Re: e voting

[Bill Frantz]

At 9:19 AM -0800 11/21/03, Tim May wrote:
On Nov 21, 2003, at 8:16 AM, Major Variola (ret.) wrote:

 Secretary of State Kevin Shelley is expected to announce today that as
 of 2006, all electronic voting machines in California must be able to
 produce a paper printout that voters can check to make sure their votes
 are properly recorded.

 http://www.latimes.com/news/local/la-me-shelley21nov21,1,847438.story?
 coll=la-headlines-california


Without the ability to (untraceably, unlinkably, of course) verify that
this vote is in the vote total, and that no votes other than those
who actually voted, are in the vote total, this is all meaningless.

David Chaum has described a system where each voter gets a piece of paper
which includes their vote, encrypted so they can't prove how they voted.
The images of these pieces of paper are also posted on a web page, so the
voters can look up their encrypted ballots to verify that their votes are
being counted.  These votes are passed through a number of mixes, which may
be run by different organizations before they are completely decrypted and
counted.  (The mixes prevent a decrypted ballot from being associated with
an input, encrypted ballot.)  The encryption of the ballots is performed by
over-printing the plain-text ballots, so the voter can verify the ballot's
correctness before it is encrypted.  The mixes are verified by random
inspection.  This system seems to meet the above requirements.

Now, I can think of some ways to cheat with this system, but they are all a
lot more likely to be found than cheats with the current systems.

The big knock on all-electronic voting machines is that they are a step
backwards in independent verification and audit from paper ballots, or even
punch cards.  (Yes, you can argue about hanging chad, pregnant chad,
dimpled chad etc., but at least you have something tangible that represents
each ballot.)

The saving grace of the old mechanical voting machines is that they are
mechanical, and hard to modify for cheating.  Most anyone on this list can
imagine the program in an electronic voting machine being different from
the one that was audited and approved.  That's hard to do with a mechanical
system.  We have seen failures where the mechanical systems lost all the
votes made on them however, a failure that seems possible with the
electronic systems as well.

IMHO, the problem with Chaum's systems is that it is complex.  I think that
saving a printed paper ballot, along with the electronic totals, gives much
the same level of security and assurance, with a system that the average
voter can understand.

Cheers - Bill


-
Bill Frantz| There's nothing so clear as a | Periwinkle
(408)356-8506  | vague idea you haven't written | 16345 Englewood Ave
www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032

Re: Vivendi to Destroy MP3.com archive

[Morlock Elloi]

 Somebody please tell me that this is a nightmare, and I am about to
 wake up.

Let's see ... was there a contract to keep things up ad infinitum ?

This is a good step, part of waking up from the dream that there are free
things on Internet. If there is no eyeball-catching value to be derived from
offering free service the service will cease to exist. This may well happen
with free e-mail accounts as well - I wonder who will be the first to
eliminate the free service in face of diminishing advertizing revenue - Yahoo ?
Hotmail ?



=
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:

__
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/

Re: e voting

[John Washburn]

I agree.  The paper printout may be unconnected to fraudulent tally
numbers produced later for publication.  This is better than the literal
nothing produced at present.

There is a small chance many voters could use there receipts to counter
fraudulent tally in low-vote ward.

-Original Message-
From: Roy M. Silvernail [mailto:[EMAIL PROTECTED] 
Sent: Friday, November 21, 2003 12:12 PM
To: [EMAIL PROTECTED]
Subject: Re: e voting

On Friday 21 November 2003 12:19, Tim May wrote:
 On Nov 21, 2003, at 8:16 AM, Major Variola (ret.) wrote:
  Secretary of State Kevin Shelley is expected to announce today that
as
  of 2006, all electronic voting machines in California must be able
to
  produce a paper printout that voters can check to make sure their
votes
  are properly recorded.
 
 
http://www.latimes.com/news/local/la-me-shelley21nov21,1,847438.story?
  coll=la-headlines-california

 Without the ability to (untraceably, unlinkably, of course) verify
that
 this vote is in the vote total, and that no votes other than those
 who actually voted, are in the vote total, this is all meaningless.

Quite true.  But given the fact that we don't have that ability *now*,
what 
exactly is the difference?  Other than streamlining and centralizing the

present distributed corruption?

RE: [Asrg] Re: [Politech] Congress finally poised to vote on anti -spam bill [sp]

[Hallam-Baker, Phillip]

Yeah, Yeah dictionary attacks...

The key is that the search space is actually thinly populated enough to make
dictionary attack hard. Most usernames are 6 characters or more, many
include numbers, that is about 26^6 worth of search space per domain. Of
course this is not evenly populated, but the odd thing is that the usernames
turn out to be more random than the average password. This is because random
is not unguessable. Many usernames are surnames, many are compounds of
initial plus surname, only a relative handfull are commonly used names and
those tend to get grabbed fast. so you have a pretty big search space,
millions of possibilities and that for each one of fifty million domains. 

The same does not hold for do-not-call lists. The problem there is that
something like 80% of the numbers available at active exchanges are already
allocated. Most of the stock of unused numbers are on exchanges that have
not yet been allocated. Since something like 30% of subscribers sign up for
do not call the result is that dictonary attacks are easy.


Also we add out of service addresses that get spammed anyway to the list. So
the list is not an accurate way to find out if an address is in service or
not. Alan knows quite a few addresses that get spammed that are invalid.

 -Original Message-
 From: Hallam-Baker, Phillip [mailto:[EMAIL PROTECTED]
 Sent: Friday, November 21, 2003 7:21 PM
 To: 'Steve Schear'
 Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
 Subject: RE: [Asrg] Re: [Politech] Congress finally poised to vote on
 anti -spam bill [sp]
 
 
 We need to consider the technical workings of the do-not-spam 
 list and the
 requirements that we would like the FTC to meet.
 
 I propose as a minimum:
 
 1) Allow individual subscribers to list their email addresses with the
 service.
 2) Permit mail sender to quickly determine whether a given 
 email is on the
 list
 3) Be distributable in a form that does not permit use as a 
 mailing list.
 4) Permit the storage of attributes in association with each listing,
 minimally the date of subscription.
 
 In addition we might add:
 
 5) Allow domain name owners to list their domains.
 6) Provide for authentication of listing requests
 
 
 These requirements can be met using completely generic and to 
 my knowledge
 unencumbered technology. For the purposes of avoiding patent 
 encumberabces I
 disclose the following - I published note on the basic idea 
 of using a one
 way hash to conceal an email address on a do not spam list in 
 1995, I also
 implemented the scheme at that time. The idea is not entirely 
 novel, hash
 databases have been used for at least twenty years, there may also be
 similar ideas in the cryptography litterature.
 
 My proposal would be to use a message authentication function such as
 HMAC-SHA1 with a  key such as SHA1 (FTC Do Not Spam List) 
 to create a
 unique digest function for the purpose. There is a security 
 consideration
 here, use of a digest such as SHA1(email) might lead to 
 chosen protocol
 attacks.
 
 To add an individual email address [EMAIL PROTECTED] to the list we
 calculate HMAC ([EMAIL PROTECTED]) to create the key. A 
 domain may be
 represented by the string example.com.
 
 To determine whether the address [EMAIL PROTECTED] is on the 
 list it is
 necessary to test for both the specific email address and the domain.
 
 [This can be made to meet arbitrarily complex requirements]
 
 
 The list is distributed as a set of key/value pairs. Sorting the list
 according to the key values allows rapid lookups by means of 
 binary search,
 or since the hash function is guaranteed homogenous using 
 ranged search
 using the hash value as an estimator for the index position. It is not
 necessary to distribute the list sorted.
 
 There are also a few tricks that can be used to reduce the 
 usefulness of
 such a list for address validation.
 
 This same concept can be used to conceal the filter terms used in
 cersorware.
 
   Phill
 
 ___
 Asrg mailing list
 [EMAIL PROTECTED]
 https://www1.ietf.org/mailman/listinfo/asrg

Vivendi to Destroy MP3.com archive

[proclus]

Vivendi et al. about to demonstrate how they value artists and their
work.

http://www.kuro5hin.org/story/2003/11/21/14616/561

Somebody please tell me that this is a nightmare, and I am about to
wake up.

Regards,
proclus
http://www.gnu-darwin.org/

-- 
Visit proclus realm! http://proclus.tripod.com/
-BEGIN GEEK CODE BLOCK-
Version: 3.1
GMU/S d+@ s: a+ C UBULI$ P+ L+++() E--- W++ N- !o K- w--- !O
M++@ V-- PS+++ PE Y+ PGP-- t+++(+) 5+++ X+ R tv-(--)@ b !DI D- G e
h--- r+++ y
--END GEEK CODE BLOCK--





pgp0.pgp
Description: PGP signature

Re: Idea: GPG signatures within HTML - problem with inline objects

[Thomas Shaddack]

There is a problem with images and other inline objects. There is a
solution, too.

The objects included into the document can get their hash calculated and
included in their tag; eg,
IMG SRC=image.jpg HASH=SHA1:4e1243bd22c66e76c2ba9eddc1f91394e57f9f83
The tag has to be in the signed part of the document, so the hash can't be
tampered with.

Full digital signatures should be possible as well, eg.

IMG SRC=image.jpg SIGNATURE=http://where.is.the/signature.asc;

or

IMG SRC=image.jpg SIGNATURE=identifier
some HTML code here
SIGNATURE TYPE=gpg NAME=identifier!--
-BEGIN PGP SIGNATURE-
Version: GnuPG v0.9.11 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA31UOQaLeriVdUjc0RAjhBAJ4u1k5ex8+ZAtYi737GFXPOiBc51gCfU5+8
is2rD6L/6fIOWttfh5CYUW0=
=WOv2
-END PGP SIGNATURE-
--/SIGNATURE

This way doesn't depend on the part of the document being signed, as the
signature can't be effectively tampered with undetected anyway.


Same scheme could be used in A HREF tags, allowing automated checking of
signatures or hashes of downloaded binary files.

Re: Idea: GPG signatures within HTML

[Henryk Plötz]

Moin,

Am Sat, 22 Nov 2003 14:54:39 +0100 (CET) schrieb Thomas Shaddack:

 A trick with HTML (or SGML in general) tag and a comment, a browser
 plugin(or manual operation over saved source), and a GPG signature
 over part of the HTML file should do the job, with maintaining full
 backward compatibility and no problems for the users not using this
 scheme.

 Opinions, comments?

This is already done, although I'm not aware of any browser supporting
an automated verification. For an example look at the HTML source of
http://www.bundesverfassungsgericht.de/entscheidungen/frames/rk20030827_2bvr091103

-- 
Henryk Plvtz
Gr|_e aus Berlin
 Un-CDs, nein danke! http://www.heise.de/ct/cd-register/ ~~~
~~ Help Microsoft fight software piracy: Give Linux to a friend today! ~

Re: [Politech] Congress finally poised to vote on anti-spam bill [sp]

[Steve Schear]

At 04:13 PM 11/21/2003 -0600, Declan McCullagh [EMAIL PROTECTED] wrote:
A copy of the bill is here:
http://news.com.com/pdf/ne/2003/FINALSPAM.pdf
I interpret paragraph 1037(a)1 - 5 as possibly prohibiting the use of 
anonymous remailers, or proxies and nyms in registering email accounts, for 
the purpose of commercial speech.

steve 

RE: [Asrg] Re: [Politech] Congress finally poised to vote on anti -spam bill [sp]

[Hallam-Baker, Phillip]

We need to consider the technical workings of the do-not-spam list and the
requirements that we would like the FTC to meet.

I propose as a minimum:

1) Allow individual subscribers to list their email addresses with the
service.
2) Permit mail sender to quickly determine whether a given email is on the
list
3) Be distributable in a form that does not permit use as a mailing list.
4) Permit the storage of attributes in association with each listing,
minimally the date of subscription.

In addition we might add:

5) Allow domain name owners to list their domains.
6) Provide for authentication of listing requests


These requirements can be met using completely generic and to my knowledge
unencumbered technology. For the purposes of avoiding patent encumberabces I
disclose the following - I published note on the basic idea of using a one
way hash to conceal an email address on a do not spam list in 1995, I also
implemented the scheme at that time. The idea is not entirely novel, hash
databases have been used for at least twenty years, there may also be
similar ideas in the cryptography litterature.

My proposal would be to use a message authentication function such as
HMAC-SHA1 with a  key such as SHA1 (FTC Do Not Spam List) to create a
unique digest function for the purpose. There is a security consideration
here, use of a digest such as SHA1(email) might lead to chosen protocol
attacks.

To add an individual email address [EMAIL PROTECTED] to the list we
calculate HMAC ([EMAIL PROTECTED]) to create the key. A domain may be
represented by the string example.com.

To determine whether the address [EMAIL PROTECTED] is on the list it is
necessary to test for both the specific email address and the domain.

[This can be made to meet arbitrarily complex requirements]


The list is distributed as a set of key/value pairs. Sorting the list
according to the key values allows rapid lookups by means of binary search,
or since the hash function is guaranteed homogenous using ranged search
using the hash value as an estimator for the index position. It is not
necessary to distribute the list sorted.

There are also a few tricks that can be used to reduce the usefulness of
such a list for address validation.

This same concept can be used to conceal the filter terms used in
cersorware.

Phill

Toronto man charged with wardriving, possession of child pornography

[Tim Meehan]

http://www.torontopolice.on.ca/newsreleases/release.php?id=4732

November 21, 2003 - 01:20 pm

CHILD PORNOGRAPHY ARREST  USING STOLEN INTERNET SIGNAL

Corporate Communications
416-808-7100

On Wednesday November 19th, 2003 at approximately 5:03am, Sgt. Don Woods (7167)
of 11 Division observed the accused driving his car the wrong way on a one way
street in a residential subdivision in Toronto. The accused was investigated and
observed to be naked from the waist down. He had a laptop computer on the
passenger seat and on the screen was a young girl performing a sex act on an
older man. 


The laptop had a wireless adapter card (known as a WI-FI card) allowing the
accused to access the Internet through any insecure wireless Internet signal.
(known as War Driving) The accused was taken to 11 Division and members of the
Child Exploitation Section of the Sex Crimes Unit were called in. 


A lengthy investigation revealed that the accused also had been downloading
child pornography using KaZaa, a peer to peer file sharing program and had been
posing as a younger man in chatrooms to meet young girls. With the assistance of
the O.P.P.s Project P, a search warrant was executed at the residence of the
accused in Delhi, Ontario. 10 Computers and hundreds of compact discs containing
hundreds of thousands of images and movies of child pornography were recovered. 


Accused : Walter NOWAKOWSKI 
36 years 
Delhi, Ontario 
Charged : Possession of Child Pornography (2 Counts) 
Accessing Child Pornography 
Distribute Child Pornography 
Theft of Telecommunications 
Make Child Pornography 


The accused is in custody and will appear in courtroom #101 at Old City Hall, on
Monday November 24th, 2003, at 10:00 a.m. for a bail hearing.. 


The public is reminded that if they are operating a wireless network at their
home or business, their system needs to be secured against such actions.

Sgt. Jim Muscat for Detective Sergeant Paul Gillespie and Staff Inspector Bruce
Smollet

Idea: GPG signatures within HTML

[Thomas Shaddack]

Sometimes a problem appears with publishing information on the Web, when
the authenticity of document, especially a widely-distributed one, has to
be checked. I am not aware about any mechanism available presently.

A trick with HTML (or SGML in general) tag and a comment, a browser plugin
(or manual operation over saved source), and a GPG signature over part of
the HTML file should do the job, with maintaining full backward
compatibility and no problems for the users not using this scheme.

It should be possible to make this HTML construction:


HTML
BODY
blah blah blah blah blah unsigned irrelevant part of the document, eg.
headers and sidebars which change with the site design
SIGNED SCHEME=GPG!--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

--!
This is the PGP-signed part
of the HTML document.
!--

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.1.91 (MingW32) - GPGrelay v0.893

ihas7Ds9fXLR9ksWRdwNZXNA8SdshwAJ9zwXFDgvdg5G2mqXp5BD4Sx2ZmjwCfSs70
Kj8sQor6i+MUZBmp5pdM1vU=
=hIsR
-END PGP SIGNATURE-
--!/SIGNED
the unsigned rest of the HTML document
/BODY/HTML


The SIGNED.../SIGNED tags are ignored by browsers that don't know
them, and provide leads for eventual browser plugins.

The !-- -- comments are used to hide the signature from the user in
standard browsers.

The scheme is designed to allow signing only parts of documents, so they
could be published in fast-changing environments like blogs or on
dynamically generated pages, and to have many different signed parts on
one page. It should also allow manual checking of the signature, eg. by
curl http://url | gpg --verify

Feel free to use the idea if it is good.

Opinions, comments?

Drug policy activist *searched and detained* by notorious South Carolina principal after being invited onto school grounds

[Tim Meehan]

Report by Dan Goldman ([EMAIL PROTECTED]) of Students for Sensible Drug Policy
(http://www.ssdp.org)

Forwarded from Loretta Nall ([EMAIL PROTECTED]) of the US Marijuana
Party (http://www.usmjparty.com)


Loretta said:

This just in from my buddy Dan Goldman who is still on the ground in South
Carolina 

---

Now I promised you a good story and here it is... 

On Thursday when I went back to Stratford High School, I had a rather 
unexpected encounter. I started the day out as usual, passing out DPA's 
information, SSDP's stickers and a few of the SSDP t-shirts that I had 
left. At one point, a pair of teachers walked passed and I offered both of 
them the pamphlet and booklet. One of them asked What is it? and one of 
the students around him answered, It has to do with keeping our school 
drug-free. A heavy-set man whose name I later learned was Mr. Green, took 
both the pamphlet and the booklet. The man next to him, a younger, smaller 
teacher whose name I later learned was Mr. McCombs refused my offer. In my 
youthful exhuberance, I said some snide remark to the effect of, Way to 
set an example for your students by remaining ignorant. I know I shouldn't 
have said something like that and I didn't even think he heard me, but I 
was mistaken. Read on... 

Now, after most of the students dispersed, I did what I did the day before 
and walked through a muddy foot path, about 30 feet over to the school 
grounds to pass out a few more flyers. As I was walking back through the 
foot path to my car, I saw both of the teachers again and I kindly offered 
my last pamphlet to Mr. McCombs, who had neglected to take it before. This 
time he was very upset. He wanted to know why I would say what I said to 
him about staying ignorant. He said, I've been to college and I've been 
teaching for 4 years, don't you think I may know a little something about 
keeping kids drug-free? I said, You may know a little something, but you 
probably haven't been exposed to what's in this pamphlet, so why don't you 
take one and find out? He told me he didn't have time to read one and I 
suggested he do what most people do and put it in his pocket to read when 
he does have time. 

Mr. McCombs continued to wonder aloud why I thought it was necessary to 
undermine him in front of students and I continued to wonder to myself how 
one snide comment can undermine the authority of a teacher who has their 
attention every day for an hour? Now at this point, the two teachers began 
threatening me with this whole issue of tresspassing on school 
grounds. Since I was in fact on school grounds momentarily without 
permission, I really didn't want to get into it with them. I was about to 
leave with the excuse of another appointment (which was true, Ian Mance was 
arriving around 4:30pm and I wanted to see him as I've been staying at his 
parents' house for the last week) but then they made me an offer I couldn't 
refuse 

They offered to take me to see Principal McCrackin. Now, last week Mr. 
McCrackin had sent home a letter to parents offering to meet with any of 
them that still had concerns about the drug raid. However, according to 
the parents I've spoken with who've tried to meet with him, he's always 
busy. So I didn't think I would have the chance to meet the man behind the 
myth, and when the chance just presented itself like that, I thought it was 
too good to be true. 

Well, like everything too good to be true... It was! As I walked through 
the school, continuing my witty banter with the two teachers, we entered 
the principal's office and to my surprise, there were two officers of the 
law instead of one Principal. Immediately, one of them, a very big man 
named Cpl. Aucoin demanded my identification. Now having just seen BUSTED, 
I wasn't immediately inclined to give it to him. However I did tell him my 
name and I showed him the materials I was distributing. I asked Cpl. 
Aucoin if I was free to go and he said, No, that he was detaining 
me. The two teachers insisted they caught me tressassing and I corrected 
them and explained they encountered me in between the back of strip mall 
and the school grounds on that muddy foot path. Then, in came McCrackin... 

I'm not sure how many of you have seen a picture of George McCrackin, but 
he's in his mid to late 50's, I would guess, dark hair that's greying but 
looks like he colors it. He's about 5 ft. 7in tall and maybe 170 
lbs. He's a short, stout man, the kind with a Napolean complex of 
sorts. He looks tired beyond his years, like a man who has been at his job 
for too long. He's been principal of Stratford High School since it opened 
20 years ago and before that he was assistant Superintendent of Schools in 
North Charleston and a principal and teacher for years before that, so the 
man has been in education for quite some time -- his entire adult life, in 
fact. 

That he cares for children was evident from speaking to many people in the 
community, but that he pre-judges 

RE: DigiCash Saves PayPal?

[Scott Guthery]

Not to mention the pneumatic tube systems in department
stores that sent your charge plate upstairs for approval.

Those who do not learn from ... Oh, never mind.

Cheers, Scott

-Original Message-
From: R. A. Hettinga [mailto:[EMAIL PROTECTED]
Sent: Friday, November 21, 2003 3:20 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]; Digital Bearer Settlement List; [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]; InfoSec News; [EMAIL PROTECTED]
Subject: DigiCash Saves PayPal?


And Greg Aharonian, San Francisco-based patent expert, said eBay could get
the case dismissed if it finds a company or institution that developed its
own trusted intermediary or similar electronic payment system even
before ATT researchers filed for their patent.

Bingo.

Somebody at First Data should haul out the old DigiCash pitch-ware they
probably have laying around, and beat ATT over the head with it...

Cheers,
RAH
--


http://finance.lycos.com/qc/news/story.aspx?story=36570023

Lycos



 ATT: EBay, PayPal Infringe on Patents E-mail orPrint this story


20 November 2003, 6:03pm ET
By RACHEL KONRAD AP Business Writer

SAN JOSE, Calif. (AP) -- ATT Corp. reached out and smacked eBay Inc. with
a patent infringement lawsuit Thursday, claiming the online auction company
has been using a payment system that the telecommunications giant developed
more than a decade ago.

The case, filed in federal court in Delaware, comes on the heels of an
August verdict in which a Virginia judge ordered eBay to pay $29.5 million
to an inventor who accused the company of stealing his ideas for fixed
price sales formats.

ATT's suit demands that eBay pay an undisclosed amount in licensing fees
because its lucrative PayPal division functions as a trusted intermediary
between buyers and sellers who may not know each other.

The system _ widely regarded as critical to eBay's gangbuster growth and a
boon to e-commerce in general _ lets buyers provide credit card or bank
account information to a reliable third party instead of individual sellers
around the world. Buyers merely have to trust PayPal, and they don't have
to worry about disreputable sellers using sensitive financial data for
fraudulent purposes.

ATT says three senior engineers working for the phone company filed for a
patent in 1991 for exactly such a process, which they called Mediation of
Transactions by a Communication System. The patent was granted in 1994,
ATT said.

EBay spokesman Chris Donlay dismissed the lawsuit as meritless, and he
said customers should count on continuing to use PayPal.

EBay acquired PayPal in October 2002, and the division immediately became
an engine of profits for San Jose-based eBay, one of the few Silicon Valley
companies to emerge unscathed from the dot-com collapse.

PayPal produced $106.4 million in revenue in the third quarter of 2003,
nearly twice what it generated in the same period last year. More than 11
million people used PayPal to conduct transactions from July to September,
according to eBay's most recent earnings statement.

Before PayPal, eBay relied on a similar system called Billpoint, which is
also named in the lawsuit.

Mentioned
Last
Change

INDU
9605.7913.63 (0.14%)

EBAY
51.800.23 (0.44%)

T
19.630.53 (2.77%)

ATT spokesman Gary Morgenstern said the lawsuit is the result of more than
a year of negotiations between the two companies. EBay refused to pay any
licensing fees, he said.

ATT invests hundreds of millions of dollars every year in our research
and development efforts, which have yielded a sizable portfolio of patents
_ that's what we're vigorously protecting here, Morgenstern said. EBay
and PayPal have refused to compensate us for patented technology, and so
we're forced to take this to the courts.

Numerous inventors and small companies have sued or threatened to sue eBay,
and legal experts have been skeptical of many such claims. But some said
the newest plaintiff's heft gives the ATT lawsuit the credibility that
cases brought by obscure inventors and operators of now-defunct dot-coms
lacked.

To be sure, ATT's involvement makes this case different from others,
said Neil A. Smith of the San Francisco-based law firm Howard, Rice,
Nemerovski, Canady, Falk  Rabkin. ATT's a well respected company that
doesn't just wave around patent lawsuits unless there's some merit.

Others, however, said that ATT is unlikely to even force a settlement _
which is the way Amazon.com and Barnesandnoble.com resolved what might have
been the last such high-profile legal skirmish over Internet sales
strategies. That case, involving Amazon's one-click checkout method, was
filed in 1999 and settled last year. The companies have refused to disclose
the terms.

David Pressman, a San Francisco patent lawyer and author of Patent It
Yourself, said at least half of all patent infringement lawsuits are won
by the defense or eventually dropped before reaching the courtroom.

And Greg Aharonian, 

DigiCash Saves PayPal?

[R. A. Hettinga]

And Greg Aharonian, San Francisco-based patent expert, said eBay could get
the case dismissed if it finds a company or institution that developed its
own trusted intermediary or similar electronic payment system even
before ATT researchers filed for their patent.

Bingo.

Somebody at First Data should haul out the old DigiCash pitch-ware they
probably have laying around, and beat ATT over the head with it...

Cheers,
RAH
--


http://finance.lycos.com/qc/news/story.aspx?story=36570023

Lycos



 ATT: EBay, PayPal Infringe on Patents E-mail orPrint this story


20 November 2003, 6:03pm ET
By RACHEL KONRAD AP Business Writer

SAN JOSE, Calif. (AP) -- ATT Corp. reached out and smacked eBay Inc. with
a patent infringement lawsuit Thursday, claiming the online auction company
has been using a payment system that the telecommunications giant developed
more than a decade ago.

The case, filed in federal court in Delaware, comes on the heels of an
August verdict in which a Virginia judge ordered eBay to pay $29.5 million
to an inventor who accused the company of stealing his ideas for fixed
price sales formats.

ATT's suit demands that eBay pay an undisclosed amount in licensing fees
because its lucrative PayPal division functions as a trusted intermediary
between buyers and sellers who may not know each other.

The system _ widely regarded as critical to eBay's gangbuster growth and a
boon to e-commerce in general _ lets buyers provide credit card or bank
account information to a reliable third party instead of individual sellers
around the world. Buyers merely have to trust PayPal, and they don't have
to worry about disreputable sellers using sensitive financial data for
fraudulent purposes.

ATT says three senior engineers working for the phone company filed for a
patent in 1991 for exactly such a process, which they called Mediation of
Transactions by a Communication System. The patent was granted in 1994,
ATT said.

EBay spokesman Chris Donlay dismissed the lawsuit as meritless, and he
said customers should count on continuing to use PayPal.

EBay acquired PayPal in October 2002, and the division immediately became
an engine of profits for San Jose-based eBay, one of the few Silicon Valley
companies to emerge unscathed from the dot-com collapse.

PayPal produced $106.4 million in revenue in the third quarter of 2003,
nearly twice what it generated in the same period last year. More than 11
million people used PayPal to conduct transactions from July to September,
according to eBay's most recent earnings statement.

Before PayPal, eBay relied on a similar system called Billpoint, which is
also named in the lawsuit.

Mentioned
Last
Change

INDU
9605.7913.63 (0.14%)

EBAY
51.800.23 (0.44%)

T
19.630.53 (2.77%)

ATT spokesman Gary Morgenstern said the lawsuit is the result of more than
a year of negotiations between the two companies. EBay refused to pay any
licensing fees, he said.

ATT invests hundreds of millions of dollars every year in our research
and development efforts, which have yielded a sizable portfolio of patents
_ that's what we're vigorously protecting here, Morgenstern said. EBay
and PayPal have refused to compensate us for patented technology, and so
we're forced to take this to the courts.

Numerous inventors and small companies have sued or threatened to sue eBay,
and legal experts have been skeptical of many such claims. But some said
the newest plaintiff's heft gives the ATT lawsuit the credibility that
cases brought by obscure inventors and operators of now-defunct dot-coms
lacked.

To be sure, ATT's involvement makes this case different from others,
said Neil A. Smith of the San Francisco-based law firm Howard, Rice,
Nemerovski, Canady, Falk  Rabkin. ATT's a well respected company that
doesn't just wave around patent lawsuits unless there's some merit.

Others, however, said that ATT is unlikely to even force a settlement _
which is the way Amazon.com and Barnesandnoble.com resolved what might have
been the last such high-profile legal skirmish over Internet sales
strategies. That case, involving Amazon's one-click checkout method, was
filed in 1999 and settled last year. The companies have refused to disclose
the terms.

David Pressman, a San Francisco patent lawyer and author of Patent It
Yourself, said at least half of all patent infringement lawsuits are won
by the defense or eventually dropped before reaching the courtroom.

And Greg Aharonian, San Francisco-based patent expert, said eBay could get
the case dismissed if it finds a company or institution that developed its
own trusted intermediary or similar electronic payment system even before
ATT researchers filed for their patent.

The question is, did anyone else have trusted third parties in the 1980s?
My gut reaction is that they existed, said Aharonian, publisher of the
daily Internet Patent News Service newsletter. Some university professor
could have written an article on this, but no one paid attention and no
banks