[ ATL135 Achievement Requirements ] | [ ATL135 Homepage ] | [ ATL135 Schedule ]

Some Starting Points
for Your ATL135
[15 August - 11 December 2002 HERE]
please note: all links beyond the above open a new window

John A. Dowell
created: 10/10/02
last update: 3/19/04

Just for kicks, get started by viewing the online MSU Police Blotter
Heck, it's better than most blogs

Brilliant Shockwave site dealing with 9.11.01 with excellent-yet-brief narratives from the AP (a painless history lesson of a most painful time)
Great way to "follow the money" regarding the fight against al-Qaeda from the BBC News; very clear and readable with a quite useful glossary.
TONS of good stuff here from the University of Missouri-Columbia's Freedom of Information Center!
Aspen 2002 Free Speech Awards: dead link ... for now
Oh well! Here's something fun!

Many users of text messaging are unaware of the fact that their messages are likely to be saved on servers. Telecom analyst Jeff Kagan says, "One of the false assumptions that people make is that when they hit the delete button, messages are gone forever, but nothing can be further from the truth... It's just a common practice. I don't know an instance where [messaging companies] delete them." Cell phone text messages seem likely to be admitted as evidence in the current high-profile trial of basketball
player Kobe Bryant, in that the woman who made charges against him sent several messages within hours of the alleged incident. Kagan warns text-messaging enthusiasts: "I think in these days of corporate fraud and in these days of terrorism we're seeing more and more reason to store forever. Don't ever say anything on e-mail or text messaging that you don't want to come back and bite you."
AP/Los Angeles Times 7 Jun 2004)

The National Cyber Security Partnership (which includes the U.S. Chamber of Commerce, the Business Software Alliance and the TechNet lobbying group) is asking Congress for money to create a cybersecurity information clearinghouse for the business community. The group's recommendations include development of a "Home User Cyber Security Tool Kit" and the designation of a "cyber security month." The clearinghouse would be known as the "National Crisis Coordination Center."
Washington Post 18 Mar 2004

Police authorities believe that the proliferation of picture phones will be very helpful for the apprehension of criminals. But will crime victims remember to take snapshots as they're being attacked? Emily Turrettini, editor for the site picturephoning.com, thinks the answer to that question is yes: "I think it will become a reflex - it is for me. People will get used to that." But interesting legal issues about picture phones have also begun to arise. In a recent case in Pennsylvania, several basketball players were cleared of a rape accusation because the video tape on one team member's phone showed that the accusation of rape was false, and that the woman had accepted $1,000 from the players for her services; however, because the woman hadn't given permission for the video to be taken, there may have been a violation of Pennsylvania's wiretap laws.
San Jose Mercury News 19 Mar 2004

Federal law-enforcement officials have requested that the Federal Communications Commission (FCC) expand the scope of the Communications Assistance for Law Enforcement Act to cover the Internet and other new communications technologies. The law, passed in 1994, requires telecommunications companies to make their products open to wiretaps when a court order is issued. The Justice Department, FBI, and Drug Enforcement Administration contend that the law needs to be expanded to prevent criminals from taking advantage of communications tools that are not subject to wiretap provisions. The FCC has agreed to consider the issue and will "address the scope of covered services, assign responsibility for compliance, and identify the wiretap capabilities required." Opponents of the expansion said it would negatively affect the development of new technologies and would be extremely expensive to implement for existing ones.
Wired News 14 March 2004

A former student at the University of Northern Colorado in Greeley, Colorado, has filed a lawsuit claiming that police violated his rights of free speech when they confiscated his computer after he ridiculed a professor in a Web newsletter called "The Howling Pig." In the newsletter, the student had posted a photo of the professor altered to look like KISS guitarist Gene Simmons [NOTE: Simmons is bassist - jd], and described him as a KISS roadie who rode "the tech bubble of the nineties like a $20 whore." The ex-student was surprised when the police took away his computer: "I was thinking holy crap, what in the world. It's just a cheesy little newsletter, a freebie Web site that nobody takes seriously." An ACLU attorney says, "It's a clear case of a government entity blocking First Amendment rights. There just isn't much room for debate on this one."
USA Today 9 Jan 2004

Officials at the Department of Justice (DOJ) have appealed to the Federal Communications Commission (FCC) to ensure that the nascent field of Internet telephony is covered by the same law-enforcement regulations as traditional phone service. The FCC is expected to rule on several issues of regulation of the new field in the coming weeks. Specifically, the DOJ is arguing that the Communications Assistance for Law Enforcement Act (CALEA), which allows for lawful electronic monitoring of phone calls, be applied to voice-over-IP (VoIP) phone calls. According to the DOJ, "CALEA is vital to national security, law enforcement, and public safety," and compliance among VoIP carriers should not simply be voluntary. Several VoIP companies including Edison and Vonage argue that they are not telecommunications companies and should not be subject to CALEA.
Internet News 8 January 2004

Beginning early next year, those entering the United States on tourist, business, or student visas will go through a biometric screening process designed to improve national security. Asa Hutchinson, undersecretary for Border and Transportation Security at the Department of Homeland Security, this week unveiled the equipment to be used in the new screening procedure, which includes fingerprinting and photo tools. Visa holders will be screened when they enter the country to verify they are not on terrorist watch lists, and when they leave the country to keep a record of whether they have overstayed their visas. Despite a General Accounting Office report expressing skepticism that the system can be implemented efficiently and calling it "a very risky endeavor," Hutchinson said the system will cause few delays and will provide a strong boost for national security. The system will be installed at 115 airports and 14 seaports.
Wired News 29 October 2003

About 90% of U.S. children ages 5 to 17 use computers and 59% of them use the Internet, according to two new studies released by the U.S. Department of Education. The new data also show that 99% of public schools now have Internet access, up from 35% eight years ago. "Children are often the first adopters of a lot of technology," says John Bailey, who oversees educational technology for the federal agency. "? Students, by and large, are dominating the Internet population." That's not surprising, given the rapid penetration of computer technology among U.S. homes, says educational technology expert Peter Grunwald. "The dramatic increase in younger kids' use of technology is not disconnected from what's going on with their parents and their families. Younger kids are likely to have younger parents, and it is those parents, especially mothers, who have a much higher comfort level with technology than older parents - or even younger parents of five years ago." Almost 75% use the Net for help in school assignments and more than half use it for e-mail, IM-ing or playing games. Research shows the digital divide is still evident, however: while almost two-thirds of white youth aged 5-17 use the Internet, less than half of black youngsters do, and slightly more than a third of Hispanic young people log on.
AP 30 Oct 2003

Officials at the Library of Congress are required periodically to review the Digital Millennium Copyright Act (DMCA). The latest review has led to four new exceptions to the DMCA's prohibition against circumventing electronic copyright protections. Under the new exceptions, copyright protections can legally be broken to access lists of Web sites blocked by Internet filters; computer applications protected by broken or obsolete copy protections; applications that use obsolete hardware or formats; and e-books that do not allow disabled-access tools such as screen readers to function. Many DMCA critics complained that the new exceptions are fairly narrow and called again for exceptions that would allow users to break copyright protections in order to play files on various devices and in other formats. James Billington, the Librarian of Congress, said that his office does not have the authority to grant those kinds of exceptions and that such requests are typically made by individuals who do not understand copyright law.
CNET 28 October 2003

Ongoing concerns about electronic voting machines in Maryland have prompted two lawmakers in the state to request a review of the systems by an independent state agency. Senator Paula Hollinger and Delegate Sheila Ellis Hixson have asked the nonpartisan Maryland Department of Legislative Services to review a report by Science Applications International Corp. (SAIC) on the voting machines. That report was requested by the state after concerns were raised about possible security risks with the machines. Questions have also been raised over how the state will be able to verify election results or conduct a recount because the machines do not generate a paper record of votes as they are cast. David Dill, a professor at Stanford University, questioned whether SAIC--which has a standing consulting contract with the state of Maryland--was impartial in its report. Dill suggested that with the report, SAIC was trying to please the governor and that the report did not ask whether the machines should be used at all. The report, said Dill, simply asked whether the risks could be mitigated.
Federal Computer Week 23 October 2003

An organization representing most of the large U.S. financial services companies has announced a pilot project to create a single point of contact for people who believe they are victims of identity theft. The Financial Services Roundtable, which includes Wells Fargo, Bank One, Citigroup, MBNA, and others, said that with the new program, consumers can call their banks if they believe personal information has been used in an identity crime. The banks would then contact the newly formed assistance center, which would help the consumer with the paperwork and other details of dealing with the problem. The center would also vet loan and other applications to make sure the names of people asking to borrow money are not the same as those who have reported having their identities stolen.
Washington Post 28 October 2003

Iowa State University will begin work on a Internet-security lab with a $500,000 grant from the U.S. Department of Justice, though further funding will be required to complete and sustain the lab. Researchers developing the lab, called the Internet-Scale Event and Attack Generation Environment (ISEAGE), plan to build a replica of the Internet, including simulated Internet traffic. Researchers can then launch large-scale attacks against the Internet replica to test various security technologies. Doug Jacobson, director of the ISEAGE (pronounced ICE AGE) laboratory, said other labs are able to conduct similar tests but not of the size that the ISEAGE will allow. Jacobson said graduate and undergraduate students will be involved in the operations of the lab. The initial grant will allow early development, and officials are already seeking further funding to complete the lab, according to Jacobson.
Des Moines Register 25 October 2003

The Federal Trade Commission says that complaints of Internet-related identity theft more than tripled last year, to 2,352 last year from the year before. Jay Foley of the Identity Theft Resource Center says, "Online fraud is becoming as big an issue for eBay and AOL as security is for Microsoft." Typically, eBay covers buyers or sellers for up to $200 (or $500 for some listings) if an item is not delivered or is in bad condition, though there is a $25 processing fee. Posting safety tips for eBay transactions are listed at at www.ebay.com/securitycenter.
USA Today 24 Oct 2003

Students at Swarthmore College unhappy with a maker of electronic voting machines have begun an "electronic civil disobedience" campaign.Diebold Election Systems has been criticized for voting systems that have been described as full of security vulnerabilities. In March, 15,000 internal Diebold memos leaked to the press indicated that the company knew of the problems but continued to sell the systems to states. The memos have been posted on a number of Web sites, both inside and outside the United States, and Diebold has been issuing cease and desist letters to sites that post the memos. The students at Swarthmore involved in the protest believe Diebold is improperly using the Digital Millennium Copyright Act to keep the public from seeing the memos and have pledged to move the memos from computer to computer as Diebold tracks them down. Luke Smith, a sophomore at the college, said, "They're using copyright law as a means of suppressing information that needs to be public."
Wired News 21 October 2003

Microsoft's new Office 2003 software, set to debut on Tuesday, will include an e-mail feature that can be used to time-stamp messages, directing them to delete themselves on a certain date. In addition, senders will be able to restrict forwarding and printing of messages by the recipient. The new Information Rights Management software could run into opposition from U.S. regulators, who view destroying e-mail as on a par with shredding documents. Earlier this year, Morgan Stanley was fined $1.65 million for failing to keep e-mail records, despite the company's claim that it due to oversight rather than a deliberate attempt to evade financial investigation.
BBC News 19 Oct 2003

An Arizona woman was sentenced to 60 days of home detention for intercepting at least 215 e-mail messages directed to her husband's ex-wife. Law enforcement officials said Angel Lee fraudulently obtained the ex-wife's user name and password, allowing her to log in and read mail. Ex-wife Duongladde Ramsey said Lee's actions were comparable to breaking into her house and reading her diary, and the judge agreed, saying Lee's penalty is a warning to others who might be tempted to spy on others' e-mail accounts. "Privacy is still a cherished value," said U.S. District Judge Richard P. Matsch.
AP 19 Oct 2003

The U.S. Supreme Court has agreed to re-hear the case testing the constitutionality of the Child Online Protection Act (COPA). The court previously ruled that the law's reliance on "contemporary community standards" did not make it unconstitutional and sent the case back to the court of appeals. That court has issued another ruling, saying COPA violates constitutionally protected free speech. The Justice Department appealed that ruling again to the Supreme Court, which is expected to rule on the case by next July. Most observers expect the Supreme Court's next ruling on this case to have far-reaching impact on how a wide range of Web sites are monitored and, perhaps, restricted.
CNET 14 October 2003

Internet gadgeteer and author Simson Garfinkel says peer-to-peer technology may have gained a bad name in recent years, but it could solve many of the current Internet's traffic congestion and security problems. "Peer-to-peer could overcome many of the fundamental problems that are facing the Internet today - problems of centralized control, vulnerable servers, and the difficulty that most organizations have scaling. On the other hand, peer-to-peer could also make the Internet's security problems worse, by allowing hackers to create large-scale attack networks. Peer-to-peer could be a boon for the artists and the recording industry, giving them a way of publicizing and distributing their intellectual property for far less than they do now. Yet better peer-to-peer systems could further hurt the recording companies - and not just through copyright violations... The real threat that peer-to-peer poses to the record labels is that it could make them obsolete. At the end of the day, peer-to-peer technology is about increasing the reliability and the redundancy of Internet-based systems. That's why the recording industry is afraid of it - because peer-to-peer can be used to create networks that the industry can't shut down. But peer-to-peer can also be used to create networks that earthquakes, wars and terrorists can't shut down. Ultimately, I think that we're better off trying to strengthen the Internet rather than trying to make it weaker."
MIT Technology Review/Wall Street Journal 10 Oct 2003
http://online.wsj.com/article/0,,SB106580800025236600,00.html (sub req'd)

More than 5,000 citizens of foreign countries have been detained by the government since 9/11 in connection with anti-terrorism measures. Only a handful have been charged with a terror-related crime. Many were held initially without charges, denied access to lawyers, judged in secret and locked up for months without any showing that they had committed crimes or otherwise posed any danger. More than 500 were deported for immigration violations.
New York Times 4 Oct 2003

The Electronic Frontier Foundation (EFF), which concerns itself with civil liberties issues in cyberspace, is expressing dismay over a plan by the the San Francisco Public Library use RFID technology to track books. A RFID (radio frequency identification) chip would be inserted into each library book, and would send out electromagnetic waves that would allow tracking of the book's location. San Francisco's city librarian Susan Hildreth says the RFID devices will help streamline inventory and prevent loss, and explains that tracking people is not the goal; "It will not allow us to track people to their home or any location." Hildreth's response has failed to satisfy Electronic Frontier Foundation Lee Tien, who worries: "We're talking about the imbedding of location trafficking devices into the social fabric."
AP/USA Today 3 Oct 2003
http://www.usatoday.com/tech/news/internetprivacy/2003-10-03-sf-library-rfid _x.htm

A report by the General Accounting Office (GAO), the investigative arm of Congress, says that the Homeland Security Department needs to keep track of when foreign high-tech workers with H-1B visas enter and leave the country, and to develop rules limiting the length of time workers who lose their jobs are allowed to remain in the country. According to the GAO, "much of the information needed to effectively oversee the H-1B visa program is not available." The Homeland Security Department agreed with the recommendations and is in the process of changing the systems used to track the foreign workers.
AP/San Jose Mercury News 2 Oct 2003

In Amsterdam, a film technology group called MPEG LA says it wants to collect all essential patents that can protect digitized music and movies in order to create new content-distribution models over the Internet. The problem is that at present it is often not known which companies own all the relevant patents, and the uncertainty is discouraging film and music publishers from selling their products in new digital ways. MPEG LA hopes that by early in 2004 it will have collected all essential digital rights management (DRM) patents, so that it can begin licensing them later that year.
Reuters/USA Today 3 Oct 2003

Privacy and free speech are conflicting values in the current controversy over "Do Not Call" legislation aimed at curtailer commercial telemarketing calls (while continuing to allow calls made for political or philanthropic purposes). David Sobel, general counsel for the Electronic Privacy Information Center, says: "The telemarketers have some First Amendment rights to disseminate information. But the consumer also has some rights to control unwanted information coming into the home." Telemarketers argue that their own free-speech rights are being violated by the FTC's attempt to establish a Do-Not-Call list, and UCLA law professor Eugene Volokh explains: "When it comes to residential privacy, the Supreme Court has suggested that content-based discrimination is illegal. The FTC is setting up content-based discrimination." Some legal experts think the government could legally expand the registry to all telemarketers, with a registry that just says, like Greta Garbo, "I want to be alone." Attorney Bruce Johnson, an expert in First Amendment law, says: "I don't think it's restricting political or religious speech. The registry just says that I don't want to hear from anybody."
San Jose Mercury News 27 Sep 2003

Daniel E. Geer Jr., the chief technology officer for AtStake - a Cambridge, Mass., technology firm that works closely with Microsoft - lost his job after participating on a study that disparages security gaps in Microsoft software. Microsoft-watchers see the firing as an example of Microsoft's ability to silence its critics. Ed Black, head of the Computer and Communications Industry Association (sponsor of the report in question) says: "It's a tragedy this happened to someone who was speaking in the interest of national security. It gives even more credibility to what he said and what the report said. He was not in any way representing some corporate interests of his company." A statement by AtStake says simply: "The values and opinions of the report are not in line with AtStake's views."
AP/USA Today 26 Sep 2003

After an independent review uncovered security flaws in electronic voting systems purchased by Maryland, state officials said the maker of the systems, Diebold Elections Systems Inc., would address the flaws and the state would honor its contract with Diebold. Science Application International Corp., which conducted the review, found 328 flaws in Diebold's AccuVote system, of which 26 are critical. Gov. Robert L. Ehrlich Jr. said that "Maryland voters will have one of the safest election environments in the nation" as a result of the review and revisions to the e-voting systems. Others remain unconvinced. Aviel Rubin of Johns Hopkins University, who in July wrote an extremely critical assessment that prompted the review of Diebold's e-voting systems, said that despite a very thorough review, the state and Diebold cannot adequately address all of the problems. He called the action plan "unrealistic and naive" and faulted the system for relying on human poll workers who can make human mistakes.
Washington Post, 25 September 2003

Five U.S. library organizations are expected to file an amicus brief in federal court supporting the position of peer-to-peer (P2P) companies Streamcast Networks and Grokster in their legal battle with the recording industry. Organizations signing the brief include the American Library Association, the Association of Research Libraries, the American Association of Law Libraries, the Medical Library Association, and the Special Libraries Association. In the brief, the library groups argue that a judge ruled properly in April when he said that the two companies are not responsible for copyright infringement committed by individuals using the peer-to-peer tools the companies developed, just as makers of VCRs are not responsible if individuals use them to make illegal copies of movies. The brief reportedly makes clear that the groups do not condone violations of copyright law but that the recording industry should not be given "veto power over the development of innovative products and services" that have legitimate, noninfringing uses.
CNET, 26 September 2003

Congress has approved a spending bill that includes no funds for the Pentagon's Information Awareness Office, effectively eliminating it. The office and its former head, John Poindexter, had been criticized by civil-rights and privacy groups for initiatives including the Total Information Awareness program (later called the Terrorism Information Awareness program) and a futures market on terrorism, which was ended almost immediately after details of its intended operation were made public. A few of the office's programs, specifically training, will continue but will be transferred elsewhere within the Defense Advanced Research Projects Agency.
New York Times, 26 September 2003 (registration req'd)

The Pentagon's controversial Information Awareness Office, which had been headed by Admiral. John M. Poindexter, has been closed down by Congress, though a few of its projects will be shifted elsewhere within the Defense Advanced Research Projects Agency (DARPA). Senator Ron Wyden (D, OR) says: "They turned the lights out on the programs Poindexter conceived. From a standpoint of civil liberties, this is a huge victory." Wyden says the programs that survived are mainly training initiatives, such as war-gaming software that help agencies analyze evidence and communicate with one another.
New York Times 26 Sep 2003

The Bush administration on Monday selected Amit Yoran, a respected software executive from Symantec Corp., as the nation's new cybersecurity chief inside the Department of Homeland Security.

The Florida Supreme Court ruled Thursday that state workers' private e-mails cannot be treated as public documents just because they are created or stored on government computers. The ruling came in a case brought by the St. Petersburg Times, which had sued the city of Clearwater for access to the e-mail records of two city employees who had exchanged messages regarding a private business venture. The city allowed the workers to determine which e-mails should be made public, a decision challenged by the newspaper and First Amendment advocates. Florida Attorney General Charlie Crist expressed disappointment with the ruling: "If the taxpayers pay for the computers, they ought to have the right to see what's on them." St. Pete Times attorney George Rahdert noted that the 1967 law covering public records was written before electronic communications were commonplace. "The problem is public records law is kind of paper-bound. It doesn't really account for the way that people are communicating important information."
St. Petersburg Times 12 Sep 2003

During California's March 2002 primary, absentee vote tallies from one county seem to have been sent to an Internet site operated by Diebold Election Systems Inc., the company that manufactured the voting machines used in the election. Activist critics of electronic voting systems say the glitch is new evidence that the technology is intrinsically faulty, but Diebold executive Deborah Seiler says that Diebold engineers may have published the results as part of a test performed days, weeks or months after the county primary (regardless of the time stamp shown): "These activists don't understand what they're looking at." Seiler insists that the company has a system of checks and balances to safeguard against fraud, but that explanation doesn't satisfy Kim Alexander, president of the California Voter Foundation, who charges: "In our quest to deliver faster, more accurate election results, we've left the voting process wide open to new forms of attack and mismanagement."
AP/San Jose Mercury News 11 Sep 2003

The U.K.'s Center for Networking Telecommunications Research is working on a system aimed at protecting electronic appliances such as televisions, DVD players and computers from theft by embedding GPS-enabled microchips that identify their location and their normal proximity to each other. If those coordinates change, the police would be automatically alerted, says Nigel Linge, a researcher at the Center. Linge says the technology could probably locate a tagged device within a meter's radius and predicts that a police-monitored trial should be up and running within six months in Manchester. Linge says there's also talk of installing the GPS technology in cars in order to regulate their speed remotely. He acknowledges the controversial implications for civil liberties that this potentially intrusive system would engender, but says for the present he's concentrating his efforts on the technical aspects.
Reuters 10 Sep 2003

A survey of more than 18,000 students on 23 college campuses indicates a growing incidence of Internet plagiarism among U.S. college students. According to the survey, conducted by Rutgers University management professor Donald L. McCabe, 38 percent of respondents said they had been involved in "cut-and-paste" cheating within the past year. This compares to 10 percent in a similar, though smaller, survey conducted three years ago. McCabe attributed some of the rise to growing ignorance among college students about what constitutes proper citation. Many of today's students, he said, "are convinced that anything you find on the Internet is public knowledge." Indeed, nearly half the students who participated in the survey said they did not consider copying several sentences or even full paragraphs without citation to be cheating.
New York Times 3 September 2003 (registration req'd)

According to a survey conducted by Federal Computer Week and the Pew Internet and American Life Project, nearly 50 percent of Americans fear a severe attack on the country's electronic infrastructure. Alan Paller, an information security expert at the SANS Institute, said he was surprised that the percentage was so high but that it represents growing awareness among Americans of the threats to many of the country's basic systems. Peter Neumann of SRI International said a common attitude of people in the United States is "We've never had the Pearl Harbor of cybersecurity, so why worry?" The survey was conducted prior to the Blaster worm and the recent blackout in the northeastern United States and Canada, two events that spotlight the potential for damage to the nation's computer systems and electrical grids.
Federal Computer Week
1 September 2003

The Federal Trade Commission (FTC) said this week that an estimated 27 million Americans have been victims of identity theft in the past five years and that total damages from the crimes exceed $50 billion. The FTC's estimates are based on a random survey of just over 4,000 adults. The survey indicates that nearly 10 million people suffered identity theft last year alone. According to the FTC, the most common type of fraud resulting from identity theft is credit card fraud, followed by utility and phone fraud and then bank fraud. The FTC said that many who find themselves victims of identity theft do not report the crime. Still, in 2002, more than 160,000 complaints were filed with the FTC for identity theft, twice as many as in 2001.
Wall Street Journal 3 September 2003 (sub. req'd)

Forget bad luck. Those annoying chain letters circulating the Internet could be cursing you with an inbox full of Spam e-mail, experts warn.

Biometric face and fingerprint scans for travelers will become routine security measures for foreign visitors next year. By October 2004 the 27 countries whose citizens can travel to the U.S. without visas must begin issuing passports with embedded computer chips with the traveler's facial identification. Civil libertarian Marc Rotenberg of the Electronic Privacy Information Center opposes the mandate: "Our government has forced on European governments the obligation to adopt biometric identifiers though most in the U.S. still oppose such systems." But Kelly Shannon of the State Department argues that is not only "more secure for other countries, it's more secure for us. The idea is that it is contingent on reciprocal treatment for United States citizens." And Denis Shagnon of the International Civil Aviation Organization adds: "What was required was a globally interoperable biometric - one biometric that could be used worldwide and can be read worldwide." He regards the biometric techniques as "very user-friendly" and "unobtrusive."
New York Times 24 Aug 2003

Police in Tampa, Florida, are removing facial recognition software linked to street surveillance cameras in the Ybor City entertainment district after a two-year deployment failed to produce any arrests. The test program was paid for by Identix, the producer of the software. The decision to end the test was based on lack of results, said a police spokesman, not because of privacy issues. The surveillance cameras, which were installed in Ybor City in 1997, will remain.
Wired News 21 August 2003

Fearing an even tougher ballot initiative, the California Assembly has passed a privacy bill that would place severe limits on what information financial institutions would be allowed to share. The bill is expected to pass easily through the state Senate, and Governor Gray Davis has said he will sign the bill. The bill had previously been rejected by committees, but lawmakers appeared nervous that an initiative from consumer groups would be placed on a March ballot and would likely pass. That initiative would have required institutions to request permission from consumers before sharing any information with any company. Steve Blackledge of the California Public Interest Research Group said the "ball is now in the bankers' and insurers' court" on whether they will challenge the law in court.
San Jose Mercury News 19 August 2003

The Justice Department is appealing to the Supreme Court a Pennsylvania appeals court ruling that has been blocking enforcement of the Child Online Protection Act (COPA) - the 1998 law requiring commercial Web site operators to use credit cards or other adult access systems to prevent minors from viewing the material. The appellate court has twice ruled that COPA unconstitutionally restricts free speech, but those decisions have twice been rejected by the Supreme Court. Congress drafted COPA in an effort to create a more narrowly defined law than the Communications Decency Act (CDA) of 1996, which the Supreme Court struck down in 1997 as unconstitutional.
DC Internet 13 Aug 2003

The city of Biloxi, Mississippi, has completed a project to install Webcams in every classroom of the city's public schools. The cameras are mounted in the ceilings and record images but not sound. Access to tapes made by the cameras is limited to a school principal, vice principal, superintendent, school board member, or board attorney, according to Deputy Superintendent Robert Voles. Voles said the program to install the cameras has been received well by the community, without any complaints. Maryann Graczyk of the Mississippi American Federation of Teachers, however, expressed concern that the system will not serve as an effective deterrent to crime. Graczyk worries about the loss of privacy with the system and said she does not think any benefits from the system will justify the $2 million cost of installing the Webcams.
New York Times 12 August 2003 (registration req'd)

A British man has successfully used a "Trojan horse" defense in a child pornography case. Julian Green was arrested last fall for having images of child pornography on his computer's hard drive. Green argued that he was not responsible because the images were downloaded to his computer by a malicious program, a Trojan horse, that he or another member of his family unwittingly installed on the machine. The program then routed Green's browser to pornographic sites and even connected the computer to the Internet when no one was home, according to Green. After more than 10 Trojan-horse applications were found on Green's computer, prosecutors "reluctantly offer[ed] no evidence in this case." Experts said the case offers two disturbing possibilities: that such Trojan-horse applications could offer actual child pornographers a strong defense, or that innocent persons could be convicted for having illegal images on their computers without their knowledge.
New York Times 11 August 2003 (registration req'd)

Software engineer Maher "Mike" Hawash, who unsuccessfully attempted to enter Afghanistan to fight against U.S. troops, has pleaded guilty to aiding the Taliban and has agreed to testify against other suspects in federal court, before grand juries and before any potential military tribunals. Hawash will serve at least seven years in federal prison, and his attorney said Hawash had decided to cooperate fully with the government in order to obtain a sentence less than the 20 years he was facing had he not agreed to testify.
AP/San Jose Mercury News 7 Aug 2003

In Australia, the government of Victoria has called for a national taskforce to tackle inappropriate use of mobile phone cameras -- such as the unauthorized publishing of children's photographs on the Internet, and the use of mobile phone cameras in changing rooms. Victoria's Attorney General explained: "The fact is that a number of photographs have been taken without the permission of those involved, and have been placed up on the Internet on sites that have links to voyeuristic sites, sexually explicit sites. There are gaps in the laws at the moment dealing with these matters, and because of the nature of the Internet, there needs to be a national approach."
Australian IT 6 Aug 2003

The U.S. Department of Education has proposed updating its rules to allow online authorization of the release of personal information, such as transcripts. The Family Educational Rights and Privacy Act (FERPA) requires such authorization, and current rules mandate that students or alumni provide a handwritten signature for the release. Some colleges and universities, however, already allow online authorization. Rules based on FERPA were drafted prior to a law that grants electronic signatures equal status as handwritten ones. The subsequent law, they said, means that electronic signatures are already acceptable for authorization. Others disagree, saying that until the rule is officially changed, a handwritten signature is still required to authorize release of personal information. Comments on the proposal can be submitted to the Department of Education until September 26.
Chronicle of Higher Education 6 August 2003 (sub. req'd)

David Dill, a computer science professor at Stanford University, has voiced concerns over direct recording electronic machines, already used in some spots in the United States for elections. The machines, argues Dill, offer no verifiable paper trail to validate results. Computer bugs or malicious intervention could result in inaccurate election results, he said, with no way of going back and finding out what the actual counts were. Defenders of the machines said they are thoroughly tested, do not allow voters to accidentally vote for multiple candidates in the same race, and can be installed with printers so that voters can see exactly how their ballots were cast. Dill dismissed those arguments, however, saying oversight is lax and that information necessary to have confidence in an election is kept away from the public.
Federal Computer Week 25 July 2003

Cisco and other high-tech companies are faced now with the problem of monitoring charitable contributions made on behalf of their employees, to make sure the money isn't being sent to terrorist organizations. Taylor Griffin of the U.S. Treasury Department says: "It's the reality of a post-Sept. 11th world. Glossy brochures say they are funding orphans and people in need. But money is actually going to fund suicide bombings that kill innocents." But Janne Gallagher of the Council on Foundations complains that "adding a lot of other questions to due diligence increases the cost of making each grant," and Brian Lehnen of the Village Enerprise Fund, which has provided more than 100,000 small grants and loans to East African business startups, asks hypothetically: "Let's say one of them decides to be a terrorist... Suddenly, we support terrorism. It's on the minds of foundations and other deep-pocket organizations that fund groups overseas and don't know what they are liable for."
San Jose Mercury News 26 Jul 2003

The Electronic Frontier Foundation has stepped right into the middle of the file-swapping fray, offering potential targets of the subpoenas recently issued by the Recording Industry Association of America (RIAA) a way to check and see if they're on the list. "We hope that the EFF's subpoena database will give people some peace of mind and the information they need to challenge these subpoenas and protect their privacy," says EFF senior counsel Fred Von Lohmann. The database allows people to check their file-sharing "handle" (e.g., hottdude123) against a list of subpoenas issued. If they see their name, they can access an electronic copy of the subpoena, which includes the name of their ISP, a list of songs pirated and the Internet address of the user. By the end of last week, nearly 900 subpoenas had been issued, with 75 additional being added every day. The subpoenas are intended to force the ISPs to divulge the identity of the alleged file-swappers and the RIAA is threatening lawsuits, claiming damages ranging from $750 to $150,000. "The recording industry continues its futile crusade to sue thousands of the more than 60 million people who use file-sharing software in the U.S.," says Von Lohmann. The EFF has teamed with the U.S. Internet Industry Association to set up a Web site called subpoenadefense.org, which provides information on lawyers and other resources for those facing legal action.
BBC News 28 Jul 2003
[For an interesting overview of the legal issues involved in the RIAA's battle against file-swappers, see "Copying is Theft - And Other Legal Myths" by Mark Rasch, former head of the U.S. Justice Department's computer crime unit, 28 Jul 2003, http://www.theregister.co.uk/content/6/32004.html]

The Federal Communications Commission said yesterday that libraries will have an extra year to comply with the provisions of the controversial Children's Internet Protection Act (CIPA), which mandates that libraries accepting federal funding must install Internet filtering software. The new deadline is July 1, 2004. Opponents of the Act - including the American Library Association and the American Civil Liberties Union - have challenged CIPA, saying it violates free speech guarantees, but the U.S. Supreme Court ruled June 23 that CIPA did not infringe on First Amendment rights, noting "the ease with which patrons may have the filtering software disabled" by asking a librarian to unblock a particular site.
CNet News.com 24 Jul 2003

Research firm Gartner Inc. reports that identity theft has risen 79 percent over the past year. Identity theft has become a significant problem in some parts of the world, in part due to how much more readily accessible personal information is now than in the past. The research indicates that 3.4 percent of the U.S. population has fallen victim to a scam and that half of those incidents were perpetrated by friends, colleagues, or relatives. Recently the FBI and consumer groups warned of a wave of new scams involving fake e-mails purporting to come from legitimate e-commerce Web sites. While individuals should take responsibility for protecting their personal information, authorities believe that institutions need to be more careful with personal information. Avivah Litan of Gartner cautioned that "Many banks, credit card issuers, cell phone service providers, and other enterprises that extend financial credit to consumers don't recognize most identity theft fraud for what it is ... [which] causes a disincentive to fix the problem with the urgency it requires."
BBC 21 July 2003

A senior research assistant at the Swiss Federal Institute of Technology's Cryptography and Security Laboratory has published a paper outlining a way to speed up the process of cracking alphanumeric Windows passwords to only 13.6 seconds on average. The previous average time was 1 minute, 41 seconds. The new method uses massive lookup tables to match encoded passwords to the original text entered by a person, thus reducing the time it takes to break the code. "Windows passwords are not very good," says researcher Phillippe Oechslin. "The problem with Windows passwords is that they do not include any random information." The only requirement for the cracker is a large amount of memory in order to accommodate the lookup tables. The larger the table, the shorter the time it takes to crack the password. Users can protect themselves by adding nonalphanumeric characters to a password, which adds another layer of complexity to the process. Any cracker would then need more time or more memory or both to accomplish the break-in. For more information on Oechslin's method, check out
CNet News.com 22 Jul 2003

The number of victims that have fallen prey to identity thieves is severely underreported, according to a study by Gartner Research, which estimates that 3.4% of U.S. consumers - about 7 million adults - have suffered ID theft in the past year. Moreover, identity thieves generally get away with it - arrests are made in only one out of every 700 cases. "The odds are really stacked against consumers," says Gartner VP Avivah Litan. "Unfortunately, they are the only ones with a vested interest in fixing the problem." Typically, victims of ID theft learn of the crime a year or more later after it happens - long after the trail has gone cold. "It is different from payment fraud, where the thief takes a credit card number and consumers are innocent until proven guilty. With identity theft, it is the opposite: Consumers are thought to be guilty until proven innocent," says Litan. "There is a serious disconnect between themagnitude of identity theft that innocent consumers experience and the [financial] industry's proper recognition of the crime. Without external pressure from legislators and industry associations, financial services providers may not have sufficient incentive to stem the flow of identity crimes."
CNet News.com 21 Jul 2003

The Federal Trade Commission (FTC) is warning consumers about bogus e-mails that request users to update personal information. The "spoofing" scam involves sending an e-mail claiming a billing problem or something similar. The e-mail directs users to a Web site where they are told to enter account information including names and addresses, Social Security and credit card numbers, and other data that can be used for identity theft. The FTC recently prosecuted a 17-year-old boy in California for such a scheme. The boy used the information he collected to run up an $8,000 tab of online purchases. FTC Commissioner Mozelle Thompson warned consumers to verify any e-mail they receive with the company or organization that supposedly sent the message.
Washington Post 21 July 2003

Congressmen John Conyers Jr. (D-Mich.) and Howard Berman (D-Calif.) have introduced the "Author, Consumer, and Computer Owner Protection and Security Act of 2003" (ACCOPS Act), which would make a single unauthorized upload of a copyrighted work a federal felony. In addition, the ACCOPS Act would require that file-sharing Web sites request certain information of their consumers and would allot $15 million to the U.S. Department of Justice to prosecute copyright violations. Conyers argued that the ACCOPS Act would address the absence of existing laws that adequately protect copyright holders. While the bill has garnered some support, Philip Corwin of Sharman Networks, the parent company of the Kazaa file-sharing service, sees the bill as "totally way over the top," and said the "idea of sending a kid who's downloaded a couple of songs to jail is just ridiculous."
IDG, 17 July 2003

The United States is pursuing a trade agreement with Chile, similar to one it signed in May with Singapore, that would extend many of the provisions of the Digital Millennium Copyright Act (DMCA). Under the terms of the trade deal, Chile must apply civil and sometimes criminal penalties to those who circumvent technological measures designed to prevent unauthorized reproduction of digital content. Chile would also be responsible for prosecuting those who distribute hardware or software that has no apparent purpose other than to circumvent technological protections. President Bush supports the trade deal and is asking Congress to approve it.
CNET, 15 July 2003

U.S. senators deliberating over next year's defense budget have proposed eliminating all funding the Defense Department's Terrorism Information Awareness project. The TIA project, under the supervision of retired Adm. John Poindexter, seeks to develop computer software capable of scanning vast public and private databases of commercial transactions and personal data around the world to ferret out possible terrorist activities. The committee's proposal "reflects deep, deep skepticism in Congress of the Pentagon's assurances about this system," says a spokesman for the Center for Democracy and Technology. "There appears to be some spillover skepticism from Iraq where they voted to go to war and now are questioning whether that was based on clever use of words or selective use of intelligence."
AP 15 Jul 2003

The House Government Reform Committee's Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census expects Congress to pass legal guidelines later this year telling businesses how to secure their areas of cyberspace. According to Subcommittee Chair Adam Putnam (R-Fla.), the legislation will provide a regulatory approach to cybersecurity that will affect the private sector. The bill would not include the wide-ranging features of a similar law governing accounting procedures at public companies, however. The subcommittee also plans to consider whether government agencies other than the Department of Defense should require that software meet specific security standards.
PCWorld 11 July 2003

RFID technology (the acronym stands for "radio frequency identification"), which embeds tiny computer chips and radio antennae into products and transmits inventory and supply-chain data to manufacturers and retailers, is being criticized by Marc Rotenberg of the Electronic Privacy Information Center: "Simply stated, I don't think most people want their clothes spying on them. It's also clear that there could be some very invasive uses of these techniques if merchants use the tracking technology to spy on their customers after purchase." In rebuttal, Ron Margulis of the National Grocers Association says that privacy concerns are far outweighed by the benefits of RFID, which could help retailers respond much more quickly to product recalls and prevent people from becoming ill from tainted products: "You do give up a bit of privacy but the benefit could be that you live."
AP/USA Today 9 Jul 2003

Bowing to criticism from consumer privacy groups, Wal-Mart has canceled what was billed as the biggest trial yet of a so-called smart-shelf system that would use RFID sensors to pick up data transmitted by microchips in partner Gillette's product packaging. The system would then alert store managers via computer when stock was running low or when items may have been stolen. A Gillette representative declined to comment on Wal-Mart's decision, but said it plans to focus on helping UK supermarket chain Tesco and German retailer Metro conduct similar trials in Europe. Meanwhile, Wireless Data Research Group analyst Ian McPherson says privacy advocates' concerns were likely overblown: "Consumers that are aware of RFID and privacy feel it is very significant, and they are probably more concerned than they should be. The likelihood that people can be tracked beyond the check stand is very low." A recent Gartner poll showed 55% of the consumers polled said they would shop in stores using RFID technology if it meant faster checkouts, and only about 16% said they would probably or definitely stop shopping at such a store. Twenty-eight percent were undecided.
CNet News.com 9 Jul 2003

Anonymous organizers of a Web-vandalizing contest this weekend say that the goal will be to deface 6,000 Web sites in six hours, with winners to be awarded prizes such as Web hosting space and Internet domain names. Pete Allor of Internet Security Systems Inc., which runs a threat-detection service, cautions Web operators: "The problem is now, and you shouldn't wait until Sunday to address it."
Atlanta Journal-Constitution 3 Jul 2003

The Defense Advanced Research Projects Agency is developing an urban surveillance system dubbed "Combat Zones That See" (CTS), which is designed to track and analyze the movement of every vehicle in a city. The centerpiece of the system is proposed software that would be capable of identifying vehicles by size, color, shape and license tag, and would issue instant alerts when a vehicle on a watchlist was detected. The CTS technology could also be used to comb through months of data to locate and compare vehicles spotted near terrorist attack sites. Although the military has emphasized that it plans to use CTS in hostile foreign cities, critics are concerned that such technology could be deployed domestically for nonmilitary use. "One can easily foresee pressure to adopt a similar approach to crime-ridden areas of American cities or to the Bowl or any other site where crowds gather," says Steven Aftergood of the Federation of American Scientists.
AP 2 Jul 2003

Responding to the recent announcement from the Recording Industry Association of America (RIAA) about plans for lawsuits against individuals, the Electronic Frontier Foundation (EFF) has launched a campaign to mobilize the estimated 60 million Americans who use file-sharing services. The goal of the "Let the Music Play" campaign is to make changes in current copyright law to legalize file sharing while guaranteeing that artists will be compensated for their work. According to Shari Steele of the EFF, "copyright law is out of step with the views of the American public and the reality of music distribution online." The EFF has suggested instituting licensing fees, paid by manufacturers of MP3s and CD-ROMs. The fees would be doled out to artists based on usage. The RIAA dismissed the idea as one that would favor retransmission services and stifle innovation.
Internet News 1 July 2003

A new surveillance system being developed by the Defense Advanced Research Projects Agency has some scientists and civil libertarians concerned about potential civilian uses of the system. The Combat Zones That See project is intended to use software to analyze images from many thousands of cameras in an urban setting to identify cars, license plates, and even passengers. The goal is to protect U.S. forces in urban settings by spotting license plates on watch lists or discerning suspicious behavior. Despite assurances from the Pentagon that the technology is intended only for military uses, some observers have expressed concern that it could be used by civilian law enforcement agencies in a manner that intrudes on personal privacy. John Pike of GlobalSecurity.org said, "Government would have a reasonably good idea of where everyone is most of the time."
Washington Post 2 July 2003

"Unregulated Internet Usage: Addiction, Habit, or Deficient Self-Regulation?," a study of the online habits of 465 students in two Midwestern colleges, indicates that excessive Internet usage is linked to depression. Praised as a thoughtful inquiry into the origins of compulsive Internet use, the study finds that students typically use the Internet for about an hour and a half a day. Those who turn to the Internet initially to regulate mood and combat feelings of loneliness often can't regulate usage. The inability to regulate usage can intensify depressive moods and lead to further isolation. To work around the limitations of the notion of addiction as it applies to online habits, the authors employ the idea of deficient self-regulation to describe compulsive Internet usage. The study's findings are consistent with those for excessive use of conventional media, such as immoderate TV watching or reading too many trashy novels.
Chronicle of Higher Education 2 July 2003 (sub. req'd)

The California Supreme Court ruled that a former Intel employee did not violate trespassing laws when he sent e-mail messages to current Intel employees. From 1996 to 1998, Kenneth Hamidi, a former Intel engineer who was fired after a workers' compensation dispute, sent six e-mail messages to Intel employees, directing them to a Web site he created that criticized Intel. In 1998, Intel received an injunction that barred Hamidi from sending messages to Intel employees. The California court overturned the lower court's injunction and rejected Intel's argument that the messages represented illegal trespassing to its computer systems. The trespass argument has been used by Internet service providers and companies to stop spam. Jeffrey D. Neuburger, a New York-based technology lawyer, said, "Everyone is trying to figure out ways to solve the spam problem, and this ruling doesn't help." Although the case attracted attention regarding free-speech and employee rights, the California court ruled only on the trespass issue.
New York Times 1 July 2003 (registration req'd)

A ruling from the Ninth Circuit Court of Appeals extends libel protections of the 1996 Communications Decency Act to "do-it-yourself" online publishers, including Web loggers (bloggers) and individuals who operate e-mail discussion lists. Cindy Cohn of the Electronic Frontier Foundation noted that commercial news outlets "have editors and fact-checkers, and they're not just selling information - they're selling reliability," whereas bloggers and the like are simply "engaging in speech." Also included in the court's ruling are those who maintain e-mail discussion lists, even when those people approve or reject content distributed on the list. As Cohn stated, the court effectively said "when it comes to Internet publication, you can edit, pick, and choose, and still be protected."
Wired News 30 June 2003

Legislation introduced by Sen. Dianne Feinstein (D-Calif.) would require businesses and government agencies to notify consumers when hackers break into corporate computer systems and steal their personal data, such as social security numbers and credit card information. The stipulations of the bill are in direct conflict with efforts by the Bush administration to keep such details hidden from the public, in the hope that hacking victims will notify the FBI and other government agencies when such incidents occur. The FBI director and some top U.S. prosecutors told technology executives recently that they will increasingly work to keep the secret the names of companies that fall victim to major hacking attacks. Consumer groups praised Feinstein's proposed legislation: "It's a really important step forward," said Chris Hoofnagle, deputy counsel at the Electronic Privacy Information Center. "Individuals do not have this right to notice now."
AP/CNN.com 30 Jun 2003

Television advertising has long relied on Nielsen ratings, which indicate how many viewers are watching a particular TV show, but not whether they're sticking around for the commercials, or heading off to the kitchen for a snack or channel-surfing to check on the baseball score. But the data service recently launched by TiVo offers a much more complete vision of what's happening in the home when the TV's on. It can track what viewers record, what they watch, when they change the channel and which commercials they skip. This ability to pinpoint viewer behavior has received a less than enthusiastic reception from advertisers. "This kind of information is the holy grail for marketers. But it's not the holy grail for advertising agencies and media companies, which have built an industry around the idea of getting a shallow message to a broad audience rather than a tailored message to a narrower one," says the chief strategy officer for interactive ad agency Avenue A. According to the TiVo data, genres like big-budget situation comedies (think "Friends") tend to have the lowest commercial-viewing rates because couch potatoes record them and skip through the commercials when they watch. Reality TV, news programs such as "60 Minutes" and "event" programming such as the Academy Awards do significantly better. With Forrester Research predicting that by 2007, more than half of American households will have either a personal video recorder such as TiVo or other on-demand services, advertisers will be forced get their heads out of the sand and come with a new business strategy.
Business Week Online 27 Jun 2003

Representatives of several federal agencies were under pressure at a hearing of a House of Representatives subcommittee to explain why IT security at their agencies continues to lag behind where legislators expect it to be. Laws including the Federal Information Security Management Act and the Government Information Security Reform Act require agencies to take actions to improve IT security. Recent reports have shown, however, that progress has been slow. The State Department, for example, has reportedly certified none of its systems, only 15 percent of which have security plans in place. Only 26 percent of the systems at the Department of Agriculture comply with guidelines of the Office of Management and Budget. Adam Putnam (R.-Fla.), chair of the subcommittee, was not satisfied with the agencies' progress, saying, "There is very little indication that anyone takes the threat seriously."
Internet News, 25 June 2003

"Orwell's vision didn't come true, and I don't believe it will," Microsoft chairman Bill Gates said this week in a speech commemorating the 100th anniversary of the birth of George Orwell, the English author whose works included the dystopian novel "1984." That novel described a repressive society of the future dominated by a figure called Big Brother, whose image was displayed on screens throughout the land. Gates said that, contrary to Orwell's fears, "This technology can make our country more secure and prevent the nightmare vision of George Orwell at the same time... At a time of increased uncertainty about homeland security, computers must be available wherever and whenever we need them... Not so long ago, most people paid little attention to cybercrime, but today there's a broader recognition that IT security is vital to homeland security. We must build higher walls and stronger vaults, and government must continue to step up the priority given to this kind of crime while protecting the privacy of consumers."
AP/Los Angeles Times 25 Jun 2003

The Michigan Senate has passed an antispam bill that would create a do-not-e-mail list, similar to do-not-call lists and lists - maintained by some marketing organizations - of individuals who do not want to receive promotional mailings. Marketers would be required to consult the list and remove the names that appear on the list from any mass e-mailing. Under the proposed Michigan law, violators could face criminal penalties, including imprisonment, as well as civil penalties of as much as $250,000 per day that spam is sent. Observers noted that an opt-out list of e-mail addresses would be an extremely tempting target for spammers outside the jurisdiction of Michigan. To address that concern, one company said it has developed a one-way encryption system that allows marketers to check their lists against the opt-out list but not to discern the addresses in an unencrypted form.
CNET 25 June 2003

Representatives of several federal agencies were under pressure at a hearing of a House of Representatives subcommittee to explain why IT security at their agencies continues to lag behind where legislators expect it to be. Laws including the Federal Information Security Management Act and the Government Information Security Reform Act require agencies to take actions to improve IT security. Recent reports have shown, however, that progress has been slow. The State Department, for example, has reportedly certified none of its systems, only 15 percent of which have security plans in place. Only 26 percent of the systems at the Department of Agriculture comply with guidelines of the Office of Management and Budget. Adam Putnam (R.-Fla.), chair of the subcommittee, was not satisfied with the agencies' progress, saying, "There is very little indication that anyone takes the threat seriously."
Internet News 25 June 2003

Many San Francisco Bay Area libraries remain opposed to installing Internet filters, despite Monday's Supreme Court ruling that ties some federal funding to installing filters. Some librarians questions the efficacy of filters, noting that often they do not successfully block X-rated content but can block access to age-appropriate medical and sexual information. The portion of funding that some libraries receive from the federal government is relatively small, and many libraries wish to avoid the cost and hassle of installing filters and to continue to offer patrons access to all information. Susan Gallinger, director of the Livermore Public Library, said, "We just don't feel we as librarians need to be in the position of telling people what they should read, see, or hear." Bay Area libraries are pursuing different approaches to protecting children from inappropriate content, from installing filters that block pornographic Web sites in the children's reading section but not in the adult area to issuing "smart cards" to children with Internet access authorized by their parents.
San Jose Mercury News 24 June 2003

Now that public libraries must install Internet filters or risk losing federal funds, companies that make filters may be forced to soften their position of not revealing what sites they block, according to Judith Krug, director of the American Library Association's (ALA) Office for Intellectual Freedom. Krug said the ALA will encourage its members to choose only those filters whose makers agree to disclose their lists of blocked sites. Net Nanny, which does allow users to view and update its list of blocked sites, hopes to take advantage of the situation Krug described and have its software installed in many libraries. David Burt of N2H2, which keeps its list secret, said his company has invested millions of dollars in developing its list and believes keeping it private will not be a consideration for libraries newly installing filters. Of the institutions that have already installed N2H2 filters, Burt said, none has requested to see the list.
Wall Street Journal 24 June 2003 (sub. req'd)

US terror arrests to remain secret
The arrests follow the 11 September attacks on the World Trade Center. The names of hundreds of people detained since the 11 September attacks can be kept secret, a US federal appeals court has ruled. The decision overturns a federal court ruling that the names of those detained as part of anti-terrorism efforts since the 2001 attacks should be made public. More than 20 civil liberties groups had argued that their names should be disclosed under the Freedom of Information Act.
BBC News World Edition 17 June 2003

AP: 3,240 civilian deaths in Iraq
Associated Press
BAGHDAD, Iraq -At least 3,240 civilians died across Iraq during a month of war, including 1,896 in Baghdad, according to a five-week Associated Press investigation. The count is still fragmentary, and the complete toll - if it is ever tallied - is sure to be significantly higher. Several surveys have looked at civilian casualties within Baghdad, but the AP tally is the first attempt to gauge the scale of such deaths from one end of the country to the other, from Mosul in the north to Basra in the south. The AP count was based on records from 60 of Iraq's 124 hospitals - including almost all of the large ones - and covers the period between March 20, when the war began, and April 20, when fighting was dying down and coalition forces announced they would soon declare major combat over. AP journalists traveled to all of these hospitals, studying their logs, examining death certificates where available and interviewing officials about what they witnessed.
Posted on Wed, Jun. 11, 2003

The Department of Homeland Security has created a National Cyber Security Division - a 60-person unit that will operate under the Department's Information Analysis and Infrastructure Protection Directorate. The new division will build on existing expertise developed at the former Critical Infrastructure Assurance Office, the National Infrastructure Protection Center, the Federal Computer Incident Response Center and the National Communications System. "Most businesses in this country are unable to segregate the cyberoperations from the physical aspects of their business because they operate interdependently. This new division will be focused on the vitally important task of protecting the nation's cyberassets so that we may best protect the nation's critical infrastructure assets," said Homeland Security Secretary Tom Ridge in a statement.
CNet News.com 6 Jun 2003

A report written by a member of a CIA think tank argues that the agency's use of information technology is handicapped by a culture that treats technology as a threat rather than a benefit. In the report, "Failing to Keep Up With the Information Revolution," Bruce Berkowitz writes that the agency's focus on security prevents the CIA's Directorate of Intelligence "from applying information technology more effectively." Berkowitz points to a CIA database, the Corporate Information Retrieval and Storage (CIRAS) database, which the report states is the most-used database at the CIA. Compared to systems outside the CIA, he said, CIRAS is primitive. Because of the shortcomings of CIRAS, CIA analysts depend largely on an informal source network, according to Berkowitz, who characterized such an informal network as "exactly what the World Wide Web does in an automated fashion when it is combined with a search engine like Google or Alta Vista."
Internet News 29 May 2003

So-net, a subsidiary of Sony, will introduce versions of electronic movie files that include digital rights management (DRM) software to try to prevent unauthorized copying. The software breaks a movie file into many pieces and saves them in various locations on a user's hard drive. Part of the software then puts the pieces together in such a way as to allow the movie to be played smoothly. The intent of such a system is to prevent users from simply making copies of the movie. Secondarily, the DRM software imbeds code into movie files that causes them to self-destruct after a specified period of time. Even if a user is able to assemble the pieces of the movie to make a copy, the file will stop working automatically. So-net will test the system in Japan soon, and Walt Disney will conduct tests of a similar program in the United States.
ZDNet 30 May 2003

Internet high school? The nonprofit Christa McAuliffe Academy in Yakima, Washington, has 15 certified teachers guiding 400 students. The students typically take two courses at a time for 50 weeks a year. Students work at their own pace, and each student is assigned a teacher-mentor. Ian Blomgren, the academy's founder, says of his former experience teaching in a traditional school: "I thought there had to be a better way of teaching individual students. We were doing a good job with the lower students and a good job with gifted students, but the vast majority were just sliding through the cracks." The only problem seems to be a social one. One new graduate, who completed his studies by age 15 and is now entering Millersville University, says: "I'm getting tired of being home all the time. I'm looking forward to being in a classroom again at Millersville."
AP/USA Today 30 May 2003

The University of Calgary is drawing fire for its decision to offer a class next fall in "Computer Viruses and Malware," giving students the opportunity to perfect their virus-writing skills. Ken Barker, head of Calgary's computer science department, defends the decision, saying the class will enable students to better understand the motivations of crackers who are responsible for the proliferation of malicious attacks against corporate networks and personal computers. "Somebody who is suggesting we are doing enough really has their head in the sand," says Barker. In response to concerns that the students' work could lead to more cracking incidents, school officials say they've taken extra precautions, with plans to use a closed network and prohibitions on students removing disks from the lab, which will be secured 24 hours a day. But it's the financial consideration that likely will keep students focused on preventing viruses rather than proliferating them, says Barker. "They are not really employable as virus writers," he notes.
CNet News.com 27 May 2003

Jay Walker, who made his fortune by inventing Priceline.com, is working on a new brainstorm that addresses the timely issue of homeland security. The premise behind USHomeGuard is simple: use webcams at the 47,000 "critical infrastructure facilities" that are at risk, enabling ordinary, online Americans to help monitor the sites from their homes. If a person spots a potential terrorist - a hooded man trying to scale a power plant fence, for instance, or a panel truck parked next to a reservoir - on-site security could be alerted with the click of a mouse. Walker suggests that work-at-home monitors could be reimbursed at up to $10 an hour, paid by the government agencies and companies that need the service. "We like to think of USHomeGuard as a digital victory garden," says Walker. "It lets people be part of the solution." A spokesman for the Department of Homeland Security says federal officials have not done any "serious evaluation" of the proposal, adding that the agency isn't currently contemplating any strategies that rely on Internet surveillance. Meanwhile, law enforcement officials worry that such a system would generate too many false alarms. "People get suspicious easily, and this could quadruple our call volume," says Capt. Joe Carrillo of the San Jose Fire Department. "The idea is really good. But the timing is really bad," he added, alluding to California's current budget crisis.
AP/CNN.com 27 May 2003

Various ongoing scientific projects are working to find replacements for the still-controversial polygraph test as a way of deciding whether someone is lying or telling the truth. One of those projects: a University of Pennsylvania biophysicist is testing a headband that uses near-infrared light emitters and detectors to monitor blood-flow changes in the brain. Another: a psychologist is using MRI technology to scan the brains of volunteers told to give false answers to questions they are asked. See www.nap.edu/books/0309084369/html for a report by the National Academy of Sciences on lie detectors. The new approaches are being met with the same kind of criticism aimed at polygraph tests, plus a new twist. University of Maryland physicist Robert Park, a long-time critic of polygraphs, says: "There's only one thing worse than a lie detector that doesn't work, and that's a lie detector that does work. It's the last invasion of privacy that you can imagine, and it frightens me that we seem to be almost able to do it."
AP/USA Today 23 May 2003

While the battle against spam intensifies, the Direct Marketing Association has just released figures showing that commercial e-mail advertisements generated more than $7 billion in sales last year. The DMA's study is intended to bolster its claim that commercial e-mail plays a significant role in the U.S. economy. According to the report, about 36% of e-mail users, or 21% of all adult Americans, have purchased a product or service as the result of receiving commercial e-mail over the past year, with purchases valued at an average of $168. About 9% of these e-mail users said they made their purchases as the result of unsolicited commercial e-mail.
Wall Street Journal 22 May 2003
http://online.wsj.com/article/0,,SB105358168385262900.djm,00.html (sub req'd)

This week the Pentagon continued recent efforts to address negative public reaction to its data-mining project. The Defense Advanced Research Projects Agency, which oversees the project, submitted a report to Congress about some of the details of the project, which the report said remains in very early stages of development. According to the report, “safeguarding the privacy and civil liberties of Americans is a bedrock principle.” The report also pointed out that the project’s name has been changed from Total Information Awareness to Terrorism Information Awareness. Opponents generally were not swayed by the report. Lee Tien of the Electronic Frontier Foundation said, “After more than a hundred pages, you don’t know anything more about whether TIA will work or whether your civil liberties will be safe against it.” Lori Waters of the Eagle Forum, a conservative political organization, said the TIA is based on the idea that “anybody is guilty until proven innocent in America.”
Wired News 21 May 2003

Tom Ridge, secretary of the Department of Homeland Security (DHS), told Congress this week that the agency continues to have difficulty exchanging information with other agencies. After the September 11 attacks, questions were raised about why the CIA did not share its watch list, which included two of the hijackers, and why a report from an FBI field agent about non-citizens taking flying lessons was also not shared. Ridge told members of the House Select Committee on Homeland Security that DHS has not worked out technical issues for sharing information or resolved who should be on a watch list. Rep. Jim Turner (D-Tex.) had harsh words for Ridge and DHS’s performance so far. Turner said DHS was created to “connect the dots” of intelligence but that he was unconvinced that the department was effectively doing this.
Federal Computer Week 21 May 2003

E-mail marketer Ronald Scelson appeared this week before the U.S. Senate Commerce Committee and said the federal government should pass strict anti-spam legislation. Such a move, he said, would allow his compnay to become legal. Scelson said his mass e-mails used to include return addresses and opt-out choices but that heavy-handed filtering has necessitated masking tactics typical of many spammers. Scelson told the committee that he obtained all the addresses on his lists legally, including AOL’s entire customer directory, which he said he purchased. Secelson said federal regulations would distinguish legitimate e-mail marketers like himself from those dealing in pornograpy or online scams. Scelson urged the committee to hold Internet service providers (ISPs) responsible for overzealous filtering because, he said, users should be in control of what e-mail they receive, not the ISPs.
Internet News 21 May 2003

In its ongoing struggle to protect the identity of some of its users, Verizon Communications has won support from academic-library and other academic groups. The Recording Industry Association of America has subpoenaed Verizon to reveal the identities of suspected music pirates, citing a provision of the Digital Millennium Copyright Act. Many in the academic community worry about the repercussions if the subpoena is upheld. If it is, they fear the recording industry could make similar demands for the identities of students thought to be using campus networks for illegally trading files. Supporters of Verizon in the case object to the fact that the law allows subpoenas to be issued without judicial review and without proof that the individual being sought is guilty of the allegation.
Chronicle of Higher Education 19 May 2003

The U.S. Treasury Department has issued final rules regarding the Customer Identification Program (CIP), part of the USA Patriot Act. CIP regulations require banks and other financial institutions to collect certain information about customers, verify the information, and compare it to lists of terrorists and terrorist organizations. Affected institutions will have to develop processes for collecting and managing the required information, ensure that institutional policies meet the letter of the new rules, and train employees on the new procedures. The Securities Industry Association expressed concern last fall that financial institutions have enough time to adapt to the new rules, and the government then decided to give companies until October 1 for full compliance. The Securities and Exchange Commission (SEC) has also enacted new rules concerning electronic communication with customers. Securities firms must now maintain a log of all electronic communication for six years. Although the SEC's rule is not specific, one observer suggested that firms must keep a complete record not only of e-mail but also of instant messages to be in compliance with the new rule.
ComputerWorld 2 May 2003

Despite the best efforts of the music industry, file-swapping services like Kazaa and Morpheus just keep getting bigger. But that doesn’t mean music piracy is burgeoning out of control; instead, file-swappers increasingly are trading in smut. A February survey showed that 42% of all Gnutella users were seeking blue images and movies, a phenomenon that Greg Bildson, COO of LimeWire, a leading maker of Gnutella software, refers to delicately: “We’re about all different kinds of content sharing.” Wayne Rosso, president of Grokster, is a little more blunt: “Porn - there’s a ton of it being traded around.” The surge in p*rn-trading has some smut-peddlers considering RIAA-type retaliations against the Gnutellas and Kazaas of the world. Like the movie executives, they blame the free services for their falling revenues. “The explosion of free p*rnography, fueled by file sharing, has diminished interest in pay sites,” warns one veteran p*rn industry observer. Meanwhile, some businesses have taken a more collaborative approach. “We love file trading. Why? It’s called greed. We’ve found a way to monetize that sharing,” says the sales director for Triple X Cash. His company embeds hidden links in video clips and sends them out on file-sharing networks. When a file-swapper downloads a clip and clicks somewhere in the video’s frame, he’s taken to one of Triple X’s sites. The company gets 25 to 40 “joins” - $30 monthly subscriptions - per day from this technique. “The record industry should have taken a cue from the p*ornographers,” says Grokster’s Rosso.
Wired.com 30 Apr 2003

As efforts to tackle junk e-mail ramp up, unscrupulous spammers increasingly are hiding their identities by taking over innocent users’ accounts using e-mail messages that resemble computer viruses. Like many other viruses, these programs exploit weaknesses in Microsoft’s popular Outlook e-mail package. One of the first hijacking programs to emerge was called “Jeem,” which contained a hidden e-mail engine that enabled it to route messages via the infected computer. Another, called Proxy-Guzu, comes as a spam message with an attachment. When the unsuspecting recipient clicks on the attachment, the computer contacts a Hotmail account and transmits information about the infected machine, making it possible to route e-mail through that machine. “Spammers are beginning to use virus-like techniques to cover themselves,” says Larry Bridwell, content security programs manager at ICSA Labs. “Spam is one of the two things that the security industry is going to be asked to deal with. The other is adware or spyware.”
BBC News 30 Apr 2003

Four college students who were sued by the Recording Industry Association of America for downloading music without paying for it have now agreed to settle the lawsuits by paying $12,000 to $17,000 each. The students were charged with using their campus networks to provide fellow students with illegal copies of popular music. One of the students, Daniel Peng of Princeton University, said in a statement: “I don’t believe that I did anything wrong. I am glad that the case been settled amicably, and I hope that, for the sake of artists, the larger issues can soon be resolved.” His lawyer adds: “This suit is about the industry’s attempt to intimidate Internet users and instill fear of lawsuits against users of the Internet, particularly students. They need to find some other way to protect their economic interests than bringing suits against bright creative young people.”
New York Times 2 May 2003

In response to concerns by law enforcement officials that criminals can use Internet telephony to avoid court-approved wiretaps, Cisco Systems has developed a way for police to monitor Internet-based phone calls without detection. The company says it is building the capabilities into a limited number of its new products, though none have been sold as yet. The monitoring service includes an auditing mechanism by a third-party provider, in order to ensure that the surveillance complies with all laws governing interception of communication.
AP/USA Today 1 May 2003

Researchers participating in a recent ACM conference on privacy in an electronic society have described how automated order forms on the Web could be exploited to send tens of thousands of unwanted catalogs to a business or an individual. The resulting deluge not only would pose an inconvenience to the victim, but likely would swamp the local post office charged with delivery, said Avi Rubin, technical director of the Information Security Institute at Johns Hopkins University. "People have not considered how easily someone could leverage the scale and automation of the Internet to inflict damage on real-world processes." Using Google to locate online order forms and simple software to fill in fields such as "name" and "address," "it could be set up to send 30,000 different catalogs to one person or 30,000 copies of one catalog to 30,000 different recipients," said Rubin. The technique could also be used to exploit the increasingly common Web-based forms used to request repair service, deliveries or parcel pickups. Rubin and his fellow researchers suggested Web sites could take steps to prevent such attacks, including setting up online forms so that they cannot easily be picked up by a search engine, or using HTML coding to create an online form so it no longer contains easily recognized field names, such as "name." Another strategy could be to include a Reverse Turing Test - a step in each form that requires human input.
Science Daily 1 May 2003

Attorneys general from 40 states and the District of Columbia have raised objections to two recently proposed federal anti-spam laws. The CAN-SPAM Act and the Reduction in Distribution of Spam Act, said the states, would result in more spam, not less, because the federal statutes would overrule state laws, many of which are already more restrictive than the proposed federal laws. Twenty-seven states have already enacted anti-spam legislation. Federal lawmakers argue that a federal anti-spam law is needed to avoid the confusion and difficultly in enforcing a patchwork of laws that vary from state to state. Robert Wientzen, president of the Direct Marketing Association, which supports the CAN-SPAM Act, said, "The Internet is not a place to make a states' rights argument."
Washington Post 30 April 2003

Lawmakers in Virginia this week approved legislation that makes sending "fraudulent" e-mail a felony, punishable by up to five years in prison and loss of revenues and assets connected to the e-mail activity. Fraudulent e-mails are those that deceive consumers, either with bogus return addresses or that are sent through hijacked servers, masking their true source. The law applies to spam that is sent either to or from Virginia. Because the state is home to many of the largest Internet providers, including America Online, legislators hope the law will significantly improve the problem of spam. Mark R. Warner, the governor of Virginia, said that many spammers consider the civil fines to be "just a cost of doing business" and that he hopes the criminal penalties will discourage spammers from continuing to send unwanted e-mail.
New York Times 30 April 2003 (registration req'd)

Representative Zoe Lofgren (D-Calif.) plans to introduce the Restrict and Eliminate Delivery of Unsolicited Commercial E-mail (REDUCE) Spam Act to address the growing problem of unsolicited e-mail. REDUCE differs from recently introduced bills in that it would pay a bounty to persons who report spammers. Lawrence Lessig, a Stanford University law professor and cyberlaw author, is so certain that the bounty approach will help reduce spam that he's betting his job on it. Lessig believes bounty-based legislation will work "because prosecutors have better things to do than tracking down spammers." Bounties, however, will make sending spam too costly. With a reward of 20 percent of the civil fine levied by the Federal Trade Commission against the spammer or up to $10 per e-mail, those who report spam violations could net thousands of dollars. To avoid fines, the bill would require spammers to label spam as "ADV:" or "ADV:ADLT" for adult content, provide a valid opt-out feature, cease sending e-mail when a person opts out, and refrain from sending e-mail with deceptive routing information or subject headings.
PCWorld 29 April 2003

President Bush has signed legislation that outlaws "virtual child pornography"--computer-generated images of children engaged in sexual acts--and the use of misleading domain names to lure children to adult Web sites. A provision in the Children's Internet Protection Act that outlawed virtual child pornography was struck down as unconstitutional by the Supreme Court. The two provisions were part of a larger bill, called the Amber Alert bill, that addresses a range of issues related to abuse and exploitation of children. Some lawmakers expressed concern that these provisions could criminalize sexually oriented art or certain safe-sex Internet resources. Rep. Mike Pence (R-Ind.), one of the sponsors of the misleading domain name provision, said he tried to write the law in such a way as to ban false advertising rather than restrict speech.
Washington Post 30 April 2003

Madonna and Warner Music Group decided to play a trick on music pirates and hackers responded by defacing her Web site and offering yet-unreleased songs for downloading. It all started when Madonna lent her voice to a popular antipiracy technique. "Decoy" files purportedly carrying her new songs were uploaded onto peer-to-peer file-sharing services, but when unsuspecting fans downloaded them, they heard Madonna saying "What the f*** do you think you're doing??" While some music fans got angry, others saw a creative opportunity and the now-infamous phrase is turning up in dozens of remixes and the computer-aided musical collages called mashups. "Madonna was trying to put one over on the kids - and they in turn wanted to let her know that she's not in as much control as she thinks she is," says TechTV's Morgan Webb.
CNN.com/Reuters/Hollywood Reporter 28 Apr 2003

U.S. District Court Judge John Bates has reaffirmed his previous ruling requiring Verizon to reveal to the Recording Industry Association of America (RIAA) the names of two Verizon customers accused by RIAA of illegally downloading hundreds of copyrighted songs from the Internet. The ruling will probably be appealed to the U.S. Supreme Court, with Verizon asserting that the subpoena is invalid, since it relies on the Digital Millennium Copyright Act (DMCA), yet falls outside the scope of DMCA, which does not cover material that is merely transmitted over a network, and not stored on it. Verizon is asserting that the protection of its customers' privacy takes precedence over the subpoena that was issued.
Internet.com 25 Apr 2003

The E-mail Service Provider Coalition (ESPC), a consortium of online marketers such as DoubleClick and iMakeNews, is launching what it calls Project Lumos, which will provide a way for high-volume e-mail senders to have their mailings certified by ESPC to ensure they follow ethical practices. Under Project Lumos there will be four levels of accountability: certification to ascertain the mailer's identity; standardization of all sender info including identification and trackability; proof of sender ID in the SMTP message header; and various performance monitoring activities. The project seeks to accommodate the interests not only of the receivers of commercial e-mail, but also those of the senders of such mail. According to ESPC, "E-mail is indeed a killer app and has been a major component in the productivity and efficiency gains of the digital economy. But those gains will be lost if e-mail becomes unreliable as a communications tool. Businesses will not be able to use e-mail if they cannot have a reasonable assurance that their messages will be delivered."
ComputerWorld 24 Apr 2003

In a move aimed at bolstering its search and online advertising programs, Google has acquired Applied Semantics, a four-year-old firm that offers technology that understands, organizes and extracts information from Web sites. Google plans to use Applied's AdSense product to deliver text advertisements to Web pages based on keyword relevance to the page. The acquisition puts a damper on Applied's partnership with Overture, Google's chief rival in commercial search and navigation on the Web. Applied has been working with Overture to serve pay-per-click ad links to pages owned by various domain name registries any time a Web surfer types an unregistered domain name of one of the registries into the navigation bar. Applied boasts a click-through rate of about 50% on many of the listings. In addition, Web publishers, such as USAToday.com, use AdSense to push text-only ads onto news pages that are related in some way to the ad. SearchEngineWatch.com editor Danny Sullivan says Google's acquisition of Applied sounds the death knell for its contract with Overture. "Overture is not a Google partner like Yahoo or AOL. These two companies fight to win over potential partners. As soon as Applied can get out of its contract, it will sever the relationship with Overture."
CNet News.com 23 Apr 2003

Researchers at the Center for Democracy and Technology have competed a study that seeks to answer the question: how do spammers find you? They found that e-mail addresses posted on Web sites or in newsgroups attract the most spam, because spam-mongers use harvesting programs such as robots and spiders to collect e-mail addresses listed in those places. So if you've ever provided your e-mail address as part of an eBay transaction, or responded to an online job listing, or participated in a discussion board, it's likely that your e-mail address is now making the rounds on junk e-mail lists. One way to avoid the harvesting in the first place, says the team, is to replace characters in an e-mail address with human-readable equivalents -- for example jane@domain.com would become jane at domain dot com. Another successful evasion technique is to replace the characters in an e-mail address with the HTML equivalent. Over the course of the six-month study, 97% of the spam was sent to addresses that had been posted on public Web sites, especially those that were linked to major portals such as AOL and Yahoo.
BBC News 24 Apr 2003

Fearing prosecution under a new Michigan law, a graduate student at the University of Michigan at Ann Arbor has relocated his research to a Web server in the Netherlands. Niels Provos, a German citizen, is conducting doctoral research in steganography, which involves developing software that can find concealed messages in image files and prevent messages from being detected. The law, which Provos says is extremely broad, prohibits technology that can "conceal the existence or place of origin or destination of any telecommunications service." Visitors to Provos's site are now asked if they are residents of the United States. Unless they answer No, they are not admitted. Provos said the law should be changed to allow researchers to work without risking prosecution. In the meantime, he said, he will do what is necessary to comply with the law.
Chronicle of Higher Education 23 April 2003

The Electronic Privacy Information Center (EPIC) and 10 other organizations this week petitioned the Federal Trade Commission (FTC) to investigate Amazon.com for allowing children under 12 years of age to post product reviews on the company's Web site without parental consent, which would violate the Children's Online Privacy Protection Act (COPPA). According to EPIC, some of the reviews posted included personal information about the children. EPIC said the company does not have adequate procedures to monitor reviews for compliance with COPPA and that the designated "Kid's Review Form" did not work properly. Amazon denied the allegations, and some observers suggested that EPIC's action is designed to prompt COPPA compliance from smaller retailers by targeting one of the largest. The FTC, which has fined other companies for COPPA violations, will review the new complaint but did not give a timetable for that review.
Internet News 23 April 2003

People's anxieties and fears over e-mail etiquette have given rise to a new term: pre- and post-mail tension (PPMT). A major problem is that as many as half of all e-mail users fail to properly understand all the nuances of personal messages, and blame the resulting confusion for arguments and even relationship break-ups. "E-mail is a great way to make contact with people and maybe develop a romance. The problem of PPMT we have revealed by these statistics is caused not by e-mail itself, but how people let their anticipation and expectation get the better of them," says Helen Petrie, professor of human computer interaction at London's City University. A survey by Yahoo! Mail showed that people can become obsessed with "inbox expectations" -- constantly checking their e-mail inbox to see if a message has been answered. Sixty-four percent of respondents in that survey reported problems concentrating at work if they were waiting for a reply to a specific e-mail, reinforcing the impression that e-mail is contributing to workplace "cyber-slacking."
Silicon.com 18 Apr 2003

AT&T has been trying to get reimbursement for long-distance phone calls made by fraudulently hacking into the voicemail systems of the victims and re-routing international collect calls placed as part of the scheme. The calls were typically placed when the businesses were closed, and were received by voicemail systems reprogrammed by the vandals to respond with the answer "yes" to the automated AT&T query about whether the customer agrees to accept charges for the call. Linda Sherry of Consumer Action calls AT&T's demand that the victims of the fraud pay for the fraudulently placed calls "outrageous."
New York Times 21 Apr 2003

A group of parents in California may sue the owners of the Web site schoolscandals.com, which provides links to about 100 southern California sites that allow students to post gossip and make remarks about other students. One woman in the group says, "That kid who said that awful thing is just a stupid adolescent. But who is allowing him to do it? All the adults." Ken Tennen, a lawyer for the site, describes it as a nonprofit, opinion-based message board that is operated by students, and says "People really don't understand that a bulletin board system like schoolscandals.com exposes into the light of day the way that kids actually talk to each other, whether it is on the playground, in the locker room, on the sports field or hanging around the mall." Wendy Seltzer of the Electronic Frontier Foundation says only sites that retain the right to edit their content (e.g, newspaper sites) may be sued for defamation.
AP/USA Today 18 Apr 2003

Just two months after Howard Schmidt replaced Richard Clarke as the cybersecurity adviser to the White House, Schmidt announced he will step down from the position at the end of the month. Schmidt played a key role in developing the recently released cybersecurity strategy document, and he was reportedly working to become the cybersecurity adviser to the new Department of Homeland Security (DHS). Those plans apparently fell through, and Schmidt's departure leaves a leadership vacuum in what some consider an extremely important aspect of homeland security. Clarke said that not having a cybersecurity adviser at the DHS "reflects a total lack of intellectual understanding of the issue." Responsibility for cybersecurity currently lies with the assistant secretary of infrastructure protection at DHS, a position that some say is so broad that it cannot pay sufficient attention to the issue of cybersecurity.
Washington Post 18 April 2003

The Department of Homeland Security (DHS) has named Nuala O'Connor Kelly as its first privacy officer. Prior to her current role as privacy officer and chief counsel for the Department of Commerce's Technology Administration, she was the privacy officer for online ad firm DoubleClick. As part of the DHS's creation last year, Congress mandated a privacy officer to protect U.S. citizens' privacy rights. Congress and privacy rights' advocates have expressed concern over programs O'Connor Kelly will oversee, such as the Computer Assisted Passenger Prescreening System II (CAPPS II) and the Pentagon's Total Information Awareness (TIA) program. CAPPS II, currently being tested by Delta Airlines, assigns a color-coded threat level to travelers and runs background screenings that can include credit, banking, and criminal background checks. Congress has temporarily blocked funding for TIA, a data-mining program that seeks to track and capture potential terrorists through "information signatures."
Internet News 17 April 2003

Attendees at a meeting of state attorneys general focusing on developments in Internet law spent considerable time discussing the need to protect against identity theft. Lawmakers have introduced bills to help curb identity theft, although none has yet passed in Congress. Also, the Federal Trade Commission has censured several companies whose security it deemed inadequate. Of particular concern to consumers is the theft of personal information from large databases, such as those maintained by banks and credit bureaus. In one case, three people were accused of stealing personal information on 30,000 people from one of the big three credit reporting agencies.
Wired Magazine 17 April 2003

A glitch on the CNN.com Web site accidentally made available draft obituaries written in advance for Dick Cheney, Ronald Reagan, Fidel Castro, Pope John Paul II and Nelson Mandela. "The design mockups were on a development site intended for internal review only," says a CNN spokeswoman. "The development site was temporarily publicly available because of human error." The pages were yanked about 20 minutes after being exposed.
CNet News.com 17 Apr 2003

Cyberstalking -- stalking people over the Net -- is increasing across the U.S., according to a new study by Wired Safety. And while women remain the most likely targets, they're getting into the act as perpetrators, too. In addition, growing numbers of children are cyberstalking children. "We didn't find much good news," said Wired Safety executive director Parry Aftab. "Identity theft is increasing. And because more people are cyber dating they become victims of cyberstalking when things don't work out." Aftab expressed concern over a recent court ruling that compelled Verizon to turn over the name of an ISP subscriber under the subpoena power of the Digital Millennium Copyright Act. "This is an outrageous and dangerous ruling. It was supposedly about music piracy, but the result of the case is that anyone can obtain personal information about any Internet user by simply filling out a one-page form and submitting it to a court clerk. There is absolutely nothing you can do to protect yourself, even if you are a police officer doing undercover work against sexual predators. The future safety and privacy of all Americans engaged in online communications now rests with Verizon winning this case on appeal."
Internet News 18 Apr 2003

There is no federal law banning governing spam, so the Federal Trade Communications is invoking laws against business fraud to file a lawsuit against Brian Westby of Missouri, whom it charges with netting $1 million from his Internet pornographic e-mail campaigns using fake subjects such as "What is wrong?" and "Fwd: You may want to reboot your computer." The FTC says that more than a third of the 120,000 pieces of pornographic spam it receives each day from displeased spam recipients is accounted for Westby's activities.
Washington Post 18 Apr 2003

Another spam story. Richard Alston, Australia's minister for communications and information technology, says that Internet spam "is now completely out of hand" - "no longer a nuisance but costly, disruptive and a threat to IT systems." He therefore will propose to that country's federal parliament legislation that would ban unsolicited commercial Internet messages and impose substantial fines on Australian spammers. Estimates of lost time and productivity are $960 per employee bombarded with e-mail messages offering black market drugs, pornography, Nigerian money laundering schemes, and other such unwelcome material.
The Age, Australia, 17 Apr 2003

Although computers have up to this point been spared a major cyberattack from terrorists or rogue nations, there have been plenty of smaller acts of vandalism by individual troublemakers. The Computer Emergency Response Team (CERT) tracked 52,658 online security incidents in 2001, more than double the number reported in the previous year, and more than four times the number reported the year before that. Figures for 2002 are not yet available.
Reuters/USA Today 16 Apr 2003

A study by the Council for Excellence in Government and Accenture shows that although Americans increasingly use online government services, they are concerned that their privacy may be compromised as a result. According to the study, more than 60 percent of U.S. Internet users want to use e-government for activities such as filing a change of address or renewing a driver's license. Nearly 45 percent think the government will be able to better serve them if they submit personal information to government Web sites. Yet roughly the same number believe that providing such information puts them at risk for security and privacy violations. More than half think e-government will help homeland-security efforts and condone the government's searching its existing databases for terrorist-related information. More than two-thirds of current e-government users said that governmental transactions are easier because of e-government, and a majority of those believe its benefits will increase over the next decade.
Internet News, 15 April 2003

Senators Conrad Burns (R-Mont.) and Rick Wyden (D-Ore.) have introduced the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003. The bill would require e-mail marketers to use valid return addresses and to remove names of users who requested to be removed from e-mail lists. Also included in the bill are increased powers for law enforcement agencies to prosecute spammers who try to skirt the regulations. Companies including AOL, Yahoo, and eBay support the measure. As the problem of unwanted e-mail has ballooned, federal efforts to control spam have also won the backing of major marketing organizations, including the Direct Marketing Association and the National Advertising Initiative's e-mail service provider coalition.
Internet News, 11 April 2003

The USA PATRIOT Act grants federal authorities broad access to library records, and many librarians across the country are taking steps to oppose and to limit the impact of the legislation. In Monterey Park, Calif., all public computers have notices taped to their screens stating that anything read on that computer can be seen by federal agents. Other libraries have decided to destroy records of what books are checked out by which library patrons, and some libraries have halted plans to implement systems that track user preferences to notify users of new books of possible interest. The American Library Association officially opposes the legislation and is working to have it repealed, as are a number of state library associations. Still, some librarians support the law, while others report that it has not affected how their libraries conduct their affairs. Peter Persic, a spokesman for the Los Angeles Public Library, said, "It's business as usual here. We have not had complaints about it."
Washington Post, 10 April 2003

A federal judge has dismissed a lawsuit brought by a Harvard University law school student to test the Digital Millennium Copyright Act (DMCA). Benjamin Edelman asked the court to prevent Internet-filtering company N2H2 from suing him if he circumvented the company's encryption to see the list of Web sites their filters block. The DMCA forbids such circumvention, and opponents of the law have argued that it impedes research into encryption and other technologies. Federal Judge Richard G. Stearns disagreed that Edelman's research interests outweigh N2H2's right to protect its copyrighted property. The judge said, "The court has no inkling of the exact dimension of the research that Edelman proposes to undertake and doubts that Edelman does either."
Chronicle of Higher Education, 10 April 2003

Senators Conrad Burns (R-Mont.) and Ron Wyden (D-Ore.) have introduced legislation that seeks to cut down on junk e-mail by requiring Internet marketers to provide legitimate return addresses on their e-mail and to honor consumers' requests to be taken off e-mail distribution lists. "This bill will help to keep legitimate Internet traffic and e-commerce flowing by going after those unscrupulous individuals who use e-mail in annoying and misleading ways," said Wyden in a statement. The bill would not allow individuals to sue spammers directly, but would require that state attorneys general sue on their behalf. The Federal Trade Commission could also fine violators, and ISPs could block spammers from their networks. The average U.S. Internet user received more than 2,200 spam messages last year, according to Jupiter Research, and the UK government said last month that spam now accounts for 40% of global e-mail traffic. A similar bill sponsored by Burns and Wyden cleared the Commerce Committee last year, but was not taken up for a vote in the Senate. "Now it's time to move forward. This legislation has been on hold for too long," says Burns.
Reuters 10 Apr 2003

Complaints about fraudulent schemes perpetrated over the Internet tripled in 2002 from the previous year, with the most common grievance being auction fraud, followed by non-delivery of promised merchandise, credit card fraud and fake investments. According to a report from the Internet Fraud Complaint Center, which is run by the FBI and the National White Collar Crime Center, the 48,252 complaints referred for prosecution in 2002 represent only a fraction of the crimes authorities believe are occurring. The center also received almost 37,000 other complaints that did not constitute fraud, but involved such things as spam, illegal child pornography and computer intrusions. The report says 80% of known fraud perpetrators and about 71% of complainants are male. Fraud complaints originated in all parts of the country, with a third coming from California, Florida, Texas and New York. One of the most persistent scams described in the report is the infamous "Nigerian letter," which urges victims to pay an upfront fee (characterized as a bribe to the government) in order to receive non-existent funds from the "Government of Nigeria." There were 16,000 complaints related to that scam in 2002, up from 2,600 in 2001.
AP 9 Apr 2003

Richard Clarke, the former cybersecurity advisor to President Bush, this week told Congress that more resources must be allocated to the Department of Homeland Security (DHS) to implement the president's plans. Clarke stressed the dangers posed by cyber-terrorists and called on the government to establish a National Cybersecurity Center and to create the position of federal chief information security officer. Michael Vatis, former director of the National Infrastructure Protection Center, also testified and reiterated many of the points Clarke made. Vatis said that because of the recent restructuring and inadequate provisions of the new department, the federal government is less prepared to deal with cyber threats than it was a year ago. Clarke offered a list of recommendations for improving the DHS's readiness for cyber threats. David Wray, spokesman for the DHS, said the department still has many open positions, including in the cyber division, and said the DHS is appropriately structured to handle threats.
Washington Post, 8 April 2003

A new Web site has been unveiled to help municipalities across the United States deal with disasters and other emergency situations. DisasterHelp.gov includes maps and other geographic information system data, tools for secure online chats among emergency response personnel, and links to 17 nongovernmental assistance agencies and to 27 federal disaster help sites. Later this month a Disaster Management Interoperability Services tool kit will be available on the site. The tool kit will allow police, fire, and ambulance units to communicate through the portal in times of disasters. Currently those groups have difficulty communicating because they use a variety of equipment, not all of which is compatible, and different radio frequencies. The site was created by the Federal Emergency Management Agency and 26 partner agencies.
ComputerWorld, 8 April 2003

Members of the Trusted Computer Platform Alliance this week announced that the alliance has been disbanded and promptly reformed into the Trusted Computing Group. Whereas the older organization was focused largely on standards, the new group adds to that a marketing arm to try to introduce its standards into every conceivable computing device. Although the group will push hard for adding security technology to computer hardware, a move strongly supported by the entertainment industry, the group said it is not motivated by such urging from record and movie companies. A spokesman for the Trusted Computing Group said that "security on a platform can only get so good with software-only solutions." Some privacy advocates expressed concern that the types of technologies the group endorses will not adequately protect individuals' privacy, though Geoffrey Strongin of Advanced Micro Devices (AMD), one of the group's members, argued that adding security components to hardware will actually increase privacy protections. The five founding members of the group are AMD, Hewlett-Packard, IBM, Intel, and Microsoft.
ZDNet, 9 April 2003

Senator Dianne Feinstein (D-Calif.) has introduced legislation known as the Privacy Act of 2003 (S.745) to safeguard privacy rights and help prevent the increase in identity theft and other abuses of personal information. The bill seeks to establish a national standard to protect Social Security numbers, driver's licenses, and health and financial information. For highly sensitive information, an opt-in system would require companies to obtain explicit permission before selling, licensing, or renting individuals' personal information to third parties. For less sensitive information, companies must grant individuals the right to opt-out of having their information collected, sold, or marketed. The sale or display of Social Security numbers to the public would by prohibited; however, businesses could share these numbers with other each other and with the government. Feinstein said that the fundamental right to privacy "only will remain vital, if we take strong action to protect it."
Internet News, 3 April 2003

According to a report from Internet Security Systems Inc. (ISS), computer security incidents and attacks on businesses worldwide increased by 84 percent between the fourth quarter of 2002 and the first quarter of 2003, amounting to 752 incidents compared to 101. Mass-mailing worms contributed to the dramatic rise, with incidents ranging from the relatively harmless to the much more damaging Slammer worm. Retail businesses were hardest hit, with 35 percent of attacks, financial services with 11.5 percent, healthcare and manufacturing with 9 percent each, and the government with 1 percent. The report found that "suspicious activities," such as scanning networks for vulnerabilities, accounted for nearly three-quarters of attacks and that a quarter of security breaches occurred on Fridays or on the weekend. Pete Allor of ISS said, "What we're seeing out there is a lot more folks being extremely active and a lot more malicious behavior." The report advises businesses to identify those among the plethora of security threats that pose the greatest risk to their particular business.
IDG, 3 April 2003

In the event of a terrorist attack, Londoners might receive text-message warnings and instructions on how to deal with the threat via their telephones. Nick Raynsford, chair of the London Resilience Forum (set up to prepare the capital for attack), testified before the House of Commons Defence Committee that a text-messaging system was being developed to contact business leaders in the event of a terror attack on London to ensure that they knew what to do in response.
BBC, 2 April 2003

Speaking at the Secure E-Business Summit this week, Howard Schmidt, acting chairman of the federal government's Cybersecurity Board, said officials from government and the private sector are working to develop guidelines for notifying the government in cases of cybersecurity incidents. Many such incidents are not reported, according to Schmidt, because the private sector was not sure what the government wanted. Schmidt called for clear standards for what types of incidents will be reported to government officials. As a first step in establishing formal policies and procedures for reporting cybersecurity incidents, the government has created the National Communications System (NCS), which serves as the primary point of contact for such notifications. The NCS is part of the new Department of Homeland Security.
Federal Computer Week, 2 April 2003

As part of the PATRIOT II legislation, the Justice Department is considering extending prison sentences for those found guilty of scrambling data in commission of another crime. Law enforcers hope to deter criminals from scrambling messages by increasing the penalty up to five years for the first offense and 10 years for repeat offenses. Encryption advocates, however, fear this would be an ineffective way to deter crime and will hinder legitimate uses of cryptography. The latest draft proposal applies only to those who intentionally use encryption to commit a federal felony, yet critics contend that the language could cover most online activity because encryption is so widely used for e-commerce and other transactions. Given the increasing role of encryption in a wired world, debate centers on how to prove intention and on whether such a law would be effective.
Associated Press, 31 March 2003

The California Supreme Court will soon be reviewing a lawsuit first brought five years by chipmaker Intel against a terminated employee whom it charges violated its private property rights by bombarding its e-mail system with messages to Intel employees. The ex-employee, Ken Hamidi, has portrayed the dispute as a freedom of speech case, whereas Intel says the issue is not about the content of Hamidi's messages but about the fact that he used Intel's own systems without its permission. Intel says, "For us, it's not a First Amendment issue and never has been. Ken has been very persistent and creative in exercising his right to speak out. But our view is that, in exercising his rights to free speech, he needs to protect the property fights of Intel, including our e-mail system." On the other hand, Stanford law professor Jennifer Granick argues that there was no violation of Intel's property rights because there was no actual damage to Intel property: "There is no harm to Intel's servers -- it's the communication of the message that Intel considers the harm. That's not the kind of harm the courts should be in the business of protecting people from. It undermines the nature of the Internet as a place to exercise free speech rights."
San Jose Mercury News 30 Mar 2003

The U.S. House of Representatives added two amendments last week to the Child Abduction Prevention Act (CAPA), and then voted 410 to 14 to pass CAPA. The first amendment makes it a crime to use misleading Internet names to lure children to pornographic or adult Web sites. Violators could face up to four years in prison. The second amendment bans virtual or computer-generated child pornography. The Supreme Court last year ruled that Congress’s first legislation against virtual child pornography violated the First Amendment. CAPA, which was passed by the Senate without the House’s additions, creates a national network to send alerts in cases of child kidnapping.
CNET, 27 March 2003

Critics of current copyright laws argue that some states are passing legislation even more restrictive that the Digital Millennium Copyright Act (DMCA) and are urging those states to soften their position. The Association of Research Libraries, the American Association of Law Libraries, and the American Library Association sent a letter last week to lawmakers in Arkansas and Colorado rejecting proposed laws that could “undermine the ability of libraries to provide important information services.” The Motion Picture Association of America (MPAA) is one of the supporters of the DMCA and state copyright laws. According to the MPAA, states that have already passed copyright legislation include Maryland, Virginia, Delaware, Illinois, and Michigan. The MPAA defends laws in those states as legitimate attempts to curtail the piracy of copyrighted material.
ZDNet, 31 March 2003

Barry K. Williams, special assistant to the U.S. Office of Personnel Management, has developed a Web site for federal scholarships and jobs. Officials from historically Black colleges and universities had suggested to Williams that participation from minority students would increase if there were an online resource that offered information about the range of opportunities presented by the federal government. The site, called e-Scholar, includes scholarships, fellowships, grants, and internships geared to high school, undergraduate, and graduate students. Users of the site also have access to tips on writing resumes that are likely to appeal to government agencies. Use of the site is not limited to minority students, but officials hope that easy access to the information will encourage a broader pool of applicants to the various programs profiled.
Chronicle of Higher Education 31 March 2003

Draft legislation circulating in the Justice Department would impose stiffer prison sentences for scrambling data in commission of a crime - something encryption specialists say would have little effect on fighting terrorism and will only hurt legitimate uses of cryptography. "Why should the fact that you use encryption have anything to do with how guilty you are and what the punishment should be?" asks Stanton McCandlish of the CryptoRights Foundation. "Should we have enhanced penalties because someone wore an overcoat?" The measure, which would add up to five years to a sentence for a first offense and 10 years after that, is backed by police and intelligence agents who worry that encryption will hamper their ability to fight crime. "If you went the extra step to keep us from getting evidence, you should pay an extra price," says a former computer crimes investigator with the New York Police Department. But many question whether such a law would have its intended effect: "You have to be intentional about using encryption, and that's a tricky thing to prove. I do see this provision as largely symbolic rather than effective," says a former National Security Agency counsel. The new proposal is part of legislation dubbed Patriot II, a sequel to the 2001 USA Patriot Act.
AP 31 Mar 2003

A group of librarians in the Minneapolis library system has filed a federal lawsuit against that system, alleging that administrative failures have created an intimidating, hostile and offensive workplace. "We were living in hell, and they were unwilling to acknowledge the problem," says one librarian. The dispute arose in 1997, soon after the Minneapolis libraries installed Internet access, and a number of library visitors began displaying on publicly accessible computer images of "virtually every imaginable kind of human sexual conduct."
AP/USAToday 26 Mar 2003

A report by TowerGroup Inc. estimates that banks lost at least $1 billion to identity thieves last year, although actual losses from identity theft are difficult to determine. False identities are used to obtain credit cards, apply for home equity loans, buy cars, and take out mortgages. In 2002, about 68,000 victims had new credit cards issued in their names, and 10,000 had home loans worth around $300 million taken out in their names. The Federal Trade Commission received 161,000 identity theft complaints, but the Federal Bureau of Investigation estimates the actual number of victims to be around 500,000. The problem, according to the report, is that banks can't positively identify new customers applying for loans or credit cards. Banks downplay their losses and haven't passed costs on to consumers, so to date there's little incentive to put stricter controls in place, which would limit competitiveness and inconvenience consumers. "Nobody has taken a huge hit yet," according to Senior Analyst Christine Pratt, the author of the report.
MSNBC 26 March 2003

Computer-related identity theft represents only a small portion of all cases of identity theft, but thieves are increasingly able to access vast amounts of personal data as hacking incidents increase. Last month, for example, hackers gained access to many millions of credit card numbers, and a student at the University of Texas downloaded personal information for more than 55,000 individuals. Most such hacks do not result in identity theft, but those that do involve increasingly larger losses. Two Japanese thieves stole more than $140,000 from banking customers, and Thomas Pae, who led an international fraud scheme, used stolen credit card numbers to buy almost $325,000 worth of computer equipment. Security experts say many banks and other institutions are reluctant to reveal security breaches, fearing the information will scare away customers, and that the thefts are likely to rise as more and more consumers use increasing amounts of personal information for online transactions.
NewsFactor Network 17 March 2003

A student at the University of Texas has admitted to the recent break-in of the university's computer system in which records for more than 55,000 students, faculty, and staff were accessed. Christopher Andrew Phillips has been charged with unauthorized access to a protected computer and using false identification with intent to commit a federal offense, though Phillips said he had no intention of using the information to commit any crime. Phillips wrote a program that used randomly generated Social Security numbers to access university systems. Dan Updegrove, UT's vice president for information technology, said the incident highlights the need for universities to use something other than Social Security numbers as student identifiers. "It's something that all of us have to undo," he said.
Washington Post 15 March 2003

According to test data released by the federal government, facial-recognition systems have become significantly more accurate and reliable since 2000. The tests, which were overseen by the National Institute of Standards and Technology and covered products from 10 companies, also showed, however, that in certain conditions the accuracy of the systems dropped to 50 percent. In "reasonable, controlled indoor lighting," the best of the systems was able to correctly match facial images with those in a database 90 percent of the time. The results are expected to support efforts to add facial-recognition systems, as well as other biometric identification technologies, in situations where security is vital, such as at airports.
New York Times 14 March 2003 (registration req'd)

Security firm F-Secure reports that more than 1,000 Web sites have been hacked in direct response to the launching of war in Iraq. According to F-Secure, although some of the hackers apparently are U.S.-based supporters of the war, the majority of the attacks came from people opposed to the war. iDefense, another security firm, also reported that hundreds of Web sites have been hacked by peace activists, some of whom have called this the "new era of cyber war." Sites that have been hacked since the beginning of military action against Iraq include the U.S. National Center for Agricultural Utilization Research and the U.S. Navy. Damage from the recent hacking activity is reported to be minimal.
BBC 21 March 2003

SunnComm Technologies has licensed a technique to hide data, video, software, or an identifying watermark inside music files. The company is working with Stealth MediaLabs to create a watermark that could be embedded inside music files and survive digital compression, rerecording through an analog connection, or recording from the radio. The technology, originally developed at the University of Miami, would also permit embedding other data, such as liner notes or pictures, although the original intent was protection of intellectual property. The technique works by encoding binary data inside the stereo audio signal, said the companies, making removal difficult without substantially changing the sound of the song.
CNET 20 March 2003

A report released March 19 indicates that the digital divide in the United States is shrinking as children from all ethnic groups and income levels increasingly use the Internet. The Corporation for Public Broadcasting reported that children under 17 spend nearly as much time using computers as watching television, with Internet use among minority and low-income children surging over the past two years. More than two-thirds of low-income households have a computer at home, compared to fewer than half two years ago. Gaps persist, however, particularly with respect to high-speed Internet access at home.
Washington Post 19 March 2003

Former Congressman Dick Armey accused George W. Bush and other Congressional Republicans of disregarding citizens' right to privacy in their efforts to increase national security. He said, "[P]eople in the government, very much so in the Justice Department, have been playing out a lust for our information that is not consistent with who we have been as a nation and what our constitutional freedoms are." Armey criticized the government's proposed data-mining programs and other efforts to identify potential criminals and prevent crimes by collecting and sharing information from various sources. He said the notion that the collection of such data should not bother the innocent is ridiculous. A spokesman from the Justice Department defended that agency's use of expanded powers of surveillance, saying the agency stays within the bounds of the law and that Congress still has oversight for what is done.
IDG 14 March 2003

President Bush this week signed a bill that will establish a national do-not-call list, similar to lists already enacted in 32 states. The lists are designed to limit unwanted calls from telephone solicitors. Under the federal statute, companies that do not comply with the list can be fined up to $11,000 per call they make to someone who is on the list. Certain calls are excepted from the regulation, including those concerning surveys, charities, and calls on behalf of politicians. The Federal Trade Commission will collect fees to pay for creating and maintaining the list. VeriSign and a company called Call Compliance have developed a call-blocking application called TeleBlock, which was recently sold to PaeTec. Gryphon Networks also markets a product for the burgeoning call-blocking industry. Some have speculated that a similar approach could be an effective way to tackle the growing problem of unwanted e-mail.
Internet News 13 March 2003

Representatives from the Motion Picture Association of America and Microsoft testified before Congress that organized gangs operating in countries like Russia and Malaysia are stealing intellectual property and profiting from making counterfeit software and DVDs. In addition to counterfeit labels and discs covered under current federal anticounterfeiting laws, Microsoft supports a change to the law to cover fake holograms and other packaging material. Recent versions of Microsoft Office have an edge-to-edge hologram etched into an entire side of a CD-ROM. Counterfeiters can't replicate the technology, so they deceive consumers with high-quality holographic stickers instead. The importance of prosecuting such criminal activity was argued by a Justice Department official who sees a link between copyright piracy and terrorism.
CNET 13 March 2003

British law enforcement officials have arrested 43 more men on suspicion of having downloaded child pornography from U.S. porn sites. The officials are working their way through a list (obtained some months ago from U.S. postal investigators) of 7000 British subjects who used their credit cards to enter the sites. Out of the 1,600 individuals arrested in London, 46 have allegedly been directly involved in the abuse of children. A British police official says: "We are sending out a strong warning to those who think they can remain anonymous and escape the law by using the Internet to access abusive images of children."
The Inquirer (UK) 13 Mar 2003

A bill before the California legislature would ban all unsolicited messages sent to e-mail addresses in that state. Consumers who received spam would be able to sue the sender for at least $500 per violation. Critics of the measure said that it will do little to stem the flow of spam because many spammers use hijacked systems to send e-mail or are outside of the country. An analyst with Jupiter Research said that a spammer in China is not going to care what the laws are in California. Debra Bowen, the state senator who wrote the bill, acknowledged that the measure would not end spam, but she said something needs to be done. Her bill, she said, would give individual consumers the authority to tackle spam without having to depend on technology or on a district attorney. In 1998, Bowen wrote the state's first bill to limit spam, which requires unsolicited mail to include "ADV" in the subject line. Louis Mastria of the Direct Marketing Association said that law is generally ignored and counterproductive.
Los Angeles Times 11 March 2003 (registration req'd)

The Liberty Alliance Project, which was created in 2001 to establish standards for identity management and identity-based services online, this week released details about its federated identity-management plans. The group released an initial set of specifications last summer for federated identity management, and another set of specifications is due this year. The current release provides details about the Liberty Alliance's plans for future specifications, giving companies the chance to anticipate changes and plan for them. Officials from the Liberty Alliance were quick to distinguish their work from Microsoft's efforts with its Passport service. Michael Barrett, president of the Liberty Alliance Management Board, said his group's standards are more flexible than those of Passport, which is designed as "a centralized service operated by a single company."
IDG 11 March 2003

As the Web and Web usage continue to grow, more employers seek to monitor employees’ e-mail and Internet use to gauge worker productivity, limit network traffic, and prevent the spread of computer viruses. An FBI survey found that employees at 78 percent of companies had misused the Internet, and a study by IDC estimates that 30 to 40 percent of Internet surfing during work hours is not work related. An alternative to monitoring Web use and “spying” on employees is highly customized blocking software that can block specific sites entirely or enable site visits for discrete amounts of time or during certain hours of the day. Websense Inc. offers such employee Internet management software to 18,000 customers worldwide that allows clients to define access to 4.2 million Web sites, divided by categories. Privacy advocates applaud blocking software as preferable to monitoring, which one employee advocate labeled a “privacy nightmare.”
Washington Post 8 March 2003

The U.N. Development Program (UNDP) and the Afghan Ministry of Communications have worked together to establish the “.af” Internet domain, set to debut this week. The top-level domain, representing the country’s “planting its flag in cyberspace,” marks Afghanistan’s first step toward carving out its own portion of cyber real estate. Under Taliban rule, using the Internet was forbidden, though an Afghan citizen initially registered the .af domain in 1997. Communications Minister Mohammad Moassom Stanakzai said, “For Afghanistan, this is like reclaiming part of our sovereignty.” So far only two .af sites have been registered. One belongs to the Afghan Ministry of Communications and the other to the UNDP.
Associated Press 9 March 2003 (registration req’d)

A four-year effort by British and U.S. officials resulted in the closure of Web sites offering fake degrees from 14 nonexistent U.K. institutions in the areas of teaching, child care, and technology. The operation, run by an Israeli couple with offices in Israel, Romania, and the United States, employed 30 Romanian staff and targeted millions daily with e-mails. British authorities noted that shutting down the sites was difficult because those who purchased the degrees—mostly in North America—knew the degrees were fake. Buyers of the bogus credentials often used them to obtain positions for which they were not qualified. Investigator Tony Allen said, “Those people who bought the degrees knew exactly what they were doing. The complaints we received were actually from colleagues of those who got jobs by lying.” Margaret Hodge, Britain’s higher education minister, highlighted the importance of international cooperation in shutting down such operations.
BBC 7 March 2003

In a ruling that could affect similar prosecutions nationwide, Federal Judge Denny Chin struck down FBI evidence in an Internet child pornography case against a Bronx resident. In the case, the FBI was given authority to search homes and computers of members of the Candyman Internet group based on an affidavit saying all members of the group received pornography through e-mail. The FBI later acknowledged that Candyman subscribers could opt out of the e-mail list and did not necessarily receive pornography. The FBI unjustly searched the home of a Candyman member who did not receive or send e-mail images, said Judge Chin, who threw out the evidence against him. Although it is unclear how many Candyman prosecutions have relied on the affidavit, there will likely be many challenges. In another case in St. Louis, Judge Catherine D. Perry suppressed evidence based on false statements in the FBI affidavit. Daniel A. Juengel, the lawyer for the defendant in the St. Louis case, called the rulings "a major victory for the Fourth
New York Times 7 March 2003 (registration req'd)

The recent announcement of a flaw in Sendmail has turned out to be the Department of Homeland Security's (DHS) first foray into managing a cybersecurity incident. DHS first learned of the flaw in December, at which time it began working with several vendors on developing patches for the weakness and making sure that all of its own systems were patched before details of the flaw were publicly released. Several security experts agreed that DHS did an effective job in coordinating the incident, and they praised the government for safeguarding its systems before releasing information. The situation, however, highlights the ongoing argument among systems administrators about how best to handle the disclosure of flaws. Some experts complain that flaws or attacks are not disclosed until they have caused most of the damage they are likely to cause. "Hours are an eternity in IT terms," said security researcher Robert Ferrell. According to Ferrell, if DHS tries to "cover all their bases and refrains from reporting until they're sure about everything, they'll come in dead last every time."
Wired News 7 March 2003

The U.S. General Services Administration (GSA) and the U.S. Department of Defense (DoD) have joined the Liberty Alliance Project. Founded by Sun Microsystems, Inc. in 2001, the alliance seeks to develop and implement open standards for Web-based identity management. Although the alliance has much support - in excess of 160 companies and organizations are members - its standards are not widely used, due in part to Microsoft's rival authentication system, Passport. A poll indicates, however, that more than half of the alliance's members will implement systems based on the project's standards. The GSA and DoD joined the alliance to help them with "eAuthentication," a government requirement that verifies the identity of citizens and companies engaged in Internet business with the U.S. government.
ComputerWorld 6 March 2003

Two Japanese men were arrested for allegedly hacking into people's bank accounts and stealing $136,000. The men are accused of downloading software that detects the keystrokes made by a computer user and installed it on PCs at Tokyo cybercafés. They then figured out the passwords that five previous customers had used to access their bank accounts online, and transferred a total of $141,000 from those accounts to another bank. One of the men, 27-year-old Goro Nakahashi, then used an alias to withdraw $136,000. If charged with theft, the two could face up to 10 years in prison. According to the Asahi newspaper, the men allegedly tried to use about 100 computers at 13 different Internet cafes around Tokyo.
(AP 7 Mar 2003)

You'll think I made this up. I didn't. "I didn't think I had to [take off the shirt]," Stephen Downs said. "It seemed to me my First Amendment rights permitted me to wear the T-shirt." He was arrested by the local police and charged with trespassing.

Federal district judges Denny Chin in New York and Catherine D. Perry in St. Louis have rejected evidence obtained by FBI agents who claimed falsely that anyone signing up with the child porn site "Candyman" would automatically receive child porn images from other site members. Later, the agents admitted that people signing up for the group had the ability to opt out of the member mailing list and therefore did not necessarily receive pornography through that list. Judge Chin wrote: "If the government is correct in its position that membership in the Candyman group alone was sufficient to support a finding of probable cause, then probable cause existed to intrude into the homes" of thousands of people who had merely logged onto that Web site. "Here, the intrusion is potentially enormous. Thousands of individuals would be subject to search, their homes invaded and their property seized, in one fell swoop, even though their only activity consisted of entering an e-mail address into a Web site from a computer located in the confines of their homes."
New York Times 7 Mar 2003

Delta Airlines's upcoming test of the government's Computer Assisted Passenger Prescreening System (CAPPS II) has at least one activist up in arms over what he sees as the system's threat to privacy. Bill Scannell, who led the Boycott Adobe campaign to protest the arrest of programmer Dmitry Sklyarov, is now calling for a boycott against Delta. CAPPS II assigns a rating of green, yellow, or red to every airline passenger based on that person's credit, banking, and criminal history. According to developers of the system, the ratings indicate a passenger's security threat level; people with yellow ratings will be subject to extra security checks at airports, while passengers identified as red can be prevented from flying. Scannell said the
system sacrifices individuals' right to privacy while doing nothing to increase security. Barry Steinhardt of the American Civil Liberties Union shares Scannell's concerns. "CAPPS II threatens our liberty," said Steinhardt, "but its security benefits are far from clear."
Wired News 5 March 2003

The federal government's recent tactic of seizing not just ill-gotten property and items used in committing crimes but also Internet domain names has civil libertarians and Internet registrars worried. Registrars have routinely argued that domain names represent a contract and are not subject to seizure. If domain names are considered property, according to computer-law attorney Michael Overly, registrars will "find themselves at the heart of no end of litigation." Civil libertarians worry that if the government seizes a domain - rather than simply confiscating the hardware that runs a site - the government gains access to user logs for that site, which would remain active until government officials turned it off. The government could, critics argue, seize a site and then identify all visitors to that site. The federal government recently seized the domain names for a number of sites selling drug paraphernalia, and Attorney General John Ashcroft said law enforcement agencies have asked that 15 to 20 more sites be redirected to the Drug Enforcement Administration.
Associated Press 4 March 2003 (registration req'd)

A recent study by Dataquest Inc. determined that many U.S. companies are not prepared for disaster recovery and have not adequately invested in contingency planning. Security risks, even for the prepared, are heightened by a possible war with Iraq. The study found that both government and businesses are unprepared and cautioned that one in three businesses could lose critical data or operability if disaster-recovery spending is not increased immediately. According to Dataquest principal analyst Tony Adams, "Budget constraints are forcing an average of 40 percent of respondents to rely on a best guess to determine potential risk rather than obtaining formal assessments, which would be too costly." Although the study focused on the central role of IT managers, an industry insider noted that a company's CEO, COO, and board of directors are ultimately responsible for investing in security planning.
ComputerWorld 4 March 2003

This week the U.S. Supreme Court will hear arguments over the Children's Internet Protection Act, which requires libraries to install Internet filters if they want to receive federal funding. Supporters of the requirement argue that preventing online access to pornography is akin to libraries' decision not to offer patrons printed pornographic magazines. They also say that blocking some non-offensive material is not reason enough to reject Web filters. Groups including the American Library Association that oppose the filters contend they block considerable amounts of non-objectionable material, including information about health, scientific, social, and political issues. Opponents also say that filters disproportionately affect low-income and rural users, who don't have the same opportunities to online access at home or at work as higher-income and urban users. Last year a panel of three federal judges ruled that the law violated the First Amendment.
San Jose Mercury News 5 March 2003

Tomorrow the U.S. Supreme Court will hear arguments in a case challenging the constitutionality of the Children's Internet Protection Act of 2001, which requires any library that receives federal money to block access to online pornography and obscenity. In support of the Act, U.S. Solicitor General Ted Olson says that libraries are being asked merely to use the same kind of discretion they've always used in managing their print collections: "Public libraries have broad discretion to decide what material to add to their collections. The use of filtering software to block access to online pornography falls well within the permissible limits of that discretion.
USA Today 3 Mar 2003

A freedom-of-information request by the Electronic Privacy Information Center (EPIC) has uncovered information about 26 research grants awarded for the Defense Department's controversial Total Information Awareness (TIA) program. The Defense Department tried to block the release of the grant information, but a federal district court ruled that the information must be turned over. Future funding for the TIA program has been blocked by Congress, pending an accounting of how the program will deal with privacy issues. The grants described were approved before Congress took action to limit funding. Grant applicants included large and small corporations and large research universities. According to EPIC, the grant program solicited proposals dealing with repository technologies; collaboration, automation, and cognitive aids technologies; and prototype system technologies.
Internet News 27 February 2003

First, a timeline of Civil Liberties versus "national security," with an emphasis on post-9.11.01
Second, details on the terrifying and closely-guarded document that shows plans for a sweeping expansion of the government's police powers, almost jokingly named "Patriot II." (Much more on it here.)
And third, Nat Hentoff's interview by Bill Moyers for Moyers' PBS show NOW. Unfortunately, I don't have the tape (the transcript includes the "false starts" and pauses and interruptions normal in such face-to-face back-and-forth), but it's not hard to follow at all.

LET'S FILE THIS UNDER "Anyone care for some alphabet soup?" [On a serious note, all presenters must please remember to put on your handouts a listing of explanations for technical jargon and abbreviations/acronyms.]
Legislation that created the Department of Homeland Security (DHS) calls for the FBI's National Infrastructure Protection Center (NIPC) to move to DHS. The NIPC, as well as several other government agencies, will form a new Directorate for Information Analysis and Infrastructure Protection (IAIP). Many of the staff of the NIPC, which investigates computer crimes, are staying at the FBI, however, leaving the IAIP with a lot of empty seats, including Under Secretary of Homeland Security for Information Analysis and Infrastructure Protection, the head of the new agency. President Bush's first choice to lead the agency, James Clapper, turned down the position, possibly in response to Bush's announcement that a new terrorist threat center in the CIA would be created. The DHS is also trying to fill the positions Assistant Secretary for Information Analysis and Assistant Secretary for Infrastructure Protection.
Internet News, 28 February 2003

ACLU Supports MI High School Student Sent Home for Wearing Anti-War T-Shirt
DETROIT - The American Civil Liberties Union today said that it is looking into possible litigation on behalf of Bretton Barber, a junior at Dearborn High School who was told to go home if he did not remove a t-shirt with a picture of President Bush between the words "international terrorist."
February 25, 2003

ANOTHER TO FILE UNDER "Take that, Osama bin Ladin!"
Attorney General John Ashcroft says federal agents have taken control of several Web sites allegedly selling illegal "drug paraphernalia" and have redirected them to servers at the Drug Enforcement Administration. A federal judge in Pittsburgh ruled that the takeover was permitted until a trial can take place. Meanwhile, the DOJ also reported it has seized the iSoNews.com domain, whose owner pled guilty to using his site to sell "mod" chips that enable Xbox and PlayStation owners to modify their game consoles so they can play illegally copied games. Visitors to the iSoNews.com site yesterday were greeted with a notice stating: "The domain and Web site were surrendered to U.S. law enforcement pursuant to a federal prosecution and felony plea agreement for conspiracy to violate criminal copyright laws." The seizing of Internet domain names represents a new tactic in the DoJ's arsenal against crime, with a spokesman for the Electronic Privacy Information Center observing that the practice becomes a kind of "electronic flypaper" that raises novel legal questions.
(CNet News.com 26 Feb 2003)

Several recently enacted laws, including the USA PATRIOT Act and the Enhanced Border Security and Visa Entry Reform Act, call for new and increased efforts to safeguard the nation against terrorist threats. The laws include a requirement to begin using biometric technology - which identifies people based on physical characteristics that cannot be changed, such as fingerprints or iris scans - to fight immigration fraud. The International Biometric Group has delivered its final report on the introduction and use of biometrics. The group's report is based on interviews and on observations of visa procedures and of activities of the Immigration and Naturalization Service at the nation's points of entry. The report recommends using multiple biometric methods of identification rather than relying on a single one and adding biometric identification to existing programs rather than replacing them. The recommendations are similar to those in a recent study by the National Institute of Standards and Technology.
Federal Computer Week 25 February 2003

Senators Patrick Leahy (D-Vt.), Charles Grassley (R-Iowa), and Arlen Specter (R-Pa.) have introduced a bill called the Domestic Surveillance Oversight Act in an attempt to add oversight to the actions of the FBI. Because of recent legislation, including the USA PATRIOT Act, aimed at protecting national security, the FBI has increased authority to conduct electronic surveillance and to use information collected. The new bill would require the FBI and the Department of Justice to reveal how often they spy on U.S. citizens under current law. Leahy said there should be some accounting for how the agencies use the powers they currently have, especially as they call for even broader powers. Grassley accused the FBI of being too secretive and of making significant mistakes. He said the agency is unable to apply current legal standards correctly and consistently.
PCWorld 25 February 2003

The Center for Democracy and Technology, based in Washington, D.C., has raised concerns over the actions of the attorney general of Pennsylvania to limit child pornography. Operating under the terms of a recently enacted state law, the attorney general is requiring Internet service providers to block access to pornography sites or risk fines of $5,000. The law is unusual because it targets servers that host pornographic Web sites, even if non-pornographic material is also available from that server. The result, according to the Center for Democracy and Technology, is that the Pennsylvania restrictions will prevent access to legitimate material. The group compared the action to halting mail to an apartment building because one tenant is doing something illegal with the mail. A spokesman from the Pennsylvania attorney general's office defended the strategy, saying it "has worked in nearly every case." WorldCom objected to the policy, arguing that it unfairly blocked access to non-offensive material, but a judge later ordered the company to abide by the attorney general's request.
Washington Post 20 February 2003

"The Trouble With Corporate Radio: The Day the Protest Music Died" by Brent Staples
Pop music played a crucial role in the national debate over the Vietnam War. By the late 1960's, radio stations across the country were crackling with blatantly political songs that became mainstream hits. After the National Guard killed four antiwar demonstrators at Kent State University in Ohio in the spring of 1970, Crosby, Stills, Nash and Young recorded a song, simply titled "Ohio," about the horror of the event, criticizing President Richard Nixon by name. The song was rushed onto the air while sentiment was still high, and became both an antiwar anthem and a huge moneymaker.

Health of Iraqi People Already at Risk: Health Care System Never Recovered from Gulf War
By Jennifer Warner WebMD Medical News; Reviewed By Michael Smith, MD on Thursday, February 20, 2003
Feb. 20, 2003 - Little more than a decade ago, the health care system in Iraq was heralded as among the best in the Middle East, but the impact of the Gulf War and subsequent trade sanctions on Iraq have left the system in shambles and poorly prepared to meet even the most basic needs. Now, with the threat of yet another war looming, a new report warns that the health of the Iraqi people may hang in the balance.

For several months the University of Wyoming has been testing software from Audible Magic that allows network operators to see exactly what files are passing through the university's routers. The software goes beyond bandwidth-shaping applications, which allocate portions of a network's capacity to certain types of traffic, and recreates files that use FTP (file transfer protocol) or the Gnutella technology to identify the content. The next step, theoretically, is to compare files passing through the network and block transmission of any that are copyrighted. That prospect has many up in arms about what critics call censorship, particularly in a university setting. In a letter to universities last fall, the Electronic Privacy Information Center said, "Monitoring the content of communications is fundamentally incompatible with the mission of educational institutions." Brad Thomas, a network specialist at the University of Wyoming, noted that he doesn't want to look at what's being sent across the network, and users don't want their communications monitored. "But," he said, "it's getting to be the only way to control our bandwidth."
ZDNet 20 February 2003

Responding to what she sees as an increasingly offensive and threatening environment on campus, Linda Vanasupa of California Polytechnic State University has written a resolution that would ban viewing pornography, obscenity, or hate literature on computers at the school. Last year, the chair of Vanasupa's department was convicted of misusing a state computer, having downloaded thousands of pornographic images to it, and left the university in the wake of the scandal. Vanasupa said the "lack of sensitivity around this issue" is "a form of hostility." The resolution allows for exceptions to the policy for faculty or students who can demonstrate an academic need to access such materials, but Paul J. Zingg, Cal Poly's provost, said the proposal is "fundamentally in opposition to the spirit of inquiry that is critical to the academy." The resolution is expected to be presented to the Academic Senate, where Vanasupa believes there to be sufficient support for debate on the Senate floor.
Chronicle of Higher Education 21 February 2003

The National Association of Criminal Defense Lawyers has joined with the Electronic Frontier Foundation and the Sentencing Project in publishing a position paper that argues people convicted of computer-related crimes tend to receive harsher sentences than perpetrators of comparable non-computer-related offenses. "The serious nature of the offenses is overplayed," says Jennifer Granick, author of the paper and clinical director at Stanford University's Center for Internet and Society. "The (majority) of the offenses are generally disgruntled employees getting back at the employer or trying to make money." In a review of 55 cases prosecuted under the most-often used computer crime statute, only 15 involved harm to the public and only one resulted in a threat to safety. Those convicted "are receiving sentences based on the fear of the worst-case scenario rather than what the case may really be about," says Granick. The paper was submitted in response a request for public comment by the U.S. Sentencing Commission as required by the Homeland Security Act of 2002. Cybercrime legal expert Scott Frewing says he agrees with many points raised in the paper, but recommends a two-tiered sentencing threshold: "I would be comfortable in a situation where the code addresses the discrepancy between those who cause bodily injury and those that don't. If that results in the law being unfair to a virus writer, maybe that's enough to put them on notice."
(CNet News.com 20 Feb 2003)

Lawmakers will be making a big mistake if they bow to Hollywood pressure and enact new copyright-protection legislation based on today's Internet use patterns, says Stanford University professor Lawrence Lessig. Currently, millions of consumers are downloading music to their PCs because slow dialup connections make it impractical to stream content quickly to a variety of devices. "In the future, it will be easier to pay for subscription services than to be an amateur database administrator who moves content from device to device. We're legislating against a background of the Internet's current architecture of content distribution, and this is a fundamental mistake," Lessig told participants at the Digital Rights Management Summit held at Intel headquarters.
AP 20 Feb 2003

Sen. Ron Wyden (D-Ore.) is pushing legislation that would make permanent an existing moratorium on Internet taxes. The current moratorium is set to expire this fall, but Wyden says the pressures on state governments to raise new funds could spark a stampede toward e-commerce sales taxes. "There are thousands of taxing jurisdictions and if all of them, or a significant portion of them, can take a bite out of electronic commerce, I think the consequences would be staggering."
Wall Street Journal 20 Feb 2003
http://online.wsj.com/article/0,,SB1045262386225624343.djm,00.html (sub req'd)

The Washington-based civil liberties group Center for Democracy and Technology is considering a legal challenge to a Pennsylvania law that threatens fines on any company providing Internet access to Web sites with child pornography rather than fines on the pornographic sites themselves. CDT associate director Alan Davidson says, "It's sort of this weird world where we're not prosecuting the people producing child pornography," and instead harassing Internet service providers whose existence is necessary for the stability of the Internet.
AP/San Jose Mercury News 20 Feb 2003

At least 26 states already have anti-spam laws on the books, without much to show for them, but California state senator Debra Bowen is trying again, this time by proposing a bill making it a crime to send unsolicited commercial e-mail to accounts in California. Bowen says that spam "is really turning the Internet into a tool of questionable value. I had someone write to me say, 'Spam is turning the Internet into an open sewer, and as the Romans discovered, open sewers are a bad thing.'" However, Jupiter Research analyst Jared Blank says it will take technology rather than legislation to get spam under control. But filtering technology can also be a problem, and the E-mail Service Providers Coalition hopes people will report missing and legitimate e-mail caught in "spam traps."
Reuters/USA Today 19 Feb 2003

On Friday the Bush Administration released the final version of the National Strategy to Secure Cyberspace, which disappointed many in its variance from several widely circulated drafts. The document attempts to address the growing concern over threats to the nation's computer systems, threats that could result in "debilitating disruption to our nation's critical infrastructures, economy, or national security." Critics complained that the final version of the strategy document backs away from regulations and concrete steps to improve cybersecurity, opting instead for suggestions and softer recommendations. Allan Paller of the SANS Institute said the document is "a wonderful statement of the problem" but leaves out "some of the best ideas that people had." Sen. Charles E. Schumer (D-N.Y.) also faulted the final document, calling it "a vague set of broad principles that has no money backing it up."
Washington Post 15 February 2003

321 Studios, maker of software that defeats copy protections to allow copies to be made of DVDs, has offered a $10,000 reward to anyone with information about how the company's products are being used for movie piracy. The reward, according to Robert Moore, founder and president of 321, is his company's response to the movie industry's statements that the "software is a piracy tool, that I'm a thief, and that every one of my customers is a co-conspirator." Officials from 321 said they support efforts to end illegal copying of DVDs, that their software is offered to allow legal copies for personal use, and that the reward is not a concession to Hollywood. In the week following the beginning of the reward program, 321 did not receive any tips about piracy, and Moore does not expect to receive any in the future.
Associated Press 19 February 2003

A new project announced last week by the Library of Congress aims to preserve large amounts of material that exists only in electronic formats. Initial funding will come from Congress, which has set aside $100 million for the project, an amount that Laura E. Campbell of the Library of Congress described as enough to get started but insufficient for long-term needs. Indeed, the Congressional appropriation anticipates matching contributions of up to $75 million from federal agencies, libraries, research institutions, and commercial interests. Early planning for the project, called the National Digital Information Infrastructure and Preservation Program, has included officials from Kodak, the American Institute of Architects, Elsevier Science, Random House, the Andrew W. Mellon Foundation, and some universities.
Chronicle of Higher Education 17 February 2003

A new e-mail coalition set up by the Network Advertising Initiative (NAI) has announced it will create a forum on Yahoo Groups to discuss Internet service provider (ISP) e-mail filters that screen out legitimate mail. Officials from the NAI say that many filters have become so stringent that an appreciable amount of non-spam e-mails are never delivered. Trevor Hughes, executive director of the NAI, said an e-mail from a friend might be filtered by an ISP if the message contains too many exclamation points. The recently created e-mail coalition includes major e-mail marketing companies DoubleClick, Topica, and Yesmail. The coalition was designed to provide a single voice for the concerns of e-mail marketers, who face increasing consumer frustration from steadily growing amounts of spam. The new "I_Did_Not_Get_My_Email" forum aims to identify the extent of the reaction to spam among ISPs trying to filter unwanted messages.
Internet News 19 February 2003

Microsoft has filed a lawsuit against unnamed bulk mailers who harvested the e-mail addresses of Hotmail users in order to bombard them with junk messages. The spammers allegedly used tools to randomly generate e-mail addresses and then tested them to see which accounts were active. Microsoft argues that this form of dictionary attack violates federal laws, including the Computer Fraud and Abuse Act.
The Register 19 Feb 2003

A third-party processor of Visa and MasterCard credit card accounts was invaded by network vandals, but Visa and MasterCard executives say that none of the credit information was used for fraudulent purposes. In any event, no customer will be liable for any charges that might fraudulently be made to their accounts. A statement from Visa says that its fraud team "immediately notified all affected card-issuing financial institutions and is working with the third-party payment card processor to protect against the threat of a future intrusion. This is not something regional, it was throughout the nation and could be any bank."
Reuters/CNet News 18 Feb 2003

The level of cyber attacks dropped for the first time in the second half of 2002, falling by 6%, according to Symantec's Internet Threat Report. But at the same time the number of vulnerabilities shot up significantly, with 2,524 new vulnerabilities reported in 2002, 81.5% over 2001. Power and energy companies saw the highest level of hacking and cracking attempts over the last six months of last year, with financial companies second. South Korea was cited as the source of many of the attacks, both because of the increased use of broadband Internet access in the country, as well as its usefulness as a hopping-off point for hackers. Hacking incidents from South Korea grew 62% between July and December last year.
The Register 3 Feb 2003

The entertainment industry is taking aim at new technology that has spawned a growing business dedicated to cleaning up movies and TV programs. On one side are a chain of video rental stores and a number of software companies that cater to an audience sick of gratuitous sex, violence and foul language in today's Hollywood offerings. On the other are film studios and the Directors Guild of America (DGA). The two groups are at legal loggerheads over software, such as MovieMask and ClearPlay, which filter out objectionable content, either by skipping certain frames entirely, or by substituting new dialogue, or in some cases by clothing naked actors or turning steel swords into light sabers. Last August, the owner of a Colorado "CleanFlicks" video store, which rents sanitized video tapes, fired the first volley by suing the DGA and asking a federal judge to declare the editing practices protected under federal copyright law. The following month, DGA filed a countersuit against CleanFlicks as well as the software companies that do the editing. Eight Hollywood studios have now joined DGA's fight, alleging that the companies violated trademark law when they rent or sell an altered movie in the original packaging. Meanwhile, moviemakers warn that the same software used to sanitize content could also be used to spice up G-rated fare. "It's a double-edged sword," says Jack Valenti, head of the Motion Picture Association of America. "If there are people who want to do it for benign reasons, that's one thing. But they can take 'Spider-Man' and make it into a pornographic movie, and that's a problem." A hearing on the CleanFlicks case is scheduled for Feb. 14.
AP 3 Feb 2003

by William Safire
Readers with keen memories will recall a blast in this space three months ago at the proposed "Total Information Awareness" project, which the Pentagon proudly described as "a virtual, centralized grand database." ¶ In the name of combating terrorism, it would scoop up your lifetime paper trail - bank records, medical files, credit card purchases, academic records, etc. - and marry them to every nosy neighbor's gossip to the F.B.I. about you. The combination of intrusive commercial "data mining" and new law enforcement tapping into the private lives of innocent Americans was described here as "a supersnoop's dream."
New York Times, 13 February 2003
http://www.nytimes.com/2003/02/13/opinion/13SAFI.html (original)
http://www.msu.edu/~jdowell/PrivacyInvasionCurtailed.pdf (copy)

As concerns grow over U.S. national security, citizens of other countries are having increasing difficulty entering the United States as students and researchers, frustrating academics and stalling some research projects. Everett I. Mendelsohn, a professor at Harvard University, relayed a story about students trying to attend Harvard who grew so frustrated with attempts to obtain visas that they decided to study in Paris instead. Brendan O'Brien of Cornell University said delays with visas have prevented 15 Cornell students from returning since going home for the holidays. In another case, two physicians from Bangladesh were supposed to have entered the United States to conduct research at Cornell. One arrived on schedule in September, but the other man remains in Bangladesh after his visa, which had been approved, somehow vanished. Researchers involved in the Cornell project have appealed to their Congressman for assistance. In the meantime, officials say a lot of time-sensitive research is at risk.
The Scientist, 11 February 2003

A leaked draft of the Domestic Security and Enhancement Act of 2003 has sparked an uproar among privacy groups and civil libertarians, as well as some members of Congress. The draft bill, a follow-up to the USA PATRIOT Act, expands the powers of the government to conduct surveillance, detain citizens, deport non-citizens, and use secret evidence. Included in the bill are provisions to create a DNA database of suspected terrorists and to allow the government to access credit reports without a subpoena. The so-called "PATRIOT II" bill was criticized by privacy advocates who said it "guts the Fourth Amendment." A spokesman for the American Civil Liberties Union argued that the government should wait to enact more legislation, saying, "It doesn't make sense to expand their powers when we don't know how they are using the ones they've got." Patrick Leahy, the ranking Democrat on the Senate Judiciary Committee, expressed concerns over "the administration's lack of responsiveness to Congressional oversight." Leahy said, "As recently as just last week, Justice Department officials have denied to ... the Judiciary Committee that they were drafting another anti-terrorism package."
Wired News, 12 February 2003

A state auditor found that at least one computer used by staffers counseling clients with AIDS or HIV was ready to be offered for sale to the public even though it still contained files of thousands of people. Auditor Ed Hatchett said: "This is significant data. It's a lot of information lots of names and things like sexual partners of those who are diagnosed with AIDS. It's a terrible security breach." Health Services Secretary Marcia Morgan, who has ordered an internal investigation of that breach, says the files were thought to have been deleted last year.
AP/USA Today 7 Feb 2003

The search engine Google is changing the kind of information Americans can find out about each other - information that once was the purview of private investigators or the extremely nosy. Now with one click, potential employers, salespeople, and just about anyone can find out every publicly reported detail of your past life, says Boston Globe columnist Neil Swidey. "Now, in states where court records have gone online, and thanks to the one-click ease of Google, you can read all the sordid details of your neighbor's divorce with no more effort than it takes to check your e-mail. 'It's the collapse of inconvenience,' says Siva Vaidhyanathan, assistant professor of culture and communication at New York University. 'It turns out inconvenience was a really important part of our lives, and we didn't realize it.'"
Boston Globe 2 Feb 2003

The Pentagon formed an internal and an external committee to address privacy concerns arising from the Total Information Awareness (TIA) program in a move to prevent Congress from monitoring the program too closely. Headed by John Poindexter, TIA aims to identify terrorists by monitoring Internet usage and commercial and financial databases in the U.S. and abroad. A Senate amendment last month banned deployment of the program and curbed research for it. The Pentagon formed the advisory panels to minimize the scope of the provision, now before a House-Senate conference committee, by convincing Congress that the committees will adequately address balancing security and privacy concerns. Senator Ron Wyden, who sponsored the provision, noted that the panels „did not get an election certificate‰ and that "Congress on a bipartisan basis is going to continue to demand accountability, oversight, and legally established safeguards."
New York Times 8 February 2003 (registration req'd)

President Bush has signed a secret order allowing the government to proceed with developing guidelines on circumstances under which the U.S. could launch cyber-attacks against foreign computer systems. The directive signals Bush's desire to pursue new forms of potential warfare-already the Pentagon has moved ahead with development of cyber-weapons that could by used by the military to invade foreign networks and shut down radar, disable electrical facilities and disrupt phone service.
AP 7 Feb 2003

Although it violates journalistic ethics for a reporter to misrepresent his identity, freelance journalist Brian McWilliams (whose work has appeared Salon and Wired News) used a fake Web site and phony to deceive Computerworld's Dan Verton into believing that he was a Pakistan-based terrorist who unleashed the recent Slammer network worm on the world. Computerworld published, then quickly retracted, Verton's story. McWilliams says he wanted to teach reporters "to be more skeptical of people who claim they're involved in cyber-terrorism." Computerworld editor-in-chief Maryfran Johnson says, "I couldn't believe a journalist could do this to another journalist," and Verton says, "I feel like I've been had, and that's never an easy thing to swallow. So, I'm left here scratching fleas as the price you sometimes pay for sleeping with dogs."
AP/San Jose Mercury News 7 Feb2003

Boston College computer science major Douglas Boudreau has been indicted for hacking into dozens of campus computers and using stolen identities to charge food, books, and services to the accounts of other students. An assistant attorney general said that the scheme "required technical aptitude and an enormous amount of time." Boudreau, who has been suspended from school, is being charged with wiretap violations, hacking and larceny.
Boston Globe 7 Feb 2003

The U.S. Defense Department and a group of high-tech manufacturers have struck a deal aimed at preventing future interference with military radar from next-generation wireless devices. Under the compromise, wireless device makers will build in technology to detect and actively avoid military radars that operate on similar frequencies. In return, Defense officials will support proposals to nearly double the amount of wireless spectrum available, particularly that used for "Wi-Fi" computing. Ed Thomas, chief engineer for the Federal Communications Commission, called the pact "good for the Department of Defense and good for the industry."
Wired.com 3 Feb 2003

The "SQL Slammer" worm that slowed Internet traffic significantly last week managed to infect computer servers worldwide in about 10 minutes, making it the fastest such virus seen, according to a University of California at San Diego team. "At its peak, achieved approximately three minutes after it was released, the worm scanned 55 million Internet hosts per second. It infected at least 750,000 victims, and probably considerably more," says one team member. The SQL Slammer worm was only the third of its type seen on the Net, and managed to spread nearly 100 times faster than the Code Red infection 18 months ago.
The Independent 4 Feb 2003

The Internet security firm Symantec says that the number of cyber attacks on corporate networks rose 20% in the second half of last year compared to the same period the previous year. The good news, though, is that the number actually declined by 6% compared to the first six months of 2002. The number of vulnerabilities to such attacks jumped 81%, comparing the last half of 2002 to the last half of the previous year; however, Symantec chief technology officer Robert Clyde noted that the increased number of vulnerabilities may be largely the result of a greater tendency of companies to admit their problems: "It could be that more vendors are reporting vulnerabilities as they are patched."
Reuters/San Jose Mercury News 4 Feb 2003

The level of cyber attacks dropped for the first time in the second half of 2002, falling by 6%, according to Symantec's Internet Threat Report. But at the same time the number of vulnerabilities shot up significantly, with 2,524 new vulnerabilities reported in 2002, 81.5% over 2001. Power and energy companies saw the highest level of hacking and cracking attempts over the last six months of last year, with financial companies second. South Korea was cited as the source of many of the attacks, both because of the increased use of broadband Internet access in the country, as well as its usefulness as a hopping-off point for hackers. Hacking incidents from South Korea grew 62% between July and December last year.
The Register 3 Feb 2003

The entertainment industry is taking aim at new technology that has spawned a growing business dedicated to cleaning up movies and TV programs. On one side are a chain of video rental stores and a number of software companies that cater to an audience sick of gratuitous sex, violence and foul language in today's Hollywood offerings. On the other are film studios and the Directors Guild of America (DGA). The two groups are at legal loggerheads over software, such as MovieMask and ClearPlay, which filter out objectionable content, either by skipping certain frames entirely, or by substituting new dialogue, or in some cases by clothing naked actors or turning steel swords into light sabers. Last August, the owner of a Colorado "CleanFlicks" video store, which rents sanitized video tapes, fired the first volley by suing the DGA and asking a federal judge to declare the editing practices protected under federal copyright law. The following month, DGA filed a countersuit against CleanFlicks as well as the software companies that do the editing. Eight Hollywood studios have now joined DGA's fight, alleging that the companies violated trademark law when they rent or sell an altered movie in the original packaging. Meanwhile, moviemakers warn that the same software used to sanitize content could also be used to spice up G-rated fare. "It's a double-edged sword," says Jack Valenti, head of the Motion Picture Association of America. "If there are people who want to do it for benign reasons, that's one thing. But they can take 'Spider-Man' and make it into a pornographic movie, and that's a problem." A hearing on the CleanFlicks case is scheduled for Feb. 14.
AP 3 Feb 2003

The federal Drug Enforcement Administration (DEA) has arrested a Sacramento, CA, man for selling opium poppy pods on Internet auction site eBay, where he advertised them as "decorations"; each pod is the size of a golf ball and is at the end of a two-foot high stalk. An eBay executive said, "We check the site frequently for any illegal or illicit items and we remove them as fast as we find them," and he said that trying to use eBay to sell illicit drugs online "might be one of the dumbest things you can do."
AP/San Francisco Chronicle 31 Jan 2003

Richard Clarke, the special adviser to the president on cybersecurity, plans to resign from his position in the coming weeks. Some see Clarke's resignation, and his earlier decision to decline a position in the Department of Homeland Security, as responses to the Bush administration's level of support for his initiatives to address Internet security, though others contend he simply wants to pursue different challenges. Although criticized for being alarmist, Clarke's concerns about the threat of terrorism were shown to be reasonable by the 9/11 attacks, after which he was appointed head of a new White House Office of Cyberspace Security. Some analysts view Clarke's efforts to secure cybersecurity as ineffectual and too soft on corporate responsibility. Clarke is the author of the draft of the National Strategy to Secure Cyberspace; his resignation is expected to follow the report's upcoming release.
Washington Post 31 January 2003

Verizon Communications is asking a federal appeals court to declare unconstitutional a lower-court decision that ordered it to reveal the identity of a customer suspected of downloading copyrighted music files over the Internet. Verizon deputy general counsel John Thorne says, "I see a great jeopardy of privacy for people who are not doing anything wrong," and notes the lower court's ruling would make it possible for "strangers, stalkers, telemarketers, pollsters, creditor and anybody else" to obtain the identity of almost any Internet user. "No matter where you go, your identity can be compelled to be revealed under this process."
Reuters/USA Today 30 Jan 2003

The U.S. State Department will soon give law enforcement officials access to a database containing 50 million overseas applications for U.S. visas. The information will be accessible by intelligence agencies, the FBI, and police departments throughout the country. Although the database will not be making any new information available (but simply making existing information more accessible to law enforcement agencies), a Justice Department official says: "There is a potential source of information that isn't available elsewhere. It's not just useful for terrorism. It's drug trafficking, money laundering, a variety of frauds, not to mention domestic crimes." But some civil liberties advocates say they are worried that the system will be abused by over-use: "The availability of this information will change police conduct. You are more likely to stop someone if you have the ability to query a database. The data chases applications."
New York Times 31 Jan 2003

Internet users increasingly view the Web as an important source of information, although at the same time they're more likely to question the validity of that information, according to the UCLA Internet Report. The report also found that users watched 5.4 fewer hours of TV per week in 2002, presumably to make time for more Web surfing. "The real growth we think in the Internet and the perception of it now is as a place you go to find things out. The Internet has made very few inroads as a place you go to be entertained," says Jeff Cole, director of the UCLA Center for Communication Policy, which conducted the survey. Of the 71% of Americans who use the Net, 61% characterized it as "very important" or "extremely important," compared with 58% for newspapers, 50% for TV and 40% for radio. But at the same time, only 53% of Internet users thought all or most of the information online was credible, down from 58% in 2001. "What we're finding, and what's reflected in this year's data, is that people are starting to get a little skeptical," says Cole. "I think it shows people are getting smarter or will get smarter."
Reuters/CNet 31 Jan 2003

The latest cyber attack (last weekend's SQL Slammer virus, which infected thousands of computer servers throughout the world) has given a new boost to "network risk insurance" (AKA "hacker insurance"), which is expected to grow from the $100 million industry it is now to a $2.5 billion industry by 2005. Bruce Schneier, the chief technology officer for Internet security at Counterpane, thinks that insurance is every bit as important as prevention: "I believe that within a few years hacking insurance will be ubiquitous. The notion that you must rely on prevention is just as stupid as building a brick wall around your house. That notion is just wrong." But getting "hacker insurance" is not as easy as one might think, because insurers typically require a third-party assessment of the insurance applicant's security system, which might cost as much as $50,000.
Reuters/USA Today 28 Jan 2003

The Federal Trade Commission reports that identity theft is the most commonly reported consumer crime, comprising 43 percent of complaints. In 2002, 162,000 reports were filed, up from 86,000 in 2001, an increase which may reflect heightened consumer awareness more than an increase in identity-theft crimes. Statistics for the FTC report are compiled from state and federal sources. The most common use for stolen identities is to open credit card accounts (25 percent), followed by bank and loan frauds and false cell-phone accounts. Identity theft often involves an insider at an organization who has access to personal information like credit card numbers, social security numbers, dates of birth, and the like. The rise of white-collar crime, including identity theft, is due in part to its relative ease and to less severe penalties compared with those for violent crimes. As more people use the Internet to process information like bank and loan applications, the potential for such fraud increases.
New York Times 23 January 2003 (registration req'd)

The U.S. Senate voted 69 to 29 to add to an appropriations bill a moratorium on the government's Total Information Awareness (TIA) program. TIA is the federal government's planned data-mining tool, which would comb disparate data sources looking for indications of terrorist activity. Privacy advocates have fought against TIA since it was announced, saying that it would give the government a free hand in snooping on its citizens and could pose a significant threat to civil liberties. The Senate-introduced moratorium would ban use of TIA unless specific authorization is given by Congress or the president can show that not using TIA would "endanger the national security of the United States." Because a House of Representatives version of the appropriations bill does not include the moratorium, its fate will be decided by a conference committee.
CNET 24 January 2003

The latest group to argue against government mandates for protecting digital content is the newly created Alliance for Digital Progress (ADP), which is made up of 27 organizations, including major high-tech companies Apple Computer, Dell Computer, Hewlett-Packard, and Microsoft. Frederick McClure, president of ADP, said the new group opposes efforts by media companies to push governmental action on copy controls. He said the ADP is concerned about protection of copyrighted material but supports private-sector actions to deal with the problem. McClure cited a survey that showed 72 percent of Americans think private-sector efforts are the best way to control digital piracy and said that revenues for the motion picture industry have continued to increase even while it complains about piracy. Technology companies have opposed all proposals, including the Consumer Broadband and Digital Television Promotion Act, introduced by Senator Fritz Hollings, that would require copy-protection features to be installed on consumer electronics devices.
PCWorld 24 January 2003

Office workers with corporate broadband networks have long enjoyed high-speed access to online entertainment, shopping and other personal pursuits, but a widespread crackdown on non-work-related Internet use may be looming, driven by cost-cutting efforts and increased scrutiny of workers' surfing habits. "I think it was an issue of productivity -- people were spending too much time on these sites. I know people who were bidding on eBay all day long," says one office worker who admits to logging on to online dating sites several times a week. According to Websense, an estimated $85 billion in productivity is lost annually to workers wasting time on the Net. But the corporate backlash is bad news for Web sites courting broadband users at a time when nearly 87% of people accessing the Net from work are using a broadband connection, compared with about 28% from home. Companies that stand to lose from the crackdown include game sites like "The Sims," e-commerce hot spots like eBay, online dating sites like Matchmaker.com, and news and entertainment outlets offering rich media formats such as video and audio clips. "Given that about 40% of the activity (in many of these areas) is coming from work, if (blocking) became a pervasive practice in the workplace, it would impact the business," says a Bear Stearns analyst. A network performance analyst at a Fortune 10 company argues that companies have to take steps to protect their network resources: "If you're looking at a company with an $82 million IT budget, and 10% of the network is going to nonwork uses, you're saving $8 million if you can stop it."
CNet News.com 24 Jan 2003

Simon Vallor, from Llandudno, Wales, was sentenced two years in prison by a London magistrate who said that Vallor's actions "cried out for the imposition of a deterrent sentence." The judge brushed aside Vallor's request for leniency, saying: "These offenses were planned and very deliberate. Frankly, when you go to this trouble to make a sophisticated virus, programmed to leave damage this week, next week and the week after, it is absurd to claim you do not intend to do harm. These were by no means isolated offenses and they were committed over a period of time." Vallor wrote the viruses called Admirer, Redesi B, and Gokar, and was judged to be responsible wreaking damage in at least 46 countries.
The Western Mail, Wales, 22 Jan 2003

The U.S. Senate voted yesterday to block funding of the Defense Department's Total Information Awareness (TIA) program, which when developed would use "data mining" techniques to scan for patterns in worldwide communications activity and use those patterns to identify terrorist threats. Calling TIA "the most far-reaching government surveillance program in history," Senator Ron Wyden (D-Ore.) said that by blocking R&D funds the Senate thereby "makes it clear that Congress wants to make sure there is no snooping on law-abiding Americans," even if the purpose of the activity is to prevent terrorist attacks against the United States.
Reuters/San Jose Mercury News 24 Jan 2003

The number of identity thefts doubled in 2002, with 162,000 reports of identity theft compared to 86,000 the previous year. However, the Federal Trade Commission says that the rise in identity theft complaints does not necessarily mean an increase in actual crimes -- it may simply reflect an increasing public awareness of the problem and a greater likelihood that such incidents are now being reported. But an official of the Michigan State Police points out that many former violent criminals are now using the Internet for identity theft: "They are switching over to white-collar crime because it's more lucrative and they know they will get less time. Identity theft is not necessarily a sophisticated crime."
New York Times 23 Jan 2003

Several large universities, including the University of Colorado (CU) at Boulder, the University of Washington, and Stanford University, have begun requiring the use of secure sockets layer (SSL) for e-mail and other communications. SSL adds encryption to the links between campus servers and client applications, boosting security by preventing hackers from eavesdropping. Despite an awareness campaign on the CU campus, however, many users had not modified their e-mail programs to work with SSL by the October 15 deadline, so the university extended the deadline until January. At CU, encryption is also now required for FTP and telnet. Because many FTP and telnet applications do not support encryption, users have had to change to other applications. University officials said the encryption requirement is important because of the risks of having personal information, including passwords, stolen.
Chronicle of Higher Education 21 January 2003

Researchers at the State University of New York (SUNY) at Buffalo are working on a prototype software application designed to identify data intrusions "on the fly" by profiling the habits of network users. Proponents of such an approach argue that those with malicious intent reveal their actions in deviating from the routine in performing tasks like opening files, sending e-mail, or searching archives. The "user-level anomaly detection" being developed by SUNY monitors user activities, rather than traffic across an entire network, looking for actions or patterns that suggest malicious intent. The biggest benefit of profiling systems is in thwarting insider attacks. Security and cryptography expert Bruce Schneier said systems like SUNY's "live and die on false alarms," which are extremely difficult to eliminate.
Wired News 20 January 2003

Several hundred high-level programmers attended a conference at the Massachusetts Institute of Technology (MIT) devoted to the latest tactics to fight spam. Spam is a formidable foe, as evidenced by its increase in total Internet e-mail traffic from 8 percent in 2001 to as high as 40 percent last year alone, according to Brightmail. According to Ferris Research, spam costs businesses in the United States $8.9 billion and in Europe $2.5 billion annually. MIT computer scientist William S. Yerazunis compared spam to petty street crime and claimed that "the theft efficiency ratio is about the same as stealing hubcaps and car radios." The conference centered on a language developed by Yerazunis, touted as nearly 100 percent effective, that "hashes" messages by matching incoming phrases with previous text sent by the user, thereby identifying inconspicuous spam. Another programmer is working on code that will recognize disguised text as spam. Such filters, however, must be able to sort out spam from "ham," or desired e-mail. Some involved in the fight against spam, including Era Eriksson of the Coalition Against Unsolicited Commercial Email, believe that only legislation will stop spam.
New York Times 18 January 2003 (registration req'd)

To facilitate the enforcement of the 1998 Digital Millennium Copyright Act, a federal district court judge in Washington has ordered Verizon Communications to identify a subscriber whom the Recording Industry Association of America (RIAA) suspects of using to Internet to make available unauthorized copies of several hundred copyrighted songs. The ruling is significant for at least two reasons. First, it shows that the recording industry is now targeting not only big companies accused of large-scale copyright violations but also individual violators. Second, it indicates that a willingness by the court to compel Internet service providers to yield subscriber information without requiring a copyright holder to file a lawsuit.
New York Times 22 Jan 2003

Researchers at the State University of New York at Buffalo are developing software that tracks and analyzes how each computer user performs his or her routine tasks, such as opening files, sending e-mail or searching archives, to create individual profiles. The "user-level anomaly detection" software then alerts network administrators if a worker's behavior deviates from his or her profile so that they can monitor that employee's activities more aggressively. "The ultimate goal is to detect intrusions or violations occurring on the fly," says head researcher Shambhu Upadhyaya. "There are systems that try to do this in real time, but the problem is it results in too many false alarms." Some rival computer-security products also feature user profiling, but it's based on huge amounts of data flowing through entire networks. Upadhyaya says such detection systems are usually 60% to 80% reliable, whereas simulation tests indicate the new software would be up to 94% accurate. One information specialist says, "Other intrusion techniques require something like looking at audit logs after the damage has already occurred. The advantages offered by this approach is an intruder with malicious intent can be identified very early and a system operator can contain the damage, repair it in real time and shut out the intruder. This means that systems that have been attacked by an intruder maliciously might not necessarily be brought down."
Wired.com 20 Jan 2003

Kevin Mitnick, once tagged by the government as "the most-wanted computer criminal in U.S. history," is now ending his probation and will once again be free to start using the Internet. (He intends to set up shop as a computer security consultant.) Legal experts disagree about whether computer criminals can be banned from Internet activity even after they have served sentences and finished their probationary periods. Jennifer S. Granick of the Stanford Center for Internet and Society says no: "Computers are everywhere. The A.T.M. is a computer; the car has a computer; the Palm Pilot is a computer. Without a computer in this day and age, you can't work, you can't communicate, you can't function as people normally do in modern society." Ross Nadel of the U.S. Attorney's office in Northern California says yes, arguing that banning someone from the Internet may be necessary if in a particular case Internet use was integrated and inseparable from the crime that was committed. The courts are similarly divided on the issue, and legal observers don't expect the question to be fully resolved for many years.
New York Times 21 Jan 2003

A recently formed group called the Homeland Security Industries Association (HSIA) met this week with members of Congress to push for quicker government spending to strengthen homeland security. The HSIA currently has about 100 members and considers itself a broad, umbrella group for any company with a stake in U.S. homeland security. Bruce Aitken, president of the HSIA, said the $2.9 billion reportedly spent by the U.S. government in 2002 for IT projects related to security was "diminutive compared to what it can be and what it should be." Celia Wexler of watchdog group Common Cause said the HSIA is one of several new lobbying organizations intent on getting "a piece of the multibillion dollar homeland security pie." Wexler said that although some groups like the HSIA do have positive impacts on certain issues, voters and lawmakers should be cautious about the efforts of such groups, some of which are simply "diving in for big bucks."
IDG 16 January 2003

A new report written by two graduate students at the Massachusetts Institute of Technology highlights the risks and prevalence of failing to erase information on unwanted hard drives. Simson Garfinkel and Abhi Shelat bought 158 used hard drives, many from eBay but some from businesses and used-computer stores. Garfinkel and Shelat were able to recover data from 49 of the 129 drives that functioned. Among the information the two found were corporate personnel memos, pornography, credit-card numbers, and, from a hard drive that may have come from an automated teller machine, account numbers, transaction dates, and balances. Tools exist that will genuinely erase information from hard drives, but most people don't use them or understand why they need to, said Mr. Garfinkel. When a hard drive is reformatted, he said, a warning usually indicates that all data will be lost, but in truth more than 99 percent of the data remains on the drive and is often recoverable.
Chronicle of Higher Education 17 January 2003

MIT graduate students Simson Garfinkel and Abhi Shelat bought 158 hard drives at second hand computer stores and eBay over a two-year period, and found that more than half of those that were functional contained recoverable files, most of which contained "significant personal information." The data included medical correspondence, love letters, pornography and 5,000 credit card numbers. The investigation calls into question PC users' assumptions when they donate or junk old computers - 51 of the 129 working drives had been reformatted, and 19 of those still contained recoverable data. The only surefire way to erase a hard drive is to "squeeze" it - writing over the old information with new data, preferably several times - but few people go to the trouble. The findings of the study will be published in the IEEE Security & Privacy journal Friday.
(AP 16 Jan 2003)

In a new report called "Bigger Monster, Weaker Chains," the American Civil Liberties Union says that there is a rapidly growing "American Surveillance Society" brought about by "a combination of lightning-fast technological innovations and the erosion of privacy protections" threatening "to transform Big Brother from an oft-cited but remote threat into a very real part of American life." This "surveillance monster" includes, among other things, cameras monitoring public spaces, proposals for databases filled with personal information on U.S. citizens, and anti-terrorist legislation allowing the government to demand that libraries turn over reading histories of their patrons. Yet the report asserts that these monsters don't even have to be real for them to be terrifying: "It is not just the reality of government surveillance that chills free expression and the freedom that Americans enjoy. The same negative effects come when we are constantly forced to wonder whether we might be under observation."
AP/USA Today 16 Jan 2003

Citing its customers' need for privacy, a chain of Hong Kong health clubs has banned the use of mobile phones in its locker rooms. At issue is the new generation of phones that can record and transmit video and still photos. Analysts say the new policy at Physical is one of the first cases they've heard of connected with the new cell phone capabilities. Fitness First, another Hong Kong chain that competes with Physical, is also considering a ban on cell phone use in some areas, and in nearby Macau, the use of the new camera-equipped cell phones has become an issue for the territory's 11 casinos. A spokeswoman for the casino company says traditional cameras are now prohibited in the establishments but that cell phones, which are extremely popular in Hong Kong, have yet to be forbidden. "This is something new that's come up. We have inspectors watching. Should they find anyone using these phones, because it's just like a camera, they will delete whatever photos were taken."
Reuters/CNet 14 Jan 2003

In a not-unexpected decision Wednesday, the U.S. Supreme Court upheld the extension to copyright that Congress enacted in 1998. Without the extension, copyrights on movies including "Casablanca," "The Wizard of Oz," and "Gone With the Wind," as well as on an early version of Mickey Mouse, would have expired or would soon expire, potentially costing the companies that own those copyrights hundreds of millions of dollars. Eric Eldred had challenged the extension in court. Denying the challenge, the Supreme Court ruled that neither did Congress overstep its authority in granting the extension, nor does the extension violate constitutional rights of free speech. In 1790, copyright lasted 14 years; the 1998 action by Congress places copyright limits at 70 years after the death of the creator, or, for works owned by corporations, 95 years. The Bush administration had indicated to the court that in its opinion Congress had the right to grant the extension, even if justices personally did not agree with it.
San Jose Mercury News 15 January 2003

Campus police at Ohio State University are evaluating charges against an individual they think is responsible for bombarding the university's computer network last month with 11 million phony e-mail messages over a several-day period, crippling Internet access and delaying e-mail distribution for days. The police have not disclosed the content of the messages, nor identified the suspect, who may be facing charges of illegal tampering with records, theft, unauthorized use of a computer system, and vandalism.
AP/USA Today 15 Jan 2003

So, you think you cleaned all your personal files from that old computer you got rid of? Two MIT graduate students suggest you think again.
JUSTIN POPE, AP Business Writer Wednesday, January 15, 2003

The most recent draft of the National Strategy to Secure Cyberspace, acquired by the Associated Press, shifts responsibility to defend the Internet to the Department of Homeland Security and away from the private sector, while reducing the number of security proposals from 86 to 49. A recommendation for the government to regularly consult with privacy advocates about how proposed security measures would affect civil liberties has been eliminated, prompting James X. Dempsey of the Washington-based Center for Democracy and Technology to question the Bush administration's "willfully raising privacy concern," even after having been heavily criticized by privacy advocates in the past. The draft also clearly states that the Defense Department can wage cyberwarfare if the nation is attacked and increases the role of the CIA and FBI. Critics pointed out the lack of new regulations in the plan, saying that regulations would provide the easiest method for improving security. They implied that the White House's decision to eschew new regulations was a response to concerns that U.S. corporations would face financial burdens in compliance. President Bush is expected to sign the plan in the coming weeks.
Wired News 7 January 2003

While the 107th Congress left dozens of technology-related bills on the table when it adjourned, observers expect renewed attention and interest in measures dealing with spam, copyright, and Internet taxes from the 108th session of Congress. A bill that would significantly alter the Digital Millennium Copyright Act was reintroduced Tuesday. The bill would affirm users' rights to circumvent copy-protection measures in the name of fair use of legally purchased products. Last year Sen. Fritz Hollings introduced a bill that would force makers of computers and consumer electronics to install copy-protection technology, but the bill died, in part due to opposition from Sen. Patrick Leahy and Rep. Dick Armey. In the new Congress, however, Leahy has lost his chairmanship of the Judiciary Committee and Armey has retired, signaling a possible reintroduction of the Hollings bill. A recent announcement that the Direct Marketing Association will support anti-spam measures, coupled with a continued rise in the amount of spam and associated costs, could lead to spam-limiting legislation from this session of Congress.
CNET 8 January 2003

While both Democrats and Republicans were likely to turn to the Internet as a source of news and political information during last fall's midterm elections, Republicans were much more likely to register their views in online polls, according to a study by the Pew Internet and American Life project. Nearly half of the Republicans who went online in search of election news said they liked to participate in online polls, compared with 23% of Democrats. The bottom line is that Web sites operating online polls should take those results with a grain of salt, says Lee Rainie, director of the Pew project. "They very much skew toward more conservative views. People who rely on Internet polls are relying on a false indicator."
Wired.com 6 Jan 2003

Educators from more than 100 institutions of learning are working on projects that will expand the National Science Digital Library (http://nsdl.org) by creating new portals, incorporating other libraries, increasing accessibility of information, and building new interactive learning environments. The NSDL is intended to support science education at all levels, from pre-kindergarten to post-doctoral, and will include coverage of mathematics, the sciences, engineering and technology. NSF staffer Lee Zia says, "We have a commitment over the next four to five years to grow this program, but future funding is a little bit unknown right now. We have high hopes, but that's something we don't have a lot of control over."
USA Today 3 Jan 2003

Surveillance technology has gone from a technology that (if the power didn't fail) produced grainy black-and-white tapes to one using solar-powered digital cameras that can send color images over digital networks to databases, which can be examined by software to identify potential problems and immediately alert security guards. Bruce Finchbaugh, a Texas Instruments researcher, describes this development as "adding new intelligence to redefine security," and Hoover Institute research fellow Nick Imearato predicts that the new technology will get cheap enough for it to "migrate to millions of businesses and even homes." But Lee Tren, an attorney at the civil liberties-focused Electronic Frontier Foundation, urges caution because "this kind of continuous recording can be very dangerous, especially if coupled with technology to recognize faces. You have to always ask what is the compelling justification for such surveillance."
San Jose Mercury News 6 Jan 2003

"Safe and Drug-Free Schools"
("This page last modified - January 6, 2003" - as of 2.13.03, jad)

In an anticlimactic finding, a Harris Interactive poll released Friday reveals that 96% of the 2,221 respondents find unsolicited commercial e-mail annoying, and nearly three quarters of those favor making spam illegal. Pornographic spam messages were deemed most troublesome, according to 90% of respondents, while 79% cited mortgage and loan come-ons as objectionable. Less annoying (but not by much) were investment opportunity and real-estate spam. Meanwhile, consumers needn't look for a break from spam mail any time soon - despite a recent crackdown by the Federal Trade Commission on fraudulent schemes advertised on the Internet, the incidence of spam continues to grow. According to anti-spam software maker Brightware, unsolicited messages made up 40% of all e-mail in November - up from 13% a year earlier. The Senate Commerce Committee passed a bill last May to set guidelines for unsolicited e-mail, but no further action has been taken by the full Senate.
Wall Street Journal 3 Jan 2003
http://online.wsj.com/article/0,,SB1041520792726749513.djm,00.html (sub req'd)

A federal appeals court has asked California's Supreme Court to rule on whether Network Solutions Inc., the largest U.S. domain registry, must face a multimillion-dollar damage claim from the rightful owner of the sex.com domain name. The ruling could lead to a flood of lawsuits against domain registries, particularly NSI, from hundreds of people who claim their domain names were also stolen. The current case stems from a lawsuit filed in 1998 by Gary Kremen who registered the sex.com name with NSI in 1994. In October 1995, NSI received a letter purportedly from Kremen asking that the name be reregistered to a company headed by Stephen Cohen. NSI complied without attempting to verify the validity of the request, and then refused to undo the transfer when alerted to the fraud. Meanwhile Cohen, who was using the domain name for a lucrative porn business, fled the country before Kremen's lawsuit against him went to trial in 2001. Kremen, who is now using sex.com for his own porn business, was awarded $65 million in damages from Cohen for fraud (which he'll probably never collect) and is now requesting an additional $30 million from NSI for allowing the fraudulent transfer.
San Francisco Chronicle 4 Jan 2003

A study by the Pew Internet and American Life Project indicates that most Americans who are not users of the Internet have very high expectations of the Internet. According to the study, 64 percent of nonusers expect that useful information is available online in the areas of health care, government, news, or shopping. For those who use the Internet, 97 percent expect to find information in one of those areas. Overall, many expectations are in fact met by experience when using the Internet. Seventy percent of those in the study said that, typically, they were able to find what they were looking for on the Internet. In the study, satisfaction with news and shopping online rated the highest, while finding information about government ranked the lowest.
Associated Press 30 December 2002 (registration req'd)

In response to fairly vocal criticism of plans to create a system to monitor much Internet traffic in an effort to identify and prevent potential terrorist activity, the Bush Administration tried Friday to address fears that the system would compromise privacy and personal information. Richard Clarke, President Bush's advisor on cyberspace, said that the proposed system would not be used to scan and read individuals' e-mails. The plan, he said, "articulates a strong policy of protecting citizens' privacy in cyberspace." Some of the concern over the proposed system comes from a change from earlier drafts of the proposal, which specified that a monitoring center would be run by private board rather than by the government. The newest draft indicates that a monitoring center "could be operated by the private sector but could share information with the federal government through the Department of Homeland Security."
Wall Street Journal 20 December 2002 (sub. req'd)

A report from the U.S. Department of Justice says that despite the increased need for effective management of IT resources following September 11, the Federal Bureau of Investigation (FBI) has shown "major weaknesses" in that regard. The report is based in part on interviews conducted by the General Accounting Office (GAO) and by the Justice Department's Office of the Inspector General with officials at the FBI, the Justice Department, the GAO, and the Office of Management and Budget. According to the report, "the FBI continues to spend hundreds of millions of dollars on IT projects without adequate assurance that these projects will meet their intended goals." The Justice Department said this problem results from continued insufficient management attention to IT investments.
ComputerWorld 20 December 2002

In light of the federal government's various plans to increase national security through electronic monitoring, some technology experts point out that many of the tools for such a program are already in place. Creating a dragnet to prevent terrorism, they say, would largely involve piecing together information that is currently collected and stored in disparate areas. From data concerning cellular phone calls to traffic records taken from passing through toll booths, the government has a potentially large pool of information to use from existing systems. Civil libertarians worry over possible abuses of the proposed data collection. Supporters suggest that an information system might coordinate data about foreign visitors taking flying lessons at different flying schools, for example, with airline reservation systems showing those same visitors with plane tickets for the same day.
New York Times 23 December 2002 (registration req'd)

In order to monitor the U.S. civilian population in its effort to detect terrorists, the government's Total Information Awareness program will rely almost completely on data collection systems that are already in place - e-mail, online shopping and travel booking, ATM systems, cell phone networks, electronic toll-collection systems and credit card payment terminals. Technologists say that what the government plans to do in data sifting and pattern matching in order to flag aberrant behavior is not very different from programs already in use by private companies. For instance, credit card companies use such systems to spot unusual spending activities that might signal a stolen card. The early version of Total Information Awareness uses a commercial software collaboration program called Groove, which was developed in 2000 by Ray Ozzie, inventor of Lotus Notes. Groove enables analysts at various government agencies to share intelligence data instantly, and links programs that are designed to detect suspicious patterns of behavior. However, some computer scientists question whether such a system can really work. "This wouldn't have been possible without the modern Internet, and even now it's a daunting task," says cryptology expert Dorothy Denning, a professor in the Department of Defense Analysis at the Naval Postgraduate School. Part of the challenge, she says, is knowing what to look for. "Do we really know enough about the precursors to terrorist activity? I don't think we're there yet."
New York Times 23 Dec 2002

Responding to concerns that the Internet monitoring center proposed by the government's forthcoming report "National Strategy to Secure Cyberspace," President Bush's top cyberspace adviser, Richard Clark, says that the plan contains nothing which "in any way suggests or proposes a government system that could extend to monitoring individuals' e-mails"; to the contrary, it "articulates a strong policy of protecting citizens' privacy in cyberspace." The Bush administration contemplates that any Internet monitoring operation would be run by the private sector and not the government. There is no proposal for monitoring e-mail or other data traffic of Internet users.
USA Today 20 Dec 2002

A proposal in the current version of the National Strategy to Secure Cyberspace report, to be released in early 2003, requires that Internet service providers (ISPs) comply with the government's efforts to build an "early-warning center" to monitor the Internet. Subject to Congressional and regulatory approval, the report defines an Internet strategy for the Department of Homeland Security to defend against Internet-based attacks, as well as computer viruses and worms. The new version gives government a central role over industry for the monitoring center. While intended to gauge the status of the worldwide network overall, the system could function as a wiretap, prompting concerns "about the privacy implications of this as well as liability," according to Stewart Baker, a lawyer for many ISPs. Tiffany Olson of the President's Critical Infrastructure Protection Board points to the need to view and monitor the "entire picture" of the Internet and argues that gathering the data would not necessarily require monitoring individual use. Yet an industry official cautions that providing such data would necessitate real-time monitoring and envisions the system as more invasive than Carnivore, the FBI's heavily criticized e-mail surveillance system.
New York Times 20 December 2002 (registration req'd)

The President's Critical Infrastructure Protection Board is planning to propose that Internet service providers be required to help build a centralized monitoring system that could be used to protect network users from both computer viruses and terrorist attacks. The plan would be part of an Internet strategy for the new Department of Homeland Security. Some technology company executives say they fear that the system could be used to invade individual privacy but Tiffany Olson, chief of staff for the Board, says that the plan will not require gathering data that would allow monitoring at an individual user level. She says a centralized monitoring system is needed because, currently, "we don't have anybody that is able to look at the entire picture. When something is happening, we don't know it's happening until it's too late."
New York Times 20 Dec 2002

The German state of North Rhine-Westphalia plans to require the Internet service providers located within its jurisdiction to block two U.S.-based neo-Nazi Web sites. Government official Ulrich Shiefelbein says: "We don't want such content to be available to everyone." Internet service providers in the state are appealing the decision of a court that approved the plan, and are threatening to leave North Rhine-Westphalia for other German states that don't have such requirements.
AP/San Jose Mercury News 19 Dec 2002

This week President Bush signed the E-Government Act of 2002, which is intended to foster more effective and efficient electronic communication among government agencies and with government employees and the public. The bill creates an Office of Information, within the Office of Management and Budget, which is directed by a federal chief information officer. Groups such as the Information Technology Association Of America supported the bill and said its passage relatively soon after the September 11 attacks-which highlighted breakdowns in government systems-was coincidental. The bill also won support from privacy groups, which typically are opposed to measures that facilitate greater and easier gathering and sharing of personal information among government agencies.
CNET 17 December 2002

Research firm IDC has released its list of prognostications for 2003, and high on its list is a prediction that a major cyberterrorism event will occur, disrupting the economy and crippling the Internet for a day or two. "The war with Iraq will galvanize hackers," says John Gantz, chief research officer for IDC. On the sunnier side, IDC forecast: a 6% rise in spending on information technology and telecommunications, a rebound in sales of midrange server computers; and a boost in Linux's market share at the expense of Unix. "We're saying that Linux will eat Unix," says Gantz. Other predictions include: a stagnant or shrinking IT services market as companies scale down project size and turn to IT outsourcing; a booming wireless LAN market, which will delay the introduction of so-called third-generation wireless communications networks; and a 27% increase in online messaging, with the total number of e-mail messages sent each day rising 30% to 40 billion a day. "There will be more spam in your life," says Gantz.
CNet News.com 12 Dec 2002

"There's a growing acknowledgment among executives that insiders can do more damage than the smartest outside hacker," says a Manhattan systems administrator. With that in mind, computer forensics software is targeting employee habits and behavior in an effort to stop corporate crime before it happens. Products like Savvydata's RedAlert collect, consolidate and analyze employee information to determine an individual's threat to the organization, based on what files employees accessed, the contents of their e-mails, and which company policies they violated. That information can then be combined with RedAlert's subscription-based Intelligent Information Dossier service, which allows corporate IT folks to research workers' criminal histories, credit information, financial asset details, friends and associates. Some IT workers think RedAlert goes too far: "RedAlert totally freaked me out," says a systems administrator for a Wall Street firm. "I understand why you'd need something like this if you are the CIA, but for standard biz use - I just don't think I'd work at a company that used these sorts of tools." Meanwhile, other products such as EnCase Enterprise Edition scour the network to see if any workers possess "unauthorized information" in order to prevent problems such as fraud, future lawsuits and other issues.
Wired.com 13 Dec 2002

Stanford Law School professor Lawrence Lessig says the time is ripe for regulators to take a stand on ensuring that access to the Internet remain neutral, and preventing access providers from controlling how consumers use the network. The Internet is essentially an "end-to-end" design, comparable to the electrical grid or the highway system, says Lessig. All the innovation comes from people using, not from the network itself. "But increasingly - U.S. broadband companies are trying to ensure that they have the power to decide which applications and content can run. Under such a regime, if Microsoft wants to sell Xboxes to run on the broadband network then it will have to pay the network providers for that privilege. Or if Disney wants to stream movies on the Internet, it too will have to pay the network tax," says Lessig. And while some people may think taxing Microsoft and Disney is not such a bad thing, the precedent it sets would stymie the growth and potential for innovation on the network. "It might seem strange that this lesson in preserving the original values of the Internet should come from Microsoft and Disney - two companies that have suffered a great deal of criticism from network activists. But on this issue both deserve praise. Policymakers must see that what makes innovation possible on the Internet is the freedom to innovate without the permission of a network owner."
Financial Times 13 Dec 2002

Who's Lawrence Lessig?  A professor at Stanford Law School, Lessig is Founder of the Stanford Center for Internet and Society, author of The Future of Ideas and Code and Other Laws of Cyberspace, and has lots of other notable gigs. YOUR interest in him should begin with this story and expand to watching this cool flash movie from 24 July 2002 ... but only do it with a FAST connection, as it's 8603K in size! [back to this story; back to "Copy Protection Efforts" story]

Web activists have uncovered the home address and phone numbers for government surveillance head John Poindexter and bulk spammer Alan Ralsky, and have posted the information on more than 100 Web sites. The action has led to Ralsky being deluged with junk mail and Poindexter undergoing the scrutiny that every American soon will experience. An article in the Detroit Free Press quoted Ralsky as complaining, "They're harassing me," after anti-spammers signed him up with as many direct mail agencies as possible. In Poindexter's case, his home address, complete with satellite photos, has been published online as well as his phone number and those of his neighbors. That's actually just a small portion of the personal information the U.S. government plans to collect under Poindexter's Total Information Awareness program, which will compile credit card, medical, travel, school and other records in an effort to spot terrorists.
BBC News 16 Dec 2002