Slashdot Mirror

BJ_Covert_Action writes "The House of Representatives Committee on Appropriations has released a list of proposed spending cuts for the US Federal Government. The proposed cuts include reductions in spending on many science organizations and funds such as NASA, NOAA, nuclear energy research, fossil fuel energy research, clean coal research, the CDC, the NIH, and numerous EPA programs. There are also quite a few cuts proposed on domestic services, such as Americorps and high speed rail research. The House Appropriations Chairman, Hal Rogers, acknowledges that the cuts go deep, and would hurt every district across the country. But they are still deemed necessary to rein in Congressional spending. Notoriously absent from the proposed budget cuts are two of the largest spending sinks in the federal budget: the Department of Defense and Social Security."

AndyAndyAndyAndy writes "After it was exposed that American firm Narus had sold Egypt the Deep Packet Inspection equipment used to spy on and censor its citizens, the US House Committee on Foreign Relations held a hearing where Reps. Chris Smith and Bill Keating 'grilled Deputy Secretary of State James Steinberg on the sale of this Internet spying technology to an Egyptian Internet provider controlled by the Mubarak regime.' It seems there is now a push for stronger controls and monitoring for technology exports 'that would provide a national strategy to prevent the use of American technology from being used by human rights abusers.'" Several readers have noted that Hosni Mubarak has now stepped down as president of Egypt. Control of the country's affairs has been passed to the high council of its armed forces, which has some journalists and bloggers worried.

Hugh Pickens writes "Computerworld reports that in testimony before Congress the US Department of Justice renewed its call for legislation mandating Internet Service Providers (ISP) retain customer usage data for up to two years because law enforcement authorities are coming up empty-handed in their efforts to go after online predators and other criminals because of the unavailability of data relating to their online activities. 'There is no doubt among public safety officials that the gaps between providers' retention policies and law enforcement agencies' needs, can be extremely harmful to the agencies' investigations,' says Jason Weinstein, deputy assistant attorney general at the Justice Department, adding that data retention is crucial to fighting Internet crimes (PDF), especially online child pornography. Weinstein admits that a data retention policy raises valid privacy concerns however, saying such concerns need to be addressed and balanced against the need for law enforcement to have access to the data. 'Denying law enforcement that evidence prevents law enforcement from identifying those who victimize others online,' concludes Weinstein." Think about how much evidence is denied to law enforcement by envelopes, opaque concrete, and criminals' failure to shout.

Pickens writes "Gigi Sohn writes in the Huffington Post that one of the results of the mid-term elections was the defeat of Representative Rick Boucher, the current Chair of the House Subcommittee on Communications, Technology and the Internet, widely recognized as one of the most tech-savvy and intelligent members of Congress, and long an advocate for consumers on a wide variety of communications and intellectual property issues. Boucher has been the best friend of fair use on Capitol Hill writes Sohn. In 2002, 2003 and 2007, Boucher introduced legislation to allow consumers to break digital locks for lawful purposes, a fair use exception to the anti-circumvention provisions of the Digital Millennium Copyright Act, and while the odds against that legislation passing were always great, Boucher understood the symbolic importance of standing up for consumers' rights to use technology lawfully. 'As important, he served as a moderating force both on the House Energy & Commerce and Judiciary Committees against those many members of Congress willing to give large media companies virtually everything on their copyright wish lists.'"

pgmrdlm writes "In an effort to make web devices accessible to the disabled, the 21st Century Communications and Video Accessibility Act (H.R. 3101), submitted by Rep. Edward J. Markey (D-MA) passed the House of Representatives by a vote of 348 to 23. The related Senate bill has been introduced by Senator Mark Pryor (D-AR). Quoting Representative Markey's website: 'We've moved from Braille to Broadcast, from Broadband to the Blackberry. We've moved from spelling letters in someone's palm to the Palm Pilot. And we must make all of these devices accessible.' The Washington Post coverage notes, 'Some broadcasters put videos on the Internet with captions, but not all. That can make inaccessible everything from the political videos that are now common on the Web to pop culture clips that turn viral.' As someone who has 20/200 vision with my glasses on, I completely agree that the web has not been kind to individuals with various disabilities. But due to the size of the web, and the large number of different devices that access it, is it even possible to legislate something of this nature? Or should we rely on education and peer pressure on the various manufacturers?"

itwbennett writes "In a 13-page reply (PDF) to questions from Congressmen Ed Markey of Massachusetts and Joe Barton of Texas, Apple said iPhones running OS 3.2 or iOS 4 collect GPS data and encrypt it before sending it back to Apple every 12 hours via Wi-Fi. Attached to the GPS data is a random identification number generated by the phone every 24 hours. The information is not associated with a particular customer and Apple uses the data to analyze traffic patterns and density, it said. Apple collects such data from customers who have approved the use of location-based capabilities on the phone and who actually use an application that requires GPS."

Hugh Pickens writes "In hearings before Congress, the Government Accountability Office (GAO) said that airlines reported revenue of $7.9 billion from baggage fees and reservation change and cancellation fees in calendar years 2008 and 2009 — fees on unbundled services that once were considered part of the ticket price. 'We believe that the proliferation of these fees and the manner in which they are presented to the traveling public can be confusing and in some cases misleading,' says Robert Rivkin, the Department of Transportation's general counsel. Published fares used by consumers to choose flights don't 'clearly represent the cost of travel when these services are added.' However, Spirit Airlines President and CEO Ben Baldanza defended the practice of unbundling, saying it allows his airline to charge lower fares (PDF) and allows the customers the choice to purchase the services or not."

theodp writes "While conceding 'it is clear there should have been greater transparency about the collection of this [Wi-Fi] data,' Google asserted 'we have provided public descriptions of our location-based services' in its written response to Congress (PDF) about whether the public had been adequately informed of its data collection efforts. To prove its point, Google's how-many-times-do-we-have-to-tell-you answer included a link to a blog entry on My Location on the desktop, an odd choice considering that Google is still less-than-clear about exactly what's being captured by the service ('When My Location is active, Toolbar will automatically send local network information (including, but not limited to, visible WiFi access points)'). Congress might also want to evaluate the transparency of this cute Google video, which assured the public of Street View's privacy safeguards, but gave no hint of the controversial Wi-Fi collection."

theodp writes "Hillicon Valley reports that Rep. Darrell Issa of the House Oversight Committee is pressing White House Deputy CTO Andrew McLaughlin to explain his relationship with Google, where McLaughlin was employed as Google's chief lobbyist. 'The American people have a right to expect that White House employees are working to advance the public interest and not the interests of the lobby shops who formerly employed them,' Issa noted in the letter. 'The use of a Gmail account to communicate with lobbyists and evade transparency laws is at odds with President Obama's promises to limit the influence of lobbyists.' Concerns emerged after screenshots of McLaughlin's Google Buzz account emerged showing that a number of the search giant's top employees subscribed to the deputy Web chief's updates."

theodp writes "When it comes to Amazon CEO Jeff Bezos' 1-Click patent, the USPTO is an agency that just can't say no. Or yes. It's now been 4+ years since actor Peter Calveley submitted prior art that triggered a USPTO reexamination of the 1-Click patent. Still no 'final answer' from the USPTO, although an Examiner recently issued yet another Final Rejection of 1-Click related claims (pdf), admonishing Amazon for making him 'sift through hundreds of submitted references to identify what applicant allegedly has already submitted,' which he complained is 'adding an undue burden' to his workload. Looks like Bezos' 2000 pledge of 'less work for the overworked Patent and Trademark Office' isn't working out so well in practice. Not too surprising — after all, Amazon did inform Congress that it 'has modified its specific [patent] reform proposals from the year 2000.'"

eldavojohn writes "Congressman Peter King (R-NY) is calling for a probe into Wikileaks with regard to the recent publication of half a million 9/11 pager messages. He has announced that he plans to have his Washington staff begin a preliminary investigation because Wikileaks' action 'raises security issues.' A word of caution: Congressman King has been known to make inflammatory and unpopular statements."

tburton writes "The US House of Representatives yesterday released the Conflict Minerals Trade Act (HR 4128) to try and end the international trade of tungsten, tantalum and col-tan, the mining of which is accused of fueling violent rape and murder in eastern Congo. Since the very same minerals power the most popular consumer electronics from HP, Verizon, Nokia, RIM and Intel, the Information Technology Industry Council has quickly signed a statement of support. Advocacy groups are hopeful these commitments prove to be meaningful as consumers begin to question the end result of the supply chains powering their favorite gadget."

FutureDomain writes "A bill which just passed the House Financial Services Committee would require Internet Service Providers to block access to sites hosting financial scams that pose as members of the government-backed Securities Investor Protection Corporation (SIPC). The bill, called the Investor Protection Act and sponsored by Paul Kanjorski (D-PA), is broad enough to block not only websites, but email and any other 'electronic material.' 'Internet providers are also worried that Kanjorski's requirement — and the accompanying civil penalties and injunctions — would apply even if the blocking is not technically feasible.'"

suraj.sun writes "Ed Markey has introduced his plan to legislate network neutrality into a third consecutive Congress, and he has a message for ISPs: upgrade your infrastructure and don't even think about blocking or degrading traffic. The war over network neutrality has been fought in the last two Congresses, and last week's introduction of the 'Internet Freedom Preservation Act of 2009' [PDF] means that legislators will duke it out a third time. Should the bill pass, Internet service providers will not be able to 'block, interfere with, discriminate against, impair, or degrade' access to any lawful content from any lawful application or device. Rulemaking and enforcement of network neutrality would be given to the Federal Communications Commission, which would also be given the unenviable job of hashing out what constitutes 'reasonable network management' — something explicitly allowed by the bill. Neutrality would also not apply to the access and transfer of unlawful information, including 'theft of content,' so a mythical deep packet inspection device that could block illegal P2P transfers with 100 percent accuracy would still be allowed. If enacted, the bill would allow any US Internet user to file a neutrality complaint with the FCC and receive a ruling within 90 days."

gollum123 sends in this piece from a political blog in the NY Times. Here is the text of the bill in question (PDF). "House Democrats on Friday answered President Obama's call for a sweeping overhaul of the health care system by putting forward [an] 852-page draft bill that would require all Americans to obtain health insurance, force employers to provide benefits or help pay for them, and create a new public insurance program to compete with private insurers — a move that Republicans will bitterly oppose. ... But the chairmen said they still did not know how much the plan would cost, even as they pledged to pay for it by cutting Medicare spending and imposing new, unspecified taxes. The three chairmen described their bill as a starting point in a weeks-long legislative endeavor that they said would dominate Congress for the summer and ultimately involve the full panorama of stakeholders in the health care industry, which accounts for about one-sixth of the nation's economy. ... House Republicans, who have had no involvement in the development of the health legislation so far, quickly denounced the Democrats' proposal as a thinly disguised plan for an eventual government takeover of the health care system. ... The House Democrats' plan is one of three distinct efforts underway on Capitol Hill to draft the health overhaul legislation. In the Senate, both the Finance Committee and the health committee have separate bills in the works, and in recent days those efforts seem to have stumbled."

xclr8r writes "Eric Massa, a congressman representing a district in western New York, has a bill ready that would start treating Internet providers like a utility and stop the use of caps. Nearby locales have been used as test beds for the new caps, so this may have made the constituents raise the issue with their representative."

Hugh Pickens writes "Representative Barney Frank of Massachusetts has introduced legislation that would roll back a ban on Internet gambling enacted when Republicans led Congress. The legislation would allow the Treasury Department to license and regulate online gambling companies that serve American customers. Frank's bill has roughly two dozen co-sponsors and the backing of the The Poker Players Alliance, with over a million members. But opponents are mobilizing to defeat the bill including social conservatives and professional and amateur sports organizations, which say more gambling opportunities could threaten the integrity of their competition. 'Illegal offshore Internet gambling sites are a criminal enterprise, and allowing them to operate unfettered in the United States would present a clear danger to our youth, who are subject to becoming addicted to gambling at an early age,' says Representative Spencer Bachus, Republican of Alabama and the ranking member on the House Financial Services Committee. Another powerful roadblock could be the Senate majority leader, Harry Reid, Democrat of Nevada. 'Gaming is an important industry to the state, and anything that affects it will be reviewed carefully,' says Reid's spokesman."

Mike writes "Law prof Eugene Volokh blogs about a US House of Representatives bill proposed by Rep. Linda T. Sanchez and 14 others that could make it a federal felony to use your blog, social media like MySpace and Facebook, or any other Web media 'to cause substantial emotional distress through "severe, repeated, and hostile" speech.' Rep. Sanchez and colleagues want to make it easier to prosecute any objectionable speech through a breathtakingly broad bill that would criminalize a wide range of speech protected by the First Amendment. The bill is called The Megan Meier Cyberbullying Prevention Act, and if passed into law (and if it survives constitutional challenge) it looks almost certain to be misused."

Ian Lamont writes "An advertising company that runs a 'targeting marketplace' and partner AT&T are playing down the telecommunications giant's use of its services after AT&T's chief privacy officer told a House subcommittee yesterday that the company does not engage in behavioral advertising. The AT&T executive testified (PDF) to the House of Representatives Subcommittee on Communications, Technology and the Internet that AT&T would not use behavioral advertising methods without informed customer consent. However, AudienceScience, a company that records 'billions of behavioral events daily' has apparently worked for AT&T since 2005. After the hearing, AudienceScience removed a client testimonial relating to AT&T from its website, so 'all the appropriate parties [have] consistent messaging,' its CEO said. An AT&T spokesman also said that the testimony was talking about AT&T's role as an ISP, not an advertiser."

theodp writes "Pressed on Amazon's 1-Click patent, then-USPTO Chief Q. Todd Dickinson got testy: "I make this challenge all the time. If you're aware of prior art out there that invalidates a patent that is existing, file a re-examination. We'll be happy to take a look at it." Really? It's been 3+ years since unemployed actor Peter Calveley submitted prior art that triggered a USPTO reexamination of the 1-Click patent. Still no 'final answer' from the USPTO. To put things in perspective, 1-Click inventor Jeff Bezos once proposed a three-year lifespan for patents (later retracted), let alone patent reexams. In the meantime, other patent examiners have repeatedly smacked down 1-Click — the latest (non-final) rejection was issued on Feb. 10th with Sandra Bullock's help."

pdabbadabba points out a CNN report on changes to the planned economic stimulus bill (the American Recovery and Reinvestment Act of 2009 [PDF]) that will remove the $2 billion allocated to broadband development. The changes also eliminated smaller amounts allocated to NASA, the National Institute for Standards and Technology, and the National Science Foundation. $16 billion in school construction funding was removed, as well as another $3.5 billion for higher education construction. A variety of environmental projects were also cut or reduced (half of the $7 billion set aside for energy-efficient federal buildings, half of the $600 million for hybrid federal vehicles), and over $8 billion in health-related provisions are gone. The bill will likely go to vote in the Senate on Tuesday.

In order to demonstrate the ridiculousness of some recent studies which grabbed media headlines by claiming "links" between video games and all sorts of negative behavior (such as violence and the lower-quality relationships), Ars Technica's Ben Kuchera did an experiment of his own: "I started calling people I knew, and I asked if they had one or more video games in the house. Then I asked if they breast-fed their children. To my great shock, most answered 'yes' to both. One couple I contacted switched to formula after their child's birth, and told me that they didn't play video games. The data, based on my first round of calls, was conclusive: if you play video games, you are much more likely to breast-feed your children. You're probably ready to shoot five thousand holes in my argument. ... I did my job though, and you clicked on the headline." He goes on point out flaws in media reports and legislation involving such claims.

internationalflights tips news that Barack Obama, in his first weekly address as President, has mentioned plans to set up a website for tracking "how and where we spend taxpayer dollars." Details about the website, Recovery.gov, are available within the American Recovery and Reinvestment Act of 2009 (PDF). The website "shall provide data on relevant economic, financial, grant, and contract information in user-friendly visual presentations to enhance public awareness of the use funds made available in this Act," and will also "provide a means for the public to give feedback on the performance of contracts awarded for purposes of carrying out this Act." The site itself currently contains a placeholder until the passage of the Act.

visible.frylock writes "Cnet is reporting that the American Recovery and Reinvestment Act of 2009 (PDF), currently in the House Appropriations Committee, contains Net Neutrality provisions: 'The so-called stimulus package hands out billions of dollars in grants for broadband and wireless development, primarily in what are called "unserved" and "underserved" areas. ... The catch is that the federal largesse comes with Net neutrality strings attached. ... recipients must operate broadband and high-speed wireless networks on an "open access basis." The FCC, soon to be under Democratic control, is charged with deciding what that means. Congress didn't see fit to include a definition.' The broadband grants appear to begin in SEC. 3101 (pg. 49) of the PDF."

Misch writes "Representative Rick Boucher (D-VA) will be taking the chair of the House Subcommittee on Telecommunications and the Internet. Rep. Boucher has been an advocate for consumers rights, is a co-founder of the Congressional Internet Caucus, and has participated in a Slashdot Interview. He was instrumental in defeating key escrow, back in the day."

Last week we solicited questions for US Representative Jim Langevin (D-RI), one of the chairs of the CSIS Cybersecurity Commission. Here are his answers — along with contact information for him if you want to continue the conversation. 1) Red Teams
by Bananatree3
The NSA has had great success with Red Teams and competitions between security experts in helping learn how to better secure sensitive data and to keep up to date with the latest attack techniques.

What are your plans to utilize this powerful technique? If applied elsewhere, Red Team competitions can help better secure other aspects of the internet and to stay up to date.

Rep. Langevin: I couldn't agree more. I've been an advocate of moving away from the paperwork exercises that have become more prevalent in Federal government IT security towards a more operational-focused testing environment like red/blue teams and penetration testing. In fact, I wrote a bill (HR 5983) this year that would have required the heads of appropriate Federal agencies (DHS, NSA, DOD, etc.) to create security control testing protocols to ensure that the Department of Homeland Security's networks are protected against known attacks and exploits. The bill would have essentially given the DHS Inspector General the ability to red/blue team the Department's networks to determine whether or not the Department's security policies and controls were effective.

The DHS Inspector General does not have the same capabilities as the NSA red team. Unfortunately, there are a limited number of individuals who are members of these elite teams; what I'd like to see happen is groups like NSA red/blue engage with more Federal civilian agency security officers who can perform these functions when the NSA teams are not available.

Of course, the great value in red teaming comes from actually mitigating the vulnerabilities discovered by the red team. This takes time and money, which can sometimes be difficult to come by. So while we have to do more red teaming in the Federal government, we also have to be prepared to spend the money to fix the problems.

I find that red team competitions are a great way to refine offensive and defensive skills, and can also be a good recruiting tool for the Federal government. In the spring I congratulated the college participants in the 2008 National Collegiate Cyber Defense Competition that was held at the campus of UT-San Antonio, and encouraged them to look for Federal jobs when they graduate. We as a nation have to recruit and invest in these students because of their talent and potential.

2) Why run this out of the EOP?
by Animats
Why run this out of the Executive Office of the President? Trying to run operational units directly from the White House seldom works well; the environment is political, not operational. The present cybersecurity office, in Homeland Security, is ineffective because the incumbent is a former lobbyist. When Amit Yoran was in charge there, progress was being made. He quit because he wasn't getting backing from higher in Homeland Security. The office needs a high-level champion in the White House, but that's a liasion job.

Rep. Langevin: You are right - cyber operations should not be run by the White House. We have plenty of agencies that have the skill and capability to run various cyber operations throughout the Federal government. But as you've noted, at the end of the day, cybersecurity requires coordination of activities across agencies, and the CSIS Commission concluded that the White House is the best place to locate this function.

The Commission discovered that the central problems in the current Federal organization for cybersecurity are lack of a strategic focus, overlapping missions, poor coordination and collaboration, and diffuse responsibility. The Commission considered many options for how best to organize for cybersecurity. One particularly useful model was the Intelligence Reform and Terrorist Prevention Act (IRTPA). IRTPA imposed a new, more collaborative structure on the Intelligence Community. It mandated a distributed "intelligence enterprise." Congressional mandates, however, are not enough. It took a Director of National Intelligence with the appropriate authorities to build collaboration. This did not mean that the DNI became a centralized manager of the IC - agencies still have their unique operational functions. The DNI role is to provide the strategy and collaborative networks for the intelligence enterprise. This effort, although it is still a work in progress, helped to guide our thinking.

I hope that the Assistant to the President for Cyberspace will be that high-level champion that you described, a person who can provide programmatic oversight for the many cybersecurity programs that involve multiple agencies, but not take operational control over the agency responsibilities.

3) Re:Why run this out of the EOP?
by gclef (96
To build on this, how are you planning on addressing the credibility gap between what the executive wants to achieve, and what the rest of the internet community (at least in the US) believes you really can/should achieve?

For example, I was at BlackHat this year, and the keynote speaker was one of the Feds, speaking about the federal plans for cyber security. The discussions in the hall after his keynote were scathing. Many of the attendees concluded that he had no clue what he was talking about. This, I think, has to be the first hurdle the executive needs to clear before accomplishing anything. Put simply: the private sector just doesn't believe in government's ability to succeed. How are you going to fix that?

Rep. Langevin: The uncertainty of success should not prevent government from playing a role in securing cyberspace, but its questionable effectiveness means we have to find specific areas or roles where the government can add value. This is the challenge we face today.

I think back to some of the fundamental lessons of the government's efforts in Y2K. John Koskinen, the incredibly effective manager of this effort, asked himself what role the government could or should play with the private sector. His list was short: 1) Government could provide expertise to the private sector; 2) Government could provide a trusted meeting place for the private sector; 3) Government could provide a mix of positive and negative incentives for the private sector to implement security fixes. With this blueprint, Koskinen had his marching orders.

Government alone will not solve the cybersecurity problem because government alone does not own the infrastructure or the technical expertise. But government involvement is the key for success because of its ability to positively and negatively incentivize behavior. Today, just like 10 years ago, there are incentives that the government can provide to ensure better security in the private sector, and, like the government response to Y2K, I think this is where the government should focus its effort.

The trust relationship between the government and the private sector has been damaged over the years, so this will be an area for the next President to try to improve. The CSIS Commission recommends rebuilding the public-private partnership on cybersecurity to focus on key infrastructures and coordinated preventative and responsive activities. The Commission recommends the President direct the creation of three new groups for partnership that provide the basis for both trust and action: 1) A Presidential Advisory Committee organized under the Federal Advisory Committee Act (FACA) with senior representatives from the key cyber infrastructures; 2) A "town hall" style national stakeholders' organization that provides a platform for education and discussion; and 3) A new operational organization, the Center for Cybersecurity Operations (CCSO), where public and private sector entities can collaborate and share information on critical cybersecurity in a trusted environment.

There is one specific area that the government can establish some credibility with the private sector: become the gold standard for network security. Some of you have heard me discuss this vision during my DHS oversight hearings. The security of Federal networks has received attention from the highest principals in government, and I believe the increased attention will lead to better strategies, larger commitment of resources, and greater awareness throughout Federal agencies. Making the Federal government the gold standard demonstrates to the private sector that we are committed to security and we can be a trusted partner.

4) Regulation
by Hatta
The free and open nature of the internet is its biggest asset. How do you plan on enforcing "cybersecurity" without damaging its free and open nature? Are you sure that the cure (government regulation) isn't worse than the disease (cybercrime)? Remember there was no cybercrime before the internet. The internet has brought us both crime and prosperity, so far the prosperity has far exceeded the crime. I benefit far more than I suffer from having an unregulated internet, can you convince me that a regulated internet is even necessary?

What sort of measures can you take to fight cybercrime without affecting my unfettered access to the internet? The phrase "If you have nothing to hide, you have nothing to fear" is not an acceptable response.

Rep. Langevin: I disagree with the premise - neither I nor the CSIS Commission discussed a "regulated Internet". What we did discuss is the need to develop and issue standards and guidance for securing three specific critical cyber infrastructures - telecom, finance, and energy - with the intent of increasing transparency and improving resiliency and reliability in the delivery of services critical to cyberspace.

5)How will this power be controlled?
by Opportunist
I work in IT security and thus I wonder how you plan to deal with two conflicting problems: Rapid change of threat scenarios and ability to supervise and monitor the actions taken by the "cyber police". Threats in IT change rapidly. Over the course of days sometimes. So quick reactions to emerging threats is a necessity. You have to react fast when something emerges, you can't let debates go on forever with weeks passing to give various interest groups a say in the matter.

How do you plan to ensure that civil liberties will not suffer from the necessary fast response when trying to make the internet a safer place?

That whatever organization is supposed to make the "net safer" will have certain powers is a given. Whenever, though, someone who has power has to do something fast (i.e. before someone could complain or interfere), the temptation to abuse this power (claiming "danger in delay", when the only danger would have been that someone could find out that power abuse is afoot) is present as well. How do you plan to address this?

Rep. Langevin: It's a significant challenge to respond to threats that can hit in a matter of milliseconds. Specifically, to address abuses of power or compromises of privacy and civil liberties, we have to insist that privacy and civil liberties protections be built in from the ground floor into our cybersecurity programs.

The E-Government Act requires agencies to conduct Privacy Impact Assessments (PIA) before developing or procuring IT systems or projects that collect, maintain or disseminate information in identifiable form from or about members of the public, or initiating a new electronic collection of information in identifiable form for 10 or more persons. In general, PIAs are required to be performed and updated as necessary where a system change creates new privacy risks. I think this is one way that we can ensure that privacy and civil liberties concerns are addressed at the outset, but I am open to any suggestions from the readers.

6) Hiring Practices And Education
by codepunk
I noticed briefly in the document that it mentions the inability of the Govt. to hire the necessary talent to combat these issues. Namely it mentions the drop in CS student enrollments and attempts to relate it to the .com burst. In reality the American IT profession is under assault by both outsourcing and the current H1B visa program. How do you intend to increase CS enrollment when the job market is being eroded by these two factors?

Rep. Langevin: I am concerned about the drop in computer science students, because it could portend of a decline in American competitiveness in science and technology At the same time, I also know that advanced degrees are not a necessity in operations. Some of the best operational experts I know - both in and out of government - only have high school diplomas.

There are a variety of different skill sets that we are looking for in the Federal government. The goal is to both increase the supply of skilled workers (to benefit both government and the private sector) and to create a career path (including training and advancement) for cyber specialists in the Federal government.

I have long advocated for a comprehensive approach to immigration reform that combines border security, enforcement of immigration laws already on the books, and a humane and common-sense approach to dealing with the millions of immigrants who are already in this country illegally. Reforming the system includes looking at all visa programs such as the one you mention.

The model for increasing the supply of skilled cyber workers is the 1958 National Defense Education Act, which improved national security and strengthened the economy. A larger effort poses complex challenges, however, and a focused program that emphasizes cybersecurity will be easier to obtain. The simplest approach may be to expand Scholarship for Service, a National Science Foundation scholarship program that provides tuition and stipends, in addition to requiring accreditation of schools where scholarships are provided for computer security studies.

The U.S. must also develop a career path for cyber specialists in federal service. Creating this career path entails a number of steps, including minimum entry requirements for cyber positions, training in specialized security skills, and a national cyber skills certification program. The Office of Personnel Management, working with key agencies engaged in cyber defense and offense, needs to establish rewarding career paths and advanced training.

This career path should transcend specific departments or agencies. I believe it should be modeled on the Federal Law Enforcement Training Center (FLETC), which provides training to all Federal employees in the Law Enforcement Officer skills. The program should initially focus on national security related missions (including critical infrastructure), but could later be expanded to other mission areas.

7) Why?
by poetmatt
Why must civil liberties be given up under any circumstance under the guise of "cybersecurity"? Why is there no open public review for people to proclaim that under no circumstance do they plan to give up civil liberties for sake of a bad us government cybersecurity plan? I for one do not plan to give up any form of "rights" just because the government has an inability to secure their own systems. I'm sure we all know the Thomas Jefferson quote for this.

Basically, my question is: why are we focused on balancing rights for security when we could spend more effort securing the existing government computer systems that we use, and it would be more effective? This is like pointing a finger at the washington monument and blaming it for the market collapse, and does not directly address the issue I just mentioned.

Rep. Langevin: No American should give up the liberties granted to him by our Constitution under any circumstances. I do disagree with your premise, however, that the Federal government is sacrificing the liberties of its citizens to ensure greater security of its networks.

Readers of Slashdot who share my concern about protecting privacy and civil liberties may be interested in reading the Privacy Impact Assessments (PIA) prepared by the Federal government for various IT systems that I mentioned in a previous response.

8) Over-reaching
by gclef
A) Are you concerned with biting off more than you can chew with the "Manage Identities" portion of the recommendation? (or, put another way, are you sure the government should really be doing any of those in the first place?)

A number of people are already uncomfortable with the idea of a national identity card (witness the problems that RealID is having these days)...your report goes even farther, though, by proposing a

government-issued identity card that consumers could use for purchases online. If I'm already suspicious of a national ID, why in the world would I want to use a government-issued online ID?

B) Also, your recommendations have some huge loopholes: point 17 says that you want to allow consumers to use strong government-issued credentials for online activities, but point 18 then says that there should be regulation preventing businesses from *requiring* the use of those credentials.In practice, one of these two lines will be pointless (companies will say that it's optional to do business with them, so it's not "required"). By way of example, it's illegal for a company to *require* an SSN for non-banking business, but just try to get water service in Maryland without giving it to them...you can't do it. Doesn't this sort of loophole make your "consumer protection" recommendations pointless?

Rep. Langevin: Government-issued identity sparks a wide range of emotions, but I have to be clear about one thing: the Commission did not recommend that the government issue strong credentials to individuals.

First, we recommended that strong authentication be mandatory for critical cyber infrastructures - energy, finance, and telecommunications. Second, we said that if people want to use their new strong credential (which does not necessarily have to be provided by the government) for commercial purposes, they should be allowed to do so when the other party in a transaction is willing to accept them. Finally, we said that as we are likely to see two classes of consumers emerge (those with strong digital credentials and those who have chosen not to have such credentials), the FTC should ensure that companies can't refuse low-risk online services to those without credentials. FTC rules can move companies to adopt a risk-based approach to authentication - low risk transactions can use weak or no authentication, high risk transaction can require more.

You are essentially already doing this if you use online banking services: you can browse the website without authentication, but you need strong authentication to access your account and engage in transactions. Banks issue the credential (not the government) but it is in a framework of rules and guidance issued by regulatory authorities. The Commission wanted to move the banking model to other critical sectors.

The real issue is how to construct a system that accommodates a minority that is afraid of strong authentication without blocking adoption for critical infrastructure or high value transactions.

9) Single Platform Vulnerability
by codepunk
It is no secret that our nations national security is threatened by the current single platform strategy. The lack of operating system diversity creates a fatal environment in which a single system flaw can expose all govt facilities and networks. As it stands today a single serious vulnerability could be exploited to blackout most if not all of our govt infrastructure. How do you intend to address this serious problem?

Rep. Langevin: We can do our best to build security in. Currently, most vendors deliver software with a very wide set of features and functions enabled including some that can result in less secure operations if not properly configured by the purchaser. However, as software systems become increasingly complex the difficulty of securely configuring these systems and maintaining that secure configuration has become a major technical and operational challenge.

The Federal government, taken as a single organization, is the largest buyer of most information technology products. Federal acquisitions rules provide a large mechanism for the government to shape private sector behavior. The CSIS Commission recommended that the Federal government require that the IT products it buys be securely configured upon delivery. Today, this effort is known as the Federal Desktop Core Configuration (FDCC). The FDCC is an OMB mandate that requires all Federal agencies to standardize the configuration of settings on operating systems and for applications that run on those systems. The FDCC is aimed at strengthening Federal IT security by reducing opportunities for hackers to access and exploit government computer systems.

A carefully crafted acquisitions regime, combined with an expanded FDCC initiative could help drive the market towards more secure configurations. The secure configurations mandated by the Federal government and produced in this collaboration with industry would be available for use by state and local government organizations as well as the private sector. A collaborative effort between government and industry to resolve software vulnerabilities and to deliver secure products could result in lower overall costs over the life of a system, even if secure configurations initially resulted in a higher price.

10) Secure what?
by fuego451
Besides sensitive government computers, which for whatever reason need to be connected to the WWW, exactly what part of the US portion of the Web needs to be secured and why?

Rep. Langevin: I am focused specifically on Federal information networks and critical infrastructure networks, such as infrastructure that is used to operate energy utilities and banking and finance and telecommunications. Ineffective cybersecurity leaves us vulnerable to attacks on our informational infrastructure, and in an increasingly competitive international environment, such attacks undercut America's economy and security and put the nation at risk.

-------------

Thanks to everyone who took the time to participate in this thread. Obviously, we weren't able to cover everything here in one Q&A, but if you would like to contact me with additional thoughts, please send me an email noting your interest in cybersecurity.

Last week we solicited questions for US Representative Jim Langevin (D-RI), one of the chairs of the CSIS Cybersecurity Commission. Here are his answers — along with contact information for him if you want to continue the conversation. 1) Red Teams
by Bananatree3
The NSA has had great success with Red Teams and competitions between security experts in helping learn how to better secure sensitive data and to keep up to date with the latest attack techniques.

What are your plans to utilize this powerful technique? If applied elsewhere, Red Team competitions can help better secure other aspects of the internet and to stay up to date.

Rep. Langevin: I couldn't agree more. I've been an advocate of moving away from the paperwork exercises that have become more prevalent in Federal government IT security towards a more operational-focused testing environment like red/blue teams and penetration testing. In fact, I wrote a bill (HR 5983) this year that would have required the heads of appropriate Federal agencies (DHS, NSA, DOD, etc.) to create security control testing protocols to ensure that the Department of Homeland Security's networks are protected against known attacks and exploits. The bill would have essentially given the DHS Inspector General the ability to red/blue team the Department's networks to determine whether or not the Department's security policies and controls were effective.

The DHS Inspector General does not have the same capabilities as the NSA red team. Unfortunately, there are a limited number of individuals who are members of these elite teams; what I'd like to see happen is groups like NSA red/blue engage with more Federal civilian agency security officers who can perform these functions when the NSA teams are not available.

Of course, the great value in red teaming comes from actually mitigating the vulnerabilities discovered by the red team. This takes time and money, which can sometimes be difficult to come by. So while we have to do more red teaming in the Federal government, we also have to be prepared to spend the money to fix the problems.

I find that red team competitions are a great way to refine offensive and defensive skills, and can also be a good recruiting tool for the Federal government. In the spring I congratulated the college participants in the 2008 National Collegiate Cyber Defense Competition that was held at the campus of UT-San Antonio, and encouraged them to look for Federal jobs when they graduate. We as a nation have to recruit and invest in these students because of their talent and potential.

2) Why run this out of the EOP?
by Animats
Why run this out of the Executive Office of the President? Trying to run operational units directly from the White House seldom works well; the environment is political, not operational. The present cybersecurity office, in Homeland Security, is ineffective because the incumbent is a former lobbyist. When Amit Yoran was in charge there, progress was being made. He quit because he wasn't getting backing from higher in Homeland Security. The office needs a high-level champion in the White House, but that's a liasion job.

Rep. Langevin: You are right - cyber operations should not be run by the White House. We have plenty of agencies that have the skill and capability to run various cyber operations throughout the Federal government. But as you've noted, at the end of the day, cybersecurity requires coordination of activities across agencies, and the CSIS Commission concluded that the White House is the best place to locate this function.

The Commission discovered that the central problems in the current Federal organization for cybersecurity are lack of a strategic focus, overlapping missions, poor coordination and collaboration, and diffuse responsibility. The Commission considered many options for how best to organize for cybersecurity. One particularly useful model was the Intelligence Reform and Terrorist Prevention Act (IRTPA). IRTPA imposed a new, more collaborative structure on the Intelligence Community. It mandated a distributed "intelligence enterprise." Congressional mandates, however, are not enough. It took a Director of National Intelligence with the appropriate authorities to build collaboration. This did not mean that the DNI became a centralized manager of the IC - agencies still have their unique operational functions. The DNI role is to provide the strategy and collaborative networks for the intelligence enterprise. This effort, although it is still a work in progress, helped to guide our thinking.

I hope that the Assistant to the President for Cyberspace will be that high-level champion that you described, a person who can provide programmatic oversight for the many cybersecurity programs that involve multiple agencies, but not take operational control over the agency responsibilities.

3) Re:Why run this out of the EOP?
by gclef (96
To build on this, how are you planning on addressing the credibility gap between what the executive wants to achieve, and what the rest of the internet community (at least in the US) believes you really can/should achieve?

For example, I was at BlackHat this year, and the keynote speaker was one of the Feds, speaking about the federal plans for cyber security. The discussions in the hall after his keynote were scathing. Many of the attendees concluded that he had no clue what he was talking about. This, I think, has to be the first hurdle the executive needs to clear before accomplishing anything. Put simply: the private sector just doesn't believe in government's ability to succeed. How are you going to fix that?

Rep. Langevin: The uncertainty of success should not prevent government from playing a role in securing cyberspace, but its questionable effectiveness means we have to find specific areas or roles where the government can add value. This is the challenge we face today.

I think back to some of the fundamental lessons of the government's efforts in Y2K. John Koskinen, the incredibly effective manager of this effort, asked himself what role the government could or should play with the private sector. His list was short: 1) Government could provide expertise to the private sector; 2) Government could provide a trusted meeting place for the private sector; 3) Government could provide a mix of positive and negative incentives for the private sector to implement security fixes. With this blueprint, Koskinen had his marching orders.

Government alone will not solve the cybersecurity problem because government alone does not own the infrastructure or the technical expertise. But government involvement is the key for success because of its ability to positively and negatively incentivize behavior. Today, just like 10 years ago, there are incentives that the government can provide to ensure better security in the private sector, and, like the government response to Y2K, I think this is where the government should focus its effort.

The trust relationship between the government and the private sector has been damaged over the years, so this will be an area for the next President to try to improve. The CSIS Commission recommends rebuilding the public-private partnership on cybersecurity to focus on key infrastructures and coordinated preventative and responsive activities. The Commission recommends the President direct the creation of three new groups for partnership that provide the basis for both trust and action: 1) A Presidential Advisory Committee organized under the Federal Advisory Committee Act (FACA) with senior representatives from the key cyber infrastructures; 2) A "town hall" style national stakeholders' organization that provides a platform for education and discussion; and 3) A new operational organization, the Center for Cybersecurity Operations (CCSO), where public and private sector entities can collaborate and share information on critical cybersecurity in a trusted environment.

There is one specific area that the government can establish some credibility with the private sector: become the gold standard for network security. Some of you have heard me discuss this vision during my DHS oversight hearings. The security of Federal networks has received attention from the highest principals in government, and I believe the increased attention will lead to better strategies, larger commitment of resources, and greater awareness throughout Federal agencies. Making the Federal government the gold standard demonstrates to the private sector that we are committed to security and we can be a trusted partner.

4) Regulation
by Hatta
The free and open nature of the internet is its biggest asset. How do you plan on enforcing "cybersecurity" without damaging its free and open nature? Are you sure that the cure (government regulation) isn't worse than the disease (cybercrime)? Remember there was no cybercrime before the internet. The internet has brought us both crime and prosperity, so far the prosperity has far exceeded the crime. I benefit far more than I suffer from having an unregulated internet, can you convince me that a regulated internet is even necessary?

What sort of measures can you take to fight cybercrime without affecting my unfettered access to the internet? The phrase "If you have nothing to hide, you have nothing to fear" is not an acceptable response.

Rep. Langevin: I disagree with the premise - neither I nor the CSIS Commission discussed a "regulated Internet". What we did discuss is the need to develop and issue standards and guidance for securing three specific critical cyber infrastructures - telecom, finance, and energy - with the intent of increasing transparency and improving resiliency and reliability in the delivery of services critical to cyberspace.

5)How will this power be controlled?
by Opportunist
I work in IT security and thus I wonder how you plan to deal with two conflicting problems: Rapid change of threat scenarios and ability to supervise and monitor the actions taken by the "cyber police". Threats in IT change rapidly. Over the course of days sometimes. So quick reactions to emerging threats is a necessity. You have to react fast when something emerges, you can't let debates go on forever with weeks passing to give various interest groups a say in the matter.

How do you plan to ensure that civil liberties will not suffer from the necessary fast response when trying to make the internet a safer place?

That whatever organization is supposed to make the "net safer" will have certain powers is a given. Whenever, though, someone who has power has to do something fast (i.e. before someone could complain or interfere), the temptation to abuse this power (claiming "danger in delay", when the only danger would have been that someone could find out that power abuse is afoot) is present as well. How do you plan to address this?

Rep. Langevin: It's a significant challenge to respond to threats that can hit in a matter of milliseconds. Specifically, to address abuses of power or compromises of privacy and civil liberties, we have to insist that privacy and civil liberties protections be built in from the ground floor into our cybersecurity programs.

The E-Government Act requires agencies to conduct Privacy Impact Assessments (PIA) before developing or procuring IT systems or projects that collect, maintain or disseminate information in identifiable form from or about members of the public, or initiating a new electronic collection of information in identifiable form for 10 or more persons. In general, PIAs are required to be performed and updated as necessary where a system change creates new privacy risks. I think this is one way that we can ensure that privacy and civil liberties concerns are addressed at the outset, but I am open to any suggestions from the readers.

6) Hiring Practices And Education
by codepunk
I noticed briefly in the document that it mentions the inability of the Govt. to hire the necessary talent to combat these issues. Namely it mentions the drop in CS student enrollments and attempts to relate it to the .com burst. In reality the American IT profession is under assault by both outsourcing and the current H1B visa program. How do you intend to increase CS enrollment when the job market is being eroded by these two factors?

Rep. Langevin: I am concerned about the drop in computer science students, because it could portend of a decline in American competitiveness in science and technology At the same time, I also know that advanced degrees are not a necessity in operations. Some of the best operational experts I know - both in and out of government - only have high school diplomas.

There are a variety of different skill sets that we are looking for in the Federal government. The goal is to both increase the supply of skilled workers (to benefit both government and the private sector) and to create a career path (including training and advancement) for cyber specialists in the Federal government.

I have long advocated for a comprehensive approach to immigration reform that combines border security, enforcement of immigration laws already on the books, and a humane and common-sense approach to dealing with the millions of immigrants who are already in this country illegally. Reforming the system includes looking at all visa programs such as the one you mention.

The model for increasing the supply of skilled cyber workers is the 1958 National Defense Education Act, which improved national security and strengthened the economy. A larger effort poses complex challenges, however, and a focused program that emphasizes cybersecurity will be easier to obtain. The simplest approach may be to expand Scholarship for Service, a National Science Foundation scholarship program that provides tuition and stipends, in addition to requiring accreditation of schools where scholarships are provided for computer security studies.

The U.S. must also develop a career path for cyber specialists in federal service. Creating this career path entails a number of steps, including minimum entry requirements for cyber positions, training in specialized security skills, and a national cyber skills certification program. The Office of Personnel Management, working with key agencies engaged in cyber defense and offense, needs to establish rewarding career paths and advanced training.

This career path should transcend specific departments or agencies. I believe it should be modeled on the Federal Law Enforcement Training Center (FLETC), which provides training to all Federal employees in the Law Enforcement Officer skills. The program should initially focus on national security related missions (including critical infrastructure), but could later be expanded to other mission areas.

7) Why?
by poetmatt
Why must civil liberties be given up under any circumstance under the guise of "cybersecurity"? Why is there no open public review for people to proclaim that under no circumstance do they plan to give up civil liberties for sake of a bad us government cybersecurity plan? I for one do not plan to give up any form of "rights" just because the government has an inability to secure their own systems. I'm sure we all know the Thomas Jefferson quote for this.

Basically, my question is: why are we focused on balancing rights for security when we could spend more effort securing the existing government computer systems that we use, and it would be more effective? This is like pointing a finger at the washington monument and blaming it for the market collapse, and does not directly address the issue I just mentioned.

Rep. Langevin: No American should give up the liberties granted to him by our Constitution under any circumstances. I do disagree with your premise, however, that the Federal government is sacrificing the liberties of its citizens to ensure greater security of its networks.

Readers of Slashdot who share my concern about protecting privacy and civil liberties may be interested in reading the Privacy Impact Assessments (PIA) prepared by the Federal government for various IT systems that I mentioned in a previous response.

8) Over-reaching
by gclef
A) Are you concerned with biting off more than you can chew with the "Manage Identities" portion of the recommendation? (or, put another way, are you sure the government should really be doing any of those in the first place?)

A number of people are already uncomfortable with the idea of a national identity card (witness the problems that RealID is having these days)...your report goes even farther, though, by proposing a

government-issued identity card that consumers could use for purchases online. If I'm already suspicious of a national ID, why in the world would I want to use a government-issued online ID?

B) Also, your recommendations have some huge loopholes: point 17 says that you want to allow consumers to use strong government-issued credentials for online activities, but point 18 then says that there should be regulation preventing businesses from *requiring* the use of those credentials.In practice, one of these two lines will be pointless (companies will say that it's optional to do business with them, so it's not "required"). By way of example, it's illegal for a company to *require* an SSN for non-banking business, but just try to get water service in Maryland without giving it to them...you can't do it. Doesn't this sort of loophole make your "consumer protection" recommendations pointless?

Rep. Langevin: Government-issued identity sparks a wide range of emotions, but I have to be clear about one thing: the Commission did not recommend that the government issue strong credentials to individuals.

First, we recommended that strong authentication be mandatory for critical cyber infrastructures - energy, finance, and telecommunications. Second, we said that if people want to use their new strong credential (which does not necessarily have to be provided by the government) for commercial purposes, they should be allowed to do so when the other party in a transaction is willing to accept them. Finally, we said that as we are likely to see two classes of consumers emerge (those with strong digital credentials and those who have chosen not to have such credentials), the FTC should ensure that companies can't refuse low-risk online services to those without credentials. FTC rules can move companies to adopt a risk-based approach to authentication - low risk transactions can use weak or no authentication, high risk transaction can require more.

You are essentially already doing this if you use online banking services: you can browse the website without authentication, but you need strong authentication to access your account and engage in transactions. Banks issue the credential (not the government) but it is in a framework of rules and guidance issued by regulatory authorities. The Commission wanted to move the banking model to other critical sectors.

The real issue is how to construct a system that accommodates a minority that is afraid of strong authentication without blocking adoption for critical infrastructure or high value transactions.

9) Single Platform Vulnerability
by codepunk
It is no secret that our nations national security is threatened by the current single platform strategy. The lack of operating system diversity creates a fatal environment in which a single system flaw can expose all govt facilities and networks. As it stands today a single serious vulnerability could be exploited to blackout most if not all of our govt infrastructure. How do you intend to address this serious problem?

Rep. Langevin: We can do our best to build security in. Currently, most vendors deliver software with a very wide set of features and functions enabled including some that can result in less secure operations if not properly configured by the purchaser. However, as software systems become increasingly complex the difficulty of securely configuring these systems and maintaining that secure configuration has become a major technical and operational challenge.

The Federal government, taken as a single organization, is the largest buyer of most information technology products. Federal acquisitions rules provide a large mechanism for the government to shape private sector behavior. The CSIS Commission recommended that the Federal government require that the IT products it buys be securely configured upon delivery. Today, this effort is known as the Federal Desktop Core Configuration (FDCC). The FDCC is an OMB mandate that requires all Federal agencies to standardize the configuration of settings on operating systems and for applications that run on those systems. The FDCC is aimed at strengthening Federal IT security by reducing opportunities for hackers to access and exploit government computer systems.

A carefully crafted acquisitions regime, combined with an expanded FDCC initiative could help drive the market towards more secure configurations. The secure configurations mandated by the Federal government and produced in this collaboration with industry would be available for use by state and local government organizations as well as the private sector. A collaborative effort between government and industry to resolve software vulnerabilities and to deliver secure products could result in lower overall costs over the life of a system, even if secure configurations initially resulted in a higher price.

10) Secure what?
by fuego451
Besides sensitive government computers, which for whatever reason need to be connected to the WWW, exactly what part of the US portion of the Web needs to be secured and why?

Rep. Langevin: I am focused specifically on Federal information networks and critical infrastructure networks, such as infrastructure that is used to operate energy utilities and banking and finance and telecommunications. Ineffective cybersecurity leaves us vulnerable to attacks on our informational infrastructure, and in an increasingly competitive international environment, such attacks undercut America's economy and security and put the nation at risk.

-------------

Thanks to everyone who took the time to participate in this thread. Obviously, we weren't able to cover everything here in one Q&A, but if you would like to contact me with additional thoughts, please send me an email noting your interest in cybersecurity.

US Representative Jim Langevin (D-RI) is one of the chairs of the CSIS Cybersecurity Commission that released a comprehensive 96-page report on Dec. 8 under the title, Securing Cyberspace for the 44th Presidency. The aim of the Commission is to help the incoming administration balance "cyberspace" security needs with civil liberties. We'd like to thank Rep. Langevin and his staff (some of whom are ardent Slashdot readers) for taking time to answer your (hopefully) cogent questions. Usual Slashdot interview rules apply, and — also as usual — we'll post Rep. Langevin's answers as soon as he gets them back to us.

I Don't Believe in Imaginary Property writes "The Senate has passed the PRO-IP Act. While they stripped out the provision to have the DoJ act as copyright cops, it still contains increased penalties for infringement, civil forfeiture provisions, and creates an 'IP czar' to coordinate enforcement. Even though the civil forfeiture provisions are ostensibly intended for use against commercial piracy outfits, history indicates that they will probably get used against individuals at some point. Worse, because they left out the only part of the bill that Bush threatened to veto, it is expected to pass. It is going back to the House where they're expected to pass it on Saturday, after which the President will probably sign it. So, if you want to contact your representative, hurry." An anonymous reader notes that DefectiveByDesign.Org is mobilizing to fight this legislation. The Senate vote was unanimous. We've been following the progress of this bill for quite some time.

I Don't Believe in Imaginary Property writes "Rep. Loretta Sanchez (D-CA) has introduced a bill that would add accountability to the DHS searches conducted upon the laptops of those crossing the border. Specifically, it would require the issue of receipts to those who had their property confiscated so that it could later be returned, would limit how long the DHS can keep laptops, would require them to keep the laptop's information secure, and would create a way to complain about abuse. Finally, the DHS would be required to keep track of how many searches were done and report the details to Congress. Rep. Sanchez also has also issued a statement about the proposed bill."

narramissic writes "The awkwardly named Halting Airplane Noise to Give Us Peace (HANG UP) Act was approved by the House Transportation and Infrastructure Committee on a voice vote Thursday. The bill would make permanent the long-standing ban on in-flight cell phone calls by the FAA and FCC. 'Polls show the public overwhelmingly doesn't want to be subjected to people talking on their cell phones on increasingly over-packed airplanes. However, with Internet access just around the corner on U.S. flights, it won't be long before the ban on voice communications on in-flight planes is lifted,' said Representative Peter DeFazio, a Democrat from Oregon who co-sponsored the HANG UP Act in a statement. 'Cash-strapped airlines could end up charging some passengers to use their phones while charging others to sit in a phone-free section of the plane,' he said."

Deli Korkmaz writes "The Washington Post reports that Sprint-Nextel spin-off Embarq, currently the US's fourth largest DSL provider, monitored Internet activity on some 26,000 customers in Kansas using deep-packet inspection technology NebuAd in order to deliver targeted advertising to users' desktops. CNet provides coverage as well. The House of Representatives Committee on Energy and Commerce is investigating whether any privacy laws were broken. Users were informed of this test and invited to opt out only via Embarq's online Privacy Policy; a mere 15 subscribers did so."

Bimo_Dude writes "Today (June 20), Steny Hoyer is bringing to the House floor the latest FISA bill (PDF), which includes retroactive immunity for the telcos. The bill also is very weak on judicial review, allowing the telcos to use a letter from the president as a 'get out of liability free' card. Here are comments from the EFF. Glenn Greenwald, writing in Salon, describes the effect of the immunity clause this way: 'So all the Attorney General has to do is recite those magic words — the President requested this eavesdropping and did it in order to save us from the Terrorists — and the minute he utters those words, the courts are required to dismiss the lawsuits against the telecoms, no matter how illegal their behavior was.'"

theodp writes "Citing expert testimony from a recent House Science Subcommittee hearing on Globalizing Jobs and Technology, The Economic Populist challenges the conventional wisdom that maximizing profits should be a corporation's only responsibility, suggesting it's time for the US to align its corporations to the interests of the nation instead of vice versa. Harvard's Bruce Scott warns that today's global economy is much like the US in the later 19th century, when states competed for funds generated by corporations and thus raced to the bottom as they granted generous terms to unregulated firms. Sound familiar, Pennsylvania? How about you, Michigan?"

Irvu writes "The US House of Representatives is considering HR. 5036, the 'Emergency Assistance for Secure Elections Act of 2008,' as introduced by Representative Rush Holt. The bill is scheduled for a floor vote later today. It would provide for emergency paper ballots, money for the addition of voter verifiable paper ballots to existing systems, and post-election audits. Crucially, the change to paper is opt-in, making it possible for local jurisdictions to govern their own choices. Here are two summaries of the bill. It was reported out of committee with strong bipartisan support. As of this morning the White house has opposed the bill but not threatened a veto, and some previously supportive Republicans have now changed their tune. Calls may be made to your house rep (click on 'Find your representative'). Here's a sample support letter."

Irvu writes "The US House of Representatives is considering HR. 5036, the 'Emergency Assistance for Secure Elections Act of 2008,' as introduced by Representative Rush Holt. The bill is scheduled for a floor vote later today. It would provide for emergency paper ballots, money for the addition of voter verifiable paper ballots to existing systems, and post-election audits. Crucially, the change to paper is opt-in, making it possible for local jurisdictions to govern their own choices. Here are two summaries of the bill. It was reported out of committee with strong bipartisan support. As of this morning the White house has opposed the bill but not threatened a veto, and some previously supportive Republicans have now changed their tune. Calls may be made to your house rep (click on 'Find your representative'). Here's a sample support letter."

Regular Slashdot contributor Bennett Haselton has some opinions on child safety online and the use of fear mongering. Here are his thoughts. "The National Center for Missing and Exploited Children has been running online ads for several years saying that "Each year 1 in 5 children is sexually solicited online", a statistic that has been endlessly repeated, including by vendors of blocking software and by politicians who often paraphrase it to say that 1 in 5 children "are approached by online predators". While others have quietly documented the problems with this statistic, lawmakers still bring it out every year in a push for more online regulation (preempted this year only by the topic du jour of cyberbullying), so it's time for anti-censorship organizations to start campaigning more aggressively against the misleading "1 in 5" number. That means two things: framing the debate with more accurate numbers, and holding the parties accountable for disseminating the wrong ones -- and that means naming names, including those of organizations like the NCMEC that are normally beyond reproach." Read below for the rest. I have no doubt that on balance, the world is a better place because of the NCMEC and what they've done, and God knows how I'd feel about them if they'd helped me find a lost child. But the good things they've done shouldn't be viewed as political capital that they can withdraw against in order to be above criticism for spreading the "1 in 5" meme. The longer they go on implying to parents that there is a 1-in-5 chance their kid will be asked by an adult to meet in person for sex, the more I think it tarnishes their whole legacy. (The NCMEC did not respond to contact requests for this article.)

First, what the 1-in-5 number actually means. It originated with a study done in 2000 by the Crimes Against Children Research Center at the University of New Hampshire, which surveyed 1,501 Internet-using youth age 10 through 17. The actual relevant findings of the study were as follows:

• The 1 in 5 figure was the number that had received at least one instance of unwanted sex talk (including from other teenagers), or sex talk from an adult (whether wanted or not), in the past year.

• The proportion of respondents who received a sexual flirtation from an adult, followed by a request to talk on the phone or meet in person, was about 1%.

• The number of survey respondents who actually befriended an adult online and then met the adult in person for sexual purposes, was zero.

Specifically: About 19% of respondents said had received a "sexual solicitation or approach" (my emphasis), and "sexual solicitations and approaches" were defined as: "requests to engage in sexual activities or sexual talk or give personal sexual information that were unwanted or, whether wanted or not, made by an adult". That means any unwanted sex talk, including from other teens, even if limited to one occurrence in the entire previous year, would cause a respondent to be included in the 19% figure (which, when you define it that broadly, actually sounds pretty low). To say that those 1 in 5 minors were "sexually solicited" -- literally, asked for sex -- is simply false.

The actual proportion of respondents who reported that someone made sexual overtures and asked to talk on the phone or meet in person -- what the study called an "aggressive sexual solicitation" -- was 3%, and 34% of those requests were known to have been made by adults. And even this overestimates the proportion of minors who were truly "sexually solicited", because all it means is that an adult started out by talking to them sexually, and then made some request for offline contact, which could have merely been asking for a phone number. So the scenario that comes to mind when hearing that "1 in 5 children is sexually solicited online" -- of being approached sexually by an adult and asked for an in-person meeting -- had actually happened to no more than 1% of respondents, and probably much fewer than that.

And this is just considering the percentage of youth who received solicitations, not taking into account how they responded. Out of 1,501 youth surveyed, none of them reported actually meeting an adult in person for anything that they described as sexual contact. Two teens in the study had "close friendships" with adults that the authors wrote "may have had sexual aspects". One 17-year-old boy had a relationship with a woman in her late twenties that he described as "romantic" but not sexual, and they never met in person. Another 16-year-old girl became close to a man in his thirties, and they met in a public place, but she described the relationship as non-sexual, and she declined to spend the night with him. (While these could still be considered "close calls", it's worth noting that even if the 16- and 17-year-olds had actually had a sexual relationship with their adult friends, that would have in fact been legal in many U.S. states, and in any case it's not what most people think of when they hear about "children" being "sexually solicited online".)

Of course all of this depends on the accuracy of the answers that the youth gave to the surveyors. But the "1 in 5" figure was based on the youths' stated responses as well. People who cite the study can't have their cake and eat it too, taking the "1 in 5" number as accurate but discounting the fact that none of the teens surveyed reported a sexual relationship with an adult they met online.

These were the data that were available in 2000, when the "1 in 5" number started being spread. The authors of the original study followed up with a 2005 report, "Online Victimization of Youth: Five Years Later", in which the corresponding statistics were:

• 1 in 7 respondents received unwanted sex talk or sex talk from an adult, at some point in the past year.

• The proportion of respondents who received a sexual flirtation from an adult, followed by a request to communicate offline, was again about 1-2%. (4% of respondents reported a sexual flirtation plus a request to correspond offline. The new study reported that 39% of all sexual solicitations were made by adults, but did not say what proportion of "aggressive sexual solicitations" -- which included requests for offline contact -- were made by adults.)

• Out of 1,501 respondents surveyed in 2005, two did report an in-person meeting that led to a sexual crime -- one was a 15-year-old girl who met a 30-year-old man in person and had consensual sex with him, and another was a 16-year-old girl who went to a party with an older male she met online who later tried to rape her. But even these incidents (which were both reported to law enforcement) do not mean that the Internet is a more dangerous environment for youth with regard to interaction with adults. The National Center for Missing and Exploited Children's own Web site links to a study -- also by one of the authors of the "Online Victimization" report -- which found that when all types of abuse are counted, 20% of females experience some type of sexual victimization before adulthood, compared to 2 out of 750 female survey respondents in the "Online Victimization" study who reported sexual abuse by someone they met online.

The NCMEC has updated their Web site to say that "one in seven youths (10 to 17 years) experience a sexual solicitation or approach while online", although the banner ads still say 1 in 5. But I think the 1-in-7 versus 1-in-5 is hardly worth nit-picking, when the real problem is that the statement "1 in 5 children is sexually solicited online" is written in a way that virtually guarantees it will be mis-heard and passed along as a statement involving "online predators" or "pedophiles". "Authorities Say 1 in 5 Children Has Been Approached By Online Predators" reads the sub-heading of a story on ABC news. "20% of children who use computer chat rooms have been approached over the Internet by a pedophile" says an online safety site sponsored by the Albemarle County government in Virginia. "One in five kids in America are approached by online predators" says a Congressman's press release.

The NCMEC itself never says that 1 in 5 or 1 in 7 children is "approached by a pedophile", merely that they are "sexually solicited online". I still think this is false because that is not the proportion of minors who are literally solicited for sex, but suppose that you expanded "sexual solicitation" to include all sex talk, so that the statement was "technically true". That still misses the point, because the issue shouldn't be seen as a game where sides try to make their statements as alarmist as possible while still being "technically true", like the kid with his petition to ban "dihydrogen monoxide". If you say something that is virtually guaranteed to get passed along as a wrong and alarmist statement about "pedophiles", aren't you at least partly responsible?

Why, then, does the NCMEC do it? Their site does have a "Donate" link, but it's very low-key, and the site generally seems to steer first-time visitors towards actions that they can take with regard to their own children. So I'm not cynical enough to think the "1 in 5" statistic is a campaign to scare up donations; I think they really do believe they are doing good by getting people to believe that number and to take action based on it. The problem is that there is such a thing as too much worrying and too much overprotection. Sites like Facebook are often used to organize parties and events and send out venue changes, just because that's the most efficient way to do it, and if your parents ban you from getting on Facebook, you'll miss out on simple things like that. What good does that do for anybody? Critics of overprotection often say that overly sheltered kids may rebel later on and get themselves in worse trouble, and that's often true, but so what even if they don't? Your quality of life is still worse off if you're the only one in your peer group who can't get updates about your friends' parties. And your parents' quality of life will be worse if they're constantly wringing their hands thinking that there is a 1 in 5 chance their kid will be propositioned online by a pedophile.

So I would urge the NCMEC to reconsider what they're telling people. Regarding the "1 in 5" meme that's already out there, it's spread so far that it's probably too late for the NCMEC to put the genie back into the bottle. But any anti-censorship group participating in a debate about online safety should put the real statistics forward, and since many in the audience will have heard the "1 in 5" figure somewhere, take a minute to knock it down as well. You don't have to commit political suicide by calling out the NCMEC specifically for spreading the "1 in 5" number, but put the right numbers out there.

Unfortunately the subject of child safety is such that wrong information, from any source, is unlikely to be criticized if it's erring on the side of caution, but some memes die faster than others. Microsoft's resource page about "online predators" says that "if you find pornography on the family computer" -- not child porn, but regular pornography -- that could be a warning sign that "your child is the target of an online predator". I think that's a wildly irresponsible thing to be telling parents, but fortunately the meme does not seem to have spread beyond that one page, which probably not one parent in a thousand will ever actually read.

Regular Slashdot contributor Bennett Haselton has some opinions on child safety online and the use of fear mongering. Here are his thoughts. "The National Center for Missing and Exploited Children has been running online ads for several years saying that "Each year 1 in 5 children is sexually solicited online", a statistic that has been endlessly repeated, including by vendors of blocking software and by politicians who often paraphrase it to say that 1 in 5 children "are approached by online predators". While others have quietly documented the problems with this statistic, lawmakers still bring it out every year in a push for more online regulation (preempted this year only by the topic du jour of cyberbullying), so it's time for anti-censorship organizations to start campaigning more aggressively against the misleading "1 in 5" number. That means two things: framing the debate with more accurate numbers, and holding the parties accountable for disseminating the wrong ones -- and that means naming names, including those of organizations like the NCMEC that are normally beyond reproach." Read below for the rest. I have no doubt that on balance, the world is a better place because of the NCMEC and what they've done, and God knows how I'd feel about them if they'd helped me find a lost child. But the good things they've done shouldn't be viewed as political capital that they can withdraw against in order to be above criticism for spreading the "1 in 5" meme. The longer they go on implying to parents that there is a 1-in-5 chance their kid will be asked by an adult to meet in person for sex, the more I think it tarnishes their whole legacy. (The NCMEC did not respond to contact requests for this article.)

First, what the 1-in-5 number actually means. It originated with a study done in 2000 by the Crimes Against Children Research Center at the University of New Hampshire, which surveyed 1,501 Internet-using youth age 10 through 17. The actual relevant findings of the study were as follows:

• The 1 in 5 figure was the number that had received at least one instance of unwanted sex talk (including from other teenagers), or sex talk from an adult (whether wanted or not), in the past year.

• The proportion of respondents who received a sexual flirtation from an adult, followed by a request to talk on the phone or meet in person, was about 1%.

• The number of survey respondents who actually befriended an adult online and then met the adult in person for sexual purposes, was zero.

Specifically: About 19% of respondents said had received a "sexual solicitation or approach" (my emphasis), and "sexual solicitations and approaches" were defined as: "requests to engage in sexual activities or sexual talk or give personal sexual information that were unwanted or, whether wanted or not, made by an adult". That means any unwanted sex talk, including from other teens, even if limited to one occurrence in the entire previous year, would cause a respondent to be included in the 19% figure (which, when you define it that broadly, actually sounds pretty low). To say that those 1 in 5 minors were "sexually solicited" -- literally, asked for sex -- is simply false.

The actual proportion of respondents who reported that someone made sexual overtures and asked to talk on the phone or meet in person -- what the study called an "aggressive sexual solicitation" -- was 3%, and 34% of those requests were known to have been made by adults. And even this overestimates the proportion of minors who were truly "sexually solicited", because all it means is that an adult started out by talking to them sexually, and then made some request for offline contact, which could have merely been asking for a phone number. So the scenario that comes to mind when hearing that "1 in 5 children is sexually solicited online" -- of being approached sexually by an adult and asked for an in-person meeting -- had actually happened to no more than 1% of respondents, and probably much fewer than that.

And this is just considering the percentage of youth who received solicitations, not taking into account how they responded. Out of 1,501 youth surveyed, none of them reported actually meeting an adult in person for anything that they described as sexual contact. Two teens in the study had "close friendships" with adults that the authors wrote "may have had sexual aspects". One 17-year-old boy had a relationship with a woman in her late twenties that he described as "romantic" but not sexual, and they never met in person. Another 16-year-old girl became close to a man in his thirties, and they met in a public place, but she described the relationship as non-sexual, and she declined to spend the night with him. (While these could still be considered "close calls", it's worth noting that even if the 16- and 17-year-olds had actually had a sexual relationship with their adult friends, that would have in fact been legal in many U.S. states, and in any case it's not what most people think of when they hear about "children" being "sexually solicited online".)

Of course all of this depends on the accuracy of the answers that the youth gave to the surveyors. But the "1 in 5" figure was based on the youths' stated responses as well. People who cite the study can't have their cake and eat it too, taking the "1 in 5" number as accurate but discounting the fact that none of the teens surveyed reported a sexual relationship with an adult they met online.

These were the data that were available in 2000, when the "1 in 5" number started being spread. The authors of the original study followed up with a 2005 report, "Online Victimization of Youth: Five Years Later", in which the corresponding statistics were:

• 1 in 7 respondents received unwanted sex talk or sex talk from an adult, at some point in the past year.

• The proportion of respondents who received a sexual flirtation from an adult, followed by a request to communicate offline, was again about 1-2%. (4% of respondents reported a sexual flirtation plus a request to correspond offline. The new study reported that 39% of all sexual solicitations were made by adults, but did not say what proportion of "aggressive sexual solicitations" -- which included requests for offline contact -- were made by adults.)

• Out of 1,501 respondents surveyed in 2005, two did report an in-person meeting that led to a sexual crime -- one was a 15-year-old girl who met a 30-year-old man in person and had consensual sex with him, and another was a 16-year-old girl who went to a party with an older male she met online who later tried to rape her. But even these incidents (which were both reported to law enforcement) do not mean that the Internet is a more dangerous environment for youth with regard to interaction with adults. The National Center for Missing and Exploited Children's own Web site links to a study -- also by one of the authors of the "Online Victimization" report -- which found that when all types of abuse are counted, 20% of females experience some type of sexual victimization before adulthood, compared to 2 out of 750 female survey respondents in the "Online Victimization" study who reported sexual abuse by someone they met online.

The NCMEC has updated their Web site to say that "one in seven youths (10 to 17 years) experience a sexual solicitation or approach while online", although the banner ads still say 1 in 5. But I think the 1-in-7 versus 1-in-5 is hardly worth nit-picking, when the real problem is that the statement "1 in 5 children is sexually solicited online" is written in a way that virtually guarantees it will be mis-heard and passed along as a statement involving "online predators" or "pedophiles". "Authorities Say 1 in 5 Children Has Been Approached By Online Predators" reads the sub-heading of a story on ABC news. "20% of children who use computer chat rooms have been approached over the Internet by a pedophile" says an online safety site sponsored by the Albemarle County government in Virginia. "One in five kids in America are approached by online predators" says a Congressman's press release.

The NCMEC itself never says that 1 in 5 or 1 in 7 children is "approached by a pedophile", merely that they are "sexually solicited online". I still think this is false because that is not the proportion of minors who are literally solicited for sex, but suppose that you expanded "sexual solicitation" to include all sex talk, so that the statement was "technically true". That still misses the point, because the issue shouldn't be seen as a game where sides try to make their statements as alarmist as possible while still being "technically true", like the kid with his petition to ban "dihydrogen monoxide". If you say something that is virtually guaranteed to get passed along as a wrong and alarmist statement about "pedophiles", aren't you at least partly responsible?

Why, then, does the NCMEC do it? Their site does have a "Donate" link, but it's very low-key, and the site generally seems to steer first-time visitors towards actions that they can take with regard to their own children. So I'm not cynical enough to think the "1 in 5" statistic is a campaign to scare up donations; I think they really do believe they are doing good by getting people to believe that number and to take action based on it. The problem is that there is such a thing as too much worrying and too much overprotection. Sites like Facebook are often used to organize parties and events and send out venue changes, just because that's the most efficient way to do it, and if your parents ban you from getting on Facebook, you'll miss out on simple things like that. What good does that do for anybody? Critics of overprotection often say that overly sheltered kids may rebel later on and get themselves in worse trouble, and that's often true, but so what even if they don't? Your quality of life is still worse off if you're the only one in your peer group who can't get updates about your friends' parties. And your parents' quality of life will be worse if they're constantly wringing their hands thinking that there is a 1 in 5 chance their kid will be propositioned online by a pedophile.

So I would urge the NCMEC to reconsider what they're telling people. Regarding the "1 in 5" meme that's already out there, it's spread so far that it's probably too late for the NCMEC to put the genie back into the bottle. But any anti-censorship group participating in a debate about online safety should put the real statistics forward, and since many in the audience will have heard the "1 in 5" figure somewhere, take a minute to knock it down as well. You don't have to commit political suicide by calling out the NCMEC specifically for spreading the "1 in 5" number, but put the right numbers out there.

Unfortunately the subject of child safety is such that wrong information, from any source, is unlikely to be criticized if it's erring on the side of caution, but some memes die faster than others. Microsoft's resource page about "online predators" says that "if you find pornography on the family computer" -- not child porn, but regular pornography -- that could be a warning sign that "your child is the target of an online predator". I think that's a wildly irresponsible thing to be telling parents, but fortunately the meme does not seem to have spread beyond that one page, which probably not one parent in a thousand will ever actually read.

sjbe sends in an old story with a poetic justice ending. Almost a year ago Chris Soghoian blogged about multiple security holes exposing visitors to a TSA site to possible identity theft. Wired and others picked up the story and the TSA took down the insecure site and fixed the problems. On Friday the US House of Representatives Committee on Oversight and Government Reform released a report (PDF; HTML summary) finding that the TSA contractor, Desyne Web Services, had received a no-bid contract for the faulty site from a former employee who was then a TSA project manager. TSA has taken no action to sanction the responsible parties for the vulnerabilities. The poetic justice is that Soghoian had been investigated for 6 months by the FBI and TSA because he pointed out a vulnerability in the US air transport system; no charges were ever filed.

sjbe sends in an old story with a poetic justice ending. Almost a year ago Chris Soghoian blogged about multiple security holes exposing visitors to a TSA site to possible identity theft. Wired and others picked up the story and the TSA took down the insecure site and fixed the problems. On Friday the US House of Representatives Committee on Oversight and Government Reform released a report (PDF; HTML summary) finding that the TSA contractor, Desyne Web Services, had received a no-bid contract for the faulty site from a former employee who was then a TSA project manager. TSA has taken no action to sanction the responsible parties for the vulnerabilities. The poetic justice is that Soghoian had been investigated for 6 months by the FBI and TSA because he pointed out a vulnerability in the US air transport system; no charges were ever filed.

Lucas123 writes "Computerworld has a story about the possibility and the potential ramifications of an IRS data loss similar to the UK's recent mishap. According to one World Bank executive, it could have already happened, 'and we don't know about it.' While the IRS does offer data encryption to its workers, more than half of its 94,000 employees have permission to take taxpayer information to locations outside the IRS offices. In the 2007 filing season, roughly 128 million individual tax returns were filed. In addition to the basic personal information on those forms, an IRS breach could also jeopardize the banking information of the 46% of filers who requested direct deposit refunds. This is not the first time that IRS security has been called into question, and the Department of Treasury's progress in that arena is dubious. [PDF]"

Over the weekend we posted a story about a new copyright bill that creates a new govt. agency in charge of copyright enforcement. Kevin Way writes "In particular, the bill grants this new agency the right to seize any computer or network hardware used to "facilitate" a copyright crime and auction it off. You would not need to be found guilty at trial to face this penalty. You may want to read a justification of it, and criticism presented by Declan McCullagh and Public Knowledge." Lots of good followup there on a really crazy development.

An anonymous reader writes "A news.com article is covering an amendment to the College Opportunity and Affordability Act (pdf) that should make folks in Hollywood, the RIAA, and the MPAA well pleased. The tiny section seeks to hinge government approval of an institution of higher learning on whether or not they adequately dissuade Peer-to-Peer filesharing of copyrighted materials. The Act came out of the House Education and Labor Committee, which agreed on the terms unanimously. There is still some question, though, as to what penalties should be handed down for institutions that don't do enough to protect intellectual property. 'Some university representatives and fair-use advocates worry that schools run the risk of losing aid for their students if they fail to come up with the required plans. "The language in the bill appears to be clear that failure to carry out the mandates would make an institution ineligible for participation in at least some part of Title IV (which deals with federal financial aid programs)," Steven Worona, director of policy and networking programs for the group Educause, said in a telephone interview Thursday.'" Update: 11/16 16:36 GMT by Z : PDF link corrected.

tessaiga writes "The Boston Globe reports that Massachusetts Governor Deval Patrick is trying to sneak a provision to criminalize online gambling. The bill, if passed, would make online gambling punishable by up to 2 years in prison and $25k in fines. Ironically, the provision is buried deep within a bill to allow the construction of three new casinos in Massachusetts to bring more gambling revenue into the state. 'If you were cynical about it, you'd think that they're trying to set up a monopoly for the casinos,' said David G. Schwartz, director of the Center for Gaming Research at the University of Nevada, Las Vegas. Democratic House representative Barney Frank, who earlier this year introduced federal legislation to legalize regulated online gambling, also criticized the move as 'giving opponents an argument against him.' Indeed, groups such as the Poker Player's Alliance, who were previously supportive of Patrick's plans to open the new casinos, have already announced opposition to the bill because of the online gambling clause."

theodp writes "Brought together 7 years ago by a threatened boycott over Amazon's 1-Click patent, Tim O'Reilly and Jeff Bezos vowed to reform the U.S. patent system. So in The Register's Open Season podcast (@12:25), Andrew Orlowski finds it very ironic that news of a victory by LOTR choreographer Peter Calveley against Bezos' 1-Click patent broke as O'Reilly was once again busy trotting out Amazon-tied speakers to headline a Web 2.0 conference, this one sponsored by Fenwick & West, the prestigious law firm bested by Calveley. Orlowski notes that O'Reilly, who now counts Bezos among his investors, was oddly silent for a self-described software patent protester, especially one who once vowed to torpedo 1-Click. Equally untalkative was Bezos, who deflected questions on the damage done by Calveley's DIY legal effort, telling a Wall Street analyst to 'refer to our public filings' (although nothing on the subject appears in the 8-K and 10-Q filings). One last dose of irony — in explaining the prior art he used to reject the 1-Click claims, a USPTO Examiner cited the very same TV remote control patent that was deemed to be unsuitable in a 1-Click prior art contest run by the O'Reilly and Bezos-bankrolled BountyQuest (just last year, Amazon testified to Congress that the contest failed to find prior art for Bezos' patent)."

Alexander Graham Cracker writes "Starting last spring, reports began surfacing of Verizon routinely disabling copper as it installed its fiber-based FiOS service. We discussed the issue here a couple of times. In my experience, every time Verizon has installed FiOS at a friend's house, they have insisted they have to cut off the copper and move the POTS to the fiber. By doing so, they block anyone else such as COVAD or Cavalier from renting the copper for competitive access. Sources report that today, at a hearing of the House Subcommittee on Telecommunications and the Internet, Verizon executive VP Thomas Tauke denied ever doing that. (The transcript should be up in a day or so. The AP coverage does not mention this detail.) I wonder if Rep. Markey's staff is interested in hearing from people who experienced Verizon disabling copper, and without notice?"

Alexander Graham Cracker writes "Starting last spring, reports began surfacing of Verizon routinely disabling copper as it installed its fiber-based FiOS service. We discussed the issue here a couple of times. In my experience, every time Verizon has installed FiOS at a friend's house, they have insisted they have to cut off the copper and move the POTS to the fiber. By doing so, they block anyone else such as COVAD or Cavalier from renting the copper for competitive access. Sources report that today, at a hearing of the House Subcommittee on Telecommunications and the Internet, Verizon executive VP Thomas Tauke denied ever doing that. (The transcript should be up in a day or so. The AP coverage does not mention this detail.) I wonder if Rep. Markey's staff is interested in hearing from people who experienced Verizon disabling copper, and without notice?"

theodp writes "Looks like Amazon's high-priced Silicon Valley attorneys will have to endure the 'undue hardship' of awakening early next Thursday morning to defend CEO Jeff Bezos' 1-Click patent in a Video Hearing before the Board of Patent Appeals and Interferences. The attorneys' plea for a 1 p.m. ET start time drew a be-there-at-9-or-be-square response from the USPTO. The 1-Click patent has fallen into disfavor lately with USPTO Examiners, who no longer have the same boss who once sent a 1-Click love letter to the WSJ arguing that the merits of Amazon's patent were proven by a contest run by a Jeff Bezos-financed company, an argument that was later rejected by Congress."

Yuppie writes "A bill introduced to the House this week would overturn bans that currently exist in several states that forbid cities and towns building and deploying their own broadband networks. The big telecoms may not be be too happy about the bill, however: 'The telecoms have historically argued that municipalities that own and operate — or even build and lease — broadband networks could give themselves preferential treatment. The Act anticipates that argument with a section on "competition neutrality." Public providers would be banned from giving themselves any "regulatory preference," which should create a level playing field for all broadband providers. Municipalities interested in getting into the broadband business would also have to solicit feedback from the private sector on planned deployments.' The full text of the bill (pdf) is available from Rep. Boucher's website."

An anonymous reader writes "Last week's House Appropriations Subcommittee for Commerce, Justice, and Science FY08 budget markup would prevent work on programs devoted to human missions to Mars. According to a House Appropriations Committee press release, the markup language states that NASA cannot pursue "development or demonstration activity related exclusively to Human Exploration of Mars. NASA has too much on its plate already, and the President is welcome to include adequate funding for the Human Mars Initiative in a budget amendment or subsequent year funding requests." The Mars Society is already leading an effort to get the language removed."