View Single Post
Old 26-10-06, 08:39 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - October 28th, '06


































"The CD as it is right now is dead." – Alain Levy


"Spending time on therapeutic and educational web sites can be just as effective as regular visits to the psychotherapist." – Eric Bangeman


"The blind have more access to information than they ever had in history - but that's only true to the extent that Web accessibility is maintained. The technology is out there, and we don't need barriers to be put in our way. Give us a way in." – Chris Danielsen


"In the long term, we would like to improve the products so that people feel safe using them." – Nobuyuki Oneda


"Would you be comfortable wearing your name, your credit card number and your card expiration date on your T-shirt?" – Tom Heydt-Benjamin


"As much as people are griping about the Internet taking sales away from artists, it's been a huge promotional tool for me." – "Weird Al" Yankovic


"No amount of microtargeting is going to save Republicans." – Bob Mulholland


"It's already dead, but it doesn't know it yet." – Jon Paul Belstler




































October 28th, '06








'Net Neutrality' Would be Democrats' Pet
John Dunbar

A Democratic takeover on Capitol Hill would be good news to those who say the government should prohibit telecommunications giants from playing favorites with Internet content.

The idea, known as "network neutrality," is about preventing those who control traffic on the Internet from allowing well-heeled Web sites to in effect buy their way to the front of the line in a world where data flow can be as congested as Los Angeles traffic. Proponents say it should be a bipartisan issue.

But lobbyists for the big companies that control most of the Internet in the United States are worried that the Democrats might pick up the seats they need to take over one or both chambers of Congress.

The issue pits those companies - including AT&T Inc. and Comcast Corp. - against a well-organized grass roots campaign that is joined by some of the nation's biggest Internet success stories, such as Google and eBay.

Net neutrality advocates say the "Internet's First Amendment" is at stake. They argue that if those who run the network are allowed to discriminate against Web traffic based on which sites pay them the most, it will strangle the Internet's freewheeling, democratic nature.

Those who provide Internet service call it a simple issue of economics. Since companies like Google are pumping more and more information through their networks, those who provide the data pipelines should be able to charge more to pay to upgrade transmission capacity, they say.

Last year, both the House and Senate worked on bills that would let telecommunications companies like AT&T and Verizon Communications Inc. get into the video delivery business and compete with cable companies, without having to obtain franchise licenses in thousands of individual communities.

House members, under intense lobbying from the former Bell companies, were able to pass the legislation while beating back attempts to attach strong network neutrality provisions.

In the Senate a much more ambitious bill has yet to make it to the floor, and while there is a chance it may see action during an expected lame-duck session in November, its prospects are dim.

At the same time, Verizon and AT&T have persuaded state legislatures to pass relief from franchise rules, making that part of the push for a federal law a much lower priority.

That means network neutrality proponents will have to find a different bill to attach language to, or continue efforts to get something passed independently.

In the House, if the Democrats prevail, neutrality advocates can expect a much warmer reception than when the Republicans were in control.

The current chairman of the House Energy and Commerce Committee is Rep. Joe Barton, a Republican from AT&T's home state of Texas. Barton has consistently opposed network neutrality, as has Rep. Fred Upton, R-Mich., who chairs the Internet and Technology subcommittee.

By contrast, Rep. John Dingell, also of Michigan and who would assume the chairmanship if Democrats take over, has been sympathetic to network neutrality proponents. And Rep. Ed Markey, D-Mass., who would take over the Internet and Technology subcommittee, wrote an unsuccessful network neutrality amendment in the House and has made the issue a top priority.

Dingell is also expected to live up to his reputation as a tough overseer of the agencies that answer to his committee, such as the Federal Communications Commission.

On the Senate side, while a Democratic takeover is less likely, a Democratic pickup of one or two seats may still be significant.

A network neutrality amendment sponsored by Sens. Olympia Snowe, R-Maine, and Byron Dorgan, D-N.D., tied by a vote of 11-11 among members of the Commerce, Science and Communication Committee.

Sen. Daniel Inouye, D-Hawaii, the ranking Democrat who would take over the committee if the Democrats win control, supports network neutrality, while current chairman Ted Stevens, R-Alaska, blames the issue for sinking his broad telecommunications bill.

Regardless of the election's outcome, network neutrality legislation would still have to be signed by President Bush - something that both sides acknowledge is unlikely to happen.
http://hosted.ap.org/dynamic/stories...10-23-19-25-28





Kremlin Puts Foreign NGO’s on Notice
C. J. Chivers

MOSCOW, Oct. 19 — Scores of foreign private organizations were forced to cease their operations in Russia on Thursday while the government considered whether to register them under a new law that has received sharp international criticism.

Among the suspended organizations are some of those most critical of the Kremlin, including Human Rights Watch and Amnesty International, and others, like the National Democratic Institute and the International Republican Institute, that have been accused by Russian officials of instigating or assisting revolutions against other former Soviet republics.

The Justice Ministry, which is responsible for registering foreign private organizations, insisted that the suspensions were neither retaliatory nor permanent.

It issued a statement saying the suspended organizations had not properly filed new registration materials or had submitted the required materials on the last day before the registration deadline, which was midnight Wednesday. It said it was rushing to review the applications it had received.

“It is important to note that lack of reregistration does not entail the liquidation of the organization,” the statement said. “The talk here is only that these organizations cannot carry out the activity envisaged by their charters before they are brought into the register.”

The number of suspended organizations is not entirely clear. The statement said the ministry had received applications from 185 organizations, approved 108 of them and continued to review the 77 others.

But the suspensions were the latest chapter in Russia’s pressure on foreign organizations that have offices on its soil. They occurred in a climate of deepening worry about the Kremlin’s crackdown on civil society and just days before a planned visit by Secretary of State Condoleezza Rice.

Ms. Rice has expressed concern about the law regulating foreign private organizations, known as nongovernmental organizations, or NGO’s, which was passed earlier this year.

Some Russian officials, including Nikolai P. Patrushev, the chief of the domestic intelligence service, have accused the groups of interfering with state affairs or even harboring spies.

The new law, strongly backed by President Vladimir V. Putin, created extensive new filing requirements, which in some cases the organizations said had been so tedious and lengthy as to be almost impossible to fulfill. The groups have also expressed apprehension over the rules’ vagueness, which could allow any group to be audited, and perhaps closed, on a pretext.

They and their supporters have said that how the law is enforced will be a test of whether Russia will allow foreign organizations that it dislikes to continue to work in the country. The first deadline, and its effects on Thursday, were accompanied by a strong sense of concern, even fear.

“My fear is that their intention is to shut us down,” Josh Rubenstein, a director at Amnesty International, said by telephone. Amnesty International has had an office in Russia since the days of the last Soviet leader, Mikhail S. Gorbachev, he said.

The Justice Ministry posted a list of 73 organizations that were not yet approved, and thus were suspended. At least 38 of those were listed by the ministry as American or had a clear American affiliation, including the American Bar Association, the American-Russian Business Council, the American Trade Chamber and Johns Hopkins University.

The suspended Western organizations also included the Danish Refugee Council and the French and Belgian offices of Doctors Without Borders.

Other news organizations reported that nearly 100 groups had been suspended, but did not provide a list. The Associated Press quoted one Justice Ministry official as saying that 96 groups had been suspended, while the Itar-Tass news agency later quoted the same official as saying the number was 93.

While the ministry said it had approved 108 organizations for registration, it provided a list of only 80.

Forty-one of those were American, including the Ford Foundation, the Nuclear Threat Initiative and the Moscow office of the Carnegie Endowment for International Peace. Of the 41, 33 appeared to be child adoption agencies.

As the day passed with offices idled, some of the affected groups declined to comment, saying they worried about antagonizing Russia while their registration documents were under review.

Others described a new posture their offices had assumed on Thursday: they abruptly stopped their work and programs but left their lights on and offices staffed.

Carroll Bogert, an associate director at Human Rights Watch, said by telephone from New York that its employees in Russia were still being paid, “but otherwise we are not operating in Russia.” She said she expected that the office would be registered once its documents were reviewed, and that the organization did not feel that it was a specific target.

The cessation of some organizations’ activities was denounced by their partners in the country.

Elena Panfilova, director of the Russian chapter of Transparency International, an anticorruption organization, said her office was registered as a domestic, not foreign, organization and so was not directly affected by the new procedures.

But she said she had work planned with other groups, which now were unable to meet with her. “It is appalling,” she said. “It is a total disgrace.”

The Justice Ministry said it was working to expedite the registrations and blamed the organizations for not providing required documentation.
http://www.nytimes.com/2006/10/20/wo.../20russia.html





Danish Court Tells ISP to Block Access to AllofMP3.com
Nate Anderson

AllofMP3.com suffered yet another setback as a Danish court ruled that an ISP must block access to the Russian music site. The ruling only covers one ISP (Tele2) in one country, but the ruling will certainly set the stage for more lawsuits as the International Federation of the Phonographic Industry believes it has developed another successful tool in its fight against AllofMP3.

Unable to shut the site down in Russia after years of trying, the IFPI has recently tried to cut off AllofMP3 from the other end—making it difficult for users to connect to the site and harder for the site to accept international credit cards. As we reported a week ago, the IFPI was responsible for bringing AllofMP3 to the attention of Visa, which stopped processing payments in early September. The recording industry has also been successful at getting its worries heard by politicians; the US Trade Representative, for instance, has publicly called AllofMP3 one of the most significant obstacles to Russia's bid to join the WTO.

Going after ISPs is only the next logical step. IFPI Denmark sued Tele2 in Copenhagen City Court back in July, asking a judge to force the ISP to cut off access to AllofMP3.com. Yesterday, the judge agreed to do so. John Kennedy, head of IFPI, said: "This judgment is one more step along the road to getting this rogue site closed down. Allofmp3.com illegally offers for sale copies of music that it has no right to reproduce or distribute. It provides unfair competition to the nearly 400 legal sites worldwide that respect the rights of composers, artists and record producers."

Ib Tolstrup, who leads a Danish telecommunications industry group, told Computerworld Denmark that the decision could have dire consequences for the entire industry. "We are horrified over this judgment, to say the least. It means that we must now keep an eye on what our users are doing online. And blocking user access to certain websites will never be a perfect solution," he said. "This can spread anywhere. Next time we might be asked to block pages with illegal software or something like that. But we will always demand a court order before acting on these requests."

By making ISPs responsible for controlling their users' access to illicit material, the court has cracked open a massive can of nightcrawlers. The worries here are obvious: how can each ISP be expected to monitor websites around the globe and make legal judgments about whether such sites are legitimate under local and Danish law? In the US and Europe, courts have generally recognized that users—not service providers—are responsible for abiding by the law while using the Internet. This ruling calls that basic principle into question.

If upheld, it could open ISPs in Denmark to a flood of complaints from companies, industry groups, and individuals, asking the ISP to block access to material deemed offensive or illegal, even if no court has yet ruled on legality. The alternatives are not appealing: fight every request in court at great expense or accept every request at face value and become an all-out censor. Hoping to avoid this nightmare scenario, Tele2 has filed an appeal.

Anders Bylund contributed to this report.
http://arstechnica.com/news.ars/post/20061026-8080.html





BitTorrent Site Admin Sent to Prison

The 23 year old Grant Stanley has been sentenced to five months in prison, followed by five months of home detention, and a $3000 fine for the work he put in the private BitTorrent tracker Elitetorrents.

This ruling is the first BitTorrent related conviction in the US. Stanley pleaded guilty earlier this year to “conspiracy to commit copyright infringement” and “criminal copyright infringement”. He is one of the three defendants in the Elitetorrents operation better known as “Operation D-Elite”.

Operation D-Elite (they love word tricks) was orchestrated by the FBI with a little help from the MPAA in May 2005, and resulted in the shutdown of one of the largest private BitTorrent trackers at that time.

Two months ago we reported that Scott McCausland pleaded guilty to committing the same crimes. Scott is to be sentenced on December 12, 2006, and invited everyone who sympathizes with him to write a letter to the judge on his behalf.

In a response to the present case US Attorney John Brownlee said:

“This is the first criminal enforcement action against copyright infringement on a P2P network using BitTorrent technology. We hope this case sends the message that cyberspace will not provide a shield of anonymity for those who choose to break our copyright laws.”

Stay tuned…
http://torrentfreak.com/bittorrent-a...ent-to-prison/





China Jails Internet Dissident for Three Years

A Chinese court on Wednesday jailed a dissident for three years for inciting subversion with an Internet essay praising pro-rights protests in Hong Kong, a human rights group said.

Li Jianping was sentenced in Zibo, in the eastern province of Shandong, the Hong Kong-based Information Centre for Human Rights and Democracy said in a faxed statement on the latest example of China's crackdown on Internet dissent.

An assistant to Li's lawyer confirmed the sentence but could give no details. Li was tried in April.

A student participant in China's 1989 pro-democracy demonstrations, Li was found guilty of "inciting subversion of state power" for an essay published on overseas Chinese Web sites in 2003, the center said.

His essay praised protesters in Hong Kong, a former British colony that returned to Chinese rule in 1997, who fought the self-governed territory's "Article 23" security legislation that critics said threatened to curb political liberty there.

Li, about 40, took part in the 1989 Tiananmen Square demonstrations for democratic change. His jailing adds to a lengthening list of Chinese citizens imprisoned for speaking out on the Internet.

China is the world's leading jailer of journalists, with at least 32 in custody and another 50 Internet campaigners also in prison, according to media freedom advocate Reporters Without Borders.

Last week, a Chinese court jailed dissident Guo Qizhen for four years for inciting subversion over antigovernment essays he posted on the Internet. Guo denounced the late Chairman Mao Zedong and called the country's government "evil" for its suppression of civil rights.

Last month, the outspoken Chinese human rights lawyer Gao Zhisheng was charged with inciting subversion, but authorities have not released the specific accusations against him.
http://news.com.com/China+jails+Inte...3-6129698.html





China Moves Toward 'Real Name System' for Blogs

The Internet Society of China has recommended to the government that bloggers be required to use their real names when they register blogs, state media said on Monday, in the latest attempt to regulate free-wheeling Web content.

The society, which is affiliated with the Ministry of Information Industry, said no decision had been made but that a 'real name system' was inevitable.

"A real name system will be an unavoidable choice if China wants to standardize and develop its blog industry," the official Xinhua news agency quoted the Internet Society's secretary general, Huang Chengqing, as saying.

"We suggest, in a recent report submitted to the ministry, that a real name system be implemented in China's blog industry," Huang said.

China has already imposed some controls on Internet chatter about politically sensitive subjects, which often goes far beyond what is permissible in the country's traditional state-run media.

Last year, the Ministry of Information Industry issued regulations on Internet news content that analysts said was aimed at extending rules governing licensed news outlets to blogs and Internet-only news sites.

Participation in university online discussion groups has also been restricted to students.

Bloggers anonymously disseminating untrue information on the Internet brought about a negative influence on society, the Xinhua report said.

Under the proposed rule, users would be required to register under their real name to open a blog but would still be allowed to write under a pseudonym.
http://news.zdnet.com/2100-9588_22-6...feed&subj=zdnn





NY Bar to Regulate Attorney Blogs?
Martin Magnusson, Editor-at-Large

In 1977, the Supreme Court handed down a seminal decision in Bates v. State Bar of Arizona. The case involved two lawyers who placed an advertisement in a daily newspaper. At the time, the State Bar of Arizona had a rule that prohibited lawyers from advertising their services. In Bates, the Supreme Court held that this rule violated the First Amendment. Justice Blackmun, who wrote the majority opinion, argued that commercial speech served the interests of consumers. He noted that

(a)dvertising, though entirely commercial, may often carry information of import to significant issues of the day. And commercial speech serves to inform the public of the availability, nature, and prices of products and services, and thus performs an indispensable role in the allocation of resources in a free enterprise system. In short, such speech serves individual and societal interests in assuring informed and reliable decisionmaking.

Since the Bates decision, legal advertising has proliferated. Indeed, one need only open the yellow pages or turn on the television to find lawyers selling their services. Such advertisements, though, must comport with the strictures of professional responsibility. In their effort to police lawyers' advertisements, state bar associations frequently require lawyers to submit copies of their advertisements to its disciplinary committee for review, often with a filing fee.

Recently, New York's Administrative Board of Courts has proposed a new set of rules that would have a tremendous impact on legal blogs. Touted as bringing the rules of professional responsibility into the Internet age, these rules would construe legal blogs as advertising per se. As such, lawyers would be required to print, store and forward hard copies each and every time that they update their blog.

Greg Beck of the Public Citizen Litigation Group notes that

(i)nstead of protecting consumers . . . the proposed rules will burden completely truthful and non-misleading communication by attorneys, and will serve no purpose other than to deprive consumers of useful information about their legal rights, protect established law firms from competition, and render many aspects of the Internet largely unusable for New York attorneys.

Criticism of the proposed rules, though, is far from universal. New York State Bar Association president Mark Alcott has noted that

[f]or a long time there was a view that nothing could be done because the [U.S.] Supreme Court said lawyers could advertise and it was assumed that was the final word. But while lawyers are free to advertise, there can be reasonable restraints on those advertisements. It is long overdue that such restraints would be imposed, and enforced, in New York. We need to study it in depth, but we are gratified that the presiding justices have proposed the new rules and that a number of recommendations by the association were included.
http://www.acsblog.org/economic-regu...tisements.html





TVUPlayer: Another Napster?
Greg Sandoval

By streaming video of popular television programs over the Web, a self-described peer-to-peer service called TVUPlayer has begun to draw a loyal worldwide following.

The service, however, could also become an enticing target for Hollywood legal eagles with an eye out for copyright infringement.

Indeed, TVUPlayer, offered by a Chinese company called TVU Networks, looks to some like it could draw legal challenges similar to those faced by the early Napster peer-to-peer service, which became a pinata for litigious lawyers because of what some described as copyright violations on a massive scale.

TVUPlayer transmits TV shows, including pay-for-view broadcasts, from U.S. and international broadcasters such as ABC, HBO, the Disney Channel, The Comedy Channel, Al Jazeera and Telecapri Sports of Italy.

It's easy to see why it's becoming popular: In addition to a big selection, the TVUPlayer's pictures are usually clearer than the choppy and grainy images that often mark streaming video. Viewers can't upload their own videos.

But copyright experts say that unless TVU Networks executives have permission to use the content they transmit, the company can't legally rebroadcast the shows. And representatives of three organizations whose content was found on the TVUPlayer said they don't have any deals with TVU Networks.

Matt Bourne, a spokesman for the National Basketball Association said TVU Networks is transmitting NBA TV without the league's permission.

"We are aware of the site," Bourne said. "We are working to explore our options in order to determine an appropriate course of action, including talking with other content owners."

When asked whether TVU Networks is authorized to stream Disney's content, Karen Hobson, a spokeswoman for the studio, said, "You can only get Disney Channel shows on iTunes (for download) or from our own Web site."

An HBO spokesman also said HBO programs aren't legally available anywhere on the Web.

Not a lot is known about Shanghai-based TVU Networks, which did not respond to interview requests. It's one of many start-ups trying to cash in on Web video, a sector that's bound to grow in the wake of Google's announced $1.65 billion purchase of video-sharing phenomenon YouTube. At the same time, online video, especially in the video-sharing segment, has been dogged by copyright issues. YouTube, Grouper and Bolt.com have been named in recent lawsuits that accuse them of copyright violations.

The TVUPlayer appears to have gained attention in the United States following the 2006 FIFA World Cup tournament in Germany. Thousands of soccer fans downloaded the software in order to watch matches not available on U.S. stations.

More importantly, TVU Networks has made watching online programming as easy watching a TV. After downloading the TVUPlayer, a menu appears with anywhere from 40 to 50 channels. Among the available channels available on Friday were Comedy Central, Animal Planet and the CNBC broadcast in India.

"Consumers will be able to watch free live channels from around the globe, as well as subscribe to pay channels and pay-per-view events," said a statement on TYUNetworks.com, the company's Web site. "TVU Networks brings you programs from around the world that you can't get from your local cable and satellite providers."

Blogs reporting on the TVUPlayer's popularity have noted the questions about the service's legality. Because TVU displays each broadcaster's commercials, some early reports have said TVU Networks is operating in a gray area of the law.

But some lawyers think the law is fairly clear-cut. "What gray area? The courts have already decided that you can't do this," said Mark Litvack, a copyright attorney for the Los Angeles law firm Manatt, Phelps & Phillips.

Litvack cited a 2000 U.S. district court decision that Canadian company iCraveTV was in violation of copyright law when it captured broadcast signals from the likes of ABC, NBC and CBS and retransmitted them over the Web. The company was forced to shut down.

According to Litvack, the case demonstrated that the courts don't care whether a service retransmits commercials. The most important factor in whether a site is operating legally is whether it has permission from content owners to be transmitting their material.

That said, if TVU Networks is found to be operating illegally, Hollywood may have a tough time going after the company in China, which has had a mixed record on protecting copyright.

Interestingly, instead of adding to the tension between the better-known video-sharing sites and Hollywood, boundary-pushing companies like TVU Networks may actually push them together, argued Josh Martin, an analyst with the Yankee Group.

"You shut down this site and another one will crop up," Martin said. "This tells entertainment executives that they have to create opportunity for consumers to legally access content. Most people will pay the $1.99 for the download or watch the commercial. They just need an opportunity to do that."

In recent weeks, a number of partnerships between sites and studios have been announced. Earlier this month, YouTube announced partnerships with Universal Music Group, Sony BMG Music Entertainment and CBS that let their artists' music and videos be included in original content posted on YouTube's site. Sony acquired Grouper for $65 million, and Warner Bros. cut deals with Guba, a video-sharing site, and BitTorrent, a file-sharing service that allows both to distribute Warner films.

In the meantime, the TVUPlayer's popularity continues to grow on sites such as CNET Network's own Download.com.

"It could be tough to stop these guys," said the Yankee Group's Martin. "(China) isn't known for being tough on copyright law."
http://news.com.com/TVUPlayer+Anothe...3-6128775.html





Venture Investor Loses Key Ruling in Napster Lawsuit

A partner improperly urged employees to delete e-mail, a judge rules in a copyright case.
Joseph Menn

Record labels and music publishers won a round in their copyright lawsuit against Napster and its two lead investors when a judge ruled Wednesday that Hummer Winblad Venture Partners improperly urged its employees to delete e-mail about the pioneering song-swapping service.

If the 3-year-old San Francisco lawsuit reaches trial, jurors will be told they can infer that the e-mail would have hurt the venture capital firm's defense, U.S. District Judge Marilyn Hall Patel ruled.

Record labels and music publishers claim that Hummer and another major investor, German media conglomerate Bertelsmann, helped Napster users violate copyright laws.

The deletion of e-mail came to light earlier this year. Two days after Hummer Winblad partners John Hummer and Hank Barry received subpoenas in a previous Napster-related lawsuit, a third partner, Ann Winblad, sent an e-mail to employees in June 2000 urging them to delete certain e-mail, according to case documents

"As we have all been required to surrender our Napster e-mails, this should reinforce compliance with our long-standing policies," Winblad wrote to employees, according to court documents. "We do not retain e-mails, it is your responsibility to delete your handled e-mails immediately."

Patel concluded that Winblad was directing employees to delete future Napster e-mail when the firm had a legal duty to preserve them.

"Hummer's conduct amounts to gross negligence," if not willful destruction, she wrote. Patel also said she would bar Hummer Winblad from raising some defenses that might have been undercut if it had preserved the e-mail.

An attorney for Hummer Winblad declined to comment.
http://www.latimes.com/technology/la...ck=1&cset=true





NYC Starting Crackdown on Film Piracy

Film pirates are about to find the sailing a lot tougher in New York City.

More than 40 percent of the nation's pirated movies that are videotaped in theaters and then illegally sold throughout the world originate here, and the city is fed up and not going to take it any more, Mayor Michael Bloomberg said Monday.

Bloomberg said the city will begin using public nuisance laws to go after the owners of buildings where film piracy is organized and movies are sold. The city has been pursuing other types of counterfeit goods in a similar way for several years, shutting several buildings and confiscating millions of dollars in clothing and handbags.

The city will push for state legislation to increase penalties for people who sneak video cameras into theaters and record the films. Bloomberg wants to make the act a misdemeanor for first-timers and a felony for repeat offenders.

"Video piracy is not a victimless crime," he said. "It kills jobs for New Yorkers, and, like the counterfeit clothes and other items, it also is carried about by and supports criminal gangs. Now, we're going to start shutting them down."

Motion Picture Association of America Chairman Dan Glickman said that while a huge chunk of piracy takes place in New York, no other city matches its efforts to combat the crime, which he said is the industry's greatest threat. The organization estimated piracy cost major U.S. studios $6 billion last year.
http://news.yahoo.com/s/ap/20061023/...mo/film_piracy





Defendant Doesn't Want RIAA Let Off the Hook
Eric Bangeman

The RIAA has decided it wants to drop another copyright infringement case, but the defendant is fighting back. Warner v. Stubbs began like so many of the file-sharing cases. MediaSentry found shared music on Kazaa and the IP address was traced to Tallie Stubbs of Oklahoma. After settlement talks proved futile, Warner Bros., UMG, Sony Music, and Arista Records filed suit in the US District Court for the Western District of Oklahoma on July 25, 2006.

After "further investigation," according to a plaintiff's court filing, the record labels decided to dismiss the case. However, they requested that the case be dismissed without prejudice and with prejudice. Likely due to a typographical error, the distinction is important. Dismissal without prejudice means that the action can be brought again in the future. If a case is dismissed with prejudice, it cannot be refiled and the defendant may be named the "prevailing party" and be eligible for attorney's fees and court costs from the plaintiffs, which is what happened in the case of Capitol Records v. Foster.

When the RIAA decides to drop a case, it will file for dismissal without prejudice. If the motion is made prior to the defendant filing an answer to the complaint or a counterclaim, that's the end of the case. The RIAA extricates itself from a case it decided was unwinnable and the defendant is left holding the bag for attorney's fees. In Warner v. Stubbs, the defendant filed an answer and counterclaim seeking affirmative relief before the RIAA filed a motion.

One common thread in the Capitol Records v. Foster and the Warner v. Stubbs cases is the defendant's counsel, Marilyn Barringer-Thompson. After reading through the paperwork from the two cases, it's clear that Barringer-Thompson is playing hardball with the record labels. Ray Beckerman, who runs the Recording Industry vs The People blog and is representing other defendants embroiled in litigation with the RIAA, told Ars that it looked to him like the RIAA decided to cut and run when it saw who the opposing counsel was.

If Tallie Stubbs wins her motion for dismissal with prejudice, then she, too, will be considered the prevailing party and will be eligible for attorney's fees and other court costs from the RIAA. More importantly, it would put the RIAA in the position of having lost one of their file-sharing-related copyright infringement case—none of which have yet gone to trial.

Unfortunately, we don't know what transpired behind the scenes and why the RIAA wants to drop the case. What "further investigation" did the RIAA undertake with regard to the Stubbs case? Was it another case of mistaken identity? We contacted the RIAA for answers to these and other questions and were told by a spokesperson earlier today that the RIAA would be unable to provide answers because our questions "go to an element of legal strategy that we'll pass on detailing."

Should one of the file-sharing cases actually make it to trial, we may get definitive answers on a number of elements of the RIAA's legal strategy. Is an IP address and the name and address of an ISP subscriber enough to make a positive identification of who was doing the alleged file sharing and when? (We were reminded earlier this week that relying on ISP data is not foolproof.) Is a list of music files allegedly discovered by MediaSentry enough to prove infringement? Beckerman doesn't think so. The RIAA's actions indicate that they're not anxious to get a definitive answer either.
http://arstechnica.com/news.ars/post/20061026-8085.html





IBM Sues Amazon for Patent Infringement
Brian Bergstein

IBM Corp. alleged in two lawsuits Monday that important components of Amazon.com Inc.'s massive retailing Web site were developed and patented many years earlier at IBM.

Amazon, which this year will sell $10 billion worth of everything from books and CDs to pet supplies and jewelry, is accused of infringing on five IBM patents. IBM says the technologies covered by the patents govern how the site recommends products to customers, serves up advertising and stores data.

Some of the patents were first filed in the 1980s, when IBM created back-end technology for Prodigy, an early online service that grew out of a joint venture between IBM and Sears, Roebuck & Co. One such patent is titled "Ordering Items Using an Electronic Catalog."

"Given that time frame, these are very fundamental inventions for e-commerce and how to do it on the network," said John E. Kelly III, IBM's senior vice president for intellectual property. "Much, if not all, of Amazon's business is built on top of this property."

Hundreds of other companies have licensed the same patents, and IBM has tried to negotiate licensing deals with Amazon "over a dozen times since 2002," Kelly said. Seattle-based Amazon has refused every time "while pretending to desire resolution," the lawsuits state.

Amazon declined to comment.

Armonk, N.Y.-based IBM is not specifying the damages it seeks. It filed its lawsuits in federal court in the Eastern District of Texas, one in Tyler and one in Lufkin. Texas has become a frequent site for patent cases because districts there move quickly and are perceived as relatively responsive to intellectual-property claims.

IBM shares gained $1.08, 1.2 percent, to close at $91.56 on the New York Stock Exchange. Amazon shares rose 31 cents, 1 percent, to $32.88 on the Nasdaq Stock Market.

IBM is the world's leading patent holder, spending $6 billion a year in research and development and earning about $1 billion a year in royalties.

Amazon's relationship with patents has been more heavily contested; the company's patent of the "one-click" checkout method in 1999 was famously derided as overly broad and obvious. The U.S. Patent and Trademark Office is re-examining that patent.

Marc Kaufman, a Nixon Peabody LLP partner who specializes in patent law, said some of the IBM patents at issue are widely known in technology legal circles to have been frequently licensed. Kaufman said it appears that "Amazon is the first potential licensee to dig in their heels."

IBM's Kelly would not disclose how much other companies have paid to license these patents, though he added: "We are not unreasonable people."

There appears to be no sensitive customer relationship at stake in the IBM-Amazon tussle. Traditionally a big customer of Hewlett-Packard Co., Amazon does little if any business with IBM.
http://hosted.ap.org/dynamic/stories...10-23-19-45-00





Apple Files iPod Patent: Fear of Competition or Exposure?
Susan J. Campbell

In spite of the massive success that Apple has enjoyed with its iPod line of portable music players, the company must still be feeling the pressure from the competition. Apple has filled a patent application on how future iPods will use wireless for electronic media purchasing online.

This application filing occurs not too soon before the much-anticipated release of the Microsoft Zune. While this could be an effort to fight the software giant and its product directly, it should be noted that Zune’s built-in Wi-Fi will be limited to the file sharing between devices with no direct Internet purchases from the handheld.

The patent attempt could be Apple’s strategy to pre-empt the success of a Zune upgrade or product line expansion. Consider this, not only will the handheld Zune not allow for Internet purchases, it cannot connect to the Internet at all. The Wi-Fi cannot even be used to sync music with files on a PC – this requires a USB cable. The Wi-Fi appears to exist merely for song sharing 3 times per song and only between Zune units.

But, here’s another theory. Jon Lech Johansen, a 22-year-old Norwegian with a history of cracking copyright protection technologies and incensing the companies that build them, has untangled Fairplay, the digital encryption Apple uses to prevent songs purchased on iTunes from being played on non-iPod music players and multiple PCs. This same technology is used to prevent the sharing of music from iPod to iPod.

Johansen has now set up a company in Redwood Shores, California, to show others how to make their content playable on an iPod by wrapping it in Fairplay. The company, DoubleTwist Ventures, will also help companies to make rival devices play iTunes music and video on their own players. Apple, thus far, has not said a word in response to Johansen’s actions.

The events that have led to the filing of a patent application still remain unknown; however it should give an indication that Apple fears its dominance in the market is threatened. This is interesting given the reasons for the iPod’s success in the first place.

Apple and its iPod didn’t earn its throne in the portable music player industry because it had the easiest to use player that offered the best song selection. This success also didn’t come because it offered the most competitive price. Apple has been able to dominate this market because of its marketing campaign, pure and simple.

The company was able to strategically position its product in all the right places so that the iPod was the portable player of choice for the rich and famous. And guess what? This was a luxury that John Q. Public could afford. In our quest to be like the rich and famous, we all had to have one.

Apple did borrow a winning strategy from Microsoft in keeping its technology proprietary. However, this strategy doesn’t seem to be enough to keep the fruity giant on top as consumers are beginning to tire of the iPod and iTunes restrictions. This patent could either protect Apple’s vision or tarnish its appeal in the eyes of the consumer. Either way – watch out for more news from Johansen and DoubleTwist Ventures as we have likely not heard the last from him.
http://www.tmcnet.com/ce/articles/32...n-exposure.htm





Unlocking the iPod

Jon Johansen became a geek hero by breaking the DVD code. Now he's liberating iTunes - whether Apple likes it or not.
Robert Levine

Growing up in a small town in southern Norway, Jon Lech Johansen loved to take things apart to figure out how they worked. Unlike most kids, though, he'd put them back together better than they were before. When he was 14, his father bought a digital camera that came with buggy software, so Jon analyzed the code and wrote a program that worked better.

When Johansen bought an early MP3 player that kept crashing, he studied how it worked, wrote a more reliable program, and posted it on the Internet so other people could download it for free. Later, the company that made the device asked him about writing a new version, but he didn't hear back after he sent in his résumé. "I assume it had something to do with my age," Johansen says dryly. He was 17.

Sometimes, however, the things Johansen tries to improve were made a certain way for a reason. When he was 15, Johansen got frustrated when his DVDs didn't work the way he wanted them to. "I was fed up with not being able to play a movie the way I wanted to play it," that is, on a PC that ran Linux.

To fix the problem, he and two hackers he met online wrote a program called DeCSS, which removed the encryption that limits what devices can play the discs. That meant the movies could be played on any machine, but also that they could be copied. After the program was posted online, Johansen received an award from the Electronic Frontier Foundation - and a visit from Norwegian police.

Johansen, now 22 and widely known as "DVD Jon" for his exploits, has also figured out how Apple's iPod-iTunes system works. And he's using that knowledge to start a business that is going to drive Steve Jobs crazy.
A disruptor

If you want to be specific - and for legal reasons, he does - Johansen has reverse-engineered FairPlay, the encryption technology Apple (Charts) uses to make the iPod a closed system. Right now, thanks to FairPlay, the songs Apple sells at its iTunes store cannot easily be played on other devices, and copy-protected songs purchased from other sites will not play on the iPod. (The iPod will play MP3 files, which do not have any copy protection, but major labels don't sell music in that format.)

Johansen has written programs that get around those restrictions: one that would let other companies sell copy-protected songs that play on the iPod, and another that would let other devices play iTunes songs. Starting this fall, his new company, DoubleTwist, will license them to anyone who wants to get into the digital-music business - and doesn't mind getting hate mail from Cupertino.

So far, DoubleTwist consists of four cubicles in a generic-looking glass-and-steel building in Redwood Shores, Calif., one client, and no full-time employees other than Johansen and co-founder Monique Farantzos.

As he and Farantzos explain DoubleTwist in a conference room they share with several other companies, he points to a sheet of printer paper tacked on the wall that has a typed quote Jobs gave the Wall Street Journal in 2002: "If you legally acquire music, you need to have the right to manage it on all other devices that you own." As Johansen sees it, Jobs didn't follow through on this promise, so it's up to him to fix the system, just as he fixed the software for his father's camera.

"Today's reality is that there's this iTunes-iPod ecosystem that excludes everyone else from the market," says Johansen. "I don't like closed systems."

Companies that rely on closed systems don't much care for him, either. For his role in writing DeCSS, Johansen was charged with breaking the Norwegian law that prohibits gaining unauthorized access to data, then was acquitted twice when courts ruled the data were his own. The movie studios didn't like that decision, which almost certainly would have been different in the U.S., where the 1998 Digital Millennium Copyright Act (the DMCA, for short) prohibits circumventing digital-rights-management technology (or DRM) for any reason. The movie studios used that law to successfully sue a hacker magazine called 2600 that linked to DeCSS on its Web site.

Johansen, who had left high school at 16 to become a programmer, testified in the 2600 case and became frustrated that companies could prohibit customers from using a product the way they wanted. "I really became interested in these issues," he says. He also became something of an icon to hard-core geeks: When Johansen announced on his blog that he was selling the old iPod he had used to break FairPlay, a Berkeley researcher bought it to keep as a souvenir.

"We all talk about disruptive forces in business," says Mike McGuire, an analyst at the Gartner Group. "This guy is a disruptive force unto himself."
A thorn in Apple's side

There's an obvious question: Isn't opening the iTunes system illegal? There is no obvious answer. FairPlay is not patented, most likely because the encryption algorithms it uses are in the public domain. (Apple would not comment for this story.) And Johansen says he is abiding by the letter of the law - if not, perhaps, its spirit.

To let other sites sell music that plays on the iPod, his program will "wrap" songs with code that functions much like FairPlay. "So we'll actually add copy protection," he says, whereas the DMCA prohibits removing it. Helping other devices play iTunes songs could be harder to justify legally, but he cites the DMCA clause that permits users, in some circumstances, to reverse-engineer programs to ensure "interoperability."

"The law protects copyrights," he says, "but it doesn't keep you locked into the iPod." Johansen isn't the only one who feels that way - or the only one who has found a way around FairPlay.

In 2004, RealNetworks released a program called Harmony that would allow songs from its RealPlayer Music Store to play on the iPod. Steve Jobs memorably accused the company of using "the ethics and tactics of a hacker" and threatened to sue.

Instead, Apple released a software update that made Harmony ineffective - although Real subsequently fixed that. Another company, Navio Systems, has announced that it has developed a way to play iTunes songs on other devices. Several more programs on the Internet will strip the FairPlay encryption from a file, but none of them has a large following.

And not everyone who wants to open up the iPod is a hacker. There have been demonstrations in the streets of France over Apple's DRM, and lawmakers there have attempted to require Apple to license FairPlay. Apple said that such a move would be "state-sponsored piracy."

In the U.S., courts have traditionally allowed inventors to reverse-engineer products to determine how they function. But the DMCA allows programmers to do that only in certain cases. "What he's working on is clearly in the spirit of the reverse-engineering the courts have been most friendly toward," says Fred von Lohman, a senior staff attorney at the Electronic Frontier Foundation who has informally given Johansen advice. "But the law is untested, and the case is complicated."

Since the DMCA was passed, the most relevant legal precedent is a case in which the videogame maker Blizzard sued an ISP that hosted an unapproved server where people could play its games, which the court found to be a DMCA violation.

"On the surface, Apple would have a good case," especially when it comes to making iTunes songs play on other devices, says Robert Becker, an attorney at Manatt Phelps & Phillips who has represented the copy-protection company Macrovision. "Apple would say you're buying music under certain restrictions."

Indeed, how you feel about what Johansen is doing may depend on how you feel about a question that will become more important as the media business gradually embraces digital distribution: What exactly are you buying when you purchase a song on iTunes?

An unscientific survey of friends generated only one answer: a song. An attorney, though, might say that you are buying a license to play a song on a specific set of devices - and that using Johansen's software violates Apple's user agreement (the one you didn't bother to read when you signed up for iTunes).

If the distinction seems minute, suppose you replace your iPod with another digital music player; unless you convert them to MP3s, your songs from iTunes will be as useful as eight-track tapes.
A tense atmosphere

For a man so intent on changing the way music is sold, Johansen isn't a big fan himself. "I've probably bought ten CDs in my whole life," he says. Much of the music he does have - mainly techno - he buys from iTunes. When the store went online, it didn't accept foreign credit cards, so Johansen bought iTunes gift certificates on eBay.

Instead of going to concerts, Johansen bakes. His blog, "So Sue Me," features dessert recipes along with news about technology and arguments about copyright law. When DoubleTwist signed its first client - which Johansen declines to identify - he made an apple pie to celebrate.

Johansen has a soft-spoken modesty that belies his stature as a hacker. He was among the first to crack FairPlay - he did it for fun on a vacation in France - and he has also broken a Microsoft code. "If reverse-engineering were a sport," says Michael Robertson, the Internet entrepreneur for whom Johansen worked before setting up DoubleTwist, "Jon would be on the all-star team."

Johansen realizes that taking on Apple could make figuring out FairPlay look easy. But he seems to regard the fact that he could get sued as one of those complicating factors an engineer must deal with, and he keeps the reverse-engineering clause of the DMCA near his desk for easy reference. "We don't want to go to court, because it's a waste of time and money," he says. "But if it comes to that, we will test these issues in court."

Johansen's legal arguments involve the rights of consumers, but opening the iPod could also be good for the music business. The major labels worry that compatibility concerns will slow the digital-music market, especially when Microsoft comes out with its own closed system this Christmas. Chafing at Apple's one-price-fits-all policy, they would love to see more retailers enter the market. But it says something about the power of Apple that none provided an executive who would speak for the record.
It is anyone's guess how Apple will react - the company hasn't contacted DoubleTwist. (Johansen says he had lunch with Jobs last January, but he hadn't yet started his company.)

So far, Apple hasn't sued anyone who has created or distributed any of the FairPlay hacks. That could be because the company is afraid that losing a case would set a precedent that would encourage imitations of the iPod. Or it could be that Apple doesn't want to give anyone the publicity.

Whatever Apple does, Johansen could have a hard time making DoubleTwist into a viable business. Companies could be reluctant to license Johansen's software for fear of being sued along with DoubleTwist. And they might have a tough time convincing the major labels to let them sell their music, since the labels know how much that would upset Apple.

"There has to be an agreement between the label and the retailer," says Josh Wattles, an attorney at Dreier and a former corporate counsel at Paramount Pictures. "What's the likelihood of a record company granting that?"

Whether or not Johansen makes any money with DoubleTwist, he will almost certainly make his point. "The iTunes music store was getting so popular, and I was kind of fed up that people were accepting that DRM."

On the other hand, if Apple gets fed up with him, he'll end up making his point in a courtroom.
http://money.cnn.com/magazines/fortu...1726/index.htm





What DVD Jon's iPod Crack Means for You
Andrew Orlowski

Analysis As we reported three weeks ago, reverse-engineering specialist "DVD" Jon Johansen has decoded the encryption that locks down iTunes-purchased music - and he's formed a company to license this to all-comers. Now Johansen has reverse-engineered rival DRM formats, permitting encrypted songs purchased from Apple rivals to play on iPods.

The music business is likely to be rejoicing - it blames a market divided into incompatible DRM silos for the less-than-spectacular adoption of digital downloads. Despite all the hype, digital sales won't surpass CD sales until 2014, based on linear growth rates. And despite claims that they're being robbed into penury by "pirates", the music industry finds unexpected ways of profiting from its assets. The ringtone business, for example, grossed $75bn for operators last year - double the global revenue of the music industry.

And just in time for Christmas, Microsoft has added another new major DRM system that's incompatible with all the others, with Zune. The confusion might be minor, but so long as it remains, potential consumers will stay away.

So there's plenty of goodwill from everyone involved: from stores that sell MP3 players, manufacturers who make them (particularly mobile handset vendors), from current and potential retailers, and everyone else in the music value chain. All stand to profit from consumers knowing they can play music acquired anywhere on any device.

Except for one party, perhaps. Isn't Johansen's new outfit DoubleTeam spoiling for a fight with Apple? If ever a company seems to have been created with a lawsuit in mind, it's DoubleTeam.

1998's draconian Digital Millenium Copyright Act, the DMCA, prohibits reverse-engineering except "for the sole purpose of identifying and analysing elements of the program necessary to achieve interoperability with other programs... (which is good for Jon) "... to the extent that such acts are permitted under copyright law." (which isn't so good). It's a grey area in other words.

But Apple has yet to pull the trigger. Real Networks has been making Helix DRM-encoded music from its Rhapsody store playable on iPods, and any other AAC-capable device, for two years now. Despite threatening noises, Cupertino has opted to use technical rather than legal means to block Harmony, Real's compatibility program.

When Johansen reverse-engineered FairPlay DRM three years ago, fanatical Apple supporters wrote to us urging the company prosecute him.

"I hope they jail this bastard as soon as possible," wrote one (http://www.theregister.co.uk/2003/11...ck_up_dvd_jon/).

But Apple stands to gain financially from interoperability as much, if not more than anyone else. Apple's online store is tightly integrated into its music jukebox. It makes far and away the best MP3 music player. A larger market means many more iPod sales for Apple, the really profitable part of its music business.

Of course, this might require Apple to hold its nose - but given the choice between losing the iTunes store and losing the iPod, there's little doubt which it would choose.

There's some irony if Apple fails to learn the lessons of the Macintosh. Jobs has now been at the forefront of creating two markets, and in each case seems terminally resistant to the market becoming horizontal. He just can't let go.
http://www.theregister.co.uk/2006/10..._jon_fairplay/





EMI Music CEO Says the CD is 'Dead'

EMI Music Chairman and Chief Executive Alain Levy Friday told an audience at the London Business School that the CD is dead, saying music companies will no longer be able to sell CDs without offering "value-added" material.

"The CD as it is right now is dead," Levy said, adding that 60% of consumers put CDs into home computers in order to transfer material to digital music players.
EMI Music is part of EMI Group PLC.

But there remains a place for physical media, Levy said.

"You're not going to offer your mother-in-law iTunes downloads for Christmas," he said. "But we have to be much more innovative in the way we sell physical content."

Record companies will need to make CDs more attractive to the consumer, he said.

"By the beginning of next year, none of our content will come without any additional material," Levy said.

CD sales accounted for more than 70% of total music sales in the first half of 2006, while digital music sales were around 11% of the total, according to music industry trade body the International Federation of the Phonographic Industry.

CD sales were worth $6.45 billion and digital sales $945 million, the IFPI said.

Levy said EMI is continuing to hold talks with Google Inc. on an advertising-revenue sharing partnership with the community video Web site YouTube, which the Internet search giant acquired in October for $1.6 billion in stock.

EMI's rivals, Warner Music Group Corp., Sony BMG - a joint venture between Sony Corp. and Bertelsmann AG - and Universal Media have all signed content deals with YouTube.

"The terms they were offering weren't acceptable," Levy said, adding that EMI continues to be concerned about copyright issues.
http://www.marketwatch.com/news/stor...CBE9DFA59EE%7D





Amazon Users Tag DRM Products DefectiveByDesign
GregoryHeller

Amazon customers are using the e-retailers "tagging" and review systems to warn shoppers that products with DRM (Digital Restrictions Management) are "Defective By Design". Over 15 products have been tagged by a few dozen users in the first few hours. The effort was initiated by anti drm group http://www.DefectiveByDesign.org.
http://digg.com/tech_news/Amazon_Use...ectiveByDesign





BitTorrent Software to be Embedded in Routers and Servers

Asus, Planex, and QNAP all offer BitTorrent download manager
Amber Maitland

P2P file sharing client BitTorrent has announced that its technology is to be embedded into nine new consumer routers to make file sharing easier.

Asus, Planex, and QNAP are the first three manufacturers to announce their plans to embed the download manager into their wireless routers, media servers and network attached storage devices.

The idea is that users will be able to start a download with their notebook computer, and then take their laptop out of range while the router or device continues to share the torrent. BitTorrent acknowledges its previous veil of illegitimacy in its statement about the new products, pointing out that the growing amount of “legitimate content being made available via BitTorrent” means that there's a growing need for hardware to incorporate the torrent technology.

Three Asus routers, the WL-700gE, WL-500gP, and the WL-500g W, as well as five Planex routers (BRCE-W14VG-BT, 14VG-BT, W14V-BT, HPMM-U, and HPMM-G), and QNAP's TS101 and TS-201 NAS servers all embed the download manager.
http://www.pocket-lint.co.uk/news/ne...x-router.phtml





'Grand Theft Auto' Maker Loses Round in Lawsuit

A federal judge refused a request from Take-Two Interactive Software to immediately dismiss some claims in a lawsuit accusing it of selling "Grand Theft Auto" video games containing sexually explicit images under the wrong content label.

The lawsuit, which is seeking class-action status, said Take-Two's alleged misconduct violated consumer protection laws in all 50 states and the District of Columbia. Since the suit was filed in July 2005, a number of cases making the same claim have been consolidated in Manhattan federal court.

Take-Two and its subsidiary, Rockstar Games, had argued in the motion to dismiss parts of the lawsuit that the plaintiffs could only file claims in the states where they resided, not in all 50 states.

But U.S. District Judge Shirley Wohl Kram denied Take-Two's motion and said she would reconsider if class-action status were granted in the case.

"If class certification is granted, the court will have the benefit of a well-defined class and a more fully developed treatment of potential choice of law questions," Kram wrote in an opinion dated Wednesday.

A representative for Take-Two was not immediately available to comment on the judge's order.

The best-selling "Grand Theft Auto: San Andreas" was found to have hidden sex scenes in 2005. The explicit scenes, known as "Hot Coffee," allowed players to engage in virtual sex acts.

When the scenes were discovered, the video game ratings board slapped a restrictive "adult" rating on the game. Take-Two had to pull the games off store shelves and repackage them with the "adult" rating, which crimped sales and disrupted the company's operations.
http://news.com.com/Grand+Theft+Auto...3-6130002.html





Could Jack Thompson Be Jailed Over “Bully” Case?

GamePolitics has confirmed that lawyers representing Take-Two Interactive, publisher of Bully, are seeking to have Jack Thompson declared in contempt of court.

Although we haven’t yet seen the motion, the request would appear to relate to Thompson’s angry comments in the wake of Miami District Court Judge Ronald Friedman’s refusal to block sales of Bully.

In a worst-case scenario for Thompson, the outspoken attorney could be jailed by Judge Friedman if he were ruled in contempt.

However, a knowledgeable legal source has told GamePolitics that options such as fines, judicial admonishment or censure are more likely.

Attorneys for Philadelphia law firm Blank-Rome, long a target of Thompson’s ire, filed what is known as a “Petition for Order to Show Cause.” The motion requests that Judge Friedman order Thompson to appear in court and show cause as to why he should not be held in contempt.

For his part, Thompson has reacted to the motion with typical bluster, directing his comments towards opposing counsel as well as the judge. Here are excerpts from recent e-mails cc’d to GamePolitics:

‘You want to play hardball…? You want to try to throw me in jail? You have no idea what you are unleashing in doing this. You’re at the brink…”

“If this court in any fashion proceeds toward issuing a show cause order, given its utter baselessness and the bad faith goo in which it slithers, then Thompson will add whatever judge should do so as a defendant in the aforementioned federal civil rights action…”
http://gamepolitics.com/2006/10/23/c...er-bully-case/





Chris Patten: Politicians Have no Grasp of Technology
Tom Espiner

Former Hong Kong governor politician Chris Patten has said that a fundamental lack of understanding in government is to blame for a rash of ill-thought-out technology projects and related legislation in recent years.

Lord Patten of Barnes was especially critical of the government's ID card scheme, which is heavily reliant on technology. Speaking at the RSA Conference Europe on Wednesday, Patten said the scheme would not achieve one of its possible objectives of making borders more secure.

"I don't think ID cards make citizens more secure, or frontiers more secure. People would still have been blown up on the Tube last July if they'd had ID cards," he said.

He also criticised the support given to ID cards in 2003 by the then Home Secretary David Blunkett, calling the scheme a "populist Pavlovian Blunkett twitch". Blunkett resigned from the cabinet in 2005 over his involvement in political scandals.

Patten, a former EU Commissioner, was speaking at the three-day conference in Nice, France, on European business and technology.

Many politicians don't understand the technology issues that could affect government IT schemes, he said.

"Politicians have no sound grasp of technology issues — but politicians don't necessarily have a profound grasp of any issue. They rely on advisors for information on how to implement their broad intentions," Patten told ZDNet UK after the press conference. "You have to hope they're well advised."

Cisco's head of government affairs, Richard Allan, himself a former Liberal Democrat MP, agreed that politicians do not understand the technology they deal with.

"Most politicians don't understand technology, which is an increasing problem when increasing amounts of public money are being spent [on technology schemes]," he said. "A basic understanding of information systems would be helpful."

Allan said that just as politicians are expected to understand basic balance sheets when making a decision to spend public money, but not the intricacies of accountancy, so politicians should try to grasp the basics of information systems.

Technical advisors should also avoid jargon, he added. "The challenge is to develop a language politicians can understand, as well as politicians taking the time and trouble to understand it. What often happens is you get somebody speaking technical jargon to someone who doesn't understand the basics," said Allan.

Privacy campaigner Simon Davies, chairman of No2ID, agreed politicians aren't in touch with the issues underlying the technology issues they legislate on, and criticised the conditions in government that have allowed the situation to come into effect.

"Prime ministers and home secretaries are notorious for grandstanding on technology issues, while at the same time having difficulty setting their video recorders at home," said Davies.

"The NHS programme for IT and the ID cards scheme both stand as a testament to the government's complete failure at forward planning [in technology schemes], and its inability to understand technology in the real world," Davies added.

According to Davies, the entire ID cards scheme was "dreamed up in a vacuum".

"[In 2003] the sole driver of the ID card scheme was Blunkett's obsession, but Blunkett himself didn't understand the technology," said Davies.

A spokeswoman for David Blunkett declined to comment on the extent of his understanding of the technology necessary to implement the scheme, but said: "The government is pressing ahead with ID cards despite Mr Blunkett not being in government. He's very supportive of the scheme."

However, academics from the London School of Economics (LSE) criticised that ongoing governmental support.

"Tony Blair's ongoing belief in ID cards shows he has no sense of that technology whatsoever," said Dr Edgar Whitley of the information systems group at LSE. "The Home Office is the same. They haven't told anyone about when the technology will come or how it will work, and they haven't fully tested it."

Professor Ian Angell of the LSE said: "The complexity of the ID cards scheme means it's going to fall apart. Basically [the government has] gone beyond the limits of the technology. But you can't blame the politicians — they're just reflecting the zeitgeist."

Simon Davies also said that reliance on advisors could lead to conflicts of interest, if those advisors represented large technology companies who stood to gain on the implementation of IT schemes.

"Conflict of interest is a sleeping giant in technology," said Davies. "The risk of advisors capitalising on the ignorance of politicians becomes greater."

Davies said that government should pay more attention to select committees, such as the Science and Technology Committee and the Home Affairs Committee, before formulating legislation.

Google chief executive Eric Schmidt has also added to the criticism around poiliticians' lack of IT knowledge.

"The average person in government is not of the age of people who are using all this stuff," Schmidt said at a public symposium hosted by the National Academies' Computer Science and Telecommunications Board earlier this month. "There is a generational gap, and it's very, very real."
http://www.zdnetasia.com/news/busine...1962828,00.htm





Trial Challenging Child Online Protection Act Begins

A federal trial that began Monday in Philadelphia will decide whether operators of Web sites can be jailed and fined for not blocking children's access to materials deemed "harmful" to them.

The U.S. Congress passed the Child Online Protection Act (COPA) in 1998, and the law has never been enforced because of court challenges against it. A federal district court in Philadelphia and a federal appeals court have found the law unconstitutional on freedom of speech grounds, and the U.S. Supreme Court upheld the ban on enforcement of the law in June 2004.

The Supreme Court, however, asked the U.S. District Court for the Eastern District of Pennsylvania to decide whether any changes in technology would affect the constitutionality of the law. The high court wanted the district court to look into issues such as whether commercially available blocking software was as effective as the banned law in blocking "harmful" material.

COPA would require Web sites publishing adult material to restrict access to minors by taking steps such as requiring credit-card information for access to that material. Penalties for not restricting access include fines of up to US$50,000 per day and up to six months in prison.

The trial, expected to last four to six weeks, pits the American Civil Liberties Union (ACLU) against the U.S. Department of Justice (DOJ).

The DOJ has argued that the law is constitutional and that commercial filters alone aren't effective. "COPA fills the gap that other measures cannot; it targets those entities engaged in the business of disseminating material that is harmful to minors and prevents them from doing so," DOJ lawyers wrote in brief filed Oct. 17. "COPA's affirmative defenses ensure that adults can continue to have access to this material, while furthering the government's compelling interest in keeping this material away from minors."

Commercial speech doesn't enjoy the same constitutional protections as political speech, the DOJ also argued.

But the ACLU argues the law would be ineffective. It would not protect children from Web sites based outside the U.S., and it would not apply to noncommercial sites or to instant messaging, peer-to-peer file sharing, chat rooms or e-mail, the group said in a statement Monday.

The ACLU will argue the law violates the free speech rights of millions of Internet users, the group said. "The right to free speech is one of the core values of this country," ACLU senior staff attorney Chris Hansen said in a statement. "Congress does not have the right to censor information on the Internet. Americans have the right to participate in the global conversation that happens online every moment of every day."

The ACLU plans to call several witnesses including employees of online magazines and an online dictionary, rap artists, painters and video artists, and providers of safer sex information, the group said. On Monday, witnesses from online magazine Salon.com and adult site Nerve.com were scheduled to testify, said ACLU spokeswoman Erica Pelletreau.
http://www.itworld.com/Man/2681/061023copa/index.html





Government Defends 1998 Anti-Porn Law
Maryclaire Dale

Eight years after Congress passed a law aimed at protecting children from online pornography, free speech advocates and Web site publishers argued in federal court Monday that the never-enforced measure is fatally flawed.

Salon.com, Nerve.com and other plaintiffs warned that the 1998 Child Online Protection Act could be used to criminalize such things as sexual health information, erotic literature and news photographs of naked prisoners tortured at Abu Ghraib.

The law, signed by then-President Clinton, says Web site operators must prevent youngsters from seeing material "harmful to children" by demanding proof of age from computer users. It would impose a $50,000 fine and six-month prison term on commercial Web site operators that allow minors to view such content, which is to be defined by "contemporary community standards."

In a trial that opened Monday, the plaintiffs argued that "community standards" is too vague.

"As a parent, I know that what's fine for my daughter may not be appropriate even for some of her friends," testified Joan Walsh, editor in chief of Salon.com.

The law has never been enforced.

The U.S. Supreme Court has twice upheld preliminary injunctions that prevented the government from enforcing the law until a trial to determine the act's constitutionality can be held.

The American Civil Liberties Union, which represents the plaintiffs, argues that filter programs installed in home computers are more effective ways of policing the Internet.

Eric Beane, a government attorney, acknowledged that it is tempting to defer to families on the question of what is appropriate for children, but said the filters used by parents do not work.

"The evidence will show that a shocking amount of pornography slips through to children," Beane said in opening statements.

ACLU attorney Chris Hansen said that the government is essentially arguing that "parents are too stupid to use filters."

In preparing for its defense of the law, the Justice Department sought internal files from search engine companies and Internet service providers on what sorts of things people search the Internet for.

Google Inc. fought one such subpoena, although it primarily cited trade secrets, not privacy issues. A federal judge in California sharply limited the amount of information Google had to surrender.

The nonjury trial in front of Senior U.S. District Judge Lowell A. Reed Jr. is expected to take about a month.
http://hosted.ap.org/dynamic/stories...10-23-19-45-28





Shaq Attack on Innocent Family
Eric Bangeman

Anyone who follows the slate of lawsuits against music fans is cognizant of the crucial role that IP addresses play in attempts to cow suspected file sharers. But as we have seen time and time again, IP addresses are not consistently reliable means of identifying users. Law enforcement officials and a family in Gretna, Virginia and learned that lesson the hard way after their home was searched by a law enforcement team that included Miami Heat center Shaquille O'Neal, according to a law enforcement official.

The spectre of an angry, uniform-wearing Shaq, let alone an entire team of deputies and federal marshalls would be enough to turn one's knees to jelly. That's the sight apparently witnessed by farmer A.J. Nuckols, his schoolteacher wife, and three children last month when their home was raided and their computers, DVD, video tapes, and other belongings were confiscated after they were connected to an IP address reportedly used to access child pornography on the Internet.

It turned out to be a case of mistaken identity. Nine days after the raid, an investigator told Nuckols that "the wrong IP address had been identified" and that he and his family would not be charged in the investigation. It's great that the Nuckols family is off the hook, but they now have to live with the stigma of having been the targets of a raid by law enforcement.

According to Lt. Mike Harmony of the Bedford County Sheriff's Department, the problem lay with Fairpoint Communications, the ISP for the Nuckols family. As part of an ongoing investigation into Internet trafficking of child pornography, investigators identified an IP address via which an undercover investigator was able to download child porn. The IP address was traced to Fairpoint, which was served a subpoena requesting the name and address of the subscriber using the IP address in question. "Fairpoint said that on that date and time, the IP address was assigned to the Nuckols household," Lt. Harmony told Ars Technica. "Some time after the search warrant was executed, we were notified that Fairpoint had misread the court order and done a wrong conversion on the time."

After receiving updated information from the ISP, investigators executed another search warrant on Friday, October 20. This time, they seized a PC with child pornography on the hard drive and obtained a statement from the investigation target that he had in fact downloaded and shared child porn.

The misguided raid, along with numerous other cases of mistaken online identity, raises serious questions about the use of IP addresses as identifying data. Take the music industry's crusade against file sharing as an example. Although the RIAA is reluctant to divulge how they acquire the names and addresses of those that they target, it generally begins with an IP address flagged as sharing music by a program like MediaSentry. From there, a request is made to the ISP owning that block of IP addresses to identify the account using the address at that point in time.

As the Nuckols family and Bedford County Sheriff's Department found out, ISP data is not always accurate, which poses problems for everyone involved. For law enforcement, it makes identifying guilty parties more difficult. And for those mistakenly targeted by police or the RIAA, it can result in very traumatic experiences, not to mention costly legal fees. Although the temptation to pluck an IP address of the Internet and use it as a means of making positive identification is strong, investigators need to dig deeper and use a greater breadth of data to be sure they have the right culprit.
http://arstechnica.com/news.ars/post/20061024-8062.html




Amazon.com Won't Provide Search Details
AP

As expected, online retailer Amazon.com Inc. has objected to providing details about its book search feature to rival Google Inc., which says it needs them to fight copyright infringement allegations from a group of authors and book publishers.

In a Monday filing, Amazon.com described Google's request, which was made via a subpoena served on Oct. 6, as "overly broad and unduly burdensome" and said it would expose Amazon's trade secrets.

Amazon lawyers also note how Google wants "essentially all documents concerning Amazon's sale of books on its Web sites, and all searching and indexing functions."

"Google can not show any substantial need to obtain Amazon's proprietary information," despite Google's promises to only use the information to defend itself against the lawsuits, Amazon's lawyers wrote.

Google says it needs the details to battle recently consolidated class action lawsuits filed against it by several major book publishers and The Authors Guild, which collectively allege Google didn't get the proper approvals before making their work available to anyone with an Internet connection.

Amazon's objections were apparently the first from the group of companies Google formally asked for book searching details in early October.

It's expected that Microsoft Corp., Yahoo Inc. and major book publishers Random House, Holtzbrinck Publishers and HarperCollins will also object.
http://hosted.ap.org/dynamic/stories...10-24-16-25-15





Feds Start Small on Smart IDs
Jaikumar Vijayan

Several federal agencies said last week that they’re ready to start distributing smart ID cards to workers by Friday, as mandated by a directive issued in 2004 by President Bush. But some of the initial rollouts will be very small and will focus solely on controlling access to buildings — not IT systems.

For instance, the Social Security Administration became at least technically compliant with the directive last week when it issued one of the new ID cards to Commissioner Jo Anne Barnhart. SSA spokeswoman Kia Green said the agency expects to hand out more cards in the coming weeks but is “still in the process of finalizing the details.” She added that the SSA hopes to issue cards to all of its employees and contractors by the end of September 2008, which is the deadline for doing so.

Another agency that said it will meet this week’s deadline in a small way is the Environmental Protection Agency. The EPA plans to issue the so-called personal identity verification, or PIV, cards to “a small handful” of employees, said spokesman Dale Kemery. But he added that because of budgetary and technical considerations, making the ID cards available throughout the 18,000-worker agency will be “a fairly long rollout.” He declined to provide more details.

Matt Neuman, director of business development at Jacob & Sundstrom Inc., a Baltimore-based systems integrator that is helping the SSA with its smart-card implementation, said that many agencies appear to be ready to meet “the letter of the law, if not the spirit of the law” on issuing the PIV cards. “But it at least shows that everybody is focused on it,” he said.

The use of PIV cards for verifying the identities of all federal workers and contractors was mandated by Homeland Security Presidential Directive 12. The unfunded HSPD-12 mandate specified that agencies must adopt a common identification credential for access to government facilities and computer systems.

Friday’s deadline and an earlier one calling on agencies to develop procedures for verifying the identities and backgrounds of all workers by last October were both considered exceptionally aggressive because of funding issues and the technology and process changes required.

Robert Langston, director of the office of security and emergency planning at the Department of Housing and Urban Development, said last week that HUD hopes to begin producing fully functional PIV cards by Wednesday “and then continue to do so for all new employees and contractors from that point forward.”

Initially, the cards will be issued to HUD’s headquarters staffers via recently procured identity management and card management systems, Langston said. He added that “a small number” of HUD field staffers who work in Washington, New York, Atlanta and Seattle will be sent to shared HSPD-12 enrollment centers that have been set up in those cities by the U.S. General Services Administration.

The enrollment centers include systems that can be used to verify the identities of employees, fingerprint and photograph the workers, and issue PIV cards to them. Eventually, as many of HUD’s 81 field offices as possible will take advantage of the centers as more are deployed across the country, Langston said.

The strategy should help HUD save “a lot of money” on its PIV enrollment and card-distribution costs, according to Langston. Instead of having to set up its own enrollment facilities, he said, “we just pay a fee for service.”

Larry Orluskie, a spokesman for the Department of Homeland Security, said the DHS this week will start rolling out PIV cards to about 5,500 employees in the Washington area. The agency’s goal is to make the cards available to all of its employees and contractors within a year, he said.

The DHS is using ID One Cosmo smart cards made by Nanterre, France-based Oberthur Card Systems SA. Like all PIV cards, Oberthur’s feature both a contact interface, such as a magnetic stripe, and a contactless radio frequency interface to make it easier to integrate the cards with both building access and IT security systems. At the DHS, though, the cards initially will be used only for physical access, Orluskie said.

Likewise, the SSA at first will use PIV cards only to control access to buildings and other facilities before eventually linking them to its computer systems, said agency spokesman Green.

ActivIdentity Inc. in Fremont, Calif., is supplying smart-card technologies to several government agencies. Robert Brandewie, the company’s senior vice president of public-sector solutions, said meeting the HSPD-12 card-distribution deadline even in a small way “is a tremendous accomplishment,” given the amount of work that was needed and the relatively short amount of time that was available to agencies.

“There has been a tremendous amount of behind-the-scenes effort to get the infrastructure ready and to get the technology in place to meet the deadline,” Brandewie said.
http://www.computerworld.com/action/...ticleId=269793





At U.S. Borders, Laptops Have No Right to Privacy
Joe Sharkey

A LOT of business travelers are walking around with laptops that contain private corporate information that their employers really do not want outsiders to see.

Until recently, their biggest concern was that someone might steal the laptop. But now there’s a new worry — that the laptop will be seized or its contents scrutinized at United States customs and immigration checkpoints upon entering the United States from abroad.

Although much of the evidence for the confiscations remains anecdotal, it’s a hot topic this week among more than 1,000 corporate travel managers and travel industry officials meeting in Barcelona at a conference of the Association of Corporate Travel Executives.

Last week, an informal survey by the association, which has about 2,500 members worldwide, indicated that almost 90 percent of its members were not aware that customs officials have the authority to scrutinize the contents of travelers’ laptops and even confiscate laptops for a period of time, without giving a reason.

“One member who responded to our survey said she has been waiting for a year to get her laptop and its contents back,” said Susan Gurley, the group’s executive director. “She said it was randomly seized. And since she hasn’t been arrested, I assume she was just a regular business traveler, not a criminal.”

Appeals are under way in some cases, but the law is clear. “They don’t need probable cause to perform these searches under the current law. They can do it without suspicion or without really revealing their motivations,” said Tim Kane, a Washington lawyer who is researching the matter for corporate clients.

In some cases, random inspections of laptops have yielded evidence of possession of child pornography. Laptops may be scrutinized and subject to a “forensic analysis” under the so-called border search exemption, which allows searches of people entering the United States and their possessions “without probable cause, reasonable suspicion or a warrant,” a federal court ruled in July. In that case, a man’s laptop was found to have child pornography images on its hard drive.

No one is defending criminal possession of child pornography or even suggesting that the government has “nefarious” intent in conducting random searches of a traveler’s laptop, Ms. Gurley said.

“But it appears from information we have that agents have a lot of discretion in doing these searches, and that there’s a whole spectrum of reasons for doing them,” she added.

The association is asking the government for better guidelines so corporate policies on traveling with proprietary information can be re-evaluated. It is also asking whether corporations need to cut back on proprietary data that travelers carry.

“We need to be able to better inform our business travelers what the processes are if their laptops and data are seized — what happens to it, how do you get it back,” Ms. Gurley said.

She added: “The issue is what happens to the proprietary business information that might be on a laptop. Is information copied? Is it returned? We understand that the U.S. government needs to protect its borders. But we want to have transparent information so business travelers know what to do. Should they leave business proprietary information at home?”

Besides the possibility for misuse of proprietary information, travel executives are also concerned that a seized computer, and the information it holds, is unavailable to its owner for a time. One remedy some companies are considering is telling travelers coming back into the country with sensitive information to encrypt it and e-mail it to themselves, which at least protects access to the data, if not its privacy.

In one recent case in California, a federal court went against current trends, ruling that laptop searches were a serious invasion of privacy. “People keep all sorts of personal information on computers,” the court ruling said, citing diaries, personal letters, financial records, lawyers’ confidential client information and reporters’ notes on confidential sources. That court ruled, in that specific case, that “the correct standard requires that any border search of the information stored on a person’s electronic storage device be based, at a minimum, on a reasonable suspicion.”

In its informal survey last week, the association also found that 87 percent of its members said they would be less likely to carry confidential business or personal information on international trips now that they were aware of how easily laptop contents could be searched.

“We are telling our members that they should prepare for the eventuality that this could happen and they have to think more about how they handle proprietary information,” Ms. Gurley said. “Potentially, this is going to have a real effect on how international business is conducted.”
http://www.nytimes.com/2006/10/24/bu...in&oref=slogin





Schwarzenegger Camp Mines Consumer Data to Target Supporters
Michael R. Blood

Gin or vodka? Ford or BMW? Perrier or Fiji water? Does the car you buy or what's in your fridge say anything about how you'll vote?

Gov. Arnold Schwarzenegger's campaign thinks so.

Employing technology honed in President Bush's 2004 victory, the Republican governor's re-election team has created a massive computer storehouse of data on personal buying habits and voter records to scout up likely supporters. Campaign officials say the operation, run in cooperation with the state Republican Party, is the largest of its kind in any state, at any time.

Some strategists believe the consumer information can decode a voter's political genetics even better than party label. The cocktail you have at dinner or the car you drive could provide a clue for the campaign to identify a like-minded voter, even in a heavily Democratic neighborhood.

``It's not where they live, it's how they live,'' said Josh Ginsberg, the Schwarzenegger campaign's deputy political director.

The idea is an outgrowth of techniques that businesses have long used to court new customers. Using publicly available data, the Bush campaign in 2004 knew voters' favorite vacation spots, religious leanings, the music and magazines they liked, the cars they drove.

Few people might realize how much information is publicly available, for a price, about their personal lifestyles. Companies collect and sell consumer information they buy from credit card companies, airlines and retailers of every stripe.

Using microtargeting, as the practice is known, Bush's campaign teased out supporters in Ohio and other swing states. Schwarzenegger -- whose political operation is run by two Bush veterans, campaign manager Steve Schmidt and strategist Matthew Dowd -- is taking a page from that book, adapting it to California and updating it with the latest technology.

The governor appears headed for victory, and campaign officials already credit the system with driving up support, particularly among absentee voters.

Beyond California, Republicans hope microtargeting will drive up turnout in states with tight congressional races, including Indiana, Missouri, Kentucky and Pennsylvania. The success of the effort could decide national elections, with GOP candidates struggling to overcome generally sagging poll numbers.

A coalition of unions and other left-leaning groups called America Votes is using consumer records to help find Democratic supporters in Michigan, Wisconsin, Minnesota, Pennsylvania, Ohio, Colorado, Arizona, New Mexico and New Hampshire. The Democratic National Committee is using consumer data in turnout efforts in several states.

The California Democratic Party, which heads the statewide turnout operation for Schwarzenegger rival Phil Angelides and other party candidates, has been gathering consumer data as well.

Angelides campaign manager Cathy Calfo said the governor's campaign is ``using it as a system to manipulate people and allow a candidate that has no specific message to tell different people different things.''

This time of year, a muddle of TV ads creates as much confusion as clarity. But behind the scenes, the Schwarzenegger campaign has stockpiled millions of names, phone numbers and addresses and merged them with consumer preferences, voting histories and other demographic markers. A household can be targeted with phone calls, mailings and visits from volunteers, delivering messages tailored to issues the resident is believed to care about.

``For a long time in California, the thesis has been that television advertising by itself drives voter turnout. That, in fact, is not the case,'' Schmidt said. ``What drives voters is person to person contact.''

In simplest terms: A homeowner who drives a Volvo, reads The New Yorker magazine and shops at Whole Foods Market likely leans Democratic. A pickup driver with a hunting or fishing license who reads Time magazine probably leans right.

Schwarzenegger's operation is bankrolled with up to $25 million and staffed by 60 people backed up by volunteers.

Democrats and unions have their own data files to locate and persuade voters. With a few computer mouse clicks, they can isolate voters based on age, median income and gender, and target mailings, home visits or phone calls accordingly.

But some argue that analysis of consumer preferences is overrated when voters are focused on issues such as the Iraq war.

``No amount of microtargeting is going to save Republicans,'' said California Democratic Party adviser Bob Mulholland.

In a behind-the-scenes book he co-authored, Dowd argues that your lifestyle can reveal at least as much about your politics as where you live.

Jaguar owners are those most likely to vote, according to the book, Hyundai drivers among those least likely. Dr. Pepper is the only sugared soft-drink with a GOP-leaning consumer base, and NFL viewers tend to be Republican.

Combining such data, the Bush campaign targeted types including ``Archie in the Bunker,'' ``Mellow Bush Supporters'' and ``Terrorism Moderates.'' Schwarzenegger is doing the same.

Last weekend, several dozen Schwarzenegger volunteers hunkered down in a Los Angeles office to call thousands of potential supporters.

The campaign, working from 48 offices statewide, estimates it has made over 3 million phone calls so far. Each voter is assigned a bar code for tracking purposes, a technique also used by Democrats. With information drawn from the database, the campaign produces a personalized script a volunteer will read over the phone that is based on an issue thought to be of importance to each voter.

This weekend, it ranged from illegal immigration to taxes to abortion regulation. After each conversation, voter responses are recorded and scanned into the computer system, further refining each person's profile. Next could be more mailings, more calls or a visit from a campaign volunteer.

But Schwarzenegger and national Republicans appear to be making more elaborate use of consumer data.

``After 2004, the world changed,'' said Jano Cabrera, a Democratic strategist who advises America Votes. ``Having a bunch of names can only help you so much. Knowing how to target each person on that list helps you a great deal.''
http://www.kansascity.com/mld/kansas...s/15855557.htm





Diebold Quietly Repaired Voting Machines
AP

Diebold Election Systems quietly replaced flawed components in several thousand Maryland voting machines in 2005 to fix a "screen-freeze" problem the company had discovered three years earlier, according to published reports Thursday.

State Board of Elections Chairman Gilles W. Burger said Diebold's failure to fully inform board members of the repairs at the time raises questions about whether the company violated its state contracts.

"This demonstrates the level of contractor oversight that Diebold requires," Burger told The (Baltimore) Sun. "On Monday, I'm going to ask our attorneys to report back to me if there was any violation of the contract and what financial remedies are available to me."

The screen freezes prompted Diebold, a division of ATM maker Diebold Inc., to replace motherboards on 4,700 machines in Allegany, Dorchester, Montgomery and Prince George's counties, The Washington Post reported. Those counties introduced the machines in 2004 in the first phase of Maryland's transition to a uniform electronic voting system.

The unpredictable freezes don't cause votes to be lost, officials said, but they confuse voters and election judges who sometimes wonder whether votes cast on a frozen machine will be counted.

The screen freezes are unrelated to problems in September's primary, when Diebold's electronic voter-registration machines rebooted without warning in every Maryland precinct. The rebooting was caused by a software defect, which Diebold says has been corrected.

Both newspapers based their reports partly on documents obtained by the activist group TrueVoteMD, whose members have sued the state to make the voting system more secure. Documents obtained by the group's attorneys reveal details about who knew about the problem, and when.

According to an internal Diebold e-mail, the company temporarily stopped producing the voting machines on March 11, 2002, after reports that the units - the same kind that were delivered to Maryland that year - were malfunctioning.

Mike Morrill, a spokesman for Diebold in Maryland, told The Sun the company stopped production to fix the problem, then tested every motherboard when assembly was restarted. Maryland wasn't notified at the time, the Sun reported.

In April 2005, responding to questions from Maryland elections chief Linda H. Lamone, Diebold President Tom Swidarski wrote that any unit that had passed the test had been deemed safe. Morrill told The Sun the company eventually found that the test was inadequate.

Morrill told the Post the company didn't finish researching the screen freezes until early 2005, when it agreed to replace all the motherboards - main circuit boards in computers - to guarantee that the problem wouldn't recur.

Burger told The Sun that he and fellow members initially were told that Diebold was performing a "technical refresher" of the voting machines.

However, Morrill told the Post the company had "publicly disclosed" information about the problem and its solution in communications with the State Board of Elections staff, including a six-page letter to Lamone.

Burger told the Post that if Lamone had withheld information about the motherboards, "I think she is not carrying out her duties as a public official." Burger and other appointees of Gov. Robert Ehrlich sought in 2004 to oust Lamone, a move that was blocked in court.

Ross Goldstein, deputy state elections administrator, also said board members could have learned details of the technology refresh if they had asked, and he defended Diebold's handling of the problem. "They have updated all the units, and the problem has been resolved," he said.
http://hosted.ap.org/dynamic/stories...10-27-07-10-51





Diebold Source Code Leaked Again
Robert McMillan

Source code to Diebold Election Systems Inc. voting machines has been leaked once again.

On Wednesday, former Maryland state legislator Cheryl C. Kagan was anonymously given disks containing source code to Diebold's BallotStation and GEMS (Global Election Management System) tabulation software used in the 2004 elections. Kagan, a well-known critic of electronic voting, is Executive Director of the Carl M. Freeman Foundation, a philanthropic organization based in Olney, Maryland.

The disks were created and distributed by two federal voting machine testing labs run by Ciber Inc. and Wyle Laboratories Inc. They had been testing systems on behalf of the state of Maryland, Diebold said in a statement.

This is not the first time that Diebold source code has been leaked. In early 2003, Diebold critic Bev Harris uncovered similar source code while conducting research using Google Inc.'s search engine.

Soon after, researchers at Johns Hopkins University and Rice University published a damning critique of Diebold's products, based on an analysis of the software.

They found, for example, that it would be easy to program a counterfeit voting card to work with the machines and then use it to cast multiple votes inside the voting booth.

Diebold says it has since introduced security enhancements to its products, but the fact that the company's sensitive source code has again leaked out is not a good sign, according to Avi Rubin, a computer science professor with Johns Hopkins and one of the authors of the 2003 report.

The first leak should have taught Diebold a lesson on securing its source code, he said. "You would think that given the amount of embarrassment that caused them, they would do a better job of protecting it."

Rubin, who was shown the latest source code by a reporter at the Washington Post, said that it appeared to be "just another version" of the code that was published in 2003.

The disks came with a letter that was highly critical of Maryland State Administrator of Elections Linda Lamone, Rubin said on his blog. "It read like it was from somebody with a very, very serious axe to grind," he said. "It was one of the more outlandish things I've read."

Rubin believes the disks were given to Kagan because of her past criticism of electronic voting machines. "I guess whoever did this knew she would pursue it doggedly, which she did."

Diebold said the source code was for BallotStation 4.3.15C, which is no longer being used in the U.S., and for GEMS 1.18.19, which is being used in a "limited number of jurisdictions."

The FBI is investigating the leak, Diebold said.

The leak comes with just three weeks before elections in the U.S., but Maryland Board of Elections Deputy Administrator Ross Goldstein expressed confidence in the Diebold voting machines. The leaked code was "not software that's in use in this election," he said. "The software now is different and has many more security features."

Diebold echoed Goldstein's comments. "Voters and election officials can be confident that on Election Day, votes and vote totals will be safe, secure and accurate," the company said.

Kagan, however, wasn't so sure, saying that the security of the source code raised concerns. "The idea that it could be that readily available and could be delivered to me and who-knows-who-else around the state [is disturbing]," she said. "Who know what any other people may be doing with it?"
http://www.computerworld.com/action/...icleId=9004339





Computer Voting Disks Likely Made For Testers

Md. Assembly Sought Security Check in 2003
Cameron W. Barr

A Maryland election official said yesterday that possibly stolen computer disks believed to be electronic voting software were "apparently produced" for use by a testing firm hired by the Maryland legislature in November 2003.

Ross Goldstein, deputy administrator of the Maryland State Board of Elections, said documents indicate that the disks were sent to Maryland so Raba Technologies Inc. could assess the security of the state's electronic voting system, which is provided by Diebold Election Systems. A receptionist at Raba, based in Columbia, declined to comment yesterday after consulting with her supervisor.

Labels on the disks indicate that they contain the versions of two Diebold programs that powered electronic voting machines in Maryland in 2004, Goldstein said Thursday. Diebold said one version of one program is still in use in some jurisdictions elsewhere in the United States.

Cheryl C. Kagan, a former Maryland delegate who has questioned the security of electronic voting systems, said the disks were delivered anonymously to her office in Olney on Tuesday.

State elections administrator Linda H. Lamone has asked the FBI to investigate the apparent theft and leaking of proprietary voting software.

Critics of electronic voting said the most recent incident in Maryland casts doubt on Lamone's claim that Maryland has the nation's most secure voting system. "There now may be numerous copies of the Diebold software floating around in unauthorized hands," said Linda Schade, co-founder of TrueVoteMD, which has pressed for a system that provides a verifiable paper record of each vote.

Yesterday, Henry Fawell, a spokesman for Gov. Robert L. Ehrlich Jr. (R), said the suspected leak "raises yet another unanswered question about the Diebold technology on which our election system depends." Ehrlich initially supported the Diebold technology but in recent years has said Maryland should switch to a system that provides a paper trail.

Some computer scientists said the incident shows why the makers of voting systems should publicly disclose their software. "It's hard to keep a secret like this for a long time," said Edward Felten, a Princeton University computer scientist who demonstrated in September how Diebold's machines could easily be hacked. The company called Felten's work inaccurate and unrealistic.

The Washington Post, which obtained copies of the disks Wednesday to verify them, agreed yesterday to Diebold's request to return them.

Kagan said that she expects to meet with FBI agents next week and that she was prepared to grant the FBI's request to turn over the disks.

The disks bear logos from two other testing companies, Ciber Inc. and Wyle Laboratories, which Diebold hired to test its voting system. Maryland retained Raba in 2003 to conduct a security assessment after an academic study revealed vulnerabilities in Diebold's system, said Karl S. Aro, executive director of the Department of Legislative Services.

Aro said he believes that Diebold made its own arrangements to transmit the software to Raba. "To my knowledge, [Aro's staff] never touched those disks," Aro said.

Diebold spokesman Mark Radke said: "We contacted Ciber and Wyle and asked them to send the software directly to someone in Maryland." He said he could not confirm if the recipient was Raba or an intermediary.

Felten, the Princeton computer scientist, said public disclosure of the core instructions or "source code" that powers electronic voting machines would enhance security by allowing experts to find flaws that could then be corrected.

David Jefferson, a computer scientist at Lawrence Livermore National Laboratory who advises California's secretary of state on election matters, said the source code should be public precisely because it is part of voting systems. "Our democratic process has to be completely open, and we cannot conduct transparent elections on top of secret software," he said.

Michael I. Shamos, a computer scientist at Carnegie Mellon University, said the appearance of the disks in Kagan's office is "essentially meaningless." He said electronic voting source code should be disclosed because of the public's strong interest in the credibility of voting systems. "Since the disclosure of source code is a good thing," he asked, "why should we be complaining when some gets disclosed?"

"Anything that happens to convince the makers of voting software to drop the nonsensical claim of 'trade secrets' is a good thing," Shamos said.

Radke said the company was not averse to disclosing its code if the law were changed to require it. But he said disclosure would dampen innovation in the field.

Avi Rubin, a computer scientist at Johns Hopkins University who reviewed the software Wednesday at the request of The Post, said he was all but certain that the material on the disks was Diebold software.
http://www.washingtonpost.com/wp-dyn...102001542.html





Report Warns of Potential Voting Problems in 10 States
Amy Goldstein

Two weeks before the midterm elections, at least 10 states, including Maryland, remain ripe for voting problems, according to a study released yesterday by a nonpartisan clearinghouse that tracks electoral reforms across the United States.

The report by Electionline.org says those states, and possibly others, could encounter trouble on Election Day because they have a combustible mix of fledgling voting-machine technology, confusion over voting procedures or recent litigation over election rules -- and close races.

The report cautions that the Nov. 7 elections, which will determine which political party controls the House and Senate, promise "to bring more of what voters have come to expect since the 2000 elections -- a divided body politic, an election system in flux and the possibility -- if not certainty -- of problems at polls nationwide."

In a state-by-state canvass, the 75-page report singles out places, such as Indiana and Arizona, where courts have upheld stringent new laws requiring voters to show poll workers specific forms of identification. It cites states such as Ohio and Pennsylvania, which have switched to electronic voting machines whose accuracy has been challenged. And it points to states such as Colorado and Washington, which have departed from the tradition of polling sites in neighborhood precincts.

The report of the clearinghouse, sponsored by the Pew Charitable Trusts, is the latest of several warnings in recent weeks and months by organizations and scholars who say that electoral problems persist in spite of six years of efforts by the federal government and states to correct voting flaws. The flaws gripped the public's attention after the close 2000 presidential election, which led to recounts in Florida and the intervention of the Supreme Court.

The election shambles of 2000 prompted Congress to pass in 2002 legislation intended to help states make significant election changes, such as by replacing outdated voting equipment. Some of the changes, including making sure that databases of registered voters are accurate, were required to be in effect by this year.

Doug Chapin, director of Electionline.org, said "things are getting better over time." But he said many of the changes in recent years have led to new problems and disputes. For instance, the decisions by many states to convert to electronic voting machines have yielded new concerns about whether they are secure and accurate, about paper records as backup proof and -- this year -- about whether the electronic or paper record should be considered the official tally if a candidate demands a recount.

The report cites Maryland for what it calls a "dismal primary" in September that "included human and machine failures galore," in part because Montgomery County election officials forgot to distribute to polling places the access cards needed for its electronic machines to work. The study raises questions about whether Montgomery officials are prepared for the bigger crowds in the general election and whether large numbers of mistrustful voters will resort to absentee ballots.
http://www.washingtonpost.com/wp-dyn...102401168.html





E-voting Critics Claim That Systems Used in Europe Have Security Flaws
Mike Bucken

A team of Dutch researchers who belong to a group that advocates against the use of e-voting systems said this month that they have found security flaws in machines used in most of the Netherlands and in parts of Germany and France.

The alleged security shortcomings in the ES3B voting systems were detailed in a report that was posted this month on the Web site of an organization called Wij Vertrouwen Stemcomputers Niet (“We Don’t Trust Voting Computers”). The researchers are members of the Amsterdam-based group, which has called for a return to paper ballots.

The ES3B systems were jointly developed by Groenlo-based hardware vendor NV Nederlandsche Apparatenfabriek, which is known as Nedap, and Groenendaal Uitgeverij BV, a software developer in Hilversum, Netherlands.

The report was based on a month-long examination of three ES3B machines that the report said are similar to the ones used by 90% of the voters in the Netherlands. The probe found that hackers “can gain complete and virtually undetectable control over the election results,” the researchers wrote.

Nedap officials couldn’t be reached for comment last week. But in a general note on its Web site, the company said it is far more difficult to manipulate votes recorded on e-voting machines than ones cast via paper ballots.
http://www.computerworld.com/action/...ticle_more_bot





Press Release

Evaluation Report of New Methods of Voting - The Chief Electoral Officer Makes a Disturbing Diagnosis of the Problems that Occurred during the Municipal Elections of November 6, 2005

Québec City, October 24, 2006 – Today, the Chief Electoral Officer of Québec, Me Marcel Blanchet, tabled in the National Assembly an evaluation report that makes a troubling diagnosis of the problems that occurred during the municipal elections of November 6, 2005, in some of the 162 Québec municipalities that used new methods of voting. One hundred and forty (140) municipalities used electronic voting while 22 “tested” the postal ballot. “The major problems that were encountered during polling and the release of results have eroded the confidence of many persons regarding the new methods of voting” recalled Me Blanchet. “It was in order to shed light on these events and determine what happened that I created an internal evaluation committee which conducted a review that is unprecedented in Québec.”

An In-depth Review that Used the Expertise of All those Concerned

The evaluation committee that reviewed the November 2005 polls examined:

- the written reports of 144 returning officers, three suppliers of electronic voting services and the supplier of postal ballot services;

- the complaints received by the Chief Electoral Officer following the elections, the motions presented before the courts, as well as judgements rendered by the courts.

The committee also met most of the returning officers as well as several stakeholders in person: services providers, experts, observers and complainants. It also reviewed the rejected ballot papers in seven municipalities, as well as technical audits of electronic ballot boxes and voting terminals used during the municipal elections. For this last stage, the evaluation committee called on the expertise of the Centre de recherche informatique de Montréal (CRIM).

The Problems Encountered in November 2005 are the Result of Many Circumstances

“We all remember the events that marked the municipal elections of November 6, 2005,” recalled the Chief Electoral Officer. “Not only did the systems fail, but the corrective measure proposed were insufficient, poorly adapted and often came too late. The primary objective of our evaluation was not to point fingers since all those involved with the municipal elections of 2005 must share come responsibility for these problems,” explained Me Blanchet. “We are keen to understand certain situations and examine certain problems that arose primarily in order to be able to trace the path toward electronic ballots that, if maintained, should be marked by transparency and integrity that are at the heart of our democratic values,” declared the Chief Electoral Officer.

The root causes of the problems encountered by the various actors of the 2005 municipal elections, include the following:

 an imprecise legislative and administrative framework that did not adequately assign roles and responsibilities or address the risks inherent in electronic voting;
 absence of technical specifications, norms and standards that would have guaranteed the quality and the security of the voting systems used;
 poor management of voting systems (especially lack of security measures) leaving a lot of room for errors, accidents and the absence or insufficiency of solutions in case of problems.

More specifically, it is possible to pinpoint a number of circumstances that increased the risks:

 Voting machines, machines used for quality control of components and machines aimed at ensuring the security of the methods of voting and the integrity of the vote were not adequately tested.
 In most cases, there was no backup plan covering all potential problems.
 Procedures on how to use voting systems were not documented.
 Due to the importance of the technical aspects of the vote, some returning officers had difficulty harmonizing their responsibilities with those of service providers, leading, for instance, to loopholes in the training of election staff
 One of the suppliers overestimated its ability to simultaneously serve a large number of municipalities, particularly the largest municipalities.
 This supplier probably delegated too much responsibility to sub-contractors (especially regarding training).
 Imprecise contracts and incomplete specifications blurred the relationships between municipalities and their service providers.
 There were no independent experts on electronic voting to whom returning officers could turn.

“Ten years of using electronic voting with no major problem, ten years of increasing satisfaction by municipalities who kept asking for it, had given some credibility to this new approach to holding elections,” surmised Me Blanchet. “What we experienced on November 6, 2005, and what our examination of the situation revealed, should convince us that this approach is more risky than earlier thought,” concluded the Chief Electoral Officer.

It is worth recalling that in Québec, a municipal election involves all democracy partners. Thus, under the Act Respecting Elections and Referendums in Municipalities, a Québec municipality that would like to hold an election using electronic voting or the postal ballot has to sign a memorandum of understanding with the minister of Municipal Affaires and Regions and the Chief Electoral Officer. The Act Respecting Elections and Referendums in Municipalities also states that it is a municipal actor, that is, the returning officer, who is in charge of the election and has responsibility for election operations, including honouring and administering the contract signed between his municipality and a supplier, for instance, of electronic voting systems. The Chief Electoral Officer, for his part, provides assistance to returning officers who so request and may, in keeping with his responsibilities and expertise in election matters, examine special situations and make recommendations.
http://www.electionsquebec.qc.ca/en/...d=2152&typeN=2





Early and often

How to Steal an Election by Hacking the Vote

Jon "Hannibal" Stokes
One bad apple...

What if I told you that it would take only one person—one highly motivated, but only moderately skilled bad apple, with either authorized or unauthorized access to the right company's internal computer network—to steal a statewide election? You might think I was crazy, or alarmist, or just talking about something that's only a remote, highly theoretical possibility. You also probably would think I was being really over-the-top if I told you that, without sweeping and very costly changes to the American electoral process, this scenario is almost certain to play out at some point in the future in some county or state in America, and that after it happens not only will we not have a clue as to what has taken place, but if we do get suspicious there will be no way to prove anything. You certainly wouldn't want to believe me, and I don't blame you.

So what if I told you that one highly motivated and moderately skilled bad apple could cause hundreds of millions of dollars in damage to America's private sector by unleashing a Windows virus from the safety of his parents' basement, and that many of the victims in the attack would never know that they'd been compromised? Before the rise of the Internet, this scenario also might've been considered alarmist folly by most, but now we know that it's all too real.

Thanks the recent and rapid adoption of direct-recording electronic (DRE) voting machines in states and counties across America, the two scenarios that I just outlined have now become siblings (perhaps even fraternal twins) in the same large, unhappy family of information security (infosec) challenges. Our national election infrastructure is now largely an information technology infrastructure, so the problem of keeping our elections free of vote fraud is now an information security problem. If you've been keeping track of the news in the past few years, with its weekly litany of high-profile breeches in public- and private-sector networks, then you know how well we're (not) doing on the infosec front.

Over the course of almost eight years of reporting for Ars Technica, I've followed the merging of the areas of election security and information security, a merging that was accelerated much too rapidly in the wake of the 2000 presidential election. In all this time, I've yet to find a good way to convey to the non-technical public how well and truly screwed up we presently are, six years after the Florida recount. So now it's time to hit the panic button: In this article, I'm going to show you how to steal an election.

Now, I won't be giving you the kind of "push this, pull here" instructions for cracking specific machines that you can find scattered all over the Internet, in alarmingly lengthy PDF reports that detail vulnerability after vulnerability and exploit after exploit. (See the bibliography at the end of this article for that kind of information.) And I certainly won't be linking to any of the leaked Diebold source code, which is available in various corners of the online world. What I'll show you instead is a road map to the brave new world of electronic election manipulation, with just enough nuts-and-bolts detail to help you understand why things work the way they do.

Along the way, I'll also show you just how many different hands touch these electronic voting machines before and after a vote is cast, and I'll lay out just how vulnerable a DRE-based elections system is to what e-voting researchers have dubbed "wholesale fraud," i.e., the ability of an individual or a very small group to steal an entire election by making subtle changes in the right places.

So let's get right down to business and meet the tools that we're going to use to flip a race in favor of our preferred candidate.

Note: I'm not in any way encouraging anyone to actually go out and steal an election. This article is intended solely as a guide to the kinds of information and techniques that election thieves already have available, and not as an incitement to or an aid for committing crimes.

E-voting 101: touch-screen machines and optical scanners

There are many different types of electronic voting machines available from a whole host of large and small vendors, but this article will focus primarily on one type: the direct-recording electronic (DRE) voting machine. Nonetheless, optical scanners are vulnerable to many of the same exploits that I'll describe for the DRE; the only difference is that optical scanners leave a reliable paper audit trail that could be used to tell if an election has been tampered with, but such audits must actually be carried out to have any impact.

DREs and optical scanners are far and away the two most popular types of voting machine in use today. The following statistics break down by popularity the types of voting machines used in 2006:
Voting equipment reported for the 2006 electionsType of voting equipment Counties Registered voters*
Number Percentage Number Percentage
Punch card 124 3.98 5,166,247 3.03
Lever 119 3.82 17,356,729 10.18
Paper ballots 176 5.65 653,704 0.38
Optical scan 1,502 48.23 69,517,991 40.79
Electronic 1,050 33.72 66,573,736 39.06
Mixed 143 4.59 11,154,765 6.55
Total 6,114 100 170,423,172 100


* Registered voter counts are from the November 2004 general elections
Source: Election Data Systems

Just to orient ourselves to the basics of electronic voting, let's take a brief look at how votes are cast and counted using each type of machine.
Optical scan machines

In order to cast a vote using an optical scan machine, a voter follows the three steps shown in Figure 1.

Figure 1: Electronic voting using an optical scanner

The three steps depicted in Figure 1 are as follows:

1. After receiving a paper ballot from poll workers, the voter marks her choices on the ballot by filling in bubbles with a pen. (An optical scan ballot looks and functions much like the multiple choice bubble sheets used in standardized tests.)
2. The marked ballot is then fed into the optical scan voting machine, where the voter's choices are translated in the 1s and 0s of computer language and stored, along with the rest of the votes cast on that machine, in the machine's internal memory. (I've depicted the internal storage as a SanDisk Flash PCMCIA card of the type commonly used in the Diebold DRE described below, but other storage formats are possible.)
3. At the end of the election, when all of the votes have been cast and are stored in the optical scan machines, the contents of the machines' internal storage devices are then transmitted to the county Board of Elections (BOE) for tallying and archiving. The marked paper ballots are also archived, in case a manual audit is demanded.

There are some variations in the process listed above (e.g., all of the votes in a single precinct can be tallied before being sent off to the BOE), but in general it describes overall movement of votes in the voting process.
Direct-recording electronic (DRE) machines

The steps involved in voting with DREs are similar to those described for optical scan machines, but there are some critical differences. Figure 2 illustrates what we might call the "life-cycle of a vote" in the DRE-based voting process.

Figure 2: Electronic voting using a DRE

The steps depicted in Figure 2 are as follows:

1. The voter loads his ballot onto the DRE's screen by inserting into the machine the special smart card that he was issued by a poll worker. When the ballot screen appears, the voter marks his selections by touching the appropriate boxes on the screen.
2. The votes are read from the screen by the machine's vote recording software and recorded directly onto the DRE's internal storage, where they're stored along with the other votes that were cast on that machine.
3. At the end of the election, when all of the votes have been cast and are stored in the DREs, the contents of the machines' internal storage devices are then transmitted to the county Board of Elections (BOE) for tallying and archiving.

Note that the voter's choices are only recorded in one place: the internal storage of the DRE. Unlike the optical scan machines, the DRE system provides no permanent, nonelectronic paper record of the voter's intended choices that can be verified by the voter and then archived for possible use in an audit.

Now, the three-step process described above is vulnerable at multiple points in each stage. Here are just a few examples to illustrate what I'm talking about:

• Step 1: The machine could be tainted with vote-stealing software, or the voter could taint the machine with vote-stealing software by gaining access to it.
• Step 2: If the machine is tainted, then it can incorrectly record the vote. Or, if the voter has managed to make a supervisor card for himself, he can vote multiple times, delete votes, or disable the machine entirely.
• Step 3: If the centralized machine that does the vote tallying is tainted, then not only can it skew the election results, but it can also infect any DRE that connects directly to it, or it can taint any storage card that's plugged into it.

You might think that the supervisor smartcard cloning, viruses, and unauthorized accesses that I've described above are purely hypothetical. If the DRE in question is the popular Diebold AccuVote TS, then they're not at all hypothetical. All of the attacks that I just summarized, and many more, have been implemented by multiple teams of security researchers. Just for kicks, take a break from reading and go watch this little demonstration video.

But before we talk in more detail about the AccuVote, let's take a step back and get a big-picture look at the kinds of new opportunities that the would-be election thief has at her disposal, thanks to DREs.

Bad apples and barrel sizes, or how to do a lot with a little

If we want to steal an election, then ideally we want as few warm bodies in on the scam as possible. All of the old-school election manipulation tricks, like voter intimidation, vote-buying, turn-out suppression, and so on, require legions of volunteers who know exactly what's going on; but in the new era of electronic vote tampering, an election thief can do a whole lot more with a whole lot less.

Election security experts break down voting fraud types into two main categories, based on how many bad apples it takes to swing an election: retail fraud and wholesale fraud. Retail fraud is the kind of election fraud that's most familiar to us, because it has been around for the longest time. In general, retail fraud involves multiple bad apples at the precinct level, carrying out any number of bad acts involving multiple voters and voting machines. Some examples of retail fraud are ballot stuffing, restricting polling place access by means of intimidation, vandalizing individual machines to make them unusable, counterfeiting ballots, and so on.

Wholesale fraud is relatively new, and it involves a single bad apple who can affect an election's outcome at the precinct, county, and state levels. (Actually, by this definition, wholesale fraud is as old as the poll tax. But let's stick to wholesale fraud involving electronic voting machines for now.) So with wholesale fraud, one bad apple can affect different barrels of various sizes, depending where in the election process she's placed.

The table below breaks down the newer types of fraud that electronic voting machines have made available to election thieves:

Wholesale and retail fraud Wholesale Retail
Detectable • Altering the vote tabulation process
• Altering the record of tabulated results • Multiple voting
• Deleting votes
• Disabling a machine
• Invalidating all the votes on a machine
Undetectable • Altering the vote tabulation process
• Altering the vote recording process
• Altering the record of votes • Altering the vote recording process
• Altering the record of votes

In this table, "detectable" denotes instances of tampering and fraud where we could potentially know that something went wrong with the vote, even if we're not sure what has happened or how. Undetectable fraud denotes fraud that's absolutely impossible to detect after the fact (short of a whistleblower coming forth), and that's functionally impossible to detect before the fact due to time and resource constraints on pre-election machine testing.

The scariest part of Table 2's list of e-voting fraud types is the box where the "Undetectable" row and the "Wholesale" column intersect. Undetectable wholesale fraud is the ultimate apocalyptic scenario for security analysts, and for democracy—it's the briefcase nuke in downtown Manhattan, or the human-transmissible bird flu strain in the international terminal of LAX.

Because undetectable wholesale election fraud is the holy grail of anyone who wants to steal an election, I'll spend the rest of this article discussing it in some detail. Along the way, you'll also see that most of the attacks I'll cover can also be carried out on the retail level, as well.

Narrowing the focus: the Diebold AccuVote TS

Even after the passage of the Help America Vote Act (HAVA) in 2002, national election standards at all levels of the electoral process—site security, machine security, election procedures, auditability requirements, dispute resolution, etc.—are either extremely weak or, in many cases, simply ignored by states and counties. Because of the extraordinary variability of voting technologies and procedures from state to state, the entire country presents a morass of special cases to the writer who would lay out a generally applicable scenario of electronic election theft.

Because the technologies, techniques, and procedures at issue vary so widely, it's necessary for me to narrow the focus of the present discussion to one particular DRE voting machine: the Diebold AccuVote TS.

The Diebold AccuVote TS is one of the most popular DRE voting machines currently in use. Georgia and Maryland have both standardized on this model across the state, and Diebold claims that over 130,000 of its AccuVote TS and TSx (an updated model) machines are now in use across America.
Diebold AccuVote TS specsProcessor 118 MHz Hitachi SH3
Storage 16MB RAM, 32MB on-board Flash, 128K EPROM, Removable Flash PCMCIA card
I/O Keyboard, modem (PCMCIA), IrDA, headphone jack
Firmware Custom Diebold firmware
Operating system Windows CE 3.0
Application software Custom Diebold system software
Display Touchscreen, thermal roll printer (for printing a zero tape and final vote tallies)

The AccuVote TS is also the DRE that has been subjected to the most scrutiny by the infosec community, mainly because its source code has been widely available on the Internet. Much of what I'll say about the AccuVote will apply to other DRE systems as well. Some specific vulnerabilities, like the unencrypted ballot definition file described later, are probably peculiar to the AccuVote, but many of the overall types of attacks enumerated here apply to other DREs. (It's hard to say which other other DREs are vulnerable to which attacks, because we don't have source code for the others so it's harder to know how secure they are.)
Casting (and cracking) a vote on the Diebold AccuVote TS

In a previous section, we went over the basics of voting on a DRE. Now let's step back a bit and look at a picture of the entire voting process using an AccuVote.

Figure 3: Electronic voting using a Diebold AccuVote TS

Here are the steps described in detail:

1. After showing proper identification, the voter is issued an activated smart card. This card enables the voter to vote one ballot and one ballot only.
2. The voter inserts the smart card into the machine. Once inserted, the smart card tells the AccuVote which races the voter is authorized to vote in. The AccuVote then loads the ballot definition file (BDF) that's appropriate for that voter. The AccuVote's internal software uses the BDF to display the ballot on the touchscreen.
3. The voter votes by touching his selections on the screen. Once the electronic ballot is complete, the machine asks the voter to verify his selections before recording them directly onto an internal storage device. The AccuVote's internal storage device is a PCMCIA Flash memory card.
4. The voter removes the smartcard, which is now deactivated and cannot be used again until it is reactivated.
5. The voter returns the smartcard to the poll worker, who then reactivates it for issuing to another voter.

The voting process described here is vulnerable to multiple types of retail fraud at almost every point. Because the focus of this article is on wholesale fraud, I'm only going to briefly a few of the retail fraud mechanisms, just to give you a taste for Diebold's overall approach to security:

• The Ohio Compuware report describes how to turn a voter card into a supervisor card, which can then be used to cast multiple votes, delete votes, or shut down the machine, using a PDA with a smartcard attachment.

• In order to use a supervisor card to access the AccuVote, you must first enter a four-digit PIN. In version of the machine that was in use as late as 2003, the exact same supervisor PIN was hard-coded into every single AccuVote TS shipped nationwide. That PIN was 1111. (I am not making this up.) This is still the default PIN for these machines, although the county can change it on a machine-by-machine basis if they have the workers and the time.

• All of the AccuVotes have the same lock securing the PCMCIA slot that contains the Flash card with all the votes on it. When I say the "same" lock, I mean the exact same key opens all of the machines. But even if you don't have one of the tens of thousands of copies of this key that are floating around, the lock can be picked by an amateur in under 10 seconds. The Princeton video has a nice demo of this. Once you have access to the PCMCIA slot, you can do all kinds of great stuff, like upload vote-stealing software (a simple reboot will cause the machine to load software from whatever you've put in the PCMCIA slot), crash the system, delete all the votes on the machine, etc.

• Some localities have taken to securing the PCMCIA slot with security tape or plastic ties. The idea here is that a cut tie or torn tape will invalidate the results of that machine, because poll workers can't guarantee that it wasn't compromised. There are two things wrong with this scheme:

1. If you want to invalidate all the results stored in machines in a precinct that favors your opponent, just cut the tape or the ties on those machines. If the election supervisor sticks to the rules, then he or she will be forced to throw out all of those votes.

2. According to author, security researcher, and Maryland election judge Avi Rubin, one would almost have to have a CIA background to be able to tell if the security tape applied to the AccuVotes in the Maryland primary had been removed and reapplied.

I won't rehearse the rest of the long list of retail fraud opportunities made available by the AccuVote TS. Some searching will turn up dozens of reports and thousands of web pages with as much detail as you can stand on how to create mischief with these machines in a polling booth. Now it's time to move on to the good stuff: undetectable wholesale fraud.

Wholesale fraud on the AccuVote TS

In order to understand how we can commit wholesale fraud on the AccuVote TS, we first need to know a bit more about how the system is structured. In particular, we have to take a closer look at the unit's software, and how it records votes.

Computer scientists often speak of the multiple levels of software that make up a system as a "software stack." Each layer in the stack supports the layer above it, and malicious code in a low-level layer can affect all of the layers above.

Figure 4: The Diebold AccuVote TS software stack

As you can see from Figure 4, the AccuVote's software stack consists of three primary layers. At the lowest level, closest to the hardware, sits the firmware layer. The AccuVote's firmware is the first program to be loaded into memory when the machine boots, and it takes care of loading the next layer of the stack, which is the operating system.

Note: Because all of a DRE's software loads from a pool of internal Flash memory, DRE vendors tend to refer to every piece of software in the system as "firmware." In this article, I'll stick to the standard firmware/OS/application distinction, just to avoid confusion.

The AccuVote's operating system is a custom version of Windows CE. Diebold licenses Windows CE from Microsoft and modifies it to fit the AccuVote. (For the uninitiated, the operating system is really a collection of different software libraries that handles all of the low-level tasks in the system, like reading and writing to the internal storage device, displaying things like windows and checkboxes on the touchscreen, managing files and applications, and so on.)

When Windows CE boots on the AccuVote, it loads the main system software application that actually handles the ballot display and voting process. The system software selects the proper ballot definition file to present to the voter, and it then uses that file to record the voter's selections on the Flash memory card.

So with this concept of a software stack in mind, let's expand step 3 from Figure 2 to see exactly how the AccuVote records the voter's touch-screen selections.

Figure 5: Casting a vote on the Diebold AccuVote TS

As you can see in Figure 5, the voter's selections are read from the touch screen by the AccuVote's internal system software. The system software uses the BDF to translate the selections into a format that can be written to the internal storage card, where they're stored along with all of the other votes cast on that machine.

If you were going to steal an election with an AccuVote, one of the best and easiest methods is to manipulate the ballot definition file. On the AccuVote, the BDF is completely unencrypted, so it just sits there in the machine's memory open to all comers. Malicious software embedded in any layer of the software stack can easily get at the BDF and alter it so that selections made for one candidate are recorded on the machine's memory card for another candidate. If the software is programmed to remove itself after the election, then there would be absolutely no way for anyone to know that the results are fraudulent.

Of course, an attacker with access to any or all of the layers of the software stack can do more than just manipulate the BDF so that votes are misrecorded in real-time. He could conceivably ignore the BDF entirely and just change the machine's vote totals directly on the memory card, so that they produce a desired outcome. Indeed, just as is the case with a regular personal computer, the possibilities for a malicious Trojan to make mischief on the DRE is limited only by the skill and imagination of the attacker.

Ed Felten's team at Princeton was able to quickly upload a vote-stealing Trojan to the AccuVote via the PCMCIA slot in less time than it would take many people to complete an electronic ballot. Furthermore, they also created a viral version of the Trojan that could infect any card inserted into the PCMCIA slot with vote-stealing software that would then infect any machine into which the tainted card was inserted. The newly infected machines would in turn infect other cards, which would infect other machines, and so on. In this way, the vote stealing "Princeton virus" could travel across an entire precinct or county, given enough time.

The viral nature of the Princeton attack is one way to commit wholesale undetectable vote fraud, but there are others that are even more efficient and require no physical access to a machine at any point. Specifically, if any one of the institutions responsible for loading software onto the AccuVote (or any other DRE for that matter) has been compromised, either by an internal mole or an outside cracker who has hacked into the company's internal network, then something like the Princeton virus could be planted in the firmware, operating system, or system software build that goes on machines across an entire county or state.

In other words, you know how Apple just accidentally shipped a few thousand iPods with a Windows virus embedded in them? If you replace "Apple" with "Diebold" and "iPod" with "AccuVote," then you've got a recipe for wholesale election theft.

Think about that for a moment, and let it sink in. To have confidence in the results of an election using DREs, you no longer have to put your trust solely in the security practices at the Board of Elections. Now, you have to have confidence in the security of the DRE vendor's corporate networks, and in their human resources departments, and in the security practices and personnel of anyone else who touches the software that goes into a DRE (i.e. a third-party software vendor).

To give you some perspective on the level of security at voting machine companies, there have been actual incidents that involve intruders breaking into the internal networks of three DRE vendors and gaining access to sensitive information:

1. A hacker penetrated VoteHere's intranet in 2003.
2. Diebold was also the victim of a hacker in 2003, in a highly publicized intrustion in which thousands of internal company emails were stolen and made public.
3. ES&S was burglarized in 2003, and sensitive information, including voting software, was stolen. The company didn't notify the public until three years later.

Figure 6 gives you a visual breakdown of the three main institutions that contribute layers to the AccuVote's software stack: the county Board of Elections, Diebold, and Microsoft. Again, one well-placed bad apple in any one of those institutions, or an unauthorized intruder with access to the right network, could steal a state-wide election in George, Maryland, or any other county or precinct that relies on the AccuVote TS.

Figure 6: The Diebold AccuVote TS software stack

In some cases, the BOE isn't actually involved in creating the ballot definition file. The county's election workforce is so understaffed and starved for volunteers, and the rollout of DREs before an election is so rushed, that some counties and just let Diebold come in and handle the entire election—BDF creation, certification, logic and accuracy testing, set-up, tear-down, the works. The whole election is just handed over the private sector to run, with the county providing practically no oversight because they don't even really know how to use the systems without hand-holding.
Logic and accuracy testing

One of the last lines of defense against the kinds of intrusions described here is the logic and accuracy (L&A) test. The idea behind the L&A is that voting machines are put through a mock election by county officials, and their outputs are compared to their inputs to confirm that the machines are faithfully recording the totals.

There are a few problems with the L&A as a barrier against election fraud. First, the Princeton virus can tell when the machine is doing a self-run L&A test, and it will produce correct results under those conditions. Second, it's not at all difficult to imagine how a Trojan programmer would detect that an L&A test is being carried out: check the system clock to see if the voting is taking place on election day, or on some other day; see if the number of votes cast is less than the expected number; see if the polling lasts for a shorter period of time than expected; and so on.

Finally, each L&A test takes time, which is why it's impossible to fully test every single DRE before an election. If you could ensure that all of the software on a pool of DREs is exactly the same, then you could fully test one DRE in a realistic mock election and be done with it. Such a testing protocol would catch any Trojan embedded in the software stack that was written by an author who's not creative enough to fool a really thorough L&A test. But even the most rigorous and realistic L&A test couldn't thwart a "knock attack."

Briefly, a "knock attack" is where the Trojan doesn't wake up and do its business until it receives a signal of some sort from the attacker. For networked machines, this could be something as simple as a scan on a certain port range. For nonnetworked touchscreen machines, Avi Rubin has suggested that an attacker could touch the screen in certain place, or make a sequence of specific touches (e.g., top left, top right, top left). Or, an attacker could send a signal to the AccuVote's built-in IrDA port with a handheld remote (if there's an IR sensor actually installed and accessible). There are a number of possibilities here, but you get the idea.

Realistically, the L&A is just one of a series of tests that should take place at every step of the voting machine procurement, deployment, and election process. The machines should be audited independently and tested by the government before they're purchased by the state or county; they should be tested on delivery; they should be tested prior to polling; and a random sample should be tested during polling.

Fundamentally, however, it doesn't matter how thoroughly you test a paperless direct-recording electronic voting machine before, during, or after an election. A determined cracker can always find a way to compromise the system in an undetectable way. The only real protection against wholesale election fraud is genuine auditability, and that's a feature that paperless DREs lack by design.

So far in this article, I've covered two of the three bullet points that I listed for undetectable wholesale fraud methods: altering the vote recording process, and altering the record of votes. Now let's look at the remaining fraud method: altering the tabulation process.

(Mis)counting the vote

You might have a hard time imagining that a company like Diebold could ever be compromised from within or without by someone who would want to steal an election by embedding a Trojan in the AccuVote's software stack. Or, alternately, you might have faith that the testing and voting machine certification process in your state is thorough enough to catch even the most cleverly hidden Trojan. Even so, you still shouldn't be complacent about DREs, because there are other moments in the lifecycle of an electronic vote where that vote can be altered.

Figure 7 below shows the process by which votes are collected and tabulated. The steps in the process are as follows:

1. First, the memory cards are removed from all of the machines in a precinct.
2. One of the machines is designated as an accumulator, which means that it's that machine's job to read all of the memory cards, one by one, and compile all of their votes into one master list. So all of the removed memory cards are inserted in the accumulator, one at a time, to have their contents uploaded.
3. All of the accumulator machines in all of the precincts dial into one or more PC servers running Microsoft Windows and Diebold's General Election Management Software (GEMS). Once the accumulators connect to the GEMS server, their vote totals are downloaded and compiled, and an official tally is made.

Figure 7: Tabulating the vote with Diebold hardware and software

Note that DREs from some vendors are made to be networked together throughout a precinct via Ethernet or wireless. In such a configuration the accumulator machine can download all of the votes from the other machines over the network, so no memory cards need to be removed from one machine and reinserted into another.

Those of you who've followed the article thus far and who have any knowledge of information security will immediately spot the vulnerabilities in the process outlined above. Let me run through a few of the opportunities for wholesale fraud that this scheme provides.

First, if the accumulator DRE happens to be running something like the Princeton virus, then it's game over. That one machine can flip the totals on every card that's inserted into it, and there will be no way to detect that any fraud has occurred. If this were happen, all of the results from an entire precinct would be tainted because of one compromised DRE.

If all of the machines in the precinct are networked (God forbid!), then stealing an entire precinct's votes gets even easier. A single compromised machine could infect the accumulator and every other machine on the network, tainting all of the results for that precinct. And if those machines are networked wirelessly(!!), then a fraudster with a laptop and a wireless card in a car outside the precinct building could conceivably have his way with all of the votes in the building.
Cracking the central tabulation (GEMS) server

The GEMS server deserves special attention as a weak point in the design of the overall system. This server is a typical PC with a typical PC software stack. In fact, I could conceivably reuse my depiction of the AccuVote TS software stack in Figure 6 by replacing "Windows CE" with "Windows XP," "System Software" with "GEMS," and "BDF" with "GEMS database."

The GEMS database stores all of the votes collected from precinct accumulators, and it's used to do the vote tabulation for a county. Because it's so sensitive, you might think it would be tightly secured. But you'd be wrong.

The GEMS database is a vanilla, unencrypted Microsoft Access database that anyone with a copy of Access can edit. So if you have physical access to the GEMS server's filesystem (either locally or remotely), then it's not too hard to just go in and have your way with the vote totals. If Access isn't installed on a particular GEMS server, just install it from a CD-ROM, or connect remotely from a laptop and edit the database that way.

Or, if you want to filch the database, upload vote-stealing software, or do something else evil, you could always carry along a USB drive in your pocket.

Many GEMS servers are connected to a modem bank, so that the accumulators can dial in over the phone lines and upload votes. One team of security consultants hired by the state of Maryland found the GEMS bank by wardialing, discovered that it was running an unpatched version of Windows, cracked the server, and stole the mock election. This great Daily Show segment, in which one of the team members describes the attack, states that they did this in under five minutes.

If the GEMS server is somehow connected to the Internet, and some of them are (in spite of Diebold's strong recommendation that they not be), then any one of a million script kiddies who can crack a Windows box can have a field day with the election...

I could go on here with the hypotheticals, but let's take a look at how this is alleged to have played out in the real world, this past August in Shelby County, Tennessee:

Evidence from election official declarations and discovery documents obtained in litigation over a recent election using Diebold machines reveals that:

• Illegal and uncertified Lexar Jump Drive software was loaded onto the Diebold GEMS central tabulator, enabling secretive data transfer on small USB "key chain" memory devices. This blocked election transparency and raises questions as to whether hidden vote manipulation may have taken place.
• Other uncertified software of various kinds was loaded onto the system and, according to the event logs examined, was used. This opened the door for hand-editing of both vote totals and the reporting of election results.
• Evidence of actual attempts to manipulate election reporting results exists. The evidence available wouldn't record successful manipulation, only attempted manipulation, due to software failure. The logs show repeated failed attempts to use an HTML editor.
• According to Shelby County elections officials, they opened the central vote totals repository to widespread network connections. The dispersed nature of access to the central tabulator would prevent finding the perpetrators, even if documentation of manipulation could be achieved—a difficult feat, since the type of hacking enabled by the GEMS program tends to erase evidence.
• In an on-site inspection of the network connections conducted by Jim March, elections department lead computer operator Dennis Boyce pointed to a location on a network interconnection plug panel where the Diebold-supplied GEMS central tabulator is plugged in. No extra security such as a router or firewall was present at the interconnection. This appears to open up access by anybody in county government to the central tabulator.
• At the same on-site inspection, the Diebold-supplied GEMS backup central tabulator had more uncertified software than could be quickly documented—but observers did spot Symantec's PC Anywhere utility. This program would allow opening the machine to outside remote control—the PC Anywhere program allows a remote computer across a dial-up or networked connection to see the screen of the "zombied" computer and operate its keyboard and mouse. To call this a security breach is an understatement.
• At the primary GEMS central tabulator station, all of Microsoft Office 2000 Professional application suite was loaded and working. According to Windows, MS-Access was a frequently used program, the only component of the overall MS-Office suite that was so identified.

Note that I haven't done any journalistic due diligence on this particular report, so I'm obliged not to vouch for its absolute veracity. But my point in reproducing it is that every one of these items is 100 percent plausible, so this incident report paints an extremely realistic portrait of how the GEMS server could be compromised to steal an election.

Finally, before I leave this topic, I want to raise the possibility that a DRE manufacturer could include an undocumented back door in the GEMS server that would leave the machine open to manipulation and fraud. Of course, it may be more than just a possibility. Such a back door has allegedly already been found, as referenced in this CERT bulletin. However, the details here are sketchy, and one researcher that I've talked to says the credibility of this report is suspect. Also, I'm going to give Diebold the benefit of the doubt and assume that this back door (if it exists) was put there for maintenance and/or testing reasons, and that it was never intended to be enabled on a production build of the software.

Spoofing the GEMS server

Physical or remote access to the GEMS server gets you the keys to the electoral kingdom, but those aren't the only ways to exploit the GEMS server to rig an election. To understand another good way to manipulate this system, we have to return to our friend the ballot definition file (BDF).

One of the most shocking revelations that the Johns Hopkins team uncovered in their security analysis of the AccuVote is that the BDF contains all of the information necessary to connect to and upload votes to the GEMS server. From p.22 of Avi Rubin's new book, Brave New Ballot:

We found that in addition to this basic data, the ballot definition file contained more sensitive, security-critical information, including the voting terminal's voting center identification number, the dial-in numbers for the end-of-the-day tally reporting, the network address of the back-end processing server, and a username and password. It was like finding somebody's wallet: in this file you'd have everything needed to impersonate the voting machine to the board of elections servers. Since there was no cryptographic authentication between the voting machines and the tallying servers, someone with a laptop and the information from the ballot definition file could dial into the board of elections computers from anywhere and send in fake vote tallies.

Rubin goes on to allege that after the release of the Hopkins report, Diebold claimed that they fixed this problem. Then a subsequent report showed that, no, they hadn't fixed it. So in response to the new report Diebold claimed to have fixed it again. Who knows if it ever truly got fixed—the Diebold source is closed and proprietary, so we have to continue taking their word for it.

The bad apple chart

The term "black box voting" is commonly used by e-voting activists to describe the nontransparent way in which elections are carried out using direct-recording electronic voting machines, with the idea being that the DRE is a "black box" that tallies votes in an invisible, proprietary, and potentially suspect manner. For my part I think the term "black box" best describes not the DRE, but the DRE manufacturer. The entire voting machine company—its corporate network, its management, its staff, its internal policies and procedures—is a giant black box that we, the voters, must trust is free of malicious influences from within and without.

So if you learn one thing from this article, I hope it's this: DREs multiply tremendously the sheer number of institutions and people that you have to trust in order to have confidence in an election's results. In this last part of the article, I'd like to give you a feel for who you're relying on when you walk into a polling booth this November and make a touchscreen selection for your candidate of choice.

Take a look at Figure 8, which is diagram of inputs and outputs from a generic DRE. This is my own version of a diagram that appears in the Ohio Compuware report.

Figure 8: Who interacts with a DRE

Throughout the course of this article, I've outlined some ways in which a single bad apple in any of these groups could compromise election results. Now I'll sum up that analysis in what I'll call a bad apple chart (really more of a diagram than a chart), shown in Figure 9:

Figure 8: The Bad Apple Chart

The basic idea behind the chart is that you can place a bad apple in any one of the boxes, and any number of the voting machines within that region could be compromised. The "third party system software" referenced in the outermost box could be any third party software used by multiple vendors (here Diebold and ES&S, for example) on either the DREs or the central tabulator PCs. Finally, note that the counties and precincts are sized differently, just to show some variation.

If you wanted to steal an election, the best place to drop a bad apple would be at the operating system vendor. E-voting expert Douglas Jones has proposed the following such scenario, merely as an example to show what's possible:

In the next version of their window manager, a major vendor includes a little bit of code as part of the "open new window on screen" mechanism. If today is the first Tuesday in November of an even numbered year, this code checks the contents of the window. If the window contains the strings "Straight Party," "Democrat," "Republican," "Socialist," and "Reform," and if the window contains a "radio button" widget, allowing the selection of one out of n alternatives, the software would, one time out of ten, exchange the words "Republican" and "Reform."

What does this little bit of code do? On election day, and on no other day, it throws 10 percent of the straight party Republican vote to a large third party that is known to attract many Republican-leaning voters. In closely contested Democratic-Republican contests, this could easily swing the outcome to favor the Democrats, and on a national scale, it could easily provide the winning margin for control of Congress or the White House...

This kind of attack does not require either massive conspiracy or corporate approval or cooperation! So long as a single programmer can covertly incorporate a few lines of simple code into a component that he or she knows will end up in a large fraction of all voting machines, and so long as that code is not subject to exhaustive inspection, the system is vulnerable! Someone intent on fixing an election does not need to buy the support of the company, they only need to buy the support of one programmer with access to a key component!

If you don't think that it's possible someone to buy off, say, an individual programmer with access to the right window manager libraries, or you think that the OS vendor would eventually catch the crack with a source code review (even in spite of clever obfuscation on the part of the mole), then you'll be heartened to know that Jones has confirmed my suspicion that a virus could easily make the modification described above... or, it could make some other, equally clever modification that no one has thought of yet. All that's needed is to get the virus onto a machine at a DRE vendor that houses builds of one or more layers of their DRE's software stack, and you have the capability to do undetectable wholesale fraud.

This last point brings me to next region into which a bad apple could be profitably inserted: the DRE vendor (or the vendor's network). There's no need to say much more about this, though, because most of the article has been taken up with this type of scenario. Bad apples in this area can commit undetectable wholesale fraud.

At the county level, a worker at the BOE has many, many opportunities to commit wholesale fraud by exploiting her regular access to the "machinery of democracy" at all points in the election process to upload vote-stealing software onto a DRE, an accumulator, a central tabulation server, or all three.

Finally, at the precinct level, it's possible for a single bad apple (a poll worker, or even a voter) to commit any number of bad acts: disenfranchisement of a precinct by means of vandalism, multiple voting, deleting votes, uploading vote-stealing software, etc.

Wholesale fraud at the precinct level

You might think that you'd have to commit an infeasibly large number of acts of precinct-level fraud to steal an entire election, but you'd be wrong. Gerrymandered voting districts, in which whole precincts lean heavily in one direction or another, make disenfranchisement attacks on precincts a highly effective form of election fraud.

For attacks like this, urban voters are especially vulnerable, because they have a higher number of populous precincts clustered together in a smaller geographic area. It's much easier to use vandalism (disguised as machine malfunction) to disenfranchise multiple urban precincts on election day than it is go all over the countryside and suburbs in a state like, say, Ohio to break voting machines that are scattered in isolated elementary schools.

Finally, it's extremely important to note that, in the absence of a meaningful audit trail, like that provided by voter-verified paper receipts, it is virtually impossible to tell machine malfunction from deliberate vandalism. Pioneering election security researcher Rebecca Mercuri has told me that she's actually much more concerned about "disenfranchisement of voters due to the strategic denial-of-service that currently masquerades as malfunctions," than she is about "manipulation of election equipment and data files in order to alter election outcomes, although both remain problematic."

When you have a rash of voting machines that have their memories wiped, their votes erased, or their number of votes mysteriously inflated; when you have reports of machines that crash or refuse to respond; when many machines record a vote for the wrong candidate—all of this could just as plausibly be construed as evidence of fraud as it could be of spontaneous malfunction, because there's simply no way to tell the difference in most cases.

Conclusions: take-home points and parting thoughts

The picture that I've painted here about the state of the American electoral system is bleak and depressing. Even more depressing is the fact that absolutely nothing can be done to address these vulnerabilities in any substantial way before the November midterm elections. Really, the only thing that citizens can do for the midterms is get involved by volunteering at their local precinct and keeping their eyes and ears open. Watch everything, and record everything where possible.

Right now, the only thing standing in the way of the kind of wholesale undetectable election theft that this article has outlined is the possibility that DREs were forced onto the public too rapidly for election thieves to really learn to exploit them in this cycle. There's always a gap between when a security vulnerability is exposed and when it's exploited, so let's all hope and pray that November 7 falls within that time window.

In the medium- and long-term, it is just as much of a certainty that many of these vulnerabilities will be exploited as it is that, say, major new Windows security vulnerabilities will be exploited. Indeed, the stakes in stealing an election are much, much higher than they are in the kind of petty hacking that produces today's thriving ecosystem of PC viruses and trojans. I've outlined the way (already widely known) in this article, and I don't doubt that someone, somewhere, has the will to match that way. Unless security practices and electoral procedures are upgraded and standardized across the country, and unless meaningful auditability is mandated (preferably a voter-verified paper trail) nationwide, then the probability of a large-scale election theft taking place approaches certainty the longer we remain vulnerable.

In conclusion, let me summarize what I hope you'll take home with you after reading this article and thinking about its contents:

• Bits and bytes are made to be manipulated; by turning votes into bits and bytes, we've made them orders of magnitude easier to manipulate during and after an election.
• By rushing to merge our nation's election infrastructure with our computing infrastructure, we have prematurely brought the fairly old and well-understood field of election security under the rubric of the new, rapidly evolving field of information security.
• In order to have confidence in the results of a paperless DRE-based election, you must first have confidence in the personnel and security practices at these institutions: the board of elections, the DRE vendor, and third-party software vendor whose product is used on the DRE.
• In the absence of the ability to conduct a meaningful audit, there is no discernable difference between DRE malfunction and deliberate tampering (either for the purpose of disenfranchisement or altering the vote record).

Finally, it's worth reiterating that optical scan machines are vulnerable to many of the same exploits as the DREs on which this article focuses. Optical scan machines do leave a paper audit trail, but that trail is worthless in a state (like Florida) where manual audits of optical scan ballots are not undertaken to clear up questions about the unexpected returns from certain precincts. I've been told that such audits are now prohibited in Florida by law in the wake of the 2000 voting scandal.

Postscript

In researching this article, I talked on- and off-the-record with a number of prominent experts in the electronic voting field. The following e-mail response from computer scientist Peter Neumann sums up the present state of chaos heading into the November midterm election, and it also communicates some of the frustration (and fear) that I heard echoed in the responses of the other researchers whom I questioned.

The problem is much deeper than most people realize. The standards are extremely weak (1990 and 2002 both), and VOLUNTARY. The systems are built to minimum standards rather than attempting to be meaningfully secure. The evaluations are commissioned and paid for by the vendors, and are proprietary. The entire voting process consists of weak links—registration, voter disenfranchisement, voter authentication, vote casting, vote recording, vote processing, resolution of disputes (which is essentially nonexistent in the unauditable paperless DREs), lack of audit trails, and so on. You cannot begin to enumerate the badness of the present situation.

Paradoxically, the media blizzard of disparate facts, figures, vulnerabilities, acronyms, and bad news from a huge list of states, counties, and precincts, is in large measure responsible for the current lack of an all-out panic among the public and political classes as we head into the November mid-terms. This steadily roiling storm of e-voting negativity has resulted in a general uneasiness with DREs among the public and the media, but the threat feels diffuse and vague precisely because there are just so many things that could go wrong in so many places.

To get a sense of the problems that security researchers have in boiling all this bad news down into a single threat scenario that's vivid enough to spur the public to action, just imagine yourself travelling back in time to 1989 to testify before Congress about "the coming plague of identity theft." Or how about, "the rising terrorist threat from Islamic fundamentalism."

My own personal fear is that, by the time a whistleblower comes forth with an indisputable smoking gun—hard evidence that a large election has been stolen electronically—we will have lost control of our electoral process to the point where we will be powerless to enact meaningful change. The clock is ticking on this issue, because a party that can use these techniques to gain control of the government can also use them to maintain control in perpetuity.
http://arstechnica.com/articles/culture/evoting.ars





Lawmakers Pushing for Paper Trail As Backup
Leef Smith

A computer glitch that alters the names of some candidates on electronic ballots in three Virginia cities helps prove the need to create a paper record of each vote cast, two state lawmakers said yesterday.

Del. Timothy D. Hugo (R-Fairfax) and Sen. Jeannemarie Devolites Davis (R-Fairfax) said at a news conference in Fairfax County that the computer errors in Alexandria, Falls Church and Charlottesville show that legislation is necessary to ensure the accuracy of electronic voting throughout Virginia.

Alexandria officials said earlier this week that a change to a larger type size on the summary page of the electronic ballot distorts candidates' names. U.S. Senate candidate James Webb (D), for example, appears as "James H. 'Jim' " on the summary page.

Officials stressed that the page on which voters actually make their selections contains the full names; the summary page shows voters all their selections before they cast their ballot. State election officials say the glitch will not affect the outcome of races and have pledged to correct the problem by the 2007 statewide elections.

"Those events erode voter confidence," Devolites Davis said. "Accuracy and confidence in that accuracy is of the utmost importance to both the voters and candidates."

Lawmakers introduced a bill in the last General Assembly session that would require the Virginia State Board of Elections to design a pilot program to test electronic voting equipment and paper records. The bill was not approved. With the Nov. 7 election less than two weeks away, Hugo and Devolites Davis are renewing their call for paper records.

A paper record "gives voters an opportunity to double-check their votes and make sure they have been recorded as intended," Devolites Davis said.

Hugo said the need for safeguards has never been more obvious, citing recent troubles during Maryland's primary election that prompted Gov. Robert L. Ehrlich Jr. (R) to suggest the state revert to a paper ballot system for the Nov. 7 election.

"You get a [paper] receipt at the ATM and Safeway," said Hugo, who along with Devolites Davis led a two-year study of Virginia's voting system. "That way there's a backup if you need it."

Virginia localities have largely turned to touch-screen machines that don't generate a paper record of individual votes. But there are technologies available that do. One is a box, similar to a printer, that can be attached to the touch-screen machines. The boxes display printed paper slips that show voters how their choices will be recorded. The records are stored within the machines and then, depending on the state, filed by election officials.

A few jurisdictions, including Loudoun and Stafford counties, use a hybrid system in which voters fill out paper ballots, indicating their choices by marking bubbles resembling those on the SAT, and then insert them into optical scanning machines. If necessary, the paper ballots can be used to verify the machine results.

Devolites Davis said that confidence in the voting system comes with a cost. Although the numbers are still be tabulated, she said, buying printers or switching to optical scanning equipment could be expensive. Devolites Davis said she would like Congress to give the states money to make the changes. If Congress won't, it will be up to the states, she said.

"About 95 percent of the computer scientists out there . . . believe that [electronic] voting machines are not trustworthy as they are built," said Jeremy Epstein, a computer security architect who was on the legislative subcommittee that studied Virginia's voting system. "It's important to recognize they aren't foolproof. Adding paper is a way to solve the problem."
http://www.washingtonpost.com/wp-dyn...102501918.html





A New Campaign Tactic: Manipulating Google Data
Tom Zeller Jr.

If things go as planned for liberal bloggers in the next few weeks, searching Google for “Jon Kyl,” the Republican senator from Arizona now running for re-election, will produce high among the returns a link to an April 13 article from The Phoenix New Times, an alternative weekly.

Mr. Kyl “has spent his time in Washington kowtowing to the Bush administration and the radical right,” the article suggests, “very often to the detriment of Arizonans.”

Searching Google for “Peter King,” the Republican congressman from Long Island, would bring up a link to a Newsday article headlined “King Endorses Ethnic Profiling.”

Fifty or so other Republican candidates have also been made targets in a sophisticated “Google bombing” campaign intended to game the search engine’s ranking algorithms. By flooding the Web with references to the candidates and repeatedly cross-linking to specific articles and sites on the Web, it is possible to take advantage of Google’s formula and force those articles to the top of the list of search results.

The project was originally aimed at 70 Republican candidates but was scaled back to roughly 50 because Chris Bowers, who conceived it, thought some of the negative articles too partisan.

The articles to be used “had to come from news sources that would be widely trusted in the given district,” said Mr. Bowers, a contributor at MyDD.com (Direct Democracy), a liberal group blog. “We wanted actual news reports so it would be clear that we weren’t making anything up.”

Each name is associated with one article. Those articles are embedded in hyperlinks that are now being distributed widely among the left-leaning blogosphere. In an entry at MyDD.com this week, Mr. Bowers said: “When you discuss any of these races in the future, please, use the same embedded hyperlink when reprinting the Republican’s name. Then, I suppose, we will see what happens.”

An accompanying part of the project is intended to buy up Google Adwords, so that searches for the candidates’ names will bring up advertisements that point to the articles as well. But Mr. Bowers said his hopes for this were fading, because he was very busy.

The ability to manipulate the search engine’s results has been demonstrated in the past. Searching for “miserable failure,” for example, produces the official Web site of President Bush.

But it is far from clear whether this particular campaign will be successful. Much depends on the extent of political discussion already tied to a particular candidate’s name.

It will be harder to manipulate results for searches of the name of a candidate who has already been widely covered in the news and widely discussed in the blogosphere, because so many links and so many pages already refer to that particular name. Search results on lesser-known candidates, with a smaller body of references and links, may be easier to change.

“We don’t condone the practice of Google bombing, or any other action that seeks to affect the integrity of our search results,” said Ricardo Reyes, a Google spokesman. “A site’s ranking in Google’s search results is automatically determined by computer algorithms using thousands of factors to calculate a page’s relevance to a given query.”

The company’s faith in its system has produced a hands-off policy when it comes to correcting for the effects of Google bombs in the past. Over all, Google says, the integrity of the search product remains intact.

Writing in the company’s blog last year, Marissa Mayer, Google’s director of consumer Web products, suggested that pranks might be “distracting to some, but they don’t affect the overall quality of our search service, whose objectivity, as always, remains the core of our mission.”

Still, some conservative blogs have condemned Mr. Bowers’s tactic. These include Outside the Beltway, which has called him “unscrupulous,” and Hot Air, which declared the effort “fascinatingly evil.”

But Mr. Bowers suggested that he was acting with complete transparency and said he hoped political campaigns would take up the tactic, which he called “search engine optimization,” as a standard part of their arsenal.

“I did this out in the open using my real name, using my own Web site,” he said. “There’s no hidden agenda. One of the reasons for this is to show that campaigns should be doing this on their own.”

Indeed, if all campaigns were doing it, the playing field might well be leveled.

Mr. Bowers said he did not believe the practice would actually deceive most Internet users.

“I think Internet users are very smart and most are aware of what a Google bomb is,” he said, “and they will be aware that results can be massaged a bit.”
http://www.nytimes.com/2006/10/26/us...rssnyt&emc=rss





Gov't Issues Recall for Sony Batteries

A voluntary recall of 340,000 laptop batteries made by Sony Corp., part of a voluntary global replacement program, was officially announced Monday in the United States.

Last week, Tokyo-based Sony said the record recall involved nearly 10 million batteries worldwide. The Consumer Product Safety Commission, the government's consumer-watchdog agency, issued the formal recall notice for U.S. consumers.

The batteries, some of them in the Vaio brand laptop computers manufactured by Sony, could catch fire, the CPSC said. Sony will replace the affected batteries free of charge.

The CPSC said that computers made by Gateway Inc. were also affected but would not specify a number. Dell Inc., Apple Computer Inc. and Lenovo Group have all recalled laptops in the past few months because of the faulty batteries.

Sony makes the batteries, but until recently the company had said its Vaio line of laptops was unaffected.

The U.S. recall was part of a voluntary global replacement program aimed at alleviating consumer concern, Sony spokesman Takashi Uehara said in Tokyo.

The recalled batteries were sold with, or sold separately to be used with, the following computers:

- Fujitsu LifeBook: P1510, P1510D, P7120, P7120D, S7020, S7020D, C1320D, Q2010 and T4210 with battery models CP229720-01, CP229725-01, CP234003-01, CP234019-01, CP255100-01, CP255108-01, CP267910-01, CP267915-01, CP283030-01 and CP293420-01.

- Gateway CS200, CX210, E100M, M250, M255, M280, M285, M465, M685, MP8708, NX260, NX510, NX560, NX860, NX100, MX1025, MX6918b, and MX1020j with battery models 916C4610F, 916C4720F, 916C4730F, 916C5010F and W230.

- Sony VAIO: VGN-FE550G, VGN-FE570G, VGN-T240P, VGN-T250, VGN-T250P, VGN-T260P, VGN-T270P, VGN-T340P, VGN-T350, VGN-T350P, VGN-T360P and VGN-T370P with battery models VGP-BPS3A and VGP-BPS2B.

- Toshiba Portege: M300, M400/M405, S100/S105; Toshiba Qosmio: G35; Toshiba Satellite: R10/R15; and Toshiba Tecra: A2, M3, M4, M5, M6, and S3; with battery models PA3191U-4BRS, PA3356U-2BRS, PA3475U-1BRS, PA3191U-5BRS, PA3356U-3BRS and PA3476U-1BRS.

The Fujitsu computers were sold from June 2005 until October 2006, the Gateway models from September 2005 until October 2006, the Sony laptops from December 2004 until October 2006 and the Toshiba computers from September 2004 until October 2006.

Consumers are advised to stop using the batteries immediately and contact the manufacturer of their laptop to receive their free replacement. For more information, they can contact the company:

- Fujitsu, 800-838-5487.

- Gateway, 800-292-6813.

- Sony, 888-476-6972.

- Toshiba, 800-457-7777.

Consumers should use only batteries from their computer manufacturer or an authorized reseller.
http://hosted.ap.org/dynamic/stories...10-23-22-25-49





Sony Laptop Battery Injures User
AP

A Sony-made battery in a Fujitsu laptop overheated and gave off sparks, injuring the user, as a Fujitsu worker was visiting to retrieve the laptop as part of the company's recall of Sony batteries, a Fujitsu spokesman said Friday.

The sparks hit the user's hand and caused minor burns, said Fujitsu spokesman Toshiaki Koike. The incident is under investigation.

Fujitsu is recalling more than 280,000 lithium-ion laptop batteries made by Sony Corp., part of a global recall of Sony batteries officials say could overheat and burst into flames.

Microscopic metal particles left inside the battery during production can cause a short circuit, according to Sony.

Almost every major laptop maker in the world, including Dell Inc., Apple Computer Inc. and Lenovo Group Ltd., has announced a recall of Sony batteries.
http://hosted.ap.org/dynamic/stories...10-27-07-43-28





Battery Recall Exacts Steep Toll on Sony
Michael J. de la Merced

Sony reported a 94 percent drop in earnings for the three months that ended in September, as it continued to cope with a huge battery recall and manufacturing problems in its PlayStation 3 game console.

The company reported a net profit of 1.7 billion yen ($14 million) for its second fiscal quarter, a sharp drop from the 28.5 billion yen ($240 million) it earned in the period last year.

The steep decline in earnings — after a return to profitability last quarter — is the harshest blow yet to the company as it tries to regain its footing under its first foreign chief executive, Sir Howard Stringer.

Sony has already taken a 51 billion yen charge for the quarter, an amount far higher than initial estimates, much of it because of its battery problems. So, while the company reported sales of 1.9 billion yen for the quarter, an 8.3 percent increase over the period last year, its problems weighed heavily on the bottom line.

Sony also lowered its forecasts for the 2006 fiscal year, anticipating a net income of 80 billion yen, a 35 percent drop from last year.

The chief financial officer, Nobuyuki Oneda, said at a news conference yesterday that the financial problems were only temporary, owing to one-time events like the battery recall and struggles to introduce the PlayStation 3.

“Without those factors, we would have been on track with the midterm plan, or more than that,” Mr. Oneda said. “But the game segment is weak and is the major challenge for us now.”

Once known as a premier brand in electronics, with the Walkman and PlayStation brands as its crown jewels, the company has faltered in recent years. It has fallen behind in sectors it once dominated, as rivals have outpaced it in advances in video game consoles, high-end televisions and portable music players.

Much of Sony’s latest woes stem from the recall of 9.6 million batteries worldwide, after the company acknowledged in August that some batteries posed a potential fire hazard. Since then, nearly every major computer manufacturer, including Dell, Apple Computer, Lenovo and Sony itself, has issued a recall of the batteries. The company initially estimated that the recall would cost as much as 30 billion yen.

Since then, Sony has taken steps to prevent future problems, Mr. Oneda said at the news conference.

The recall of batteries “gives a short-term impact,” he said, “though in the long term, we would like to improve the products so that people feel safe using them.”

Sony’s gaming division reported a loss of 43.5 billion yen in operating income and a 21 percent decline in sales, to 170.3 billion yen, as it prepared to roll out the delayed PlayStation 3. Once scheduled for release in the spring, the machine will hit stores in Japan on Nov. 11 and in the United States on Nov. 17. Still, the company has said it can deliver only 400,000 units to North America, all but ensuring that it will be unavailable for the gaming masses this holiday season. And Sony has delayed the console’s European debut to March. The company still expects to ship six million units by March.

Sony’s movie division reported an operating loss of 15.3 billion yen ($129.2 million). It attributed that to marketing costs and the poor performance of films like “Zoom” and “All the King’s Men.” The company said, however, that the release of more movies in the quarter along with successful runs by “Talladega Nights: The Ballad of Ricky Bobby,” “Monster House” and “Click” resulted in a 12 percent increase in sales.

The company said it expected the movie division to show a net profit for the fiscal year, owing to DVD releases of those successful films.

Operating income from Sony’s core electronics group fell 71.4 percent, to 8 billion yen, from 28.1 billion yen in the period last year. The company said, however, that sales rose 12.1 percent, to 1.4 billion yen, owing to success with its Bravia liquid-crystal-display televisions, Vaio computers and Cybershot digital cameras, even as sales of traditional cathode-ray-tube TVs dropped.

Makiko Inoue contributed reporting from Tokyo.
http://www.nytimes.com/2006/10/27/bu...Kd/YZIJaJVEiVA





Pass it on…

Dream a little...
Jimmy Wales jwales at wikia.com

I would like to gather from the community some examples of works you
would like to see made free, works that we are not doing a good job of
generating free replacements for, works that could in theory be
purchased and freed.

Dream big. Imagine there existed a budget of $100 million to purchase
copyrights to be made available under a free license. What would you
like to see purchased and released under a free license?

Photos libraries? textbooks? newspaper archives? Be bold, be specific,
be general, brainstorm, have fun with it.

I was recently asked this question by someone who is potentially in a
position to make this happen, and he wanted to know what we need, what
we dream of, that we can't accomplish on our own, or that we would
expect to take a long time to accomplish on our own.

--Jimbo

http://mail.wikipedia.org/pipermail/...er/045481.html





Skype Founders Plan to Launch Web TV Service: Paper

The founders of file-swapping service KaZaA and Internet calling program Skype plan to launch advertising-supported Internet television shortly, Skype co-founder Janus Friis told a Danish newspaper.

The project, code-named Venice, will bring quality TV programmes for free to consumers who have a broadband Internet connection, he told Boersen financial newspaper.

"We will simply present it to the public when we feel that it works well enough and there is enough content. And it will not be much longer before it is out. It is a question of a month or two," Friis was quoted as saying when he attended Boersen's Executive Club on Wednesday night in Copenhagen.

"This is a system where people with professional content can put it out (on the Internet). And that can be anybody," said Friis, who currently has "a lot of people" negotiating with TV production companies around the world.

"We don't want any more lawsuits," Friis said, referring to the days when he was running KaZaA, which was used by people to freely share copyrighted songs.

The success of the new venture depends on perfect timing, but Internet users appear to be ready for video services given the popularity of YouTube as well as delayed viewing of news bulletins and other public TV programmes in many countries.

YouTube, which shows mainly short clips, was bought by Google for $1.65 billion in Google stock earlier this month.

Internet calling and messaging service Skype, which Friis set up with his partner Niklas Zennstrom, was sold to eBay for up to $4.1 billion last year.

"The timing has to be right. Otherwise it will not work. We have been lucky with KazaA and Skype, where it was absolutely right. Now we hope that will also be the case with our next project," Friis was quoted as saying.
http://news.yahoo.com/s/nm/skype_television_dc





CBS Show Moves from Online to On-Air
The Hollywood Reporter

"Inturn," the online series that ran on CBS' Innertube broadband channel, is getting promoted to a one-hour broadcast slot.

On Nov. 24, the network will air a compilation episode featuring highlights from the show's 24 episodes streamed on Innertube, which can be accessed through the CBS Web site.

The move marks the first time CBS will air a show created exclusively for the Web.

"Inturn" followed the struggles of eight wannabe actors competing for the chance to be cast as a character on CBS' daytime drama "As the World Turns." Alex Charak, 18, of Roslyn Heights, N.Y., was crowned the winner.

As further demonstration of the opposite trend by networks to blend online distribution with television, Fox said Tuesday that it will debut the fourth-season premiere of "The O.C." online before its broadcast premiere.

Beginning Thursday and one week before its broadcast airing Nov. 2, "The O.C." premiere episode will be available on its corporate siblings' MySpace and MyFoxLocal Web sites. The show's second episode also will debut through the sites before its network airdate, with both episodes available through Fox on Demand for nearly a week following their broadcast premiere.

"The O.C." joins previously announced Fox programming streaming on MySpace.com and MyFoxLocal Web sites, including "Prison Break," "Justice," "Vanished," " 'Til Death," "Bones," "Happy Hour," "The Loop" and "Talkshow With Spike Feresten."
http://news.com.com/CBS+show+moves+f...3-6128857.html





AOL to Offer Downloads for Movie, TV Shows
Anick Jesdanun

Movies and television shows from Paramount Pictures will be available for sale through AOL's new video portal under a deal announced Monday.

Classics such as "Breakfast at Tiffany's" and "Chinatown" and newer releases like "Mission: Impossible III" will be sold for $9.99 to $19.99 each, comparable to fees at online services CinemaNow, MovieLink and Guba as well as sites operated by MySpace-owner News Corp.

Consumers will own the movies and can transfer them to as many as three other computers or portable devices that support Microsoft Corp.'s Windows Media Player technology.

As more Americans get high-speed broadband connections at home, studios and television networks have been experimenting with ways to distribute their programs over the Internet. Some show programs for free on their Web sites or at AOL with ads, while others sell them outright through Apple Computer Inc.'s iTunes Music Store, Amazon.com Inc.'s Unbox and others.

The Paramount offerings, which include television specials, are for sale only.

The deal with Viacom Inc.'s Paramount follows similar agreements announced in August with News Corp.'s 20th Century Fox, Sony Corp.'s Sony Pictures Home Entertainment, NBC Universal's Universal Pictures, and Time Warner Inc.'s Warner Bros. Home Entertainment Group. AOL LLC is a unit of Time Warner. NBC Universal is a joint venture of General Electric Co. and Vivendi Universal.

AOL saw users defect to rivals' free e-mail and other offerings as it kept trying to charge subscription fees of as much as $26 a month. Although AOL has recently made those services free as well to better compete for online advertising dollars, analysts believe the company may have a better chance in emerging fields like online video.

In early August, the company launched a video portal that tries to aggregate clips and full-length programs from around the Internet - some free, some for sale. The company wants to be a one-stop site for video, although it faces intense competition from veterans like Yahoo Inc. and startups like YouTube Inc., which Google Inc. is buying for $1.65 billion.
http://hosted.ap.org/dynamic/stories...10-23-00-41-09





AOL Chief Says Time Warner Demerger 'Becomes Interesting'
Andrew Murray-Watson

Time Warner, the giant US media group, is considering the sale or demerger of AOL, the internet business it merged with in 2000, at the height of the last stockmarket boom.

In an interview with the Sunday Telegraph, Jonathan Miller, chief executive of AOL, admitted that the Time Warner board is already mulling over a break-up of the giant conglomerate. Asked about the possibility of AOL separating from Time Warner, Miller confirmed that the issue is now on the agenda following the sale of the group's broadband businesses in Europe.

He said: "It's possible, going forward. It's not a discussion that Time Warner has a problem with understanding or engaging in. Until we were on this present course, it wasn't even the right discussion. Now it becomes more interesting."

However, Miller stressed the probability that AOL would be snapped up quickly by a rival if Time Warner decided to sell the business.

"I don't believe there is a scenario whereby we could have an independent AOL. I think we would be bought as fast as we could draw up the papers," he said.

Time Warner this month sold its internet access division in the UK to Carphone Warehouse for £370m. It has also concluded sales of its sister operations in Germany and France in order to focus on becoming a purely online company offering services such as email, web search and instant messaging.

Miller said: "The market has to be convinced that AOL has the ability to continue to get traction and scale. The signs are positive and momentum is strong. Then we get into the question about the best way to recognise that value and the best way for the company to compete."

AOL has 200m visitors a month to its websites, including 113m in the US. Its revenue last year was $8.3bn (£4.4bn). However analysts are concerned that the company is losing out to rivals such as Google with faster growing advertising revenue.

Last week Google reported third-quarter revenues of $2.69bn, up 70 per cent on the same period for the -previous year. The figure beat Wall Street expectations of $2.62bn.

Almost all of Google's -revenue comes from search-based advertising.

The iconic internet company earlier this month paid $1.65bn in shares to acquire YouTube, the website that allows individuals to post video content onto the web.
http://www.telegraph.co.uk/money/mai...22/cnaol22.xml





10 Pros & Cons of Switching from Windows to Mac OS X
Clinton Forbes

Am I yet another Mac fan-boi? Have I jumped on the Mac band-wagon just because I think my iPod is cool?

I have been using Microsoft software since the days when MS DOS 3.3 seemed like a pretty damn good upgrade. MS DOS 4.0 sucked but version 5 rocked! It took me a long time to be convinced that Windows 3.1 was a better program launcher than X-Tree Gold, but it happened eventually. Since then, I have been a sucker for every upgrade - 95, 98, NT 4.0, 2000, XP. (Notice I didn't mention ME. I'm not that much of a MS fan-boy.)

I've played with Macs over the years, but always considered them a bit of a toy. An expensive toy that was overpriced compared to a reliable old beige box. But about 3 months I had to buy a Mac to test a web-site that I had been working on in Safari. (Well, I didn't have to. I could have borrowed a friend's. But I got away with billing the client for it, so why not?)

I bought the cheapest Mac available - a Mac Mini with a single-core Intel chip and the minimum of RAM - 512 MB. It cost me AU$949. Since plugging it in, I have barely used my $3000 Windows desktop. Fixing the web-site in Safari took 2 minutes. However all this time later, I have almost exclusively switched to the Mac. Here is why:

The Pros & Cons of Mac OS X, for a Windows user

Pro - The GUI: It didn't take me long to get used to it. It is super smooth, even on the cheap Mac Mini. On a 19", the available screen space is used more efficiently - the shared menu bar and the dock being the main reasons. Everything looks nicer too, from the fonts, the icons to the built-in controls (scroll-bars, drop-downs, etc). It makes Windows XP look very late-nineties.

Con - Home and End keys: They don't work the same as Windows. They don't work the same as Linux. They don't work the same as a freakin' terminal connected to a main-frame. The official keys are Command-Left and Command-Right. I'm starting to get used to them. But now I try to use them when I work on a Windows machine!

Pro - Front Row: The Mini came with an Apple Remote. I can active Front Row using the remote or using Command-Esc. It is not a 100% perfect media centre, but it is so much closer than using Windows Media Player (or The Core Media Player or VLC for that matter.) I haven't tried Windows Media Centre Edition, but I can't imagine that it could be this slick.

Pro - It's Unix!: You've got a very, very nice GUI but under the hood is good ole' Unix. It's nice to get to a decent shell for once, rather than being stuck with the Windows command prompt. Compiling open-source applications is far easier than on Windows. (Tip: if you use Microsoft's Remote Desktop to talk to your old Windows PC from your Mac, like I do, take the time to compile rdesktop. It is so much faster! (Microsoft's tool is PowerPC and single-session only as well.)

If you can't get rdesktop to compile, then give the CoRD project by Craig Dooley a go. It is not as fast as rdesktop, and presently doesn't support full-screen. But it does support multiple simultaneous sessions, which is one over Microsoft's tool

Con - It's Unix!: If you are familiar with it, Unix is great. But if you aren't, then I can imagine that may be a bit daunting. Luckily, for most users Apple has shielded most of the scary Unix details. In the Finder you can't even see directories like /bin, /dev, /usr, etc.

It is only when you open the Terminal and get to a shell that you see all the ancient Unix directory structures, combined with Apple's more hip and happening directory names like Applications, System, etc. (The folks at Apple aren't afraid of using upper-case letters once in a while!) I can hear you *nix fan-boys seething, but you have got to admit that *nix has been around a long time and not everyone can agree where everything belongs. "Does it belong in /usr/bin or /usr/local/bin? I don't know, Boss, let's let the user decide when they run configure!"

Pro - Graphic Designers will talk to you: The company where I work has developers and designers working closely together. Designers using Macs, wearing $300 dollar jeans. Developers using Windows PCs, wearing $20 jeans (but earning much higher salaries).

When you can talk about the Mac with a designer they will suddenly like you 50% more. It may sound stupid, but the results are there.

Con - Games: Go into your closest computer games store and flick through the titles in the 'Mac Games' section? Sorry, can't you find the Mac section? Ask the sales assistant - maybe they have something out the back...

Pro - Lots of other nice little things: You can drag text off of a web-page and onto the desktop. A text file is automatically created with the stuff you dragged. That is nice.

In the tree view in the Finder you can multiple-select any file you see, even if they are in different folders. This means that you can copy three different files from three different folders to one spot in one action. That is nice.

Right-click on a word and you can look it up in the Dictionary, search your machine using Spotlight, search Google, or do many other things. This works nearly everywhere. That is nice, but it would be even nicer if it worked everywhere.

Con - Can't change the default global search: The Right-click that I just mentioned searches using Google. The search in Safari, my new favourite browser, also uses Google. I don't want it to use Google, I want it to search using Google Australia because it gives me results that are more relevant to where I live. In Firefox and even Internet Explorer it is fairly simple to switch default search engines. But where is the preference for this on the Mac or in Safari? Has Google already bought Apple? (Yes you can change it, if you play with some binary files - but you shouldn't have to play with binary files to change a simple setting like that.)

Pro - It is Apple: Apple makes quality stuff. 99% of what they make is good. I have a couple of Apple IIe computers from the 80s and they still work nicely, even after being left out in the rain. The iPod is not wildly successful just because of brilliant marketing. It is successful because it is an awesome little machine. It was not the first or the last to market, but it is still the best.

Notice I didn't say anything about viruses, trojans, spy-ware? I haven't been infected in three months on the Apple, but I haven't been infected for 8 years since installing NT 4, Windows 2000 or Windows XP. Why? I don't run as an administrator. This simple action protects you from about 99% of malicious software. It is a simple fact.

Overall I couldn't be happier with my Mac Mini purchase. I'm not misty-eyed enough to think that it is completely angelic and perfect, but it is a major step above using Windows XP. And unless you are a rabid freedom-fighter it is a step above any Linux distribution out there. KDE and GNOME are still a long way away from achieving the polish that Apple has delivered with Mac OS X. And the next release, with lots of nice improvements, is only a couple of months away...
http://clintonforbes.blogspot.com/20...m-windows.html





Chatterbox

Encryption Enshmiption
Angst Badger

I count on the contents of my thumb drive being easily readable to ensure its safe return if I lose it. I put everything in a directory tree that looks like this:

/nuclear_bomb_plans
/hamas_donations
/al_qaeda_c ontacts

That way, if I accidentally drop it somewhere, odds are that it will be returned to me by those nice boys at the FBI.
http://ask.slashdot.org/askslashdot/.../2250246.shtml





New 4Gbit/sec. Tape Encryption Arrives
Sharon Fisher

NeoScale Systems Inc. announced 4Gbit/sec. versions of its encryption appliance that can encrypt data on as many as five tape drives simultaneously.

The Milpitas, Calif.-based company will be releasing two new versions of its CryptoStor Tape family of products: a Fibre Channel device -- the CrypoStor Tape FC712 -- and a SCSI device -- the CryptoStor Tape SC702, said Dore Rosenblum, vice president of marketing.

The devices support native 4Gbit/sec. interfaces, compared to the current 2Gbit/sec. throughput, but because tape drives can't receive data at that speed, the enhancement has the effect of allowing the appliance to support twice as many tape drives, Rosenblum said.

Both appliances work with the company's existing CryptoStor KeyVault key management appliance for centralized backup and sharing of encryption keys. Keys can be either 128-bit or 256-bit AES.

Greg Schulz, an analyst at StorageIO in Stillwater, Minn., said an advantage of 4Gbit/sec. support is that the same number of tape drives can be supported using fewer ports on the storage system. In addition, consolidating several drives on one channel means that a slow tape drive doesn't effect throughput to other drives, he said.

The SCSI version is due to ship in November for $16,900, while the Fibre Channel version is due early next year for $45,000.
http://www.computerworld.com/action/...ticle_more_bot





Look Who Has Access to Your Email
Bruce Hoard

At a time when external hacks are grabbing headlines, frequently unreported internal security breaches involving low-level administrators accessing high-level executive e-mail and other systems are driving efforts to limit access to only the most highly trusted personnel.

Although the internal access problem is well known, strategies for resolving it are being formulated by a surprisingly small number of companies, which are largely seeking out encryption technology from a handful of IT vendors. And while those products are helpful, they do not reveal how many systems administrators, database administrators, storage administrators and upper-echelon "super users" are accessing sensitive executive information.

Asked how many employees typically have access to sensitive data, such as executive e-mail or personal customer information, veteran data storage professional Warren Avery facetiously replies, "How many system administrators do you have in the company?

"I'm a firm believer that all these companies are spending their money to keep the foxes out of the henhouse, but a lot of times, the foxes are already there," says Avery, president of Promethean Data Solutions Inc., a Phoenix-based firm that compiles articles for its "IT Weekly Newsletter."

Despite the insider security threat, Jon Oltsik, an analyst at Enterprise Strategy Group Inc. in Milford, Mass., says only "a very small percentage" of companies rely on anything in addition to internal access control lists when it comes to limiting entry to not only high-level e-mail, but network-attached storage (NAS) and Fibre Channel networks. He further maintains that in a company of 1,500 employees, there might typically be five to 10 administrators with executive-level access to information.

Passing on encryption

Encrypting internal data on disk systems is viewed as one viable way of protecting sensitive data, but both Avery and Oltsik say very few companies use this solution.

According to Ralf Saykiewicz, managing partner at XaHertz Consulting in Orlando, only very large companies, such as Target Corp., Wal-Mart Stores Inc., Accenture Ltd. and IBM Global Services practice this strategy. Saykiewicz says that in a multinational company of 15,000 employees, 20 to 30 people at headquarters alone would have high-level data access.

Hanging a price tag on the development of a secure internal IT infrastructure is an inexact science at best, but price tags would likely range from $100,000 to $1 million, according to analysts. "I'd probably say you're looking at a million bucks or so," Avery says, pointing to the costs of hardware, software and salaries. Adds Saykiewicz, "I would give you a very ballpark figure of between $100,000 and a quarter million dollars. You need to put in the consulting time, and you need to put in the software."
http://www.computerworld.com/action/...intsrc=kc_feat





Is Internet Explorer 7 Spying on Me?
Tim Fehlman

Like many other people in the world today, I decided to install IE7 on my computer. Now, I am a diehard fan of Firefox but I need to keep abreast of all different types of technology. This is why I was interested in installing Internet Explorer 7.

Now, imagine my surprise when I was asked to validate my copy of Windows before I continued to install Internet Explorer!

With the Windows Genuaine Advantage scandal still fresh in my mind, I was curious as to what the installer was doing when it was “validating” my copy of Windows.

I fired up filemon and regmon from Sysinternals to see what it was exactly doing.
File and Registry Access

I put all of the results into an Excel file. Please note that I have changed some of the information to protect my anonymity.

Most of the access was pretty routine but it did look at some stuff that I thought was pretty strange. And some of which I thought was really none of their business!
File Access

There were some very odd things happening as far as file access is concerned. The first one that caught my attention was that it read information from C:\WINDOWS\system32\OEMInfo.Ini. This file contains all of the information about the manufacturer. In my case, I had a Dell system and it included my make, model, service tag, and express service code for my computer.

The other file that I thought was interesting was C:\WINDOWS\system32\legitcheckcontrol.dll. There were a lot of different file reads and queries to this file. When I looked at the file with a hex editor, I was able to find a huge list of hardware manufacturers along with a website address http://stats.update.microsoft.com/re...ebservice.asmx. I can’t be certain but it looks like this file may be used to report hardware usage information back to Microsoft.

There were other web addresses embedded into this file. Most were links to certificate authorites but two others that looked rather suspicious were:
http://www.microsoft.com/SoftwareDis...r/IMonitorable
http://www.microsoft.com/SoftwareDis...portEventBatch

A file that got a lot of attention during validation was one that was installed by the IE installer; ligitlibm.dll. Under a hex editor, it revealed different code, much of which would probably mean more to a real programmer. But, what did catch my eye was a reference to a webpage: http://go.microsoft.com/fwlink/?Link...gitCheckError=. Again, not being a programmer, I do not know the purpose of this link but it could definitely be used to report back to Microsoft.

The file system is not the only thing that was checked and modified during validation. The registry had a good workout with 4216 registry events! Again, like the file system access, most of it was pretty benign but some of the information that it was checking for was, in my opinion, inappropriate.

Here is a list of some of this items the validation accessed in my registry:

Certificate Information
Machine Unique IDs
Session Information
System Architecture
Processor Type and Model
Logon Server
Internal Domain Name
Machine Name
TCP/IP Setup

I don’t know about you, but I think that this may be a bit more than is required for validating my version of Windows, especially when it has been established that there are links in the software that it used for this validation that point back to the Microsoft website.
Reporting Back

While performing the validation, I ran Wireshark, an ethernet sniffer. It allowed me to see the data over the network in raw format as determine if there were any attempts to “call home”. I am happy to report that there did nto appear to be any such attempts. But, that does not mean that Microsoft is off the hook.

There are other scenarious that I can think of where Microsoft would have called home:
It found a pirated copy of Microsoft
During the actual install to add to its count
At a later time so as not to attract attention or during a Windows update
Conclusion

There are definitely some disturbing things happening behind the scenes on your computer when you need to validate Windows during the installation of IE7. This entire issue deserves some media attention and further research.
http://www.dailycupoftech.com/is-int...-spying-on-me/





Fighting Spam with Gmail
Peter Rukavina

Remember a few weeks ago when I lamented the dramatic uptick in the amount of spam I was getting. Well I got rid of it. All of it. Here’s how.

First, I modified the procmail settings on our mail server to redirect all of my incoming email to my Gmail account, except email coming back from Gmail itself:
:0
* !^X-Gmail-Received: .*
! XXXXXX@gmail.com

Next, I modified my Gmail account so that under the “Forwarding and POP” section it’s set to “Forward a copy of incoming mail to…” my actual address, and “archive Gmail’s copy.”

The effect of these two changes is that all incoming email gets redirected to Gmail where spam is stripped out (very, very effectively) and non-spam is forwarded back to me where, because of the procmail rule, it’s not forwarded to Gmail and I pick it up from my IMAP server, using my regular old mail client.

In addition to the spam that Gmail’s filtering out, I’m also running Spamassassin locally, and using Apple’s Mail.app anti-junk mail features.

In addition to the spam-fighting properties of this solution, I also get a searchable backup of all my incoming email at Gmail.

This has all been in place for 3 days now, and I haven’t seen a single spam message in my inbox yet.
http://ruk.ca/article/3884





Surveillance System Spots Violent Behaviour
Duncan Graham-Rowe

Smart surveillance systems capable of automatically detecting violent crimes could soon be available.

A computer vision system developed in the University of Texas in Austin, US, can already tell the difference between friendly behaviour, such as shaking hands, and aggressive actions like punching or pushing.

The hope is that such systems will simplify the task of monitoring huge quantities of CCTV security footage, says Sangho Park, who worked on the project with colleague Jake Aggarwal.

In the past, surveillance systems have been developed that can detect statistically "unusual" behaviour and have been put to test at subway stations, for example (see Smart statistics keep eye on CCTV).
Specific activity

However, these systems are limited to spotting unusual visual patterns and cannot pick out specific types of activity, says Park, now based at the University of California in San Diego, US. He reckons his new system could change all that.

He and Aggarwal developed software that analyses each frame of footage and identifies clusters of pixels matching a primitive model of the human body. It then examines the interplay of different clusters, in order to classify interactions between individuals. Two videos show the system classifying a hug, and then classifying a push (both .avi format).

Many interactions can be visually ambiguous, however. A person offering someone a stick of gum or a cigarette can look similar to someone being threatened with a knife, for example. To cope with this, Park and Aggarwal chose to build up a profile for each type of behaviour.

Park calls it a "semantic analysis" of the interaction. This means several different factors are considered. For example, when identifying two people shaking hands, their hands must not only be close, but must also move in synchrony.

They meticulously coded a description of these key characteristics, which the software searches for when analysing a scene. This allows it to assign a probability that a particular activity is being observed. At the moment, the system has to capture the interaction from side-on to make its evaluation.
Hugging and punching

"The system works quite accurately," says Park. Tests were carried out on six different pairs of people performing a total of 54 different staged interactions including hugging, punching, kicking and shaking hands. On average, the system was 80% accurate at identifying these activities correctly.

According to Park, a commercial version of his system could be implemented within the next few years.

Mark Everingham, a computer vision researcher at the University of Leeds, UK, says the system needs some refinement: "The vision end of their work is very constrained."

Park accepts this is a limitation, but says he is refining the system to take advantage of multiple cameras – and different angles.

Everingham notes that automatically identifying human behaviour correctly is a major challenge, and says applications need not be limited to CCTV. If loaded onto a smart TV it could, for example, make it possible to search for "fight scenes" and other types of activity in a movie.
http://www.newscientisttech.com/arti...behaviour.html





After Weak ‘Flags’ Debut, Studio May Face Costly Oscar Battle
David M. Halbfinger and Allison Hope Weiner

Clint Eastwood’s World War II movie “Flags of Our Fathers” lumbered ashore this weekend weighted with the expectations of a studio needing to win big. Looking for Oscars and a payoff on the film’s $90 million budget, Paramount, its distributor, put the film in nearly 1,900 theaters, and still plans to add hundreds more as early as this week.

By Monday morning, however, the studio and its partners found themselves facing a costly fight to save their showcase awards entry, as “Flags” took in just $10.2 million at the box office — a relatively tiny beachhead that did not match expectations or its mostly strong reviews. The picture had failed to excite enough older viewers who could remember, readily identify or relate to its subject, the bloody battle for Iwo Jima, to make up for its lack of appeal to younger audiences and paucity of recognizable stars.

For Paramount, which inherited the movie when it bought DreamWorks last year, the combination of a weak opening and good reviews made for a problem that has become all too familiar to major studios offering big dramas at awards time: it now will have to mount a costly Oscar campaign, but it hasn’t yet made the money to pay for it.

The fate of “Flags” in the moviegoing marketplace could also provide the clearest test yet of the DreamWorks-Paramount marriage. The movie’s marketing is being run by Terry Press of DreamWorks, overseeing a Paramount team, and its distribution is being overseen by Rob Moore, a top colonel to Brad Grey, Paramount’s chairman, relying on a staff of former DreamWorks employees. To complicate things further, Warner Brothers, which helped finance the film, holds international distribution rights, and is expected to release a companion movie depicting the battle from the Japanese point of view early next year.

Still, even as they vowed to battle into the winter for “Flags,” hoping for awards nominations to rally its box-office performance, studio executives left broad hints that they were not willing to shoulder the blame alone if their efforts were for naught. Mr. Eastwood, they noted, held contractual rights to approve both the marketing and distribution plans for his movie. “Every step of the way, we are working with Clint or being directed by Clint,” Mr. Moore said.

“Flags” seemed like a sure bet on Paramount’s schedule when the studio and DreamWorks combined forces last December: Mr. Eastwood was coming off best-picture and best-director nominations for “Mystic River” in 2004, and wins in both categories for “Million Dollar Baby” last year. Paul Haggis, the screenwriter of “Flags,” won the Oscar (along with Bobby Moresco) for the screenplay for “Crash,” named best picture this March, and also wrote “Million Dollar Baby.” And Steven Spielberg, who had originally wanted to film “Flags” as a bookend to his own “Saving Private Ryan,” had decided to take a rare producer’s credit for a movie he did not direct.

Mr. Spielberg did the same with “Memoirs of a Geisha,” another Oscar aspirant that disappointed at the box office and came up short in the awards race for Sony Pictures last year. Following a different path, “Munich,” which was directed by Mr. Spielberg, was not a major audience hit, but did end up with a best-picture nomination.

True to form, the pedigree of “Flags” produced some blurb-worthy raves: Peter Travers of Rolling Stone called it “a film of awesome power”; David Ansen of Newsweek called it “tough, smart, raw and contemplative”; and Manohla Dargis of The New York Times wrote that it said “something new and urgent about the uses of war and of the men who fight.”

But the movie posed several marketing challenges that Mr. Eastwood’s last two films did not face. Unlike Mr. Spielberg, who cast Tom Hanks in “Private Ryan,” Mr. Eastwood wanted to give a sense of the youth and ordinariness of the marines who fought at Iwo Jima, so he deliberately avoided casting major stars. Ryan Phillippe is the biggest name in “Flags,” though hardly a household one. Some critics even wrote that the movie’s characters were almost indistinguishable in the mayhem of battle.

As Mr. Moore summed up: “The biggest draw of the movie is its director, who’s not in the movie.”

Some industry insiders also questioned the timing of the film’s release in late October — a time when audiences are mainly young and mainly interested in Halloween fare like next weekend’s release of “Saw III” — rather than closer to Thanksgiving, when audiences have been conditioned to expect more adult-themed movies with awards potential.

But Mr. Moore said the timing was nearly identical to that of “Mystic River,” which opened in mid-October 2003 in a platform release of 13 theaters before expanding to 1,467 theaters a week later. Any thought of a similar platform release a week or two ago was dropped, lest “Flags” go up against Martin Scorsese’s “Departed,” Mr. Moore said. But he and other executives said the calendar ahead looked forgiving, with youth-oriented movies like the “Saw” sequel and “Borat,” and family fare like DreamWorks’ and Paramount’s own “Flushed Away” on Nov. 3.

Counting on that window of opportunity, Mr. Moore said Monday morning that Paramount, DreamWorks and Mr. Eastwood had agreed to expand by 300 screens nationwide this week. He cited the movie’s reviews, as well as exit polls of audience members that were 50 percent better than average — a sure gauge of word of mouth, he said.

Robert Lorenz, Mr. Eastwood’s longtime producer, said the opening weekend box office, while lower than some projections, was not disappointing at all. “It’s on track with what Clint’s movies have done in the past,” he said.

Executives like Mr. Moore said they were counting on the many fans of Mr. Eastwood’s dramatic and darker recent movies to show up as they always seem to — in their own good time. “They come out slower,” he said. “Therefore, we roll out slower.”

And Ms. Press, of DreamWorks, said that the film’s reviews held out hopes that, once the movie made it to December, it could wind up on the year’s-best lists and start piling up the kind of accolades that might prompt moviegoers to give it another look.

“When you have that level of respect, you have to go the distance here,” Ms. Press of DreamWorks said, referring to Mr. Eastwood. “There is no other choice for a movie like this but to go the distance.”
http://www.nytimes.com/2006/10/24/mo...5wFd94G+SO5xXQ





Wanna Direct? Get Out Your Cell Phone
Jenny Barchfield

PARIS (AP) -- "Silence on the set," ordered movie director Xavier Mussel as he grabbed his cell phone - not to make a call but to film another scene for his short film.

Cheap, easy and accessible, mobiles-as-movie cameras are breaking the motion picture mold, putting a touch of Hollywood into amateur filmmakers' hands. How-to workshops have sprung up from Boston to Abu Dhabi to Rio de Janeiro, and Paris just held its second film festival devoted exclusively to movies shot with cells.

Some 8,500 visitors attended screenings at the recent three-day Pocket Films Festival at Paris' Pompidou modern-art museum. In addition to nearly 100 shorts, the fare included three feature-length films - all shot on cells.

"What we're seeing is the democratization of filmmaking," said festival director Laurence Herszberg. "Now, you don't need expensive equipment and years of training to make a movie. All you need is your phone, that little object you carry around in your pocket all day."

Purists complain that poor image quality makes such films virtually unwatchable, but cell filmmakers insist the advantages of shooting on mobiles far outweigh the drawbacks.

"First and foremost, it's a matter of cost," said Leonard Bourgois-Beaulieu, whose short, "Busy," won Pocket Films' audience-choice award for best film.

"You save on the camera, which can cost tens or even hundreds of thousands of euros and you also save on all the trappings that go with an expensive camera, from operators to lighting designers to makeup artists," said the 23-year-old director, who wrote, shot and acted in his lighthearted comedy about harried twentysomethings.

"Busy" took less than a week to shoot, Bourgois-Beaulieu said, for the cost of a Metro ticket and two coffees (one scene takes place in a cafe).

He acknowledged that cell cameras can't match their conventional digital counterparts for image quality - particularly when blown up to fill a full-size movie screen. While close-ups and still shots in "Busy" were remarkably sharp, sudden movement and traveling shots reduced the image to a pixelated fog.

Still, Bourgois-Beaulieu said, there is an upside to the graininess. It allowed him to play multiple roles in the movie.

"With the pixels distorting my face, you can't tell it's me," he said with an impish grin.

Brazilian-born director Louise Botkay-Courcier, whose poetic silent film "Mammah" is set in a Turkish bath, also said she liked cell cameras' low definition.

"Just like in painting, in film there are different styles," said Botkay-Courcier, 28, who added that she was inspired by the fluid, blotchy style of the Impressionists. "Not everything is about hyper-realism."

Festival-goer Stephanie Woldenberg agreed.

"I was expecting the grainy images to drive me crazy," said the lawyer from Switzerland. "But in a lot of the films, it added something mysterious, almost beautiful."

Cell-phone cameras have been around for nearly five years. Nokia, the world's No. 1 cell-phone maker, was first to integrate a camera in 2001, said Nokia France spokesman Xavier des Horts. That initial model took only stills, but built-in video soon followed and is now near-standard.

Though cell films are easier to shoot than conventional movies, they can be harder to edit, said Pocket Films' artistic director, Benoit Labourdette.

Uploading footage from phone to computer can be tedious, as editing programs often have to convert the format. The process can take hours, even days, depending on the amount of footage.

"Once you upload the footage, you go through exactly the same editing process as with any other digital movie," Labourdette said.

Films screened at the festival were edited on Vegas, a video and audio production program by Sony or on I-Movie, software that is standard on new Apple computers.

Most free Internet-based editing software is still not equipped to recognize cell phone footage, Labourdette said.

Because built-in microphones in cell phones pick up background noise, most dialogue must be added in post-production.

"It's a real pain in the neck," said director Bourgois-Beaulieu, who spent weeks re-recording and re-synching all the dialogue in his chatty, 10-minute-long film.

While cell-phone cameras have radically simplified shooting movies, the crux of filmmaking - finding the right story - remains as complicated as ever, he said.

"Just because everyone has a cell phone in our pockets doesn't make us all Spielbergs," said Bourgois-Beaulieu, who is hard at work on his second cell movie. "You've still got to have an artistic vision, or else it's just so much dumb footage."
http://hosted.ap.org/dynamic/stories...10-20-14-27-06





Attackers Pillage Moscow Art Gallery and Beat Activist Owner
Sophia Kishkovsky

A group of men burst into a contemporary art gallery here Saturday, destroying work by an ethnic Georgian artist and beating up the owner, Marat Guelman. Mr. Guelman is well known both for his display of politically inspired and irreverent art and, most recently, his public attacks on neofascists for their dislike of non-Russians and of Western influence on Russian society.

Mr. Guelman said the attack was carried out by 10 men who looked like skinheads. The attack was the latest incident to raise troubling questions about xenophobia and freedom of expression in Russia.

On Friday, Russian officials seized 11 pieces of art that Mr. Guelman had exhibited. The art was on consignment to a London gallery owner, Matthew Bown, who was taking the pieces out of the country when he was detained at Sheremetyevo-2 airport on Friday.

The photo collages that were seized included one depicting President Vladimir Putin, President Bush and Osama bin Laden lounging in boxer shorts and another of a veiled suicide bomber with her skirt held up to reveal racy lingerie.

Mr. Bown was allowed to leave for London, but the artwork was not released.

It is unclear whether the seizure of the artwork on Friday and the attack on the gallery were related, coincidence or driven by news about the airport seizure on the radio and the Internet. Mr. Guelman has made a fair number of enemies this year because of his public criticism of neofascists and nationalists.

He is now on a list of “enemies of Russia” that is being circulated on the Internet by Russian neofascists.

Anna Politkovskaya, the journalist who was gunned down in her apartment building on Oct. 7, was also on the list, as are many prominent human rights advocates. Ms. Politkovskaya made her name as a searing critic of the Kremlin and its policies in Chechnya.

Mr. Guelman has also angered Russian Orthodox fundamentalists with his criticism of their influence on politics and for displaying artwork they consider antireligious. Although he has long cultivated connections with the Kremlin, he has been increasingly critical of Mr. Putin.

It was also unclear whether the attack on the gallery and the Georgian art was related to anti-Georgian sentiment that has surged this fall.

Tensions between the Kremlin and President Mikheil Saakashvili of Georgia led to a crackdown on Georgians in Russia this month. The government has accused some Georgian-owned businesses of violating health or other regulatory standards and has deported hundreds of ethnic Georgians deemed to be in Russia illegally.

In a telephone interview on Saturday evening after he was released from the hospital, Mr. Guelman said he had been treated for a broken nose and other injuries.

He said 10 men dressed in dark blue and wearing hats and heavy boots charged into the gallery at around noon, forced the employees against a wall, seized their phones and then proceeded to vandalize the artwork and attack him.

“They started to beat me with their shoes, with chairs,” he said. “Then they threw a computer at me. It was awful.”

He said pieces of graphic art by Alexander Djikia, a Moscow-based ethnic Georgian artist who has lived in the United States, were destroyed and paintings by him were damaged. Mr. Djikia could not be reached for comment.

The official RIA Novosti news agency said Saturday that the Moscow prosecutor’s office had opened a criminal investigation into the gallery attack.

Aleksandr Brod, the director of the Moscow Bureau of Human Rights, which tracks xenophobia and hate crimes in Russia, said the attack on Saturday highlighted troubling currents. Mr. Brod is also on the list of “enemies of Russia.”

“Such demonstrative attacks on famous people are becoming the norm,” he said. “This is a big misfortune and serious grounds for the authorities to stop and think,” he said.
http://www.nytimes.com/2006/10/22/wo.../22russia.html





News From The North



The TankGirl Diaries

22.10.2006

Expressen: "Legalize Filesharing!"

The election is over, a new government has been formed, and while Piratpartiet did not make it to the parliament, the Swedish filesharing debate continues in the media.

Newspaper Expressen demands in its editorial today in no uncertain terms the legalization of private filesharing. The editorial refers to the two recent court cases that resulted in rather large fines for two filesharers. The newspaper considers it totally wrong that sharing a few songs or a movie on Internet is treated as serious a crime as sexual harassment or acts of violence in terms of punishment. Expressen notes that while harassment and violence cause real suffering to the victims, it is not clear at all whether there are any victims or negative effects following from filesharing.

Expressen goes through some history of previous legal battles where the copyright holders have tried to fight new emerging technologies, and how their doomsday scenarios have never happened despite the wide adoption of these new technologies - like audio cassette and video recorders - by the consumers. The newspaper is deeply worried about the impact that a strong copyright owner control over Internet would have on culture and many fields of new businesses. The editors consider the legalization of private filesharing a much better alternative and demand that movie and music industries should adapt into the digital era without any help from the state.
http://www.p2p-zone.com/underground/...536#post249536

http://reflectionsonp2p.blogspot.com/





Swedish Pirate Collector Releases a Historical Pop Archive
TankGirl

At the end of June this year a Swedish music collector known by name swetrot released on Pirate Bay a collection of historical proportions. It took almost 10 years and a lot of hard work from him to get it all together but there it was: a complete archive of each and every song that had ever made it to the Swedish Pop Charts during the 22 years that the charts had existed. Some other pirates had earlier released Top 50 or Top 100 style collections of more limited scope but this was the complete thing. Most of the material swetrot found from Internet, starting his downloading with a painfully slow 33.6 kbps modem around the time when mp3 files first became available on the Net. Some of the rarer songs he managed to hunt down from friends and strangers, scanning through heaps of old vinyls at various attics and cellars.

The collection has enjoyed great popularity at Pirate Bay since its release but today it found its way also into mainstream media when Lars Lindström, the news chronicler of newspaper Expressen, introduced swetrot's work to his readers. He praised the efforts of swetrot and seriously suggested a cultural prize for him for the achievement. And indeed the collection is a major body of pop culture history - 17.34 GB in size, with 3990 songs, i.e. over 270 hours of music in it. Lindström noted that an archive like this should be available in libraries. While that may take time to happen, at least it is available for the international audience of BitTorrent users on Pirate Bay. Lindström concludes his story by emphasizing how the 'heavy league' filesharers - perhaps 10 % of all p2p users - are really serious collectors of music for whom getting their content from retailers is not even an option.
http://www.p2p-zone.com/underground/...ad.php?t=23210





Beer Fingerprints To Go UK-Wide
Mark Ballard

The government is is funding the roll out of fingerprint security at the doors of pubs and clubs in major English cities.

Funding is being offered to councils that want to have their pubs keep a regional black list of known trouble makers. The fingerprint network installed in February by South Somerset District Council in Yeovil drinking holesy is being used as the show case.

"The Home Office have looked at our system and are looking at trials in other towns including Coventry, Hull & Sheffield," said Julia Bradburn, principal licensing manager at South Somerset District Council.

Gwent and Nottingham police have also shown an interest, while Taunton, a town neighbouring Yeovil, is discussing the installation of fingerprint systems in 10 pubs and clubs with the systems supplier CreativeCode.

Bradburn could not say if fingerprint security in Yeovil had displaced crime to neighbouring towns, but she noted that domestic violence had risen in Yeovil. She could not give more details until the publication of national crime statistics to coincide with the anniversary of lax pub licensing laws on 24 November.

She was, however, able to say that alcohol-related crime had reduced by 48 per cent Yeovil between February and September 2006.

The council had assumed it was its duty under the Crime and Disorder Act (1998) to reduce drunken disorder by fingerprinting drinkers in the town centre.

Some licensees were not happy to have their punters fingerprinted, but are all now apparently behind the idea. Not only does the council let them open later if they join the scheme, but the system costs them only £1.50 a day to run.

Oh, and they are also coerced into taking the fingerprint system. New licences stipulate that a landlord who doesn't install fingerprint security and fails to show a "considerable" reduction in alcohol-related violence, will be put on report by the police and have their licences revoked.

Offenders can be banned from one pub or all of them for a specified time - usually a period of months - by a committee of landlords and police called Pub Watch. Their offences are recorded against their names in the fingerprint system. Bradburn noted the system had a "psychological effect" on offenders.

She said there had been only been two "major" instances of alcohol-related crime reported in Yeovil pubs and clubs since February. One was a sexual assault in a club toilet.

The other occurred last Friday when an under-18 Disco at Dukes nightclub got out of hand after the youngsters had obtained some alcohol from elsewhere. A fight between two youngsters escalated into a brawl involving 435 12-16 year olds

A major incident is when 15 police attend the scene, said Bradburn. She was unable to say how many minor incidents there had been but acknowledged that fights were still occurring in the streets of Yeovil.

The Home Office paid for Yeovil's system in full, with £6,000 of Safer, Stronger Communities funding.

Bradburn said the Home Office had paid her scheme a visit and subsequently decided to fund similar systems in Coventry, Hull and Sheffield.

The Home Office distanced itself from the plans. It said it provided funding to Safer, Stronger Communities through the Department for Communities and Local Government's Local Area Agreements. How they spent the money was a local decision, said a HO spokeswoman.
http://www.theregister.co.uk/2006/10..._fingerprints/





German States Agree On Phone/Internet Licence Fee

Germany's 16 states agreed on Thursday to introduce from January 1 a licence fee of 5.52 euros (3.70 pounds) a month on computers and mobile phones that can access television and radio programmes via the Internet.

Any household or company that does not already have a licence will have to pay the new levy, which is the same as the one currently charged for radio access, state premiers agreed at a meeting in the town of Bad Pyrmont.

German households pay just over 17 euros a month to watch TV, but since more radio programmes are available over the Internet than TV, state broadcaster ARD wanted the fee for computers and phones to match that of radios.

The plan has attracted sharp criticism from industry groups that argue it would harm German firms, especially small and medium-sized businesses.

Germany's TV licence fee is among the highest in Europe, with only Switzerland and the Nordic countries paying more. It funds four national public broadcasters, several local broadcasters and all the country's public radio stations.
http://uk.news.yahoo.com/19102006/80...cence-fee.html





Researchers See Privacy Pitfalls in No-Swipe Credit Cards
John Schwartz

They call it the “Johnny Carson attack,” for his comic pose as a psychic divining the contents of an envelope.

Tom Heydt-Benjamin tapped an envelope against a black plastic box connected to his computer. Within moments, the screen showed a garbled string of characters that included this: fu/kevine, along with some numbers.

Mr. Heydt-Benjamin then ripped open the envelope. Inside was a credit card, fresh from the issuing bank. The card bore the name of Kevin E. Fu, a computer science professor at the University of Massachusetts, Amherst, who was standing nearby. The card number and expiration date matched those numbers on the screen.

The demonstration revealed potential security and privacy holes in a new generation of credit cards — cards whose data is relayed by radio waves without need of a signature or physical swiping through a machine. Tens of millions of the cards have been issued, and equipment for their use is showing up at a growing number of locations, including CVS pharmacies, McDonald’s restaurants and many movie theaters.

The card companies have implied through their marketing that the data is encrypted to make sure that a digital eavesdropper cannot get any intelligible information. American Express has said its cards incorporate “128-bit encryption,” and J. P. Morgan Chase has said that its cards, which it calls Blink, use “the highest level of encryption allowed by the U.S. government.”

But in tests on 20 cards from Visa, MasterCard and American Express, the researchers here found that the cardholder’s name and other data was being transmitted without encryption and in plain text. They could skim and store the information from a card with a device the size of a couple of paperback books, which they cobbled together from readily available computer and radio components for $150.

They say they could probably make another one even smaller and cheaper: about the size of a pack of gum for less than $50.

And because the cards can be read even through a wallet or an item of clothing, the security of the information, the researchers say, is startlingly weak. “Would you be comfortable wearing your name, your credit card number and your card expiration date on your T-shirt?” Mr. Heydt-Benjamin, a graduate student, asked.

Companies that make and issue the cards argue that what looks shocking in the lab could not lead to widespread abuse in the real world, and that additional data protection and antifraud measures in the payment system protect consumers from end to end.

“This is an interesting technical exercise,” said Brian Triplett, senior vice president for emerging-product development for Visa, “but as a real threat to a consumer — that threat really doesn’t exist.”

The finding comes at a time of strong suspicion among privacy advocates and consumer groups about the security of the underlying technology, called radio frequency identification, or RFID. Though the systems are designed to allow a card to be read only in close proximity, researchers have found that they can extend the distance.

The actual distance is still a matter of debate, but the claims range from several inches to many feet. And even the shortest distance could allow a would-be card skimmer to mill about in a crowded place and pull data from the wallets of passersby, or to collect data from envelopes sitting in mailboxes.

“No one’s going to look at me funny if I walk down the street and put a flier in everybody’s mailbox,” Mr. Heydt-Benjamin said.

The experiment was conducted by researchers here working with RSA Labs, a part of EMC, an information management and storage company. The resulting paper, which has been submitted to a computer security conference, is the first fruit of a new consortium of industry and academic researchers financed by the National Science Foundation to study RFID.

Security experts who were not involved in the research have praised the paper, and said that they were startled by the findings. Aviel D. Rubin, a professor of computer security at Johns Hopkins University, said, “There is a certain amount of privacy that consumers expect, and I believe that credit card companies have crossed the line.”

The companies, however, argue that testing just 20 cards does not provide an accurate picture of the card market, which generally uses higher security standards than the cards that were tested. “It’s a small sample,” said Art Kranzley, an executive with MasterCard. “This is almost akin to somebody standing up in the theater and yelling, ‘Fire!’ because somebody lit a cigarette.”

Chips like those used by the credit card companies can encrypt the data they send, but that can slow down transactions and make building and maintaining the payment networks more expensive. Other systems, including the Speedpass keychain device offered by Exxon Mobil, encrypt the transmission — though Exxon came under fire for using encryption that experts said was weak.

Though information on the cards may be transmitted in plain text, the company representatives argued, the process of making purchases with the cards involves verification procedures based on powerful encryption that make each transaction unique. Most cards, they said, actually transmit a dummy number that does not match the number embossed on the card, and that number can be used only in connection with the verification “token,” or a small bit of code, that is encrypted before being sent.

“It’s basically useless information,” said David Bonalle, vice president and general manager for advanced payments at American Express. “You can’t steal that data and just play it back and expect that transaction to work.”

While the researchers found that these claims were true for some of the cards they tested, other cards gave up the actual credit card number and did not use a token or change data from one transaction to another. They also took data in from some cards and transmitted it to a card-reader in the lab and tricked it into accepting the transaction. Mr. Heydt-Benjamin, in fact, was able to purchase electronic equipment online using a number skimmed from a card he ordered for himself and which was sealed in an envelope.

(None of the cards transmits the additional number on the front or back, known as the card validation code, that some businesses require for online purchases; Mr. Heydt-Benjamin chose a store that does not require the code.)

Mr. Kranzley said the MasterCard-issuing banks decided how much security they wanted to implement, but said that with 10 million of the company’s chip-bearing cards on the market, some 98 percent of them used the highest standards.

“Today, there’s an extremely small percentage of cards that have the characteristics that RSA has looked at in this report,” he said. Visa and American Express representatives said all their cards conformed to the highest security standard.

Beyond the security on the cards themselves, the companies said, they have deployed fraud detection and prevention measures that block suspect purchases. And each company stressed that cardholders were not liable for fraud.

Dr. Fu acknowledged that the research involved a small sample, and added, “We would be happy to examine cards that have better security so that we can verify these claims.” He added, however, that all of the cards they tested were issued this year, and all were felled by at least one of the attacks that they attempted.

Tom O’Donnell, a senior vice president at Chase, the largest issuer of the new cards, said that the attacks described in the paper would be too cumbersome in the real world. And the researchers said that other kinds of fraud, like so-called phishing scams in which criminals trick people into revealing credit card information through misleading e-mail messages and Web sites, were currently more effective.

Still, John Pescatore, vice president for Internet security at Gartner, a technology market research firm, said he was surprised by the lack of security in transmitting personal data. He said it was a mistake that companies often made in rolling out early versions of a technology.

“It’s the classic ‘Let’s depend on security through obscurity — who’s going to look?’ ” he said. “Then, whoops! As soon as somebody does look, you roll out the security.”

All of the card companies said that they were in the process of deleting names from the stream of data transmitted to the card readers. “As a best practice, issuers are not including the cardholder name,” Mr. Triplett of Visa said.
http://www.nytimes.com/2006/10/23/bu... tner=homepage





The Starbucks Aesthetic
Susan Dominus

WHEN Bette Gottfried, a 48-year-old regular at a Starbucks in Ardsley, N.Y., saw that her favorite coffeehouse was promoting a film, she wasn’t immediately interested. “At first I was leery,” said Ms. Gottfried, dressed in workout clothes, wearing her hair in a ponytail and sitting near the window with her daily decaf mocha (“low-fat milk, no foam, no whipped”). “I thought, ‘Who are they to get involved in the movies?’ ”

Ultimately, however, she decided to take her 9-year-old daughter to see the film, “Akeelah and the Bee,” precisely because of the involvement of Starbucks. “I trusted seeing the movie, because it was promoted here,” she said. After all, she liked the company’s coffee; she had already bought and liked several CD’s it produced and sold, compilations of music by Carole King, Tony Bennett and Frank Sinatra. Why wouldn’t she like a Starbucks movie? She did, and now she’s considering picking up its latest cultural sales item: “For One More Day,” a book by Mitch Albom.

But Ms. Gottfried’s question is a valid one. Starbucks is clearly very good at selling coffee, but why should it become involved in the movies — and books and CD’s, for that matter? And why would consumers trust its taste in books and films any more than they’d trust, say, Simon & Schuster’s taste in Ethiopia Gemadro Estate decaf?

Yet the chain is increasingly positioning itself as a purveyor of premium-blend culture. “We’re very excited, because despite how much we’ve grown, these are the early stages for development,” said Howard Schultz, the chairman of Starbucks. “At our core, we’re a coffee company, but the opportunity we have to extend the brand is beyond coffee; it’s entertainment.”

In an early misstep, Starbucks started offering Joe, a literary magazine that appeared in 1999 and lasted all of six months before Mr. Schultz decided, on the basis of slow sales, that the product “didn’t add any value.” But since then Starbucks has successfully promoted a slew of hits, from the Ray Charles CD “Genius Loves Company,” a joint venture with Concord Records that won several Grammy Awards and sold 800,000 copies at Starbucks alone, to a recent CD of Meryl Streep reading “The Velveteen Rabbit.” In some cases, as with the Ray Charles album, Starbucks partners with an existing label; but even when it merely stocks another label’s titles, said Ronn Werre, president of EMI Music Marketing, it is typically responsible for at least 10 percent of overall sales; when it recently started selling the Frank Sinatra classic “In the Wee Small Hours,” sales of that CD went up twentyfold. This month, Starbucks landed a coveted and very prominent retail section on the iTunes home page, one of only two brands to enjoy that privilege.

Mr. Albom’s book, published by Hyperion, marks the next piece of the expanding Starbucks cultural portfolio. The chain’s creative team has already been looking for additional original films to present and is thinking about producing movies down the road. And Mr. Schultz said it was “not out of the question that we would self-publish” new authors. Some of the chain’s projects have been relatively intimate and artsy — for example, two several-day-long salons, one at the Sundance Film Festival, one in New York, where the doors were open to free spoken-word performances, musical collaborations and one-act plays. But the company clearly wants to have a national impact as well.

On Thursday, in hopes of sparking communitywide dialogue about “For One More Day,” 25 Starbucks stores around the country will feature discussion groups. (To ease the flow of conversation, free coffee will be provided.)

Sounding a bit caffeinated himself, Mr. Schultz explained, “With the assets Starbucks has in terms of number of stores, and the trust we have with the brand, and the profile of our customers, we’re in a unique position to partner with creators of unique content to create an entertainment platform and an audience that’s unparalleled.”

The heart of that audience is a group the company refers to as its “core customers” — educated, with an average age of 42 and an average income of $90,000. About 15 years ago, Mr. Schultz said, Starbucks began “to observe the fracturing of the retail music industry and the consumer experience becoming something that our core customers were no longer enjoying.” So they started selling CD’s of the music they’d already been playing in the stores.

It still works. “If I hear a CD they’re playing, I generally like it,” Bette Gottfried, back in the Ardsley store, said. “It’s who I am — baby boomer, upper middle class, a little hippyish, rockish. ...”

As Mr. Schultz sees it, customers get a new cultural experience and Starbucks gets a “halo” — the associations people have with beloved music, with “quality, good will, trust, intelligence.”

To cultivate that halo, he built an entertainment division, with an office in Seattle and another in Los Angeles. In Los Angeles, Nikkole Denson, 36, who ran the entertainment and film departments of Magic Johnson’s entertainment company, is the chain’s director of business management, in charge of fielding and negotiating film and book selections. (Starbucks works closely with the William Morris Agency as well.) She says “Akeelah and the Bee,” a movie about a young black girl from South Los Angeles with a talent for spelling, is a perfect example of her company’s cultural profile.

“Starbucks is all about community and inspiration, and everything in that movie seemed aligned with that — it has that human connection,” Ms. Denson said. “It doesn’t have to be a family film, but it does have to be socially relevant.” As for the books she’s selecting — they won’t all be by name brands like Mr. Albom — she says she wants books that provide “almost an education without being preachy.” Yes, they should be inspiring, but also, she hopes, challenging: “not racy or dark, but thought-provoking.”

A major player in the company’s music business is Timothy Jones, manager of compilations and music programming. Mr. Jones, 58, ran a small independent record shop in Seattle until 1987, when his business folded and he started managing the Starbucks across the street. Customers there asked if they could buy the mixes of Ella Fitzgerald and Miles Davis he was playing, and that’s how it all got started. What he looks for now, he says, is “a believable sound that isn’t too harsh.”

Mr. Jones championed Madeleine Peyroux when she was a critically acclaimed singer who had never quite hit it big; since her album “Careless Love” started selling at Starbucks, its sales have CD tripled.

“We do our best with a new artist when there’s sort of an NPR buzz going on around him, the stars-in-the-making,” Mr. Jones said. “Then we take a Decemberists or a Madeleine Peyroux and put it out there in the spotlight of the coffeehouse, and people standing in line say, ‘I’ve heard about this person.’ ”

Balancing out the newer artists are the classics Starbucks sells packaged in coffee hues of sepia: Tony Bennett, Etta James, Marvin Gaye. “It’s like European-style roasted coffee,” Mr. Jones said. “It’s reaching back, it’s timeless.”

THE more cultural products with which Starbucks affiliates itself, the more clearly a Starbucks aesthetic comes into view: the image the chain is trying to cultivate and the way it thinks it’s reflecting its consumer.

There’s the faintest whiff of discriminating good taste around everything Starbucks sells, a range of products designed, on some level, to flatter the buyer’s self-regard. Starbucks stores don’t carry “Sgt. Pepper’s Lonely Hearts Club Band,” the Beatles album everyone’s mother could name; they carry “Revolver,” a critical darling without the same overplayed name recognition.

Might DVD sales be the next frontier? And if so, which DVD’s? Ms. Denson wouldn’t say, but it’s an entertaining exercise for a reporter to try to guess: For the holiday season, perhaps a movie like “White Christmas” — it’s retro-chic, it’s got the classy crooner Bing Crosby going for it, yet it’s not quite as overplayed as, say, “Miracle on 34th Street.” Throw in some never-before-seen outtakes, package it in a beautiful silver and black box. ...

“You’re pretty close there,” Ms. Denson said. “Very, very close.” So close, in fact, that later that day she sent over a press release: Starting next month, in conjunction with Turner Classics, the “White Christmas” DVD will be available exclusively at Starbucks, packaged for the first time with a Decca recording of the film’s soundtrack and an informative 12-page booklet that includes a list of other must-see Christmas movies. Inspirational but not hokey, familiar but not ubiquitous, gently educational — it’s tailor- made for the NPR-listening type Mr. Jones imagines as the typical Starbucks consumer.

Mr. Schultz said the company was eager to offer customers products that are “out of the mainstream.” Starbucks itself used to be out of the mainstream, back when it started in Seattle. But that was before it took over the world (well, almost). Championing the little guy — Ms. Peyroux, some new bossa nova artist — can be a relatively easy way to offset the sense of alienation that overreplicated chains inspire.

“It adds to the emotional connection with the customer,” said Mr. Schultz, and keeps the Starbucks experience from feeling, as he put it, “antiseptic.”

Of course, the moment Starbucks chooses to promote an artist — prominent space on the company’s Web page, access to its 5,400 stores throughout the country, possible discussion groups and so on — that artist almost by definition becomes mainstream.

But that may not matter to consumers. “You know, it’s not that different from feeling cool because you’ve got an Apple computer,” said the novelist Jonathan Lethem. Mr. Lethem was one of the well-regarded, not-quite-mainstream artists who were featured at the New York Starbucks salon, which he experienced as a supportive environment for creative work. As for the Starbucks sensibility itself, he said, “It’s the faint affect of a counterculture shackled to the most ordinary, slightly upscale product” — just more of what he describes as the “faux-alternative” aesthetic that’s been around for decades.

These days the so-called long tail model of cultural consumption — the 1.5 million songs on iTunes, the 55,000 films on Netflix — is getting a lot of attention among business theorists, and teenage boys are getting a lot of attention from the entertainment complex. But Starbucks relies on a previous model: a narrow range of blockbuster hits geared toward an older, educated audience.

The book publishing industry could benefit from such a tastemaking force, said Laurence Kirshbaum, founder of the LJK Literary Management agency. “One of the big problems in the book industry is that outside e of Oprah, there’s no really widely accepted authority to recommend books,” Mr. Kirshbaum said.

At the same time, he expressed concern on behalf of the traditional bookstore. “The concern is that, in a business that’s essentially flat, can Starbucks provide additional buyers? Or is it going to be pilfering buyers from existing accounts?”

Thomas Hay, a 48-year-old contractor from Hartsdale, N.Y., said Starbucks helped him by editing down his cultural choices. Looking over the selections the company makes, he said, he has the impression that “some people of caring hearts and minds have looked at this and felt it was worthwhile and beneficial and would create a good vibe in the world.”

Karen Golden, 43, and Kirk Sipe, 53, also customers at that Ardsley Starbucks, said that they were unlikely to buy a CD there — at $15, they could get it cheaper from Amazon — but that the company’s choices solidified their respect for the brand. “They could go with what’s ultramarketable, but good for them for promoting people who don’t get airplay,” said Ms. Golden, a psychotherapist from nearby Dobbs Ferry. Asked to describe the kind of music and movies they expected to find there, they rattled off language that could have come straight from a Starbucks marketing plan: “quality,” “what will endure,” “people who have something to say.”

When Starbucks executives describe the goal of the company’s cultural extensions, they invariably lean on the word discovery. “Customers say one of the reasons they come is because they can discover new things — a new coffee from Rwanda, a new food item. So extending that sense of discovery into entertainment is very natural for us. That’s all part of the Starbucks experience,” said Anne Saunders , senior vice president of global brand strategy and communications.

Even the keyboardist Herbie Hancock, whose recent album “Possibilities” has been a strong seller at Starbucks, buys the idea. “Going to Starbucks,” he said, “you feel kind of hip. I feel kind of hip when I go to Starbucks; that’s how I know!” He said people of every age had told him they weren’t familiar with his work until it appeared there, then he called back to say he’d never gotten better promotion in his life.

Mr. Schultz said one the most valuable assets in the Starbucks culture project was the chain’s wireless Web-access network. “What’s coming is an opportunity to leverage WiFi as a channel,” he said, “and that channel is going to have the ability to expose our customers digitally to unique content.” He added: “It’s not a stretch to think of Starbucks in a new way as a network. A new channel with 12,500 points of distribution,” with every point representing a Starbucks store around the world.

And that channel, no doubt, will be geared toward the European-coffee-drinking, CD-liner-notes-reading, singer-songwriter-loving Starbucks customers, who now not only relax at the same coffee shops but also go home and listen to the same jazz release while possibly reading the same reliably entertaining, even inspirational, book. At the Starbucks in Ardsley, prominently displayed on the wall is a poster of an elephant lumbering comfortably along in the burnt-sienna rays of the sun. Below the image is printed, in typewriterlike letters, a message from Starbucks that the company has made, through its good taste, increasingly tempting: “Move with the herd.”
http://www.nytimes.com/2006/10/22/ar...b7d&ei=5087%0A
JackSpratts is offline   Reply With Quote