Clips January 20, 2004

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips January 20,
2004

ARTICLES

Rural Broadband Program Escapes Axe 
Northwest Gave U.S. Data on Passengers
Microsoft takes on teen over domain name
Job losses slow in Silicon Valley, report says
Sears plans to outsource part of IT infrastructure
FBI gets new acting CIO from Justice 
Tiny Louisiana towns still get by without telephone service
Going Upstream to Fight Spam  
*******************************
Washington Post
Rural Broadband Program Escapes Axe 
Monday, January 19, 2004; 12:00 AM 

A program created to speed the rollout of high-speed Internet services to
the most remote reaches of the United States will survive for another
year after nearly being cut in half by Congress.

In the rush to pass a 2004 budget, congressional appropriators followed
the Bush administration's advice to provide approximately $350 million in
rural broadband loans in 2004, half the $700 million that was previously
authorized for the Rural Utilities Service (RUS) program. Most of the
funding was restored only after a group of technology companies and more
than 60 lawmakers protested the reduction.

Included as part of a $190 billion farm bill passed two years ago, the
RUS program allows the Agriculture Department to award up to $700 million
a year in loans for companies that provide broadband service to rural
areas. It awarded $63 million in loans and fielded $1 billion in loan
applications during 2003. The program calls for up to $700 million to be
distributed annually through 2005, and up to $350 million in 2006 and
2007.

According to a Federal Communications Commission report issued last
month, rural areas lag far behind their urban counterparts in getting
high-speed Internet connections. There were broadband subscribers in 99
percent of the most densely populated zip codes as of 2003, but only in
69 percent of the most thinly populated areas.

The lag is due in part to the fact that companies providing Internet
access to far-flung communities spend higher amounts of money to build
their networks, and the return on that investment is less than that
achieved by providers serving urban communities with potentially larger
numbers of subscribers. The RUS loans are geared toward smaller companies
-- including many that use wireless technology to serve rural customers.
Companies serving more than 2 percent of the telephone lines in the
United States are ineligible for the loans.

When Congress first moved to cut the RUS program, Rep. Rick Boucher
(D-Va.) wrote to appropriators urging the program to be
restored.

"The fact that the administration would propose those cuts is a sign
that economic development and community advancement domestically [have]
now taken a back seat to other priorities," said Boucher, who
represents the extreme southwestern portion of Virginia, a mostly rural
district.

Private companies that manufacture equipment for broadband providers,
including 3Com, Cisco Systems and Nortel Networks, also weighed in,
saying the lower funding level for RUS would stunt the rural broadband
rollout rate.

Congress ultimately moved the 2004 funding level up to $602 million after
two senators representing rural northern states -- Sens. Conrad Burns
(R-Mont.) and Byron Dorgan (D-N.D.) -- pushed for the increase.

An aide on the House Appropriations Committee said the original move to
cut the program was tied to the Agriculture Department's problems with
doling out the loans.

"All of our members are on board," the aide said. "They
like the program, they think it's a good program, but right now USDA is
having a hard time rolling out the current [loans]." 

When the Appropriations Committee set the funding levels, the department
had handed out a tiny fraction of the more than $1 billion in loans that
they were cleared to offer, the aide said.

Claiborn Crain, an Agriculture Department official, said that the
administration wants "to make sure the loans we make are good
loans."

"You've got to do the due diligence," he said. "A lot of
the companies coming in are new borrowers or start up companies. ... We
want to get some of these loans out and see how they work and get our
next step down the road, but you've got to walk before you can
run."

The RUS program's close call in 2004 is a lesson to businesses to keep a
vigilant eye on lawmakers anxious to cut any programs that are not
securely nailed down, said Stan Fendley, director of legislative and
regulatory policy for Corning, a major producer of the fiber-optic cable
used for broadband connections. "These are tight budgetary times and
people are looking to reduce outlays everywhere they can."

-- David McGuire, washingtonpost.com Staff Writer
*******************************
Washington Post
Northwest Gave U.S. Data on Passengers 
Airline Had Denied Sharing Information For Security Effort 

By Sara Kehaulani Goo
Washington Post Staff Writer
Sunday, January 18, 2004; Page A01 


Northwest Airlines provided information on millions of passengers for a
secret U.S. government air-security project soon after the Sept. 11,
2001, terrorist attacks, raising more concerns among some privacy
advocates about the airlines' use of confidential customer data.

The nation's fourth-largest airline asserted in September that it
"did not provide that type of information to anyone." But
Northwest acknowledged Friday that by that time, it had already turned
over three months of reservation data to the National Aeronautics and
Space Administration's Ames Research Center. Northwest is the second
carrier to have been identified as secretly passing travelers' records to
the government.

The airline industry has said publicly that it would not cooperate in
developing a government passenger-screening program because of concerns
that the project would infringe on customer privacy. But the
participation of two airlines in separate programs demonstrates the
industry's clandestine role in government security initiatives.

In September, JetBlue Airways said that it turned over passenger records
to a defense contractor and apologized to its customers for doing
so.

Northwest said in a statement Friday that it participated in the NASA
program after the terrorist attacks to assist the government's search for
technology to improve aviation security. "Northwest Airlines had a
duty and an obligation to cooperate with the federal government for
national security reasons," the airline said.

The carrier declined to say how many passengers' records were shared with
NASA from the period offered, October to December 2001. More than 10.9
million passengers traveled on Northwest flights during that time,
according to the Transportation Department.

NASA documents show that NASA kept Northwest's passenger name records
until September 2003. Such records typically include credit card numbers,
addresses and telephone numbers. 

NASA said it used the information to investigate whether "data
mining" of the records could improve assessments of threats posed by
passengers, according to the agency's written responses to questions. At
the time the agency also was exploring other possible projects aimed at
improving air security, it said. NASA said no other airlines were
involved in the project and that it did not share its data with other
parties. The agency said it did not pay for the data.

Northwest said it did not inform any passengers that it shared data with
NASA. It also said it did not believe that the data sharing violated its
privacy policy. 

"Our privacy policy commits Northwest not to sell passenger
information to third parties for marketing purposes," the company
said in its statement Friday . "This situation was entirely
different, as we were providing the data to a government agency to
conduct scientific research related to aviation security and we were
confident that the privacy of passenger information would be
maintained."

The carrier tells passengers visiting its Web site that "when you
reserve or purchase travel services through Northwest Airlines nwa.com
Reservations, we provide only the relevant information required by the
car rental agency, hotel, or other involved third party to ensure the
successful fulfillment of your travel arrangements."

The disclosure of Northwest's participation in the NASA project comes
just four months after JetBlue's admission of involvement in a secret
security project conducted by the Defense Department. JetBlue conceded
that it violated its privacy policy when it turned over records on 1.1
million passengers. JetBlue is being sued by passengers in class-action
lawsuits.

The Northwest and NASA documents were released in response to a Freedom
of Information Act request filed by the Electronic Privacy Information
Center, a nonprofit organization that advocates privacy rights and open
government. The organization, which provided the documents to The
Washington Post, said it plans to take legal action this week in an
effort to force the government to disclose more information about NASA's
secret security project and to investigate Northwest's actions.

"We strongly believe aviation security programs should be developed
publicly," said David L. Sobel, general counsel for the group.
"While the airline in this case might have thought the action
appropriate, the public at large sees it as a serious violation of
personal privacy."

Northwest's sharing of information with the government could have
implications in the European Union, where officials have balked at
providing passenger data to the U.S. Transportation Security
Administration as part of that agency's computer passenger-screening
program, known as CAPPS II. The EU has said that turning over passenger
records to the TSA would violate its privacy laws.

NASA officials did not seem concerned about potential privacy violations
until last fall, when JetBlue's cooperation with the Pentagon was
disclosed. 

In an e-mail written on Sept. 23, 2003, to Northwest's security manager,
a NASA official indicated that he wanted to return the airlines'
passenger data, which was stored on compact discs. 

"As you probably have heard by now, our 'data mining for aviation
security' project did not receive any FY2003 funds. My interpretation is
that NASA management decided that they did not want to continue working
with passenger data in order to avoid creating the appearance that we
were violating people's privacy," NASA engineer Mark Schwabacher
wrote to Northwest Airlines security manager Jay Dombrowski. "You
may have heard about the problems that JetBlue is now having after
providing passenger data for a project similar to ours."

In its written responses, NASA said it terminated the program in late
2002 because data mining was not a "viable line of
investigation." 

The e-mail to Northwest included a link to a news report about the
JetBlue matter.

On the same day as the NASA e-mail, news media quoted Northwest officials
responding to the JetBlue incident. "We do not provide that type of
information to anyone," Northwest spokesman Kurt Ebenhoch was quoted
as saying in the New York Times on Sept. 23.

An article in the following day's St. Paul (Minn.) Pioneer Press said:
"Northwest Airlines will not share customer information, as JetBlue
Airways has, Northwest chief executive Richard Anderson said Tuesday in
brief remarks after addressing the St. Paul Rotary."

The Electronic Privacy Information Center said it originally filed a
Freedom of Information Act request in 2002 with the TSA as part of an
effort to obtain details of CAPPS II development. The TSA responded to
the request by providing NASA documents that indicated NASA was involved
with the "data mining" system with Northwest Airlines. The
CAPPS II system, scheduled to be introduced this summer, seeks to
identify all U.S. passengers using commercial databases and then rate the
security risk posed by each passenger. 

The Electronic Privacy Information Center and other privacy advocates
have argued for years that CAPPS II is being developed under strict
secrecy and they believe that plans disclosed so far violate personal
privacy.

The organization said it plans to file a complaint about the Northwest
incident this week with the Transportation Department, which oversees the
airline industry's compliance with rules guarding private consumer
information.

The group said it also plans to sue NASA in U.S. District Court in San
Jose this week, because, the organization said, the space agency did not
disclose enough information in its response to the FOIA 
request.

The group seeks to know more about the NASA program, including whether
the agency shared the information with other parties and whether any
other airlines were involved.

"There doesn't seem to be a classic space exploration endeavor
here," said Barry Steinhardt, director of the American Civil
Liberties Union's technology and liberty program.

The TSA has said it is developing CAPPS II to better identify people who
might be terrorists. But the program will also be used by law enforcement
officials to identify and question people suspected of violent crimes.

Steinhardt said the Northwest and JetBlue incidents provide people with
another reason to be wary about CAPPS II. "What this makes plain is
that we cannot believe the assurances we've received that this passenger
data will only be used for limited purposes," he said.
"Inevitably, it will leak out for other uses."

Researcher Margaret Smith contributed to this report.
*******************************
USA Today
Microsoft takes on teen over domain name
Posted 1/19/2004 5:32 PM

VANCOUVER, British Columbia (AP)  Mike Rowe thinks it's funny that
his catchy name for a Web site design company sounds a lot like
Microsoft. 
The software giant, however, is not amused. 

"Since my name is Mike Rowe, I thought it would be funny to add
'soft' to the end of it," said Rowe, a 17-year-old computer user and
Grade 12 student in Victoria, British Columbia. 

Microsoft and its attorneys have demanded that he give up his domain
name, the Vancouver Province newspaper reported Sunday. 

Rowe registered the name in August. In November, he received a letter
from Microsoft's Canadian lawyers, Smart & Biggar, informing him he
was committing copyright infringement. 

He was advised to transfer the name to the Redmond, Wash.-based
corporation. 

"I didn't think they would get all their high-priced lawyers to come
after me," Rowe said. 

He wrote back asking to be compensated for giving up his name.
Microsoft's lawyers offered him $10 in U.S. funds. Then he asked for
$10,000. 

On Thursday, he received a 25-page letter accusing him of trying to force
Microsoft into giving him a large settlement. 

"I never even thought of getting anything out of them," he
said, adding that he only asked for the $10,000 because he was "sort
of mad at them for only offering 10 bucks." 

He said family and friends are backing him and a lawyer has offered to
advise him for free. 

He's also keeping his sense of humor. 

"It's not their name. It's my name. I just think it's kind of funny
that they'd go after a 17-year-old," Rowe said. 

Company spokesman Jim Desler said Sunday, "Microsoft has been in
communication with Mr. Rowe in a good faith effort to reach a mutually
agreeable resolution. And we remain hopeful we can resolve this issue to
everyone's satisfaction."
*******************************
CNET News.com
Job losses slow in Silicon Valley, report says
Last modified: January 19, 2004, 10:05 AM PST
By Laurie J. Flynn 
The New York Times

Silicon Valley is apparently still losing jobs, but more slowly than in
recent years, according to the latest annual report from Joint Venture
Silicon Valley, a nonprofit organization. And if and when job growth
returns, the biomedical industry may play a bigger role than in the past,
the report released Monday indicates. 

According to the most recent federal data available, Silicon Valley lost
jobs from the second quarter of 2002 through the second quarter of 2003
at only half the rate--5 percent--of the year-earlier period. 

Since mid-2003, anecdotal evidence suggests that the rate of loss has
continued to slow, giving Silicon Valley's economic leaders reason to
hope that the rebound in spending for technology that is becoming evident
may soon translate to renewed job growth. 

"The trend has continued; we see a continued slowing of job loss,''
said Doug Henton, the president of Collaborative Economics, a research
company in Mountain View, Calif., that conducted the study. 

Notably, Silicon Valley biomedical companies, which include many of the
nation's biotechnology leaders, lost the fewest jobs. And the survey
showed that for the first time, venture capital investment in
biotechnology in Silicon Valley equaled investment in software companies.

"We are now seeing the early signs of yet another Silicon Valley
reinvention," according to the report, which is called "The
2004 Index of Silicon Valley." 

Henton said the challenge for Silicon Valley was to provide the training
and education necessary to ensure that workers were prepared for the new
jobs. 

Through last year's second quarter, Silicon Valley had lost approximately
202,000 jobs from the peak of employment in the second quarter 2001, when
the region's work force was 1.38 million. 

For the third year in a row, average pay declined in Silicon Valley, but
by a smaller margin than the previous year. In the 2003 period, average
pay in the area declined 1.5 percent, to $62,400. That is in contrast to
a 6 percent decline the year before, after accounting for inflation. The
area's average pay peak was $81,700 in 2000. 

Even with the declines, average pay in Silicon Valley is 60 percent
higher than the average for the rest of country, which is $37,300. The
valley's cost of living, though, is 47 percent higher than the national
average.
*******************************
Computerworld
Sears plans to outsource part of IT infrastructure

Other major initiatives focus on point-of-sale systems and merchandising
applications 

Story by Carol Sliwa 

JANUARY 16, 2004 ( COMPUTERWORLD ) - NEW YORK -- Sears, Roebuck and Co.
in March plans to strike a deal to outsource a substantial portion of the
technical infrastructure that its IT department currently maintains.
The outsourcing decision is one of several key IT deals that the retailer
plans to finalize early this year to help reduce costs, improve margins
and drive up sales, CIO Gary Kelly disclosed at the National Retail
Federation conference here earlier this week. 

Outsourcing a significant portion of the technical infrastructure - a
decision that Kelly acknowledged is "huge" - will have an
impact not only on technology but also on the Sears IT personnel who
support it. Kelly said about 270 of the company's 1,160 IT staffers
currently manage the systems that the company plans to outsource.

"We don't know how many of them will remain with Sears, how many
will work with the new company. That's yet to be determined," he
said. "Usually, the company that acquires the contract to own and
operate the infrastructure hires some portion of the people that do the
work for the customer." 

That's what happened at Target Corp., for instance, when it signed a
major outsourcing deal with IBM Global Services five years ago. 

Kelly, who has been CIO at Sears since October 2002, said the company
spent much of the past year assessing its IT infrastructure and saw two
options to address the weaknesses it found: "remediate it internally
or have it outsourced." Sears chose the latter for its desktops,
server farms, routers, voice and data network, decision-support
technology and systems that support Sears.com, he said. 

"There's no competitive advantage to having a better e-mail system
and a different type of voice or data network," Kelly said.
"It's fundamentally a commodity that can be provided better as a
service." 

However, Sears won't outsource its in-store retail systems or the
wireless application and other technologies that support its
product-repair service business. Kelly said the company wants to invest
more time in creating systems that will differentiate Sears from its
competitors. 

Kelly said Sears is evaluating service providers for the outsourcing
contract and plans to make its decision by early March. The five being
considered are IBM Global Services, Hewlett-Packard Co., Electronic Data
Systems Corp., Computer Sciences Corp. and Affiliated Computer Services
Inc.

Sears will continue to have project managers, architects, developers,
business analysts and testers to support applications, operations and
systems, Kelly said. It will also provide direction on the technologies
being outsourced. 

A survey conducted by the NRF Foundation and BearingPoint Inc., which was
released at the NRF conference, found that 26% of the 57 retail
executives polled plan to make outsourcing/offshoring a strategic
initiative this year. The top three functional areas they said they would
outsource are application development, integration projects and
application hosting. Most said they would do so to cut costs and to
increase the focus on core competencies, efficiency and performance.

"In many cases, in data center and IT operations, the infrastructure
itself has to be significantly upgraded before it can be outsourced and
turned over," said Scott Hardy, a vice president in BearingPoint's
retail division. He said CIOs assess what they're good at and then
typically adopt a hybrid model, choosing to keep some functions in-house,
some offshore and others "nearshore" in North America.

Sears is keeping control over its in-store systems because it plans to
have a "new generation of selling applications" that give
customers a standard way to make purchases, regardless of channel, Kelly
said. 

Kelly said that within 30 days, Sears will select a point-of-sale
application and an operating system that will run on the 35,000-plus IBM
hardware devices it started rolling out last year. Sears is also taking
bids from third parties to help with integration. 

Sears' DOS-based POS systems, which were built to its specifications,
will be replaced by a POS application running on either Windows XP
Embedded or Linux, said Kelly. "The issue is going to turn on total
cost of ownership," he said. 

In addition to beefing up its enterprise selling systems, Sears will
undertake a third major initiative that will focus on a new integrated
tool for merchandise, assortment and demand planning. Sears plans to
choose the vendor within 30 days, Kelly said. 

None of Sears' upcoming IT initiatives involve its affiliate Lands' End
Inc., which continues to have its own IT operations. But Sears plans to
retool its systems so that Lands' End customers will be able to return
merchandise at Sears stores, Kelly said. He said he's not certain about
the completion date for that project. 

See more coverage of this issue in our Outsourcing Center.
*******************************
Government Computer News
FBI gets new acting CIO from Justice 
By Wilson P. Dizard III 
01/16/04

FBI director Robert S. Mueller III has appointed Zalmai Azmi as the
bureau?s acting CIO. Azmi succeeds Wilson Lowery, the bureau?s executive
assistant director for administration, who had been acting CIO until
Mueller announced Azmi?s appointment Dec. 30. Azmi formerly was CIO of
the Executive Office for U.S. Attorneys in the Justice Department, a
bureau spokesman confirmed. 

Mueller also appointed Stephen Schmidt, former chief of the FBI
Cyberdivision?s special technologies and applications section, as the
bureau?s acting chief technology officer. Schmidt succeeds Justin
Lindsey, who moved to Justice as chief technology officer. 

Azmi ?will be responsible for the FBI?s overall information technology
efforts, including developing IT strategy and planning operating
budgets,? a spokesman said. His other responsibilities include developing
and maintaining the FBI?s technology assets and providing technical
direction for re-engineering, the memo said. 

At Justice, Azmi was responsible for telecommunications as well as
information systems and security for U.S. attorney offices at more than
250 sites. 

During his three years at Justice, Azmi led development of several IT
projects including the Victim Notification System and the National Legal
Information On-Line System, which acts in concert with the department?s
Enterprise Case Management System. 

Sources inside and outside the bureau noted that Mueller himself has been
a U.S. attorney and likely knew Azmi well during his tenure at Justice.
In addition, both Mueller and Azmi are Marine Corps veterans, though Azmi
served from 1984 to 1990, long after Mueller?s Vietnam-era hitch.

?It is good news not to have these chairs empty,? a bureau IT official
said, adding that Azmi has not yet announced any sweeping changes.

One of Azmi?s early actions was to approve the start of the so-called
Build Four of the department?s Trilogy system for managing bureau data.
Trilogy comprises five builds; Build Four involves deploying additional
servers, routers and other hardware, the bureau official said.
*******************************
USA Today
Tiny Louisiana towns still get by without telephone service
Posted 1/19/2004 8:17 PM

BATON ROUGE (AP)  Judy Ballard says her husband might have lived if
there'd been a phone closer to her house. 

She lives in one of two Louisiana communities so tiny and remote that
they don't have phone service. 

Ballard lives in Shaw, in a corner of Concordia Parish between the
Mississippi and Red rivers. The other community, called Mink, is on the
edge of the Kisatchie National Forest in the rural southwest corner of
Natchitoches Parish. 

In Mink and Shaw, even cellular phone service is spotty at best. Ballard
estimates that only a dozen or so homes are occupied full-time in Shaw, a
ramshackle cluster of camps and mobile homes near two wildlife management
areas. The hunters and fishermen who own the 70 or so camps in the area
would like phone service too, she said. 

Public Service Commissioner Foster Campbell will host a meeting of phone
companies Tuesday  large, small and cellular  to try to find a
way to supply service of some sort to Mink and Shaw. 

He says he's confident the summit will prod the phone companies into
doing something. "Nobody's put the heat on them before. I'll lay
even odds that they'll have phones by the end of the year," he said.

Campbell, of Elm Grove, began representing 24 parishes in the northern
third of the state a year ago. He first heard about the problem at a
community meeting he held in Natchitoches Parish. 

"All 15 families from Mink came," Campbell said. 

"I never knew there was anybody in Louisiana without a phone,"
he said. "It's ridiculous. It's dangerous." 

Places like Shaw and Mink have no phones because it's prohibitively
expensive for phone companies to run lines to them, said Kevin McCotter,
a Shreveport-based regional director for BellSouth. 

Everywhere else was closer to existing phone lines and had a higher
concentration of potential customers, McCotter said. 

PSC rules let phone companies charge customers in the most remote areas
for the cost of running the phone lines, he said. "Those costs would
be overwhelming for a small group of residents," McCotter said.

"Some type of plan will emerge from the meeting," he said.

Both communities are miles from any cellular tower, so cell connections
are iffy. Some residents use large "bag" phones from the early
days of cellular service, because they generate more power and pick up
signals better than today's tiny models. 

"I bought one after my husband died," Ballard said. 

Her husband was 46 when he died in 1998. He'd had open-heart surgery 2½
years earlier. They lived in the little house where she grew up, deep in
the woody riverbottoms. 

When he had a heart attack it took an ambulance 90 minutes to arrive.
Getting a neighbor to drive to a phone took most of that time, she said.

"If I had a real phone, it would have helped," she said.

The wildlife management areas near Shaw draw thousands of people every
year for the hunting and fishing. In the evening, as hunters come in from
the woods, four-wheelers and pickups crowd the gravel road atop the levee
which runs through the community, hoping to find a cell phone connection.

"You have to run up and down the levee to find a good spot,"
Ballard said. 

The visitors need to be able to call for help in case of an accident,
Ballard said. 

If something happens, "You're stiff before they get back in here to
get you," said Buddy DeBlieux, a 62-year-old who retired to his camp
in Shaw. 

Just south of Shaw, Grady Weeks co-owns Blackhawk Farms, a lodge for
well-heeled hunters. His high-powered clients need phone connections, so
Weeks installed a microwave relay system linking the lodge to a phone
line 15 miles away. 

Some of the hunters who need to use a phone pop up at Weeks' Blackhawk
lodge because they know it has some sort of communication connection.

The multithousand-dollar microwave system works well, except in bad
weather or when radio signals from towboats on the nearby Mississippi
River interfere, Weeks said. 

Julian Ray moved back to the family farm in Mink. He sells fire
protection equipment and would like to run his business from home.
Without phone service and Internet access, he can't. 

He spends much of his time in motel rooms  sometimes as close as
Natchitoches  that offer him communication access. 

If he can't get his home hooked to the 21st century, Ray believes he'll
have to pull up his roots and find another home, closer to the modern
world.
*******************************
Wired News
Going Upstream to Fight Spam  
By Mark Baard
02:00 AM Jan. 20, 2004 PT

CAMBRIDGE, Massachusetts -- Filters and the Can-Spam Act may hold some
unwanted e-mail at bay, but neither approach will bring the pandemic
under control, according to a leading spam expert. 

Eric Raymond, president of the Open Source Initiative, said a technology
that recognizes legitimate senders may prove more efficient at curtailing
spam than existing filters, which only work on messages that have been
downloaded to servers and PCs.

Raymond, an open-source and antispam activist, spoke last week at the
Spam Conference at MIT, a gathering of 500 developers, lawyers and
researchers from major universities and technology giants like IBM and
Microsoft. 

Many of the conference participants agreed that the recently enacted
federal Can-Spam Act of 2003, which supercedes more than 30 state laws,
has done nothing to reduce the amount of spam on the Internet. Spammers
are already flouting the new law, which took effect Jan. 1, 2004, said
lawyers speaking at the conference. New and improved antispam
technologies, the lawyers said, will be necessary to help counter the
proliferation of spam. 

Raymond is promoting an antispam technology called SPF (sender permitted
from), an open-standard SMTP (simple mail transfer protocol) extension
that stops spam before ISPs have to download messages by rejecting those
e-mails coming from forged addresses. Under SPF, e-mail users enter their
valid domains and IP addresses into the SPF registry. More than 4,000
domains have published their SPF records, including AOL, said Raymond.
The registry will also be supported by an upcoming version of SpamAssasin
and other antispam applications. 

SPF is one of the methods that developers presented at the conference for
creating so-called "whitelists," lists of approved e-mail
senders that enable e-mail recipients to welcome messages from those who
are on the list while flagging or rejecting others. 

Whitelists like SPF will complement other technologies, such as domain
blacklists that block out specific senders, by forcing spammers to use
their own domains, said Raymond. 

"We need more approaches like SPF that attack the problem further
upstream, by forcing spammers into the open," he said. 

The new technologies should also lighten the workload carried by Bayesian
spam filters, which scan the contents of messages for tip-offs that they
are spam -- deliberately misspelled words such as "V1AGRA," for
example, or randomly generated sender names such as "Sondra
Gaines" or "Herndon Georgia." 

Bayesian filters are a popular method for keeping spam out of inboxes.
They are included in some e-mail applications (such as Apple's Mail and
Mozilla Mail), but more often appear as an add-on tool that users can
download from the Internet. 

Bayesian filters have become victims of their own success, however.

Spammers are pumping out more e-mail than ever in an attempt to squeak
past the Bayesian filters. They are breaking apart words, pasting
encyclopedia entries into their messages and using other techniques to
pass their content off as legitimate. 

And while the increased traffic is making spamming more expensive for the
spammers, the cost of downloading unwanted e-mail is hurting Internet
service providers like AOL and MSN, too.

Some at the conference also expressed doubts about claims of "99.9
percent accuracy" made by developers of the Bayesian filters. These
critics noted the risk of false positives -- when the filters wrongly
identify benign messages as spam. 

"I imagine the e-mail that those developers receive is much more
homogeneous than what you or I receive," said Terry Sullivan, who
studies the behavior of information users and is a member of the
Anti-Spam Research Group.

That homogeneity, a result of small circles of developers using a limited
lexicon to communicate through e-mail, may make it easier for Bayesian
filters to determine whether particular messages are spam. Ordinary users
with a more diverse contact list, however, may find that their filters
more frequently mislabel incoming messages. 

But tools that can analyze the behaviors of e-mailers, rather than the
content of their messages, may prove more reliable. 

Shlomo Hershkop, a Ph.D. student at Columbia University, is working on a
behavior-based "e-mail mining toolkit" to detect spam.

The behavior-based filter would consider a sender as a friend if he or
she has already exchanged e-mails with the intended recipient, for
example. But a sender who e-mails several identical (or nearly identical)
messages in a day might be considered a spammer. 

While spammers are constantly changing the content of their messages to
beat Bayesian filters, they may have a harder time evading Hershkop's
behavior-based toolkit. 

Whether the technology will actually work remains to be seen, but
Hershkop sees an added benefit of trying. 

"It's cheaper to catch someone who violates behavior rules set by
the user rather than going through the content and learning new
(words)," he said.
*******************************