|Peer to Peer The 3rd millenium technology!|
||Thread Tools||Search this Thread||Display Modes|
|28-09-06, 02:52 PM||#1|
Join Date: May 2001
Location: New England
Peer-To-Peer News - The Week In Review - September 30th, '06
"I could teach a chimp to copy a [DRM’d] DVD. Maybe there is some lower order of primate, like spider monkeys, that couldn't do it, but it's relatively easy." – Jim Flynn
"We're not stealing anything. We're claiming something that's rightfully ours. It's always been our position that if enough people go on the air with their stations, the FCC will be overwhelmed and unable to respond. " – Stephen Dunifer
"Does performing an existing effect, or variation thereof, confer upon the performer of it ownership of that effect, or the exclusive and perpetual right to all subsequent interpretations of it? On this point you and I are obviously in disagreement." – Eric Walton
"If an act hasn’t been prominently performed for a long time, and someone takes the trouble to bring it back from absolute death and put it into his act with fine touches, and which at least hasn’t been seen by a current generation, the gentlemanly thing to do is say, 'That’s his for now.'" – Teller
''When the concern over possible protests leads to self-censorship, then the democratic culture of free speech becomes endangered. Problems cannot be solved by keeping silent." – Bernd Neumann
"Our ideas about openness, tolerance and freedom must be lived on the offensive. Voluntary self-limitation gives those who fight against our values a confirmation in advance that we will not stand behind them." – Klaus Wowereit
The RIAA won the final and decisive victory they have been seeking for the last six years. What started with Napster in 1999 ended this week with a judge who ironically enough once had the temerity to stand up to them by shutting them down. After the US Supreme court re-started this case it landed back in his court where a now safely reined in Judge Wilson unfortunately ruled that yes, the evidence is overwhelming: Streamcast induced users to violate copyright and is therefore liable for "damages." I put damages in quotes because there aren’t any real ones. The only proven effect file-sharing has had on sales has been to improve them, but we all know this has never been about fairness or even logic. It is instead about destroying people’s free access to information by concentrating it in one centralized nexus among one very powerful group. This they have done well. With fines of $150,000 per occurrence I’m not sure the gross domestic product of the entire world is enough to cover these "damages," so we’ve seen the end of Morpheus, and in all probability the end of every company that operated like Streamcast.
As destructive a ruling as this is for America, it is not the end of peer-to-peer. We’ve been file-sharing all through every ruling good and bad, and as bad as it is now it has no practical effect on us. As a matter of fact, in keeping with a basic premise stated above, the only real effect I can deduce from all these lop-sided court victories has been to make the community more powerful. File–sharing has improved. Let’s not kid ourselves, this is testament only to the hard work of developers and activists, not to the ferocious efforts of the courts, lawmakers and media. The fact remains however that peer-to-peer has never been healthier, as it has simultaneously never been more hunted. It may be the nature of this new digital age but the harder they push the stronger we get, and we are very strong today.
On we go into this cyber world of sharing we have built. Where once we marveled at a new song in our folder we now see entire discographies. Where once we accepted the limitations of lossy codecs we now play perfect discs of lossless clones. Where once we thrilled to brief flickers of blocky video, we now transfer entire archives of pristine quality films. If against all evidence the RIAA this week claims victory in its efforts to halt our sharing then surely the true victory is the one that we, not they, have forged. Would that we could do this outside the cloud of civil disobedience? Yes. For now however, it is enough to savor for a moment this triumph we have earned.
September 30th, '06
Judge: StreamCast Induces Piracy
A federal judge ruled Wednesday against the distributor of the Morpheus online file-sharing software, finding the firm encouraged computer users to share music, movies and other copyright works without permission.
The ruling was a sweeping victory for a coalition of Hollywood movie studios, record companies and music publishers who sued Los Angeles-based StreamCast Networks and similar firms in 2001. The case led to a landmark copyright ruling by the U.S. Supreme Court last year.
In the 60-page decision, U.S. District Judge Stephen V. Wilson granted the entertainment companies' motion for summary judgment, concluding there was more than enough evidence of "massive infringement" on StreamCast's network, despite the company's arguments that it did not encourage computer users to violate copyright laws.
"In the record before the court, evidence of StreamCast's unlawful intent is overwhelming," Wilson wrote.
A StreamCast spokesman did not have an immediate comment on the ruling.
"No single court ruling solves piracy or can make up for several challenging years for the music community, but there's no doubt that that rules of the road for online music are better today than they were yesterday," Mitch Bainwol, chairman and chief executive of the Recording Industry Association of America, said in a statement.
Barring successful appeal, Wilson's ruling caps a long-running court battle over internet file sharing that erupted after the entertainment industry succeeded in shuttering pioneer file-swapping network Napster.
The rise of Napster clones such as Morpheus, Kazaa, Grokster and others prompted the entertainment companies to sue StreamCast and the operators of Grokster and Kazaa.
In 2003, Wilson ruled the file-sharing firms could not be held liable for the actions of the users of their software, a decision upheld by the appeals courts.
But last year, the U.S. Supreme Court heard the case and ruled that file-sharing companies could be held liable for deliberately encouraging or inducing customers to commit online piracy.
As part of its ruling, the Supreme Court sent the lawsuit back to Wilson's jurisdiction.
Since then, Sharman Networks, the operator of Kazaa, and the company behind Grokster have settled out of court.
Dog Bites Man
Lime Wire Sues RIAA
Lime Wire counterclaims in Manhattan Federal Court against Major Record Labels for Conspiracy to Destroy Competition
In Arista v. Lime Wire, in Manhattan federal court, Lime Wire has filed its answer and interposed counterclaims against the RIAA for antitrust violations, consumer fraud, and other misconduct, alleging that the RIAA's goal has been to
· destroy any online music distribution service they did not own or control, or force such services to do business with them on exclusive and/or other anticompetitive terms so as to limit and ultimately control the distribution and pricing of digital music, all to the detriment of consumers (Counterclaim, paragraph 26, page 18)
and that its members are engaged in
· a much larger modern conspiracy to destroy all innovation that content owners cannot control and that disrupts their historical business models.(Counterclaim, paragraph 28, page 18).
Lime Wire has demanded a trial by jury. The counterclaim makes for a very interesting read on the state of the music industry wars today.
Lawmakers Blast Hewlett - Packard Tactics
Lawmakers denounced the intrusive tactics used in Hewlett-Packard Co.'s spying probe as a congressional hearing launched Thursday with stark comparisons between the tawdry affair and the 67-year-old company's reputation for integrity.
Ousted HP Chairwoman Patricia Dunn, sitting with her attorney in the front row of the packed hearing room, listened as members of the House Energy and Commerce Committee voiced outrage at the company's probe into the source of boardroom leaks. HP used a shadowy network of private investigators who burrowed into the personal lives of journalists and HP directors, and impersonated them with a tactic known as ''pretexting'' to obtain their telephone records.
''We have before us witnesses from Hewlett-Packard to discuss a plumbers' operation that would make Richard Nixon blush were he still alive,'' Democratic Rep. John Dingell of Michigan said.
Rep. Ed Whitfield, R-Ky., chairman of the committee's investigative panel, demanded to know why, with many high-ranking HP executives and attorneys involved in the probe, ''No one had the good sense to say `Stop.'''
''It's a sad day for this proud company,'' said Rep. Diana DeGette of Colorado, the panel's senior Democrat. ''Something has really gone wrong at this institution.''
Dunn planned to testify that she discussed the conduct of the company's leak investigation with CEO Mark Hurd, board members and others in the company -- getting a clear impression that the directors were satisfied with it and that its methods were not improper.
Dunn and Hurd were appearing at the hearing with other top executives and hired detectives. Some volunteered to testify; others were attending under the summons of a congressional subpoena.
As lurid details of the affair emerged in recent weeks, HP's corporate casualties have mounted. The computer and printer maker announced the resignation of general counsel Ann Baskins on Thursday just ahead of the hearing where she was scheduled to testify, and her attorneys said she would invoke her Fifth Amendment right against self-incrimination and not answer lawmakers' questions.
The departure of Baskins, who has worked for the company since 1982, follows those of Dunn, two other directors and two high-level employees.
''Ms. Baskins always believed that the investigative methods that she knew about were lawful, and she took affirmative steps to confirm their legality,'' her attorneys told the committee in a letter Thursday. ''Ms. Baskins repeatedly sought and obtained assurances from a senior HP counsel that the techniques about which she knew were entirely lawful.''
Hewlett-Packard, the world's largest technology company and long a respected anchor of Silicon Valley, engaged a private detective firm for its quest to trace and stem boardroom leaks to journalists of confidential information. The firm in turn hired a network of investigators who masqueraded as HP directors and employees and as reporters to obtain their telephone records, surveilled them and their relatives, sifted through their garbage, and used an e-mail sting to dupe one of the reporters.
''I never doubted ... that what they were doing was legal,'' Dunn said in her testimony, which was released by the committee on Wednesday.
Dunn said she asked Ronald DeLia, the operator of the detective firm hired by HP, ''at every point of contact for his representation that everything being done was proper, legal and fully in compliance with HP's normal practices.''
Dunn disclosed that she learned in the spring of 2005 that the probe involved obtaining access to phone records.
Besides the inquiry by the House committee, federal and California prosecutors are investigating whether company insiders or outside investigators broke the law. California Attorney General Bill Lockyer has said he has enough evidence to indict HP insiders and contractors. And the Securities and Exchange Commission is pursuing a civil inquiry.
Hurd, who succeeded Dunn last Friday as chairman of Palo Alto, Calif.-based HP, apologized to those whose privacy was violated in the leak investigation.
''How did such an abuse of privacy occur in a company renowned for its commitment to privacy? It's an age-old story. The ends came to justify the means,'' he said in prepared testimony for the congressional hearing.
Hurd said Dunn had told him of the existence of the investigation, ''but I was not involved in the investigation itself.''
So closely tied was DeLia's firm, Security Outsourcing Solutions Inc. of Needham, Mass., to Hewlett-Packard -- for which it worked almost exclusively for eight years -- that Dunn refers to the firm as a ''captive subsidiary'' of Hewlett-Packard.
In a twist, it was DeLia who performed the background check on Hurd when the company was vetting him last year as a candidate for CEO.
Besides Dunn, Hurd and Baskins, Larry Sonsini -- HP's outside lawyer and one of Silicon Valley's most influential figures, who assured company executives of the legality of the spying probe -- agreed to appear at the hearing.
The committee has ordered DeLia and two other key figures in the leak probe to testify: Kevin T. Hunsaker, until recently the company's chief ethics officer, and Anthony R. Gentilucci, who managed HP's global investigations unit in Boston.
Five private investigators believed to have served as the foot soldiers in the company's efforts, also were subpoenaed to testify.
HP shares were up 1.2 percent at $35.80 on the New York Stock Exchange as the hearing was underway Thursday morning.
Microsoft Sues FairUse4WM Developers
Scott M. Fulton
In a federal district court in Seattle last Friday, IDG News Service is reporting, Microsoft filed suit against ten "John Does," one of whom goes by the screen handle "viodentia," for allegedly using stolen Microsoft source code as a means to make corrections to a utility called FairUse4WM, whose purpose is to strip Microsoft copy protection from media files.
The suit seeks a permanent injunction against the group, and contends Microsoft has suffered more than $75,000 in damages - a legal milestone.
One of Microsoft's lawyers was quoted this morning as saying that viodentia gained unlawful access to Microsoft source code, as a means for circumventing a Microsoft security patch that rendered FairUse4WM unusable.
Today, a post attributed to viodentia on a public forum where links to FairUse4WM are also posted, said, "FairUse4WM has been my own creation, and has never involved Microsoft source code. I link with Microsoft's static libraries provided with the compiler and various platform SDK files."
Previously, viodentia has contended that, although his source code does contain elements from Microsoft's own SDKs -- which are licensed to developers under, ironically "fair use provisions" -- he and his group have had as much right to do so as other developers. But apparently parts of the suit, IDG reports, claim that the group is using SDK code for purposes other than that which Microsoft allows under its license agreement.
In an interview with AOL's Engadget on Monday, viodentia took full credit for being the principal developer of the product.
"I am the only developer," he said, "although my friends served as early beta testers and sounding boards, and with the initial release I've gotten to know some very helpful people." When asked if there were any personal reasons for wanting to crack Windows DRM, viodentia responded, "My selfish rationale is the challenge in pitting my skills against the industry leader."
What neither Engadget nor anyone else in the press knew on Monday was that Microsoft had sued viodentia. Although at one point in the interview, he appeared to defend himself against the lawsuit's chief allegations, stating that he disapproved of Microsoft "claiming copyright to my program." In perhaps a counter-challenge, he said he looked forward to Microsoft's next round of improvements to its DRM technology.
BetaNews has contacted Microsoft for further comment.
Two weeks ago, security expert Bruce Schneier commented on his popular blog, "If you really want to see Microsoft scramble to patch a hole in its software, don't look to vulnerabilities that impact countless Internet Explorer users or give intruders control of thousands of Windows machines. Just crack Redmond's DRM."
No software vendor likes to issue patches, Schneier argued, because it makes the company look vulnerable. Yet, as he's implied in the past, companies can couch fixes to their ongoing problems as "security patches" in order to compensate for the appearance of vulnerability.
The problem is when Microsoft or some other company, he said, tries to frame a vulnerability in DRM -- a feature which few people will actually claim they want -- as a security breach. "No user is ever going to say: 'Oh no. I can now play the music I bought for my computer in my car. I must install a patch so I can't do that anymore."'
Version 1.3 of FairUse4WM was posted to a server today. In a response to a question from a user regarding a possible error, viodentia stated the cause could involve a feature of Windows Media DRM-encoded files that tries to send tracking information about, for instance, how often the file is listened to, back to a host. He suggests a work-around to disable this callback function.
Microsoft Puts Out Fix for Explorer Flaw
Microsoft Corp. rushed out a fix Tuesday for a security flaw in its Internet Explorer Web browser after attackers had begun exploiting the vulnerability to take control of computers.
The Redmond-based software maker said it was putting out the fix ahead of the next scheduled security fix release date on Oct. 10 because of the severity of the problem. The flaw carries Microsoft's highest "critical" rating.
The vulnerability in Microsoft's browser is particularly worrisome to security experts because computer users could come under attack just by visiting a Web site that had been manipulated to take advantage of the flaw. That, in turn, would give an attacker complete control of a user's computer, including access to e-mails, personal information and other data.
Johannes Ullrich, chief technology officer with the security research organization SANS Institute, said it appears that a couple of thousand Web sites have already been manipulated to launch such attacks. The attack also seems to be spreading via e-mail, he said.
Stephen Toulouse, senior product manager in Microsoft's security technology unit, said Microsoft had only seen very limited attacks since the flaw became public a little over a week ago. But he said the activity was enough to prompt the company to release the update ahead of schedule.
"What we're seeing from our end are very specific, limited attacks," he said.
This is the latest in a series of flaws that have been publicly disclosed before Microsoft was able to offer users a patch. More typically, security researchers at outside organizations, or within Microsoft itself, discover the flaws and work in secret to come up with a patch before attackers have a chance to take advantage of them.
Ullrich faulted Microsoft for not getting a fix out sooner, noting that attacks are already under way, and urged users to get the fix immediately.
"Installing the patch is definitely the way to go," he said.
Number of Browser Vulnerabilities Rising
According to the most recent update to security-firm Symantec's biannual Internet Security Threat Report, the last six months saw a significant uptick in the number of security vulnerabilities found in web browsers. Leading the way was Firefox, with 47 bugs discovered. Researchers and hackers discovered 38 vulnerabilities in Internet Explorer, 12 in Safari, and seven in Opera.
The numbers cover a six-month period from January 1 through June 30, 2006. Symantec says its data comes from over 40,000 sensors the company has deployed around the world as well as its database of vulnerabilities.
In addition to leading the pack in sheer number of vulnerabilities, Firefox also showed the greatest increase in number, as the popular open-source browser had only logged 17 during the previous reporting period. IE saw an increase of just over 50 percent, from 25; Safari doubled its previous six; and Opera was the only one of the four browsers monitored that actually saw a decrease in vulnerabilities, from nine to seven.
Data source: Symantec
Looking at the data, it is apparent that one's choice of browser does not automatically confer invulnerability while surfing the web. Security through obscurity—which has been a popular strategy with some users—doesn't guarantee safety. That said, Internet Explorer remains the most popular target for attacks, with 69 percent of all browser attacks targeted specifically at that browser alone. 20 percent of the attacks monitored during the period in question were targeted at Firefox.
When it comes to patching, all of the browsers are improving. Firefox is the fastest to get its patches out, with a one-day window of exposure. Opera had a two-day window of exposure, down from 18 days during the last half of 2005. The window of exposure for Safari is up to five days (from zero), while Internet Explorer typically has a nine-day window, down from 25 days in the previous study.
If there is one clear takeaway from Symantec's report, it's that one's choice of browser does not convey automatic immunity from browser-based attacks. Yes, most attacks target Internet Explorer, which makes economic sense for malware writers looking to make a quick buck. IE still accounts for almost 85 percent of all browsers in use today, making it the proverbial low-hanging fruit. However, no one is absolutely safe, making it important that surfers everywhere practice skeptical computing.
Lenovo to Recall 526,000 Notebook Batteries
The battery problem keeps exploding.
Lenovo will recall 526,000 notebook batteries due to faulty batteries, the company said on Thursday.
The batteries were designed by Lenovo, but Sony produced the lithium ion cell. The recall impacts notebooks produced from Feburary 2005 to September 2006, according to Lenovo spokesman Ray Gorman. For now, the recall will only impact about 5 to 10 percent of notebooks produced by Lenovo, Gorman said, but the company recommends that all customers go to the Lenovo site and check to see if they have one of the faulty batteries.
Separately, Sony announced that it will initiate its own recall program involving battery packs using its battery cell technology. Details will be announced later in cooperation with the U.S. Consumer Products Safety Commission, but the program will involve the replacement of affected battery packs "in order to address concern related to recent overheating incidents," Sony said in a press release.
With the recall, Lenovo becomes the fourth major PC manufacturer to haul batteries back due to safety problems. Dell said that it would recall 4.1 million notebooks in August, and Apple Computer subsequently announced it had to recall 1.8 million notebooks. Toshiba, meanwhile, said this month that it would recall 340,000 machines.
A Lenovo ThinkPad T43 caught fire at Los Angeles International Airport earlier this month. In August, Lenovo said it was speaking with Sony about the issue. While Lenovo did begin to examine the potential for problems in the wake of the Dell and Apple recalls, the PC maker said that the way it puts batteries in its hardware differs from the other companies' methods. Lenovo acquired the ThinkPad line of notebooks from IBM, which historically has been known for careful design.
The problem with the recalled notebooks rests with lithium ion battery cells made by Sony. PC makers and component suppliers buy these cells and design batteries around them. These battery cells can provide several hours of electricity to notebooks, but the liquid inside them is flammable. If a short takes place, a chain chemical reaction can occur that melts the battery or causes the notebook to explode. Lenovo actually inserts technology into its batteries to prevent chain reactions and has contemplated licensing it to others.
Like the gas tank in a car, lithium ion batteries in most instances are safe. However, to extend battery life, battery makers have been putting more flammable liquid into these batteries, and making other parts inside the batteries smaller and thinner. This, in turn, increases the potential problem, as it is more likely that thinner materials will come loose and interfere with the proper working of the battery cell.
Back in 2004, Sony execs said lithium ion technology would likely be hitting its limit in 2006.
Start-ups and venture capitalists are tinkering with alternatives to lithium ion, such as zinc-based batteries, but these are not available yet.
Toshiba, Dell Recall Sony-Made Batteries
The Japanese electronics maker Toshiba Corp. said Friday that it is recalling 830,000 batteries made by Sony for its laptop computers while personal computer maker Dell Inc. expanded its recall of Sony battery packs by 100,000. The batteries can short-circuit and have been blamed for causing some computers to catch fire.
The latest announcements bring the tally of recalled Sony batteries to about 7 million worldwide, and are a major embarrassment for the Japanese electronics and entertainment powerhouse.
The recall comes as Sony Corp. is in the midst of a major overhaul of its operations, closing plants, shutting divisions and trimming jobs.
Sony said earlier Friday it had asked manufacturers using its problem batteries to carry out a recall.
It has said the batteries could catch fire in rare cases when microscopic metal particles came into contact with other parts of the battery cell, leading to a short circuit. Typically a battery pack will power off when there is a short circuit but on occasion the battery would catch fire instead.
Fujitsu Ltd., another major Japanese electronics company, will be making a decision soon about its laptops using Sony lithium-ion batteries, spokesman Masao Sakamoto said Friday.
The Toshiba recall involves Dynabook, Qosmio, Satellite Portege and Tecra models, but regional breakdowns and dates of manufacturing weren't immediately available, said Toshiba spokesman Keisuke Omori.
Omori said Toshiba's recall was in response to Sony's request, and Toshiba had not found any cases in which the laptops were at risk of catching fire.
"But we wanted to assure and satisfy our customers," he said.
Dell, the world's largest personal computer maker, said Friday that it is increasing the recall of Sony battery packs used in its systems to 4.2 million units from 4.1 million units. It already was the largest electronics-related recall in U.S. history.
Based in Round Rock, Texas, Dell said that the increase in the recall was made due to additional information received about the affected battery packs containing cells manufactured by Sony.
Dell and the Consumer Product Safety Commission announced the initial recall on Aug. 15, blaming Sony battery cells. Dell began shipping replacement batteries on Aug. 15.
On Friday, Dell said customers should recheck their batteries if they have not ordered or received a replacement battery.
On Thursday, IBM Corp. and Lenovo Group, the world's third-largest computer maker, said they were seeking the recall of 526,000 rechargeable, lithium-ion Sony batteries purchased with ThinkPad computers after one of them caught fire at Los Angeles International Airport this month.
In August, Apple Computer Inc. recalled 1.8 million batteries worldwide, warning they could catch fire.
Last week, Toshiba said it was recalling 340,000 laptop batteries, also made by Sony, but that was for a problem that caused the laptops to run out of power.
were seeking the recall of 526,000 rechargeable, lithium-ion batteries from Sony purchased with ThinkPad computers after one of them caught fire at Los Angeles International Airport this month.
Apple Computer Inc. has also recalled 1.8 million batteries worldwide, warning they could catch fire.
Google to File Motion in Orkut Case
Google Inc. will file a motion in response to a Brazilian judges' deadline to turn over information on users of the company's social networking service Orkut, a spokeswoman said Wednesday.
On Aug. 22, Federal Judge Jose Marcos Lunardelli gave Google's Brazilian affiliate until Sept. 28 to release information needed to identify individuals accused of using Orkut to spread child pornography and engage in hate speech against blacks, Jews and homosexuals or face daily fines of $23,000.
Google spokeswoman Debbie Frost said the company would instead file a brief in court explaining why it can not comply with the judge's order.
"We have and will continue to provide Brazilian authorities with information on users who abuse the Orkut service, if their requests are reasonable and follow an appropriate legal process," said Frost who was in Sao Paulo for the court date.
"It is and always has been our intention to be as cooperative in the investigation and prosecution of crimes as we possibly can, while being careful to balance the interests of our users and the request from the authorities," she added.
Google claims that its Brazilian affiliate cannot provide the information because all the data about Orkut users is stored outside Brazil at the company's U.S.-based headquarters.
Google maintains that it is open to requests for information from foreign governments as long as the requests comply with United States laws and that they are issued within the country where the information is stored, Frost said.
In August, Lundarelli dismissed that argument, writing in his decision that "it is not relevant that the data are stored in the United States, since all the photographs and messages being investigated were published by Brazilians, through Internet connection in national territory."
The company says that it has already complied with 40 similar requests made by Brazilian authorities.
In a case, that the company says is not related to the lawsuit, this week Google took eight Orkut communities off-line at the request of the Brazilian government.
The company says those communities, which advocated drunk driving by minors, the pirating of cable television, and illegal drug use, did not comply with Orkut's terms of service, which state it is prohibited to "promote or encourage illegal activity."
Named after Turkish software engineer Orkut Buyukkokten, Orkut is an invitation-only service run by Google that lets members discuss a wide range of subjects in Internet forums, or "communities."
The service is more popular in Brazil than in any other country, with some 8 million users - representing about a quarter of all Brazilians who have Internet access.
3 AOL Subscribers Sue Over Data Release
Three AOL subscribers who suddenly found records of their Internet searches widely distributed online are suing the company under privacy laws and are seeking an end to its retention of search-related data.
The lawsuit is believed to be the first in the wake of AOL's intentional release of some 19 million search requests made over a three-month period by more than 650,000 subscribers, including the three plaintiffs - two unnamed Californians and Kasadore Ramkissoon of Richmond County, N.Y.
Filed Friday in U.S. District Court in Oakland, Calif., the lawsuit seeks class-action status. It does not specify the amount of damages being sought.
AOL already has apologized for the release, which it blamed on a researcher who had failed to gain proper clearances. The researcher and another AOL employee have been fired, and the company's chief technology officer has resigned. AOL also pledged to name its first chief privacy officer.
John Dominguez, one of the attorneys who filed the lawsuit, said AOL ought to do more.
"People paid AOL with the belief that their privacy was going to be protected," he said Monday. "That's not what happened."
Although AOL had substituted numeric IDs for the subscribers' real user names, the company acknowledged the search queries themselves may contain personally identifiable data, revealing names, credit card numbers and medical conditions.
In fact, The New York Times was able to trace user 4417749 to Thelma Arnold, 62, of Lilburn, Ga., while The Washington Post tracked down JoAnn Whitman, 55, of Grand Junction, Colo., after she accidentally typed into AOL's search engine an e-commerce order confirmation.
AOL removed the data from its Web site once executives learned of the release, but not before copies were already circulating. Web sites have even been created specifically to query AOL's search database.
Dominguez said AOL ought to at least try to shut down those sites or block them from its own search engines. And he said the company should stop collecting such records and destroy any it already has.
AOL currently keeps data linked to specific subscribers for up to 30 days and other data, such as the search records released, for longer. Data retention is standard practice among Internet search engines, which use such information to refine their services.
AOL LLC, a unit of Time Warner Inc., declined comment on the lawsuit, which alleges violations of the federal Electronic Communications Privacy Act and California consumer-protection laws.
Two privacy advocacy groups, the Electronic Frontier Foundation and the World Privacy Forum, already have filed complaints with the Federal Trade Commission.
VC McNamee: New Media To Help Recover Personal Time
Well-known venture capitalist Roger McNamee said that the Internet has released the chokehold media companies used to have over content distribution, creating investment opportunities that could affect everything from education to politics.
McNamee, who founded Elevation Partners in 2004 to invest in media and entertainment, spoke at the Technology Review's Emerging Technology Conference at MIT on Thursday.
He said that the notion of community in integral to his view on media.
"The Internet we see today is about aggregation, but that's just the first step. The thing that's forming now is community," he said. "In community mode, you need trust and authority and you need to move up the stack to insight and knowledge."
McNamee spoke specifically about Elevation Partners' investment in Forbes, the venerable business magazine. He said that he hopes to introduce more personalization at Forbes's Web site in order to provide readers with valuable insight, rather than only news.
For example, a news story on changing mortgage rates could be a signal for a reader to refinance. In order to do that, the Web site needs a lot of personal information on the reader, which is valuable to advertisers.
"That is what business journalism has to aim for: personalization, trust and authority. I think all of journalism has to do that because people don't have enough time," McNamee said.
He said that he is investing in media because it has the potential to affect a large number of people and improve political discourse in the country.
But at the same time, he said that quality of information, specifically news coverage, is going down. That is a by-product of the self-publishing happening on the Web.
"If you look around today, the best sources of news are dying," he said, citing National Public Radio and the New York Times as high-quality, global news gatherers. "The average quality of what passes for news has declined dramatically."
Mark Cuban: Only a 'Moron' Would Buy YouTube
Billionaire investor and dot-com veteran Mark Cuban had harsh words Thursday for YouTube, the online site that lets people share video clips, saying only a "moron" would purchase the wildly popular start-up.
Cuban, co-founder of HDNet and owner of the NBA's Dallas Mavericks, also said YouTube would eventually be "sued into oblivion" because of copyright violations.
"They are just breaking the law," Cuban told a group of advertisers in New York. "The only reason it hasn't been sued yet is because there is nobody with big money to sue."
YouTube, based in San Mateo, Calif., specializes in serving up short videos created by everyday people. Its popularity, with more than 100 million video showings daily, has spurred speculation the firm will be sold or taken public.
But YouTube has also come under scrutiny because users often post copyrighted material, including music videos produced by well-established artists.
YouTube company representatives were not immediately available to respond to Cuban's comments.
Cuban said "anyone who buys that (YouTube) is a moron" because of potential lawsuits from copyright violations.
"There is a reason they haven't yet gone public, they haven't sold. It's because they are going to be toasted," said Cuban, who has sold start-ups to Yahoo and CompuServe.
YouTube, which has nearly one-third of the U.S. Web video audience, three times that of Google, or twice that of News Corp.'s MySpace, has been working on signing licensing deals with music companies and TV networks to ensure they are paid when users view their content.
This month YouTube unveiled its first deal to distribute music videos legally from a major music company by agreeing a deal with Warner Music Group, home to pop stars James Blunt and Madonna.
In other remarks, meanwhile, the often-controversial Cuban also told advertisers that the reach of YouTube is limited, particularly when it comes to user-generated videos.
"User-generated content is not going away," he said. "But do you want your advertising dollars spent on a video of Aunt Jenny watching her niece tap dance?"
"Somebody puts up something really good and you get, what, 60,000 viewers?" Cuban added during the event at Advertising Week in New York.
YouTube now offers advertising through banner ads, promotions and sponsorships. It has said it plans to roll out a range of different advertising options over the coming year.
Cuban cautioned advertisers against investing heavily in so-called viral campaigns that are spread by users beyond their initial point of distribution on YouTube or other video-sharing sites. But he touted opportunities to run commercials on high-definition television such as his HDNet network.
"What makes viral so special is it's so hard to do. It's so hard to plan. It's hard to stand out," he said, describing 99 percent of money advertisers spend on viral campaigns as "wasted."
"You guys love to be the trailing edge," he said.
User-Generated Web Content Will Grow Rapidly Through 2010
User-Generated Content (UGC), such as that found on YouTube and MySpace, will continue to grow significantly in popularity and generate increasing revenue over the next several years, reports In-Stat. By 2010, the volume of downloads/views on these sites will surpass 65 billion, and revenues tied to UGC video are expected to exceed $850 million by 2010, the high-tech market research firm says. Revenues are those directly linked to videos in the form of banner/skyscrapers, embedded video, Google Adsense, and/or branded pages/channels.
“Democratization of media affords users the opportunity to express their opinions, rate content, and vote for their favorite videos,” says Michael Inouye, In-Stat analyst. “In addition, what may currently seem like ‘the Wild West’ is actually an industry that has started to see idiosyncratic ‘judiciary bodies’ and ‘rules of law’ imposed by each player within this market.”
Recent research by In-Stat found the following:
· The size of downloads/views are estimated to eclipse 1.1 exabytes of data by 2010, with uploads growing to more than 9.1 petabytes.
· 23% of the dozens of UCG sites studied currently support mobile access, with others making announcements for this support in the near future.
· YouTube holds the highest market share for video, but MySpace has the most visitors.
Recent In-Stat research, User Generated Content—More than Just Watching the YouTube and Hangin' in MySpace (#IN0602976CM), covers the user-generated content market on the Web. It provides estimates of current registered users and forecasts for downloads/uploads (size, number of files, and revenues directly tied to videos). It defines the market’s business models, discusses the players, such as YouTube and MySpace, and market opportunities. Profiles of dozens of UCG web sites are included. The price is $3,495 (US).
This research is part of In-Stat’s Consumer Media and Content Service, which focuses first on the changing digital content models, and then how this will influence the evolution of equipment, standards, technologies, services and consumer usage models. The service addresses the acquisition, distribution, and use of digital content (audio, imaging, video, and voice) and how it fits into the consumer’s digital entertainment lifestyle. The service explains the opportunities for equipment makers and service providers within the emerging digital home.
In related research from this service, In-Stat found that although Online Content Aggregators are in the early experimentation stages of rolling out video services, they will have some dramatic revenue-generating opportunities in the next five years. The worldwide market for online content services is expected to expand by a factor of 10, growing from about 13 million households during 2005 to more than 131 million households by 2010. The research, “Online Content Aggregators-AOL, Google, Yahoo!, MSN, Apple–Slowly Defining The Future of Television (#IN0602973CM),” covers the worldwide market for online video services. It examines the growing number of consumer households connected to high-speed, broadband Internet connections. It also provides a market penetration estimate, showing the percent of broadband households that are likely to regularly be viewing professional content delivered via Online Content Aggregators. The report compares the number of Digital Pay-TV households in each region against the number getting their video online. It also includes in-depth discussion of the positioning of the major Online Content Aggregators, broadcast networks, and Pay-TV services putting their video online.
Study: 107M Viewed Online Video in July
More than 100 million Americans, or three out of every five Internet users, viewed video online in July, a new study finds.
ComScore Media Metrix recorded both streaming, which requires a live Internet connection, and downloads, in which a user saves a file that can be viewed later or offline. All told, 107 million people streamed or downloaded nearly 7.2 billion video clips - an average of 67 apiece.
Yahoo Inc. was tops with 38 million unique users, followed by News Corp.'s MySpace.com at 37 million and YouTube Inc. at 31 million, according to comScore. Unlike with MySpace and YouTube, which emphasize user-generated video, the Yahoo offerings generally came through content partnerships. Yahoo only recently started a video-sharing service.
AOL, the Time Warner Inc. unit seeking to boost traffic to its ad-supported sites largely by expanding its video offerings, did not make the top three. AOL and other Time Warner video had 26 million users, placing it fourth ahead of Microsoft Corp., Viacom Inc. and Google Inc.
NBC to Put Out Some Shows on PCs Before TV
If you want to watch NBC programs before they air, get a Viiv PC.
NBC Universal has cut a deal with Intel in which individuals who own Viiv PCs will be able to download and view certain programs before they air on the network, according to Merlin Kister, director of consumer client marketing for Intel.
Some television networks have offered first-run shows simultaneously with broadcast, but offering shows to PC owners before they broadcast is quite unusual. Some of the shows could be available up to a week in advance. In other cases, viewers may only get previews in advance.
Other content providers are increasingly looking to strike deals on Viiv. Viiv PCs are similar to standard PCs, but have been tested with a wide variety of music and video applications. The testing makes it easier for content providers to bring their wares to PCs because they don't have to do compatibility testing themselves, Kister said. Viiv PCs also come with content protection.
Kister did not say what shows would be available early. Intel CEO Paul Otellini said yesterday that NBC will let Viiv users download "Heroes" and "Studio 60 on Sunset Strip," but it is uncertain whether Viiv owners will get these shows first.
Quad-Core Chip Coming from Intel
Intel Corp. plans to begin shipping microprocessors that have four computing engines on a single chip - products that analysts say will help it win back market share from rival Advanced Micro Devices Inc.
The first chip, the Intel Core 2 Extreme quad-core processor, will be available in November. Intel says it will deliver a 70 percent performance improvement over Intel's current chips, which have one or two computing cores. The new chip is aimed at gamers, programmers and other people with heavy-duty computing needs.
For general consumers, Intel will ship a quad-core chip starting in the first quarter of 2007. For businesses, Intel will begin shipping four-core server chips later this year. A low-energy, quad chip for servers will be launched early next year, the company said Tuesday.
Offering high performance while maintaining energy efficiency is the name of the game in chip industry, CEO Paul Otellini said at the Intel Developer Forum.
"The industry is going through the most profound shift in decades, moving to an era where performance and energy efficiency are critical in all market segments and all aspects of computing," he said. "The solution begins with the transistor and extends to the chip and platform levels."
Otellini said the Santa Clara-based company's chips would deliver a 300 percent improvement in performance per watt over the next four years.
The new products give Intel - the world's largest chip maker - the opportunity to reverse sinking profits and regain market share stolen by AMD. Earlier this month, Intel announced it would cut 10 percent of its staff, or 10,500 jobs positions, to save $3 billion per year by 2008.
Analysts have criticized Intel for reacting too slowly after AMD's 2003 launch of the Opteron and Athlon 64 chips for servers and desktop PCs.
AMD will introduce a particularly efficient and fast quad-core chip for high-performance servers in mid-2007, said spokesman John Taylor.
"Our strategy is consistent - it's a customer-focused strategy that makes the transition as easy and benefit-rich for the customer as possible," Taylor said.
But it's unclear whether AMD's offering will make up for Intel's early lead, said IDC analyst Bob O'Donnell.
"Intel moved up this announcement specifically as an offensive blow against AMD, and it gives Intel a good six- to nine-month lead," O'Donnell said. "They're both taking this battle seriously. There's no question AMD will react - it's just a matter of when."
Shares of Intel gained 55 cents - nearly 3 percent - to close at $19.96 in Tuesday trading on the Nasdaq Stock Market. Shares of AMD lost 78 cents - nearly 3 percent - to close at $25.99 on the Nasdaq.
Intel Fires Back at A.M.D. Over Bragging Rights on Chip
A war of words between Advanced Micro Devices and Intel is heating up as they vie to claim the advantage in creating a new generation of chips with four processing cores.
A week after A.M.D.’s chief executive, Hector Ruiz, called Intel an “abusive Goliath” using monopoly tactics, his Intel counterpart responded Tuesday that the harsh words were those of a rival losing ground on a new battlefront.
“This is about bragging rights,” the Intel chief executive, Paul S. Otellini, said in an interview after his speech opening the three-day Intel Developers Forum, an annual event for makers of PC’s and accessories.
Mr. Otellini announced that Intel would begin shipping quad-core processors for both high-end PC’s and servers in November, at least six months before quad-core processors are due from A.M.D.
Advanced Micro was first to make dual-core chips, featuring two processors, an approach the industry has taken in recent years to gain performance without increasing PC energy consumption. And in the last two years it has made significant inroads in Intel’s market share of both desktop and server computers.
But Intel, despite a deep round of cost-cutting announced Sept. 6, is beginning to reverse its market-share decline based on the success of its first two generations of dual-core processors, analysts said.
“I think that Intel now has the initiative,” said Roger Kay, president of Endpoint Technology Associates, a computer industry consulting firm. “They’re hitting their deadlines and even pulling them in a bit.”
Intel’s success in quickly bringing to market several generations of multiple-core chips is reflected in its winning back customers like Rackable Systems, a server maker that had moved almost entirely to A.M.D.
“We’re hearing a lot behind the scenes about new customer wins for Intel during the next nine months,” said Richard Doherty, president of Envisioneering, a computer industry consulting firm in Seaford, N.Y.
Intel and A.M.D. are taking different routes to the next generation. On Monday night at a dinner for reporters here, A.M.D.’s chief technology officer, Phil Hester, displayed a test wafer holding prototypes of the company’s quad-core processor, to be commercially available in mid-2007.
A.M.D. is beginning to focus on new designs that it is planning for 2008 based on its soon-to-be-completed acquisition of ATI Technologies, a maker of graphics coprocessors. By combining aspects of the two types of processors on a single chip, A.M.D. will be able to create a more balanced system in the future, he said.
“This is not just technology for technology’s sake,” he said.
In contrast to Intel, which will initially make its quad-core processor by packing two connected dual-core chips in a single package, A.M.D. will wait until its manufacturing process can achieve features as small as 65 nanometers, compared with the current 90, permitting it to place all four processor cores on a single chip.
Intel has a substantial lead in 65-nanometer manufacturing, and said Tuesday that it planned to add capacity in Arizona and Israel for a total investment of $9 billion in the most advanced generation of chip making. But the company decided to package two dual-core chips in a single package to gain a half-year lead in the new quad-core approach.
At a news conference, Mr. Otellini defended the approach, asserting that it would not result in any performance disadvantage. “The initial ones are multi-chip, but so what?” he said. “You guys are misreading the market if you think people care what’s in the package.”
Intel also announced that it was making quicker progress on an initiative it introduced at its annual developer conference last year to reduce the power required for processing by a factor of 10. “In 2008 we’ll meet our decade goal of a 10X reduction in power,” he said.
According to Intel executives, this degree of power savings is needed to enable a future generation of ultra-light and portable computers.
Mr. Otellini also described a new research effort to build a processor capable of a trillion mathematical operations a second on a single piece of silicon. The research prototype, which contains 80 specialized math processors controlled by a single general processor, will be commercially available within five years, he said.
The project is an effort to match the processing power of what was in 1996 the world’s fastest supercomputer. That machine was used by weapons designers and was composed of 10,000 Pentium microprocessors, occupied about 2,000 square feet of floor space and cost $50 million.
In the interview after his speech, Mr. Otellini said that the new teraflop chip did not undercut the need for Intel’s troubled Itanium microprocessor, which the company has aimed at the high end of the computing marketplace.
Intel executives also described a new notebook design code-named Santa Rosa, to be available in the second half of 2007. It will include the coming 802.11n wireless standard, potentially five times as fast as current Wi-Fi systems.
Wireless Networking May Soon Get Faster. Will Anyone Care?
CHEJU, South Korea — On this volcanic island at the tip of the Korean Peninsula, where kings once exiled dissidents and tourists now flock to casinos, South Korean engineers recently unveiled a prototype of a wireless network that they hope will revolutionize Internet access.
In August, Samsung, the South Korean electronics company, gave the first public demonstration of its version of the network. One day, the company and others in the industry hope, the network will let users open a laptop anywhere and, without attaching a cable or looking for a Wi-Fi hot spot, immediately surf the Internet or download music and movies as fast as the fastest broadband.
But while Samsung and other companies like Intel and NTT DoCoMo of Japan are spending heavily in a race to control crucial aspects of this evolving new technology and to promote it as the next wave in Internet access, its future is far from certain.
Many in the industry seem split over whether the technology, known as fourth-generation wireless, or 4G, will usher in a new era of instant Internet availability or become a multibillion-dollar flop. Skeptics, many of them on Wall Street, point to a string of previous failures to turn wireless, still predominantly used for speaking on cellphones, into a challenger in the market for Internet access services. The market in the United States for Internet access — cable modems, D.S.L. and other methods — is worth up to $60 billion, said Bin Shen, a vice president at Sprint Nextel in charge of commercializing the new service.
Skeptics say the biggest danger is that the new system, while an engineering marvel, is not something that consumers will actually use. They say the sort of nationwide wireless networks being envisioned will be expensive to build and that the cost will probably get passed down to users in high fees. Fixed-line access like fiber optics and cable modems, they say, will continue to be cheaper, faster and more reliable.
“Four-G is just much ado about nothing,” said Edward F. Snyder, an analyst at Charter Equity Research. “There’s no business model here, just a lot of marketing and hot air.”
Even proponents are having a hard time defining exactly what they mean by 4G. About the only thing most agree on is speed: to be considered 4G, a network must be able to transmit a gigabit, or 1 billion bits of data, every second. That is fast enough to download an entire movie in under six seconds.
The name comes from the wireless industry’s fondness for talking about technologies in terms of generations. First generation refers to analog cellphones two decades ago; second, the first digital cellphones in the early 1990’s; and third, the faster networks that emerged in Japan and South Korea around 2000 but have not done as well in the United States and Europe.
Despite the uncertainties, some of the world’s biggest electronics companies are already rushing to get a piece of the 4G pie. Analysts say companies are scrambling to develop and patent the basic technologies and standards — and thus earn royalty income as the technology takes off. They also want to stake their claims ahead of next year, analysts said, when a global body of telecommunications regulators meets in Geneva to set the first standards for 4G.
While the effort is still in its early stages, two competing 4G standards have already emerged.
One is championed by NTT DoCoMo, Qualcomm and European companies like Ericsson, and is a modification of existing cellphone technology to move data more quickly. NTT DoCoMo, Japan’s largest wireless carrier, says it reached 4G-level transmission speeds in a field test in 2003. The company has gotten support from the Japanese government, which made leadership in 4G a national goal as early as 2001, and has poured millions of dollars in public money into research.
“Now is the time when companies are hurrying to grab 4G territory,” said Yuji Nakamura, deputy director of the mobile communications division at the communications ministry.
The other camp is led by Intel, the chip maker, which promotes a standard for wireless broadband called WiMax. Intel says it has invested hundreds of millions of dollars — it will not reveal exactly how much — in developing WiMax and 4G-related technologies in hopes of supplying the world with the semiconductors that will allow computers and other devices to access future networks.
Siavash M. Alamouti, chief technology officer of the service provider business group at Intel, dismisses the contention that consumers will not embrace wireless access to the Internet because they already have fixed-line access.
“That’s like saying you don’t need a cellphone because you have phones at home and in the office,” he said in an interview.
While Intel is moving quickly into 4G, Mr. Alamouti said, it is not gobbling up patents to shut out other companies. Instead, he said, Intel wants to encourage more companies to join the WiMax group by capping the royalties at about 2 to 3 percent of the price of the equipment they sell. That is about half of what its rival, Qualcomm, now charges for use of its technology, which is at the heart of many cellphones. Cheaper royalty fees would lower the price of equipment, making it more affordable to consumers.
Another front-runner in the WiMax camp is Samsung, which moved aggressively into 4G as a chance to shake its image as a low-cost technology imitator. Two years ago, the company started assembling a team of 170 engineers, most with doctorates from top universities in the United States. It says it has since spent more than $100 million on research and building a prototype.
Samsung expects that spending to “go way up,” Lee Ki Tae, president of Samsung’s telecommunications division, said in an interview. “In the past, we were behind in intellectual property. In the next generation, we are trying to be ahead.”
To showcase its leading role, Samsung gathered 50 industry executives and academics on Cheju island for a conference on 4G. A highlight was Samsung’s first demonstration of a working 4G prototype, which included a ride on a bus to show that the system functioned over distance and while the user was in motion.
The technology appeared to get a boost when Sprint Nextel announced in August that it would spend up to $3 billion to build what it called a 4G network, using technology from Intel and Samsung as well as Motorola. The network is intended to reach 100 million Americans by the end of 2008.
“We believe the Internet will be like air, something you want everywhere you go,” Mr. Shen of Sprint told the Samsung 4G conference.
Qwest Beats the Odds, So Far
Richard C. Notebaert, the chief executive of Qwest Communications, is not one for conventional wisdom. Just a year ago, many on Wall Street thought Qwest, the nation’s fourth-largest phone company, was so weak that it was bound to be broken up or sold.
But Mr. Notebaert has quietly and consistently proved them wrong. He has cut costs, stabilized revenue and built up so much cash that Qwest is actually in a position to buy another industry player — perhaps a wireless carrier or a provider of corporate telecommunications services.
Such a move would go a long way toward arming Qwest with the tools it needs to fend off cable companies, Internet phone providers like Vonage and cellphone carriers like Cingular that are luring away hundreds of thousands of its customers. It would also help Qwest contend with Verizon Communications and A.T.& T., which account for half of all sales of communications services to companies.
“You can never relax or say I made it,” Mr. Notebaert said recently, sitting in a conference room atop the company’s headquarters with the Rocky Mountains in the distance. “This is a very competitive sector. You need some angst.”
The perpetually upbeat Mr. Notebaert, an avid jogger with a firm handshake, may not seem angst-ridden, but he still has reason to be. Though Qwest is no longer on life support, the company competes with fewer arrows in its quiver than the larger Bell companies, which are spending billions of dollars to build and run cellular and fiber networks.
Given the expense of those networks and Qwest’s considerable debt load, Mr. Notebaert has focused instead on keeping costs down, increasing profit and letting other companies do some of the heavy lifting.
Qwest now resells Sprint’s cellphone service, under its own brand, at a modest profit. Though the business is nowhere near as lucrative as that of Verizon Wireless or Cingular, it is far less expensive to run than Qwest’s old money-losing wireless business, which Mr. Notebaert unloaded two years ago.
Qwest also resells DirecTV; the alternative was to build its own fiber optic network for carrying television to homes, as Verizon and A.T.& T. are doing. Those costly projects have unnerved many Wall Street analysts.
By forgoing those ventures, Qwest has increased its profitability and its share price, which is up 136 percent in the last year. The stock gains have reduced Qwest’s attractiveness as a takeover target.
In the second quarter, Qwest’s profit margin rose to 31.9 percent, from 28.6 percent in the period in 2005 and 24.4 percent at the end of 2003. Part of that increase is a result of Qwest’s ability to keep its capital spending down to 12 percent of revenue, well below the 19 percent that Verizon spends.
“They have to make sure that over the next 5 to 10 years, they have enough capital to deal with competition,” said John C. Hodulik, an analyst at UBS Securities. Building a fiber network “would be a major undertaking,” he said, adding that the company “might be sitting back and waiting to see how A.T.& T. is doing” with its new network.
The cost-cutting has left Mr. Notebaert and Qwest’s board with a happy question: What to do with the roughly $1.8 billion in cash Qwest is expected to accumulate by the end of the year? They could use some of it, as well as Qwest’s healthier stock, to shop for companies or, as analysts expect, announce a dividend worth about $1 billion and buy back some of stock.
Mr. Notebaert hinted that a dividend could be in the works. “It’s time to reward our equity holders,” he said.
Qwest’s board is expected to make a decision by late October when the company reports its third-quarter earnings.
Major challenges remain. Revenue is barely growing as local phone customers continue to defect to cable and other providers. The pace of cost-cutting is also slowing, which means profits are going to be harder to come by in the next few quarters, analysts said.
“Dick staving off bankruptcy was a feat in and of itself,” said Christopher C. King, an analyst at Stifel Nicolaus, who has a sell rating on Qwest’s shares. “But where is the growth going to come from with cost-cutting slowing down and revenue flat?”
Qwest lost 263,000 phone lines in the second quarter, leaving it with 14.3 million lines, or 5.3 percent fewer than it had a year earlier. That decline may pick up speed as cable companies make further inroads into the phone business.
Qwest competes with Comcast, the country’s largest cable company, in five of its largest markets; it added 306,000 phone customers in the second quarter. In one of Qwest’s largest markets, Phoenix, the cable provider Cox Communications says it has more than 30 percent of the phone customers and 70 percent of the high-speed-data subscribers.
The success of the company’s wireless business has also been uneven. Revenue grew 7.6 percent in the second quarter compared with the period the previous year, but the number of subscribers dipped by 7,000 from the first quarter. Verizon Wireless, by contrast, added 1.8 million customers during the same quarter, and is a major source of growth for its parent, Verizon.
Qwest has been able to prevent these problems from hurting its financial picture by shrinking. Quarterly revenue per employee, a crucial benchmark, has grown 18.6 percent during the last three years, but that increase came as Qwest eliminated 17 percent of its work force, or more than 8,000 jobs.
The company has also become more efficient, reducing the time it takes to install high-speed Internet lines to three days, from five, and reviewing how it serves customers. Qwest outfits its trucks with locator devices so managers can instantly track how many miles technicians drive and how many jobs they complete each day. Using such data, Qwest can redesign routes to eliminate midday trips to the garage, for example.
“We have to take a minute-by-minute look at our business,” said Barry K. Allen, the executive vice president for operations at Qwest. “We have a lot of learning ahead of us.”
But the gains from cutting costs are starting to slow. Qwest is expected to trim operating expenses by 3.6 percent this year, down from a 9.1 percent improvement in 2002, according to Jeffrey Halpern, an analyst at Sanford C. Bernstein & Company.
New growth, analysts say, will probably come if Qwest acquires other companies, particularly a wireless carrier that could help it offer packages to draw customers away from cable providers. The problem is that while Qwest’s market capitalization has risen to $17.1 billion, it is probably not big enough to buy T-Mobile or Alltel, the fourth- and fifth-largest carriers.
U.S. Cellular is the next logical option, but its owners have shown no signs of wanting to sell the company.
Mr. Notebaert said Qwest was “very comfortable” not being “vertically and horizontally integrated in everything we do,” a sign that he does not feel compelled to buy a wireless business. The company, he suggested, could introduce a hybrid solution instead: handsets that work on cellular networks outdoors and Wi-Fi connections indoors, so customers can save cellular minutes by using their high-speed data lines at home.
Mr. Notebaert also dismissed talk that Qwest might sell some of its local phone lines to avoid exposure to competitive cable companies. Investors have approached Qwest looking to buy the company’s lines in Minnesota and New Mexico, but the talks were only preliminary.
“We aren’t in the business of selling our core,” he said, adding that the local-line business, while shrinking, still generates cash.
More likely, Qwest could pursue a company that bolsters its ability to sell to businesses, Mr. Notebaert said. Qwest recently completed its $107 million purchase of OnFiber Communications, which manages high-speed networks in 23 cities, most of them outside Qwest’s region. Qwest says it will add nearly $60 million in annual sales and save money by using OnFiber’s networks instead of leasing them from others.
Mr. Notebaert said Qwest would not “get deal heat” and overpay for a company. It demonstrated this resolve last year when, after raising its bid for MCI three times, it backed out of negotiations, allowing Verizon to buy the company. The loss to a much bigger rival renewed concerns about Qwest’s weakness and hurt the company’s stock.
Within a couple of months, Qwest’s decision to focus more on cutting debt and improving profit ignited the rally in its stock that continues today. But how long will the upswing last?
“Dick’s done a tremendous job of attacking a lot of tough problems in the right order,” said Mr. Halpern of Sanford C. Bernstein, who has a hold rating on Qwest’s stock. “But how long can the game go on? Cable company competition is looming and your stock is high, so the question is whether it is sustainable.”
In Italy, Political Fallout Over Plans for Telecom
It started with the announcement of a clear-cut plan to split up Italy’s largest phone company, Telecom Italia, into separate mobile and fixed-line units.
But that seemingly simple plan has led to a verbal slugfest between the prime minister, Romano Prodi, and the company’s chairman, Marco Tronchetti Provera, who is also the country’s best-known executive. Now, Mr. Prodi’s government, which has a razor-thin majority in Parliament, seems to be wavering for the first time since he took office in May.
On Thursday, he faces public scrutiny by opposition members of Parliament when he appears before the lower house to answer to criticism that he might be interfering in Mr. Tronchetti Provera’s corporate sphere. Then, on Oct. 5, Mr. Prodi will again face opposition Parliament members at a hearing in the Senate.
Some members of Parliament are concerned that Mr. Prodi appears to be meddling in the affairs of a private company, despite European Union guidelines against such interference.
It would not be the first example of European government involvement in domestic businesses. In Spain, government officials are seeking to shield the country’s largest power company, Endesa, from an unwanted foreign takeover bid from a German company. French officials organized a merger between Gaz de France and Suez, two French companies, to thwart a bid for Suez from an Italian company, Enel. And last year, the governor of the Bank of Italy, Antonio Fazio, was forced to step down after a scandal in which he was accused of trying to avert a foreign takeover of Banco Antonveneta of Italy.
But Mr. Prodi, an economist who served as president of the European Commission, often stresses the importance of following directives of the European Union, which tends to be less protectionist than some officials of its member governments. Mr. Prodi also has a record of being reform-minded.
During his first term as prime minister a decade ago, he reduced Italy’s spending and raised taxes to lower the nation’s deficit so it could adopt the euro. In the first months so far of this term, he has pushed through measures to liberalize the Italian economy.
But his latest moves are raising eyebrows. When the opposition first demanded that Mr. Prodi, 67, appear before Parliament, he called the idea “crazy.” But he later bowed to pressure rather than alienate allies in his fractious nine-party coalition who insisted on hearing about the events surrounding Telecom Italia.
The situation became more confusing last week when Italian police arrested 20 people, including the former head of security at Telecom Italia, who was said to have spearheaded a group that illegally tracked the calls of more than 1,000 people. The arrests are part of a series of events that have weakened both Mr. Tronchetti Provera and Mr. Prodi.
Mr. Tronchetti Provera is chairman of Pirelli, which controls Telecom Italia. But he resigned as Telecom Italia’s chairman after the breakup plan was made public and Mr. Prodi expressed surprise at it. Mr. Prodi said he had not been informed of the plan in advance, even though he had met with Mr. Tronchetti Provera in July and again earlier this month.
Soon afterward, one of the prime minister’s closest advisers resigned, after two newspapers considered close to Mr. Tronchetti Provera printed a document the adviser sent him suggesting the government could buy some of Telecom Italia assets.
Mr. Prodi, who was chairman for a decade of a government holding company that oversaw all state-owned companies, has been trying to deflect suggestions that he is reverting to old habits of the Italian government, which once controlled most of the country’s largest companies.
“I have been a privatizer of the Italian economy,” Mr. Prodi said in a private interview last week. “We need it.”
Mr. Prodi last week warned his coalition partners, who waited in the wings for five years while Silvio Berlusconi ran the country, that if he fell from power he would bring down everybody else with him. Mr. Berlusconi on Saturday said Mr. Prodi’s government would not last much longer and that when the government fell, he would be ready to retake the reins.
Paolo Natale, a political science professor at the University of Milan, said the events were a serious blow for the Prodi government. “The evidence is that Prodi was not able to manage the Telecom Italia situation in a transparent way,” he said. “That has cost the government some of the consensus it had, but Italians have a short memory and Prodi has always been considered capable in the past, so this may blow over.”
Mr. Tronchetti Provera’s own problems could intensify. Prosecutors investigating the case that led to the 20 arrests have linked secret bank accounts in Monte Carlo to him and to Telecom Italia’s chief executive, Carlo Buora, according to La Repubblica, a Rome daily. The prosecutors suspect that a Pirelli employee bought and sold stocks through the Monte Carlo branch of Banca del Gottardo, deposited profits into the secret bank accounts of Mr. Tronchetti Provera and Mr. Buora, and covered the losses with a Pirelli account in Luxembourg, La Repubblica reported.
Mr. Tronchetti Provera vigorously defended himself in an appeal to journalists at a news conference in Milan on Monday.
“This evening I am here to ask for help not for me, but for the Telecom Italia group because these are healthy companies,” Mr. Tronchetti Provera said. “Help us get the truth to come out. These are good people who haven’t taken any money from the company.”
In a sign that tensions have not abated, one of Mr. Prodi’s ministers over the weekend said that things were better at Telecom Italia when it was owned by the government, which privatized the phone company in 1997. Telecom Italia was bought the next year in the country’s largest hostile takeover ever. Pirelli, with Mr. Tronchetti Provera at the helm, bought control of Telecom Italia in 2001, in an investment that has lost half its value in five years.
Mr. Tronchetti Provera’s most recent problems began three weeks ago when he presented to the board of Telecom Italia a plan to split the mobile and fixed-line operations into separate companies. The move would be a complete about-face for Telecom Italia, coming less than two years after the company acquired the part of the mobile unit it did not already own. At the time of that purchase, Mr. Tronchetti Provera trumpeted the importance of integrating the mobile and fixed-line businesses.
The proposed breakup drew angry reactions from politicians who saw it as the first step to the sale of the mobile unit, the only one of the four Italian mobile phone companies that is domestically owned. Mr. Tronchetti Provera says he has no plans to sell the mobile unit, which analysts estimate is worth about 35 billion euros, though he also said that if offers arrived they would be considered. Mr. Tronchetti Provera has made no secret that he is trying to shed some of Telecom Italia’s crippling debt, which at 40 billion euros may be more than the company’s market value.
Europe Makes Progress in iTunes Negotiations
European negotiators said they made “surprising progress” in talks today with Apple Computer over easing the restrictions it imposes on users of its iTunes service, by far the dominant seller of downloaded music.
But a full resolution of the dispute could require Apple to make major changes in the iTunes business model.
Officials of four Nordic countries have threatened to impose heavy fines on Apple because iTunes prevents customers from using the songs they buy on music devices that compete with Apple’s iPod players. The officials say that restriction and other aspects of the way iTunes works violate consumer protection laws in the four countries — Norway, Sweden, Denmark and Finland.
“Our meeting was much more constructive than I expected it would be,” said Bjorn Erik Thon, director of the Norwegian consumer ombudsman’s office, which has taken the lead in the talks. “We argued and did not agree on a lot, but we discussed all issues.”
In addition to “interoperability” — being able to use downloaded music files on different manufacturers’ players — the talks covered four other issues, Mr. Thon said, including Apple’s refusal to accept liability for any damage its iTunes software might do to a computer and Apple’s claim of a right to change contract terms after purchase of a song.
“It would be inappropriate to discuss the exact areas where progress was made, but it was a positive and good dialogue,” Mr. Thon said. Fines were still a possibility, he added: “We prefer to find a solution through discussions, but we still have the possibility of bringing the case before the market council.”
Apple Computer said in a statement today that it was “working to address the concerns we’ve heard from several agencies in Europe, and we hope to resolve these issues as quickly as possible.”
New Software Can Search Podcasts
Forget the blather. With a new audio search technology, users could jump right to the area of interest in podcasts, and soon also in videos. Pluggd Inc. showed off its HearHere search software Tuesday at DEMOfall 2006, an elite tech show of emerging technologies.
"It could well become the Google of audio Web," DEMO executive producer Chris Shipley said.
By using speech recognition and semantic analysis within its media player, HearHere allows users to skip commercials in the beginning of a podcast if they want, or bypass the baseball highlights to jump right to the football segment in a sports report.
Users just have to type in a keyword in the search box, and HearHere would display a map to indicate where in the podcast the content would likely match a request. It also displays the related words HearHere is using to make its matching decision.
For instance, if you type "PGA" in a search of ESPN podcasts, HearHere might indicate that it's using "golf" or "Tiger Woods" to find what you're looking for.
The public test version of HearHere now conducts searches within its own collection of podcasts at http://www.pluggd.com , and will offer the feature for Internet videos by the end of the year. The company plans to implement the technology for multimedia content found across the Internet next year.
Pluggd will not be alone, as several podcast search engines have sprung up in the past year or so to serve the booming popularity of Internet multimedia. Some already employ speech-to-text technology to generate searchable transcripts of podcasts and let users jump directly to certain points in a broadcast.
RingCube Software Squeezes PC Onto iPod
Mobile computing just got more portable. Making even the latest pocketbook-sized ultra-mobile personal computers look more like lumbering giants, RingCube Technologies Inc. unveiled software that can virtually squeeze a PC onto an iPod, USB keychain drive, cell phone or any gizmo with digital storage space.
RingCube's MojoPac software mirrors a computer's personal settings, programs and data on a storage device. Then, when it's connected to any computer running Microsoft Corp.'s Windows XP operating system, the virtual desktop will run in a window of the underlying PC.
"You're taking your digital soul with you on any portable storage device," said Shan Appajodu, chief executive and co-founder of RingCube.
A user could toggle between the two computing environments. The company contends that everything you do with your MojoPac PC will remain private: the underlying host PC won't retain any of the files or cache copies of what you did on MojoPac, the company said.
The software can be downloaded and tested at no cost for 30 days. If bought within a month of the product's release, it will cost $29.99 with up to three additional licenses for $14.99 each. After the introductory period, the price will jump to $49.99, with up to three extra licenses costing $24.99 each.
MojoPac will be shown off at the DEMOfall 2006 conference, an elite showcase of emerging technologies being held this week in San Diego.
"I lug my laptop around with me everywhere and the idea that I could bring my work environment around with me on a USB key is really attractive," said DEMO producer Chris Shipley.
The software works by creating a virtual operating system that runs the programs users load onto the storage device. RingCube says MojoPac supports any off-the-shelf applications, including PC video games and applications such as Adobe Photoshop or Microsoft Office. Buy AP Photo Reprints
The idea is to transform any computer found at Internet cafes, dorm rooms, libraries or business offices into your personal computer, said Appajodu, who started developing the product more than two years ago.
Mountain View-based RingCube also hopes to introduce a prepackaged version of MojoPac such as on a keychain drive as a low cost computing alternative in developing nations, where many can't afford their own computers. Many people in those areas can't afford personal computers but have access to Internet kiosks.
MojoPac is available as a software download for $49.99 at http://www.mojopac.com .
Google Says ISP Resolved Access Problems
Google services were slow or inaccessible to some users of a single Internet service provider Tuesday, the company said.
In a statement, Google Inc. said its engineers "helped troubleshoot the problem and provided diagnostic information to the ISP. We believe the issue has since been resolved by the ISP," which the company did not name.
The cause of the glitch was not immediately known, nor were any details available on how widespread it was.
Brief outages of leading Internet sites are not uncommon. A software glitch delayed AOL.com e-mail for millions of users in June, while the video-sharing site YouTube.com was inaccessible for hours in mid-August.
Besides running the Internet's leading search engine, Google offers e-mail, chat, news aggregation and other services.
A Swarm of Angels: P2P Powered Film Model
A Swarm of Angels is a project that aims to create the first community driven film. The Film will be written, funded and distributed over the Internet. The plan is to gather a group of 50.000 people who each contribute £25 ($47.5) to join the project.
The initiator Matt Hanson is an award-winning filmmaker and accomplished writer who wants to break free from the traditional movie business model. Hanson was inspired by the power of social networks on the Internet. Together with his innovative ideas about the future of filmmaking taken from his book “The End of Celluloid“, this resulted in a unique project.
The film will be released under a Creative Commons license, and people are free to share, remix, and, distribute the film anyway they like.
The genre will be thriller based with some soft sci-fi elements. The community is currently developing two scripts, The Unfold and Glitch. Based on member input these scripts will be put into initial drafts written by Matt Hanson.
Wiki’s are used to refine, develop, and improve the final script. A vote will be taken by all members to decide which script is chosen for production. Member of “the Swarm” will be involved in MAJOR creative decisions.
We asked Matt Hanson why he thinks people should join the project. He told Torrentfreak:
“We are pioneering a new type of P2P/Bittorrent friendly film model, using member subscriptions to build a community around making a DRM-free film that everyone can download, share, and remix.
The success of this project would undoubtedly create a landmark example of how media can be created and made available for free. It would encourage an alternative entertainment model to Hollywood, which doesn’t crack down on filesharers, but encourages and accommodates them, and their enthusiasm.
I think the future of film is about bringing audiences and filmmakers closer together in entertainment communities where both can interact and get more out of the experience.
Each subscriber to A Swarm of Angels gets us closer to creating an entertainment revolution. It’s a great way to participate in something so exciting.”
This project truly is a great initiative. It is nice way to show Hollywood that there are alternatives to suing people, and implementing DRM.
A Swarm of Angels
The project currently has over 700+ members, deliberately being gathered through word of mouth, and blogs. They are going to freeze membership temporarily at 1000, so early members can take early creative decisions and do more development.
I encourage everyone to join the project, and if you own a blog or website: Spread the word!
So Small a Town, So Many Patent Suits
MARSHALL, TEX. ON a crisp Monday morning earlier this month, about 20 lawyers from some of the country’s top law firms shuffled their way into a brightly lit, wood-paneled federal courtroom in this small city in eastern Texas.
Wearing white shirts and dark suits, the lawyers congregated in small groups, leaning into one another with their arms crossed and speaking in hushed tones.
At precisely 8:30 a.m., a series of knocks on the right side of the courtroom signaled the entrance of Judge T. John Ward, a blur of black robe and white hair, who quickly took his seat and, with little preamble, began the proceedings.
Over the next few minutes, a 10-person jury listened raptly as lawyers for both sides laid out the case. Hyperion Solutions, a software company based in Santa Clara, Calif., accused the OutlookSoft Corporation of Stamford, Conn., of infringing two of its patents, causing $50 million in damages. A lawyer for OutlookSoft said the company did not steal any patented technology, adding that Hyperion’s patents were not even valid.
What was remarkable about the trial was not the issue being tried or the arguments proffered by each side, but that these big companies — like dozens more from the East and West Coasts — wound up in the Federal District Court here in Marshall, the self-proclaimed Pottery Capital of the World and home to the annual Fire Ant Festival (sponsored by Terminix, the pest-control company).
More patent lawsuits will be filed here this year than in federal district courts in San Francisco, Chicago, New York and Washington. Only the Central District of California, in Los Angeles, will handle more patent infringement cases.
On the surface, there is little to recommend Marshall as a locus for global corporations looking to duke it out over who owns the rights to important technology patents. Some 150 miles east of Dallas, and just minutes from the Louisiana border, Marshall and its 25,000 residents are fairly typical of most small cities in Texas. Marshall is a place where friendships last a lifetime and rivalries even longer, where residents still talk about the Civil War, debate on street corners about decades-old high school football games, and conduct midday business meetings over plates of meatloaf, mashed potatoes and banana pudding.
What sets Marshall apart from its neighbors is a red-hot patent docket. Four years ago, 32 patent lawsuits were filed in the Federal Eastern District of Texas, which includes Tyler, Texarkana and Marshall. This year, an estimated 234 cases will be filed in the district, a majority of them in Marshall.
What’s behind the rush to file patent lawsuits here? A combination of quick trials and plaintiff-friendly juries, many lawyers say. Patent cases are heard faster in Marshall than in many other courts. And while only a small number of cases make it to trial — roughly 5 percent — patent holders win 78 percent of the time, compared with an average of 59 percent nationwide, according to LegalMetric, a company that tracks patent litigation.
Those odds are daunting enough to encourage many corporate defendants to settle before setting foot in Marshall. Add to that the fact that jurors here have a history of handing out Texas-sized verdicts to winners. In April, for instance, a Marshall jury returned a $73 million verdict against EchoStar Communications for infringing the patents of TiVo.
MARSHALL was once one of the most prominent and wealthy cities in Texas, but much of the city’s industry and many of its downtown shops disappeared in recent decades. Now, thanks to an influx of out-of-town lawyers and the increased investment in real estate by a handful of local leaders, Marshall is in the early stages of a revival.
The sounds of hammers and electric saws echo across the brick-paved streets that line its picturesque downtown square as buildings that stood empty for years are being transformed into office space for rent.
Restaurants that depended on tourists drawn to town by the Fire Ant Festival, the Stagecoach Days Festival and the winter Wonderland of Lights display now do a brisk business catering lunches and dinners for visiting lawyers. Some hotel chains along Interstate 20, south of downtown, are running at 95 percent occupancy rates during the week.
“During the TiVo-EchoStar trial, 90 percent of my revenue for one month came from one of the law firms in the case,” said Phillip W. Gurganus, manager of the local 68-room Hampton Inn, where rates run $77 a night.
His mother, a former Texas tort reform lobbyist, helps to serve breakfast at the hotel. “I loved getting that check and taking it to the bank,” he added.
How far the dollars from visiting lawyers trickle through Marshall’s economy remains unclear and is the subject of discussion among local leaders.
For much of its history, Marshall has been a community divided by wealth and race. People whose grandparents or great-grandparents made fortunes from oil, natural gas or railroads live in gated mansions and rarely mix with those who frequent the local Wal-Mart or many downtown finance shops that make $300 loans. The median family income in Marshall is $30,000.
“The majority of Marshallites don’t even know the patent docket exists,” said Johnny B. Taylor, a native of Marshall who returned and started an office rental business after spending 31 years as a police officer in Arlington, Tex. “There’s one way the docket affects them: they can’t find parking.”
Cranking up the air-conditioner of her father-in-law’s 1990 red Cadillac DeVille with a matching red leather interior, Geraldine Mauthe, the city’s bubbly and silver-haired convention-and-visitors director, begins the tour of town.
Turning away from the pale yellow century-old Harrison County Courthouse, which is being renovated and updated to handle Marshall’s rapidly expanding patent docket, Ms. Mauthe often stops the Cadillac in the middle of the street — eliciting sharp honks from cars behind her — to point out local sights.
This much can be said about Marshall: It is not lacking in churches (50 Baptist, 35 of other Protestant denominations and 1 Roman Catholic), historic homes (many built in the 1850’s) and, oddly, funeral homes. “We have seven. Four for blacks and three for whites,” Ms. Mauthe said, matter-of-factly.
When she drove past a hair salon that offered haircuts, tanning and the services of a notary public, Ms. Mauthe rubbed her fingers together and said: “You got to make money somehow.”
Oh yes, Ms. Mauthe added, Marshall and its robust legal community go back a long way. In the late 1800’s, she said, Marshall was a bustling city, a transportation gateway to the North, linking local cotton farmers and the Texas and Pacific Railway.
As the railroad was built, personal-injury lawyers came to town to represent injured workers. In more recent decades, Scott Baldwin, Franklin Jones and other Marshall-based plaintiffs’ lawyers generated tens of millions of dollars in fees — and grabbed the national spotlight — by pursuing class-action lawsuits against companies that used asbestos and silica, and against the pharmaceutical and tobacco industries.
By the late 1990’s, though, it looked as if the good times were ending for Marshall’s lawyers. Broad tort reform in the state had limited punitive damages and later capped damages on medical malpractice lawsuits, effectively limiting the fees that lawyers could make.
In Marshall, an oft-told joke is that the passage of tort reform was when many local lawyers made the trip from P.I. to I.P. — that is, they moved out of personal injury and into intellectual property.
That was the road traveled by Samuel F. Baxter, a former state district court judge who had become a personal-injury lawyer, after he received a call from a lawyer in Dallas in 1996, asking him to help out in a patent lawsuit in Marshall. “I told him, ‘No, I don’t know anything about patents,’ ” Mr. Baxter recalled as he reclined far back in his chair in his Marshall office, which included an autographed Cy Young baseball and aging maps of the United States depicting an outsized Republic of Texas.
Mr. Baxter was eventually persuaded to take the case and was the lead trial lawyer defending Samsung in a patent lawsuit filed by Texas Instruments, which eventually settled. Since then, Mr. Baxter, who is a principal at McKool Smith, a Dallas-based law firm with a full-time office in Marshall, has been involved in a number of patent cases; in one, he helped represent TiVo in its patent fight with EchoStar.
Charmingly loquacious about his two adopted sons and local Civil War history, Mr. Baxter turns economical with his words when asked why the federal court in Marshall handles more patent lawsuits than federal courts in much larger cities.
“One, speed kills,” he said. “If you’re the plaintiff, you can go fast and get a resolution faster here than you can a lot of other places.
“Second, there’s a dearth of good lawsuits these days for lawyers to handle,” he added. “You know lawyers: they go where the money is.”
THE testing of Marshall as a patent battleground began nearly two decades ago, when Texas Instruments, which has its headquarters in Dallas, embarked on an aggressive strategy to make rivals license its patents. If a company would not capitulate or at least negotiate, a Texas Instruments team of lawyers would drag it to court — increasingly, down the road to the uncluttered courtrooms of Marshall.
In September 1999, Mr. Ward, a malpractice and product-liability lawyer with a practice nearby, in Longview, was sworn in to the East Texas federal bench.
A no-nonsense judge who charms people with his folksy demeanor but who also has a reputation for a fiery temper in the courtroom, Judge Ward began hearing patent cases. As a private lawyer, he had argued a few such cases; as a judge, however, he quickly grew frustrated at the slow pace, paperwork, and delays and motions that were part of a patent docket.
That’s when he adopted what he calls “the Rules.” As any lawyer who has shown up in Judge Ward’s courtroom will testify, the Rules put patent lawsuits on a strict timetable, laying out when key documents must be handed over and setting firm trial dates.
No 100-page motions or lawyer soliloquies are tolerated in Judge Ward’s courtroom. He puts page limits on documents and uses a chess clock to time opening and closing arguments, brusquely interrupting lawyers when it is time for them to wind it up.
The changes turned Marshall’s federal court into a “rocket docket” — a place where the time between filing and trying a lawsuit became significantly shorter than in other districts.
“I really shot myself in the foot when I adopted the Rules,” Judge Ward said with a laugh, sitting in a leather chair in his quiet, wood-paneled chambers during a lunch recess in the Hyperion-OutlookSoft trial. The reason, he added, was that the district was soon deluged by patent suits filed by companies seeking a quick resolution to their conflicts. While judges in nearby cities also began to hear patent cases, most of them remain before Judge Ward.
The expedited process pleases clients, though it is sometimes hard on the lawyers who break the Rules.
“When he’s mad, first his face gets red,” said Michael C. Smith, a lawyer with the Roth Law Firm in Marshall. “Then his neck gets red and he starts tucking his chin down into his chest. If he tears off his glasses, I don’t care what side you’re on, you had better drop to the floor and get under that table fast.”
Judge Ward said that he did not often lose his temper. “If I tell a lawyer to stop leading the witness and he continues, well, we’re going to have a problem,” he said.
SPEED is not the only feature bringing patent holders to Marshall. So, too, is the fact that they usually win. Three-fourths of the cases that come to trial in Marshall are decided in favor of the plaintiffs, compared with less than half in New York.
The success rate for patent holders in Marshall is a great incentive for defendants to settle matters quickly and privately. Since 1991, the Federal District Court in Marshall has held less than half the number of full patent trials as courts in Los Angeles, New York, Chicago and San Francisco.
“I would say that this is, historically anyway, a plaintiffs-oriented district,” Judge Ward said, noting that he lost a large patent suit there himself when he was practicing. He was part of the team representing Hyundai Electronics in 1999 when it lost a $25.2 million verdict in a lawsuit filed by Texas Instruments.
Others point to a different reason why plaintiffs may win more often than defendants: plaintiffs, they say, typically hire local Marshall lawyers. Hiring local in Marshall means that you will get a lawyer who not only knows the jurors, but who also probably knows their friends and even personal details like how often they go to church, local lawyers say.
“We had a Fourth of July party and we circulated the jury lists to people there on the boat dock,” said Joy Berry, a local lawyer who advises out-of-town law firms in jury selections. “By the time the party was over, we knew quite a bit about nearly everyone” on a list of potential jurors for coming trials, she said.
Mr. Smith of the Roth Law Firm said it could be difficult for outside lawyers to blend in and noted that some even tried to curry favor with jurors by taking on a drawl or wearing cowboy boots. “I call them T.B.L.’s, or ‘tall building lawyers,’ ” he said. “They don’t take their coats off no matter how hot it is down here.”
Indeed, local lawyers love to swap stories about visiting colleagues and their clients from bigger cities or from abroad.
One of Mr. Baxter’s favorites is about an out-of-town lawyer, a vegan, who wanted a late-night meal. “She walked over to Wendy’s and tried to order a salad through the drive-in window,” he recalled. “She was told she needed to be in a car to order through the drive-in window so she walked back over to the hotel, woke up one of the firm’s partners and had him take her through the drive-in window.” He laughed uproariously at the memory.
M. Craig Tyler, a lawyer in the Austin, Tex., office of Wilson Sonsini Goodrich & Rosati, the big Silicon Valley law firm, is fond of recounting how visitors react to Texas hospitality. “We’ve had many meals with clients from the Pacific Rim who take out their cellphones and send pictures back home when they see the portions of the meals in Marshall,” he said. “They thought it was family style, that one plate would feed many people.”
And then there are the tight-knit relationships that visiting lawyers encounter when they work in Marshall. In one patent case that eventually was settled, the plaintiffs hired an accountant whose clients included Judge Ward.
Patent litigation is a growing business across the country; Marshall is just the most visible example. Among the weightier issues behind the mushrooming of its patent docket is whether the elements that have made it expand — hungry plaintiffs’ lawyers, speedy judges and plaintiff-friendly juries — are encouraging an excess of expensive litigation that is actually stifling innovation.
Some say yes. “A lot of the cases being filed in Marshall are by patent holding companies, or patent trolls, as they’re called, whose primary and only assets are patents,” Mr. Tyler said.
Companies spent 32 percent more on outside counsel for intellectual property litigation in 2003 than in the previous year, Chuck Fish, the chief patent counsel for Time Warner, told the House Judiciary Subcommittee on Courts, the Internet and Intellectual Property earlier this year. Spending for all other litigation rose a mere 1 percent during that time, Mr. Fish said.
Defending Marshall’s role, many residents note that not only is it cheaper to hold a trial in Marshall, but that it is neutral territory for virtually all corporations that find themselves in court here.
“It’s not as if you have a situation here where Microsoft is hated or Cisco is spit upon,” Mr. Baxter said. “Whether it happens in Marshall, Tex., or Des Moines, Iowa, these lawsuits are going to happen. They might as well happen here.”
And many in Marshall are looking for ways to profit from the patent gusher.
THE paint is peeling and the wallpaper in the bathroom is nothing short of hideous, but all Johnny Taylor sees as he walks through the former doctor’s office he just bought in town is space for as many as 16 lawyers.
“Furnished office space is renting for $1 to $1.50 a square foot per week. So, a 2,000-square-foot office can get $2,000 per week,” said Mr. Taylor, who has already wired the building for high-speed Internet access and created marshallofficespace.com to highlight offices for rent and offer advertising to local businesses.
One of the first challenges for visiting lawyers arriving in Marshall is cramped quarters. They often roll into town with semitrailer trucks that have traveled from San Francisco or New York containing everything that could be needed to try a case, including volumes of documents, copying machines, desks, video and audio equipment and even cappuccino machines.
Some people in Marshall are trying to save them the trouble by providing fully equipped office space on short-term leases.
“We’re going to have a 6,000-square-foot space for a war room that we can rent out for $7,500 to $10,000 a week,” said Leslie D. Ware, a patent lawyer in Dallas, who bought a former furniture building next door to the federal courthouse. “A firm could basically walk in, plug in their laptops, work and unplug and go home,” he said.
Others are trying to lure patent dollars through different tacks. Fairfield Inn, which bought a subscription to Pacer, the electronic docket, routinely calls law firms to offer rooms for their lawyers with cases scheduled for trial.
“I’m thinking of coming up with a T-shirt for the lawyers,” said Jennie A. Kelehan, a former financial adviser who moved here from Houston three years ago and is now the co-owner of a wine and specialty store called Under the Texas Sun. She estimated that lawyers in town for the patent docket were responsible for about a sixth of her sales.
“The patent lawyers were not in our plans at all,” she said, “but they are definitely a huge asset for us and we will start using that as we start planning for the future.”
Others, though, seem more skeptical about the long-term effect of the patent docket on Marshall’s economy. They said they would like to bring in new industries and increase tourism.
“For the most part, the rocket docket and the lawyers are ‘today dollars,’ ” said Alan Grantham, a member of the Marshall Economic Development Corporation and a senior vice president at Bancorp South. “They spend the night at a hotel, rent cars and eat at restaurants.” But, he added that the patent docket was not the only factor driving the local economy.
Others, like Jerry Cargill, who runs a wholesale beverage distributing company in Dallas and has a family farm outside Marshall, said they hoped that increased tourism would play a bigger role in Marshall’s comeback.
In the last three years, Mr. Cargill has bought nine buildings downtown, as well as a $500,000 stake in the historic Hotel Marshall. The City of Marshall put in $1 million and others raised $527,000 to restore the building to its original Italian Renaissance design.
“I didn’t even hear about the rocket docket until a year ago,” Mr. Cargill said. “By then, we were well into the various projects.”
This fall, a tourism marketing firm is coming to town to create a branding plan and to offer ideas to alter Marshall’s infrastructure for tourism. “It’s a unique community,” Mr. Cargill said. “It just needs some marketing.”
Marshall’s patent docket may not be able to sustain its current pace of growth. Its reputation for speed is starting to attract so many cases that a certain sluggishness may be setting in. Four years ago, lawsuits took less than two years to go to trial. Now the average time between when a suit is filed and when it goes to court is more than 27 months.
There is legislative movement afoot as well. This spring, two senators, Patrick J. Leahy, Democrat of Vermont, and Orrin G. Hatch, Republican of Utah, introduced a patent reform bill. Among its many provisions is one to limit damages in patent lawsuits and another to require a more substantial connection between a business and the court where it brings a patent lawsuit.
WE think the bill will restore more balance in the patent system and remove incentives for plaintiffs to run to one jurisdiction and try to hit the jackpot,” said Mark W. Isakowitz, a lobbyist with the Coalition for Patent Fairness, which advocates patent reform on behalf of corporations. Any reform would likely happen next year at the earliest, lawyers say.
But the biggest change in Marshall’s status could come if plaintiffs start losing more cases.
A jury in Judge Ward’s courtroom in July stunned observers when it returned a verdict that said WG Security Products had not infringed any of the patents of Sensormatic.
The jury in the Hyperion-OutlookSoft case went even further a little over a week ago. After a five-day trial, it deliberated for less than three hours before deciding that OutlookSoft had not infringed the Hyperion patents and that those patents were invalid.
After the verdict was read, OutlookSoft’s legal team returned to the local law office it had been working out of and opened some Champagne, said the company’s chief executive, W. Phillip Wilmington, who attended every day of the trial in Marshall.
“As we were going through our victory discussion, a big truck pulls up and there goes the copier and fax machines out the door,” Mr. Wilmington said. “It disappeared just as quickly as it was set up. I’m sure the week following, there was someone coming in to do it all over again.”
MySpace Launches Voter-Registration Plan
The youth-heavy online hangout MySpace.com is launching a voter-registration drive to engage its members in civics. In partnership with the nonpartisan group Declare Yourself, MySpace is running ads on its highly trafficked Web site and giving members tools such as a "I Registered To Vote On MySpace" badge to place on their personal profile pages.
"Young people in this country ... are really engaged in what's happening in their community and want to make a difference," said Jeff Berman, MySpace's senior vice president for public affairs. "The key is to make it easy for them to get engaged. By putting these tools on MySpace and putting it in front of their eyes, you make it far more likely they will use them."
News Corp.'s MySpace is the leading online social-networking site, in which users stay connected by adding others as "friends" and expanding their networks by meeting friends of their friends. MySpace offers message boards, Web journals and other free features its members can use to circulate links for video and other items they like.
Berman said the company was hoping its users would use such tools to encourage friends to register. He acknowledged MySpace was late in launching a voter-registration drive, but said he still hoped "thousands upon thousands of MySpacers will register to vote and spread the word."
Election Day is Nov. 7, and many states close voter registration up to a month before that.
To register, members simply go to http://www.myspace.com/declareyourself and enter a state or ZIP code. After entering the requested information, the site generates a PDF file that can be printed and mailed to state election officials. A Spanish version also is available.
Although MySpace has a heavy youth population, about 80 percent of its 114 million registered members are old enough to vote, according to the Los Angeles-based company.
MySpace is not alone trying to register Americans, particular youths voting for the first time. A San Francisco-based nonprofit group called Mobile Voter offers a service for people to register via cell-phone text messaging.
Political campaigns themselves have also been turning to MySpace and similar sites to reach supporters, with many candidates creating profile pages they hope users would further circulate.
On the Net:
Election Assistance Commission: http://eac.gov
National Association of Secretaries of State vote site: http://www.canivote.org
The Big Gamble on Electronic Voting
HANGING chads made it difficult to read voter intentions in 2000. Hotel minibar keys may do the same for the elections in November.
The mechanics of voting have undergone a major change since the imbroglio that engulfed presidential balloting in 2000. Embarrassed by an election that had to be settled by the Supreme Court, Congress passed the Help America Vote Act of 2002, which provided funds to improve voting equipment.
From 2003 to 2005, some $3 billion flew out of the federal purse for equipment purchases. Nothing said “state of the art” like a paperless voting machine that electronically records and tallies votes with the tap of a touch screen. Election Data Services, a political consulting firm that specializes in redistricting, estimates that about 40 percent of registered voters will use an electronic machine in the coming elections.
One brand of machine leads in market share by a sizable margin: the AccuVote, made by Diebold Election Systems. Two weeks ago, however, Diebold suffered one of the worst kinds of public embarrassment for a company that began in 1859 by making safes and vaults.
Edward W. Felten, a professor of computer science at Princeton, and his student collaborators conducted a demonstration with an AccuVote TS and noticed that the key to the machine’s memory card slot appeared to be similar to one that a staff member had at home.
When he brought the key into the office and tried it, the door protecting the AccuVote’s memory card slot swung open obligingly. Upon examination, the key turned out to be a standard industrial part used in simple locks for office furniture, computer cases, jukeboxes — and hotel minibars.
Once the memory card slot was accessible, how difficult would it be to introduce malicious software that could manipulate vote tallies? That is one of the questions that Professor Felten and two of his students, Ariel J. Feldman and J. Alex Haldeman, have been investigating. In the face of Diebold’s refusal to let scientists test the AccuVote, the Princeton team got its hands on a machine only with the help of a third party.
Even before the researchers had made the serendipitous discovery about the minibar key, they had released a devastating critique of the AccuVote’s security. For computer scientists, they supplied a technical paper; for the general public, they prepared an accompanying video. Their short answer to the question of the practicality of vote theft with the AccuVote: easily accomplished.
The researchers demonstrated the machine’s vulnerability to an attack by means of code that can be introduced with a memory card. The program they devised does not tamper with the voting process. The machine records each vote as it should, and makes a backup copy, too.
Every 15 seconds or so, however, the rogue program checks the internal vote tallies, then adds and subtracts votes, as needed, to reach programmed targets; it also makes identical changes in the backup file. The alterations cannot be detected later because the total number of votes perfectly matches the total number of voters. At the end of the election day, the rogue program erases itself, leaving no trace.
On Sept. 13, when Princeton’s Center for Information Technology Policy posted its findings, Diebold issued a press release that shrugged off the demonstration and analysis. It said Princeton’s AccuVote machine was “two generations old” and “not used anywhere in the country.”
I spoke last week with Professor Felten, who said he could not imagine how a newer version of the AccuVote’s software could protect itself against this kind of attack. But he also said he would welcome the opportunity to test it. I called Diebold to see if it would lend Princeton a machine.
Mark G. Radke, director for marketing at Diebold, said that the AccuVote machines were certified by state election officials and that no academic researcher would be permitted to test an AccuVote supplied by the company. “This is analogous to launching a nuclear missile,” he said enigmatically, adding that Diebold had to restrict “access to the buttons.”
I persisted. Suppose, I asked, that a test machine were placed in the custodial care of the United States Election Assistance Commission, a government agency. Mr. Radke demurred again, saying the company’s critics were so focused on software that they “have no appreciation of physical security” that protects the machines from intrusion.
This same point was featured prominently in the company’s press release that criticized the Princeton study, saying it “all but ignores physical security and election procedures.” It is a criticism that collides with the facts on Page 5 of the Princeton study, where the authors provide step-by-step details of how to install the malicious software in the AccuVote.
Even before the minibar lineage of the AccuVote key had been discovered, the researchers had learned that the lock was easily circumvented: one of them could consistently pick it in less than 10 seconds.
If skeptics cannot believe what they read about the ease of manipulating an election, they can watch the 10-minute online video: the AccuVote lock is picked, a memory card is inserted and the malicious software is loaded; the machine is rebooted, and within 60 seconds the machine is ready to throw the election in favor of any specified candidate.
Computer scientists with expertise in security issues have been sounding alarms for years. David L. Dill at Stanford and Douglas W. Jones at the University of Iowa were among the first to alert the public to potential problems. But the possibility of vote theft by electronic means remained nothing more than a hypothesis — until the summer of 2003, when the code for the AccuVote’s operating system was discovered on a Diebold server that was publicly accessible.
The code quickly made its way into researchers’ hands. Suspected vulnerabilities were confirmed, and never-contemplated sloppiness was added to the list of concerns. At a computer security conference, the AccuVote’s anatomy was analyzed closely by a team: Aviel D. Rubin, a computer science professor at Johns Hopkins; two junior associates, Tadayoshi Kohno and Adam Stubblefield; and Dan S. Wallach, an associate professor in computer science at Rice. They described how the AccuVote software design rendered the machine vulnerable to manipulation by smart cards. They found that the standard protections to prevent alteration of the internal code were missing; they characterized the system as “far below even the most minimal security standards.”
Professor Rubin has just published a nontechnical memoir, “Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting” (Morgan Road Books), that describes how his quiet life was upended after he and his colleagues published their paper. He recalls in his book that Diebold’s lawyers sent each of the paper’s authors a letter threatening the possibility of legal action, warning them to “exercise caution” in interviews with the press lest they make a statement that would “appear designed to improperly impair and impede Diebold’s existing and future business.” Johns Hopkins rallied to his side, however, and the university’s president, William R. Brody, commended him for being on the case.
Recently, there have been signs that states are having second thoughts about trusting their AccuVote equipment. Officials in California, Florida and Pennsylvania have been outspoken about their concerns. In Maryland earlier this year, the state House of Delegates voted 137 to 0 in favor of a bill to prohibit the use of its AccuVote machines because they were not equipped to generate a paper audit trail. (The state Senate did not take up the measure and it died.)
Professor Rubin favors the use of touch screens only for “ballot marking” — capturing a voter’s intended choice — then printing out a paper ballot with only the voter’s chosen candidates that the voter can visually check. Election officials can then use the slip to tally votes with an optical scanner made by a different manufacturer.
Manual audits of the tallies in at least 1 percent of all precincts, as is now required in California, would provide a transparent method of checking for integrity. Should a full recount be necessary, the paper ballots, containing only the selected names, provide unambiguous records of original intent.
“Let computers do what they do best,” Professor Rubin said, “and let paper do what it does best.”
Officials Wary of Electronic Voting Machines
A growing number of state and local officials are getting cold feet about electronic voting technology, and many are making last-minute efforts to limit or reverse the rollout of new machines in the November elections.
Less than two months before voters head to the polls, Gov. Robert L. Ehrlich Jr. of Maryland this week became the most recent official to raise concerns publicly. Mr. Ehrlich, a Republican, said he lacked confidence in the state’s new $106 million electronic voting system and suggested a return to paper ballots.
Dozens of states have adopted electronic voting technology to comply with federal legislation in 2002 intended to phase out old-fashioned lever and punch-card machines after the “hanging chads” confusion of the 2000 presidential election.
But some election officials and voting experts say they fear that the new technology may have only swapped old problems for newer, more complicated ones. Their concerns became more urgent after widespread problems with the new technology were reported this year in primaries in Ohio, Arkansas, Illinois, Maryland and elsewhere.
This year, about one-third of all precincts nationwide are using the electronic voting technology for the first time, raising the chance of problems at the polls as workers struggle to adjust to the new system.
“I think there is good reason for concern headed into the midterm elections,” said Richard F. Celeste, a Democrat and former Ohio governor who was co-chairman of a study of new machines for the National Research Council with Richard L. Thornburgh, a Republican and former governor of Pennsylvania.
“You have to train the poll workers,” Mr. Celeste said, “especially since many of them are of a generation for whom this technology is a particular challenge. You need to have plans in place to relocate voters to another precinct if machines don’t work, and I just don’t know whether these steps have been taken.”
Paperless touch-screen machines have been the biggest source of consternation, and with about 40 percent of registered voters nationally expected to cast their ballots on these machines in the midterm elections, many local officials fear that the lack of a paper trail will leave no way to verify votes in case of fraud or computer failure.
As a result, states are scrambling to make last-minute fixes before the technology has its biggest test in November, when voter turnout will be higher than in the primaries, many races will be close and the threat of litigation will be ever-present.
“We have the real chance of recounts in the coming elections, and if you have differences between the paper trail and the electronic record, which number prevails?” said Richard L. Hasen, a professor at Loyola Law School in Los Angeles and the author of the Election Law blog, www.electionlawblog.org.
Professor Hasen found that election challenges filed in court grew to 361 in 2004, up from 197 in 2000. “What you have coming up is the intersection of new technology and an unclear legal regime,” he said.
Like Mr. Ehrlich, other state officials have decided on a late-hour change of course. In January, Gov. Bill Richardson of New Mexico decided to reverse plans to use the touch-screen machines, opting instead to return to paper ballots with optical scanners. Last month, the Connecticut secretary of state, Susan Bysiewicz, decided to do the same.
“I didn’t want my state to continue being an embarrassment like Ohio and Florida every four years,” said Mr. Richardson, a Democrat, adding, “I also thought we needed to restore voter confidence, and that wasn’t going to happen with the touch-screen machines.”
In Pennsylvania, a state senator introduced a bill last week that would require every precinct to provide voters with the option to use paper ballots, which would involve printing extra absentee ballots and having them on site. A similar measure is being considered on the federal level.
In the last year or so, at least 27 states have adopted measures requiring a paper trail, which has often involved replacing paperless touch-screen machines with ones that have a printer attached.
But even the systems backed up by paper have problems. In a study released this month, the nonpartisan Election Science Institute found that about 10 percent of the paper ballots sampled from the May primary in Cuyahoga County, Ohio, were uncountable because printers had jammed and poll workers had loaded the paper in backward.
Lawsuits have been filed in Colorado, Arizona, California, Pennsylvania and Georgia seeking to prohibit the use of touch-screen machines.
Deborah L. Markowitz, the Vermont secretary of state and the president of the National Association of Secretaries of State, said that while there might be some problems in November, she expected them to be limited and isolated.
“The real story of the recent primary races was how few problems there were, considering how new this technology is,” said Ms. Markowitz, a Democrat. “The failures we did see, like in Maryland, Ohio and Missouri, were small and most often from poll workers not being prepared.”
Many states have installed the machines in the past year because of a federal deadline. If states wanted to take advantage of federal incentives offered by the Help America Vote Act, they had to upgrade their voting machines by 2006.
In the primary last week in Maryland, several counties reported machine-related problems, including computers that misidentified the party affiliations of voters, electronic voter registration lists that froze and voting-machine memory cards whose contents could not be electronically transmitted. In Montgomery County, election workers did not receive access cards to voting machines for the county’s 238 precincts on time, forcing as many as 12,000 voters to use provisional paper ballots until they ran out.
“We had a bad experience in the primary that led to very long lines, which means people get discouraged and leave the polls without voting,” said Governor Ehrlich, who is in a tight re-election race and has been accused by his critics of trying to use the voting issue to motivate his base. “We have hot races coming up in November and turnout will be high, so we can expect lines to be two or three times longer. If even a couple of these machines break down, we could be in serious trouble.”
Problems during primaries elsewhere have been equally severe.
In the Illinois primary in March, Cook County officials delayed the results of the county board elections for a week because of human and mechanical problems at hundreds of sites with new voting machines made by Sequoia Voting Systems.
In the April primary in Tarrant County, Tex., machines made by Hart InterCivic counted some ballots as many as six times, recording 100,000 more votes than were cast. The problem was attributed to programming errors, not hacking.
In the past year, the Government Accountability Office, the Brennan Center for Justice at New York University and the Congressional Research Service have released reports raising concerns about the security of electronic machines.
Advocates of the new technology dispute the conclusions.
“Many of these are exaggerated accusations by a handful of vocal activists,” said Mark Radke, director of marketing for Diebold Election Systems, one of the largest sellers of touch-screen machines. “But if you want to talk about fraud and tabulation error, the newer technology is far more accurate.”
Mr. Radke cited a study from the California Institute of Technology that found that between the 2000 election, when touch-screen machines were not used, and the 2004 election, when they were, there was a 40 percent reduction in voter error in Maryland, making the vote there the most accurate in the country.
“There is always the potential for human error,” Mr. Radke said, “but that is easily correctible.”
But critics say bugs and hackers could corrupt the machines.
A Princeton University study released this month on one of Diebold’s machines — a model that Diebold says it no longer uses — found that hackers could easily tamper with electronic voting machines by installing a virus to disable the machines and change the vote totals.
Mr. Radke dismissed the concerns about hackers and bugs as most often based on unrealistic scenarios.
“We don’t leave these machines sitting on a street corner,” he said. “But in one of these cases, they gave the hackers complete and unfettered access to the machines.”
Warren Stewart, legislative director for VoteTrustUSA, an advocacy group that has criticized electronic voting, said that after poll workers are trained to use the machines in the days before an election, many counties send the machines home with the workers. “That seems like pretty unfettered access to me,” Mr. Stewart said.
Bill Would Reimburse States for Printing Alternate Ballots
Three Senate Democrats proposed emergency legislation on Tuesday to reimburse states for printing paper ballots in case of problems with electronic voting machines on Nov. 7.
The proposal is a response to grass-roots pressures and growing concern by local and state officials about touch-screen machines. An estimated 40 percent of voters will use those machines in the election.
“If someone asks for a paper ballot, they ought to be able to have it,” said Senator Barbara Boxer of California, a co-sponsor of the measure with Senators Christopher J. Dodd of Connecticut and Russell D. Feingold of Wisconsin.
Republican leadership aides were skeptical about the prospects for the measure. It would have to advance without opposition from any senator and then make it through the House in the short time available before Election Day.
Dozens of states are using optical-scan and touch-screen machines to comply with federal laws intended to phase out lever and punch-card machines after the hanging-chads confusion of the 2000 presidential election. Widespread problems were reported with the new technology and with the poll workers using them this year in primaries in Arkansas, Illinois, Maryland, Ohio and elsewhere.
Local and state officials have expressed concern that the new systems might not be ready to handle increased turnouts. Election experts fear that the lack of a paper trail with most touch-screen machines will leave no way to verify votes in case of fraud or computer failure.
Last week, Gov. Robert L. Ehrlich Jr. of Maryland, a Republican, joined the skeptics, saying he lacked confidence in his state’s new $106 million electronic system and suggesting that state officials offer all voters paper ballots as an alternative.
The proposed federal bill would provide 75 cents for each backup paper ballot that a precinct prints. If ballots are printed for half the 27 million voters expected to use touch-screen machines, Ms. Boxer said, her bill would cost Washington no more than $10.1 million.
Barbara Burt, vice president and director of election reform programs at Common Cause, a good-governance advocacy group, said that the bill would have been stronger if it had required precincts to provide paper ballots in federal elections, but that it was a step in the right direction.
“Lack of funding has been the main excuse that local election officials have used to avoid implementing paper precautions,” Ms. Burt said. “This takes that excuse away from them entirely.”
Ms. Boxer said mandating all precincts to provide paper ballots would have been impractical.
“I think Big Brother dictating something to local jurisdictions is a big mistake, because they will balk at it,” she said. “What we’re saying here is that you run your own elections, and we are going to help you run it properly. If local officials don’t take advantage of the option to take precautions, then they’re the ones on the line.”
Brad Friedman, a liberal blogger and longtime critic of electronic voting, said that incentives to print paper ballots would help, but that without a federal mandate some voters would still have no choice but to use touch-screens.
On Thursday the Committee on House Administration, which has a role in overseeing election procedures, will hold a hearing to consider whether all voting equipment should produce a paper record that lets voters verify how they voted.
Carl Hulse contributed reporting.
Chairwoman Leaves Hewlett in Spying Furor
Damon Darlin and Matt Richtel
The furor over Hewlett-Packard’s spying operation claimed its highest-ranking victim on Friday with the immediate resignation of its chairwoman, Patricia C. Dunn.
The move was announced by Mark V. Hurd, the chief executive, who will now succeed her. But even as he offered an account of an investigation gone awry, and offered apologies to those whose privacy was invaded, he made it clear that many questions had yet to be answered.
His voice shaking, Mr. Hurd said a review of the means used to trace leaks from the company’s board had produced “very disturbing” findings. He also conceded that “I could have, and I should have,” read a report prepared for him while the operation was under way.
The investigators’ zeal led them into a shadowy world of surveillance, and in the end the giant computer company was embarrassed by its own use of technology.
Two executives who supervised the effort were also reported to be leaving.
In addition to direct surveillance, the operation entailed the use of possibly illegal methods to obtain phone records of board members, journalists and others; an attempt to place software on a reporter’s computer to track e-mail; and a study of the use of clerical workers and cleaners to infiltrate two news organizations.
At a news conference at Hewlett-Packard’s headquarters here, Mr. Hurd said it had been proper and necessary for Ms. Dunn to try to stem leaks of confidential information. But he added, “While many of the right processes were in place, they unfortunately broke down, and no one in the management chain, including me, caught them.”
It was the company’s first public discussion of the revelations that have engulfed it for more than two weeks. Mr. Hurd took no questions, with the company saying he did not want to pre-empt his testimony next week to a House subcommittee looking into the Hewlett-Packard affair.
In a statement provided by Hewlett-Packard, Ms. Dunn said she had resigned at the request of the board. But she said that while she had the responsibility to identify the source of leaks, “I did not propose the specific methods,” and those who performed the investigation “let me and the company down.”
According to people briefed on Mr. Hurd’s plans, Kevin T. Hunsaker, its senior counsel and director of ethics, and Anthony R. Gentilucci, its Boston-based manager of global investigations, will leave the company. Mr. Hurd did not speak to this issue, and the company declined to comment.
Some industry analysts had expected Hewlett-Packard to announce more directly who it felt was responsible, inside or outside the company.
“A lot of us thought there was going to be a lot more,” said Jeffrey Sonnenfeld, senior associate dean of the Yale School of Management. But he added that Mr. Hurd apparently felt he needed more time to understand all that occurred.
The initial reaction of investors appeared favorable. In after-hours trading, Hewlett-Packard’s stock was up more than 1 percent.
The effort to find the source of the boardroom leak began in early 2005, around the time of Carleton S. Fiorina’s dismissal as chairwoman and chief executive, and yielded inconclusive results that year. A second phase began in January 2006, as an account of a senior management meeting was being prepared by the online technology news service CNET.
By May, the investigative efforts had identified one board member, George A. Keyworth II, as a source of unauthorized disclosures. He refused an initial request to resign, but another director, Thomas J. Perkins, quit over the investigation. It was Mr. Perkins’s attempt to get the company to acknowledge the reasons for his resignation that brought the entire operation — and deep animosities within the board — into public view early this month.
On Sept. 12, a week after the initial disclosures, Ms. Dunn said she would step down as chairwoman effective in January, to be succeeded by Mr. Hurd. Mr. Keyworth, her antagonist, then agreed to resign.
The moves by Hewlett-Packard on Friday were an attempt to get ahead of the torrent of daily disclosures about the spying operation and an acknowledgment of the irresponsibility, if not illegality, of the methods.
State and federal prosecutors are exploring whether any laws were broken by anyone inside the company or those hired in an investigative chain extending to Boston, Florida and the Midwest. A central element was the use of pretexting, which involved impersonating someone to obtain that person’s calling records from a phone company.
Mr. Hunsaker, the lawyer and ethics officer, directed the 2006 phase of the investigation. Mr. Gentilucci, the Boston-based investigations officer, was involved in both the 2005 and 2006 phases of the investigation.
Mr. Hurd said that on Sept. 8 he retained a law firm, Morgan Lewis, which has concluded that the investigation team led by Mr. Hunsaker provided regular updates to Ms. Dunn, and to a lesser extent to the general counsel, Ann O. Baskins.
“Some of the findings that Morgan Lewis has uncovered are very disturbing to me,” Mr. Hurd said.
Michael J. Holston, a partner in the firm, laid out some evidence to reporters Friday after Mr. Hurd’s comments. While noting that the firm’s review was not complete, he said Ms. Dunn had personally contacted and engaged Security Outsourcing Solutions, a tiny Boston-area investigative firm operated by Ronald R. DeLia, in the 2005 phase.
“For the first month or so of the investigation, Ms. Dunn worked directly with Ron DeLia from S.O.S.,” Mr. Holston said, and it was only two months later that the company’s own detectives were brought in.
In an interview two weeks ago, Ms. Dunn said she had turned to the head of security to handle that investigation. Ms. Dunn’s lawyer, James J. Brosnahan, reiterated that claim Friday. “She went to the right people, and she was assured that what they were doing was legal,” he said.
Mr. Hurd was briefed on the first phase of the investigation, called Kona I, on July 22, 2005, Mr. Holston said. But he said Mr. Hurd attended only a portion of that meeting, which included Ms. Dunn, Ms. Baskins, Mr. DeLia, Mr. Gentilucci and Jim Fairbaugh, the head of global security. The participants were told the investigation was inconclusive, and by late summer it was inactive.
Kona II, the phase that began in January of this year, was far more energetic. “Over the next three months, regular updates were provided by members of the investigation team to Ms. Dunn and, to a lesser extent, to Ms. Baskins,” Mr. Holston said.
A crucial document was a March 2006 report prepared by the company’s investigators and Mr. DeLia under the supervision of Mr. Hunsaker, a senior company lawyer. Mr. Hurd was given a copy of that report, but he said he did not read it. “I could have, and I should have,” he said.
The report identified the source of the leaks and outlined techniques used to get that information, including pretexting. It was also sent to the company’s outside counsel, the powerful Silicon Valley firm of Wilson Sonsini Goodrich & Rosati, for review and comment, Mr. Holston said.
Mr. Holston noted that the Kona II report claimed that the techniques were legal. But as e-mail messages disclosed this week have shown, Mr. Hunsaker suspected early this year that the techniques might not be above-board. When he asked Mr. Gentilucci about the legality, he was told that it was “on the edge,” and Mr. Hunsaker replied: “I shouldn’t have asked.”
Despite those assurances, Mr. Hunsaker never obtained a written legal opinion, according to people briefed on the company’s review of its investigation.
Mr. Holston also discussed other aspects of the operation, including the use of surveillance software surreptitiously sent to the computer of a CNET reporter.
Mr. Holston said the program had been designed to determine whether the reporter would forward a misleading e-mail message, purporting to offer inside information about the company, to her source on the Hewlett-Packard board for confirmation.
The scheme did not work, Mr. Holston said, noting that the investigation team never received an indication that the misleading message had been forwarded.
Mr. Hurd affirmed that he had been informed of the plan to send a bogus message and had approved of the “naming convention” that was used. But he said he did not recall knowing or approving of the tracking technology. Neither Mr. Hurd nor Mr. Holston indicated why the chief executive did not raise questions about the way the scheme was to be carried out.
Damon Darlin reported from Palo Alto, Calif., and Matt Richtel from San Francisco. Miguel Helft contributed reporting from Palo Alto.
NBC Draws Protests From Conservatives
NBC has drawn protests this week from religious conservatives over the content of two television shows, but for different reasons — in one instance for excluding references to God and in the other for possibly including religious imagery.
The disputes, over the network’s proposed broadcast of a Madonna concert that includes a crucifixion scene and over its cutting religious references from the animated children’s show “VeggieTales,” have some critics charging that NBC maintains a double standard toward Christianity.
Alan Wurtzel, an NBC executive who oversees broadcast standards, said in an interview on Friday that there was no double standard. Rather, he said, the network was evaluating each show individually.
In the case of “VeggieTales,” which its creators have said “isn’t a show about values, it’s a show about God,” Mr. Wurtzel said he felt the network was being unfairly punished.
“We frequently get criticized for putting on programming that does not deal with traditional values or religious themes,” he said. “Here is a show that clearly does that, and the criticism is that we didn’t go far enough.”
“VeggieTales,” which NBC added to its Saturday morning line-up this month, was originally created for home video, and episodes of the video series routinely contain religious themes, Bible verses and statements about God’s love and purpose.
NBC secured the rights to the show as part of a children’s programming partnership called Qubo, which it formed earlier this year with Classic Media, the owner of the VeggieTales franchise; Scholastic, the children’s publisher; Ion Media Networks; and Corus Entertainment. When the deal was announced in August, the partners said the “VeggieTales” episodes would be edited to NBC programming guidelines.
Since the show went on the air, however, Phil Vischer, the co-creator of “VeggieTales,” has complained on his Internet site (www.philvischer.com) that NBC has ordered most if not all of the references to God and the Bible to be excised from the episodes prepared for NBC.
“I’m not at all happy with the edits,” Mr. Vischer wrote. “I didn’t know I’d need to make them when I agreed to produce the show, and I considered dropping out when I found out just how much would need to be removed.”
Mr. Vischer added that he had decided not to withdraw from the project “as a favor” to Classic Media.
A spokesman for the show’s parent, however, said the company would rather have an edited version on the air than nothing. Bob Smith, a spokesman for Big Idea, the unit of Classic Media that produces VeggieTales, said that despite the edits, “the thread and values we’re trying to get across is unmistakable.”
“If it weren’t,” he added, “we never would have agreed to it.”
Mr. Wurtzel said NBC did not believe it had deleted the show’s religious message; he said the network had bought the rights to “Veggie Tales” because of its positive religious themes but that it did ask for changes to comply with its standards.
“We are not a religious broadcaster,” he said. “There are universally accepted religious values that we do think are appropriate,” but the promotion of “any particular religion or a particular denomination” is not allowed.
“Clearly the show has religious themes,” Mr. Wurtzel said. “It puts forth some very specific religious values. We had to make a decision about where it went further than we considered appropriate.”
Fans of “VeggieTales” have objected that the edited versions make the message unrecognizable, and L. Brent Bozell, president of the Parents Television Council, wrote letters to NBC executives complaining about both the “VeggieTales” decision and another issue, a Madonna concert scheduled to be broadcast in November.
Kevin Reilly, president of NBC Entertainment, announced this summer that the network would broadcast a taped concert by Madonna during the November ratings sweeps period. At the time, he said the concert would be edited to exclude offensive material. But Mr. Reilly was also quoted in August as saying that the network had no problem with a part of the performance in which Madonna sings while mounted on a cross, in imitation of the Crucifixion of Jesus.
That part of Madonna’s current concert tour has drawn protests around the world from people who believe it is blasphemous or offensive to Christians. This week, after receiving letters of protest about the concert and its intentions, NBC said it had not yet decided whether to include the crucifixion scene.
A spokeswoman for Madonna, however, said Friday that the singer considered the scene crucial to the performance and could withdraw the right for NBC to televise the concert if the scene were cut.
Liz Rosenberg, a publicist at Warner Brothers Records who serves as a spokeswoman for Madonna, said in an e-mail message: “Madonna would not want this number to be censored. It is an important aspect of the show.” She said she could not immediately reach Madonna to ask if she would pull out of the concert if NBC cut the song, “but my educated guess is that she will not back down.”
Madonna also issued a statement on Thursday saying that the performance was “neither anti-Christian, sacrilegious or blasphemous.”
“Rather,” it went on to say, “it is my plea to the audience to encourage mankind to help one another and see the world as a unified whole. I believe in my heart that if Jesus were alive today, he would be doing the same thing.”
What's Your Favourite Bittorrent Client?
µTorrent 50% (20238) (#1)
Azureus 34% (13734)
BitTornado 3% (1322)
BitTorrent / Mainline 3% (1268)
BitComet 2% (931)
ABC 2% (637)
Transmission 1% (528)
What's Bittorrent? 1% (371)
BitLord 1% (281)
Tomato Torrent 1% (240)
rtorrent 1% (210)
Other 0% (167)
TorrentFlux 0% (157)
Bits On Wheels 0% (122)
KTorrent 0% (112)
Acquisition 0% (53)
burst! 0% (48)
BitSpirit 0% (48)
Shareaza 0% (37)
G3 Torrent 0% (16)
Rufus 0% (13)
CTorrent 0% (11
The Echoes of His Mind Just Keep Reverberating
FORTY years ago a standard was born, although completely by accident. In the fall of 1966 Fred Neil was recording a folk-blues album in Los Angeles. But he hadn’t written enough songs to complete it, and he was getting anxious to return home to Miami. His manager at the time, Herb Cohen, quickly made a deal: Write one more tune and record it immediately, then you can go.
With that, Mr. Neil retreated to a bathroom at the studio and, five minutes later, emerged with the new composition: a lanky, concise ballad — just two verses and a chorus, with one verse and the chorus repeated — that expressed his desire to go home, “where the sun keeps shining in the pouring rain.”
The song was cut fast, in one take, and Mr. Cohen made good on his promise. “He sang it once,” he recalled, “and then we packed up, and I took him to the airport.”
Mr. Neil (who died in 2001) may have considered the number a throwaway, but in a case study of the unpredictable ways in which pop can work, the song, “Everybody’s Talkin’,” has quietly become a landmark of the classic-rock era. Most people know it from Harry Nilsson’s orchestral-pop rendition, which hit No. 6 after being prominently used in the 1969 movie “Midnight Cowboy,” but it has been recorded by nearly 100 artists, including Stevie Wonder, Willie Nelson, Neil Diamond and Liza Minnelli.
This year five new or unearthed renditions have been released. The band Luna included a straightforward version on “Lunafied,” (Rhino) its collection of covers. The jazz-pop singer Madeleine Peyroux turned it into a sultry saunter on her new album, “Half the Perfect World” (Rounder). Last week Julio Iglesias transformed it into a suave adult-contemporary love song on “Romantic Classics” (Columbia).
Three older recordings popped up this year as well. The famous version was repackaged on a Harry Nilsson anthology. A previously unreleased take by Crosby, Stills & Nash was included on an expanded reissue of the trio’s 1969 debut. And Mr. Neil’s original recording, the one cut in a flash, re-emerged when Water Music reissued his 1967 album “Fred Neil.”
“Everybody loves that song,” said Dean Wareham, leader of Luna, which recently broke up. The band first cut the song in the mid-1990’s and went on to perform it on numerous occasions, including its farewell concert last year. Mr. Wareham said he was initially exposed to the song by his parents, who were Nilsson fans. “It’s perfectly constructed,” he said. “I can hum every guitar line and string part.”
Theo Cateforis, a music-history professor at Syracuse University, said, “Harmonically it’s a very simple song, and it’s easy to get a handle on the melody.” But, he said, the lyrics also account for the song’s appeal. “It’s one of the great open-road songs, along with ‘Born to Be Wild.’ It taps into a sense of freedom and taking a journey. The narrator wants to separate himself from the problems around him, which is a universal feeling that can apply to any era. It works as well now as it did in the 60’s.”
According to BMI, the organization that tracks broadcast play and collects song royalties, “Everybody’s Talkin’ ” has been played on radio and television a total of 6.7 million times, including 160,000 times in 2005. In another possible sign of its ubiquity, it was even the basis for a plagiarism charge this year. Six Palms Music, the song’s publisher, claimed that “I Don’t Care What Your Friends Say,” a new song used on “The O.C.,” bore a melodic resemblance to it. The matter was settled out of court, and Third Story emerged with ownership of the disputed song.
The many versions — and lives — of “Everybody’s Talkin’ ” began soon after it was written. In the 60’s and 70’s Lena Horne used it as the basis for frisky jazz vocalese; Harold Melvin and the Blue Notes turned it into pleading Philly soul; Bill Withers transformed it into a soul-funk stomp; Tony Bennett made it a big-band showcase; and Leonard Nimoy talk-sang his way through it. The oddest version, though, may be a disco makeover featuring Louis Armstrong.
In the decades that followed, the song was rediscovered by alternative and indie rock types. Two British bands, the Beautiful South and the Jazz Butcher, resurrected it. In 2002 the techno producer Paul Oakenfold sampled the Nilsson version on his club hit “Starry Eyed Surprise.” Two years later the Go! Team, an electronica collective from Britain, also used a sample of it in “Everyone’s a V.I.P. to Someone.”
“I didn’t know the song was covered or revered that much,” Mr. Oakenfold wrote in an e-mail interview. He said he knew the song exclusively from “Midnight Cowboy” and “really liked the guitar line.”
It’s not uncommon to encounter someone who knows “Everybody’s Talkin’ ” but doesn’t know much about Fred Neil, since he went out of his way to avoid anything approaching the spotlight. With a deep, resonant voice and hangdog face, he made his name in the mid-60’s in Greenwich Village, where he wrote coffeehouse standards like “The Dolphins,” “The Other Side of This Life” and “Little Bit of Rain.” He was so revered that Bob Dylan once opened a show for him.
By the end of the 60’s, though, Mr. Neil had retreated to Florida, rarely performing or writing new material. His cut of the royalties of “Everybody’s Talkin’ ” — estimated by Mr. Cohen to be in the millions of dollars over the years — allowed him to live a reclusive, comfortable life.
“He was a very sensitive person,” said Robert Steinberg, Mr. Neil’s lawyer. “He couldn’t handle the music business.”
Mr. Steinberg said his client had been vehemently opposed to the placement of his most famous song in “Forrest Gump,” saying he was “afraid they’d exploit it.” Thanks to the particularities of Mr. Neil’s publishing contract, however, the song was used in the film nonetheless.
Mr. Neil’s death was as low key as his life. On July 7, 2001, the police in Summerland Key, Fla., responded to an emergency call at his house. They found Mr. Neil, 65, unconscious on the floor. He had $13 in his wallet and a last will and testament on a nightstand by his bed. He had been battling skin cancer (chemotherapy treatments were set to begin nine days later) and was pronounced dead of natural causes.
Until the end he remained a mystery even to those who knew and worked with him. Mr. Steinberg said he was still confounded by Mr. Neil’s creative withdrawal. “Was it that he didn’t want to be part of the business, or was he afraid of not living up to what he had done before?” he said. “I could never figure it out.”
But everyone agreed on one matter: Mr. Neil never thought much of “Everybody’s Talkin’,” despite its continued popularity and the lifelong revenue it provided.
“He never gave the song much credence at all,” Mr. Cohen recalled. “It was just a way to get out of the studio. He hated L.A.”
Editor: Andy Pratt does a quick, funky and quirky version on his 2003 release Cover Me – Jack.
Digital Set Design Transforms Films Like ‘Flyboys’
"FLYBOYS,” which opened on Friday, is a modest film as things are now measured. Its ensemble cast has no eye-catching names. Its director, Tony Bill, while a solid craftsman, has never been a major box office draw. And its budget of around $55 million, though substantial, is only a fraction of what studios routinely spend on their blockbusters.
Yet the picture, about American pilots during World War I, looms surprisingly large on the screen. In one memorable sequence, for instance, the fliers attack a zeppelin in midair, riddling it with bullets and triggering explosions that send German soldiers fleeing along the top and interior of the airship, while biplanes buzz on all sides.
Scenes of that sort are rapidly blurring the line between big movies and smaller ones, in part because computer design and effects, no longer the preserve of hyper-real science fiction and fantasy, have gone natural. In a wave of films now reaching the screen, digital elements are woven together with the real, vastly extending the filmmaker’s reach and leaving the audience to guess where one ends and the other begins.
In “Flyboys,” as it happens, the explosions and scampering soldiers are genuine, though the zeppelin itself is a digital replication of a 30-foot miniature. “We knew that we needed to do a real explosion with the randomness and chaos rather than a computer-generated explosion, which would have been too calculated and obvious,” said Peter Chiang, the visual-effects supervisor who oversaw the scene.
In “United 93,” released earlier this year, Mr. Chiang used a subtler technique known as digital set extension to stretch the scope of a film that was budgeted at only about $15 million. First the director, Paul Greengrass, and his crew photographed much of the movie in a 50-foot section of an airplane; then Mr. Chiang and company made it look deeper by adding extra rows, people and luggage into approximately 30 shots.
J. André Chaintreuil, a digital set designer whose credits include “The Terminal,” “Superman Returns” and James Cameron’s forthcoming “Avatar,” said Hollywood was still largely “old school” in the field despite the growing number of computerized hybrids. Hand drafting, he said, remains a popular choice, though things are changing rapidly.
“An ordinary set designer draws everything by hand, while a digital set designer obviously uses the computer to aid them in figuring out how a set is configured,” Mr. Chaintreuil said. By modeling a 3-D design on his computer, he can walk a director and production designer through a set before it has even been constructed or before a handmade model has been built. That digitized information can also be shared with multiple departments that usually generate their own plans.
“If the vendor uses 3-D data, we can send them that, and they can choose how to use that data to do their piece of the job as efficiently as they can,” Mr. Chaintreuil said. “Also, if there are any visual-effects shots, we can send out a model of exactly what construction is building for people to study.” In addition alterations and changes to the designs require far less time and labor.
Digital design in the early phases of a project increasingly opens the door to digital techniques in actual production, even with films that seem to be steeped in the grit of real life. On last year’s skateboarding film “Lords of Dogtown,” for example, Mr. Chaintreuil assisted the filmmakers in building a pier in San Diego.
Not only did he create digital set extensions — expanding locations to become larger than they really were — but he also helped the director, Catherine Hardwicke, determine which shots she could obtain, particularly with a program function that imitates views through specific camera lenses. “If we can be in the 3-D world, we can say, ‘If you shoot this way, you’ll get great depth through the piers, and you won’t have to build this half of the pier,’ ” he explained.
Mr. Chaintreuil, who began working in film with models and miniatures, said there were two levels of digital set designers. Some “purely use the computer as a drafting tool, which means they’re basically computer drafters,” he said. “Then digital set designers like myself get called in to do the incredible or the impossible. We get brought in to do crazy surfaces and things you just wouldn’t imagine.”
That being said, many in the vanguard of digital set design appear to pride themselves on a growing ability to meld their work into the commonplace, validating an old saw that the best special effects are the ones you don’t see.
Such is the case with Aaron Haye, whose digital set design credits include “X-Men: The Last Stand” and “Monster House,” and who began his career as a lead model maker at George Lucas’s Industrial Light & Magic. Lately he has been working not on heroes and monsters but on the creation of modern Middle Eastern neighborhoods for the director Peter Berg’s forthcoming military drama “The Kingdom.”
“We built a large, international housing complex” on the campus of Arizona State University East in Mesa, Ariz., Mr. Haye said. “It’s basically just a bunch of apartment buildings, recreational facilities and baseball fields.”
But drafting such ordinary places in 3-D had its advantages, particularly as the physical sets required digital extensions to make them larger. Mr. Haye noted that Tom Duffield, the production designer of “The Kingdom,” had never worked with a digital set designer before, so Mr. Haye wound up on the project for nearly a year, as digital work seeped into the film.
Yet Mr. Haye, who is working on David Fincher’s New Orleans-based period film, “The Curious Case of Benjamin Button” — a project that uses only digital set designers — envisions a time when the entire field will be transformed by computer technology. Mr. Haye said, “With every production designer I work with, we move a little further in that direction.”
Worried about its massive DVD sales, retail behemoth Wal-Mart has told some of Hollywood's biggest players it will retaliate against them for selling movies on Apple's iTunes.
Last year when Disney announced it would begin offering episodes of the hit shows "Lost" and "Desperate Housewives" on Apple's iTunes, the reaction of the world's largest retailer sent shockwaves through the entertainment industry.
Wal-Mart, worried that offering the shows for viewing on iPods would cut into DVD sales at its stores, sent "cases and cases" of DVDs back to Disney, according to a source familiar with the matter.
Now, following Apple's entrance in to the business of selling full-length films for download, the battle between Hollywood and its largest client is getting uglier, as studio executives say Wal-Mart has overtly threatened to retaliate if they go into business with Apple.
So far, Apple has only inked a deal with one studio - Disney - on whose board Apple boss Steve Jobs sits. But after seeing the success Apple had in creating a legal download business for the music industry, the movie industry would like to come aboard.
"We all want to be in the Apple business," said one high-level executive at a major movie studio. But Apple's pricing - $9.99 to $14.99 - is lower than DVD prices at Wal-Mart.
The studios generally charge Wal-Mart a wholesale price of $17.95 for new DVDs, while Apple is paying Disney a wholesale price of about $14.50 per film, according to a studio source.
The last thing studios want to do before the holiday shopping season is to offend their biggest sales outlet; the studios, collectively, rely on Wal-Mart for some $5 billion of DVD sales in the fourth quarter.
But several weeks ago, in the midst of rumors that Apple was close to announcing a deal with Disney, Wal-Mart's David Porter - the executive responsible for stocking the retailer's shelves with DVDs and CDs and whose influence is so immense in Tinseltown that he's been named to Premiere magazine's annual power list - made the rounds of Hollywood studios.
His message, according to a studio exec involved in the discussions: that there would be "serious ramifications" if the studios hopped in bed with Apple.
"They threatened to hurt us in terms of buying less products," said this person.
The situation between Bentonville and Hollywood has gotten so heated and so high-level that Jobs recently phoned Wal-Mart CEO Lee Scott to ask him to moderate his stance, according to a source.
"What they probably will do is not hurt Disney on new titles, but will buy less of their library titles," said one source.
Library titles, however, are where Wal-Mart makes money from DVDs. The retailer typically slashes the price of new releases below cost, making up for it by selling other products to shoppers.
A Wal-Mart spokeswoman said, "We intend to meet our customer needs whether they choose to purchase movies online or in the store and will continue to work hard with all our partners to do that."
Click Fraud Is Growing on the Web
Karen J. Bannan
A year ago, DiamondHarmony.com, an online jewelry store, decided that it had outgrown its sole source of advertising, which was eBay. The company added an elaborate marketing effort on search engines that included a pay-per-click advertising campaign based on keywords and phrases. For its trouble, DiamondHarmony became ensnared in click fraud.
Instead of actual prospects, the clicks were coming from fraudulent sources. The fraud, which cost DiamondHarmony $17,000 over seven months, was uncovered through analytical software the company installed from ClickTracks of Santa Cruz, Calif.
Click fraud most commonly happens when renegade partners, who get a portion of the fees earned by a search engine each time a paid link is clicked, deliberately generate excessive clicks with no chance that any of the clicks will result in a sale for the business that is paying for them.
The spurious clicks can be generated through automated programs or by paying people to spend time clicking over and over on a link.
As for DiamondHarmony, the company was initially spending about $45 to $50 a day on each of the eight search engines where it placed advertising, said Joe Tedd, its manager for search strategies.
The week before Thanksgiving, however, Mr. Tedd started seeing a large increase in clicks from one engine in particular, while its corresponding conversion rate — the number of sales in relation to clicks — kept going down.
“In November, we saw the number of searches going up on all the engines we had placement on,’’ Mr. Tedd said. “But while all the other engines were seeing higher conversion rates, this one engine was doing so poorly, we actually took the campaign offline.”
“The search provider was syndicating the keyword to partner publishers, but while the clicks were being counted on the publisher’s site, they weren’t coming through to our site,” he added.
Businesses can also fall victim to click fraud at their competitors’ hands. Companies vying for the same position on a list of paid search results may click often enough on a competitor’s ad to push the rival over its spending limit — knocking them out of paid search listings temporarily.
Companies typically set a daily budget for individual search terms as well as their entire campaign.
This year eMarketer Inc., a research firm, estimated that the overall online advertising market for 2006 would be $16.7 billion; paid search was expected to reach $6.9 billion by the end of the year. The company on Monday will revise those figures.
The overall online market is being re-evaluated down by 3 percent to 6 percent. Search engine marketing’s share of that market, however, remains constant.
The scope of the problem depends on who is describing it. Business owners like Iain Burton, the chairman of Aspinal of London, a manufacturer and seller of fine leather items, says click fraud is much more pervasive than the search engines acknowledge. Mr. Burton, who spends about $50,000 each month for paid search advertising, said he was amazed at how blatant it could be.
“I used to make money on pay-per-click advertising; I’d say it used to be really good. But it has become ridiculously expensive. I’ve lost tens of thousands on click fraud over time.”
Search engine providers disagree and say the overwhelming majority of fraudulent clicks were never seen by advertisers because they were discovered and removed. A Yahoo spokeswoman, Gaude Paez, did say, however, that click fraud is a serious, but manageable, challenge.
“We believe that our entire industry must be vigilant in staying one step ahead of spammers,” said John Slade, senior director for Yahoo’s Clickthrough Protection.
Click Forensics, a consulting firm based in San Antonio, puts the number of fraudulent clicks at about 14 percent of total clicks, based on a recent survey of more than 1,300 online marketers.
The truth probably lies somewhere in between, said Danny Sullivan, the editor of SearchEngineWatch.com, an online industry newsletter.
Google, the search leader, agreed to pay $90 million to settle a click fraud class-action suit — with up to $30 million of that allocated for legal costs. In July, Google’s proposed settlement was approved by an Arkansas judge who called the ruling “fair, reasonable, and adequate.”
Still, 556 advertisers opted out of the class-action suit, leaving the door open for additional lawsuits. And in June, Yahoo agreed to pay litigants’ legal fees, estimated at $4.95 million, and provide credits to any company that could prove it was a victim of click fraud from January 2004 through this year.
What makes the problem worse, industry followers say, is that many instances of click fraud go undetected. “We’re not at a point in Internet history where we can easily point to a number and easily point to a solution,” said Dana Todd, president of the Search Engine Marketing Professional Organization. Moreover, “the technology solutions out there to combat the problem are neither free or easy, especially for small businesses that are already overwhelmed by search engine marketing.”
Indeed, while larger companies expect — and can usually afford — to pay for some measure of click fraud, smaller companies have no choice but to ferret out inaccuracies, Mr. Sullivan said. The best way to start, he said, is to measure conversions to see if the ads are working.
But for many smaller business, Ms. Todd says, the only way to monitor the problem are either manually auditing clicks or using campaign management software or services. And often that seems not worth the bother.
“You have to look through all your data and see what clicks came in from where, and why they didn’t convert, which is fairly time-consuming and technical,’’ she said. “You can use some of the freebie trackers, but they may not give you the level of transparency to be able to understand what’s happening on your site.’’
“We believe that some of the biggest offenders,’’ she added, “are doing it in such minuscule amounts that it stays below the radar — a nickel here, a penny there — but it adds up in a huge way.”
Mr. Burton of Aspinal said he was forced to hire a professional pay-per-click management company to address the issue, and found that he had lost $10,000 over three months to click fraud.
“It’s a bigger problem with companies outside of Google,” he said. “When you look at your stats and find that — with a popular keyword — some smaller engine is sending through 10 times more traffic than Google, which gets by far the largest amount of traffic, then you know there’s a problem.”
Shuman Ghosemajumder, Google’s business product manager for trust and safety, said a company’s search provider should do the sleuthing.
“We’ve got a system of real-time detection filters that constantly scan for suspicious activity based on the rules we’ve set up,” he said. “The vast majority of invalid clicks are handled by them. We’re also manually reviewing to detect publishers who might be generating fraudulent clicks. When we do find out, we terminate that publisher.’’
Download Start-Up Takes Aim at DVDs
Video download site EZTakes doesn't have the same selection of first-run films and TV shows that sites like Movielink or Apple Computer's iTunes do, but it offers something else: Consumers can burn movies to a disc.
The Easthampton, Mass.-based start-up, which is removing the beta label from its movie download service this week, hopes to carve a name for itself in the highly competitive digital entertainment realm by providing convenience.
With EZTakes' service, users order a movie or television show online, with prices ranging from free to $12 and above. The company's servers then send a digital copy to the consumer's hard drive, and they can burn two copies to blank DVD discs and watch what they downloaded on their TVs or other device.
"We've found people always don't write the name of the movie on the disc, so you can have a backup copy," said CEO Jim Flynn.
Currently, most movie download sites don't let consumers burn downloads to DVDs. Some sites, such as Amazon.com's Unbox, let consumers transfer a download from one PC to another, but not copy it to a disc. As a result, movies often have to be watched on a small PC screen.
EZTakes, though, will likely face strong competition from established players and several newcomers. In addition to the online movie service Amazon is expected to launch soon, the company has started to more actively promote its CustomFlix service. In CustomFlix, consumers order obscure content and CustomFlix sends them a custom-burned DVD.
AOL also announced recently that it will let consumers download TV shows and movies to their computers and play them back on plasma or LCD TVs. The service, however, initially will work only with Viiv PCs. Sites like Veoh Networks are also making it easier to find the sorts of cult classics EZTakes specializes in.
Apple, meanwhile, next year will let consumers who buy movies from its site watch them on TVs if they also own iTV, a newly unveiled piece of hardware that lets consumers stream movies or music to televisions. Devices similar to iTV have failed to sell in the past, but they were released when video download services were just beginning to take off.
Bring me the head of Ed Begley Jr.
While Movielink sells first-run films, many of the offerings in EZTakes are relatively obscure: "The Mind Reader," a 1934 film starring Claude Rains as a phony mind reader; "Blood Sucking Freaks," regarded by some as one of the cult classics of our time; and "Tall Tales and Legends: The Legend of Sleepy Hollow" starring Ed Begley Jr. and Beverly D'Angelo.
Still, the selection is improving all the time, Flynn said. Through a deal with Koch Entertainment, a large music and film distributor, EZTakes can sell customers "The Umbrellas of Cherbourg," for $15.99. Amazon sells it for $21.99, although Amazon affiliates sell new copies for around $14.
The site also offers the critically acclaimed 2004 documentary "Supersize Me"; the Marlon Brando western "One-Eyed Jacks" (for $1.99); and a version of "The Old Man and the Sea" starring Anthony Quinn. Episodes of "Wild Kingdom"--the ones where Marlin Perkins ordered his cheery assistant Jim to wrestle with alligators and other dangerous animals--are also available.
Consumers also download a lot of yoga and exercise videos, Flynn added. The service, which went into beta last year, currently touts a few hundred movies and some 20,000 registered users. Roughly 80 percent of people who have bought one movie have come back as repeat customers, according to Flynn.
Generally speaking, the company sells its movies for less than what the DVDs sell for in stores because the movies are downloaded electronically. Films from Koch sell for around 25 percent to 30 percent less than the store-bought DVD versions of the same movies. Many of the classic movies, such as the Lon Chaney version of "The Hunchback of Notre Dame," sell for $1.99 because the movies have entered the public domain.
Soon, the selection will also resemble, and perhaps compete with, Wal-Mart's. Mill Creek Entertainment, which provides many of the TV shows and movies--including the Essential Ernest Collection and a lot of old John Wayne movies--sold in the end-cap displays at big-box retailers, has signed with EZTakes. The deal will approximately double the number of films offered on the site.
Flynn says he has also begun to speak more to major movie studios. "There are a couple of major studios where executives are saying 'My marching orders are to try everything,'" he said.
Piracy remains a problem, but it can be contained. The company inserts copyright protection into its downloads to prevent excessive copying. It also has a fingerprint function tracing copying back to the source. Besides, Flynn added, it's not like other protection systems are foolproof.
"I could teach a chimp to copy a DVD" protected by DRM schemes from other vendors, he joked. "Maybe there is some lower order of primate, like spider monkeys, that couldn't do it, but it's relatively easy."
Woman Says RIAA Cannot Introduce Songs into Lawsuit if it Has Not Produced Song Files
In UMG v. Lindor, the defendant Marie Lindor has made a motion to preclude the RIAA from introducing into the case songs as to which it has failed to produce the song files.
Ms. Lindor's lawyers submitted to the Court the RIAA's interrogatory responses where the record companies had stated under oath that their case was based upon (a) Media Sentry's detection of song files being 'distributed' and (b) Media Sentry's allegedly making "perfect digital copies" of those files.
Ms. Lindor's attorneys argued that the RIAA cannot prove that it made perfect digital copies of the songs if it doesn't have the song files.
The MPAA Surrenders in War Against Piracy
Somewhere in the bowels of Stansted Airport in London once sat Lucky and Flo, two Labrador retrievers, the latest weapons in the war on piracy.
Originally commissioned by the UK's FACT (Federation Against Copyright Theft), Lucky and Flo are now employed by the Motion Picture Association of America (MPAA), which plans to take the dogs on a "world tour", sniffing out fake DVDs in cities around the globe.
It's a high-profile war, and apparently no expense is being spared. But what about the Web? What if there was an easily accessible source of illegally copyrighted materials, with a search engine, on a site that had participated in a press release with the MPAA itself, touting new automated measures to prevent piracy? Wouldn't the MPAA see the forest for the trees and quickly crack down on the offender?
As it turns out, apparently not.
I'm talking about Guba.com, which offers for-pay online rentals and purchases of licensed movies and TV shows, but also archives files published to Usenet, a collection of text-based newsgroups that can hide encodings of copyrighted material often spread across dozens of separate messages.
At this point, I imagine Guba's chief executive, Thomas McInerney, is slowly turning a bit pink. After I wrote about how Guba makes Usenet-based copyrighted content available to download for free, McInerney emailed me to ask if I accepted bribes from his competitors to write the story. I didn't, and do not.
What I did do, though, was follow up yet again with the MPAA, which unfortunately did not return calls for my original story. My memory here is faulty, but I believe I made five phone calls over a period of three days, to both the Washington D.C. and Los Angeles offices. I'm pretty sure that by the fifth phone call I left a message along these lines:
"Hi, this is Mark Hachman from PC Magazine. I'm calling about Guba.com, a site that is archiving copyrighted content – not clips, mind you, but whole files – and making them available for download. I believe Guba is a partner of yours, since you co-authored a press release with them in July. Would someone be available for comment?"
I thought that such a message would instantly put me in touch with someone on the MPAA's legal team, eager to crack down on the offending site. Nope. It instead prompted this statement, given to me Thursday night by a spokeswoman in the MPAA's Los Angeles office. ("Johnny" is the name of the automated filtering software Guba developed.)
"It's our understanding that Guba.com is committed to using 'Johnny' to filter MPAA movies on their network," the spokeswoman said. "They've been working with us in good faith, and they'll continue to do so. We have a relationship with Guba, and they have a commitment into making sure that they don't offer copyrighted content. We'll continue to monitor the situation, and if for some reason it doesn't happen we will talk to them."
Compare and contrast that statement with one offered by the MPAA a year ago:
"The MPAA has developed a multi-pronged approach to combat piracy, and we are working to deliver our movies to consumers in new and innovative ways," Gayle Osterberg, a spokesperson for the MPAA, said then. "However, when it comes to consumers stealing our product, we also have a very aggressive enforcement aspect to our anti-piracy program. In cases where people are illegally downloading films, there is a great likelihood that they risk being sued at some point down the line."
When I asked the MPAA representative to view the Guba site to confirm that copyrighted files were available there for free download, apparently illegally, the spokeswoman refused. When I offered to point her to an apparently illegally ripped DVD copy of The Ring available on the site, she also declined. Continued...
As for the UK sitcoms available on the site, Eddy Leviten, who heads the communications department at FACT, said Friday that the agency's hands were tied, as it's a site hosted within the U.S.
Remember that the original story pointed out that Guba's sci-fi section contained numerous examples of TV shows, from Star Trek to Stargate SG1. Each file may be watched on the site, without special software, in its entirety, then downloaded to a user's hard drive, or transcoded into a format for playback onto an Apple iPod or Sony PSP.
Think about that for a second. BitTorrent doesn't offer that capability. No file-sharing program that I've ever heard of does either. What an honestly amazing convenience that is. Even licensed sites such as CinemaNow don't offer the ability to download files in alternative formats, even though they too offer "free files". For every "The Saint" episode offered by CinemaNow, however, there's an Attack of the Giant Leeches. No thanks – I'll take an old episode of WKRP In Cincinnati instead. Thanks, Guba!
Keep in mind that Guba is offering licensed content, from Warner Bros., typically available at the top of the screen when performing a "general videos" search. That's not the content that I'm referring to. I suspect that a deal with Universal (the owner of Star Trek) might be a bit delayed, however, as there's no point in selling content when it's being offered for free a few inches down the page.
McInerney's argument is that sites like YouTube also offer copyrighted content. "There is essentially every copyrighted video work ever made in the history of mankind on YouTube," he wrote in an email. "Yet for some reason, you chose to write a story about copyrighted content 'running wild' on Guba. It's patently absurd."
There's some validity to his comment, and to a separate one that BitTorrent (which has also joined with the MPAA) also can be used to find copyrighted files. BitTorrent is a protocol, however. YouTube, moreover, mainly hosts clips of files, not the whole enchilada. I'm not going to claim YouTube is offering a "fair use" defense, but keep in mind this reference from the U.S. Copyright Office:
"The 1961 Report of the Register of Copyrights on the General Revision of the U.S. Copyright Law cites examples of activities that courts have regarded as fair use: "quotation of excerpts in a review or criticism for purposes of illustration or comment; quotation of short passages in a scholarly or technical work, for illustration or clarification of the author's observations; use in a parody of some of the content of the work parodied; summary of an address or article, with brief quotations, in a news report; reproduction by a library of a portion of a work to replace part of a damaged copy; reproduction by a teacher or student of a small part of a work to illustrate a lesson; reproduction of a work in legislative or judicial proceedings or reports; incidental and fortuitous reproduction, in a newsreel or broadcast, of a work located in the scene of an event being reported."
Fair use does not include the republication of the whole of the original work. Your argument fails here, Mr. McInerney. Continued...
And as for the argument that savvy uploaders are gaming the system by using misleading file names – before I called Guba, the filtering software apparently didn't catch the files named "Battlestar Galactica," two words which, as far as I know, do not exist outside of the context of the television show. And I think this is now the third time I have pointed out that the majority of the files in the science-fiction section are copyrighted files. For Pete's sake, the site has a dedicated "TV Shows" section!
Of course, the whole problem could be solved by simply capping the duration of published videos at 20 minutes or so, less than the length of a U.S. TV show. Apparently the site's owners haven't thought of this, even though its competitors have.
But here's the rub: in February, the MPAA filed suit against sites including TorrentSpy and BTHub, arguing that even links to copyrighted content encourage people to download illegally. Meanwhile, Guba happily provides copyrighted content to the public. And the MPAA has utterly lost the moral high ground, if it hadn't already.
The only conclusion I can draw from this is that the Guba archive is an MPAA-sanctioned supply of copyrighted content. Maybe this is a social experiment, a quiet no-mans-land where users sick of paying $24.99 for a new DVD and studio execs burned out on the Hollywood lifestyle can swap a few bits with the average joe. Seriously, if a site provides downloadable content using an MPAA-approved filtering algorithm to weed out copyrighted content, isn't that a safe argument that downloaders should be free from liability?
So apologies all 'round, then. I clearly have missed the gaping hole in the MPAA's position, that of leniency to its partners.
Guba's McInerney says that "if our only job was to police for copyrighted content, it would be one thing, but we have features and technologies to build at the same time in a very competitive environment."
What a brilliant argument that is. I think that the next time the MPAA sends a cease-and-desist letter to a university student, that student should point out the "features and technologies" he himself is working on, as a part of his education. Do you live in a "competitive environment"? I do.
Look, Mr. McInerney, I feel sorry for criticizing your business model so harshly. But you've picked your side and joined forces with the MPAA, which has adopted an absolutist position with regards to piracy, a war that, as you're proving, can not be fought on all fronts. I sincerely hope that you aren't threatened with a suit filed by the MPAA, as others have been.
It's just a shame that you, and Guba, don't provide enough files for users to download a whole season's worth of Star Trek: Voyager, for example. I found just sixteen episodes. But don't worry; all in all, there's enough to last your customers a long, long time.
Just don't burn it to a DVD. Poor Lucky and Flo wouldn't know what to do.
Ithaca College and the RIAA
The RIAA is our friend : )
"As you may know, the entertainment community has become increasingly concerned about illegal file sharing on universities’ Local Area Network (LAN) using such programs as Direct Connect (DC++), MyTunes/OurTunes (both well-known hacks of Apple's iTunes software) and other similar programs. Our industries have recently launched a systematic program to identify and curtail campus Local Area Network (“LAN”) piracy. We write today to inform you that we have information indicating such a problem exists at [SCHOOL]."
Thus wrote entertainment cartel capos Cary Sherman of the RIAA and Dan Glickman of the MPAA (Motion Picture Asssociation of America), in April, to 40 university presidents in 25 states.
Clerks responsible for sending the email presumaby replaced [SCHOOL] with the name of the appropriate institution.
Now, "In its latest strategy for dealing with illegal file sharing on college campuses, the Recording Industry Association of America (RIAA) is asking for help from college administrators to deal with the growing trend of students sharing copyrighted files on local area networks (LANs)," says Ithaca College's The Ithacan.
And why not? After all, it's now routine for the Big Four Organized Music's RIAA and the Big Six Hollywood studios' MPAA to use school staffs as industry cops with local tax-payers footing the bill.
The story has Dave Weil, director of Web systems for Ithaca's information technology services, pointing out Apogee Telecom handles the college’s residential Net and it hadn't said anything about students sharing copyrighted files through residential LANs.
But, "If the college became aware of it, it's against our policies, so we would investigate and take appropriate action," Weil said. And Mike Leary, assistant director of judicial affairs, said his office has sent out more than 250 warning letters since 2003 to students identified by Apogee, "for illegally sharing files on the Internet," The Ithican states.
"We're heartened to see Ithaca staff following instructions so closely," said RIAA boss Mitch 'The Don' Bainwol.
Just kidding. He didn't really say that.
Meanwhile, sophomore Kyle Rogers had heard from Apogee, "for illegally sharing a copy of a computer game on Bittorrent". Apparently, "Students using Bittorrent share files with Internet users outside of the college, so it can be traced," states The Ithican.
Anyway, "Rogers said he immediately complied with the e-mail, which instructed him to delete the files and notify Apogee that he had done so to avoid a lawsuit. Rogers said several of his friends had also received similar e-mails and promptly deleted the illegal material from their computers as well.
"I had no idea I was being monitored," The Ithacan has him saying. "I was pretty freaked out."
"As you are no doubt aware, these issues are critically important to not only us, but to all communities that value the protection of copyright and intellectual property," adds the email. "We look forward to working with you as we continue to pursue a comprehensive approach to addressing piracy on college campuses: promoting educational efforts; working with university administrators on technological solutions and offering legal music and movie services; and when necessary, enforcing our rights as appropriate."
Ithaca College wasn't on the original RIAA/MPAA mailing list.
Microsoft Admits WGA Failures “Coming Up More Commonly Now”
Scrolling through the posts on Microsoft’s official WGA Validation Problems forum is like reading accident reports from a multiple-car pileup on Interstate 5. Many of the victims are completely innocent and have no idea what hit them, and cleaning up the mess can be a nightmare.
Even a casual reading of the posts at the WGA Validation Problems forum makes it clear that WGA has serious problems. But Microsoft refuses to share any hard data about WGA installations, making it impossible for independent observers to quantify the extent of the problems. Until now, that is.
With the help of a researcher, I went through a sample of 137 recent problem reports from actual Windows users, posted publicly on the WGA Validation Problems forum. Our research was the online equivalent of listening in to two weeks worth of calls to Microsoft’s support lines. The results we found directly contradict Microsoft’s insistence that "only a handful of actual false positives have been seen."
According to our analysis, 42% of the people who experienced problems with WGA and reported those problems to Microsoft’s public forums during that period were actually running Genuine Microsoft Windows. That’s not just our opinion, either. Those statistics were reported by the Redmond-approved Microsoft Genuine Advantage Diagnostic utility.
In our research, we discovered that two Microsoft employees have publicly and repeatedly acknowledged that a particular type of WGA false positive is "coming up more commonly now." We found a widely used security tool from McAfee that triggered WGA failures on perfectly legitimate systems. And we read dozens of reports from frustrated Windows users whose systems are running legally licensed copies of Windows XP but who are blocked from receiving security updates via Windows Update and who are blocked from installing premium Microsoft downloads such as Internet Explorer 7 because the WGA tool mistakenly identified their Windows installations as counterfeit.
Our methodology was as follows:
o We reviewed all discussion threads from the WGA Validation Problems forum, beginning with threads started on August 1 and continuing in sequence until we reached new discussions dated August 15. Choosing this range of dates allowed us to be certain that Microsoft representatives had had sufficient time to respond to every post. We also looked at a sample of more recent posts and found reports that were similar to those during the sample period.
o We counted only forum threads containing output generated from the Microsoft Genuine Advantage Diagnostic utility. Microsoft’s representatives insist that users run this utility and paste the results for analysis before they will agree to resolve any issues on this forum. This effectively eliminated "chatter" and posts that didn’t directly relate to WGA.
o We tabulated the Validation Status field to divide the total sample of problem reports into the "buckets" Microsoft uses to classify Windows users for its WGA program. The overwhelming majority - all but 6% - of the validation results fell into four categories: Genuine, Blocked VLK, Invalid Product Key, and Not Activated.
As the graph shows, 39% of problem reports were from people who were indeed using counterfeit software, activated by an invalid product key or a stolen or leaked volume license key that has been blocked by Microsoft. But we were shocked to discover that the largest group of reported problems - representing 42% of the reports in our sample - came from people running copies of Windows that were Genuine, according to the MGA Diagnostic tool.
We have every reason to believe that this group is a representative sample of people who have experienced unexplained WGA notifications telling them they’re running counterfeit software. (Obviously, it doesn’t include people who knowingly installed counterfeit copies of Windows.) If anything, they represent a slightly more sophisticated group than average, because they were able to track down the WGA Validation Problems forum. But there’s no indication that this group is otherwise atypical.
So, where did those false positives come from?
One large group consists of people who, for some unexplained reason, were displaying cryptographic errors related to digital signatures. The problem is so common, in fact, that Microsoft representatives have a canned response they paste into replies to forum visitors who appear to be showing false positives caused by these errors. Here’s a sample of the canned text, posted by Microsoft’s Phil Liu. We read these exact same words over and over and over again in forum threads during our sample period:
The issue seems to lie with the "unknown" signature that is coming up more commonly now. The "unknown" signature denotes a problem with detecting digital signatures. [emphasis added]
That snippet - "unknown signature … coming up more commonly now" - appears in at least 30 different threads between July 31 and September 18. The solution isn’t easy, especially for a computer novice. Microsoft’s representatives instructed users to open a Command Prompt window and type 10 separate commands to re-register system DLLs. The repair procedure worked, but this victim’s response was typical:
That fixed the problem. I was able to get the updates and no more counterfeit messages. I think there is an issue with this new validating software. I am for stopping piracy - but this is crazy.
Another set of problems were caused by a registry-cleaning utility called QuickClean, which is part of McAfee’s Internet Security Suite. According to McAfees’ promotional copy, "McAfee QuickClean technology helps optimize your computer performance, eliminating drive-clogging ‘Internet build-up’ (e.g., temp files, cached files, file remnants, Active X code), unused programs and other unnecessary clutter to free up valuable disk space." Unfortunately, it also "cleaned up" the information the WGA utility used to identify legitimate copies of Windows XP.
A post on McAfee’s support forums first reported this problem on July 31. This thread, started on August 11, is the first to document the problem on Microsoft’s support forums:
One of the tools on the new Security Center is a "quick-clean" tool, which I ran because my computer was running a bit slow. The next morning, after a McAfee security (definitions) update and a reboot, WGA flagged my computer as non-genuine.
Over the next three weeks, another nine users added posts to this thread saying they were experiencing identical problems. Microsoft’s Phil Liu posted an update on August 31, confirming that McAfee had finally issued a patch on August 30. In other words, users of a very popular security suite for one full month were one click away from falsely being accused of running counterfeit software. That problem is now solved, but there’s no indication that WGA is robust enough to protect itself from other system-level utilities that might cause similar problems in the future.
And then there are the Microsoft customers who receive no help at all after reporting that WGA notification messages were flagging their software as counterfeit even when the MGA Diagnostic utility showed it was Genuine. Most get canned responses telling them to go visit Microsoft’s WGA Diagnostic page or update the WGA Notification utility or run a command to re-register the Wgatray.exe program. This thread is typical, with two separate customers reporting that the canned responses didn’t work and no follow-up from Microsoft. We found dozens of these cut-and-paste responses to Microsoft customers reporting that their Genuine software had failed WGA validation. Did the fixes work? No one knows, because the original posters either never returned to the forum or never posted a reply. Only 20% of the forum threads we looked at included a follow-up message from the original poster indicating that they had solved the problem.
And the reports we analyzed here are from customers who actually managed to find their way to the WGA Validation Problems forum. On our test machine, running a counterfeit copy of Windows XP supplied to us by Microsoft, clicking the pop-up WGA Notification bubble led to a page that offered to sell us a Windows Genuine Advantage Kit for $149. The page includes no acknowledgment that the errors might be caused by problems with digital signatures, with third-party software, or with a failed WGA Notification installation. Since I published Busted! What happens when WGA attacks (including this Image gallery showing the WGA process at work), Microsoft has made no attempt to improve the help it offers users who may be experiencing false positives.
How many legitimate customers are simply paying Microsoft an extra $149 because it’s easier than going through the hassle of working out the problem? If the answer is more than zero, it’s too many.
Last Thursday, I contacted Microsoft’s WGA team and offered to discuss the details of this story with them so they could comment on it. Despite repeated follow-up messages from me, they have declined the opportunity to hear about this story or to comment on it.
Update 26-Sep 6:15AM PDT: After this story was posted, a Microsoft spokesperson who had not read the story and had declined the opportunity to review any details about our findings sent an e-mail statement affirming the company’s confidence in WGA. You can read that statement in this follow-up post.
Between work and personal e-mail, multiple banking and retirement accounts, two association memberships, photo sites, Web communities, and retailers like Amazon.com and eBay.com, C. David Gammel maintains 130 online accounts, each requiring a user name and password.
Gammel tracks his sundry log-in information in a file on his computer, but on at least two occasions he's confused or mistyped his password, and been locked out of his SunTrust bank accounts, forcing him to call the bank or look for an open branch to regain access.
"It's frustrating -- if understandable," said Gammel, a consultant in Silver Spring. He has also been denied access on a news site when he couldn't remember his log-in information, he said. "I bail on them if I'm having a difficult time," he said.
Password peeves come as a cost of doing business online using multiple computer applications. A typical professional relies on a dozen or more programs or Web sites to manage his life at home and work, and many of those require user authentication for access.
But the increased reliance on technology and the commensurate accumulation of passwords has reintroduced human fallibility into the security equation. Consumers' memories are straining under the pressure of remembering so many passwords. And when they fail to, companies increasingly are having to rely on the judgments of their employees to decide how to field calls from forgetful customers.
The average number of passwords used at work is between six and 12, and is increasing at about 20 percent a year, according to RSA Security Inc., a software and security consulting firm. To make matters more complex, Web sites and workplaces often ask users to change passwords at regular intervals, or require a mix of lower-case and capitalized letters, numbers, and special characters such as "#" or "$" -- a practice that makes it harder for a hacker to guess at a person's password.
But the abundance of frequently changing passwords -- and the confusing jumble of permutations and combinations most computer users create -- are not only inconvenient, they often undermine the very security goal they were meant to achieve.
At two-thirds of companies, workers kept passwords by writing them on a piece of paper kept in the office, according a study released last week by RSA. Another 59 percent stowed them in files on their computer, and 40 percent wrote them on sticky notes pasted around their computer monitor, allowing any passerby to see.
"There's a tradeoff between convenience and security that people don't think about very much," said Jim Harper, director of information policy studies at the Cato Institute, who said he keeps a file tracking at least 50 logins and about 25 password variations. "Technical people have been working on this for a long time, but it's hard to come up with something that's easy and secure."
Like many users, Kimball Brace, president of the consulting firm Election Data Services Inc., rotated between three or four standard iterations of his password, a system that worked for a while.
"I'm a heavy Internet user and a heavy computer user, and as such I'm always hitting various new sites, so I do see a proliferation of passwords becoming necessary," but the convenience and access can come with a frustrating price, he said.
Once, when Brace was on the road, he tried to log into his airline's Web site from a computer kiosk, but couldn't remember his password.
"You've got three chances to remember what you did," he said. When he couldn't, the site blocked him and he was forced to fly another airline.
Password management has become such a problem that it has spawned a small technology sub-industry.
Dozens of companies such as Siber Systems Inc. in Fairfax make software that consolidate various passwords under a single master password. Siber Systems, for example, has a program called Roboform that automatically unlocks all the sites users visit, by consolidating all log-in information into one master password. (Even password management has its limitations. If users forget the master password, they're simply out of luck and must re-register.)
Sites like Bugmenot.com have surfaced in response to the frustration of having to register for an account just to read a news story, for example. That site lists generic usernames and passwords that anyone can use to gain access, as well as a system that allows users to note whether the name and password worked or not, keeping the list fresh.
Many users permit Web sites to send cookies, or small bits of identifying information, back to the computer so the site remembers when a registered user returns. Many password-protected sites also anticipate the need and offer "forgot your password?" links that e-mail the password, or send a new one, to the user's e-mail address.
In the future, biometric markers such as fingerprint scanners -- some of which are on newer computers -- might be the future of solving the problems of password protection, some security experts say.
Acquiring someone's password by masquerading as someone who has forgotten one is often the pretext criminals use to obtain private information -- a major security problem that's entered the limelight in recent weeks.
Password fatigue has created a rich environment for identity exploitation, said Robert Douglas, an information security consultant. Reinstating customers like Gammel -- rightful users who get blocked from accounts after failing to enter the correct password -- creates a problem for companies, which then need to authenticate a customer's identity through other means.
"Look: I can't remember all these PINs or passwords, and I'm about to get on a plane" a criminal might say to a call-center operator to cajole them out of a password, said Douglas, a former private investigator who researches non-technical methods people use to hack into private information. Often, the only additional information the hacker might be required to provide is easily obtainable biographical facts like the last four digits of the account holder's Social Security number, or their mother's maiden name, he said.
"We live in a generation that wants instant access, and they want it yesterday ," he said. "Companies don't want to anger a real customer" who might have forgotten a password, he said, but in accommodating that request, they might be giving information to a criminal.
Encryption Expert Teaches Security
It must say something about our times that Bruce Schneier, a geeky computer encryption expert turned all-purpose security guru, occasionally gets recognized in public. "My life is just plain surreal," he says.
Schneier, 43, has made it so by popping up whenever technology and regular life intersect, weighing in on everything from the uselessness of post-Sept. 11 airport security measures to the perils of electronic voting machines and new passports with radio chips.
He does it by writing books, essays, a frequently updated Web log and an e-mail newsletter with 125,000 subscribers. It helps that he has never met a reporter whose phone calls he will not return. "I'm a media slut," he admits.
That might make it tempting to dismiss the bearded, ponytailed Schneier as being in the business of promoting Schneier. Of course there's some of that _ he has a program "ego-scan" his book-sales ranking on Amazon.com every hour.
But that doesn't detract from the respect he engenders.
A former Pentagon and Bell Labs technologist who invented important methods of cryptography and wrote a textbook on the subject (meriting him a mention in "The Da Vinci Code"), Schneier has testified to Congress and shared ideas with Rand Corp. researchers. Even though he has denigrated the billions spent on airport security as almost entirely wasted, the Transportation Security Administration asked him for advice about its passenger-screening program.
"Bruce Schneier is a master of explaining security, and a master of telling us why security and freedom are the same thing, why security can't ever be had at freedom's expense," says Cory Doctorow, an author and fellow at the Electronic Frontier Foundation.
Schneier sees himself as a teacher dispensing clear-headed lessons in an era poisoned by irrational fears of terrorism. "I'd like everyone to take a deep breath and listen for a minute," he wrote in a recent online essay.
His favorite topic these days is the intersection of security, economics and psychology.
For example, Schneier blasts almost all airport screening measures as meaningless "security theater" that makes people incorrectly believe they are safer. After all, who says the next terrorist attack will involve the methods used last time? Who says it even has to involve airplanes?
"The game of having all these tactics is one we can't win because terrorists get to see it in advance," he says. "By definition you're going to pick a plot we're not going to catch. It's a game we can't win. Let's stop playing it."
Instead, Schneier says the game ought to be about stopping bad people _ mainly through better intelligence and police work. That money would be much better spent, he says, than making sure security screeners confiscate corkscrews or any other particular item from passengers.
"Airport security only works against the sloppy and the stupid," he contends. "We can't keep weapons out of prisons; we can't hope to keep them out of airports or subways."
Taken to its logical end, Schneier's alternative security recipe of better policing could seem to be a call for stronger surveillance or data mining. But Schneier _ a member of the American Civil Liberties Union _ says he opposes many such tactics not so much on privacy grounds but because they're bad security.
How so? Because snooping through vast storehouses of personal records in search of clues to terrorist activity invariably turns up too many wrong leads to be cost-effective, he argues. These methods can sniff out the predictable crime of credit card fraud, for example, but terrorism is much rarer, he notes.
This being Bruce Schneier, he's quick to illustrate this lesson. Having lunch in a hip bistro, Schneier points out that the restaurant serves food even before the patrons pay. It would seem to be bad security _ people might walk out on the bill. Yet the practice makes social sense.
"People are inherently good," Schneier says. "Otherwise, society would fall apart."
To some ears, Schneier's analyses are too simplistic.
"I regard his views, frankly, as dangerous," says Clark Kent Ervin, a former Department of Homeland Security inspector general who argues that incompetence at the agency has left gaping security holes.
He says Schneier erroneously claims "the threat is exaggerated and we're overreacting."
"Some people (including policymakers) take this view seriously and, therefore, are deluded into thinking that we're safer than we are," says Ervin, director of the homeland security program at the Aspen Institute. "His writings can be used as an excuse by DHS and its supporters for DHS' not having done more."
Although his career began at the Department of Defense _ he won't say what he did there _ Schneier is used to challenging prevailing ideas in government. In the 1990s, he objected to Clinton administration attempts to stifle the spread of encryption, the science of obscuring data to keep it secret. Schneier stressed then that computer cryptography was of huge economic value because of the security it gave companies and people against intruders.
But Schneier soon saw that those claims were overstated.
While encryption has its place _ it is what secures Web-based banking and shopping _ Schneier realized that too often it was deployed in silly ways. For example, some companies let employees unlock encrypted files with simple passwords, which often ended up being easy to steal or guess.
In other words, all the technical sophistication in the world can lock data from prying eyes, but if people leave the keys in the open, not much security results.
Since then, Schneier has been on his mission to explain that security is a complex system unlikely to be saved by technology alone.
Some commentary seems to emanate from him almost daily, on top of his duties as chief technical officer for Counterpane Internet Security Inc., a network monitoring company he co-founded. He and his wife, Karen Cooper, also find time to contribute restaurant reviews to the Star Tribune of Minneapolis.
Schneier has repeatedly said "we are one attack away from a police state," and says such a civil-liberties crackdown would be even more likely under a Democratic administration. That is from the same school of thought that only an ardent anticommunist like Richard Nixon could get away with engaging with Red China in the 1970s.
But beneath Schneier's someday-I'll-say-I-told-you-so realism is a streak of optimism. He fully expects to change people's minds about the need for cost-effectiveness rather than showmanship in security.
"Eventually we will all come to our senses about security," he says. "I think it's 10 to 20 years. A generation."
A skeptic demurs. Isn't it an insoluble aspect of human nature to be greatly governed by our fears, even when we know they're irrational? Most people know driving is more dangerous than flying, but few of us grip the armrests when a car pulls out of the garage.
"That is what reason is about. That's the beauty of being human," Schneier responds. Being afraid of something and doing it anyway, he contends, "that's what courage actually is."
On the Net:
Schneier's blog: http://www.schneier.com/blog
A tongue-in-cheek geek tribute to Schneier:
Messages That Go `Poof' After Sending Them
A hallmark of "Mission: Impossible" was the message that would self-destruct after a spy played it. Now a startup communications company promises that same level of secrecy with a Web-based messaging system designed to leave no traces.
The VaporStream system from Void Communications LLC is envisioned as a complement to e-mail and instant messaging, both of which leave abundant records.
Let's say Alice wants to discuss something privately with Bob. Alice calls up a VaporStream Web page, which is encrypted by the same method that secures Internet commerce and banking. Then she selects Bob on her list of VaporStream chat partners.
That brings up a new window, where she can type a message. Neither her name nor Bob's appears anywhere. The individual messages cannot be copied or pasted into other programs.
When she sends the message, it no longer is visible on her computer. It goes to a server maintained by VaporStream, where it sits in a sort of holding pattern in a temporary segment of the server's memory.
When Bob checks his VaporStream Web page, he can see that he has a message from Alice and clicks to read it. When it is delivered, it leaves the VaporStream server for good.
When Bob responds, Alice's original message disappears from his computer. On and on it goes, in a conversation in which both parties have to remember their previous lines, making VaporStream more like a time-shifted phone conversation than an e-mail thread.
"Neither the sender nor the recipient has a full copy," said Amit Shah, the co-founder and chief technologist.
VaporStream is scheduled to be unveiled at the influential DEMOfall tech show in San Diego on Tuesday and become generally available in October.
Shah and co-founder Joseph Collins Jr. hope VaporStream's design and low cost - $40 per user annually - will attract companies that are swamped with the challenge of archiving business-critical e-mails and throwing away those of a personal or inconsequential nature.
A company could tell its employees to do all of their informal communications in VaporStream, for example. Besides PCs, VaporStream will be available for mobile gadgets such as BlackBerrys.
That's not to say that this is a natural for the business world.
Financial services firms, for example, are likely to reject VaporStream because of regulatory requirements governing the retention of their electronic communications. Other companies simply might not trust their workers enough to give them a record-less method of communication.
"I don't typically have customers come to me and say, `I'm looking for a messaging system where I can hide all traces of what I'm saying,'" said Matt Brown, a senior analyst at Forrester Research. Of VaporStream's overall prospects, he said, "I'm highly skeptical."
Companies also can set up "blacklists" and "whitelists" for their employees that dictate who can and cannot send VaporStreams to each other.
However, Nancy Flynn, founder of the ePolicy Institute, which trains companies on proper use of e-mail, said she suspects some businesses will welcome VaporStream because it could help them better articulate rules about when employees should and should not use e-mail.
Many e-mails have to be kept for audits, regulatory purposes or lawsuits, but personal messages that invariably get swept into that mix are often embarrassing, not to mention costly to store, she noted.
VaporStream isn't entirely dependent on businesses. Anyone can sign up for $40 a year.
But secrecy-seeking criminals, take note: While the system records no conversation logs, Collins said VaporStream will comply with wiretapping laws. That means the authorities would not be able to review past chats, but they could get warrants giving them the right to put an ear to future ones.
On the Net:
Intel proudly shows off snooping tech
IDF Reads Your PC Even When It's Off
In a laudable effort to make life much, much easier for IT managers, Intel outlined how it intends to widen the scope of its Active Management Technology (AMT).
AMT can effectively snoop on what's inside your PC.
The principle is simple. Details about a VPro or Centrino based PC are saved into non-volatile memory. But, scarily, this information can be read even if the machine's power switch is in the 'off' position.
Armed with such information an IT manager might want to remotely fix a PC. This can be done using Intel’s Trusted Execution Technology (formerly known as La Grande).
Just how powerful this facility can be, was shown in a demo where a connected laptop was rebooted and its BIOS edited from a management console.
Good stuff. But Intel intends this capability to work over wireless networks not just wired (ie fixed Ethernet) links.
Obviously Intel claims this kind of stuff is mega secure. But what if it were hacked? Or what if they hacked it?
You could potentially be woken up in the middle of the night by the sounds of somebody completely reconfiguring your laptop.
Technology for Spying Lures More Than Military
Julie Creswell and Ron Stodghill
In the world of security sleuths and private investigators, it’s billed as one of the biggest events of the year. Some 20,000 experts in the business are gathering this week in San Diego to check out the latest in high-tech surveillance gadgets and sit in on seminars discussing undercover investigations, background checks and interrogation techniques.
One of the keynote speakers is George J. Tenet, the former director of the Central Intelligence Agency.
But many of those attending the ASIS International “Maximum Security” conference will not be there on behalf of the United States government or the military. They work for corporate America, where security is a big and sometimes controversial business, as the executives of Hewlett-Packard have found in the wake of revelations of a covert-operations spying scandal that the company conducted against its own directors and journalists.
There’s no word whether executives from Hewlett-Packard are attending the conference to take in seminars like “Rules of Engagement: The Impact of Security Services Contracts in Future Litigation” or “Trusted Insiders — Preventing Betrayal in High-Risk Times.”
But while H.P. may be in the spotlight for the spying imbroglio in its boardroom, it is far from alone in diving into the murky world of private investigators and secret surveillance.
Companies worldwide spent an estimated $95 billion on security last year, according to the Freedonia Group, a market research firm in Cleveland. While that’s a broad figure that includes spending on emergency planning in case of a terrorist attack and protecting corporate records from hackers, an increasing portion went to high-tech equipment like spyware and specialized data-mining software that was deployed in-house so companies could better see what their own employees were up to.
Outside their offices, corporations are also turning to a vast network of large consulting firms and local ex-cops-turned-detectives that can supply all sorts of personal information and run surveillance on competitors, executives and directors using techniques worthy of the C.I.A.
The problem with all this spying, however, is that technology has far outpaced its users’ knowledge of the laws and ethics regarding privacy, which vary from state to state, say experts.
“In this day and age, it’s not impossible for me to find checks that you wrote and cleared in your bank account yesterday,” said Thomas D. Thacher II, who spent years rooting out fraud in construction projects in New York before forming the investigative firm Thacher Associates. “It is scary the personal information that is available through obviously illegal means.”
In the case of Hewlett-Packard, the company hired private investigators who used “pretexting” — pretending to be someone else — to gather home phone records of directors and journalists it believed were involved with the leaking of secrets from the boardroom. Investigators for H.P. also tried to plant software on a reporter’s computer to track a bogus document it sent to her and considered infiltrating newsrooms with spies masquerading as clerical workers or cleaners.
“The means here did not justify the end,” said George Bradt, chief executive of PrimeGenesis, which coaches chief executives on leadership topics. “They pulled out a Sherman tank to attack a mouse.”
The H.P. episode is not the first time a company has tried to spy on, or to manipulate, journalists. In 1965, General Motors hired private detectives to investigate Ralph Nader after the publication of “Unsafe at Any Speed.” (Mr. Nader later won a court settlement of $284,000 against G.M. for invasion of privacy.) In 1989, American Express admitted to planting defamatory articles about Edmund J. Safra, a former company executive who left to form a competing bank.
Still, corporate security experts say there are plenty of legitimate reasons companies need to be involved in the spy game, or at least to bolster their intelligence-gathering apparatus. Companies frequently tap investigators to unearth compromising data about individuals who have filed lawsuits against them, to scour gray or counterfeit markets for knock-offs of their products or, increasingly, to uncover whether short sellers are working in concert to drive their companies’ stock down.
More remarkably, many defend the practice of pretexting as a useful way for companies to keep track of their competition.
“Pretexting is a valuable investigative tool in its natural form,” said Charles Mittelstadt, a security consultant in Atlanta who has worked with H.P., I.B.M. and Georgia-Pacific in criminal cases. “Company A calls Company B and impersonates a consumer to vendor to obtain vital information about pricing, development plans, etc.,” he said.
But just because a company has the capability to spy, should it? According to some investigators, they, not their clients, are the ones drawing an ethical line in the sand.
“We are frequently asked by clients who watch far too much television whether we can do this or do that. In our engagement letter with them, we make it clear we will not do anything illegal and they should not expect us to,” said Joseph Rosetti, who headed up security at I.B.M. for years before joining Kroll Associates. He now runs his own firm, called SafirRosetti.
“Investigators are going to have problems until they develop a set of national standards to which they must conform,” said Jack Lichtenstein, director of government affairs and public policy for ASIS International (formerly the American Society for Industrial Security), which is host of the San Diego conference.
The biggest challenge companies face when they turn to outside private investigators — and one of the chief appeals of using them — is not knowing and controlling the techniques to be used. That’s because security firms typically farm out parts of the investigation to other firms or local on-the-ground investigators.
“We will pull a number of subcontractors into an investigation. There are firms out there that have strength in the computer-forensic world or S.E.C. matters that can help out,” said Mr. Thacher. “But the further you go down the chain, the more removed the client is from the investigation and their ability to judge or know how the information is being obtained.”
That may have been the case with Hewlett-Packard, experts say.
Hewlett-Packard’s chairwoman, Patricia C. Dunn, has acknowledged that she authorized the investigation, and documents show that its senior counsel and director of ethics, Kevin T. Hunsaker, directed the operation, which involved Hewlett-Packard investigators and several layers of outside detectives and subcontractors.
Already, some companies are trying to cover their tracks in the wake of the Hewlett-Packard spy scandal.
“We just received a retention agreement from a large Wall Street firm in which the specific language was laid out that the consultant agreed not to do things that are illegal,” said Mr. Thacher. “It made us all smile. One would think that goes without saying. But it’s in there now.”
Invasion of the Computer Snatchers
Hackers are hijacking thousands of PCs to spy on users, shake down online businesses, steal identities and send millions of pieces of spam. If you think your computer is safe, think again
In the six hours between crashing into bed and rolling out of it, the 21-year-old hacker has broken into nearly 2,000 personal computers around the globe. He slept while software he wrote scoured the Internet for vulnerable computers and infected them with viruses that turned them into slaves.
Now, with the smoke of his day's first Marlboro curling across the living room of his parents' brick rambler, the hacker known online as "0x80" (pronounced X-eighty) plops his wiry frame into a tan, weathered couch, sets his new laptop on the coffee table and punches in a series of commands. At his behest, the commandeered PCs will begin downloading and installing software that will bombard their users with advertisements for pornographic Web sites. After the installation, 0x80 orders the machines to search the Internet for other potential victims.
The young hacker, who has agreed to be interviewed only if he isn't identified by name or home town, takes a deep drag of his smoke and leans back against the couch to exhale. He smiles. This is his day job, and his work is finished in less than two minutes. In two weeks, he will receive a $300 check from one of the online marketing companies that pays him for his services.
"Most days, I just sit at home and chat online while I make money," 0x80 says. "I get one check like every 15 days in the mail for a few hundred bucks, and a buncha others I get from banks in Canada every 30 days." He says his work earns him an average of $6,800 per month, although he's made as much as $10,000. Not bad money for a high school dropout.
Hacked, remote-controlled home computers, known as robots or "bots," and large groups of robot networks like the one 0x80 runs -- called "botnets" -- are the souped-up cyber engines driving nearly all criminal commerce on the Internet. Botnets are used to relay millions of pieces of junk e-mail, or spam, touting everything from cheap Viagra to get-rich-quick business schemes. And the botmasters who control these computer networks are at the heart of ominous and increasingly common online shakedowns known as "denial of service attacks." In such an attack, Web gangsters demand tens of thousands of dollars in protection money from businesses. If the businesses refuse to pay, the criminals order the thousands of computers that make up their botnets to flood the Web sites with meaningless traffic, crippling the businesses and costing them thousands or hundreds of thousands of dollars in lost revenue.
0x80 says that he doesn't use his botnet to shake down businesses. Instead, he and a growing number of botmasters make money by seeding their botnets with spyware, also known as adware. Once installed on a PC, the adware serves up pop-up advertisements and mines data about the user's online browsing habits. The computer worm that powers the botnet also gathers far more sensitive data from the victim's machine, including passwords, e-mail addresses, Social Security numbers and credit card data. The spyware and adware problem is pervasive and growing: A recent survey by the National Cyber Security Alliance and America Online found that four of five computers connected to the Web have some type of spyware or adware installed on them, with or without the owner's knowledge.
The distribution of online advertisements via spyware and adware has become a $2 billion industry, according to security software maker Webroot Software Inc. And as the industry has boomed, so have the botnets. Just a few months ago, FBI agents arrested a 20-year-old from Southern California for installing adware on a botnet of more than 400,000 hacked computers. Jeanson James Ancheta's victims included computers at the Naval Air Warfare Center and machines at the Defense Information Systems Agency, according to government documents. He pleaded guilty to the charges last month.
Like Ancheta, 0x80 installs adware and spyware surreptitiously, though the law requires the computer owner's consent. The young hacker doesn't have much sympathy for his victims. "All those people in my botnet, right, if I don't use them, they're just gonna eventually get caught up in someone else's net, so it might as well be mine," 0x80 says. "I mean, most of these people I infect are so stupid they really ain't got no business being on [the Internet] in the first place."
Tall and lanky, with hair that falls down to his eyebrows, 0x80 almost never looks you in the eye when he talks, his accent a slurry of heavy Southern drawl and Midwestern nasality. He lives with his folks in a small town in Middle America. The nearest businesses are a used-car lot, a gas station/convenience store and a strip club, where 0x80 says he recently dropped $800 for an hour alone in a VIP room with several dancers. He tells his parents that he works from home for a Web design firm. His bedroom resembles a miniature mission control center, with computers, television and computer monitors, and what must be several miles' worth of tangled wires plugged into an array of surge-protected power strips.
At the moment, 0x80 controls more than 13,000 computers in more than 20 countries. This morning he installs spyware on just a few hundred of the 2,000 PCs that he has commandeered in the last few hours. He will stagger the remaining installations throughout this day and into the next, using a program he wrote that automates the process. If he installs too many bundles of spyware at once, the online marketing companies, "get suspicious, they cut me off, and I don't get paid," he mumbles, squinting at the screen while the nub of his cigarette sprinkles ashes all over his laptop and the coffee table. "I've learned not to get greedy."
A small dog with matted fur enters the living room and winds through 0x80's feet. 0x80 gives the dog a gentle shove with his foot, without even looking up from his laptop. He furiously stabs at the keyboard with his two forefingers, punching out a short command that produces a mesmerizing blur of black-on-white text that scrolls up the computer screen at several pages per second. 0x80 makes it halfway through a cigarette before the text flying across the screen finally stops. The command he typed -- "pstore" -- is short for "password store." On the screen in front of him is a listing of every user name and password that the owner of each infected computer has stored in the Microsoft Internet Explorer Web browser on his or her computer.
A quick scroll through the first few dozen pages of the file reveals credentials his victims have used to log in to online accounts at PayPal, eBay, Bank of America and Citibank, to name just a few. Many of the Web sites for which user names and passwords are stored are harmless, such as sports or hobby sites. Others are potentially far more revealing, such as hard-core sex and fetish Web sites. 0x80 has also found credentials for thousands of e-mail accounts, including dozens at ".mil" and ".gov" (U.S. military and government) addresses.
"See all that info?" 0x80 asks. "I don't use it, and I don't sell it like a lot of guys I know do. That's too risky." His goal is to make money, not to end up in jail.
One of his victims, a computer-loving 29-year-old pastor named Michael White, could tell 0x80 plenty about jail. White runs the Agape Church and Christian Center in Memphis but admits he wasn't always a man of God.
Ten years ago, he was a freshman at the University of Memphis, where he was on the track team and the dean's list. Then he fell in love with liquor, he says, and flunked out of school. He landed in jail twice over the next 18 months, both times for driving a car that didn't belong to him.
Next came the accident that changed his life. One night, while White was driving a friend's Mitsubishi Eclipse, a police cruiser pulled up behind him, lights flashing. White says he was intoxicated, and driving without a license or insurance. He panicked, floored the car and lost control, flipping the Eclipse over and over until the fuel tank ignited. White woke up in a hospital bed with third-degree burns over 30 percent of his body. The searing heat from the explosion had melted his ears into little nubs, and doctors had amputated the pinky finger on his scarred left hand.
Fifteen plastic surgeries and more than two years of physical therapy later, White had healed enough to face the charges against him, which included aggravated assault for endangering the lives of other motorists. He pleaded guilty in 1999 and served almost two years at a prison in Tennessee.
During his time in prison, he says, "I realized the Lord had called me to ministry." Since White's release in 2001, God has played a huge part in his life. And so have computers. He typically spends 50 to 60 hours a week surfing the Web, instant-messaging and e-mailing. He even met his wife online. Shortly after starting his ministry, he entered an online chat room dedicated to Christian ministries and struck up a conversation with a woman using the screen name "Warrior Princess." They hit it off immediately and married 15 months later. Taneshia gave birth to their first child, MaKalya, last month.
But the same technology that led White to his wife betrayed him last summer. His desktop computer, which he had paid $350 for in 2004, was suddenly inundated with pop-up ads for adult Web sites. A mysterious toolbar with the symbol "XXX" had shown up in the topmost portion of every Internet Explorer Web browser window he opened.
A friend spent a few days trying to remove the pornographic software, but each time he did, the software reinstalled itself after the computer was reconnected to the Internet. White initially suspected that one of the kids he tutors after school had used his PC to visit some questionable Web sites. He wasn't aware that his computer had been hijacked by 0x80 until he was contacted by the reporter writing this story.
0x80's bot program was able to infiltrate the pastor's computer because the PC lacked dozens of software patches that Microsoft has issued to fix security flaws in its Windows operating system. White says he was counting on a $50 firewall and antivirus software suite he purchased from Trend Micro to keep hackers and viruses from attacking his PC, but he confesses he's not sure whether the software was equipped with the latest updates that would allow it to detect the most recent viruses.
"I'll be honest, as someone who loves technology, I've not done a great job with this computer," White says. He eventually opted to buy a new PC rather than spend the time and money to repair the infected one. "It just made more sense for me to get a new $300 Dell that came with a free monitor that was better than the one I had," he says.
The whole episode, he says, has taught him a valuable lesson: It's easier to take the precautions needed to keep a computer from being hacked than it is to clean it up after the damage has been done. "Overall, you've got to realize that, just like if you don't secure your home, you run the risk of getting burglarized; if you're crazy enough to leave the door on your computer open these days, like I did, someone's gonna walk right in and make themselves at home."
0x80 began learning how to program at age 14, before his family even owned a computer. Like many hackers of his generation, he got his start by meeting techies on networks run by America Online.
"This buddy of mine who lived two houses down from me had a computer before I did. He was always on AOL, but he also always had trouble figuring out how to do stuff, so I'd just go on all the time and figure it out for him." 0x80 says he got into writing viruses by accident after logging onto an AOL chat room named "Lesbians Only."
"Someone sent me a virus that made it so that every time I typed anything on the keyboard it would pop a message up on the screen that said, 'I'M [expletive] GAY!'" 0x80 recalls. He tried to stop the computer from flashing the message, but nothing worked. "I finally found [information] on it using my friend's PC and figured out how to write a batch script to stop the virus."
After that, 0x80 became obsessed with computer viruses and dedicated nearly all his time to tinkering with them. On his 16th birthday, his folks gave him his own computer to do schoolwork. It wasn't long before 0x80 was skipping school to spend time in online channels known as Internet Relay Chat, a vast sea of text-based communications networks that predates instant-messaging software. There are tens of thousands of IRC channels all over the world catering to almost every imaginable audience or interest, including quite a few frequented exclusively by hackers, virus writers and loose-knit criminal groups. IRC channels have traditionally been among the most popular means of controlling botnets.
About two years ago, 0x80 entered an IRC channel where several hackers were bragging about how much they were making using botnets to install spyware. Up to that point, 0x80 had used his botnet mainly for "packeting," conducting petty denial-of-service attacks to knock his buddies or enemies offline. Within a few weeks of visiting that channel, 0x80 was modifying the computer worm code he needed to transform his botnet into a money machine.
He and his hacker friends are part of a generation raised on the Internet, where everything from software to digital music to a reliable income can be had at little cost or effort. Some of them routinely go out of their way to avoid paying for anything. During a recent conference call with half a dozen of 0x80's buddies using an 800-number conferencing system they had hacked, one guy suggests ordering food for delivery. Nah, one of his friends says, "let's social it." The hackers take turns explaining how they "social" free food from pizza joints by counterfeiting coupons or impersonating customer service managers.
"Dude, the best part is when you walk in, you hand them the coupon or whatever, they give you your [pizza], and you walk out," one of them enthuses. "Then, it's like, yes, I am . . . the coolest man alive."
"Dude, that's so true," echoes a 16-year-old hacker. "Free pizza tastes so much better than pay pizza any day."
0x80 expresses some ambivalence about this lifestyle and occasionally ponders what he should do next. He's toyed with the notion of going to a community college to get a degree in computer science, but the idea of getting an honest job with a legitimate tech company doesn't hold much appeal. "I'd probably have to take a pretty bad pay cut no matter where I worked," he says.
Asked whether he worries about getting caught, 0x80 stuffs his hands into his jeans pockets, shrugs his shoulders and looks down at his shoes. "To tell the truth, man, I'm sorta surprised they haven't caught me yet." He claims he doesn't care but then confesses that he dedicates quite a bit of time to covering his tracks. "I do stay up very late each night trying to make sure nobody is going to kick in my front door . . . If I do [get caught], I'm not all that worried. I've got enough money. I can always get a good lawyer."
Adware and spyware distribution companies promise instant riches to people who agree to help install their programs. These installers are known in the business as "affiliates."
Many adware distribution sites recruit affiliates with photos of stacked $100 bills. GammaCash.com, for instance, the company that makes the XXX toolbar that Michael White discovered on his computer, features an animated image of a pair of hands cupped to hold an expensive watch. Wait a few seconds, and the watch disappears, only to be replaced by a Cadillac sport utility vehicle, which quickly morphs into a yacht.
The companies include in their "terms and conditions" disclaimers that they do not permit the installation of their products without the consent of the person who owns the computer. Most claim they will terminate without pay any affiliates who violate that rule.
But 0x80 and one of his friends -- who goes by the screen name Majy -- say they've easily disguised their installation methods. Their biggest complaint about the whole enterprise: being routinely shortchanged by the adware distribution companies, which often "shave," or undercount, the number of programs installed by their affiliates.
"It sucks, too, because the companies will shaft you, and there isn't a lot you can do about it," says Majy, 19, who claims to have had as many as 30,000 computers in his botnet.
There are, in fact, legal ways to induce PC owners to download spyware and adware. Most computer users acquire spyware and adware simply by browsing certain Web sites, or agreeing to install games or software programs that come bundled with spyware and adware. Before its Web site went dark not long ago, TopConverting.com bundled its adware and spyware with products most likely to appeal to children and teenagers: simple games, online game insignias or "avatars," and "emoticons," custom-made smiley faces for use in instant-message software. The company also marketed short digital videos that catered to the humor of teenage boys: "Beavis and Butt-Head" cartoons, a short clip called "Boob Boxing" and another titled "Bath Fart."
Computer users may or may not understand what they are consenting to when they click "OK" to the lengthy, legalistic disclosures that accompany these games or videos. But those notices are legal contracts that essentially absolve the adware companies from any liability associated with the use or misuse of their programs.
0x80 and Majy don't leave computer owners any chance to decline the adware. Once they invade a computer and add it to their botnet, they use automated keystroke codes to order the enslaved machine to click "OK" on installation agreements. 0x80 says he even created a program that allows him to remotely wipe computers in his botnet clean of old adware, making room for him to install new adware -- and get paid again.
And getting paid is the whole point. Majy says TopConverting, which did not respond to requests for comment for this article, paid him an average of $2,400 every two weeks for installing its programs. He got 20 cents per install for computers in the United States and five cents per install for PCs in 16 other countries, including France, Germany and the United Kingdom. A nickel per install doesn't sound like much, unless you control a botnet of tens of thousands of computers.
Majy also receives income from Gamma-Cash, which bills itself on its Web site as "an industry leader in online adult affiliate programs." The company pays affiliates to drive traffic to adult Web sites, mainly through pop-up advertisements for porn sites served to users through its XXX toolbar, which hijacks the victim's Web browser and sets its home page to one of several subscription porn sites. Majy says Gamma-Cash, which did not respond to requests for comment, sends him a $400 check each month from a bank in Canada.
0x80 also installs adware for Gamma-Cash. And he works for a company called Loudcash, which was recently purchased by one of the largest and most important players in the adware business: 180solutions.
Half of the glass-and-steel structure that houses 180solutions' sprawling headquarters in Bellevue, Wash., rests underground; the other half juts out at acute angles. The rooftop sports an AstroTurfed volleyball court, a gas grill and a commanding view of the Seattle skyline.
Some of the company's 200-plus employees zip around the long hallways on Segways or foot-powered scooters. Throughout the building are polka-dotted posters that read, "Who Do You Want to Be?" The signs are meant to challenge employees to continuously reevaluate their roles, but they also reflect the seven-year-old company's effort to prove to the world that it has executed a 180-degree shift away from its past business practices.
180solutions got its start in the adware industry with a product called Epipo, which paid people roughly six cents per hour to view specially targeted advertisements sent to their computers. The product became popular among college students, who quickly figured out ways to automate browsing the Web so that they could get paid for viewing ads while they were away from their computers. According to allegations in a lawsuit filed by the Washington state attorney general's office, 180 responded by changing the payment terms so that it was virtually impossible for people to collect the promised money. The company nearly went bankrupt when it settled the suit in 2002.
By that time, 180 had changed its marketing strategy. Instead of paying people to install its adware, the company lured them with free games, which came bundled with ad-serving software called "n-Case." The software tracked users' surfing and buying habits, and was extremely difficult to remove. Consumer advocates had little difficulty showing that n-Case was being installed without user consent. Faced with increasing criticism for the fraudulent installs, 180 rebranded the software as 180 Search Assistant. The new software's chief distinguishing feature was that it was easier to remove than n-Case.
In 2004, venture capitalists invested $40 million in 180solutions, fueling rapid growth. That year, 180 says, it raked in more than $50 million delivering online ads for some of America's best-known corporations, including JP Morgan Chase, Cingular, T-Mobile, Monster.com and Expedia.com. (Among the hundreds of companies that have placed ads through 180solutions is Kaplan University Online, which is owned by The Washington Post Co.)
By 180's own count, its adware is installed on 20 million computers. The people who use those computers receive pop-up ads based on what they are searching for online. If the user searches for the term "travel," 180's software will look through its database of clients in the travel business and present an ad from the company that bid the most on that search term. The next time that user searches using the same term, 180 will serve the ad of the next-highest bidder for that word, and so on. 180 then gets paid from 1.5 to 2.5 cents for each ad it delivers to the user. The more computers with 180's adware, the more revenue each ad generates.
Consumer groups gathered mountains of evidence that 180 Search Assistant was being installed on thousands of computers without user consent. Once again, 180 tried to quiet its critics. Toward the end of last year, the company announced it was phasing out 180 Search Assistant in favor of the Seekmo Search Assistant. Company spokesman Sean Sundwall says Seekmo will be more fraud resistant than 180 Search Assistant, and that it will not be distributed or bundled with other software programs without 180's permission. The company says this will give it far more control over how Seekmo is installed and by whom.
But Ben Edelman, who has spent years chronicling the offenses of the adware industry while working toward a PhD in economics at Harvard University, says Seekmo is functionally the same program as 180 Search Assistant. Edelman says 180's penchant for renaming its software each time abuses are highlighted is part of the reason the anti-spyware community directs so much vitriol at the company.
"The idea that 180solutions got where they are today through bad business practices and that they continue to make money from that user base is hardly unique to them," Edelman says. "What really makes people so mad is that 180 is far less apologetic than the other players" in the industry.
The Center for Democracy & Technology, the leader of a group called the Anti-Spyware Coalition, spent two years working with 180 to resolve dozens of consumer complaints about surreptitious installs. Ari Schwartz, the center's deputy director, says each time the subject arose, the company claimed it was blindsided by the accusations and that it needed more time to correct its distributors' behavior.
Weeks after 180solutions said it was discontinuing its 180 Search Assistant software, a computer worm began spreading rapidly across AOL's instant message network, downloading and installing viruses and a host of other programs -- including 180 Search Assistant -- on victims' computers. While 180 denied it had anything to do with the worm, for the CDT, that was the last straw: On January 23, the nonprofit filed a detailed complaint with the Federal Trade Commission urging the agency to sue 180solutions for violating consumer protection laws.
In a statement, 180solutions denied that it was ignoring the problem, arguing that it had made "great progress in the fight against spyware" and insisting that it shared the CDT's vision of "protecting the rights and privacy of consumers on the Internet . . . We have made voluntary improvements to address every reasonable concern that the CDT has made us aware of."
Company executives acknowledge they didn't begin addressing the fraud problems wrought by what 180 co-founder Dan Todd calls "a few bad actors" until mid-2004. Dressed in worn-out jeans and an untucked dress shirt, 34-year-old Todd puts one foot up on the coffee table in his glass office and tries to explain how things spiraled so far out of control. "At some point between dealing with legitimate distributors and these botnet guys who try real hard to look like good guys, we realized that something had gone terribly wrong and that our plan of outsourcing our relationship to the consumer had backfired," Todd says.
Last year, he says, 180 executives purchased some of their biggest distributors, including Loudcash, as part of a plan to rein in "rogue distributors" and help clean up the company's adware distribution practices. 180 says it no longer allows its adware to be bundled with adult Web site content or peer-to-peer (P2P) online file-sharing services that many people accuse of promoting music and movie piracy. "Our goal," he says, "is to minimize the financial incentive for people to install our software illegally, with the goal of making sure that our money never gets paid to bad actors."
To demonstrate its commitment, 180 filed lawsuits last year against seven distributors, accusing them of using botnets to earn more than $60,000 installing the company's adware without computer owners' consent. When the defendants -- all of whom live outside of the United States -- refused to make the trip here to face the allegations against them, 180 referred the matter to the FBI, says company attorney Ken McGraw.
The company also worked with the FBI and Dutch authorities last year on an investigation that shut down a botnet of more than 1 million computers in the Netherlands. The FBI acknowledged that 180 was instrumental in helping to track down the botmasters. 180, in fact, became the target of a denial-of-service attack by the botmasters, who were furious that the company was refusing to pay them for surreptitious adware installs. The attack briefly crippled 180's Web site, making the company a victim of the botnet phenomenon.
Yet 180's insistence that it is cracking down on botmasters has yet to win over the anti-spyware activists, who have spent years unraveling the labyrinthine economic ties among advertisers, adware vendors and their affiliates. The anti-spyware hawks don't believe 180solutions has changed the way it operates or that the company is buying up major players in the adware industry in order to clean up its act. "That's sort of like a drunk saying he's buying up a liquor store to solve his drinking habit," says Eric Howes, an executive at Sunbelt Software, an anti-spyware firm.
At a recent anti-spyware conference, Todd was openly mocked for claiming that 180 previously had no way of knowing how many of its distributors were installing its software illegally. Someone at the conference suggested that 180 use its technology to periodically present users with pop-ups asking them whether they had authorized the adware to be installed in the first place. Now the company says it is doing just that. If the answer is no, the user can remove the software with a click of a button.
0x80 hasn't paid much attention to the public condemnation of 180's business practices. And he says he doubts any of the measures the company is taking will discourage botmasters from installing adware. "It doesn't really matter what  does to try and stop them," the hacker says. "There's just too much money to be made there. People will just find another company to work with."
Sam Norris answers the door of his handsome stucco-and-Spanish-tile home near San Diego dressed in jeans, a polo shirt and squeaky-clean blue and white suede sneakers. He smiles broadly. "You picked a great week to come out," he says. "I'm tracking quite a few botnets today."
Norris, 31, is president of an Internet service company called ChangeIP.com that finds itself at the center of the battle against botnets. He estimates that he is spending up to 20 hours a week preventing botmasters like 0x80 and Majy from using his network to control their botnets.
Botmasters typically control their herds of infected PCs by having each report to a central server and await instructions, which may be to attack a Web site, send spam or download spyware programs. But many of the IRC networks that have been used for this purpose are beginning to crack down on botmasters. As a result, an increasing number of hackers are trying to cover their tracks by taking advantage of the services of companies like Norris's, which allow Internet browsers to find hundreds of small Web sites by name (for example: smallwebsite.com), even though the actual numeric address of the sites can change from day to day.
Botmasters like 0x80, however, have turned that process inside out. They use Norris's service to hide their botnets when they jump from server to server. Should authorities or computer security experts start to zero in on the server that's running their botnet, they can switch servers, and ChangeIP.com will enable the hijacked computers to find the new hideout.
In most cases, it is easy for Norris to tell which hosts on his network are legitimate Web sites and which are botnets: Most small Web sites don't have thousands of computers trying to access the site at precisely the same time. By tracking the communications traffic between the infected machines and the botmaster's control channel, Norris can capture data that might be useful to law enforcement, including snippets of text or code that may hold clues about the geographic location or identity of the botmaster.
Norris says he sees an average of 37 new botnets per week trying to use his company's service, and sometimes as many as 10 new botnets per day. Last spring, he cut off access to a botnet of more than 40,000 PCs that was being used as a massive install base for spyware. "I am seeing this botnet-spyware connection just skyrocket," Norris says, "and I think it's because these guys are realizing there's tons of cash to be made here."
A computer programmer by trade, Norris dissected a copy of the bot used by one hacker he recently banished from ChangeIP.com's network. The program contained instructions for installing 14 adware and spyware programs, and Norris says the bot code was encrypted and so thoroughly disguised that none of the antivirus software he used detected the code as malicious. As he was examining the bot program, Norris accidentally executed it, causing his machine to become infected. Almost immediately, he says, the program downloaded a package of adware and launched several pop-up ads for pornographic Web sites. It also installed GammaCash's infamous XXX toolbar.
Norris's forensics work revealed that the bot program also contained more than 30 other features, including the ability to capture all of the victim's Web traffic and keystrokes, as well as a program that looks for PayPal user names and passwords. Other programs installed by the bot allowed the attackers to peek through a user's webcam.
Norris often works out of his home in the auburn hills of San Marcos, Calif., where F-16 fighter jets from nearby Miramar Naval Air Station streak across the sky. Today he sits down at the desk in his cramped home office and clacks away at his keyboard, generating a slew of line graphs measuring the level of traffic flowing across his company's networks. He's a member of an informal enforcement group of more than 100 independent security experts worldwide who share daily data on the size, location and activity of the Web's most disruptive botnets. Hailing from Internet service providers, computer hardware manufacturers and software security firms, the group's members use that information to shut down botnets by cutting off the infected computers and forwarding the intelligence they glean to law enforcement.
Each morning, Norris receives an e-mail listing the online locations of the Web servers used to control some the world's most dangerous botnets. "First thing I do most days is go through this list and try to find out which ones" are using his network, he says, pointing to a report he just generated that lists the top 20 traffic-generating sites on his company's system. "Most of these are botnets."
And the botnets are hardly limited to hijacked home computers. A few months back, Norris found more than 10,000 infected PCs on the inside of a Fortune 100 company network, all trying to contact a control server located at ChangeIP.com. When Norris called the company with the bad news, its poorly trained network administrator had no idea how to respond. "I call this guy up and say, 'Hey, you've got 10,000 infected computers on your network that are attacking me,' and this guy is basically, like, 'Well, what do you want me to do about it?' "
Norris says that after collecting enough evidence about a botnet, he terminates the account and, he hopes, disconnects the botmaster from his army of infected machines. He says "he hopes" because many times the botmaster will have instructed his enslaved machines in advance to try several other domain names should the main control channel be shuttered. But in most cases, Norris says, the botmaster simply shifts control of his botnet to another Internet service provider. "Other times, the attackers play dumb and send polite e-mails asking why their service has been shut off." And, occasionally, the hackers will rebuild their botnets elsewhere and use them to retaliate against ChangeIP. Last year a botmaster who had been cut off joined forces with another botnet to direct such a massive, constant stream of bogus Web traffic at ChangeIP.com that the site had difficulty processing legitimate traffic for nearly a week.
As the botnet problem has escalated, so has the interest of federal law enforcement, Norris says. Not long ago, he was contacted by a National Security Agency official who asked for records related to several ChangeIP accounts. He's also had visits from FBI agents hot on the trail of several botmasters. One FBI agent said he couldn't disclose the details of his investigation but handed Norris a copy of a Time magazine article about Chinese hackers suspected of infiltrating U.S. corporate and military computer networks.
"The feds are finally starting to understand that botnets are more than just a nuisance: They're the source of all that's evil on the Internet today, from hacking and spamming to phishing and spying," Norris says. (Phishing involves impersonating trusted Web sites to gain confidential information from computer users.)
Shutting down a botnet can be arduous work, but finding the criminal on the controlling end of the herd has proven an especially challenging task for law enforcement. That's in part because security experts like Norris and others often disagree over whether to dismantle the botnets as soon as possible or to monitor them for a period of time in order to gather intelligence that might prove useful in helping investigators track down the criminals behind them.
Hank Nussbacher, an independent Internet security consultant based in Israel and a member of the group that's sharing information on botnet activity, says most members have their hands full just shutting down the botnets' command and control centers. "Occasionally, the Internet service provider where the [bot control center] is located requests that it not be shut down because they are collecting forensics information for some law enforcement agency, but I'd say about 98 percent of the time, as soon as we find one, we shut it down."
Louis Reigel III, assistant director of the FBI's Cyber Division, says the botnet data regularly shared by security experts like Norris is invaluable. But Reigel stresses that prosecuting botmasters is difficult because their crimes and networks usually span multiple continents, which means working with foreign law enforcement agencies and depending on their cooperation.
The FBI has dedicated several agents from its special technologies section to tracking down botnet operators and is pursuing hundreds of investigations, Reigel says. But "the techniques being used by these bot guys are becoming more efficient every day, so the bot situation is probably going to get a lot worse before it gets better."
Norris shares that fear and worries that more botmasters will begin to exploit emerging peer-to-peer communication technologies of the sort that power controversial music- and movie-sharing networks like Kazaa and LimeWire. Such networks would allow enslaved computers to communicate instructions and share software updates among one other, so that they would no longer depend on orders from the master servers that Norris and other bot hunters search out and disable every day.
"When P2P becomes the norm with these bots," Norris says, "that's when I call it quits with this botnet stuff, because, at that point, it will be pretty much out of my hands."
On the eve of a visit to his home by a Washington Post photographer, 0x80 decides to tell his father what he really does for a living, in part, he says, because hiding it is starting to eat him up inside. 0x80 tells his father the whole truth, but he can't bring himself to break the news to his mother because, as he puts it, "she's really Christian and that would just crush her to know I'm involved in something like this."
"I told my dad I had made an Internet worm that infected people, and then I used their computers to make money, and he just shook his head and was, like, 'I hope you don't go to jail for that . . .' and . . . 'I hope it wasn't underage porn you was doing.'"
That same question has been encroaching on 0x80's peace of mind of late. His hard-boiled pose has begun to break down, and instead of sneering at the risks of getting caught and brought to justice, he's begun to talk about quitting the criminal hacking scene to join the Army, which, he reasons, will offer not only discipline and the motivation to earn his GED but also potentially a free ride to college. From there, he can imagine a more respectable future working on information technology projects for the military.
"It's nice to have up to $10,000 a month coming in, but, if it's not legit, then I also have all this other stuff to worry about," 0x80 says. "Like, I gotta hide my laptop every night, and every time I don't come online for a day I have people blowing up my cell phone asking if I got raided by the feds."
0x80 has shared his plans with a few of his online buddies, many of whom have grown dependent on his ability to develop ever more stealthy and effective botnet programs.
"Some of my people really don't want me to leave, but I've got to figure out a way to use the [expletive] I know to get something going for myself," 0x80 says. "With the Army, I could get stationed someplace where I would have a better chance at getting a higher-paying job and still be able to do what I like to do. Either way, I gotta get up outta this hole I'm living in."
GE Laptop Theft Exposes Data on Thousands
General Electric said on Tuesday that a company laptop containing the names and Social Security numbers of 50,000 current and former employees was stolen in early September.
The laptop, issued to a GE official who was authorized to have the data, was stolen from a locked hotel room, the company said.
The Connecticut-based company began mailing letters earlier this week to the people whose names and Social Security numbers were on the laptop, to notify them of the breach and to offer a year's free access to a credit-monitoring service, GE spokesman Russell Wilkerson said.
Wilkerson declined to give further details, such as where and when the theft took place or whether the company official was still with General Electric.
Nonetheless, he said evidence suggested the thief was after the stolen computer, rather than the data on it, and said there was no sign that the information had been
The loss of the data raises the specter that the information could be used in identity theft schemes, in which thieves apply for credit cards and other services using stolen details.
The U.S. Veterans Affairs Department came under fire in the spring after a laptop containing data on 26 million military veterans and service members was stolen from a staffer's home.
In the past year, major U.S. companies that have reported the loss of computer equipment containing data on employees and customers have included aircraft maker Boeing, financial services company Ameriprise Financial and a U.S. mortgage firm owned by Dutch bank ABN AMRO Holding.
H.P. Counsel Resigns as Hearings Open
Miguel Helft and Damon Darlin
WASHINGTON, Sept. 28 — Hewlett-Packard’s general counsel, Ann O. Baskins, has resigned from the company, and her lawyer said she will not answer questions at the Congressional hearing scheduled for today.
As Hewlett-Packard’s chief in-house lawyer, Ms. Baskins was one of the key executives supervising the company’s spying operation on its own directors, journalists and others, meant to identify the source of leaks of confidential information to the news media. Revelations about the spying operation prompted the hearing.
The company’s former chairwoman, Patricia C. Dunn, who resigned last week, is expected to testify today. In prepared remarks, she wrote that she worked closely with Ms. Baskins and was in regular contact with those conducting the leak inquiry, but was not supervising the inquiry.
The resignation of Ms. Baskins, who had been with Hewlett-Packard since 1982, follows the departure of two other company executives, Anthony R. Gentilucci, manager of global investigations, and Kevin Hunsaker, senior counsel and director of ethics. Mr. Hunsaker reported directly to Ms. Baskins.
A lawyer for Ms. Baskins, K. Lee Blalack 2nd of O’Melveny & Myers, said “Ms. Baskins always believed that the investigative methods she knew about were lawful, and she took affirmative steps to confirm their legality.”
That stance closely echoed the one taken by Ms. Dunn in her prepared remarks for the hearing today — that she never had reason to believe that illegal methods were used and that she repeatedly sought assurances on that point from those directly involved.
Still, Mr. Blalack said, “Ms. Baskins wishes she had more actively inquired about the methods being used, and taken steps to halt any that were inconsistent with H.P.’s high ethcial standards, such as pretexting.”
Pretexting refers to the use of subterfuge to obtain confidential information, such as impersonating a telephone subscriber to obtain the subscriber’s calling records.
A senior investigator for the company was warning early this year, as the operation entered a crucial phase, that the pretexting techniques being used were “very unethical at the least, and quite likely illegal.”
Saying that the practices, even if legal, “could damage our reputation or worse,” the investigator, Vince Nye, said in an e-mail message, “I think we need to refocus our strategy and proceed on the high-ground course.” Mr. Nye worked in the company’s global security unit.
Why that advice was not followed — and apparently did not reach the top levels of Hewlett-Packard’s leadership — is expected to be a central theme of today’s hearing.
The roles of Ms. Dunn and the company’s chief executive, Mark V. Hurd, in the investigation — the extent of their knowledge, their action or inaction, and the questions they raised or failed to — are expected to dominate the questioning. In addition to Ms. Dunn, several private detectives involved in the matter are expected to testify today.
The company’s investigation, aimed at tracing leaks to the news media from the company’s board in 2005 and early 2006, came into public view scarcely three weeks ago as a result of deep divisions in the boardroom. It is also the subject of federal and state criminal investigations.
Mr. Nye’s e-mail message, obtained by The New York Times from someone with access to documents given to the committee, is the strongest indication yet of internal questions about the operation’s legality.
It was sent on Feb. 7, shortly after a new leak from the board had revived the investigation and at a time when more elaborate forms of surveillance, beyond obtaining phone records, were being considered or carried out.
The message was addressed to Mr. Gentilucci, the head of the company’s Boston-based global investigations unit and a central figure in the operation from its start a year earlier. It is not clear whether or how Mr. Gentilucci responded.
In her prepared testimony, Ms. Dunn wrote that once the board agreed to an investigation of leaks in early 2005, she relied on top Hewlett-Packard officials who referred her to the company’s global security department, which in turn referred her to Ronald R. DeLia, a contractor in the Boston area who had performed investigations for Hewlett-Packard for nearly a decade.
“I did not ‘hire’ the private investigators” involved in the operation, Ms. Dunn said. “They were already under contract to H.P. when the leak investigation was initiated.”
Ms. Dunn called Mr. DeLia’s firm a “captive subsidiary” of Hewlett-Packard and noted that it was used to perform a background check on Mr. Hurd before he was hired, including a report on his health.
Ms. Dunn said that after she learned in the spring of 2005 that the phone records of directors were being gathered, “the clear impression I had from Mr. DeLia was that such records could be obtained from publicly available sources in a legal and appropriate manner.”
She also said that “given that attorneys were unambiguously overseeing” a later, more intense phase of the investigation that employed similar techniques, she had no reason to believe those techniques were inappropriate.
It was not until after the second phase concluded in May 2006 that she began to comprehend the word “pretext,” Ms. Dunn said, adding, “I still do not understand whether it is or is not legal, as opinions vary.”
Ms. Dunn also lashed out at Thomas J. Perkins, a former board member whom she accused of disseminating “false statements about my having organized and conducted an elaborate spying campaign on H.P. directors for no good reason except, to paraphrase, a delusion of paranoia.”
Mr. Perkins resigned from the board in May over the leak investigation, whose findings pointed to a friend and fellow director, George A. Keyworth II, as the source. It was Mr. Perkins’s subsequent inquiries into the investigation’s methods that led to their disclosure this month.
Ms. Dunn’s statement defends the goal of the investigation, and it includes no expression of regret or apology for its handling.
In his own prepared testimony, Mr. Hurd portrays Ms. Dunn as having taken a more engaged role in the operation, saying she “enlisted the professional services” of Mr. DeLia.
Mr. Hurd’s statement largely reiterates the account he offered in announcing Ms. Dunn’s resignation last Friday. He says he was present at two meetings to discuss the operation while it was under way, and was consulted at another point about the use of a bogus e-mail message to try to detect a reporter’s source.
“While many of the right processes were in place, they unfortunately broke down, and no one in the management chain, including me, caught it,” he said.
Just how those processes broke down is likely to be a topic of pointed questioning by members of the House Energy and Commerce Committee.
Among the documents sent to the committee is an 18-page report from Kevin T. Hunsaker, senior counsel and director of ethics at the company, after the investigation’s conclusion in May that summarizes the findings and makes clear that private phone records were obtained — adding in a footnote that the effort involved “a lawful investigative methodology commonly utilized.” It was sent to Mr. Hurd, the company’s board, and Ms. Baskins, the general counsel.
“These folks still in the company need to come clean,” said Greg Walden, the Oregon Republican who is vice chairman of the panel’s investigations and oversight subcommittee, which is convening the hearing.
Five additional witnesses, all said to have been engaged in obtaining phone records, were subpoenaed Wednesday to appear at the hearing.
The five are Bryan Wagner of Littleton, Colo.; Darren Brost of Austin, Tex.; Charles Kelly of CAS Agency in Villa Rica, Ga.; Cassandra Selvage of Eye in the Sky Investigations in Dade City, Fla.; and Valerie Preston of InSearchOf Inc., in Cooper City, Fla. Congressional staff members said they did not know if any would answer questions.
The five are believed to be at the end of a long investigative chain that stretched from Hewlett-Packard’s headquarters in Palo Alto, Calif., to its own investigators in Boston, through Mr. DeLia’s firm, Security Outsourcing Solutions, and on to Action Research Group, a data broker in Melbourne, Fla., that is said to have hired the actual pretexters.
The hearing is scheduled to begin at 10 a.m. and stretch into the evening. It is expected to be covered live by C-Span 3, a government affairs cable network.
The hearing will begin with a panel of witnesses who are expected to invoke their Fifth Amendment right against self-incrimination.
Lawyers for two of those subpoenaed — Mr. Gentilucci, the manager of global investigations, and Mr. Hunsaker, the senior counsel — said their clients had not decided whether to answer questions.
Mr. DeLia, the author of several reports on the investigation given to company officials, has also been subpoenaed, but it is not clear how he will respond. His lawyer could not be reached for comment.
A second panel will include company officials who were involved in the investigation, including Ms. Dunn; Ms. Baskins; and Fred Adler, a security investigator; it will also include Larry W. Sonsini, the company’s outside counsel, and Joseph DePante, the owner of Action Research Group, the Florida investigative firm.
A third session will include only Mr. Hurd, at his request, in part because he wanted his role to seen as separate from other H.P. officials.
Sitting separately, however, carries its own risks. He will face more questions than if he shared the panel with others, since each committee member gets 10 minutes to ask questions at each panel.
|Thread Tools||Search this Thread|