After Sept. 11, 2001, cybersecurity czar Richard Clarke crisscrossed the country berating technology companies for failing to do enough to shore up the Net against potential terrorist attacks.

In unveiling a highly anticipated White House cybersecurity proposal on Wednesday, however, Clarke left his firebrand at home. Rather than target specific industry segments and require that they secure themselves by recommending tough new laws and regulations, the administration's plan recommends that industry and individuals simply take greater care.

"It has no teeth," said Steven Kirschbaum, CEO of Secure Information Systems, a small Fremont, Calif.-based security consulting firm. "It has no enforcement. The first rule of having any security policy is you have to have enforcement. Without it, it's just a nice press release."

Nearly a year after President Bush sent Clarke out to stump for tougher security, experts say little has been done to address many of the fundamental causes that lead to persistent vulnerabilities that expose Net users to myriad threats, from Web site defacements to viruses to denial of service attacks.

Although there is considerable debate over the potential for harm in a cyberattack as compared with a physical attack, numerous new industry and company-led initiatives have been announced in a bid to turn security into a top industry priority.

Neverthless, with Wednesday's announcement, the White House made it clear that it would not scope out any bold new ground in this effort.

TechNews.com part of the Washington Post - U.S. to Unveil Cybersecurity Draft. White House Aims to Foster Consensus With Revised Plan

The Bush administration had originally hoped to produce a formal set of guidelines by today but found itself mired in debate over how tough to be. Richard A. Clarke, the president's top adviser on computer security, has said he will not seek legislation containing mandates if companies comply with his recommendations. His challenge is winning industry support for meaningful proposals.

"If we just come up with a government strategy without participation from the people who have to implement it, we're not going to get the level of commitment and buy-in that we need for this," Clarke said.

The report has been compiled by Clarke's staff over the past year based on comments from a spectrum of experts representing private industry, academia and the government. It is a companion piece -- the only one to be broken out in such a manner -- to the national security plan released recently by Tom Ridge's Office of Homeland Security.

The plan has been pared as the groups involved in its drafting argued over which recommendations were reasonable in terms of need and cost and which were likely to be implemented voluntarily.

School News from Wired News - Hey Filters, Leave the Kids Alone.

Several students, a school librarian and a representative from the ACLU and the Electronic Frontier Foundation kicked off a campaign to raise awareness about the "Children's Internet Protection Act", which requires that schools use filtering technology to block access to obscene websites -- or lose federal funding.

But, judging by the poor turnout, it's an issue that the public doesn't know -- or care -- much about. Besides the speakers themselves, Wednesday's press conference drew only handful of media and a homeless man eating his lunch.

"We wanted to mark the beginning of the school year," said Will Doherty, executive director of the Online Policy Group and media relations director of the EFF, pointing out that this is the first year that many districts installed filters to comply with the law.

"We know that we have a ways to go before educators, students and parents understand the problems with the software," he said.

COSAC 2002: 9th International Computer Security Symposium. Sunday 8th - Thursday 12th September 2002

Technology News from Wired News - A Gathering of Big Crypto Brains.

Every year, a select group of digital security and cryptography experts convene for a meeting of the minds. Canned presentations are abandoned -- and then the fun begins. Karlin Lillington reports from Naas, Ireland.

[ ... ]

Speakers also give hands-on demonstrations. In a conference highlight, Yokohama National University professor Tsutomu Matsumoto and some of his graduate students showed how easy it is to trick biometric fingerprint-scanning systems with fake fingers.

Matsumoto recently got international attention when he proved that gelatin "gummy fingers" could unlock biometric scanners.

With moisture content similar to that of live fingers, the gummy fingers fooled the scanners nearly every time. More devastatingly, Matsumoto also showed that a fingerprint could be lifted from a pane of glass and overlaid on a fake finger using an electron microscope, an inkjet printer and Photoshop software.

CNET NEWS.COM - SparkList confirms e-mail address theft.

E-mail management company SparkList.com has confirmed that customer e-mail addresses were stolen from its database, allowing some customers' mailing lists to be bombarded with spam.

An internal investigation into complaints about spam revealed that the lists were compromised in March, SparkList COO Steven Brown said in an e-mail to clients on Tuesday.

"This incident does not appear to be a technical, widespread compromise of SparkList servers, due to the fact that most lists were not compromised," Brown said.

SparkList, which was acquired by Lyris Technologies in August, said it suspected former employees were responsible for the theft of addresses because only a small portion of the database was compromised. "An outside entity would not limit itself to a small subset of the addresses available," Brown said.

After the acquisition, Lyris hired only three of SparkList's 20 to 25 employees, Brown had said previously.

SparkList said the organization sending the spam was a "well-known spammer" and that it was exploring its legal options in relation to anti-spam laws. It also said it was assisting law enforcement officials in the investigation.

CNET NEWS.COM - Watchdogs launch attack on filter law.

Free speech proponents are stepping up their fight against Internet filtering in schools, waging a grassroots campaign against a law that requires Web blocking as a condition of federal funding.

Libraries have already seen portions of CIPA that require them to block Web material struck down by a special panel of federal and appellate judges. But schools--which must still implement filters or lose federal funds--are just beginning to grapple with the consequences of inconsistent and controversial filtering software.

At a small rally in San Francisco on Wednesday attended by a handful of free speech advocates and an equal number of reporters, the EFF offered a peek at its upcoming report, which found that the most restrictive filtering software products often blocked access to search results that included state-mandated curriculum topics. The full report, due for release next month, also found that filtering software blocked sites that contained pictures of state capitals, information on premenstrual syndrome and weight control, and the "Danny the Dinosaur" grammar game.

Conflict News from Wired News - Bird's-Eye View of What Irks Bush. A website based in Virginia that shows satellite images of Iraq may be offering a more compelling reason for overthrowing Saddam Hussein than the arguments coming from President Bush.

[ ... ]

By publishing its analysis of commercial satellite pictures, GlobalSecurity.org is doing more than educating the Internet-going public. The group is beginning, in minute ways, to affect the moves of world players as well.

Earlier this month, for example, GlobalSecurity.org posted pictures of the Tuwaitha nuclear complex, 25 miles southeast of Baghdad. The images revealed "unexplained construction" at a facility "known to be associated with a clandestine nuclear program."

USATODAY.com - White House plan to protect computer systems unveiled.

White House officials announced a watered-down version of the first national plan aimed at protecting the nation's computer systems from terrorist attacks.

Bowing to howls from high-tech lobbyists that some initial proposals could cost companies millions and take months to hammer out, officials in the past week dropped the ideas of banning wireless networks until their security is approved and of creating an Internet security fund from industry contributions and tax dollars.

"It's toothless," says security expert Bruce Schneier. "If the government wants anything accomplished, they have to pass laws."

Instead, the plan relies heavily on industry recommendations and cooperation. Others counter it is at least a step toward patching holes in computer networks.

Business News from Wired News - Who's Running the Digital Show?

The future of the PC isn't personal, it's political.

While the federal government delayed the official announcement of its cybersecurity recommendations -- originally scheduled to take place Wednesday -- a draft release of the report suggests that lawmakers want to maintain a measure of control over what people do online.

Congress is getting help from technology developers in its quest to lock down and monitor the Internet.

More and more, companies are offering products that are easier to set up but come with restrictive technology. The trade-off has raised concern that a small number of businesses will ultimately control the flow of digital media on the Internet.

[ ... ]

Once those functions are embedded at the hardware level, however, consumers no longer control their machines. The Digital Millennium Copyright Act (DMCA) makes it illegal to break encryption technology that comes with digital media. Essentially, Hollywood studios could limit how consumers watch a video streamed via Windows Media Video 9.

[ ... ]

In some cases, the government mandates that manufacturers include protection.

Congress amended the copyright law so that all DVD players must include Macrovision, a technology that keeps people from copying movies on VHS tapes. The Audio Home Recording Act requires DAT tapes to degrade sound quality after a certain number of copies have been made. Also, MP3 files can only be uploaded to portable music players.

But selling devices with built-in restrictions does even more to limit the control consumers have over their home entertainment systems and computer networks.

ISPreview - UK Internet Service Provider Info. Source - UK Gov Suffers Snooping Bill Blow.

Government plans to force Telco's and ISPs to store communications traffic data has hit a nail after data protection commissioners from various European countries moved to oppose the proposals:

SiliconValley.com part of San Jose Mercury News - Cable glitch shows potential power of copy-blocking.

Some subscribers to one of the nation's largest cable systems are unable to make digital recordings of television shows in what the company labeled an unforeseen technological glitch but consumer advocates called a chilling curb on home recording.

An industry newsletter reported that Cablevision has invoked copy restrictions on all unscrambled digital TV programming delivered to its 3 million subscribers in metropolitan New York. It renders a range of cable shows -- from late 1970s sitcoms like ``Diff'rent Strokes'' to Formula One racing on Speedvision -- unrecordable on certain types of devices.

The incident shows how easy it is for cable providers to block recording, consumer advocates said. Even if what Cablevision did was inadvertent, they said, it is a example of how copy-blocking can be used to set limits on how individuals use the most ubiquitous of technologies -- the television set.

``The trend here is if Hollywood has its way, this is what the future looks like,'' said Joe Kraus, co-founder of digitalconsumer.org, an advocacy group. ``The future looks like the world where you press record and it doesn't work and you don't know why. You no longer control the media you pay for.''

[ ... ]

Advocacy groups said the rollout of 5C's copy-protection scheme -- together with the entertainment industry's attempts to extend copy-protection to over-the-air television broadcasts -- are eroding home recording rights, with little consumer input.

``The content industry denies it will affect how consumers watch, enjoy and record television,'' said Kraus. ``But the Cablevision example goes to prove these technologies impact consumers dramatically.''

An attorney for the consortium of technology companies that developed the 5C copy-protection technology said just the opposite is true. He says rules are designed to reflect home use -- while addressing piracy fears that prevent Hollywood from releasing more high-quality content

Slashdot | New Yorkers Get a Taste of Digital Restrictions.

InfoMinister writes "From SiliconValley.com, another peek into the future of Digital Rights Manglement. A software conflict at the set-top invoked copy restrictions on all unscrambled digital TV programming delivered to Cablevision's 3 million subscribers in metropolitan New York."

Slashdot | Federal Cyberspace Policy Draft Released.

mh_cryptonomicon writes "The initial public draft of the National Strategy for Securing Cyberspace was released today. This document outlines the Administration's plan for ensuring that the Net remains a 'good neighborhood.' Following the release of the plan, the Administration's Cybersecurity team will take it on the road for discussions with the people about what can and should be done to protect and defend the net. More information (and the 65 page draft) can be downloaded from the White House's Critical Infrastructure Protection site. This draft is considerably smaller than the 3300 page monster it was reported as being. Commentary is starting to pop up everywhere, including www.cryptonomicon.net/blog/."

Wired 10.10: Lawrence Lessig's Supreme Showdown.

The Great Liberator Lawrence Lessig helped mount the case against Microsoft. He wrote the book on creative rights in the digital age. Now the cyberlaw star is about to tell the Supreme Court to smash apart the copyright machine.

[ ... ]

His friends and admirers now view the episode as one that accelerated, by dint of publicity, the most brilliant career in Internet law. Lessig has since published two successful and influential books: The first, Code, is a groundbreaking deconstruction of the digital age. The second, The Future of Ideas, is quickly becoming the bible of intellectual property monkey-wrenchers. Lessig also founded a clinical law center at Stanford Law School, where he now teaches, and has launched Creative Commons, an ambitious project through which he hopes to establish a giant repository of works unfettered by restrictive copyright laws. In the realm of Internet politics and law, no one even approaches Lessig's stature. He is the chief theorist, the most respected mind, the most passionate speechifier. He is cyberlaw.

[ ... ]

On October 9, Larry Lessig will again claim a national spotlight.

In Eldred v. Ashcroft, his first argument before the Supreme Court -- and only his second appearance before any court, in any venue -- Lessig will attempt to convince the justices to overturn the 1998 Sonny Bono Copyright Term Extension Act. To Lessig it is both an opportunity to make up for losing the prize that was snatched from him some four years ago, and a giant step in his crusade to stop a trend he fears may be inevitable: big-media dinosaurs controlling the Internet.

That's why the law professor has declared war on Mickey Mouse.

Slashdot | Lawrence Lessig's Personal Past and Supreme Court Future.

Slyfox writes Ever wonder how Lawrence Lessig became one of the most notable figures in the fight over free speech and intellectual property on the internet? Wired has an excellent article about Lawrence Lessig's life; it beginings with his start as a right-wing Republican, and continues by following the events of his life through law school, contributing to the Microsoft anti-trust case, and becoming a top cyberlaw expert. The article describes both his successes and failures, and it forshadows Lessig's biggest challenge yet: arguing Eldred v. Ashcroft before the US Supreme Court in October."