Rights groups decry proposed expansion of black-bag jobs

The US Justice Department is about to propose a Cyberspace Electronic Security Act [1] that would authorize break-ins, under a sealed warrant, for the purpose of combing a suspect's computer for passwords or installing software (such as Back Orifice) to defeat encryption. The Washington Post broke the story today based on an August 4 Justice Department memo. As envisioned, such a break-in would precede a request for a wiretapping order or conventional search warrant. Under existing surveillance law such covert action is quite rare; only 50 such requests were approved last year by federal and state judges, almost all for the installation of hidden microphones. The proposed law would expand existing search-warrant powers to allow agents to penetrate personal computers for the purpose of disabling encryption. They would need further court authorization to further extract any information from the computer.

The Electronic Privacy Information Center has issued a press release denouncing the Justice proposal. (It's not yet on the Web.) The Center for Democracy and Technology has posted [2] the text of the proposed CESA bill, Justice's section-by-section analyis, and a draft letter of transmittal to Congress. The trade group Computer and Communications Industries Association issued a press release (not online) condemning the black-bag proposal. CCIA president Ed Black said:

Americans for Computer Privacy has weighed in with their denunciation of the Justice proposal (also not yet on the Web). Best soundbyte:

[1] http://www.washingtonpost.com/wp-srv/business/daily/...
[2] http://www.cdt.org/crypto/CESA/

Online giant doesn't own the phrase you have mail

A federal court judge in Virginia threw out AOL's suit against AT&T [3], contending that the terms you have mail, IM, and buddy list cannot be trademarked. AOL sought injunctive relief after AT&T began using the phrase you have mail in its own service. When relief was not granted AOL continued to pursue the case, even after learning that AT&T had been using the phrase you have mail for more than 20 years (and after the Warner Brothers movie You've Got Mail cemented the public nature of the phrase). The court held that the law clearly provides the public free use of these terms, and that no trial was needed. Thanks to Rob Faulds <rfaulds at avici dot com> for the quick note on this case's resolution.

[3] http://www.usatoday.com/life/cyber/tech/ctf857.htm

Do you trust a site more because it posts a privacy policy?

Intel says it will pull its ads from Web sites that don't clearly post strong privacy policies [4], following earlier (but weaker) moves by Microsoft and IBM [5]. Intel will require that sites carrying its advertising, including the widespread "Intel Inside" campaign, follow the privacy guidelines established by the Online Privacy Alliance [6]. In this requirement Intel follows Disney [7], which also specified the OPA guidelines. OPA essentially encodes the level of privacy protection required by European Union rules; it is more stringent than earlier attempts at trust-building, such as those by TrustE and the Better Business Bureau, which only required that a site post a privacy policy but didn't mandate its content.

Intel estimates that 70% of its advertisers already have privacy policies in place. How many of them meet strict OPA guidelines is another question. In a recent study [8] of the 100 most popular Web destinations, OPA found that only 18 percent of them display policies addressing all four elements of "fair information": notice, choice, access, and security.

A recent Jupiter Communications study [9] found that 64 percent of Web users don't trust the sites they visit, even when those sites post privacy policies. This analysis [10] by News.com's Dan Goodin spells out one of the reasons why Web surfers should be genuinely concerned: the use of third-party cookies. Ad placement networks such as AdForce, MatchLogic, and DoubleClick issue cookies that could, in theory, be linked across multiple Web sites to profile a user's overall travels and buying behavior over time. The ad companies always deny, when asked, that any such cross-linking is done or even contemplated. But remember that these companies' customers are not Web users, they are the Web sites those users visit. News.com's Goodin found that most sites' privacy policies say nothing about third-party cookies; those that do mention them make only general statements. For example, Yahoo's privacy policy spells out how Yahoo uses cookies along with its pledge not to disclose any identifiable information about the user gathered from cookies. But all the policy says about third-party cookies is:

Here's my own solution to the trust problem with cookies. Months ago I deleted my cookie file and then deliberately visited every site from which I want to store a cookie: Slashdot, the NY Times, Userland, financial and trading sites, e-Gold, etc. I saved the resulting cookie file under another name. I set my browser's preference to accept no third-party cookies (Netscape Communicator 4.6: Edit > Preferences... > Advanced > "Accept only cookies that get sent back to the originating server"). Now every time I exit completely from Netscape, or my machine crashes, I copy the saved file over the active cookie file before restarting the browser. Any trail of cookie crumbs I leave across cyberspace is at most a few days long.

[4] http://dailynews.yahoo.com/h/ap/19990818/tc/intel_privacy_1.html
[5] http://tbtf.com/archive/1999-07-08.html#s03
[6] http://www.privacyalliance.org/
[7] http://www.lycos.com/cgi-bin/pursuit?query=3224&fs=docid&cat=zdnet&mtemp=zdnet
[8] http://www.privacyalliance.org/resources/100_summary.shtml
[9] http://www.news.com/News/Item/Textonly/0,25,40597,00.html
[10] http://www.news.com/News/Item/Textonly/0,25,40728,00.html

Techie Team of the Year to be honored on October 5

Techies.com [11] is a job site that wants to be a vertical portal for technical professionals. Ordinarily I wouldn't be helping them to promote October 5 as National Techies Day [12], as it looks first and foremost like a vehicle for promoting awareness of Techies.com. But they're offering recognition [13] for one outstanding team of techies. If you're part of a team that did great things -- 6 or fewer techies who worked together in 1999 -- you can apply for recognition as Techie Team of the Year. Apply online [14] by September 15.

[11] http://www.techies.com/
[12] http://www.techiesday.org/
[13] http://www.techiesday.org/300_tech/360_techie/main/index_m.jsp
[14] http://www.techiesday.org/300_tech/360_techie/360_01/main/index_m.jsp

Things a computer scientist rarely talks about

Donald Knuth, grand old man of computer science and possessor of one of the great academic titles -- Professor Emeritus of The Art of Computer Programming -- will deliver what sounds to be a fascinating series of lectures this fall. Knuth has titled his talks for the God and Computers lecture series [15] "Things a Computer Scientist Rarely Talks About" [16]. The lectures are on Wednesday afternoons beginning on 1999-10-06:

   October  6: Introduction
   October 13: Randomization and Religion
   October 27: Language Translation
   November 3: Aesthetics
   December 1: Glimpses of God
   December 8: God and Computer Science

The lectures will be held at MIT building 34-101, 50 Vassar Street, Cambridge, MA on Wednesdays beginning at 4:15 pm with refreshments. They are free and open to the public.

[15] http://web.mit.edu/bpadams/www/gac/
[16] http://web.mit.edu/bpadams/www/gac/lecture_seriesiii.html
[16a] http://http://web.mit.edu/map.html
[16b] http://http://whereis.mit.edu/doc/getting-to-mit.html

Is the US military spraying bio-weapons over the population? I doubt it

Recently Simone Fluter <simone at agt dot net> wrote directing my attention to a part of the cultural spectrum I'm not usually tuning in. It seems that since January of this year the Net conspiracy theorists have been going wild with speculation over the nature and purpose of chemtrails [17]. These are, supposedly, contrail-like formations produced by military aircraft over the US, Germany, and Australia, among other places. It's claimed that the chemtrails differ from actual (and harmless) contrails in a number of particulars. The paranoids among us, urged on by late-night talk-show icon Art Bell (he's the one who fanned the flames of the "Saturn-like object near comet Hale-Bopp" [18]), believe the "chemtrails" are evidence of a vast government conspiracy to expose citizens to bio-warfare agents for some undisclosed purpose. Www.alltheweb.com lists 214 sites in response to a search for "chemtrails"; search.netscape.com lists 81. Here are a couple of them [19], [20], and here is a small Web ring [21] devoted to chemtrails.

I was unsettled, as my informant had been, at being unable to locate any sites debunking this yarn, which has all the hallmarks of an urban legend for the Millenial end-times. I wrote to a trio of pseudo-science debunkers and urban-legend explicators and within half an hour had this reply from David Emery <urbanlegends dot guide at about dot com>:

Reynolds explains how contrails work and how various they are; that there is no carcinogenic Ethylene dibromide in JP-8+100 jet fuel; how aerosol material released at contrail altitudes would actually disperse and fall to earth; how Richard Finke, the earliest poster of the chemtrails legend, admitted he made up the laboratory that supposedly had tested the sprayed chemicals; and how William Thomas, the legend's most zealous popularizer, stands to gain financially from its spread. (He sells vitamin and mineral supplements to protect against chemical warfare agents.)

After I posted the chemtrails story as a Tasty Bit of the Day, several readers responded with additional relevant links.

There is evidence that contrails can add to cloud cover [23]. Over the past decade NASA has been investigating the possibility that growing air traffic might exacerbate global warming [24].

Nik Clayton <nclayton at lehman dot com> pointed out this Fortean Times investigative article [25] summarizing the early days of the chemtrail frenzy. The article claims that most of the furor had died down by April 1999. This points up an under-appreciated feature that renders the Web an ideal medium for the viral spread of urban legends: "dead" pages can linger on the Web for months or years, like encysted bacteria, waiting to reinfect a new generation.

Carl Juarez <cjuarez at emerald dot oz dot net> supplied the following citation from the Progressive Review [26] (search in this lengthy page for SUDBURY):

I wasn't able to locate the original story in the Sudbury Star newspaper's site, but did find a followup [27] (search on this page for Spraying): I hope in coming days to see the chemtrails story added to the generally accepted canon of provably false urban legends. I received the following note from Rory Jaffe, MD, MBA <rsjaffe at ucdavis dot edu> (Associate Professor, Department of Anesthesiology and Pain Medicine, UC Davis School of Medicine).

NASA funds a radical new propulsion technology

The race of the title is the challenge thrown down by University of Washington geophysicist Robert Winglee. His team has developed a new kind of spacecraft drive called the Mini-Magnetospheric Plasma Propulsion system. If an M2P2 ship were built and launched 10 years from now, it could still pass the 1977 Voyager 1 spacecraft and be the first manmade object to leave the solar system.

An M2P2 drive traps a plasma in a magnetic field and uses it to catch the solar wind, over time accelerating a spacecraft to 0.03% of lightspeed. A craft travelling at that velocity could cross the US in under a minute or cross to Mars in 10 days. The M2P2 drive is amazingly simple: an electromagnet and a plasma generator, both powered by solar cells; 250 pounds of helium would supply such a craft with plasma for 10 years. Its real fuel is the solar wind, caught in a miniature analog of the earth's magnetosphere 24 miles across.

This drive technology makes the most sense for missions of exploration deep into the solar system, such as a probe to Pluto, the Kuiper belt [28], or the Oort cloud [29]. While M2P2 can (over a period of years) drive a craft to a velocity 10 times that achievable by the Space Shuttle, slowing down presents a problem unless it is diving toward a star. Transit time to the nearest star, Alpha Centauri, would exceed 15,000 years.

NASA has provided half a million dollars from its Institute for Advanced Concepts to continue Winglee's research. This Wired story [30] warns that we shouldn't necessarily expect to see M2P2 spacecraft zipping about the solar system anytime soon -- NASA's notorious conservatism could doom this promising new technology to languish in the laboratory for decades. On this page [31] NASA does their usual fine job of explaining the physics to nonspecialists. For the intrepid, here is Winglee's page [32] from which NASA took much of their material.

[28] http://www.windows.umich.edu/cgi-bin/tour_def?link=/comets/Kuiper_belt.html
[29] http://www.windows.umich.edu/cgi-bin/tour_def/comets/Oort_cloud.html
[30] http://www.wired.com/news/print_version/technology/story/21310.html?wnpg=all
[31] http://science.nasa.gov/newhome/headlines/prop19aug99_1.htm
[32] http://www.geophys.washington.edu/Space/SpaceModel/M2P2/

SEC gets tough

The US Securities and Exchange Commission has adopted rules [33] that will shut down any financial-sector firms that have not demonstrated Y2K compliance in a timely fashion. The regulated firms, by and large, have replied, "No sweat" [34].

[33] http://www.computerworld.com/home/news.nsf/all/9907283sec2
[34] http://www.zdnet.com/filters/printerfriendly/0,6061,1015780-54,00.html

  Don't call it a bunker

The White House is planning a Y2K information coordinating center [35], which the press, predictably, is calling a bunker.

[35] http://www.techserver.com/noframes/story/0,2294,75412-119164-845129-0,00.html

  State Department's list of naughty and nice

State has completed its estimates of other countries' likely readiness for the new millenium. The department warned a Senate committee that about half of 161 countries studied could face a medium to high risk of failures in key areas such as financial services, utilities, telecommunications, transportation, and medical services. In September the State Department will issue advisories telling US citizens which countries they might best avoid around the turn of the century. Last month State began contacting [36] the countries and conveying its evaluations [37]. Before January 1, the department expects to evacuate U.S. Embassy personnel who are medically reliant on systems whose Y2K compliance cannot be guaranteed.

[36] http://travel.state.gov/y2k_announce.html
[37] http://www.usatoday.com/life/cyber/tech/ctf730.htm

  Airlines playing it cautious

A few airlines have decided to ground operations during the turnover. Virgin Atlantic Airways, LOT Polish Airlines, and Vietnam Airlines say they won't fly on New Year's Eve. (Virgin says its reason is to give employees time off with their families.) And Japan's largest travel agency, Japan Travel Bureau, said last week it won't sell package tours using flights in service at the stroke of midnight.

  Y2K backdoor?

Government security experts, testifying before Congress, warned of backdoors planted in Y2K code by outsiders brought in to fix the problem [38]. The timing suggests this accusation might have been intended as a form of backdoor support for the Administration's Fidnet proposal [39].

[38] http://www.techserver.com/noframes/story/0,2294,75408-119156-844998-0,00.html
[39] http://tbtf.com/archive/1999-08-16.html#s05

  Y2K compliance with a twisted grin

Caution: do not read this page [40] while eating corn flakes or anything else that might pose a danger if spewed over your forward envronment. Hart Scientific's spoof Y2K compliance page is a minor masterpiece of tongue-in-cheek common sense:

The company also posts an actual, legal, fully vetted statement of their Y2K readiness, but I won't bore you by posting a link to it here. If you like the Unofficial Y2K page, Hart Scientific will even sell you a tee shirt of it [41]. Swell guys. Many thanks to TBTF Irregular Gary Stock <gstock at ingetech dot com> for the best laugh I've had this month.

[40] http://www.hartscientific.com/y2k.htm
[41] http://www.hartscientific.com/products/y2k-t-shirt.htm

Your humble scrivener is now writing three days a week for the Industry Standard's Media Grok newsletter [42], which provides analysis and criticism of the way the media cover the Internet industry.

[42] http://www.thestandard.net/articles/mediagrok/

For a complete list of TBTF's email and Web sources, see http://tbtf.com/sources.html.

TBTF is free. If you get value from this publication, please visit the TBTF Benefactors page and consider contributing to its upkeep.

TBTF home and archive at http://tbtf.com/ . To (un)subscribe send
the message "(un)subscribe" to tbtf-request@tbtf.com. TBTF is Copy-
right 1994-1999 by Keith Dawson, <dawson at world dot std dot com>. Commercial
use prohibited. For non-commercial purposes please forward, post,
and link as you see fit.
_______________________________________________
Keith Dawson    dawson at world dot std dot com
Layer of ash separates morning and evening milk.