Clips December 10-12, 2003

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips December 10-12,
2003

ARTICLES

Police Captain Accused of Bootleg DVD Sales
Overstock.com backs off claim of millions of addresses stolen
French PM calls for international rules to govern Internet
UK Brings in Laws to Fight Junk Email
Florida man pleads guilty in porn case
Growing concern over India's e-waste
Electronic voting no magic bullet
Rep. Putnam keeps pressure on vendors for better security
Men Face Charges Under Spam Law


*******************************
Los Angeles Times
Police Captain Accused of Bootleg DVD Sales
By Richard Winton and Monte Morin
December 10, 2003

Just days after Los Angeles Police Chief William J. Bratton pledged a
crackdown on motion picture piracy, department investigators on Tuesday
helped arrest an LAPD captain suspected of selling bootleg 
DVDs.

Julie D. Nelson, a decorated patrol captain and a 28-year veteran of the
Los Angeles Police Department, was arrested at the Hollywood station
following a sting operation in which she allegedly sold counterfeit film
titles such as "The Cat in the Hat" to undercover officers.

Authorities said they recovered hundreds of suspected bootleg DVDs from
her home in Orange County and from a friend's home in Torrance. Officials
said they also recovered recording equipment at the home in
Torrance.

"The message here is, it does not matter what rank you are. If you
break the law, we will come after you," said Assistant Chief Jim
McDonnell at a news conference after the arrest.

Nelson, who commanded the department's Harbor Division until early this
year, was booked on suspicion of possessing and selling counterfeit
merchandise and for failing to disclose the origins of a recording, both
felonies. Nelson, 52, has been suspended with pay pending further
investigation, McDonnell said. 

Although LAPD internal affairs officers arranged the sting operation,
Nelson was arrested by police officers from La Palma, where she lives.
McDonnell said Nelson would be prosecuted by the district attorney of
Orange County.

Officers began investigating Nelson after receiving a tip. They arranged
to purchase DVDs from her at an Orange County business Saturday, before
Nelson attended the Hollywood station's annual Christmas party, McDonnell
said. He said it does not appear that Nelson sold DVDs at the Hollywood
station, and it was unclear how long she might have been selling
DVDs.

"She sold to people with whom she had personal relationships and
people she knew," McDonnell said. Another police source described
the movies recovered at her home as recent blockbusters. "You name
it, she had it, whatever was hot," the source said. 

The DVDs that were seized will be examined by the Encino-based Motion
Picture Assn. of America, which has called for heightened enforcement of
anti-piracy laws and launched a campaign to discourage the theft of
movies.

Earlier this year, Nelson was shifted from the head of the Harbor
Division to the No. 2 slot in Hollywood. Her new duty as a patrol captain
was widely viewed as a reduction in authority. 

A graduate of Cal State Fullerton, Nelson spent much of her career as an
investigator, particularly of rapes and domestic violence.

She has been considered a pioneer in investigative methods. In 1994, she
established one of the first emergency response programs for victims of
domestic violence and served as the head of Robbery Homicide Division's
rape unit.



At a news conference Friday, Bratton joined Los Angeles County Sheriff
Lee Baca, City Atty. Rocky Delgadillo and movie industry executives on
the steps of Los Angeles City Hall to announce efforts to combat movie
piracy. 

Among other initiatives, Bratton told reporters then that he personally
would keep an eye out for movie pirates and that his department would
instruct movie theater employees on how to make a citizen's arrest if
they found someone illegally taping a film with a camcorder.
*******************************
USA Today
Overstock.com backs off claim of millions of addresses stolen
12/9/2003 7:16 PM

SALT LAKE CITY (AP)  Overstock.com has retrenched on its claim that
3 million customer e-mail addresses had been stolen, and now puts the
number in the dozens. 
A company spokesman stood by the lawsuit filed Friday against an employee
and her husband and said Monday that the large number of addresses
mentioned in the suit was an attempt to leave the door open should an
investigation reveal more damage was done than the company now believes.

The Salt Lake City-based company sells other companies' excess
inventories at discounted prices over the Internet. 

Rachelle and Jeffrey Knight were named in the 3rd District Court suit. It
alleged they had "unlawfully (collected) more than 3 million
customer e-mail addresses" from the company's customer lists and
sold them to companies that send unsolicited advertising e-mails.

Public relations director Scott Blevins now says there probably were only
"a few dozen" addresses involved, but it is possible more were
taken. 

The Knights and their attorney, Lauren Scholnick, say the accusations
came "out of the blue" and may amount to nothing more than a
public relations stunt on the company's part. 

"This case has absolutely no basis," Scholnick said. 

Rachelle Knight, 31, who was a programmer of four years at Overstock.com,
said she was caught off guard when she was fired Friday and told of the
allegations. 

"Over and over I said, 'We did not do this,' " she said.
"It was a terrible experience to be pulled in ... and told we were
accused of these unethical things." 

She said she never even worked from her home computer. 

"We make it a point to leave work at work," Jeffrey Knight, 33,
said. "We were just blown away by the whole idea of it."

But when Rachelle Knight went home Friday after being fired, she was met
by a constable, two company lawyers and a company representative. The
constables confiscated the Knights' personal computer. 

Jeffrey Knight worked in merchandising for the company from January 2001
until he was let go in a general layoff in April 2003. 

Scholnick said the lawsuit smells of a publicity stunt, that "this
might be a complete scapegoating of these two people" to create the
appearance the company is actively fighting to protect customer privacy.

"We are taking aggressive and proactive action," Blevins said.
"But it isn't for the sake of (public relations). It is for the sake
of protecting our customers and the company." 

The suit claimed that two employees discovered that the Knights had
accessed the company's computer network via remote access. In recent
weeks, Overstock.com has received "a significantly increased"
number of patron complaints about junk e-mail, the suit said. 

Many of the patrons had set up separate e-mail accounts exclusively for
Overstock.com use, pointing to the company's customer information bank as
the source of their leak to advertisers, the suit said. 
*******************************
Associated French Press
French PM calls for international rules to govern Internet
Wed Dec 10, 3:10 PM ET

GENEVA (AFP) - French Prime Minister Jean-Pierre Raffarin called for
"international rules" overseen by the United Nations (news -
web sites) to govern the Internet. 


"The information society offers new opportunities, but like all new
technological revolutions it also brings uncertainty," Raffarin told
the UN-sponsored World Summit on the Information Society, the world's
first such meeting. 


"It calls on us to establish international rules, which citizens can
rely on," said the premier. 


"For France, the UN is the major source of international rights,
which must ensure peace and development. That also concerns the
information society," he insisted. 


According to Raffarin, these international rules must cover technical
questions -- such as the attribution of web addresses and management of
domain names -- as well as the protection of intellectual property.


This would guarantee "network security" and "deal with
content while respecting freedom (of _expression_)." 


The United States and other countries argue that governance of the
Internet should be left in private hands, namely the California-based
Internet Corporation for Assigned Names and Numbers (ICANN (news - web
sites)).
*******************************
Reuters Internet Reports
UK Brings in Laws to Fight Junk Email
Thu Dec 11, 1:10 AM ET

LONDON (Reuters) - New Internet laws come into force in Britain Thursday
aimed at combating junk emails sent to unsuspecting users promising
anything from a better sex life to untold riches.


Companies will be prevented from sending unsolicited emails to
individuals and will be prevented from tracking which web sites Internet
users look at without informing them first. 


But the new legislation which allows fines of up to 5,000 pounds to be
made against companies sending spam mail has already being criticized as
too weak. 


Mass emails sent to corporate emails will be allowed which is likely to
lead to confusion over the rules. 


"The whole problem with these laws is that they are geared to
spammers being honest and respecting laws. And of course there are no
honest spammers -- the whole profession is based on deceit," Steve
Linford, founder of anti-spam organization The Spamhaus Project said
earlier this week. 


Linford said the 5,000 pounds fine was too law. 


"This is a bargain for spammers," said Linford. "Some of
them make 20,000 to 30,000 pounds per week." 


Unwanted messages now account for at least half of all emails.
*******************************
USA Today
Florida man pleads guilty in porn case
Posted 12/11/2003 3:32 AM

NEW YORK (AP)  A Florida man pleaded guilty in federal court
Wednesday to charges that he used misspelling or variations of well-known
Web sites to direct minors and other unwitting users to pornographic
content. 
Briefly sobbing after he entered the courtroom, John Zuccarini, 56, of
Hollywood, Fla., entered his plea before U.S. District Judge Michael B.
Mukasey on Wednesday in Manhattan. 

Zuccarini admitted to 49 counts of using domain names to direct minors to
nudity or sexually explicit content, each punishable with up to four
years in prison and a $250,000 fine. The charges cover a four-month
period this year, following the passage of the Truth in Domain Names Act,
which took effect in April. 

He also pleaded guilty to one count of possession of 12 images of child
pornography on his laptop, which carries a maximum sentence of 10 years
in prison and a $250,000 fine. 

As part of plea agreement with prosecutors, the U.S. Attorney's Office
has recommended that Zuccarini face a sentence of 30 months to 37 months,
or about three years. Sentencing is scheduled for Feb. 20. 

Zuccarini, who owned at least 3,000 Internet addresses, was arrested in
September at a Hollywood, Fla., hotel, where he had lived for about 10
months. (Related story: Feds arrest Florida man in online porn
scheme)

Prosecutors said many of the Internet addresses he owned resembled Web
sites of interest to children. One example was
www.dinseyland.com.

Other well-known companies with Web addresses mimicked by Zuccarini's
sites include Yahoo, Time Warner's America Online division and Dow Jones
& Co., publisher of The Associated Press and The Wall Street Journal.

Prosecutors said Zuccarini made between 10 cents and 25 cents for every
viewer led to pornographic sites he worked with. He earned as much as $1
million annually, according to the U.S. attorney. 
*******************************
BBC Online
Growing concern over India's e-waste
Friday, 12 December, 2003, 09:23 GMT

Mountains of e-waste - discarded parts of computers, mobile phones and
other consumer electronics equipment - are quietly creating a new
environmental problem in India. 
Thirty million computers are thrown out every year in the US alone, and
many are dumped in India and China. 

Some 70% of the heavy metals in landfills come from electrical equipment
waste. 

Now concerns are being raised on the impact the dumping - particularly
evident in India's computer heartland, Delhi - is having on both the
country's environment, and its people. 

"The problem is that these computers, which are quite old, have a
lot of toxic material in them," Ravi Agraval, leader of campaign
group Toxic Links, told BBC World Service's One Planet programme.

"They have things like mercury, lead, flame retardants, and
PVC-coated copper wire. 

"When you try and extract or recondition these computers you release
these heavy metals and these chemicals. These are disasters for the
environment." 

Recycling 

E-waste heads to India, China and Bangladesh because computer
"recycling" is a good business, with much money to be made.

Computer recycling involves employing people to strip down the computers
and extract parts that can be used again in machines to be sold on the
high street. 

The rest is then burned or dumped, both of which are potentially highly
hazardous to the environment. 

"The process of extraction uses all kinds of chemicals, like acids -
which then get dumped into the soil and go into the groundwater," Mr
Agraval said. 

"When you burn things like PVC-covered copper wire, you have
emissions of very toxic chemicals like dioxins, which get released into
the local environment." 

There are also fears that the recycling process, an unregulated industry
in India, is also very harmful to the health of those employed to do it.

In particular, the job involves exposure to a number of toxic chemicals
both as part of the recycling process and within the computers
themselves. 

"The people actually doing the brunt of the recycling are people on
less than half a dollar a day - women and children working in very
shanty-like, disastrous, inhuman conditions," Mr Agraval said.

"For them, it's the difference between poison and a
livelihood." 

He added that a health survey had shown that recyclers regularly suffered
from complaints such as respiratory diseases and skin rashes. 

"It's difficult to say when you're in that state of poverty what
really affects what, but certainly they are people on the edge, and any
such exposure can't be doing them any good." 

Brand change 

Such complaints have led to calls for regulation on the way computers are
recycled, including workers potentially having to wear masks. 

Mr Agraval emphasised that change needed to come from brands, which could
instruct their suppliers to be more environmentally friendly. 

The brands could also change some of the components in their own
products, he said.

In Europe, manufacturers will have to eliminate such harmful substances
inside the machines by 2006. 

Some companies have already been offering to take back and recycle the
computers themselves. 

"Today, consumers are approaching us to take [the computer] in, but
in the future with the new legislation, they will be able to dispose of
it at the local municipality waste site," said Klaus Hieronymi, from
Hewlett Packard's European Environmental Programme. 

"The industry will have to organise that it is picked up there and
put into the right recycling process." 

He said that Hewlett Packard was also attempting to reduce the levels of
cadmium and mercury in its products in preparation for the legislation,
which comes into force on 1 January 2006. 

Almost half of one range now did not contain a mercury lamp, he said.

Little money 

Meanwhile in India, Mahinder Agowal, who represents the All Delhi
Computer Traders Association, said that the risk to employees who
recycled computers was relatively small. 

"Out of the 2,000 shops most are in a good condition," he
argued. 

"Only some - very few - are in a bad condition. That happens in any
market. 

"If you go to a cigarette shop you wouldn't expect it to be in a
good condition, so I feel most of the shops are fine." 

However, one recycling shop visited by One Planet reporter Richard
Hollingham - and credited by Mr Agowal's organisation - was clearly
cramped with strong-smelling chemicals in the air. 

Mr Agowal defended his organisation's members, arguing that many of them
had set up business with very little money. 

"Each will conduct business according to his own resources," he
said. "We can't interfere with that."
*******************************
CNN Online
Electronic voting no magic bullet
Specialists seek input of academia, technology, election officials
By Marsha Walton
CNN
Friday, December 12, 2003 Posted: 6:38 AM EST (1138 GMT)

GAITHERSBURG, Maryland (CNN) -- After the debacle of the dimpled ballots
and "hanging chads" of the 2000 presidential race, many
election officials looked to technology to come to their rescue.

They rushed to buy new, high-tech electronic voting equipment, expecting
features such as touch screens to prove more reliable than older systems'
punch cards. 

But at a sometimes boisterous meeting of election officials, computer
scientists and voting machine vendors this week in the Washington suburb
of Gaithersburg, it seems clear that technology will not solve all.

Several well-publicized flaws in "e-voting," or electronic
voting, systems have not led to improvements, said Harvard University
computer professor Rebecca Mercuri. 

"When such problems are exposed, no one appears to be held
accountable," Mercuri said. 

"Officials are not removed from their posts, fired or sent to trial;
vendors are not banned from participation; equipment is not recalled;
standards are not rewritten; and elections are not re-held," she
said. 

For example, strange flaws, she said, occurred this year in California,
Virginia and Indiana. 

The gathering at the National Institute of Standards and Technology
illustrates that testing, certifying and implementing new voting
technology takes place in a kind of multilevel, bureaucratic maze.

A measure called the Help America Vote Act of 2002, known as HAVA, was
passed after the Bush-Gore race of 2000 turned into such a spectacle.

But getting the most accurate, secure and budget-friendly voting
equipment is not just a matter of having an army of scientific experts at
the NIST gathering set the standards. NIST, a part of the U.S. Commerce
Department, doesn't have the authority to enforce any of its guidelines.

"I want to stress that NIST is a nonregulatory agency, and we
recognize that our role is limited," said Arden Bement, NIST's
director, as he addressed those attending the meeting titled
"Building Trust and Confidence in Voting Systems." 

And it's not always pretty. 

"Quite often, standards development begins as a highly contentious
process because people represent a variety of interests," Bement
said. 

Colorado Secretary of State Donetta Davidson stressed the human side --
rather than just the technological challenges -- of improving voting
systems. 

She said the average age of her poll workers and election judges is about
70. And no matter how good the equipment is, those people have to make it
work. 

"We need to develop a team [that brings together] the scientists and
the common people," said Davidson, who is also the treasurer of the
National Association of Secretaries of State. 

"I would like everybody that is one of these scientists to be an
election judge and help in running an election so they'd know and
understand it, and I think that would help." 

Other election officials appear a little more optimistic. 

Tom Wilkey of the National Association of State Election Directors said
U.S. voters should have a basic trust in the election system. 

"I think they should be very confident. No one wants to fail. What
NIST brings to the table is the ability to bring the very best in
academia, technology and elections to work together," Wilkey said.

Electronic voting machine vendors are vocal in asserting that their
systems are secure. 

"In order to allay some fears, we have developed a paper-receipt
printer that goes with these machines that is completely 'retrofit-able'
to our machines," said Russell Huffman of Sequoia Voting Systems.

Federal legislation has been introduced to make a paper trail a mandatory
part of every electronic voting machine, as a backup to technology and
another tool to ensure accuracy. 

To help deal with some harsh criticism about e-voting concerns, some
vendors have decided to come up with their own working group, known as
the Election Technology Council. The six vendors will work with the
Information Technology Association of America to address issues of
security and ethics. 

But don't look for a lot of changes and upgrades during the 2004
presidential election. Change comes slowly in these multiple levels of
government. 

"Really, it's going to be 2006 before we see any really updated
equipment with updated standards," said Harvard's Mercuri.
*******************************
Computerworld
Rep. Putnam keeps pressure on vendors for better security

He held out the threat of cybersecurity legislation if they don't act

Story by Dan Verton 

DECEMBER 11, 2003 ( COMPUTERWORLD ) - WASHINGTON -- Legislation that
would require publicly traded companies to conduct independent security
audits and detail the results in their annual reports could be revived as
early as next spring if a special vendor task force fails to produce a
viable alternative. 
That was the message this week from Rep. Adam Putnam (R-Fla.) after the
release of his subcommittee's annual report on government cybersecurity
efforts (see story). Putnam, chairman of the House Government Reform
Subcommittee on Technology, failed in his attempt to introduce the
legislation last month and instead formed the task force. 

Most federal agencies received low grades from the subcommittee for
failing to protect their computer networks from hackers and other
cybercriminals. In a detailed statement after the report was released
Tuesday, Putnam blamed the poor state of cybersecurity equally on
government and corporate users and on the IT vendor community. 

"While some burden is on the shoulders of the user, I feel strongly
that a significant burden falls on the shoulders of the hardware,
software, operating system manufacturers and ISPs," he said.
"These entities until recently have paid insufficient attention to
educating consumers as to the importance of security. While billions of
dollars have been spent to advertise the benefits of products, such as
speed and ease of use, the security component has been neglected."

Putnam also called for the software developer community to deliver
software that is "secure out of the box," with all security
settings turned on by default. And he wants the vendor community to
improve the quality of products being sold in the marketplace, with a
specific focus on built-in security features and patch management.
Legislation may be required to make automated patch distribution
available to all users of all products, he said.

"While software is certainly complicated, with millions of lines of
code, there are just some basics that clearly aren't being
addressed," he said, citing estimates by the National Institute of
Standards and Technology that software bugs and errors cost the U.S.
economy $59.5 billion per year. "If the industry doesn't act,
Congress will be forced to." 

Last month, Putnam tabled the Corporate Information Security
Accountability Act of 2003, after, in his words, "numerous companies
and associations approached me and asked if we, Congress, would provide
the private sector a chance to do this on their own without government
regulation"(see story). 

As a result, Putnam formed the Corporate Information Security Working
Group, including representatives from the Information Technology
Association of America, the Business Software Alliance, the Business
Roundtable, the SANS Institute and the U.S. Chamber of Commerce. So far,
the members of the working group have met twice in an effort to come up
with a set of information security best practices and guiding principles
that could be adopted voluntarily by the private sector. 

"I'm hopeful that we can reach a successful conclusion by later
winter or early spring," said Putnam. 

"The time for action is now. The time for talk has passed,"
said a senior aide to Putnam. "It's time to coalesce around an
action plan, and all of the people who have accountability need to be a
part of that plan." 

Speaking Dec. 3 at the inaugural U.S. Department of Homeland Security's
National Cybersecurity Summit in Palo Alto, Calif., Amit Yoran, director
of the National Cybersecurity Division at the DHS, acknowledged that
there are serious "questions we face in software reliability."

Art Coviello, president and CEO of RSA Security Inc. in Bedford, Mass.,
said in an interview on that same day that the "obligation"
already exists in the vendor community to ensure the security and
integrity of the Internet, but he argued that regulation isn't needed.

"Companies aren't going to use the Internet if it's unsafe,"
Coviello said. "It's incumbent upon the technology companies to
start that process." 
*******************************
Los Angeles Times
Men Face Charges Under Spam Law
 From Reuters
December 12, 2003

Virginia authorities said Thursday that they had arrested and charged a
North Carolina man for allegedly sending unwanted e-mail, in the first
use of a new state anti-spam law that could bring penalties of 20 years
in prison. 

Virginia Atty. Gen. Jerry Kilgore said Jeremy Jaynes was arrested
Thursday in Raleigh, N.C., and charged with four counts of using
fraudulent means to transmit spam. Kilgore also said officials were in
negotiations for the surrender of a second man, Richard Rutowski, on the
same charges. 

Jaynes and Rutowski are charged with violating limits on the number of
messages a marketer can send and with falsifying routing information.
Both acts are illegal under a Virginia law that carries penalties of one
to five years in prison and fines of as much as $2,500 on each count.

Virginia officials charged that the two men sent more than 100,000
messages in a 30-day period this summer touting penny stocks, low
mortgage rates and software to erase Internet browsing records. 

Anti-spam group Spamhaus said Jaynes ranks as the eighth-worst spammer in
the world. Neither Jaynes nor Rutowski could be reached for comment.

Although the suspects are based in North Carolina, Virginia is asserting
jurisdiction because the pair sent messages through computers located in
the state. 

About 50% of the world's Internet traffic passes through Virginia, home
to big companies such as Time Warner Inc.'s America Online unit and
WorldCom Inc.

Spam has grown from a minor annoyance to a major threat to the stability
of the Internet, experts say. It makes up more than half of all e-mail
traffic. AOL blocks as many as 2.4 billion spams each day, a company
spokesman said. 

At least 36 states have some sort of spam law on the books, and President
Bush is expected to sign the first national measure into law as early as
next week. 

Internet service providers including AOL and EarthLink Inc. have sued
spammers for damages, and New York Atty. Gen. Eliot Spitzer charged a
Buffalo man this year with violating identity theft and forgery laws for
allegedly sending spam. That charge could carry as many as seven years in
prison.
*******************************