[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips July 30, 2002

Clips July 30, 2002

ARTICLES

Senate to Delay Voting On Homeland Department
ICANN ordered to open records
The legal crackdown hasn't squelched MP3 trading
Workers' downloading puts employers at risk
Attack disables music industry Web site
Chinese dissidents publish 'declaration of Internet users' rights'
Microsoft to disclose secret code
Lawmakers, staffers seek perfect PDA
Princeton Apologizes for Web Breach
Retailers test paying by fingerprint
You, too, can rock on the Web
States spar over UCITA act
Companies Must Protect Their Employees' Info, Too
Internet-Scam Sweep Targets 19 Online Fraudsters

**************************
Washington Post
Senate to Delay Voting On Homeland Department
Goal of Passing Bill by Sept. 11 Unlikely to Be Met
By Bill Miller and Helen Dewar

The Senate will not vote on its bill to create a Department of Homeland Security until it returns from a summer recess after Labor Day, all but dashing the hopes of congressional leaders who had hoped to establish the new counterterrorism agency by the one-year anniversary of the Sept. 11 attacks.

The measure will be the first order of business when the Senate returns, according to Ranit Schmelzer, spokeswoman for Majority Leader Thomas A. Daschle (D-S.D.).

House Minority Leader Richard A. Gephardt (D-Mo.) first advanced the idea to create the new department in time to commemorate the attacks on the World Trade Center and Pentagon. The plan quickly won bipartisan support and encouragement from the White House.

But the Senate, which wraps up deliberations for the summer Friday, still must vote on its bill and then begin negotiations with the House to develop legislation for votes in both chambers.

The House raced to pass its version of the bill late Friday, just before its own recess began. Many lawmakers had hoped the Senate would follow suit this week.

"If they don't get it done, that's disappointing," said Richard Diamond, a spokesman for House Majority Leader Richard K. Armey (R-Tex.). "We did our part."

Even with the revised timetable, President Bush's plan, announced June 6, to merge all or parts of 22 federal agencies into a single department remains on an accelerated schedule.

Daschle had said repeatedly that he hoped to bring up the legislation before the recess, which begins this weekend. But he ran into several obstacles, including a backlog of other legislation and efforts by Sen. Robert C. Byrd (D-W.Va.) and others to delay action for further study.

Lined up ahead of the legislation to create the department are bills to add a prescription drug benefit to Medicare, defense and other appropriations measures, and a House-Senate compromise on legislation to expand the president's trade negotiating authority.

Even if the Senate began debating the homeland security bill by Thursday, Byrd's objections could delay action for two days, meaning that the Senate would have to postpone the start of its recess, which members of both parties are reluctant to do.

As a result, Schmelzer said, Daschle will take the first procedural step by the end of the week: filing a motion for a vote to end any delaying tactics. There may be a vote on this "cloture" motion before the weekend, but no further action on the bill is planned until Congress returns, Schmelzer said.

Senate Minority Leader Trent Lott (R-Miss.) and House Majority Whip Tom DeLay (R-Tex.) yesterday criticized Daschle's decision to put off action until September.

The Senate Governmental Affairs Committee, led by Sen. Joseph I. Lieberman (D-Conn.), last week put together the bill awaiting Senate consideration. It differs sharply in some key areas from the legislation that passed the House, and it was opposed by most Republicans on the committee because it includes a provision protecting the civil service and union rights of the 170,000 employees who would staff the new department. The White House has threatened to veto the bill over those provisions.

Lieberman said yesterday that the prospects of getting a bill to Bush by Sept. 11 are "dimming, but it's not impossible." He noted that the Sept. 11 target was always a goal, not a deadline.

In the House, Republicans prevailed in giving the White House new management flexibility. They also inserted language that gives the nation's airports an additional year, to Dec. 31, 2003, to install devices that can detect explosives in baggage. Largely over those issues, many Democrats, including Gephardt, voted against the bill, which passed 295 to 132.
***********************
MSNBC
ICANN ordered to open records
Board member's access had been blocked by ICANN officials
By Brock N. Meeks

WASHINGTON, July 29 A board member and frequent critic of the secretive practices of the Internet Corporation for Assigned Names and Numbers, ICANN, the governing body overseeing domain names and policies, won the right Monday to inspect the group's confidential records and internal financial statements without first having to agree to nondisclosure rules that ICANN officials had previously demanded be met.
A CALIFORNIA SUPERIOR court judge ordered California-based ICANN to open its books to Karl Auerbach, an outspoken critic of the group to which he was elected to the board of directors via the first ever Internet-wide election process. One of Auerbach's first moves after being installed as a board member was ask to see ICANN's financial records and internal policy making directives.
But ICANN officials stonewalled Auerbach's request for 18 months, insisting he first agree to not publicly disclose any information he had access to. Auerbach refused to sign. The ensuing stalemate resulted in Auerbach filing suit seeking to force ICANN to open the books.
Judge Dzintra Janavs ruled from the bench Monday that ICANN must deliver all non-confidential, electronic-formatted records delivered to Auerbach by Aug. 2. That all paper-based, non-confidential documents be made available to Auerbach for inspection by Aug. 9 at the group's Marina del Rey, Calif. offices and that all confidential documents, in any format, be available to Auerbach for inspection at the group's office.
Judge Janavs held Auerbach to one caveat: he cannot disclose any "confidential" information without first giving ICANN at least ten days notice during which ICANN can ask the court to stop any such disclosure.
The judge also ruled that Auerbach doesn't have to sign any nondisclosure document.

TIMELY DECISION
The decision Monday comes amid a flurry of activity that always seems to be swirling around the controversial ICANN. First, Auerbach's term as a board member ends Oct. 31. And although Auerbach was the first of five outside board members chosen by the Internet users in the first ever global election, ICANN officials have since decided that such an election process is unworkable and nixed future elections for board members.
Second, ICANN, which is an independent non-profit organization, carries out its mandate under contract to the Department of Commerce and that contract also is rapidly coming to an end. Some members of Congress and Internet advocates are pressing Commerce to dump ICANN and take bids from other groups.
Judge Janavs was "quite concerned about the passage of time since Mr. Auerbach first made his request [to see the books] and the fact that he would be 'legislated out of office' in October," Bret Fausett, a California lawyer attending the hearing Monday, wrote in his ICANN related blog.
Fausett said the judge appeared particularly disturbed that it took ICANN ten months to simply come up with procedures for viewing the documents. When the judge found that no other directors had looked at the records before Auerbach's request, Fausett records Judge Janavs as saying: "That's a sad statement."
When ICANN's lawyer responded that outside directors are "entitled to rely on the work of outside consultants," Fausett noted the judge's incredulity at that remark, especially in wake of recent corporate scandals surrounding Enron and WorldCom.
"Yeah, we know how far that goes," Fausett quotes the judge saying. "Taking one's duties seriously means taking, from time to time, the initiative to look at things" and that the reason businesses have outside directors is to allow "independent inspections."

EVERYTHING AND NOTHING CHANGED
But ICANN sees the judge's ruling differently.
"The procedures we had in place are really no different now" from the judge's ruling today, said Mary Hewitt, ICANN's director of Communication, "it's just that the court's are involved."
However, the judge Monday ruled that those procedures "unreasonably restrict directors' access to corporate records and deprive directors of inspection rights afforded them by law."
Hewitt insists that ICANN offered Auerbach full access any time he wanted it, "with the caveat that he just not run amuck with everything that might be confidential."
Now if Auerbach decides to make any confidential information public "it's going to be up to a judge actually to decide if we have a problem," Hewitt said.
That statement infuriates Auerbach.
"I am not making any confidential information public, four exclamation points! I am not making any confidential information public, four exclamation points," Auerbach repeated, nearly yelling into his cell phone as he spoke to MSNBC.com from a noisy restaurant. "I'll keep saying it," Auerbach insisted, "because ICANN keeps saying I'm going to and ICANN keeps lying."
The trial record shows that Auerbach was the one who first proposed a notification period, said his lawyer James Tyre. The only difference is Auerbach initially proposed a seven-day notification period instead of the 10 days the judge ordered Monday, Tyre said.
Auerbach told ICANN that during the notification time "you're more than welcome to talk to me and it's very likely that I'll listen to your advise and if for any reason we can't come to an agreement you'll have time to go to court and get an order to prevent me from releasing the information," Tyre said of Auerbach's early attempts to "break the logjam."
For his part, Auerbach says he never had any intention of making confidential information public.
"I am getting this information for my own purposes, for my own use, to make better decisions and they've known that from day one," Auerbach said. "This whole 18-month delay, this whole sham they've put me through, has been nothing but them causing delay," he said. And as a result, "they've destroyed the public representation of ICANN by their 18 month delay.
"There should be crow eaten at ICANN," said James Love, director of the Consumer Project on Technology, a Washington-based Ralph Nader group. "One has to wonder, why has [the Department of Commerce] sat by and watched ICANN act like Enron or WorldCom?" Love said. "Why can't we insist that the word accountability be spoken in the same sentence" as control over the Internet's core computer systems, Love said.
************************
Government Computer News
Justice plans new network, PKI

By Wilson P. Dizard III
GCN Staff

The Justice Department intends to consolidate its data networks and implement a public-key infrastructure, according to a plan it issued Friday.

Attorney general John Ashcroft has approved the plan and the department will begin implementing it immediately, said Andy Anderson, special assistant to Justice CIO Vance Hitch.

The department's IT Strategic Plan points out that Justice runs more than 250 systems, most of them legacy applications developed by component organizations to meet specific needs.

"This approach has introduced an unnecessary level of cost, complexity and risk, and inadvertently created technical barriers to sharing information," the plan said. To impose order on the department's IT, the plan proposes adopting an infrastructure architecture to assure interoperability and create technical standards for Justice systems.

The proposed single, national data network would replace existing systems such as the Justice Consolidated Network, which relies on Sprint Corp.'s public-switched backbone. According to the plan, the department operates a potpourri of networks to serve its components around the nation and the headquarters in Washington region.

The new network would use TCP/IP. "It will emphasize promoting information sharing, providing enhanced security across the board and ensuring continuity of network operations," the plan said. An appendix to the plan recommended that Justice outsource the operation of the new network.

To improve systems security, the department has developed a database that tracks the remediation of security weaknesses, the plan said. "This database is a single repository of findings and corrective actions identified through the component certification and accreditation activities, [inspector general] audits, penetration testing and other reviews (including the self-assessments required under the Government Information Security Reform Act)."

The plan for a PKI calls for Justice to implement the technology to strengthen security and promote information sharing across organizational boundaries. The PKI initiative also would promote the department's e-government plans by establishing a framework for communicating with law enforcement agencies across federal, state and local governments.

"A departmentwide PKI effort will ensure consistency in approach, minimize duplication of effort, and reduce requirements for cross component verification and validation," the plan said.

The plan also endorses common systems for use departmentwide where duplicate systems serve similar needs, a strategy for business process re-engineering, an e-government plan, a strengthened role for the department's CIO and a IT work force plan.
*************************
News.com
Independent label waives Web radio fees


By Reuters
July 29, 2002, 3:35 PM PT


Artemis Records, home to such artists as country-rock singer Steve Earle and heavy metal group Kittie, said on Monday it would waive fees charged to Internet radio stations that play music from the independent label's catalog for one year.
Artemis' decision, which Webcasters say is the first of its kind from a record label, comes against the backdrop of a struggle over royalty rates with the record industry that Internet radio stations say threatens their livelihood.

"We're a small company with a lot of music that doesn't get played on commercial radio," Artemis Chief Executive Danny Goldberg said. "I appreciate the Webcaster. In terms of the future, the diversity they offer is valuable to a label like ours. I wanted to make a gesture of support."



Conventional radio stations have long been exempt from paying royalties to recording artists and anyone else who owns the rights to the "sound recording" of a song, but Congress said sound-recording owners should get paid for Internet transmissions when it updated copyright laws for the digital era.

The Library of Congress established a rate of 0.07 cent per listener per song in June, which means that Webcasters ranging from the small independents to giants like Clear Channel Communications that broadcast music over the Internet would be charged 70 cents for each song played to an audience of 1,000 listeners.

Internet radio stations have argued that the royalty rate would require them to pay far more in royalties than they could take in from advertising. The record industry argues that artists and labels should be compensated for their intellectual property.

"I don't pretend to have a crystal ball to see how the economics are going to play out in many years to come, but it seemed to me that there was an asymmetry between the record companies' need for exposure and the tone of the negotiations," said Goldberg, who ran three major record labels and managed a number of acts like Nirvana, Bonnie Raitt and Beastie Boys before starting Artemis.

Jonathan Potter, executive director of Digital Media Association, which represents Internet radio stations, lauded Artemis' move.

"Danny Goldberg is ahead of his time in every way," Potter said. "He recognizes that Internet radio listeners are more intense music fans and they buy more music than traditional music fans. I hope this is the first of many such announcements."

The Recording Industry Association of America, which represents the major labels, had no objection to Artemis' move. "From the beginning, we have always argued that the copyright holder should have control over how their music is used," a representative said. "That's what's happening here."
*************************
Salon.com
The legal crackdown hasn't squelched MP3 trading -- it's just made it more of a pain.
By Farhad Manjoo

But the music industry would still rather fight than give its online customers what they want.

The fight against online music piracy entered the realm of the bizarre last Thursday, when Rep. Howard Berman, D-Calif., proposed giving the recording industry sweeping new powers to do what, for the rest of us, would be illegal: hacking computer networks. For the complete story, see: http://www.salon.com/tech/feature/2002/07/30/file_trading/print.html
**************************
USA Today
Workers' downloading puts employers at risk
By Stephanie Armour

Workers using company computers to download music and movies are exposing employers to lawsuits and computer viruses.

Worried employers are disciplining workers and barring them from downloading copyrighted entertainment. Experts say bootlegged music and movies are also a drain on corporate tech resources.

Some workers download songs at the office because of the high-speed Net connections there. Downloading a song at the office can take 20 seconds, compared with 20 minutes at home.

Tempe, Ariz.-based technology and business consulting firm Integrated Information Systems paid $1 million to settle a lawsuit with the Recording Industry Association of America over downloaded music files. The association said the company allowed workers to access and share thousands of copyrighted MP3 music files over its network. Works included songs by Ricky Martin, Aerosmith and The Police.

"It's a huge risk," says Jim Garvey, CEO of Integrated Information Systems. "One employee can rack up millions and millions of dollars in liability on your network."

More companies are buying Internet filtering software to restrict downloads. San Diego-based Websense reports that 30% of 250 companies polled are blocking access to music download sites. Nearly 15% had resorted to disciplining or reprimanding workers.

The risk grows as Web sites that allow entertainment to be downloaded proliferate. Sites allowing file sharing and transfer grew more than 535% in the last 12 months, according to Websense, to nearly 38,000 Web pages. "This is going to become an ever increasing problem," says Harold Kester, chief technology officer at Websense.

He's seen it firsthand. At a previous company, Kester said employees downloaded an episode of Star Wars and watched it at work even serving popcorn.

Besides legal concerns, downloaded files gobble up bandwidth, draining reserves. And they may contain viruses or create an opening into company networks.

Lawyers say companies that don't take action could find themselves facing more lawsuits from groups such as the RIAA.

Louisville-based Thornton Oil blocks sites where music and movies can be downloaded. "If the radio and music industry can prove a Thornton employee is downloading material, that's a risk," spokesman Matthew Embury says.
*************************
News.com
Attack disables music industry Web site
By Declan McCullagh

WASHINGTON--The Recording Industry Association of America's Web site was unreachable over the weekend due to a denial-of-service attack.

The apparently deliberate overload rendered the RIAA.org site unavailable for portions of four days and came after the group endorsed legislation to allow copyright holders to disrupt peer-to-peer networks.

The malicious flood started on Friday and did not involve any intrusion into the RIAA's internal network, a representative for the trade association said on Monday afternoon. Nobody has claimed credit for the denial-of-service attack, which ended at 2 a.m. PDT on Monday.



"Don't they have something better to do during the summer than hack our site?" asked the RIAA representative, who asked not to be identified. "Perhaps it at least took 10 minutes away from stealing music."

Denial-of-service attacks overwhelm an Internet site by enlisting hundreds or thousands of other machines that attempt to make simultaneous connections. The resulting overload resembles a physical traffic jam: Few people can get through.

On Thursday, the RIAA endorsed a bill written by Rep. Howard Berman, D-Calif., that would authorize copyright holders to begin "blocking, diverting or otherwise impairing" peer-to-peer networks.

RIAA CEO Hilary Rosen said in a statement that Berman's bill was "an innovative approach," adding that "it makes sense to clarify existing laws to ensure that copyright owners--those who actually take the time and effort to create an artistic work--are at least able to defend their works from mass piracy."

Berman's bill, co-authored with Rep. Howard Coble, R-N.C., would allow the RIAA to engage in precisely this kind of denial-of-service attack against peer-to-peer networks where illicit copies of music are traded.

The RIAA, which receives connectivity through WorldCom's UUNet subsidiary, said it would not speculate about the reason for the attack. A representative said it appears to have been the first time the group's site had been knocked offline.
************************
Nando Times
Chinese dissidents publish 'declaration of Internet users' rights'

BEIJING (July 29, 2002 4:44 p.m. EDT) - A group of 18 Chinese dissidents and intellectuals published on Monday a "declaration of Internet users' rights" in protest at new website self-censorship rules.

The declaration demands the freedom to put together Internet pages, with the only restrictions placed on "evident and real" slander, pornography or certain "violent attacks or behaviour".

The document also calls for complete freedom for Chinese people to surf the Internet.

"The government is threatening freedom of expression on the Internet, which was already more restricted than necessary," Liu Xiaobo, a dissident living in Beijing but whose writings are not allowed to be published in China, told AFP.

Among the other signatories are independent economist Mao Yushi, who is permitted to write for the official press, and young writer Yu Jie.

According to a list compiled by the Internet Society of China, a self-regulatory body for mainland web firms, more than 300 companies have signed up for the Public Pledge on Self-Discipline for the China Internet Industry.

It compels signatories - which include the Chinese arm of US Internet giant Yahoo - to remove "harmful information" from their pages, "so as to ensure that the content of the network information is lawful and healthy".

"If the main websites submit to the will of the Chinese government, that will considerably weaken the capabilities of non-governmental organizations which have found space for expression on the Internet," Liu said.

Previous measures to control Internet content had been undertaken quietly, but the latest initiative was widely publicized, Liu said.

This was because Beijing "is seeking to reinforce its control on public opinion ahead of the 16th Congress" of the ruling Communist Party.

The Congress this autumn could well see power handed to a new generation of younger leaders, who could govern the world's most populous nation for the next decade.
**********************
Seattle Times
Microsoft to disclose secret code
By Brier Dudley

In a striking departure from its secretive approach to software development, Microsoft is making some of its prized, secret compiler code available to university researchers as part of an effort to improve its relationship with academia.

Compilers are the equivalent of the transmission in a car. They translate software languages into the digital ones and zeroes understood by computer processors.

Developing compilers is complex and time-consuming so it's unheard of for large private software companies to share the code underlying their compilers, said Craig Chambers, an associate professor of computer science at the University of Washington.

But Microsoft is on a campaign to improve its reputation at universities and in corporate computing centers, where competition from products based on Linux and other collaboratively developed software is growing.

Under pressure from antitrust regulators and foreign governments, Microsoft is also allowing more governments, academic researchers and major customers to view its crown jewels, the Windows source code.

The compiler project, known internally as Phoenix, will be announced this week at Microsoft's third annual "research summit," a gathering of computer scientists from universities around the world that started today.

Some 325 academics are learning about research taking place at the company's 680-employee advanced-research division, which operates like a laboratory and mini-university on the Redmond campus and at facilities in Silicon Valley, Beijing and Cambridge, England. The company plans to increase the division by 10 percent this fiscal year, adding most of the new jobs abroad.

They are also learning how to apply for grants from the company, which spent $4.5 million last year sponsoring university projects.

Chairman Bill Gates said the company's relationship with universities is crucial and that more collaborative projects are planned.

"There's no doubt that the strength of the commercial software industry really comes because of the great work that goes on in the universities," Gates said. "And so we're getting smarter about how we can work together all the time."

Gates announced a new academic advisory board to provide input into the company's security, privacy and reliability efforts, but the Phoenix project was to be announced separately.

"We have an active project we're working on with universities to improve our compilers, compiler technology, working with them to make our code available to them for their work, their experimentation as well," said Rick Rashid, director of Microsoft's research division.

Chambers, the UW professor, would not discuss Phoenix until it is formally announced, but he said such a project could partly replace an effort to collaboratively develop a compiler in the 1990s that dwindled when the federal government cut off its funding.

Among the goals in building better compilers is to improve computing performance and build better programming tools, he said.

Rashid said Microsoft Research already works on numerous collaborative projects with universities, but the company is going further with Phoenix and the advisory board that Gates announced.

"We're trying to make sure we get a lot of perspective from all sides if they're key issues, that at least those issues have been heard through, talked through," he said.

Rashid said Microsoft has always had to come from behind in academia, where people are more familiar with the Unix operating system created by AT&T's Bell Labs than with Microsoft's technology. Microsoft is working to make sure universities "have the tools they need to teach Windows and Visual Studio and our other tools, in addition to using Unix and Java and whatever else they're doing," Rashid said.

The company also wants to broaden the use of its .NET software platform. Gates told academics yesterday that Microsoft is "feeling very good about the direction but it's another four or five years before all the promise of .NET really gets pulled together."

But competition is intense. Computer-science students in general are graduating with more expertise in Sun Microsystem's Java language, Microsoft Chief Executive Steve Ballmer told financial analysts last week, "and we need to get after that in the academic arena."

Brier Dudley: 206-515-5687 or bdudley@xxxxxxxxxxxxxxxxx
*************************
Federal Computer Week
Lawmakers, staffers seek perfect PDA
House needs wireless devices for keeping in touch on the road

The House of Representatives is seeking the next generation of wireless personal digital assistants that would combine wireless phones, pagers and e-mail. The problem, it seems, is that lawmakers may have to wait for vendors to develop their dream machine.

Since Sept. 11, the House has ordered 1,900 BlackBerry handheld devices, made by Research in Motion Ltd. (RIM), to help members communicate with one another and their staffs. But many members carry equipment besides the BlackBerry on a "flak belt," including two wireless phones (one for official business and one for campaigning), a pager and a Palm Inc. handheld.

"We're still waiting for the Holy Grail of devices," said Reynold Schweickhardt, director of technology for the House Administration Committee.

In the meantime, committee members are working with Microsoft Corp. and Cisco Systems Inc. to come up with a solution. They also have issued a request for information about off-the-shelf products that could provide secure wireless access to the House intranet, and they are evaluating various handheld devices already on the market.

But conducting congressional business on Capitol Hill or in the home district without high-tech handheld devices is a growing problem, Schweickhardt said.

Lawmakers want a device they can use in between meetings as well as in their home offices. But one-third of the ZIP codes in the United States currently have no access to BlackBerry coverage, according to Schweickhardt. However, RIM is working to expand BlackBerry coverage nationwide.

"We have members who take their BlackBerries home and go through withdrawal," Schweickhardt said. "We would like a member to use it when they go home."

Vendors say it is possible to connect every member of Congress with wireless technology. "The bottom line is, wireless connectivity is doable," said Jay Vollmer, a major account manager with Cisco Systems federal operations. "It is available, stable, standard out there today."

And encrypted wireless technology is available that can turn an e-mail into a voice message or vice versa. "If the [House] speaker wanted to broadcast to every member, we know how to do that securely," said Bob Cook, chief executive officer of Sigaba Corp., which provides secure Internet communications.

"We are working to help them evaluate mobile technologies," said Keith Hodson, a spokesman for Microsoft, which is coming out with a "smart phone" that will be able to perform some of the actions that lawmakers seek.

RIM also is working with the House to fulfill the requirements.

"We have a very compelling architecture for providing additional application requirements as they evolve over time," said Mark Guibert, RIM's vice president of brand management.

" The thing to take note of is that wireless solutions are not just about the device and not just about the network, but also about the back-end server software," Guibert said. "When you start thinking about wireless applications, and you start talking about PDAs, the audience has to update its thinking about what a PDA is."

The House Administration Committee is trying to come up with an architecture they can put in place by the end of 2003 or early 2004. And it won't be a moment too soon.

Shortly after the Sept. 11 terrorist attacks, lawmakers experienced firsthand being denied access to their offices when a round of anthrax-tainted mail forced some congressional office buildings to close for months, in some cases. And even today, congressional offices are still on alert for tainted mail (see box, Page 22).

"There is a need for this type of technology," said Kathy Goldschmidt, director of technology services for the Congressional Management Foundation, a Washington, D.C.-based think tank. "People are thinking more about continuity of operations. If there is another disaster, having access to office files, Web sites, e-mail and other communications methods will be very important."

Even the management of their daily work cycle is a problem without technology, Goldschmidt said. Members are rarely in their own offices, and it is sometimes hard to track them down as they race from hearing to hearing and to the House floor for votes.

"Here in Washington, staff can be much more productive if they are able to be mobile," she said. "Even on the House campus, staff can keep in touch with members no matter where they are."

Congress may be seeking technology already used by the Defense Department to provide highly secure communications among various types of portable devices in a tactical environment.

"The technology is certainly feasible," said Warren Suss, president of Suss Consulting Inc. "The challenge is to find a true commercial off-the-shelf version of the technology. If you get something that is too government-specific, it becomes obsolete."

Suss said vendors are working to improve technology in consideration of the glaring problems that first responders faced Sept. 11 when firefighters and police in New York City and the Washington, D.C., area could not communicate with one another. Rescue workers everywhere found that wireless phones jammed and landlines didn't work.

"The demand isn't going to go away the demand is going to increase," Suss said. "If the government can leverage forces of the commercial marketplace, they can influence the folks who are putting out the next generation of PDAs to include the capacity of more robust communications."

***

Wiring congress

The wireless handheld device is just one high-tech solution under consideration by lawmakers. Here are other programs the House Administration Committee is developing:

Mail scanning The committee is developing a pilot project to scan mail into computers and electronically deliver it to members. Independent contractors would open the mail. About 50 House members and two committees will participate.

Web content management The committee is seeking ways to manage the content of Web sites using software that would not require every office to dedicate one employee to the job. A site could be managed through a central location or using content management tools that require less technical training.

Alternate computing system The committee is studying to develop an infrastructure capable of operating without the systems on Capitol Hill.
**********************
Washington Post
Princeton Apologizes for Web Breach
By Michael Barbaro

Princeton University President Shirley Tilghman apologized yesterday for snooping by at least one Princeton admissions officer into online files of high school seniors who had applied to Ivy League rival Yale University.

"Basic principles of privacy and confidentiality are at stake here," Tilghman wrote in an e-mail to Princeton students and faculty. "Violations of these principles therefore must not, and will not, be tolerated."

A preliminary Yale investigation has concluded that computers at Princeton were used in April to access the admissions accounts of 11 high school seniors who applied to Yale. Yale has asked the FBI to determine whether any federal laws were broken and Princeton has hired a former federal prosecutor to investigate the incident.

The university placed its director of admissions, Stephen LeMenager, on administrative leave last week after he admitted to peeking into the Yale admissions Web site, which was set up to allow Yale applicants to learn whether they had been admitted.

However, a Princeton spokeswoman said yesterday that the university believes that it was not responsible for security breaches in three of the cases.

Two of those cases involve siblings of Yale applicants who checked the files from a computer outside the Princeton admissions office, said spokeswoman Marilyn Marks. In the third case, a Yale applicant who was visiting Princeton in early April used a school computer to check his admissions status at Yale, she said.

The Yale report found that 14 breaches of the admissions site, involving eight students, occurred inside Princeton's admission office, a number Princeton officials have not disputed.

Princeton's Web site shows that seven of the students whose names are contained in Yale's confidential report have been admitted to Princeton as members of the class of 2006. They include fashion model Lauren Bush, president Bush's niece, whose online account was visited four times in a single afternoon from a computer at the Princeton admissions office.

Princeton began to notify the students named in the report over the weekend.

Tilghman, who just completed her first year as president of the 256-year-old school, told students and faculty in her e-mail that "students who apply to Princeton, or any other university, have every right to expect that information they provide in good faith will be used only for the purposes for which they provided it, and that their privacy and confidentiality will be respected."
*************************
USA Today
Retailers test paying by fingerprint
By Lorrie Grant, USA TODAY

Major retailers are putting in payment systems that let your finger do the paying. Paying for products with a fingerprint, rather than checks, cards or electronic devices, is among the newest cashless options at checkout.


Biometric access, as the process is called, might have a Big Brother feeling, but it is expected to speed customer checkout and cut identity fraud.

In some ways, biometric access tests consumers' willingness to give up some privacy to gain convenience.

A customer signs up by having a finger scanned into a database by special machines and designating a credit or debit card to which purchases will be charged.

To make a purchase, consumers have their finger read at checkout, often on a pad incorporated into a console that also reads swipe cards and provides for personal identification number (PIN) entry.

Food retailers are leading the way in trying out the devices. Among them:

West Seattle Thriftway. The gourmet grocery store's cashiers scan the goods, then customers scan their right index finger to activate the payment process.
A code selected by the customer, usually a telephone number, is keyed and the transaction charged to the credit, debit or state-benefits card that has been registered with the store.

"This looked like the way of the future, positively identifying people with their accounts and making the transaction for customers that much easier," says owner Paul Kapioski.

Kroger. The No. 1 supermarket chain has tested the technology for the past month in three stores in Houston.
"Any time we can speed up the front-end operation, we save money, and it will reduce the number of fraudulent checks," says Gary Huddleston of Kroger.

Customers' fingerprints are linked with their driver's license, the store's loyalty card and a method of payment. The customer touches the finger-image pad, loyalty discounts are automatically deducted, and the account charged.

McDonald's. A location in Fresno, Calif., took fingerprints for payment from January through March. Other methods are now being tested.
"If we're able to handle people speedier, then they're likely to come to our restaurants," says Lisa Howard of McDonald's.

The Oak Brook, Ill.-based chain is also joining forces with companies using other cashless payment methods.

For example, about 400 restaurants accept Speedpass. The device is a tiny key ring wand issued by oil giant ExxonMobil, originally just for its gas pumps.

When waved over a sensor, at the pump or elsewhere, it bills the consumer's credit or debit card.

And two restaurants on Long Island, N.Y., allow paying at the drive-through with E-Zpass, the car device that lets motorists to pass through tollbooths without stopping and bills a prepaid account.

"When it comes to drive-through, speed is of the essence," Howard says.

In each case, McDonald's pays the issuer a transaction fee for using their technology. The amount was not disclosed.

Wal-Mart. The discount giant, and leading food seller, is studying biometric technology.
Though once only commonplace in legal situations, fingerprinting is being used more in commerce. Institutions from banks to pawnshops are fingerprinting to authenticate transactions. Some gas station convenience stores only cash checks for those who ante up a fingerprint.

"We wanted to eliminate the hassle of writing down all of the information: driver's license number, telephone number, Social Security number," says Ritesh Shah, owner of a Citgo station in Hapeville, Ga., that cashes up to 900 checks a week.

Transaction processing time is less than 30 seconds, compared with three minutes before using the technology, he says.

The increase in interest in biometric access stems from an increase in fraud involving more money, as well as a decline in the cost of the technology. The system costs about $10,000, experts say.

"The whole key to biometrics is selling it to the public, convincing them to give up some privacy for greater security," says William Rogers, publisher of the Biometrics Digest, a newsletter devoted to the technology of "human recognition."

But critics deride it as the "technology of surveillance and control." They fear companies that collect the fingerprint data, such as BioPay in Herndon, Va., or Indivos in Oakland, will be pressured to divulge data to law enforcement.

"It's like E-ZPass, which tracks you but is pitched as more convenient," says Philip Bereano, chairman of the national committee on databases and civil liberties for the ACLU.

"The protection of civil liberties means less efficient convenience is the way to go."
*************************
Nando Times
You, too, can rock on the Web

By MICHAEL OSEGUEDA, Fresno Bee


(July 30, 2002 12:30 p.m. EDT) - Perhaps 17-year-old Mike Garcia is the future.

He's a rapper who records in his own studio. He mixes his own songs and makes his own CDs. He sells the CDs on his own or uploads the songs to his own Web site.

And he does all this at a low cost from his bedroom, with his computer and the Internet.

Not bad for a kid who still goes to high school.

The Fresno, Calif., youth, who emcees under the name Mic The Mos Confident, is an example of what the Internet age has done for music.

It has given anyone the chance to be an artist. Anyone can sign up for a free spot on a site such as MP3.com or Soundclick.com and put a song on the Internet. Anyone in the world can then log on and listen to that song.

It offers instant distribution, free promotion and, sometimes, even cash compensation.

"I built a huge fan base just from the Internet in the span of a year," Garcia says. "There's still a long way to go. I (have) lots more songs to make, battles to enter and lyrics to write. But the Internet gives people the chance to go their own route."

While record labels are scurrying, trying to find ways to deal with the technology and protect their products, artists who just are trying to make it are using the Internet and MP3s to their advantage.

Look at Garcia. He has a bedroom cluttered with equipment. He has a small microphone that came from a karaoke machine. He has software on his computer to record and mix; it's worth $500, but he got it free from a friend.

He carries a book of rhymes with him everywhere he goes, where he jots down a witty line if it pops into his head. Then he'll get a beat from a producer through e-mail - like Nonsence, a New York-based beatmaker he met on the Internet, but never has seen face-to-face - and download it to his computer.

After he has his rhymes in order, he hangs his microphone from his ceiling fan, connects it to the computer, stands in the front of the dangling microphone and records his vocals.

He mixes the song next and if he's satisfied, he can upload it to his Web site.

Once he has the beat and the rhymes written, the whole process takes about an hour and a half.

Garcia's route never was available to John Clifton. When he was 17, you could have told him about the Internet and it would have been as far-fetched as flying automobiles.

Clifton, now 38 and a member of the Mofo Party Band, remembers back when it took at least $5,000 just to get in the studio; then you had to get a record or cassette pressed.

He and his friends didn't have that kind of money, so they put a microphone in a room, started playing and recorded it to cassette or eight-track. It was far from professional, but Clifton made do with what he could.

Today he doesn't use the Internet too much for music. He's more old-fashioned, he says. Plus, he never has been able to get an MP3 on the Internet. He registered at MP3.com and had a song ready on his computer, but never could figure out how to upload it.

It doesn't bother him much. He's of the belief that the Internet world of music has become oversaturated.

"It doesn't necessarily have to be good because it's so easy to do," Clifton says. "Anytime there's an abundance, there's always waste. You can make music without even being musical."

That doesn't mean Clifton is against the technology. He just finds that with a group like his, that likes to get together and play a lot, putting on a memorable stage show is the best means of promotion. That's how he wants to sell his CDs.

But what if he had grown up with the Internet at his disposal and he was an expert on the technology?

"If I had the stuff they have now," Clifton says, "I'd be doing it. Sure."

Jamie Nelson has been rapping since 1995. Two years ago, he started using the Internet to promote his music. On the microphone, he's Nomadic of the group Soul Components. On the Internet, the 25-year-old adopts various handles on different message boards, where he puts up his MP3 links and tries to stir interest.

"A lot of it was to expose the music to people who otherwise wouldn't get it," Nelson says. "I knew we'd done things in Fresno, but I wanted to see how it would appeal to people in other states."

The response from listeners mostly has been positive, but the response that means more to Nelson comes from other artists.

He has a list of five artists with whom he's really wanted to work. Through the Internet, he has connected with four, and three will be on his next album.

Felix finds the biggest asset is the ability to do shows in other areas.

"We play in Bakersfield and L.A., and it helps us get connections with other bands," he says. "Other bands e-mail us all the time, 'Wanna do a show with us?'

"Everything we've got out of town has been connections through the Internet. We'd probably be going in a different direction if we didn't have the Internet."
************************
News.com
States spar over UCITA act
By Paul Festa

A controversial initiative to standardize U.S. state laws on software licensing faces a crucial vote this week, as battle-weary consumer advocates and tech companies pin their hopes on a legal gathering in Arizona.
The National Conference of Commissioners of Uniform State Laws (NCCUSL) is devoting part of its current annual meeting in Tucson to debating amendments to its Uniform Computer Information Transactions Act (UCITA), a proposed code to govern software licenses and other digital information transactions.

The amendments come as momentum leeches from the beleaguered initiative, which is meant to bring the 50 states' various and conflicting software licensing laws into alignment. Should they be approved, the amendments may further diminish UCITA's chances for widespread adoption as both the software publishers and the consumer advocates balk at the proposed compromises.


UCITA has met with fierce criticism since its introduction three years ago. Consumer groups, legal associations and library organizations have excoriated the proposed act for the freedom it would grant software makers to restrict the use of software and dictate the terms of settling conflicts.

About half of the U.S. state attorneys general have come out in opposition to the law, joining the Consumer Project on Technology, the Consumers Union, the Electronic Frontier Foundation and the Free Software Foundation. Supporters include Microsoft, America Online and the Business Software Alliance.

Under the lash of vocal opposition, early versions of the act have languished in state legislatures. Virginia and Maryland approved versions shortly after it was first proposed, but elsewhere it has died in committee.

"I think that everyone's growing weary," said Carol Ashworth, the UCITA grassroots coordinator for the American Library Association (ALA), which has called the amendments insufficient and loophole-ridden. "There's still a tremendous difference of opinion about the amendments among the commissioners themselves. They spent the first two hours (on Monday) talking about just the first three amendments."

The approximately 350 commissioners resume debate on the amendments Tuesday afternoon and expect to vote on them Thursday. States get one vote each, regardless of how many commissioners they send to the meeting. Once measures and amendments make it to the final vote, it is extremely rare for them not to be approved.

Even if the amendments sail through a Thursday vote, it would not spell the end of UCITA's challenges. At that point, the amended act would still face the state-by-state battle where it has languished until now.

Amid Monday's debate, NCCUSL representatives reached by phone sounded less than optimistic about the act's progress.

"We're all in a kind of wait-and-see mode," said John McCabe, NCCUSL's chief counsel. "We have hopes, but that's it. Even if your own conference accepts the amendments, that's not a slam dunk. We'll see where they go from here."

Among the amendments being debated in Tucson:

? Self-Help: As UCITA now stands, software licenses can thwart lawsuits against vendors by outlining binding alternatives to litigation. These so-called self-help measures have let software companies shut down a piece of software if they have not been paid for or if they claim a breach of contract. According to NCCUSL, a proposed change to UCITA would abolish provisions for self-help. The ALA claims it would still permit loopholes for self-help.

? Opting In, Opting Out: A proposed change removes a section of UCITA that limited licensees' ability to opt in or out of UCITA.

? Known Defects: Critics lambasted UCITA for relieving software vendors of liability for selling software with known defects. A new section "expressly clarifies the applicability of other law to provide appropriate remedies for cases where known material defects are undisclosed," according to NCCUSL.

? Consumer Protection: Consumer advocates charged that UCITA would strip people of legal protections they enjoy under current state law. A new section would spell out that existing consumer protection law trumps UCITA when the two come into conflict.

? Public Criticism: Free-speech advocates complained that UCITA let software makers prohibit public criticism of their products. A new section says that any provision limiting criticism rights is not enforceable, according to NCCUSL.

? Reverse Engineering: A new section spells out that reverse engineering is permissible for the purpose of making products interoperable with each other. The amendment was a sine qua non for Sun Microsystems, NCCUSL said.

On Thursday, the NCCUSL concludes its meeting and will make a final determination on the amendments. But there was some question of how closely the industry will be watching the outcome of the amended act.

"The software industry quite strongly supported this because in the beginning it had all the things they wanted," NCCUSL's McCabe said. "When you lose the self-help remedy, there's a loss they don't feel is in their interest. If the proponents lose something like that, they become less excited about it."
******************
InformationWeek
Companies Must Protect Their Employees' Info, Too
Hackers don't just want to steal business data; they may want to nab your workers' identities
By David Post and Bradford C. Brown

Gov. Gray Davis of California has had a few tough years. First it was the state energy crisis. Now hackers have evidently stolen the Social Security numbers of almost all employees on the state government's payroll -- 265,000 people had their personal and financial information nabbed. It was widely reported that state IT workers took more than a month to detect the problem. Worse yet, officials allegedly didn't tell employees what had happened for another three weeks. Reports indicate that Davis, too, had his personal information stolen.

For the whole story see: http://www.informationweek.com/story/IWK20020725S0004
********************
Reuters Internet Report
Internet-Scam Sweep Targets 19 Online Fraudsters

WASHINGTON (Reuters) - Federal and state law enforcement authorities said Tuesday they had taken action against 19 Internet-based scams that they say collectively bilked consumers out of millions of dollars.



Work-at home schemes, auction fraud, deceptive use of junk e-mail, securities fraud and other schemes were targeted by a broad Internet law-enforcement effort including state attorneys general, local law enforcement authorities and a passel of federal agencies.

Several cases have been settled already, with punishments ranging from seven-year jail sentences to agreements by defendants to stop their schemes.

While many of the perpetrators live in the Midwest, the crimes targeted consumers nationwide through junk e-mail solicitations or fraud on eBay, Yahoo and other popular Internet auction sites, according to a spokeswoman for the Federal Trade Commission.

In one case, a Florida company named Stuffingforcash.com told consumers they could earn up to $2,000 per week stuffing envelopes at home after paying an initial $45 deposit, but then failed to send the promised envelope-stuffing materials.

The scheme likely cheated tens of thousands of customers out of more than $2 million over the past year, the FTC said in court filings.

Auction fraud was a common charge. In a typical case, the Illinois attorney general charged Chicago resident Tim Engle with advertising merchandise for sale on eBay but failing to provide the goods after payment was received.

The head of the FTC's consumer-protection division said the Internet enabled scam artists to reach a wider audience than before.

"Scams on the Internet spread very quickly," said the FTC's Howard Beales. "That's why the FTC and our partners are moving aggressively to shut these schemes down."
***********************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx