TBTF for 1999-08-23: Compliance

Keith Dawson (dawson@world.std.com)
Sun, 22 Aug 1999 20:58:37 -0400


-----BEGIN PGP SIGNED MESSAGE-----

TBTF for 1999-08-23: Compliance

T a s t y B i t s f r o m t h e T e c h n o l o g y F r o n t

Timely news of the bellwethers in computer and communications
technology that will affect electronic commerce -- since 1994

Your Host: Keith Dawson

ISSN: 1524-9948

This issue: < http://tbtf.com/archive/1999-08-23.html >
________________________________________________________________________

B e n e f a c t o r s

TBTF is free. If you get value from this publication, please visit
the TBTF Benefactors page < http://tbtf.com/the-benefactors.html >
and consider contributing to its upkeep.
________________________________________________________________________

C o n t e n t s

Justice Department wants a warrant to break into your computer
Court to AOL: you've got bupkus
Privacy policies and cookies
Looking for one good technology team
Donald Knuth to lecture at MIT on God and Computers
Debunking a new urban legend: "chemtrails"
Race you to the edge of the solar system
Year 2000 corner
SEC gets tough
Don't call it a bunker
State Department's list of naughty and nice
Airlines playing it cautious
Y2K backdoor?
Y2K compliance with a twisted grin
________________________________________________________________________

..Justice Department wants a warrant to break into your computer

Rights groups decry proposed expansion of black-bag jobs

The US Justice Department is about to propose a "Cyberspace Elec-
tronic Security Act" [1] that would authorize break-ins, under a
sealed warrant, for the purpose of combing a suspect's computer for
passwords or installing software (such as Back Orifice) to defeat
encryption. The Washington Post broke the story today based on an
August 4 Justice Department memo. As envisioned, such a break-in
would precede a request for a wiretapping order or conventional
search warrant. Under existing surveillance law such covert action
is quite rare; only 50 such requests were approved last year by
federal and state judges, almost all for the installation of hidden
microphones. The proposed law would expand existing search-warrant
powers to allow agents to penetrate personal computers for the pur-
pose of disabling encryption. They would need further court author-
ization to further extract any information from the computer.

The Electronic Privacy Information Center has issued a press release
denouncing the Justice proposal. (It's not yet on the Web.) The
Center for Democracy and Technology has posted [2] the text of the
proposed CESA bill, Justice's section-by-section analyis, and a
draft letter of transmittal to Congress. The trade group Computer
and Communications Industries Association issued a press release
(not online) condemning the black-bag proposal. CCIA president Ed
Black said:

What [concerns] me is that the Justice Department would concoct
such an abomination.

Americans for Computer Privacy has weighed in with their denuncia-
tion of the Justice proposal (also not yet on the Web). Best sound-
byte:

This proposal -- offered as an alternative to a failed attempt
to impose a third party encryption key scheme on the American
public -- is an affront to all law-abiding citizens.

[1] http://www.washingtonpost.com/wp-srv/business/daily/aug99/encryption20.htm
[2] http://www.cdt.org/crypto/CESA/
____________

..Court to AOL: you've got bupkus

Online giant doesn't own the phrase "you have mail"

A federal court judge in Virginia threw out AOL's suit against AT&T
[3], contending that the terms "you have mail," "IM," and "buddy
list" cannot be trademarked. AOL sought injunctive relief after AT&T
began using the phrase "you have mail" in its own service. When re-
lief was not granted AOL continued to pursue the case, even after
learning that AT&T had been using the phrase "you have mail" for
more than 20 years (and after the Warner Brothers movie "You've Got
Mail" cemented the public nature of the phrase). The court held that
the law clearly provides the public free use of these terms, and
that no trial was needed. Thanks to Rob Faulds <rfaulds at avici dot
com> for the quick note on this case's resolution.

[3] http://www.usatoday.com/life/cyber/tech/ctf857.htm
____________

..Privacy policies and cookies

Do you trust a site more because it posts a privacy policy?

Intel says it will pull its ads from Web sites that don't clearly
post strong privacy policies [4], following earlier (but weaker)
moves by Microsoft and IBM [5]. Intel will require that sites
carrying its advertising, including the widespread "Intel Inside"
campaign, follow the privacy guidelines established by the Online
Privacy Alliance [6]. In this requirement Intel follows Disney [7],
which also specified the OPA guidelines. OPA essentially encodes
the level of privacy protection required by European Union rules;
it is more stringent than earlier attempts at trust-building, such
as those by TrustE and the Better Business Bureau, which only re-
quired that a site post a privacy policy but didn't mandate its
content.

Intel estimates that 70% of its advertisers already have privacy
policies in place. How many of them meet strict OPA guidelines is
another question. In a recent study [8] of the 100 most popular
Web destinations, OPA found that only 18% of them display policies
addressing all four elements of "fair information": notice, choice,
access, and security.

A recent Jupiter Communications study [9] found that 64 percent of
Web users don't trust the sites they visit, even when those sites
post privacy policies. This analysis [10] by News.com's Dan Goodin
spells out one of the reasons why Web surfers should be genuinely
concerned: the use of third-party cookies. Ad placement networks
such as AdForce, MatchLogic, and DoubleClick issue cookies that
could, in theory, be linked across multiple Web sites to profile a
user's overall travels and buying behavior over time. The ad com-
panies always deny, when asked, that any such cross-linking is done
or even contemplated. But remember that these companies' customers
are not Web users, they are the Web sites those users visit. News.-
com's Goodin found that most sites' privacy policies say nothing
about third-party cookies; those that do mention them make only
general statements. For example, Yahoo's privacy policy spells out
how Yahoo uses cookies along with its pledge not to disclose any
identifiable information about the user gathered from cookies. But
all the policy says about third-party cookies is:

Advertising networks that serve ads onto Yahoo may also use
their own cookies.

Here's my own solution to the trust problem with cookies. Months ago
I deleted my cookie file and then deliberately visited every site
from which I want to store a cookie: Slashdot, the NY Times, User-
land, financial and trading sites, eGold, etc. I saved the resulting
cookie file under another name. I set my browser's preference to
accept no third-party cookies (Netscape Communicator 4.6: Edit >
Preferences... > Advanced > "Accept only cookies that get sent back
to the originating server"). Now every time I exit completely from
Netscape, or my machine crashes, I copy the saved file over the
active cookie file before restarting the browser. Any trail of
cookie crumbs I leave across cyberspace is at most a few days long.

[4] http://dailynews.yahoo.com/h/ap/19990818/tc/intel_privacy_1.html
[5] http://tbtf.com/archive/1999-07-08.html#s03
[6] http://www.privacyalliance.org/
[7] http://www.lycos.com/cgi-bin/pursuit?query=3224&fs=docid&cat=zdnet&mtemp=zdnet
[8] http://www.privacyalliance.org/resources/100_summary.shtml
[9] http://www.news.com/News/Item/Textonly/0,25,40597,00.html
[10] http://www.news.com/News/Item/Textonly/0,25,40728,00.html
____________

..Looking for one good technology team

Techie Team of the Year to be honored on October 5

Techies.com [11] is a job site that wants to be a vertical portal for
technical professionals. Ordinarily I wouldn't be helping them to
promote October 5 as National Techies Day [12], as it looks first and
foremost like a vehicle for promoting awareness of Techies.com. But
they're offering recognition [13] for one outstanding team of tech-
ies. If you're part of a team that did great things -- 6 or fewer
techies who worked together in 1999 -- you can apply for recognition
as Techie Team of the Year. Apply online [14] by September 15.

[11] http://www.techies.com/
[12] http://www.techiesday.org/
[13] http://www.techiesday.org/300_tech/360_techie/main/index_m.jsp
[14] http://www.techiesday.org/300_tech/360_techie/360_01/main/index_m.jsp
____________

..Donald Knuth to lecture at MIT on God and Computers

Things a computer scientist rarely talks about

Donald Knuth, grand old man of computer science and possessor of one
of the great academic titles -- Professor Emeritus of The Art of
Computer Programming -- will deliver what sounds to be a fascinating
series of lectures this fall. Knuth has titled his talks for the God
and Computers lecture series [15] "Things a Computer Scientist Rarely
Talks About" [16]. The lectures are on Wednesday afternoons beginning
on 1999-10-06:

October 6: Introduction
October 13: Randomization and Religion
October 27: Language Translation
November 3: Aesthetics
December 1: Glimpses of God
December 8: God and Computer Science

The lectures will be held at MIT building 34-101, 50 Vassar Street,
Cambridge, MA on Wednesdays beginning at 4:15 pm with refreshments.
They are free and open to the public.

[15] http://web.mit.edu/bpadams/www/gac/
[16] http://web.mit.edu/bpadams/www/gac/lecture_seriesiii.html
____________

..Debunking a new urban legend: "chemtrails"

Is the US military spraying bio-weapons over the population?
I doubt it

Recently Simone Fluter <simone at agt dot net> wrote directing my
attention to a part of the cultural spectrum I'm not usually tuning
in. It seems that since January of this year the Net conspiracy theo-
rists have been going wild with speculation over the nature and pur-
pose of chemtrails [17]. These are, supposedly, contrail-like for-
mations produced by military aircraft over the US, Germany, and Aus-
tralia, among other places. It's claimed that the chemtrails differ
from actual (and harmless) contrails in a number of particulars. The
paranoids among us, urged on by late-night talk-show icon Art Bell
(he's the one who fanned the flames of the "Saturn-like object near
comet Hale-Bopp" [18]), believe the "chemtrails" are evidence of a
vast government conspiracy to expose citizens to bio-warfare agents
for some undisclosed purpose. Www.alltheweb.com lists 214 sites in
response to a search for "chemtrails"; search.netscape.com lists 81.
Here are a couple of them [19], [20], and here is a small Web ring
[21] devoted to chemtrails.

I was unsettled, as my informant had been, at being unable to lo-
cate any sites debunking this yarn, which has all the hallmarks of
an urban legend for the Millenial end-times. I wrote to a trio of
pseudo-science debunkers and urban-legend explicators and within
half an hour had this reply from David Emery <urbanlegends dot
guide at about dot com>:

One excellent debunking of the chemtrails baloney exists. It
was written by an engineer named Jay Reynolds last year and
can be found here [22]. I've corresponded with Mr. Reynolds and
know him to be a knowledgeable and passionate opponent of
pseudo-science in general. One might wish that his writing were
less abstruse, but he appears to have a good command of the
technical issues here.

Reynolds explains how contrails work and how various they are; that
there is no carcinogenic Ethylene dibromide in JP-8+100 jet fuel;
how aerosol material released at contrail altitudes would actually
disperse and fall to earth; how Richard Finke, the earliest poster
of the chemtrails legend, admitted he made up the laboratory that
supposedly had tested the sprayed chemicals; and how William Thomas,
the legend's most zealous popularizer, stands to gain financially
from its spread. (He sells vitamin and mineral supplements to pro-
tect against chemical warfare agents.)

After I posted the chemtrails story as a Tasty Bit of the Day, sev-
eral readers responded with additional relevant links.

There is evidence that contrails can add to cloud cover [23]. Over
the past decade NASA has been investigating the possibility that
growing air traffic might exacerbate global warming [24].

Nik Clayton <nclayton at lehman dot com> pointed out this Fortean
Times investigative article [25] summarizing the early days of the
chemtrail frenzy. The article claims that most of the furor had
died down by April 1999. This points up an under-appreciated feature
that renders the Web an ideal medium for the viral spread of urban
legends: "dead" pages can linger on the Web for months or years,
like encysted bacteria, waiting to reinfect a new generation.

Carl Juarez <cjuarez at emerald dot oz dot net> supplied the fol-
lowing citation from the Progressive Review [26] (search in this
lengthy page for "SUDBURY"):

SUDBURY STAR (CANADA): The United States Air Force says none of
its jets has been flying in the skies over Espanola (Ontario)
and spraying a mysterious substance being blamed for illnesses
by some residents of the paper mill town. If there are problems
being caused by low-flying aircraft, "It's not the air force"
causing them, said Lt. Col. Stevie Shapiro of the USAF press
office in Washington, D.C... Some Espanola residents say they
have "photographic evidence" which suggests KC-135 military air-
craft has emitted or sprayed substances at low altitude... The
Espanola residents have environmental test results showing the
emissions contained carbon and military chaff, a fine material
used by military pilots to block enemy radar... Tests also found
unusually large numbers and varieties of fungi and molds.

I wasn't able to locate the original story in the Sudbury Star
newspaper's site, but did find a followup [27] (search on this
page for "Spraying"):

Spraying fears bunk, mayor says: Concerns in Espanola over
hazardous chemicals being spread by unidentified aircraft are
being written off by the town's mayor as bunk promulgated on the
Internet by conspiracy theorists... More than 250 Espanola
residents have petitioned the town to investigate a substance
they say has been falling from the sky on almost a weekly basis
since February. [Residents] have suffered neck pain, breathing
problems, headaches, burning eyes and hacking coughs... [The
mayor] said that after seeing the results of tests on air and
water samples in the town, he's had enough of the residents'
claims, which he says have not been scientifically documented.

I hope in coming days to see the chemtrails story added to the gen-
erally accepted canon of provably false urban legends.

[17] http://home.att.net/~malrm/CT01.html
[18] http://tbtf.com/archive/1997-01-11.html#s10
[19] http://www.contrailconnection.com/
[20] http://strangehaze.freeservers.com/index.html
[21] http://www.webring.org/cgi-bin/webring?ring=contrails;list
[22] http://harvest-trust.org/contrails.htm
[23] http://ens.lycos.com/ens/jan99/1999L-01-11-02.html
[24] http://hyperion.gsfc.nasa.gov/AEAP/
[25] http://www.forteantimes.com/artic/124/fbi.html
[26] http://prorev.com/indexa.htm
[27] http://www.thesudburystar.com/nf/nfpage.asp
____________

..Race you to the edge of the solar system

NASA funds a radical new propulsion technology

The race of the title is the challenge thrown down by University of
Washington geophysicist Robert Winglee. His team has developed a
new kind of spacecraft drive called the Mini-Magnetospheric Plasma
Propulsion system. If an M2P2 ship were built and launched 10 years
from now, it could still pass the 1977 Voyager 1 spacecraft and be
the first manmade object to leave the solar system.

An M2P2 drive traps a plasma in a magnetic field and uses it to
catch the solar wind, over time accelerating a spacecraft to 0.03%
of lightspeed. A craft travelling at that velocity could cross the
US in 10 seconds or cross to Mars in 10 days. The M2P2 drive is
amazingly simple: an electromagnet and a plasma generator, both
powered by solar cells; 250 pounds of helium would supply such a
craft with plasma for 10 years. Its real fuel is the solar wind,
caught in a miniature analog of the earth's magnetosphere 24 miles
across.

This drive technology makes the most sense for missions of explor-
ation deep into the solar system, such as a probe to Pluto, the
Kuiper belt [28], or the Oort cloud [29]. While M2P2 can (over a per-
iod of years) drive a craft to a velocity 10 times that achievable
by the Space Shuttle, slowing down presents a problem unless it is
diving toward a star. Transit time to the nearest star, Alpha Cen-
tauri, would exceed 15,000 years.

NASA has provided half a million dollars from its Institute for
Advanced Concepts to continue Winglee's research. This Wired story
[30] warns that we shouldn't necessarily expect to see M2P2 space-
craft zipping about the solar system anytime soon -- NASA's no-
torious conservatism could doom this promising new technology to
languish in the laboratory for decades. On this page [31] NASA does
their usual fine job of explaining the physics to nonspecialists.
For the intrepid, here is Winglee's page [32] from which NASA took
much of their material.

[28] http://www.windows.umich.edu/cgi-bin/tour_def?link=/comets/Kuiper_belt.html
[29] http://www.windows.umich.edu/cgi-bin/tour_def/comets/Oort_cloud.html
[30] http://www.wired.com/news/print_version/technology/story/21310.html?wnpg=all
[31] http://science.nasa.gov/newhome/headlines/prop19aug99_1.htm
[32] http://www.geophys.washington.edu/Space/SpaceModel/M2P2/
____________

..Year 2000 corner

..SEC gets tough

The US Securities and Exchange Commission has adopted rules [33] that
will shut down any financial-sector firms that have not demonstrated
Y2K compliance in a timely fashion. The regulated firms, by and
large, have replied, "No sweat" [34].

[33] http://www.computerworld.com/home/news.nsf/all/9907283sec2
[34] http://www.zdnet.com/filters/printerfriendly/0,6061,1015780-54,00.html
____________

..Don't call it a bunker

The White House is planning a Y2K information coordinating center
[35], which the press, predictably, is calling a "bunker."

[35] http://www.techserver.com/noframes/story/0,2294,75412-119164-845129-0,00.html
____________

..State Department's list of naughty and nice

State has completed its estimates of other countries' likely readi-
ness for the new millenium. The department warned a Senate committee
that about half of 161 countries studied could face a medium to high
risk of failures in key areas such as financial services, utilities,
telecommunications, transportation, and medical services. In Septem-
ber the State Department will issue advisories telling US citizens
which countries they might best avoid around the turn of the cen-
tury. Last month State began contacting [36] the countries and con-
veying its evaluations [37]. Before January 1, the department expects
to evacuate U.S. Embassy personnel who are medically reliant on sys-
tems whose Y2K compliance cannot be guaranteed.

[36] http://travel.state.gov/y2k_announce.html
[37] http://www.usatoday.com/life/cyber/tech/ctf730.htm
____________

..Airlines playing it cautious

A few airlines have decided to ground operations during the turn-
over. Virgin Atlantic Airways, LOT Polish Airlines, and Vietnam
Airlines say they won't fly on New Year's Eve. (Virgin says its
reason is to give employees time off with their families.) And
Japan's largest travel agency, Japan Travel Bureau, said last week
it won't sell package tours using flights in service at the stroke
of midnight.
____________

..Y2K backdoor?

Government security experts, testifying before Congress, warned of
backdoors planted in Y2K code by outsiders brought in to fix the
problem [38]. The timing suggests this accusation might have been
intended as a form of backdoor support for the Administration's
Fidnet proposal [39].

[38] http://www.techserver.com/noframes/story/0,2294,75408-119156-844998-0,00.html
[39] http://tbtf.com/archive/1999-08-16.html#s05
____________

..Y2K compliance with a twisted grin

Caution: do not read this page [40] while eating corn flakes or any-
thing else that might pose a danger if spewed over your forward
envronment. Hart Scientific's spoof Y2K compliance page is a minor
masterpiece of tongue-in-cheek common sense:

> You can count on us finding a way to bill you for whatever you
> bought from us prior to Armageddon. Even if we have to write
> your invoice on the back of a bubble gum wrapper, we're going
> to bill you.

> We've got a lot of suppliers. We already know some of them are
> pretty good and some of them are idiots. We don't expect Y2K to
> change this.

The company also posts an actual, legal, fully vetted statement of
their Y2K readiness, but I won't bore you by posting a link to it
here. If you like the Unofficial Y2K page, Hart Scientific will
even sell you a tee shirt of it [41]. Swell guys. Many thanks to
TBTF Irregular Gary Stock <gstock at ingetech dot com> for the best
laugh I've had this month.

[40] http://www.hartscientific.com/y2k.htm
[41] http://www.hartscientific.com/products/y2k-t-shirt.htm
________________________________________________________________________

N o t e s

> Your humble scrivener is now writing three days a week for the Indus-
try Standard's Media Grok newsletter [42], which provides analysis
and criticism of the way the media cover the Internet industry.

[42] http://www.thestandard.net/articles/mediagrok/
________________________________________________________________________

S o u r c e s

> For a complete list of TBTF's email and Web sources, see
http://tbtf.com/sources.html .
________________________________________________________________________

TBTF home and archive at http://tbtf.com/ . To (un)subscribe send
the message "(un)subscribe" to tbtf-request@tbtf.com. TBTF is Copy-
right 1994-1999 by Keith Dawson, <dawson@world.std.com>. Commercial
use prohibited. For non-commercial purposes please forward, post,
and link as you see fit.
_______________________________________________
Keith Dawson dawson@world.std.com
Layer of ash separates morning and evening milk.

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5

iQCVAwUBN8CcfGAMawgf2iXRAQFiiQP/QQMawjWubVrirHZoejeJIfT7TuJLDI3G
tSjF40NSL/RsUVQiVkOcD5W0gih5JG0+0d+4kdFkAUjRJlepEMY1RG+AjxX9fcS5
0JNr2pqfZLqqF9EYf0sWLYvTjl8+F3QMhfnmHtW+B/wf8J6qdNzZLV7wjd1DQocr
k38/5tgu5GA=
=IsPR
-----END PGP SIGNATURE-----