2003 7:28 PM

WASHINGTON  Americans could be watching newly released movies via the Internet as soon as mid-2005 as the industry speeds development of a secure delivery system, Hollywood's chief lobbyist said Wednesday.
"I really do believe that we will be able to have some  maybe by this time next year  we'll be able to have the beginnings of some really sturdy, protective clothing to put about these movies," Motion Pictures Association of America chief executive Jack Valenti said in an interview with The Associated Press.

Valenti said he would like to see movies go straight from the big screen to the Internet, where customers could download or view them on demand well before DVDs and videos reach the store shelves. "We want to use the Internet," he said.

Fighting piracy it says is putting its financial health at risk, Hollywood is working with high-tech experts, including Microsoft, Hewlett-Packard and universities, to develop a secure system for delivering movies, he said.

Valenti said the industry has no current plans to sue pirates, as the music industry is doing, but isn't ruling it out because he has seen surveys showing music piracy is being taken more seriously since the lawsuits began early this year.

"As long as stealing movies and music is high-reward and no risk, people are going to do it," Valenti said.

Valenti, a lifelong Democrat, said California's new Republican governor, Arnold Schwarzenegger, could be exactly what the budget-strapped state needs and he urged the media to give the former actor a chance.

"He's going to shake up things," said Valenti, who attended the governor's inauguration this week. "Do not write him off. If anyone can do it, he can do it."

During the interview with the AP, Valenti, a political consultant who was in the motorcade in Dallas 40 years ago when John F. Kennedy was assassinated, gave a poignant recounting of that day and how Lyndon B. Johnson brought him back to Washington on the plane with Kennedy's body to work in the White House.

Valenti called it a day "that will live in perfidy." Even now he recalls every second, from Jackie Kennedy's refusal to change her bloodstained blouse to his first assignment from Johnson: to track down the wording of the oath of office so Johnson could be sworn in as president aboard Air Force One.

"It is so seared in my memory I literally, sometimes at night  not often, but once or twice a year  I relive that day," Valenti said. "Because it was an apocalyptic intrusion. I think the nation's life changed and I can assure you mine radically changed."

Valenti expressed outrage over a television documentary that aired this week on the History Channel alleging that Johnson helped plot Kennedy's assassination. Valenti called it the "slimiest piece of garbage I've ever seen on television."

He and others have issued a statement condemning it. The History Channel has said the film was meant to present a point of view and that the channel wasn't saying the Johnson theory was correct.

On other issues, Valenti:

? Said he didn't see any need for movies to include smoking but wasn't ready to make it a factor in the movie rating system. Valenti said that he feels it is a free-speech issue and that directors should be allowed to have film characters smoke. He noted that tobacco is a legal product and said he was concerned that considering it when rating movies could lead for pushes to include liquor and other legal products in the ratings.

? Said he plans to step down as chief executive officer of the motion picture association within the next several months but remain on as chairman. Valenti said he would prefer to see someone familiar with Washington such as a former Cabinet secretary or member of Congress take over as the lobby group's chief. Members of the film industry he sought out as possible successors weren't interested, he added.
*******************************
Associated Press
UN: Scandinavia Ahead in Internet Access
Wed Nov 19, 3:05 PM ET
By ALEXANDER G. HIGGINS, Associated Press Writer

GENEVA - Scandinavia tops the world in access to the Internet and other communications technologies, but South Korea (news - web sites) and other Asian countries are catching up fast, the U.N. communications agency said Wednesday.


Sweden came in first in the Digital Access Index, followed by Denmark and Iceland, while Norway was fifth, said the International Telecommunications Union.


"Their presence at the top reflects that region's traditional emphasis on equitable access, affinity for technology and top-notch infrastructure," the ITU report said.


South Korea, world leader in high-speed "broadband" access, came in fourth. South Koreans are heavy users of the Internet for games, chatting and other purposes.


Filling out the top 10 in order were the Netherlands, Hong Kong, Finland, Taiwan and Canada.


The United States was 11th, held back in part by its underdeveloped mobile phone system, said Michael Minges, author of the report. The U.S. government also has done little to encourage competition among service providers, so prices remain relatively high compared with Asia, where government-encouraged competition is strong, he added.


The study measured 178 countries on a range of criteria, including the number of telephone lines and mobile phones per inhabitant, the cost of going online, national literacy, the speed of connections available and the percentage of inhabitants who are Internet users.


The study compared the top 40 countries in 2002 with separate data it collected that showed the situation in 1998 to see how much change there had been.


"Over the past four years there's been a big shift," said Minges. "It's really moving toward Asia and away from the English-speaking nations."


South Korea has been rising fastest, up 20 places between 1998 and 2002. Taiwan rose 13 places during the same period, Hong Kong six, Singapore five and Japan four.


"They're all Asian," said Minges. "In none of these countries is English the mother tongue. Yet they've done exceedingly well. And look at the countries that have dropped the most. They're all Anglophone countries."


Britain dropped three places during the period, Canada and the United States each went down five, Australia was down eight and New Zealand nine.


"This is completely contrary to everything that we've heard, that English is an advantage, if you don't speak English you're behind," Minges said.


At the other end of the scale, most of the countries at the bottom of the list are among the least-developed African nations.


"In those countries it is going to be very difficult to do anything," said Minges. "There's hardly any infrastructure. Levels of literacy and school enrollment are very low. And affordability is just sky high."


The index was prepared for leaders meeting next month in Geneva to discuss the possibility of making Internet access available to everyone on the planet.
*******************************
Government Computer News
11/20/03
TSA awards Unisys airport security contract
By Matt McLaughlin

The Transportation Security Administration has awarded an $8 million contract to Unisys Corp. to test technologies that can be used to improve airport security.

Through the Airport Access Control Pilot Program, Unisys will assess the benefits of biometrics, surveillance systems and other security measures for TSA?s Office of the Chief Technology Officer.

The 20-month, cost-plus, fixed-fee deal could be worth up to $17 million, the company said in a statement.

The company will test biometric technologies such as fingerprinting, facial recognition and iris scanning.

Unisys also is the prime contractor on TSA?s IT managed services contract, under which it will establish a technology infrastructure at 429 airports across the country.
*******************************
Washington Post
U.S. Cracks Cown on Cybercrime
By Curt Anderson
Associated Press Writer
Thursday, November 20, 2003; 11:30 AM

A federal crackdown on a wide range of Internet fraud schemes costing victims an estimated $100 million has resulted in the arrest or conviction of 125 individuals, law enforcement officials said Thursday.

The investigation, dubbed "Operation Cyber Sweep," targets such crimes as stolen credit card numbers, software piracy and the sale of stolen goods over the Internet, said Attorney General John Ashcroft.

"Online criminals assume that they can conduct their schemes with impunity," Ashcroft said. "Operation Cyber Sweep is proving them wrong, by piercing the criminals' cloak of anonymity and prosecuting them to the fullest extent of the law."

The investigation, begun on Oct. 1, has uncovered about 125,000 victims with losses topping $100 million. Seventy indictments to date have led to arrests or convictions of 125 people, with more expected as the probe continues.

The cases range from a Virginia woman who sent fake e-mails to America Online customers asking them to update their credit card numbers to a disgruntled Philadelphia Phillies fan who hacked into computers nationwide and launched spam e-mails criticizing the baseball team.

The crackdown stemmed from indications that Internet fraud continues to rise. The Internet Fraud Complaint Center, run in part by the FBI, referred some 58,000 complaints to law enforcement in the first nine months of 2003 - compared with 48,000 for all of 2002.
*******************************
Washington Post
A Patented Way To Preempt The Spammers
By Jonathan Krim
Thursday, November 20, 2003; Page E01

Odd or surprising new solutions to the e-mail spam problem are always floating around the cyber-realm.

But nothing quite prepared us for a jaw-dropper from AT&T Corp.: a patent that the company received this month on a system for defeating spam filters, those computer programs that help weed out spam before it gets to our e-mail boxes.

This being Washington, the Big Conspiracy Accelerator machine (patent application pending) began to smoke.

Might someone at the respected AT&T research lab be having a little fun, sort of like the patent lawyer who helped his young son get a patent for his side-to-side technique on a tree swing?

Or (the machine has a dark side) could this be AT&T's way of giving its marketing department tips on how to spam successfully, without sending out a memo that might get leaked? The company's telemarketers have, after all, been accused of not honoring consumer requests to stop calling.

(The specifics of an invention in a patent application are not made public while it is under review. This one was filed in 1999.)

Or might the company, which has been struggling financially, see a potential revenue stream in licensing its discovery to spammers?

No, no and no, insist AT&T officials, including Robert J. Hall, the gentleman who came up with the idea. It was, they say, a novel way to try to tackle the spam problem.

Hall asks that people remember how different things were back in 1998, when he began playing with spam technology systems.

Spam was still mostly an annoyance, hardly at the level of today's multibillion-a-year problem that accounts for roughly 60 percent of all e-mail. As a result, there were virtually no laws against it, as there are now in many states.

So Hall reasoned that since he noticed a way to defeat a certain type of filtering technology, it wouldn't be long before spammers would figure it out, too. By patenting it, he thought, he might discourage spammers from using the technique.

"This is a case where I did some mathematical analysis and found a fundamental flaw in these [filtering] techniques," Hall said. "My idea was that maybe we can compensate for that flaw by precluding the use of it. . . . Patent law grants the right to exclude others from using the idea, so I grabbed the high ground."

Suppose, though, that Hall had instead found a way to defeat a cyber-security system that protects thousands of government or corporate computers from hacking. Would AT&T have sought a patent to preclude the hackers, or simply gone to the security vendor and let it know about the flaw?

The latter, said Joe Sommer, an AT&T patent manager.

"I can only speculate, but perhaps as this [Hall's discovery] was up for being filed, there might not have been a meeting to say, 'what is the best thing to do with this?' " Sommer said.

Now that the company has the patent, it is having those discussions, Sommer said. Although the underlying filtering techniques that Hall cracked remain in use, they have evolved well past Hall's means of defeating them.

The company, incidentally, has patents on anti-spam technologies as well.

Meanwhile, back in the legislative jungle:

The lobbying heat is on high for Congress to pass national spam legislation before the end of the year.

The business community, including retailers, direct marketers, Internet providers and the entertainment industry, wants to trump California's new anti-spam law that is scheduled to take effect Jan. 1.

That law, the toughest in the country, was supported by anti-spam activists primarily because it bans all e-mail marketing unless the consumer explicitly requests it.

Pending federal bills -- which would preempt all state laws -- require only that marketers give computer users the chance to "opt out" of future mailings after they have received one. And the bills would require separate opt-out requests for many affiliates of the original marketer.

That exception is especially important to financial services companies, many of which have hundreds of affiliates.

State attorneys general, anti-spam groups and consumer organizations have criticized the bill that has passed by the Senate as being filled with loopholes.

They are especially concerned about provisions that require a "knowledge standard" for marketers before they can be prosecuted for violations. The Federal Trade Commission, which would be largely in charge of enforcement, is similarly concerned about those provisions, arguing that it is hard to prove that marketers intended to break the law.

Although a House bill had different provisions in some areas, sources say the GOP leadership has decided to work from the Senate bill, effectively scrapping the House version.

That makes it likely that federal legislation will pass this year, though opponents will try to amend the Senate bill.

Jonathan Krim can be reached at krimj@xxxxxxxxxxxx.
*******************************
Washington Post
EU Sets Up Internet Security Agency




Thursday, November 20, 2003; 11:34 AM


The European Union governments agreed Thursday to launch an agency to protect the Internet by alerting the public about computer viruses, identity theft and other crimes committed online.

The European Network and Information Security Agency is to be operational in early 2004.

It is to help governments, businesses and consumers protect their computer systems and data and inject some order in the varying approaches EU nations have taken so far to combat Internet crimes.

"Trust and security are crucial components in the information society," Erkki Liikanen, the EU's information society commissioner, said in a statement.

"As information flows freely across national borders, so will the network and information security problems," the EU executive Commission said in a statement.
*******************************
USA Today
Internet voting stirs debate in Michigan
By Nedra Pickler, The Associated Press
Posted 11/20/2003 8:03 AM

WASHINGTON  The Michigan Democratic Party is looking to increase turnout in its presidential caucus through Internet voting, despite criticism that the plan could disadvantage poor and minority voters who are less likely to own a computer.
 
The Democratic National Committee's Rules and Bylaws Committee is set to vote Saturday on whether to approve Michigan's plan, which also allows voting in person or by mail. The decision could affect who will win the state's Feb. 7 caucus with polls showing that Internet voting is a boost to front-runner Howard Dean.

The Michigan plan has become an issue among the rival campaigns. Seven of Dean's opponents joined 20 Michigan voters in protesting it. The group is led by Joel Ferguson, a black DNC member from Lansing, who said Internet voting puts the party's most reliable constituency  blacks and the poor  at a disadvantage.

"Until everybody has the Internet, nobody should have it" as an option in the caucus, he said.

The Michigan Democratic Party says its plan is fair because voters without Internet access have other ways to participate. The plan was adopted in April, before Dean's campaign took off, and party leaders say they did not mean to give any candidate an edge.

"You should not change the rules in the middle of the game," said Debbie Dingell, a DNC committee member from Michigan. "This should not be candidate driven."

Although Dean's rivals are not officially listed on the complaint, some of their aides have been contacting members of the Rules and Bylaws Committee to argue against the plan. Last month, they sent a letter to leaders of the DNC and the Michigan party, arguing the state's plan "creates a clear and colossal digital divide between those who have easy Internet access and those who do not."

Wesley Clark is the only candidate besides Dean who did not object. Jonathan Beeton, spokesman for Clark's Michigan campaign, said Clark supports Internet voting because it expands access and improves democracy.

Beeton said Clark feels confident he can compete against Dean "either by mail, by Internet or at caucus sites."

A poll taken in Michigan last month shows Dean with a slight lead among likely caucus-goers, but his support jumps significantly among those who plan to vote by Internet.

The stakes are high in the decision, with Michigan expected to play a key role in determining the Democratic presidential nominee. The state will have more delegates up for grabs than any of the nine states that come before it.

Registered Michigan Democrats who want to vote by mail or Internet must request an absentee ballot from the state party ahead of time. They will be sent a ballot that can be returned by mail. The ballot also will include a code that can be used to access a Web site for voting.

A hearing officer appointed by the Democratic National Committee ruled in September that no voter will be deprived of participation because of the options to vote by mail or in person. But she required the state party to take additional steps to make voting easier for those who want to participate in the caucuses.

Those steps include increasing the number of caucus sites from 429 to 576; setting up a toll-free hot line to help Internet voters; identifying the location of all publicly available computers with Internet access in minority and low-income areas; and working with community and civil rights groups to publicize those locations.

Michigan Democratic Party Executive Chairman Mark Brewer said the party is already fulfilling the requirements. He said 1,400 terminals with free Internet access have been identified at libraries across the state and the party is searching for more.

Brewer said the party expects Internet voting will double the normal turnout, which is what happened when Arizona allowed Internet voting in its Democratic presidential primary in 2000.

Several DNC officials interviewed Wednesday said they expect the committee to side with the state party.

"This does not eliminate any way that people have voted in the past," said Don Fowler, the former DNC chairman Don Fowler. "It's just an additional way and it's obviously one that will be a wave of the future. I find it ludicrous that anybody would try to make a candidate issue out of this."

Donna Brazile, a committee member helping to bring more blacks to the polls, said she carefully examined whether minorities would be disenfranchised under the Michigan plan. She said with improvements made by the hearing officer, "the access argument sort of melts away."
*******************************
USA Today
Police go high-tech in crackdown on stolen cars
By Jim Suhr, Associated Press
Posted 11/19/2003 6:36 PM     Updated 11/19/2003 6:50 PM

ST. LOUIS  Mayor Francis Slay calls it merely coincidence: Wednesday's rollout of a beefed-up plan to address the rising number of car thefts comes just a week after someone stole his son's Jeep Cherokee from outside the politician's home.
"It just shows it can happen to anybody," Slay said. The theft of the Jeep, the mayor said, came well after police already had planned to step up its assault on auto thefts, up 15% over last year while the city's murder rate chugs toward a 41-year low.

Mirroring trickery used in many other big cities, St. Louis police have embraced using unattended "bait" vehicles with satellite-based tracking systems. The systems can by remote kill the engine of a moving stolen vehicle, slowing it to a stop and locking its doors, trapping the hapless suspect for police.

A surveillance camera stashed inside the vehicle even records the action  a virtual "Candid Camera" for criminals, coming to a courtroom near you.

St. Louis police have arrested more than a dozen would-be auto thieves since deploying their first bait vehicle last month and have reeled in more than 170 suspects since creating an anti-crime task force in August. Authorities now look to make use of three more decoy vehicles.

Police Chief Joe Mokwa says the bait cars are already becoming well-known on the streets. His proof: A repeat offender nabbed in recent days was found to have taken "boulders" along for the ride in a stolen car, planning to shatter the windows to escape if he mistakenly snatched a bait car.

Smiling, Slay said a brick turned up in his son's Jeep after it was found abandoned hours after it was stolen.

Police also will begin doling out stickers that motorists can put on their vehicles, agreeing to let officers pull over those vehicles  typically not driven in the wee hours of the morning  if they're found in use between 1 a.m. and 5 a.m.

Slay and Mokwa also urged auto-theft victims  for various reasons often reluctant to press charges  to follow through in prosecutions, and for jurors to take theft-related charges seriously in returning convictions carrying jail time.

A state lawmaker also pledged Wednesday to introduce a measure early next year that would stiffen penalties for chronic auto thieves. State Rep. Fred Kratky, D-St. Louis, said nothing specific had yet been drafted.

"Make no mistake  auto thieves are going to suffer the consequences," said Mokwa, who has labeled the crime his department's "most-prominent challenge," at least partly because the city in recent months has seen a number of wrecks involving young drivers, some barely teenagers.

Last month alone, a pickup truck believed to be driven by a 13-year-old boy raced down a local street and went out of control, fatally hitting a seventh-grade girl. Just four days later, two boys  ages 12 and 13  were seriously injured when a stolen Jeep they were in crashed after they swerved to avoid children and traffic near their middle school.

Law enforcers suspect several reasons why teens hit the streets with stolen vehicles  or steal them in the first place. Among them: peer pressure, the desire to drive, the pursuit of drug money or simply the thrill of theft.
*******************************
Los Angeles Times
Federal Aid Urged to Boost the Domestic Workforce in Science
More U.S. engineering and other technical jobs are being done by foreigners, a study finds.
By Shweta Govindarajan
November 20, 2003

WASHINGTON  Greater federal assistance is needed to bolster the country's shrinking native-born science and engineering workforce and to encourage more U.S. college students to pursue careers in these fields, the National Science Foundation said Wednesday.

The percentage of college-educated scientists and engineers who are working in the U.S. but were born elsewhere jumped from 14% in 1990 to 22% in 2000, a foundation study of workforce trends reported.

The study also found that among professionals with doctorates in science or engineering who were working in the United States, almost 40% were foreign-born in 2000, compared with 24% in 1990.

Furthermore, women, African Americans, Latinos and Native Americans are less likely than white men to obtain undergraduate degrees in science and engineering, according to the study, which was issued by the National Science Board, the foundation's governing body.

"The number of native-born [professionals] entering the workforce is likely to decline unless the nation intervenes," said Joseph A. Miller, chairman of the National Science Foundation's task force on workforce policies.

Miller said a national investment in "human capital and capabilities" must be made to spur domestic growth in science and technical fields.

"It is important for the federal government to step forward to ensure the adequacy of [a] science and engineering workforce," he said.

In addition, efforts to attract students, particularly women and minorities, to become scientists and engineers must start in high schools with stronger programs in math, science and technology, officials said.

"Today's and tomorrow's economies and workforce requirements are worlds apart from 25 years ago," said Diana S. Natalicio, president of the University of Texas at El Paso and vice chairwoman of the National Science Board. "Young people simply aren't being attracted by these careers."

The study also showed that the number of H-1B visas, which allow companies to sponsor foreign employees with specialized skills for up to six years, had dropped in 2002 compared with 2000  largely because of the economic downturn, officials said. But, the study noted, U.S. dependence on foreign labor without developing a highly skilled domestic workforce is problematic.

"We cannot subsist on a diet of imported aptitude," said Rita R. Colwell, director of the National Science Foundation. Nurturing careers in science and engineering among U.S.-born professionals would "ensure the continued preeminence of this country in the future," she added.

At the same time, immigration policies should continue to let a national and a foreign workforce interact, Colwell said.

"This is not a xenophobic response," she said. Not balancing the labor market with domestic workers, she added, would "cheat our nation on its future."
*******************************
Los Angeles Times
Hackers Live by Own Code
Sure, they break into computer systems, but not always with bad intent. And these tech whizzes do have certain quirky rules of etiquette.
By Joseph Menn
November 19, 2003

It wasn't Mary Ann Davidson's worst nightmare, but it was close.

A fax from a hacker in the Middle East landed on her desk at Oracle Corp., proclaiming the discovery of a hole in the company's database software through which he could steal crucial information from such customers as Boeing Co., Ford Motor Co. and the CIA. The fax warned Davidson, the company's chief security officer, to contact the hacker immediately  or else.

Luckily, the hacker hadn't found a real hole; he'd just misinterpreted a function of the program. More surprisingly, he meant no harm.

"The sort of threatening tone he took was really only to get our attention," Davidson said. "He actually turned out to be a nice guy."

The confrontational style of Davidson's hacker isn't unusual. As they troll through other people's computer networks, hackers abide by their own quirky rules of etiquette. What would strike most folks in corporate America as bad manners or worse may be considered the height of courtesy in hackerdom.

In large part, that disconnect stems from the fierce individualism of hackers  they are, after all, the sort of people who set aside the instruction manual and take a machine apart to see how it works. Though they inhabit a lawless domain where no data are considered private and "No Trespassing" signs are meaningless, they adhere to their own codes of ethics that vary depending largely on what motivates the hacker to hack.

Sometimes it's fame. Now and then it's money. Often it's a selfless desire to make software more secure. And occasionally it's a yearning to wreak senseless havoc.

The frequency of such attacks is on the rise, capped by the Blaster worm and SoBig virus that overpowered e-mail programs and crashed computer systems this summer. Computer Economics Inc. of Carlsbad, Calif., estimates that damage caused by hackers will cost companies and consumers $12.5 billion this year, up 13% from 2002.

Most hackers aren't malicious, security experts agree. But from afar, it can be difficult to distinguish the saboteurs from the merely curious, because they use the same tools, travel in the same virtual circles and often share a disdain for the rule of law.

Their philosophy predates personal computers, going back to the days when pranksters manipulated the telephone system to make free long-distance calls and cause other mischief. The personal rules that guide them today generally allow them to break laws, as long as they believe nobody will get hurt.

Firms Are Fair Game

This maverick outlook is best personified by Kevin Mitnick, either the most notorious hacker or the most demonized, depending on your point of view. He stole millions of dollars' worth of software after cracking into the computer systems of big companies such as Sun Microsystems Inc. and Motorola Inc. But he said he never sold any of it or otherwise profited from his electronic theft.

Mitnick, now 40, served five years in federal prison. Yet that hasn't deterred a younger generation of hackers who view private companies as fair game as long as no data are destroyed or profit turned. For many of them, hacking is just something their curiosity compels them to do.

Adrian Lamo, a 22-year-old hacker from Sacramento, always viewed his hacking habit as harmless at worst and helpful at best. If he has a chance to inform people about a security flaw in a company's internal network, he considers the disclosure a form of public service.

Lamo says he can't help it. He just starts wondering, then he looks for holes in a company's infrastructure, and he's in.

"When I'm curious about something, it's difficult to not seek out security problems," he said.

Working sporadically during long nights in Kinko's copy shops two years ago, Lamo used his battered Toshiba laptop computer to burrow deep into WorldCom Inc.'s internal networks. By the time he was done, he could have redirected the phone giant's employee paychecks to his own account or shut down the system of WorldCom customer Bank of America Corp.

Lamo did neither.

Instead, he recounted his exploits to a hacker turned journalist at SecurityFocus.com, a Web site devoted to tracking hacks, holes and fixes. SecurityFocus then called WorldCom executives and told them Lamo was happy to answer any of their questions. After Lamo showed WorldCom what he had done and how to prevent it from happening again, the company publicly thanked him for improving its security.

Part of Lamo's creed is a refusal to take financial advantage of anything he finds. The biggest compensation he's ever accepted from a company he's broken into, he said, was a bottle of water.

Chris Wysopal used to feel the same way when he worked at an outfit known as the L0pht, a band of security enthusiasts in a Boston apartment strewn with spare computer parts salvaged from area trash bins.

Claiming a dedication to telling software buyers the unvarnished truth, the L0pht crew published free security warnings on its Web site and in e-mail newsletters. Those warnings often were accompanied by programs to help people test whether their computers were vulnerable to attack.

In Wysopal's view, hacker etiquette didn't require him to give software makers advance warning before publishing his discoveries  even though his reports could aid the unscrupulous. Without the threat of public exposure and the fear that malicious hackers would use the newfound information, he figured, software makers wouldn't have incentive to make fixes in a timely manner.

"They dealt with security like a feature request  they would get around to it in the next version," Wysopal said.

The shaming tactics started working, so well that by 1999, Wysopal was forced to reconsider what constituted appropriate hacker behavior.

After the L0pht publicized a problem with a piece of Microsoft Corp. software for server computers, the company responded that it would have been happy to fix the mistake if only it had been given the chance. Instead, Microsoft had to race to develop a fix and get it to customers in time to head off an assault.

End to Free-for-All

Wysopal, along with a great number of his fellow hackers, realized the days of the free-for-all should end. It was no longer morally defensible to tell malicious teens how to hurt firms and their customers before they had the tools to defend themselves. Now he works with software makers to develop patches before blowing the whistle.

"It isn't as much fun," said Wysopal, who helped the L0pht morph into a computer security company called @stake Inc. "But if we publish right away, we are really arming the bad guys."

For other hackers, proper etiquette is dictated by the pursuit of money.

The most direct angle is simply to tell the software company there's a bug, then request a fee to explain it.

"If I come up with a vulnerability and I inform the source that I've discovered it, but I say, 'Would you mind paying me $5,000 to help you close it?' from my perspective that's a very reasonable request," said Bob Weiss, president of Password Crackers Inc. in North Potomac, Md., which helps companies recover information hidden on their machines.

But what looks like a reasonable request to a hacker is often perceived as extortion by the company being asked to shell out. That's how one California software firm reacted after it heard from a hacker who had found a hole in its Web-messaging system and offered to explain it  for $10,000.

"The company got pretty mad," said Jennifer Granick, a cyber law specialist at Stanford University who represented the hacker in 2000. "It's very difficult for some cocky 18-year-old kid to approach a company without it feeling threatened." After Granick smoothed things over, the company agreed not to press charges.

There's also the loss-leader approach. After identifying a problem and explaining it, many hackers offer to look for additional glitches in exchange for a consulting fee.

Even that strategy backfired on a Boxboro, Mass., security group called SnoSoft. In 2002, SnoSoft researchers found a hole in a version of the Unix operating system made by Hewlett-Packard Co. The hackers told HP they would explain it for free, but they also asked to be paid for additional work.

"We made it clear we wouldn't charge [for the initial bug], because that would be extortion," SnoSoft co-founder Adriel Desautels said.

HP declined to offer SnoSoft a contract. Instead, the company threatened to sue under the Digital Millennium Copyright Act of 1998, which prohibits some attempts to tinker with programs to see how they work.

To computer security experts  including some inside HP  that threat amounted to a gross violation of etiquette on the part of HP. The company backed down and recently said it would never use the digital copyright law to stifle research. The Palo Alto computing giant declined to discuss the SnoSoft case.

For a few hackers, there is only one principle that matters: Do as much damage as possible.

That may have been the goal of a group of Chinese hackers who reverse-engineered a patch designed to fix a devastating hole in most versions of Microsoft's Windows operating system for PCs and servers. Within days, the hackers published a program to seize control of unsuspecting computers, which was used by others in the Blaster worm attack this summer.

Counterattacks Increase

With malevolent programs on the rise, large software companies are trying to get a handle on the problem. A consortium of software giants including Microsoft and Oracle has joined with security firms such as Symantec Corp. to formalize the etiquette of hacking so that software makers have time to patch holes before they are disclosed to the world at large.

The rules proposed by the new Organization for Internet Safety would give companies a month or so to develop and distribute a patch. Then another month is supposed to elapse before the hacker can disclose any details about the problem that the patch was designed to fix.

But hackers say they are unlikely to sign off on the rules, especially because they would neutralize the biggest weapon in their arsenal  the threat of public exposure.

In the meantime, companies that find themselves victimized by hackers are stepping up their counterattacks.

The New York Times wasn't amused when Lamo, the hacker who helped WorldCom beef up its network security, bragged to SecurityFocus that he had wriggled into the newspaper's computers.

Once inside, Lamo perused records of contributors to the paper's Op-Ed page (including the Social Security numbers and home phone numbers of former heads of state), conducted database searches using the paper's Lexis-Nexis account and added himself to a list of expert sources on hacking.

Unlike WorldCom, the New York Times called the FBI. In September, federal prosecutors in New York charged Lamo with the electronic equivalent of breaking and entering.

Out on bail, Lamo said he had no regrets about the way he hacked.

"I always knew that the things I did could have consequences," he said.
*******************************