Timely Topics for IT Professionals
About ACM TechNews
ACM TechNews is published every week on Monday, Wednesday, and Friday.
ACM TechNews is intended as an objective news digest for busy IT Professionals. Views expressed are not necessarily those of either HP or ACM.
To send comments, please write to firstname.lastname@example.org.
Volume 5, Issue 474: Wednesday, March 26, 2003
- "Privacy Groups Fight Government Data Mining"
IDG News Service (03/25/03); Gross, Grant
An alliance of privacy groups including the Electronic Frontier Foundation, the Center for Democracy and Technology, and the Electronic Privacy Information Center fired off a letter to Reps. Henry Waxman (D-Calif.) and Tom Davis (R-Va.), advising Congress to halt the second version of the Computer Assisted Passenger Prescreening System (CAPPS II) program until its effectiveness and privacy implications are thoroughly researched. The proposed federal database of airline-passenger profiles, along with the Total Information Access project, employ data mining so that government officials can monitor persons' movements for suspicious activities--and both are examples of "mass dataveillance" George Washington University law professor Jeffrey Rosen described as unconstitutional at a Tuesday hearing of the Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census. Rosen told attendees that data-mining technologies can be designed to balance liberty and security, and urged Congress to take the matter under consideration. However, House Committee on Government Reform Chairman Davis cautioned against federal over-regulation of data mining, to which Rosen suggested that the congressman think about whether data sharing between national agencies would carry the same benefits as it does for private industry. Meanwhile, witnesses at the hearing noted the positive value of certain data-mining programs. Sen. Paula Dockery (R-Fla.) cited her state's initiative to use data analysis to build profiles of suspected criminals, and Gregory Kutz of the U.S. General Accounting Office said data mining has helped his agency identify federal employees using office credit cards to make personal purchases.
- "Engineers Create World's First Transparent Transistor"
Oregon State University engineers have built the world's first transparent transistor out of zinc oxide, and OSU electrical and computer engineering professor John Wager characterizes the breakthrough as "a significant new advance in basic electronics and material science." Zinc oxide's cheapness, abundance, conductivity, environmental friendliness, safety, and simplicity could allow the transparent transistor to become the cornerstone of a new industry, although the engineers admit that its potential applications are still vague. The devices could be embedded in windows or windshields in order to transmit visual data, or they could boost the quality of liquid crystal displays. They could also be incorporated into unused glass in many electronic devices, thus enhancing their function. Wager expects a slew of applications to emerge for the military, corporate, transportation, and consumer electronics sectors. The OSU scientists are now recruiting chemists, engineers, and physicists to research other compounds besides zinc oxide that could also be used to make transparent transistors. Meanwhile, the university is trying to work out potential uses of the technology with major electronics firms. The research that yielded the breakthrough was funded by the National Science Foundation and the Army Research Office.
- "Data Expert Is Cautious About Misuse of Information"
New York Times (03/25/03) P. C6; Lohr, Steve
In-Q-Tel CEO Gilman Louie told PC Forum attendees on Monday that a proposal favored by some technology executives--one calling for a large database on citizens' activities that government officials would have unrestricted access to--is "very dangerous." Such an approach, known as data mining, would collate data on Americans and sort it by name, purchasing history, or travel itinerary in order to find suspicious patterns; anyone who is profiled as a suspect would be placed on a watch list. Although Louie acknowledged that data mining can be useful under certain circumstances, he believes that making it the chief information-based weapon in the war against terrorism is a mistake, one that would destabilize civil liberties. A much more acceptable strategy, in his opinion, is data analysis, in which software tools are employed to search for connections between investigative leads and known terrorists by studying places of residence, recent travel, and other behavior. One form of data analysis software is Non-Obvious Relationship Awareness (NORA), which Las Vegas casinos use to trace links between customers or even employees with known criminals. Louie said the failure to prevent the Sept. 11 attacks was not a lack of information, but the inability of various government agencies to pool their information resources. In-Q-Tel is a venture fund founded by the CIA as a springboard for new concepts, but Louie believes its importance has grown in the aftermath of Sept. 11. "Now, this isn't an experiment," he stated. "This is a necessity."
(Access to this site is free; however, first-time visitors must register.)
- "Coming of the Green Computers"
EarthWeb (03/25/03); Bernard, Allen
Spurred by the enactment of the European Union's Waste Electrical and Electronic Equipment (WEEE) and Restriction of Hazardous Substances (RoHS) directives last month, the U.S. computer industry is giving serious consideration to designing more ecologically-friendly products. For now, however, the primary emphasis for American manufacturers is on the disposal and recycling of discarded computers, according to Gartner's Frances O'Brien, who nevertheless believes designing products with less hazardous materials will eventually move to the forefront. Wohl Associates founder Amy Wohl says product redesign became the focus of many companies even before the EU directives were passed, since manufacturers who fail to comply with them will be shut out of the European market. "If the Republic of Germany says you can't sell your computers here, that would be a big issue for some of these companies because they do considerable business there," she points out. The Comdex trade show this past August was noted for the unveiling of NEC's lead-free PowerMate, which needs no fan thanks to low-power Transmeta chip and laptop components, and is fabricated from recyclable NuCycle polymer. Hewlett-Packard has also embraced product redesign by developing small-footprint iterations of its PCs; both HP and NEC's eco products are aimed at the large corporate sector rather than the consumer sector. Intel's Terry McMannis says that lead removal is probably the most daunting challenge for the electronics industry, because lead is currently unmatched as a reliable shock absorber that mitigates the effects of wear and tear. Nevertheless, Intel has been working on lead removal since 2001, although the company would rather focus on power conservation.
- "Can IT Still Attract the Best and Brightest?"
NewsFactor Network (03/26/03); Brockmeier, Joe
The IT industry's salad days may be over, which raises the question of whether it can continue to bring in top talent. Exacerbating the situation are morale-dampening mass layoffs and salary declines plaguing the IT sector. "I think a lot of students coming out now are seeing IT jobs are not the panacea to having a smooth career that perhaps for a while people thought it might offer," notes Challenger, Gray & Christmas CEO John Challenger. Meanwhile, Elizabeth Reed of MIT points out that student interest in IT-related fields has not waned, although there are more students pursuing management and law degrees in addition to technical degrees. Challenger believes that, for now, IT professionals will have to lower their job expectations somewhat and focus more on career satisfaction than high wages, as well as be more amenable to relocating. Challenger and Gartner research director Barbara Gomolski see one potentially positive result of the IT downturn, in that it could discourage less skilled people and serial career-changers from entering the field, making it easier for employers to hire premium high-tech employees. Challenger and Gomolski insist IT workers had best prepare for further erosion of the IT job market as a result of increased offshore IT outsourcing. In the final analysis, "You have to [have an IT career] because you love it and want to have access to the technology that's out there," Challenger argues.
- "Peer-to-Peer Networks Can't Be Unplugged"
Milwaukee Journal Sentinel (03/24/03); Miller II, Stanley
Despite legal and technological assaults against them, peer-to-peer (P2P) file-sharing networks are not going to be shut down any time soon, according to industry experts. Late last year, a team of four Microsoft researchers, working independently, presented a paper at the Association for Computing Machinery's annual conference, and stated that continual improvements in P2P technology and greater adoption would make those systems unstoppable. The paper, "The Darknet and the Future of Content Distribution," argued that although additional legislation and digital rights management technology could slow the spread of file-sharing systems, "ultimately, the darknet-genie will not be put back into the bottle." The paper's authors, Peter Biddle, Paul England, Marcus Peinado, and Bryan Willman, wrote that although the darknet's legal future is unclear, technically there is nothing stopping the darknet from "growing in convenience, aggregate bandwidth and efficiency." Sandvine co-founder Tom Donnelly agrees and notes that P2P networks have evolved so that specific ports are no longer assigned to P2P traffic, making it difficult to track. Sandvine P2P traffic on ISP networks consumes up to 60 percent of Internet bandwidth. Many ISPs already limit the upload bandwidth allotted to broadband subscribers, while allowing them to download much faster. This hinders P2P file-sharing somewhat, since each connected computer contributes to the aggregate pool of files. Market research firm Ipsos also found that copyright holders face an uphill battle on the ideological front as well, since only 21 percent of American digital music listeners say P2P file-sharing hurts artists. Just 16 percent of those surveyed say the music industry is justified in trying to shut down file-sharing networks, and 39 percent say copying music for friends is all right.
- "Web Hacking Is Up as Tensions Rise"
Wall Street Journal (03/26/03) P. B5; Richmond, Riva
As the war with Iraq continues, defacement of Web sites is increasing in frequency, and many security experts claim that greater damages could be perpetrated in the near future. Currently, hackers are focusing on replacing original Web messages with anti-war or pro-war graffiti by gaining access to Web servers. Hackers have attacked the recently posted English version of al-Jazeera, run by the Arab satellite-TV network, issuing a denial-of-service attack. Sites being attacked tend to have weak protections in place, but security experts are concerned that businesses and Web sites attacked in the future could be targeted due to brand recognition or political affiliation. Still, iDefense's John Frazzini says, "We haven't picked up any information at this point that any major cyber attacks have been initiated in response to the invasion."
- "Antispam Crusaders Call for New Laws"
IDG News Service (03/25/03); Gross, Grant
Outspoken critics of unsolicited commercial email are urging Congress to enact a federal ban against spam, arguing their case with a March 21 appeals court ruling that supports a federal regulation against "junk" faxes. Electronic Privacy Information Center deputy counsel Chris Hoofnagle is hopeful that the appeals court decision, as well as FTC hearings on spam in late April and early May, will bring antispam legislation closer to reality. The U.S. Eighth Circuit Court of Appeals overturned a lower court's 2002 dismissal of a lawsuit filed by the state of Missouri and the U.S. government against Fax.com and American Blast Fax, arguing that the junk fax law adequately protects fax-senders' First Amendment rights. The court wrote that "There is substantial government interest in protecting the public from the cost shifting and interference caused by unwanted fax advertisements." Coalition Against Unsolicited Commercial Email counsel Ray Everett-Church claims this argument could also be applied to spam, whose cost greatly exceeds that of junk faxes. However, Center for Democracy and Technology staff counsel Paula Bruening cautions that congressionally mandated antispam laws have to protect the right to free speech, a goal that requires deep study of spam mechanisms. She and Electronic Frontier Foundation legal director Cindy Cohn note that it may be more difficult, legally speaking, to govern spam than it is to govern junk faxes. Cohn also warns that the high volume of overseas spam sent to the United States could negate the effectiveness of an antispam law.
- "DNS Expert: More Sophisticated Internet Attacks Coming"
Computerworld (03/21/03); Vijayan, Jaikumar
Domain Name System (DNS) designer Paul Mockapetris argues that the denial-of-service attacks launched against the DNS last October were but a foretaste of more advanced assaults in the future. He contends that future attacks will target DNS components that are more difficult to shield than root servers, such as name servers. Hacker attacks will progress to forgery or identity theft, Mockapetris predicts. In the October attacks, the strategic response was to filter out Internet Control Message Protocol (ICMP) packets, but Mockapetris says that launching an attack with DNS queries instead of ICMP packets will make filtering impossible. "We recently found out that just like email can carry [lethal] attachments, there is DNS data that can actually cause applications to crash if they reference it," he points out. To shore up the DNS' defenses, the Internet Engineering Task Force (IETF) is developing a digital signature that can confirm the legitimacy of incoming information and thus thwart data forging. Mockapetris suggests that companies can prepare for more sophisticated DNS attacks by fortifying their DNS information access methodologies, both internally and externally. He adds that businesses can eliminate their dependency on root server operators by obtaining a copy of the root server data.
Click Here to View Full Article
- "E-Mail Patterns Map Corporate Structure"
CNet (03/24/03); Bowman, Lisa M.
Graphing the flow of email exchanges within an enterprise could yield a blueprint of the company's corporate framework, according to a study from Hewlett-Packard researchers Joshua Tyler, Dennis Wilkinson, and Bernardo Huberman. The scientists note that their method can identify formal and informal communities within an organization as well as their leaders within a matter of hours. For their test case, they studied emails sent between any two of HP Labs' 485 workers over a two-month interval, a process that involved 185,773 messages. "The power of this method for identifying communities and leadership is in its automation," the scientists write. "We have found that it does an effective job of uncovering communities of practice with nothing more than email log ["to:" and "from:"] data." Correspondents' identity was determined by studying the email headers, while communities were mapped out by a partitioning algorithm. The researchers then interviewed 16 staff members, who verified that the communities outlined by the email flow did indeed exist within the corporate structure. Such email graphs could be used by managers to obtain insights that could help facilitate smoother management, more effective communications between teams, and identify participants in collaborative ventures.
- "Are Wireless Networks Secure Yet?"
NewsFactor Network (03/25/03); Ryan, Vincent
The wired equivalent privacy (WEP) security standard--seen by many as the reason wireless local area networks (WLANs) are so insecure--will be replaced by the Wi-Fi protected access (WPA) protocol when it is rolled out in April by the Wi-Fi Alliance, and becomes a requirement for certification four months later. WPA offers a more dynamic encryption method than WEP, verifies each individual seeking to join a network via a central server, and keeps users from unintentionally joining a renegade network through mutual authentication. However, the Wi-Fi Alliance's C. Brian Grimm admits that WPA lacks security support for the IBSS mode that facilitates intermediate-free communication between two client computers on a WLAN; does not preauthenticate devices for multiple network access points; and does not offer support for the federally-approved advanced encryption standard (AES) algorithm, which adds up to more costs. Grimm says that immediate WLAN security solutions must extend outside the WEP standard, and recommends virtual private networks (VPNs) for enterprise-class security. Companies that do not use VPNs have other alternatives, including SSID broadcast disablement, reducing the power on access points to deter war drivers, and lowering the data rate on WLANs, thus prolonging the time it takes hackers to find encryption keys through "active attacks." Meta Group's Chris Kozup says the biggest WLAN security problem is that many enterprises simply fail to turn on their existing security systems. The second-biggest problem are unsanctioned or "rogue" WLAN nodes set up by company staff, usually behind corporate firewalls.
- "Making Computers Talk"
Scientific American (03/17/03); Aaron, Andy; Eide, Ellen; Pitrelli, John F.
Synthetic-speech systems are increasing in sophistication thanks to the emergence of faster computers and cheap data storage, and one of the most advanced systems is IBM's Supervoices, which boasts natural-sounding speech and unlimited vocabulary--elements that could ease real-time human-computer conversations. The first step in speech synthesis is to record thousands of sentences uttered by a person with clear pronunciation and no significant regional accent, while the written text is split into phonemes and various speech components (nouns, verbs, etc.) by software. The sound files' prosody parameters are measured, and then the software aligns the recorded and textual phonemes so that each phoneme's beginning and end is clearly established. This enables the software to edit and systematize the phonemes and place them into a searchable database. To make the synthesized speech expressive and natural-sounding, the database is used to create a statistical model that can automatically intuit observations about the prosody of the recorded speech in order to establish rules about common sentence characteristics, such as pauses after commas. When Supervoices processes a phrase, it notes interesting features (syllable stresses, verb placement, whether the sentence is a question or a statement, and so on.) to be incorporated into the statistical model, which outlines desired pitch, duration, and loudness levels that are aligned to the best-fitting phonemes in the database via dynamic programming. The final step is to refine the speech by adjusting each phoneme's pitch to eliminate warbling. The technology's potential applications include news updates, phone-based email retrieval, automotive voice controls, reading machines for the disabled, and video game enhancement.
Click Here to View Full Article
- "Bio-Battery Runs on Shots of Alcohol"
New Scientist (03/24/03); Biever, Celeste
St. Louis University researcher Shelley Minteer and colleagues revealed at the American Chemical Society's annual meeting on Monday that they have created an enzyme-catalyzed ethanol fuel cell that could eventually be used to power laptop computers and cell phones. The fuel cell is shielded from degradation by a new polymer. The enzymes are employed to divest the ethanol of hydrogen, which is converted to electricity. However, slight changes in pH and temperature can decay the enzymes rapidly, which until now has limited bio-batteries' life spans to no more than several days. The St. Louis University researchers' solution is to coat the electrodes with a polymer boasting specially tailored pores that can snare the enzymes and allow the alcohol to pass through while simultaneously maintaining a neutral pH level. Minteer reports that the enzymes are still operating, more than two months later. Furthermore, her team claims that the devices have 32 times as much power density as those of other groups. The researchers are now focused on reducing the size of the fuel cell to make it more compatible with portable devices. Toshiba recently unveiled a prototype methanol-based fuel cell that can power a laptop for five hours; Minteer says ethanol's advantages include wider availability, greater productivity, and less toxicity.
- "SALT Sets the Standard for Web-Based Voice Applications"
TMCnet.com (03/17/03); Levinson, Mark
- "Seeking Additional Security After a Big Theft, JSTOR Tests Internet2's Shibboleth"
Chronicle of Higher Education (03/21/03); Olsen, Florence
In the wake of a raid on JSTOR's online subscription databases last fall, in which roughly 50,000 digitized articles were stolen before the intrusion was detected and halted, the nonprofit scholarly journal licenser has equipped its Web servers with Shibboleth, new advanced user authentication software developed by the Internet2 consortium. Shibboleth boasts a higher level of security than the widely used IP authentication method, which was exploited by the JSTOR intruder or intruders. Its designers add that the software not only confirms a person's identity on the Web, but also determines whether that person has a higher-than-average level of database access to which an academic institution might subscribe. Kenneth J. Klingstein of the University of Colorado at Boulder explains that Shibboleth carries out this task while simultaneously keeping users' privacy secure. The software works with a college's directory server to build a digital token embedded in the user's browser. Every time the user tries to gain access to a licensed database via the Web, the token identifies the user and his level of access. Klingstein likens Shibboleth to plywood subflooring: "People will admire the wonderful tiles and carpets of applications on top of this, but [Shibboleth] will be utterly invisible," he declares. Internet2 will be primarily dedicated to convincing online publishers and software companies to deploy Shibboleth "handlers" on their Web servers over the next several months.
- "Iraq Still Online"
Salon.com (03/21/03); McWilliams, Brian
As of March 21, Iraq's major Web sites were still operating despite the continuing war, including Uruklink.net, the government's official site. The site featured the current date and also displayed links to video streams of the recent interview between Saddam Hussein and CBS News anchor Dan Rather. An online counter indicated that more than 14,200 people visited the site on March 20, the heaviest traffic experienced by the site since it was launched in December. The Web site of the BabilOnline newspaper was also functioning as well as the site of Iraq's satellite television channel despite intense aerial bombardment of Baghdad. The country's main email servers--mail.uruklink.net and mail.warkaa.net--appeared not to have been affected. The Bush administration could order Atlanta International Teleport and Satellite Media Services, the two satellite firms that handle Iraq's Internet traffic, to cut off service, but such a move might seem to go against the administration's statement that it is not at war with the Iraqi people. The United States might also use the Internet to send emails to Iraqi leaders willing to subvert Hussein.
- "E-Mail For Everyone"
InformationWeek (03/24/03) No. 932,; Kontzer, Tony
Some companies are trying out streamlined email access so that all members of the workforce--not just the higher-ups--are better informed, and have a closer connection to employers that fuels productivity growth; other hoped-for benefits of such a tool include fewer paper-based processes that can reduce costs. Such systems, seen as cheaper alternatives to standard applications such as IBM Lotus Notes and Microsoft Exchange, reduce email to its bare essentials and make it accessible to employees via shared PCs and kiosks set up in stores or on factory floors, or through home dial-up. However, email access will, for the time being, stay out of reach of most American employees until the economic situation improves. For example, a gloomy business environment has dampened enthusiasm for Louisiana-Pacific's plans to expand its MailSite software. "Everything is low on the list of priorities right now," notes Louisiana-Pacific CIO Jeff Duncan, who adds that a lack of hard-dollar returns makes it difficult to justify the expansion to senior management. Still, companies such as R.R. Donnelley & Sons are embracing stripped-down email in the hopes of lowering the cost of information circulation, easing employee/customer interaction, and accelerating decision-making by providing current information to workers. Former R.R. Donnelley CIO Gary Sutula values the email rollout as a complement to the company's self-service human-resources portal, one that spares line workers the headache of going to the personnel office, which lowers productivity. On the other hand, Meta Group analyst Matt Cain cautions that third-party spam-blocking, virus protection, and archiving products for lower-cost mail options are scarce, while cheaper licensing costs could be offset by user support costs more or less equal to those for Exchange or Notes.
- "Seizing the Moment"
eWeek (03/24/03) Vol. 20, No. 12, P. 1; Carlson, Caron
The Justice Department's Domestic Security Enhancement Act (DSEA), a follow-up to the USA Patriot Act, calls for a dramatic expansion of domestic law enforcement powers that threatens to further undermine civil liberties, critics charge. As currently written, the DSEA's provisions authorize an overall broadening of surveillance powers that could sanction the use of Carnivore, Total Information Awareness, and other types of controversial spying tools; outline the establishment of a national DNA registry of suspected terrorists; give government officials the power to monitor multifunction devices, should the government demonstrate probable cause that one type of communications is related to a crime; recommend that software makers and ISPs share encryption codes with law enforcement; and tack on a minimum of five extra years of jail time to anyone convicted of a crime that involves encryption. This last provision may discourage computer users to generally employ well-established safe-computing measures, according to industry experts. "If you do what everybody is supposed to do as a matter of course and if you do it in connection with a crime, then you're worse off than if you didn't follow the [standard computing] rules as a matter of course," warns Jim Dempsey of the Center for Democracy and Technology. Another critic, Sen. Patrick Leahy (D-Vt.), has called the Justice Department to task for clandestinely drafting the DSEA while foregoing bipartisan support. Legislators will convene this week at a hearing overseen by the Senate Subcommittee on Technology, Terrorism, and Homeland Security to discuss technological measures to protect the United States. Observers say that critics of the Patriot Act will use the meeting as an opportunity to drum up support for the restoration of liberties stripped by the act's passage.
- "The Relentless Storm"
Scientific American (03/03) Vol. 288, No. 3, P. 42; Stix, Gary
The question of whether Bell Labs Research could survive being shorn of parent company AT&T has been tested over the last several years, when economic fallout led to the shutdown of its Silicon Valley research center, eroded its workforce from 24,000 employees in 1999 to 10,000 today, and shrank research and investment spending from $3.54 billion in fiscal 1999 to $2.31 billion in fiscal 2002. Since Bell Labs was acquired by Lucent, its microelectronic, fiber, and business-networking divisions have been jettisoned--a development that has, among other things, weakened the rationale for the continued existence of a physical sciences unit. "Bell Labs Research is currently misaligned with Lucent's future, so ultimately it's going to be disassembled," predicts Bell Labs venture capitalist Greg Blonder. Bell Labs researchers claim that the facility's role is being realigned in order to bring about an upturn, and over the past few years they have started to collaborate more closely with product developers. Researcher David Bishop, whose work with microelectromechanical systems (MEMS) led to the creation of the LambdaRouter switch--which was pulled from the market following last year's telecommunications implosion--insists that solid fundamental research is still a priority at Bell Labs. "I think what's critical for Lucent is to show better success in commercializing R&D, whether that's done by Bell Labs or wherever," notes UBS Warburg's Nikos Theodosopoulos. Lucent, for its part, is trying to broaden the market scope of its intellectual property, as government agencies and car manufacturers consider using such Bell Labs innovations as chemical sensors. Though Bell Labs Research President Jeffrey M. Jaffe advocates Lucent's strategy of internal technology development, prevailing wisdom no longer supports the single-enterprise development model.
Click Here to View Full Article