Hacking=Terrorism on DOJ Wish List

By Charles King

During testimony on September 25, 2001 before the House Judiciary Committee, U.S. Attorney General John Ashcroft outlined and advocated quick passage of the Mobilization Against Terrorism Act (MATA). After studying the bill, a number of legislators from both political parties expressed reservations with elements of the legislation that they feared could curtail basic constitutional rights. Those concerns were echoed by technology-focused organizations, which pointed out that the Federal terrorism offenses included in the MATA, which typically refer to acts such as assassination, bombing and homicide, included language taken from the Computer Fraud and Abuse Act. If the legislation, which already has the support of the White House, passes without alteration, breaking into a protected computer to obtain information of value, to inflict damage or sabotage, or to release a malicious program such as a virus would be considered terrorist acts. Hackers, if convicted, could face life in prison without parole and samples of their DNA would be included in a national database of dangerous felons. Additionally, those suspected of hacking or peripherally aiding hackers could have personal property seized under RICO provisions included in the bill.

While we believe that the terrorist attacks of September 11, 2001 require an appropriate and measured response, we share the concerns of those legislators who expressed reservations with the MATA. In part, we believe that the sweeping nature of the bill, especially as regards computer crime, betrays the government’s thorough and ongoing bafflement with technology. While acting out of fear or anxiety may be perfectly understandable under the extreme circumstances of the past two weeks, proposing laws that lump the prankish exploits of pimply-faced geeks in with the concerted, criminal efforts of psychopathic fanatics is a sad mistake that carries too many opportunities for gross injustice. At the same time, we offer scant support to hackers and their advocates. The notion that hacking provides valuable information about the weaknesses of supposedly secure systems is not entirely without merit, but the juvenile arrogance that is so much a part of the hacker mystique makes sympathy for the group a tough sell. The common argument that hackers’ activities are little more than online joyriding pales to an ineffectual squeak when compared to the real world losses of time and intellectual capital caused by malicious programs such as the W32.Nimda worm.

Since the events of September 11, we have read and heard myriad comments that things will never be the same. In some very real ways, this assessment appears to be true. Sometimes, in some small towns, “borrowing” a car for a quick summer joyride might earn boyish miscreants a slap on the wrist from an understanding cop. Using the same car to rob a convenience store or packing the trunk with home-made explosives for a quick trip to the local Federal building deserve and receive different sorts of responses. Elements of the MATA suggest that some people in positions of great authority have forgotten or decided to ignore the difference between essentially innocent and malevolent acts. If the MATA is signed into law as originally proposed, hackers who regard their efforts as a child’s game would be wise to reconsider the adult stakes before resuming play. The world, both online and off, is a new place.

A National ID Database? Ellison Says “Yes!”

By Jim Balderston

Oracle CEO Larry Ellison announced his support for a national ID system and offered to donate the software for this project. Ellison’s proposal would require Americans to be fingerprinted and photographed, allowing airport officials to identify passengers as they board aircraft. The airport security officials would use the database on which the information is stored. Ellison said information on the cards would be digitized. Ellison brushed aside privacy and civil liberties concerns by noting in the televised interview in which he made this proposal that “this privacy you’re concerned with is largely an illusion.” A number of public polls indicate that Americans are now more open to the idea of a national identification card than they were before the terrorist attacks on September 11.

While we are not going to wade into the issues raised by civil libertarians concerning privacy, we think there are a number of issues to be discussed concerning Mr. Ellison’s proposal. While certainly the first round of database software will be free, we wonder if Oracle and Ellison will offer a free lifetime subscription for upgrades and patches. We suspect that will not be the case. However, larger issues loom. Such a database would need to have a number of characteristics that make such an undertaking much more than simply installing a database and dropping data into it. A database of this sort, no doubt, would be a likely target for terrorist attack, either physically or electronically. It would have to be substantially protected from both threats. Such a defense, we believe, would require a widely distributed database, with redundancy and failover capabilities that would protect it from collapse in the face of an attack. Furthermore, this database would be required to provide verification of identity at all times. An interruption in service could quite easily paralyze the nation’s air travel system as effectively as an attack on the air traffic control system. The requirement for absolute reliability would also argue for a distributed, redundant system. While we take a wait-and-see approach to Ellison’s offer, we believe that any consideration of such a database will have to take into account the daunting challenges we have outlined above.

Sun Launches Starcat, Acquires Critical Path Re-hosting Apps, Targets IBM

By Charles King

On September 25, 2001 Sun Microsystems introduced the Sun Fire 15K (aka Starcat), a new UNIX server that replaces Sun’s Enterprise (E) 10000 server at the high end of the company’s product list. The Starcat offers enterprise-focused capabilities including scaling up to 106 processors in a single cabinet, up to 576GB of memory, eighteen I/O ports for networking and storage connectivity, support of up to 4PB (petabytes) of disk storage, 100% redundancy and hot swappable components. Prices for Starcat systems begin at $1.4 million. According to Sun, the Starcat offers “mainframe-like” availability and security features, providing users a UNIX alternative to mainframe products like IBM’s zSeries eServer and Compaq’s Himalaya. To further enhance this element of the Starcat announcement, Sun also announced the acquisition of Critical Path’s mainframe re-hosting software as an asset purchase transaction. According to Sun, the applications will allow IT organizations to run mainframe transaction processing and batch applications on Sun’s UNIX servers without rewriting their mainframes CICS code. No financial details of the deal were provided.

While this rollout qualifies both literally and figuratively as Sun’s biggest product introduction of the year, the announcement betrays elements of a disassociative disorder that may have made Eve or Janus more appropriate product brands than Starcat. To avoid confusion, we will begin with Starcat’s obvious UNIX traits before considering its other personality. Starcat is a big, honking high-end UNIX box containing all the usual Sun bells and whistles. With 106-processor scalability, it qualifies as the biggest current player on the block, though most business users are unlikely to require more than 72 processors. The Starcat also sports typical Sun features such as hardware partitioning and hot-swapping. In other words, Starcat appears to be a worthy successor to Sun’s 64 processor E 10000 server, and is likely to prove popular among Sun server devotees.

The other face of Starcat’s split personality is found in both the text and subtext of the announcement, where IBM appears eleven times, largely in reference to Starcat’s “mainframe-like” capabilities but also in denigrating references to IBM’s upcoming high-end UNIX server, “Regatta.” While considering Sun’s claims that Starcat offers mainframe users a clear, simple migration path to UNIX products, the first question that leaps to mind is, “Who is supposed to care?” From where we stand, it is unlikely that users who have serious financial and personnel commitments to IBM or Compaq mainframe products will risk years of investment on Sun’s passionate PR spiel. Acquiring Critical Path’s Trans, Batch and Path3270 re-hosting products (all elements of CP’s larger Injoin Meta-Directory) may offer the company a debating point for enterprise customers that are currently running both Sun and mainframe environments, but we imagine few others will be enticed. Indeed, the overt enmity toward IBM that appears in the Starcat announcements reflects elemental changes at the high-end of the server market. Where Sun once reigned alone and supreme, it is now being battered by strong UNIX product offerings from IBM, Compaq and HP. In all, though Starcat will likely offer Sun customers the robust performance they have come to expect, we believe that the company’s orchestrated happy face and inane Solaris uber alles patter qualifies as little more than a highly publicized whistle past the graveyard.

Compaq Announces “Access On Demand” Evo Products/Service Packages

By Charles King

Compaq announced a new suite of Evo business products as part of its Access On Demand business service packages. The new machines include the Evo Desktop D300 and D500, with respective base prices of $499 and $719. The Evo Notebook N400c is an ultra-portable laptop, while the N600c is slightly larger and more robust. Both have base prices of $1,999. All four machines can be ordered in pre-set or custom configurations. Compaq’s Access On Demand program shifts PC infrastructure cost from a capital expenditure to a monthly price-per-seat expense based on a three-year agreement. Access On Demand solutions include the defined hardware, basic installation and warranty, help desk assistance, technology updates, asset reporting and program management. Compaq offers two basic Access On Demand packages including either the Evo Desktop D500 and D500 SFF (small form factor) for $99 per month, and two pre-packaged solutions with either the Evo Notebook N400c or N600c that cost $169 per month.

Over the past year or so, hardware vendors have begun talking up the notion of providing computing as a service akin to the utilities such as water, electricity and telephone that virtually every American home subscribes to. Given the continually falling price points of computing hardware, the notion makes particular financial sense, but solving the logistics of such solutions for enterprises has proved difficult. Enter Compaq with its new Access On Demand packages, which leverage the company’s considerable PC muscle along with affordable monthly payment plans that could be especially tempting for companies needing to upgrade but constrained by current economic conditions. Do these Access On Demand packages offer Compaq’s clients and competitors any food for thought? Absolutely. On one level they qualify as a classic razor and razor blade marketing model, only Compaq Evo desktop and laptop computers play the role of the razor and Access On Demand services play the blades. In the case of the Evo Desktop D500 package, this model allows Compaq to leverage roughly $1,000 (retail) worth of hardware into nearly $3,600. It may seem like an especially sweet deal for Compaq, but users benefit as well, exchanging sizeable capital outlays for payments spread over three years, and getting installation, update and management assistance thrown into the bargain. By leveraging its strengths and know-how, Compaq has created an attractive marketing strategy that both its customers and competitors will likely find compelling.

SBC Offers to Buy Out the Remainder of Prodigy Shares

By Clay Ryder

SBC Communications Inc., which currently owns an effective 42% stake in Prodigy, last Friday announced a tender offer for the balance of all outstanding shares of Prodigy’s common stock. The offer is priced at $5.45 per share, which represents a premium over the current market price. SBC indicated it would move forward with the offer as soon as possible, probably during the first week of October.

How times change. Let’s try to resurrect the memory of the online marketplace of ten years ago. It consisted largely of 2400-baud dial-up access to a number of small, mostly proprietary services representing a few hundred thousand users. One of those early providers was Prodigy, which was, perhaps ironically, also one of the first providers that permitted that exchange of email with the fledging Internet or NSFNet. Over the next few years, as the commercial Internet grew, a new class of communications company also appeared, i.e., the ISP or OSP. With this brave new world, many believed that ultimately these providers would bring down the RBOCs and traditional carriers with free IP phone calls and unlimited access to data and information. Given the inept behavior of the phone companies with respect to provisioning their own Internet access packages, some became smitten with the vision of the telcos being related to dinosaur status in the new area of the Internet where the ISPs reigned supreme.

OK, back to the present. The massive Internet build-out of the late 1990s produced quite a different reality. ISPs consolidated rapidly in part due to extreme infrastructure costs; many CLECs bore a similar fate; and the ILECs consolidated into a smaller set of companies, who along the way happened to purchase various ISPs, sometimes at fire sale prices. Given the immense upfront cost of building out connectivity, provisioning connectivity and acquiring customers with a historically high churn rate, only large scale providers could ultimately make a buck in this market, and those large scale companies just so happened to be the aforementioned dinosaurs. As AOL became the dominant non-Internet-based service provider, smaller online providers either consolidated or went under. With this tender offer, we have witnessed what will likely be the final passing of one of the early online players — which is just another opportunity to realize that what is often assumed in the heat of the moment to be an inevitable market-changing reality may only turn out to be a blip in the long run of the marketplace.

The Sageza Group, Inc.

900 Veterans Blvd, Suite 500
Redwood City, CA 94063-1743
650·366·0700 fax 650·649·2302
Europe (London) 44·020·7900·2819

sageza.com
info@sageza.com