[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips November 10, 2003



Clips November 10, 2003

ARTICLES

Gore Criticizes Expanded Terrorism Law
U.N. Internet summit faces divisions
Broadcasters want new power to fight piracy but advocacy groups cry foul
Internet Posting Threatened to 'Kill Everyone' at Broad Run High
ICANN: Steady as She Goes
House bill beefs up Defense R&D
Kansas auditors crack 1,000 passwords
Guarding the borders
SAIC gives border agents X-ray vision
DHS tech group goes full throttle
Students aren't using info technology responsibly
Legal battle may block multimedia on Web
Wal-Mart Plan Could Cost Suppliers Millions [RFID]

*******************************
New York Times
November 10, 2003
Gore Criticizes Expanded Terrorism Law
By CATE DOTY

WASHINGTON, Nov. 9  Former Vice President Al Gore called on Sunday for a repeal of the law expanding counterterrorism powers, calling it a "terrible mistake" for its effect on civil liberties.

During a speech in which he condemned President Bush's fight against terror, Mr. Gore said: "I want to challenge the Bush administration's implicit assumption that we have to give up many of our traditional freedoms in order to be safe from terrorists. It is simply not true."

Speaking before a crowd of about 3,000 at Constitution Hall, across the street from the White House, Mr. Gore admonished the Bush administration for what he called "unprecedented secrecy and deception" in dealing with the Congress and the public.

But his sharpest remarks focused on how the administration was dealing with civil liberties for immigrants and foreign citizens. He said the administration needed to stop detaining American citizens indefinitely without charges. He was also critical of the treatment of immigrants, like Anser Mehmood, a Pakistani who had overstayed his visa, who was arrested less than a month after the Sept. 11 attacks and deported eight months after his detainment.

"Such a course of conduct is incompatible with American traditions and values," Mr. Gore said.

Saying the detainees at Guantánamo Bay should be given hearings, Mr. Gore asked, "If we don't provide this, how can we expect American soldiers to be treated with equal respect?" He also said President Bush should seek Congressional approval for military commissions that would replace civilian courts.

In the speech, which was sponsored by the progressive group MoveOn.org and the American Constitution Society, a liberal lawyers organization, Mr. Gore spoke with animation, wagging his finger at the audience and shaking his head when audience members yelled, "Run, Al!" imploring him to seek the presidency again.

He said President Bush had used the fight against terrorism and the war in Iraq as political bargaining tools, saying, "They have exploited public fears for partisan political gain and postured themselves as bold defenders of our country."

Congressional Democrats have repeatedly called for a softening of the antiterrorism law, the USA Patriot Act, or the repeal of parts of it. But Mr. Gore, who referred to himself as a "recovering politician," is one of the few high-profile Democrats to call for a complete elimination of the act.

"I have studied the Patriot Act and have found that along with its many excesses, it contains a few needed changes in the law," he said. "And it is certainly true that many of the worst abuses of due process and civil liberties that are now occurring are taking place under the color of laws and executive orders other than the Patriot Act.

"Nevertheless, I believe the Patriot Act has turned out to be, on balance, a terrible mistake."
*******************************
Seattle Post Intelligencer
Monday, November 10, 2003
U.N. Internet summit faces divisions
By ANICK JESDANUN
THE ASSOCIATED PRESS

UNITED NATIONS -- Who controls the Internet and how richer nations should subsidize its growth in poorer countries are central issues dividing planners a month ahead of the first U.N. summit on information technology.

More than 50 heads of states have confirmed their attendance for the Dec. 10-12 meeting in Geneva but there's still no agreement on what they'll be asked to consider.

So government, business and civic representatives are convening today in the Swiss city to try to narrow differences over such contentious issues as government oversight of online media that several rounds of talks failed to overcome.

With expectations low that much of substance can be achieved at what has been christened the World Summit on the Information Society, organizers are stressing the complexity of the issues.

Even setting broad guidelines on governance of the global yet massively decentralized Internet is a huge challenge, they say.

"Probably what will happen is more a sketch of what needs to be done," said Nitin Desai, special adviser to the summit for U.N. Secretary-General Kofi Annan.

At the Geneva summit, world leaders are to approve a statement of ideals and adopt goals. A second and final phase of the summit is set for Tunisia in November 2005.

Some countries, particularly newcomers to the Internet, worry that their voices could get lost.
*******************************
Associated French Press
Broadcasters want new power to fight piracy but advocacy groups cry foul
Mon Nov 10, 1:24 AM ET

GENEVA (AFP) - The news clip of Saddam Hussein (news - web sites)'s statue falling or the re-run of a movie classic such as "Stagecoach" may be given extra protection from piracy in a move that advocacy groups say will hamper people's right to enjoy television and the Internet.


Authors and musicians are also worried this proposed broadcaster treaty will create unfair rights for anyone who simply transmits their hard work.


But the broadcasters argue that they need more international muscle to fight the illicit copying of their output, and deserve greater rewards for the money and time they invest in airing programmes.


"In this day and age of digitalisation there is inadequate protection against the unfair and unauthorised exploitation of broadcast signals," said Benjamin Ivins, a senior associate and general counsel for the US National Association of Broadcasters (NAB).


Broadcasters have certain international protection under the Rome Convention passed in 1961.


"But it lacks protection on cable retransmission which is now one of the most usual ways to broadcast material," explained Tom Rivers, a legal advisor to the Association for Commercial Television in Europe, which has 22 members including News Corp's British Sky Broadcasting.


"Also, there is no protection for the exploitation of broadcast material in the digital environment," he said.


Over the past six years members of the World Intellectual Property Organisation (WIPO), including the United States, European Union (news - web sites) and Japan have offered proposals for a new treaty to update broadcasters' rights.


And, in what some described as the first sign of real progress, WIPO states agreed at a meeting earlier this week to regroup in June, by which time they hope to have a single draft of the treaty.


This should lead to a conference by mid-2005 in which the new rules may be finalised -- an alarming prospect for many non-governmental organisations (NGOs) that strongly oppose the idea.


"The treaty restricts the ability to record music and films," declared James Love, a director at US advocacy group Consumer Project on Technology.


"It is an unwanted layer on top of copyright," he told a news conference after attending the two-day broadcaster meeting at WIPO headquarters in Geneva.


The proposals under discussion would give a new 50-year right over material in the public domain -- such as news clips or the broadcast of a classic movie, he and fellow activist Cory Doctorow, director of a second NGO, Electronic Frontier Foundation, explained.


They may also support the technology that encrypts broadcasts to stop people from recording a TV show at home and watching it at a friend's house, they told reporters.


And, because the definition of a broadcaster is unclear, the treaty could grant protection to web-casters, generating a whole new class of right holders.


"It should never become a treaty, we are totally opposed," Love said.


But NAB's Ivins dismissed their fears as "totally wrong."

  



True, the rules would give broadcasters a 50-year right over the actual broadcast of a movie that is no longer protected by copyright, but anyone could make their own copy from the original version for commercial reproduction.

As for restricting home entertainment, Ivins said that copyright laws typically contain an exception for personal use.

And, while the United States had suggested extending the scope of the treaty to include broadcasts over the Internet, it was just a proposal, he reasoned.

The WIPO discussions have also unnerved artists and the film and music industry who want assurances that any new broadcaster-protection would not conflict with their existing copyright.

"The rights are in no way designed to affect content," said Ivins.

On the contrary, they would boost protection for everyone while also recognising the broadcaster's "time, effort and financial contribution."
*******************************
Washington Post
Internet Posting Threatened to 'Kill Everyone' at Broad Run High
Sunday, November 9, 2003; Page LZ03

Loudoun County authorities were investigating a Broad Run High School student who allegedly posted a message on an Internet site threatening to "kill everyone" at his school.

Kraig Troxell, the Loudoun sheriff's spokesman, said Friday that no charges had been filed against the 17-year-old but that investigators were reviewing the case with prosecutors.

According to an affidavit for a search warrant filed in Loudoun County Circuit Court, the Internet posting said, "I would just like to say that Wednesday morning, I'm bringing a gun to school, and I will kill everyone there." The message specifically threatened the Ashburn school's two assistant principals and its security chief.

Troxell said school administrators learned about the posting Tuesday and alerted the school resource officer, who told the Sheriff's Office. By then, the message had been removed from the Web site, but investigators were able to track its origin through records from Internet providers, according to the affidavit written by sheriff's investigator Ken Fognano.

A school employee also gave papers to investigators the teenager had written that contained similar threats, according to the affidavit. One contained the heading "Administrators I hate and want to kill" and identified two school officials.

The student was questioned by investigators but released to his parents, Troxell said.

School officials searched the school thoroughly Tuesday night, and classes took place as usual Wednesday, a schools spokesman said.

The student's home in Sterling was searched Wednesday morning, but investigators had not filed court documents indicating whether any items were seized.

The Web site was not created on the student's home computer, according to the affidavit, but rather on a computer at an Ashburn home. Investigators also sought a warrant to search that home.
*******************************
Washington Post
ICANN: Steady as She Goes
Monday, November 10, 2003; 12:00 AM

For years the leaders of the Internet Corporation for Assigned Names and Numbers (ICANN) have tried to convince the press and the public that their activities were no big deal.

Early on, ICANN staffers would fire off bristling e-mails if reporters referred to the group -- which oversees the Internet's addressing system -- as "powerful" or "influential." They insisted, despite ICANN's role in determining the rules for the dot-com world, that it did not warrant the hand-wringing people devoted to it.

For a group that would rather do its work from within the comparative anonymity of the world's "technical community," 2003 has been a good year.

On Halloween, ICANN wrapped up its third and final meeting of the year in Tunisia. In contrast to past years' events, most of the journalists who covered it worked for local outlets. U.S. and European press mostly stayed home, tuning into Web-based video of the event and dialing in for a pair of ICANN-sponsored conference calls.

Cloistered in a luxury hotel in Carthage, ICANN directors approved a pair of resolutions intended to increase the number of Internet domains (like dot-com and dot-net) Internet users can choose from when registering a Web address. The group also finalized policy decisions on existing domains dot-info and dot-pro.

ICANN takes the relative quiet surrounding its activities as a sign that critics' concerns about the transparency of its internal management have been addressed. At first, the group fielded tough criticism over changes it made to its board of directors, including the removal of some publicly elected positions that represented the Internet's users.

Miami University law professor and longtime ICANN critic Michael Froomkin has another explanation for ICANN's general absence from the spotlight.

"They've vanquished any vestige of democracy," Froomkin said. "Most of the critics have gone now. There comes a point where you just stop beating your head against the wall."

Some of ICANN's 2003 highlights:

-March: ICANN chooses Australian businessman Paul Twomey to replace outgoing President Stuart Lynn. An entrepreneur and former government official, Twomey is a contrast to Lynn and his predecessor Mike Roberts, who both came from the educational arena.

-July: U.S. senators question ICANN's governance process in a hearing. Sen. Conrad Burns (R-Mont.) contends that a lack of accountability within ICANN jeopardizes Internet security.

-September: ICANN inks a three-year deal with the Commerce Department to continue its stewardship of the Internet's addressing system, much of which remains under the U.S. government's ultimate control.

-September: ICANN convinces VeriSign Inc. to shut down -- at least temporarily -- its controversial Site Finder service, which redirects users who mistype Internet addresses to a VeriSign-operated search page.

-October: ICANN passes measures intended to increase the number of domain extensions (like dot-com and dot-net) available to Internet users.

Next year, the group will have to deal with privacy concerns surrounding the "whois" database, which provides the contact information for Internet address holders. The group also will work to expand the availability of Internet addresses that use non-English characters (Chinese, Arabic, Russian, etc.) and will smooth out rules regarding domain name transfers.

ICANN also will continue its governance reform process, attempting to bring the Internet public into the fold by organizing regional "at-large" groups. Many critics are watching closely to see how and if ICANN brings the voice of the public into its decision-making process.
*******************************
Government Computer News
House bill beefs up Defense R&D
By Dawn S. Onley
November 7, 2003

The House today approved its final version of the combined $401.3 billion Defense authorization bill. It emphasizes transforming the military after what some legislators term years of neglect.

The bill, approved by a margin of 362 to 40, covers DOD and the Energy Department?s national security programs. It approves several controversial provisions that were held up in House-Senate negotiations for weeks, such as ?Buy American? incentives and a provision allowing the Air Force to lease 20 tankers from Boeing Co. and buy 80 more.

The Senate will vote on the bill next week. Then it will go to President Bush for final approval.

?We are slowly but surely transforming and rebuilding our military after years of neglect by the previous administration,? said Rep. Duncan Hunter, (R-Calif.), chairman of the House Armed Services Committee. ?Much remains to be done to counter years of cuts to procurement accounts, force structure and readiness.?

The House measure raises spending by more than $12 billion over fiscal 2003 for procurement, operation, maintenance, research, development, testing and evaluation.

The Buy American legislation, proposed by Hunter, initially sought to mandate that 65 percent of all defense products purchased by the Pentagon must come from U.S. manufacturers, compared with 50 percent under current law.

The House compromised on that provision, but the key modifications have not yet been posted. Other components of the authorization bill approved by the House include:


$10.7 billion for Defense science and technology


A 4.1 percent pay raise for troops


Reforms to the government procurement system, which would let all federal agencies, not just DOD, take non-contract approaches to research and develop new technology prototypes to fight terrorism.
*******************************
Government Computer News
Kansas auditors crack 1,000 passwords
By Wilson P. Dizard III
November 7, 2003

The Kansas Health and Environment Department has serious IT security and disaster recovery problems, the state?s legislative auditor has found. The auditors said they used password-cracking software to decipher more than 1,000 of the department?s passwordsincluding several administrative passwordsor 60 percent of the total, in three minutes.

The department began fixing the security weaknesses and other problems found in its systems as soon as it learned of them, department secretary Roderick L. Bremby said in response to the report.

?The department?s antivirus system was badly flawed, allowing computers to become infected with a large number of different viruses, worms and Trojan horses,? said the report, Kansas Department of Health and Environment Information Systems: Reviewing the Department?s Management of Those Systems.

?The department?s firewall was poorly configured, creating several large holes in and out,? the report said. Auditors found that the department lacked or failed to enforce many basic security policies, such as procedures for incident response, physical security, configuration documentation and former-user account deletion. They also found several major problems with security planning.

The auditors concluded that the department lacked the tools necessary to recover from a disaster and said the plan, left over from the year 2000 rollover, ?would be nearly useless in a disaster.?

In response to the auditors? recommendations, the department hired FishNet Security Inc. of Kansas City, Mo., for a complete vulnerability assessment.

In response to the auditors? recommendations to overhaul systems security and other IT problems, Bremby wrote, ?All recommendations will be ranked and prioritized by risk, and deadlines will be established to complete all recommendations as quickly as possible.? He encouraged the auditors to conduct a second review within a year.
*******************************
Federal Computer Week
Guarding the borders
BY Judi Hasson
Nov. 10, 2003

The following technology is used at the U.S./Mexican border to inspect vehicles and process visitors.

* Radiation isotope identification device: Handheld tool used to scan vehicles for materials that emit radiation.

* Radiation-detection pagers: Worn by border agents to pick up radiation emissions.

* Cargo truck X-rays: Giant machines that take X-ray pictures of vehicles.

* Fiber-optic scopes: Allow border agents to peer into gas tanks.

* Vehicle and cargo inspection systems: Bombard vehicles with gamma rays that take a "picture" of what is inside a vehicle.

* Interagency Border Inspection System: A master database of law enforcement files on criminals and suspects shared by law enforcement agencies.

* Fingerprint biometrics: Fingerprint images embedded in visa cards and passports for comparison with an individual's prints.

* U.S. Visitor and Immigrant Status Indicator Technology: New system under development that will use biometric tools and database information to track when foreign visitors enter and leave the United States.

***

Otay Mesa Port of Entry

Here is a breakdown of the types of traffic crossing the border checkpoint at Otay Mesa, Calif., near San Diego.

Conveyance arrivals Fiscal 2002

Trucks* 725,710

Buses 69,847

Passenger vehicles 3,868,417

Trains 228

Rail containers 3,629

Private aircraft 3,244

Person arrivals

Via truck* 725,710

Via bus 584,896

Via passenger vehicle 8,210,513

On foot (pedestrians) 1,830,903

Via trains 456

Via private aircraft 11,819

Totals

All conveyances 4,671,075

All people 11,364,297

* Trucks were also crossing at the San Ysidro port in 1999.

Source: U.S. Bureau of Customs and Border Protection
*******************************
Federal Computer Week
SAIC gives border agents X-ray vision
BY Judi Hasson
Nov. 10, 2003

The border agents in Otay Mesa, Calif., are equipped with technology manufactured by Science Applications International Corp. that allows them to virtually look inside a truck by capturing an image on a computer of what is there. That has proven to be an invaluable tool to inspect the 3,000 trucks heading from Mexico to the United States daily.

"A first-time importer is automatically going to get stopped for a secondary search," said Patrick Talese, assistant port director in Otay Mesa. Other signs are also used to flag suspicious cargo for extra scrutiny, he said.

That secondary search is conducted using SAIC's Vehicle and Cargo Inspection System (VACIS). U.S. Bureau of Customs and Border Protection officials have purchased 127 of these devices for about $1 million each and are using them at both the northern and southern borders to inspect the contents of trucks, railroad cars and ship containers.

"It is a way to get inside a truck without unloading it," Talese said. Although the Otay Mesa port and others had X-ray technology to take a picture of a truck, customs officials pushed ahead with expanding the VACIS program after the Sept. 11, 2001, attacks, he said.

The technology is housed in a container that emits a narrow beam of gamma rays. The beam penetrates a moving object, such as a rail car or truck. The particles emerging from the vehicle are captured by a computer and read, generating an image similar to an X-ray.

But that's where the similarity ends. SAIC has developed software that can analyze images to determine if there is something fishy about a vehicle's contents  a round object, for example, when everything else is square; a false wall that might hide contraband or illegal aliens; or material that shows up denser in the picture than the rest of the cargo.

The inspection takes sec-onds, and the image is stored in a computer database in the event of a problem later.

Since it has been deployed, the system has inspected nearly 2 million commercial shipments, according to Douglas Browning, deputy commissioner for Customs and Border Protection, which is part of the Homeland Security Department.

Without this kind of Superman vision, it could take hours to inspect and clear cargo, delaying retail goods or complicating the delivery of fresh fruit and vegetables before they rot. Customs officials are working to keep the goods moving.

"A two-hour delay for a truck is very costly," Talese said. "We're not here to stop the economy."
*******************************
Federal Computer Week
DHS tech group goes full throttle
Moves fill R&D jobs for anti-terror tech
BY Diane Frank
Nov. 10, 2003

Officials in the Homeland Security Department's Science and Technology Directorate are moving ahead at warp speed to fill every position and devote all their energies to developing new kinds of tools in the war against terrorism.

Other parts of DHS are still figuring out how they fit together under the DHS umbrella, but the directorate is almost fully staffed. That includes experts in the lead positions, such as the directors of the portfolios that deal with border and transportation security, intelligence analysis and critical infrastructure, and emergency preparedness and response.

"I am pleased to report that all key offices of the Science and Technology Directorate are operational," said Penrose "Parney" Albright, assistant secretary for science and technology. He testified Oct. 30 before the House Homeland Security Committee's Cybersecurity, Science, and Research and Development Subcommittee.

That coordination is particularly important for the Coast Guard and Secret Service, which are still independent entities under the department. "Things will overlap," said Rep. Mac Thornberry (R-Texas), subcommittee chairman.

"It is...important that the [Science and Technology] Directorate get it right, maintain a sense of urgency and establish partnerships with the public and private sectors to make sure we are tapping into the very best ideas, products and research," he said.

So far, the portfolio coordination approach is working, Albright said.

For example, the rest of the department is not interested in research into new kinds of boats for the Coast Guard or ways the Secret Service can protect the president. When it comes to common needs, however, the directorate is able to combine appropriate tools.

In one case, the Nuclear Assessment Program for the Information Analysis and Infrastructure Protection Directorate also created a capability for customs and Border Patrol officers to handle radiation alarms on the borders, Albright said.

"The staff of each portfolio is charged with being an expert in their particular area, with understanding the activities and capabilities extant in federal agencies and across-the-board research and development community, and with developing a strategic plan for their particular portfolio," Albright said.

Officials will continue to integrate R&D needs throughout fiscal 2004, and the department must submit a report on those efforts to Congress in December. Fiscal 2005 will provide the real test  the first consolidated R&D budget for DHS, he said.

Coordinating research plans with other agencies and departments is also important, Thornberry said.

The National Institute of Standards and Technology is an obvious partner, and the directorate has already formed a close working relationship with that agency, Albright said.

Other agencies' efforts  such as research at the Federal Aviation Administration  is currently coordinated through an ad hoc approach, but the White House's Office of Science and Technology Policy has been active in participating in governmentwide homeland security issues, he said.

One of the NIST projects is to establish technical standards for many areas, including radiation detection and interoperable communications. The directorate "must view each technology through the prism of affordability, performance and supportability  all critical to end users," Albright said.

Rep. Robert Andrews (D-N.J.), a subcommittee member, said he is concerned state and local governments will not follow those standards. He suggested that complying with the standards be a requirement for first responder grants.

***

Up and running

Congress approved a record amount of money for homeland security research efforts in the fiscal 2004 budget. The money will be spent on developing new technologies in the fight against terrorism, including biological and chemical countermeasures and new ways to detect biological, chemical and radiation threats.

Total budget for the Homeland Security Department's Science and Technology Directorate in fiscal 2004: $918.2 million.

Percentage of money earmarked for the Homeland Security Advanced Research Projects Agency's research and development projects: 40-50 percent.

Source: Homeland Security Department
*******************************
Washington Post
An Introduction to E-Voting




Monday, November 10, 2003; 12:00 AM


My usual chat takes place at 2 p.m. today. You know the drill: stop by on your lunch break with your personal-tech queries or drop off a question early if you'll be busy, and I'll try to answer as many as I can in the next hour or so.

I had my introduction to electronic voting last week, and I can report that the fears of e-voting skeptics came true: I have no idea if the machine worked or not. Then again, I have no idea if my vote last year was recorded properly either.

The "WinVote" touch-screen device looked and worked much like those kiosks used to look up wedding registries in yuppie housewares stores--one of which, last I stopped by a Crate & Barrel, was frozen at a startup screen with a message like "PRESS F1 TO ENTER DIAGNOSTIC MODE." Fortunately, this WinVote terminal, provided by Frisco, Tex.-based Advanced Voting Solutions, was running properly on Tuesday and allowed me to proceed to my democratic duty.

After I'd signed in, a poll attendant walked over to the machine with me, popped a smart card into a slot to activate it, and left me alone. (More or less--the shields around these kiosks offered less privacy than the curtain provided with last year's voting hardware.) The screen displayed a simple list of names; to vote for a candidate, touch her or his name.

But in highlighting the selected candidate's name in red, with a big X next to his or her name--instead of a checkmark or another symbol connoting approval--it made it look like I'd just voted *against* this person.

After registering my vote in each race, I reviewed my completed ballot before pressing a big "VOTE" button on the screen. And that was it.

Fairfax County's WinVote system didn't work so smoothly. Ten machines broke down and had to be repaired at the county's offices, and a few others apparently lost count of maybe one vote in a hundred.

I've said this before, will this say this now and will probably have more chances to say this: Given our experience with computers making random mistakes, people will--understandably--have problems trusting them as the sole count of our votes. I can think of two ways to address this issue.

One is to have each voting machine print a record of each vote cast for the voter to inspect before leaving the voting machine, and which can serve as a backup count later on. (See www.verifiedvoting.org for details.)

The other is to require that the source code of voting machines' software be published, so that anybody can inspect it for mistakes.

....

Speaking of mistakes, Apple's Panther operating system apparently has a couple of its own. I had read user reports about one of them before filing my review--and at the time, thought it wasn't as significant as the glitches I did cover--but missed the other until after my review had ran.

The first involves some external hard drives that support the faster FireWire 800 connection Apple introduced early this year: Under some mysterious circumstances, Panther can scramble their data structures, making their data disappear from view. Disk-recovery utilities often can't recover this information.

That's not so good. But in my own tests, I'd had no problems with the single most popular FireWire drive in use--the iPod. And when I was deciding what to include in the Panther review, I focused on the "FireWire 800" part of this issue (meaning, "affects only hardware purchased by a tiny segment of professional types, not the home users I write for") instead of the "makes data disappear" part (meaning, "oh [bleep]!").

By the day after the review ran, however, I'd read enough accounts of this problem--including some indications that it, or a related bug, could zap FireWire 400 hard drives--to make me think I should have mentioned it.

The second Panther problem relates to the File Vault data-encryption option. Allowing it to reclaim unused disk space when you log out, some Panther users have reported, results in their settings being reset. Since my review ran, others have said File Vault began corrupting actual files as well:

I've tried to reproduce this bug on the test PowerBook by repeatedly allowing File Vault to recover unused disk space after logouts. But nothing's happened. The computer has continued to function perfectly normally.

I'm concerned that this could be a sign that my ability to bring out the worst in any review product is fading. I take great pride in being able to wreck any vendor's demo and find bugs that no one else has seen before. If I'm losing this power, my job may get a lot more difficult.

For now, I would steer clear of File Vault. (If you only need to protect a few documents, File Vault is overkill anyway. Just use any of the other encryption programs available for the Mac--see, for instance, http://macgpg.sourceforge.net.)

Finally, for your own amusement, I bring you this week's easiest-to-ignore PR headline:

Ever Wonder What a $40,000 Loudspeaker Sounds Like?

-- Rob Pegoraro (rob@xxxxxxx)
*******************************
Washington Post
Editorial
Touch-and-Go Elections

Sunday, November 9, 2003; Page B06


ARE TOUCH-SCREEN voting machines fast and flawless, or glitch-prone and vulnerable to tampering? No one can say for sure, which is reason enough for Maryland and Virginia localities to conduct more extensive testing before totally embracing the new systems they have inaugurated with mixed results. On Tuesday it took Fairfax County more than 21 hours to get final election results from its new computerized machines; when all was cast and done, enough doubts existed to prompt legal action by some Republicans who lost.

Any possible malfunctions seem unlikely to call results into doubt. But questions about reliability remain, and the absence of a paper trail makes checking difficult. Attorneys for the GOP went before a Circuit Court judge Wednesday, asking him to keep 10 voting machines under lock and key. The machines, from nine precincts across the county, broke down about midday and were brought to the county government center for repairs and then returned to the polls. The judge said the activity logs of these machines will be inspected, with members of both parties on hand. The challengers noted that whether a contest is affected or not shouldn't be the chief question; ballot integrity is at issue. A number of Fairfax voters complained that it took them several tries to register their votes. A few precincts were forced to return to paper ballots.

In Maryland, where four counties used touch-screen machines in last year's gubernatorial election, the system rightly remains under review. Though a handful of cities and towns used the new machines Tuesday with no major glitches reported, the state still ought to verify the suitability of its voting mechanism. A report by the Information Security Institute at Johns Hopkins University cited numerous vulnerabilities in the touch-screen technology, problems denied by the manufacturer.

Gov. Robert L. Ehrlich Jr. (R) ordered a review by San Diego-based Science Applications International Corp., which reported last month that the system, "as implemented in policy, procedure and technology, is at high risk of compromise." Some lawmakers have raised questions about SAIC's relationships with other voting technology companies and want legislative analysts to examine the examiners. A spokesman for Mr. Ehrlich says the governor is satisfied with the report but welcomes any additional efforts to "validate the maximum integrity of Maryland's voting system." Nevertheless, the governor and state elections officials have said they will proceed with the purchase of machines made by Diebold Election Systems, and that they believe the troubles can be taken care of before the machines go into use for the state's presidential primary in March.

Why leap? In Maryland and Virginia, independent reviews ought to proceed. In the meantime, before any more elections, touch-screen systems at least should be outfitted with printers that can produce accurate paper records of votes cast. The technology exists and ought to be pursued.
*******************************
USA Today
Students aren't using info technology responsibly
By Mary Beth Marklein, USA TODAY
November 9, 2003

Colleges and universities that invest a lot of money in technology may want to focus more on teaching students to use it responsibly, a survey suggests.

More than eight of 10 undergraduates (83%) regularly use information technology in their academic work, but an even larger share (87%) say their peers at least "sometimes" copy and paste information from the Web without citing the source, according to the 2003 report from the National Survey of Student Engagement (NSSE).

The 4-year-old initiative is aimed at assessing how well students are learning and how effectively colleges contribute to undergraduate learning.

"Technology could well be a double-edged sword," says George Kuh, Indiana University professor and NSSE director. "Unlimited access to information may help students produce more in less time, as indicated by their relatively high grades. But whether students are learning with authentic understanding remains to be seen."

A key purpose of the survey is to help individual campuses improve their practices. Participating colleges receive confidential findings comparing their school with overall results. But the findings also provide a national snapshot of what goes on inside classrooms, including, for example, the level of academic challenge and student-faculty interaction.

"Without persuasive evidence of the patterns of student engagement, administrators and faculty remain blind to important aspects of the undergraduate experience," says Lee Shulman, president of the Carnegie Foundation for the Advancement of Teaching, which sponsors the study.

This year's survey was based on information from 185,000 freshmen and seniors at 649 four-year colleges and universities. Other findings:

? 77% of students who study 10 or fewer hours a week report grades of B or better; 33% report earning A's, and 44% report earning B's.

? 87% of all students rated their college experience as "good" or "excellent."

? 41% of all students earn mostly A grades; 3% report C or lower average grades.

? More than a third of seniors say they only "occasionally" get prompt feedback from faculty members.

? Intercollegiate athletes are generally as engaged in learning activities as other students.

? Male students are generally less engaged than female students, especially in the areas of academic challenge and enriching experiences.

? Fewer than half of seniors say they frequently have serious conversations with students from different racial or ethnic backgrounds.

? Students in professional areas such as architecture and health sciences report higher levels of engagement than students in other fields.
*******************************
USA Today
Legal battle may block multimedia on Web
By A.S. Berman, Gannett News Service
November 10, 2003

Taking a break at the office, you log on to Quicktime.com to watch a movie trailer for the latest Hollywood blockbuster. No sooner have you clicked Play, however, than the error noise sounds and up pops a dialog box telling you to "Press OK to continue loading the content of this page."
This is what Web users everywhere have to look forward to unless they upgrade to the latest Microsoft Internet Explorer, and if the sites they visit fail to make some fairly significant changes of their own.

The problem stems from a 4-year-old patent dispute between Microsoft and Eolas Technologies, a small company spun off from the University of California.

In August, a Chicago jury ordered Microsoft to pay Eolas $521 million for technology contained in its Internet Explorer Web browser that automatically launches applications for playing video, music and other multimedia content  technology, the court ruled, that infringes on patents held by the small company.

So serious is the concern over this issue, the World Wide Web Consortium  the body that sets the global standards by which Web pages are created  on Oct. 28 urged the U.S. Patent and Trademark Office to reinvestigate the original patent dispute.

"The practical impact ... will be to substantially impair the usability of the Web for hundreds of millions of individuals in the United States and around the world," wrote consortium director and World Wide Web creator Tim Berners-Lee in a letter to James Rogan, head of the PTO.

New browser in the works

Although Microsoft has vowed to appeal the ruling, it is nonetheless rushing out a new version of its ubiquitous Web browser that no longer infringes on the Eolas patent. The software should be available in the first quarter of 2004.

It also has endorsed two different techniques for bringing Web pages into compliance with the court's decision:

? Inserting new lines of HTML code into each affected Web page.

? Building _javascript_ routines into affected Web pages that automatically call up programs to play multimedia content.

"We've been reaching out to those sites and those tech companies in the industry that do need to make some changes to make sure the impact on consumers is minimal," says Microsoft spokesman Jim Desler.

Even if Microsoft's changes meet the requirements of the legal judgment, developers say the first fix  not found in the HTML standards that developers try to follow  could affect all Web pages that use some form of multimedia software.

Circumventing current Web-design standards also could garble pages when they're viewed on personal digital assistants, cell phones and other devices, says Web developer Mike Rundle, 20, a junior at the Rochester Institute of Technology in Rochester, N.Y.

"It's just going to disrupt the (Web) user's life when trying to perform tasks on a Web site," Rundle says. He adds that fixes being suggested by Microsoft could potentially increase the download times for every Web page containing multimedia content.

_javascript_ fix possible

Microsoft's _javascript_ fix, on the other hand, might be somewhat better, developers say, but requires users who have their _javascript_ turned off in their browsers to click an extra dialog box before loading multimedia content. Many companies and government agencies disable _javascript_ on their employees' PCs to guard against viruses that use the scripting language to spread. An estimated 11% of Web users have _javascript_ disabled or use browsers that don't support it, according to The Counter.com, a Web site providing Internet-use statistics.

San Francisco-based Macromedia, creator of Flash animation technology, is designing automated tools that seek out the problematic code in Web pages and replace it with the _javascript_ workaround, says Mike Sundermeyer, the company's senior vice president of product design.
*******************************
New York Times
November 10, 2003
Wal-Mart Plan Could Cost Suppliers Millions
By BARNABY J. FEDER

Some consumer products companies will have to invest millions of dollars to comply with Wal-Mart's drive to have every carton and palette it receives carry a radio identification tag, according to a report to be released today by A. T. Kearney, a consulting firm.

"It's a big item that most of them have not budgeted for," said David Dannon, vice president for the consumer industries and retail products practice at Kearney, a Chicago-based subsidiary of Electronic Data Services.

The technology, known as radio-frequency identification, or RFID, has been used to track containers on trains and ships and in automatic toll systems like E-ZPass. In its new form, it is seen as the long-term successor to bar codes in the retail industry. Radio tags can carry more information about the product, can be scanned more rapidly and can be found even if they are hidden in cartons or behind other products.

Wal-Mart said in June that it expected its top 100 suppliers to adopt the technology by the end of 2004 and the rest of its suppliers to do so in 2005. In late September, the Department of Defense said it would also require major suppliers to use such tags by the end of 2004.

Wal-Mart remains strongly committed to the technology, but last week sounded a more pragmatic note at a meeting it organized to discuss its expectations with suppliers and RFID technology vendors, several people who attended said. Wal-Mart said that it would confine the initial rollout of the technology to three distribution centers and 150 stores in Texas and that it was still considering whether to concentrate first on only a few product categories.

"Wal-Mart recognizes that this is not going to go as fast as they wanted," Mr. Dannon said. Wal-Mart, which is based in Bentonville, Ark., declined to comment.

The Kearney report concluded that the technology would save Wal-Mart and other retailers billions of dollars. More precise tracking of supplies could cut the amount of inventory the stores need by 5 percent, and the labor costs of managing inventory in warehouses would fall by 7.5 percent for efficient retailers and even more for those that are not well organized, the report said. Radio tagging should also raise sales by helping stores avoid running out of items.

While the costs to introduce the technology will vary widely, Kearney estimated that major retailers would have to invest $400,000 at each distribution center and $100,000 at each store to read and manage the data. A major chain might have to spend $35 million to $40 million to integrate the information into its reporting systems, which will be needed to gain much of the potential savings.

Costs for the plants and warehouses of big suppliers would be comparable to those for the retailers' distribution centers with one major exception - under Wal-Mart's plan, the manufacturers are to pay the entire cost of buying and applying the tags. A grocery manufacturer with $5 billion in sales could use more than 220 million tags annually, which would cost $33 million at current prices of around 15 cents a tag. If tag prices tumble to 5 cents each as volume grows, the outlay would still be $11 million.

Despite the costs, the better inventory and theft control the tags permit could make the investment profitable for suppliers of relatively high-value items like over-the-counter drugs. But it will be hard for manufacturers of groceries to gain as much return on their investment, particularly if they are already operating efficiently, Mr. Dannon said.

Kearney's cost and benefit projections appear conservative to several other experts. Edward Carey, managing director for the consumer business practice at Deloitte, said the labor savings in warehouses would grow to as much as 20 percent.

To get enough data to cut costs substantially, manufacturers need tags that can be rewritten as they move through the supply chain, Mr. Carey said. Today's tags are typically read-only devices. Current RFID systems also have trouble reading tags through liquids and metals.

"Some of our clients are saying we are going to drag this out as long as we can," Mr. Carey said. Still, getting on the wrong side of Wal-Mart is not widely viewed as an option.
*******************************
New York Times
November 9, 2003
Machine Politics in the Digital Age
By MELANIE WARNER

IN mid-August, Walden W. O'Dell, the chief executive of Diebold Inc., sat down at his computer to compose a letter inviting 100 wealthy and politically inclined friends to a Republican Party fund-raiser, to be held at his home in a suburb of Columbus, Ohio. "I am committed to helping Ohio deliver its electoral votes to the president next year," wrote Mr. O'Dell, whose company is based in Canton, Ohio.

That is hardly unusual for Mr. O'Dell. A longtime Republican, he is a member of President Bush's "Rangers and Pioneers,'' an elite group of loyalists who have raised at least $100,000 each for the 2004 race.

But it is not the only way that Mr. O'Dell is involved in the election process. Through Diebold Election Systems, a subsidiary in McKinney, Tex., his company is among the country's biggest suppliers of paperless, touch-screen voting machines.

Judging from Federal Election Commission data, at least eight million people will cast their ballots using Diebold machines next November. That is 8 percent of the number of people who voted in 2000, and includes all voters in the states of Georgia and Maryland and those in various counties of California, Virginia, Texas, Indiana, Arizona and Kansas.

Some people find Mr. O'Dell's pairing of interests - as voting-machine magnate and devoted Republican fund-raiser - troubling. To skeptics, including more than a few Democrats, it raises at least the appearance of an ethical problem. Some of the chatter on the Internet goes so far as to suggest that he could use his own machines to sway the election.

Senator Jon Corzine, Democrat of New Jersey, does not buy such conspiracy theories, but he said he was appalled at the situation.

"It's outrageous," he said. "Not only does Mr. O'Dell want the contract to provide every voting machine in the nation for the next election - he wants to 'deliver' the election to Mr. Bush. There are enough conflicts in this story to fill an ethics manual."

Mr. O'Dell declined to be interviewed for this article, but a company official said that his political affiliations had nothing to do with Diebold's operations, and that the company derived the bulk of its revenue from A.T.M.'s, not voting machines. "This is not Diebold; this is Wally O'Dell personally," said Thomas W. Swidarski, senior vice president for strategic development and global marketing at Diebold, who works closely with Mr. O'Dell. "The issue has been misconstrued."

BUT the controversy surrounding Diebold goes beyond its chief executive's political activities. In July, professors at Johns Hopkins University and Rice University analyzed the software code for the company's touch-screen voting machines and concluded that there was "no evidence of rigorous software engineering discipline" and that "cryptography, when used at all, is used incorrectly."

Making matters worse, the software code for the machines was discovered in January by a Seattle-area writer on a publicly accessible Internet site. That the code was unprotected constitutes a significant security lapse by Diebold, said Aviel D. Rubin, an associate professor of computer science at Johns Hopkins, co-author of the study of the code.

Mr. Swidarski said the code on the Internet site was outdated and was not now in use in machines.

About 15,000 internal Diebold e-mail messages also found their way to the Internet. Some referred to software patches installed on Diebold machines days before elections. Others indicated that the Microsoft Access database used in Diebold's tabulation servers was not protected by passwords. Diebold, which says passwords are now installed on machines, is threatening legal action against anyone who posts the files or links to them, contending that the e-mail is copyrighted.

A recent report for the state of Maryland by SAIC, an engineering and research firm, has added to concerns about the security of Diebold's systems. It recommended 17 steps that Maryland election officials could take to ensure better security when using Diebold's machines.

The company seized upon this as evidence that its systems, if used properly, were secure. But the report's overall assessment was not particularly upbeat. "The system, as implemented in policy, procedure and technology, is at high risk of compromise," SAIC wrote.

It has been a bumpy couple of months for Mr. O'Dell, 58, who is known as Wally and spent 33 years at Emerson Electric before joining what is now Diebold Election Systems. Associates say he was stunned by the reaction to his August letter and now regrets writing it.

"Wally's going to take a lower profile on this stuff," Mr. Swidarski said. But Mr. Swidarski did not indicate that Mr. O'Dell would put a halt to all of his political activities. Those have included attendance at a Bush fund-raiser in Cincinnati on Sept. 30 and a flight to Crawford, Tex., in August for a Pioneers and Rangers meeting attended by the president.

Other Diebold executives have contributed to President Bush's re-election campaign. According to data reported to the Federal Election Commission, 11 executives have added a total of $22,000 to the president's campaign coffers this year. No money from Diebold or its executives has gone to Democratic presidential candidates this year.

The controversy over security has started to affect Diebold's business. Last week, the office of the California secretary of state halted certification of Diebold's latest touch-screen voting machines, which individual counties are considering using. In Wisconsin, security concerns have soured election officials' perceptions of computerized voting. "We were already not strongly in favor of it, but the whole problem has changed when you're getting e-mails every week saying, 'You're not going to do this, right?' " said Kevin J. Kennedy, director of Wisconsin's election board.

Matt Summerville, an analyst at McDonald Investments in Cleveland, said the California decision could cause Diebold to book less revenue in its voting division this year than it had hoped. "It has certainly made their business a little more challenging," said Mr. Summerville, who expects the voting division to contribute $113 million this year to Diebold's total revenue of $2.1 billion.

So far, investors have not seemed concerned. Diebold's stock is up almost 36 percent for the year.

Until recently, Diebold's voting business looked extremely promising. Florida's electoral fiasco in 2000 confirmed what many state and county election officials had known for years: that punch-card systems were outdated. Encouraged by a new federal law that set aside $3.9 billion for voting improvements, many states and counties are moving rapidly to computer-based systems.

Analysts say the biggest beneficiaries of the federal dollars are likely to be Diebold, Election Systems & Software in Omaha and Sequoia Voting Systems, based in Oakland, Calif. So far, Washington has provided $650 million to states to buy new voting machines and improve the election process, though most of that has yet to be spent. An additional $830 million is waiting to be disbursed as soon as a new national oversight committee for elections is established.

NOT everyone is convinced that spending hundreds of millions of dollars to computerize the nation's voting is a good thing. The Johns Hopkins and SAIC reports are part of a growing chorus of criticism about the reliability and safety of paperless voting systems.

"There's a feeling in the computer scientist community of utter dismay about the state of voting-machine technology," said Douglas W. Jones, an associate professor of computer science at the University of Iowa and a member of Iowa's board of examiners for voting machines.

David L. Dill, a computer science professor at Stanford, said: "If I was a programmer at one of these companies and I wanted to steal an election, it would be very easy. I could put something in the software that would be impossible for people to detect, and it would change the votes from one party to another. And you could do it so it's not going to show up statistically as an anomaly.''

Diebold says there are enough checks and balances in the system to catch this. "Programmers do not set up the elections; election officials do," Mr. Swidarski said. "All a programmer knows are numbers, which are not assigned to real people and parties until set-up time."

But Professor Dill says the inherent complexity of software code makes it nearly impossible to ensure that computerized elections are fair. He advocates that machines be required to print out a paper ballot, which voters can use to verify their selections and which will serve as an audit trail in the event of irregularities or recounts.

Touch-screen machines from Diebold, called AccuVotes, do not have such a "voter verified" paper trail. ES&S and Sequoia are working on prototypes for machines with printers. Diebold's machines are like A.T.M.'s, in that voters touch their selection and hit "enter" to record their votes onto memory cards inside each terminal. After voting has ended, the memory cards are inserted into a Diebold server at each precinct. The results are tabulated and sent by modem, or the data disks are sent to a central office.

Rebecca Mercuri, a computer scientist and president of the consulting firm Notable Software, who has been studying election systems for 14 years, says the trouble with this system is that it is secretive. It prohibits anyone from knowing whether the data coming out of the terminals represents what voters actually selected. If someone were to challenge election results, the data in memory cards and the software running the voting terminals could be examined only by Diebold representatives.

MS. MERCURI ran up against this last year, when she served as a consultant in a contested city council election in Boca Raton, Fla. Her request to look at the software inside the city's machines, made by Sequoia, to see if there were any bugs or malfunctions, was denied by a judge on the grounds that the technology was protected by trade-secret clauses. Sequoia, ES&S and Diebold routinely include such clauses in their contracts.

"These companies are basically saying 'trust us,' " Ms. Mercuri said. "Why should anybody trust them? That's not the way democracy is supposed to work."

Representative Rush D. Holt, Democrat of New Jersey, is leading an effort to make computerized voting more transparent. His bill, introduced this year, would require that computerized voting systems produce a voter-verified paper ballot and that the software code be publicly available.

The bill, in the House Administration Committee, has 60 co-sponsors, all Democrats.

"Someone said to me the other day, 'We've had these electronic voting machines for several years now and we've never had a problem.' And I said, 'How do you know?' and he couldn't answer that," Representative Holt said. "The job of verification shouldn't belong to the company; it should belong to the voter."

Diebold said it would be willing to attach ballot printers to touch-screen machines if customers wanted them. But Mr. Swidarski said elections boards were not clamoring for it. "We're agnostic to it," he said.

Mr. Swidarski disputed the assertion that Diebold's systems are vulnerable to tampering. Before each election, he said, the software goes through rigorous testing and certification by one of three companies contracted through the National Association of State Election Directors. Those companies "go through every line of code," he said. "It's an extensive process that takes several months, and then the machines go for testing at the state level."

Critics say that the certification process is not as thorough as the companies would have people believe, and that the resulting reports, like the technology, are not available for public inspection. This opacity is what worries detractors most.

"We know from Enron and WorldCom that when accounting is weak, crooks have been known to take over," Professor Jones said. "If vulnerabilities exist in any voting system for a long enough time, someone's going to exploit it."
*******************************