Saturday, October 29, 2005

Worse than Watergate

I'm not talking about the book written a couple years ago by John Dean about the Bush presidency (yes, that John Dean). I'm talking about a story written a couple days ago by Arianna Huffington.

Worse than Watergate (By Arianna Huffington, Posted October 26, 2005.)

It's a very revealing look at the list of lies made by the Administration top dogs, all the way to GW Bush.

Potential Bonus Presidential Lie: In June 2004, when asked whether he stood by his promise to fire anyone found to have leaked Plame's identity, President Bush (taking a cue from Rove) answered with an unambiguous "Yes." But the New York Daily News reports that Bush knew that Rove was involved in the leak two years ago. So why, a year later, was he still acting like he had no idea who'd been involved?

Her first example comes from this snippet from a Presidential press conference on June 10, 2004:

QUESTION: Given -- given recent developments in the CIA leak case, particularly Vice President Cheney's discussions with the investigators, do you still stand by what you said several months ago, a suggestion that it might be difficult to identify anybody who leaked the agent's name?

THE PRESIDENT: That's up to --

QUESTION: And, and, do you stand by your pledge to fire anyone found to have done so?

THE PRESIDENT: Yes. And that's up to the U.S. Attorney to find the facts.

While the second part comes from this NY Daily News article from October 19, 2005. Generally Rove and other aides were up to their eyeballs trying to bash, discredit, and destory Wilson and his claims, and revealing his wife's identity was part of the game. So Bush had to know his Aides, including Rove, had done the deed. So why is he, a year later, denying knowledge? Further, isn't he lying?

At least, this is what Huffington wants us to believe.

Oh, so now Syria and Iran are outlaw regimes?

Bush calls Iran and Syria 'outlaw regimes' (By Caren Bohan Fri Oct 28,12:16 PM ET, Reuters, published on

NORFOLK, Virginia (Reuters) - President George W. Bush on Friday called Iran and Syria "outlaw regimes" and said countries that support terrorism are just as guilty of murder as those who commit the violence.

"We're determined to deny radical groups the support and sanctuary of outlaw regimes. State sponsors like Syria and Iran have a long history of collaboration with terrorists and they deserve no patience from the victims of terror," Bush said.

... The United States has repeatedly expressed concern over Iran and its nuclear energy program, which it suspects could be a cover for nuclear weapons development. Iran insists the program is intended for civilian electricity generation.

... The Bush administration justified the March 2003 invasion of Iraq by saying Baghdad posed a threat because it had stockpiles of chemical and biological weapons and was pursuing nuclear weapons. No weapons of mass destruction were found in postwar Iraq.

First ... this is right on the neocon world tour schedule. The neocons laid out in the mid 1990's their megalomaniacal plan for world domination, or at least domination of the middle east. Their plan was to first topple the government of Iraq, them move on to either Syria or Iran. The goal was to establish moderate democracies in the heart of the Middle East, which would then effect change in neighboring countries and make the whole region more amenable to American interests.

So, regardless of the truth of any allegation the Bush administration is making against Syria and Iran -- oh, and they have a very poor track record around truth -- you can rest assured that the reason for their statements against both Syria and Iran have nothing to do with the allegations. Instead it has everything to do with the agenda to which the neocons have been making plans since the 1990's.

Would the Wilsons file suit against GW Bush?

Here's an interesting article laying out a case for Joe Wilson and his wife Valerie to file suit against the Bush administration. Civil suit that is.

Valerie Plame: The Bush Equivalent of Paula Jones? (By Stephen Pizzo, News for Real. Posted on October 29, 2005.)

First, we are reminded of the late 1990's and the whole series of legal actions against Bill Clinton. One of the steps was Paula Jones filing suit against Clinton, establishing that a citizen can sue a sitting President, and also setting in motion the events leading to Clinton lieing about having had sex (in the Oval Office) with "that woman".

BTW, his statement about "had sexual relations with that woman, Ms. Lewinsky…?" did not happen under oath, but instead happened on national television while being interviewed on the PBS News Hour.

Anyway, with that background the Wilsons have ample reason to file suit, and ample justification to do so. And the contrast between Paula Jones and the Wilsons is delicious, given that both of them have long unblemished service records to this country.

Dennis Hastert, U.S. Speaker of the House, is now a blogger

On the official Speaker of the House web site, Dennis Hastert has started a blog.

So far there's two entries. There's no RSS feed, that I can find, which will limit the impact. But then there's plenty of places where an RSS feed would be fabulous, such as their "newsroom" page, but the RSS feed is lacking.

Friday, October 28, 2005

Attack bloggers on the loose???

There's a lovely piece in Forbes magazine slamming the blogging community. Yet the article itself is a prime example of the over-the-top slam story that's lacking in the kind of credibility you get when you check your facts carefully.

Attack of the Blogs (Daniel Lyons, 11.14.05,, registration required)

Web logs are the prized platform of an online lynch mob spouting liberty but spewing lies, libel and invective. Their potent allies in this pursuit include Google and Yahoo.

And with that bit of distortion as the foundation for the article, can we expect fair and balanced journalism?

The article leads off with the story of Gregory Halpern and the woes of his company. His company offered several products for sale, and was going fine until a blogger latched on:

Then the bloggers attacked. A supposed crusading journalist launched an online campaign long on invective and wobbly on facts, posting articles on his Web log (blog) calling Halpern "deceitful,""unethical,""incredibly stupid" and "a pathological liar" who had misled investors. The author claimed to be Nick Tracy, a London writer who started his one-man "watchdog" Web site,, to expose corporate fraud. He put out press releases saying he had filed complaints against Circle with the Securities & Exchange Commission.

The result of the "attack" has been a drastic decline in the company stock price, their deal with Nestle never came through, etc. The "journalist" turned out to be an out of work stock analyst who later was indicted and convicted in stock a pump-and-dump scheme.

Okay, fine, perhaps Halpern and his company are innocent victims. But is "bloging" the culprit here? The whole slant of the article is to label bloggers as a vicious horde out to damage and destroy for some kind of evil ends. But is that true?

A blog is merely a web site of a particular shape and functionality. The fake "journalist" mentioned above could have done the same damage using a regular web site. That he used blog software has nothing to do with the effect of what he did.

For example here's another section of the article:

"Bloggers are more of a threat than people realize, and they are only going to get more toxic. This is the new reality," says Peter Blackshaw, chief marketing officer at Intelliseek, a Cincinnati firm that sifts through millions of blogs to provide watch-your-back service to 75 clients, including Procter & Gamble and Ford. "The potential for brand damage is really high," says Frank Shaw, executive vice president at Microsoft's main public relations firm, Waggener Edstrom. "There is bad information out there in the blog space, and you have only hours to get ahead of it and cut it off, especially if it's juicy."

These people are confused ... Sure, there probably is bad information out there. But it doesn't matter whether it's a blog or not. Blogs are not the enemy.

Some companies now use blogs as a weapon, unleashing swarms of critics on their rivals. "I'd say 50% to 60% of attacks are sponsored by competitors," says Bruce Fischman, a lawyer in Miami for targets of online abuse. He says he represents a high-tech firm thrashed by blogs that were secretly funded by a rival; the parties are in talks to settle out of court. One blog, Groklaw, exists primarily to bash software maker SCOGroup in its Linux patent lawsuit against IBM, producing laughably biased, pro-IBMcoverage; its origins are a mystery (see box, p. 136).

In other words, this is the same old process (corporate PR warfare) moved into a new arena.

Corporations have been slamming each other for years. Faked up slam stories have been circulated for years. PR firms have for years specialized in making spin and counter spin work to create or destroy public image. There's nothing new here, it's the same old practices clothed in new technology.

But here's one of the few interesting thoughts in the article:

Google and other services operate with government-sanctioned impunity, protected from any liability for anything posted on the blogs they host. Thus they serve up vitriolic "content" without bearing any legal responsibility for ensuring it is fair or accurate; at times they even sell ads alongside the diatribes. "We don't get involved in adjudicating whether something is libel or slander," says Jason Goldman, a manager at Google's blogging division. In squabbles between anonymous bloggers and victims Google sides with the attackers, refusing to turn over any information unless a judge orders it to open up. "We'll do it if we believe we are required to by law," he says.

There are several large blog hosting services such as Google (, TypePad, LiveJournal and Movable Type plus others. What this paragraph suggests is that perhaps the blog hosting services ought to be held accountable for the statements of the people for whom they host blogs.

Okay, let's ponder this for a moment.

At first blush the attraction to operating a blog is one has a virtual soapbox from which to speak to the world. Everybody has their own message to bring to the world (as I discuss here), and not everybody's message is one of love and light. Further, there are many messages to speak to the world that the corporatists would find damaging to their precious businesses. Hence, it would behoove a blog hosting service to not censor what the users of the service write.

They might not get many customers to their blog hosting service if they were very heavy-handed in censoring what the bloggers write.

For example the terms of service spell it out pretty well.

5. PRIVACY POLICY ... It is Pyra's policy to respect the privacy of Members. Therefore, Pyra will not disclose to any third party Member's name or contact information. Pyra will also not monitor, edit, or disclose the contents of a Member's information unless required to do so by law or in the good faith belief that such action is necessary to: (1) conform to the edicts of the law or comply with legal process served on Pyra; (2) protect and defend the rights or property of Pyra; or (3) act under exigent circumstances to protect the personal safety of BTS members or the public; (4) fix or debug problems with the Blogger software/service.

... 6b. CONTENT RESPONSIBILITY Member acknowledges and agrees that Pyra neither endorses the contents of any Member communications nor assumes responsibility for any threatening, libelous, obscene, harassing or offensive material contained therein, any infringement of third party intellectual property rights arising therefrom or any crime facilitated thereby.

... 12. MEMBER CONDUCT ... (2) not to use the Service for illegal purposes; ... Member agrees not to transmit through the Service any unlawful, harassing, libelous, abusive, threatening, or harmful material of any kind or nature. Member further agrees not to transmit any material that encourages conduct that could constitute a criminal offense, give rise to civil liability or otherwise violate any applicable local, state, national or international law or regulation. Attempts to gain unauthorized access to other computer systems are prohibited.


The way I read the policy, the intent is to portray as a soapbox from which people can write pretty much what they want within some reasonably loose bounds of acceptibility. However one of the restrictions is against posting libelous or abusive material, so if were to adhere to their publicly claimed policies then they would cancel blogs which are deemed libelous or abusive. What's the problem, then?

Not that one really needs to launch a blog. It's trivially easy to set up a blog with, but it's only slightly harder to do so with a regular web hosting company.

That is, suppose someone dearly wanted to be posting abusively libelous material. Suppose were hardline about terminating accounts of people who post abusively libelous material? How would that someone go about posting their abusively libelous material? Simple ... they go to any of the dozens of web hosting companies, get an account, install blog software, and they're online with a blog.

Why should the hosting company be held liable for the actions of one of their customers?

Let's take a physical world example. Say a drug dealer was renting a storefront as a cover for their drug dealing operation. Is the building owner responsible? No. When the police capture the drug dealer, would the building owner also be accused of any crime? No.

That's the kind of arrangement we have going on here. Hosting companies are operating a kind of rental operation, where they run computers and offer people the space to store their web sites. Why should the hosting company be held liable for what their customers are doing? Yet, that's what the Forbes article suggests, that the hosting company should be liable.

Plamegate: Scooter Libby indicted, and resigns

I won't go over the whole Plame affair again. Suffice it to say that a serious law was broken by Bush Administration officials when her identity was revealed. The purpose of it was to cover up the serious lack of credibility to the Iraq war, and by way of doing that coverup they decided to try and destroy Joe Wilson's life and credibility.

Cheney's top aide quits after indictment Lewis Libby indicted on 5 counts (Friday, October 28, 2005; Posted: 2:08 p.m. EDT (18:08 GMT) CNN.COM)

Libby was indicted on one count of obstruction of justice, two counts of perjury and two counts of making false statements, court documents show.

The indictments were not directly related to the actual leak of CIA operative Valerie Plame's name.

Libby discussed Plame's identity in the summer of 2003 with reporters after her husband, diplomat Joseph Wilson, wrote a highly critical op-ed column in The New York Times that challenged intelligence used as a rationale for the U.S.-led war in Iraq.

Descriptions of those conversations by reporters say Wilson discussed Plame's identity, in part, to cast doubt in the reporters' mind about Wilson's account and criticized the CIA, the indictment alleged.

Prosecutors indictment and statement and media advisory

Rove not indicted, still under investigation (Friday, October 28, 2005; Posted: 11:43 a.m. EDT (15:43 GMT) CNN.COM)

Libby is quiet force who helped shape Iraq policy (Friday, October 28, 2005; Posted: 9:04 a.m. EDT (13:04 GMT) CNN.COM)

Cheney aide resigns over CIA leak (BBC)

Will the Bush administration implode? And if it does, will it take us down with it? (By Tom Engelhardt, Salon.COM)

The indictment: Libby lied to investigators and to the grand jury (Salon.COM war room)

Novak's source? Still a mystery (Salon.COM war room)

Libby indicted on charges of lying in Plame case (Salon.COM war room)

Thursday, October 27, 2005

Security concerns with corporate IM use

This isn't a blogging issue, but it's still interesting enough a question. What are the security implications of using "instant messaging" for corporate use?

There's a meta-question which ties it to blogging ... there's a range of technology being developed on the Internet but is being transitioned to corporate use. When it's out in the public it may have one set of expectations ... e.g. instant messaging is about people cruising for sex partners ... or blogging is about people writing diaries of their observations and experiences. But what's really happened is some capabilities were embedded in software, and those capabilities can be used for other (job-related) activities.

For example ... here's an interesting use of instant messaging: The idea is that software development is a collaborative joint activity. So why not build a chatroom into the IDE environment? And if you're going to build a software developer oriented chatroom, why not make it deal properly with source code?

Anyway, back to security of corporate instant messaging ...

In my job we (the whole company) were just exposed to corporate training concerning protecting confidential information. Clearly corporations have confidential information that provides a competitive edge. Protecting that edge is important.

So, how might instant messaging be used in a corporate setting?

What if ... first, everybody in the team would be keeping an IM client on their computer desktop all day long. Anybody with a question might pop it out to the others in the team. Anybody with a hairball brainstormy idea might pop it out to others in the team. Anybody wanting to unload frustration over the meeting they just left might ... er ... well, maybe they wouldn't pop that out to their team. Anyway, you get the idea.

The thing is, those uses are going to frequently involve corporate-confidential information. And, additionally chat transcripts could become very important pieces of documentation, and should be preserved somewhere.

But, given that corporate instant messaging use is going to involve company-confidential information, whose instant messaging server are you going to use? And is there a chance that your instant messaging conversations will be tapped by outsiders? Company-confidential information is supposed to remain confidential, which means considering the security of the communication lines you use for discussions.

e.g. It may be real convenient to use existing instant messaging services (e.g. MSN, Yahoo, AOL, etc) and everybody just gets the appropriate client program. But can you trust the confidentiality of those services? Is the communication protocol secure and untappable? Or by using the existing service, would you be revealing your secrets for anybody who knows where to look?

Hence it would be sensible for the company to install its own instant messaging server. At least the server is controlled by the company, and might not leak information to eavesdroppers. That is, assuming the server itself is secure, and assuming that the communications between client and server are untappable.

U.S. to require RFID chips in passports

"They" really are planning to implant chips in everything so that "they" can track our every move. "They" will know where we go, what we buy, etc, and who knows how they'll control us through this knowledge.

This unfortunately is slowly becoming reality.

The current step is about improving the reliability of passports through using biometric and RFID technologies. Clearly it is important for passports to reliably identify that the person holding the passport is indeed the person identified by that passport. And no matter how much effort you put into making the passport hard to construct, it's really just a book, with some writing and a picture, and they can be faked.

Rules for RFID chips in US passports (By OUT-LAW.COM, Published on Thursday 27th October 2005 08:46 GMT) from here:

The article claims the U.S. State Department has sent out some new rules saying that after October 2006 all newly issued passports will contain an RFID chip to which biometric information can be added "later".

Unfortunately the article doesn't link to the rules announcement. A scan of the State Department website turned up the document at the end of this posting.

Doubts over biometric passports (By Jane Wakefield, BBC News technology reporter, October 27, 2005)

This article discusses statements by Barry Kefauver of the International Civil Aviation Organisation (ICAO) that biometric additions to the passports will not be enough. If that's as far as the system went, then the biometrics in the chip could be forged as well. Instead the data has to be crosschecked with an official database.

ICAO, New Technologies Working Group, REQUEST FOR INFORMATION

The International Civil Aviation Organization (ICAO) New Technologies Working Group (NTWG) continues its work in the development of standards for use by Member States to facilitate automated identity verification and document authentication. In addition, the NTWG seeks to advise ICAO on technology issues related to the issuance and use of machine-readable travel documents. As a result, NTWG issues a Request for Information (RFI) every three years in order to keep abreast of new and improving technologies.

Notice: Information regarding new technologies is now sought for consideration for use in and with machine-readable passports, visas and card-based travel documents. The technologies sought fall into the following categories.

BiometricsFacial, finger and iris biometric technologies and new concepts that may be used in the travel document issuance process or to link travel documents to their rightful owners
Data Storage MediaData storage media that can be utilized in conjunction with biometric and machine verification technologies and concepts.
E-CommerceTurnkey electronic on-line systems that may be applied to secure internet based passport and visa application processes.
RF TechnologiesThe application of radio frequency technologies in travel documents.
Self-Service FacilitationTechnologies and processes that are suitable for automated self-identification at international borders and/or entitlement facilities that will enable either unattended border crossing or program enrolment (Kiosk).
Travel Document PrintersSecure printers that are suitable for operation in both a low and high transaction volume environment with limited technical support. Cost is a critical factor.
Travel Document ReadersTravel Document readers that enable the full data page to be read and specific information and images to be captured, displayed and transmitted. Machine verification concepts and devices that may facilitate automated document authentication. Readers that are able of simultaneous verification of the data page and chip data.
Travel Document Security ConceptsDocument security concepts, which either at the point of document personalization or at the point of document manufacture, may be used to protect on-board data from alteration or simulation.

Information is sought for consideration of use in machine-readable passports, visas and card-based travel documents. The technologies sought for consideration are those for use in the assessment of applicant eligibility and document production. Additionally, those technologies that link documents to document bearers, provide reliable authentication of genuine documents, and that will facilitate the secure and reliable transit of travelers through international border control points and can facilitate the movement of passengers through airports, seaports and other international transportation facilities.

Relevant information gathered during the RFI process will be summarized and shared among the ICAO Member States. This information may be considered by ICAO for use in establishing international standards and for use by ICAO Member States in their border control, passenger processing and travel facilitation systems.

Proposals will be reviewed for several qualitative and quantitative factors dependent on the technologies submitted, but will generally be assessed against dynamics such as:

  • accuracy;
  • associated costs for the technology;
  • compatibility with current document personalization or reading systems;
  • consistency of measurement;
  • durability;
  • false accept and false reject rates
  • intrinsic safeguards and protection against technological compromise;
  • intrusiveness;
  • public acceptability;
  • reliability and stability over time;
  • security provided by the concept;
  • simplicity and ease of incorporation and detection;
  • speed of measurement;
  • type and required size of on-board storage medium; as well as,
  • uniqueness.

Interested parties must present their technologies in the context of ICAO Document 9303, which prescribes international format and on-board data standards for machine-readable passports, visas, and other official machine-readable travel documents. Interested parties should recognize that it is the intention of ICAO to consider all technologies that may be applied on a global basis by the ICAO Member States. Thus, in the application of these technologies, global interoperability at borders, global acceptance by citizens of Member States, conduciveness to open international standards and multiple sources of supply, and affordability by all Member States will be particularly considered.

Written response to the RFI must be provided by November 20, 2004 to -R. Michael Holly, RFI Coordinator, ICAO New Technologies Working Group, c/o U.S., Department of State, 2100 Pennsylvania Ave, NW, Washington, DC 20524, USA (Phone 202-663-2472). Supporting information and descriptive literature may be provided as part of the response. However, a succinctly written information summary paper is required for all responses. The purpose of the summary paper is to help facilitate the compilation of summary information on each technology into a summary report that can be provided to each ICAO Member State. The format and simple instructions for completion of the summary paper can be downloaded via the Internet at the following address: TBD.html.

Following receipt of summary sheets and descriptive literature and information, firms may be invited to make oral presentations to the New Technologies Working Group and representatives of ICAO Member States. Oral presentations are planned for May 23-27, 2005, in Geneva, Switzerland.

Interested parties are advised that ICAO is under no obligation to designate any standard or take any further action with any party as a result of this Request for Information. Summary sheets supplied in response to the RFI will be made available to Member States. Accompanying information and descriptive literature may be made available to Member States. With the exception of the summary sheets, any other information that is considered non-disclosable to all ICAO Member States should be identified as such. Non-disclosable information will be retained exclusively for the use of the Members of the ICAO New Technology Working Group.

Request for copies of ICAO standards documents (ICAO Document 9303, Parts 1 to 3) should be directed to

This Request for Information is placed by the U.S. Department of State in furtherance of its participation in ICAO, a United Nations international organization. The United States Government and its employees accept no responsibility for the actions or undertakings of ICAO, ICAO participants, or ICAO staff.



Interested parties must present their technologies in the context of ICAO Document 9303, which prescribes international format and on-board data standards for machine-readable passports, visas, and other official machine-readable travel documents.

The requested summary paper must be submitted with all responses to the Request for Information (RFI). A separate summary paper should be submitted with each technology concept introduced. Summary papers will be included in a comprehensive Summary Report and will be presented to the ICAO Member States. The Summary Report may be categorized by the following categories.

  • Biometrics
  • Data storage media
  • E-Commerce
  • RF technologies
  • Self-service facilitation
  • Travel document printers
  • Travel document readers
  • Travel document security concepts


The summary paper is not a marketing tool. It is an information tool that will be used by the ICAO New Technologies Working Group (NTWG) in their quest for considering standards for new technologies with possible application to machine-readable travel documents, and to familiarize ICAO Member States with the new technologies in a summary form.

The information on the summary paper should be accurate, succinct, complete and descriptive of the technology being introduced. The summary paper reflects how interested parties would like their technology presented in summary form to the NTWG and the ICAO Member States. It should highlight all information, which interested parties would like to convey to ICAO.

Categories and Requirements:


Requirement: Facial, finger and iris biometric technologies and new concepts that may be used in the travel document issuance process or to link travel documents to their rightful owners.

ICAO Member States have a variety of methodologies and requirements for the submission of travel document applications. This ranges from personal appearance at an acceptance facility or issuing authority to mail in applications with the expectation of Internet based applications being accepted in the short to medium term. Additionally, Member States have a wide range of travel document record database sizes and storage media. Issuing authorities may check each new applicant biometric with all existing applicant biometrics (one to many) and or check each renewal against the existing biometric held for that applicant (one to one). For successful implementation in an issuance environment, the biometric technologies and systems will need to demonstrate the following key attributes:

  • Biometric enrollment and subsequent renewal in person (live capture)
  • Biometric enrollment and subsequent renewal via a variety of media (mail and Internet)
  • Ability to accurately and rapidly undertake 1 to 1 and 1 to many verifications and searches in biometric databases containing up to 100 million records.
  • Ability to match biometric records for individuals over time.
  • Ability to use image data currently stored in legacy systems.

ICAO Member states may use biometric systems in a self-service environment at their ports of entry. For successful implementation in a border control environment, the biometric technologies and systems will need to demonstrate the following key attributes:

  • Ability to rapidly and accurately collect stored biometric data from a travel document and verify it with that of the holder.
  • Ability to rapidly and accurately capture a biometric from the data-page of a travel document and encode it to enable immediate and automated verification with the holder.
  • Ability to rapidly and accurately undertake a 1 to 1 and 1 to few verifications and searches in biometric databases.
  • Ability to match biometric records for individuals over time.

Data Storage Media

Requirement: Data storage media that can be utilized in conjunction with biometric and machine verification technologies and concepts.

Border Authorities have a strong desire for contactless mode of operation and high capacity data storage. A common electronic storage medium is necessary to enable States to conduct border deployment in a cohesive manner. Non-proprietary technology is required. Flexibility is required. ICAO/NTWG continues with its strong support and efforts to make the storage medium for globally interoperable biometrics a contactless IC chip that is a minimum size of 32 Kilobytes and in ISO 14443 Type A or B compliance. Additionally, information is sought on other storage media in order to assess their relative benefits.


Requirement: Turnkey electronic on-line systems that may be applied to secure Internet based passport and visa application processes.

Vendors are invited to propose applications or solutions they have developed which would readily support the implementation of Internet based E-Commerce or E-government style travel document issuance channels. Issues relating to privacy and the ability to satisfy stringent identity authentication requirements are critical to the successful implementation of on line travel document application and issuance systems. Such solutions would be expected to include the following functionality:

  • Secure online customer or citizen application for a variety of travel documents.
  • Secure receipt of required bio data, most typically but not exclusively photo and signature.
  • Secure business-to-business style ability to merge data from a variety of sources to assist in validating applications including payment functionality.
  • Ability to support customer-centric reporting on processing status without agency intervention.
  • Ability of solution proposed to enable electronic sharing of validated data to facilitate travel movements.

RF Technologies

Requirements: The application of radio frequency technologies in travel documents.

ICAO/NTWG is seeking radio frequency identification technologies that enable broad-based application growth. ICAO/NTWG is seeking RFID equipment that can be used interchangeably with equipment from different manufactures. The amount of data storage to be communicated should not be less than 32K. The data should be protected against unauthorized access by appropriate encryption, microprocessor, or other means. Any item of data stored should be accessible within 10 seconds. The transponder may interface with the document either by physical contact or separated from the document by a distance of 10 centimeters. In addition, ICAO/NTWG seeks information on other specific approaches to RF solutions.

Self-Service Facilitation

Requirements: Technologies and processes that are suitable for automated self-identification at international borders and/or entitlement facilities that will enable either unattended border crossing or program enrolment (Kiosk).

Systems and technologies that enable border control agencies to reduce personnel costs for lower risk high volume transactions through the use of automation in accomplishing secure unassisted clearance processing at international ports of entry/or departure. These systems may be used for unassisted enrolment in travel document application or issuance processes. Key attributes of these systems are:

  • Simplicity of uses for applicants and travelers.
  • Rapid transaction processing.
  • Secure systems that facilitate the link between the document and holder or application and applicant.
  • Secure systems that facilitate the link between the holder or applicant to existing database records.

Submissions should detail connectivity with existing infrastructure, explain methods by which enrolment can be accomplished with or without assistance and explore costs and impact of system deployment in various live environments. Where available, performance data from previous or existing system test should be included for the purpose of detailed evaluation.

Travel document printers

Requirements: Secure printers that are suitable for operation in both a low and high transaction volume environment with limited technical support. Cost is a critical factor.

Secure machine-readable travel documents personalization systems suitable for operation at high volume locations and at remote issuance sites where transactions may be as low as 100 per annum and where technology support may be very limited. The systems should:

  • Apply high quality digital images and text to the travel document.
  • Be user friendly and require minimal low-cost maintenance.
  • Be able to print to the end page and inside data pages of the travel document.
  • Incorporate effective security features (overt, device–assist and forensic).

It is highly desirable that the printers:

  • Have integrated systems that will allow for the seamless writing of data to travel document data storage devices (i.e. contact-less IC's) during personalization processes.

Submissions should include details of the test procedures and results used to prove the performance of the system.

Travel document readers

Requirements: Travel Document readers that enable the full data page to be read and specific information and images to be captured, displayed and transmitted. Machine verification concepts and devices that may facilitate automated document authentication. Readers that are capable of simultaneous verification of the data page and chip data.

Travel document readers are used in both the issuance and border control environments. During the issuance processes, readers are most commonly utilized as a quality assurance tool. In addition to ensure that the machine readable zone printed in OCR B accurately reflects the bio-data recorded on the document and in issuance databases and that it is appropriately positioned on the document, the full page readers should have the ability to:

  • Read, display and verify physical features including the holder's image, overt and covert security features as well as the data stored in the travel documents storage media.
  • Read, display and verify data held in a variety of storage media on the travel document bio-data page.
  • Read, display and verify electronic security features embedded in the travel document bio-data page.
  • Analyze, display and record reading results in a quality assurance function.
  • Portability while retaining full functionality.
  • Ability to read, capture and interface with software to facilitate the transmission of selected data elements from the physical features and storage media of travel document.
  • Initialization of readers in < 2 seconds.
  • Retrieval of data from chip in < 5 seconds for 32k of data.
  • Recycle time: < 3 seconds.
  • Polling/Interaction response < 3 seconds from placement of chip on reader.
  • Position independence: Document should not have to be adjusted on reader.
  • Must read within 2 cm from reader surface wherever passport is placed. (Includes thickness of passport even when placed upside down on reader).
  • Must have power-on light.
  • Buffer size will be appropriate for retrieval of large amounts of data.
  • Must accommodate full range of power levels stated in ISO 14443.
  • Must auto detect chip type (A or B) and go.
  • Must have USB connection.
  • Read rate is minimum of 424 kbs.
  • Must support anti-collision to prevent reading of chips other passports.
  • Read Binary: must support reading entire data group in one step.

Travel document security concepts

Requirements: Document security concepts, which either at the point of document personalization or at the point of document manufacture, may be used to protect on-board data from alteration or simulation. Security feature and machine verification concepts that facilitate automated document authentication.

Embedded security features that will, through the application of an appropriate technologies and/or hardware solutions, verify the authenticity of the travel documents when presented by travelers at various points throughout an international journey. These security features may be of a visible physical nature and/or electronically embedded in the document. Ideally security features should not only verify the authenticity of the actual travel document but also protect bio-data elements such as the holder's portrait so that there is confidence that these key elements have not been altered after the document has been issued.

Submissions should provide in reasonable detail a description of how the system can be implemented in a range of applications, including government enrolment schemes, airline check-in operations and assisted or unassisted border clearance processes. Submissions relating to electronically embedded security features must also describe the intended method and cost (if any) of distribution of software to border control agencies, and/or airline check-in operations that will insure that these security features embedded by issuance agencies can be widely and routinely verified.

Method of Submission:

The summary paper for each technology should be submitted in electronic form. Electronic copies should be submitted in Microsoft Word or compatible versions. PDF format is acceptable. Interested parties should use Times New Roman or compatible print font (12 point) in order to make all summary papers easy to read and similar in appearance for compilation into the Summary Report. Additional information, e.g. brochures must also be submitted in electronic form to ensure easy transmission to an international review panel of government representatives.

Each summary paper should be limited to no more than three (3) pages.

Summary papers must follow the format prescribed in the attachment following this instruction, identified as “Summary Paper Format

Tuesday, October 25, 2005

Plamegate appears to be wrapping up

Recap - in July 2003 former Ambassador Joe Wilson published an op-ed piece discussing information he found on a trip to the Niger river delta. He'd been sent by the CIA to investigate one of the claims the Bush Administration used to justify the war in Iraq, that Iraq had been secretly buying uranium ore. He found the claim was false and had told the administration this, but they continued to use that claim as part of the evidence to support the war. He finally, once the war was underway, revealed what he had learned.

It might have remained one of the little blips that those of us who yearn for the truth would remember, and record in a list of Bush Administration misdeeds. But one thing happened to sidetrack that revelation to something else.

Someone leaked to several journalists the identity of Wilson's wife, revealing that she is a CIA agent, and attempting to undermine Wilson's story by claiming that his wife arranged the trip as a special boondoggle. In other words, this is one of the times the administration didn't like what someone said in public, and went to extreme ends to bash them and try to destroy them. But in this case the method, revealing the identity of his wife, led to an illegal act. See, his wife is (or was) an undercover secret operative, and disclosing the identity of a secret agent is a huge crime.

Ever since an independant investigator, Fitzgerald, has been looking into the matter. And it appears the investigation is nearing the stage of filing indictments.

The question has been, who did the leak? Well, it seems from the information that's leaked from the investigation the actual culprit was either I. Lewis Libby (Cheney's chief of staff) or Karl Rove (Bush's chief advisor). But does it stop there?

e.g. Cheney told Libby about CIA officer, lawyers report (By David Johnston, Richard W. Stevenson and Douglas Jehl The New York Times, TUESDAY, OCTOBER 25, 2005, seen on

White House sidesteps questions about Cheney NYT: Vice President told top aide CIA officer's identity (Tuesday, October 25, 2005; Posted: 11:32 a.m. EDT (15:32 GMT), CNN.COM)

This report details how Scooter Libby learned of Valerie Plame's identity. Cheney told him.

Clearly both would have the proper security clearances to allow them to know such matters.

What's of interest in this story is a picky little detail. Namely, Libby had told one story, under oath, to the Grand Jury, but his notes revealed a different story. His testimony did not reveal a meeting with Cheney where Cheney told him about Wilson's wife, but instead claimed that Libby learned of that from journalists.

Corporate blogs as advertising?

Corporate and character blogging (Posted Sep 29, 2005, 6:03 PM ET by Chris Thilk), Blogvertising or Adverblogging? (

The main claim is this: "What the writer does is get right to the heart of the matter, in that no matter what form they might take, how formal or informal they might be, a blog that is produced by a company has is still at it's core a form of advertising. All that's different is the format of the ad."

To which I say: Baloney

It depends on how the corporation approaches blogging and what's done with it.

Clearly in some cases the advertising department might take ahold of blogging, and use it as a marketing/advertising vehicle. And clearly they're going to flub it because they don't understand the medium.

But, for example, consider the Adsense Blog where the staff that runs adsense posts helpful hints and ideas from time to time. If that's advertising it's highly buried.

A primo example is where Sun let the geeks loose to write "whatever they want" (within reason).

Monday, October 24, 2005

Electronic Frontier Foundation (EFF) blogging information resource

EFF: Fighting for Bloggers' Rights (

If you're a blogger, this website is for you.

EFF's goal is to give you a basic roadmap to the legal issues you may confront as a blogger, to let you know you have rights, and to encourage you to blog freely with the knowledge that your legitimate speech is protected.

To that end, we have created the Legal Guide for Bloggers, a collection of blogger-specific FAQs addressing everything from fair use to defamation law to workplace whistle-blowing.

Should your company have a corporate blogging policy?

Corporations are seemingly driven by the policy statement. The policy statement lays out certain behaviors and expectations by the corporation of its employees. I suppose they might serve the same role as "laws" in governments.

So, we've entered the brave new world. The latest gift (?boondoggle?) the technological wizards have brought us is the "Blog" (web log).

While blogs are nothing more than websites organized in a specific fashion, they are catching on like crazy. They enable people to more easily publish websites, plus blogs have a built in community-forming system where people can connect blog postings to other blog postings. This has been wonderful to watch, and lowers the barrier to entry of individual people becoming providers of Internet content, rather than just passive destinations to which content is delivered.

'Corporate blogging policy? What blogging policy?' UK bosses keeping staff in the dark about blog behaviour (By Jo Best,, Published: Monday 26 September 2005)

The article has its perspective based in the UK, but probably applies to anywhere. Blogging is such a new thing that most corporate bosses might not have caught on. The question is, do corporate bosses really need to care?

I think this question depends on the content of the blogging. And, that the question also is not far removed from other already existing policies governing writings and speach by employees.

There's already a tradition that employees typically do not disclose certain corporate information such as product details, price lists, discussion of defects. That is, unless they're specifically blessed by the corporate bosses to do so. That should apply to nearly any blog written by an employee, just as it would apply to any other employee speech.

At issue is the corporations limitation on what is otherwise peoples right to freedom of speech.

In practice it's a little fuzzy when and where corporations can or should limit their employees blogging. For example if the blog postings are unrelated to the employees work or the companies products, then the corporation should have no control over what the employee writes. But this is just like an employee who writes books in their spare time.

Similarly there's a distinction based on where the blog is posted. If it's posted on a company owned web site, then the employee is effectively speaking on company property as an employee of the company. In such a case one could say the employee is speaking for the company, and anything the employee says can be interpreted as a statement by the company. Hence blogs on a company web site would be under control of the corporate blogging policy.

'How to blog about your boss and not get sacked' New guide aims to turn bloggers into P45 dodgers (By Jo Best,, Published: Monday 11 April 2005) ... short article referring to the EFF guide: How to Blog Safely (About Work or Anything Else) (Published April 6, 2005, Updated May 31, 2005,

Blocking employee access to blogs at the corporate firewall

Corporations generally are blocking access by their employees to parts of the Internet. And it's not just corporations, but libraries, schools, and parents. There's several reasons, for example parents wanting to prevent their children from seeing horrific or sexualized websites.

No Longer Safe for Work: Blogs (October 24, 2005, Christopher Null, Wired News)

The article talks about a lot more than blogging. A great concern by corporations is leakage of "confidential" information, as well as virus or phishing attacks on employees. I know from my job environment, virus's can cause us a lot of employee time to fight the virus infection (rather than get work done) and it would be a huge black eye if our product shipped with a virus infection.

But, the corporate firewalls in some cases are now filtering any "blog" from being read by employees. Not every corporation is doing this, but enough are to cause the above article to be written. Supposedly blogs are time-wasting activities, and the corporation wants their people to focus on the job. But... I ask... What if the employee needs, as part of their job, to find information on the internet, and what if that information is on a blog?

There's nothing special about blogs that make them distinct from other web sites. Blogs can hold useful information just as easily as they can hold time-wasting drivel.

e.g. What if the corporation in question has servers made by Sun Microsystems? It's well known that Sun has a blog site that's full of postings containing useful information about Sun's products. An employee of such a corporation would clearly need their employees to access, yes?

Corporate Fascism is ruling America?

A couple years ago when I started this site, I was thinking to myself "what do these different political labels mean", one of which is the term "Fascism". You hear it thrown around, so-and-so gets called a Fascist, and of course you have Hitler's and Mussolini's regimes as the primo examples of Fascism. Since Fascism equates to death camps, we can't have Fascism exist anywhere, can we?

That's kind of the idea, but there's little concrete definition available of what this term means. Hence my earlier article What is Fascism, and where is it now? took information from a very informative book review to try to derive a meaning to this word. In that article I concluded it's a political style emphasizing domination by the goverment of the people, seeking simply to control everything. In other words, its an exercise in overbearing power.

Another example of "Fascism" in action is demonstrated in The Plot: The Secret Story of The Protocols of the Elders of Zion. The Protocols is a book full of faked up charges against Judaism first written in Russia during the Czarist days. It is the source of peoples claims for a great Jewish conspiracy to control everything. It was later used to great effect by Hitlers regime to sell the German population on the dangers the Jews presented to the world. The Plot exposes the propoganda and the conspiracy to distribute this book, and how its been widely distributed to many countries around the world even though it's been exposed numerous times as a complete travesty.

But, we think, that's not what is happening in America. We don't have goon squads patrolling the streets beating up anybody that walks funny, do we?

I think the answer gets back to the question of the definition "Fascism".

For example: Harper's Magazine: We Now Live in a Fascist State (Date: Tue, 11 Oct 2005 13:34:38 -0700) This is a speech given by Lewis H. Lapham, editor of Harpers Magazine, in which he says that America is already, and has been for a long time, a Fascist state. It's just that the Fascism isn't by the government, but by the corporations.

First he points out how the word has been stolen from its original meaning, and instead redirected to mean "evil acts" such as genocide.

The bulk of the article talks of how the corporations strive to control everything. Employees of corporations are expected to walk and talk the corporate line. If what you say, do, believe, etc falls outside some bound of corporate acceptableness, then you'll get fired. What keeps people in line is the way that so many things are tied to having a job. Ones identity, livelihood, reason for being, health insurance, retirement, etc, is all tied up with whether one has a job or not. The corporation cannot stand the free thinker.


Sunday, October 23, 2005

Er... What's this about threatening Syria?

I've covered this before. The Neocon Cabal planned as least as far back at 1997 to reshape the Middle East, starting with toppling Iraq, and then moving on to either Iran or Syria.

There's been an ongoing nuclear standoff between the U.S., Europe and Iran for over a year. Iran is supposedly working to build breeder nuclear reactors, one of the side effects of this being weapons-grade plutonium. Europe has been acting to reach a negotiated settlement, but the Bush Administration is playing hardball and repeatedly threatening Iran. So it's been clear Iran was the chosen target of the next domino to fall.


Bush's tipping point with Syria (Christian Science Monitor, October 24, 2005)

This details moves that can only be interpreted as putting heat on Syria. Okay, so which of the two is it? Because clearly the Neocon's have remained in power, and they're about to con us into another war.

The US wants the UN Security Council to hold Syria "accountable" for its role in killing a top Lebanese leader.

Okay, a couple months ago a Lebanese leader was assassinated, and Syria has been fingered as the culprit. And, as the article goes on to say, some of the forces fighting the U.S. occupation of Iraq are based in Syria.

A UN report last week implicated high-level Syrian officials in the bombing of former Lebanese Prime Minister Rafik Hariri on Feb. 14. The report found the assassination "could not have ... [occurred] without the approval of top-ranked security officials and could not have been further organized without the collusion of their counterparts in the Lebanese security services."

The Security Council meets Tuesday to discuss what action to take. For the Bush administration, the options are difficult.

The US is militarily exhausted by Iraq and Afghanistan, and can hardly pick a fight with Syria's president, Bashar Assad. Nor can it politically afford right now to further erode America's international reputation by operating outside the UN Security Council.

The assassination closely followed Syria's withrawal from Lebanon after occupying the country for 20 years. Clearly Syria might have wanted to attempt to regain/maintain some control over the country, even as they are not actively occupying the country.

And, yes, the options are difficult. Despite the Iraq war being highly illegal, it has drained the country's will to fight, and totally drained away Bush's approval rating.

Monday, October 17, 2005

The FBI is tracking those dangerous color laser printers

A couple years ago I had a brilliant money-making thought. Literally. What if I were to scan a dollar bill, and then print it on my color printer? Would a change machine accept it? Fortunately the thought of spending 20 years in the pokey for attempting such an experiment kept me from following through.

Around the same time I saw some news articles discussing the same problem. Seems that some people had been doing exactly what I outlined above. Though, they must have found some higher throughput way of making money this way. Another thing that kept me from actually trying this was the low earnings rate ... see, the place you'd want to go is a laundromat, and the biggest bill you could foist upon those change machines is $20. At $20 per visit to the laundromat you're not making money at a very high rate. So the risk/reward ratio is low.

In any case at around that time there was a couple related news items. One is that the Feds reached an agreement with the makers of Photoshop and other graphics software to detect images of money, and just show up blackness. Presumably this was meant to foil counterfeiters playing with printers and scanners, but it would also foil legitimate artists making works that include monetary images. Sigh.

The other item was that the slashdot crowd noticed the Feds were also working with printer makers to have the printer makers insert codings in printed output that would let the Feds track the printers.

That is, if a printer were to output some data encoded in the dots being printed ... well ... you could identify the printer used to print the document. This is like the old adage of police detectives trying hundreds of typewriters to identify which one was used to type a kidnapping ransom note. But it's obviously fast-forwarded into the modern age.

Secret Code in Color Printers Lets Government Track You (Electronic Frontier Foundation)

The EFF has researched this and broken the coding. Details are at the page listed above.

Sunday, October 16, 2005

Iraq voting on its constitution

I haven't been writing about the Middle East and the Iraq War for awhile. I've been too busy with other things, but the news I see from there is still telling me there's a horrendous situation.

This weekend Iraq is voting on the Constitution that is hoped to establish the moderate democracy the neocons wanted to install there. Leading up to the vote has been a lot of bloodshed, violence, rancor, etc.

Iraq's constitution seems headed for passage (Associated Press, in the International Herald Tribune, October 16, 2005)

Rice optimistic about Iraq referendum Five U.S. soldiers killed in roadside bombing (Sunday, October 16, 2005; CNN.COM)

Monday, October 10, 2005

This is difficult to defend

The context is this - we're in the middle of a war in Iraq and Afghanistan. This is the never-ending-war the conspiracy theorists warned us was coming. The legality, legitimacy or sensibility of this war is not the issue though. Instead the issue is a man who operated a web site offering porno pictures for free in exchange for pictures of dead or mutilated or tortured Iraqi or Afghani people. He was exchanging these pictures with the troops in the field.

Porn and gore man arrested GI Jane man collared for 'obscenity' (By John Oates, Published Monday 10th October 2005, The Register)

GI Janes in Iraq DIY smutfest Warzone porn and gore online (By Thomas C Greene in Washington, Published Monday 26th September 2005, The Register)

US Army probes nude GI Janes Porn is one thing, but corpses... (By Lester Haines, Published Wednesday 28th September 2005, The Register)

And he has now been arrested on obscenity charges. The web site used for the above exchange now carries this message:

America isn't easy. America is advanced citizenship. You've gotta want it bad, cause it's gonna put up a fight. It's gonna say, "You want free speech? Let's see you acknowledge a man whose words make your blood boil, who's standing center stage and advocating at the top of his lungs that which you would spend a lifetime opposing at the top of yours." You want to claim this land as the land of the free? Then the symbol of your country cannot just be a flag. The symbol also has to be one of its citizens exercising his right to burn that flag in protest. Now show me that, defend that, celebrate that in your classrooms. Then you can stand up and sing about the land of the free.

Along with contact URL's for a legal defense fund.

The writer of that statement is right, I'm appalled by someone wanting to collect such things. At the same time I recognize the right to free speech. However, there is more going on here than the exchange of speech and ideas. By offering something desirable in exchange for brutal photographs, isn't he encouraging the troops to commit atrocities?

Perhaps it's fitting he's offering porn images in exchange for atrocity images. Porn is, after all, an atrocity performed upon the beauty of sexual union.

The deeper principle here I see is ... it's not a crime to think about such atrocities. What is a crime is to encourage others to commit them.

Wednesday, October 5, 2005

A possible push for e-voting audit trails

In the push for simpler to use voting systems, that use current technology, we've (the U.S.) have embraced touch screen voting in a big way. Sure, it's a big advance over using paper cards, a technology developed and perfected in the 1930's.

E-voting report could push audit trails (Published: October 4, 2005, By Declan McCullagh, Staff Writer, CNET

Last month a study headed by President Carter and former Secretary of State Baker was unveiled. In their recommendations was one to give national identification cards to everybody, presumably to give higher faith in the accuracy of one-vote-per-person.

However this current article goes into one of the lesser publicized recommendations. To insert "voter-verified audit trails" into the system.

The article doesn't go into what those audit trails might be. Of course it's a political, not a technical, recommendation.

My technical recommendation is for the touch screen machine to print a paper ballot. The touch screen machine would have zero long term storage, and not be connected to any tallying computer. Instead the paper ballot is what's counted. The printed ballot could be easy to scan with a computer, all one has to do is use a known font and locations on the page. This would make the system just as convenient as a purely electronic and computerized voting system, but with the added assurance to the voter that their vote is what they meant, plus its easily recountable in case of questions.

However, one concern remains even with such a scannable paper ballot. What of security holes in the computers used to tally the votes?

This was demonstrated during the 2004 elections. One hole is that the Deibold machines have modems in them, and the modems might well be unsecured allowing "anybody" to log into the computer remotely. Barring physical access is the first barrier to creating a secure system, but the Deibold tallying machines don't provide that barrier because of the modem. The next level of the problem is that the Windows-based software Diebold implemented itself is not secure. For example there would be known passwords used to log into the computer. Secondly, once someone is logged in they can easily modify the underlying data files without using the vote tallying software at all. Hence, even if Diebold did a good job of making their application software secure, it doesn't matter because someone with access to the computer (e.g. by calling the modem) can fiddle with the data file directly.

This points to another political requirement that's needed. That a thorough security audit be done by computer security professionals.

I'll note that security audits are easier when the voting system uses open source software. With a closed source system like Diebolds, the proprietary nature of the software business prevents outside experts from doing an adequate review. The details would be hidden in unrevealed software, and if you can't see the details then how can you adequately review them?

Monday, October 3, 2005

Who controls the net?

There's been an ongoing hue and cry over the control of the domain name system (DNS). The DNS is what turns a name like or into the underlying addressing your computer uses to reach the computer. Humans are better at remembering names than numbers (aside: why do we still use telephone numbers after all this time?) so the DNS increases the user friendliness of the Internet.

The hue and cry seems to hover around who "controls" the Internet. I guess the idea is that if someone controls the names by which computers (hence web sites) are known by, then they have some control over the network. And a case in point is the ".xxx" top-level domain name, which was approved by the Internet governance body, but the Bush administration has been blocking because they don't want to be seen as approving a red-light district. Hurm.

Here's a case in point: Power grab could split the Net (By Declan McCullagh, CNET News, Published: October 3, 2005, Will the U.N. run the Internet? By Declan McCullagh, CNET News, Published: July 11, 2005, U.S. to retain control of Internet domain names By Declan McCullagh, Staff Writer, CNET, Published: June 30, 2005)

In my opinion he's doing journalistic grandstanding, overplaying the issue.

The article concerns

At a meeting in Geneva last week, the Bush administration objected to the idea of the United Nations running the top-level servers that direct traffic to the master databases of all domain names.

Apparently the ITU and United Nations are offering to take over governance of the domain name system. But the U.S. is balking, for some reason. (??Why??) As the article points out later, what would happen is to transfer control of the "root" servers from their current governance to the United Nations.

This deserves a little explanation. The "root" domain name servers are the ones which define the top-level domain names. In the top level domain names you have ".gov", ".com", ".org", ".edu" as several of the three-letter top level domain names, and there are newer top level domain names such as ".name" and ".info" plus all the two-letter country-specific domain names such as ".ws", ".tv", ".uk" or ".yu". Yes, ".tv" means Tuvalu not Television.

It is through the U.S. control of the root domain servers that the U.S. is unilaterally blocking the creation of the ".xxx" top level domain name. You can thank our prudish leaders for this moment of brilliance. (Bush administration objects to .xxx domains By Declan McCullagh, Staff Writer, CNET, Published: August 15, 2005)

The work in question has been controlled by the Internet Corporation for Assigned Names and Numbers (ICANN

What is ICANN?

The Internet Corporation for Assigned Names and Numbers (ICANN) is an internationally organized, non-profit corporation that has responsibility for Internet Protocol (IP) address space allocation, protocol identifier assignment, generic (gTLD) and country code (ccTLD) Top-Level Domain name system management, and root server system management functions. These services were originally performed under U.S. Government contract by the Internet Assigned Numbers Authority (IANA) and other entities. ICANN now performs the IANA function.

As a private-public partnership, ICANN is dedicated to preserving the operational stability of the Internet; to promoting competition; to achieving broad representation of global Internet communities; and to developing policy appropriate to its mission through bottom-up, consensus-based processes.

Earlier in this posting I described Declan McCullagh's article as grandstanding. He's trying to say this will "split" the Internet. The picture he's painting is one of the U.S. retaining control over the domain name system root servers via keeping ICANN in its position (but I note in one of his articles, the U.S. administration wants to keep ICANN on a "short leash"). At the same time it's clear the U.N. will move ahead with creating its own root servers. Which, in the picture being painted, means the fracturing of the Internet.

Hmm... not quite.

First, it would be foolish of the U.N. to ignore the existing root servers. Hence, the U.N. root servers would contain the content of the existing ICANN root servers, plus extra entries as the U.N. agency decides to create new top level domain names. Not a problem. There are several existing unofficial top level domain names that are privately run between cooperating server administrators, so technically there's little trouble with this. What would happen is outside the U.S. certain top-level domain names would be known which at the same time would go unrecognized by the U.S. and other countries that follow the U.S. lead.

Second, the ICANN does more than control the top level domain names. They also control assignment of the IP address space. The IP addresses are the underlying numeric addressing I referred to earlier. If a second body, e.g. the U.N., were to try and assign IP addresses then there would be clear possibilities of conflict as the U.N. body might well assign some IP addresses that the ICANN also assigns.

The chance of chaos depends on what the U.N. decides to do. But does having control over the domain name system constitute control over the Internet? As in this article title: "Will the U.N. run the Internet?"? Depends on what you mean by "control". There's so many aspects to the Internet. For example, the actual system is telecommunications wiring systems controlled by telecom companies around the world. Several Internet backbone providers exist who run the network on a daily basis. They will retain control over their businesses and the telecommunication channels they control, and the transfer of ICANN functions from U.S. to U.N. control would not change that fact.

Another aspect is the communication protocols through which Internet traffic is sent. Those protocols operate over the physical Internet wiring. They are defined through International committees meeting under control of the Internet Engineering Task Force (IETF) in a process that has operated perfectly well for over 30 years. Control of the IETF process is not discussed in the articles, and I don't think this is being proposed for transfer to the U.N. The IETF process defines the protocols, and then equipment makers from around the world build gadgets that implement those protocols.

Between the physical wiring and the telecommunications protocols and equipment, there's a lot of "control of the Internet" that is outside the purview of the ICANN and IANA activities under discussion.

I wonder if the potential transfer is a good idea. I have often wondered whether it's a good idea for the U.S. to have such a dominant role in the operation of the Internet. Why, for example, are the three-letter toplevel domain names primarily for U.S. use? For example, the ".gov" or ".edu" domain names are largely used for U.S. government or educational institutions. Why is that? And, for that matter, why are U.S. federal, state or city governments using ".gov" rather than a country-specific domain name?

I remember in the 1980's when all this was new, the concept floating among the designers of the domain name system is the coolness factor of having the domain name disconnected from physical location. For example you could have "" refer to any computer in the world, and to the geeks designing the system that seemed like a great idea. Heck, I thought it was a great idea at the time.

But thinking back on this I wonder just how good an idea it is in practice. A city government for example controls a specific piece of land, and is very location dependant. Why would a city government need a location-independant domain name? Most Universities have the same issue, in that they are governed by state or city governments and generally don't have operations outside their geographic areas. Hence, why should ".gov" or ".edu" exist? Why shouldn't they all be under their country specific domain names?

Another objection discussed in the "Will the U.N. run the Internet?" article is the SPAM issue. Some of the country representatives are quoted complaining how the current "control" of the Internet is doing little to control SPAM, like this statement from Syria: "There's more and more spam every day. Who are the victims? Developing and least-developed countries, too. There is no serious intention to stop this spam by those who are the transporters of the spam, because they benefit...The only solution is for us to buy equipment from the countries which send this spam in order to deal with spam. However, this, we believe, is not acceptable."

The research I've seen about the source countries for sending SPAM is that it's largely coming from China. Yet the equipment is usually designed by U.S. companies.

The vague logic aside, SPAM is allowed free reign because of problems with the protocols. It's got little to do with the control over the top level domain names. Well, unless there's something I don't know about in the decision making over the domain name system (this is not an issue I've followed closely).