Monday, October 02, 2006

Sept. 30, 2006, 6:45PM

HP shows how to turn molehills into mountains

By LOREN STEFFY Copyright 2006 Houston Chronicle

It isn't the next Enron, and it isn't the next Watergate, either. In fact, what emerged from Thursday's congressional hearings into the Hewlett-Packard leak scandal was just how incredibly unimportant it really was.

Chief Executive Mark Hurd said as much. Hurd was asked why he didn't read a report on the investigation's findings.

... Hurd has focused on what matters, and the leaks were quite simply insignificant. In one instance, the leaker, who we now know was former director George Keyworth, told the Cnet news service that after a long meeting directors were tired and went to bed at 10 p.m. HP's crack team of gumshoes sifted for clues in the anonymous quotes of a Cnet story and then, in their written report, parsed the significance of the word "pooped." [Did they determine what “is” is? Bob]

All of this mattered greatly to former Chairman Patricia Dunn, who called for the extensive investigations, at shareholder expense, even though the source of the leaks seemed pretty obvious.

... Why couldn't HP simply ask all the directors to sign a release allowing their phone records to be reviewed? Or even more simply, adopt a policy that required directors to submit to such a review if the leaks continued?

As Charles Elson, a corporate governance expert and professor at the University of Delaware, told me when this all first started, it's far better for boards to resolve these things amongst themselves.

After all, leaks typically are a problem of the board's own making, and HP was no different. How did Keyworth come to know the Cnet reporter, Dawn Kawamoto? According to documents released after Thursday's hearing, he met her in 2001 at the request of former HP chairman Carly Fiorina. The leaks that Dunn said posed such a threat were, in fact, self-inflicted. HP was, like so many other companies, a serial leaker when it suited its purposes.

Investors can be relieved that the leak scandal hasn't harmed HP's performance so far, but irrevocable damage has been done. The squabbling led to a blood bath of high-ranked talent � two directors, two top executives and a chairman. Careers have been ruined. HP will not be better for the losses.

The board confidentiality that Dunn fought so hard to protect has been laid bare. HP's reputation is tattered. Ongoing state and federal investigations could result in fines and even criminal charges.

What's been gained?

The question corporate America should be asking itself is: for what? But it won't. During her testimony Dunn cited an Associated Press poll that said, essentially, most corporate directors agreed with what she'd done. That, in her mind, seemed to justify her actions. She remained unapologetic, flatly saying she accepted no responsibility.

In a Nightline segment Thursday night, corporate security experts said Dunn didn't go far enough in the investigation. These are the people who are still advising the boardrooms of America.

HP scandal sheds light on electronic tracking technologies

By Dean Takahashi San Jose Mercury News

SAN JOSE, Calif. — Hewlett-Packard's investigation into leaks has put the spotlight on electronic tracking technologies that just about anyone can use to try to spy on people. [We can, therefore we must? Bob]

... "It is disturbing to say the least," said Katherine Albrecht, director of Caspian, a privacy-rights advocacy group and co-author of the book "Spy Chips."

"I worry that this is becoming standard operating procedure at companies that have problems with whistleblowers," she said.

Tracking reporter

In a memo sent to HP's top executives by HP ethics chief Kevin Hunsaker, HP said it engaged in a "covert intelligence gathering operation" using an untraceable Microsoft Hotmail e-mail account to send a "legally permissible software-based tracing device in an e-mail attachment sent to Kawamoto."

Mike Holston, an outside lawyer hired to investigate the matter for HP, acknowledged that HP sent a "tracer" to try to discover a journalist's sources. Hurd said he approved the idea of sending misinformation to a journalist, but did not specifically approve the use of a tracer.

Seth Schoen, a staff technologist at the Electronic Frontier Foundation, believes HP planted a "Web bug" — referred to by Holston as a tracer — on Kawamoto's computer. A Web bug is a link to a graphic image that feeds intelligence back to the sender when the e-mail is opened.

The Web bug apparently was sent to Kawamoto in hopes that she would forward the bogus e-mail, supposedly from an HP insider named Jacob, to her confidential sources. Anyone who received the forwarded message would prompt the return message back to HP.

From there, investigators could determine the identity of Kawamoto's sources through their Internet Protocol addresses, or IP numbers.

Kawamoto said in an e-mail to the Mercury News, "The tactic was designed to work on myself, as well as anyone who received the message and opened the attachment."

In the case of Kawamoto, the Web bug apparently didn't work, according to Holston.

Richard Smith, a noted privacy advocate and CEO of Boston Software Forensics, said Web bugs occupy a single pixel on a computer screen and so they are invisible to users.

Web bug a legal tool

Some Web bugs have legitimate uses. When someone opens an e-mail with a typical Web bug, it sends a message back to an outside server.

The server then downloads an image, such as a company logo, into the e-mail so that the person can see the image.

The newest Web browsers or e-mail reader programs have options to prevent Web bugs from working. Often, they prompt the user to answer "yes" or "no" on whether they want to view the graphic.

By and large, the Web bug is a widely used legal tool, said Kurt Opsahl, staff attorney at the Electronic Frontier Foundation. But Opsahl said under certain situations, the use of a Web bug might be considered under California law to be an "unfair business practice" or a violation of false advertising laws if HP used the Web bug to spy on someone, particularly when it espouses a privacy policy that says it doesn't do such things.

... Technology is also useful for tracking leaked documents.

Microsoft's Word program embeds a serial number in every document, so that document can be traced back to a particular version of Word on a particular computer. Digital "watermarks" can be invisibly embedded into documents as well.

... With employees, it takes a matter of seconds to search through a CD of phone records that the phone company sends to large companies along with monthly bills, said Schoen. Hence, it's easy to search for employees who are talking to reporters without authorization.

Robert Holmes, a private investigator in Beverly Hills at IP, said that tracking technologies are often used in the workplace, since there is usually no disputing that an employer has the right to know what is being done with company-owned computers, cellphones, office phones and e-mail.

Whatever happened to good old reverse engineering?

Patent Case With FOSS Implications

Posted by kdawson on Sunday October 01, @03:29PM from the another-inducement-for-offshoring dept. Patents

ThousandStars writes, "SCOTUSBlog posted about the liklihood that the Supreme Court will review whether an organization can get around software patents by completing the work in other countries. This case has huge implications for OSS projects with coders in the U.S., as it may inhibit, among other things, the ability of American coders to contribute to projects that violate U.S. software patents."

The Patently-O blog gives background on the case.

Here's my question: “Will any 'unexpected' election result be challenged as hacking?” Can any election commission PROVE to voters that nothing irregular occurred? Gee, it might even be possible that someone with an “agenda” could get a lot of national exposure claiming irregularities...

Will the Next Election Be Hacked?

Posted by kdawson on Sunday October 01, @08:03PM from the privatizing-vote-counting dept. Security United States Politics

plasmacutter writes to let us know about the new article by Robert F. Kennedy Jr. in Rolling Stone, following up on his "Was the 2004 Election Stolen?" (slashdotted here). Kennedy recounts the sorry history of electronic voting so far in this country — and some of the incidents will be new even to this clued-in crowd. (Had you heard about the CERT advisory on an undocumented backdoor account in a Diebold vote-tabulating database — crediting Black Box Voting?) Kennedy's reporting is bolstered by the accounts of a Diebold insider who has gone on record with his concerns. From the article: 'Chris Hood remembers the day in August 2002 that he began to question what was really going on in Georgia... "It was an unauthorized patch, and they were trying to keep it secret from the state," Hood told me. "We were told not to talk to county personnel about it. I received instructions directly from [president of Diebold election unit Bob] Urosevich...' According to Hood, Diebold employees altered software in some 5,000 machines in DeKalb and Fulton counties, the state's largest Democratic strongholds. The tally in Georgia that November surprised even the most seasoned political observers. (Hint: Republicans won.)

Could be an interesting story to follow.

Oct 1, 6:59 PM EDT

Blogger Sought for Posts on Ga. Teen Sex

ATHENS, Ga. (AP) -- Authorities are searching for whoever posted a long list and description of supposed sexual encounters between dozens of high school students on the online networking site

Oconee County Sheriff's officials said they were investigating who posted the gossip about North Oconee High School students Sept. 1-9. Since gossip isn't a crime, the sheriff's report lists the offense as distributing obscene materials to minors. The list describes sexual encounters and could be accessed by people younger than 18.

"There's a lot of difference between writing on a bathroom wall and distributing it all over the world on the Internet where anyone has access to it," [Oh? Bob] Lt. David Kilpatrick told the Athens Banner-Herald for a story published Sunday.

Students argued with one another, disrupting classes, when most found out about the MySpace blog, said principal John Osborne.

Kilpatrick said that MySpace gave him the e-mail address of the person who created the site, but that it was an anonymous Yahoo account. He said he would subpoena BellSouth, the Internet service provider used to create the e-mail address, to try to determine who paid for the Internet service.

Any student found to have created the site could be expelled because the school's conduct code covers off-campus behavior that affects school life, Osborne said. He said they might also face lawsuits from parents of students cited in the postings.

...just for the quotes.,1759,2022842,00.asp?kc=EWRSS03119TX1K0000594

Internet Freedom Reigns in Amsterdam

October 1, 2006 By Lucas van Grinsven, Reuters

... "'Anything goes unless it's forbidden', was our motto from the beginning. We added a few rules later on, but any unnecessary organizing is being prevented," said Rob Blokzijl from Nikhef, the National Institute for Nuclear Physics and High Energy Physics in the Netherlands.

... The fact that Amsterdam has one of the three root servers outside the United States is not lost on local politicians, including the former Dutch Prime Minister Wim Kok, who have come to this room to "touch the Internet" by placing their palm on the computer's casing. During rush hour, 170 Gigabits of data per second—the equivalent of over 30 compact disks—travel through the exchange.

No comments: