25th > May > 2005 Archive

ID cards: Part II

Home Secretary Charles Clarke is expected to reintroduce the government’s proposal for compulsory ID cards later today. Clarke will reintroduce legislation this afternoon. He accepted there were genuine concerns about the previous Bill and offered to meet critics concerned about civil liberties, according to the BBC. Defending the proposals in the House of Commons Clarke said ID cards passed the five tests laid down by the Tories. Answering the first Tory concern Clarke said the legislation clearly defined the purpose of the cards. Showing an optimism which Reg readers may not share Clarke said the second concern was whether the technology was sufficiently well-developed and robust, "and the answer is yes." On whether the Home Office is capable of delivering this major IT project, he said, "the answer is yes.” For the Tories, shadow Home Secretary David Davis said he was not convinced by the claims. Davis said: “"The database at the centre is what brings about a change in the relationship between the individual and the state. The Government have no answer as to how they will protect that database.”, according to egovmonitor.com The Tories will oppose the legislation unless the government can “conclusively prove” the cards are needed. The Lib Dems are also opposed. Employers organisation the CBI wrote to the government expressing its concerns about ID cards. The lobby group says the legislation is too vague and won’t get business support unless it is more transparent and has clearer limits on how the data is to be used. More from egovmonitor here. ® Related stories General election debate misses purpose of ID cards Labour promises 'voluntary' compulsory ID card Clarke calls for ID cards after imagining huge poison terror ring
John Oates, 25 May 2005
homeless man with sign

IBM puts a little Tivoli in Rational

IBM's developer tools business is adopting features from IBM's Tivoli management suite to help improve detection and resolution of problems in applications. IBM Rational announced the Problem Resolution Toolkit for IBM Rational Application Developer and the Performance Optimization Toolkit for Rational Performance tester at its annual user conference, in Las Vegas. The products feature Tivoli's Monitoring for Transaction Performance software to identify problems while applications are live, to fix the problems, and to feed information about faults to developers if the problems are linked to the application's source code. Ovum analyst Bola Rotibi said the products are important milestones in IBM's ongoing journey to integrate its software portfolio. IBM unveiled plans for integration between tools from its Rational family on an interface and semantic level in the suite codenamed Atlantic, using Eclipse, at its last user conference in 2004. "We are in a phase where we have to ensure the tools integrate and work together... that's something that people have been looking for, for sometime," Rotibi said.® Related stories IBM has moment of SOA clarity IBM Eclipses Linux IBM bangs drum for client middleware
Gavin Clarke, 25 May 2005
channel

Microsoft going to JavaOne

Having braved the open source faithful at LinuxWorld, Microsoft is turning its attention to Java, with plans for a formal presence at JavaOne next month. Microsoft's appearance at Sun Microsystems' annual Java jamboree in San Francisco will be the first since the companies settled their differences and agreed to work on interoperability between products and technologies last year. Microsoft has appeared at JavaOne only once before, in 1996 when Microsoft licensed Sun's Java in an appearance that Sun called "very low key". A year later, the companies locked horns over Microsoft's decision to, er, "optimize" its implementation of Java for Windows and the rest of us got to watch. This time around, Microsoft is forking over $20,000 in sponsorship for a 15ft by 15ft show-floor booth, with plans for a joint keynote with Sun on interoperability between Java and .NET that is followed by a series of breakout sessions. Ben Lenail, Sun's director of corporate strategy and development, and the lead on Sun's relationship with Microsoft, said the companies plan to demonstrate interoperability between Java and .NET at the WSDL level. Microsoft denies it is on a mission to tempt weak Java Jedi to the .NET dark side and will simply educate developers and architects about interoperability - even though Microsoft does plan to hand-out free copies of the Visual Studio 2005 second beta on CD. "That's off the radar," Visual Studio program manager Brian Keller told El Reg when asked whether Microsoft would use the event to seek fresh converts. "If someone wants to talk to us about the merits of .NET we will have that conversation. But when we attend other events, it's primarily about interoperability," Keller said. Keller added while Microsoft's presence will raise more than a few eyebrows, based on earlier experiences at LinuxWorld, he expects attendees will get over it. "People don't expect to see you the there. But once they start talking to you, we have a valuable conversation and both parties walk away with something," Keller said.® Related stories Ballmer and McNealy interoperate on ID Ballmer: Interoperability, interoperability, interoperability Sun, MS just thrilled to be together Sun settles with MS for $2bn (ish)
Gavin Clarke, 25 May 2005
hands waving dollar bills in the air

Intel's platform shift

This story has expired from The Register's archive. You can now find it at its original location on the Forbes.com website: http://www.forbes.com/business/2005/05/24/cx_ah_0524intc.html?partner=theregister.
Arik Hesseldahl, 25 May 2005
For Sale sign detail

IBM, Sony: We'll open Cell

IBM, Sony and Toshiba have vowed to open the specifications to the Cell processor to the world, and provide libraries for software libre developers. The news comes three days after the Wall Street Journal published a story that Apple was seriously looking at Intel chips for future systems. IBM is Apple's primary source of CPUs. The Cell, unlike IBM's G5, will be suitable for low power operation in notebooks, if not handhelds quite yet. Open specifications will permit Apple to develop for the Cell without a potentially costly licensing agreement. It's tempting to see these facts as related, but of course it may all be a fortuitous coincidence for Apple. But "free" libraries may not be "free", EE Times reports. "We're not yet sure about the right licensing terms for the libraries. It can be hard to give stuff away for free," says IBM cell chief Jim Kahle. IBM did however commit to open sourcing the software for cell. EE Times has a few more tidbits about the Cell that haven't been disclosed before. A team of 400 IBM engineers worked on the project across ten design centers. And the software-based I/O design was inspired by Hong Kong airport. There are more details for developers, courtesy of Sony Semiconductor, here. ® Related stories Sony details PlayStation 3 Xbox2 goes core to core to core with PS3 Cell chip critics hear Itanic seagulls The Cell chip - what it is, and why you should care Multi-OS Cell CPU tops 4GHz
Andrew Orlowski, 25 May 2005

Symbian appoints new CEO

Symbian has selected a new CEO to replace now-departed helmsman David Levin. Nigel Clifford joins the smart-phone software developer next month. He arrives from a stint as chief executive of Tertio Telecoms, and he spent two years as a senior VP with Cable & Wireless, serving on the company's UK board. Before that, from 1992, he ran the Glasgow Royal Infirmary University National Health Service Trust for five years, moving to the Trust after 11 years in senior roles within BT. Former CEO David Levin announced his decision to leave Symbian back in December 2004, though he promised to stay on until March this year while a replacement was found. CFO Thomas Chambers acted as interim CEO from that point, and will relinquish the role when Clifford arrives for work next week. Levin quit Symbian to run United Business Media. During Levin's final quarter as Symbian CEO, Q1 2005, the company saw some 6.8 million Symbian-based handsets ship, 180 per cent up on the year-ago quarter. To date 32 million machines running the Symbian OS have been sold. Nine new phones from four OS licensees shipped taking the total to 48 devices, up from 18 in Q1 2004. ® Related stories PalmOne to become Palm again Navicore launches UK GPS kit for Symbian Symbian revenues soar on smartphone sales surge Smart phones boom - Symbian up, MS and Palm down Symbian updates OS, toolchain Symbian CEO to quit Symbian and Entrust score civil servants
Tony Smith, 25 May 2005

Italian police find child torture site

Three Catholic priests, a police officer and a social worker are among 186 people reportedly under investigation in Italy this morning after authorities shut down a child torture website. The website hosted pictures and videos of children between four and eight being sexually abused and tortured. Police are still investigating and are yet to press charges. The password-protected site was online for just nine days before being closed down in July. Web monitoring organisation Telefono Arcobaleno tipped off authorities, according to AP. The site was not indexed so wasn’t picked up search engines. It was hosted on an Italian server but advertised in other countries. The investigation is continuing and no-one has been arrested yet. Premises belonging to 159 suspects in 16 of Italy’s 20 regions were searched on Tuesday. Other suspects have already been searched. ® Related stories UK police tackle mounting internet porn caseload New UK agency to target net paedophiles Spanish cuff 19 in net paedo ring bust
John Oates, 25 May 2005
globalisation

Rambus calls on co-founder to forecast future

Rambus has turned to one of its two founders to point the company in the right technological direction. The memory technology developer yesterday announced that it had appointed co-founder Mark Horowitz as its chief scientist, reporting directly to CEO Harold Hughes. The appointment appears to formalise a broader technology steering role Horowitz has taken as a Rambus board member since the company's formation, in 1990. Horowitz is currently a professor of Electrical Engineering and Computer Science as Stanford University, where he has been teaching since 1984. After a four-year stint as a company VP, from 1990 to 1994, Horowitz has focused on his academic roles. As chief scientist, Horowitz will be responsible for assembling teams to evaluate trends and look for opportunities to apply Rambus' high-speed signalling expertise to various markets, the company said. He will take "an active leadership role" in determining Rambus' future technological development and direction, it added. ® Related stories FTC claims Rambus spoiled antitrust evidence Courts deny dismissals in Rambus legal actions Legal costs cut Rambus earnings Rambus offers to quadruple DRAM data access speeds Infineon and Rambus kiss and make up Rambus Infineon claim chucked out of court Rambus sues four for GDDR 'infringement' Rambus board plays musical chairs
Tony Smith, 25 May 2005
channel

Intel EOLs Mobile P4 chips

It was always going to happen, of course, but Intel's plan to kill off the Mobile Pentium 4 processor has come slightly later than anticipated. The vendor confirmed this week the NetBurst-for-notebooks chips will only be available to order through to 19 August. The death of the chip family was heralded in February 2004, by Anand Chandrasekher, then the chip giant's mobile products chief. He said the Mobile P4 would come to an end "around Q1 2005 or maybe a little later". It didn't happen in Q1, but Intel this week told customers it has at last decided to end-of-life the processor family, according to company documents seen by The Register. All five models, clocked at 2.8, 3.06, 3.2, 3.33 and 3.46GHz, are for the chop, Intel revealed. Intel will ship product through to 20 October 2006, if there's demand for it, but it will not take orders for the parts after 19 August 2005. Orders received after 24 June 2005 can't be cancelled. It's no great surprise of course. The continued evolution of the Pentium M product line is seeing members of that family reach out into the spaces occupied by the Mobile P4. Intel's focus on extending the Pentium M architecture first into dual-core chips and then into the desktop world always mean that the Mobile P4 was destined to become obsolete. ® Related stories Intel signals end of 400MHz FSB Centrinos Intel: next-gen dual-cores not NetBurst Intel: 65nm output to surpass 90nm production Q3 06 Intel prunes 'Centrino 2' prices Intel rides mobile express to strong Q1 Intel to EOL Mobile P4 in Q1 2005 Intel confirms 'Conroe' Intel to kill off Mobile Pentium 4 'around Q1 2005'
Tony Smith, 25 May 2005

Oz eBayers must pay tax

The Australian Competition and Consumer Commission has convinced eBay Australia to alter its policy on adding Goods and Services Tax onto successful bids. From 13 June all eBay sellers will be required to include the ten per cent tax on any relevant items they are auctioning. The ACCC said it had been contacted by successful bidders who were unhappy that their bids had 10 per cent tax added without them being warned. The ACCC also received complaints from sellers complaining that items from other sellers appeared cheaper because they were not including the tax. The ACCC said: “eBay Australia has liaised with the ACCC to modify its GST policy which now makes it a requirement for all sellers on the eBay site to include any applicable GST in their auction or Buy It Now price.” Prior to the change eBay Oz recommended sellers include GST. The change affects people using eBay for business purposes rather than private sales. More details on ACCC website here. ® Related stories eBay sitting on the old Gumtree.com Burgled mum finds stolen iPod on eBay Power outage floors eBay
John Oates, 25 May 2005
graph up

AMD prints 'Pacifica' virtualisation spec

AMD has published its 'Pacifica' specification - its answer to Intel's Virtualisation Technology (VT), which is intended to allow a desktop or server to run multiple operating systems simultaneously. Intel is expected to announce VT-enabled Pentium 4 processors soon, possibly even this week, well ahead of its schedule for getting the technology into servers. AMD has said it will ship virtualisation-aware client and server processors in Q1 2006, in both single- and dual-core chips. Both systems provide a hardware framework for virtualisation, but it looks like the technique will still require specialist software, such as VMware and Xensource, to be of use. Think of VT and Pacifica more as technologies to take some of the processing burden off VMware's shoulders rather than a full-scale virtualisation system in its own right. AMD calls it "silicon enhanced virtualisation", for example. AMD's approach centres on establishing a 'Hypervisor' system which sits between the CPU's processing core(s) and 'guest' code, whether that be multiple operating systems, different instances of the same OS, or even a 'service guest' remote admin module. The Hypervisor keys the multiple virtual machines into the single physical system. Pacifica essentially adds new instructions, such as VMRUN, and a virtual machine data structure, to the x86 core. The company touts its Direct Connect Architecture - its mix of HyperTransport and on-chip memory controller - as the most suitable infrastructure for virtualisation. AMD and Intel both see virtualisation as an enterprise-oriented technology - VT is coming to the P4 first because it's a key component of Intel's Active Management Technology, a remote maintenance and management system for corporate computing - but they also forecast a role of home users, particular in boxes with multiple users, such as home servers. AMD said the specification would be made available here. ® Related stories Microsoft running late in virtualisation Intel confirms 64-bit P4 5xx desktop launch AMD to reveal 'Pacifica' processor virtualisation spec Intel sees virtualization as key to child-proof PCs P4 to get Virtualisation Tech before dual-cores do Intel drops 'Vanderpool' handle Intel speeds 'multiple OS' desktop CPU schedule
Tony Smith, 25 May 2005

Build intelligence .NET with AI

Site offerSite offer Artificial intelligence (AI) has been in existence almost as long as computers. Most people do not realize that AI-based technologies are being utilized every day and only recently have AI techniques been widely incorporated by companies to enhance traditional business applications. Building Intelligent .NET Applications is an introduction to the world of Artificial Intelligence for .NET programmers. It is the first book to show professional .NET developers how to incorporate AI into their daily programming. In this accessible guide, developers will learn how to enhance both new and existing .NET applications with intelligent agents, data mining, rule-based systems, and speech processing. You can save 30% on .NET guides and thousands of other great computing titles at the Reg Bookshop. Building Intelligent .NET Applications RRP £31.99 - Reg price - £22.39 - Saving £9.60 (30%) Shows developers how to enhance both new and existing .NET applications with four powerful Artificial Intelligence technologies Maximizing ASP.NET RRP £35.99 - Reg price - £25.19 - Saving £10.80 (30%) This book helps the novice ASP.NET developer become a well-rounded master, by explaining ASP.NET's underlying concepts and architecture eXtreme .NET RRP £28.99 - Reg price - £20.29 - Saving £8.70 (30%) Filled with practical, hands-on examples, this will be the first book Microsoft developers go to when learning Agile development techniques Microsoft Visual Basic .NET 2003 Unleashed RRP £42.99 - Reg price - £30.09 - Saving £12.90 (30%) A premium reference guide and a must-have for anyone currently developing or beginning to develop .NET applications Microsoft Visual C# .NET 2003 Unleashed RRP £42.99 - Reg price - £30.09 - Saving £12.90 (30%) This is the ultimate C# reference, providing practical examples for virtually every aspect of the C# language .NET Developer's Guide to Windows Security, The RRP £34.99 - Reg price - £24.49 - Saving £10.50 (30%) Essential information for .NET programmers on how to develop secure Windows applications Enterprise Application Integration Using .NET RRP £37.99 - Reg price - £26.59 - Saving £11.40 (30%) The ultimate guide to attacking one of the biggest problems in IT today - application integration - using the .NET Framework Open Source .NET Development RRP £30.99 - Reg price - £21.69 - Saving £9.30 (30%) The first book on doing .NET development in an open source environment .NET Application Development RRP £33.57 - Reg price - £23.50 - Saving £10.07 (30%) A complete technical introduction to the full spectrum of .NET technologies ASP.NET Evolution RRP £36.50 - Reg price - £25.55 - Saving £10.95 (30%) Includes a complete ASP.NET application that is deconstructed to show readers how features work Don’t forget your opportunity to review current and previous offers: The Reg Bestsellers Last week at The Reg Great new releases This week's book bag
Team Register, 25 May 2005
channel

EMC Invista provokes technology race

There is rarely a dull day in the wild and madly exciting world of storage and storage management. Those bygone days, when talking (or writing) about storage systems would fill most people’s minds with dread and thoughts of sleep, are well and truly behind us. Well, almost. Last week witnessed EMC, one of the industry’s giants, launch its much awaited network storage virtualisation platform, EMC Invista, at the company’s Technology Summit in New Orleans. The approach taken by Invista to provide networked storage virtualisation is to house the virtualisation software in the emerging “smart” fabric switches from Brocade, Cisco and McData. EMC expects to make Invista solutions running on EMC Connectrix branded switches from Brocade and Cisco generally available in the third quarter of 2005. Solutions running on McData switches will be supported early next year. EMC will be actively promoting the virtues of its out-of-band architecture versus the in-band storage virtualisation adopted by some of the appliance and array-based solutions with which it is likely that Invista will compete. Principally, EMC believes its out-of-band approach to be highly performant and extremely scalable. Naturally enough, the alternative approaches employed by other solutions will have their architectural merits promoted. In truth though, it will not be to the advantage of any storage virtualisation vendor to attempt to make the chosen architecture of their virtualisation solution a quasi-religious matter. Customers simply do not care as long as the products do what they say they can do. The storage management vendors will see much better benefit from simply promoting the business merits of the virtualisation offerings. It is good to recognise that EMC has taken this thought to heart, as much of its communications concerning Invista have sought to highlight why organisations should deploy Invista. Primary amongst these are the ability to support non-disruptive operations and significantly reduce, or eliminate, the need for down time, coupled with efficient storage management. In addition, the virtualisation simplifies the movement of data across tiered storage and provides greater flexibility to organizations when selecting the underlying storage platforms. The ability of Invista to create dynamically managed logical or virtual pools of storage resources from heterogeneous physical storage platforms is at the heart of virtualisation. Invista employs open application programming interfaces (APIs) to interface to the storage hardware platforms and the system will, on day one, interoperate with a selected range of storage arrays from various vendors including EMC, IBM and HDS. EMC plans to support additional platforms over time. Invista will at GA support various operating systems including Solaris, Windows, AIX, HP-UX and Linux along with the VMware environment. Invista management will be integrated with EMC ControlCenter and will also operate with the emerging SMIS and FAIS (Fabric Application Interface Standard) management standards. EMC clearly expects the first use of Invista to be in large enterprise environments where the capabilities supplied will be warmly welcomed. However, the company fully expects that as storage standards mature, Invista solutions will be made available to smaller organisations via the EMC Velocity channel partners. There is no doubt at all that storage virtualisation has a foundational role to play in the storage infrastructure. The emergence of an EMC solution into this space alongside offerings from several of the other major players is certain to boost customer confidence that storage virtualisation is now a reality and is going to take a place at the heart of their IT infrastructure. EMC Invista is a technology that is likely to be widely deployed. What is absolutely certain is that the storage virtualisation technology race is now well and truly on. © IT-analysis.com Related stories EMC finally finds its virtual voice EMC delivers again with strong Q1 EMC wags new NAS giant at rivals NetApp and IBM
Tony Lock, 25 May 2005

Wanadoo broadband - 'you can go faster for less'

Wanadoo UK - in the good old days it used to be called Freeserve - has been ticked off for bragging about its broadband service. Its ad claiming "You can't go faster for less" just simply isn't true, according to the UK's advertising watchdog responding to a complaint from BT. Sifting through all the information available, the ASA found that "at least one provider's offer would be cheaper" than Wanadoo's overblown claim. And since Wanadoo's brag "was an absolute one" leading punters to think it was "a price promise that the advertisers were the cheapest provider of 1Mbps broadband", the ASA had no choice but to rule that the ad was a load of old tosh. Even three spreadsheets jam-packed with comparative facts and figures wasn't enough to convince the Advertising Standards Authority (ASA) that Wanadoo was telling the truth. Elsewhere, cableco NTL also received a public flogging from the ASA - and just 'cos it advertised its internet service in an area where it doesn't supply broadband. In March one of Wandoo's TV commercials was banned for being "irresponsible" because it might encourage youngsters to play in scrapyards. The ad showed teenagers frolicking, flirting and snogging among wrecked and mangled cars.® Related stories 'Irresponsible' Wanadoo TV ad banned Telewest belted for 'spoof' mailshot V Two One told to pull 'UK's cheapest ISP' claim Wanadoo comes a cropper for 'full speed' broadband ad
Tim Richardson, 25 May 2005
For Sale sign detail

Yahoo! phishing attack targets Star Wars fans

Hackers are exploiting interest in the new Star Wars film to harvest Yahoo! login credentials. The attack is initiated when a user clicks on a malicious link (yahoopremium.bravehost.com/STAR_GAMES) sent to them from a user on their buddy list. Once at the website, the user is encouraged to enter their Yahoo credentials. Upon activation, a Trojan collects Yahoo! credentials and then sends messages out to a user's buddy list whether the IM client is logged in or not. The Trojan URL references StarGames in an apparent reference to the latest SF blockbuster, Star Wars III: Revenge of the Sith. As phishing attacks go the StarGames Trojan is hardly sophisticated but there again they do say that the Force has a powerful effect on the weak-minded. IM security firm IMlogic rates the attack as a medium risk. It advises firm to ensure that PCs are updated with the latest security patches and that all out of date clients have been blocked from accessing the Yahoo! network. Administrators are also advised to educate their users about the dangers of social engineering. ® Related stories IM worm hits Reuters MSN Messenger worm seeds zombie networks EDS bans IM Empire Strikes Back is best SW film: official Star Wars' galactic dollars
John Leyden, 25 May 2005
hands waving dollar bills in the air

Witty worm traced to 'Patient Zero'

The Witty worm, which infected more than 12,000 servers a year ago, came from a single computer in Europe and used a US military base's vulnerable systems to kick-start the epidemic, according to an analysis released by three researchers this week. The researchers combined records from the initial spread of the Witty worm along with an analysis of the random number generator used by the program to pick its targets and discovered that the worm almost certainly spread initially from a computer owned by a customer of a European internet service provider. The analysis also found that about 10 per cent of the internet's addresses would not have been generated, thus infected, by the Witty worm and that 110 computers at a US military base were likely among a "hit list" of systems that were targeted explicitly by the worm. "We hope that the principle of exploiting a worm's structure will be more broadly applicable to forensics of future worms," said Vern Paxson, senior researcher with International Computer Science Institute at the University of California at Berkeley and one of the three researchers who co-authored the analysis of the Witty worm. Paxson, along with another researcher at ICSI and a computer science graduate student at the Georgia Institute of Technology, published the results in a paper this week, including new details of the worm's spread. The Witty worm started spreading in March 2004, infecting unpatched computer systems and appliances running security gateway software from network protection firm Internet Security Systems. The worm appeared before an exploit for the vulnerability had been made public, a departure from the normal evolution of Internet worms. "Worms typically follow the public posting of exploit code, but Witty didn't follow that model," said Craig Schmugar, virus research manager with security firm McAfee. Internet Security Systems declined to comment on whether the company had investigated the worm or the techniques it used. The program spread quickly, compromising every vulnerable host within its scanning range - more than 12,000 systems - in less than 75 minutes, placing the worm in a class of super-fast infectors know as flash worms. The worm's speed rivaled that of another flash worm, the Microsoft SQL Slammer worm, which spread to tens of thousands of systems in an equivalent period of time. Both worms spread using the user datagram protocol (UDP), which allows computers to transfer data without establishing a connection, making it much faster than the more common transmission control protocol (TCP). In addition, Witty was a very destructive worm. The program tried to delete a random block on one of the infected system's disks after sending 20,000 copies of itself out to potential targets. After successfully deleting enough blocks, the worm would typically crash the host computer. While the Witty worm did not infect as many computers as MSBlast (the Blaster worm) or SQL Slammer, the incident stands out because the program attacked a security product, appeared before publication of code to exploit the vulnerability, and had a very destructive payload, said Mike Poor, an incident handler with the SANS Internet Storm Center, a network-threat monitoring group, who had studied the impact of Witty. "Those three things made it stand out - those things together made it a significant event," he said. The characteristics also made the worm interesting to Abhishek Kumar, a PhD candidate in computer science at the Georgia Institute of Technology and a co-author of the analysis of the Witty worm. He spent the summer of 2004 at ICSI for an internship and agreed to work on an analysis of the worm. The amount of information that was gleaned from the analysis of the worm and the captured network data surprised the researchers, Kumar said. "I did not expect to find such precise details," he added. The research first reverse engineered the Witty's worm's function for generating new internet addresses to attack and then modeled the behavior of that function, known as a pseudo-random number generator. The researchers combined that model with the actual data captured by specialized computers monitoring two large unused portions of the internet address space. Known as network telescopes, such sensors can pick up the effects of large scale Internet attacks. The researchers used a one-hour and a 75-minute snapshot recorded by network telescopes at the University of Wisconsin and the Cooperative Association for Internet Data Analysis (CAIDA), respectively, to analyze the worm's spread. The analysis of the pseudo-random number generator found that the worm would not generate addresses for about 10 per cent of the internet and would generate the same address twice for another 10 per cent of possible internet addresses. The researchers used their analysis of the generator to plot the orbits - the sequences of numbers each worm would create - and found a single address from which copies of the worm propagated but which did not fall on any orbit. The system at that source address also generated a sequence of pseudo-random numbers different from all the other copies of the worm. Moreover, that source address - a server whose internet address belonged to a European ISP - had started spreading the worm at the beginning of the incident. Based on the evident, the researchers concluded that the system was Patient Zero, the attacker's staging point for the worm. The address of the server has been forwarded onto law enforcement, according to the researchers. The FBI could not immediately comment on whether it had investigated the ISP. Further analysis also succeeded in determining the specific initial numbers used by nearly 800 of the worms to start their sequences of pseudo-random numbers. Since the numbers are fairly random and generated from the system clock, discovering their actual values essentially identified the systems and also gave insight into the systems' uptime. In fact, a group of more than 100 systems belonged to the same class B network and appeared right at the beginning of the Witty worm incident. That class B network belongs to a military base, said the researchers, though they declined to name the facility. Finding the presumed Patient Zero and evidence that a military base's systems were targeted explicitly by the worm are interesting, but probably not likely to yield any further leads on who created the worm, said Nicholas Weaver, a researcher at UC Berkeley's ICSI and the third co-author of the analysis. "If it's someone who either accidentally or deliberately released it from his own system, knowing Patient Zero is key to determining who wrote the worm," he said. Yet, that scenario is not very likely, given the evident expertise of the person who created the program. "If the attacker is savvy, discovering Patient Zero can be almost useless for law enforcement purposes," he said. Based on how quickly the code was put together, some experts, including Weaver himself, have theorized that an insider - either someone who works for or has contacts within ISS or the company that found the vulnerability used by the worm, eEye Digital Security - is the most likely creator of the worm. Moreover, an attacker not connected with the companies would not have known to create a hit list for a relatively uncommon flaw that could be exploited through UDP, Weaver said. "Thus the attacker had to already know who several ISS customers were and their location on the internet, including the military base which was part of the initial target set," he said. "It is this last point, the knowledge needed to construct the hit list, that most suggests the attacker either has or had a relationship with ISS. But it does not prove that the attacker was an insider." And, despite the depth of the analysis published this week, evidence of that connection remains elusive. Copyright © 2004, Related stories Wormability formulae weighs malware risks Infected in 20 minutes Witty attacks your firewall and destroys your data
Robert Lemos, 25 May 2005

Google Books under fire

Google’s plan to digitise thousands of out-of-copyright text books came under fire yesterday from a group of leading US publishers. The Association of American University Presses wrote to the search behemoth on Friday outlining its concerns. The AAUP represents 125 academic publishers. At issue is Google’s right to reproduce copyright works held by libraries at Harvard, Michigan and Stanford. Google’s Print for Libraries will allow browsers to search the text of books and see a “snippet” of the relevant text. The letter, signed by Peter Givler, executive director of AAUP, asks Google a series of questions regarding its claim to “fair use” in making library books available online. Givler wants more information on Google’s claim that once digitised then the copyright of the work rests with Google. He also wants to know how long a “snippet” is and how Google intends to protect copies against misuse. The letter ends: “Google Print for Libraries has wonderful potential, but that potential can only be realized if the program itself respects the rights of copyright owners and the underlying purpose of copyright law.” The head of Oxford University library said the project has the potential to be as important as the invention of the printing press. You can download the letter from AAUP’s website here.® Related stories Microsoft vs Google heats up Google catches Portalitis It came from the vaults! Google seeks to open the library
John Oates, 25 May 2005

O2 sponsors white elephant

O2 has confirmed it is to sponsor London's most prominent white elephant by renaming The Millennium Dome "The O2". The mobilephoneco - which is axing some 500 jobs including some 200 IT staff as part of a major restructuring - is spending £6m a year for its tie-up with London's big tent. Teaming up with giant entertainment group Anschutz Entertainment Group (AEG), O2 intends to help rejuvenate The Dome and surrounding area. The Dome - sorry, "The O2" is due to be re-open in 2007 providing a venue for music, shows and sports events. As part of the deal, O2 will be able to provide this content to its punters - something execs believe will be important as they try to hang on to their existing users. A spokesman for O2 shrugged off claims that it was sponsoring a monument of ridicule. "This is a bold move," he said, "and is in keeping with our emphasis to back music and entertainment." The venue is also expected to sport a massive "O2" logo on its dome-shaped roof. ® Related stories O2 to axe 500 jobs... 200 IT workers face O2 axe CWU 'shocked and dismayed' at O2 job losses O2 goes down the pan O2 trials mobile TV O2 and EasyAir avoid High Court spat O2 gets protective over 'bubbles' O2 creates 1,500 Glasgow jobs
Tim Richardson, 25 May 2005

Government issues NHS records guarantee

New rules on the security of information to be held in the NHS Care Records Service, which will start rolling out across England next year, were published by the Government yesterday. It hopes that the rules will calm fears of privacy abuses. The Service, a nationwide patient health record system, is intended to update the existing eclectic system, which relies on a mixture of paper and computer records, and is not always available to doctors in an emergency, which is when they need it most. The new service will be centralised, and available to all those authorised to access it. This triggered concerns about privacy so, in response, the Government has published the Care Record Guarantee. The Guarantee makes 12 commitments to patients about their records. Guarantor of these new patient rights will be the Secretary of State for Health, currently Patricia Hewitt. The Guarantee provides: Individuals will be allowed access to their own records; Access to records by NHS staff will be strictly limited to those having a 'need to know' to provide effective treatment to a patient; Information will not be shared outwith the NHS unless individuals grant permission, the NHS is obliged to do so by law, or failure to share would put someone else at risk. Any sharing without permission will be carried out following best practice guidelines; If individuals are unable to make a decision about sharing health information on their own behalf, a senior health care professional may make a decision to do so, taking into account the views of relatives, carers and any recorded views of the individual; Where health care is provided by a care team including people from other services, the NHS and patient can agree to share health information with the other services, bearing in mind the effect failure to share might have on the quality of care received; Individuals can choose not to share information in their electronic care records, although this may have an impact on the quality of care received; A complaints procedure; That individuals are entitled to check and correct mistakes in their record; That the NHS must enforce a duty of confidentiality on their staff and organisations under contract to the NHS; That the NHS must keep the records secure and confidential; That the NHS must keep a record of everyone who looks at the information held in the Service. Individuals will be entitled to ask for a list of people accessing their records, and details of when they looked at the records; and That the NHS must take enforcement action if someone looks at records without permission or good reason. According to Health Minister Lord Warner, the rules will be backed up with tough security measures, ensuring that everyone can have confidence in the new Service. © Pinsent Masons 2000 - 2005 See: The Guarantee (Eight-page PDF) Related stories NHS chief cans patient control over health record access GPs have no faith in £6bn NHS IT programme What's the point of NHS IT? No one knows
OUT-LAW.COM, 25 May 2005

EU biometric visa trial opts for the tinfoil sleeve

The US-inspired wet dream of a single, global identity document isn't quite dead, but with the announcement of Europe's biometric visa trial this week it doesn't look well. Smartcard specialist Gemplus has got the gig, working with prime contractor Sagem, for an initial trial in France and Belgium, and the visa format to be used is, er, a separate card. The slight snag with the single biometric identity document - as we've noted here in the past - was identified by Brussels' techies late last year. The technology is intended to use contactless chip technology, despite the obvious gotcha that it'll be perfectly feasible for unauthorised readers to lift data from your passport. But if you've got multiple travel validations using the same technology in the same passport document, having them all chattering at the same timed screws up the readers. As the techies reported last year, the original plan to have visas using contactless technology in a passport which itself uses that technology just plain doesn't work. Europe currently intends to implement common standards for biometric visas as part of its Visa Information System, so another way forward (not necessarily the word we'd use ourselves...) had to be found. The separate card format now being used in the Gemplus pilot looked like the most viable of the options the techies put forward on their announcement of the sad death of Plan A. The pilot is being carried out as part of the Biodev project, which is being run by an ad hoc group of EU member states and deals with immigrant visa holders within the Schengen area. The card uses Gemborder 2 technology, contains fingerprint and facial plus sundry other data, and is "carried in a cardholder pocket placed inside the passport books", it says here. Keeping the card in a protective sleeve stops its chatter interfering where it's not wanted - the announcement doesn't specify tinfoil, but the sleeve will no doubt use something of that ilk. Gemplus describes Gemborder2 as "ICAO-compliant contactless chip technology for electronic passports and visas", which is true after a fashion, but misleading in that it tends to suggest the ICAO standard is wider-ranging than it actually is. ICAO merely requires a facial biometric for the passport, and practically everything else is optional. The Biodev pilot shouldn't initially have much trouble with clashing chips, as contactless biometric passports will only start to roll out in the next six to nine months, but there are still likely to be problems associated with the visa being a separate document, rather than something stuck into the passport. This will be exacerbated when biometric passports do exist, and the confusion that's going to be caused by the need to have the right document out of its protective sleeve and the other documents in it should be obvious to everybody except our rulers. As Europe's visa is intended to be standard and Europe will be one of the first on the block with biometric visas, interoperability and multiple visas shouldn't be major problems initially, but there are likely to be difficulties as and when everybody else joins in, and people with half a dozen wibbling bits of plastic start showing up at Roissy Charles de Gaulle. Pause, friends, and think for a moment about what's happening now, and what the overall objective is. The US, Europe and various other countries are driving towards a global biometric backed ID system where networks of computers (e.g. Europe's VIS) and databases exchange information on the movements of everybody. Now, if the networks and data exchanges actually worked, then they'd know immediately if an individual identified via their passport (or even just their biometrics) had a visa. So in the long term there should be no need for spare bits of plastic, unless of course the authorities who steadfastly tell us this stuff will work don't really believe it will. And think about the immediate point of the contactless biometric visa, the contactless biometric passport, and the nature of progress. Current passport standards are vulnerable to forgery, but the use of a facial biometric in the ICAO standard makes forgery much harder, and does a far better job of linking the holder to the document. So in principle, so long as the issuing hasn't been fraudulent, with an ICAO passport there's a considerably higher probability that the person holding the passport is actually the person border control thinks they are. Current passports are in the main machine readable, so again in principle you can look up the individual to see if they're on any kind of watchlist. Current visas are generally stuck into the passport, so the border control operative is able to check the visa status of an individual by the simple expedient of opening the passport and looking at the visa. Effectively, with the addition of stronger forgery protection (which ICAO is) and tighter procedures on fraudulent application the current system could work pretty much in the way our lords and masters intend the systems they're building to work. In point of fact, if they'd actually finished building the current systems and they actually employed them, they could have been live ten years ago, or more. But no - progress dictates that we must all have our documents read by machines, not people, and that the border control operatives who currently don't have time/ can't be bothered to open our passports and look at them switch jobs. Instead of guarding the borders, in the wondrous future they'll be queue-minders specialising in stopping jet-lagged travellers waving the wrong bit of plastic at the machine, and finding which pocket they put the blasted visa in. ® Related stories: HP to build EU's biometric ID, terror database Security and interop issues cause EU biometric passport delays Smile: you're under global surveillance EU goes on biometric LSD trip
John Lettice, 25 May 2005
channel

NetApp busts through banner Q4

Storage dynamo Network Appliance bounded to a stellar fourth quarter and fiscal 2005. NetApp posted 34 per cent growth during its fourth quarter with revenue of $452m. The company's net income surged as well, hitting $63m as compared to $36m in the same period one year earlier. For the full year, NetApp pushed revenue to $1.6bn - a 37 per cent year-over-year rise. The company's net income for the full year rose 48 per cent to $226m. "Fiscal 2005 was an outstanding year for Network Appliance," said NetApp CEO Dan Warmenhoven. "We achieved strong gains in revenue, captured additional market share, expanded gross margins, and broadened our offering of the most innovative products targeted at the areas of fastest growth in storage." NetApp and rival EMC dominate the market for networked storage systems. Both companies have performed well in recent quarters as sales of disk-based systems and related software have surged. During the fourth quarter, NetApp placed a number of strategic bets against EMC. In particular, it formed a reselling agreement with IBM that will see Big Blue give up on part of the storage market and just move NetApp gear. In addition, NetApp and Veritas showed off new product that is the result of an engineering agreement between the firms. NetApp saw its strongest growth come from the software division with sales jumping 74 per cent. In the first quarter, NetApp is looking for revenue to come in between 30 per cent and 33 per cent higher than last year's Q1. It also expects revenue for all of fiscal 2005 to be between 32 per cent and 35 per cent higher than 2004. ® Related stories Battered HP storage staff deliver plethora of product IBM thinks ahead with speedy midrange storage dynamo Dell cuddles up to EMC's NAS gateway Veritas goes hetero with new NetBackup Veritas CEO stays silent on Symantec dreams IBM hands over NAS duties to NetApp in mega storage tie-up
Ashlee Vance, 25 May 2005
channel

NetApp opens fire on EMC

NetApp has opened fire on EMC with the launch of the midrange FAS3020 and 3050, its first family of storage devices to support both Serial-ATA and Fibre Channel drives as primary storage. "In the NAS market it's just us and EMC," asserts Tim Pitcher, the company's newly-promoted European strategy and business development veep. IDC's figures seem to back him up - NetApp was by far the biggest NAS vendor to Western Europe last year in revenue terms, although Dell and HP both sold more boxes than NetApp or EMC. The FAS3020 and 3050 replace the FAS920 and 940, with around double the performance and four times the disk capacity - up to 50TB and 84TB, repsectively. Like earlier FAS models, they are not just NAS systems - they can also provide SAN volumes via either iSCSI or Fibre Channel. Each 3000 series box can support up to 20 2Gig Fibre Channel and 24 Gig Ethernet ports. NetApp systems engineering director Stuart Gilks says the company is doing very well in iSCSI, especially among mid-sized Windows sites. "We have 2,000 live iSCSI customers," he says. "The majority are Windows, Exchange and SQL Server, and they're running on FAS so it's also providing NAS for other applications, all on the same network and the same platform. We're seeing some traction for iSCSI in Linux, but NFS works better in that environment." He adds that the new SATA shelves can also be added to other current FAS models. "The combination of dual-parity RAID, our DataOnTap software, and the optimisation we've done on SATA allows it to replace Fibre Channel as the primary storage in some applications," he says. As well as the FAS3000 which includes storage arrays, NetApp also announced equivalent new members of its diskless V-Series of virtualising storage controllers. To emphasise the competitive point, the only major array vendor not supported by V-Series is EMC - it can virtualise and provision arrays from Hitachi, HP, IBM, Sun, Engenio and Storagetek. "We have demonstrated it working with Clariion," says Pitcher, "but when we add an array we have to have support from that vendor." He admits that, unlike EMC's supposedly non-disruptive Invista storage router, virtualising a non-NetApp array with V-Series will require data migration work. However, at just over $50,000 for a basic V3000 or $35,000 for a FAS3020, NetApp is considerably cheaper. ® Related stories Battered HP storage staff deliver plethora of product Dell cuddles up to EMC's NAS gateway EMC wags new NAS giant at rivals NetApp and IBM
Bryan Betts, 25 May 2005

Big torch sale at Cash'n'Carrion

Cash'n'CarrionCash'n'Carrion We know how much Reg readers like their hi-tech illumination, and we've managed to secure some limited supplies of Inova LED torches at knock-down prices. Anyone on the look-out for a top-quality torch and not familiar with Inova products should certainly check out the Inova range, offering virtually indestructible aircraft-grade aluminium construction and a penetrating, LED-driven beam. The prices are: Inova X1 - £15.99 inc VAT (was £21.99), X5 (pictured here) - £34.99 inc VAT (was £41.95), XO - £38.99 inc VAT (was £48.99), and the 24/7 at just £35.99 (was £49.99). Full details on all these models are available in our Bargain Basement. Get 'em while they're hot. ®
Cash'n'Carrion, 25 May 2005

Galileo seeks clever uses of sat nav

Now that Europe is pressing ahead with its Galileo satellite navigation system, it seems that is a bit stuck for ideas for what to do with it. Enter the Galileo Masters 2005 competition, with a prize of €50,000 of business development support for the European team that comes up with the best idea for an innovative use of the network. The competition is open to small businesses or entrepreneurs across Europe, and entries will be evaluated regionally before progressing to a final showdown of the best ideas. The competition organisers are focussing on seven regions within Europe: London, Gothenburg, Nice-Sophia Antipolis, the Czech Republic, Varese, South Holland and Munich. All the regional winners will be invited to the International Systems IT and Telecommunication Fair in Munich in October, where they will be given free stands. Last year the Sat-Nav section of the fair had more than 65,000 visitors. The overall winner will be provided with six months in an office in their region's "business incubator" along with consultancy and promotional support, a package worth around €50,000. Galileo will provide an EU-controlled alternative to the US GPS satellite navigation system, designed for civilian use, and will offer more detailed resolution than its US counterpart. The project will cost an estimated €3.7bn, of which €2.1bn will be spent on deployment. Two thirds of this investment will come from industry. The final exploitation costs are likely to run to €220m per year. The public sector will make an exceptional contribution of €500m, the European Commission said, but from then on, the costs will be covered entirely by the private sector. Naturally, with all this cash being pumped into the network, the relevant bigwigs are keen to make sure they will have an early return on the investment. And this is where the contest comes in. Competition organisers reckon that by 2015 over 400 million satellite navigation users will have created more than 100,000 new jobs within the European aerospace and electronics industry. So the sooner people start coming up with applications, the better. Bruno Naulais, manager of ESA's European Space Incubator, said: "[The contest] is important for Europe's space industry as it creates novel utilisations for our navigation systems and in the end will generate income for their technology." Last year's winner suggested using the satellites to track fish stocks. The company, HCL Technologies, developed a device that would help fishermen in developing nations decide where they should cast their nets. The 2005 competition closes on 30 June, so if this sounds like your sort of thing, get over to the Galileo Masters website here (flash warning). ® Related stories Galileo concession still up for grabs Galileo launches will go ahead USAF plans space wars, world's space hardware gets nervous
Lucy Sherriff, 25 May 2005

Deleting spyware: a criminal act?

AnalysisAnalysis On my computer right now I have three anti-spyware programs, three anti-virus programs, and three anti-spam programs, together with a hardware and software firewall, an IPsec VPN, and data level encryption on certain files (and no, this is not intended to be an invitation for you to try to test my security.) The anti-spyware, anti-virus, and anti-spam software all work in very much the same way - they have definitions of known malicious programs, and they may also have algorithms to raise flags about unknown programs which operate in an unusual way. Depending upon user preferences, the programs either automatically block or delete the suspicious mail or program, stop a running process, or quarantine a file for the user to delete. In general, users delete all or virtually all of these identified programs and blocked mail. I mean, who really wants spyware or viruses, right? However, both the identification of programs as spyware or spam, and the deletion of these programs may, in fact, be a violation of the law. What is "spyware" anyway? At present there are several dozen laws or pending bills to both define and outlaw spyware. At the federal level, there are three bills pending, including the Internet Spyware (I-SPY) Prevention Act, HR 744, the SPY Act, HR 29, and SPY BLOCK Act, S. 687. At the state level, there are four existing anti-spyware laws, in Utah, Washington State H.B.1012, Virginia - Prohibited Software and Actions and California - Computer Spyware. In addition, there are a number of states that are considering laws to outlaw spyware. While there are significant differences in each of these proposals (with some permitting criminal or private civil enforcement, and others only permitting the State Attorney General to enforce these rights), in general the law attempt to prohibit the "deceptive" practices of the unauthorized installation of programs that monitor a consumer's activities without their consent. As a result, these statutes tend to prohibit both the transmission or installation "through intentionally deceptive means" of software that either changes configurations of certain programs, or collects personally identifiable information, or prevents a user's efforts to block installation, or falsely claims that software will be disabled by the user's actions, or removes or disables security software, or takes control of the computer (by accruing dial-up charges, or by opening a series of advertisements that can only be stopped by turning off the computer). Of course, if I want to install software that does all these things, the law would not prohibit these things. The problem of distinguishing between illegal spyware and ordinary programs is not that easy, however. America Online was sued when it distributed version 5.0 years ago, which members of the class that sued claimed altered software and registry settings without the consumer's knowledge or consent. Netscape was similarly sued for a version of its browser, but defended claiming that the Software Licence Agreement provided notice of the changes. Rumors have abounded that the next version of Microsoft's "Longhorn" OS will automatically send error messages to the mothership in Redmond which will now contain information about not only the system settings at the time of a crash, but also the contents of any document the user may have been working on when the system crashed. Thus, the key difference between unwanted and unlawful spyware and "legitimate" software is simply user knowledge and consent. Both might actually collect and transmit personal information, muck up system and registry settings, be hard or impossible to alter or delete, and might disable itself or other programs upon removal. But did you know and consent to having it installed? What is consent? How does a purveyor of "spyware" get users to "consent" to its installation anyway? Online consent is usually achieved through some form of advisory on a webpage or a click-through agreement. Providing users with access to your Terms of Service or Terms of Use (by placing them on a link on your home page) or providing them the relatively easy ability to download or view a Software License Agreement is usually sufficient to bind the consumer to any non-egregious or unconscionable terms of a contract, including things like agreeing to arbitrate disputes, and agreeing to sue in the website operator's home jurisdiction (Guam? Northern Marianas Islands?), and so on. Just how "prominent" must a Software License Agreement or website be in order to not constitute a "deceptive" practice? How detailed must a software distributor be in describing exactly what registry settings the software alters, what information it collects, and what programs it may interfere with in order to avoid liability? How does a software distributor get consent of, for example, a 13-year-old in Columbus, Ohio who just wants to download a pretty screensaver, yet is below the age to legally enter into a contract? Or what about a 92-year-old first time computer user in Sheffield who is installing a program he or she read about in a magazine? Take, for example, one common source of "spyware" or "adware," Kazaa's peer-to-peer network software. By simply downloading and installing the P2P software you are agreeing to the terms of their 5,500 word license agreement, which attempts to distinguish between the evil "spyware" that they would never install on your computer, and the helpful and friendly "adware" which, according to Kazaa, delivers ads which "are selected for you based in part on how you surf the Web so they're often about things you are actively searching for. That makes them pretty useful." Consider a website which might contain language at the bottom (under the "privacy policy" or "legal") which might contain language to the effect that, by proceeding past the home page, or by installing certain programs, you are agreeing to the installation of a key logger, password grabber, browser redirector, program crasher, a pop-up installer, and a remote control program. Is it a crime if you state that you never read or understood what was clearly and plainly written on their website? Whether a program is a crime or was invited must go beyond mere "notice and proceed" consent, or even mere "clickwrap" consent. When a program is as invasive and potentially destructive as what we commonly think of as "spyware" or "adware," the distributor should be required to demonstrate effective and informed consent - sort of an "are you sure you want to do this?" consent. Sure, this is a much higher standard than required of any other form of clickwrap contract - many of which may be as unconscionable as the installation of spwyare. But if I am going to install something that is as potentially disruptive as spyware, the purveyor should take strong steps to show that I knew what I was doing. This applies equally to Kazaa's Claria as it does to Redmond's Microsoft. Clear, concise and easily understood terms should be required. Spyware removers as criminals? Now let's say I install Kazaa and agree to the GAIN ads they give me as a condition precedent for obtaining this useful P2P software. Or, suppose I install a demo version of a program, and agree to a condition that it will self-destruct if I don't pay for it. Or, I install a screensaver which contains a notice that it will also redirect my browser and install spyware (but I am dumb enough not to read that part). I am therefore bound by the terms of the contract I have agreed to - whether or not I have read it - unless the terms are unconscionable and therefore unenforceable, or they are so buried and inaccessible or fraudulently worded as to not be capable of forming a contract. Once I receive the benefit of the contract I have entered into (the P2P software, the screensaver, etc.) suppose I then download and install a spyware remover, which either automatically or at my request removes the portion of the program which is of benefit to the software distributor. Thus, I get the benefit of the program without adhering to the other part of the contract. An analogy can be made to those who get "free" broadcast television with the implied understanding that they will watch commercials, and then they use TIVO to get past them or create software programs that will automatically remove them from recorded broadcasts. More apt an analogy is those who subscribe to valuable services (such as email newsletters) on the condition that they provide some personal information, such as for a subscriptions to the online New York Times - and then deliberately provide false information. While these websites don't seem to mandate that you provide accurate information, what if they had an "attestation" clause - meaning, I agree that I am providing accurate information as consideration for my access to the free online content of the New York Times? Would that make viewing the Times under false pretenses the same as stealing a copy of the paper from the news box? The problem is worse for anti-spyware programs, which essentially automate the process of breaching consumer contracts. This is assuming that the consumers actually agreed to the terms and conditions under which the spyware was installed - generally not a valid assumption. Essentially, the spyware distributors would argue that the anti-spyware purveyors are inducing their customers to breach their contractual obligations, and are tortuously interfering with their contractual relationships with those who knowingly downloaded the spyware. This is precisely the legal theory relied on when New.net sued Lavasoft in Federal Court in California, asserting that by calling its software "spyware" and blocking it, Lavasoft was defaming its products and interfering with its ability to distribute it. The California court rejected these arguments, asserting that, "despite the fact that the success of [New.net's] business ultimately depends on its ability to distribute as many copies of its software as possible onto users' computers, these relationships with the public at large are based on free and usually surreptitious downloads, and thus hardly rise to the level of 'economic relationships' as there is no business dealing between the unsuspecting users and [the company]." While the result is laudable, it is not clear that the analysis withstands scrutiny. New.net's "customers," those who installed the software with a bargained for consideration, were induced into breaching the contract by Lavasoft's operator's designating the program as "spyware." Certainly there was an economic relationship between New.net and those who downloaded the software ? personal information in exchange for free software. The court could have attacked these contracts and found that the users never really agreed to them, and therefore were unenforceable, but it did not do so - it simply dismissed any argument that there was an economic relationship. The lesson of all of this is, if you get a bargained-for benefit from downloading and installing a program in return for agreeing to provide something (such as your personal information), not only may the distributor be guilty of a deceptive trade practice if it doesn't fully explain what the program does, you may also be guilty of a deceptive practice if you don't live up to your end of the bargain. Another full employment program for lawyers! Copyright © 2004, SecurityFocus columnist Mark D. Rasch, J.D., is a former head of the Justice Department's computer crime unit, and now serves as Senior Vice President and Chief Security Counsel at Solutionary Inc. Related stories House passes anti-spyware bills Spyware wars Spyware scumbags make $2bn a year
Mark Rasch, 25 May 2005

Siemens conducts customer ejaculation survey

It appears that Siemens Business Services in Germany has developed a rather agreeable sense of humour. It is currently conducting what we reckon is a customer satisfaction survey which invites excited punters to "Come on Siemens". While we're pretty certain that the majority of Siemens' clients would prefer to keep business and pleasure separate, it's nice to see a company which is prepared to bend over backwards to accommodate its customers. Good show. ® Bootnote The usual ta very much to reader Andy for the heads-up on this one. Related stories Xmas comes early for phone ad girl Are you a mobe-hating foot fetishist? Cop 'downloaded nude snaps' from suspect's mobile phone
Lester Haines, 25 May 2005

Trojan attack takes files hostage

Virus writers have taken to extortion with malicious code that can hold documents on infected PCs hostage. The attack attempts to extort money from victims by encoding files on their PCs using a Trojan horse before requesting payment for a decoder tool. The Trojan downloader (download-aag AKA Pgpcoder) exploits a well-known Internet Explorer vulnerability (MS04-023) to download hostile code onto vulnerable Windows boxes. It then searches for files with various extensions and encodes them. The original documents are deleted and the newly encoded files become unreadable. The malware also drops a message onto the system with instructions on how to buy the tool needed to decode the files, demanding payment of $200 from victims if they ever want to see their documents again. The cyber extortion attack, first identified by net security firm Websense, represents a pernicious development in hacker tactics but with few documented cases there's no need to panic. Furthermore the attack relies on the download of code from a site which has since been taken offline. Nonetheless users would be wise to protect their systems and back up their data as a precaution against this type of attack. ® Related stories Online extortion works Net extortionists in child porn threat Feds bust DDoS 'Mafia' Extradition ruled out in bookie extortion case New Bagle worm drops in and downloads UK police issue 'vicious' Trojan alert
John Leyden, 25 May 2005
chart

Nokia unveils $350 Wi-Fi tablet

Nokia took the wraps off a Wi-Fi internet tablet today at the LinuxWorld show in New York, the first in a new range of consumer devices from the phone giant. The pocket-sized device has no cellular capability, but boasts an 800x480 screen, runs the Opera browser and will retail for around $350 - less than rival PDAs and some of its own high-end smartphones. Nokia sees browsing and email as the primary uses, but the Tablet will be bundled with internet radio, voice over IP and an RSS feed reader. It's an open platform, and unlike its phone range, there's no built-in DRM or similar shenanigans to cripple the user experience. The 770 Internet Tablet is also Nokia's first Linux handheld, and Nokia is launching a Linux development platform "maemo" specifically for this new range of handhelds. It uses the ARM port of GNU Linux Debian 2.6 and runs Texas Instruments 1710 processor. Executives cited time to market and the community of enthusiastic developers as their reasons for opting for Linux over Symbian OS. The 770 will be available through general electronics retailers or direct from Nokia's website. The company says broadband providers are particularly interested in carrying it, too. Nokia bridled at comparisons with today's PDAs and Microsoft's Tablet PC initiative. "We don't like to think it's a PDA. To us a PDA is an extension of a PC. This is almost like a mobile phone of the internet," Janne Jormalainen, VP of Convergence Products at Nokia Multimedia told us. "If you've used browsed the web on a PDA, well, you know what that's like." "The tablet PC is really another kind of a PC in its different form factor, so you can't even compare these two," he said. (He was too diplomatic to refer to the Tablet PC's most notorious bug). The 770 has no camera or hard disk, and for storage the 770 Tablet relies on the postage stamp sized RS-MMC format, with a 64MB card in the package. For audio, Nokia has built-in a standard 3.5mm audio jack. Nokia expects users to transfer bookmarks and saved pages to a PC via Bluetooth or USB. Much more of a practical hindrance, we suspect, is the battery life. Even with a hefty 1500 mAh battery the Tablet will only run for up to three hours because of the power-guzzling Wi-Fi radio. (As a comparison, our Nokia 9300 comfortably maintains two days of mostly-on GPRS). So why had low-cost internet appliances failed to catch on, we wondered? "The internet has matured - this is really a mainstream thing now. People have needs at home beyond using the desktop PC or the PC of the house - it's really a matter of having the critical mass of uses for these services," said Jormalainen. That depends on where you are, of course. In the West the net means the web, but Asia thinks more of specific social activities that just happen to be network-enabled, such as games and chat. Even with Opera's outstanding browser, the mobile web is a poor relation to a modern PC: try placing a bet or booking a holiday on the move. And so it's likely to remain. However, ditch the web and there are plenty of network-enabled services to enjoy: internet radio is one, and personal file sharing is another. Behind the scenes, Nokia has given plenty of thought to what the world would like if traditional compensation models were applied to digital media. Sony's PSP has Wi-Fi, but unlike Sony, Nokia doesn't own movie studios or recording companies, which can be an advantage in getting a product to market. The killer app for a device like Nokia's Tablet won't be VoIP, but the "What am I playing?" menu. The Airpod, or Bluepod, is almost here. Now where's that Rendezvous port? ® Related stories Promiscuous BluePod file swapping - coming to a PDA near you Grassroots hackers create file-swapping wireless iPod More promiscuous data exchanges with strangers US mobile carriers shun iTunes Landscape fills with PDA smart phones Reboot daily, Tablet users advised Tablet PCs struggle for acceptance Moto exec drops AirPod hint
Andrew Orlowski, 25 May 2005

Directors disqualified for £3m internet scam

Two businessmen behind a dodgy internet holiday scam that netted £3m have been disqualified as directors. Nigel Moore of Liverpool Road, Chester, and Paul Charleston of Las Palmeiras, Spain, agreed not to run companies for the next ten years after fleecing £3m from unwary punters over a two-year period, the DTI (Department of Trade and Industry) said today. Through a number of different companies - Travelmasters Limited, Mediterranean Marketing Limited, Callmasters UK Limited, CCH International Limited, Intersun Limited and Leisuremasters Limited - the pair offered discounts for luxury holidays all over the world. Tempted by the offer of a "free" holiday, victims of the scam coughed up as much as £6,000 to purchase a so-called "key" - a user name and password - giving them access to websites which were said to offer incredible savings on holiday accommodation. Snag is, when they finally gained access to these sites they found the information supplied was bogus and that the cheap holiday deal was just a scam. ® Related stories Punters warned over 'matrix' web scam Ofcom to crack down on premium rate scamsters Businessman banned after Internet agency scam Euro MPs face scam crackdown OFT in net spam scam crackdown UK targets scammers in month-long campaign Dodgy UK websites terminated
Tim Richardson, 25 May 2005
channel

Comet to make 'small loss'

There was more depressing news from the high street today as Kesa Electricals - Europe's third largest electrical retailing group - reported that its Comet chain is expected to make a small loss for the first half of the year. Sales for the three months to the end of April at UK-based Comet dipped 1.6 per cent to £316.7m with like-for-like sales slipping 2.2 per cent. While the sale of digital products such as cameras was "good", a slowdown in consumer spending hit white goods such as fridges and washing machines as soft trading at the start of the year continued throughout the quarter before going further down hill in April. "As a result of the difficult market conditions and after taking actions to manage margins and implement cost savings, we now expect Comet to make a small loss in the first half," said the company in a trading update today. Said Kesa chief exec Jean-Noel Labroue: "Comet's performance in the first quarter reflects the difficult market conditions in the UK. The company has already reduced its cost base and will take further action if these conditions persist." Earlier this month high street rival Dixons reported that it too has been hit by weaker consumer spending, warning of tough times ahead. In the six months to the end of April, like-for-like sales in the UK - with stores including Currys, Dixons, PC World and The Link - fell two per cent. Demand for gear such as flat screen TVs helped increase sales at Currys and Dixons, but this growth was undermined by a slide in sales at PC World (by eight per cent) and The Link (by nine per cent) over the same period. ® Related stories Consumer sales and laptops fuel UK market growth Weak consumer spending hits Dixons Dixons looks to Russian Eldorado for growth Dixons mulls The Link sell-off
Tim Richardson, 25 May 2005

Spirit reveals Mars' violent past

Mars rover Opportunity has got itself stuck in a sand trap, while its twin, Spirit, has been gazing at the debris of ancient volcanic eruptions that took place when Mars was a distinctly wetter planet than it is today. NASA scientists say that the Spirit rover has found some really interesting geology. It spent the last couple of months climbing up "Husband's Hill", the tallest in the Columbia Hills range in the Gusev Crater. Although the rover has been close enough to the ground to take interesting samples, and send back close-up images, it was hard to get a sense of the overall picture, NASA scientists say, particularly because the layering of the rocks closely matched the slope of the hill Spirit was climbing. However, now that Spirit has turned around an is looking back on its progress, the whole picture is starting to fall into place. "Looking back downhill, you can see the layering, and it suddenly starts to makes sense," said NASA's principal investigator, Dr. Steven Squyres. Spirit's examination of rocks has revealed that some contain the mineral Ilmenite, a titanium-iron oxide formed during the crystallisation of magma. It also found that the textures of the rocks vary greatly at different layers - some areas have very fine details visible only to Spirit's microscopic imager. Others are clumpy, like grains all stuck together. Still others are massive rocks, with very little fine detail. "Our best hypothesis is we're looking at a stack of ash or debris that was explosively erupted from volcanoes and settled down in different ways," Squyres said. "We can't fully rule out the possibility the debris was generated in impact explosions instead of volcanic ones. But we can say, once upon a time, [the Gusev Crater] was a pretty violent place. Big, explosive events were happening, and there was a lot of water around," he went on. Opportunity, meanwhile, has been stuck in a ripple-shaped sand dune for a little over three weeks, NASA says. The rover has managed to dig its way forward just 11 inches in that time. If it had been trundling freely across the planet's surface, it would have travelled around 157 feet. If it does manage to get itself free, it will be put to work examining the ripple to try to find out why it was such a problem. The rover has traversed several other ripples in the windblown Meridiani plains, and NASA researchers are curious as to why this one has it stumped. You can see Spirit's view back down Husband Hill here. ® Related stories Missing Mars lander shows up in old pics Another 18 months for Mars rovers Dust devils spring clean Martian rover
Lucy Sherriff, 25 May 2005

FBI outlines new IT system

The FBI has learnt a costly lesson from its disastrous attempt to upgrade its IT systems in the wake of the 9/11 attacks. The "Virtual Case File" system cost $170m and was abandoned in January 2005. It aimed to give access to all FBI files from any office. The federal commission which investigated the attacks was highly critical of FBI information systems after it emerged they had information which could have pointed to an attack. The new system is called Sentinel and FBI director Robert Mueller told a Senate committee he was disappointed at the money and time wasted on the previous project. He told the committee the agency had learnt lessons in project management and technology from the previous abandoned project. The first phase of the Sentinel project should be live by the end of this year and the next three stages should arrive over the next three years, according to Bloomberg.® Related stories MS UK recruits FBI man MI5's computers will be over budget and under-powered US intel agencies 'incompetent'
John Oates, 25 May 2005

Patent chief teaches children a lesson about copyrights

Nothing turns a stomach foul quicker than a sixth-grader lacking sufficient knowledge about copyrights and intellectual property. So, hats off to director of the US Patent and Trademark Office (USPTO) Jon Dudas, who yesterday gave a rousing speech at Legacy Elementary School in American Fork, Utah, extolling the virtues of keeping Hollywood safe. Dudas had the wee ones in his hands by using the 'Revenge of the Sith' video game as an example of American IP (intellectual property) in need of protecting. The bureaucrat "reminded the graduating class that copying or downloading others’ property without their permission is a crime and that they have a responsibility to help stop it," the USPTO said. (Reminder: This is the last call for submissions in our "Biting the Pigopolists" badge design contest. Be sure to show off your PhotoShop skills before it's TOO LATE.) It may seem unusual to see a government official browbeating teenagers in person at an elementary school, but there was some reason behind the madness. Dudas travelled to Utah for a two-day “Conference on the Global Intellectual Property Marketplace" - an event meant to nurture IP awareness with small businesses - and found time to pitch the youth. “Illegally copying computer games, DVDs and other products is just as wrong as stealing these items from the store,” Dudas said. “Copying and downloading Star Wars video games and movies is not okay - it’s breaking the law because it is stealing someone else’s property. It’s important that people - especially children - show respect for others’ property, whether it’s your next door neighbor, your classmate or a company that’s far, far away.” We always pay attention to politicians when we're not watching Britney Spears The music and movie industries, with help from the government, have used lawsuits to teach many children the real value of copyrights. It's hard to say whether a speech from Dudas or the threat of eating peanut butter and jelly sandwiches behind bars is worse. Without doubt, however, the children learned a valuable lesson about protecting business concerns for the good of America's future economy. Now back to passing notes and awkward flirtations. ® Related stories Deleting spyware: a criminal act? Google Books under fire Witty worm traced to 'Patient Zero' Underground showdown: defacers take on phishers BOFH: Lucky in computing... Software piracy down, but piracy losses up
Ashlee Vance, 25 May 2005

Voyager 1: exit stage left

Voyager 1 has officially left the solar system, having crossed the so-called termination shock in December last year. The craft crossed the boundary 94 astronomical units (the distance from the Earth to the sun is one AU) from the sun, according to NASA researchers based in Washington DC. The key things to look for, scientists say, are an abrupt drop in the speed of the solar wind, along with a significant increase in the sun's magnetic field strength. The solar wind loses speed quickly at the termination shock, falling from at least 700,000 miles per hour down to 100,000mph. Based on the strength of the solar wind, some researchers claimed Voyager passed this marker three years ago. But because there was no change in the magnetic field strength - caused by solar particles slowing down and crowding together at the termination shock - the claim was widely disputed. On this occasion, Voyager 1's magnetometer has detected a two-and-a-half fold increase in the strength of the magnetic field, New Scientist reports. The researchers have ruled out the possibility that this is due to a solar flare's shock front. If a solar flare was behind the increase in the magnetic field strength, the craft would also have detected fewer cosmic rays, but instead the reverse is true. Edward Stone, of Caltech told New Scientist: "This time the entire Voyager 1 team agrees we have crossed the termination shock." However, there is still missing data. Theory predicts that Voyager should have seen an increase in so-called anomalous cosmic rays (ACR) when it left the solar system, but no such increase was detected. ACRs are bits of neutral interstellar flotsam that are ionised when they enter the solar system. The Voyager 1 team proposes that ACRs might be made only in especially turbulent parts of the termination shock, as opposed to continuously along its edge. If this is the case, it is possible that Voyager just missed them. ® Related stories Sun spits out tiny squirt of plasma Green light for tests on really big telescope designs Europe will land on Mars in 2013
Lucy Sherriff, 25 May 2005

UK no longer OECD's broadband laggard

The take-up of broadband in the UK has soared over recent years thanks to the increased availability of high-speed internet services and falling prices. Although the UK has come a long way over the last couple of years, compared to the 30 other countries that make up the OECD (Organisation for Economic Co-operation and Development), the UK is still only a middle ranking broadband nation. Still, at least it beats being a broadband laggard, which aptly described the UK's status two or three years ago. According to the latest stats to emerge from the OECD, Korea still tops the broadband league table with a broadband penetration rate of 25 per cent, followed by The Netherlands with 19 subscribers per 100 inhabitants hooked up to broadband. Denmark, Iceland and Canada follow close behind. For what it's worth, the UK is ranked at number 14 out of the league of 30 nations, behind Sweden, the US and France. In 2000 the UK was down in 22nd place. In all, there were some 118m broadband users at the end of 2004 in the 30 countries that make up the OECD - up 34m during the year. ® Related stories UK is still broadband UK is broadband laggard OECD Ireland one of most expensive countries for broadband UK DSL coverage reaches Competition good for broadband - OECD The $30bn broadband economy OECD
Tim Richardson, 25 May 2005

UK ID scheme rides again, as biggest ID fraud of them all

AnalysisAnalysis Home Secretary Charles Clarke is "aware of the genuine concerns" over the UK ID scheme, but the Bill his department reintroduced to Parliament today is, according to Home Office Minister Tony McNulty, "in essence... the same Bill" as the one that fell prior to the general election. So, it would seem that the new-look listening Government hears the concerns, and says, 'tough'. According to McNulty the new version of the Bill changes "some elements around the information commissioner", but that "some of the other [changes] are quite minor." New Labour had made a "very strong commitment" to ID cards in its manifesto, and "the essential principles are as they were then." There will however no doubt be changes in detail to look out for in the new version, which you can find here. The pro-ID arguments the Government has put forward in the run-up to today's publication have been well-rehearsed, some of them over a period of years, and are as flimsy now as they were in previous Parliamentary sessions. It will, it claims, be necessary to have all of the biometric data to comply with global biometric passport standards, the public overwhelmingly supports ID cards, 30 (or sometimes 35) per cent of terrorists use false ID, and ID theft costs the UK over £1.3 billion a year. Did we miss one? Possibly, but these old faithfuls serve the latest New Labour junior minister rotated into the Home Office ID card hotseat well as ammunition to bore the press with. Alongside them the form of words 'we never said ID cards were the complete answer to... [insert terrorism, ID theft, benefit fraud etc here]" comes in handy, and now they can also say (as Tony Blair did last week): "It is a manifesto commitment and we will honour it."* All of the claims are however either false or grossly misleading, the "we never said..." that the Government never mentions is what the ID scheme is the solution to, and while one might be inclined to applaud a determination to honour manifesto commitments, one can't help noticing the numerous previous commitments that haven't been honoured, and the things the Government has done in the past (e.g. the odd war, scads of repressive legislation and the attempted destruction of the judicial system) that unaccountably failed to appear in the 2001 manifesto. The ID theft threat This week's key pro-ID card argument is clearly ID theft, and several ministers have said £1.3 billion several times already. On Monday Charles Clarke told Parliament: "It is essential that we tackle the issues of identity fraud", while the Home Office's announcement of the new Bill (headed "Safeguarding Our Identities") quotes Tony McNulty as saying: "A secure national identity cards scheme would protect everyone's identity and help prepare the UK for the challenges of the 21st century... Our identities are incredibly valuable to us and too easily stolen. ID fraud is a growing crime which can ruin lives and underpin illegal activities from people-trafficking to credit card fraud, from abuse of our healthcare and benefits systems to terrorism." The Home Office today also published the results of the Passport Service's biometric enrolment trial and, as we predicted it would eight months ago, spun the accompanying massaged survey up into overwhelming support for ID cards: "The majority of participants strongly agreed that biometrics will help with passport security, preventing identity fraud, preventing illegal immigration and are not an infringement of civil liberties", it claimed today. The Government's redoubled enthusiasm for presenting the ID scheme as a way to tackle ID theft is easily explained. Various surveys report public support for ID cards as being around the 80 per cent mark, and the most recent, carried out for Intervoice and reported here, also found that 57 per cent saw ID cards as the best way to protect themselves against identity theft. As Intervoice general manager George Platt bemusedly told the Beeb: "An identity card doesn't really help the problem of identity theft other than at the point of purchase". He speculated that the result reflected general confusion about what ID theft is, and how it should be tackled. Quite. The Government's own focus groups carried out alongside the now-geriatric Entitlement Cards consultation reported a majority supported ID cards, but that there was ignorance and misunderstanding of what they would involve, and how they would solve the problems the public perceived they would solve. Subsequent surveys, starting with the Detica one where Detica Head of Security David Porter noted that 94 per cent were aware of the ID scheme, but two thirds have little or no knowledge of how it will work, have all identified high levels of support accompanied by profound misconceptions. Now, the Government is clearly proposing to use the public's very real concerns about what it thinks of as 'identity theft' as a major justification for ID cards. The public thinks ID cards will help deal with 'identity theft', so very well, the Government will use that in support of the ID Cards Bill. It's listening after a fashion, we suppose, besides being something of an ID fraud in its own right. £1.3 billion - the estimate from Weimarland The continued parroting of £1.3 billion is particularly fraudulent, and at this point it's worth us examining the origins of the figure, and what it is made up of. It appears in Identity Fraud - A Study, published by the Cabinet Office in July 2002. This document is actually on the Home Office site, but as Ministers show no sign of having read it, it's probably an oversight that it's still there. The document takes a pretty broad view of what might be classed as identity fraud, and puts forward various reports and estimates that together add up to £1.3 billion in Appendix B. We can look at the most significant of these, and in each case gauge the effectiveness of ID cards in dealing with the problem: Customs & Excise: "Missing trader" fraud, which involves avoiding paying VAT by shuffling goods between EU countries, sometimes using false identities and front people. The study guessed 10 per cent of this might involve ID fraud, giving a figure of £215 million per annum, but as one of the salient features of the fraudulent IDs here would appear to be they're non-UK, the ID card scheme does not apply. Customs & Excise also estimated (remember that these are old, old numbers Clarke and Co are basing their £1.3 billion on) that money laundering accounted for around £395 million per annum. But again, as most of those who'll actually qualify for a UK ID card will already be familiar with their banks constantly pestering them to identity themselves, the bulk of this will be carried out via non-UK ID. So that's £610 million of the £1.3 billion that ID cards would barely scratch. Department of Work & Pensions Regular readers will know the DWP has a new wild guess for this one, an impressive £50 million. In the 2002 study the ID fraud component of welfare fraud of "£2-5 billion" (a pretty tight estimate, that) was around one per cent, i.e. £35 million. Shall we let them have that one? So the score is £610 million to £35 million. Immigration: The Home Office claimed that in Heathrow Terminal 3 alone around 50 fraudulent documents were found each month, and that the detection rate was at most 10 per cent (it wouldn't be hard to project this up to a nationwide, annualised border control catastrophe if that was what you wanted to do), and that it could save £6 million per 1,000 reduction in clandestine entrants. This produces the somewhat dubious 'ID fraud' cost estimate of £36 million for Heathrow T3 alone, but as they're foreigners just arriving in the UK they don't qualify for ID cards. Biometric visas might qualify, but that's a different Bill, not the ID Cards one. Nul points - score, £646 million to £35 million. Credit Card fraud: The estimate (for 2001) was of £370 million losses made up of counterfeit cards, lost and stolen cards, and card not present fraud. As George Platt noted, an identity card can only protect against identity theft at point of sale, and he might have added that it can only do so if proof of identity is demanded at point of sale. Which, in the UK currently, it generally isn't. So if your card is stolen, cloned, or used for card not present fraud (including via the Internet) the ID card as it is currently envisaged has no effect whatsoever. This is however the key area where the public thinks it would have an effect. Score now £1.16 billion versus £35 million. Insurance: This is a fairly wild guesstimate (there's a change). The study suggests a quarter of losses here might involve identity fraud, giving a figure of £250 million. So, if insurance companies insisted that people they were underwriting had to prove their identity via a UK ID card, then ID cards might have an effect. If the £250 million figure has any substance at all. But cards wouldn't get all of it (foreigners again), and would only get a substantial slice of it if the Government compelled production of ID in the insurance industry, as is the case for money laundering in banking. We'll just leave this one out, score still £1.16 billion to £35 million. CIFAS: CIFAS, the clearing house for the exchange of information on "applications for products or services, which are believed to be fraudulent" (we think they mean the applications, not the products or services really), provided an estimate of £62.5 million as the value of false ID or victim of impersonation fraud. Fraud in this area is undoubtedly bigger today than it was three or four years ago, and probably bigger than the CIFAS estimates. However, major growth areas are 'bin-bag ID fraud', where financial and personal data is stolen from your dustbin, and the theft of credit card company solicitations (with associated ID details) from common entrance halls. Where does the ID card come in there? Or indeed, on the Internet. The problems here are first that people do not in general keep a very good watch on how they dispose of their personal data, and second that credit card companies do not regard it as being in their overall interest to demand solid ID for new applicants. ID cards have nothing to do with it unless, again, the Government compels them to demand ID. So, of the numbers making up the "£1.3 billion" (actually £1.364 billion in the study), only that £35 million from the DWP could be said to bear some linkage to an ID card scheme, and the number itself is pretty much a guess ("£2-5 billion" total, indeed...). You'll note if you go through the list that there are entries for other categories where the study was unable to identify numbers to work with, and that some of these categories (e.g. unpaid speeding fines and housing benefit) could be reasonably thought to have an ID fraud component in them. We could therefore think of the 2002 study as taking a pretty wild stab at guessing the order of the cost of ID fraud, but as being by no stretch of the imagination being a comprehensive or accurate assessment. It effectively says, 'ID fraud exist, it is growing, and the cost is a big number. We think.' Would many of us have a problem with that? Probably not, although it depends what you reckon ID fraud is, and we at The Register tend to think lumping together as many different kinds of theft as possible and calling it ID fraud isn't totally helpful. By intoning the £1.3 billion mantra, however, and loudly repeating that Something Must Be Done about ID theft, the Government is encouraging the public in its erroneous belief that what it thinks of as ID theft will somehow be tackled by ID cards. Charles Clarke, who Trotted out the number just days after he took over as Home Secretary, is arguably the biggest ID fraud of them all. Stop press While this piece was being written, Tony Blair's official spokesman said " the longer this debate had gone the more people seemed to be seeing the relevance of ID cards. What we were seeing was identity theft becoming a much more salient issue which people were becoming concerned about in their every day life. It was a growing crime which costs the economy at least £1.3 billion per year." So there it goes again. ® * On the subject of manifesto commitments and honour, last Parliamentary session the TheyWorkForYou database was reporting that Tony Blair "sometimes" rebelled against his party. Which may strike you as strange, but investigation reveals that he voted against the Labour line twice, on the abolition of foxhunting, and on the reform of the House of Lords, both of these, we recall, being manifesto commitments. Related stories: ID cards: Part II General election debate misses purpose of ID cards Labour promises 'voluntary' compulsory ID card
John Lettice, 25 May 2005

Qwest turns back on MCI bid

Qwest Communications has finally given up on its pursuit of MCI, despite having a larger bid than rival Verizon Communications. During Qwest's shareholder meeting today, CEO Richard Notebaert delivered the painful news to investors. "We're not looking at MCI," he said, according to a Reuters report. "That's over." And so ends an active chapter in an already frenetic telecommunications industry. Qwest and Verizon took numerous swipes at each other over MCI, sweetening bids time and again. In the end, MCI's board decided that an $8.4bn bid from Verizon was the safer long-term choice than Qwest's $9.8bn bid. The MCI board has pitched Verizon to shareholders as the more stable suitor, warning that numerous large customers have threatened to cancel their contracts should the Qwest takeover go through. The US telecommunications industry has been in rather rapid consolidation mode after enduring a huge drop in sales and its fair share of accounting scandal. ® Related stories Punters wooed by MCI and Verizon More mergers in the telecom industry? Qwest posts flat revs Verizon knocks out Qwest with revised offer MCI dumps Verizon, cuddles up to Qwest Qwest makes final offer for MCI Our phones don't work - Verizon boss
Ashlee Vance, 25 May 2005

PGP use ruled relevant in child abuse case

A Minnesota appeal court has ruled that a trial judge was within his rights to allow police evidence about the presence of an encryption program on a defendant's computer to be admitted in a child abuse case. The ruling came as the Minnesota State Court of Appeals rejected an appeal by David Levie against his conviction for soliciting a nine-year-old girl into posing naked for digital pictures. One of the grounds for Levie's appeal was that the "district court erred in admitting evidence of appellant’s internet use and the encryption capability of his computer". A forensic examination of Levie's computer by a retired police officer discovered it was loaded with PGP which "can basically encrypt any file". Under cross-examination, retired cop Brooke Schaub also said that the PGP program may be included on every Macintosh computer that comes out today. Lawyers for Levie argued on appeal that his "internet use had nothing to do with the issues in this case" that "there was no evidence that there was anything encrypted on the computer" and that he "was prejudiced because the court specifically used this evidence in its findings of fact and in reaching its verdict". The appeal court rejected these arguments, one of four strands in Levie's appeal. "We find that evidence of appellant’s internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state’s case against him," the court ruled. Although it rejected Levie's request for a retrial it sent the case back to a lower court for resentencing, after conceding the legal basis of some aspects of the conviction were flawed. The case, although never put before a jury, could establish the precendent that the use of an encryption programme might be admitted as evidence of criminal intent, as least in Minnesota. The attitude seems to be "if you have nothing to hide why do you need secrecy tools". ® Related stories PGP goes the whole hog of encryption Zimmermann defends strong crypto against govt assault Americans want Uncryption UK police tackle mounting internet porn caseload IT industry told to 'cough up' by child campaigners New UK agency to target net paedophiles
John Leyden, 25 May 2005