For your convenience in reading: Subject lines are printed in RED and Moderator replies when issued appear in BROWN.
Previous Issue (just one)
TD Extra News


TELECOM Digest     Sat, 12 Mar 2005 23:53:00 EST    Volume 24 : Issue 111

Inside This Issue:                             Editor: Patrick A. Townson

    A Decade of Disappointment - Part II (Patrick Townson)
    Re: Ohio Law Would Require Auction License on eBay (Gene S. Berkowitz)
    Why Pay to be an Identity Thief? CMU Will Show You How (Marcus Falco)
    Hackers Target U.S. Power Grid (Marcus Didius Falco)

Telecom and VOIP (Voice over Internet Protocol) Digest for the
Internet.  All contents here are copyrighted by Patrick Townson and
the individual writers/correspondents. Articles may be used in other
journals or newsgroups, provided the writer's name and the Digest are
included in the fair use quote.  By using -any name or email address-
included herein for -any- reason other than responding to an article
herein, you agree to pay a hundred dollars to the recipients of the
email.

               ===========================

Addresses herein are not to be added to any mailing list, nor to be
sold or given away without explicit written consent.  Chain letters,
viruses, porn, spam, and miscellaneous junk are definitely unwelcome.

We must fight spam for the same reason we fight crime: not because we
are naive enough to believe that we will ever stamp it out, but because
we do not want the kind of world that results when no one stands
against crime.   Geoffrey Welsh

               ===========================

See the bottom of this issue for subscription and archive details
and the name of our lawyer; other stuff of interest.  

----------------------------------------------------------------------

From: Patrick Townson <ptownson@cableone.net>
Subject: A Decade of Disappointment - Part II
Date: Sat, 12 Mar 2005 15:43:22 -0600


This is part 2 in a 2-part essay written by Chris Jay Hoofnagle on
Privacy.  The first part appeared in the issue before this. The
two parts will be merged into a longer essay for the Telecom Archives.

  Privacy Self Regulation: A Decade of Disappointment
  By Chris Jay Hoofnagle
  March 4, 2005


  IV. More Invasive Tracking Mechanisms Are on the Horizon

  There are several new and emerging technologies that have the
potential to present significant privacy problems as they become more
advanced and more widely used.

  Digital Rights Management

        "Digital copyright management systems.are not some remote,
futuristic nightmare.they will enable an unprecedented degree of
intrusion into and oversight of individual decisions about what to
read, hear, and view."[xiii]

  Digital Rights Management (DRM) systems use technical means to
protect an owner's interest in software, music, text, film, artwork,
etc.  DRM can control file access (number of views, length of views),
altering, sharing, copying, printing, and saving, through either the
software or hardware of a computer or device.

  Some DRM technologies are being developed with little regard for
privacy protection.  These systems require the user to reveal his or
her identity in order to access protected content. Upon authentication
of identity and valid rights to the content, the user can access the
content. Widespread use of DRM systems could lead to an eradication of
anonymous consumption of content.

  DRM systems could lead to a standard practice where content owners
require all purchasers of media to identify themselves.  DRM can also
link or tie certain content inextricably to one particular user.
Windows Media Player, for example, has an embedded globally-unique
identifier that can track users and the content they are viewing.

  Trusted Computing

  Trusted computing is a platform for pervasive DRM in personal
computers.  The Trusted Computing Group, an industry consortium with
members Microsoft, Intel, Hewlett Packard, and Advanced Micro Devices,
is overseeing the creation of industry-wide specifications for trusted
computing hardware and software.

        Computer freedom itself is at stake here.  DRM can convert a
flexible, user-controlled computer into an inflexible,
copyright-owner-controlled surveillance device.  Your next computer
may really be a TV that watches you.

  Trusted computing systems combine hardware and software elements to
create a platform that gives software vendors an incredible amount of
control over what users do with their computers.  These systems have
been developed to protect the security of the computer from its owner
when she uses proprietary or copyrighted information.

  While trusted computing does enable a number of important security
and privacy-enhancing functions, it also creates new threats to
privacy and anonymity that should be seriously considered.  For
example, by augmenting the security functions already present on
personal computers, trusted computing may offer greater protection
from malicious programs or remote exploits.  On the other hand,
Trusted Computing could make it difficult or impossible for users to
access content anonymously.

  As trusted computing technology develops, it could have significant
impact on computer users' privacy in the digital and online world.

  Single Sign On Services

  "Project Liberty" is an online identification and authentication
system.  It allows individuals to use a single sign-on in order to
access many different web pages, and is being developed by a coalition
of companies.  A similar system has been designed by Microsoft, known
as Passport or .NET Passport.

  Identification and authentication systems present privacy risks for
individuals.  They can become virtual tollbooths for the Internet,
requiring identity before one can view web pages. This violates a
fundamental principle of privacy-the idea of collection limitation. It
is illegitimate to collect information unless it is actually necessary
to complete some function. However, with a proliferation of
authentication systems, it becomes easier to compel individuals to
identify themselves for no legitimate reason. These systems also
enable profiling, which results in more spam, direct mail, and
telemarketing for individuals.


  V. The Privacy Friendly Are Mimicking the Privacy Invasive

  In Surfer Beware I, EPIC noted that news web sites usually did not
require disclosure of personal information in order to access their
content, a practice that enhances privacy.  The report stated that
many of the top web sites allow "users to visit without giving up
personal information.  Anonymity plays a particularly important role
for those sites.that are providing news and information to the on-line
community."  EPIC thought that it was especially appropriate for news
sites not to attempt to identify site visitors, as anonymous access to
political information shields individuals from law enforcement
scrutiny and politically-motivated retribution.

  But the ability to view the news anonymously is dramatically limited
now.  More and more news websites are requiring disclosure of personal
information in various forms in order to access news articles.

  EPIC conducted a survey of the websites of the top twenty-five US
newspapers (by daily circulation).[xiv] Thirteen of these top
twenty-five sites require disclosure of some personal information in
order to access content.  Seven newspapers (including three of the top
five) actually require "registration." All seven of these sites
require disclosure of personally identifiable information.  The other
five sites require only disclosure of information which is not, on its
own, personally identifiable (gender, postal code/country, and birth
year).

  Internet users are becoming increasingly frustrated with the
prevalence of registration requirements on Internet sites. Evidence
suggests that users will go out of their way to avoid divulging
personal information on news sites.  Many users who don't want to
divulge personal information in order to read the news online are
engaging in "privacy self defense," as they enter false information in
registration pages, or turn to services such as Bugmenot.com.
Bugmenot is a website through which users can "share" personal login
information, and as of August, 2004, claims to have "liberated" more
than 18,000 pages from the confines of required registration.

  Online users have strong reservations about the use and abuse of
their personal information. Surveys show that people value anonymity,
especially on the Internet, and simply don't want to give up their
information.

        A 2003 Annenberg Survey found that 57% of those polled
believed that if a company has a privacy policy, the company will not
share information with other entities.[xv]

  The mere existence of a "privacy policy" also does not ensure that a
person's information will remain "private" in the common sense of the
word-both the LA Times and Chicago Tribune websites do not allow users
to opt out of information sharing, advertising and communications from
the newspapers and their "affiliates" (although you can opt out of
sharing of your information with their advertisers and other third
parties).  There is also some indication that some newspapers have
been checking the data provided at registration against third party
commercial databases for accuracy.[xvi]

  Compulsory site registration is likely to become a "vicious cycle"
of privacy violations-increasing prevalence of privacy self-defense
through providing "bad" or incorrect information might result in an
increased tendency on the part of newspapers to require more invasive
information from users, and to compare this information to commercial
databases to ensure accuracy.

  VI. Previous Self-Regulatory Initiatives Have Failed

  Instead of driving towards legally accountable privacy frameworks,
the FTC has a predilection towards self-regulatory initiatives.  One
notable effort was the NAI-The Network Advertising Initiative.  The
NAI was announced in 1999 shortly after DoubleClick, an online target
advertising company, was the subject of a FTC investigation.  The
investigation was spawned by reports that the company was planning to
link its anonymous surfing data with detailed offline customer
profiles from Abacus Direct.  Public protest led them to suspend their
plans to merge their anonymous data with the personal information they
had purchased.

  Strong public opposition to online profiling caused Congress and the
FTC to make efforts to address the practice.  In November 1999, the
FTC and Department of Commerce announced the formation of the NAI at a
Workshop on Online Profiling.  Less than a year later and with little
involvement from consumer and privacy groups, the self-regulatory NAI
principles were publicized.

  The NAI standards were too weak to provide privacy commensurate with
surfers' expectations.  They encompassed only notice, opt-out, and
"reasonable" security. NAI members could transfer information amongst
themselves to an unlimited degree, so long as it is used for
advertising.  No meaningful enforcement mechanism was incorporated.

  Even where the NAI set privacy standards, they were burdensome for
individuals to exercise.  For instance, users who didn't want to be tracked
by DoubleClick's cookies had to download and leave an "opt-out cookie" in
their browser.  For those who think that deleting their cookies enhances
their privacy protections, they will have to repeatedly remember to download
the cookie.

  Further contributing to the irrelevance of NAI is the fact that its
membership has depleted to two: DoubleClick and Atlas DMT.

  New Tracking Methods Undermine the Already Weak NAI Provisions

  Behavioral targeting is becoming increasingly popular with web ads
that follow users as they browse the web.  These ads can be targeted
to a visitor's online habits.  Many of these ads rose in popularity
from keyword searches, however, more omniscient tactics are also at
work.  Revenue Science, for instance, offers their customers web bugs
to collect user information.  Individual sites can determine which
data gets used for targeting and the information collected does not
get shared among different sites using the service.  Customers of
Revenue Science include ESPN, Reuters, Dow Jones, Newsweek, The Wall
Street Journal and many others.

  As more network advertisers benefited from electronic espionage, the
relevancy of the NAI dwindled as the two member companies no longer
controlled the industry.  Companies such as Google, Overture,
Aquantive and Omniture are all influential stakeholders in the
targeted advertising market and profiling business.  Although they are
not NAI members, the common theme of self-regulation has remained
popular.  Not surprisingly, the core of the weak NAI principles can
still be identified throughout the privacy policies of the major
network advertisers.

  The NAI Principles Didn't Provide Privacy Then and Don't Provide it
  Now

  The NAI principles have not contributed to an environment where
privacy is protected.  Only notice has effectively been conveyed
online.  Although consent varies depending on opt-out/opt-in policies,
most advertisers operate on a no consent or opt-out model.  While
access is often provided for, a user is often only given access to the
information that they have voluntarily provided to the company.
However, in order for meaningful access to be attained, a user must
able to receive the same electronic profile that is of value to the
marketer.  Accountability and enforcement are equally meaningless
concepts without a central authority to monitor and impose the
standards.  Without enforceable rights, Internet users will continue
to be tracked and profiled as they become pawns of the advertising
industry.

  IRSG: Freeing the Commercial Data Brokers From Privacy
  Responsibilities

  The Individual Reference Services Group (IRSG) Principles were
developed by commercial data brokers in the late 1990s in order to
manage fomenting criticism regarding their business model.  These data
brokers sold Social Security Numbers and detailed dossiers on
Americans to marketers, insurers, private investigators, landlords,
and law enforcement.

  The IRSG Principles set forth a weak framework of protections.  They
allowed companies to sell non-public personal information "without
restriction" to "qualified subscribers."  The problem is that everyone
with an account is "qualified."

  Under the IRSG Principles, individuals can only opt-out of the sale
of personal information to the "general public," but commercial data
brokers don't consider any of their customers to be members of the
general public.  For instance, data broker ChoicePoint gives
individuals no right to opt out and claims that "We feel that removing
information from these products would render them less useful for
important business purposes, many of which ultimately benefit
consumers."

  The IRSG Principles have been carefully crafted in order to ensure
maximum flexibility for data brokers. They represent another
self-regulatory failure that has resulted in easy access to detailed
dossiers on Americans by both commercial and law enforcement
interests.  By turning a blind eye to the commercial sector, Congress
allowed commercial data brokers to become "Big Brother's Little
Helpers."  They have created a national data center of personal
information for law enforcement.[xvii]

  NAI and IRSG Were Successful-For Those Invading Privacy

  These self-regulatory initiatives served their purpose-to stop
Congress from creating real, enforceable rights while allowing
privacy-invasive activities to continue.  They placated the FTC,
causing Congress not to act.  The end result has been that the FTC
hasn't taken action to address traditional network advertisers or
newer forms of privacy invasive tracking.  Similarly, since Congress
didn't act on data brokers, the IRSG has dissolved, and its member
companies continue to sell personal information widely.

  VII. Anonymous Purchasing Options: Another Market Failure

       A list of Internet shoppers who paid with an American Express
card.  The company offering the list, American List Counsel, offers to
segment the consumers by age, estimated income, dollar amount per
order, and annual purchase amount.  Even if a given online retailer
extends strong privacy protections to customers, popular payment
methods are not anonymous and provide an avenue for online profiling.
Credit card companies use and sell personal information for target
marketing, and provide an easy trail for law enforcement access to
purchasing information.

  Currently, there are not ubiquitous and easy to use anonymous online
purchasing mechanisms. Companies in recent years have offered
anonymous purchasing services based on various models, but these
approaches tend to be cumbersome and costly.

  In testimony to Congress in 1997, the Federal Trade Commission
discussed anonymous payment systems and recommended that: "federal
government should wait and see whether private industry solutions
adequately respond to consumer concerns about privacy and billing
dispute resolution issues that arise with the growth of electronic
payment systems, and then step in to regulate only if those efforts --
be they market-created responses, voluntary self-regulation or
technological fixes, or some combination of these -- are
inadequate."[xviii] How much longer does the consumer have to wait for
user-friendly, ubiquitous anonymous payment options?

  VIII. Information [In]Security

  One of the five fair information practices endorsed by the FTC is
security-the responsibility that data collectors take reasonable steps
to assure that information collected from consumers is secure from
unauthorized use.[xix]

  Collection of personal information creates security risks for
individuals.  As companies amass personal information or send it
elsewhere for processing, the databases become attractive targets for
malicious actors.

  It is difficult for individuals to assess the security and integrity
of data collectors' systems.  And recent events indicate that security
in the data collection and processing industries falls fall short of
being "reasonable."  A recent case in point involves Acxiom, a
publicly-traded corporation that sells personal data and processes it
for client companies.  In a written statement to the FTC in June 2003,
Acxiom's CEO assured that its security practices were "exceptional"
and multi-leveled: ".it must be noted that Acxiom undertakes
exceptional security measures to protect the information we
maintain.and around the information we process for our clients to
ensure that information will not be made available to any unauthorized
person or business."[xx]

  A month after making this statement, Acxiom was informed by law
enforcement officials that an Ohio man was able to download and crack
Acxiom's password database.  The method of stealing the personal
information shows that Acxiom did have extraordinary security
measures-the problem was that they were extraordinarily sloppy.  The
man, using FTP access operated for Acxiom's clients, was able to
browse around Acxiom's system and download a single file containing
all the passwords.[xxi] In the course of the Ohio investigation,
Acxiom learned that a second man used the same technique to access
over 8 gigabytes of personal information from April 2002 to August
2003.[xxii]

        Acxiom did have extraordinary security measures-they were
extraordinarily sloppy.

  And, while the SSNs and credit card numbers of 20 million were
accessed, the identities of companies that provided the personal
information to Acxiom remain secret.

  Other indications of information insecurity abound thanks to a
California law that took effect in July 2003.  That law requires data
collectors to notify individuals when their data has been stolen.  As
a result, the public has heard of many information security breaches
that normally would have been kept secret.

  The first publicized notice of a security breach involved a banking
consultant who had financial details on his computer.  An office
burglar stole the computer, which had credit line information, Social
Security Numbers, and other bank account information.[xxiii] Since
then, news of security breaches routinely appear in the national
media.

  IX. Bad Online Practices Are Leeching into the Offline World

  The trend of collecting personal information and monitoring purchase
habits is not strictly limited to the on-line environment.
Increasingly, merchants are requiring consumers to produce
identification or reveal personal information at the point of sale or
when they wish to return or exchange an item.

  What's Your Phone Number?

  Increasingly, cashiers are asking individuals for their phone
numbers.  This places individuals at risk that they will receive
telemarketing based on the most trivial of purchases in the offline
world.

        Consumers don't realize that giving a phone number to a
cashier invites telemarketing under the "established business
relationship" loophole to the Telemarketing Do-Not-Call Registry.

  But the problem extends beyond a cashier's request for information,
rather, it is the presumption that the disclosure of personal
information has become a precondition of sale.  While a customer may
feel uneasy about revealing this information, many do not know that
this disclosure is voluntary.  And because individuals want to shield
their personal information from disclosure, some data companies have
developed stealth information collection techniques for offline
retailers.  For instance, Trans Union, a credit reporting agency,
offered "Translink / Reverse Append," a product that gave retailers
name and address information from credit card numbers collected at the
register.[xxiv] Consumers are not actually asked for their address,
and probably are not aware that their address is discoverable.

  The exact purpose for this information collection varies from store
to store.  Nine West asks for customer information in order to create
a database of transaction histories for each customer, containing shoe
size and width.  Victoria's Secret has recently begun asking
customer's for their telephone numbers so that they may be informed of
promotions. Sometimes, it is difficult to find out how the information
is being used.

  Grocers Get Loyalty and We Get Less

  Frequent shopper or loyalty card programs vary depending on the type
of retailer or service.  Generally, grocery stores will offer loyalty
cards where a customer reveals a significant amount of personal
information in exchange for a card which makes them eligible for
in-store discounts. There is a high privacy risk associated with these
cards as a great deal of personal data is revealed and all purchased
are tracked.

  Consumers are led to believe that they saving money when in reality,
the prices at non-savings card stores are often lower.

        The Wall Street Journal reported that, ".according to industry
experts.[loyalty] cards are designed to make customers feel like they
got a bargain, without actually lowering prices overall."

  A 2003 Wall Street Journal study found that "most likely, you are
saving no money at all [from supermarket shopping cards]. In fact, if
you are shopping at a store using a card, you may be spending more
money than you would down the street at a grocery store that doesn't
have a discount card."[xxv]

  The Wall Street Journal study surveyed card and non-card grocery
stores in five different American cities and concluded that "In all
five of our comparisons, we wound up spending less money in a
supermarket that doesn't offer a card, in one case 29% less."[xxvi]
The author further wrote that ".according to industry experts, our
shopping experience was typical, because cards are designed to make
customers feel like they got a bargain, without actually lowering
prices overall. 'For many customers, the amount of money saved has not
risen,' says Margo Georgiadis, a specialist in loyalty programs at
McKinsey & Co. The difference is that stores now make you carry a card
to get the discounts, whereas before they just offered plain old sale
prices."[xxvii]

  Making a Return? Your Papers Better Be in Order

       A receipt from H&M, a popular clothing store, which now
requires government issued photo identification for all returns.

  A review of the return policies of select retailers indicates that
asking for identification for returns, even when an original receipt
is present, is becoming a common practice.  In some situations, this
requirement is even printed on the receipt while other merchants fail
to post any notice of this condition.  While some retailers simply
take the identification to match the name and contact information,
others go as far as to enter the driver's license number into their
computer system.  Often, a customer might not even know that this is
occurring, or they may feel as though the recording of their driver's
license number is a necessary step.  Given the sensitivity of the
information contained on a driver's license, when combined with credit
card information that is often available at a return, this practice
places the customer at risk of identity theft.

  Consumer Returns Database

  Some point of sale return information is being added to a
little-known system known as the "Consumer Returns Database."[xxviii]
The database is offered by The Return Exchange which offers a
standardized return system to retailers. It operates in real-time by
monitoring consumer return patterns it helps merchants identify
fraudulent or abusive customers.

  It is unclear what standards are applied to identify an abusive
customer, or the rights that a customer has to access and correct the
database.  A list of the retailers who participate in the database is
not publicly available.  By the time a customer is aware that negative
information exists about them in the database, it is because they have
already been branded as a fraudulent or abusive returner.

  Firing the Customer

  Combined, collection of returns information and loyalty behavior can
tip the balance of power between the consumer and the retailer.  Left
unchecked, this data will be used for customer exclusion.  As the
Boston Globe recently put it, slow service or unattractive prices are
being used "as a behavior modification tool to transform an
unprofitable customer into either a profitable customer or a former
customer."[xxix]

        "Filene's banned two sisters from all 21 of its stores last
year after the clothing chain's corporate parent decided they had
returned too many items and complained too often about
service."[xxxiii]

  There is a growing movement in the "customer relationship
management" or profiling industry where businesses are encouraged to
eliminate customers who complain or who return goods.  Jim Dion,
president of retail consulting firm Dionco Inc., recently urged
storeowners to create disincentives for certain customers.[xxx] Dion
characterized 20% of the population as "bottom feeders," who complain
and have low-levels of loyalty.  Businesses, he argues, should try to
eliminate these customers: "It'd be cheaper to stop them at the door
and give them $10 not to come in."[xxxi] An article in DMNews quotes
Dion as suggesting that retailers "should consider a
preferred-customer database-prefer that they don't shop here."[xxxii]

  And major businesses are adopting these recommendations.  Best Buy's
consumer exclusion tactics were recently detailed by the Wall Street
Journal.  Literally, Best Buy is trying to eliminate its most savvy
customers, ones that recognize good deals, in favor of less thrifty
customers that the company can charge more.[xxxiv] Other companies
engage in consumer exclusion in more subtle ways, for instance,
Harrah's casinos automatically identifies callers and charges them for
hotel rooms based on their perceived profit potential.[xxxv] The
company hides the profiling system because consumers, if fully
informed, would find the practices creepy.

  First-Degree Price Discrimination

  "First-degree price discrimination," a practice where businesses
attempt to "perfectly exploit the differences in price sensitivity
between consumers," is a growing problem resulting from collection of
consumer information.[xxxvi] As Professor Janet Gertz has explained:
"By profiling consumers, financial institutions can predict an
individual's demand and price point sensitivity and thus can alter the
balance of power in their price and value negotiations with that
individual. Statistics indicate that the power shift facilitated by
predictive profiling has proven highly profitable for the financial
services industry. However, there is little evidence that indicates
that any of these profits or cost savings are being passed on to
consumers. For this reason, and because most consumers have no
practical ability to negotiate price terms for the exchange of their
data, many characterize the commercial exploitation of consumer
transaction data as a classic example of a market failure."[xxxvii]

  First-degree price discrimination is a goal of some in the
information business.  CIO Insight Magazine recently published an
article discussing pricing ceilings where price discrimination is
described as a goal for the industry: "The ideal strategy? To capture
the value of the product or service for a particular customer or
customer segment."[xxxviii]

  X. Recommendations

  The FTC has to move into the 21st century and meaningfully address
Internet privacy.  Ten years of self-regulation has led to serious
failures in this field. The online privacy situation is getting worse,
so bad that offline retailers are emulating the worst Internet
practices.

  The FTC certainly is capable of protecting privacy online. It has to
rise to the challenge and exercise more skepticism in the market as a
proxy for consumer interest.  Sometimes the market advances consumer
interests, but when it comes to privacy, the market has been a driving
force in eroding both practices and expectations.  In order to rise to
the challenge of effectively protecting individuals' privacy, we
recommend the following:

    a.. The FTC should abandon its faith in
self-regulation. Self-regulatory systems have served to stall Congress
while anesthetizing the public to increasingly invasive business
practices.  Self-regulation has only been reliable in promoting
privacy notices, the least substantive aspect of privacy protection.
The public's, and even the FTC's own conception of Fair Information
Practices, commands a broader array of privacy protection including
access, choice, security, and accountability.  b.. The FTC should
reexamine the Network Advertising Initiative in light of the
agreement's dwindling membership and the existence of new, more
invasive tracking measures.  c.. The FTC should reexamine the IRSG
Principles to ensure that they provide some measure of meaningful
privacy.  d.. The FTC should investigate the emerging technologies
identified in this report, including digital rights management,
trusted computing, and single sign on services.  e.. The FTC should
investigate the emerging offline business practices identified in this
report, including unnecessary requests for information at point of
sale or return, customer return databases, customer exclusion, and
first degree price discrimination.  f.. The FTC should work with the
banking agencies to develop a unified mechanism for opting out under
the Gramm-Leach-Bliley and Fair Credit Reporting Acts.  Just as it
made no sense for individuals to opt-out of every telemarketing call,
it currently makes no sense for an individual to have to contact every
single financial institution separately to protect privacy.

  *This report was written with assistance from EPIC Internet Public
Interest Opportunity Program (IPIOP) Clerks Dina Mashayekhi, Tara Wheatland,
and Amanda Reid.

  [i] Consumers deserve stronger shield against telemarketers, USA Today,
Sept. 17, 2002.  In just one year, the New York DNC list amassed 2 million
enrollments.  Telemarketing's Troubled Times, CBS News, Apr. 1, 2002, at
http://www.cbsnews.com/stories/2002/04/01/eveningnews/main505124.shtml.

  [ii] Self Regulation and Privacy Online, Before the House Commerce
Subcomm. on Telecom., Trade, and Consumer Protection, 106th Cong., Jul. 13,
1999, available at http://www.ftc.gov/os/1999/07/pt071399.htm.

  [iii] FTC, Staff Report: Public Workshop on Consumer Privacy on the Global
Information Infrastructure, Dec. 1996, available at
http://www.ftc.gov/reports/privacy/privacy1.htm.

  [iv]FTC, Privacy Online: A Report to Congress, Jun. 4, 1998, available at
http://www.ftc.gov/reports/privacy3/index.htm.

  [v]FTC, Self-regulation Is the Preferred Method of Protecting Consumers'
Online Privacy; Jul. 21, 1998, available at
http://www.ftc.gov/opa/1998/07/privacyh.htm.

  [vi] Consumer Privacy on the World Wide Web, Before the House Comm. on
Commerce Subcomm. on Telecommunications, Trade, and Consumer Protection,
105th Cong. (Jul. 21, 1998) (statement of the FTC), available at
http://www.ftc.gov/os/1998/07/privac98.htm.

  [vii]FTC, Online Profiling:A Report to Congress Part 2 Recommendations,
Jul. 2000, available at http://www.ftc.gov/os/2000/07/onlineprofiling.htm.

  [viii] Timothy J. Muris, Protecting Consumers' Privacy: 2002 and Beyond,
Remarks delivered at the Privacy 2001 Conference, Oct. 4, 2001, available at
http://www.ftc.gov/speeches/muris/privisp1002.htm.

  [ix] Ad4Ever; AdCentric Online; Ad Dynamix;  AdSolution; Avenue A;
BlueStreak; BridgeTrack; DoubleClick; efluxa; Enliven; Flycast; i33;
Mediaplex; PlanetActive; Pointroll; Profero; Qksrv; RealMedia; RedAgency;
TangoZebra; TargetGraph; TrackStar; Travelworm; Unicast.

  [x]Pew Internet & American Life Project, Trust and Privacy Online: Why
Americans Want to Rewrite the Rules, Aug. 20, 2000.

  [xi] Company Needs to Engage Privacy Advocates in a Thorough Debate, San
Jose Mercury News, Apr. 15, 2004.

  [xii] David McGuire, States Speed up Spyware Race, Wash. Post, May 13,
2004, available at
http://www.washingtonpost.com/wp-dyn/articles/A24746-2004May13.html

  [xiii] Julie E. Cohen, A Right to Read Anonymously: A Closer Look at
"Copyright Management" in Cyberspace, 28 Conn. L. Rev. 981 (Summer 1996).

  [xiv]BurrellesLuce, Top 100 Daily Newspapers in the U.S. by Circulation
2004.

  [xv] Joseph Turow, Americans and Online Privacy: The System is Broken,
Annenberg Public Policy Center, June 2003.

  [xvi] Rachel Metz, We Don't Need No Stinkin' Login, Wired Jul. 20, 2004,
available at http://wired.com/news/infostructure/0,1377,64270,00.html


  [xvii] Chris Jay Hoofnagle, Big Brother's Little Helpers, 29 N.C.J. Int'l
L. & Com. Reg. 595 (Summer 2004).

  [xviii]FTC, Wait, Watch Closely and See is Right Stance for Government on
Privacy Issues for Electronic Payment Systems, Says FTC Official, Sept. 18,
1997, available at http://www.ftc.gov/opa/1997/09/medine.htm.

  [xix]FTC, Online Profiling:A Report to Congress Part 2 Recommendations,
Jul. 2000, available at http://www.ftc.gov/os/2000/07/onlineprofiling.htm.

  [xx] Information Flows, Before the FTC, Jun. 18, 2003, available at
http://www.ftc.gov/bcp/workshops/infoflows/present/030618morgan.pdf.

  [xxi] Robert O' Harrow, Jr., No Place to Hide 71-72, Free Press (2005).
DOJ, Milford Man Pleads Guilty to Hacking Intrusion and Theft of Data Cost
Company $5.8 Million, Dec. 18, 2003, available at
http://www.usdoj.gov/criminal/cybercrime/baasPlea.htm.

  [xxii]DOJ, Florida Man Charged with Breaking Into Acxiom Computer Records,
Jul. 21, 2004, available at
http://www.usdoj.gov/opa/pr/2004/July/04_crm_501.htm.

  [xxiii] Customer Data Was on Stolen PC, Wells Fargo Says, Reuters, Nov.
21, 2003.

  [xxiv] In re Trans Union, 2000 FTC LEXIS 23 (2000).

  [xxv] Katy McLaughlin, The Discount Grocery Cards That Don't Save You
Money, Wall Street Journal, Jan. 21, 2003, at
http://wsj.com/article/0,,SB1043006872628231744,00.html.

  [xxvi] Id.

  [xxvii] Id.

  [xxviii] http://www.thereturnexchange.com/

  [xxix] Bruce Mohl, Facing their demons: To face demons, firms dump maxim,
Boston Globe, Jul. 27, 2003.

  [xxx] Mickey Alam Khan, Technology Creates Tough Environment for
Retailers, DMNews, Jan. 13, 2003.

  [xxxi] Id.

  [xxxii] Id.

  [xxxiii] Joshua Freed, The customer is always right? Not anymore, San
Fran. Chron., Jul. 5, 2004.

  [xxxiv] Gary McWilliams, Analyzing Customers, Wall Street Journal, Nov. 8,
2004.

  [xxxv] Christina Binkley, Taking Retailers' Cues, Harrah's Taps Into
Science of Gambling, Wall Street Journal, Nov. 22, 2004.

  [xxxvi] Anthony Danna & Oscar H. Gandy, Jr., All That Glitters is Not
Gold: Digging Beneath the Surface of Data Mining, 40 Journal of Business
Ethics 373, 381 (2002).

  [xxxvii] Janet Dean Gertz, The Purloined Personality: Consumer Profiling
in Financial Services, 39 San Diego L. Rev. 943, 964-5 (Summer 2002).

  [xxxviii] Amy Cortese, Price Flexing: How the Web Adds New Twists, CIO
Insight, at http://www.cioinsight.com/article2/0,3959,43528,00.asp.

  [Inside Back Cover: Personal information sold by magazines. Some segment
their subscribers by age, sex, religion, and whether there are children in
the household.]

  [Back Cover: More lists of personal information sold based on Internet
registrations. List brokers sell personal information en masse segmented by
age, sex, sexual orientation, and race.]



[TELECOM Digest Editor's Note: This report came to us from EPIC, and
you can examine the several good reports at their web site:
http://www.epic.org, or read the original report at its URL:
Page URL: http://www.epic.org/reports/decadedisappoint.html .

In the archives, these two parts (last issue and current issue) will 
be merged into one.    PAT]

------------------------------

From: Gene S. Berkowitz <first.last@comcast.net>
Subject: Re: Ohio Law Would Require Auction License for eBay Sellers
Date: Sat, 12 Mar 2005 22:20:53 -0500


In article <telecom24.102.9@telecom-digest.org>, 
kd1s@nospamplease.cox.reallynospam.net says:

> In article <telecom24.101.4@telecom-digest.org>, lisa_minter2001
> @yahoo.com says:

>> CNN, via Yahoo News on Tuesday reports that the State of Ohio has
>> become very unfriendly toward online sellers using E-Bay.
>> According to CNN-Money, State of Ohio now requires an auction license
>> of people who want to sell on E-Bay, as well as a one-year training
>> class required of sellers _and_ a fifty thousand dollar security 
>> bond. The auction license costs two hundred dollars. If you fail to
>> do these things, they have some jail time waiting for you. Their
>> excuse is they want to 'cut back on internet fraud using E-Bay'.

>> http://money.cnn.com/2005/03/07/technology/ohio_ebay/index.htm

> Tax revenue. That's what every state is about. 

> On a related note -- a couple years ago I get notice from the state of
> RI that I never filed my 1990 taxes and owe them $1,300 between fines,
> etc.  So the past few years they snatched my refunds.

> This year I decided I want receipts from this point forward, and I'll
> keep my tax records for more than three years so I can prove I filed.
> Turns out the RI Division of Taxation won't give a receipt. I got the
> woman to stamp my copy with their "RECEIVED - RI DIV TAX" verbiage
> with the date and all.

> Hopefully the state will lose one more of my returns -- then I can
> bring the receipted version to the news hounds and watch as the sparks
> fly.

Haven't you ever heard of Certified Mail / Return Receipt?  I have
signed, stamped return post cards for every Fed & State return since I
started filing.

--Gene

------------------------------

Date: Sat, 12 Mar 2005 22:43:29 -0500
From: Marcus Didius Falco <falco_marcus_didius@yahoo.co.uk>
Subject: Why Pay to be an Identity Thief? CMU Will Show You How


    ------ Forwarded Message
    From: Steven Cherry < >
    Date: Sat, 12 Mar 2005 02:33:41 -0500
    To: "David J. Farber" < >
    Subject: Why Pay to be an Identity Thief?

Dave,

We just posted an article I think of interest to IP:

<http://www.spectrum.ieee.org/WEBONLY/wonews/mar05/0305nthef.html>
Why Pay to be an Identity Thief? Experimental Software Makes It Free

By Steven Cherry

Thieves purchased sensitive personal data from ChoicePoint, but a
Carnegie Mellon University researcher can get the same information
free on the Web

    Steven Cherry, +1 212-419-7566
    Senior Associate Editor
    IEEE Spectrum, 3 Park Ave,  New York, NY 10016
    <http://www.spectrum.ieee.org>

    ------ End of Forwarded Message


Why Pay to be an Identity Thief? Experimental Software Makes It Free

By Steven Cherry

Thieves purchased sensitive personal data from ChoicePoint, but a Carnegie
Mellon University researcher can get the same information free on the Web

11 March 2005 -- The U.S. database industry is under a legal microscope
following the pilfering of information that could allow thieves to
steal the identities of hundreds of thousands of people. In a hearing
yesterday, senators threatened legislation to regulate large brokers
of financial and other data such as Lexis Nexis, Bank of America, and
Choicepoint all of which have disclosed problems in the last two
months. It was the incident at Alpharetta, Ga.-based ChoicePoint that
kindled the current concern in Washington, D.C. In mid-February the
firm, whose data is used to check the legitimacy of the potential
customers of other companies, revealed that it had been tricked into
selling the records of 145 000 people to thieves posing as legitimate
ChoicePoint customers.

But why should an identity thief bother with an expensive charade?
Carnegie-Mellon University associate professor of computer science,
Latanya Sweeney, has found an even simpler way than paying a company
in the personal database industry, which critics say is
underregulated. She's found a way to extract all the data she wants
for free from the World Wide Web. For over a decade, Sweeney has been
exploring the intersection of technology and privacy. Her latest work
builds on earlier Web-searching tools that create software agents to
extract names, address, birth dates, and Social Security numbers from
resumes posted online; everything you need to apply for a new credit
card in someone else's name. Sweeney will report= her findings at a
symposium devoted to national security sponsored by the American
Association for Artificial Intelligence and held at Stanford
University, in California, 21 - 23 March.

With her software, Sweeney can gather the key data with just a little
Web surfing. She starts with a filter that searches for documents
likely to be resumes and then extracts the key data values: name,
social security number, address, and date of birth. R=E9sum=E9s are
found in a two-part process: first, a program Sweeney wrote last year
finds long lists of names. Then a specialized Google search filter
looks for resumes associated with those names that contain Social
Security numbers.

Social Security numbers and the other needed fields, such as birth
date, are isolated using a combination of techniques. For example,
dates can be formatted in several different ways, but there are now
standard techniques for parsing them. If a resume has all the needed
data except a birth date, the software grabs it from one of the many
sites that offer them, such as Anybirthday.com. Social Security
numbers have a distinctive format: nnn-nn-nnnn. Another program of
Sweeney's, SSN Watch, checks the numbers that are found.

How important are those Social Security numbers? Last September, the
commissioner of the U.S. Federal Trade Commission told Congress that
they play "a pivotal role in identity theft. Identity thieves use the
Social Security number as a key to access the financial benefits
available to their victims."

Obviously, if people are posting their Social Security numbers to the
Web, and if doing so leaves them highly vulnerable to identity theft,
then they ought to stop. Sweeney's work addressed that issue. The
Identity Angel project, which she launched earlier this year, looks
for e-mail addresses in those resumes, and sends individuals automated
notices that their identity information was found online. She says a
follow-up study showed that more than 90 percent of the people
subsequently removed the information from the Web.

Nonetheless, even with a digital Samaritan patrolling the ether, U.S.
identities remain at risk. A November study by the U.S. Government
Accountability Office found that "Social Security numbers appear in
any number of records exposed to public view almost everywhere in the
nation, primarily at the state and local levels of government."

The GAO reported that many states and hundreds of the nation's 3141
counties put Social Security numbers directly on the Internet and that
"this could affect millions of people." The agency concluded that the
risk of exposure for Social Security numbers in public records "is
highly variable and difficult for any one individual to anticipate or
prevent."

That risk is much lower across the Atlantic, where a 1995 European
Union directive on data privacy ensures that personal data is kept
secret by default.

According to Stephen J. Kobrin, a professor of multinational
management at the University of Pennsylvania, in Philadelphia, this
represents a fundamental difference between the United States and
Europe. "In America privacy is seen as an alienable commodity subject
to the market," he wrote in 2002 report. In contrast, he says, in
Europe, privacy is considered to be "a fundamental human right." Not
only do explicit privacy statutes exist there, but they are also
enforced by dedicated regulatory agencies.

In other words, the current U.S. crisis of identity theft is a result
of policy choices that Americans have made, sometimes implicitly,
sometimes explicitly. They are choices that can be revisited anytime.

NOTE: For more telecom/internet/networking/computer news from the daily
media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra . Hundreds of new articles daily.

*** FAIR USE NOTICE. This message contains copyrighted material the
use of which has not been specifically authorized by the copyright
owner. This Internet discussion group is making it available without
profit to group members who have expressed a prior interest in
receiving the included information in their efforts to advance the
understanding of literary, educational, political, and economic
issues, for non-profit research and educational purposes only. I
believe that this constitutes a 'fair use' of the copyrighted material
as provided for in section 107 of the U.S.  Copyright Law. If you wish
to use this copyrighted material for purposes of your own that go
beyond 'fair use,' you must obtain permission from the copyright
owner, in this instance, IEEE Spectrum and Steven Cherry.

For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml

------------------------------

Date: Sat, 12 Mar 2005 22:44:07 -0500
From: Marcus Didius Falco <falco_marcus_didius@yahoo.co.uk>
Subject: Hackers Target U.S. Power Grid


* Original: FROM..... Dave Farber

BTW Pat Wood is a very good person who actually wanted to be at the FCC

Dave

  ------ Forwarded Message
  From: Fred Langa < >
  Date: Sat, 12 Mar 2005 10:33:57 -0500
  Subject: "Hackers target U.S. power grid" (wash post)

Describing his reaction to the demonstration [of how easily hackers
might break into electrical grid computers] Patrick H. Wood III, the
chairman of the Federal Energy Regulatory Commission, said: 'I wished
I'd had a diaper on.'"

http://www.msnbc.msn.com/id/7152899

Fred Langa

Current Projects/Affiliations Info:
http://www.langa.com/about_fred.htm

Free Newsletter ("The LangaList"): subscribe@langa.com

Free LangaList Link Exchange: http://www.langa.com/code.htm

Hackers target U.S. power grid
Government quietly warns utilities to beef up computer security

By Justin Blum
The Washington Post
Updated: 8:33 a.m. ET March 11, 2005

WASHINGTON - Hundreds of times a day, hackers try to slip past
cyber-security into the computer network of Constellation Energy Group
Inc., a Baltimore power company with customers around the country.

"We have no discernable way of knowing who is trying to hit our system,"
said John R. Collins, chief risk officer for Constellation, which operates
Baltimore Gas and Electric. "We just know it's being hit."

Hackers have caused no serious damage to systems that feed the
nation's power grid, but their untiring efforts have heightened
concerns that electric companies have failed to adequately fortify
defenses against a potential catastrophic strike. The fear: In a
worst-case scenario, terrorists or others could engineer an attack
that sets off a widespread blackout and damages power plants,
prolonging an outage.

Patrick H. Wood III, the chairman of the Federal Energy Regulatory
Commission, warned top electric company officials in a private meeting
in January that they need to focus more heavily on cyber-security. 
Wood also has raised the issue at several public appearances.
Officials will not say whether new intelligence points to a potential
terrorist strike, but Wood stepped up his campaign after officials at
the Energy Department's Idaho National Laboratory showed him how a
skilled hacker could cause serious problems.

Wood declined to comment on specifics of what he saw. But an official
at the lab, Ken Watts, said the simulation showed how someone could
hack into a utility's Internet-based business management system, then
into a system that controls utility operations. Once inside, lab
workers simulated cutting off the supply of oil to a turbine
generating electricity and destroying the equipment.

Describing his reaction to the demonstration, Wood said: "I wished I'd
had a diaper on."

Growing concerns

Many electric industry representatives have said they are concerned
about cyber-security and have been taking steps to make sure their
systems are protected. But Wood and others in the industry said the
companies' computer security is uneven.

"A sophisticated hacker, which is probably a group of hackers
 ... could probably get into each of the three U.S. North American
power [networks] and could probably bring sections of it down if they
knew how to do it," said Richard A. Clarke, a former counterterrorism
chief in the Clinton and Bush administrations.

Clarke said government simulations show that electric companies have
not done enough to prevent hacking. "Every time they test, they get
in," Clarke said. "It's nice that the power companies think that
they've done things, and some of them have. But as long as there's a
way to get into the grid, the grid is as weak as its weakest company."

Some industry analysts play down the threat of a massive cyber-attack,
saying it's more likely that terrorists would target the physical
infrastructure such as power plants and transmission lines. James
Andrew Lewis, director of technology policy at the Center for
Strategic and International Studies in the District, said a
coordinated attack on the grid would be technically difficult and
would not provide as much "bang for the buck" as high-profile physical
attacks. Lewis said the bigger vulnerability may be posed not by
outside hackers but by insiders who are familiar with their company's
computer networks.

But in recent years, terrorists have expressed interest in a range of
computer targets. Al Qaeda documents from 2002 suggest cyber-attacks on
various targets, including the electrical grid and financial institutions,
according to a translation by the IntelCenter, an Alexandria firm that
studies terrorist groups.

Power grid seen as vulnerable

A government advisory panel has concluded that a foreign intelligence
service or a well-supported terrorist group "could conduct a
structured attack on the electric power grid electronically, with a
high degree of anonymity, and without having to set foot in the target
nation," according to a report last year by the Government
Accountability Office, the investigative arm of Congress.

Cyber-security specialists and government officials said that
cyber-attacks are a concern across many industries but that the threat
to the country's power supply is among their top fears.

Hackers have gained access to U.S. utilities' electronic control
systems and in a few cases have "caused an impact," said Joseph
M. Weiss, a Cupertino, Calif.-based computer security specialist with
Kema Inc., a consulting firm focused on the energy industry. He said
computer viruses and worms also have caused problems.

Weiss, a leading expert in control system security, said officials of
the affected companies have described the instances at private
conferences that he hosts and in confidential conversations but have
not reported the intrusions publicly or to federal authorities. He
said he agreed not to publicly disclose additional details and that
the companies are fearful that releasing the information would hurt
them financially and encourage more hacking.

Weiss said that "many utilities have not addressed control system
cyber-security as comprehensively as physical security or
cyber-security of business networks."

The vulnerability of the nation's electrical grid to computer attack
has grown as power companies have transferred control of their
electrical generation and distribution equipment from private,
internal networks to supervisory control and data acquisition, or
SCADA, systems that can be accessed through the Internet or by phone
lines, according to consultants and government reports. That
technology has led to greater efficiency because it allows workers to
operate equipment remotely.

Other systems that feed information into SCADA or that operate utility
equipment are vulnerable and have been largely overlooked by
utilities, security consultants said.

Some utilities have made hacking into their SCADA systems relatively
easy by continuing to use factory-set passwords that can be found in
standard documentation available on the Internet, computer security
consultants said.

The  North American Electric  Reliability Council,  an industry-backed
organization  that sets  voluntary standards  for power  companies, is
drafting  wide-ranging guidelines  to replace  more  narrow, temporary
precautions   already   on   the   books  for   guarding   against   a
cyber-attack. But computer security specialists question whether those
standards go far enough.

Officials at several power companies said they had invested heavily in
new equipment and software to protect their computers. Many would
speak only in general terms, saying divulging specifics could assist
hackers.

"We're very concerned about it," said Margaret E. "Lyn" McDermid,
senior vice president and chief information officer for Dominion
Resources Inc., a Richmond-based company that operates Dominion
Virginia Power and supplies electricity and natural gas in other
states. "We spend a significant amount of time and effort in making
sure we are doing what we ought to do."

Executives at Constellation Energy view the constant hacking attempts
 -- which have been unsuccessful -- as a threat and monitor their
systems closely. They said they assume many of the hackers are the
same type seen in other businesses: people who view penetrating
corporate systems as fun or a challenge.

"We feel we are in pretty good shape when it comes to this," Collins
said.  "That doesn't mean we're bulletproof."

Old equipment may be a threat

The biggest threat to the grid, analysts said, may come from power
companies using older equipment that is more susceptible to
attack. Those companies many not want to invest large amounts of money
in new computer equipment when the machines they are using are
adequately performing all their other functions.

Security consulting firms said that they have hacked into power
company networks to highlight for their clients the weaknesses in
their systems.

"We are able to penetrate real, running, live systems," said Lori
Dustin, vice president of marketing for Verano Inc., a Mansfield,
Mass., company that sells products to companies to secure SCADA
systems. In some cases, Dustin said, power companies lack basic
equipment that would even alert them to hacking attempts.

O. Sami Saydjari, chief executive of the Wisconsin Rapids, Wis.-based
consulting firm Cyber Defense Agency LLC, said hackers could cause the
type of blackout that knocked out electricity to about 50 million
people in the Northeast, Midwest and Canada in 2003, an event
attributed in part to trees interfering with power lines in Ohio. He
said that if hackers destroyed generating equipment in the process,
the amount of time to restore electricity could be prolonged.

"I am absolutely confident that by design, someone could do at least as
[much damage], if not worse" than what was experienced in 2003, said
Saydjari, who was one of 54 prominent scientists and others who warned the
Bush administration of the risk of computer attacks following Sept. 11,
2001. "It's just a matter of time before we have a serious event."


Copyright 2005 The Washington Post Company

NOTE: For more telecom/internet/networking/computer news from the daily
media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra . Hundreds of new articles daily.

*** FAIR USE NOTICE. This message contains copyrighted material the
use of which has not been specifically authorized by the copyright
owner. This Internet discussion group is making it available without
profit to group members who have expressed a prior interest in
receiving the included information in their efforts to advance the
understanding of literary, educational, political, and economic
issues, for non-profit research and educational purposes only. I
believe that this constitutes a 'fair use' of the copyrighted material
as provided for in section 107 of the U.S.  Copyright Law. If you wish
to use this copyrighted material for purposes of your own that go
beyond 'fair use,' you must obtain permission from the copyright
owner, in this instance, Washington Post Company.

For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml

------------------------------


TELECOM Digest is an electronic journal devoted mostly but not
exclusively to telecommunications topics. It is circulated anywhere
there is email, in addition to various telecom forums on a variety of
networks such as Compuserve and America On Line, Yahoo Groups, and
other forums.  It is also gatewayed to Usenet where it appears as the
moderated newsgroup 'comp.dcom.telecom'.

TELECOM Digest is a not-for-profit, mostly non-commercial educational
service offered to the Internet by Patrick Townson. All the contents
of the Digest are compilation-copyrighted. You may reprint articles in
some other media on an occasional basis, but please attribute my work
and that of the original author.

Contact information:    Patrick Townson/TELECOM Digest
                        Post Office Box 50
                        Independence, KS 67301
                        Phone: 620-402-0134
                        Fax 1: 775-255-9970
                        Fax 2: 530-309-7234
                        Fax 3: 208-692-5145         
                        Email: editor@telecom-digest.org

Subscribe:  telecom-subscribe@telecom-digest.org
Unsubscribe:telecom-unsubscribe@telecom-digest.org

This Digest is the oldest continuing e-journal about telecomm-
unications on the Internet, having been founded in August, 1981 and
published continuously since then.  Our archives are available for
your review/research. We believe we are the oldest e-zine/mailing list
on the internet in any category!

URL information:        http://telecom-digest.org

Anonymous FTP: mirror.lcs.mit.edu/telecom-archives/archives/
  (or use our mirror site: ftp.epix.net/pub/telecom-archives)

Email <==> FTP:  telecom-archives@telecom-digest.org 

      Send a simple, one line note to that automated address for
      a help file on how to use the automatic retrieval system
      for archives files. You can get desired files in email.

*************************************************************************
*   TELECOM Digest is partially funded by a grant from                  *
*   Judith Oppenheimer, President of ICB Inc. and purveyor of accurate  *
*   800 & Dot Com News, Intelligence, Analysis, and Consulting.         *
*   http://ICBTollFree.com, http://1800TheExpert.com                    *
*   Views expressed herein should not be construed as representing      *
*   views of Judith Oppenheimer or ICB Inc.                             *
*************************************************************************

ICB Toll Free News.  Contact information is not sold, rented or leased.

One click a day feeds a person a meal.  Go to http://www.thehungersite.com

Copyright 2004 ICB, Inc. and TELECOM Digest. All rights reserved.
Our attorney is Bill Levant, of Blue Bell, PA.

              ************************

DIRECTORY ASSISTANCE JUST 65 CENTS ONE OR TWO INQUIRIES CHARGED TO
YOUR CREDIT CARD!  REAL TIME, UP TO DATE! SPONSORED BY TELECOM DIGEST
AND EASY411.COM   SIGN UP AT http://www.easy411.com/telecomdigest !

              ************************

Visit http://www.mstm.okstate.edu and take the next step in your
career with a Master of Science in Telecommunications Management
(MSTM) degree from Oklahoma State University (OSU). This 35
credit-hour interdisciplinary program is designed to give you the
skills necessary to manage telecommunications networks, including
data, video, and voice networks.

The MSTM degree draws on the expertise of the OSU's College
of Business Administration; the College of Arts and Sciences; and the
College of Engineering, Architecture and Technology. The program has
state-of-the-art lab facilities on the Stillwater and Tulsa campus
offering hands-on learning to enhance the program curriculum.  Classes
are available in Stillwater, Tulsa, or through distance learning.

Please contact Jay Boyington for additional information at
405-744-9000, mstm-osu@okstate.edu, or visit the MSTM web site at
http://www.mstm.okstate.edu

              ************************

   ---------------------------------------------------------------

Finally, the Digest is funded by gifts from generous readers such as
yourself who provide funding in amounts deemed appropriate. Your help
is important and appreciated. A suggested donation of fifty dollars
per year per reader is considered appropriate. See our address above.
Please make at least a single donation to cover the cost of processing
your name to the mailing list. 

All opinions expressed herein are deemed to be those of the
author. Any organizations listed are for identification purposes only
and messages should not be considered any official expression by the
organization.

End of TELECOM Digest V24 #111
******************************

Return to Archives**Older Issues