A proposal to defang a controversial copyright law became public on Thursday, after more than a year of anticipation and months of closed-door negotiations with potential supporters.

Formally titled the Digital Media Consumers' Rights Act (PDF file), the new bill represents the boldest counterattack yet on recent expansions of copyright law that have been driven by entertainment industry firms worried about Internet piracy.

The bill, introduced by Reps. Rick Boucher, D-Va., and John Doolittle, R-Calif., would repeal key sections of the 1998 Digital Millennium Copyright Act (DMCA). It would also require anyone selling copy-protected CDs to include a "prominent and plainly legible" notice that the discs include anti-piracy technology that could render them unreadable on some players.

"There is a tidal wave of support growing across the country for rebalancing copyright laws to dignify the rights of users," Boucher said in an interview Thursday. "I see that every day. The support is growing. We have fashioned this squarely to address the concerns that users are addressing and the technology industry is raising."

Technology Research News - Plastic tag makes foolproof ID TRN 100202.

Researchers at the Massachusetts Institute of Technology have made inexpensive identification tags, or tokens, that cannot be copied or altered by any known means. The tokens are small pieces of plastic containing tiny glass spheres that produce unique patterns of light when lasers shine through the tokens.

The tokens are "low-cost... unique, tamper-resistant and unforgeable identifiers," said Ravikanth Pappu, one of the MIT researchers who is now a founding partner at ThingMagic. "Everyday objects -- envelopes, bank notes, passports, credit cards, et cetera -- could have... tokens attached to them and thereby obtain a unique identity," he said.

[ ... ]

The token is not simply a bar code containing a single 2,400-digit binary number, however. Each time a laser beam passes through the plastic it produces a different number, even when it passes through at nearly the same angle. What makes each token unique is that the numbers produced by shining laser beams at very nearly the same angle are more similar to each other than to numbers produced by shining laser beams at the same angle through different tokens. Two numbers generated by different tokens differ by 50 percent, but two numbers generated by the same token differ by only 25 percent, said Pappu.

[ ... ]

The linchpin of the scheme is the security of the token. Copying a token would be extremely difficult because matching the exact positions of the spheres in the token is far beyond the capabilities of today's technology, said Pappu. Getting the spacing of the particles wrong by less than a thousandth of a millimeter would change the entire speckle pattern, he said.

Even reproducing the patterns using other lighting techniques is impractical, and simulating them on a computer is currently impossible, said Pappu. Simulating light scattering off of even a single particle would require a supercomputer.

In addition, tampering with a token renders it unusable, according to Pappu. The researchers drilled a half-millimeter diameter hole one millimeter into a token, and found that the numbers produced afterward differed by 46 percent from the numbers produced before.

Political News from Wired News - Bill: Copyright Power to People.

With talk of preemptive war all the rage on Capitol Hill, it seems that such posturing has extended into the world of digital copyright law.

On Thursday Rep. Rick Boucher (D-Va.) and Rep. John Doolittle (D-Calif.) introduced the Digital Media Consumers Rights Act to preserve specific fair-use rights to copy digital works as well as "circumvention" rights to bypass copy protections. With no chance of passage this year, the bill's introduction prepares the ground for battle in the next session of Congress.

Supporters are an unlikely coalition of electronics and computer interests, consumer groups and academics.

"It's just time," said a beaming Gary Shapiro, president of the Consumer Electronics Association. "Consumers have been pushed up against the ropes. This is the first time in 20 years in which consumers are going on the offense rather than on the defense."

Open Source Security Summit. October 29, 2002 * 8:00am-4:00pm Georgetown University * Washington, D.C.

Internet Week > Open Source > Red Hat, Dell Dell Target Open-Source Security.

Red Hat and Dell said Wednesday they will co-host an upcoming open-source security summit to explore the issues around securing open-source technologies such as Linux.

Security is becoming a bigger issue in the open-source world as the software proliferates, especially in the enterprise. In addition, as more companies run Linux and other open-source software, it becomes a bigger target for would-be hackers and attackers.

Red Hat and Dell said they will host the summit at Georgetown University in Washington, D.C., on Oct. 29.

Slashdot | Red Hat & Dell Host Open Source Security Summit.

wishus writes "Red Hat and Dell said they would co-host an Open Source Security Summit. 'Join Red Hat, Dell and experts in enterprise security from around the world for a summit on securing infrastructures with open source software.'"

Gartner Research Paid subscription required - Guidelines for Setting Security and Privacy Policies.

The terrorist attacks in the United Stated increased pressure on policymakers to boost security. Gartner has developed six guidelines for ensuring policies are effective, while intruding as little as possible on individual privacy.

CNET NEWS.COM - Search firm caves in to privacy pressure.

Fast Search and Transfer's AlltheWeb.com bowed to pressure from a consumer advocate this week by adding a first-ever privacy policy disclosing its data-sharing practices.

The Internet search provider, based in Oslo, Norway, responded to a complaint filed with the Norwegian government in late September by Public Information Research (PIR), a consumer advocacy group. The complaint charged AlltheWeb with failing to notify visitors that it uses tiny electronic tags to monitor search queries and share the data with third parties, in violation of Norwegian laws.

AlltheWeb posted a privacy policy, dated Tuesday, that outlines advertising partnerships with online portal Lycos and advertising company DoubleClick and describes their use of technology to track search queries.

With the move, AlltheWeb joins a slew of U.S. Internet companies that have begun to notify consumers about electronic tracking in detailed privacy policies, but only after feeling heat from privacy watchdogs. Two years ago, DoubleClick itself sat at the center of a privacy storm over digital tracking which involved a federal investigation that has since been resolved.

At the core of many online privacy concerns is the fear that companies can link surfing behavior with personally identifiable information such as names and addresses. The complaint filed against AlltheWeb charged that the search queries of visitors could ultimately be linked with cookies set by DoubleClick, which could contain more personal information such as location data.

Slashdot | SANS/FBI Release Top 20 Security Vulnerabilities.

theBraindonor writes "SANS Institute and the FBI have compiled a listing of the The Twenty Most Critical Internet Security Vulnerabilities. The list is broken down into two groups: Windows Systems and Unix Systems." --- The list of Unix vulnerabilities is also a list of the network programs I (and presumably many others) use most. It's a good thing there's BugTraq.

FOXNews.com - Stop, in the Name of 'Bots.

Nowadays, it seems as if more and more law enforcement is being done by machines. Unfortunately, they don't seem to be up to the job. And the humans don't want to take responsibility, either.

[ ... ]

Much like the operators of rigged traffic cameras, they're relying on their own institutional power -- and the hassle of opposing them -- to let them get away with near-criminal sloppiness. It's bad enough that you might lose your Internet connection because of such carelessness -- but you could wind up in even worse trouble.

[ ... ]

At the bail hearing for Johnston, Tinney and three other defendants in Houston, the "FBI'"s Kristen Sheldon ... testified that an IP address is, "in very simple terms, a Social Security number. Only one person at one specific time can have that number." In fact, an IP address identifies a computer, rather than a person, and may not even consistently map to a particular machine in networks that use dynamic IP addressing. Midway through the hearing, the presiding U.S. magistrate asked, "What are GIF files?" (Emphasis added.)

This combination of cluelessness and irresponsibility is, unfortunately, not unusual. It also isn't challenged enough. As David Carr writes, who's going to stand up and complain when, if you do, some idiot will probably accuse you of being soft on child pornographers? But those idiots are, well, idiots. When the power to enforce the law is delegated to software employed by people who don't -- or can't be bothered to -- understand it, no one is safe. When you hear that people are using machines to enforce the law, remember the old computer-geek saying: "Garbage In, Garbage Out."

Ask why -- at a time when ordinary people are being asked by politicians and corporations to take more personal responsibility for their actions -- the people who claim to be enforcing the law aren't willing to take responsibility for what they do with their machines. And ours.

Slashdot | Your Rights Online - Law Enforcement by Machines.

Inst1gator writes "Nowadays, it seems as if more and more law enforcement is being done by machines. Unfortunately, they don't seem to be up to the job. And the humans don't want to take responsibility, either. This is a great "wakeup call" for those of you who are not aware."