Clips 1/17/02

[Lillie Coney <lillie.coney@xxxxxxx>]

$20 billion more sought for terror war, future 
By Rowan Scarborough
THE WASHINGTON TIMES
January 17, 2002
Washington Times
The Pentagon wants an emergency infusion of nearly $20 billion to continue
fighting the war on terrorism and to make a down payment on weapons systems
that the Afghanistan campaign has shown will be needed in future wars. 
The White House, however, does not want to exceed a $10 billion cap for the
second supplemental budget to fight terrorists, defense officials say.
President Bush is expected to submit the emergency bill to Congress in late
February. He may issue a veto threat if lawmakers attempt to pad spending with
home-state projects.

The proposals would be in addition to the emergency appropriations bill of $40
billion approved by Congress shortly after the September 11 attacks. The
Pentagon received half that amount to wage war in Afghanistan and conduct
preliminary operations in other parts of the world.
 The second defense emergency bill will come in the same month that Mr. Bush
presents his first five-year defense budget, beginning with fiscal year 2003,
which starts Oct. 1. The president is expected to ask for an increase of about
$20 billion over this year's arms spending of $329 billion.
The 2003 budget, which the Pentagon submitted to the White House budget office
two weeks ago, is remarkable for what it does not cut, defense sources say.
Mr.
Bush campaigned for president on an issue of transforming the military. He
suggested now was the time to scrap some weapons systems in development in
favor of more futuristic ones.
But sources say the five-year plan does not, at this point, cancel any major
weapon. Two major tactical programs  the Air Force F-22 Raptor stealth fighter
and the tri-service Joint Strike Fighter (JSF)  are funded at full levels.
Officials say the military's uniformed leaders have made persuasive arguments
that an aging fleet of Air Force and Navy fighters needs to be replaced by
more
advanced, radar-evading aircraft.
The impending emergency funding bill will reflect "lessons learned" from the
Afghanistan campaign for fighting future fronts in the open-ended war on
terrorism. The Pentagon believes it needs around $6 billion to improve
intelligence collection through several classified programs. It wants more
than
$3 billion for command and control equipment to better communicate down and up
the chain of command, as well as nearly $2 billion to rebuild inventories of
precision-guided munitions (PGMs). 

Munitions such as the satellite-guided Joint Direct Attack Munition (JDAM) and
laser-guided bomb kits were used in large numbers in Afghanistan.

The Pentagon is buying more JDAMs with the first emergency spending bill. 

The second bill would purchase conventional air-launched cruise missiles, the
Joint Stand-Off Weapon, Tomahawk cruise missiles and other systems.

Defense officials said the next emergency bill and the five-year budget will
reflect some key lessons from Afghanistan:

?Land forces at sea. The United States lacked multipurpose basing rights in
countries bordering Afghanistan. Some Army special-operations forces were
based
on the carrier USS Kitty Hawk and had to be ferried long distances via
helicopter for insertion in Afghanistan. The Navy plans to look at fielding
more helicopter platforms for this purpose.
?Precision strike from sea. The United States needs to develop a
precision-guided gun system that can hit targets from the sea.
?Long-range strike. Mr. Bush, in outlining his defense thinking in 1999 at The
Citadel, said the military "must be able to strike from across the world with
pinpoint accuracy with long-range aircraft."

In Afghanistan, long-range heavy bombers, once thought to be relics of the
Cold
War, reasserted themselves. With no basing rights for Air Force fighters, the
service's B-52 and B-1B bombers dropped the bulk of munitions.

Plus, the development of independently targeted and dropped JDAMs meant the
bombers carried out tactical as well as strategic missions, even doing
close-air support.

Pentagon civilians argued internally that if the Air Force needed a new
long-distance bomber, it should restart the B-2 stealth bomber line as opposed
to developing a whole new plane this decade.

But Air Force Secretary James C. Roche was vehemently opposed and apparently
won the argument. There is no budget money to restart the B-2 assembly line,
officials said. Mr. Roche and Pete Aldridge, undersecretary of defense for
acquisition, are said to support development of a new high-speed bomber that
could travel 1,500 miles without refueling.

Also in the mix are more unmanned aerial vehicles that would both spy and
deliver ordnance on the enemy.
********************************
GovExec

January 16, 2002 
CEOs to volunteer with new transportation security agency 
By Jason Peckenpaugh
jpeckenpaugh@xxxxxxxxxxx 

The Transportation Department has found a new way for private sector officials
to give something back to their country: by volunteering with the
Transportation Security Administration. 

Transportation Secretary Norman Mineta announced the new volunteer program
Wednesday in a speech before the Transportation Research Board, a part of the
National Academies of Science. Under the program, private sector executives
can
spend six to nine months at the TSA advising management teams that are
building
the new agency from scratch. 

The program allows the Transportation Department to glean insights from
private
sector leaders who have wrestled with some of the same management challenges
facing the new agency. For example, an executive from Walt Disney World Co.
will provide advice on managing long lines of people, said Mineta. 

?Many first-rate firms have offered us resources to use for a number of
months,? he said. ?These senior advisors will work side-by-side with
members of
our leadership team?to help design the processes and measurements that will
comprise the work of the TSA.? 

Executives from Disney World, Intel Corp., investment firm A.T. Kearney Inc.,
Solectron Corporation, an electronics manufacturing firm, and Fluor
Corporation, an engineering firm, will constitute the first class of TSA
volunteers. They won?t be paid, but will be reimbursed for some travel and
living expenses. 

All volunteers must pass criminal background checks and resolve any potential
conflicts of interest before starting work at the new agency. TSA will not
recruit volunteers for the program but will listen to offers, said a senior
Transportation official at a briefing following Mineta?s speech. 

Mineta reiterated that the TSA would meet a Friday deadline for screening all
checked baggage at the nation?s airports. Airlines will use manual searches,
bomb-sniffing dogs, explosive-detection machines and a system that ensures all
checked luggage on a flight is matched to a passenger to meet the deadline.
Airlines must report to the Transportation Department on their use of the bag
match system, according to a senior Transportation official. 

?I think [the airlines] will be working hard to meet the new procedures,? said
the official, who added, ?There will be [airports] where it works better than
others.? 

Mineta also announced that the agency had signed a $550,000 contract with
McKinsey & Co., a consulting firm, to determine ways to screen all checked
baggage with explosive-detection machines by the end of the year, as required
under the transportation security law. 

Mineta also said that Baltimore-Washington International Airport would be used
for testing new airport security technology and training senior TSA managers. 

?I have been to BWI numerous time since Sept. 11 just to watch and learn,?
said
Mineta. ?The Federal Aviation Administration has a terrific, dedicated team
there, led by Amy Becke, who has already taught me a lot,? he said. 

***********************************
Computerworld
FBI's NIPC eyes major restructuring

By Dan Verton 
(Jan. 16, 2002) 

The FBI's National Infrastructure Protection Center (NIPC) is preparing for
what could be a radical overhaul of its structure and how it works with other
federal agencies and the private sector. 

NIPC Director Ron Dick said in an interview last week that he has been in
discussions with both the Centers for Disease Control and Prevention (CDC) and
the National Communications System (NCS) in an effort to decide which agency's
organizational model is better suited to the NIPC. He said he expects to
make a
decision in the next few months. 

"We're going to adopt one of the two because those models have been out there
for a long time," said Dick. However, he said, "We're still trying to figure
out the best method to do that and keep the private sector on a level playing
field." 

The NIPC, based at FBI headquarters, was formed in 1998 to handle threat
assessment, investigations and responses to any attacks on critical U.S.
infrastructures. 

The Atlanta-based CDC fulfills a mission similar to that of the NIPC, in that
it conducts surveillance, detection and analysis of health threats throughout
the nation, issuing warnings when necessary. The CDC is a major operating
component of the U.S. Department of Health and Human Services. It has 11
subcomponents. Each subcomponent has a different specialty, but all of them
have the mission of entering into information-sharing partnerships with
federal, state and local government agencies. 

Founded in 1962 in the aftermath of communications failures during the Cuban
missile crisis, the NCS is made up of 22 federal agencies and advises the
president on key telecommunications issues and policies. Each agency
provides a
representative to sit on a Committee of Principals. 

According to Dick, by adopting the model of either the CDC or the NCS, the
NIPC
would take a major step toward overcoming one of its key challenges: tapping
into the expertise in various aspects of critical infrastructure protection
that resides in many places throughout the government and the private sector. 
In the past, the NIPC has studied ways of acquiring direct assistance from
private-sector experts, including a provision that would allow the U.S.
Attorney General to accept what is known as a "gift of services" from a
private
company. However, the Clinton administration ruled out that option,
claiming it
would create a conflict of interest and other legal obstacles, said Dick. 

"You can't task them to do anything because they're not federal employees," he
said. 

Alan Paller, director of the SANS Institute in Bethesda, Md., said the NIPC
has
been looking at the CDC model for three years and in many ways is already
moving in that direction. 

"CDC's prevention work, such as [administering] flu shots, is especially
important, and I see a push by NIPC in that direction as well," said Paller,
referring to NIPC's mission to facilitate the distribution of vaccines to
fight
computer viruses. 

"The mature model at CDC could offer some wonderful guidelines for long-term
planning at NIPC," said Paller. 
***************************************

Bush to Restructure Antitrust Review 
By Ted Bridis
Associated Press
Thursday, January 17, 2002; Page E02 

Reversing six decades of precedent, the Bush administration is reorganizing
antitrust enforcement to make the Justice Department responsible for reviewing
all mergers involving Internet, software, telecommunications and entertainment
companies, people familiar with the plan said.

The Federal Trade Commission will have approval authority for other
industries,
such as health care, oil, natural gas, electric power, computer hardware and
biotechnology companies, the sources said, speaking on the condition of
anonymity.

The decision, expected to be announced today by antitrust officials at Justice
and the FTC, also would make the Justice Department responsible for companies
in cable, publishing, toys, games, television, radio, newspapers, movies,
advertising and music.

The change is important to corporate America because the FTC is viewed by some
experts as less susceptible to political influence. The five-member commission
is bipartisan, appointed by the president, with no more than three members
from
one party, and confirmed by the Senate.

Justice Department spokeswoman Gina Talamona would not comment on the
proposal.
A spokeswoman for the FTC did not return telephone messages late yesterday.

The reorganization is aimed at streamlining the "clearance" process under
which
regulators sometimes compete to oversee particular merger proposals.
Although each agency generally is considered to have expertise in some areas,
there are many industries where interest overlaps from Justice and the FTC.

"Agencies will permanently decide which industries each agency gets," said an
expert with knowledge of the reorganization, speaking on the condition of
anonymity. 

Some experts have complained that the existing process is inefficient and
difficult for companies because the FTC and Justice have subtly different
standards for approving deals. Companies uncertain which agency might review a
proposed merger often are unsure which standards they must meet.
***************************
Federal Computer Week
NIST drafts contingency guidance
BY Diane Frank 
Jan. 16, 2002 
The National Institute of Standards and Technology released a draft guide Jan.
15 to help agencies develop contingency plans for information technology
systems so they can continue to perform their mission during and after an
emergency.

The special publications developed by NIST's Computer Security Resource Center
are intended to provide guidance for agencies trying to comply with
congressional mandates and Office of Management and Budget requirements.

The draft "Contingency Planning Guide for Information Technology Systems" is
the latest in a series addressing some of the most prevalent security issues
facing agencies, and it is particularly relevant in the homeland security
environment.

An IT contingency plan is only part of an overall continuity of operations
plan, and the guide looks only at what it needed in order to deal with IT
systems disruptions, not the larger issues of business or personnel
disruptions.
The guide defines a seven-step process for agencies to make part of the
planning for and management of every information system. It includes:

* Developing a formal contingency planning policy, with the necessary
authority
and guidance for future plans.

* Conducting a business impact analysis to identify and prioritize critical
systems.

* Identifying preventive controls to reduce the effects of system disruptions.

* Developing recovery strategies.

* Developing a detailed, step-by-step contingency plan.

* Testing the plan to identify gaps and training personnel to prepare them
for 
any incident.

* Maintaining and updating the plan to keep it current as systems change.

The guide also includes a sample format for developing a contingency plan,
splitting a plan into three phases: notification/activation, recovery and
reconstitution. 

The notification/activation section outlines how to develop a "call tree" to
ensure the correct people are notified in the correct order, to perform an
initial damage assessment and move into the recovery phase. 

For recovery, the guide suggests developing step-by-step procedures for
dealing
with every detail, including mundane problems such as obtaining the necessary
office supplies, space and power to support the emergency operations. 

In the reconstitution section, the guide recommends specifying teams
responsible for each action that must be taken to return to normal
operations. 

This includes backing up the data created while on the contingency system and
uploading it to the restored system so that no work is lost.

The guide also includes a cost-consideration chart to help agencies decide
what
kind of alternate or backup sites they should chose for each system.
*******************************
Federal Computer Week

Commercial database use flagged
BY William Matthews 
Jan. 16, 2002 

Privacy advocates have filed a lawsuit in federal court to force the Justice
and 

Treasury departments to disclose details about buying information about
individuals from commercial databases. The agencies are generally banned from
amassing such information on their own.

Electronic Privacy Information Center officials said Jan. 15 that the two
agencies have illegally failed to respond to Freedom of Information Act
requests for details about their information purchasing practices. 

Lawyers for EPIC sought the information after seeing news reports and
obtaining
documents that indicate at least six federal law enforcement agencies buy
personal information from database companies.

The companies include ChoicePoint Inc., which gathers and sells information
for
purposes ranging from employment background checks to insurance fraud
investigations, and Experian, which claims to have information gathered from
"hundreds of public and proprietary sources" on 215 million consumers.

The Privacy Act of 1974 banned federal agencies from collecting personal
information about individuals unless they are actively investigating the
individual. But no such prohibitions apply to database companies. 

The companies collect data from a wide range of commercial and government
sources, such as credit card records, motor vehicle and property records,
license records, marriage and divorce data, bankruptcy and other court
databases, product warranty registrations, loan applications and other
sources.
Government agencies that buy the information include the FBI, the Drug 

Enforcement Administration, the U.S. Marshals Service, the Internal Revenue
Service, the Immigration and Naturalization Service, and the Bureau of
Alcohol,
Tobacco and Firearms, according to EPIC.

A key concern for privacy advocates is how accurate the data is, said Chris
Hoofnagle, EPIC's legislative counsel who filed the suit. ChoicePoint, for
example, provided inaccurate data to Florida election officials, who denied
thousands of voters access to the polls in 2000. 

Hoofnagle said EPIC obtained documents that show that information the IRS
bought from ChoicePoint and Experian included "credit header data," which
includes a person's name, current and prior addresses, Social Security number,
date of birth, telephone number, information from property records, motor
vehicle records, marriage licenses and divorce papers, and records of
international asset location. IRS employees have access to this data through
their desktop computers, Hoofnagle said. 

It is not clear whether the agencies buying information are violating the law,
"but if they are buying information without real investigations going on, then
there are going to be problems," he said.

The Privacy Act was passed to stop information collection abuses that were
common during the 1960s and 1970s, when the FBI and other agencies compiled
detailed dossiers on Vietnam War protesters, civil rights activists, political
"enemies" of the president, celebrities and others. 

Hoofnagle said recent cases show that the abuse of information by government
employees has not ended. Recent abuses include police employees using
information to track women for dates and to rob rental cars and federal
employees selling DEA data, he said. 

"You don't have to have a rogue government, just a rogue civil servant," he
said. 
The Justice Department has 30 days to respond to the suit. 

********************************
Newsbytes
Afilias Challenges 741 '.Info' Internet Addresses  
By David McGuire, Newsbytes
WASHINGTON, D.C., U.S.A.,
17 Jan 2002, 2:42 AM CST

Afilias - the company that manages the recently launched .info Internet domain
- on Wednesday filed the first of several bulk challenges aimed at reclaiming
fraudulently obtained .info addresses. 
Afilias asked World Intellectual Property Organization (WIPO) arbitrators to
essentially revoke the registrations of 741 .info names sold during the .info
pre-registration period, which took place last year. 

The mass challenge is only the first in a string, Afilias Chief Marketing
Officer Roland LaPlante told Newsbytes Wednesday. "I believe at the end of the
day we'll challenge at least 10,000 (names)," LaPlante said. 

The first of seven new global Internet domains to go live, .info opened to the
online public in October. But before .info addresses became widely available
from the same companies that sell .com, .net and .org addresses, Afilias gave
trademark holders a chance to pre-register .info domains during a "sunrise
period." 

A problem with the sunrise process emerged almost immediately when it became
apparent that unscrupulous domain name speculators had been misrepresenting
themselves as trademark holders in order to snatch up the most attractive
.info
addresses before they became publicly available. 

Responding to widespread outcry in the Internet community over the fraudulent
registrations, Afilias executives laid out a plan to launch a mass arbitration
challenge against all of the fraudulently registered addresses in the .info
system. 

LaPlante said that Afilias officials are going through each of the more than
52,000 .info addresses filed during the challenge period to see if the
trademark numbers listed by the registrants match international trademark
records. 

LaPlante said that Afilias executives have still not decided how they are
going
to redistribute attractive .info addresses that they reclaim during the mass
arbitration challenge. 

Afilias is online at http://www.afilias.info . 
Reported by Newsbytes.com, http://www.newsbytes.com . 
02:42 CST 

(20020117/WIRES ONLINE, LEGAL, BUSINESS/AFILIAS/PHOTO) 

******************************
Newsbytes
DVD Crypto Defendant Appeals To California Supreme Court  
By David McGuire, Newsbytes
WASHINGTON, D.C., U.S.A.,
16 Jan 2002, 5:37 PM CST

A former Indiana resident who is being sued for participating in an online
forum dealing with digital video disc (DVD) decryption, on Tuesday formally
asked the California Supreme Court to rule that he cannot be compelled to
stand
trial in California. 

Former Purdue University student Matthew Pavlovich is fighting a lawsuit filed
against him in 1999 by the DVD Copy Control Association (DVD CCA), a movie
industry-backed organization. 

Based in California, the DVD CCA sued Pavlovich for his participation in the
DVD encryption forum under California trade secrets laws. Specifically, the
DVD
CCA is suing Pavlovich for his involvement in posting DVD decryption codes
that
can be used to allow Linux users to view DVDs on their computers. 

But Pavlovich's attorney, Allonn Levy, says that Pavlovich can't be compelled
to defend himself in a California court, simply because he posted information
on a Web site that could be viewed by Californians. 

"They basically say that if you are on the Internet there's worldwide
jurisdiction," Levy told Newsbytes today. "That just doesn't make sense." 

Shortly after the case was filed in 1999, Pavlovich's attorneys asked the
trial
court to rule that California had no jurisdiction in the case. The trial court
denied that motion, as did a California appeals court, which ordered Pavlovich
to stand trial. 

But in December 2000, the California Supreme Court reviewed the case and
issued
an order requiring the Appeals Court to require the DVD CCA to show cause
as to
why Pavlovich should be tried in California, Levy said. 

In August 2001, the appeals court again sided with the DVD CCA, issuing a
written order requiring Pavlovich to come to California. 
Pavlovich appealed that order to the Supreme Court, which in December ruled
that it would decide the jurisdiction issues in the case itself. 

On Tuesday, Levy filed Pavlovich's initial arguments in the case, which will
probably be heard sometime later this year. 
Some civil liberties advocates are calling the case a bellwether on the issue
of cyber-jurisdiction. 

"Courts have uniformly held that simply publishing something on the
Internet is
not sufficient to hold jurisdiction worldwide," Electronic Frontier Foundation
(EFF) attorney Robin Gross said in a release. "Without the proper application
of constitutional safeguards, the Internet will become a liability minefield
for users." 

Reported by Newsbytes.com, http://www.newsbytes.com . 
17:37 CST
Reposted 18:28 CST 
(20020116/WIRES ONLINE, LEGAL, BUSINESS/DVDCOPY/PHOTO) 
**************************

Wednesday January 16 10:38 AM ET 
Ga. Tech Develops Cheating Detector
By KYLE WINGFIELD, Associated Press Writer 

ATLANTA (AP) - A software program designed by Georgia Tech professors to
detect
cheating in students' computer programming homework turned up 186 possible
violators, school officials said. 

The students - who were enrolled last fall in either ``Introduction to
Computing'' or ``Object Oriented Programming'' - will be investigated by the
student dean's office, Tech spokesman Bob Harty said Tuesday. 

The program is designed to detect exact duplications of computer code. 
Students found guilty of cheating could face expulsion but most likely will be
given failing grades for the classes, Harty said. 

Students were told before taking the class that the software would be used,
said Kurt Eislet, director of undergraduate education for the College of
Computing. 
``My guess is that there are students who either don't believe that the
program
exists or don't believe that they're going to get caught and are willing to
take 
that risk,'' he said. 

The software, developed around 1993, detected similarities in the students'
work in three computer coding assignments, Eislet said. It's unlikely that
innocent students' work was detected by the program, he said. 

``Out of 30 people on a given assignment that were detected, it's possible
that
a small number of them have legitimate explanations for why those things
are so
similar,'' he said. 

``But for the most part, the degree of similarity that this program is looking
for - the commas are in the same place, the semicolons are in the same place,
the spacing is the same, they've made the same mistakes - the only
explanation,
and what most students will eventually concede, is they actually did it,''
Eislet said. 

``Introduction to Computing'' is mandatory for all students at the college; 

``Object Oriented Programming'' is required for computer science students,
Harty said. Nearly 1,700 students were enrolled in the two courses in the
fall.

A computer program designed to catch duplicated phrases in term papers at
University of Virginia led to the investigation last year of 122 students at
that school. Prof. Lou Bloomfield in April created the program to detect
shared
phrases of at least six words. 

A Rutgers University study of 2,200 students at 21 colleges in 2000 found that
10 percent admitted they had borrowed fragments of material they had found on
the Internet, while 5 percent said they had taken large passages or entire
papers. 
********************************

Gates Says Software Security Is A Priority 
E-Mail to Staff Doesn't Cite Microsoft Lapses 
By Jonathan Krim
Washington Post Staff Writer
Thursday, January 17, 2002; Page E01 

Microsoft Corp. Chairman Bill Gates has made security of the company's
software
its top priority, telling employees that failing to make products less
vulnerable to viruses, instability and privacy breaches will jeopardize the
firm's future.

"When we face a choice between adding features and resolving security issues,
we need to choose security," Gates said in an e-mail to employees on Tuesday.
Given the widespread use of Microsoft software in business, government and the
home, Gates's clarion call is a recognition that his vision of an
Internet-centric world is contingent on confidence that online activity
will be
safe and secure.

Gates did not point to the myriad security problems that have dogged Microsoft
products for years, saying instead that such flaws affect all levels of
software, by all manufacturers. But Microsoft's products, especially its
Outlook e-mail program, have been favorite targets for hackers and
purveyors of
worms and viruses that can cripple entire networks and computing systems.

Most recently, the company had touted its newest desktop operating system,
Windows XP, as the safest and most stable ever developed. Yet a major security
hole was discovered just months after its introduction, sending Microsoft
engineers scrambling to develop a fix.

Microsoft competitors have been quick to exploit the software giant's
problems,
marketing their wares to corporations as safer and less expensive alternatives
for their networks. Oracle Corp., which makes software for managing large
corporate databases, advertises its products as "unbreakable," in a direct
slap
at its arch rival.

But Gates told his employees that "no trustworthy computing platform exists
today."

He said that Microsoft's campaign for "trustworthy computing" is on a par with
major strategic moves the company has made in the past, particularly its
embrace of the Internet as the future of computing. And he said that it is
Microsoft's responsibility to be the industry leader in security.

"Today, in the developed world, we do not worry about electricity and water
services being available," Gates said in his e-mail. "With telephony, we rely
on both its availability and its security for conducting highly confidential
business transactions without worrying about who we call or what we say
will be
compromised. Computing falls well sort of this."

Microsoft has developed software designed to make online commerce more secure
through the use of electronic identifiers, but it has been criticized by
privacy advocates as concentrating too much information in the hands of one
company.

Gates said that users "should be in control of how their data is used," but he
offered no specific changes or suggestions for improving the company's
identification 
*********************************

GSA online procurement rapped
BY Diane Frank 
Jan. 17, 2002 
The General Accounting Office on Jan. 15 released a letter to General Services
Administration head Stephen Perry criticizing the agency's lack of controls on
its governmentwide online procurement systems.

In a 2001 review of small business participation in federal online procurement
programs, GAO discovered several errors and weaknesses in GSA Advantage and
the
Information Technology Solutions Shop (ITSS).

The problems result in unreliable data about agencies' procurement and could
affect GSA's ability to continue operating the systems after a disaster or
emergency, David Cooper, director of acquisition and sourcing management at 
GAO, wrote in the letter dated Dec. 21, 2001.

During the governmentwide review, GAO found significant errors in the data
available from GSA Advantage, an online catalog of all the Federal Supply
Service's products and services, and ITSS, the Federal Technology Service's
online contracting system. Among the problems:

* Advantage reported $32.2 million worth of sales that were in fact "test
orders" used to train users.
* ITSS used an incorrect formula to calculate total sales, overstating the
total by $800 million.

GSA also had no documentation for the two systems that would ensure that data
is reliably collected by the system and would provide a basis for
reconstitution following a disruption or emergency. 

According to the systems' managers, there is no documentation because
Advantage
and ITSS "evolved over many years in a piecemeal fashion," Cooper wrote.

Unless steps are taken to follow GAO recommendations ? which include
putting in
place data entry controls and fully documenting the systems ? this will
magnify
the problems, Cooper wrote.

GSA officials told the review team that although the agency is re-engineering
both systems, they are looking at how to address the GAO recommendations.
During fiscal 2000, Advantage handled almost $125,000 in transactions, and
ITSS
processed more than $2.2 million. The sales going through these systems are
expected to increase greatly, because in fiscal 2001 FSS required all vendors
to make their products and services available on Advantage, and the Bush
administration has directed agencies to expand their use of online procurement
in fiscal 2002.
**************************************
Federal Computer Week
DOD acquisition system 'broken'
BY Christopher J. Dorobek 
Jan. 16, 2002 
Transition of the armed services will be virtually impossible without a
wholesale reform of the Defense Department's acquisition process, said Adm.
Dennis Blair, commander in chief of the Navy's U.S. Pacific Command.

"In the last 12 months, I have become even more convinced that our current
approach to transforming our armed forces must be changed, particularly the
way
we acquire systems. If we don't change it, it will break us," Blair said Jan.
15 at the West 2002 conference in San Diego.

"I believe that our acquisition system is fundamentally broken, especially in
the area of information technology," he said.

Blair said he made his comments acknowledging that the armed forces are doing
well, but he said that they have not done well enough and that there have been
costs in missed opportunities.

The current acquisition system does not move quickly enough, fails to put
engineers together with operators to address real-world problems or deal with
emerging threats and fails to address evolving requirements, the admiral said.
The process is hamstrung by a bureaucracy that does not reward ? or even make
allowances for ? innovation or modifications, he said.

"The bigger and more standardized the program, the better from the perspective
of the program manager," he said.

Instead, Blair said that programs should be developed incrementally, testing
projects in real-world situations.

DOD must institutionalize the links between joint operations and service
acquisition centers, he said. Those can be improved dramatically by holding
more exercises that require the military services to work together.

The department has created a so-called Rapid Improvement Team that is
spearheading an effort to get IT projects into the hands of warfighters more
rapidly ? even within 18 months. DOD officials last month approved several
pilot programs that will be used to test the concepts developed by RIT.

****************************
Federal Computer Week
System aims at ID duplicates
BY Brian Robinson 
Jan. 16, 2002 

Officials from West Virginia, which has pioneered the use of facial
recognition
software for issuing driver's licenses, seek to update the state's system to
crack down on the fraudulent use of second and third licenses.

The current system involves an automated search of about 2 million motor
vehicle records to make sure that the person applying for a license is not
already in the system. The new system, in its pilot project phase, will enable
fast matching of faces even if applicants try to disguise themselves.

It uses Visionics Corp.' s FaceIt technology, which "preprocesses" images to
compensate for size, lighting, expression and pose. Then it uses a
mathematical
technique called local feature analysis to produce a digital template
unique to
that individual.

What makes the system so powerful, the company claims, is that it can match
faces even with changes in lighting, skin tone, facial hair, hairstyle,
eyeglasses and other features that might fool conventional face-matching
systems.

"In the pilot [program], we are trying to satisfy the [Division of Motor
Vehicles] that this technology is effective and that it doesn't generate a
large workload of false matches that can overwhelm them," said John Munday,
president of Digimarc ID Systems, the company that provides West Virginia's
current licensing system and is partnering with Visionics on the new system.
"This technology is optimized for searches against large databases [and should
substantially] cut down on the investigation time."

West Virginia has addressed the situation of people saying they have lost
their
license and are applying for a new one when they didn't have a license in the
first place, he said. Now the state is starting to tackle the issue of
identifying people who already have a license and are looking for another.

Digimarc supplies driver's license systems to 37 states, Munday said, and if
the West Virginia pilot program is successful, he expects the system will also
be taken up by many of the others.

Robinson is a freelance journalist based in Portland, Ore. He can be
reached at
hullite@xxxxxxxxxxxxxxx
*****************************

Officials ID better licensing
BY William Matthews 
Jan. 15, 2002 

State officials who issue driver's licenses want to make it much harder to
obtain fraudulent licenses, in part by giving state officials more access to
government computer databases so they can more thoroughly check applicants'
information.
Licensing officials promise that gaining access to government databases will
not lead to Big Brother-like electronic surveillance of license holders, as
some privacy advocates fear.

The American Association of Motor Vehicle Administrators (AAMVA) said it will
urge Congress to pass legislation to create uniform standards for the
states to
follow when issuing driver's licenses. Sen. Richard Durbin (D-Ill.) is
drafting
such a bill. 

The Sept. 11 terrorist attacks made clear the nation's need for more stringent
standards for identification, said Linda Lewis, president of the association.
"The state-issued driver's license is more than a license to drive," she said.
"It is the most widely used domestic document to verify a person's identity."

Driver's licenses are too often issued without adequate verification of the
recipient's identity, said Betty Serian, deputy secretary of the Pennsylvania
Department of Transportation, and too many types of driver's licenses are
issued. 

Serian headed a Special Task Force on Identification Security for AAMVA and
concluded that uniform, nationwide standards are needed for driver's licenses.
More than 200 different valid forms of identification are issued by states,
she
said. "So how can a bank teller in Maine be expected to know what a California
state driver's license really looks like?" she asked.

AAMVA does not want all state driver's licenses to look the same, but it does
want them all to have common features, including some form of "unique
identifier" that might be a number or a biometric identifier, such as a
fingerprint or eye scan.

Just as important, AAMVA wants much more thorough checking of a license
applicant's identity before a license is issued. That might mean an end to the
current practice of applying for a license and receiving it the same day,
Lewis
said. 

One method of verification might be to cross-check personal data submitted by
license applicants with government databases. Computers could compare names,
addresses, passport numbers and Social Security numbers and check police, FBI
and Immigration and Naturalization Service records among other databases,
Lewis
said.

AAMVA also wants state driver's license databases to be interconnected so that
licensing officials can check other states to see whether applicants already
have a license elsewhere.

Interconnecting databases would not threaten personal privacy, she insisted.
Privacy advocates worry that AAMVA's proposal would create the equivalent of a
national identification card that could leave an electronic trail wherever its
holders are required or choose to use it. 

"There has been a lot of misinformation" about more secure driver's licenses,
Lewis said. There would be no "huge database in the sky," she said. 

"We don't want to invade privacy," said Alan Cockman, AAMVA's board chairman.
The association would urge Congress and the states to pass tougher privacy
laws
to assure that driver's license information is not abused, he said. 

***********************************