Slashdot Mirror

oily_ants writes "I get sick and tired of reading the same story on different web sites. That's why I like slashdot so much. Good (??) summaries of all of the stuff out there on the net. Now there is a project at Columbia University by the nlp group that attempts to generate computer summaries of all of those news articles on different web sites. The project is called Newsblaster and the summaries are excellent. You can read about the project on regular news sites like Online Journalism Review or USA Today."

PenguinRadio writes "This is being reported in a few places, most notably USA Today which has an article about the US Army teaming up with MIT to develop a new nanotechnology-based outfit for our soldiers that can detect bio hazards, injury, and other funky things. The 5 year, $50 million grant also wants to look at bending light around the uniform to create some sort of invisibility." CNET has another story. The Institute for Soldier Nanotechnologies has its own web page, of course.

PenguinRadio writes "This is being reported in a few places, most notably USA Today which has an article about the US Army teaming up with MIT to develop a new nanotechnology-based outfit for our soldiers that can detect bio hazards, injury, and other funky things. The 5 year, $50 million grant also wants to look at bending light around the uniform to create some sort of invisibility." CNET has another story. The Institute for Soldier Nanotechnologies has its own web page, of course.

Spudley writes: "I was tempted to put this under the humor topic, but I guess it's best here in science. An entertaining article in USA Today tells of how a beetle expert arbitrarily changed the scientific name of a dinosaur from "Syntarsus" (Latin: "fused ankle") to "Megapnosaurus" (Latin: "big dead lizard"). Dinosaur experts are (understandably) kicking up quite a fuss about it."

Spudley writes: "I was tempted to put this under the humor topic, but I guess it's best here in science. An entertaining article in USA Today tells of how a beetle expert arbitrarily changed the scientific name of a dinosaur from "Syntarsus" (Latin: "fused ankle") to "Megapnosaurus" (Latin: "big dead lizard"). Dinosaur experts are (understandably) kicking up quite a fuss about it."

FattyBoeBatty wrote to us with a story from USA Today about the the Air Force and security concerns. The Microsoft point is the primary point of the article, but the AF CIO has also made the point at industry forums, and evidently with Cisco. Specific companies aside, I think it's a good thing that organizations are beignning to realize the exposure they have on security issues - and maybe will actually start to take steps to close them.

Whistler's Mother writes: "Employers are winning key legal victories against former workers who criticize them online. Rulings in the waning days of 2001 could have a chilling effect on workers' use of cyberspace for years to come, civil libertarians say. The battle over Internet free speech also is heating up as more firms crack down on grousing by laid-off staff. Read the whole story here."

The_THOMAS (and many others) writes: "A day after major anti-virus firms waffle on their support for 'Magic Lantern', and nine days after Thomas C Greene of The Register tried to throw cold water on it's existence, the FBI Confirms the 'Magic Lantern' Project Exist. Welcome to a Brave New World!"

FredGray writes: "USA Today recently posted a short story titled "1+1 does not equal muon g-2" which explains that the discrepancy between the theoretical and experimental values for the muon's anomalous magnetic moment has mostly evaporated. Unfortunately, the article completely mislays the blame for the initial discrepancy; it implies that there was a mistake in the experiment, but the problem was entirely with one small component of the theoretical calculation known as the hadronic light-by-light scattering term. As a proud member of the experimental group, I would like to ask slashdot to remind the world that we still stand by our result. We are currently analyzing a much larger data set, and we hope to publish a more precise number in the months to come."

gtg010b writes: "According to USA Today, the U.S. government is considering a private network to be used for all government communications. This network would be "separate from the Internet to keep it safe from hackers or terrorists" according to Richard Clarke, the head of the president's "cyberspace security adviser." Whatever happened to government not being above the people?" Clarke is the guy who's been crying "cyber Pearl Harbor" for a few years; apparently if you cry wolf long enough you get promoted. His request (.doc format) is informative. I should point out that the U.S. military already has such a network (I'm not even going to ask why the Feds can't piggy-back on it), so GOVNET would be for critically-important government agencies like the Department of Agriculture to communicate.

gtg010b writes: "According to USA Today, the U.S. government is considering a private network to be used for all government communications. This network would be "separate from the Internet to keep it safe from hackers or terrorists" according to Richard Clarke, the head of the president's "cyberspace security adviser." Whatever happened to government not being above the people?" Clarke is the guy who's been crying "cyber Pearl Harbor" for a few years; apparently if you cry wolf long enough you get promoted. His request (.doc format) is informative. I should point out that the U.S. military already has such a network (I'm not even going to ask why the Feds can't piggy-back on it), so GOVNET would be for critically-important government agencies like the Department of Agriculture to communicate.

imrdkl writes: "Theres a conglomeration of Euro companies, from Euro countries renowned for their sea-prowess, who are working together with the Russians to raise their stricken sub. This will be some happy news, when they get it finished. Hopefully before winter gets bad up there in the "circle". A pretty good article, with a nifty flash animation which gives some notion of the scope of this engineering feat is to be found at USA Today."

Jeff writes: "CNN is reporting 'In a dramatic move, the new judge in the Microsoft case Friday ordered the government and the software maker into five weeks of intensive settlement talks, until Nov. 2.'" Other MS submissions coming in today: USAToday discovers the new upgrade scheme, designed to milk every last cent out of those who've locked themselves into Windows; tech-report.com goes a bit more in depth on the same subject; ZDNet hoists the black flag; MS discusses its plans to control how you compute (by the way, the license agreement for Windows Media Player now allows Microsoft to disable any software on your computer - you do read those license agreements, don't you?); Gates got $666,000 last year but won't have to apply for welfare just yet.

schnippy writes: "New Scientist reports on new study from the University of Michigan that argues that steganography (the science of obfuscating communications) is not in wide use, or at least not on the 2 million images they scanned on eBay. Earlier this year, USA Today reported that Bin Laden was using steganography to disguise his communications. Full study is available here. Wonder how long before someone sets up a distributed computing client to help search for Bin Laden's secret communications? :p" Niels Provos' research was mentioned in Slashback not long ago, and this article is based on the same research.

Imagine Slashdot closing its Your Rights Online section because you no longer have any rights online, and find many of your other rights severely curtailed, too. Saturday a small group of people, including U.S. Representative Lynn Rivers, from Michigan's 13th Congressional District, met in the University of Maryland Baltimore County [UMBC] library to discuss ways to maintain Americans' civil liberties despite major pressure to curtail them in the name of "fighting terrorism." The government does listen, you know, if you speak to the right people in the right way. So here's a guide, a HOWTO, if you will, that will teach you how to lobby effectively for your Constitutional rights.

Let's start with one simple and rather sad truth: You are going to be less free next week than you were last week.

We are already seeing what several newspapers have called "the biggest criminal investigation in history." Sure, a lot of this investigation's energy is being focused on Islamic countries, but it is also going on in Europe and, more than anywhere else, the United States itself. Landlords who have rented to young men with Arab-sounding names are being interrogated. Topless-bar patrons are being asked about conversations they allegedly heard, boasting about upcoming mass destruction.

And then there's email and the World Wide Web. Imagine a technically unhip Senator or Member of Congress who has read about Osama bin Laden allegedly using encrypted email and secret messages hidden in online porn to communicate with his followers and allies. Put the words "Osama bin Laden" in the same sentence as "pornography" and "the Internet," and you had better get out of the way of the avalanche of anti-online privacy laws coming your way -- or get crushed by them, even if people like bin Laden can switch to other means of communication at the drop of a hat.

Worse, disagreeing with the U.S. government right now may almost be viewed as treason in some quarters. "My Country, Right or Wrong" was a popular bumper sticker among the gunrack-and-confederate-flag pickup truck crowd in the late 60s, and this attitude, if not yet the bumper sticker itself, has been making a major comeback

But Dissent We Must
The problem with the "My Country, Right or Wrong" attitude is that it allows our government to go terribly wrong in many ways that may not be made right again for a long time, if ever. As Rep. Rivers pointed out Saturday, once laws are made that are supposed to help law enforcement in some way, they are almost never repealed because Members of Congress don't want to be seen as "soft on terrorism, soft on crime, soft on drugs."

Carry this a little farther. What about treason charges? At what point does it become illegal to speak out against a planned US government action that, on its face, is being taken to fight against the Terrorist Enemy, whoever he or she may be, even though that action may have very bad, long-term consequences for ordinary American citizens who want nothing more that to live their own lives quietly without being afraid of their own government?

Rep. Rivers said half the people in her district's gut reaction to the idea of legislation allowing government to read their email without getting a warrant first was along the lines of, "So what? I don't break any laws, so I have nothing to hide."

Long-time EPIC activist Kathleen Ellis told Rep. Rivers she believed questions about privacy should not be asked in the context of email. "Ask people if they should have the right to keep a secret and almost all of them will answer 'Of course,'" she said. Ellis also mentioned that cryptography is the email equivalent of an envelope on a letter sent by postal mail. "Unencrypted email is like a postcard," she said, "open for anyone to read. Ask people if they want all mail to be as open as a postcard and they're going to say no."

From that point on, the meeting focused on tactics. The question in the room wasn't, "Are privacy and freedom of speech good?" but "What can we do to protect our privacy and freedom of speech?"

Background on the Meeting Itself
The forum in which all this discussion took place was decidedly unofficial. It was an informal meeting thrown together hastily by local Linux user and ham radio afficianado Rob Carlson. Carlson sent a meeting notice to several email lists and posted it at cluebot.com. 13 people showed up at Saturday's gathering, most of whom were Baltimore and Washington D.C. area privacy advocates and/or Linux users. I was there myself for that reason. Wired News reporter Declan McCullagh is another "local" who hangs in the same circles, which explained his presence.

Rep. Rivers was there because her husband, William Simpson, is a computer consultant involved with the Internet Engineering Task Force [IETF] who spotted Carlson's notice on one of the cryptography-oriented email lists he's on. He had driven Rivers' chief of staff, who needed to get back to Washington but was marooned in Michigan by the airlines shutdown, to D.C., and was taking his Congresswoman wife back to her district for a little rest and some scheduled meetings (Congress had adjourned until Friday, Sept. 21), and they noticed that UMBC was on their way. So there they were, not dressed in "mover and shaker" clothing but looking like anyone else taking a 1000+ mile car trip.

One doesn't usually think of a Member of Congress fitting in with a group of downdressed geeks, but this one sure did. We only knew what she did for a living because Carlson asked everyone in the little circle to identify themselves by name and job, and when it was her turn Rep. Rivers gave her name as "Lynn," then added "Rivers," and softly, sort of as an aside, mentioned that she was "in Congress." Her husband had already mentioned that they were "from Michigan," which was curious enough in itself for a meeting with a decidedly local orientation. But Linux folks are friendly, and Rep. Rivers was as welcome as anyone else even though she was from out of town -- and freely admitted she used Mac OS, not Linux, both at home and in her office.

When he organized the meeting, Carlson said, "I didn't know whether no one or 100 people would show up." 13 did. And revolutions have started with as few as 13 people, so why shouldn't a strong pro-Constitution lobbying movement? The next step is to get 13 more, and another 13, and so on. This means calling and emailing friends until there are 13X13X13X13.... people talking to their elected representatives about privacy issues in terms they can understand, that will help them change their minds.

How You Can Lobby Against Anti-Privacy Laws
Start with this line Rep. Rivers laid on us, which is not new but needs to be said over and over: "Democracy is not a spectator sport."

Those Americans who don't vote, no matter how they excuse this failure, have no right to criticize their government. And those who don't bother to tell their elected representatives what they want and don't want their government to do should not act shocked when the government passes laws they don't like. It gets sickening, going to hearing after hearing about proposed laws like UCITA, DMCA, and SSSCA and always seeing a whole bunch of industry lobbyists wearing expensive suits, but hardly ever anyone who could be classified as an "ordinary citizen."

You need to make some noise instead of letting "them" talk while you sit around and let "them" get their way. Pump up the volume. Take some of the time you spend posting on Slashdot and register to vote. Write email and snail mail letters, send faxes, and make phone calls to Congresspeople and Senators and other representatives, and tell other people (13X13X13X13.... voices, remember) to do the same. This, not just complaining, is what this whole representative government thing is all about.

Rep. Rivers says phone calls "...have a sense of personal contact to them," and this makes them the most effective grassroots lobbying tool. "Stick to one issue," she advises. "Don't come up with a laundry list."

Also send email and write letters, even though they probably won't have as much impact as calls. And don't forget the fax machine; reps who are too technically unhip to read email read faxes. The ACLU and NRA have both famously used fax as a means of rapid communication with legislators for many years.

Now comes the matter of what to say. A letter, call or email that starts with something like, "I has nevir voted for you I am not registered to vote but you got to lisen to me," will go nowhere, says Rivers, pointing out that many pro-Napster messages she got were along those lines -- and got ignored. Better, she says, is something that tells your representative you are a computer professional (or manager or student or business owner or whatever) whose business, occupation or future will be hurt by whatever legislation you are working against. In this case (this week), privacy and online crypto are under attack. Next week, who knows?

So you're not a business owner? Know any? Know anyone who depends on privacy to transact their business? How about your doctor? Doesn't he or she want to keep patient records confidential? Ditto any lawyer you know. If a lawyer is serious about maintaining client trust, he or she certainly doesn't want the government snooping on email through Carnivore or a similar system with a less aggressive name. Other businesses have client information they want to private, along with trade secrets and other information they would rather not share with competitors. These are all points to bring up rationally, in an orderly debate format, when communicating with an elected rep, and they are ones you should ask others to bring up, too.

Stay calm, in other words. Assume your representative is sane and really wants to do what's right and what most people want, based on the input he or she gets. Your trick is to become part of that input, and right now the input you need to give must be strong and focused because Congress is caught up in post-attack hysteria and, like the rest of us, is saying, "We need to do something to help those poor victims and their families and make sure nothing this awful ever happens again."

The only problem here is that what Congress does is make laws, not post on Slashdot, and a law made in the same emotional heat as a flame post on Slashdot can't be moderated down to -1 after it is passed. Once that law is on the books, if you break it you can be arrested, tried, and fined or sent to jail. You've heard the saying, "If [guns/crypto/brains] are outlawed, only outlaws will have [guns/crypto/brains]." It's true, you know.

Right now, legitimate Americans are in danger of having many of their Constitutional freedoms revoked by a government that is doing its best, possibly in a misguided way, to protect its citizens. This is not about Disney's copyrights or the freedom to play DVDs on computers running Linux. The current debate is about much more basic issues than those, issues I will not repeat here because they have been written about so extensively elsewhere.

An Aside: How Congress Works
Rep. Rivers said it this way: "The House [of Representatives] is ruled by brute force."

Since she was talking to geeks who follow such things, she used the DMCA as an example. She told us that the "unanimous" vote that got DMCA through the House was not really unanimous at all; that the bill got through a committee dominated by a powerful chairman (which is how bills generally get to the floor for a vote) and that the Speaker called for a voice vote. "Most yelled 'Aye,'" Rivers said, and some yelled 'Nay.'"

The voices yelling "Aye" were the loudest, so DMCA passed by acclamation. Brute Force. People yelling at the top of their lungs. If 50 loud voices had yelled "Nay" instead of "Aye," perhaps we wouldn't have the DMCA as law today, and the EFF wouldn't be begging for money to get it overturned in the courts.

Now think about a Member of Congress who is hearing, right now, from all the "Kill-the-Arab-bastards-and-stamp-out-Internet-porn" crowd loudly and repeatedly by phone, fax, mail and email, but isn't hearing from you. Who is shouting the loudest? Which wheel is so squeaky that it is going to get the grease? So far, it's not the voices of reason and Constitutionality. They are getting drowned out. Heck, they are hardly there at all. At least Rep. Rivers isn't hearing them, and if she isn't hearing them -- with her ear attuned to Internet privacy matters and a totally Net-hip husband at her side -- you can bet the rest of Congress don't even know those voices (yours) exist.

Don't Delay! Do It Today!
Congress reconvenes Friday, September 21. The anti-privacy bills and anti-privacy amendments to various anti-terrorist bills are being written now, not someday. This means you must act immediately. If you put off those calls and emails to friends asking them to help support their right to communicate with each other in private, and to live without fear of police breaking down their doors or seizing their computer hard drives without warrants for even a few days, it is going to be too late. We are in the grip of national hysteria. A $40 billion appropriations bill to support the war on terrorism was passed a few days ago, with bipartisan support, almost without debate.

I'm going to admit that I am as ready to kick terrorist butt as anyone else, so I can't really blame Congress for being so gung-ho that it will pass all kinds of measures that will make America a less free country for decades to come in response to the current emergency. All I'm really asking Congress to do -- and asking you to join me in asking Congress to do, and to convince 13X13X13.... others to ask your Representative and your Senator to do -- is remember that the freedoms that make this country great must not be forgotten in our rush to avenge our fallen fellow Americans and our attempts to keep ourselves safe from future terrorist attacks.

Specifically (concentrate on one issue, remember), as a Net user I am concerned about watching our online privacy and freedoms evaporate if the government makes strong cryptography illegal or tries to have it controlled by agencies like the NSA, CIA, and FBI, or starts reading all of our private email without due cause and legitimate judicial warrants.

The deadline is Friday. That's when the legislative fur will start to fly. So let's get to work now!

• How to find your representative
• How to contact your senator

Schnake writes: "An article on USAToday talks about how the FTC is investigating Sun Microsystems, Unocal, and Rambus to determine whether they illegally kept patents secret while helping set industry standards! And a quote from the ZDNet article: "It noted that all three companies had filed patent infringement lawsuits against firms they say owed them royalties. But the litigation backfired when those firms countersued, charging them with concealing their patents, and complained to the FTC.""

PacketMaster writes: "The USA Today is carrying an interesting commentary entitled All-but-secret battle rages over fate of airwaves. The article sheds light on some topics that many people are completely ignorant on - the fight over the broadcast spectrum. The most interesting tidbit is that the current broadcasters, who were given the new digital spectrum for applications like HDTV for free, now want to keep their old ones too and auction them off for industry profit to help pay for the transition to the new spectrum."

bobthemonkey13 writes: "It appears that Microsoft's 'secure' E-Book system has been cracked. MIT Technology Review is reporting that an anonymous programmer has figured out how to bypass the 'advanced antipiracy features' in Microsoft Reader. This sounds a lot like what Dmitry did except for two things: The MS E-Book hacker has (wisely) decided to remain anonymous, and he's not publishing his program. God bless the U.S., where moving a book from your home to your office is a federal offence." Along similar lines, an Anonymous Coward indicates this story at USA Today titled "Expert Hacks Hotmail in 1 Line of Code." "I'm in awe! Unless someone can figure out how to execute pseudocode or half a line this isn't beatable. I hope this get's fixed or the whole future of pay-per-view web services could be impacted. :-q" Good thing Microsoft isn't quite sure what to do with all this universal-password stuff. (Thanks to Sacha Prins.)

Jamie adds:

In other news about poor security where you least expect it, Kitetoa informed Veridian a little while ago that: "Any script kiddy can root your web site. And... By the way... Someone already did it (as you should have seen at www.veridian.com/upload/ if you knew anything about internet security)."

I don't know what that URL gives you now, but as of this writing, and for the last several hours, it's read:

fuck USA Government
fuck PoizonBOx
contact:sysadmcn@yahoo.com.cn

This is the same Veridian that the Defense Department picked to track computer network attacks on DoD systems, specifically attacks coming from China.

Don Symes writes: "The City of Houston is getting ready to roll out 'free' email and web-hosted word processing. First to libraries and fire stations(!?), poorer areas, then to those who can afford ISPs." It would be interesting to compare the cost of Internet Access Technologies' multi-million dollar contract with private ISP access, especially for the dozen other cities considering similar deals.

jmott wrote to us with an article from USA Today that talks about the decline of popularity/fame of today's astronauts, compared to the days of Buzz, Shepard and others. It's not surprising that NASA is having fiscal problems when space travel has become not something of marvel, but of everyday import.

The Alchemist asks: "So I'm reading the Newsforge commentary on the newest Microsoft and Business Software Alliance (BSA) threat letters here, and I'm wondering: 'Has anyone been through these things?' How do they (the BSA officials) conduct themselves? Are the local authorities involved? Do they even bother with a warrant? Has anyone been found in compliance with this private Microsoft police force, other than the Mexican Firm that's suing them?" For a software licensing organization how does the BSA pull off things like this? Do they have any ties with law enforcement? Of course, the more you know about how the BSA works, the better off you will be in preventing your company from receiving an unexpected visit. It's 2001: do you know where all of your software licenses are?

An Anonymous Coward writes: "IBM is looking to build self-policing networks with project eLiza, as reported in Wired. Sounds pretty cool, but I don't see it being all that effective. And if it is, security teams will get pretty lax, and not be able to handle an attack that breaks eLiza." Also a USA Today article. It's a insightful idea, and one that I'm sure will *eventually* become part of many major networks, but somehow I suspect that this is one of those things that appears difficult on the surface, and turns out to be ten times as difficult when you get into it.

An anonymous reader submitted a story about a new recordable disc the size of a quarter, that holds about the same amount of data as a CD. Of course its an intermediate step before we simply stream all audio from the net, but the RIAA sure is making that obvious last step a royal pain.

ruebarb writes: "It appears that Osama Bin Laden and the majority of the Slashdot community have something in common - they love that free encryption! Bin Laden has been using chat rooms, bulletin boards, email, and (presumably) PGP to plan his terrorist activities. The article is available at cnn.com -- Expect the usual political outcry and demands for restriction of encryption technology to follow shortly hereafter" And an unnamed correspondent writes: "USA Today has this report about how terrorists are using encryption to distribute secret mayhem instructions via the internet. Gee, you think? What do you think -- is this part of a PR campaign to show John Q. Public how dangerous encryption is in any hands other than gov?" In related news, several of the major news networks are reporting that innocent-looking newspapers and circulars have been employed to form the ransom notes used by notorious kidnappers; calls to ban newspapers on that ground may face some opposition from extremists, but will no doubt soon reach the legislature.

wirehead_rick writes "Imagine 'The Matrix' style special effects for the replay of sports action. Being able to see a 360-degree stop action view of that receiver's foot on the line in the end zone." USA Today covers some whiz-bang video technology being debuted in the Super Bowl.

anvilmark writes "Saw an article at USA Today about a new manufacturing technology that adds stain-resistance and Gore-Tex like abilities to fabrics. The company Nano-Tex has developed a process that adds whiskers to cotton or man-made fibers that repel water but still allow sweat to pass. It's only supposed to add $5.00 to the cost of a pair of pants."

anvilmark writes "Saw an article at USA Today about a new manufacturing technology that adds stain-resistance and Gore-Tex like abilities to fabrics. The company Nano-Tex has developed a process that adds whiskers to cotton or man-made fibers that repel water but still allow sweat to pass. It's only supposed to add $5.00 to the cost of a pair of pants."

tenchiken writes "Lord of the Rings finished principle shooting this last week - trailer is online . It is supposed to be be shown in theatres in two weeks before Thirteen Days, which starts Jan 12th. By most reports, PJ's (Peter Jackson) direction of Tolkien's masterpiece should truly be amazing. Also, Tolkien recently won the Amazon.com's "Best of the Millennium" award. (Which I have to admit is a crock, given every single book in the top ten was writen this century). The online trailer has already blown away TPM's records for most downloads. It seems to be getting a fair amount of international press as well. USAToday recently ran a good report on it Here. ."

USA Today ran this nice piece about Pamela Samuelson, one of the less-sung (not unsung, obviously) heroes of the copyright wars. She's contributed to the DVD cases and in plenty of other areas. Her homepage has many papers about intellectual property and copyright available, good reading if you're into that sort of thing.

News for those in the (large?) corner of the giant Venn diagram we all inhabit blessed with both a noticable social consience and computer skills, as well as the time to devote to some travel abroad; Good news for everyone whose number travels with them; a tad more on background of the 3dfx merger; and what appears to be the unraveling of eToys. All below, in tonight's Slashback.

The few, the proud, the advententurous, the dorky. Elvis Maximus writes: "Geekcorps has been mentioned here before and met with some interest. Their first batch of volunteers are winding up their tours in Ghana, and the Industry Standard has run a nice piece on their experiences. This is an interesting effort that deserves some attention."

Congratulations (and admiration) to those who participated in this. GeekCorps is good stuff.

Remember, saliva causes stomach cancer ... ByteHog points to this AP story about the alleged connection between cell phone use and cancer, writing: "Kinda interesting, but I'm still going to be wearing tinfoil around my head whenever I make a call ..."

This issue has been raised for years, with no clear winner. The upshot from this study is a data point for the null hypothesis, but inevitably this will drag on, and the next study to become famous will probably be one that contradicts this. Don your tin-foil, kneepads and breathing masks, until fatality is cured.

Resistance is futile, for now. Fervent writes: "Gamecenter has an interesting article on why 3DFX collapsed. Among the reason cited: the proprietary API Glide, not allowing OEM's to sell Voodoo hardware, and NVidia's agressive product cycle." This makes an intersting followup to the recent announcement of the absorption of 3dfx by NVidia.

Play, play, play, and be gone with ye! Greyfox writes: "According to USA Today Etoys is putting itself up for sale. It's the standard dot com failure story. It'd be delicious irony if the folks running the Etoy domain they sued a while back bought their domain name." DarkKnight points to this link at CNETas well.

News for those in the (large?) corner of the giant Venn diagram we all inhabit blessed with both a noticable social consience and computer skills, as well as the time to devote to some travel abroad; Good news for everyone whose number travels with them; a tad more on background of the 3dfx merger; and what appears to be the unraveling of eToys. All below, in tonight's Slashback.

The few, the proud, the advententurous, the dorky. Elvis Maximus writes: "Geekcorps has been mentioned here before and met with some interest. Their first batch of volunteers are winding up their tours in Ghana, and the Industry Standard has run a nice piece on their experiences. This is an interesting effort that deserves some attention."

Congratulations (and admiration) to those who participated in this. GeekCorps is good stuff.

Remember, saliva causes stomach cancer ... ByteHog points to this AP story about the alleged connection between cell phone use and cancer, writing: "Kinda interesting, but I'm still going to be wearing tinfoil around my head whenever I make a call ..."

This issue has been raised for years, with no clear winner. The upshot from this study is a data point for the null hypothesis, but inevitably this will drag on, and the next study to become famous will probably be one that contradicts this. Don your tin-foil, kneepads and breathing masks, until fatality is cured.

Resistance is futile, for now. Fervent writes: "Gamecenter has an interesting article on why 3DFX collapsed. Among the reason cited: the proprietary API Glide, not allowing OEM's to sell Voodoo hardware, and NVidia's agressive product cycle." This makes an intersting followup to the recent announcement of the absorption of 3dfx by NVidia.

Play, play, play, and be gone with ye! Greyfox writes: "According to USA Today Etoys is putting itself up for sale. It's the standard dot com failure story. It'd be delicious irony if the folks running the Etoy domain they sued a while back bought their domain name." DarkKnight points to this link at CNETas well.

mcleodnine writes "Wired news pointed me to this article about a report (pdf) recently released by the Privacy Foundation on 'chatty' browser extensions. They examined how much information several different free extensions will send to the mother ship. The report also makes some interesting points about the 'flexible' privacy policies of the companies who 'give away' the extensions. Did you get what you paid for or more than you bargained for?"

jeffsenter writes: "Another new planet (2000 WR106) in our solar system was discovered last week by a U. of Arizona astronomer. The NYTimes has the story (free reg. req.). Like the planetlet (2000 ED173) found in October, this object lies between Neptune and Pluto. The difference is this one is bigger, up to 1/2 the size of Pluto perhaps." Or try this link instead. Once you get into the hundreds, I think "planetlet" starts making more sense than "planet."

Well, the United States Supreme Court has given their "ruling" concerning the Florida Supreme Court. They've asked for more information fromthe Florida Supreme Court. Update: 12/04 06:01 PM by H : You can read the the actual ruling as well. Update: 12/04 07:59 PM by H :Thanks to Mr. Sturkel for this much better analysis: "In today's posting of the Supreme Court ruling on the Florida ballot case you state that the Supreme Court over turned the Florida State Supreme Court case on manual recounts; this is incorrect. The High Court "set aside" the case, not over turned it which is two different things. In setting aside the case the Supreme Court asked the Florida Supreme Court to re-examine the case and to explain and clarify further the basis of their ruling, In a nutshell, The Supreme Court wants to know why the Florida Supreme Court did what they did before issuing a final ruling on the case."

TeacherReviews.com writes: "According to this article at Newsbytes, AOL has been aware that users' screen names and credit cards can be stolen from not only AIM 4.3, but earlier versions of the instant messenger as well. This problem, which allegedly can happen to any AIM user, was first made public by Inside-AOL.com months ago, but AOL decided not to respond until this Thursday under increased pressure from Inside-AOL.com and other media." This is just the kind of news I could do without, having recently been persuaded to register with AIM and give GAIM a try.

RiotXIX writes points to this USA Today story which reads in part: "Hewlett-Packard has become the first company to be snagged by a German law requiring firms to pay fees for making CD burners that are being used to illegally lift the latest hits off the World Wide Web. The case sets the stage for other European countries to possibly adopt similar rules to stem an epidemic that cost the music industry an estimated $5 billion last year." He adds, "DeCSS was attacked partly because the courts felt the creation of LiViD was not it's primary intention. Is this therefore insinuating that computer CD-writers were initially created to ruin the music industry?"

Java Pimp writes "USA Today is reporting "America's first bullet train pulled out of Union Station on time Thursday morning. The snub-nosed Acela Express made the Washington-to-New York trip in two hours, 26 minutes, arriving two minutes ahead of schedule and setting an Amtrak speed record when it hit 135 mph in New Jersey. The old record was 125 mph. The train was expected to reach its top speed of 150 mph later in the day on the trip from New York to Boston.""

Java Pimp writes "USA Today is reporting "America's first bullet train pulled out of Union Station on time Thursday morning. The snub-nosed Acela Express made the Washington-to-New York trip in two hours, 26 minutes, arriving two minutes ahead of schedule and setting an Amtrak speed record when it hit 135 mph in New Jersey. The old record was 125 mph. The train was expected to reach its top speed of 150 mph later in the day on the trip from New York to Boston.""

Details of the Napster-Bertelsmann deal have been dribbling out all week, and they're interesting. Micro-payment subscription models are now the talk of drooling CEOs everywhere, many of whom think that Bertelsmann head Thomas Middlehoff has saved the idea of profitable intellectual property. Bertelsmann is clearly mulling the possibilities of open-media business models as well. Has Middlehoff found the perfect compromise, or has he jumped into the Big Muddy? (First in a series.)

The creation of Napster was a true convergence, the meeting of cyberspace, pop culture, open media, intellectual property and emerging Net law. Napster's agreement to be eaten alive by one of the largest info-tainmnent conglomerates on the planet is a different sort of milestone, but a big one.

The Napster-Bertelsmann deal was hailed all over Wall Street last week as one of the most significant business moves in years. Execs are watching to see if there is a way for gargantuan multinationals trafficking in intellectual property to thrive and prosper in the hacker-shaped, chaotic culture of cyberspace.

"Free ride might be over" was one USA Today headline. So much for all you thieves and pirates out there.

If it goes through, says Business Week in its forthcoming issue, then Thomas Middlelhoff, Bertelsmann CEO "conceivably will rescue the concept of profitable intellectual property in the Information Age."

Middlehoff's response to this nightmare of easily-transferred digital goods, says Business Week: "Recruit the thief to protect the jewels."

This seems a bit premature. Whatever happens to Napster, Big Media' ongoing Net nightmare is far from over. The brawl between the distributed architecture of the Net and corporatism is just getting rolling. It's clear that intellectual property needs some saving, but not necessarily in the Bertelsmann mode. The notion that music-sharing was only a free ride, a temporal window in the mediasphere for greedy and amoral kids, is too simplistic, as is the idea that nobody ever has to pay for anything non-material again. Those who are sick of the raging wars over Net content are breathing almost audible sighs of relief at the prospect of this deal bringing about something positive.

In the short term, what's most likely to happen is that Napster will become a sort of AOL for music: sanitized, commercialized, subscription-organized, the "free" zone shrinking by the week.According to Business Week and other interviews, Middlehoff "idolizes AOL CEO Stephen M. Case as a prophet of the Internet." And Case isn't big on the idea that information wants to be free.

If subscription models evolve as the sane compromise to the free culture wars, fine. People have the right to choose their own economic models for acquiring culture.This model makes a certain amount of sense, especially for the hordes of middle-class Net users piling online, some of whom are twitchy about all the furor about theft and copyright. But it seems a temporary solution. In a world where all of the textual and visual information on the planet is being archived, the very idea of what intellectual property is is going to have to be resolved, and not just by Bertelsmann and its lobbyists.

This deal might make CEOs happy, but it's bad news on several fronts, including the much-invoked artists and their rights, the diversity and choice of music, consumers and their wallets, or the architecture of the Net itself. A lot of very good things have come from open media models of information and culture-sharing, and they are likely to be threatened or lost if the Bertelsmann Corporations of the world establish an almost total monopoly on information, entertainment and culture, a monopoly literally shattered by the rise of the Net. Many techies believe that can't happen. For every Napster that gets bought, they claim, a hundred will spring up. Maybe so. Personally, I think that's a gross under-estimation of corporatism's contemporary muscle, and it's influence on government, lawmakers, and law enforcement. There will certainly be file-sharing sites, but they will become a fringe, alternative media, existing in small and sparsely-trafficked corners of the Web.

The Napster/Bertelsmann pact is an almost textbook study in how modern corporatism -- late capitalism -- works to dominate, influence and acquire culture. Even though there free music sites -- Gnutella, and Freenet -- and people will continue to use them, AOL and other commercial sites have proven that millions of people will gravitate towards subscription models online if they are cheap enough and hook users up with enormous volumes of information and services.

As AOL merges with Time Warner, the control-and-sanitize model will become more ubiquitous, especially if companies like Bertelsmann pile on. In that context, the Napster-Bertelsmann hookup takes on a different hue -- as a blueprint of the strategy more and more multinationals will use in their ongoing effort to make up for lost time and commercialize the Net. Bertelsmann and the other companies have made it clear they will continue to go after any mini-Napsters that pop up. If they can't get them all, they can sure get the big ones. The shame here is that multi-nationals like Bertelsmann and AOL/Time-Warner are the only entities with the resources to fund and market those kinds of sites and services, develop the technology and the volume of information that could make commercial file-sharing sites work.

The details of the deal invoke the "Sopranos" more than the Net. Middlehoff is proposing to reshape Napster by lending the site $50 million -- pocket money -- and reserving the right to take an equity stake at a later date. Napster is supposed to use the money to develop technology and services designed to get users paying for music. If Napster behaves, says Business Week, Bertelsmann will settle its copyright infringement suit and ask other music and entertainment companies to do the same. If it doesn't, then there won't be a Napster. This is cooperation corporate style, sort of the way John Gotti might have done it, only there's no need for guns.

Middlehoff told a number of reporters last week that Bertelsmann wants to cooperate with rivals and turn Napster into a new kind of platform for downloading the entire range of media products, including books, films, and magazines from any company that wants to participate. Bertelsmann really has nothing to lose by going into business with Napster. The company acknowledged that it's aggressive campaign to brand music downloaders as pirates and to intimidate them into paying exorbitant rates for music has failed miserably.

For music lovers, though, the sense of betrayal was palpable. Messages poured into SaveNapster.com, reported USA Today last week. "I believe Napster's sole idea of the future was to be a part of the money-hungry record industry," messaged Jeff Margel of Northumberland, Pa.

It's impossible to know what Napster's motives really were, but the site had long been seeking help in its expensive fight against the music companies, right up to the moment they started cheerfully exchanging T-shirts with Bertelsmann officials in New York, portraying themselves as heroes and victims in the information wars.

Music industry analysts said it appeared that Bertelsmann's idea is for Napster to evolve into a two-tier, with both paid and free elements. Hank Barry, chief executive of Napster, has suggested that a monthly fee of $4.95 might be appropriate. AOL's $l9.95 price has also been mentioned. Napster would maintain a free, promotional component, but officials get vague when they are asked how a free service would differ from the membership one.

Other analysts, including some quoted by the New York Times, said that one plan under discussion includes adding unspecified "new technologies" that would impose a time limit on downloaded recordings. Non-members might be able to download digitized recordings which expire after a certain period, while members who pay their monthly fees would be able to download files permanently. Members might get other perks, like exclusive recordings from certain artists or the opportunity to pay for a higher-quality download that would work better on their personal CD's or MP3 players.

Until just a few days ago, Bertelsmann (whose major labels include Arist, Ariola, Arte Nova, RCA, New Talents, Windham Hill) was teamed up with the other big music and entertainment companies -- Sony, Disney, Universal, Sony, AOL/Time-Warner -- spewing legal warning notices, intimidating colleges and other institutions that permitted Napster and other free music sites to operate on their servers, branding music lovers and downloaders as pirates, filing lawsuits, hiring lobbyists to pass laws like the DMCA, and funding a barrage of spindoctors and publicists who successfully got the media to sound numerous alarms that a generation of obliviously amoral kids were steading ideas and wantonly ruining the very idea and sanctity of intellectual property.

Sony, Warner, Universal Music and EMI all said they would continue to pursue their lawsuit against Napster. Spokespeople for several of these companies, reported the London Financial Times said they felt they had to continue their struggle against free music in the courts, since there was nothing to prevent "Napster two, three or four" from springing up."

The other companies may be missing at least some of the point of Bertelsmann's deal: Napster/Bertelsmann could afford to play around for years with different models for music distribution, offering more music for little money in new ways. They could even begin re-building a culture of music acquisition.

But it won't be easy. A Pricewaterhouse Coopers survey released to USA Today Friday found that 75 per cent of U.S. music downloaders said they would stop downloading free music if they had to pay. The notion of free music suffered another setback this week. Listen.com, a music directory whose investors include the five major record labels and Madonna, bought the assets to Napster competitor Scour for $5.5 million. Music lovers are already checking out alternatives among the sites on some of the messaging systems, and on open sites like Songspy.com, which reported a huge influx of users in the wake of the Napter/Bertelsmann announcement.

Songspy, which has been online for a only month and claims 30,000 members, has pledged to stick to its policy of free music. "We don't want to betray our users like Napster did," promised Gavin Hall, Songspy's co-founder. Wonder if Hall will feel that way when Sony's lawyers come around in a few months, flex some muscle and suggest a "relationship."

Reading between the lines, Bertelsmann seems to be edging closer to trying to figure out how to commercialize the open media models that sprang from the open source and free software movements. As Lawrence Lessig pointed out in Code, the key to controlling and regulating cyberspace isn't law, but control of code. Regulation of cyberspace is possible, writes Lessig, but that regulation is imposed primarily through code. "What distinguishes different parts of cyberspace are the differences in the regulations effected through code. In some places, life is quite free, in other places more tightly controlled, and the differences in degrees of freedom are simply differences in the architectures of control -- that is, differences in code." Thus the money Bertelsmann is giving Napster is supposed to go to creating code that will make it possible to charge consumers for music.

In moving to acquire a file-sharing online pioneer like Napster, Bertelsmann may also be grasping what the other music and entertainment companies are still resisting -- the company that knows the most about and controls the most code will ultimately control the biggest chunks of cyberspace. Bertelsmann is taking a savvy approach: let the other big companies hire lawyers and try and stop the free music movement legally. If they can, Bertelsmann will still benefit. If they can't, Bertelsmann will be ahead of the curve and well-positioned.

Bef

Details of the Napster-Bertelsmann deal have been dribbling out all week, and they're interesting. Micro-payment subscription models are now the talk of drooling CEOs everywhere, many of whom think that Bertelsmann head Thomas Middlehoff has saved the idea of profitable intellectual property. Bertelsmann is clearly mulling the possibilities of open-media business models as well. Has Middlehoff found the perfect compromise, or has he jumped into the Big Muddy? (First in a series.)

The creation of Napster was a true convergence, the meeting of cyberspace, pop culture, open media, intellectual property and emerging Net law. Napster's agreement to be eaten alive by one of the largest info-tainmnent conglomerates on the planet is a different sort of milestone, but a big one.

The Napster-Bertelsmann deal was hailed all over Wall Street last week as one of the most significant business moves in years. Execs are watching to see if there is a way for gargantuan multinationals trafficking in intellectual property to thrive and prosper in the hacker-shaped, chaotic culture of cyberspace.

"Free ride might be over" was one USA Today headline. So much for all you thieves and pirates out there.

If it goes through, says Business Week in its forthcoming issue, then Thomas Middlelhoff, Bertelsmann CEO "conceivably will rescue the concept of profitable intellectual property in the Information Age."

Middlehoff's response to this nightmare of easily-transferred digital goods, says Business Week: "Recruit the thief to protect the jewels."

This seems a bit premature. Whatever happens to Napster, Big Media' ongoing Net nightmare is far from over. The brawl between the distributed architecture of the Net and corporatism is just getting rolling. It's clear that intellectual property needs some saving, but not necessarily in the Bertelsmann mode. The notion that music-sharing was only a free ride, a temporal window in the mediasphere for greedy and amoral kids, is too simplistic, as is the idea that nobody ever has to pay for anything non-material again. Those who are sick of the raging wars over Net content are breathing almost audible sighs of relief at the prospect of this deal bringing about something positive.

In the short term, what's most likely to happen is that Napster will become a sort of AOL for music: sanitized, commercialized, subscription-organized, the "free" zone shrinking by the week.According to Business Week and other interviews, Middlehoff "idolizes AOL CEO Stephen M. Case as a prophet of the Internet." And Case isn't big on the idea that information wants to be free.

If subscription models evolve as the sane compromise to the free culture wars, fine. People have the right to choose their own economic models for acquiring culture.This model makes a certain amount of sense, especially for the hordes of middle-class Net users piling online, some of whom are twitchy about all the furor about theft and copyright. But it seems a temporary solution. In a world where all of the textual and visual information on the planet is being archived, the very idea of what intellectual property is is going to have to be resolved, and not just by Bertelsmann and its lobbyists.

This deal might make CEOs happy, but it's bad news on several fronts, including the much-invoked artists and their rights, the diversity and choice of music, consumers and their wallets, or the architecture of the Net itself. A lot of very good things have come from open media models of information and culture-sharing, and they are likely to be threatened or lost if the Bertelsmann Corporations of the world establish an almost total monopoly on information, entertainment and culture, a monopoly literally shattered by the rise of the Net. Many techies believe that can't happen. For every Napster that gets bought, they claim, a hundred will spring up. Maybe so. Personally, I think that's a gross under-estimation of corporatism's contemporary muscle, and it's influence on government, lawmakers, and law enforcement. There will certainly be file-sharing sites, but they will become a fringe, alternative media, existing in small and sparsely-trafficked corners of the Web.

The Napster/Bertelsmann pact is an almost textbook study in how modern corporatism -- late capitalism -- works to dominate, influence and acquire culture. Even though there free music sites -- Gnutella, and Freenet -- and people will continue to use them, AOL and other commercial sites have proven that millions of people will gravitate towards subscription models online if they are cheap enough and hook users up with enormous volumes of information and services.

As AOL merges with Time Warner, the control-and-sanitize model will become more ubiquitous, especially if companies like Bertelsmann pile on. In that context, the Napster-Bertelsmann hookup takes on a different hue -- as a blueprint of the strategy more and more multinationals will use in their ongoing effort to make up for lost time and commercialize the Net. Bertelsmann and the other companies have made it clear they will continue to go after any mini-Napsters that pop up. If they can't get them all, they can sure get the big ones. The shame here is that multi-nationals like Bertelsmann and AOL/Time-Warner are the only entities with the resources to fund and market those kinds of sites and services, develop the technology and the volume of information that could make commercial file-sharing sites work.

The details of the deal invoke the "Sopranos" more than the Net. Middlehoff is proposing to reshape Napster by lending the site $50 million -- pocket money -- and reserving the right to take an equity stake at a later date. Napster is supposed to use the money to develop technology and services designed to get users paying for music. If Napster behaves, says Business Week, Bertelsmann will settle its copyright infringement suit and ask other music and entertainment companies to do the same. If it doesn't, then there won't be a Napster. This is cooperation corporate style, sort of the way John Gotti might have done it, only there's no need for guns.

Middlehoff told a number of reporters last week that Bertelsmann wants to cooperate with rivals and turn Napster into a new kind of platform for downloading the entire range of media products, including books, films, and magazines from any company that wants to participate. Bertelsmann really has nothing to lose by going into business with Napster. The company acknowledged that it's aggressive campaign to brand music downloaders as pirates and to intimidate them into paying exorbitant rates for music has failed miserably.

For music lovers, though, the sense of betrayal was palpable. Messages poured into SaveNapster.com, reported USA Today last week. "I believe Napster's sole idea of the future was to be a part of the money-hungry record industry," messaged Jeff Margel of Northumberland, Pa.

It's impossible to know what Napster's motives really were, but the site had long been seeking help in its expensive fight against the music companies, right up to the moment they started cheerfully exchanging T-shirts with Bertelsmann officials in New York, portraying themselves as heroes and victims in the information wars.

Music industry analysts said it appeared that Bertelsmann's idea is for Napster to evolve into a two-tier, with both paid and free elements. Hank Barry, chief executive of Napster, has suggested that a monthly fee of $4.95 might be appropriate. AOL's $l9.95 price has also been mentioned. Napster would maintain a free, promotional component, but officials get vague when they are asked how a free service would differ from the membership one.

Other analysts, including some quoted by the New York Times, said that one plan under discussion includes adding unspecified "new technologies" that would impose a time limit on downloaded recordings. Non-members might be able to download digitized recordings which expire after a certain period, while members who pay their monthly fees would be able to download files permanently. Members might get other perks, like exclusive recordings from certain artists or the opportunity to pay for a higher-quality download that would work better on their personal CD's or MP3 players.

Until just a few days ago, Bertelsmann (whose major labels include Arist, Ariola, Arte Nova, RCA, New Talents, Windham Hill) was teamed up with the other big music and entertainment companies -- Sony, Disney, Universal, Sony, AOL/Time-Warner -- spewing legal warning notices, intimidating colleges and other institutions that permitted Napster and other free music sites to operate on their servers, branding music lovers and downloaders as pirates, filing lawsuits, hiring lobbyists to pass laws like the DMCA, and funding a barrage of spindoctors and publicists who successfully got the media to sound numerous alarms that a generation of obliviously amoral kids were steading ideas and wantonly ruining the very idea and sanctity of intellectual property.

Sony, Warner, Universal Music and EMI all said they would continue to pursue their lawsuit against Napster. Spokespeople for several of these companies, reported the London Financial Times said they felt they had to continue their struggle against free music in the courts, since there was nothing to prevent "Napster two, three or four" from springing up."

The other companies may be missing at least some of the point of Bertelsmann's deal: Napster/Bertelsmann could afford to play around for years with different models for music distribution, offering more music for little money in new ways. They could even begin re-building a culture of music acquisition.

But it won't be easy. A Pricewaterhouse Coopers survey released to USA Today Friday found that 75 per cent of U.S. music downloaders said they would stop downloading free music if they had to pay. The notion of free music suffered another setback this week. Listen.com, a music directory whose investors include the five major record labels and Madonna, bought the assets to Napster competitor Scour for $5.5 million. Music lovers are already checking out alternatives among the sites on some of the messaging systems, and on open sites like Songspy.com, which reported a huge influx of users in the wake of the Napter/Bertelsmann announcement.

Songspy, which has been online for a only month and claims 30,000 members, has pledged to stick to its policy of free music. "We don't want to betray our users like Napster did," promised Gavin Hall, Songspy's co-founder. Wonder if Hall will feel that way when Sony's lawyers come around in a few months, flex some muscle and suggest a "relationship."

Reading between the lines, Bertelsmann seems to be edging closer to trying to figure out how to commercialize the open media models that sprang from the open source and free software movements. As Lawrence Lessig pointed out in Code, the key to controlling and regulating cyberspace isn't law, but control of code. Regulation of cyberspace is possible, writes Lessig, but that regulation is imposed primarily through code. "What distinguishes different parts of cyberspace are the differences in the regulations effected through code. In some places, life is quite free, in other places more tightly controlled, and the differences in degrees of freedom are simply differences in the architectures of control -- that is, differences in code." Thus the money Bertelsmann is giving Napster is supposed to go to creating code that will make it possible to charge consumers for music.

In moving to acquire a file-sharing online pioneer like Napster, Bertelsmann may also be grasping what the other music and entertainment companies are still resisting -- the company that knows the most about and controls the most code will ultimately control the biggest chunks of cyberspace. Bertelsmann is taking a savvy approach: let the other big companies hire lawyers and try and stop the free music movement legally. If they can, Bertelsmann will still benefit. If they can't, Bertelsmann will be ahead of the curve and well-positioned.

Bef

Greyfox writes: "This USA Today story tells us that astronomers have discovered a puny little "planet" between Neptune and Pluto. Significantly larger than your average asteroid, it falls just shy of qualifying as being planet sized." Plutino?

Nightspore writes: "Yes, while you slept last night another supra-governmental body was hard at work readying a shiny new set of chains for you. Read more on how the US and EU are putting the finishing touches on their international cybercrimes treaty. The treaty will force all signatories (i.e. your government) to make illegal the 'import and distribution of devices used for hacking.' Signatories also would be required to 'provide law enforcement authorities with the ability to conduct computer searches and seize computer data.' "

AbbyNormal writes: "Cnn.com is reporting that Kmart(R) is now going to start carding kiddies who buy violent games (based on the ESRB rating)." Reverend Raven adds a link which paints Walmart's name on the wall of shame as well. All the more reason to buy games from local stores or on the Web, at least from places which don't bend to pressure from overzealous state attorneys general. On the other hand, industry 'guidelines' which mainstream retailers follow as if they were law seem better than actual laws doing the same, sort of like 7-11 being free not to carry pornographic magazines.

voodoogumbo writes "A USA TODAY article says universities are declining to review the FBI's controversial Carnivore email sniffer. Academics are concerned that the Justice Department is looking for little more than "rubber stamp" approval of the system. The sordid details are on their site."

Greyfox writes "In yet another twist in the current IP debate surrounding free music downloads, mp3board.com has filed suit against AOL for helping consumers locate and download copyrighted materials by creating gnutella. The story is here on USA Today's site." Ok, I'm officially confused.

Three days ago, a small group called Interhack was featured in an AP wire story about some curious data transmission they'd found. The company receiving the data, Coremetrics, tracks unique visitors through its clients' corporate websites, and promises those clients "seamless performance," because: "data tags load invisibly as small transparent gifs, and information is encrypted to appear invisible to your customer." The customer is you, the user. The GIFs are web bugs. The information can be personally identifying, which most of its clients' privacy policies fail to mention. But -- importantly -- the company promises that "Any data Coremetrics tracks and reports is owned solely by our customers and we are contractually precluded from reselling or using this data." Is that enough? Emmett and I talked both to Coremetrics and to the hackers who put the spotlight on them.

Emmett Interviews Interhack

Slashdot: For those uninitiated, what's interhack all about?

Basically, we're a firm of hackers interested in pushing technology forward through research, making computing apply to people by developing custom products and consulting for folks who want to put the technology to use, and helping people understand exactly what the ramifications of these systems are. That's a pretty broad way of saying that we're all about the Internet and making it work.

Slashdot: When did you start researching this story, and how long did it take to put the pieces together?

Sometime in May, someone sent us a tip about Coremetrics and what it's doing. We took a quick look over their web site to see their advertised services and then started to look at how the service is actually implemented on various client sites. We examined several sites, most of which very clearly stated in their privacy policies that they're using Coremetrics for site monitoring and provided links necessary for people who don't like it to opt out of the system. Most of the sites with clear, full disclosure policies weren't even sending Coremetrics personally-identifiable information like names and addresses.

The more interesting part of our find was in the sites that did send personal information to Coremetrics, particularly those that carried the TRUSTe privacy seal. Over the course of about three weeks, we performed an investigation of these sites, gathering as much information as possible from them. We reverse-engineered the system by reading the sites' code, reading through the obfuscation, and comparing logs of our network's activity with the activity that would be perceived by an end user.

What we found was a clear difference in user expectations and what was actually happening, as well as a clear difference between what Coremetrics says it offers and what its eLuminate service makes technically feasible. After writing drafts of our report and press release, we decided to take a wait-and-see approach to the release. Specifically, we wanted to ensure that sites that just started to use the Coremetrics service had adequate time to update their policies and to have an accurate idea of what was happening with the system after having been in production.

After waiting and watching for more than a month, we decided to release our findings. So, on Monday morning, we sent a pre-release copy of our report to Richard Smith and some folks at Zero Knowledge Systems. In addition, we contacted each of the firms named in our report and Coremetrics so that if the failure to disclose or the ability to profile people across web sites was unintentional, there would be time for some investigation and a decision about how to fix the problem. After the end of business Monday, we released our report.

Slashdot: What needs to change? In a perfect world, how do we deal with this?

This is a very interesting question. In my perfect world, detailed levels of profiling would not take place at all. There would be no such thing as persistent cookies. In general, I'm just not comfortable with the level of privacy that the industry as a whole has given up for the sake of a little convenience.

How big of a deal, really, is it to have to enter your password when you login to a web site? Don't forget that the reason why we have passwords in the first place is so that you'll have to do something at the beginning of the session to prove who you are.

Web browsers also need to be more intelligent. That is, they need to be able to identify things like dependencies on third parties so the user can know whether those images should be fetched or ignored. Right now, browsers -- for the most part at least -- just aren't very defensive. The model of parsing everything you're given worked fine in the Old Days for which some of us long so much but the fact of the matter is that you really can't blindly trust anyone on the Internet.

I'm not suggesting becoming a luddite. I'm suggesting that folks take a sort of "trust, but verify" approach a la Ronald Reagan. Right now, there's a lot of trust and almost no way to verify.

Slashdot: This all comes down to trust. How many policies are just there so people will shut up about personal information so they'll start buying stuff online?

I couldn't say. Policies are almost always written by lawyers. That probably speaks to the covering-one's-posterior-position value of privacy policies.

Slashdot: Since we can't trust written policies, what should people be doing before they start conducting business with these websites?

Verify everything. As I said earlier, though, we're severely lacking in tools that are accessible to most people that can help in that regard. I think Zero Knowledge Systems' Freedom network is a huge step in the right direction. Tools like Muffin (muffin.doit.org) also help, but it would be cooler for that kind of functionality to live right in the browser itself. There are opportunities for eager hackers on this front.

It's also important to stress that tools alone won't do it -- there is no silver bullet. People are going to have to have some understanding of what's happening in order to use these tools effectively.

Finally, where you see discrepancies, point them out. Most of the time, they're oversights. Look at how Lucy.com and Fusion.com dealt with this problem: they updated their sites. So although the problem shouldn't have happened in the first place, they did the right thing. Contrast that with Toys "R" Us, which issued a statement saying that what they're doing isn't a violation. And their privacy policy still doesn't say a word about Coremetrics. They still haven't said anything to address the issue of having information collected on children.

Companies that don't fix their problems don't take your privacy seriously, no matter how much lip service they pay. So don't go to their sites. Don't buy their stuff. Tell them why you're not buying their stuff. Tell their competitors why you shop where you do, lest the new places you shop get the bright idea to try to hide something.

Jamie Talks to Coremetrics

Here's the service Coremetrics provides to corporate websites:

Many companies demand accurate knowledge of how their sites are being used: what sections are popular, what paths visitors take through the site, where people click over from, and so on. It's like web log analysis but more specialized for large shopping sites.

Since these demands are very much the same, and the code to do the analysis is similar, outsourcing happens. From a CEO's viewpoint, Coremetrics fiddles with the website to do better-quality tracking than the company could do on its own, and then makes the resulting statistics available over SSL.

But from your viewpoint and mine, that "fiddling" results in cookie-carrying web bugs all over the sites we visit -- web bugs which usually send back to the Coremetrics servers a unique visitor tag, like any other cookie, but one that sometimes includes your name, email address or other personally identifying information.

Coremetrics promises that this information remains private. When DoubleClick collects data from <img> cookies across multiple websites, they do so with the stated intention of tracking you personally; this is part of their business plan.

According to Coremetrics, they do things very differently. Data is not cross-correlated between their client websites, they say, because their contracts with their clients prohibit this. In fact, their contract forbids them from doing much of anything with that data except statistical analysis.

I gave the Coremetrics PR person I talked to a chance to explain, using the example of their client Toys 'R' Us:

"Coremetrics is merely an agent that collects this data on behalf of an individual customer, for that individual's sole use only. We do not collect data, as was inferred very incorrectly by Interhack, across multiple unrelated websites, with any intention of selling it to third parties -- or even distribution to third parties. That's because we, as the agent, do not own that data, nor do we have any rights to that data. Toys 'R' Us, and Toys 'R' Us only, is the sole owner of that data. So legally, we cannot do any of the possibilities that Interhack had alluded to in their report."

But here's the interesting thing.

If I'm browsing my favorite website, Coremetrics is clearly a third party. They have a special contractual relationship to keep my data private, which we shouldn't ignore. But nevertheless -- a third party.

So why do some of their clients' privacy policies not mention this?

Toys 'R' Us is a good example. As Interhack made clear, they do send personal data to Coremetrics' servers. But their privacy policy reads, "We do not share any personally identifying data about our guests with anyone outside of Toysrus.com, its parent, affiliates, subsidiaries, operating companies and other related entities."

So is Coremetrics one of their affiliates or a related entity? I wouldn't think so, but I'm not a lawyer. One interesting thing is hidden in that privacy policy's HTML; after the closing </html> tag is the hidden message: "<!--CoreMetrics Information if enabled-->." Hmmmmmm.

Coremetrics lists twenty clients; I tried to contact seventeen of them for comment, with marginal success by press time. Three reported that they had not yet activated Coremetrics or had decided not to use the service at all. One (guru.com) reported not sending any personal information -- presumably, only tracking visitors with a non-identifying unique ID.

Two sites (lucy.com and fusion.com) began mentioning Coremetrics in their privacy policies on August 1, the day after the Interhack report. One site (thewest.com) did not even have a privacy policy until yesterday; they'd been working on it, and my email may have made it a priority because it was on their site three hours later.

According to Coremetrics, they encourages all their clients to disclose the use of their service in their privacy policy, and include a link for users to opt out. But some sites reported as using or planning to use Coremetrics' services have privacy policies that could use some clarification.

Altrec.com informs me that "...in the near future ... we plan to add to our privacy statement our use of Coremetrics and the fact that Coremetrics neither owns, distributes, nor has rights to the data it sorts on Altrec.com's behalf." However, their current privacy policy states very simply: "Altrec.com will never sell or give your e-mail address (or any other information about you) to anyone else without your permission. Period."

(Last-minute update -- just before press time, Altrec.com clarified that they are "sending unique ID (unique to Altrec.com) and city, state and zip. No other personally identifiable information is being sent to Coremetrics.")

Bravanta.com bounced me between different people until I got to leave voicemail that wasn't returned by press time. Their policy says they "do not and will not sell, trade or rent the personal information of our customers or gift recipients to any third parties."

(Update two hours later: Bravanta reports that they also have decided not to use Coremetrics' service, and are not currently using it.)

Mall.com didn't get back to me either, and their policy reads "We will NEVER release your name and personal information to a third party..."

Getplugged.com has a rather confusing privacy statement that begins, "Any personally identifiable information GetPlugged.com collects will be used solely for the purposes stated within this Privacy Statement" and wanders around from there. I'm not sure what to make of it, frankly.

All these polices may indeed be correct, if the sites are stingy with personal data. Like guru.com (and altrec.com), they may be using the Coremetrics service only with non-personal IDs. But, as with Toys 'R' Us, that may also not be the case.

(fusion.com, getplugged.com, and altrec.com also happen to be TRUSTe licensees, but TRUSTe wasn't able to comment by press time. In the AP wire story on Monday, they had harsh words but were speaking hypothetically; no comment since then.)

It's hard enough to read privacy policies already. Most of them are designed to protect companies legally, and mostly manage to confuse users. The distinction between Coremetrics as a third party; or affiliate; or agent, is a little too fine for the average consumer, and needs to be spelled out in each policy, as Coremetrics itself recommends.

But is all this a tempest in a teapot? If a signed contract forbids a company from misusing data, is that all we need to know?

I don't think so. In the first place, at the very least, companies like Toys 'R' Us need to disclose such things in their privacy policies. That's just common sense.

In fact, according to Coremetrics privacy advisor Dave Farber, they plan contractually to require such disclosure with future clients. (The company could not confirm or deny this at this time.)

More importantly, we as consumers are being asked to trust a third party whose reputation we know nothing about. In fact, 99% of us will never even have heard of them and might not understand what they do. We're told that a contract protects us, but we're still being asked to trust something we can't see. And when evidence of policy violations is turned up by a group of hackers, that erodes our trust.

After speaking at length with Coremetrics' PR, I get a general feeling of trust from them. (Of course that's a large part of their PR staff's job, earning reporters' trust.) More importantly, Dave Farber is well-respected, and his confidence carries weight -- with me at least.

Still, as Interhack says, our motto should be "trust but verify." That's why I proposed, to Coremetrics, that they publicly post, on their website, the paragraphs from their clients' contracts which assure that our private data remains private. If the actual legal words that protect our data are up there for us to see, we don't have to trust anyone.

When I mentioned this to Coremetrics' PR person, he promised to consider it; Dave Farber thought it was "a very good idea." It's unusual for corporations to make contracts public, even in part, but in this case it would do a great deal to put everyone's fears to rest.

Imagine a novelist, trapped in a nightmarish world of credit cards and micropayments, facing devilish odds and the belligerent stares of publishers everywhere ... picture a team of hackers brazen enough to break into dozens of secure government sites without incurring a single lawsuit ... scream in terror at the thought of mutant penguin-kangaroo hybrids swimming deviously onto our shores ...

Revenge of the naysayers' naysayers: Just yesterday, jamie sallied forth with the theory that Stephen King was setting himself up for disappointment by expecting enough paying customers for his new online book to justify the experiment.

jheinen writes, though, "According to MSNBC, of the 41,000 downloads for the first installment so far, 32,000 (~78%) have already paid via credit card. Kinda shoots to hell the theory that people won't pay."

[Jamie adds: I stand by my prediction that "Stephen King is never going to have to publish the end of his novel." I'd love to see him succeed, but I just don't think so this time around. We'll see in September!]

Red Five, I'm going in. You may recall the story a little while ago about a distributed anti-cracking bot at Sandia National Laboratory. Rest assured, those clever folks don't confine themselves to practicing only one side of the ol' thrust-and-feint.

In fact, leb writes: "Over the past two years, a group at Sandia National Laboratories known informally as the Red Team has, at customer invitation, either successfully invaded or devised successful mock attacks on 35 out of 35 information systems at various sites, along with their associated security technologies. Their work - challenged only by a new style of defense, also developed at Sandia, called an "intelligent agent" - demonstrates that competent outsiders can hack into almost all networked computers as presently conformed no matter how well guarded, say spokespeople for the group, formally known as the Information Design Assurance Red Team or IDART. Check out their site here."

Stir, leave plot overnight to thicken. vjlen writes: "Now it sounds like corinthians.com is just another cybersquatting case. From an article in USA Today: 'But the case is not as black-and-white as it seems, says Dave Fogelson, a spokesman for the team, which recently put up its own site in Brazil. Fogelson says the arbitrator had to consider several factors, including the fact that Sallen did not use the site for Bible quotes until after he contacted the team to talk about selling the name, which suggests his main motive was profit.'"

Or ... or ... or ... we'll strike! stattouk writes "The BBC has a story on a court case currently happening in France over whether Yahoo France can be held responsible for people being able to access auctions of Nazi memorabilia. The courts say that even though fr.yahoo.com has blocked access, the fact that www.yahoo.com can still be used to get them amounts to no action by Yahoo." Asking Yahoo! to block Internet auctions in the first place seemed rather stretchy; now it seems that Yahoo! is supposed to police the entire world.

Penguins do come from that hemisphere, after all ... Tsujigiri writes "To follow up a previous story on Slashdot about the Australian InstallFest 2000, Fairfax IT is running this story about the recently held (well, July the 15th) Adelaide InstallFest 2000 and its "unexpected surge in interest". Quite successfull all round. Congratulations to all involved, and good luck to the rest of the Australian Install Season. (For anyone who'd like to see some pictures, go here)"

If there's an "install season" down there, one questions leaps to mind: Is there a limit on those things?

Both the Washington Post and the New York Times have stories about the FTC's decision to ask Congress for the authority to regulate online privacy. The FTC had recently completed yet another privacy survey that showed companies were doing little to protect privacy on the Internet, even after several years of dire warnings. In other news, Doubleclick named a "No-Privacy Board" -- errr, a "Privacy Board." Its members are listed below, along with my notes on their backgrounds.

It is important to keep in mind what this is being billed as: Doubleclick calls this, in their press release, a "Consumer Privacy Advocacy Board." Supposedly this board is set up to, you know, advocate consumer privacy. So, let's take a look at its composition.

Robert Abrams, former attorney general of New York: hired because of his connections in New York State, which threatened to file suit against Doubleclick. His role will be to lobby his buddies in various government agencies to prevent privacy lawsuits.

Robert Litan, vice president and director of economic studies at the Brookings Institution: supports "opt-out" marketing and notification of privacy policies, as opposed to actual privacy. (Which is exactly Doubleclick's position, of course.)

Harriet Pearson, director of public affairs at International Business Machines Corp.: Pearson is one of the people behind the Online Privacy Alliance, a corporate front group working to attack privacy on the Internet. Pearson has moderated seminars on how to profile users without seeming to be Big Brother; her job is to make you feel good about not having any privacy. Every group needs a PR flack.

Lori Fena, chairman of Web privacy organization TrustE: Fena is an advertising executive by trade. And obviously, having her on board means that TrustE won't exactly be cracking down on any of Doubleclick's practices.

Daniel Weitzner, an executive at the World Wide Web Consortium: Weitzner's main job at W3C is promoting P3P, a protocol designed to automatically give out your name, address, phone number, credit card information, Social Security number, and other personal data to Web sites as you browse -- a sort of hyper-invasive universal cookie. Need I say more?

Elizabeth Lascoutx, a director and vice president at the Council of Better Business Bureaus: Lascoutx's work at the BBB used to center around children's advertising -- she sought to have commercial messages on children's Web sites set off from the rest of the content in the same manner as television advertising ("after these messages, we'll be right back").

David Stazer, vice president and co-founder of PlanetOut.com: I don't know of any qualifications Stazer might have with regard to privacy.

Stewart Baker, a partner at the law firm of Steptoe & Johnson: Baker used to be the general counsel of the National Security Agency, probably not the first people you'd think of when you think "privacy"; he's an influential Washington lobbyist now. Baker publicly attacked the efforts to boycott Intel and Microsoft over the Pentium-III processor ID and the GUID embedded in MSOffice documents -- he stated that if all machines on the Internet were authenticated and identified, things like denial of service attacks could be prevented (which is true enough, if you don't mind a total loss of privacy).

No one from EPIC? No one from the ACLU? You can draw your own conclusions about whether this "Consumer Privacy Protection Board" (sic) is intended to actually help Doubleclick change its ways, or whether it is merely intended to help protect the company from lawsuits and adverse governmental action, like, say, the FTC wanting the authority to force companies to respect privacy concerns.

A recent USA Today article, "Privacy Isn't Public Knowledge," took an interesting tack: they asked a psychologist and linguistics expert to analyze the privacy polices of ten major websites. His conclusions aren't surprising: these policies mainly confuse people. "If you really don't want people to understand, write it in legalese and have it run on for four or five pages. People will say, 'To hell with it...'" Longest sentence: 174 words.

SEWilco writes "In this USA Today story a judge ruled that hyperlinking is not illegal as long as consumers understand whose site they are on and that one company has not simply duplicated another's page. " The case stems from Ticketmaster suing Tickets.com for deep-linking within Ticketmaster. Very good ruling for the health of the Web.