bwhitedesign.com

Wheatley told me the service refines its selections based on your actions. When you first start using the system the content you see is largely based on what other users have clicked on, but over time, the impact of other users’ actions on what you see diminishes, and Ensembli’s own pattern matching correlates what you click on to all the feeds it is monitoring to show you a better, more personal selection of stories.

Ensembli tracks RSS content by topic, not feed. The concept works.

The RSS reader Ensembli is not a product for me, says CEO Michael Wheatley. It’s certainly not a product for RSS junkies like Robert Scoble. People who use RSS feeds professionally, to stay on top of news and spot emerging issues they may not have been aware of, need feed readers that show them everything that happens in the news sources they know about. (Personally, I use Netvibes as a dashboard.) What Ensembli does is track the topics you tell it you’re interested in. It then watches what you click on and fetches stories based both on those implied interests and what you’ve said you want to see.

(Credit:
Screenshot by Rafe Needleman / CNET)

Wheatley is pitching to the Demo 09 audience tomorrow. Also at Demo 09: Evri.

I’ve heard this concept before, but Ensembli’s interface makes the difference. It’s really simple, and I believe it could be a useful site for a person who’s just looking to see what’s new in a field they care a bit about.

I like the user interface and I like the concept. I’m a little less thrilled with the content itself so far. Initial results for some keywords I entered didn’t include content sources I was expecting, and as TechCrunch notes, Ensembli is lacking a feed from Twitter.

But the target market, right now, probably doesn’t care. I would be comfortable recommending this service to someone new to the RSS concept, or to anyone who just wants to monitor blogs and news sites for issues they have a passing, and not professional, interest in.

The Linux Desktop team explained:

The company’s desktop software unit on Wednesday released an update on its plans, saying it will focus its efforts on specific markets but not face off against Microsoft in the consumer market.

An explanation: as a public, for-profit company, Red Hat must create products and technologies with an eye on the bottom line, and with desktops, this is much harder to do than with servers. The desktop market suffers from having one dominant vendor, and some people still perceive that today’s Linux desktops simply don’t provide a practical alternative.

A product called Red Hat Global Desktop that is targeted specifically at resellers, which focus on emerging markets, has been delayed for almost a year because of business issues. The company hopes to release it “soon,” according to its corporate blog.

Red Hat likes Linux on the desktop, but it also likes making money.

Instead, Red Hat is focusing on desktop software that works with its server products aimed at businesses and developers.

The company announced at the Black Hat security conference on Thursday that it is formalizing its program of informing third-party software vendors of security problems with products that run on top of Windows.

Earlier in the week, Microsoft said it would be giving third-party vendors a sneak peek at the technical details of the vulnerabilities in Microsoft software before the company releases its monthly “Patch Tuesday” updates. The company also announced it would help companies prioritize the vulnerabilities in its updates.

Vista is more secure than XP and has fewer infections, he said. In addition, there are an increasing number of third-party exploits, and fewer browser-based exploits than in third-party software, he added.

“We’ve seen the threat environment change,” said Andrew Cushman, who runs the Microsoft Security Response Center.

“Microsoft is in a unique position to help in that dimension,” he said. “We bring a little different gravitas to the table. I think we can actually change the dynamic around responsible disclosure.”

The issue of responsible disclosure is constantly being debated, with vendors often arguing that researchers are too quick to go public when they find a vulnerability and researchers countering that if they didn’t go public the vendors would drag their heels on fixing the problem.

Click here for full coverage of Black Hat 2008.

LAS VEGAS–Microsoft is jumping into the responsible disclosure game.

The MSRC already reports vulnerabilities to other companies, but now it is asking for recognition in finding the vulnerability. Microsoft will not post advisories on any of the third-party security issues it finds, like it does with vulnerabilities found in its own software, Cushman said.

Here, Mary Amlund, the head of wardrobe, and her team of 12, put constant attention into making sure that the 67 performers in La Nouba always have perfect costumes.

Here is where most of the rigging is controlled, and this was Phillips’ domain. All around us were various pulley and counterweight systems, and not a lot of automation. But that’s not a problem for pulling off a great show, Phillips insisted.

We started talking about the visit I took last summer to Ka and how I was told at the time that one of the biggest challenges facing the Vegas shows is the steady increase in the amount of interference that makes it hard for that show’s crew to communicate by wireless headsets.

“Sometimes low tech is the best stuff,” he said, pointing out a chandelier hanging down from below the grid as an example. He said that a rigger takes the chandelier off its hook and drops it down into the theater. It is backed up by a bungie so it has a slow, smooth motion when it goes down.

On the second day of my Road Trip 2008 through the South, I spent most of the morning on a behind-the-scenes tour of the La Nouba theater. For a Cirque junkie like me, this was a treat, even though it was the fifth Cirque show I’ve gotten such a tour of.

La Nouba has just 32 crew members, while shows like Ka require more than 150.

Of course, this is not the latest gear available to the theater industry, but pretty much the stuff La Nouba has been using since it opened. But according to Rob Pooley, head of operations for the show, that’s no big deal.

ORLANDO, Fla.–If you’ve seen the Cirque du Soleil Las Vegas shows Ka, Love or O, you’ve probably been led to expect that every one of the company’s performances is full of wonderful technical achievements.

Operations production manager Robert Shuck explains the show’s power track trampoline act. He said that unlike a previous form of trampoline flooring used in another Cirque show, power track provides more bounce for performers.

(Credit:
Daniel Terdiman/CNET News.com)

(Credit:
Daniel Terdiman/CNET News.com)

“Everything went to hell,” Shuck said. “We (now have to) run wired headsets until the manufacturers” figure out a solution.

But then again, even the circus needs office workers.

In the costume room, staff members work from early in the morning until late at night making, mending, and inspecting the performers’ costumes. Here, red outfits hang on a rack.

But to people who have worked in the company for years, like Ramsey, the low-key, small-crew nature of La Nouba is preferable to the highly structured huge and expensive shows the Cirque is creating these days.

(Credit:
Daniel Terdiman/CNET News.com)

I had figured that was a Vegas problem, but Ramsey and Shuck explained that the same problem is creeping up in Orlando. That’s because HDTV stations are coming online nearby and crowding out the available frequency for the kinds of wireless communications the Cirque needs.

(Credit:
Daniel Terdiman/CNET News.com)

And these are no light platforms. According to Shuck, the one lift I got into requires a 14,000 pound counterweight to get its 30,000 pounds and up to 3,000 pounds of “live load,” otherwise known as performers, to rise.

Another fairly low-tech solution Phillips explained was the method he and his crew used to design one of the show’s sets, a group of flapping doors that behave a bit like birds.

Down below, on the theater’s seventh floor, is where we finally encountered the show’s high technology.

From left to right, La Nouba technical director Ken Ramsey, operations production manager Robert Shuck, and head rigger Dave Phillips.

And while we talked, some of the costume crew were hard at work, inspecting every inch of some of the outfits for tears, moving slowly and methodically as they did so.

In the 10 years since La Nouba opened, a lot has changed for Cirque du Soleil. It is now a much bigger organization; it has basically taken over Las Vegas–with five shows there already and at least two more in the works, as well as new resident shows planned for openings in Tokyo and Macao later this summer.

“This allows everyone to work a lot closer together,” Ramsey said.

Our last stop was on the main floor of the theater, and it was a place I had not gotten to see in all my previous behind-the-scenes-at-the-Cirque visits: the costume room.

We started our tour on the La Nouba stage, where I felt the presence of dozens of Olympic-caliber gymnasts all around me. The show’s operations production manager, Robert Shuck, explained that the stage has five lifts built into it, each one of which can rise out of the floor up to 16 feet.

At this point, we headed back up into the theater where the show’s trapeze artists were about to begin their twice-weekly training exercises.

A look from above at the Cirque du Soleil’s La Nouba theater at the Downtown Disney resort in Orlando, Fla. La Nouba was the Cirque’s third permanent show and the first with its own freestanding building.

And Phillips added, “It gives everyone an appreciation for what every department does.”

The truth is that it doesn’t take that much technology to make a great Cirque show, as the folks who put together La Nouba, the Cirque’s show here, explained to me Tuesday.

While many of the La Nouba sets are lowered or raised from above the stage, some come from above the theater itself.

“La Nouba is all about the artists,” said technical director Ken Ramsey, by way of explaining that I wouldn’t be seeing too much of the uber-tech behind some of the Vegas shows. “The technical side takes a very silent rest, as opposed to being the spectacle like in Ka and O.

He showed me Dynatrac, the software used to control the gear that runs the show’s many cues, and said it’s the same program he’s been using since the beginning. And, while it once took one of his engineers three eight-hour shifts to figure out how to do something that newer software used by the Ka crew could do in 30 minutes, he said there’s no need to change the system since La Nouba itself has barely changed in its ten years.

Not to focus too much on what the lifts look like when they’re above the stage, we next went down into the theater’s lower levels where the lifts live when they’re not on display.

Next up, we rode an elevator up to the theater’s top floor, the 9th, otherwise known as the “grid.”

Amlund explained that there are people in the costume room from 6:30 a.m. until about 12:30 in the morning on show days doing laundry, inspecting costumes for holes and rips, mending, and making new outfits. She said the average costume lasts about six weeks, while some last up to six months.

But that doesn’t mean La Nouba is a dud. It’s one of the most energetic Cirque shows around, and there is, in fact, plenty of tech to go around.

Finally, the tour was over, and we emerged into an office space full of cubicles. It was hard to believe that this was still Cirque du Soleil.

(Credit:
Daniel Terdiman/CNET News.com)

“We just couldn’t get the right look for it” by using technology, Phillips said. “Sometimes the best solutions are the easiest and cheapest.”

When it launched in late 1998, La Nouba was just the third permanent Cirque show, after Mystere and O. But it was the first to get its own freestanding building. Today, 10 years later, the tall white structure stands out as a signal of world-class circus theater to anyone who passes by the Downtown Disney resort here.

For a Cirque fan like me, this room was a special treat. Everywhere I looked were outfits exploding in reds and blues, gorgeous hats and much more.

It takes the crew about 15 minutes to set up the net during the training sessions. But according to head rigger Dave Phillips, the same task takes just a couple of minutes during the actual show (he attributed that to the fact that it’s not the main crew that does the setup during training). Also, it was pretty clear that there was a much more relaxed mood going on at that point than during the show.

The best part about that, other than getting to watch these incredibly gifted athletes perform without hundreds and hundreds of other people in the room, was getting to see them setting up the safety net the artists perform above. (See related video below)

He said that Cirque management demanded the look, but it was no easy task coming up with a way to do it. Finally, though, he and his team settled on a motor system that wags the doors with what he called “rotisserie action” on the end.

To prove the point, Shuck got on a walkie-talkie and asked someone to demonstrate. Seconds later, one of the lifts began to push up out of the floor, and before I knew it, it was towering over Shuck.

For its part, Facebook said later Monday that’s not the case.

(Credit:
Facebook)

Of course, some may scoff at those for whom not being able to use sites like Facebook for a short time is a big deal. But while it’s true that the world goes on even when Facebook, Twitter or MySpace are down, such maintenance work–especially when down in the middle of a weekday–can indeed be an inconvenience for people whose professional and/or social lives depend on them.

On the other hand, for such people, these outages put the focus on just how fragile our personal networks are and how much dependence many have on systems that can go down at any time.

That’s because some users of the popular social-networking site–though not all–have found themselves locked out due to some sort of Facebook-initiated downtime.

“That is the error message that occurs when someone’s database is inaccessible,” Facebook spokesperson Barry Schnitt told CNET News by email Monday afternoon, after the problems had seemingly been resolved. “This can happen for a number of reasons. Most of them are related to hardware issues. Usually it is a per-user problem (not everyone will see that at the same time, maybe just a small handful of people) and has nothing to do with the redesign.”

“Your account is temporarily unavailable due to site maintenance,” a message received by some users when they tried to log in said. “It should be available again within a few hours. We apologize for the inconvenience.”

On Monday morning, many Facebook users received this message when they tried to access the site.

Some are speculating that the outage may be due to Facebook’s recent redesign.

For some of the legions of Facebook users eager to get on the site to see what their friends have been up to, play Scrabble or look at photos, Monday morning has not been the best of times.

Update (1:18 p.m.): This story has been modified to include comment from Facebook.

Several news reports have suggested that Microsoft is also providing law enforcement with new tools to defeat BitLocker in
Windows Vista or access to a secret back door within Windows. A Microsoft spokesperson denied this, saying, “COFEE does not circumvent Windows Vista BitLocker encryption or undermine any protections in Windows through secret ‘backdoors’ or other undocumented means.” Microsoft also stressed that COFEE is still in beta.

COFEE was developed in 2006 by Ricci Ieong and Anthony Fung, both members of the High Tech Crime Investigators Associate’s (HTCIA) Asia South Pacific Chapter. Fung now works for Microsoft’s Internet Safety Enforcement team in Hong Kong and used to be on the police force there. Ieong is founder and principal consultant for eWalker Consulting.

Incident Response Collection Report (IRCR)
First Responder Evidence Disk (FRED)
Windows Forensics Toolchest (WFT)
Forensic Acquisition Utilities
Windows Forensic Toolkit
Windows Memory Forensics Toolkit
The Forensic Toolkit (Windows NT 4.0 SP3)

Microsoft's Computer Online Forensic Evidence Extractor (COFEE) is available only to law enforcement.

Although Microsoft would not confirm any specific tools included within COFEE, it did say that all the tools were publicly available. A quick search by CNET revealed several free Windows-based digital forensic tool kits available for download. These include:

COFEE consists of plain text scripts; the data collected from these scripts is routed to a provided USB drive. Although intended for use with a command line, there is also an option for GUI. Raw text captures generate either SH1 or md5 checksums. The results for an acquisition are then presented in either plain text or HTML. Each operation produces its own log file to help investigators.

COFEE is a USB drive that allows law enforcement to run more than 150 commands on a live computer system and save the results on the portable drive for later analysis. This preserves valuable information that could be lost if the computer had to be shut down and transported to a lab–files that are stored in active memory would otherwise be lost, for example.

(Credit:
Microsoft)

“The key to COFEE is not new forensic tools,” said Tim Cranton, associate general counsel for Microsoft, “but rather the creation of an easy to use, automated forensic tool at the scene. It’s the ease of use, speed, and consistency of evidence extraction that is key.”

This week, as first reported by CNET News.com, Microsoft talked publicly about COFEE, its free Computer Online Forensic Evidence Extractor. The company demonstrated the tool as part of a law enforcement conference held in Redmond.

More than 2,000 officials are using it worldwide, according to Microsoft.

With the industry doing back flips about server virtualization, it is only natural to wonder what virtualization technology can do for desktops. Plenty! With desktop virtualization, organizations can manage desktop images in the data center and employ strict security policies without touching physical devices. Enterprises should be able to cut operating costs while bolstering security to boot.

When the virtualization smoke clears, large enterprises will deploy a number of virtualization technologies best suited for different types of users. Like everything else in the IT world, desktop virtualization isn’t black and white but many shades of gray. Alas, as promising as desktop virtualization is, it is not a panacea and never will be.

No one would argue that these benefits are worth exploring, but there are a few caveats here. First off, not all desktops are good candidates for virtualization. Anyone who needs massive endpoint compute power, like engineers and designers, would not be a good candidate for desktop virtualization. Road warriors who need to work remotely are also off limits at this point. Finally, employees anchored to local or remote desktop tower computers may be better served by application virtualization (a la Citrix XenApp or Symantec AppStream) or file virtualization (a la F5 or Cisco Systems) rather than a desktop virtualization play.

The online retailer got a large leg up from its worldwide electronics and general merchandise sales, which soared 56 percent to $1.48 billion in the quarter, compared with year ago figures.

The online retailing giant expects its year-end operating income will outstrip current year-end estimates, saying it expects to raise between $740 million to $940 million in operating income. Wall Street had been expecting Amazon to do $662.3 million for the year.

Shares of Amazon, however, were down roughly 4 percent in after-hours trading to $77.77 a share.

And while analysts expect Amazon to post operating income of $125.3 million in the quarter, the company said it expects to do between $120 million to $160 million.

Amazon.com posted Wednesday stronger than expected first quarter results, in part driven by strong sales in its electronics and general merchandise categories.

And on the revenue front, Amazon expects to generate $19.1 billion to $20 billion, compared with Wall Street’s projections of $19.3 billion.

Wall Street was expecting the company to report earnings of 32 cents a share on revenues of $4.08 billion, according to Thomson Reuters.

During the first quarter, Amazon generated net income of 34 cents a share to $143 million, up 30 percent compared with the previous year. Revenues jumped 37 percent to $4.13 billion in the quarter, verses the same period a year ago.

Amazon’s global media sales rose a sharp 28 percent to $2.54 billion in the quarter, compared with last year.

The online retailing giant also issued a forecast for the current quarter and year that shows greater strength than Wall Street’s current estimates.

And in forecasting its second quarter and year-end, Amazon expects to generate greater revenues or stronger earnings than a consensus of analysts, according to Thomson Reuters, which tracks analysts projections.

“Our sales growth this quarter was driven by low prices and millions of in-stock items available for immediate shipment,” Jeff Bezos, Amazon’s chief executive, said in a statement. “We’re grateful to our customers.”

Although Wall Street expects Amazon to post revenues of $3.84 billion in the second quarter, Amazon gave guidance it expects to exceed that level - with expectations of generating between approximately $3.88 billion to $4.1 billion.

Cablevision sees the new Wi-Fi network as a way to enhance its existing broadband business and to provide customers an added incentive to purchase its bundle of high-speed Internet access along with phone service and TV programming. But it also adds wireless and mobility capabilities to the company at a time when other cable companies are forming their own wireless strategies.

Cablevision on Thursday said it has completed the first phase of its Wi-Fi network in New York and that it still plans to complete the network within two years.

Cablevision predicts that the project, which uses standard Wi-Fi equipment, will cost about $310 million.

Meanwhile, Cablevision’s phone company rivals, such as Verizon Wireless, are also integrating wireless Internet connectivity into their service bundles in an effort to compete.

The first phase of the network deployment was in parts of Nassau and Suffolk counties, including commuter rail platforms and station parking lots.

The cable company, which serves parts of New York City and its suburbs, announced its Wi-Fi offering in May. It plans to offer the service, which will provide 1.5-megabit-per-second download speeds, to its 2.4 million high-speed Internet customers at no additional charge.

The company currently doesn’t have plans to offer the service to nonsubscribers.

Comcast, Time Warner Cable, and Bright House Networks are joining chipmaker Intel, Google, Clearwire, and Sprint Nextel to build a nationwide broadband wireless network using a technology called WiMax.

More broadly, the ITU’s own constitution talks about “ensuring the secrecy of international correspondence.” And the Council of Europe’s Declaration on Freedom of Communication on the Internet adopted in 2003 says nations “should respect the will of users of the Internet not to disclose their identity,” while acknowledging law enforcement-related tracing is sometimes necessary.

A United Nations agency is quietly drafting technical standards, proposed by the Chinese government, to define methods of tracing the original source of Internet communications and potentially curbing the ability of users to remain anonymous.

A political opponent to a government publishes articles putting the government in an unfavorable light. The government, having a law against any opposition, tries to identify the source of the negative articles but the articles having been published via a proxy server, is unable to do so protecting the anonymity of the author.

Steve Bellovin

Rutkowski added in a separate message: “In public networks, the capability of knowing the source of traffic has been built into protocols and administration since 1850! It’s widely viewed as essential for settlements, network management, and infrastructure protection purposes. The motivations are the same here. The OSI Internet protocols (IPv5) had the capabilities built-in. The ARPA Internet left them out because the infrastructure was a private DOD infrastructure.”

•  An early ITU proposal from RAD Data Communications in Israel said: “Traceability means that all future networks should enable source trace-back, while accountability signifies the responsibility of account providers to demand some reasonable form of identification before granting access to network resources (similar to what banks do before opening a bank accounts).”

It’s unclear what happens next. For one thing, the traceback proposal isn’t scheduled to be finished until 2009, and one industry source stressed that not all members of Q6/17 are in favor of it. The five “editors” are: NSA’s Richard Brackney; Tian Huirong from China’s telecommunications ministry; Korea’s Youm Heung-Youl; Cisco’s Gregg Schudel; and Craig Schultz, who works for a Japan-based network security provider. (In keeping with the NSA’s penchant for secrecy, Brackney was the lone ITU participant in a 2006 working group who failed to provide biographical information.)

•  An ITU network security meeting a few years ago concluded that anonymity should not be permitted. The summary said: “Anonymity was considered as an important problem on the Internet (may lead to criminality). Privacy is required but we should make sure that it is provided by pseudonymity rather than anonymity.”

Another participant is Tony Rutkowski, Verisign’s vice president for regulatory affairs and longtime ITU attendee, who wrote a three-page summary for IP traceback and a related concept called “International Caller-ID Capability.”

(Credit:
Declan McCullagh/mccullagh.org)

The U.S. National Security Agency is also participating in the “IP Traceback” drafting group, named Q6/17, which is meeting next week in Geneva to work on the traceback proposal. Members of Q6/17 have declined to release key documents, and meetings are closed to the public.

Another technologist, Jacob Appelbaum, one of the developers of the Tor anonymity system, also was alarmed. “The technical nature of this ‘feature’ is such a beast that it cannot and will not see the light of day on the Internet,” Appelbaum said. “If such a system was deployed, it would be heavily abused by precisely those people that it would supposedly trace. No blackhat would ever be caught by this.”

China’s proposal obtained by CNET News says “to ensure traceability, essential information of the originator should be logged.”

The official charter of the ITU’s Q6/17 group says that it will work “in collaboration” with the IETF and the U.S. Computer Emergency Response Team Coordination Center, which could provide a path toward widespread adoption — especially if national governments end up embracing the idea.

Jacob Appelbaum

U.N. “IP traceback” documents

In response to a question about the eventual result, Schultz, one of the editors, replied: “The long answer is, as you can probably imagine, this subject can get a little ‘tense.’ The main issue is the protection of privacy as well as not having to rely on ‘policy’ as part of a process. A secondary issue is feasibility and cost versus benefit.” He said a final recommendation is at least a year off.

Leaked requirements document says governments may need “to
identify the source of the negative articles” posted by political adversaries.

If network providers and the IETF adopted IP traceback on their own, perhaps on the grounds that security justifications outweighed the harm to privacy and anonymity, that would be one thing.

Korean presentation says standards bodies should be “required to develop standards or guidelines” to facilitate unmasking users.

•  A presentation in July from Korea’s Heung-youl Youm said that groups such as the IETF should be “required to develop standards or guidelines” that could “facilitate tracing the source of an attacker including IP-level traceback, application-level traceback, user-level traceback.” Another Korean proposal — which has not been made public — says all Internet providers “should have procedures to assist in the lawful traceback of security incidents.”

But in the United States, a formal legal requirement to adopt IP traceback would run up against the First Amendment. A series of court cases, including the 1995 decision in McIntyre v. Ohio Elections Commission, provides a powerful shield protecting the right to remain anonymous. In that case, the majority ruled: “Under our Constitution, anonymous pamphleteering is not a pernicious, fraudulent practice, but an honorable tradition of advocacy and of dissent. Anonymity is a shield from the tyranny of the majority.”

A second, apparently leaked ITU document offers surveillance and monitoring justifications that seem well-suited to repressive regimes:

The Chinese author of the document, Huirong Tian, did not respond to repeated interview requests. Neither did Jiayong Chen of China’s state-owned ZTE Corporation, the vice chairman of the Q6/17’s parent group who suggested in an April 2007 meeting that it address IP traceback.

Multinational push to curb anonymous speech

By itself, of course, the U.N. has no power to impose Internet standards on anyone. But U.N. and ITU officials have been lobbying for more influence over the way the Internet is managed, most prominently through the World Summit on the Information Society in Tunisia and a followup series of meetings.

“When NSA takes the lead on standard-setting, you have to ask yourself how much is about security and how much is about surveillance,” said the Electronic Privacy Information Center’s Rotenberg. “You would think (the ITU) would be a little more sensitive to spying on Internet users with the cooperation of the NSA and the Chinese government.”

Patrick Bomgardner, the NSA’s chief of public and media affairs, told CNET News on Thursday that “we have no information to provide on this issue.” He would not say why the NSA was participating in the process (and whether it was trying to fulfill its intelligence-gathering mission or its other role of advancing information security).

Adding to speculation about where the U.N. agency is heading are indications that some members would like to curb Internet anonymity more broadly:

(Credit:
Declan McCullagh/mccullagh.org)

“What’s distressing is that it doesn’t appear that there’s been any real consideration of how this type of capability could be misused,” said Marc Rotenberg, director of the Electronic Privacy Information Center in Washington, D.C. “That’s really a human rights concern.”

Verisign executive’s summary summarizes presentation saying protocols must have “a strong traceback capability, and establishing traceback considerations in developing any new standards.”

The potential for eroding Internet users’ right to remain anonymous, which is protected by law in the United States and recognized in international law by groups such as the Council of Europe, has alarmed some technologists and privacy advocates. Also affected may be services such as the Tor anonymizing network.

Toby Johnson, a communications officer with the ITU’s Telecommunication Standardization Bureau in Geneva, also refused to discuss Q6/17. “It may be difficult for experts to comment on what state deliberations are in for fear of prejudicing the outcome,” he said in an e-mail message on Thursday.

Bellovin said in a blog post this week that “institutionalizing a means for governments to quash their opposition is in direct contravention” of the U.N.’s own Universal Declaration of Human Rights. He said that traceback is no longer that useful a concept, on the grounds that few attacks use spoofed addresses, there are too many sources in a DDoS attack to be useful, and the source computer inevitably would prove to be hacked into anyway.

But implementation details are important, and governments participating in the process — organized by the International Telecommunication Union, a U.N. agency — may have their own agendas. A document submitted by China this spring and obtained by CNET News said the “IP traceback mechanism is required to be adapted to various network environments, such as different addressing (IPv4 and IPv6), different access methods (wire and wireless) and different access technologies (ADSL, cable, Ethernet) and etc.” It adds: “To ensure traceability, essential information of the originator should be logged.”

Nearly everyone agrees that there are, at least in some circumstances, legitimate security reasons to uncover the source of Internet communications. The most common justification for tracebacks is to counter distributed denial of service, or DDoS, attacks.

In a series of e-mail messages, Rutkowski defended the creation of the IP traceback “work item” at a meeting in April, and disputed the legitimacy of the document posted by Bellovin. “The political motivation text was not part of any known ITU-T proposal and certainly not the one which I helped facilitate,” he wrote.

That document was provided to Steve Bellovin, a well-known Columbia University computer scientist, Internet Engineering Steering Group member, and Internet Engineering Task Force participant who wrote a traceback proposal eight years ago. Bellovin says he received the ITU document as part of a ZIP file from someone he knows and trusts, and subsequently confirmed its authenticity through a second source. (An ITU representative disputed its authenticity but refused to make public the Q6/17 documents, including a ZIP file describing traceback requirements posted on the agency’s password-protected Web site.)

Because the Internet Protocol was not designed to be traceable, it’s possible to spoof addresses — both for legitimate reasons, such as sharing a single address on a home network, and for malicious ones as well. In the early part of the decade, a flurry of academic research focused on ways to perform IP tracebacks, perhaps by embedding origin information in Internet communications, or Bellovin’s suggestion of occasionally automatically forwarding those data in a separate message.

When asked about the impact on Internet anonymity, Johnson replied: “I am not fully acquainted with this topic and therefore not qualified to provide an answer.” He said that he expects that any final ITU standard would comport with the U.N.’s Universal Declaration of Human Rights.