[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips October 27, 2003
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;, BDean@xxxxxxx;, mguitonxlt@xxxxxxxxxxx, sairy@xxxxxxxxx;
- Subject: Clips October 27, 2003
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Mon, 27 Oct 2003 12:28:05 -0500
Clips October 27,
2003
ARTICLES
Hollywood takes anti-piracy message to school
Internet ID fraud complaints more than triple
Survey: Porn found often on work computers
Court to Rule on Cyber Cafe Regulations
Illinois Says Import Drugs Could Save State Millions
ICANN to face 'wildcards' issue
Judge orders spammers to pay $2 million fine
With Cable TV at M.I.T., Who Needs Napster?
Song-Sharing Web Site in South Korea Fined
E-authentication architecture due in December
Online catalog will hold all federal forms
New police cars equipped with voice recognition
Three R's: Reading, Writing, RFID
Feds to Fight Digital TV Piracy
Black Box Voting Blues
*******************************
USA Today
Hollywood takes anti-piracy message to school
By Ron Harris, Associated Press
October 23, 2003
SAN FRANCISCO As part of its campaign to thwart online music and
movie piracy, Hollywood is now reaching into school classrooms with a
program that denounces file-sharing and offers prizes for students and
teachers who spread the word about Internet theft.
The Motion Picture Association of America paid $100,000 to deliver its
anti-piracy message to 900,000 students nationwide in grades 5-9 over the
next two years, according to Junior Achievement Inc., which is
implementing the program using volunteer teachers from the business
sector.
Civil libertarians object that the movie industry is presenting a tainted
version of a complex legal issue while the country's largest
teachers' lobby is concerned about the incentives the program offers.
"What's the Diff?: A Guide to Digital Citizenship" launched
last week with a lesson plan that aims to keep kids away from Internet
services like Kazaa that let users trade digital songs and film clips:
"If you haven't paid for it, you've stolen it."
"We think it's a critical group to be having this conversation
with," said MPAA spokesman Rich Taylor, suggesting online piracy may
not have yet peaked. "If we sit idly by and we don't have a
conversation with the general public of all ages, we could one day look
back at October of 2003 as the good old days of piracy."
The effort doesn't stop in the classroom. Beginning Friday, public
service announcements are being released to approximately 5,000 theaters
nationwide, profiling people in the movie industry and arguing that
digital piracy threatens their livelihoods.
Indeed, Jack Valenti, president of the MPAA, told Penn State University
faculty and students this week that his industry is in "a state of
crisis" over digital theft.
But some copyright law experts aren't pleased that the MPAA is the only
sponsor for such classroom discussions. They worry that the lesson plans
don't address "fair use" constitutional protections for digital
copying for personal or educational use.
"This is really sounding like Soviet-style education. First they're
indoctrinating the students and then having students indoctrinate their
peers," said Wendy Seltzer, a lawyer for the Electronic Frontier
Foundation. "The takeaway message has got to be more nuanced.
Copyright is a complicated subject."
Melinda Anderson, a spokeswoman for the National Education Association,
says it's unsettling when corporate presence in the classroom is tethered
to sponsored incentive programs.
In this case, Junior Achievement is offering students DVD players, DVD
movies, theater tickets and all-expenses-paid trips to Hollywood for
winning essays about the illegalities of file-sharing. Teachers, too, can
win prizes for effectively communicating the approved message in class.
"What it speaks to is kind of a new era in commercialism emerging in
classrooms where the attempts to connect with students are becoming more
and more sophisticated. Schools that are often strapped for cash are more
tempted to partner with these organizations," Anderson said.
"Coming from school, these companies are getting a tacit endorsement
for their product," Anderson said. "That's not a school's
role to be the purveyors."
The program got a rocky start during its first presentation, to some
relatively cyber-savvy teens at Raoul Wallenberg High School in San
Francisco.
Andrew Irgens-Moller, 14, buried his head into a backpack on his desk and
rolled his eyes as the guest teacher warned of computer viruses and
hackers that could take control of a user's desktop via file-sharing
programs. He objected that antivirus software could scan downloaded files
and only sophisticated hackers could pull off the remote desktop computer
takeover.
Then the teacher cut him off.
Bret Balonick, a tax accountant on loan from PricewaterhouseCoopers to
teach the anti-piracy class, was arguing that some downloaders have been
affected by malicious activity. Besides, he said, it's illegal to upload
and download unauthorized content online.
"If it's illegal in America, host it in Uzbekistan," snapped
the 14-year-old.
Balonick then had the freshmen role-play as singers, actors, producers,
computer users. But even the "producers" quietly acknowledged
that they too share song files over the Internet.
"It's not illegal if you decide to give it away," said Wilson
Cen, 13, regarding burning copies of music CDs for his friends.
"They don't want you selling them. It's a gift, you're not selling
it."
Brenda Chen said she uses Kazaa at home: "I just want certain tracks
from the CD, not the whole CD. It's a waste of money."
David Chernow, Junior Achievement's chief executive, said in a telephone
interview that the explosion of peer-to-peer activity among young people
is a ripe topic for public school classrooms.
"We're really trying to teach young people to be responsible and to
obey laws that they may not understand," Chernow said. "Just
because it's easy doesn't make it right."
*******************************
USA Today
Internet ID fraud complaints more than triple
By Jon Swartz, USA TODAY
October 23, 2003
SAN FRANCISCO Putting personal information online has
hazards.
Complaints of Internet-related identity theft more than tripled to 2,352
last year from the year before, says the Federal Trade Commission. While
that's a fraction of the 168,000 nationwide reports of ID theft, the
growth is alarming as more consumers shop online.
"Online fraud is becoming as big an issue for ... eBay and AOL as
security is for Microsoft," says Jay Foley of the Identity Theft
Resource Center. Among common scams:
?ID theft. At least a dozen eBay customers say they were ripped off this
month by identity thieves posing as legitimate sellers.
Steve Lundin, 44, thought he made a good deal when he purchased a digital
camera for $1,000 last week. The seller had nearly 200 positive comments
on eBay's merchant ratings system, and Lundin had bought dozens of items
on eBay since 1999.
But the person to whom Lundin sent money overseas had stolen the ID of
the real seller, a retiree in Missouri who has sold items on eBay for
years. Lundin, a Chicago marketing executive, is considering legal action
against eBay.
Susie Savard, 25, a manager for Amazon.com in Lexington, Ky., was burned
by the same scheme last week. She also sent a $1,000 cash order to a
bogus seller in London, but never received a camera. "It's creepy;
you're not sure who you're dealing with," she says.
In e-mail to customers, eBay said some listings this month were victims
of an "account takeover," in which the password was guessed or
discovered. The listings were closed. EBay says the theft did not spring
from a system flaw.
EBay also says Lundin and Savard bypassed the formal bidding process and
cut deals on their own a violation of eBay policy that absolves the
company of responsibility. EBay says it is helping both file paperwork
with law-enforcement officials. "I admit I erred," Lundin says.
"But eBay is built on trust."
EBay, the largest auction site with $5.8 billion in merchandise sales in
the last quarter, maintains only 0.01% of its items result in confirmed
fraud. But that's still about 66,800 cases. There were 668 million items
listed on eBay in 2002, and the number of unconfirmed cases would be
higher.
?Phisher scams. Customers of eBay, Best Buy and EarthLink are among
recent targets of phisher scams e-mail with links to bogus Web
sites that fish for personal data such as credit card numbers from
consumers.
Many times, consumers are warned their accounts will be closed unless
they fork over their user name and password. The thief then poses as the
victim to buy or sell goods.
In one of the biggest such cases, thieves posing as BestBuy.com
representatives tricked customers into handing over credit card and
Social Security numbers by sending an e-mail dubbed "Fraud
Alert." Phisher complaints are rising 360 this year vs. 228
during 2002, the Identity Theft Resource Center says.
Fueling online fraud is a rise in crimes committed from Internet cafes
abroad, where perpetrators are hard to trace, says the FBI's Dan
Larkin.
In most cases, eBay covers buyers or sellers for up to $200 if an item is
not delivered or is in bad condition. There is a $25 processing fee. This
month, eBay raised the limit to $500 for some listings. Most eBay
transactions are for less than $200, the company says.Also, eBay recently
began posting safety tips at
www.ebay.com/securitycenter.
*******************************
USA Today
Survey: Porn found often on work computers
By Justin Bachman, Associated Press
October 23, 2003
Many of us apparently forget that our office computer belongs to the
boss along with all the Internet material you may load onto it.
Two-thirds of human resources professionals said in a survey they've
discovered pornography on employee computers. Nearly half of those, 43%,
said they had found such material more than once.
The poll points to a common employer dilemma: the need to balance
employee privacy with electronic monitoring of computer content,
according to Alexandra Gross, legal editor for Business & Legal
Reports, a publisher based in Old Saybrook, Conn.
"One of the most important things employers can do to protect
themselves from privacy suits is to reduce employees' expectations of
privacy in the first place," she said. "The best way to do that
is to articulate a clear policy on electronic monitoring and computer
use."
Companies also must be very clear that e-mail and Internet access are the
employer's property and recreational Web browsing should be left at
home.
The online poll was conducted by the two sites earlier this month. It
drew responses from 474 people.
*******************************
Los Angeles Times
Court to Rule on Cyber Cafe Regulations
Garden Grove hopes the rules it imposed to stem a rash of crime are
allowed. Owners say the restrictions have killed their business.
By Mai Tran
October 24, 2003
An appeals court will determine within 90 days whether to uphold a
Superior Court decision to prevent Garden Grove from imposing strict
regulations on cyber cafes, which city officials have said attract gangs
and violence.
A three-member panel of the state 4th District Court of Appeal in Santa
Ana heard arguments Thursday from the city, which says it needs the
regulations to curb crime, and business owners, who sued because they say
they were unfairly targeted.
The city tried to tighten rules after a rash of attacks at or near the
city's 30 or so cyber cafes, which provide computer access to the
Internet and video games. Police said during the peak of the violence
that about 30% of their calls were from cyber cafes.
The first fatality occurred Dec. 30, 2001, when Phong Ly, 20, was stabbed
to death with a screwdriver while waiting outside the now-defunct PC Café
on Garden Grove Boulevard. The killing prompted city officials to pass an
ordinance requiring cyber cafes to log all customers, limit business
hours, videotape their premises and store the tapes for 72 hours in case
the police needed them.
The owners sued the city and a Superior Court judge ruled in their favor,
calling the rules "seriously and fatally flawed," prompting
city officials to appeal. The judge left intact the city's authority to
set business hours and curfews for minors.
Ron Talmo, an attorney for the business owners, argued Thursday that the
city infringes on 1st Amendment rights by enforcing the
regulations.
"Cyber cafes are being targeted," he said. "The city has
to have specific guidelines [that are applied to all businesses]. There's
not justification for them to come down on cyber cafes."
Lois Bobak, an attorney for the city, said the city is "regulating
business regulations, not 1st Amendment activities."
Since the rules covering curfew and business hours have been in effect,
more than half of the cyber cafes have shut down and violence has dropped
nearly that much, police said. Owners said they were forced out of
business by the rules and publicity.
*******************************
Washington Post
Illinois Says Import Drugs Could Save State Millions
Governor Steps Up Pressure On White House, Congress
By Ceci Connolly
Monday, October 27, 2003; Page A03
The governor of Illinois, intensifying his battle with Bush
administration regulators over rising drug bills, will release an
analysis today showing that his state could save $91 million a year by
buying prescription medications from Canada.
Gov. Rod Blagojevich (D) hopes the figures will put added pressure on the
administration and on Congress to loosen regulations that prohibit
importing medicine from other countries. He is among several state and
local leaders whose budgets must accommodate soaring pharmaceutical
costs.
Although the Food and Drug Administration has never prosecuted
individuals who illegally bring lower-cost medications into the United
States, the agency is fighting a growing rebellion that has stretched far
beyond busloads of senior citizens to powerful local, state and national
leaders.
A bipartisan group of senators on Capitol Hill is pushing for enactment
of free-standing drug import legislation because they remain doubtful
about the prospects for a more comprehensive Medicare prescription drug
bill.
"We're in a situation now where seniors are really desperate to have
affordable prescription drugs," said Sen. Olympia J. Snowe
(R-Maine). If Congress does not legalize drug importation, she said,
"it is missing an opportunity to allow the American people to have
access to lower cost prescription drugs."
The legislation mirrors a House bill approved in July on a 243 to 186
vote. It would allow imports of FDA-approved drugs from FDA-inspected
plants in Canada and 25 major industrialized nations.
At a hearing in Boston tomorrow, Minnesota Gov. Tim Pawlenty (R) is
expected to tout his plan for steering thousands of residents to Canadian
drug suppliers that receive the state's "stamp of approval."
Pawlenty, like Blagojevich and a handful of other governors, is
considering waiving drug co-payments for state employees who shop at an
authorized Canadian pharmacy.
"If you accept the premise we're at a crisis point and on a
trajectory that is unsustainable, somebody has to lead change,"
Pawlenty said in an interview. "These proposals are not perfect and
not the long-term solution, but they do offer the potential for near-term
relief and it puts pressure on federal officials to consider
change."
By year's end, Pawlenty said he intends to create an Internet site
modeled after those sponsored by the Minnesota Senior Federation and the
United Health Alliance. Their sites lists Canadian firms that meet
criteria for safety, reliability and credibility.
FDA Commissioner Mark B. McClellan warned that circumventing the federal
regulatory process is a dangerous reaction to understandable
frustrations.
"Much as they would like to, state and local governments and private
groups cannot provide reliable safety assurances when they purchase drugs
from foreign sources," he said in a recent speech.
McClellan acknowledged there is little risk in walking into a licensed
Canadian pharmacy and filling a prescription. But he said it is risky to
shop online from unknown Web sites that purport to be
legitimate.
"This is not the time to be opening up new avenues for those willing
and able to harm patients for their own gain," he said. A recent FDA
"blitz" identified more than 1,100 drugs illegally shipped into
the United States. The violations ranged from improper labels and faulty
packaging to counterfeits and one medication that was pulled from U.S.
shelves.
With his agency already stretched thin trying to monitor U.S. sales,
McClellan said the FDA does not have the resources to undertake new
responsibilities overseeing pharmaceutical imports.
"We're against large new gaps in the nation's ability to protect its
citizens from potentially unsafe drugs, at a time when the threats to the
safety of our drug supply are greater than ever," he said.
Proponents of opening foreign drug markets say the FDA is exaggerating
safety concerns and has been slow to require anti-counterfeit packaging
that could reduce fears about imported medications. The lure for American
consumers are costs that can be as much as 75 percent less than in the
United States because the Canadian and European governments set the
prices.
They also point out that many of the most common treatments are made in
one of the 900 foreign plants FDA inspects. Lipitor, a
cholesterol-lowering medicine, is made in Ireland. Nexium, the purple
indigestion pill, is manufactured in Sweden. Prevacid, another ulcer
medication, comes from Japan.
Snowe's constituents have bought medicine in Canada for years. She said
the FDA has ignored congressional votes urging legal
importation.
"I just cannot believe the FDA and our government cannot find the
means to certify the safety of prescription medications coming across our
border," she said in an interview. "Where there's a will,
there's a way."
Rep. Rahm Emanuel (D-Ill.) has accused the Bush administration of siding
with the pharmaceutical industry over consumers.
"This issue of safety is a straw man. When the United States
government in October 2000 needed a vaccine for anthrax and didn't have
it, where did it turn? Canada," he said. "If it's good enough
for the U.S. government, why isn't it good enough for the rest of
us?"
Despite efforts by the FDA and the industry to focus on safety concerns,
the drug importation debate has largely been about cost.
A report by the Congressional Budget Office concluded that legalizing
importation of drugs from Canada and Europe could cut drug spending $40
billion over the next decade, including $4.5 billion in savings for the
federal government.
In Springfield, Mass., where the mayor has become a national figure for
his open revolt against the FDA, 1,600 city employees and retirees have
received 2,600 prescriptions from Canada since July. That has translated
into $400,000 in savings for a community that laid off police officers
and firefighters in its latest budget paring.
The Illinois analysis found that if the state's 230,000 employees and
retirees bought routine medications from a Canadian pharmacy, the state
would save $56.5 million and consumers would save $34.2 million.
Currently, Illinois spends $340 million on prescriptions.
There are indications that the Bush administration is sensitive to the
political currents, particularly for state and local officials. After a
meeting with Massachusetts leaders, William K. Hubbard, the FDA's senior
associate commissioner, said the agency has no intention of suing a city
or state that helps citizens buy medicine from Canada.
*******************************
Australian IT
ICANN to face 'wildcards' issue
Kate Mackenzie
OCTOBER 27, 2003
THE internet's technical policy body, ICANN, begins its latest meeting in
Tunisia with yet another headache - this time, VeriSign's domain name
"wildcards".
VeriSign, which has a contract with ICANN (the Internet Corporation for
Assigned Names and Numbers) to provide the definitive database for .com
and .net names, introduced a "wildcard" feature in September.
The feature meant that any internet user who tried to visit an invalid
web address ending in .com or .net was re-directed to a search website
hosted by VeriSign.
While VeriSign insisted the feature was popular with end users, it caused
havoc for network administrators and vendors of anti-spam and other
security products which carry out checks to see if a domain name is
valid.
ICANN forced VeriSign to suspend the wildcard function earlier this
month, but last week VeriSign reportedly said it would re-introduce the
feature, giving 30 to 60 days' notice.
ICANN meets in Tunis for four days, starting later today, and wildcards
are on the agenda along with its long-time mainstays such as new
top-level domains (such as .biz) and internet security and stability,
which has been a topic of concern since the September 11 attacks in the
US.
*******************************
Mercury News
Judge orders spammers to pay $2 million fine
BUSINESS RESTRICTIONS ALSO IMPOSED
By Elise Ackerman
Mercury News
A Santa Clara County Superior Court judge Friday ordered two Los
Angeles-area spammers to pay $2 million, the largest judgment to date won
by government prosecutors against senders of unsolicited
e-mail.
Prosecutors said that by demonstrating state spam laws will be enforced
with hefty penalties, they hope to stem increasingly objectionable
e-mails promoting everything from pornography to casinos that are
swamping inboxes around the country. In addition to the fine, Judge
William F. Martin imposed various business restrictions on the
defendants.
``We think other spammers will think twice about what they are doing,''
said Tom Dresslar, a spokesman for California Attorney General Bill
Lockyer.
The defendants never appeared in court and it's not clear if the judgment
can be collected.
During the past five years, 36 states have passed anti-spam laws, but
prosecutors have brought only a handful of lawsuits. Internet service
providers and frustrated spam recipients have been more active in
pursuing spammers in the courts using a patchwork of laws prohibiting
everything from consumer fraud to trespass.
The U.S. Senate's unanimous approval of an anti-spam law Wednesday
reignited a nationwide debate about the most effective way to fight
spam.
PW Marketing drew the attention of government regulators in 2002, when it
began bombarding California e-mail users with unsolicited e-mails
advertising a $39 how-to-spam book and other tools. The e-mails appeared
to violate a 1998 California law that required a toll-free number
recipients could use to stop the flow of electronic advertising, a valid
return address and the label ``ADV:'' in the subject line.
As a starting point, state investigators used the address of a mail drop
listed on some of the e-mails and eventually linked PW Marketing to Paul
Willis and Claudia Griffin. The attorney general filed a civil suit in
September 2002 under the terms of the 1998 law.
Because the charges against them were civil, the two owners, who are also
the subject of a Federal Trade Commission suit, are in no danger of being
arrested.
The California legislature has since passed a tougher anti-spam law,
which is scheduled to take effect Jan. 1. But the new law, which allows
individuals to sue advertisers who hire spammers, as well as the spammers
themselves, could be superseded by more lenient federal legislation.
Advocates say giving individuals the right to sue provides a financial
incentive to go after spammers.
The bill the Senate unanimously approved, much like California's original
law, requires electronic marketers to use valid electronic and physical
addresses and to clearly label messages as advertisements.
The Senate bill also directs the FTC to come up with a plan for a
do-not-spam registry, similar to the do-not-call registry for
telemarketers.
But some anti-spam advocates are worried that the federal approach won't
work. Ray Everett-Church, chief privacy officer of ePrivacy Group, an
anti-spam company based in Philadelphia, said the participation of
individual e-mail recipients is crucial to enforcing anti-spam law
because they could provide a boost to limited governmental resources.
``If we are all working together, we will hopefully convince spammers to
leave California alone,'' he said.
Laura Atkins, president of SpamCon, a non-profit group dedicated to
promoting the usefulness of e-mail, said the direct marketing industry
had experimented with a voluntary do-not-spam list in the past. ``The
pilot project showed that no one will use it, not even the legitimate
e-mailers.''
A do-not-spam registry would be most effective if it allowed entire
domains, such as AOL, Yahoo or Hotmail, to register their users as a
block. But that would also increase the likelihood that the registry
would be challenged by direct marketers in court, Atkins said.
The registry ``won't solve the underlying problem,'' Atkins said. ``We
need a mix of social solutions, technical solutions and legislative
solutions.''
*******************************
New York Times
October 27, 2003
With Cable TV at M.I.T., Who Needs Napster?
By JOHN SCHWARTZ
Two students at the Massachusetts Institute of Technology have developed
a system for sharing music within their campus community that they say
can avoid the copyright battles that have pitted the music industry
against many customers.
The students, Keith Winstein and Josh Mandel, drew the idea for their
campus-wide network from a blend of libraries and from radio. Their
effort, the Libraries Access to Music Project, which is backed by M.I.T.
and financed by research money from the Microsoft Corporation, will
provide music from some 3,500 CD's through a novel source: the
university's cable television network.
The students say the system, which they plan to officially announce
today, falls within the time-honored licensing and royalty system under
which the music industry allows broadcasters and others to play
recordings for a public audience. Major music industry groups are
reserving comment, while some legal experts say the M.I.T. system mainly
demonstrates how unwieldy copyright laws have become. A novel approach to
serving up music on demand from one of the nation's leading technical
institutions is only fitting, admirers of the project say. The music
industry's woes started on college campuses, where fast Internet
connections and a population of music lovers with time on their hands
sparked a file-sharing revolution.
"It's kind of brilliant," said Mike Godwin, the senior
technology counsel at Public Knowledge, a policy group in Washington that
focuses on intellectual property issues. If the legal theories hold up,
he said, "they've sidestepped the stonewall that the music companies
have tried to put up between campus users and music
sharing."
Hal Abelson, a professor of computer science and engineering at M.I.T.,
called the system an imaginative approach that reflected the
problem-solving sensibility of engineering at the university.
"Everybody has gotten so wedged into entrenched positions that
listening to music has to have something to do with file sharing,"
he said. The students' project shows "it doesn't have to be that way
at all."
Mr. Winstein, a graduate student in electrical engineering and computer
science, described the result as "a new kind of library." He
said he hoped it would be a legal alternative to file trading that
infringes copyrights. "We certainly hope," he said, "that
by having access to all this music immediately, on demand, any time you
want, students would be less likely to break the law.'"
While listening to music through a television might seem odd, it is
crucial to the M.I.T. plan. The quirk in the law that makes the system
legal, Mr. Winstein said, has much to do with the difference between
digital and analog technology. The advent of the digital age, with the
possibility of perfect copies spread around the world with the click of a
mouse, has spurred the entertainment industry to push for stronger
restrictions on the distribution of digital works, and to be reluctant to
license their recording catalogues to permit the distribution of music
over the Internet.
So the M.I.T. system, using the analog campus cable system, simply
bypasses the Internet and digital distribution, and takes advantage of
the relatively less-restrictive licensing that the industry makes
available to radio stations and others for the analog transmission.
The university, like many educational institutions, already has blanket
licenses for the seemingly old-fashioned analog transmission of music
from the organizations that represent the performance rights, including
the American Society of Composers, Authors and Publishers or Ascap, the
Broadcast Music Inc. or B.M.I., and Sesac, formerly the Society of
European Stage Authors and Composers.
If that back-to-the-future solution seems overly complicated, blame
copyright law and not M.I.T., said Jonathan Zittrain, who teaches
Internet law at Harvard and is a director of the university's Berkman
Center for Internet and Society. The most significant thing about the
M.I.T. plan, he said, is just how complicated it has to be to fit within
the odd boundaries of copyright law.
"It's almost an act of performance art," Mr. Zittrain said. Mr.
Winstein, he said, has "arrayed the gerbils under the hood so it
appears to meet the statutory requirement" - and has shown how badly
the system of copyright needs sensible revamping.
Representatives of the recording industry, including the Recording
Industry Association of America, Ascap and B.M.I., either declined to
comment or did not return calls seeking comment.
Although the M.I.T. music could still be recorded by students and shared
on the Internet, Professor Abelson said that the situation would be no
different from recording songs from conventional FM broadcasts. The
system provides music quality that listeners say is not quite as good as
a CD on a home stereo but is better than FM radio.
M.I.T. students, faculty and staff can choose from 16 channels of music
and can schedule 80-minute blocks of time to control a channel. The
high-tech D.J. can select, rewind or fast-forward the songs via an
Internet-based control panel. Mr. Winstein and Mr. Mandel created the
collection of CD's after polling students.
Mr. Winstein said that the equipment cost about $10,000, and the music,
which was bought through a company that provides music on hard drives for
the radio industry, for about $25,000. Mr. Winstein said they were making
the software available to other colleges.
Students have been using a test version for months, and Mr. Winstein said
the system was still evolving. The prototype, for example, shows the name
of the person who is programming whatever 80-minute block of music is
playing. Mr. Winstein said he once received an e-mail message from a
fellow student complimenting him on his choice of music (Antonin Dvorak's
Symphony No. 8) and telling him "I'd like to get to know you
better." She signed the note, "Sex depraved
freshman."
Mr. Winstein, who has a girlfriend, politely declined the offer, and said
he realized that he might need to add a feature that would let users
control the system anonymously.
*******************************
Associated Press
Song-Sharing Web Site in South Korea Fined
Fri Oct 24, 1:39 PM ET
SEOUL, South Korea - The operators of a Korean-language Web site that
allows users to share songs free of charge were convicted Friday of
aiding and condoning copyright violations.
The District Civil Court in Suwon, south of Seoul, imposed a fine of 19.6
million won ($17,000) on Yang Jung-hwan and his brother, Il-hwan, who
created the file-sharing Web site Soribada "Sea of Sound"
in Korean in 2000.
Soribada provided software and a computer server to aid illegal
song-sharing among its users, and thus violated copyright owners'
"rights to reproduce and transmit" songs, said judge Kim
Sun-hye, who presided over a civil suit.
The brothers face a separate criminal lawsuit. If they are convicted
there of the same charges, they could face up to five years in jail.
The Yangs offered no immediate comment on Friday. They earlier denied any
wrongdoing.
Soribada enables users to search each other's computers for music files
and download them.
Such exchanges are popular in South Korea (news - web sites), where 70
percent of homes have high-speed broadband Internet access that allows
users to download a song in less than half a minute.
Local music labels filed suits in 2001. They say they have lost millions
of dollars in album sales because of Soribada, which has an estimated 4.5
million users.
The Yangs say their Web site only provides private channels of
communication and that they cannot control or monitor users' activities
and should not be held responsible.
A Seoul criminal court threw out the case against the duo in May, saying
prosecutors failed to state how the brothers violated copyright laws.
Prosecutors later revived their case with more evidence, and the criminal
lawsuit continues.
*******************************
Federal Computer Week
EPA blasts e-rulemaking audit
BY Sara Michael
Oct. 24, 2003
Environmental Protection Agency officials questioned the timing for an
audit of an e-rulemaking initiative that had been running for only a few
weeks at the time of the review.
The General Accounting Office released a report this week on
Regulations.gov, an EPA-managed initiative which allows agencies to
electronically publish regulations and seek public comment. The
Regulations.gov site, the report said, received few public comments, made
navigation difficult and did not provide electronic access to supporting
materials.
GAO officials conducted the audit between February and April 2003, just
after Regulations.gov was launched in the last week of January.
"It's unfortunate that the timing was when it was," said the
EPA's chief information officer Kim Nelson. "We didn't have time to
really roll it out. When you roll out a computer system you can roll them
out in phases. So it's a little odd that the timing was when it
was."
The first phase was an interim system that only handled comments from
regulations coming from the EPA headquarters, Nelson said. Subsequent
phases would incorporate field offices.
"[The GAO] shows a number of filings or notices or regs were not
available for elect comment submissions," Nelson said. "All the
ones they found were in the regions, and they hadn't been a part of the
rollout of the early phase of the system."
Many of the enhancements recommended by GAO had already been identified
by EPA officials for later Regulations.gov installments, she said. The
most effective audits are conducted one or two years -- not two weeks --
into a system's operation, Nelson said.
"It does a disservice of the overall goal here," Nelson said of
the audit. "To question now the validity of that system only serves
to undermine the progress we are making. It would be certainly doing a
disservice to the citizen if the project were slowed down because someone
wants to question the decisions made."
Some outside observers have wondered why the EPA was selected as the
managing partner for the initiative when the agency's own E-Docket system
had flaws. But an independent analysis last year of the EPA and about a
half dozen other agencies showed the EPA's project was the closest to
meeting Regulations.gov's requirements, Nelson said.
*******************************
Federal Computer Week
E-authentication architecture due in December
BY Diane Frank
Oct. 23, 2003
Look for draft architecture by mid-December to replace the original
concept of a gateway to secure agencies' electronic transactions, the
person overseeing the administration's E-Authentication initiative said
this week.
Officials recently convened a technology advisory council to look at the
state of the authentication industry, from passwords to public-key
infrastructure. That council's new architecture working group will meet
for the first time next week, said Steve Timchak, director of the
E-Authentication initiative at the General Services Administration this
week.
"We need to begin to look at an authentication architecture rather
than a central gateway," Timchak said, speaking at the Federal
Information Assurance Conference in College Park, Md.
A prototype gateway is already in use at the Social Security
Administration, but officials found that they had to develop custom code
for every agency application that needed to use the gateway -- and that
was just not feasible, Timchak said.
The General Accounting Office last week issued a report criticizing
delays in the deployment of the gateway and the GSA-led team's plans for
buying the solution. Following up on the report, Rep. Tom Davis (R-Va.),
chairman of the House Government Reform Committee, issued a letter to GSA
Administrator Stephen Perry outlining his concerns that E-Authentication
delays could ripple through e-government work at all federal
agencies.
Moving to the draft architecture should make it much easier for agencies
to develop their own authentication measures for initiatives and
services, Timchak said.
"I think this is an important step," he said. "It provides
a standard application programming interface that agencies can map to --
the E-Authentication Gateway did not afford us that opportunity...We
think that we are at the point where there is sufficient interoperability
in a number of products that we can run with it."
Officials with the E-Authentication program are working with the National
Institute of Standards and Technology to develop an authentication
interoperability lab that can test products and publish a list of those
that will work together, Timchak said.
And commercial and government experts will form an Electronic
Authentication Council to develop identity management rules for areas
such as trust standards for credential issuers and third-party
credentials. The council's first meeting will be Dec. 10, Timchak
said.
*******************************
Government Computer News
10/24/03
Spectrum auctions could fund educational IT
By Joab Jackson
GCN Staff
Up to $5.4 billion in proceeds from the Federal Communications
Commission?s future sales of electromagnetic spectrum could go into
digital outreach under a bill sponsored by Sen. Christopher Dodd
(D-Conn.).
The Learning Federation of Washington, an educational technology R&D
consortium, said Sen. Richard Durbin (D-Ill.) and Sen. Olympia Snowe
(R-Maine) will cosponsor Dodd?s Digital Opportunity Investment Trust
bill, which calls for funding technologies that can place educational
materials online.
Dodd last year introduced a similar bill, S 2603, with Sen. Jim Jeffords
(I-Vt.). That bill never got out of committee.
This year?s legislation will be based on a report that Congress
commissioned in February. The report, Creating the Digital Opportunity
Investment Trust: A Proposal to Transform Learning and Training for the
21st Century, was prepared by the Learning Federation and the Federation
of American Scientists, a nonprofit policy advisory organization.
The report recommended funding digital outreach with 30 percent of the
proceeds from future spectrum auctions to wireless and broadcast
companies. The Learning Federation estimated total proceeds at about $18
billion.
The report recommended that the trust be managed by a nine-member board
that would disburse grants to public institutions, companies and
individuals. The National Telecommunications and Information
Administration would provide financial oversight.
The fund could form the foundation of educational technologies in much
the same way the National Science Foundation spurs new research in
science, said Larry Grossman, a former president of the news division of
NBC and a contributor to the report.
*******************************
Government Computer News
Online catalog will hold all federal forms
By Matt McLaughlin
A key component of the Business Gateway project, the eForms Catalog, will
compile all public federal forms into an online collection, according to
officials working on the project.
The General Services Administration, which is working with the Small
Business Administration on the project, one of the 25 Quicksilver
e-government initiatives, has awarded a $1.8 million, two-year contract
to Sytel Inc. of Bethesda, Md., to develop the catalog.
GSA is working on the eForms Catalog, while the SBA, the lead on the
project, develops the portal architecture.
The first step will be to list every government form for businesses and
citizensabout 7,100 in alland consolidate them, said Keith Thurston, the
assistant deputy associate administrator in GSA?s Office of E-Government
and Technology.
?Hopefully, we?ll never have to deal with 7,100 forms,? Thurston said.
?Over time, we hope to reduce the number.?
The development work will have three phases:
In Phase 1, Sytel will develop the basic portal and catalog over the next
four to six months, and agencies will populate it with forms.
Next, developers will build an engine for users to file forms
electronically.
In the third phase, project officials will add other services to the
portal.
The catalog will have a wizard interface that helps users determine which
forms to file. The wizard will prompt users to answer a series of
questions and then show them the appropriate forms. The technology is
similar to that of the Benefits.gov Web site, another Quicksilver
project, which determines government programs for which a user is
eligible by asking questions, Thurston said.
Users also will be able to search for forms grouped by category or by
agency.
Project officials said they hope the catalog will help agencies meet the
requirements of the Government Paperwork Elimination Act.
Most agencies failed to meet this month?s deadline for GPEA compliance,
but Thurston said the eForms Catalog will give them a ?technology boost.
One of the reasons why this was developed was because it helps agencies
comply with GPEA,? he said.
*******************************
Government Computer News
10/24/03
OMB backs off plans for central authentication gateway
By Jason Miller
GCN Staff
The administration is scrapping plans for its online E-Authentication
gateway, which had been touted as a cornerstone of e-government.
?E-Authentication is moving in a new technical direction that is not
centered around the development of a gateway," said Karen Evans, the
Office of Management and Budget?s administrator for e-government and IT.
The decision follows the release of a scathing General Accounting Office
report on the project and inquiries from lawmakers.
Evans would not elaborate on the new plans for E-Authentication.
Meanwhile, the General Services Administration, the project?s leader, has
come under fire from lawmakers, who want explanations about why the
Quicksilver project is not moving forward.
Rep. Tom Davis (R-Va.) recently asked GSA whether the project would be
completed by March, as planned, and if a delay in the gateway?s fielding
would have a domino effect on the other 24 Quicksilver e-government
initiatives.
In a letter to GSA administrator Stephen Perry earlier this month, the
chairman of the House Government Reform Committee requested a briefing on
GSA?s efforts to address E-Authentication?s problems, which were detailed
in the GAO report done for Davis.
?According to GAO, essential activities, such as developing
authentication profiles for the other 24 initiatives, have not been
completed,? Davis said. ?GSA also eliminated a step in the acquisition
process to award a new contract for the operational systems. This action
could mean the GSA will miss an opportunity to explore other potential
solutions for designing the gateway.?
GAO reported that GSA has reached few of its policy, procurement and
technology objectives for E-Authentication, which OMB has touted as the
central cog for e-government.
?The modest progress achieved to date calls into question the likelihood
that the project can successfully field an operational gateway, even
within the revised schedule,? noted the report, Electronic Government:
Planned E-Authentication Gateway Faces Formidable Development Challenges.
(see:
http://www.gao.gov/new.items/d03952.pdf)
GSA expected to finish the gateway last month, but OMB extended the
deadline to March. That deadline now might be irrelevant given the
changes planned for federal authentication.
GSA declined to comment on the letter from Davis.
Davis said his chief concerns stem from GAO?s finding that GSA?s project
schedule is unrealistic.
The auditors said GSA must:
Establish policies for consistency and interoperability among different
authentication systems and develop technical standards
Finish defining user authentication requirements for the 24 other
e-government projects. GSA said 12 have been completed
Deal with funding, security and privacy problems.
GAO does not believe the development work has been mishandled, but the
agency should take the time necessary, said John de Ferrari, an assistant
director in GAO?s Office of Information Management Issues. Developing
policy and achieving interoperability are GSA?s main hurdles, he
said.
*******************************
USA Today
New police cars equipped with voice recognition
By David Tirrell-Wysocki, The Associated Press
Posted 10/27/2003 10:00 AM
DURHAM, N.H. A police officer sees a bank robbery suspect speed by
and says "pursuit." Automatically, the cruiser's blue lights,
siren, flashing headlights and video camera turn on. The car also sends a
message to dispatch giving the location and saying the officer is chasing
someone.
This voice-recognition system is not a prototype it's on patrol in
New Hampshire today, and if the robbery scenario were to occur, officers
could keep their hands on the wheel and eyes on the road instead of
fiddling with switches, buttons, dials and microphones as they weave
through traffic.
It's called Project 54, after the 1960s police television comedy
"Car 54, Where Are You?," and its global positioning system
even answers the show title's question.
University of New Hampshire engineers started developing the system in
1999 after they witnessed the number of tasks officers perform behind the
wheel.
"To pull you over for doing one thing, they have to do 12 different
things," engineer Brett Vinciguerra said. "They have to turn
the lights on, turn the siren on, figure out where they are, pick up the
radio, turn on the video camera, radio in that they are pulling someone
over."
After two years of testing, state police have about 75 smart cruisers on
patrol, with several more added weekly. UNH and several surrounding
communities also use the smarter cars.
A system with similar goals is being developed by Visteon Corp. of
Dearborn, Mich. Called TACNET, a prototype is being tested by North
Carolina State Police and in Maryland, Michigan and California. It should
be on routine patrol this fall, said sales manager Jeff Pauley.
Users of Project 54 say it has transformed radio communications for them.
Instead of tapping a button to change channels, an officer now presses a
button on the steering wheel a reprogrammed cruise control
switch and tunes the radio to any community or troop station by
calling out its name.
The system uses a variety of standard voice-recognition programs, though
officers can still operate equipment by hand.
"Finding your channel out of 256 while you are trying to maneuver
around traffic and through traffic can be a little stressful," says
New Hampshire State Police Sgt. Mark Liebl, who has driven a smart
cruiser for two years as Project 54's main guinea pig.
UNH professor William Lenharth, the lead engineer, remembers the first
time he sat in Liebl's cruiser. The front seat was jammed with equipment,
and Liebl constantly reached away from the wheel.
"He said, 'I just feel around for things,'" Lenharth said.
"I'm thinking, 'This is really pretty bad.'"
Vincent Stile, president of the Association of Police Communications
Officials, kicked Project 54's tires at a recent convention and says he'd
recommend it widely.
"It's not a novelty," said Stile, head of radio operations for
the Suffolk County Police Department on Long Island, N.Y. "It should
be put into play."
The system was born out of a New Hampshire tragedy in 1997, when a gunman
killed two troopers, a part-time judge and a newspaper editor in the
remote town of Colebrook. As local, state, county and federal officers
from Vermont and New Hampshire tracked the killer, many couldn't talk to
each other by radio.
In response, agencies converted to digital systems to transmit voice and
data. Adding computers was a logical next step, but with so much
equipment already in cruisers, they had to consolidate. The program was
helped by $15 million in federal grants.
An increasing number of police agencies around the country have access to
FBI and other databases through wireless digital communications. Project
54 enhances that feature by allowing officers to interact by voice rather
than typing queries into a computer.
Liebl said getting driver or criminal records now is a cinch.
Previously, he radioed dispatch, waited his turn behind other calls, gave
a driver's license number or name and birthdate, waited for the
dispatcher to run the check, then either tried to remember the
information as the dispatcher read it back or stopped to jot it down.
Now, he hits the talk button, announces he wants a license check and
calls the license number into a microphone mounted near the visor. Within
eight seconds, the information is retrieved from the cruiser computer,
which verbally relays it and displays it on a screen mounted to his
right, below the dashboard.
Liebl said the process makes it easier, and safer, to keep an eye on a
suspect.
The heart of the UNH system is a small computer in a console between the
front seats, with several cigarette-pack-sized control boxes in the trunk
that let the computer communicate with the cruiser equipment.
Most of the hardware can be bought off the shelf at electronics and other
stores for about $4,000, Lenharth said.
Lenharth plans to license the software to police agencies for a couple
hundred dollars and hopes a police-equipment maker will step in to
mass-produce the controllers.
So far, it appears Project 54's only major alternative is Visteon's
TACNET system, which uses a slightly different format.
TACNET is built around two computers in the trunk, with a screen mounted
in the dash. Unlike Car 54, it can project information such as license
checks on the inside of the windshield so an officer can read it and
still keep an eye on a stopped driver.
But TACNET's equipment takes up valuable trunk space, making it
unacceptable for police agencies needing that real estate for spare tires
and other equipment.
Visteon plans to market its complete TACNET system for less than $10,000
per cruiser, Pauley said. He said Visteon may also seek to work with UNH.
Project 54's team of six faculty members and 14 graduate students
continues to work on enhancements.
Within a year, Vinciguerra said, officers will be able to send messages
or turn on cruiser equipment with a handheld device while outside their
cars. That would, for instance, allow a wounded officer who might be
unable to use a two-way radio to broadcast an automatic emergency
message.
Such a device might have saved a life in the 1997 New Hampshire incident
that prompted Project 54, as one mortally wounded trooper sought shelter
in a field when another drove up and was killed before he knew what was
happening.
*******************************
Wired News
Three R's: Reading, Writing, RFID
By Julia Scheeres
02:00 AM Oct. 24, 2003 PT
Gary Stillman, the director of a small K-8 charter school in Buffalo, New
York, is an RFID believer.
While privacy advocates fret that the embedded microchips will be used to
track people surreptitiously, Stillman said he believes that RFID tags
will make his inner city school safer and more efficient.
Stillman has gone whole-hog for radio-frequency technology, which his
year-old Enterprise Charter School started using last month to record the
time of day students arrive in the morning. In the next months, he plans
to use RFID to track library loans, disciplinary records, cafeteria
purchases and visits to the nurse's office. Eventually he'd like to
expand the system to track students' punctuality (or lack thereof) for
every class and to verify the time they get on and off school buses.
"That way, we could confirm that Johnny Jones got off at Oak and
Hurtle at 3:22," Stillman said. "All this relates to safety and
keeping track of kids.... Eventually it will become a monitoring tool for
us."
Radio-frequency identification tags -- which have been hailed as the
next-generation bar code -- consist of a microchip outfitted with a tiny
antenna that broadcasts an ID number to a reader unit. The reader
searches a database for the number and finds the related file, which
contains the tagged item's description, or in the case of Enterprise
Charter, the student's information.
Unlike bar codes, which must be manually scanned, RFID-tagged items can
be read when they are in proximity to a reader unit, essentially scanning
themselves. The school uses passive RFID tags that are activated when
radio waves from the reader reach the chip's antenna. (Active RFID tags
incorporate a battery that constantly broadcasts the chip's ID number and
are much more expensive.)
The technology has raised a ruckus in recent months, as companies such as
Wal-Mart move from bar codes to RFID to track merchandise and libraries
place the chips in books to streamline loans. Privacy advocates worry
that the technology will be used to track people without their knowledge.
But for Stillman, whose public school is located in a gritty Buffalo
neighborhood, RFID is about accounting for the whereabouts of his charges
and streamlining functions.
"Before, everything was done manually -- each teacher would take
attendance and send it down to the office," he said. "Now it's
automatic, and it saves us a lot of time."
The charter school's 422 students wear small plastic cards around their
necks that have their photograph, name and grade printed on them, and
include an embedded RFID chip. As the children enter the school, they
approach a kiosk where a reader activates the chip's signal and displays
their photograph. The students touch their picture, and the time of their
entry into the building is recorded in a database. A school staffer
oversees the check-in process.
The school spent $25,000 on the ID system. The $3 ID tags students wear
around their necks at all times incorporate the same Texas Instruments
smart labels used in the wristbands worn by inmates at the Pima County
jail in Texas. Similar wristbands are used to track wounded U.S. soldiers
and POWs in Iraq and by the Magic Waters theme park in Illinois for
cashless purchases.
But the Buffalo school is believed to be the first facility to use the
technology to identify and track children.
Stillman was tipped off to RFID by the vice principal's husband, who
works at a Buffalo Web design studio that is partnered with Intuitek, the
company that designed the school's system.
Stillman originally wanted the RFID tags sewn directly into the students'
uniforms, but teachers feared that the kids might simply swap uniforms to
dupe the system, so he decided to have students wear the picture tags
around their necks instead.
Privacy experts expressed dismay at the idea of using RFID tags on
children.
"I think the Buffalo experiment is getting children ready for the
brave new world, where people are watched 24/7 in the name of
security," said Richard Smith, an Internet privacy and security
consultant. "My main concern is that once we start carrying around
RFID-tagged items on our person such as access cards, cell phones,
loyalty cards, clothing, etc., we can be tracked without our knowledge or
permission by a network of RFID readers attached to the Internet."
Lee Tien, an attorney at the Electronic Frontier Foundation -- who has
vehemently opposed a San Francisco Public Library Commission plan to use
the chips to track its inventory -- was also critical of the program.
"In general, all person-location-tracking technologies raise privacy
issues, from hiding beepers on people's cars or in people's clothing to
video surveillance," Tien said. "Insecure location-tracking
technologies raise the further question of who is tracking, as well as
who has access to any tracking records kept by the system."
Intuitek President David M. Straitiff said his company built privacy
protections into the school's RFID system, including limiting the reading
range of the kiosks to less than 20 inches and making students touch the
kiosk screen instead of passively being scanned by it. He pooh-poohed the
notion that the system would be abused.
"(It's) the same as swiping a mag-strip card for access control, or
presenting a photo ID badge to a security guard, both of which are
commonplace occurrences," Straitiff said.
Additionally, Stillman said that the RFID-linked databases would require
separate passwords to access students' disciplinary, attendance, health,
library and cafeteria records.
"It's as private as anything else can be when your information is
stored on a server," he said.
*******************************
Wired News
Feds to Fight Digital TV Piracy
By Reuters
11:21 AM Oct. 22, 2003 PT
The Federal Communications Commission will likely adopt rules that will
allow programmers to attach a code to digital broadcasts that will in
most cases bar consumers from sending copies of popular shows around the
world, said the officials, who declined further identification.
The approval, expected as early as next week, would be another step along
the long road to the higher-quality, crisper digital signals, which have
been slowed because of worries about piracy, high-priced equipment and
limited available programming.
An agency spokeswoman declined to comment on when the five commissioners
would vote on the issue.
Consumer advocates have warned that consumers will have to buy new DVD
players if they want to play programs that have been recorded on machines
that recognize the digital flag. But agency officials stressed that
always happens when new technology hits the market.
"It will simply prevent consumers from illegal piracy, from mass
distribution over the Internet, which is the problem with the music
file-sharing," Kenneth Ferree, head of the FCC's media bureau, said.
Consumers will still be able to make unlimited copies of their favorite
shows and watch them in various rooms of their homes, but they will not
be able to send them over unsecured networks until protections are
established.
"Why should anyone in the world buy if it's on the Internet?"
said Andrew Setos, president of engineering at News Corp.'s Fox
Entertainment Group.
Initially, the FCC is aiming for a relatively open process for approving
equipment that will read encrypted shows, officials said, and the agency
will likely retain some oversight along the way to help ensure a fair
review of new technologies.
Programmers had wanted a role in approving television equipment to ensure
that security features were robust enough. But some technology companies,
such as Microsoft had worried they would be shut out from developing new
ways to deliver protected digital content.
IBM has been developing technology so that someday consumers will be able
transmit shows over secured networks, such as between their homes and
offices.
Television set makers hope to begin installing the necessary equipment
for the broadcast flag in new sets to go on sale next year.
"As a solution for addressing the single narrow problem of Internet
redistribution, this is a pretty good solution," said Dave Arland, a
spokesman for Thomson, which manufactures RCA television sets.
But consumer advocates warn that it would make obsolete 50 million DVD
players already in Americans' homes.
"If a consumer records a program on a new Broadcast Flag-equipped
machine and then tries to take that program and play it on Grandma's
older DVD player, it's just not going to work," said Chris Murray,
legislative counsel for Consumers Union.
*******************************
MSNBC
Black Box Voting Blues
Electronic ballot technology makes things easy. But some
computer-security experts warn of the possibility of stolen
elections
Time Magazine Article
Nov. 3 issue After the traumas of butterfly ballots and
hanging chad, election officials are embracing a brave new ballot: sleek,
touch-screen terminals known as direct recording electronic voting
systems (DRE). States are starting to replace their Rube Goldbergesque
technology with digital devices like the Diebold Accu-Vote voting
terminal. Georgia uses Diebolds exclusively, and other states have spent
millions on such machines, funded in part by the 2002 federal Help
America Vote Act. Many more terminals are on the way.
UNFORTUNATELY, THE machines have ?a
fatal disadvantage,? says Rep. Rush Holt of New Jersey, who?s sponsoring
legislation on the issue. ?They?re unverifiable. When a voter votes, he
or she has no way of knowing whether the vote is recorded.? After you
punch the buttons to choose your candidates, you may get a final screen
that reflects your choicesbut there?s no way to tell that those choices
are the ones that ultimately get reported in the final tally. You simply
have to trust that the software inside the machine is doing its
job.
It gets scarier. The best
minds in the computer-security world contend that the voting terminals
can?t be trusted. Listen, for example, to Avi Rubin, a computer-security
expert and professor at Johns Hopkins University who was slipped a copy
of Diebold?s source code earlier this year. After he and his students
examined it, he concluded that the protections against fraud and
tampering were strictly amateur hour. ?Anyone in my basic security
classes would have done better,? he says. The cryptography was weak and
poorly implemented, and the smart-card system that supposedly increased
security actually created new vulnerabilities. Rubin?s paper concluded
that the Diebold system was ?far below even the most minimal security
standards.? Naturally, Diebold disagrees with Rubin. ?We?re very
confident of accuracy and security in our system,? says director of
Diebold Election Systems Mark Radke.
After Rubin?s paper appeared,
Maryland officialswho were about to drop $57 million on Diebold
devicescommissioned an outside firm to look at the problem. The resulting
report confirmed many of Rubin?s findings and found that the machines did
not meet the state?s security standards. However, the study also said
that in practice some problems were mitigated, and others could be fixed,
an attitude Rubin considers overly optimistic. ?You?d have to start with
a fresh design to make the devices secure,? he says.
In the past few months, the
computer- security community has been increasingly vocal on the problems
of DRE terminals. ?I think the risk [of a stolen election] is extremely
high,? says David Dill, a Stanford computer scientist. The devices are
certified, scientists say, but the process focuses more on making sure
that the machines don?t break down than on testing computer code for
Trojan horses and susceptibility to tampering. While there?s no evidence
that the political establishment actually wants vulnerable machines, the
Internet is buzz-ing with conspiracy theories centering on these ?black
box? voting devices. (The biggest buzz focuses on the 2002 Georgia
gubernatorial election, won by a Republican underdog whose win confounded
pollsters.) Suspicions run even higher when people learn that some of
those in charge of voting technology are themselves partisan. Walden
O?Dell, the CEO of Diebold, is a major fund-raiser for the Bush
re-election campaign who recently wrote to contributors that he was
?committed to helping Ohio deliver its electoral votes for the president
next year.? (He later clarified that he wasn?t talking about rigging the
machines. Whew.)
To remedy the problem,
technologists and allies are rallying around a scheme called verifiable
voting. This supplements electronic voting systems with a print-out that
affirms the voter?s choices. The printout goes immediately into a secure
lockbox. If there?s a need for a recount, the paper ballots are tallied.
It?s not a perfect system, but it could keep the machines honest. If
Representative Holt?s proposed Voter Confidence Act is passed,
verification will be the law of the land by the 2004 election, but
prospects are dim, as the committee chairman, Bob Ney of Ohio, is against
it.
Critics of verifiable voting do have
a point when they note that the printouts are susceptible to some of the
same kinds of tricks once played with paper ballots. But there?s a
promise of more elegant solutions for electronic voting that are private,
verifiable and virtually tamperproof. Mathematician David Chaum has been
working on an ingenious scheme based on encrypted receipts. But whatever
we wind up using, it?s time for politicians to start listening to the
geeks. They start from the premise that democracy deserves no less than
the best election technology possible, so that the vote of every citizen
will count. Can anyone possibly argue with that?
*******************************