[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips May 29, 2002

Clips May 29, 2002

ARTICLES

'Carnivore' Glitches Blamed for FBI Woes
State Seeks to Fine Online Pharmacy
Hearing Set on Hacked State Computers
Chronicle of Higher Education
Former Student Is Charged With Sending Racist E-Mail Messages
Ted Waitt takes on Hollywood
Scientists enlist themselves in war on terrorism
Instant messaging at work can open door to hackers
Liberty Alliance expands membership
FCC OK Unleashes XtremeSpectrum
Net Governance Chief Will Step Down Next Year
Proposed legislation renews debate about value of a national ID card
Mixed Messages (Polls on American Opinions on National ID)
A critical difference (Attempts to Frame the debate on a National ID System)
Will privacy be protected?
Weldon envisions virtual hearings
Anti-terror bills march forward
FAA workers to get smart cards
DOD tech pushed for first responders
Intrusion-detection net revived
Industry opposes security standards
To protect and serve
E-gov security gateway in works
DOD adjusts its plans on hiring foreign workers
Senate awards $100 million IT services contract
Being wired helps you connect
Turkey tightens controls on the net
FBI wants more surveillance power
Eminem CD shows piracy patterns
Modem owners pay more for AT&T
EU aims to boost broadband
Picture slowly changes for TV buyers
Gates Foundation gives nearly $3 million to kids in China
Web sites let survivors celebrate loved ones
Retired tennis star wins case against Microsoft
New York attorney-general sues spammers
Guide helps digital users stay honest
US Programming Competition Organizer Adds China to Developer Community
FCC delays auction of upper UHF TV band spectrum
Microsoft faces EU privacy probe
Privacy worries with EU online policing bill











*********************
Washington Post
'Carnivore' Glitches Blamed for FBI Woes
Problems With E-Mail Surveillance Program Led to Mishandling of al Qaeda Probe in 2000, Memo Says
By Dan Eggen

The FBI mishandled a surveillance operation involving Osama bin Laden's terror network two years ago because of technical problems with the controversial Carnivore e-mail program, part of a "pattern" indicating that the FBI was unable to manage its intelligence wiretaps, according to an internal bureau memorandum released yesterday.

An attempt in March 2000 to secretly monitor the e-mail of an unidentified suspect went awry when the Carnivore program retrieved communications from other parties as well, according to the memo, which was obtained by the Electronic Privacy Information Center (EPIC), a Washington-based advocacy group opposed to the technology.

Carnivore, which has been renamed DCS1000, is a computer program that allows investigators to capture e-mails sent to and from criminal and terrorist suspects. But the newly released memo indicates that, in at least one case, the program also retrieved e-mails from innocent people not involved in the investigation.

The incident joined a rapidly growing list of alleged FBI mistakes made before Sept. 11, including evidence that FBI headquarters bungled the quest for a search warrant in the Zacarias Moussaoui case and ignored pointed warnings from an Arizona field agent about terrorists in flight training. It also invited fresh criticism of Carnivore, a program already derided by civil libertarians, and cast doubt on repeated FBI assurances that the program provides a "surgical" ability to grab targeted e-mails out of cyberspace.

"Carnivore is a powerful but clumsy tool that endangers the privacy of innocent American citizens," said David Sobel, general counsel for EPIC, which obtained the memo through a lawsuit filed under the Freedom of Information Act. "We have now learned that its imprecision can also jeopardize important investigations, including those involving terrorism."

FBI spokesman John Collingwood said yesterday that the case was a rare mistake that resulted from technical problems encountered by an Internet service provider, not by the FBI.

"This is an uncommon instance where a surveillance tool, despite being tested and employed with the assistance of a service provider, did not collect information as intended," Collingwood said.

The one-page memo at issue, dated April 5, 2000, and sent via e-mail, was intended to outline the problems that had arisen in a Denver terrorism case for Marion "Spike" Bowman, the FBI's associate general counsel for national security. Yesterday, Bowman declined to comment and authorities declined to identify the memo's author or provide further details about the case.

The probe involved the FBI team that investigates suspected operatives of the al Qaeda network. It is known as the Usama bin Laden, or UBL, unit for the agency's spelling of the al Qaeda leader's name. The same unit has come under congressional scrutiny in recent weeks over its role in shelving a July 2001 memo from Phoenix FBI agent Kenneth Williams, who had suggested that al Qaeda members might be infiltrating aviation schools and requested that the FBI canvass them for Middle Easterners.

In the latest case to come to light, the UBL unit acquired in March 2000 a warrant under the Foreign Intelligence Surveillance Act (FISA) for use against a suspect in an investigation based in Denver, according to the memo released yesterday.

The names of the suspect and all others in the memo, except for Bowman's, were redacted from the copy provided to EPIC.

The memo says that on March 16, 2000, the Carnivore "software was turned on and did not work properly," capturing e-mails involving both the target and others unconnected to the case.

The memo goes on to say that "the FBI technical person was apparently so upset that he destroyed all the E-Mail take, including the take" from the target. Collingwood, the FBI spokesman, said that the memo is incorrect and that the e-mails gathered in the operation were kept and remain under seal in the court that administers secret wiretaps.

The memo makes clear that the Justice Department's Office of Intelligence Policy and Review (OIPR), which oversees FISA warrants, was enraged by the blunders in the case, in part because the Justice Department office was allegedly not told that Carnivore was considered experimental at the time.

Referring to an official at OIPR, the memo's author says: "[To] state that she is unhappy with [the International Terrorism Operations Section] and the UBL Unit would be an understatement of incredible proportions."

The memo also refers to an electronic communication outlining other "FISA mistakes" and alleges "a pattern of occurrences which indicate to OIPR an inability on the part of the FBI to manage its FISAs."

One law enforcement official said last night that the passage may be referring to the ongoing problems with the affidavits submitted by the FBI to the Foreign Intelligence Surveillance Court, which approves surveillance requests. The court barred one FBI agent from submitting affidavits in late 2000 because of misrepresentations, and a broad review found similar problems in other cases, sources said.

The FBI has been using the Carnivore system for almost three years, subject to court authorization, to tap into Internet communications, to identify e-mail writers online and to record the contents of messages. It does so by capturing "packets" of information containing those details.

Civil liberties advocates and some lawmakers have expressed concerns because the system could scan private communication on the legal activities of people other than those under investigation. But agency officials have said repeatedly in response to criticism that the system poses no threat to privacy because it can take narrow, targeted slices of communication.

That's what FBI officials told Congress in the summer of 2000, only a few months after the botched surveillance effort in the Denver case.

Shortly before the Sept. 11 terrorist attacks, an FBI spokesman said the agency rarely used Carnivore because Internet service providers had become so adept at meeting the technical demands of approved surveillance of suspects' Internet traffic. The agency said it had used Carnivore only twice from January through mid-August.

Since then, the agency has repeatedly declined to discuss the number of times the system has been used in recent months, saying that the records of Carnivore's use are exempt from disclosure laws.

Staff writer Robert O'Harrow Jr. contributed to this report.
***********************
Los Angeles Times
State Seeks to Fine Online Pharmacy
Medicine: A Los Angeles drugstore could face an $88.7-million penalty for allegedly selling drugs without examinations.
By RONALD D. WHITE

In what probably would be the largest fine ever for illegal prescription drug sales over the Internet, California state regulators said Tuesday that they have proposed an $88.7-million fine against a Los Angeles pharmacy for selling medications directly to consumers without requiring a doctor's examination.

The state Board of Pharmacy's sanction against Los Angeles-based Total Remedy & Prescription Center II, pharmacist-in- charge and co-owner Barry Irvin and pharmacist William Packer must be approved by the 11-member state medical board. The fine amounts to the maximum $25,000 for each of about 3,500 prescriptions allegedly filled illegally.

The case represents the first use of a law passed in 2000 that requires a "good faith prior medical examination" by a doctor licensed in California before a prescription can be filled. Irvin said the charges were "crazy, to say the least," and came as a complete surprise.

"I'm just trying to maintain my normal routine," he said in a telephone interview, adding that the prescriptions were legitimate.

He has 30 days to appeal the sanctions.

The pharmacy is operated at its Los Angeles location like any other drugstore, said Patricia Harris, executive officer of the California Board of Pharmacy.

Harris said the pharmacy's operators also ran a Web site called CyberHealthServices.com that specialized in so-called lifestyle drugs such as Viagra for impotence, Propecia for hair loss and Xenical for weight loss. It is accused of filling prescriptions from out-of-state doctors who did not examine the patients.

State officials said the Web site was advertised mostly through unsolicited blanket e-mails. Harris added that the Web site also showed up on Web searches for Viagra and other drugs.

California officials were made aware of the site in 2001 by the Pennsylvania attorney general's office, which was working on a case involving the Web site.

Pennsylvania officials told California officials that the building that handled the credit card calls and shipping was in Glendale, but it had moved, Harris said.

The medications were mailed in a professional fashion, in standard vials and accompanied by literature, Harris said.

That's not always the case with Internet drug sales, according to the National Assn. of Boards of Pharmacy, a professional organization representing pharmacy boards in all 50 states. The association said Web sites and associated boiler room operations began proliferating five years ago.

Many are set up and dismantled within a matter of months or weeks and offer sales of all manner of drugs with minimal requirements and without a doctor's advice, leaving consumers to self-medicate without any instruction.

"It scares the heck out of us," said Carmen Catizone, executive director of the association.

Catizone recalled the recent story of a Florida woman who contacted an Internet drug sales site and asked for a medication to help her lose weight.

The woman was sent a powerful amphetamine called Didrex that quickly sent her blood pressure soaring. Catizone said the woman stopped taking the drug, but the Internet drug seller would not refund her money.

Catizone said the operators of such sites in the U.S. and overseas often mail unpackaged pills in an envelope or a plastic sandwich bag, without any information such as dosage, possible interactions or, sometimes, even the name of the drug.

The association maintains a Web site, www.nabp.net, with a link to its Verified Internet Pharmacy Practice Sites, which lists the pharmacy sites that meet its 17 criteria for trustworthy and safe service.

Harris said she was aware of a California case in which a woman received Prozac from another Web site and went into shock when she self-medicated.

When asked why a state law passed and signed in 2000 was only now being used to target a serious problem, Harris said the task was undertaken without a boost in her budget.

Harris said she had a staff of 55, about half of them field inspectors, to police the state's pharmacies and Internet drug sales sites. She added that her offices "could always use more resources."

"We have other irons in the fire now. We're working on it," Harris said.
**********************
Associated Press
Hearing Set on Hacked State Computers
Tue May 28,11:02 PM ET
By DON THOMPSON

SACRAMENTO, Calif. (AP) - State senators said Tuesday they would investigate why it took weeks for 260,000 government employees to be notified that a hacker accessed a computer system containing their personal financial information.


"There's a lot of people screaming," said Dennis Alexander of the Professional Engineers in California Government.

Democratic Sen. Steve Peace said his committee on privacy planned a hearing next month into how a hacker or hackers could break into the state database April 5, why it wasn't discovered until May 7, and why employees weren't notified until Friday.

Authorities don't know what, if any, information was taken or used. The database included employees' last names, first and middle initials, Social Security (news - web sites) numbers and payroll deduction information.

The 7,000-member California Union of Safety Employees blamed Controller Kathleen Connell.

Connell's office shut off the compromised computers and notified the Sacramento Valley Hi Tech Task Force the day the breach was discovered, said John Harrigan, chief deputy state controller for administration.

The task force advised against notifying the public because it would hamper the criminal part of the investigation, Harrigan said.
********************
Chronicle of Higher Education
Montana Allows Public Colleges to Monitor Computer Use
By JEFFREY R. YOUNG

A new policy in Montana permits officials of public colleges and universities to monitor activity and copy data from computers and networks owned by the institutions for the purpose of investigating misuses. Some professors and students worry that the policy is too broad and could lead to invasions of their privacy.

The policy, approved Friday by the statewide Board of Regents of Higher Education, allows university officials to "periodically, routinely, or for a specific purpose monitor activity on its computers and network" as long as the monitoring is part of their "legitimate job duties" in managing the computer network or investigating misuses.

Some professors are concerned that the policy could allow university officials to act as Big Brother.

"We still have some concerns," says Erik Burke, director of public policy for the Montana Education Association-Montana Federation of Teachers, a union. The union had sought amendments to the policy that would have specified which officials could monitor computer activity and would have limited how much monitoring they could do, he says. Those amendments failed.

"Right now, the policy pretty much allows ... anybody on campus to have access to electronic records," says Mr. Burke. "We were trying to define who it was and how much they could go into it."

Heather O'Loughlin, a senior at the University of Montana who is the business manager for the Associated Students of the University, its student government, worries that the policy could lead officials to restrict Internet access in university libraries, many of which are also public libraries.

"My one concern is to make sure that students still have access to what they need," says Ms. O'Loughlin. "The policy gives them the right to block Web sites. It's not necessarily something they will do, but it's something that they now have the right to do."

State officials say that the policy is a necessary tool to keep university networks running and to root out abuses of acceptable-use policies and laws.

"We're talking about employees and students who are using state machines on a state network, and we have an obligation to make sure that they're using them for work-related purposes and education-related purposes," says LeRoy H. Schramm, chief legal counsel for the Montana University System.

Mr. Schramm says one goal of the policy is to "put people on notice" that their activity could be monitored.

"If in fact something is so private that you can't even take a one-in-a-million chance that a monitor could come upon this, then I think you should find a different medium to convey that message or work," Mr. Schramm adds, noting that the policy prohibits university investigators from sharing information they find.

"We put in appropriate assurances on the books that say this is in no way meant to allow random joyriding through a person's history," he says.

A growing number of colleges and universities are considering creating a "workplace investigation policy" for computer networks, says Tracy B. Mitrano, a policy adviser in Cornell University's information-technologies office, which has not yet created a specific policy. Some other universities have established similar rules on computer monitoring as part of their acceptable-use policies, she says.

Ms. Mitrano says universities should establish guidelines for computer searches before an incident occurs, to help protect the privacy of professors.

"In the heat of the moment, people sometimes do rash things unless guided by policy," she says, adding that "it should be an absolute last resort of workplace investigation to monitor" specific computer use.

"It does not have to be Big Brother," Ms. Mitrano says, adding that a university should seek a balance between protecting privacy and protecting college resources. "It is, I think, only through policy that you achieve that balance."
*******************
Chronicle of Higher Education
Former Student Is Charged With Sending Racist E-Mail Messages
By DAN CARNEVALE

A former student who had been expelled from Indiana University-Purdue University at Indianapolis was arrested last week based on accusations that he had sent more than 100 racist e-mail messages to students, professors, and staff members on the campus.

The former student, a white male named Joseph C. Belzer, 54, was charged with three counts of intimidation, a Class D felony, and 18 counts of harassment, a Class B misdemeanor. He has pleaded not guilty and remains in police custody, with bail set at $50,000.

The e-mail messages were sent over the course of a year from public-access computer terminals, such as those located in the campus libraries. The recipients were mostly members of racial minority groups, although some white people received the racist messages as well.

None of the messages made any specific threats, administrators said, but they were filled with obscenities and racial slurs, and one warned a black student to "watch your back."

Police investigators worked with the university's information-technology department to track down the source of the e-mail messages. After determining that Mr. Belzer was the suspect, the university expelled him on April 26. The police arrested him on Friday.

Rich Schneider, a university spokesman, said the campus was relieved that the police had made an arrest. "This was a serious and very unusual act that occurred on this campus," he said. "It shocked people here, but everyone was pleased at how the campus pulled together to track this person down."
****************************
Tech News
Ted Waitt takes on Hollywood
By Charles Cooper
Staff Writer, CNET News.com
May 28, 2002, 12:00 PM PT


newsmakers If he finds himself dining at Spago anytime soon, Gateway CEO Ted Waitt isn't likely to receive any bear hugs from the Hollywood moguls who favor this perennial Los Angeles hot spot.
That's because Gateway's chief executive officer finds himself on the other side of a bitter digital divide from the entertainment industry over the issue of digital music downloads. Throw in an opportunity for a grandstanding politician or two, and you have the makings of a grand donnybrook.

Last month, Gateway began to campaign against a proposal by Sen. Ernest "Fritz" Hollings, D-S.C., that would shift the burden for copyright protection onto the shoulders of hardware manufacturers such as Gateway. The company, which has ambitions to become a larger player in music publishing and distribution, responded with a series of tongue-in-cheek television advertisements and public statements promoting legal digital downloading.



The entertainment industry was not amused. Music and movie studios are worried about the potential loss of billions of dollars due to illegal digital downloads.

But Gateway, which operates a site where people can legally download certain individual songs, says the wording of the Hollings bill threatens the future of CD burners. If there's a ban on this popular accessory device that allows people to burn downloaded music files to CDs, Gateway and other computer makers say it may reduce computer demand.

CNET News.com recently chatted with Waitt on why the two industries are butting heads and whether it's at all possible to find a compromise that would satisfy both camps.

Q: What made you decide to step out in front of other tech companies to take on the music industry?
A: It wasn't our intention to take on the industry; it was our intention to speak out on behalf of consumers.

A risky move?
It was a bit of a risk. We were looking for ways to revitalize the Gateway brand and get back to being a voice for the consumer. It was funny: When we ran the radio ads, we had a line about copyright laws in there. Then we got a letter from an attorney who was involved in the music industry--and he was ecstatic about what we did. Only later was it that the industry got uptight. But we don't support stealing music. We wanted to educate them.

Did you expect the ferocity of the reaction?
No, not really. We thought it was the right thing to do.

What's to account for the response then?
You saw the same thing with digital music. I think (the music studios) could double their music sales with very targeted solutions, and we're willing to sit down and help them. But it's not our job to help them solve their business problems. I'm not in favor of stealing music. Technology people have as much interest in protecting patents as the entertainment industry.

They've criticized your commercials and the appeal to oppose Hollings' bill as a declaration of war. Have you felt any backlash?
Nothing you could point to specifically. But we didn't view this as a declaration of war. They do everything in an adversarial way because it's in their nature. They're trying to play defense to protect the old way of doing business, which has to evolve.

How do you expect to create a music service of your own if you have alienated the music companies?
We're working with EMusic and others. It might help get us to the table--if (the studios) can stop viewing us as the enemy. We want a solution as much as they do.

Do you see the Hollings bill as a serious threat, or a Trojan Horse for more piecemeal approaches.
It's not the end of the world, but it's also not the way to solve the problem. Our solution is that the music industry has got to get together among themselves and find a common way to do this. They'll have to get hardware people in, the Internet people in--and start building a new business model instead of saying, "Stop this." You can't stop it. CD burners shouldn't be considered contraband.

Hollywood is asking Congress to block DVDs with copy protection and is suing to stop sales of digital VCR and MP3 players. The technology people respond that's an antiquated--and useless--response. Why don't Hollywood and Silicon Valley better understand each other?
They speak different languages. The entertainment industry always chooses to fight things out through the courts and legislation. Technology people always think there's a business solution. Everybody has tried a variety of things, but it won't work until they get together and people can go to one place for all the music that's out there. Consumers don't know what label their favorite artist is on. It's irrelevant. Go back to the VCR analogy. They fought the VCR, but at the end of the day, the VCR created a whole new revenue stream for every movie release.

Is that all there is to it--just a difference in point of view? That is, Silicon Valley saying, 'Dudes, you just don't get it; there is no way to stop digital piracy?'
The technology industry thinks there's a way to solve it, but it's not to say all digital music is bad, so let's keep using CDs.

Do you think music downloading from a Kazaa or Morpheus site is stealing?
I never said that. I don't think that's necessarily right, but all digital music isn't bad. If you buy a CD and want to put your favorite songs on one CD, you should be able to do that. The Hollings bill wants to redefine fair use. But I have never advocated stealing music.

But if I download music from Kazaa, am I in violation of the law?
Not all (downloading) is illegal. Wouldn't it be great if you could go to a service and say, "Here's my 100 CDs, and I want to listen to them in mixed format anywhere. Now, teach me about new music in streaming format, and if I like it, I can click and buy in a radio format." There are other ways of doing it, but nobody wants to go and listen. Last weekend, I was going on a trip and went to two stores looking for CDs. I couldn't find them, so I went to the Web, looking a legal way to download, but it wasn't there. I didn't do it personally, but a friend loaned me a copy--and then I lost the CD anyway. That was the only way I could get the song. But I was willing to pay for it.

Do you download and then burn music CDs?
I don't spend a lot of time doing it, but I have done--just from a research standpoint.

Do you plan to continue your campaign?
We're going to do a variety of things. It's more about the public education of the issue. We'll have more things in July, utilizing our training facilities to educate people about what's legal and what's not.

OK, a couple of business questions. For a lot of this year, you've been cutting prices and sacrificing profits to build market share. IDC had you flat in the first quarter compared with the fourth quarter. I'm not bringing any news when I say it's a still a tough market. Will the success of your strategy depend upon a real turnaround in the economy?
Our strategy's not based on share. It's growth based on fixed cost structure. We're pricing products as if we were twice our size. Our consumer business was sequentially up in the quarter for the first time in the history of the company, and we're continuing that momentum. What's going on with HP and Compaq means there's share up for grabs. I could debate the IDC numbers, but we feel real good about momentum in the business.

If the turnaround stalls, will you consider closing the rest of the Gateway stores to contain your costs?
We're committed to the stores. We're looking at each one on a store-by-store basis...If the economy stalls, it will just take longer, but we'll keep plugging away.
************************
MSNBC
Scientists enlist themselves in war on terrorism
Data networks can help thwart attacks, scientists say

WASHINGTON, May 28 Seismologists are looking to shake up the war on terrorism by using the vast amounts data collected by their "always on" research networks. The same devices that can pinpoint the epicenter of an earthquake also can used to determine the "signature" of a car bomb or nuclear test explosion, and in turn, help law enforcement and intelligence networks to better understand the origin of terrorist events, scientists say.

ALTHOUGH THESE RESEARCH networks have been tapped for investigative work in the past they remain a critically under-utilized tool in the war on terrorism, seismologists said in a briefing Tuesday.
Joining the seismologists are thousands of other researchers, across several scientific disciplines, who maintain a global network of monitoring devices and sensors. Those networks record everything from earthquakes to weather patterns to astronomical occurrences.
For example, "near surface geophysical" techniques involving "surface wave imaging" could "routinely monitor the shallow subsurface along the U.S. borders to recognize changes in physical earth properties likely related to tunneling," says a written presentation to be delivered Tuesday during a Geophysics vs. Terrorism seminar at a meeting of the American Geophysical Union.
But the scientific community remains a nearly forgotten resource for helping detect the "signatures" of terrorist activity, said Greg van der Vink, director of Planning for the Incorporated Research Institutions for Seismology (IRIS) consortium.
Acts of terrorism or potential terrorism such as the testing of a small nuclear device is likely to first appear on a data collection network operated for other purposes, van der Vink said.
There are some 10,000 seismologic monitoring devices worldwide. "These are our ears to the ground," said Terry Wallace, professor of geosciences at the University of Arizona. Such networks are capable of much more than simply monitoring earthquakes or volcanic eruptions, Wallace said. They also provide records of industrial explosions, clandestine nuclear weapons testing and terrorist bombings.
Operating in this capacity these networks create a kind of unblinking, apolitical neighborhood watch for the global village, Wallace said.

FORENSIC SEISMOLOGY
The use of seismic data for more than earthquake monitoring can be traced back to 1915 when, during World War I, the English used crude seismic data to figure out the location of the enemy's artillery pieces, Wallace said.
A new discipline, called "forensic seismology" has grown up around the verification of small nuclear explosions. "But it clearly is also useful in putting constraints on terrorist bombs," Wallace said. Reason: Each bomb blast has a unique "signature," that is recorded and cataloged by the seismic instruments.
Using these bomb signatures, scientists working with law enforcement can help pinpoint what type of bomb or bombs were used and identify points of origin for previous explosions.
Coupled with other intelligence data, the seismic information can make for a compelling and damning trail of evidence. This type of analysis was used in the 1998 truck-bombing of the U.S. embassy in Nairobi, Kenya. Seismologists were able to pinpoint the exact time of the explosion and the size of the bomb. The data proved invaluable to the FBI, which was sent to the country to investigate the bombing. By the time the FBI arrived, the crater had already been filled in, making it impossible for the agents to carry out their usual crime-scene investigation.
And sometimes the data collection is important for its ability to prove what wasn't. In the immediate, terrifying chaos that enveloped the events of Sept. 11th, rumor mixed with fear that quickly became a swirling cauldron of conspiracy theories, especially with regard to the fate of American Airlines flight 93 that went down in Pennsylvania.
One early, favored myth was that the government had been forced to shoot down the plane to save potentially thousands of other lives. On a day when the world turned upside down, such a rumor, however unfounded, was easy for many to swallow.
But Wallace and others were able to prove that the plane had not been shot down, nor had it exploded, but had, in fact, impacted the ground intact.
"The seismic signature we saw [of flight 93] matched the signatures we already had on record of other plane crashes," Wallace said. "We could, therefore, say without a doubt that the plane hadn't been shot down."
And in 2000, seismic data was used to prove that the Russian nuclear submarine Kursk sunk because of an explosion rather than a collision, as the Russian government originally claimed.

CONNECT THE DOTS
Despite the high profile successes of using scientific data to augment various investigations, the scientific community is hardly on the radar screen when it comes to the U.S. government's efforts to combat terrorism.
In truth, organizations like the CIA and FBI are "operational" and busy with the task at hand, Wallace said, whereas researchers "are pushing the frontiers of science" to come up with "new ways of looking at data."
The various intelligence communities have their own specialized networks, but as recent news events show, officials of the agencies tasked with protecting against terrorism didn't heed the warnings of their own agents let alone tap the resources of other agencies. Getting these agencies to now bring the scientific community into the fold to help augment the war on terrorism "is a challenge" said van der Vink.
But the intelligence community simply "may not have had ways to connect the dots," van der Vink said, referring to the array of networks represented by the scientific community.
And there lays the Gordian Knot when trying to mesh the data from the intelligence and scientific communities. "Coherent integration and analysis of these large installations of diverse networks" begs the question, "How do we connect the dots?" in the first place, van der Vink asked.
The move by the scientific community to raise their profile by enlisting in the war on terrorism isn't entirely without a self-serving angle.
Monitoring networks are complex, high-tech and high maintenance; they are costly to install, maintain and manage. Getting law enforcement and intelligence communities to depend more on scientific data means higher visibility and that visibility translates directly into cash by way of government grants or contracts, said van der Vink.
But that turns out to be a win-win situation, van der Vink asserted. Maintaining monitoring networks "provide a baseline" of data that makes it possible to test future events to gauge whether they are terrorist activity or not, he said.
*********************
USA Today
Instant messaging at work can open door to hackers
By Michelle Kessler, USA TODAY

SAN FRANCISCO That instant message you send from work could put your company's computer network at risk.

That's because popular free IM systems, such as AOL Instant Messenger and MSN Messenger, lack basic security features needed to protect corporate networks. That wasn't a problem when the systems, geared to consumers, were used for chitchat. But this year, 54 million people will use consumer IM systems on the job, research firm IDC says.

Security is kept lax so that they are easy to use. "They're this huge gaping security risk for companies," says Dan Ingevaldson of Internet Security Systems. Making changes:

Web company NetPOS.com stopped using free messaging when it realized "anybody sniffing the Net could see what we were doing," says Chief Technical Officer Chris Kaltwasser. Most free IM systems don't scramble messages as they travel via the Internet. The company now uses a secure service from Imici.
American Puzzles recently removed AOL Instant Messenger from its computer servers after suspecting that hackers were using it to try to break in. Co-owner Albert Farrell uses it to communicate with vendors but keeps it on a less crucial computer.
This fall, students at Embry-Riddle Aeronautical University will access the college's network through a portal that blocks consumer IM systems. They can use a secure system from tech firm Bantu. Chief Information Officer Marty Smith says many of the school's 20,000 students set up free accounts, creating a security risk.
First Community Credit Union of Houston put in a secure IM system from WiredRed two years ago because workers used the free ones.
AOL and Microsoft say the systems were never intended for sensitive messages. AOL says it is building a secure IM service for companies. Microsoft and others sell similar products. Costs vary. Some run about $35 a user.

Many firms think consumer IM systems are secure, says IDC analyst Robert Mahowald. He expects use to decline as more companies become aware of the risk. More than 50% of companies using IM use free systems not more secure ones that cost money, says INT Media Research.

Other companies don't know that employees install their own IM systems, which often bypass network safeguards such as anti-virus software and firewalls. That can create back doors for hackers.

The fallout can be huge. Last year, hackers stole hundreds of sensitive instant messages from the CEO of start-up eFront and posted them on the Net. Five executives resigned from eFront, which has gone under.
*******************
Tech News
Liberty Alliance expands membership
By Mike Ricciuti
Staff Writer, CNET News.com
May 28, 2002, 9:00 PM PT
http://news.com.com/2100-1001-927232.html

The Liberty Alliance Project gained five new members Wednesday, boosting Sun Microsystems' effort to outgun Microsoft's Passport online identification system.
The Liberty Alliance Project seeks to establish a standard method for online identification, so a computer user can log on to a Web site once, then have other sites recognize that user as authenticated. Microsoft already offers a single sign-on technology called Passport.

New members include Cingular Wireless, i2 Technologies, Nippon Telegraph and Telephone, SAP and Wave Systems. The companies join the Liberty Alliance as sponsors, meaning they can attend and vote in meetings. The Alliance, launched last September, now has more than 40 members, including United Airlines, Sony, Fidelity Investments, AOL Time Warner and others, according to Michael Barrett, who is vice president of Internet strategy at American Express and a member of the Liberty Alliance management board.

The Alliance also announced a new "affiliate" level of membership intended to boost representation among government agencies and nonprofit organizations, and an "associate" level membership that targets small companies. Affiliate-level membership is free of charge; associate members pay a fee of $1,000 per year, Barrett said.

The Alliance has yet to release a specification for how its technology will work. Barrett said the specification will be available this summer, as was originally planned.

In contrast, the number of Microsoft Passport users jumped to 14 million, from 7 million, between last August and February, according to a survey by market researcher Gartner.

Sun and other Microsoft competitors have waged a steady campaign against Microsoft's Passport as a way to give people a digital identity on the Internet. Sun instead favors a neutral method that's not controlled by a single company. Microsoft in September said it would retool Passport and open it to the broader business market, which could include rivals.

Critics of Passport, including AOL, Sun, privacy groups and state trustbusters, have challenged Microsoft's use of Windows XP and other desktop or Web products to drive Passport adoption.

Barrett downplayed competitive issues between the Liberty Alliance members and Microsoft, saying that board members have invited the software giant to join the Alliance. "Nothing has been decided. But we have built a very good working relationship with the Passport team," Barrett said.

Barrett also said that American Express, which took part in Microsoft's launch of .Net My Services, a consumer Web services plan that uses Passport extensively, is still debating how it will support both Passport and .Net My Services, in addition to the Liberty Alliance specification. "Companies that represent consumers tend to be more agnostic as far as things that go. It could be that over time, will see their (Passport's) lower level spec and our higher-level business concerns combined," he said.

Microsoft executives did not immediately respond to requests for comment.
******************
Washington Post
FCC OK Unleashes XtremeSpectrum
By Michael Bruno
Washtech.com
Wednesday, May 29, 2002; Page E05

It's been a long wait for Vienna-based XtremeSpectrum Inc.

The company has been developing semiconductor technology for wireless transmission of information since it was first funded in November 1998. But the ultra-wideband technology, caught up in a 3 1/2-year examination by the Federal Communications Commission, was just approved a month ago. The company now plans to ship its ultra-wideband chips to its business partners in the next two months.

The move means that by Christmas 2003, consumers may be able to wirelessly transfer movies, digital photos, MP3 clips and other large multimedia files between their computing devices at speeds 10 times faster than the current leading technology.

It also means that XtremeSpectrum hopes to become a leading provider of consumer-focused UWB technology, a field some analysts believe will burgeon soon.

UWB is the latest technology to take on the personal-area-network market, the mass of cables and electronic devices that pervades many homes and small businesses. For the past few years, users have had the option to go wireless, but the trade-off was that their data transfer speeds were not as fast.

Devices such as digital TVs, personal data assistants and MP3 players all use data formats where the speed of the data flow ranges from thousand of bits per second, such as MP3 at 320 Kbps, to millions of bits per second, such as DVDs at 10 Mbps.

Up to now, users had to choose from three formats -- Bluetooth, Wi-Fi (802.11b) or 802.11a -- to connect their equipment, and each has a downside. Bluetooth, once promoted by big-name tech companies, requires little power but offers speeds of only around 1 Mbps. Wi-Fi, the most prominent of the three technologies, offers speeds of 11 Mbps but needs more power. And 802.11a offers speeds of 54 Mbps but requires lots of power.

On the other hand, UWB promises speeds up to 100 Mbps and requires low power. A stand-alone device can be powered with a single AA battery, according to XtremeSpectrum.

The difference is in how the technology works. Traditionally, a carrier, such as a radio station, has an assigned frequency. UWB operates across a wide gamut of spectrum -- 3.1 to 10.6 gigahertz and 24 GHz -- and pulses the information instead of carrying it.

"We believe this will be a serious threat to Bluetooth and 802.11," said David Hoover, an analyst at the Precursor Group in Washington.

Gemma Paulo, a wireless analyst with Arizona-based market research firm In-Stat/MDR, is less sanguine. She said UWB could complement Bluetooth but that it is "not really" a serious threat because federal regulations say it must limit its effectiveness to within 10 meters -- although that limitation could be loosened.

According to In-Stat, the home networking market is expected to reach $3.5 billion in 2004 and $4.9 billion in 2006. The wireless portion of that market should hit $2.5 billion in 2004 and grow to $3.7 billion in 2006.

Neither Precursor nor In-Stat provide consulting or investment banking services, the analysts said. Their respective research groups also do not have financial relationships with the companies they cover.

The UWB concept was first developed in the 1950s but didn't get anywhere until the late 1970s when the Defense Advanced Research Products Agency, a research and development organization for the U.S. military, became interested. In other forms, UWB can be a radar technology that can "see" through walls, forests and under ground.

"They got very interested in ultra-wideband because of its very low cost," said Robert J. Fontana, president and founder of Germantown-based Multispectral Solutions Inc.

Multispectral Solutions has completed 64 contracts on UWB systems, such as ground-penetrating radar, with the military since late 2000. The 15-person company has been profitable from the start, and Fontana predicts that annual revenue will grow from almost $3 million to $4.5 million or $5 million as the federal government beefs up homeland defense efforts.

But before UWB could be applied commercially, the FCC had to approve it, and that was a long and controversial process. Since UWB spans a range of frequencies already used by wireless phone carriers and various federal agencies, including the global positioning system community, several established interests saw UWB as competition or merely interference. It took the National Telecommunications and Information Administration from September 1998 to February 2002 to negotiate a compromise. The FCC finalized its approval on April 23.

Because UWB pulses a low-power signal across a swath of radio spectrum, rather than streaming a signal on a specific frequency, it would not interfere with broadcasts on any one band.

"It probably produces less interference than a hair dryer being turned on," said Rich Doherty, an analyst at the Envisioneering Group of Seaford, N.Y.

Still, the FCC is permitting its use in stages; the radio-frequency noise from a UWB device must be2,000 times lower than that emitted by a personal computer, baby monitor or garage door opener. If that produces no interference with other systems, higher levels of power -- and increased range of effectiveness -- may be approved.

Likewise, because UWB does not boost a signal on a particular frequency, UWB providers do not have to use equipment needed to carry a signal, which in turn knocks down the cost of UWB products.

XtremeSpectrum invested heavily in winning approval of UWB. Although Martin Rofheart, XtremeSpectrum chief executive and co-founder, declined to discuss how much was spent lobbying the government, the company hired 18 people for the effort.

"It was huge," said analyst Hoover. "They spent a good portion of their [money] on lobbying."

It was worth it, Rofheart said. Because XtremeSpectrum -- formed a month after the regulatory debate began -- was so intimately involved in the regulatory process, its chipsets were ready as soon as the FCC gave the final go-ahead.

"We're trying to beat everyone to market," Rofheart said.

"They basically designed their [chipset] around how they thought the FCC was going to rule," analyst Paulo said.

Rofheart won't discuss revenue projections for 57-person XtremeSpectrum, but he said the company won't start counting sales until next year when its manufacturing partners start selling their consumer products during the holidays. He expects profitability in 2004.

Meanwhile, the company will rely on its venture capital. Funders include Cisco Systems Inc., Motorola Inc., Texas Instruments Inc., Alliance Technology Ventures, Granite Ventures and Novak Biddle Venture Partners. XtremeSpectrum officials have declined to discuss how much they have raised but plan to announce more funding, including new investors, within a month.

That's good news since the competition is growing. Multispectral Solutions is expanding from government sales to the commercial market. Fontana said his company would introduce geolocation services and audio networking, such as audio systems in churches and arenas, over the next six months.

XtremeSpectrum's leading rival, Time Domain Corp. of Alabama, has said its PulsON chipsets also will be available to its partners this year. Time Domain, which has an office in the District, is focusing on wireless broadband links and precision radar products.

According to analyst Hoover, Time Domain and XtremeSpectrum are sitting pretty: They are the leading companies in a marketplace that looks to take off.

"They definitely have their foothold," he said. "They're going to be around."

Paulo with In-Stat said XtremeSpectrum has the edge.

"Time Domain wants to be in the consumer space, but they don't seem to have an organized focus," she said. "XtremeSpectrum is the only company that seems to know how to play in the commercial realm. The other companies seem to be a little bit more disorganized."
*******************
Washington Post
Artesia Software to Track DreamWorks Files


By Nicholas Johnston
Washington Post Staff Writer
Wednesday, May 29, 2002; Page E05


Artesia Technologies Inc., a developer of software that helps companies manage large amounts of digital information, is going Hollywood with its latest software sale to entertainment studio DreamWorks SKG.

"It's not the biggest deal we've ever done, and it's not the smallest," said Artesia's president and chief operating officer, D. Scott Bowen. But it charts new territory for Artesia among entertainment companies.

"Adoption of technology like ours is really in its infancy" among many entertainment companies, Bowen said. "In terms of Hollywood studios, this is our first."

Rockville-based Artesia does count Discovery Communications Inc. in Bethesda and Home Box Office as other entertainment customers. Discovery uses Artesia's information management software to keep track of audio and video files. DreamWorks will use Artesia's technology for more efficient storage and online distribution of marketing materials such as movie trailers, pictures and promotional graphics.

"Typically things go back and forth to foreign territories quite a bit," said Tom Kotlarek, head of information technology at DreamWorks. "When you have to put those things on a disk and overnight express them around the world, costs can potentially add up."

Initially the software will be used only for still images and text documents, but Kotlarek said DreamWorks plans to expand use of the software to video clips and movie trailers and possibly to other non-marketing uses.

"We're starting with one department and we'll expand both in the types of assets and in the number of departments," he said.

Financial terms of the deal were not disclosed, but Bowen said the type of software platform DreamWorks bought costs $175,000 on average. There is also a yearly support fee that varies but is usually about 20 percent of the purchase price.

Artesia raised $26 million in venture capital financing in September 2000. The round was led by private equity firm Warburg Pincus Ventures and included other institutional investors and technology firms. Bowen said the company has plenty of cash available and should approach break-even status early next year.

"Capital-wise, we're fine right now," Bowen said. "Warburg Pincus has committed to fund the company operationally through that break-even point."

Bowen expects the company to do more fundraising in the next 60 days, with additional cash coming from Warburg Pincus and other strategic investors.

More stories in SOFTWARE online at Washtech.com.
*******************
Washington Post
State Cybersecurity Center In Doubt


William Welsh
Washington Technology
Tuesday, May 28, 2002; 8:43 PM


The plan for a national information sharing and analysis center to support cybersecurity at the state government level has not yet materialized, despite hopes that it would be ready soon.

Rock Regan, president of the National Association of State Chief Information Officers (NASCIO) and Connecticut CIO, said May 23 that the group remains determined to establish such a center and may issue a request for proposal soon.

"There are still a lot of unknowns. We don't know if it is doable or not," Regan said.

Chris Dixon, NASICO's digital government coordinator, said the principal matters to be addressed before the project can move forward concern funding and whether information provided by the states to the federal government would be subject to the Freedom of Information Act.

Dixon said the organization is confident it can secure adequate funding, but the funds might come from multiple sources, depending on the amount required. These sources might include federal and state funding as well other public and private funding, he said.

Aldona Valicente, a NASCIO past president and Kentucky CIO, said the federal government has encouraged the states to proceed with the project.

An information sharing and analysis center would record and report security breaches across state IT enterprises, provide early warnings to other states of network breaches, offer patches to fix violated systems and act as a clearinghouse for sharing best practices among states.

Reported By Washington Technology, http://www.wtonline.com .
********************
Washington Post
Net Governance Chief Will Step Down Next Year
By David McGuire
Washtech.com Staff Writer
Tuesday, May 28, 2002; 3:53 PM

The president of the organization that manages the Internet's global addressing system plans to retire next year.

At a closed-door meeting of the Internet Corporation for Assigned Names and Numbers (ICANN) this weekend, Stuart Lynn announced that he will retire from his duties as ICANN president next March, when his first term is set to expire.

Lynn cited the stress and demands of his job as key factors influencing his decision not to seek reappointment by the ICANN board of directors.

"I'm 65. This is a 7-by-24 job and I've got to take care of myself and my family," Lynn said.

Lynn said he will continue to spearhead a controversial effort to reform ICANN, which he said he hopes to complete before his departure next year.

"I plan to put as much of my energy as I can into making that successful," he said.

At a meeting in Ghana in March, ICANN voted to restructure itself, in the process abandoning plans to establish a global mechanism to allow ordinary Internet users to directly elect some of ICANN's leaders.

Instead, the ICANN board of directors ordered an internal committee to develop a plan to reform the organization, drawing on a proposal drafted by Lynn.

Lynn's retirement announcement came at an ICANN board meeting in Garden City, N.Y., over the Memorial Day weekend that was convened to discuss the efforts of the internal committee charged with mapping the reform process.

A key issue is how the ICANN board is comprised. The board currently includes five members (out of 19) who were elected by the Internet public in a pilot election two years ago.

Lynn and other ICANN insiders have questioned the reliability of large-scale online elections, saying that they are vulnerable to "capture" by special interest groups. Lynn said that officials elected by world governments would do a more comprehensive job of representing public interests online.

Public interest groups and ICANN critics have responded that public elections are the only way to keep ICANN's internal bureaucracy in touch with the needs of ordinary Internet users.

The ICANN reform committee is slated to issue its final report on Friday.

Lynn's retirement announcement coincided with the resignation this weekend of ICANN Vice President and Chief Policy Officer Andrew McLaughlin.

McLaughlin, who has been with ICANN since 1999, will stay on as a part time adviser.

Sometime in the next month, ICANN will covene a search committee charged with finding Lynn's replacement, ICANN spokeswoman Mary Hewitt said today. The committee will search for candidates internally and from the Internet community at large, she said.
******************
Federal Computer Week
Identity crisis
Proposed legislation renews debate about value of a national ID card

Shane Ham looks forward to the day when he can make a credit card purchase, borrow a library book, board an airplane, enter his locked office building or pay a parking lot fee all with one card his driver's license.

An encrypted biometric identifier would protect his license, making it utterly useless to anyone else thief, computer hacker or dishonest waiter.

When Barry Steinhart contemplates the same card, he is aghast.

The idea is dangerous for America as a society, Steinhart said. "It would facilitate the creation of the surveillance society that Americans have always resisted," he said.

Before long, Steinhart fears, the card will be demanded at doctors' offices, gas stations and highway tollbooths. It will be required not only for boarding airplanes, but for boarding subways and buses as well.

Every time a police officer, a security guard or a store clerk scans the card, Steinhart worries it will add to a database that keeps track of where the holder has been and what he or she has been doing.

To Ham, a technology policy analyst at the Progressive Policy Institute, the multiuse, smart card driver's license offers a neat technological solution to the glaring weakness of current identification documents and it throws in the benefit of promoting e-commerce and e-government.

To Steinhart, associate director of the American Civil Liberties Union, the idea is simply a national ID card disguised as a high-tech driver's license and is likely to evolve into an "internal passport."

Debate over national ID cards dates back decades. The Reagan administration briefly considered them as a way to discourage illegal aliens from entering the country an ID would be required to get a job. Then, during the 1990s, various versions of national ID cards were considered as ways to track "deadbeat dads," distribute health care benefits, control gun sales and reform Social Security.

All were rejected. "This idea has failed several other times," said Ari Schwartz, a policy analyst at the Center for Democracy and Technology.

But since the Sept. 11 terrorist attacks, calls for national ID cards are being heard again. "This is an attempt to push national IDs under the national security banner," Schwartz said.

Proposals in Play

In January, the American Association of Motor Vehicle Administrators launched the effort that now has the most momentum. AAMVA is urging Congress to require and fund the creation of more secure, nationally uniform driver's licenses. Driver's licenses, the association said, "have become the most requested form of identification in North America."

AAMVA wants all states to be required to adopt uniform and stricter standards by which states verify the identities of people applying for licenses. The association wants licenses to include a "unique identifier," such as a fingerprint or eye scan, as well as other security features. And it wants state databases to be linked so authorities in any state would have virtually instant access to the driving records of all other states.

Legislation introduced by Rep. Jim Moran (D-Va.) would fulfill AAMVA's wishes and then some. Drafted with help from Ham, Moran's Driver's License Modernization Act of 2002 would require states to issue driver's licenses with embedded "smart chips" to hold encrypted biometric data, such as a digitized fingerprint or eye scan.

A driver's data would take up only a fraction of the chip memory. The extra space could be partitioned to hold additional applications, from credit card accounts and digital food stamps to voter registrations and fishing licenses. The license could also hold a digital signature, enabling license holders to verify their identities online.

That feature, the Progressive Policy Institute contends, "will jump-start the New Economy, making off-line and online transactions more convenient and more secure than ever before."

AAMVA asked for $100 million to fund the uniform license initiative, but Moran has proposed spending $315 million. He introduced his bill May 1 with Rep. Tom Davis (R-Va.), decrying that terrorists had been "able to weave into the fabric of American society" by fraudulently obtaining driver's licenses. He said his legislation "could make a profound difference in personal and national security."

Moran ensured that his legislation would prohibit using the new driver's licenses to track individuals. The bill contains "very strict controls for privacy," he said.

National ID or Not?

Ham, who explained the technical details of the bill, insisted, "This bill does not create a national ID card in any sense."

That's a claim the ACLU and others dispute. "It clearly establishes a national ID system," said Katie Corrigan, the ACLU's legislative counsel. And a committee of the prestigious National Academy of Sciences agrees.

In a report in April, the committee said the "AAMVA proposal to link state motor vehicle databases is a nationwide identity system. So is the recent proposal to create a traveler ID and database to expedite security checks at airports."

A "trusted traveler card" for frequent airline passengers is being developed by the Transportation Department. Like the smart driver's license, the trusted traveler card would contain a biometric identifier and personal information in digital form.

To qualify as trusted travelers, individuals would have to be thoroughly screened by law enforcement agencies to ensure that they pose no security threat. Then, with trusted traveler cards in hand, they would be allowed to move quickly through airport security checkpoints while other travelers are subjected to more thorough searches.

But shortening lines at airports and ensuring the identities of driver's license holders is just a fraction of what the ID cards and their associated computer systems can do, according to the National Academy of Sciences' Committee on Authentication Technologies and Their Privacy Implications.

Every time a driver's license or trusted traveler card is used, it could create another footprint in an electronic trail left by its owner, compiling a record of individuals' travel, purchases and other activities. The cards would permit "a tremendous amount of tracking," said Stephen Kent, the committee's chairman.

To Kent, that raises serious questions: "Under what circumstances would you be required to present the ID? Every time you use a credit card? When you pay for something with a check? When you use cash to make certain purchases?"

From a law enforcement perspective, the enormous amount of data that could be collected might open a vast front for investigation. Data mining could detect "abnormal or suspicious patterns of behavior that accompany the planning or execution of a terrorist act," the committee wrote.

An unusual series of gun purchases, atypical sales of explosive materials or suspicious money transfers uncovered by data mining could point police toward potential terrorists or criminals, Kent said. It could also, however, cast suspicion on entirely innocent activity. Such data collection and analysis would also constitute an enormous invasion of privacy that "the country as a whole would have to buy into," Kent said.

Personal Protections

To alleviate worries about high-tech driver's licenses, AAMVA officials are urging Congress to strengthen the Driver's Privacy Protection Act of 1994 to prohibit private entities from collecting data from the smart licenses, according to Jay Maxwell, president of AAMVA.net, a telecommunications affiliate of the association.

For example, a bar might require patrons to swipe their smart driver's licenses through a card reader to verify that they are old enough to drink. But while the electronic card reader is checking the holder's age, it can also record name, address and other personal information. Using the card for age verification is fine, Maxwell said, but AAMVA wants to make collecting other information illegal.

AAMVA officials also want states to do a better job of verifying the accuracy of personal information license applicants submit before licenses are issued. That means more thorough background checks. Over time, making driver's licenses more secure could improve the reliability of other documents as well, Maxwell said. Social Security numbers, passports and other official documents are issued, in part, on the strength of identification provided by driver's licenses.

But today, driver's licenses can be bought on street corners and the Internet. "A tremendous amount of counterfeiting goes on now," Maxwell said. "The average slob in his basement can whip [up a driver's license] in a moment, and they do. We've got to close that down."

Still, the current driver's license debate never strays far from the subject of national security.

Sen. Richard Durbin (D-Ill.), who also intends to introduce legislation based on AAMVA's plan, said better driver's licenses are needed to "help us seal some of the cracks in our internal security systems."

"We learned that some of the terrorists who were responsible for the Sept. 11 tragedy carried driver's licenses issued to them by states that had extremely lax application processes," Durbin told Senate colleagues last winter.

"A driver's license is a key that opens many doors," Durbin said. "In America, anyone who can produce a valid driver's license can access just about anything. It can get you a motel room, membership in a gym, airline tickets, flight lessons and even the ability to buy guns, all without anyone ever questioning you about who you are. If you can produce a driver's license, we just assume that you are legitimate and you have a right to be here.

"My bill is about making the driver's license, which some consider a de facto national ID card, more reliable and verifiable as a form of personal identification than it is today."

Durbin's law would have AAMVA set standards that states would follow to verify identities before issuing driver's licenses. He would also give state motor vehicle officials limited access to Social Security Administration and Immigration and Naturalization Service databases to check identifications.

National Security

But will better ID cards really improve national security?

"No one really knows if a nationwide identity system could detect or deter terrorism," the National Academy of Sciences committee wrote. "Unless the database of suspects includes a particular individual, the best possible identity system would not lead to apprehension."

Better identification probably would not have prevented the Sept. 11 attacks, conclude computer scientists from Computer Professionals for Social Responsibility, a public interest alliance.

Most of the terrorists were in the United States legally, most had no records to trigger suspicion of the FBI or other security agencies, and the terrorists apparently made no effort to hide their identities, the group said. Thus, verifying their identities would not have aroused suspicion or led to their arrests.

"Knowing the identity of people will not prevent crime," the group said.

Ironically, high-tech driver's licenses themselves could create new opportunities for crime, according to Chris Hoofnagle, legislative counsel for the Electronic Privacy Information Center. Greater use of driver's licenses not just as permits to operate motor vehicles, but for access to government and commercial services "dramatically raises the incentives to forge or steal such credentials," Hoofnagle said.

"The economic incentive to counterfeit these cards could turn out to be much greater than the economic incentive to counterfeit U.S. currency," warns the National Academy of Sciences committee.

But there is another reason Moran's proposal to use chip-bearing smart cards as driver's licenses is alarming, Schwartz said. "Smart cards can be easily hacked." In May, two computer security researchers disclosed that they were able to retrieve protected information from smart cards using a camera flashgun and a microscope.

And there is a constant game of "hack and patch" played in the chip card industry, Schwartz said. Suppliers of satellite TV service, for example, have found that they must frequently switch smart cards to foil hackers. "It's one thing if a hacker is getting free satellite TV. But once someone's biometric is stolen, that's major trouble," he said.

Consider what would happen if one person's personal information was stolen and linked to another's biometric identifier. "It would be extremely difficult for victims of identity theft to prove their identity once a biometric other than theirs is associated with their driver's license," Hoofnagle said.

Licenses using magnetic stripes and other forms of memory, electronic chips and even biometric identifiers are all, to some degree, susceptible to forgery, the National Academy of Sciences committee said. Even if the cards themselves were foolproof, the large numbers of state employees needed to create the cards and maintain the databases would offer numerous opportunities for error and fraud.

But Kent said his committee is not ready to recommend against smart driver's licenses, trusted traveler cards or even national IDs. "We expressly did not take sides in this debate," he said, but called for much greater public scrutiny and a thorough engineering analysis of any proposed national ID system.

"We felt that the right thing to do was come up with set of questions," Kent said. Thus committee members, who include university faculty members and industry researchers and executives, raised dozens of questions about matters ranging from legal to technical concerns:

When must the ID be carried? When must it be presented to a government official? What happens if the holder refuses to present it?

May only the government use or request an ID? Under what circumstances? Which branches of the government? May any private person or commercial entity request presentation of an ID within the system? May any private person or commercial entity require presentation of an ID?

What happens if the ID has been lost or stolen? What if the infrastructure is down and the ID cannot be verified?

So far, there are few answers. "We felt at the time we were preparing the report that hardly any of the questions had been addressed," Kent said.
******************
Los Angeles Times
Ventura County to Go Live on the Web
Technology: Computer users will be able to view the weekly Board of Supervisors meetings. Only a handful of local governments in the state offer such a service.
By CATHERINE SAILLANT
TIMES STAFF WRITER

May 28 2002

The Ventura County Board of Supervisors meetings are going global.

Starting next week, anyone with an Internet connection can watch the five politicians hash out county policy, set sewer rates and, occasionally, trade insults.

Ventura County joins only a handful of local governments in California that have put live sessions on the Internet, said Matt Carroll, the county's chief information officer. The county may be particularly well-suited for the technology because it ranks No. 1 in the state for homes with high-speed Internet connections, Carroll said.

The board's weekly Tuesday meeting, which begins at 8:30 a.m., will be relayed live with sound and pictures.

"Maybe we should call it 'Tuesday Morning Live!'" Chief Deputy Executive Officer Bert Bigler said, joking.

A copy of each meeting will be available on the county's Web page for three months. That way, someone who wants information on a particular issue can download previous meetings to see what happened, Carroll said.

Meetings will also be available to the public on compact disc.

To find the link to live board meetings, go to the Web page, at www.countyofventura.org.

The public's first chance to check out a live meeting will be June 4.
******************
Federal Computer Week
Mixed messages

In March, a poll of 1,120 Americans by the research organization Gartner Inc. concluded that "U.S. citizens remain wary of a national ID system...even though virtually all U.S. citizens already have a de facto national ID in the form of a driver's license."

Researcher Richard Hunter said his poll revealed that 41 percent of Americans oppose the idea of national identification cards and only 26 percent support it.

Yet just two weeks later, a poll by the American Association of Motor Vehicle Administrators (AAMVA) found that 87 percent of Americans favor a nationwide plan to issue driver's licenses with biometric identifiers. And 88 percent of those polled favor linking state motor vehicle databases so that law enforcement officials anywhere could check records on anyone with a license.

AAMVA concluded that the "American public overwhelmingly favors cooperative state and federal efforts" to replace current driver's licenses with high-tech licenses and a national system of linked driver databases.

Why such different findings?

The answers depend a lot on what questions are asked and how they are asked, according to the National Council on Public Polls. "Polls usually are not conducted for the good of the world. They are conducted for a reason either to gain helpful information or to advance a particular cause," according to a council report.

Gartner researchers asked poll participants about "national ID cards" and "national ID databases" as part of its ongoing research into technology and national security, said Hunter, who headed the Gartner effort.

AAMVA, on the other hand, asked about a plan that "strengthens the current system of issuing a driver's license or ID card," closes "loopholes" in license issuing and makes licenses "more resistant to tampering and counterfeiting."

Gartner's findings:

* Opposition to a national ID database is particularly strong in the South, West and Midwest.

* Americans trust banks and credit card companies more than government agencies to manage databases of personal information.

* The agencies that Americans trust the least are state motor vehicle departments and the Internal Revenue Service.

* The public strongly supports the use of national ID cards for airport security and for foreigners seeking entry into the country.

* Overall, "people are quite suspicious of what governmental agencies might do" with ID cards and personal data.

AAMVA's findings:

* 65 percent of Americans believe it is too easy to obtain a false ID card, such as a fake driver's license.

* 77 percent favor modifying the current system of issuing driver's licenses and ID cards.

* 87 percent say driver's licenses should be made more resistant to tampering and counterfeiting by using biometrics such as fingerprints and holograms.

* 88 percent say states should be allowed to search one another's records to verify the identities and driving histories of those applying for driver's licenses.
*************************
Federal Computer Week
A critical difference

Talk of data mining and electronic tracking exasperate officials at the American Association of Motor Vehicle Administrators.

"The only thing we're interested in tracking is driver information," insisted Jay Maxwell, president of AAMVA.net, a telecommunications affiliate of the association.

"People confuse what the technology is capable of doing with what we're planning to do with the technology," he said. "If we don't design a system to track, it won't track."

More secure driver's licenses are not national ID cards, Maxwell said. He outlined several differences:

* National ID cards would be mandatory, but no one is required to get a driver's license. Licenses are issued only to those who can pass driving tests.

* When asked for an ID, people can use something other than a driver's license.

* A national ID, presumably, would have to be carried at all times. A driver's license can be revoked for poor driving, failure to pay child support, theft of gasoline and other offenses.

"The purpose we're pursuing is only tangentially related to terrorists," Maxwell said. "We're primarily interested in highway safety."

Smart cards with biometric identifiers and security features such as holograms would make driver's licenses harder to counterfeit, and interconnected driver databases would give police access to driving records. That would make it much harder for bad drivers to get new licenses, according to AAMVA. And better driver's licenses could reduce underage drinking and alcohol-related crashes, Maxwell said.

Those who fear electronic tracking should be more concerned about credit card companies, telephone companies, Internet businesses and other corporate entities that already collect, analyze, store and sell vast amounts of personal data, Maxwell said. "To a certain extent, we already have tracking with private-sector data warehouses."
********************
Federal Computer Week
Will privacy be protected?

Since the events of Sept. 11, some commentators and a few government officials have begun calling for the collection, analysis and use of ever more information on American citizens and others who are legally in the country. At first blush, this may seem reasonable. However, these efforts could represent a severe threat to individual privacy interests, depending on how they are implemented.

The chief protection for personal information collected by the U.S. government is the Privacy Act of 1974. Under this law, government agencies in general are prohibited from disclosing any "record" on any individual that is "contained in a system of records," including computerized information and databases, without that person's consent.

The law includes numerous procedural safeguards to ensure compliance and stipulates that any government employee who knowingly discloses private information in violation of the law is subject to criminal penalties.

Because the law is designed to protect individual privacy interests, agencies are allowed to release information they collect if they first delete from the records all identifying features that would enable the information to be associated with particular individuals.

The Privacy Act applies to many government contractors "when an agency provides by contract for the operation by or on behalf of the agency a system of records to accomplish an agency function." Moreover, the law explicitly states that the contractor's employees are subject to the same criminal penalties for improper disclosure of private information as are government personnel.

All of this sounds like a lot of protection for the personal information collected by the government and its agents. However, there are a number of exceptions, some of which are big enough to drive a truck through.

Most important is an exception that allows agencies to disclose personal information to anyone at any time for any "routine purpose." A "routine purpose" in this context is any purpose that is compatible with the one for which the information was collected in the first place, as long as the agency has previously published in the Federal Register a notice that information of that sort might be disclosed.

For example, a court recently found that the exception allowed an agent of the Bureau of Alcohol, Tobacco and Firearms to inform a condominium association that one of its members was requesting a gun dealer's license, because the disclosure was compatible with the bureau's need to verify information on the member's application.

Allowing federal agencies to collect and keep the kinds of extensive information on Americans that some people are advocating is not necessarily a clear solution. One thing is clear, however. If Congress is going to allow this, it should first strengthen the Privacy Act in order to ensure that the information is not used to the detriment of innocent Americans.
********************
Federal Computer Week
Great expectations
Editorial

The 6-month-old Transportation Security Administration has an opportunity to do what many agencies likely dream about: build an agency and an information technology infrastructure from scratch.

TSA is preparing to launch a $1 billion-plus contract to give it the latest and greatest technology it needs to equip and connect its far-flung offices and airports around the country.

Many agencies would love to toss out their legacy systems and aging applications and construct a gleaming new IT infrastructure that would propel them into the interactive world of e-government. What's more, TSA, with its homeland security role, is attracting procurement, technology, security and other experts from across government who want to make the agency's vision a reality.

But creating an agency from scratch under any circumstance is no easy task. Thousands of moving parts must come together.

Sharing information with other agencies still struggling to replace their aging systems will be a challenge. Add to that the pressure of the schedule that governs TSA's every move and its central role in securing air travel, and it's clear that the road ahead is a long one.

It appears, however, that TSA is on the right track. According to its most recent update to Congress, the agency is incorporating the items in the President's Management Agenda to make it a truly performance-based organization.

For instance, it will be able to automatically tie resource requirements and expenditures to performance and results. In accordance with the Government Performance and Results Act, TSA has laid out specific goals, such as improving customer satisfaction, and ways to measure progress. On April 25, the agency launched an initial system that collects performance data and presents the information via Web-based reports.

TSA must make sure this work continues. Agency officials can't let their desire for a quick fix distract them from doing it right the first time around. This is an opportunity that can't be missed.
*********************
Federal Computer Week
Weldon envisions virtual hearings

If one Congressman has his way, a virtual hearing room on Capitol Hill will help transform the legislative process.

Imagine this: The United States has suffered an embarrassing military blunder on a base in the Pacific Rim and members of Congress want answers. The House Armed Services Committee is demanding a hearing on the gaffe and has given the commander of the installation less than 24 hours to prepare a brief on the events.

Without hesitation, the commander, seated in his office halfway around the world, agrees and soon begins briefing the full committee seated comfortably in a Capitol Hill hearing room.

Right now, this hearing scenario is impossible. But Rep. Curt Weldon (R-Pa.) has made it a priority for next year to create a virtual hearing room on Capitol Hill.

Speaking last week at the International Quality and Productivity Center's Network Centric Warfare 2002 conference, Weldon said the key to getting Congress' support for funding military transformation initiatives is educating members and making them adapt.

Most members of Congress do not understand network-centric warfare which seeks to make data available to those who need it across the organization or on the battlefield or consider it a priority because there is not a natural constituency for the concept as there is for building more warships, he said.

"Legacy systems have the attention of Congress; transformation doesn't," said Weldon, who is chairman of the House Armed Services Committee's Military Procurement Subcommittee. "If we expect to win the battle of network-centric warfare, we have to have a transformation of the Congress as well."

To do that, Weldon said he'd like to see a virtual hearing room built in one of the congressional buildings on Capitol Hill. The room would be equipped with secure workstations for all the members and enable real-time programming to locations around the world.

For example, if the engineers at the Army's Communications-Electronics Command in Fort Monmouth, N.J., developed a revolutionary piece of technology and wanted to brief Congress on it, they could do so without having to come to Capitol Hill, Weldon said.

John Garstka, assistant director of concepts and operations in the Office of Force Transformation in the Office of the Secretary of Defense, said that he's seen similar capabilities, specifically videoconferencing and visualization tools, used in comparable settings and does not see why it couldn't work on Capitol Hill.

"I would not see any technological challenges," Garstka said, adding that politics and resources would be the main obstacles. "If Congress wanted to do it, they could fund it."

If funding is made available, other issues would need to be addressed, such as security and bandwidth capabilities.

When asked if Congress could do something similar, Fredric Lederer, chancellor professor of law at the College of William and Mary, said, "It's a cinch, but it depends how high-tech you want to go. The concept of [virtual] hearing rooms on Capitol Hill is a very fine idea because it allows Congress the opportunity to take testimony from those that can't travel and replicate things" that aren't easily done in Washington, D.C.

Still, security would be a major concern, especially for members wanting to conduct briefings on top-secret subjects.

"The key word is 'secure' as far as the setup goes," Lederer said, adding that the defense and intelligence communities have defined levels of security to meet, and even that might not be enough. "I'd assume there are subjects they couldn't ever talk about in that room."

If security and bandwidth issues were addressed, a virtual hearing room could be set up in about a week, he said.
*******************
Federal Computer Week
Anti-terror bills march forward

Congress is moving forward to put money and muscle behind programs to fight terrorism and protect the homeland.

The House passed a bill early this morning to provide $29 billion to fight terrorism at home and abroad. Billions would be showered on information technology projects to tighten security systems and fund such tools as devices that detect explosives at airports. The Senate is considering a bill with even more money $31 billion.

The money is the second installment of anti-terrorism funding in fiscal 2002 since the Sept. 11 attacks. Late last year, lawmakers approved $40 billion for fiscal 2002. Lawmakers are working on other spending packages for fiscal 2003.

The House approved several other anti-terrorism measures, which still await Senate action, including:

* Approving a bioterrorism package that would give authorities more clout in preparations for and responding to public health emergencies.

* Authorizing $9.1 billion for the Customs Service to purchase and deploy anti-terrorism detection equipment along the Canadian and Mexican borders.

* Authorizing $100 million for the Department of Veterans Affairs to develop four new research centers, with at least one focused on biological terrorism, one on chemical and one on radiological threats.
********************
Federal Computer Week
FAA workers to get smart cards

The Federal Aviation Administration plans to equip all of its employees with smart cards as part of a new pilot program.

"This will be the second-largest agency rollout," said Bill Holcombe, director of e-business technologies at the General Services Administration. "That's significant. With these congressional mandates, if the FAA does it first, we'll all be watching very closely."

Since the Sept. 11 terrorist attacks, federal officials have pushed agencies to bring secure identification technologies into the public sector. The Aviation Security Act requires the Transportation Department to develop a universal transport worker ID system.

"The FAA is mirroring the pressure that all the government agencies have," said Randy Vanderhoof, president and chief executive officer for the Smart Card Alliance, a nonprofit association of 185 firms that promotes the use of smart card technology.

The Defense Department began handing out the Common Access Card, a secure, multi-application smart card, in October 2001. Delaying its target delivery by a year, DOD now hopes to get the cards to each of its 3.5 million workers by October 2003.

Meanwhile, the FAA is getting ready to launch its own smart card program. Although the agency is much smaller than DOD, with about 51,400 employees, it will serve as a model for the entire Transportation Department, including the high-profile Transportation Security Administration.

The FAA expects to release a request for proposals for the pilot in the next couple weeks, said Tammy Jones, a spokeswoman for the agency.

The cards initially will have holograms and eventually will include some type of biometric technology, said Jones, adding that workers will use them to gain physical and systems access. The FAA anticipates benefits that include standardizing the process for handling badges, reducing the number of IDs issued and being able to deactivate cards when employees leave, she said.

A top priority is ensuring interoperability throughout DOT, said Dan Mehan, FAA's chief information officer, speaking May 22 at the Information Technology Association of America's E-Security and Homeland Defense conference in New York City.

GSA already has developed smart card interoperability specifications. A final version will be out this summer, Holcombe said.

"We think it's critical agencies follow the specifications to avoid ending up with proprietary systems that can't talk to each other," he said. "The government has a great foundation for them to depart from."

DOD, which began its program before the specifications were out, said it would align with GSA's specifications, he added.

The FAA "will be wise to follow that standard," Vanderhoof said. "The challenge is very significant. The issue is to marry the policy decision along with the technology decision so the architecture is workable within the way the government does business."******************
Federal Computer Week
DOD tech pushed for first responders

Rep. Curt Weldon (R-Pa.) included an amendment in this year's Defense authorization bill that would enable the nation's firefighters and other emergency response personnel to use DOD-developed technologies to help them do their jobs better and safer.

Speaking May 22 at the International Quality and Productivity Center's Network Centric Warfare 2002 conference in Arlington, Va., Weldon said he didn't see why a firefighter shouldn't have access to the same thermal imaging unit or other tools that soldiers in the battlefield use if civilian agencies could use them to save lives.

"Why is the life of a firefighter less important than the life of a soldier?" Weldon asked.

To help put appropriate military-driven technologies in the hands of civilian personnel who need them, Weldon said he would like to establish a National Technology Transfer Center. (The center would be different than the organization of the same name that is designed to help government contractors transfer their technology into the commercial market.)

The amendment calls for DOD to find "an independent, nonprofit, technology-oriented entity that has demonstrated the ability to facilitate the transfer of defense technologies, developed by both the private and public sectors, to aid federal, state and local first responders."

Specifically, it calls for DOD to establish an outreach program in coordination with the Interagency Board for Equipment Standardization and Interoperability and first responders to develop an awareness of available technology and equipment to support crisis response.

"The idea is to take cutting-edge military technology and transfer it to the civilian community," Weldon told Federal Computer Week, adding that the focus will be on firefighters, emergency medical workers and other first responders because DOD has already begun sharing with the law enforcement community.

Weldon said he would like to see the center serve as a "central operations center" and run by a nonprofit organization. He intends to meet next week with representatives of one such organization, Battelle, to discuss the project.

The amendment calls for the secretary of Defense to enter into an agreement with a technology partner by Jan. 15, 2003, and to submit a report on the actions taken and strategic plan developed to the House and Senate Armed Services Committees by March 15, 2003.
********************
Federal Computer Week
Intrusion-detection net revived

The General Services Administration and Carnegie Mellon University this fall will start testing a new technology to analyze and report on patterns in the cyber intrusion information gathered across government, an idea that was first floated and eventually sunk two years ago.

The data analysis capability (DAC) being developed by the CERT Coordination Center for GSA's Federal Computer Incident Response Center will analyze data already being collected by intrusion- detection systems at many agencies, said Sallie McDonald, assistant commissioner for information assurance and critical infrastructure protection at GSA.

Those systems typically report on unusual or unauthorized network activity that might indicate that someone is attempting to attack or break into agency systems. The DAC will gather data from the sensors or from agencies' own analyses at a central point within FedCIRC for identification of potential vulnerabilities and attacks.

That analysis will then be shared with participating agencies, along with steps to protect against, react to or recover from any incidents, McDonald said. FedCIRC is the overarching source for security incident warnings and analysis for all civilian agencies.

The idea of a governmentwide system for analyzing intrusion-detection data first emerged in 1999 as part of the Clinton administration's National Plan for Information Systems Protection.

Privacy concerns raised by advocacy groups and Congress after erroneous reports that the analysis would be performed on private-sector networks as well as government networks forced GSA and the administration to withdraw the proposed Federal Intrusion Detection Network in 2000.

Even as more agencies turn to vendors for intrusion data analysis within their own networks, this type of centralized analysis capability is a necessary tool for raising the entire government's information security posture, said Amit Yoran, a former director of the Defense Department CERT's Vulnerability Assessment and Assistance Program.

And it is technically feasible to analyze the vast amount of information that the DAC will have to handle from all of the civilian agencies, said Yoran, co-founder of Riptech, a managed security services company. Riptech handles approximately 2 terabytes of incident information every day from all of its government and industry clients, he said.

As an incentive for agencies, GSA will allow participants in the pilot project to use the technology to analyze their own incident information in real time, McDonald said. That analysis will then be sent to FedCIRC to map the governmentwide incident and vulnerability status.

If the pilot project is successful, the DAC is expected to reach full operating ability in fiscal 2003, she said.
************************
Federal Computer Week
Industry opposes security standards

The private sector has signaled its opposition to language requiring the National Institute of Standards and Technology to develop benchmark security standards for federal agencies. The wording was added May 17 to a bill passed by the Senate Commerce, Science and Transportation Committee.

Industry representatives said last week, however, that they hope to work with the committee to resolve their opposition to the amendment to the Cyber Security Research and Development Act (S. 2182), which seeks to improve federal information security.

Working through NIST and the National Science Foundation, the act would inject more than $900 million into security research, grants, training and education during five years. A companion bill passed the full House in February.

Educators and researchers have often called for such rates of federal funding in recent years, and researchers in industry and academia have praised the act since it was introduced in the Senate this year and in the House at the end of last year.

The amendment, offered by Sens. Ron Wyden (D-Ore.) and John Edwards (D-N.C.), increased the funding level. But it also added a requirement for NIST to establish benchmark security standards for federal agencies developed in conjunction with industry, academia, the Office of Management and Budget and the CIO Council. Under the amendment, those standards would be reviewed and updated at least every six months.

The standards would be "a baseline minimum security configuration for specific computer hardware or software components, an operational procedure or practice, or organizational structure that increases the security of the information technology assets of a department or agency," according to the amendment.

Other requirements in the amendment include reports by the National Academy of Sciences and the CIO Council (see box).

The Business Software Alliance (BSA) and the Information Technology Association of America (ITAA) oppose the idea of standards. According to both organizations' statements, establishing such standards would hinder efforts to quickly respond to changing security threats and could possibly spill over to impose standards on the private sector.

Officials for both organizations said they are working closely with the committee staff, and BSA officials are "optimistic that we can get something resolved before the bill gets to the floor," said Jeri Clausing, director of public relations for policy at the alliance.

However, only the complete removal of the standards language would be acceptable to ITAA, said Shannon Kellogg, vice president for information security programs at ITAA.

"The bill as originally proposed is something that we've been supportive of," Kellogg said. "But anything that's in the bill that focuses on the standards area is unacceptable."

The committee's intention was not to set technology-specific standards that could block innovation or new technologies, according to a staff member who asked not to be named.

If agencies were not already paying attention to the problem of accountability and standards, and were not already working internally to address those issues, then congressional action might help raise awareness, said Harris Miller, president of ITAA.

But since agencies are in fact taking action on their own, any standards will only cause confusion or harm, he said. Any accountability measures should focus more on performance, and such measures are already included in the bills to reauthorize the Government Information Security Reform Act of 2000, Miller said.

***

Reporting on standards

An amendment to the Cyber Security Research and Development Act submitted by Sens. Ron Wyden (D-Ore.) and John Edwards (D-N.C.) would mandate several studies to determine whether requiring agencies to adopt benchmark security standards would benefit or harm the agencies

.
For one report, the National Academy of Sciences would examine the impact of the security standards on agencies. That study, which would have to be completed within three months after the bill becomes law, would look at the following issues:

* The extent to which an agency's security would be improved by the adoption of benchmark standards.

* The operational benefits, costs and consequences of adopting such standards.

* The effect of agencies' different security needs on determining and adopting standards.

The CIO Council would be required to submit a report to Congress within three years providing details on three issues:

* The status of the adoption of benchmark standards at each department and agency.

* The costs associated with such adoption.

* Any barriers to adoption and recommendations for overcoming such barriers.
***********************
Federal Computer Week
To protect and serve
Web content management software protects servers against hackers

Paranoia can be a healthy trait when it comes to Web security. Most Web sites, including those at federal agencies and departments, are far more vulnerable than even most Webmasters believe.

Hackers recently compromised a system hosting thousands of "parked" domains that, instead of showing the usual "Under Construction" banner, featured an image of a mutilated rag doll along with a taunting message indicating that the site had been pirated.

It could happen to you. A recent study by Gartner Inc. predicted that 50 percent of all small to midsize enterprises would be hacked by 2003, with almost 60 percent of those not even knowing they had been hacked.

The increasing vulnerability can be attributed to a rise in hacking activity, but it is also caused by the ever-increasing complexity of Web sites today. Not so long ago, manual methods could be employed, such as looking at each piece of content and repairing it as needed. The complexity of today's Web sites including numerous pages, images and associated features make this manual method ineffective.

Fortunately, there is a solution: Lockstep Systems Inc.'s WebAgain Version 2.5. By acting as an intermediate server, the software ensures that content is staged and preserved before deployment on the Web site. At configurable intervals, the staging server will query the Web site and compare files for differences. Should one be found, the contents and/or files are captured and quarantined on the Lockstep server, and the original content is restored. The sofwware puts an entry in a log and sends a message to the administrator.

Although many products on the market today, such as Tripwire for Web Pages from Tripwire Inc. and Watchguard AppLock from Watchguard Technologies Inc., offer similar protection, only WebAgain is able to tout self-healing capabilities via content restoration without human intervention.

In addition to protecting against deliberate hacker attacks, the solution is a great way to eliminate the threat of accidental content corruption by well-meaning but perhaps technologically deficient employees. Moreover, it also serves as a wonderful audit trail for all changes made to the Web site. What makes it even better is that, should you decide to implement it, the only change in process is that you publish to the WebAgain server rather than directly to your Web server.

New features in this release include increased security via support for virtual private network tunnels and virtual directories, faster performance, a Japanese version and compliance with Microsoft Corp. Windows XP.

Installation and setup of the application was easy and straightforward. Upon completion of installation, the software immediately guided me to the Web site management wizard, where I quickly configured the solution to work with a simple Web site consisting of three main pages and six subpages. Within this interface, I defined the way the content would be transferred (FTP, shared folder, etc.), whether it would sit behind a firewall and the number of times the site would be tested.

By making adjustments such as simple price changes on static pages, replacing images and putting additional files on the Web server, I was able to create a nice test bed from which to operate. Because I had previously set the frequency of scans to 15 minutes, I needed to wait that amount of time to see whether my changes were recognized.

As expected, the solution caught my changes, informing me of each infraction via my selected method, e-mail. Should I have wanted, a Simple Network Management Protocol event could also have been generated and transmitted to an administrator.

During testing, I found very little to complain about. The only concern is that the server runs as a Windows NT service, making it less than ideal for agencies that are pure Unix shops.

Aside from that, I found WebAgain to be an excellent tool, and I highly recommend it. Its low price, ease of use and extra protection make it a must-have tool in any situation where content security is important to Webmasters.

Fielden is a freelance writer based in St. Paul, Minn. He can be reached at tfielden@xxxxxxxxxx
*********************
Federal Computer Week
Wireless on the battlefield
Commercial products not always best security solution for Defense Department

Concerns over battery life, the need for ruggedized machines and ever-present bandwidth issues are among the many obstacles that the Defense Department faces as it attempts to outfit soldiers with reliable, interoperable wireless communications on the battlefield.

But securing those communications is still far and away the biggest challenge the department must overcome. And despite a push to use commercial off-the-shelf (COTS) solutions to do it, those solutions may not be the best answer, according to some academic and industry experts.

Marine Corps Lt. Col. J.D. Wilson, team leader for tactical wireless in the program manager's office for communications systems, said the military has a "burning need" for tactical wireless communications and asked the private sector to develop the technologies necessary to make that happen. He spoke at an Armed Forces Communications and Electronics Association information technology conference earlier this month in Quantico, Va.

The problem for the military in using COTS solutions on the battlefield is that the solutions are being used in environments and exposed to threats for which the developers never planned, said John McHugh, senior member of the technical staff at the CERT Coordination Center at Carnegie Mellon University in Pennsylvania. "The information I've seen says we're in a lot of trouble," McHugh said.

Eugene Spafford, director of the Center for Education and Research in Information Assurance and Security at Indiana's Purdue University and a participant in a separate forum on wireless security in Washington, D.C., agreed. The issues surrounding security for wireless communications, he said, connect to a higher-level issue in government procurement: an over-reliance on COTS products.

Spafford said that although COTS products may be inappropriate for certain situations, the fact that they are more affordable than the alternatives means the government will buy them anyway.

"It's a symptom rather than a feature," he said. "Why would you use a COTS product for a high-reliance, high-risk environment" if it wasn't developed for that purpose? Instead, DOD should use a long-range architecture plan to accommodate systems on the battlefield, rather than buying COTS solutions and altering them, Spafford said.

Wilson said the Marine Corps uses traditional radios to send encrypted "data grams" through modems on voice networks to reach a destination, but would like to move to a wireless, peer-to-peer environment that would also enable multicasting and avoid "manual intervention."

The solution may come through DOD's Joint Tactical Radio System (JTRS), which is essentially a computer with a radio front end. The software-programmable, multiband, multiuse radio will permit communications across DOD services, something that has been difficult or impossible because of radio frequency problems, Wilson said.

DOD is requesting $172 million for JTRS in fiscal 2003, up from $165 million in fiscal 2002.

Still, there will be a time in the near future when traditional radios work side-by-side with software-programmable models, "and we'll need to be able to route and secure them properly," Wilson said.

Stephen Orr, a systems engineer for Cisco Systems Inc.'s DOD northeast division, said that even if industry comes up with a new form of encryption or other security device, it usually takes more than two years to get DOD approval.

That lag time means that hackers and other adversaries probably have figured out a way to beat it, McHugh said.

***

Solution seekers

A recent wireless forum brought together leading security experts from government, industry and academia to identify leading security problems associated with wireless proliferation and propose solutions.

The forum, "A Roadmap for a Safer Wireless World," was closed to the public, but the resulting recommendations will be released as a report "definitely by the end of June, if not before," said David Black, security technologies manager for Accenture, who moderated the event. "It's not necessarily going to be a consensus, but it will identify the major themes."

Accenture and the Center for Education and Research in Information Assurance and Security (CERIAS) at Indiana's Purdue University sponsored the event, held in Washington, D.C.

In addition to representatives from Accenture and CERIAS, roundtable participants included the Justice Department's Computer Crime Unit, the National Security Agency, the universities of Pennsylvania and Maryland, AT&T Labs, Intel Corp. and Cisco Systems Inc.
***********************
Federal Computer Week
E-gov security gateway in works

The General Services Administration this fall plans to take bids on the development of one of the linchpins of the Bush administration's vision for e-government: a security gateway that would provide a single point at which users can sign on to access services that require passwords or other means of authentication.

GSA is the lead agency on the e-Authentication initiative, one of two crosscutting initiatives under the administration's e-government strategy.

The initiative aims to provide whatever level of authentication is deemed appropriate a password, online digital certificate or smart card for services offered as part of the other 22 e-government initiatives. The other initiatives include services such as online grant applications and electronic disaster benefits payments.

Not everyone or every service will require authentication. Many people visit Web sites only to search for information and others may choose to authenticate themselves only when they get to the site where the application resides, said Sallie McDonald, GSA's assistant commissioner for information assurance and critical infrastructure protection.

"But if you want to engage in a transaction with government, and you want to authenticate at the gateway, then you can do that and only authenticate yourself once," she said.

Most of the initiative services will be accessed through the FirstGov Web portal, and GSA plans to release a request for proposals (RFP) in September for an authentication gateway that will be attached to FirstGov, according to McDonald, speaking last week at the E-Security and Homeland Defense conference in New York City.

Before GSA issues the RFP, Mitretek Systems Inc. will define the requirements and start developing a pilot program, said Steve Timchak, program manager for the e-Authentication initiative.

Citizens, vendors and government employees will provide their authentication when they sign on through FirstGov. A password will provide access to services with relatively low security requirements. For every higher level of authentication, a broader range of services will be available, McDonald said.

The gateway takes authentication technology to a height that few have tried to reach before, said Alan Paller, director of research at the SANS Institute, a security education and consulting organization.

"This is an example of the government leading by example," Paller said. "The best part of this is it's a demo [of authentication technology] and it's a wonderful use of FirstGov."

For the gateway, GSA will analyze the security risks associated with four of the initiatives that are the farthest along to identify what authentication might be needed, Timchak said.

GSA will perform the analysis using the Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE) tool developed by the CERT Coordination Center at Carnegie Mellon University in Pennsylvania.

OCTAVE is intended for use on mature systems, so GSA is waiting for the center to modify the tool for use on systems during the requirements-development phase, Timchak said. The modifications should be completed within the next month.

***

E-Authentication timeline

Now: Mitretek Systems Inc. is determining technical options.

June 18: General Services Administration briefs vendors.

Summer: Request for information released.

September: Request for proposals released.

Sept. 30: Mitretek gateway pilot project reaches initial operating capability.

Sept. 30, 2003: Vendor prototype gateway reaches final operating capability.
**************************
Government Computer News
DOD adjusts its plans on hiring foreign workers
By Dawn S. Onley

The Defense Department has rethought plans to disqualify foreign nationals from jobs that include handling unclassified but sensitive IT.

If would-be workers pass background investigations and get letters of approval from the agency chiefs seeking to employ them, the department will allow the hires to proceed, senior DOD managers said.

Defense agency chiefs are encouraged to hire U.S. citizens first for sensitive IT positions, said Pete Nelson, DOD's deputy director for personnel security. Foreign nationals can still work on systems within DOD provided they are "properly vetted for the material to which they have access," he said.

When DOD issued its no-foreigners proposal in March, some industry officials expressed concern that the rule would call for foreign employees to be removed from positions in which they would handle sensitive but unclassified information. Such data includes personnel data and information on weapons systems.

"There is no per se rule to disqualify foreign nationals other than to encourage use of U.S. citizens in [sensitive but unclassified] positions, but that is ultimately up to the system owner or agency head," Nelson said.

He said DOD would require U.S. citizens as well as foreign nationals to pass background investigations to gain access to secure data.

It is still unclear how many contractors would be affected by the proposal.

DOD expects to issue a final policy by September.
*******************
Government Computer News
Senate awards $100 million IT services contract
By Jason Miller

The Senate Sergeant of Arms recently awarded Signal Corp. a $100 million contract for systems services at all Senate offices in Washington and at 450 field offices across the country.

The Fairfax, Va., company will provide help desk support, IT installation and maintenance, and hardware and software products. The contract, which has one base year and five one-year options, begins June 1 and covers 9,000 desktop computers and 1,000 servers nationwide.

Signal's team includes Hewlett-Packard Co. and Interstate Relocation Service Inc. of Springfield, Va. HP will install new equipment and provide on-site technical support. Interstate Relocation Service will supply inventory and transportation services.

The Senate might expand the contract to include LAN design, threat and vulnerability analyses, network performance monitoring, security and systems administration, Signal officials said.
**********************
BBC
Being wired helps you connect


Quite the opposite, argues Professor Keith Hampton, an expert in cyber-sociology at the Massachusetts Institute of Technology.

"The social impact of new communications technologies is a greater number of social ties, more diverse social ties, more support," he said.

"It doesn't cut into your phone communication. It doesn't interfere with your face-to-face contact. It just increases communication," Professor Hampton told the BBC programme, Go Digital.

Binding communities

Various studies have suggested that people who spend time online are more vulnerable to unhappiness and loneliness.

One report by researchers at Carnegie Mellon University suggested that even spending an hour a week surfing the internet could increase depression.

But in his research on the relationship between technology, social relationships and the urban environment, Professor Hampton has found that the internet can serve to bind a community together.

"It's all garbage," he said of studies labelling net users as depressed or lonely individuals.

He argues that the key difference between his research and other studies is that he sees the internet as part of people's everyday lives.

"The internet is just another communication medium that any of us use to communicate with friends and family," he said.

"If you look at it as just another technology that provides you with access to people, you see that communication online leads to more communication, in person or on the phone."

Unique neighbourhood

Professor Hampton is a pioneer of cyber-sociology.

For his doctorate, he spent two years as a member of the Netville project, a wired neighbourhood in the suburbs of Toronto.

The community was built from the ground up with a high-speed computer network - offering fast internet access - a videophone, an online jukebox, online health services, local discussion forums and entertainment and educational software.

Professor Hampton found that living in a wired community encouraged greater community involvement, strengthened relationships with neighbours and family, and helped maintain ties with friends and relatives living farther away.

"Netville was a unique situation," he said. "It allowed people to form social relationships when they moved in and solve all sorts of problems you encounter when you move to a new suburban community.

"When you move into a new home, one of the first questions is where can I find a babysitter, where can I find the best pizzeria? All these questions were answered online with information by existing residents."

Ironically, once the research project was over, the companies that had provided the technology that went into people's homes decided to take it all out.

Faced with the loss of their technology infrastructure, the residents pulled together to replace what they had lost.

"They now all have cable modem access and they have replicated their neighbourhood e-mail list," said Professor Hampton.

"These were the most important technologies to them - broadband access to the internet and simple e-mail technology that allows you to communicate with your neighbours."
********************
BBC
Turkey tightens controls on the net


Controversial new controls on the internet in Turkey have provoked protests from websites which fear they may be driven out of existence.
The new measures are part of a new wide-ranging broadcasting law which place the internet under the same legislation as the rest of Turkey's media for libel and an offence called "lying news".

Under the new law, websites could face having to be officially registered and send copies of their material to the authorities.

The measures have been condemned by much of the internet sector, from service providers to users, who warn that the whole future of the net in Turkey could be at stake.

Impact on internet sector

Savas Unsal, Managing Director of Superonline, Turkey's largest internet provider, is furious, describing it as a "dirty law".

"There's not going to be a certain direction, no freedom of speech and this is going to impact the local content and local hosting services and eventually the whole internet sector," he said.

"They might easily put me and my chairman out of business."

With around a million subscribers, Superonline has been part of the country's rapidly growing internet sector.

Many burgeoning Turkish internet websites carry criticism of ministers, including material newspapers dare not publish.

But Dr Oktay Vural, Minister of Transport and Communications, insists the measures are not intended to stiffle sites.

"There are no restrictions. It is only that there have been several things which have been forbidden by the law," he said.

"So if these actions were taken through the internet, then the regulations will cover for those actions only. We cannot be an eye in the chatrooms; that is not the aim of that law.

"Let's see what happens. I don't think it will affect the internet. I think time will show the truth," he said.

Media controls

The new law puts the internet under the control of Turkey's Supreme Radio and Television Board.

According to Savas Unsal, that opens the door to the internet facing the similar restrictions as the rest of the country's media.

"A judge can tell you to bring a copy of your website whenever you update it to be approved by the local authorities," he said.

The law is unclear what it actually covers. According to Fikret Ilkiz, media lawyer for the Turkish daily newspaper, Cumhuriyet, internet providers could be liable for prosecution for anything written, even in chatrooms.

He also argues that the notion of "lying news" is too ambiguous.

"The biggest problem is that the law is very unclear. The law forbids fake or lie news. But what is this?" he asked.

"The law doesn't define what it is. It just says it's forbidden. And this could apply to chatrooms.

"The way the law is now, it will be defined by many court cases. For now, there is great uncertainty. No one knows what is legal and what is not. It is chaos."

'Ambiguous law'

Reaching a definition of the law by court cases could well be an expensive process for internet providers and users, with fines of up to $195,000 for each offence.

But some critics of the law argue it is deliberately ambiguous. Much of Turkey's legislation governing the control of the media is characterised by catch all phrases.

The internet until now has been largely exempt from such legislation. Such freedom has allowed it to become a powerful forum for criticising politicians.

Many journalists publish articles on the internet which neither television nor newspapers dare print, due in part to existing legislation.

The European Union, which Turkey aspires to join, has strongly condemned such legislation. This latest law has also drawn the ire of the EU, with officials calling for its repeal.

That could well happen because Turkey's President Ahmet Necdet Sezer has sent the law to the Constitutional Court, accusing it of breaching the constitution.

The court could take up to a year to make a ruling. In the meantime, the law remains in force.

Internet slowdown

The uncertainty created by the new legislation could prove most damaging of all to Turkey.

Professor Haluk Sahin, who teaches media studies at Istanbul's Bilgi University, warns that Turkey risks repeating the mistakes of the past

"A lot people in Turkey realize that Turkey must not make the mistake of 200 years ago," he says.

"Some 200 years ago, the Ottoman Empire missed the Industrial Revolution. Now, we believe that the internet, and computers in general, provide us with a second chance.

"A new train has arrived. Whether we embark on that train or not is up to us and the younger generations seem determined to do that.

"Unfortunately, the older generations and the politicians do not seem to be of the same mind," he said.

You can hear more about how Turkey is controlling the internet on the BBC World Service programme, Go Digital.
*******************
USA Today
Schools taking high-tech approach

WASHINGTON (AP) When architects turned a former Safeway grocery store into a public charter school in 1999, they ditched the dusty chalkboards.

Instead, each of the 17 classrooms at the SouthEast Academy of Scholastic Excellence got a glossy whiteboard and set of colored markers to the delight of special education teacher JoAnne Anthony.

"I love it because I have allergies and I don't like chalk," said Anthony. "I don't like it on my hands and on my clothes."

While the old-fashioned chalkboard remains a fixture in most U.S. classrooms, school designers have all but eliminated it.

Taking a page from the business world, they're outfitting most new and remodeled schools with whiteboards, in some cases installing high-tech devices that turn them into virtual computer screens.

Teachers can surf the Internet in front of class, save and print out lessons or even create animated diagrams that students can review on a home computer.

"It's helped us to teach the way we've always wanted the class to go," said Albert Throckmorton, director of curriculum technology at Episcopal High School in Alexandria, Va.

Even before such gee-whiz devices came along, educators say, the chalkboard was on the way out, killed by computers. Chalk is compressed dust, after all, and dust is the enemy of computers. To a lesser degree, schools also worry about dust allergies.

Nancy Myers, an Indiana school planner, said that people in her firm "don't even consider chalkboards in most cases" and that schools like the modern, businesslike look of whiteboards.

The dust-and-computers problem might be a bit overblown, she said.

"The truth is, unless the computers are sitting right on top of the chalkboards, there isn't going to be an issue."

First used widely in the United States in the mid-1800s, the schoolroom chalkboard was itself revolutionary, replacing the handheld slate as schools began educating large numbers of students, said Peggy Kidwell, a curator at the Smithsonian Institution's National Museum of American History.

While the popularity of plastic-coated whiteboards took off in the 1990s, these days most are actually made of the same stuff as chalkboards a thin coating of porcelain over steel. Chalkboards get a satin finish so the chalk will bite, while whiteboards get a glossy finish.

A few companies have turned whiteboards into oversize computer screens. One company sells a $10,000 plasma screen that teachers can use to project images from a computer the teacher's hand becomes the computer mouse on the touch-sensitive screen.

For about $3,500, schools can buy a device that allows teachers to draw on a board, hit a button and print copies on a laser printer or save text and drawings to a hard drive or Web server.

An even cheaper device simply sticks to a whiteboard with suction cups, each of its four markers fitted with a computer stylus. The mimio Xi, manufactured by Massachusetts-based Virtual Ink Corp., saves words or drawings stroke-by-stroke into a computer file, allowing teachers to create a digital movie of a lesson. Students can download and review it using a VCR-like program.

At Episcopal, a coed boarding school near Washington, Throckmorton bought four mimio Xis for $1,500. He said students are now "liberated to participate and understand more in class" because they know they can replay the lesson especially helpful in understanding mathematical proofs, supply-and-demand curves, cell diagrams and electron cycles, he said.

"In the classes where the board is used frequently, especially in our science department, we've discovered that students are more interested in participating in class and not be so bound to the manual task of note taking," he said. A few schools use a microphone so the teacher's comments accompany the animation.

Even with such advances, said Henry Ruggiero, president of New York Blackboard of NJ, a major blackboard manufacturer, teachers often plead with him not to replace their chalkboards. The grit offers just enough resistance for writing.

"It seems to help the children with their handwriting," he said.

Indeed, a common complaint of whiteboards is that they're so slick students end up writing faster than their brains can think.

Ohio industrial designer Sandy Kate said many teachers simply like the feel of chalk. "I think it's just one of those things," she said. "People get used to something and don't want to give it up."

Kate gives chalkboards five years at most making for a brighter, whiter future, but without the simple joy of clapping dusty erasers on the side of the school building.

"I do wonder what's going to happen to all the youth who were sent forward to clean erasers," Kidwell said. "That always seemed like a good use of youthful energy."
***************
MSNBC
FBI wants more surveillance power
Report: Bureau asked telecom firms to change networks
By Ben Heskett

The Federal Bureau of Investigation has asked telecommunications companies to make changes in their state-of-the-art networks to make it easier for the FBI to conduct surveillance, according to a report.

THE FBI, WHICH hopes to gain the same access to voice communications that it has gained with e-mail through use of its controversial Carnivore snooping technology, made the request in a 32-page document sent to telecom companies earlier this month, The Wall Street Journal reported Wednesday.
The FBI's request was in the works before the Sept. 11 terrorist attacks, according to the report, but those events have lent new credence to the issue. Expanded law enforcement capabilities have been a priority since the attacks, with the new Patriot Act giving law enforcement broad powers amid criticism from civil libertarians.
The request encompasses both land-based and wireless networks, potentially including companies such as Qwest Communications International and AT&T Wireless, for example.
The FBI is concerned about technological developments in networks and their ability to keep up with accompanying surveillance techniques, the report said.
In recent years, a new wave of communications based on "packet" technologies has changed the way telecom companies transmit phone calls, allowing a voice call to be broken down into numerous bits and reassembled at its destination. That makes surveillance and tapping of such transmissions more difficult.
The FBI's request was made under the 1994 Communications Assistance to Law Enforcement legislation, which requires phone companies to tweak their networks so authorities can conduct surveillance.
***********************
MSNBC
Eminem CD shows piracy patterns
By John Borland

May 28 Well before rapper Eminem's new record hit store shelves Sunday, it had already become the second-most-played CD in computer drives around the world, according to one closely watched measure. That figure comes care of Gracenote, a company whose window into computer users' listening habits offers a sobering look at the changing patterns of Internet piracy and traditional music bootlegging.
GRACENOTE MAINTAINS A huge online database that can identify CDs by calling up the exact list and length of songs. Most of the popular music software programs for computers, such as Winamp or Windows Media Player, check this database when a new CD is put into a computer, allowing the software to tell a listener the name of the CD and its song titles.
Generally, this high-tech "Top 40" holds few surprises. But last week, Eminem's "The Eminem Show," which was yet to be released, cracked the chart at No. 2. Although pirated versions of the album were widely acknowledged to be online in MP3 format, Gracenote's figures look only at physical CDs, not downloads played on a computer.
"It's pretty safe to say that it's all CD-Rs that people have bought off the streets or burned from friends," said Gracenote CEO David Hyman. "This is the first time anything unreleased has shown up at No. 2."
Eminem's label, Vivendi Universal-owned Interscope, twice moved up the album's release date, citing widespread Internet piracy. Some retailers reportedly began selling it Friday in advance of Sunday's last-minute official release date. But the direct link between pre-release online song-swapping and bootlegged CDs has rarely been drawn as clearly as with this album.

GET IT EARLY, JUST $5
The Friday before the Eminem album's long-awaited release, a busy street corner in New York was dotted with bootleggers' card tables and blankets, each strewn with pirated copies of CDs and movies for sale.
"The Eminem Show," priced at just $5 a copy, sat next to videotapes of "Star Wars: Attack of the Clones," released into theaters two weeks ago.
Bootleggers, who declined to be identified by name, said the Eminem CDs came from the Internet, although they didn't give details about how they downloaded, burned or bought the copies.
The Internet "is the only place where we can touch it," said one street vendor, who didn't want to be identified.
Gracenote's data shows a few patterns that may lie behind these bootleggers' business, however.
The company's database examines CDs' tables of contents down to slices just one-seventy-fifth of a second long. Copies that look identical at that scale almost always come from the same master copy, the company says.
In the case of the Eminem CD, eight slightly different versions accounted for most of the traffic. That means there's likely "eight major guys doing most of the pressing of this," Hyman said.
The company did a little detective work to figure out where most of the traffic originated. About 86 percent of the CD listening came from inside the United States. Los Angeles was the top listening location, and New York was second, Hyman said. The company hasn't crunched the numbers enough to figure out whether each location had its own dominant version of the bootleg, he said.
Gracenote doesn't give exact figures on traffic, but it said the No. 2 slot in its charts represented a total figure of listeners in the "mid-tens of thousands" over the course of the week. Because most major music software stores song information on the computer after checking Gracenote's database once, many or most of those tens of thousands represent individual listeners, rather than multiple listens by the same person.
Will listeners buy the real thing?
Eminem's previous album, "The Marshall Mathers LP," set sales records in 2000, with more than 1.7 million copies sold in the first week after release. The industry will be watching the new release closely, both as a sign of the health of the struggling music business and as an indicator of the effects of early Internet piracy on major releases.
Analysts caution, however, that the real result of the early piracy will be impossible to untangle, whether sales figures are high or low. The online versions and bootlegging could serve as a marketing vehicle, whetting fans' appetite for the real thing, noted P.J. McNealy, research director for GartnerG2, a division of the Gartner research firm. Or it may cut into sales.
"We've yet to see hard numbers on what the marketing effects of piracy are," McNealy noted. "This could be like "Attack of the Clones." People may have pirated that, but they still went out and saw it in the theater."
Sales figures for the first two days of the Eminem release weren't yet available.
Gracenote would not comment on whether it has been contacted by Interscope as a result of its information. An Interscope representative could not immediately be reached for comment.
Hyman said the company didn't keep enough information in its database to be useful to anti-piracy investigators. The technology does log Internet addresses and count CD titles, as well as keep a username for people checking the database, but it does not correlate this data, he said.
"We don't keep the data" that antipiracy investigators might want, Hyman said. "The last thing we'd ever want to do is become some kind of policing entity."

News.com's Jim Hu contributed to this report from New York.

       Copyright © 1995-2002 CNET Networks, Inc. All rights reserved
*******************
MSNBC
Modem owners pay more for AT&T

May 28 A new pricing structure from AT&T will result in modem owners paying an extra $7 for their high-speed Internet service.

AT&T BROADBAND INTERNET will announce several changes to the way it charges for its cable modems. AT&T marketing executives framed the changes as price reductions based on the decreasing cost of hardware, but the end result will be higher costs for roughly 162,500 AT&T customers who own their own cable modems.
Almost all AT&T broadband customers now pay $35.95 per month for high-speed Internet service. Those who lease modems through AT&T pay an additional $10 per month for a total of $45.95, and those who own their own modems pay no additional fee.
Starting on June 1 in most regions, AT&T will increase the monthly service rate to $42.95. Customers who lease their modem from AT&T will have their lease fee reduced by $7, paying an additional $3 per month for the modem. That will make their monthly bill come to $45.95the same price they paid last month.
But bills will increase for the 10 percent of AT&T's 1.63 million customers who own their own modems. Their monthly service fee will also go up to $42.95, which means they're going to pay $7 per month more than they paid last month.
Although the price restructuring will appear in customers' next statement, modem owners won't feel the sting for six months. AT&T will include in the next statement six coupons for $7 off monthly service, letting modem owners off the hook for the new rates until January. New subscribers who own their own modems will pay $42.95 per month as soon as they sign up.
Darrel Hegar, vice president of Internet services for Englewood, Colo.-based AT&T Broadband, said the changes reflected price reductions for cable modems. When home broadband access became popular in the late 1990s and in 2000, cable modems cost $300 or more. But in the past two years, the price has dropped to $100 or less, thanks in part to aggressive marketing promotions at computer hardware stores.
Hegar also noted that AT&T's service is still priced lower than alternative broadband service from DSL (digital subscriber line) providers, which typically charge $50 or more per month. Although connection speeds for cable modem users aren't as consistent as those for DSL subscribers, cable modem users generally report faster upstream speeds.
"If you look at the price of our service, it really still reflects one of the best values in the marketplace," Hegar said Tuesday morning. "Cable Internet continues to be the best way to access broadband vs. DSL or satellite. If you look at availability, speed and price, we are still a value leader."
Based on the number of people paying an additional $7 per month, AT&T stands to gain $1.14 million in monthly revenue from the restructuring. But it's unclear why AT&T representatives announced the restructuring as a break for modem leasers as opposed to a simple price hike for 10 percent of customers.
The decision to increase prices for modem owners could be due to the fact that owners have sunk more of their own money into the service and would be less likely to switch to DSL or another broadband alternative, according to Mark Kersey, broadband industry analyst for La Jolla, Calif.-based research group ARS.
"People who own their modems are pretty much locked in to staying with AT&T," Kersey said. "It's a way to extract a little more money out of a small percentage of people. That's a fairly politically smart thing to do because it doesn't affect the vast majority of customers."
The restructuring could also be an effort to make AT&T's broadband unit more attractive to smaller rival Comcast, which in December announced its intention to purchase the AT&T unit for about $37 billion. The combined company, AT&T Comcast, would be the No. 1 U.S. cable TV operator with more than 22 million subscribers. But the structure of the new company recently came under fire, and shareholders are beginning to question whether to approve the deal.
Despite efforts to boost revenue, AT&T cannot raise monthly broadband rates indiscriminately. Although demand for high-speed Internet connections is still growing, the economic slump has slowed growth somewhat and has resulted in a growing number of broadband defectors. And the industry is still reeling from the painful collapse of former front-runner Excite@Home.
The company's demise caused cable partners, particularly AT&T, to scramble to migrate consumers to independent networks, causing customer service nightmares for millions of people. Before its collapse last fall, Excite@Home had 4.1 million customers and controlled about 45 percent of the U.S. home-broadband market.
Customers are already grumbling that the government should regulate broadband service and access rates, which have risen steadily in the past year. An ARS study determined that cable broadband Internet prices rose 12 percent in 2001, from an average of $39.40 per month in January to $44.22 per month in December. Consumer DSL prices rose 10 percent during the same time frame from $47.18 in January to $51.67 in December.

       Copyright © 1995-2002 CNET Networks, Inc. All rights reserved
**********************
CNN
EU aims to boost broadband

BRUSSELS, Belgium (Reuters) -- The European Commission will for the first time this week suggest that European Union governments use regional aid or other financial incentives to boost high-speed Internet, a draft report showed on Monday.

In its "eEurope 2005" report on how to foster information technology -- to be unveiled on Wednesday -- the European Union executive will put high-speed broadband Internet access on top of its agenda to raise the bloc's competitiveness.

Although competition is driving Internet connection costs down, broadband remains generally expensive in the EU, with less than two percent of households having fast Internet connections against 13 percent in the United States.

Without broadband, which is 25 times faster than a standard phone line, industry cannot easily offer consumers advanced multimedia Internet services such as videos, graphics or musical files.

The report stresses that any aid should be targeted to remote and underdeveloped areas where the creation of a broadband network would not be commercially viable.

"Member states in cooperation with the Commission should support, where necessary, deployment (of broadband) in less favored areas and where possible may use structural funds and/or financial incentives," the draft document, obtained by Reuters, said.

Structural funds, accounting for roughly a third of the nearly 100 billion euro EU budget, are given to help economic development in poorer and peripheral regions of the 15-nation bloc. The EU already supports IT projects in all member states.

The strategy, the first comprehensive plan to foster broadband, is expected to be endorsed by EU leaders when they meet at a summit in Seville, Spain, in June.

Aid to rural areas
State support for fast Internet access would help telecoms operators that are struggling under the burden of huge debts incurred to pay governments for third-generation cell phone licenses.

In the document, the Commission says any incentive should be in line with existing EU competition policy. But member states should intervene where the market forces are not sufficiently driving development.

"Competition is expected to drive investment, generate innovation and lower prices," the document said. "Therefore, public policy should focus on issues where competition is not effective or where political objectives, e.g. territorial coverage with a view to cohesion, need to be ensured."

In the document, the Commission calls on member states to set the examples by starting investing in broadband for their own administrative infrastructure.

The document says governments should aim at having broadband connections for all public administrations and schools by 2005.

As part as the EU's project to create a common health card to allow EU citizens access to healthcare anywhere in the bloc, governments should aim to develop high-speed data connection between points of care such as hospitals and laboratories.

In the document the Commission looks at building a network infrastructure that is secure to boost consumers' confidence.

Europe's efforts to increase broadband Internet access to bridge the gap with the United States have so far focused on liberalizing the last mile of telecoms networks, a process that was kicked off in January 2001 but which has proved slow.
***********************
Nando Times
Picture slowly changes for TV buyers

By NOEL C. PAUL, Christian Science Monitor


(May 28, 2002 10:12 a.m. EDT) - Those "next generation" televisions you've been reading about are showing up in Americans' homes - today.

Credit falling prices.

Sharp, for example, offered its 20-inch, liquid-crystal-display (LCD) TV for $5,000 last year. It has since cut the price of the small, wall-mounted unit in half. That's far from cheap, but it may be low enough to lure some "early adopter" consumers.

Sales of LCD TVs this year have begun to stir at Flanner's Audio and Video, for example, where even affluent videophiles had been holding off on buying the futuristic sets for the past few years.

"More people replacing their older TVs are buying up," says Lance Zabrowski, a salesman at the Brookfield, Wisconsin, electronics store. Zabrowski partly credits the surging interest to improved picture quality. "Every year we notice they've all gotten better," says Zabrowski.

Experts say prices will have to drop much further, however, before these new sets appear in most living rooms.

"Americans are less willing to pay a lot, even when the product is of a high quality," says Geoffrey Hughes, director of communications for Samsung Corp.

High-definition televisions (HDTV), which broadcast crystal-clear picture and sound, have long been touted as the most important TV innovation since color. Last year, however, Americans only bought 900,000 HDTV sets, compared with 21 million standard color sets.

HDTV models range in price from about $1,500 to $4,000, but experts predict that prices will drop below $1,000 within a few years as broadcasters offer more high-definition programming.

"Historically, prices drop rapidly," says Jenny Miller, a spokesperson for the Consumer Electronics Association. "It's all about economies of scale."

While HDTVs offer an upgrade in picture and sound, most new products address the TV's traditional clunky frame.

LCD screens are the marquee innovation. The transmission in LCD sets is not carried through a tube, but through a layer of liquid crystal. Because the material takes up very little space, the entire TV can be very thin - as little as 6 inches deep - so users usually mount them on a wall.

They also weigh much less. A traditional 45-inch set weighs about 500 pounds; an LCD set of a similar size weighs 30 pounds.

While the picture is not as sharp as that of a standard TV, experts say, the screen is brighter and uses less power. A battery connected to the back runs most LCD sets. Larger sets must be plugged in.

Sizes range from 5 inches to 30 inches with prices ranging from $280 to $8,000. Next year, Samsung plans to introduce a 40-inch model.

Projection TVs offer a mix between a standard TV and LCD, without the main drawbacks of each. The projection technology sends light through liquid crystal and then magnifies it with a lens. Thinner than a standard set, it also offers better picture resolution than an LCD. The spectrum of colors is more limited, however, and the picture blurs from side angles, according to Hughes. Prices are competitive with HDTV models. Toshiba, for example, offers a 50-inch model for $1,400.

Plasma sets have screens that look similar to LCD models, but represent a significant jump in quality and price. The plasma is an ionized gas contained in a chamber. Unlike other types of televisions, it lights each TV pixel instantaneously, eliminating even split-second flickering. Plasma sets are as thin and light as LCD units, but the picture quality is nearly equal to that of traditional sets. Because of the higher resolution, plasma screens can be much larger than LCDs.

For most consumers, the price is prohibitively high. Philips' 42-inch plasma set costs $7,000. But observers agree the plasma display will likely be standard in less than 10 years.

In a few years, consumers can also expect three-dimensional programming to be common on their TVs, experts say. Dynamic Digital Depth (DDD) in Santa Monica, Calif., is developing a technology that would allow viewers to switch from 2-D to 3-D with the click of the remote.

Americans' growing interest in video games is partly responsible for the 3-D push. Game players are increasingly demanding realism in characters and dimension. "They want real depth. They want to tell how far the characters are from each other," says Andrew Millin, a DDD engineer.
******************
Nando Times
Gates Foundation gives nearly $3 million to kids in China

RENTON, Wash. (May 28, 2002 2:24 p.m. EDT) - A $2.9 million grant from the Bill & Melinda Gates Foundation will enable a suburban Seattle group to open a center for physically disabled children in China.

The center is set to open Saturday in Luoyang in Henan Province, 450 miles south of Beijing, said Janice Neilson, executive director of the World Association for Children and Parents.

Operating in partnership with the Chinese government, the Children's Center of Luoyang is intended to help disabled children living in an adjacent orphanage as well as those who remain with their families. The disabilities range from heart disease and cleft palates to poor motor skills,

"The children who will come to the center are ... oftentimes kids who have been really hidden in Chinese society," Neilson said. "We believe we are preventing the abandonment of children and, hopefully, allowing kids to stay with families when that is possible."

The association has been helping to arrange adoptions in China since 1990, and Neilson said the center also should make it easier for disabled orphans to find adoptive homes.

Full funding for the program from the Chinese government is expected when the three-year Gates grant runs out, she added.

The foundation is endowed by Microsoft Corp. chairman Bill Gates and his wife, Melinda.
******************
Nando Times
Web sites let survivors celebrate loved ones

SACRAMENTO, Calif. (May 27, 2002 10:21 p.m. EDT) - The year since Memorial Day 2001 has seen more memorials than usual. The deaths of more than 3,000 Americans in the Sept. 11 attacks filled newspapers with obituaries.

But for those who've lost someone, every death is momentous. And the effects of that death, and the memory of the deceased, last long after an obituary has been printed or a memorial service has ended.

Which is one reason memorial Web sites are a fast-growing segment of the online world. Beingremembered.com, legacy.com and americanmemorials.com are just a few of the dozens of online memorial services that have sprung up in recent years.

Each offers a slightly different service, at different prices, but the common element is the opportunity to create a memorial for a loved one that will live beyond the normal life of an obituary.

Perhaps the most successful of these Web sites is legacy.com, a Chicago-based site that offers mourners a chance, through posting their thoughts in an online "guest book," to feel connected to their loved ones, and to other people who knew their mother, or grandfather, or child.

"It's a way of showing what the person meant to you," says Scott Stuart of Sacramento, whose mother, Barbara Stuart, died in January. At the suggestion of a friend, she was honored with a legacy.com guest book.

"I wasn't going to put anything in, it was too hard," says Stuart, 38. "But one day I was reading other entries, and I decided to say a lot of stuff. That way I can let other people know how much she meant to me. She deserved that."

For these reasons, in less than four years, legacy.com has grown dramatically, and is now posting some 60,000 guest book entries a month. The guest books are accessible at legacy.com or through links with the funeral notices sections of more than 1,000 newspapers around the country.

"It has taken off in ways we could not have imagined," says Hayes Ferguson, a former journalist with People magazine who is chief operating officer of legacy.com.

"We thought people would use it the way they use a guest book at a funeral, just sign their name," she says. "But we find people writing to their loved ones, people coming to the site to mark special occasions, anniversaries, to talk to their loved ones. It was very rare at first, but it has become common."

Stuart is certainly one of those people.

"I miss my mother, we were very close, so this is a place where I can sit down in private time, and talk to her," he says. "It's a way of showing what the person meant to you."

And he is particularly happy about the dozens of guest book entries he's been able to read. His printouts of the entries filled 18 pages.

"I can read each of those letters and know what they're talking about," he says. "It means a lot to me."

Reading through online memorials at the different sites can be an emotional experience, as friends and relatives pour out their sadness and sympathy, along with memories of a person that would never fit in a standard funeral notice.

Even on the pages of complete strangers, little bits and pieces of distant lives take on a resonance.

Thus, we hear about Alice Stringham's love of garage sales in a memorial on memoriesofme.com, or view Robert Lee Peace's photos from his days as a bush pilot in Africa on virtual-memorials.com.

"The guest books offer a lot better insight into people's lives than the actual notice does, because a notice is just the facts of their life," Ferguson says. "It adds a lot of dimension to the people."

Prices vary. The guest books on legacy.com are free for the first 30 days. To keep the guest book open permanently, legacy.com charges $49. To create a Legacy Life Story, a deluxe package that includes up to five photos, tributes, suggestions of charities for donations and a guest book, legacy.com charges $195.

Of course, because this is on the Internet, it's open season for anyone who wants to say anything, in good taste or not. Ferguson says that one of legacy.com's functions in running the site is to keep an eye on the entries to make sure that anything inappropriate doesn't sneak in.

"We delete 1 to 3 percent of the messages that are posted," Ferguson says. "Some are inappropriate, and we're sensitive that these will be read by family members. We've seen efforts by folks who have tried to proselytize with religious messages, or tried to sell things. And we get kids or mean-spirited people writing not very nice things."

And even the nice things that are written are unlikely to guarantee the immortality that the sites seem to promise. Many of the sites are small and run by a single person, and even the big sites such as legacy.com, which is expected to post a profit this year, are subject to the vagaries of the Internet economy.

But if these collections of memories and wishes survive into the future, they may serve as a valuable resource for those looking back, giving loving detail to the portraits of ancestors who were once just names on a gravestone or photographs in albums.
*****************
Euromedia.net
E-learning in the spotlight at education conference
27/05/2002 Editor: Lisa Gardner

E-learning initiatives were at the forefront and Europe in the spotlight last week at the Lisboa Congress Centre in Lisbon, Portugal, where more than 1,700 people gathered from more than 930 organizations worldwide for the World Education Market's (WEM) third International Exhibition and Conference Program.

Speaking on the developments in education within the international marketplace, Claudio Dondi, president of Scienter, a non profit organization based in Bologna specializing in European innovation of education and training said that " probably the most important trend is the growth of relative weight of education and training in the policymaking area, thanks to a new generation of information society programmes and initiatives in which e-learning often plays an important role."

With its emphasis on educational ICT, broadcasting and software, the UK demonstrated its 30 years' experience in educational technology as world leader in this field through vast representation.

British participants ranged from educational broadcasters such as 4 learning, BBC Worldwide and Pearson Broadband, to software providers such as New Media, Sherston Software and Birchfield Interactive.

Also on display was Promethean's interactive White Board, which allows instructors to combine their personal tutoring skills with the newest ICT.

Partnering with the European Institute for E-Learning (EIfEL) , the Total E-learning Experience (TE-LE) Village designed a three-day series of exhibits and events to clarify and outline the opportunities presented by e-learning.

"The idea behind the concept of the TE-LE Village is simple," explained Serge Ravet, President of ElfEL. "We wanted to bring both exhibitors and visitors of e-learning events into a process that can lead to a much deeper understanding of the e-learning value chain.

That means developing a partnership with the leading e-learning companies to illustrate the steps involved in creating and deploying truly effective learning tools."
********************
Nando Times
Retired tennis star wins case against Microsoft


BERLIN (May 28, 2002 1:01 p.m. EDT) - Former tennis star Steffi Graf won a court case against Microsoft Germany on Tuesday over fake nude photos of her that were posted on a Web site run by the company.

The state appeals court in Cologne upheld a ruling last October by a lower court, which had ruled that Microsoft Germany was responsible for the content of the site and must ensure that such pictures don't appear there.

The company would have to pay a fine if similar photos emerge on the site in future, court spokesman Christian Grueneberg said.

The photos - computer manipulations that put Graf's head on a nude body - appeared last year on the site operated by Microsoft Germany where users could post pictures and texts to share with others.

The photos were taken down in June at Graf's request, but the company declined to sign a formal agreement that they wouldn't appear again, and Graf sued.

Microsoft Germany spokesman Bernhard Grander said the company disagrees with the court's decision and said it "endangers the existence of live-chat and private (Internet) communities."

Grander said Microsoft is "examining further legal steps."
*******************
Sydney Morning Herald
New York attorney-general sues spammers
Albany, New York

New York Attorney-General Eliot Spitzer is suing a firm he says sent more than 500 million messages to computer users, many of them unwanted "spam" advertisements.

Spitzer said MonsterHut.com of Niagara Falls sent hundreds of millions of the ads through emails since March 2001 to people who didn't want the messages or specifically tried to block the stream of commercial offers. MonsterHut.com had told its clients that the recipients wanted the messages through "permission-based" agreements, according to court records.

About 750,000 computer users complained about receiving MonsterHut.com spam, or junk mail, Spitzer said.

Spam comes from many sources worldwide and increasingly clogs email systems with pitches that include ways to lose weight, earn extra income or to view pornography.

MonsterHut officials didn't immediately respond to a request for comment. It's website no longer is active.

Since the mid-1990s, Internet service providers America Online, EarthLink and others have won millions of dollars in settlements and judgments against spammers under trespass, computer fraud and other laws.

Spitzer is suing under the state's traditional deceptive practice and false advertising statutes that could exact civil penalties of $US500 ($A900) for each offence.

Nineteen other states now have anti-spam laws that prohibit false messages or headers in email messages, require labels in subject lines or the option of declining a marketer's future mailings.
********************
Sydney Morning Herald
Guide helps digital users stay honest
By Jenny Sinclair
May 28 2002

Users of digital content in Australia will get a custom-made guide to help them negotiate the minefield of copyright, intellectual property rights and paying for what they use.

The Federal Government will pay a national consortium just under $90,000 to produce the guide, which will be aimed at smaller organisations and sole operators who may not have the resources to pay for their own legal and copyright advice.

The Australian Interactive Multimedia Industry Association will work with law firm Gilbert and Tobin, digital rights consultants IPR Systems and security company Securenet to create the guide. It is expected to be available later this year.

The association's executive director, Lynne Spender, says the five-part, Web-based guide will cover everything from basic information to providing tools for managing digital property.

She says that rather than take the "enforcement" view of ensuring each creator is paid, the association wants the guide to make it easier for creators of all kinds of digital material to use Australian content.

Part of the guide will help content creators put the right metadata in their work, which, in turn, will make it simpler for would-be users of their images, music or other digital content to ensure they are paid. There are three basic questions, Spender says: "Who owns it, how much is it, and can you use it?"

The publication will include a guide to commercial digital rights management. It will give case studies of how digital rights work in Australian companies and productions.

"Since the industry (has been) producing CD-ROMs, one of the biggest headaches has been identifying the (digital) rights and paying for the rights," Spender says.

A spokesman for Information and Communications Minister Richard Alston says that although no specific event has triggered the decision, Alston's department received complaints about the use of copyright material online "from time to time". He says the changes to Australia's copyright laws last year have created more of a need for the guide.

Victoria's Cinemedia (now the Australian Centre for the Moving Image) created a guide to digital rights for performers and artists in 1999, noting that the flexibility of digital material created a minefield of copyright problems.

Spender says the association is in contact with the authors of that guide.
*********************
Sydney Morning Herald
Phone radiation limits raised
By Rachael Quigley
May 28 2002
Next





Australia has raised the allowable level of mobile phone radiation emissions, despite CSIRO fears that they could pose a health risk.

The new standard raises limits on human exposure to radio-frequency (RF) radiation from a range of sources, including mobile phones and base stations, and changes the way the emissions are measured.

The guidelines, which bring Australia into line with international standards, were approved by the Australian Radiation Protection and Nuclear Safety Agency on May 7.

The agency and the CSIRO agree that there is no scientific proof that low-level exposure to mobile phone radiation causes health problems, but the CSIRO maintains that it cannot be ruled out.

Agency CEO Dr John Loy said that because low levels of exposure had not been proved to cause health problems, potential adverse effects of low-level radiation had not been considered when setting the basic restrictions in the new standard.

The standard is modelled on the guidelines recommended by the World Health Organisation and the international Mobile Manufacturers Forum, which take into account "proven health risks".

Dr Loy said the new Australian standard "is more detailed than the international guidelines" and "technically superior to earlier (Australian) standards". It includes a comprehensive rationale and a question-and-answer guide for consumers.

The CSIRO, which had been involved in the technical and scientific development of all previous Australian RF radiation standards, opposed the adoption of the new one.

In its submission to last year's Senate inquiry into electro-magnetic radiation, the CSIRO argued that the acceptable limits of exposure should not be relaxed because it "is not possible at present to conclude that exposure to RF radiation, even at levels below national guidelines, is without potential adverse health effects".

Dr Stan Barnett, the CSIRO representative appointed to the working group that drafted the new standard, resigned after the first meeting. He said the committee "was intent on adopting the (new) guidelines without proper consideration of all the available evidence".

The CSIRO maintains: "There are no clearly demonstrated and compelling technological, economic or sociological reasons to justify relaxation of the (previous) Australian standard."

Democrats Senator Lyn Allison, who chaired the Senate inquiry, said: "The new standard reflects the needs of the telecommunications industry rather than the need to protect human health."

She said the need to develop a standard for shielding products had been ignored.

Allison said that as long as there was no standard or requirement for independent testing and labelling of hands-free devices in Australia, consumers would be kept in the dark about their effectiveness in reducing exposure to radiation.

The Australian Mobile Telecommunications Association supports the idea of a national standard, testing and labelling for hands-free devices, but says guidelines will be hard to develop. Both the AMTA and the Mobile Manufacturers Forum have endorsed the new standard.

AMTA CEO Ross Monaghan said: "The industry supports the inclusive scientifically robust way in which the standard was developed."

MMF secretary-general Michael Milligan said: "I think that it is important to stress that these safety limits are based on guidelines developed by an independent committee of experts who are leaders in this field.

"The other key benefit to Australians in adopting a standard which is harmonised with most other major nations is that mobile phone products can now be designed once, tested once and sold in all of these countries . . . in a more timely and efficient manner."
**********************
Peoples Daily
US Programming Competition Organizer Adds China to Developer Community

TopCoder, a U.S. company organizing computer programming competitions for college students and professionals, said Tuesday that it has expanded eligibility to its online and onsite contests to include citizens of China, New Zealand and Ireland.

TopCoder, a U.S. company organizing computer programming competitions for college students and professionals, said Tuesday that it has expanded eligibility to its online and onsite contests to include citizens of China, New Zealand and Ireland.

These three countries alone have more than 300,000 professional developers in residence, said TopCoder, quoting a report published in 2001 by market researcher International Data Corporation

The company launched its competitions in February 2001, and citizens of Canada, Australia, India and the United Kingdom are also eligible to compete with the primarily U.S. member base. After incorporating Australia and India at the end of 2001, TopCoder has added close to 9,500 new members in the first five months of 2002.

Each year, hundreds of software jockeys in the United States -- usually students -- battle each other in competitions, often sponsored by tech vendors and trade associations. The winners can earn big bucks. Sponsors also can win by building brand loyalty with top minds of the next-generation IT worker. And business- technology managers get an early look at potential members of their future workforce.

TopCoder organizes and hosts such competitions for its members. The best performing members are invited to compete in annual tournaments.

Hosted by TopCoder and Sun Microsystems, the latest contest was held in April for a prize of 150,000 U.S. dollars. Stanford University junior Daniel Wright beat out 15 programmers from some of the U.S. most prominent schools for computer science and won a prize of 100,000 dollars.
********************
New Zealand Herald
Porn was for software filter test says defendant

29.05.2002
By PETER GRIFFIN
A man convicted of importing more than 100,000 illegal pornographic images says he was gathering the pictures to test filtering software that would block the material.

Computer specialist Bryce Coad said an error of judgment that led him to bring the electronic images across New Zealand's border would probably destroy his career in the IT industry.

Yesterday, in the Manukau District Court, he lost a request for discharge without conviction and was fined $750 after pleading guilty to importing material deemed objectionable under the Films, Videos and Publications Act 1993 and the Customs Act.

He had earlier sought to defend himself on a range of charges but changed his plea on agreement that other charges would be withdrawn.

The Customs Service, acting on a tip-off, had seized a laptop and two hard drives belonging to Coad.

They contained objectionable images, including some depicting children being sexually exploited.

The computer hardware was seized in June 2000 as Coad came through Auckland Airport after a business trip to Israel, where, he said, he downloaded the images from the internet for use in developing his Moderator net-filtering software.

Coad said the software was designed to go beyond mainstream content-filtering software such as Net Nanny by targeting newsgroups and internet relay chat channels where the worst porn-trading was taking place.

"It specifically targets the most evil news groups that are there, using information from the people that are posting images, as well as the images themselves," he said.

Moderator would then compare information about the images stored in a database with downloaded pictures to determine whether they were objectionable and should be blocked.

Judge David Harvey said that while the software Coad was developing was legitimate and if commercialised would be useful for safety-conscious net users, the large number of images and the fact that Coad had not declared them as he went through Customs warranted a conviction.

"The number of images would probably justify a higher penalty. [But] the development of such a utility should be encouraged," the judge said.

Previous porn prosecutions are believed to have resulted from the seizure of up to 80,000 objectionable images, so the Coad case is one of the biggest in New Zealand history.

Coad said the implications of the conviction would go far beyond the $750 fine.

"It's equivalent to [the judge] chopping off my left hand and telling me to be a concert violinist," he said.

Last night, he tendered his resignation as chief technology officer and board member at software specialist and internet provider Zombie. He said the reputation of his own firm, Lookitup, would be irreparably damaged.

He had no immediate plans to continue work on Moderator, and said he would probably appeal against the conviction.
************************
Computerworld
FCC delays auction of upper UHF TV band spectrum
Faced with the fact that digital television is unlikely to be widespread in the U.S. for years, the Federal Communications Commission has delayed for seven months an auction of a portion of the UHF TV spectrum to cellular carriers.
The FCC announced (download PDF) last Friday that it plans to delay a multibillion-dollar auction of the spectrum occupied by TV channels 60 through 69 until Jan. 14, 2003, while proceeding with a June 19 auction in the 698-746-MHz band currently occupied by TV channels 52 to 59.

Congress mandated the auctions in the Balanced Budget Act of 1997 in an effort to pump billions of dollars into the U.S. Treasury, with a deadline for selling the spectrum space of this month. That left the FCC little wiggle room to delay the auction -- despite a concerted campaign in the past three months by the Cellular Telecommunications and Internet Association (CTIA), which has wanted the auction postponed indefinitely.

President Bush's current federal budget does allow the FCC to delay the 747-MHz to 806-MHz band auction until 2004, and FCC Chairman Michael Powell said in a statement (download PDF) that while he doesn't support an indefinite delay, he does see "compelling reasons" to postpone the upper-band auction until January.

The House of Representatives has already passed a bill allowing a delay despite the 1997 law. A similar bill is stalled in the Senate.

But, Powell added, he couldn't ignore existing law based on "the prospect of legislative change". He said the commission couldn't put off the auctions any longer because "Congress has passed a statute -- signed into law by the president -- that directs this agency to auction this spectrum by specific dates and for specific purposes."

The Washington-based CTIA sought the delay because TV stations don't have to vacate their channels until they convert to digital TV operations. The earliest date for such a conversion is Jan. 1, 2007, effectively tying up the substantial payments cellular carriers are expected to make in the two upcoming auctions. (The carriers can, however, negotiate with the broadcasters and compensate them for giving up their channel spectrum before 2007, a process known as "band clearing.")

FCC Commissioner Kevin Martin disagrees with Powell's interpretation governing the FCC's oversight of spectrum auctions. He said in a statement (download PDF) that the FCC has a mandate to "manage the radio spectrum effectively and efficiently in the public interest."

Martin said that from his perspective, "the public interest would best be served by delaying the 700-MHz auctions indefinitely," while the FCC examines the best frequencies and bands to support a number of wireless users and applications, including cellular and pubic safety communications.

Tom Wheeler, CEO of the CTIA, said in a statement that "moving forward with the auction of the lower 700-MHz band sacrifices important spectrum management opportunities."

Nancy Udell, a spokeswoman for Paxson Communications Corp., a West Palm Beach, Fla.-based broadcaster, said the company "wants the auctions to proceed." She added that Paxson considered court action to force the FCC to conduct the auctions, but it abandoned that option after realizing that any court ruling wouldn't come until next January, the new date for the upper UHF band auctions.

The FCC has already begun to gear up for the June auctions by notifying bidders they must make upfront payments for the June auction by Thursday. The FCC plans to auction 758 cellular licenses in the lower UHF TV band and has put the value of the minimum bids for all the licenses at $303.1 million.
********************
Computerworld
Microsoft faces EU privacy probe

BRUSSELS -- The European Commission is investigating whether Microsoft Corp.'s .Net Passport breaches European privacy laws, a spokesman for the European Commission confirmed yesterday.
The commission, the executive body of the European Union, began to examine Microsoft's .Net Passport last year, spokesman Jonathan Todd said. Data protection authorities from the EU's 15 member nations are also examining the authentication system.

Concerns about the authentication system include the problem of Internet users who don't sign up for .Net Passport and are denied access to some Microsoft online services.

"The commission is ... looking into this as a matter of priority, in concert with national data protection agencies, as regards the system's compatibility with EU data protection law," wrote Frits Bolkestein, European commissioner for the internal market, in a letter to Erik Meijer, a member of the European Parliament, dated May 7.

Microsoft senior counsel for Europe John Frank described the examination of the .Net Passport as "a routine ongoing dialog."

"There is no indication that there are special concerns about noncompliance with European data protection laws," Frank said.

Microsoft's .Net Passport authentication system is still very basic, Frank said. "It will evolve. There will be more elaborate ones over time," he added. The original plan was to create a platform around .Net and attract companies to locate their Web sites on it. "We tried without success to get companies to gather round," Frank said.

Microsoft now tries to license its .Net Passport system to companies so they can carry it on their own Web sites. "It is early days for online authentication. It is important to get it right, not just the letter but also the principle of privacy law. We think we do a good job with that," Frank said.

Microsoft signed up to the EU/U.S. safe-harbor agreement in 2000. The agreement grants immunity to U.S. companies from some of Europe's more stringent privacy laws. In return, the companies agree to abide by EU laws, including the 1995 data protection directive, which requires that organizations collecting personal data about a user must tell that person who they are, why they are collecting the data and grant the user full access to the information.

The probe into .Net Passport is unconnected to the ongoing antitrust investigation being conducted by the European Commission.
*******************
News.com
Privacy worries with EU online policing bill
By Reuters

The European Union is on the verge of adopting an Internet bill that could give police forces greater power to keep records of personal communications such as phone calls or Web surfing, a key legislator said Wednesday.
The bill is the final element of a package to modernize EU telecommunications law and aims to protect the confidentiality of electronic communication to boost confidence in e-commerce. But it also contains provisions to allow police access to phone, fax and e-mail records, something that governments view as a useful tool to fight crime and terrorism in the wake of the Sept. 11 attacks in the United States.

Marco Cappato, the Italian parliamentarian who is guiding the legislation through the European Parliament, says these provisions risk opening the door to large-scale storage of personal data for long periods.



"The priority in the fight against terrorism should be to invest in experts that can analyze the data" as and when needed, Cappato, a member of Italy's Radical Party, told a news briefing. "Instead, we risk giving carte blanche to member states to open the door to undiscriminating data retention."

Despite strong opposition from civil liberty groups and the industry, the bill is likely to include the data retention rules because of support from the European Socialist Party and the European People's Party, the assembly's main political groups.

The bill is potentially damaging for the European Union's prized privacy rights and could lead to costly storage requirements for companies.

"We are very worried that we will be faced with new heavy obligations to log all this data," said Sjoera Nas of Dutch-based Internet service provider XS4all.

The 626 member assembly is due to cast its final vote on the bill Thursday. To become law, the bill needs joint approval by Parliament and the 15 EU governments.

Toeing the line
The text Parliament will vote on calls for immediate erasure of electronic data after the period needed for billing purposes. But it says governments can force operators to store data for a longer period--even years--if deemed necessary for security reasons.

Parliament had earlier amended the law to limit access to electronic data by public authorities to the strict minimum. But this move was criticized by member states, notably Britain, which wanted greater power to monitor the Internet. U.S. officials also criticized the bill, fearing that the request to erase data would hinder prosecution of criminals.

Fearing that this legislative clash would ultimately kill the bill, the two biggest parliamentary groups have now aligned themselves with the member states.

The European Commission, which drafted the legislation, said it could accept the new version.

"We can live with it," European Commissioner Erkki Liikanen told reporters.

He said the privacy rights of EU citizens were guaranteed by the European Convention of Human Rights, which all member states have signed.

Liikanen said he would be ready to launch infringement procedures if member states abused their power to retain data.

The bill also contains EU-wide provisions against unsolicited e-mails, or spam. It calls for an opt-in system, whereby online marketing companies may only send commercial e-mails if customers explicitly ask them to do so.

The bill prohibits the placement of files such as cookies, which are written to a hard drive by some Web sites when the computer user views them in a browser, on a computer without the person's explicit permission.

Previously, the Parliament had opposed the bill, saying that a total ban on spam could hamper freedom of expression and fair commercial practice, without preventing professional spammers from sending illicit and often offensive electronic messages.

Story Copyright © 2002 Reuters Limited. All rights reserved.
*********************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 507
1100 Seventeenth Street, NW
Washington, D.C. 20036-4632
202-659-9711