***************************************************** Edupage is a service of EDUCAUSE, a nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology. *****************************************************
TOP STORIES FOR FRIDAY, JANUARY 06, 2006 US-VISIT Wants All 10 Fingers Printed Government Keeping Tabs When It Shouldn't Microsoft Releases WMF Patch Early EEF Seeks Protection for Computer Researchers Spammer Hit with $11.2 Billion Fine Microsoft Agrees to Close Chinese Blogger's Site US-VISIT WANTS ALL 10 FINGERS PRINTED Officials at the Department of Homeland Security (DHS) have announced a plan to begin requiring visitors to the United States to have all 10 of their fingers to be printed to be admitted to the country. Currently, the U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) program requires prints of two fingers; the change to 10 will reportedly increase both security and privacy and will decrease the number of visitors who must undergo a second inspection to enter or leave the country. DHS said biometric technology such as fingerprinting is already reliable, but the agency is working with technology vendors to develop products that are more accurate, faster, and more mobile. Federal Computer Week, 5 January 2006 http://www.fcw.com/article91877-01-05-06-Web GOVERNMENT KEEPING TABS WHEN IT SHOULDN'T Despite a federal directive forbidding the use of Web-tracking technologies for federal agencies, recent reports have shown that the majority of agencies do in fact employ permanent cookies or other tools that track users. The technologies can be used to identify repeat visitors to federal Web sites and sometimes to track users' surfing on nongovernmental sites. Last week, the Associated Press found that the National Security Agency was using permanent cookies (temporary cookies are allowed), a practice it has since discontinued. Separately, reporters at CNET News.com looked at the Web sites of all agencies listed in the U.S. Government Manual and evaluated what tracking tools they were using. Results showed dozens of agencies using tools that appear to contravene the directive, including sites for the military, cabinet departments, and election commissions. When contacted about the tracking tools, officials at many agencies reportedly said they were unaware that their sites used such technologies. Peter Swire, law professor at Ohio State University, who participated in the drafting of an earlier Web-tracking policy for the Clinton administration, said, "It's evidence that privacy is not being taken seriously." CNET, 5 January 2006 http://news.com.com/2100-1028_3-6018702.html MICROSOFT RELEASES WMF PATCH EARLY Responding to concerns that the recently disclosed Windows Meta File (WMF) vulnerability presented serious risk, Microsoft has released a patch ahead of the company's monthly patch release date. Microsoft said that testing of the patch was completed early and that there was "strong customer sentiment that the release should be made available as soon as possible." Some security experts, warning of the threat posed by the flaw, had even encouraged users to install a third-party patch developed by a European programmer. The patch is for Windows 2000, Windows XP, and Windows Server 2003; although Microsoft had earlier said the vulnerability also affected Windows 98 and Windows ME, the company now says those operating systems are not affected by the flaw. With the release, Microsoft acknowledged that the risk to unpatched systems is critical, though it said data indicated that the infection rate from attacks that exploit the weakness was low to moderate so far. Some security experts offered a different characterization of the situation, saying they have identified thousands of Web sites that exploit the flaw. ZDNet, 5 January 2006 http://news.zdnet.com/2100-1009_22-6020070.html EEF SEEKS PROTECTION FOR COMPUTER RESEARCHERS The Electronic Frontier Foundation (EFF) has called on Sony EMI to pledge not to pursue prosecution of computer researchers who investigate the security of the company's products. Last fall, the company was caught in a public outcry over technology included in music CDs. The technology installed itself on users' computers and scanned them for potentially illegal activities. The company has removed those tools from CDs, but security researchers believe they have reason to reverse engineer copy protections on EMI CDs, a practice which would violate not only the Digital Millennium Copyright Act but also EMI's end user license agreement. Fred von Lohmann, senior staff attorney with EFF, said, "When it comes to computer security, it pays to have as many independent experts kick the tires as possible, and that can only happen if EMI assures those experts that they won't be sued for their trouble." Internet News, 5 January 2006 http://www.internetnews.com/security/article.php/3575441 SPAMMER HIT WITH $11.2 BILLION FINE A court has slapped a Florida spammer with an $11.2 billion fine, setting a new precedent for fines against spammers, though the ruling is unlikely to have much effect on the volume of spam. Internet service provider CIS Internet Services, which provides Internet service to parts of Iowa and Illinois, had sued James McCalla for sending more than 28 million e-mail solicitations that fraudulently used the CIS domain as the return address. In addition to the fine, McCalla is forbidden from accessing the Internet for three years. Robert Kramer III, owner of CIS, welcomed the ruling, calling it the "economic death penalty," though he acknowledged that he does not expect to receive any of the money awarded. John Mozena, co-founder and vice president of the Coalition Against Unsolicited Commercial E-mail, said this and other rulings against spammers have not had a significant effect on the total volume of spam, which he estimated continues to be about two-thirds of all e-mail traffic. What is needed, he argued, rather than current laws, which only forbid deceptive or fraudulent spam, is a prohibition against all spam. Wired News, 5 January 2006 http://www.wired.com/news/politics/0,69966-0.html MICROSOFT AGREES TO CLOSE CHINESE BLOGGER'S SITE Following a formal request from Chinese officials, Microsoft has shut down the blog of a high-profile Chinese journalist. China is well known for censoring public speech it considers critical of the government, and Microsoft's actions are not the first in which non-Chinese companies have complied with Chinese authorities. Officials from Microsoft noted that if their services are to be available in China, the company must comply with local laws. As Brooke Richardson, a group product manager for MSN said, "We think it's better to be there with our services than not be there." Last year Yahoo was faulted by some for cooperating with Chinese officials, and it too stated then that a requirement of continuing operation in the country is to conform to local laws and regulations. Rebecca MacKinnon, a fellow at the Berkman Center for Internet and Society at Harvard Law School, expressed concerns on her blog about Microsoft's action. "Can we be sure," she said, "they won't do the same thing in response to potentially illegal demands by an overzealous government agency in our own country?" New York Times, 6 January 2006 (registration req'd) http://www.nytimes.com/2006/01/06/technology/06blog.html ***************************************************** EDUPAGE INFORMATION To subscribe, unsubscribe, change your settings, or access the Edupage archive, visit http://www.educause.edu/Edupage/639 Or, you can subscribe or unsubscribe by sending e-mail to [EMAIL PROTECTED] To SUBSCRIBE, in the body of the message type: SUBSCRIBE Edupage YourFirstName YourLastName To UNSUBSCRIBE, in the body of the message type: SIGNOFF Edupage If you have subscription problems, send e-mail to [EMAIL PROTECTED] ***************************************************** OTHER EDUCAUSE RESOURCES The EDUCAUSE Resource Center is a repository for information concerning use and management of IT in higher education. To access resources including articles, books, conference sessions, contracts, effective practices, plans, policies, position descriptions, and blog content, go to http://www.educause.edu/resources ***************************************************** CONFERENCES For information on all EDUCAUSE learning and networking opportunities, see http://www.educause.edu/31 ***************************************************** COPYRIGHT Edupage copyright (c) 2006, EDUCAUSE
