> From: “DM”
> Date: Mon Mar 17, 2003 11:19:29 AM US/Pacific
> To: “Ian Andrew Bell”
> Subject: FW: MORE DIXIE CHICKS
>
> And a little more on the Dixie Babes…
>
>  
>
>  
>
> Subject:MORE DIXIE CHICKS
>
>  
>
> Subject: THIS IS SCARY – The Dixie Chicks – Who Are The Fans? (A
> Conspiracy!)
>
> Simon Renshaw, the Chicks’ manager, requests that this get forwarded to
> you, since he doesn’t have your direct E-mails.
>
> Dear All,
>
> The last couple of days have been very interesting, why does an artist
> exercising her rights of free speech create such a firestorm of media
> attention, and why are the “fans” responding the way they are? Sure,
> these are difficult times ? but the response from the fan’s seems far
> too extreme
> – that was until I received the following email from our contacts at
> Lipton, who had received it from a concerned citizen -  please read > on:
>
> Subject: Regarding Chicks – DO NOT BE INTIMIDATED
>
> Hello
>
> You should know that your company is being targetted by a radical
> right-wing online forum.  You are being “FReeped”, which is the code
> word for an organized email/telephone effort attempting to solicit a
> desired response. Please go to
> http://www.freerepublic.com/focus/news/864728/posts
> and http://www.freerepublic.com/focus/news/863398/posts
>
> for evidence of this.
>
> www.freerepublic.com claims over 30,000 members.
>
> The opinions on this forum are often racist, violent, and homophobic.
> I hope you will not feel pressured by them to change your policies.
> Keep in mind that they are very active and will give the appearance of
> a widespread reaction when in fact it’s limited to their isolated
> group. These are not people you want to cater to, as you will see if
> you spend a little time observing them. And don’t feel bad. Besides
> you, they are boycotting Canada, France, Germany, Russia, Mexico,
> Belgium, and 3/4 of hollywood.
>
> They are so petty that they research goods they believe are produced
> by these nations and list them for boycotting. The dumb thing is they
> get it wrong half the time.
>
> I will be very dissappointed with Lipton if it tries to appease these
> radicals. I would continue to buy Lipton regardless though 🙂
>
> When we went to the site it was clear what was going on, this
> organization had not targeted Lipton for their campaign, they had
> selected the Chicks for “FReeping.”
>
> As we reviewed the site we came across a whole area that was devoted
> to the Chicks, and more specifically the activities of the campaign
> against them, check it out:
>
> http://www.freerepublic.com/focus/news/keyword/dixiechicks
>
> As you move around this area and start to look at specific threads you
> will see that these people have actively manipulated radio polls, and
> how proud they are of their handiwork.
>
> Here’s some of their exchanges regarding their specific attempts to
> manipulate radio polls, notice the advice given on trying to ensure
> that their manipulations remain disguised:
>
> To: webfooter
>
> Cat Country in Harrisburg has a poll on whether they should stop
> playing the Chicks. They attribute the quote to Natalie.
>
> Current vote is 5 for and 5 against.
> I would recommend only locals vote, but you FReepers can do what you
> want.
> Shalom.
>
> To: webfooter; LindaSOG; Kathy in Alaska; radu; bentfeather;
> southerngrit;
> Bethbg79; All
>
> One of the country stations in my area is boycotting them: Here’s the
> link! Please freepmail them thanks! I have done so already!!
>
> WCMS
>
>
> 38 posted on 03/13/2003 1:52 PM PST by MoJo2001 (God Bless Our Troops
> and Allies!!)
> [ Post Reply | Private Reply | To 1 | View Replies ]
>
> To: All
>
> LOL!! Um, email them! Don’t freepmail them! My bad!
>
> 39 posted on 03/13/2003 1:52 PM PST by MoJo2001 (God Bless Our Troops
> and
> Allies!!)
> [ Post Reply | Private Reply | To 38 | View Replies ]
>
> To: MoJo2001
>
> FReep Natalie Maines’ hometown country station! Natelie Maines’ home
> radio station (KLLL.com) and email address of the DJ’s. Just in case
> anybody wants to drop them a friendly email about boycotting the
> Chicks. As a bonus, pappa and the family live here too, so you are
> sure to get noticed.
>
> And here are the emails:
> mailto:jonsteele [at] klll [dot] com (Jon Steele)
> mailto:Rgilbert [at] klll [dot] com (Rick Gilbert)
> mailto:sjames [at] klll [dot] com (Stacey James)
> mailto:tony [at] klll [dot] com (Tony Alexander)
> mailto:info [at] klll [dot] com (Jay Richards)
> mailto:kgreene [at] klll [dot] com (Kelly Greene)
> mailto:tommy [at] klll [dot] com (Tommy Duncan)
>
>
> The above is the tip of the iceberg,  you need to read it all, to
> believe it.
>
> It is interesting that as I review the comments being made across
> bulletin boards hosted by ourselves, country radio stations, and by
> CMT, the similarity of the style of the invective ? vitriol cloaked in
> patriotism, very much what you will find on this site.
>
> Let no one underestimate the power of this group, yesterday our web
> site was totally overrun and had to be closed down, our publicist’s
> servers and telephone system failed under the weight of the calls.
> This is an extremely active and well organized group
>
> As always the “squeaky wheel gets the grease” and these weasels know
> how to squeak.
>
> Consider a radio station that receives 1,000 calls and emails from
> listeners demanding that they boycott the Chicks music, they ignore
> the fact that 17,500 fans have bought tickets to a show in a couple of
> months and seem to think that these 1,000 calls/emails are somehow
> reflective of their audiences’ wishes. Yet, the box office at the
> local venue receives only 3 calls regarding the show and wanting to
> know if they can arrange to return the tickets! Now the authenticity
> of the 1,000 is in question!
>
> I am shocked by what I see, I trust you will be too.
>
> Best wishes,
> Sr
>
> Simon Renshaw
> The Firm
> 9465 Wilshire Blvd
> 5th Floor
> Beverly Hills, CA 90212
> Tel: 310-860-8205
> Fax: 310-860-8128
> Email: srenshaw [at] firmentertainment [dot] net
>
>
>
>
> RadioPro (TM)
>

The US space agency (Nasa) has cancelled the book intended to challenge the conspiracy theorists who claim the Moon landings were a hoax.

Nasa declined to comment specifically on the reasons for dropping the publication, but it is understood the decision resulted from the bad publicity that followed the announcement of the project.

Criticism that Nasa was displaying poor judgement and a lack of confidence in commissioning the book caused it to abort the project, agency spokesman Bob Jacobs said.

Astronaut on moonwalk, Nasa Oberg will still write the book Nasa had hired aerospace writer Jim Oberg for the job on a fee of $15,000.

He says he will still do the work, although it will now be an unofficial publication with alternative funding.

The book will deliver a point-by-point rebuttal of the theory that the Apollo landings were faked in a movie studio, to convince the world that the US had beaten the Soviets to the Moon.

It will explain why in still and video footage of the landings, no stars can be seen in the Moon sky, why a flag appears to ripple on the atmosphere-free satellite and why shadows fall in strange directions – all “facts”, conspiracy theorists say, point to a hoax.

Some commentators had said that in making the Oberg book an official Nasa publication, the agency was actually giving a certain credibility to the hoax theory.

On Thursday, November 7, 2002, at 02:02 PM, Ian Andrew Bell wrote:

> http://news.bbc.co.uk/1/hi/sci/tech/2410431.stm
>
> Thursday, 7 November, 2002, 19:16 GMT
> Nasa challenges Moon hoax claims
> Training for the Moonlandings, Nasa
> Lights, camera, action: Training for the Moon landings
> By Dr David Whitehouse
> BBC News Online science editor
>
> For years there have been rumours that the Apollo lunar landings were
> faked, staged on a movie set to convince the world that the US had
> beaten the Soviets to the Moon.
>
> And, despite evidence to the contrary, the belief that the “one small
> step for man” was a sham continues to spread.
>
> Now, having tried to stay above the rumours, the US space agency
> (Nasa) has finally got fed up with the conspiracy theorists and asked
> James Oberg, a leading aerospace writer, to produce a book that it
> hopes will settle the issue.
>
> Buzz Aldrin – former US astronaut and second man on Moon
> Buzz Aldrin: Angry at claims that landing was faked
>
> But will it work, or will it just add a certain credibility to the
> hoax theory?
>
> Flags that ripple on the airless Moon, discrepancies in the part
> numbers of lunar lander components, shadows that point in the wrong
> direction, the lack of stars seen in the sky – these are all “facts”
> that have fuelled the conspiracy theory.
>
> It is claimed that the six Apollo landings took place in a hangar on a
> secret military base.
>
> Over the years, every one of the lines of evidence has been
> discredited but the rumours refuse to go away.
>
> In September, Buzz Aldrin, the second man to walk on the Moon, punched
> a man in the face after he had confronted the former astronaut at a
> Beverly Hills hotel.
>
> Bart Sibrel – who has made a film questioning the Apollo Moon missions
> – had demanded that Mr Aldrin, 72, swear on the Bible that he had in
> fact walked on the Moon.
>
> Prosecutors declined to file assault charges against Mr Aldrin.
>
> Truth out there
>
> Tackling the conspiracy theory head-on in an official book was the
> idea of Nasa’s former chief historian Roger Launius.
>
> Flag, Nasa
> Lunar flag: Not fluttering
>
> He says that hardcore conspiracy theorists are not the book’s main
> audience, as they will never be convinced of the truth.
>
> Instead, it will be aimed at the general public and especially
> teachers, giving them the science to answer questions in class.
>
> Doubters will no doubt dismiss the new book as just another attempt by
> the establishment to cover up the truth.
>
> Nasa says the rippling flag is easily explained by the fact that the
> astronauts twisted it as they planted it in the soil.
>
> The stars are not visible in the lunar sky because of the bright
> landscape and the light from the Earth drowning them out.
>
> In a few years a definite answer could be possible.
>
> A private company, Transorbital, will place a private high-resolution
> satellite into orbit around the Moon. It should have the power to see
> the Apollo hardware left on the surface.
>
>
> ———–
> FoIB mailing list — Bits, Analysis, Digital Group Therapy
> https://ianbell.com:8888/foib.html

———–

Thursday, 7 November, 2002, 19:16 GMT Nasa challenges Moon hoax claims Training for the Moonlandings, Nasa Lights, camera, action: Training for the Moon landings By Dr David Whitehouse BBC News Online science editor

For years there have been rumours that the Apollo lunar landings were faked, staged on a movie set to convince the world that the US had beaten the Soviets to the Moon.

And, despite evidence to the contrary, the belief that the “one small step for man” was a sham continues to spread.

Now, having tried to stay above the rumours, the US space agency (Nasa) has finally got fed up with the conspiracy theorists and asked James Oberg, a leading aerospace writer, to produce a book that it hopes will settle the issue.

Buzz Aldrin – former US astronaut and second man on Moon Buzz Aldrin: Angry at claims that landing was faked

But will it work, or will it just add a certain credibility to the hoax theory?

Flags that ripple on the airless Moon, discrepancies in the part numbers of lunar lander components, shadows that point in the wrong direction, the lack of stars seen in the sky – these are all “facts” that have fuelled the conspiracy theory.

It is claimed that the six Apollo landings took place in a hangar on a secret military base.

Over the years, every one of the lines of evidence has been discredited but the rumours refuse to go away.

In September, Buzz Aldrin, the second man to walk on the Moon, punched a man in the face after he had confronted the former astronaut at a Beverly Hills hotel.

Bart Sibrel – who has made a film questioning the Apollo Moon missions – had demanded that Mr Aldrin, 72, swear on the Bible that he had in fact walked on the Moon.

Prosecutors declined to file assault charges against Mr Aldrin.

Truth out there

Tackling the conspiracy theory head-on in an official book was the idea of Nasa’s former chief historian Roger Launius.

Flag, Nasa Lunar flag: Not fluttering

He says that hardcore conspiracy theorists are not the book’s main audience, as they will never be convinced of the truth.

Instead, it will be aimed at the general public and especially teachers, giving them the science to answer questions in class.

Doubters will no doubt dismiss the new book as just another attempt by the establishment to cover up the truth.

Nasa says the rippling flag is easily explained by the fact that the astronauts twisted it as they planted it in the soil.

The stars are not visible in the lunar sky because of the bright landscape and the light from the Earth drowning them out.

In a few years a definite answer could be possible.

A private company, Transorbital, will place a private high-resolution satellite into orbit around the Moon. It should have the power to see the Apollo hardware left on the surface.

———–

To stop the rampant theft of expensive cars, manufacturers in the 1990s began to make ignitions very difficult to hot-wire. This reduced the likelihood that cars would be stolen from parking lots— but apparently contributed to the sudden appearance of a new and more dangerous crime, carjacking. After a vote against management Vivendi Universal announced earlier this year that its electronic shareholder-voting system, which it had adopted to tabulate votes efficiently and securely, had been broken into by hackers. Because the new system eliminated the old paper ballots, recounting the votes—or even independently verifying that the attack had occurred—was impossible. To help merchants verify and protect the identity of their customers, marketing firms and financial institutions have created large computerized databases of personal information: Social Security numbers, credit-card numbers, telephone numbers, home addresses, and the like. With these databases being increasingly interconnected by means of the Internet, they have become irresistible targets for criminals. From 1995 to 2000 the incidence of identity theft tripled. s was often the case, Bruce Schneier was thinking about a really terrible idea. We were driving around the suburban-industrial wasteland south of San Francisco, on our way to a corporate presentation, while Schneier looked for something to eat not purveyed by a chain restaurant. This was important to Schneier, who in addition to being America’s best-known ex-cryptographer is a food writer for an alternative newspaper in Minneapolis, where he lives. Initially he had been sure that in the crazy ethnic salad of Silicon Valley it would be impossible not to find someplace of culinary interest—a Libyan burger stop, a Hmong bagelry, a Szechuan taco stand. But as the rented car swept toward the vast, amoeboid office complex that was our destination, his faith slowly crumbled. Bowing to reality, he parked in front of a nondescript sandwich shop, disappointment evident on his face. Schneier is a slight, busy man with a dark, full, closely cropped beard. Until a few years ago he was best known as a prominent creator of codes and ciphers; his book Applied Cryptography (1993) is a classic in the field. But despite his success he virtually abandoned cryptography in 1999 and co-founded a company named Counterpane Internet Security. Counterpane has spent considerable sums on advanced engineering, but at heart the company is dedicated to bringing one of the oldest forms of policing—the cop on the beat— to the digital realm. Aided by high-tech sensors, human guards at Counterpane patrol computer networks, helping corporations and governments to keep their secrets secret. In a world that is both ever more interconnected and full of malice, this is a task of considerable difficulty and great importance. It is also what Schneier long believed cryptography would do—which brings us back to his terrible idea. “Pornography!” he exclaimed. If the rise of the Internet has shown anything, it is that huge numbers of middle-class, middle-management types like to look at dirty pictures on computer screens. A good way to steal the corporate or government secrets these middle managers are privy to, Schneier said, would be to set up a pornographic Web site. The Web site would be free, but visitors would have to register to download the naughty bits. Registration would involve creating a password—and here Schneier’s deep-set blue eyes widened mischievously. People have trouble with passwords. The idea is to have a random string of letters, numbers, and symbols that is easy to remember. Alas, random strings are by their nature hard to remember, so people use bad but easy-to-remember passwords, such as “hello” and “password.” (A survey last year of 1,200 British office workers found that almost half chose their own name, the name of a pet, or that of a family member as a password; others based their passwords on the names Darth Vader and Homer Simpson.) Moreover, computer users can’t keep different passwords straight, so they use the same bad passwords for all their accounts. Many of his corporate porn surfers, Schneier predicted, would use for the dirty Web site the same password they used at work. Not only that, many users would surf to the porn site on the fast Internet connection at the office. The operators of Schneier’s nefarious site would thus learn that, say, “Joesmith,” who accessed the Web site from Anybusiness.com, used the password “JoeS.” By trying to log on at Anybusiness.com as “Joesmith,” they could learn whether “JoeS” was also the password into Joesmith’s corporate account. Often it would be. “In six months you’d be able to break into Fortune 500 companies and government agencies all over the world,” Schneier said, chewing his nondescript meal. “It would work! It would work—that’s the awful thing.” uring the 1990s Schneier was a field marshal in the disheveled army of computer geeks, mathematicians, civil-liberties activists, and libertarian wackos that—in a series of bitter lawsuits that came to be known as the Crypto Wars—asserted the right of the U.S. citizenry to use the cryptographic equivalent of kryptonite: ciphers so powerful they cannot be broken by any government, no matter how long and hard it tries. Like his fellows, he believed that “strong crypto,” as these ciphers are known, would forever guarantee the privacy and security of information—something that in the Information Age would be vital to people’s lives. “It is insufficient to protect ourselves with laws,” he wrote in Applied Cryptography. “We need to protect ourselves with mathematics.” Schneier’s side won the battle as the nineties came to a close. But by that time he had realized that he was fighting the wrong war. Crypto was not enough to guarantee privacy and security. Failures occurred all the time—which was what Schneier’s terrible idea demonstrated. No matter what kind of technological safeguards an organization uses, its secrets will never be safe while its employees are sending their passwords, however unwittingly, to pornographers—or to anyone else outside the organization. The Parable of the Dirty Web Site illustrates part of what became the thesis of Schneier’s most recent book, Secrets and Lies (2000): The way people think about security, especially security on computer networks, is almost always wrong. All too often planners seek technological cure-alls, when such security measures at best limit risks to acceptable levels. In particular, the consequences of going wrong—and all these systems go wrong sometimes—are rarely considered. For these reasons Schneier believes that most of the security measures envisioned after September 11 will be ineffective, and that some will make Americans less safe. It is now a year since the World Trade Center was destroyed. Legislators, the law-enforcement community, and the Bush Administration are embroiled in an essential debate over the measures necessary to prevent future attacks. To armor-plate the nation’s security they increasingly look to the most powerful technology available: retina, iris, and fingerprint scanners; “smart” driver’s licenses and visas that incorporate anti-counterfeiting chips; digital surveillance of public places with face-recognition software; huge centralized databases that use data-mining routines to sniff out hidden terrorists. Some of these measures have already been mandated by Congress, and others are in the pipeline. State and local agencies around the nation are adopting their own schemes. More mandates and more schemes will surely follow. Schneier is hardly against technology—he’s the sort of person who immediately cases public areas for outlets to recharge the batteries in his laptop, phone, and other electronic prostheses. “But if you think technology can solve your security problems,” he says, “then you don’t understand the problems and you don’t understand the technology.” Indeed, he regards the national push for a high-tech salve for security anxieties as a reprise of his own early and erroneous beliefs about the transforming power of strong crypto. The new technologies have enormous capacities, but their advocates have not realized that the most critical aspect of a security measure is not how well it works but how well it fails. The Crypto Wars f mathematicians from the 1970s were suddenly transported through time to the present, they would be happily surprised by developments such as the proofs to Kepler’s conjecture (proposed in 1611, confirmed in 1998) and to Fermat’s last theorem (1637, 1994). But they would be absolutely astonished by the RSA Conference, the world’s biggest trade show for cryptographers. Sponsored by the cryptography firm RSA Security, the conferences are attended by as many as 10,000 cryptographers, computer scientists, network managers, and digital-security professionals. What would amaze past mathematicians is not just the number of conferences but that they exist at all. Sidebar: Why the Maginot Line Failed “In fact, the Maginot Line, the chain of fortifications on France’s border with Germany, was indicative neither of despair about defeating Germany nor of thought mired in the past….” Cryptology is a specialized branch of mathematics with some computer science thrown in. As recently as the 1970s there were no cryptology courses in university mathematics or computer-science departments; nor were there crypto textbooks, crypto journals, or crypto software. There was no private crypto industry, let alone venture-capitalized crypto start-ups giving away key rings at trade shows (crypto key rings—techno-humor). Cryptography, the practice of cryptology, was the province of a tiny cadre of obsessed amateurs, the National Security Agency, and the NSA’s counterparts abroad. Now it is a multibillion-dollar field with applications in almost every commercial arena. As one of the people who helped to bring this change about, Schneier is always invited to speak at RSA conferences. Every time, the room is too small, and overflow crowds, eager to hear their favorite guru, force the session into a larger venue, which is what happened when I saw him speak at an RSA conference in San Francisco’s Moscone Center last year. There was applause from the hundreds of seated cryptophiles when Schneier mounted the stage, and more applause from the throng standing in the aisles and exits when he apologized for the lack of seating capacity. He was there to talk about the state of computer security, he said. It was as bad as ever, maybe getting worse. In the past security officers were usually terse ex-military types who wore holsters and brush cuts. But as computers have become both attackers’ chief targets and their chief weapons, a new generation of security professionals has emerged, drawn from the ranks of engineering and computer science. Many of the new guys look like people the old guard would have wanted to arrest, and Schneier is no exception. Although he is a co-founder of a successful company, he sometimes wears scuffed black shoes and pants with a wavering press line; he gathers his thinning hair into a straggly ponytail. Ties, for the most part, are not an issue. Schneier’s style marks him as a true nerd—someone who knows the potential, both good and bad, of technology, which in our technocentric era is an asset. Schneier was raised in Brooklyn. He got a B.S. in physics from the University of Rochester in 1985 and an M.S. in computer science from American University two years later. Until 1991 he worked for the Department of Defense, where he did things he won’t discuss. Lots of kids are intrigued by codes and ciphers, but Schneier was surely one of the few to ask his father, a lawyer and a judge, to write secret messages for him to analyze. On his first visit to a voting booth, with his mother, he tried to figure out how she could cheat and vote twice. He didn’t actually want her to vote twice—he just wanted, as he says, to “game the system.” Unsurprisingly, someone so interested in figuring out the secrets of manipulating the system fell in love with the systems for manipulating secrets. Schneier’s childhood years, as it happened, were a good time to become intrigued by cryptography—the best time in history, in fact. In 1976 two researchers at Stanford University invented an entirely new type of encryption, public-key encryption, which abruptly woke up the entire field. Public-key encryption is complicated in detail but simple in outline. All ciphers employ mathematical procedures called algorithms to transform messages from their original form into an unreadable jumble. (Cryptographers work with ciphers and not codes, which are spy-movie-style lists of prearranged substitutes for letters, words, or phrases—”meet at the theater” for “attack at nightfall.”) Most ciphers use secret keys: mathematical values that plug into the algorithm. Breaking a cipher means figuring out the key. In a kind of mathematical sleight of hand, public-key encryption encodes messages with keys that can be published openly and decodes them with different keys that stay secret and are effectively impossible to break using today’s technology. (A more complete explanation of public-key encryption will soon be available on The Atlantic’s Web site, www.theatlantic.com.) The best-known public-key algorithm is the RSA algorithm, whose name comes from the initials of the three mathematicians who invented it. RSA keys are created by manipulating big prime numbers. If the private decoding RSA key is properly chosen, guessing it necessarily involves factoring a very large number into its constituent primes, something for which no mathematician has ever devised an adequate shortcut. Even if demented government agents spent a trillion dollars on custom factoring computers, Schneier has estimated, the sun would likely go nova before they cracked a message enciphered with a public key of sufficient length. Schneier and other technophiles grasped early how important computer networks would become to daily life. They also understood that those networks were dreadfully insecure. Strong crypto, in their view, was an answer of almost magical efficacy. Even federal officials believed that strong crypto would Change Everything Forever—except they thought the change would be for the worse. Strong encryption “jeopardizes the public safety and national security of this country,” Louis Freeh, then the director of the (famously computer-challenged) Federal Bureau of Investigation, told Congress in 1995. “Drug cartels, terrorists, and kidnappers will use telephones and other communications media with impunity knowing that their conversations are immune” from wiretaps. The Crypto Wars erupted in 1991, when Washington attempted to limit the spread of strong crypto. Schneier testified before Congress against restrictions on encryption, campaigned for crypto freedom on the Internet, co-wrote an influential report on the technical snarls awaiting federal plans to control cryptographic protocols, and rallied 75,000 crypto fans to the cause in his free monthly e-mail newsletter, Crypto-Gram. Most important, he wrote Applied Cryptography, the first-ever comprehensive guide to the practice of cryptology. Washington lost the wars in 1999, when an appellate court ruled that restrictions on cryptography were illegal, because crypto algorithms were a form of speech and thus covered by the First Amendment. After the ruling the FBI and the NSA more or less surrendered. In the sudden silence the dazed combatants surveyed the battleground. Crypto had become widely available, and it had indeed fallen into unsavory hands. But the results were different from what either side had expected. As the crypto aficionados had envisioned, software companies inserted crypto into their products. On the “Tools” menu in Microsoft Outlook, for example, “encrypt” is an option. And encryption became big business, as part of the infrastructure for e-commerce—it is the little padlock that appears in the corner of Net surfers’ browsers when they buy books at Amazon.com, signifying that credit-card numbers are being enciphered. But encryption is rarely used by the citizenry it was supposed to protect and empower. Cryptophiles, Schneier among them, had been so enraptured by the possibilities of uncrackable ciphers that they forgot they were living in a world in which people can’t program VCRs. Inescapably, an encrypted message is harder to send than an unencrypted one, if only because of the effort involved in using all the extra software. So few people use encryption software that most companies have stopped selling it to individuals. Sidebar: The Worm in the Machine “Buffer overflows (sometimes called stack smashing) are the most common form of security vulnerability in the last ten years….” Among the few who do use crypto are human-rights activists living under dictatorships. But, just as the FBI feared, terrorists, child pornographers, and the Mafia use it too. Yet crypto has not protected any of them. As an example, Schneier points to the case of Nicodemo Scarfo, who the FBI believed was being groomed to take over a gambling operation in New Jersey. Agents surreptitiously searched his office in 1999 and discovered that he was that rarity, a gangster nerd. On his computer was the long-awaited nightmare for law enforcement: a crucial document scrambled by strong encryption software. Rather than sit by, the FBI installed a “keystroke logger” on Scarfo’s machine. The logger recorded the decrypting key— or, more precisely, the passphrase Scarfo used to generate that key— as he typed it in, and gained access to his incriminating files. Scarfo pleaded guilty to charges of running an illegal gambling business on February 28 of this year. Schneier was not surprised by this demonstration of the impotence of cryptography. Just after the Crypto Wars ended, he had begun writing a follow-up to Applied Cryptography. But this time Schneier, a fluent writer, was blocked—he couldn’t make himself extol strong crypto as a security panacea. As Schneier put it in Secrets and Lies, the very different book he eventually did write, he had been portraying cryptography—in his speeches, in his congressional testimony, in Applied Cryptography—as “a kind of magic security dust that [people] could sprinkle over their software and make it secure.” It was not. Nothing could be. Humiliatingly, Schneier discovered that, as a friend wrote him, “the world was full of bad security systems designed by people who read Applied Cryptography.” In retrospect he says, “Crypto solved the wrong problem.” Ciphers scramble messages and documents, preventing them from being read while, say, they are transmitted on the Internet. But the strongest crypto is gossamer protection if malevolent people have access to the computers on the other end. Encrypting transactions on the Internet, the Purdue computer scientist Eugene Spafford has remarked, “is the equivalent of arranging an armored car to deliver credit-card information from someone living in a cardboard box to someone living on a park bench.” To effectively seize control of Scarfo’s computer, FBI agents had to break into his office and physically alter his machine. Such black-bag jobs are ever less necessary, because the rise of networks and the Internet means that computers can be controlled remotely, without their operators’ knowledge. Huge computer databases may be useful, but they also become tempting targets for criminals and terrorists. So do home computers, even if they are connected only intermittently to the Web. Hackers look for vulnerable machines, using software that scans thousands of Net connections at once. This vulnerability, Schneier came to think, is the real security issue. With this realization he closed Counterpane Systems, his five-person crypto-consulting company in Chicago, in 1999. He revamped it and reopened immediately in Silicon Valley with a new name, Counterpane Internet Security, and a new idea—one that relied on old-fashioned methods. Counterpane would still keep data secret. But the lessons of the Crypto Wars had given Schneier a different vision of how to do that—a vision that has considerable relevance for a nation attempting to prevent terrorist crimes. here Schneier had sought one overarching technical fix, hard experience had taught him the quest was illusory. Indeed, yielding to the American penchant for all-in-one high-tech solutions can make us less safe—especially when it leads to enormous databases full of confidential information. Secrecy is important, of course, but it is also a trap. The more secrets necessary to a security system, the more vulnerable it becomes. To forestall attacks, security systems need to be small-scale, redundant, and compartmentalized. Rather than large, sweeping programs, they should be carefully crafted mosaics, each piece aimed at a specific weakness. The federal government and the airlines are spending millions of dollars, Schneier points out, on systems that screen every passenger to keep knives and weapons out of planes. But what matters most is keeping dangerous passengers out of airline cockpits, which can be accomplished by reinforcing the door. Similarly, it is seldom necessary to gather large amounts of additional information, because in modern societies people leave wide audit trails. The problem is sifting through the already existing mountain of data. Calls for heavy monitoring and record-keeping are thus usually a mistake. (“Broad surveillance is a mark of bad security,” Schneier wrote in a recent Crypto-Gram.) To halt attacks once they start, security measures must avoid being subject to single points of failure. Computer networks are particularly vulnerable: once hackers bypass the firewall, the whole system is often open for exploitation. Because every security measure in every system can be broken or gotten around, failure must be incorporated into the design. No single failure should compromise the normal functioning of the entire system or, worse, add to the gravity of the initial breach. Finally, and most important, decisions need to be made by people at close range—and the responsibility needs to be given explicitly to people, not computers. Unfortunately, there is little evidence that these principles are playing any role in the debate in the Administration, Congress, and the media about how to protect the nation. Indeed, in the argument over policy and principle almost no one seems to be paying attention to the practicalities of security—a lapse that Schneier, like other security professionals, finds as incomprehensible as it is dangerous. Stealing Your Thumb couple of months after September 11, I flew from Seattle to Los Angeles to meet Schneier. As I was checking in at Sea-Tac Airport, someone ran through the metal detector and disappeared onto the little subway that runs among the terminals. Although the authorities quickly identified the miscreant, a concession stand worker, they still had to empty all the terminals and re-screen everyone in the airport, including passengers who had already boarded planes. Masses of unhappy passengers stretched back hundreds of feet from the checkpoints. Planes by the dozen sat waiting at the gates. I called Schneier on a cell phone to report my delay. I had to shout over the noise of all the other people on their cell phones making similar calls. “What a mess,” Schneier said. “The problem with airport security, you know, is that it fails badly.” For a moment I couldn’t make sense of this gnomic utterance. Then I realized he meant that when something goes wrong with security, the system should recover well. In Seattle a single slip-up shut down the entire airport, which delayed flights across the nation. Sea-Tac, Schneier told me on the phone, had no adequate way to contain the damage from a breakdown—such as a button installed near the x-ray machines to stop the subway, so that idiots who bolt from checkpoints cannot disappear into another terminal. The shutdown would inconvenience subway riders, but not as much as being forced to go through security again after a wait of several hours. An even better idea would be to place the x-ray machines at the departure gates, as some are in Europe, in order to scan each group of passengers closely and minimize inconvenience to the whole airport if a risk is detected—or if a machine or a guard fails. Schneier was in Los Angeles for two reasons. He was to speak to ICANN, the Internet Corporation for Assigned Names and Numbers, which controls the “domain name system” of Internet addresses. It is Schneier’s belief that attacks on the address database are the best means of taking down the Internet. He also wanted to review Ginza Sushi-Ko, perhaps the nation’s most exclusive restaurant, for the food column he writes with his wife, Karen Cooper. Minutes after my delayed arrival Schneier had with characteristic celerity packed himself and me into a taxi. The restaurant was in a shopping mall in Beverly Hills that was disguised to look like a collection of nineteenth-century Italian villas. By the time Schneier strode into the tiny lobby, he had picked up the thread of our airport discussion. Failing badly, he told me, was something he had been forced to spend time thinking about. In his technophilic exuberance he had been seduced by the promise of public-key encryption. But ultimately Schneier observed that even strong crypto fails badly. When something bypasses it, as the keystroke logger did with Nicodemo Scarfo’s encryption, it provides no protection at all. The moral, Schneier came to believe, is that security measures are characterized less by their manner of success than by their manner of failure. All security systems eventually miscarry. But when this happens to the good ones, they stretch and sag before breaking, each component failure leaving the whole as unaffected as possible. Engineers call such failure-tolerant systems “ductile.” One way to capture much of what Schneier told me is to say that he believes that when possible, security schemes should be designed to maximize ductility, whereas they often maximize strength. Since September 11 the government has been calling for a new security infrastructure—one that employs advanced technology to protect the citizenry and track down malefactors. Already the USA PATRIOT Act, which Congress passed in October, mandates the establishment of a “cross-agency, cross-platform electronic system … to confirm the identity” of visa applicants, along with a “highly secure network” for financial-crime data and “secure information sharing systems” to link other, previously separate databases. Pending legislation demands that the Attorney General employ “technology including, but not limited to, electronic fingerprinting, face recognition, and retinal scan technology.” The proposed Department of Homeland Security is intended to oversee a “national research and development enterprise for homeland security comparable in emphasis and scope to that which has supported the national security community for more than fifty years”—a domestic version of the high-tech R&D juggernaut that produced stealth bombers, smart weapons, and anti-missile defense. Iris, retina, and fingerprint scanners; hand-geometry assayers; remote video-network surveillance; face-recognition software; smart cards with custom identification chips; decompressive baggage checkers that vacuum-extract minute chemical samples from inside suitcases; tiny radio implants beneath the skin that continually broadcast people’s identification codes; pulsed fast-neutron analysis of shipping containers (“so precise,” according to one manufacturer, “it can determine within inches the location of the concealed target”); a vast national network of interconnected databases—the list goes on and on. In the first five months after the terrorist attacks the Pentagon liaison office that works with technology companies received more than 12,000 proposals for high-tech security measures. Credit-card companies expertly manage credit risks with advanced information-sorting algorithms, Larry Ellison, the head of Oracle, the world’s biggest database firm, told The New York Times in April; “We should be managing security risks in exactly the same way.” To “win the war on terrorism,” a former deputy undersecretary of commerce, David J. Rothkopf, explained in the May/June issue of Foreign Policy, the nation will need “regiments of geeks”—”pocket-protector brigades” who “will provide the software, systems, and analytical resources” to “close the gaps Mohammed Atta and his associates revealed.” Such ideas have provoked the ire of civil-liberties groups, which fear that governments, corporations, and the police will misuse the new technology. Schneier’s concerns are more basic. In his view, these measures can be useful, but their large-scale application will have little effect against terrorism. Worse, their use may make Americans less safe, because many of these tools fail badly— they’re “brittle,” in engineering jargon. Meanwhile, simple, effective, ductile measures are being overlooked or even rejected. he distinction between ductile and brittle security dates back, Schneier has argued, to the nineteenth-century linguist and cryptographer Auguste Kerckhoffs, who set down what is now known as Kerckhoffs’s principle. In good crypto systems, Kerckhoffs wrote, “the system should not depend on secrecy, and it should be able to fall into the enemy’s hands without disadvantage.” In other words, it should permit people to keep messages secret even if outsiders find out exactly how the encryption algorithm works. At first blush this idea seems ludicrous. But contemporary cryptography follows Kerckhoffs’s principle closely. The algorithms— the scrambling methods—are openly revealed; the only secret is the key. Indeed, Schneier says, Kerckhoffs’s principle applies beyond codes and ciphers to security systems in general: every secret creates a potential failure point. Secrecy, in other words, is a prime cause of brittleness—and therefore something likely to make a system prone to catastrophic collapse. Conversely, openness provides ductility. From this can be drawn several corollaries. One is that plans to add new layers of secrecy to security systems should automatically be viewed with suspicion. Another is that security systems that utterly depend on keeping secrets tend not to work very well. Alas, airport security is among these. Procedures for screening passengers, for examining luggage, for allowing people on the tarmac, for entering the cockpit, for running the autopilot software—all must be concealed, and all seriously compromise the system if they become known. As a result, Schneier wrote in the May issue of Crypto-Gram, brittleness “is an inherent property of airline security.” Few of the new airport-security proposals address this problem. Instead, Schneier told me in Los Angeles, they address problems that don’t exist. “The idea that to stop bombings cars have to park three hundred feet away from the terminal, but meanwhile they can drop off passengers right up front like they always have …” He laughed. “The only ideas I’ve heard that make any sense are reinforcing the cockpit door and getting the passengers to fight back.” Both measures test well against Kerckhoffs’s principle: knowing ahead of time that law-abiding passengers may forcefully resist a hijacking en masse, for example, doesn’t help hijackers to fend off their assault. Both are small-scale, compartmentalized measures that make the system more ductile, because no matter how hijackers get aboard, beefed-up doors and resistant passengers will make it harder for them to fly into a nuclear plant. And neither measure has any adverse effect on civil liberties. valuations of a security proposal’s merits, in Schneier’s view, should not be much different from the ordinary cost-benefit calculations we make in daily life. The first question to ask of any new security proposal is, What problem does it solve? The second: What problems does it cause, especially when it fails? Sidebar: Gummi Fingers “Tsutomu Matsumoto, a Japanese cryptographer, recently decided to look at biometric fingerprint devices. These are security systems that attempt to identify people based on their fingerprint….” Failure comes in many kinds, but two of the more important are simple failure (the security measure is ineffective) and what might be called subtractive failure (the security measure makes people less secure than before). An example of simple failure is face-recognition technology. In basic terms, face-recognition devices photograph people; break down their features into “facial building elements”; convert these into numbers that, like fingerprints, uniquely identify individuals; and compare the results with those stored in a database. If someone’s facial score matches that of a criminal in the database, the person is detained. Since September 11 face-recognition technology has been placed in an increasing number of public spaces: airports, beaches, nightlife districts. Even visitors to the Statue of Liberty now have their faces scanned. Face-recognition software could be useful. If an airline employee has to type in an identifying number to enter a secure area, for example, it can help to confirm that someone claiming to be that specific employee is indeed that person. But it cannot pick random terrorists out of the mob in an airline terminal. That much-larger-scale task requires comparing many sets of features with the many other sets of features in a database of people on a “watch list.” Identix, of Minnesota, one of the largest face-recognition-technology companies, contends that in independent tests its FaceIt software has a success rate of 99.32 percent—that is, when the software matches a passenger’s face with a face on a list of terrorists, it is mistaken only 0.68 percent of the time. Assume for the moment that this claim is credible; assume, too, that good pictures of suspected terrorists are readily available. About 25 million passengers used Boston’s Logan Airport in 2001. Had face-recognition software been used on 25 million faces, it would have wrongly picked out just 0.68 percent of them—but that would have been enough, given the large number of passengers, to flag as many as 170,000 innocent people as terrorists. With almost 500 false alarms a day, the face-recognition system would quickly become something to ignore. The potential for subtractive failure, different and more troublesome, is raised by recent calls to deploy biometric identification tools across the nation. Biometrics—”the only way to prevent identity fraud,” according to the former senator Alan K. Simpson, of Wyoming—identifies people by precisely measuring their physical characteristics and matching them up against a database. The photographs on driver’s licenses are an early example, but engineers have developed many high-tech alternatives, some of them already mentioned: fingerprint readers, voiceprint recorders, retina or iris scanners, face-recognition devices, hand-geometry assayers, even signature-geometry analyzers, which register pen pressure and writing speed as well as the appearance of a signature. ppealingly, biometrics lets people be their own ID cards—no more pass words to forget! Unhappily, biometric measures are often implemented poorly. This past spring three reporters at c’t, a German digital-culture magazine, tested a face-recognition system, an iris scanner, and nine fingerprint readers. All proved easy to outsmart. Even at the highest security setting, Cognitec’s FaceVACS-Logon could be fooled by showing the sensor a short digital movie of someone known to the system—the president of a company, say—on a laptop screen. To beat Panasonic’s Authenticam iris scanner, the German journalists photographed an authorized user, took the photo and created a detailed, life-size image of his eyes, cut out the pupils, and held the image up before their faces like a mask. The scanner read the iris, detected the presence of a human pupil—and accepted the imposture. Many of the fingerprint readers could be tricked simply by breathing on them, reactivating the last user’s fingerprint. Beating the more sophisticated Identix Bio-Touch fingerprint reader required a trip to a hobby shop. The journalists used graphite powder to dust the latent fingerprint—the kind left on glass—of a previous, authorized user; picked up the image on adhesive tape; and pressed the tape on the reader. The Identix reader, too, was fooled. Not all biometric devices are so poorly put together, of course. But all of them fail badly. Consider the legislation introduced in May by Congressmen Jim Moran and Tom Davis, both of Virginia, that would mandate biometric data chips in driver’s licenses—a sweeping, nationwide data-collection program, in essence. (Senator Dick Durbin, of Illinois, is proposing measures to force states to use a “single identifying designation unique to the individual on all driver’s licenses”; President George W. Bush has already signed into law a requirement for biometric student visas.) Although Moran and Davis tied their proposal to the need for tighter security after last year’s attacks, they also contended that the nation could combat fraud by using smart licenses with bank, credit, and Social Security cards, and for voter registration and airport identification. Maybe so, Schneier says. “But think about screw-ups, because the system will screw up.” Smart cards that store non-biometric data have been routinely cracked in the past, often with inexpensive oscilloscope-like devices that detect and interpret the timing and power fluctuations as the chip operates. An even cheaper method, announced in May by two Cambridge security researchers, requires only a bright light, a standard microscope, and duct tape. Biometric ID cards are equally vulnerable. Indeed, as a recent National Research Council study points out, the extra security supposedly provided by biometric ID cards will raise the economic incentive to counterfeit or steal them, with potentially disastrous consequences to the victims. “Okay, somebody steals your thumbprint,” Schneier says. “Because we’ve centralized all the functions, the thief can tap your credit, open your medical records, start your car, any number of things. Now what do you do? With a credit card, the bank can issue you a new card with a new number. But this is your thumb—you can’t get a new one.” The consequences of identity fraud might be offset if biometric licenses and visas helped to prevent terrorism. Yet smart cards would not have stopped the terrorists who attacked the World Trade Center and the Pentagon. According to the FBI, all the hijackers seem to have been who they said they were; their intentions, not their identities, were the issue. Each entered the country with a valid visa, and each had a photo ID in his real name (some obtained their IDs fraudulently, but the fakes correctly identified them). “What problem is being solved here?” Schneier asks. Good security is built in overlapping, cross-checking layers, to slow down attacks; it reacts limberly to the unexpected. Its most important components are almost always human. “Governments have been relying on intelligent, trained guards for centuries,” Schneier says. “They spot people doing bad things and then use laws to arrest them. All in all, I have to say, it’s not a bad system.” The Human Touch ne of the first times I met with Schneier was at the Cato Institute, a libertarian think tank in Washington, D.C., that had asked him to speak about security. Afterward I wondered how the Cato people had reacted to the speech. Libertarians love cryptography, because they believe that it will let people keep their secrets forever, no matter what a government wants. To them, Schneier was a kind of hero, someone who fought the good fight. As a cryptographer, he had tremendous street cred: he had developed some of the world’s coolest ciphers, including the first rigorous encryption algorithm ever published in a best-selling novel (Cryptonomicon, by Neal Stephenson) and the encryption for the “virtual box tops” on Kellogg’s cereals (children type a code from the box top into a Web site to win prizes), and had been one of the finalists in the competition to write algorithms for the federal government’s new encryption standard, which it adopted last year. Now, in the nicest possible way, he had just told the libertarians the bad news: he still loved cryptography for the intellectual challenge, but it was not all that relevant to protecting the privacy and security of real people. In security terms, he explained, cryptography is classed as a protective counter-measure. No such measure can foil every attack, and all attacks must still be both detected and responded to. This is particularly true for digital security, and Schneier spent most of his speech evoking the staggering insecurity of networked computers. Countless numbers are broken into every year, including machines in people’s homes. Taking over computers is simple with the right tools, because software is so often misconfigured or flawed. In the first five months of this year, for example, Microsoft released five “critical” security patches for Internet Explorer, each intended to rectify lapses in the original code. Computer crime statistics are notoriously sketchy, but the best of a bad lot come from an annual survey of corporations and other institutions by the FBI and the Computer Security Institute, a research and training organization in San Francisco. In the most recent survey, released in April, 90 percent of the respondents had detected one or more computer-security breaches within the previous twelve months—a figure that Schneier calls “almost certainly an underestimate.” His own experience suggests that a typical corporate network suffers a serious security breach four to six times a year—more often if the network is especially large or its operator is politically controversial. Luckily for the victims, this digital mayhem is mostly wreaked not by the master hackers depicted in Hollywood techno-thrillers but by “script kiddies”—youths who know just enough about computers to download and run automated break-in programs. Twenty-four hours a day, seven days a week, script kiddies poke and prod at computer networks, searching for any of the thousands of known security vulnerabilities that administrators have not yet patched. A typical corporate network, Schneier says, is hit by such doorknob-rattling several times an hour. The great majority of these attacks achieve nothing, but eventually any existing security holes will be found and exploited. “It’s very hard to communicate how bad the situation is,” Schneier says, “because it doesn’t correspond to our normal intuition of the world. To a first approximation, bank vaults are secure. Most of them don’t get broken into, because it takes real skill. Computers are the opposite. Most of them get broken into all the time, and it takes practically no skill.” Indeed, as automated cracking software improves, it takes ever less knowledge to mount ever more sophisticated attacks. Given the pervasive insecurity of networked computers, it is striking that nearly every proposal for “homeland security” entails the creation of large national databases. The Moran-Davis proposal, like other biometric schemes, envisions storing smart-card information in one such database; the USA PATRIOT Act effectively creates another; the proposed Department of Homeland Security would “fuse and analyze” information from more than a hundred agencies, and would “merge under one roof” scores or hundreds of previously separate databases. (A representative of the new department told me no one had a real idea of the number. “It’s a lot,” he said.) Better coordination of data could have obvious utility, as was made clear by recent headlines about the failure of the FBI and the CIA to communicate. But carefully linking selected fields of data is different from creating huge national repositories of information about the citizenry, as is being proposed. Larry Ellison, the CEO of Oracle, has dismissed cautions about such databases as whiny cavils that don’t take into account the existence of murderous adversaries. But murderous adversaries are exactly why we should ensure that new security measures actually make American life safer. ny new database must be protected, which automatically entails a new layer of secrecy. As Kerckhoffs’s principle suggests, the new secrecy introduces a new failure point. Government information is now scattered through scores of databases; however inadvertently, it has been compartmentalized—a basic security practice. (Following this practice, tourists divide their money between their wallets and hidden pouches; pickpockets are less likely to steal it all.) Many new proposals would change that. An example is Attorney General John Ashcroft’s plan, announced in June, to fingerprint and photograph foreign visitors “who fall into categories of elevated national security concern” when they enter the United States (“approximately 100,000” will be tracked this way in the first year). The fingerprints and photographs will be compared with those of “known or suspected terrorists” and “wanted criminals.” Alas, no such database of terrorist fingerprints and photographs exists. Most terrorists are outside the country, and thus hard to fingerprint, and latent fingerprints rarely survive bomb blasts. The databases of “wanted criminals” in Ashcroft’s plan seem to be those maintained by the FBI and the Immigration and Naturalization Service. But using them for this purpose would presumably involve merging computer networks in these two agencies with the visa procedure in the State Department—a security nightmare, because no one entity will fully control access to the system. Sidebar: How Insurance Improves Security “Eventually, the insurance industry will subsume the computer security industry….” Equivalents of the big, centralized databases under discussion already exist in the private sector: corporate warehouses of customer information, especially credit-card numbers. The record there is not reassuring. “Millions upon millions of credit-card numbers have been stolen from computer networks,” Schneier says. So many, in fact, that Schneier believes that everyone reading this article “has, in his or her wallet right now, a credit card with a number that has been stolen,” even if no criminal has yet used it. Number thieves, many of whom operate out of the former Soviet Union, sell them in bulk: $1,000 for 5,000 credit-card numbers, or twenty cents apiece. In a way, the sheer volume of theft is fortunate: so many numbers are floating around that the odds are small that any one will be heavily used by bad guys. Large-scale federal databases would undergo similar assaults. The prospect is worrying, given the government’s long-standing reputation for poor information security. Since September 11 at least forty government networks have been publicly cracked by typographically challenged vandals with names like “CriminalS,” “S4t4n1c S0uls,” “cr1m3 0rg4n1z4d0,” and “Discordian Dodgers.” Summing up the problem, a House subcommittee last November awarded federal agencies a collective computer-security grade of F. According to representatives of Oracle, the federal government has been talking with the company about employing its software for the new central databases. But judging from the past, involving the private sector will not greatly improve security. In March, CERT/CC, a computer-security watchdog based at Carnegie Mellon University, warned of thirty-eight vulnerabilities in Oracle’s database software. Meanwhile, a centerpiece of the company’s international advertising is the claim that its software is “unbreakable.” Other software vendors fare no better: CERT/CC issues a constant stream of vulnerability warnings about every major software firm. Schneier, like most security experts I spoke to, does not oppose consolidating and modernizing federal databases per se. To avoid creating vast new opportunities for adversaries, the overhaul should be incremental and small-scale. Even so, it would need to be planned with extreme care—something that shows little sign of happening. ne key to the success of digital revamping will be a little-mentioned, even prosaic feature: training the users not to circumvent secure systems. The federal government already has several computer networks—INTELINK, SIPRNET, and NIPRNET among them— that are fully encrypted, accessible only from secure rooms and buildings, and never connected to the Internet. Yet despite their lack of Net access the secure networks have been infected by e-mail perils such as the Melissa and I Love You viruses, probably because some official checked e-mail on a laptop, got infected, and then plugged the same laptop into the classified network. Because secure networks are unavoidably harder to work with, people are frequently tempted to bypass them—one reason that researchers at weapons labs sometimes transfer their files to insecure but more convenient machines. Sidebar: Remember Pearl Harbor “Surprise, when it happens to a government, is likely to be a complicated, diffuse, bureaucratic thing….” Schneier has long argued that the best way to improve the very bad situation in computer security is to change software licenses. If software is blatantly unsafe, owners have no such recourse, because it is licensed rather than bought, and the licenses forbid litigation. It is unclear whether the licenses can legally do this (courts currently disagree), but as a practical matter it is next to impossible to win a lawsuit against a software firm. If some big software companies lose product-liability suits, Schneier believes, their confreres will begin to take security seriously. Computer networks are difficult to keep secure in part because they have so many functions, each of which must be accounted for. For that reason Schneier and other experts tend to favor narrowly focused security measures—more of them physical than digital—that target a few precisely identified problems. For air travel, along with reinforcing cockpit doors and teaching passengers to fight back, examples include armed uniformed—not plainclothes—guards on select flights; “dead-man” switches that in the event of a pilot’s incapacitation force planes to land by autopilot at the nearest airport; positive bag matching (ensuring that luggage does not get on a plane unless its owner also boards); and separate decompression facilities that detonate any altitude bombs in cargo before takeoff. None of these is completely effective; bag matching, for instance, would not stop suicide bombers. But all are well tested, known to at least impede hijackers, not intrusive to passengers, and unlikely to make planes less secure if they fail. From Atlantic Unbound: Flashbacks: “Pearl Harbor in Retrospect” (May 25, 2001) Atlantic articles from 1948, 1999, and 1991 look back at Pearl Harbor from American and Japanese perspectives. It is impossible to guard all potential targets, because anything and everything can be subject to attack. Palestinian suicide bombers have shown this by murdering at random the occupants of pool halls and hotel meeting rooms. Horrible as these incidents are, they do not risk the lives of thousands of people, as would attacks on critical parts of the national infrastructure: nuclear-power plants, hydroelectric dams, reservoirs, gas and chemical facilities. Here a classic defense is available: tall fences and armed guards. Yet this past spring the Bush Administration cut by 93 percent the funds requested by the Energy Department to bolster security for nuclear weapons and waste; it denied completely the funds requested by the Army Corps of Engineers for guarding 200 reservoirs, dams, and canals, leaving fourteen large public-works projects with no budget for protection. A recommendation by the American Association of Port Authorities that the nation spend a total of $700 million to inspect and control ship cargo (today less than two percent of container traffic is inspected) has so far resulted in grants of just $92 million. In all three proposals most of the money would have been spent on guards and fences. The most important element of any security measure, Schneier argues, is people, not technology—and the people need to be at the scene. Recall the German journalists who fooled the fingerprint readers and iris scanners. None of their tricks would have worked if a reasonably attentive guard had been watching. Conversely, legitimate employees with bandaged fingers or scratched corneas will never make it through security unless a guard at the scene is authorized to overrule the machinery. Giving guards increased authority provides more opportunities for abuse, Schneier says, so the guards must be supervised carefully. But a system with more people who have more responsibility “is more robust,” he observed in the June Crypto-Gram, “and the best way to make things work. (The U.S. Marine Corps understands this principle; it’s the heart of their chain of command rules.)” “The trick is to remember that technology can’t save you,” Schneier says. “We know this in our own lives. We realize that there’s no magic anti-burglary dust we can sprinkle on our cars to prevent them from being stolen. We know that car alarms don’t offer much protection. The Club at best makes burglars steal the car next to you. For real safety we park on nice streets where people notice if somebody smashes the window. Or we park in garages, where somebody watches the car. In both cases people are the essential security element. You always build the system around people.” Looking for Trouble fter meeting Schneier at the Cato Institute, I drove with him to the Washington command post of Counterpane Internet Security. It was the first time in many months that he had visited either of his company’s two operating centers (the other is in Silicon Valley). His absence had been due not to inattentiveness but to his determination to avoid the classic high-tech mistake of involving the alpha geek in day-to-day management. Besides, he lives in Minneapolis, and the company headquarters are in Cupertino, California. (Why Minneapolis? I asked. “My wife lives there,” he said. “It seemed polite.”) With his partner, Tom Rowley, supervising day-to-day operations, Schneier constantly travels in Counterpane’s behalf, explaining how the company manages computer security for hundreds of large and medium-sized companies. It does this mainly by installing human beings. The command post was nondescript even by the bland architectural standards of exurban office complexes. Gaining access was like a pop quiz in security: How would the operations center recognize and admit its boss, who was there only once or twice a year? In this country requests for identification are commonly answered with a driver’s license. A few years ago Schneier devoted considerable effort to persuading the State of Illinois to issue him a driver’s license that showed no picture, signature, or Social Security number. But Schneier’s license serves as identification just as well as a license showing a picture and a signature—which is to say, not all that well. With or without a picture, with or without a biometric chip, licenses cannot be more than state-issued cards with people’s names on them: good enough for social purposes, but never enough to assure identification when it is important. Authentication, Schneier says, involves something a person knows (a password or a PIN, say), has (a physical token, such as a driver’s license or an ID bracelet), or is (biometric data). Security systems should use at least two of these; the Counterpane center employs all three. At the front door Schneier typed in a PIN and waved an iButton on his key chain at a sensor (iButtons, made by Dallas Semiconductor, are programmable chips embedded in stainless-steel discs about the size and shape of a camera battery). We entered a waiting room, where Schneier completed the identification trinity by placing his palm on a hand-geometry reader. Sidebar: Further Reading Brief descriptions of recommended books. Beyond the waiting room, after a purposely long corridor studded with cameras, was a conference room with many electrical outlets, some of which Schneier commandeered for his cell phone, laptop, BlackBerry, and battery packs. One side of the room was a dark glass wall. Schneier flicked a switch, shifting the light and theatrically revealing the scene behind the glass. It was a Luddite nightmare: an auditorium-like space full of desks, each with two computer monitors; all the desks faced a wall of high-resolution screens. One displayed streams of data from the “sentry” machines that Counterpane installs in its clients’ networks. Another displayed images from the video cameras scattered around both this command post and the one in Silicon Valley. On a visual level the gadgetry overwhelmed the people sitting at the desks and watching over the data. Nonetheless, the people were the most important part of the operation. Networks record so much data about their usage that overwhelmed managers frequently turn off most of the logging programs and ignore the others. Among Counterpane’s primary functions is to help companies make sense of the data they already have. “We turn the logs back on and monitor them,” Schneier says. Counterpane researchers developed software to measure activity on client networks, but no software by itself can determine whether an unusual signal is a meaningless blip or an indication of trouble. That was the job of the people at the desks. Highly trained and well paid, these people brought to the task a quality not yet found in any technology: human judgment, which is at the heart of most good security. Human beings do make mistakes, of course. But they can recover from failure in ways that machines and software cannot. The well-trained mind is ductile. It can understand surprises and overcome them. It fails well. When I asked Schneier why Counterpane had such Darth Vaderish command centers, he laughed and said it helped to reassure potential clients that the company had mastered the technology. I asked if clients ever inquired how Counterpane trains the guards and analysts in the command centers. “Not often,” he said, although that training is in fact the center of the whole system. Mixing long stretches of inactivity with short bursts of frenzy, the work rhythm of the Counterpane guards would have been familiar to police officers and firefighters everywhere. As I watched the guards, they were slurping soft drinks, listening to techno-death metal, and waiting for something to go wrong. They were in a protected space, looking out at a dangerous world. Sentries around Neolithic campfires did the same thing. Nothing better has been discovered since. Thinking otherwise, in Schneier’s view, is a really terrible idea.

———–

We meant it, ma’am

Next month sees another jubilee – 25 years since the Sex Pistols cut through the pomp and stood up for another England. The band’s manager Malcolm McLaren recalls the hysteria of 1977 – and says that it’s punk, not royalty, which we should be celebrating.

Malcolm MacLaren Sunday May 19, 2002 The Observer

Twenty-five years ago, at the CBS record-manufacturing plant in England, workers rescued some of the contraband records from being melted by hiding them in their coats – copies of the Sex Pistols’ new single, ‘God Save the Queen’. Just one week after signing the Pistols, A&M had rescinded on their contract and attempted to destroy all the records. Now my office had to field unsolicited calls offering to sell illicit copies of ‘God Save the Queen’ at the extortionate price of £20 a copy. I was naturally a bit reluctant, but after some thought, I purchased several boxes. A few weeks later, I signed the group to Richard Branson’s Virgin label. The excitement from Virgin’s employees was such that they wanted to conspire with me and create an alternative celebration to the Queen’s silver jubilee by hiring our own boat to follow her flotilla down the Thames.

The Sex Pistols were banned from playing on land, and their song ‘God Save the Queen’ banned from being played on the airwaves. So the only place left was the water. One of the most delirious memories I have is of seeing crowds of artful dodgers – punk rockers – jamming London’s bridges, hanging from its lampposts, screaming and shouting merrily, throwing bottles and empty yoghurt pots down on to the boat as it blared their favourite song out across the Thames: ‘God save the Queen/she ain’t no human being/ she made/you a moron/ a potential H-bomb/ God save the Queen/ we mean it maaan!’ It was a frenzied, chaotic, cacophonous, exhilarating, inspired moment. A ticket to a carnival for a better life.

We confronted the River Police. The boat was driven back to Charing Cross escorted by the same. I was among the many arrested when we disembarked and spent the night in jail. Somehow, I never saw Richard Branson. He just seemed to disappear. In front of the judge, I felt something in the air had truly changed. His dutiful air of smug importance made me laugh. I was made to feel a criminal, to beg forgiveness, and furthermore, he said, if I were to ever appear before him again, for a similar offence, he would have no hesitation in sending me to one of Her Majesty’s Prisons where I would spend a term of no less than three months.

On that same fateful day known as the silver jubilee, the media fell in love with the Sex Pistols, with the money they could potentially make, with the power they could potentially wield. That day, the Daily Mirror placed our portrait of the Queen – a modified version of the famous Cecil Beaton photograph with a safety-pin pierced through her nose – on its cover. The official portrait was relegated to page 3. The media preferred to love ours instead.

The media’s innocence and virginal attitude at that time seemed to provide us with the power of God or government or both. And with it, the ability to change the way people thought about things. It made me feel reasonable when demanding the impossible. And thereafter, it suddenly became forbidden to forbid.

Pop culture had made a difference. Punk rock’s musical revolution was open to everyone. You didn’t need to have the necessary skills to compete with your forebears. The old stars were driven back to hide in their country houses. It was a do-it-yourself phenomenon. For a moment everybody was an artist. The culture had been de-mystified. Its old properties, once controlled and considered important by an industry, were now worthless. It was a blow against the commodification and the pop brands that purported to have control of the culture. Punk rock fans didn’t need to buy anything – they just had to be . This was the most frightening idea of all for the record industry. They were simply out of control.

That week of the silver jubilee, it was nearly impossible to buy the record. It couldn’t be purchased in the majority of high street stores. It couldn’t be heard on the radio, except on rare occasions as a news item. The record was banned from advertising itself. The commercial TV stations refused to accept our homemade ads. London Transport refused to allow our posters on the Underground. Yet the record was undoubtedly No 1. The national charts were falsified by the record industry itself. A Rod Stewart track was put at No 1, even though ‘God Save the Queen’, sold by the same record distributors, was outselling it by two to one. How did it ever achieve such status? This was against all normal marketing rules. It broke with such traditions and clear economic values. The consumer was an alien that they didn’t understand.

When my young son, Joseph Corré, went to WH Smith and looked up at that store’s own record chart, he saw just a blank mark at the number one spot and asked the saleslady what was the No 1 record. She replied, ‘We don’t sell that record here.’ He didn’t understand. ‘But why have you got a blank spot? Isn’t the No 1 record ‘God Save the Queen’ by the Sex Pistols?” ‘We don’t wish to talk about it.’

The day after the silver jubilee, everything in the media was under the critical eye of the new generation. The silver jubilee was a turning point, a moment whose impact is still felt today. Because it opened up the door to all the disenfranchised – the young, the everyday common outlaw. The culture had been reclaimed by them. Anything seemed possible after that. This generation of punk rockers responded to an irresistible urge to choose between love and creation. They chose creation. Instead of getting married and settling down in a normal respectable job, they sought adventure, provocation, and with it, to change life. All independent minds blossomed. Independent film companies, independent record companies, independent TV companies were born. Advertising changed to accommodate the new mood – ‘less is more’, ‘small is cool’.

Anti-fashion had become the last repository of the marvellous – and all its designers, the last possessors of the wand of Cinderella’s fairy godmother. With my partner at the time, I was thrilled at how our anti-fashion ideas (the bondage trouser, the ‘God Save the Queen’ T-shirt, rubber skirts) created a whole new feeling; clothes created not to sell. Things new made to look frighteningly old-fashioned became an idea, a statement of intent and not a product. A useful tool to create debate. This fed into a desire never to return to normality again. Does passion end in fashion? Or does fashion end in passion?

Shopping today has become the new cultural ideal and occupation of the planet. Shopping is art. Everyone has become their own curator. The church back in the Middle Ages sold salvation; sold the ability for people to feel they didn’t have to acquire things. Later, the museum replaced the church. And then, the department store replaced the museum. There is a new word to describe this phenomenon: ‘Shoppertainment’. Shoppertainment is the satisfaction you get when you go shopping. The entertainment is not in the spending, but when you get home and believe that in shopping, you have acquired self-knowledge, salvation, fulfilled your desires and dreams. Of course this sense does not last. So you go back to the shops the next day and spend more.

The same ‘God Save The Queen’ T-shirts sold back then in Sex, my shop in the King’s Road in Chelsea, are today sold in stores in Beverly Hills. Twenty-five years on they appear on the backs of Kate Moss and Lauren Hutton, photographed in Vogue. It could be said that it’s now the antithesis of what it originally stood for, and its imaging inadvertently could be said to help promote the brand, the royal family, the ‘Firm’ (as the Duke of Edinburgh is so fond of saying – actually a term often used to describe a criminal gang), the Queen.

The royal family is a story about hypocrisy and at the same time, a story about England. The royal family is a celebrity brand with an immense PR machine behind it. It’s just another business, except we pay for it and they profit by it. A neat trick. However, the royal family is England’s biggest show business act. They are people who are brought up to a certain way of life, who are given the means to extend their knowledge and to extend their understanding. But they are not given the opportunity to use their minds in connection with it. They are a brilliant metaphor for all that is pretentious, deluded, selfish and insincere about England. They made me finally face the fact that I had to be a rebel in this society – to be an outsider – with all of the penalties this would entail, or else accept the hypocrisy of England and its monarchy.

On golden jubilee day, will those TV cameras, acting as part of some Ridley Scott production and image-making apparatus, eventually burn the Queen out? Maybe the media will top itself and ultimately become responsible for turning the monarchy and its golden jubilee celebration into simply another super-expensive beer commercial for fascism? And include the rest of us as unpaid extras on the most expensive theme park on the planet. This is show business: Paul, Mick and all will no doubt be there for Ma’am.

I was forced to stand in line in the streets at the Queen’s coronation in 1953. I waved a flag as she went past in her golden carriage. I think then a great deal of the population thought the Queen had been chosen by God. And in those days, if you didn’t believe in God, God help you. We were taught, of course, that England was not just this tiny little island, this muddy hole, but all of this candy-coloured pink mass across the globe. The country was still a Christian land. The Union Jack, the Queen, the Government, and the Church of England were the pillars of all our thinking and supposed wisdom. You were made to feel culturally moribund without such beliefs.

Fifty years on, how many people in England actually believe in God? If you break that into an educated population, what percentage actually believes in a personal god? In an impersonal god? Or a force that is necessarily good? How many people go to church? And yet, everything connected with our establishment remains based on an assumption of belief – swearing on the Bible, ‘So help me God’. What about all the people who don’t believe in it, who are paying for it, who still accept it? These are encumbrances which damn few people have the will to reject. The alternative is to encourage people to be willing to take the consequences of standing up as individuals. Not saying ‘I can’t take up a position on this because I don’t know enough’ but ‘I do take up a position because I just know all of this isn’t true. It hasn’t a function at all.’

Yet last week Johnny Rotten, the Sex Pistols’ singer, said he had lobbied the palace to perform for the Queen at her golden jubilee party, that he was never ‘pro’ or ‘anti’ monarchy and that while we’ve got a monarchical system it might as well ‘work properly’. Then there’s my former partner Vivenne Westwood, who has accepted both an OBE and a Queen’s Award, and now thinks the monarch is great. This confuses me. I don’t understand how their views could have changed so much. I still feel much the same as I did in 1977. There are two words that might sum up the oppositions of our culture today. One is ‘authenticity’ and the other is ‘karaoke’. Karaoke is miming the words of others. It is a life by proxy, liberated by hindsight, unencumbered by the messy process of creativity. And not having to take responsibility from the moment its performance ends. I feel we live today in a karaoke world. You might say Tony Blair is our first karaoke Prime Minister.

There is, however, a counterpoint to all of this – an unquestionable desire and thirst for the authentic. What is it? Where can we find it? I found it that silver jubilee day on the Thames: those punk rockers strung out on the bridges of London, those ‘God Save The Queen’ T-shirts, that Daily Mirror front page, that hysterical laughter in front of the judge after my night in jail, those were all part of an attitude that expressed itself in something that could best be described as real – something that was authentic.

———–

http://www.informationweek.com/story/IWK20020502S0011

  E-Mail is moving to a broader business purpose By Tony Kontzer

  Eric Rohy didn’t want to be disrespectful, but he can only be away from his E-mail for so long. The meeting had entered its third hour, well past Rohy’s self-imposed 60-minute abstinence rule.

“Anything longer than that and you run the risk of missing an opportunity,” says Rohy, product manager for a San Diego software company. Armed with a Kyocera mobile phone running the Palm OS and linked to a service called Symmetry Pro from Infowave Software Inc., Rohy used his phone to quietly access his Microsoft Outlook in-box without leaving the room.

He saw an urgent message about a first-come, first-served offer for the last spot in a partner’s advertorial. He responded in time to grab the slot. “It makes my job and my life so much easier,” Rohy says of his newfound wireless E-mail connectivity.

Rohy thrives in a business world addicted to E-mail, an addiction almost no one bothers to fight anymore. Like most people, he’s concerned about using E-mail better rather than less often. This pervasive acceptance presents business-technology managers with a choice of two paths for helping companies make the best use of E-mail. The first route, the one the biggest vendors are taking, is to focus on making E-mail easier to use by offering better in-box management and message filtering. The second, more ambitious route is to use E-mail as a gateway for broader collaboration and instant messaging, to boost the productivity of tapped-out desktop applications, and even to link to back-end systems.

E-mail has come a long way since the first text message was sent in 1971 by academic researchers building the Defense Department’s Arpanet, the precursor to today’s Internet. But maturity has brought complexity. In-boxes are increasingly unmanageable, multimedia-packed messages tax company networks, remote access is becoming a bigger priority, and viruses and spam continually outwit efforts to thwart them.

All of which keeps major E-mail vendors busy developing smarter in-boxes that will self-sort incoming messages, creating tools to support wireless devices, working on compression techniques for more efficient storage and bandwidth use, and providing more stringent security capabilities. Meanwhile, a number of smaller vendors are working to transform E-mail from a tool for sending and receiving messages into the cornerstone of collaborative business.

Groove Networks Inc. is at the center of that revolution. The brainchild of Lotus Notes architect Ray Ozzie, Groove last month released the latest version of its peer-to-peer collaborative software, which lets Microsoft Outlook users bring E-mail interactions into Groove’s real-time workspace. (Microsoft is an investor in Groove, as is Intel.) That means project-team members who share an online workspace can work simultaneously in the same file or access archived E-mail related to the collaborative effort without leaving the Groove application.

Groove uses a process similar to replication to create a workspace that can be used independently of the Web, so team members can work offline. If a project participant working offline makes changes in one of the team’s Word documents, the changes are automatically uploaded to a relay server when the user reconnects. The relay server then updates other project-team members whenever they check the online work space.

Cap Gemini Ernst & Young is experimenting with such a communications hub. So far, the consulting firm’s Groove implementation has fewer than 100 users, who’ve begun replacing AOL Instant Messenger with Groove as the instant-messaging tool of choice, says John Parkinson, VP and chief technologist. But Parkinson is looking for much more than a new IM provider. He wants to expand Groove’s use fivefold and let Cap Gemini’s Lotus Notes platform share instant messages and E-mail, as well as link to Notes databases in which the company stores critical content.

But there are complications. As a Notes shop, Cap Gemini is unable to take advantage of the tight integration Groove has built with Outlook. To make it work, Parkinson says, “We’ll have to do a bit of custom programming.”

Still, Groove’s philosophy foreshadows what many expect will be the future of E-mail: a launching pad to a universe of productivity and collaboration tools. “You can provide people with all the tools in the world,” says Groove systems engineer Nicholas Yerkes, “but they’re going to use what’s easy, and they’re used to E-mail.” Gartner analyst Rob Batchelder says the company’s technology “is two years ahead of the world” and believes it could represent the desktop platform of the future.

IT services firm EDS even wants to link its Outlook E-mail system to the company’s SAP financial and Siebel Systems Inc. customer-relationship management applications. The goal: To make it possible for managers to receive E-mail alerts when a project needs their attention, then use embedded links to go directly to the relevant application, says James Cook, senior director of client EDS, which manages EDS’s use of its own technologies and services. Cook expects to have those capabilities in the next year or two.

But not everyone believes the collaborative, integrated future is close at hand, including the dominant E-mail vendors, Microsoft and IBM’s Lotus Development Corp. These companies say they’re interested in providing better integration with back-end and collaborative applications, but both are more immediately concerned with improving wireless access, enhancing in-box-management tools, and delivering better integration with their own products.

Lotus refers to these more basic functions as “dial-tone features,” and its emphasis on them stems from its adherence to the 80/20 rule: Since 80% of Lotus’ customers use only 20% of the system’s features, the vendor believes it’s best to focus on refining those aspects of the system, rather than on the more advanced capabilities few users want today. “You have to stop yourself when you’re trying to rock the world and focus on solving user problems,” says Beverly DeWitt, Lotus’ senior manager for new business initiatives.

Overflowing in-boxes have overhead costs soaring at Creative Artists agency, CIO Keithley says. The biggest problem for E-mail users is in-box management. The flow of messages has become overwhelming, and people are crying out for help. At Creative Artists Agency, a Beverly Hills, Calif., firm that represents Hollywood stars such as Tom Cruise and Gwenyth Paltrow, in-box overflow has become a burden for CIO Michael Keithley and his IT staff. Overhead costs are going through the roof as the staff spends more time helping agents wade through the flood of vital messages and spam, Keithley says.

Keithley himself unwittingly compounded the problem by giving the agents Cisco Systems’ Unity unified-messaging service, which lets them access E-mail, fax, and voice messages from their PCs or telephones. He didn’t count on agents saving everything, with some holding as many as 100,000 unified messages in their Microsoft Outlook in-box. “We had to implement a storage area network to keep up with the demand,” he says.

While the storage problem is solved for now, in-box management remains an issue. Keithley longs for the day when E-mail vendors will provide more tools for combating the problem. The categorization capabilities for organizing in-boxes are insufficient, filing systems are clunky, and the tools for IT staffs to help–such as the ability to establish standardized categories that automatically group E-mails as they arrive–aren’t there, he says.

Lotus and Microsoft agree that fighting in-box overload is a top priority, and they’re working on tools to deliver relief. Future releases of Lotus Notes and Microsoft Outlook are slated to include improved message-sorting tools that will categorize E-mails as they arrive, routing them to folders or simply organizing them in the in-box by category; expanded search capabilities that take advantage of all types of data stored in messages; and ways to more seamlessly blend E-mail and instant messaging so that messages needing brief, immediate responses can be turned into real-time dialogs.

But users may be expecting too much from E-mail technology, says Kaitlin Duck Sherwood, author of Overcome Email Overload With Microsoft Outlook 2000 And Outlook 2002 (World Wide Webfoot Press, 2001). The simple fact is that effective in-box organization takes work (see story, p. 54). “They want it to prioritize and organize without them doing anything,” she says. “People have learned helplessness.”

Our brains aren’t the only things being overwhelmed by the volume of messages. Networks are also suffering from a bandwidth crunch due to the growing size of E-mail files, which include more embedded graphics, HTML pages, and bulky attachments. At EDS, E-mail volume increased 107% in the past two years. In an effort to control costs, EDS asks employees to save messages in their local Outlook in-boxes rather than on an Exchange server, and it requires any file larger than 2 Mbytes to be zipped. EDS’s bandwidth challenges promise to get more complex as employees access and manage their in-boxes from remote locations and link to back-end applications directly from their in-boxes, director Cook says.

Niche vendors such as Stampede Technologies Inc. are trying to address the problem. Stampede’s TurboGold software accelerates the replication process between Notes and the Domino Server by applying algorithms and streaming optimization technology to compress data to as little as one-twelfth its original size. TurboGold also can be used to compress applications and databases running on Notes/ Domino.

Hydrite Chemical, a Brookfield, Wis., chemicals supplier, has cut its telecom bills in half by using TurboGold to speed up the time its sales force spends replicating pricing updates from the company’s enterprise resource planning system into a local Notes database. The shortened replication time will result in a sales force armed with more current information, says Jim Krueger, director of information services. Before deploying TurboGold, sales personnel “would get frustrated and not always replicate,” Krueger says. Hydrite this month will begin using replication to download CRM data into Notes databases.

But many administrators would like tools such as TurboGold built into E-mail. At American Zoetrope, Francis Ford Coppola’s San Francisco film-production company, bandwidth is the No. 1 E-mail problem, Webmaster Tom Edgar says. The movie business requires employees to swap huge video files that can tax the network, and the struggle to keep up with bandwidth needs has Edgar looking for better compression and decompression tools in future Notes releases. (Lotus says R6, due later this year, will feature improved network-compression techniques.)

In the meantime, Edgar has concentrated on providing wireless access from Zoetrope’s 200 employees. The company has set up Wi-Fi networks using the the 802.11b standard at two of its facilities–its soundstage at the Niebaum-Coppola Winery in Rutherford, Calif., and at Coppola’s resort in Belize, which is a popular refuge for staffers. Employees at those two locations can use their Notes E-mail, provided they’re within a couple hundred feet of a transmitter. Remote access elsewhere is available via a secure Web-mail interface.

But Edgar and Zoetrope are ahead of their peers. So far, wireless access to company E-mail has been a question mark for E-mail vendors. There hasn’t been widespread customer demand for better wireless access, but Lotus and Microsoft both expect wireless networking to become more pervasive. They’re promising to make E-mail access simpler and more efficient for all types of devices.

Keystone Marketing’s CEO Karen Settle uses E-mail to link the company’s far-flung field reps. In its next Exchange server update, due for release next year, Microsoft plans to offer native support for wireless devices so they can connect directly to an Exchange server. That would let each device interact with the company E-mail system differently, which is important because an executive doesn’t necessarily want to listen to an entire 600-word E-mail over the phone. “In the car, they don’t want to read E-mail, but they do want to know if an appointment’s been rescheduled,” says David Siroky, lead product planner for Exchange.

More adventuresome wireless users will have to look to smaller vendors for the time being. Last month, Cutting Edge Software Inc. and Corsoft Corp. teamed up to let users of handheld computers running the Palm OS and Corsoft’s Aileron wireless E-mail application exchange word-processing and spreadsheet attachments with desktop PCs. Aileron has been integrated with Cutting Edge’s Quickoffice suite of Palm-compatible productivity apps, automatically converting Microsoft Word and Excel documents into Quickword and Quicksheet, and vice versa. Such capabilities are a step toward bringing mobile-device users into the collaborative environment via E-mail.

Despite the security threats raised by extending E-mail beyond the company firewall, smaller companies that depend on remote workforces often are reluctant to deploy virtual private networks and take on the resulting IT headaches. Keystone Marketing Specialists Inc., a Las Vegas company that provides high-tech clients with retail representation, is unusually dependent on a virtual workforce. Keystone supports fewer than 20 employees on its network, which runs Outlook and Exchange, but it manages about 1,000 field representatives working in teams of 10 to 15 people. E-mail is the primary link between the company and those groups.

CEO Karen Settle requires her remote employees to have their own Internet service provider accounts, because it makes no sense to extend the company’s tiny network to such a large mobile workforce. But the setup makes Keystone susceptible to the Internet’s traffic and reliability problems.

To minimize the risks, Keystone recently made a change in the way it communicates with its reps. Instead of E-mailing complete models of in-store activity for a given client, the company uses a secure Web site to post the models, then sends notification messages via E-mail, as well as small changes to the models and important alerts. This approach has reduced Keystone’s bandwidth requirements and made reps less dependent on the performance of their ISPs.

Businesses are using E-mail in new ways, and E-mail, in response, is changing into an integrated, collaborative tool. This doesn’t mean E-mail has to lose its appeal as an elegant, simple means of rapid communication. Rather, it can make a world of complex enterprise applications more accessible.

———–

Can a Kid Squeeze by on $320,000 a Month?

January 20, 2002

By ALEX KUCZYNSKI

THE tale of Lisa Bonder Kerkorian, the 36- year-old former tennis pro who is demanding $320,000 a month in child support from her former husband, the 84-year-old billionaire Kirk Kerkorian, has caused a stir among hard-working Americans.

Mrs. Kerkorian, who was married to Mr. Kerkorian for one month in 1998, filed court papers on Jan. 7 seeking support for their daughter, Kira, 3. Among other things, she wants $14,000 a month for parties and play dates; $5,900 for eating out; $4,300 for eating in; $2,500 for movies and other outings; $7,000 for charitable donations; $1,400 for laundry and cleaning; $1,000 for toys, books and videos; $436 for the care of Kira’s bunny rabbit and other pets; and $144,000 for travel on private jets.

Sure, that sounds like a lot of Taco Bell for a 3- year-old, but Mrs. Kerkorian will need every penny. Doesn’t Mr. Kerkorian realize how much it costs to raise a child in Los Angeles?

The list of required child-rearing items and services grows every year, Hollywood parents said last week. First of all, the moms and dads all get nervous about whose children’s party is bigger and splashier. The Hotel Bel-Air was the site last year of a tea party for a 2-year-old, and all the toddlers got full tea sets upon departing, complete with decaf Darjeeling. Who cares if they knew what Darjeeling was? Or, for that matter, if they could even say “Daddy” or “Mercedes-Benz” yet?

And there was the Hollywood mom who hired dancers from Cirque du Soleil for her child’s birthday party, spending $30,000, according to one guest. Mrs. Kerkorian herself gave a $70,000 party for Kira’s second birthday at the Hotel Bel-Air in 1999.

“It all got out of control when Peter Guber hired an elephant for rides at his kid’s birthday party about six years ago,” said one anxious Hollywood parent, who could afford only the guy who dresses up as Woody from “Toy Story” at his child’s party.

How can Mr. Kerkorian, who controls MGM and the Bellagio hotel in Las Vegas, among many other things, expect his daughter to develop into a responsible, caring, intelligent human being without a $70,000 birthday party every year? After all, just clothing the kids is hard enough in a city like Los Angeles. At Fred Segal in Santa Monica, children cry if they don’t get sequined and embroidered Replay sweatshirts at $74 a pop. (Watch the P.B. ‘n’ J., little buddy!) Another big seller is the full-length leather coat by Quincy, at $800 for 6-year-olds.

At the Neiman Marcus children’s department in Beverly Hills, the Burberry pram is a brisk seller for new mothers, at $4,250, but you have to get the Loro Piana cashmere throw ($525) and socks ($325) to go with it.

How can Mr. Kerkorian, who is trying to sell his 81 percent stake in MGM, ask his child to go without $325 cashmere socks? And how will Mrs. Kerkorian pay for the SAT prep classes (long-term programs in reading and math begin at age 4) at Score! in Beverly Hills on the $75,000 a month Mr. Kerkorian was shelling out until last September? A woman can barely get a set of acrylic nail tips for that in Los Angeles.

West Lost Angeles is one of the most competitive areas in the country for private schools. It is typical, one father said, for an 8-year-old to have taken prep courses for the Independent School Entrance Examination, given to children of grade school age who want to attend private school.

Getting around isn’t cheap, either, for children in the Benedict Canyon set. Though only a tot, Kira has flown 35 times on private jets to places like New York and France. For the $144,000 her mother has requested, she can probably get to France and back on a chartered jet only four times a month.

A Hollywood screenwriter said that a classmate of his son at the Brentwood School, an elite school in Los Angeles, reported that students were talking one day about travel plans. “One of them said to the other, `Flying commercial is so bogus, dude,’ ” he said. He added that he took his 11-year-old to a birthday party two years ago, and another child walked into the house and said loudly: “Oh my God, how can anyone live in this place? It’s so tiny.”

Newspapers have been flooded with indignant letters accusing Mrs. Kerkorian of avarice and of having an outsize sense of entitlement. One reader of The Los Angeles Times compared her lifestyle to “an orgy of consumption that rivals France in 1789.”

But if anybody prepared Mrs. Kerkorian for a life of consumption, it was Mr. Kerkorian – and his $6 billion or so. The couple met in 1986, playing tennis, when she was 20 and he 68, according to her court declaration. They became tennis partners, then lovers five years later when her first marriage fell apart. He spent lots of money on her. She quit working. He took her to Hawaii. She wanted to marry. He didn’t. He took her to Europe. He still wouldn’t marry her. She even became pregnant, but still no nups.

Finally, five months after Kira was born, Ms. Bonder and Mr. Kerkorian were married, to confer “dignity and respect” on the child, she said in her court papers. The marriage came with strings. Mr. Kerkorian stipulated that they divorce a month later, and Mrs. Kerkorian waived her right to spousal support. Child support was set at $35,000 a month, but under California law, she was free to negotiate for more.

Mr. Kerkorian had to see that coming. He and Mrs. Kerkorian, his third wife, had met at the magical crossroads of beauty, youth, sex and money, in a city where good looks are considered hard currency and more dependable, when invested properly, than Treasury bills. “Money was never a limitation, or even a consideration, when Kirk wanted to either construct, acquire, own, charter, hire or pay for such desires as homes, airplanes, yachts, hotels, cars, staff or entertainment,” Mrs. Kerkorian said in her court papers. “Essentially, whatever Kirk wanted, Kirk got.”

What Mrs. Kerkorian wanted, at least until a few days ago, was $320,000 a month. But her lawyer, Stephen A. Kolodny, now says that is not enough. “We forgot the category for major yacht charters,” he said.

I have had 3 or 4 different generations of the PALM PDA, starting with the very first one; waaay back I have been the owner of an Apple Newton and a beta tester of the MagicCap from General Magic. I have also owned an SMS-capable phone for the last 3 years (at least) and a WAP phone for 8 months.

Most recently I have destroyed or lost two consecutive RIM Blackberry 950s. To anyone who knows me well, this means that I use those most frequently (you always, after all, hurt the ones you love). So clearly the Killer App for me is wireless email. I’d also love to do instant messaging, just so I can keep up with the Joneses. But the RIM 950 and 957 have, for me, two distinct problems:

– No MacOS connectivity software (I have rejoined the desperate, seething hordes of Macaholics) – A shitty, shitty (did I say shitty?) address book that won’t sync to anything

So, periodically, as I am wont to do, I set out this evening to see if the PDA world had caught up to my needs.

The spec for me is simple:

– Sync to an address book on my Powerbook so that Eudora and my PDA share the same data. – Give me wireless email on the go. – Have a keyboard.

http://www.palm.com My eye was caught by the Palm Vx with a specifically styled and shaped Minstrel modem, albeit briefly. I had thought for a moment that you could actually use AOL Instant Messenger and Buddy List from it, and you can — but only with a landline modem connection. What gives? Also, while the form factor is super-cool (easily the best) the external keyboard you have to get so that you can type is big and ugly. Oh… and the price is a whopping $600. No way San Jose.

http://www.handspring.com Next, I flopped back to the Handspring. They’ve got some great deals ranging from $200-$400 for the Visor, and there’s a $99 deal on the Minstrel right now. Kick-ass! Well, the more I looked into it, the more I realized one key thing that will be the Visor’s undoing: The Visor is a shell — a house for mobile applications. This is great, but what if you want to do more than one at a time? For example, while I’m using my GPS to find a Mercedes Dealership in Beverly Hills, why should I have to remove my wireless email device? What if someone’s trying to reach me? UGH. Sorry, there, Sunnyvale.

http://www.blackberry.com So off we go back to the RIM 957. The new form factor rocks and rolls… this time they’ve got it right (though I wish it ran Palm OS AND had the keyboard), with a bigger screen that does graphics.

They’re all the rage here in Hollywood, by the way, because they’re big and they allow you to be cool in restaurants in a subtle-but-still-obnoxious way. You can pretend you’re a VC and your date is pitching you her latest business plan, and like most VC pitches you both go home, empty-handed and feeling like the other is a dolt because you spent the evening banging out emails to HomeGrocer.com customer service.

http://www.motorola.com/GSS/CSG/direct_pagers/T900/ Next, I dropped in on the Motorola T900 2-Way Email Pager. Everybody I know in the wacky consumer wireless products space is fawning over this thing these days. My friend Mike calls this the “RIM Killer”, but I think he’s wrong. Motorola is clearly thinking with their Paging hats on this device — it’s a stand-alone device, with no PC Sync capabilities and very lightweight address book.

This will be a successful product in migrating the barrios into email-happiness (bloods and cryps will now be able to email each other locations for potential bust-ups) but will not reach a huge market and will definitely NOT solve my particular problem.

http://www5.compaq.com/products/quickspecs/10632_na/10632_na.html Alas, the iPaq. With a derivative name and a similarly derivative Windows OS, need I say more? Definitely high on the cool factor, though, with lots of features, colour.. and the winner of hype-of-the-month club for sure. You can get Omnisky for the iPaq as well as other solutions, however it suffers my scorn for being in the same blast-radius as the Handspring and Palm as far as features. And expensive! Blech.

Conclusions:

What nobody (but me) understands is that this device is supposed to be much more than a personal organizer, or an email client, or a pager, or a mobile applications device. It’s the convergence of all of these things and in many respects of ME: the offloading of menial tasks in communications and organization normally stored in my failing brain, now handled by a convenient, wireless connected device. Web browsing is interesting. Allowing me to do things easily and from anywhere that I hate doing is great.

But who wants to shove cartridges in and out of the rear expansion slot every time they “change” modes? What is this, a frickin’ Game Boy? The wireless email application, and instant messaging for that matter, relies on a persistent data connection to be useful — it doesn’t want to be “turned off”. If you can’t keep it in there 24-7 because you have to remove the expansion card in order to run your PDA-based business accounting software, what’s the point? From a user behaviour perspective, it’s just as unreliable as regular email on a PC.

With all of the work that has gone into PDAs, nobody’s managed to hit it yet. Too much focus on the Personal and the Digital, and not enough on the Assistant.

The verdict? Maybe if I didn’t have a Mac I’d be all over the 957. I might give up on that cause and get one anyway, and pray that someone comes along and solves my sync problem.

-Ian.