[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips May 29, 2002
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, CSSP <cssp@xxxxxxx>;, glee@xxxxxxxxxxxxx;, Charlie Oriez <coriez@xxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, computer_security_day@xxxxxxx;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;
- Subject: Clips May 29, 2002
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Wed, 29 May 2002 15:42:12 -0400
Clips May 29, 2002
ARTICLES
'Carnivore' Glitches Blamed for FBI Woes
State Seeks to Fine Online Pharmacy
Hearing Set on Hacked State Computers
Chronicle of Higher Education
Former Student Is Charged With Sending Racist E-Mail Messages
Ted Waitt takes on Hollywood
Scientists enlist themselves in war on terrorism
Instant messaging at work can open door to hackers
Liberty Alliance expands membership
FCC OK Unleashes XtremeSpectrum
Net Governance Chief Will Step Down Next Year
Proposed legislation renews debate about value of a national ID card
Mixed Messages (Polls on American Opinions on National ID)
A critical difference (Attempts to Frame the debate on a National ID System)
Will privacy be protected?
Weldon envisions virtual hearings
Anti-terror bills march forward
FAA workers to get smart cards
DOD tech pushed for first responders
Intrusion-detection net revived
Industry opposes security standards
To protect and serve
E-gov security gateway in works
DOD adjusts its plans on hiring foreign workers
Senate awards $100 million IT services contract
Being wired helps you connect
Turkey tightens controls on the net
FBI wants more surveillance power
Eminem CD shows piracy patterns
Modem owners pay more for AT&T
EU aims to boost broadband
Picture slowly changes for TV buyers
Gates Foundation gives nearly $3 million to kids in China
Web sites let survivors celebrate loved ones
Retired tennis star wins case against Microsoft
New York attorney-general sues spammers
Guide helps digital users stay honest
US Programming Competition Organizer Adds China to Developer Community
FCC delays auction of upper UHF TV band spectrum
Microsoft faces EU privacy probe
Privacy worries with EU online policing bill
*********************
Washington Post
'Carnivore' Glitches Blamed for FBI Woes
Problems With E-Mail Surveillance Program Led to Mishandling of al Qaeda
Probe in 2000, Memo Says
By Dan Eggen
The FBI mishandled a surveillance operation involving Osama bin Laden's
terror network two years ago because of technical problems with the
controversial Carnivore e-mail program, part of a "pattern" indicating that
the FBI was unable to manage its intelligence wiretaps, according to an
internal bureau memorandum released yesterday.
An attempt in March 2000 to secretly monitor the e-mail of an unidentified
suspect went awry when the Carnivore program retrieved communications from
other parties as well, according to the memo, which was obtained by the
Electronic Privacy Information Center (EPIC), a Washington-based advocacy
group opposed to the technology.
Carnivore, which has been renamed DCS1000, is a computer program that
allows investigators to capture e-mails sent to and from criminal and
terrorist suspects. But the newly released memo indicates that, in at least
one case, the program also retrieved e-mails from innocent people not
involved in the investigation.
The incident joined a rapidly growing list of alleged FBI mistakes made
before Sept. 11, including evidence that FBI headquarters bungled the quest
for a search warrant in the Zacarias Moussaoui case and ignored pointed
warnings from an Arizona field agent about terrorists in flight training.
It also invited fresh criticism of Carnivore, a program already derided by
civil libertarians, and cast doubt on repeated FBI assurances that the
program provides a "surgical" ability to grab targeted e-mails out of
cyberspace.
"Carnivore is a powerful but clumsy tool that endangers the privacy of
innocent American citizens," said David Sobel, general counsel for EPIC,
which obtained the memo through a lawsuit filed under the Freedom of
Information Act. "We have now learned that its imprecision can also
jeopardize important investigations, including those involving terrorism."
FBI spokesman John Collingwood said yesterday that the case was a rare
mistake that resulted from technical problems encountered by an Internet
service provider, not by the FBI.
"This is an uncommon instance where a surveillance tool, despite being
tested and employed with the assistance of a service provider, did not
collect information as intended," Collingwood said.
The one-page memo at issue, dated April 5, 2000, and sent via e-mail, was
intended to outline the problems that had arisen in a Denver terrorism case
for Marion "Spike" Bowman, the FBI's associate general counsel for national
security. Yesterday, Bowman declined to comment and authorities declined to
identify the memo's author or provide further details about the case.
The probe involved the FBI team that investigates suspected operatives of
the al Qaeda network. It is known as the Usama bin Laden, or UBL, unit for
the agency's spelling of the al Qaeda leader's name. The same unit has come
under congressional scrutiny in recent weeks over its role in shelving a
July 2001 memo from Phoenix FBI agent Kenneth Williams, who had suggested
that al Qaeda members might be infiltrating aviation schools and requested
that the FBI canvass them for Middle Easterners.
In the latest case to come to light, the UBL unit acquired in March 2000 a
warrant under the Foreign Intelligence Surveillance Act (FISA) for use
against a suspect in an investigation based in Denver, according to the
memo released yesterday.
The names of the suspect and all others in the memo, except for Bowman's,
were redacted from the copy provided to EPIC.
The memo says that on March 16, 2000, the Carnivore "software was turned on
and did not work properly," capturing e-mails involving both the target and
others unconnected to the case.
The memo goes on to say that "the FBI technical person was apparently so
upset that he destroyed all the E-Mail take, including the take" from the
target. Collingwood, the FBI spokesman, said that the memo is incorrect and
that the e-mails gathered in the operation were kept and remain under seal
in the court that administers secret wiretaps.
The memo makes clear that the Justice Department's Office of Intelligence
Policy and Review (OIPR), which oversees FISA warrants, was enraged by the
blunders in the case, in part because the Justice Department office was
allegedly not told that Carnivore was considered experimental at the time.
Referring to an official at OIPR, the memo's author says: "[To] state that
she is unhappy with [the International Terrorism Operations Section] and
the UBL Unit would be an understatement of incredible proportions."
The memo also refers to an electronic communication outlining other "FISA
mistakes" and alleges "a pattern of occurrences which indicate to OIPR an
inability on the part of the FBI to manage its FISAs."
One law enforcement official said last night that the passage may be
referring to the ongoing problems with the affidavits submitted by the FBI
to the Foreign Intelligence Surveillance Court, which approves surveillance
requests. The court barred one FBI agent from submitting affidavits in late
2000 because of misrepresentations, and a broad review found similar
problems in other cases, sources said.
The FBI has been using the Carnivore system for almost three years, subject
to court authorization, to tap into Internet communications, to identify
e-mail writers online and to record the contents of messages. It does so by
capturing "packets" of information containing those details.
Civil liberties advocates and some lawmakers have expressed concerns
because the system could scan private communication on the legal activities
of people other than those under investigation. But agency officials have
said repeatedly in response to criticism that the system poses no threat to
privacy because it can take narrow, targeted slices of communication.
That's what FBI officials told Congress in the summer of 2000, only a few
months after the botched surveillance effort in the Denver case.
Shortly before the Sept. 11 terrorist attacks, an FBI spokesman said the
agency rarely used Carnivore because Internet service providers had become
so adept at meeting the technical demands of approved surveillance of
suspects' Internet traffic. The agency said it had used Carnivore only
twice from January through mid-August.
Since then, the agency has repeatedly declined to discuss the number of
times the system has been used in recent months, saying that the records of
Carnivore's use are exempt from disclosure laws.
Staff writer Robert O'Harrow Jr. contributed to this report.
***********************
Los Angeles Times
State Seeks to Fine Online Pharmacy
Medicine: A Los Angeles drugstore could face an $88.7-million penalty for
allegedly selling drugs without examinations.
By RONALD D. WHITE
In what probably would be the largest fine ever for illegal prescription
drug sales over the Internet, California state regulators said Tuesday that
they have proposed an $88.7-million fine against a Los Angeles pharmacy for
selling medications directly to consumers without requiring a doctor's
examination.
The state Board of Pharmacy's sanction against Los Angeles-based Total
Remedy & Prescription Center II, pharmacist-in- charge and co-owner Barry
Irvin and pharmacist William Packer must be approved by the 11-member state
medical board. The fine amounts to the maximum $25,000 for each of about
3,500 prescriptions allegedly filled illegally.
The case represents the first use of a law passed in 2000 that requires a
"good faith prior medical examination" by a doctor licensed in California
before a prescription can be filled. Irvin said the charges were "crazy, to
say the least," and came as a complete surprise.
"I'm just trying to maintain my normal routine," he said in a telephone
interview, adding that the prescriptions were legitimate.
He has 30 days to appeal the sanctions.
The pharmacy is operated at its Los Angeles location like any other
drugstore, said Patricia Harris, executive officer of the California Board
of Pharmacy.
Harris said the pharmacy's operators also ran a Web site called
CyberHealthServices.com that specialized in so-called lifestyle drugs such
as Viagra for impotence, Propecia for hair loss and Xenical for weight
loss. It is accused of filling prescriptions from out-of-state doctors who
did not examine the patients.
State officials said the Web site was advertised mostly through unsolicited
blanket e-mails. Harris added that the Web site also showed up on Web
searches for Viagra and other drugs.
California officials were made aware of the site in 2001 by the
Pennsylvania attorney general's office, which was working on a case
involving the Web site.
Pennsylvania officials told California officials that the building that
handled the credit card calls and shipping was in Glendale, but it had
moved, Harris said.
The medications were mailed in a professional fashion, in standard vials
and accompanied by literature, Harris said.
That's not always the case with Internet drug sales, according to the
National Assn. of Boards of Pharmacy, a professional organization
representing pharmacy boards in all 50 states. The association said Web
sites and associated boiler room operations began proliferating five years ago.
Many are set up and dismantled within a matter of months or weeks and offer
sales of all manner of drugs with minimal requirements and without a
doctor's advice, leaving consumers to self-medicate without any instruction.
"It scares the heck out of us," said Carmen Catizone, executive director of
the association.
Catizone recalled the recent story of a Florida woman who contacted an
Internet drug sales site and asked for a medication to help her lose weight.
The woman was sent a powerful amphetamine called Didrex that quickly sent
her blood pressure soaring. Catizone said the woman stopped taking the
drug, but the Internet drug seller would not refund her money.
Catizone said the operators of such sites in the U.S. and overseas often
mail unpackaged pills in an envelope or a plastic sandwich bag, without any
information such as dosage, possible interactions or, sometimes, even the
name of the drug.
The association maintains a Web site, www.nabp.net, with a link to its
Verified Internet Pharmacy Practice Sites, which lists the pharmacy sites
that meet its 17 criteria for trustworthy and safe service.
Harris said she was aware of a California case in which a woman received
Prozac from another Web site and went into shock when she self-medicated.
When asked why a state law passed and signed in 2000 was only now being
used to target a serious problem, Harris said the task was undertaken
without a boost in her budget.
Harris said she had a staff of 55, about half of them field inspectors, to
police the state's pharmacies and Internet drug sales sites. She added that
her offices "could always use more resources."
"We have other irons in the fire now. We're working on it," Harris said.
**********************
Associated Press
Hearing Set on Hacked State Computers
Tue May 28,11:02 PM ET
By DON THOMPSON
SACRAMENTO, Calif. (AP) - State senators said Tuesday they would
investigate why it took weeks for 260,000 government employees to be
notified that a hacker accessed a computer system containing their personal
financial information.
"There's a lot of people screaming," said Dennis Alexander of the
Professional Engineers in California Government.
Democratic Sen. Steve Peace said his committee on privacy planned a hearing
next month into how a hacker or hackers could break into the state database
April 5, why it wasn't discovered until May 7, and why employees weren't
notified until Friday.
Authorities don't know what, if any, information was taken or used. The
database included employees' last names, first and middle initials, Social
Security (news - web sites) numbers and payroll deduction information.
The 7,000-member California Union of Safety Employees blamed Controller
Kathleen Connell.
Connell's office shut off the compromised computers and notified the
Sacramento Valley Hi Tech Task Force the day the breach was discovered,
said John Harrigan, chief deputy state controller for administration.
The task force advised against notifying the public because it would hamper
the criminal part of the investigation, Harrigan said.
********************
Chronicle of Higher Education
Montana Allows Public Colleges to Monitor Computer Use
By JEFFREY R. YOUNG
A new policy in Montana permits officials of public colleges and
universities to monitor activity and copy data from computers and networks
owned by the institutions for the purpose of investigating misuses. Some
professors and students worry that the policy is too broad and could lead
to invasions of their privacy.
The policy, approved Friday by the statewide Board of Regents of Higher
Education, allows university officials to "periodically, routinely, or for
a specific purpose monitor activity on its computers and network" as long
as the monitoring is part of their "legitimate job duties" in managing the
computer network or investigating misuses.
Some professors are concerned that the policy could allow university
officials to act as Big Brother.
"We still have some concerns," says Erik Burke, director of public policy
for the Montana Education Association-Montana Federation of Teachers, a
union. The union had sought amendments to the policy that would have
specified which officials could monitor computer activity and would have
limited how much monitoring they could do, he says. Those amendments failed.
"Right now, the policy pretty much allows ... anybody on campus to have
access to electronic records," says Mr. Burke. "We were trying to define
who it was and how much they could go into it."
Heather O'Loughlin, a senior at the University of Montana who is the
business manager for the Associated Students of the University, its student
government, worries that the policy could lead officials to restrict
Internet access in university libraries, many of which are also public
libraries.
"My one concern is to make sure that students still have access to what
they need," says Ms. O'Loughlin. "The policy gives them the right to block
Web sites. It's not necessarily something they will do, but it's something
that they now have the right to do."
State officials say that the policy is a necessary tool to keep university
networks running and to root out abuses of acceptable-use policies and laws.
"We're talking about employees and students who are using state machines on
a state network, and we have an obligation to make sure that they're using
them for work-related purposes and education-related purposes," says LeRoy
H. Schramm, chief legal counsel for the Montana University System.
Mr. Schramm says one goal of the policy is to "put people on notice" that
their activity could be monitored.
"If in fact something is so private that you can't even take a
one-in-a-million chance that a monitor could come upon this, then I think
you should find a different medium to convey that message or work," Mr.
Schramm adds, noting that the policy prohibits university investigators
from sharing information they find.
"We put in appropriate assurances on the books that say this is in no way
meant to allow random joyriding through a person's history," he says.
A growing number of colleges and universities are considering creating a
"workplace investigation policy" for computer networks, says Tracy B.
Mitrano, a policy adviser in Cornell University's information-technologies
office, which has not yet created a specific policy. Some other
universities have established similar rules on computer monitoring as part
of their acceptable-use policies, she says.
Ms. Mitrano says universities should establish guidelines for computer
searches before an incident occurs, to help protect the privacy of professors.
"In the heat of the moment, people sometimes do rash things unless guided
by policy," she says, adding that "it should be an absolute last resort of
workplace investigation to monitor" specific computer use.
"It does not have to be Big Brother," Ms. Mitrano says, adding that a
university should seek a balance between protecting privacy and protecting
college resources. "It is, I think, only through policy that you achieve
that balance."
*******************
Chronicle of Higher Education
Former Student Is Charged With Sending Racist E-Mail Messages
By DAN CARNEVALE
A former student who had been expelled from Indiana University-Purdue
University at Indianapolis was arrested last week based on accusations that
he had sent more than 100 racist e-mail messages to students, professors,
and staff members on the campus.
The former student, a white male named Joseph C. Belzer, 54, was charged
with three counts of intimidation, a Class D felony, and 18 counts of
harassment, a Class B misdemeanor. He has pleaded not guilty and remains in
police custody, with bail set at $50,000.
The e-mail messages were sent over the course of a year from public-access
computer terminals, such as those located in the campus libraries. The
recipients were mostly members of racial minority groups, although some
white people received the racist messages as well.
None of the messages made any specific threats, administrators said, but
they were filled with obscenities and racial slurs, and one warned a black
student to "watch your back."
Police investigators worked with the university's information-technology
department to track down the source of the e-mail messages. After
determining that Mr. Belzer was the suspect, the university expelled him on
April 26. The police arrested him on Friday.
Rich Schneider, a university spokesman, said the campus was relieved that
the police had made an arrest. "This was a serious and very unusual act
that occurred on this campus," he said. "It shocked people here, but
everyone was pleased at how the campus pulled together to track this person
down."
****************************
Tech News
Ted Waitt takes on Hollywood
By Charles Cooper
Staff Writer, CNET News.com
May 28, 2002, 12:00 PM PT
newsmakers If he finds himself dining at Spago anytime soon, Gateway CEO
Ted Waitt isn't likely to receive any bear hugs from the Hollywood moguls
who favor this perennial Los Angeles hot spot.
That's because Gateway's chief executive officer finds himself on the other
side of a bitter digital divide from the entertainment industry over the
issue of digital music downloads. Throw in an opportunity for a
grandstanding politician or two, and you have the makings of a grand
donnybrook.
Last month, Gateway began to campaign against a proposal by Sen. Ernest
"Fritz" Hollings, D-S.C., that would shift the burden for copyright
protection onto the shoulders of hardware manufacturers such as Gateway.
The company, which has ambitions to become a larger player in music
publishing and distribution, responded with a series of tongue-in-cheek
television advertisements and public statements promoting legal digital
downloading.
The entertainment industry was not amused. Music and movie studios are
worried about the potential loss of billions of dollars due to illegal
digital downloads.
But Gateway, which operates a site where people can legally download
certain individual songs, says the wording of the Hollings bill threatens
the future of CD burners. If there's a ban on this popular accessory device
that allows people to burn downloaded music files to CDs, Gateway and other
computer makers say it may reduce computer demand.
CNET News.com recently chatted with Waitt on why the two industries are
butting heads and whether it's at all possible to find a compromise that
would satisfy both camps.
Q: What made you decide to step out in front of other tech companies to
take on the music industry?
A: It wasn't our intention to take on the industry; it was our intention to
speak out on behalf of consumers.
A risky move?
It was a bit of a risk. We were looking for ways to revitalize the Gateway
brand and get back to being a voice for the consumer. It was funny: When we
ran the radio ads, we had a line about copyright laws in there. Then we got
a letter from an attorney who was involved in the music industry--and he
was ecstatic about what we did. Only later was it that the industry got
uptight. But we don't support stealing music. We wanted to educate them.
Did you expect the ferocity of the reaction?
No, not really. We thought it was the right thing to do.
What's to account for the response then?
You saw the same thing with digital music. I think (the music studios)
could double their music sales with very targeted solutions, and we're
willing to sit down and help them. But it's not our job to help them solve
their business problems. I'm not in favor of stealing music. Technology
people have as much interest in protecting patents as the entertainment
industry.
They've criticized your commercials and the appeal to oppose Hollings' bill
as a declaration of war. Have you felt any backlash?
Nothing you could point to specifically. But we didn't view this as a
declaration of war. They do everything in an adversarial way because it's
in their nature. They're trying to play defense to protect the old way of
doing business, which has to evolve.
How do you expect to create a music service of your own if you have
alienated the music companies?
We're working with EMusic and others. It might help get us to the table--if
(the studios) can stop viewing us as the enemy. We want a solution as much
as they do.
Do you see the Hollings bill as a serious threat, or a Trojan Horse for
more piecemeal approaches.
It's not the end of the world, but it's also not the way to solve the
problem. Our solution is that the music industry has got to get together
among themselves and find a common way to do this. They'll have to get
hardware people in, the Internet people in--and start building a new
business model instead of saying, "Stop this." You can't stop it. CD
burners shouldn't be considered contraband.
Hollywood is asking Congress to block DVDs with copy protection and is
suing to stop sales of digital VCR and MP3 players. The technology people
respond that's an antiquated--and useless--response. Why don't Hollywood
and Silicon Valley better understand each other?
They speak different languages. The entertainment industry always chooses
to fight things out through the courts and legislation. Technology people
always think there's a business solution. Everybody has tried a variety of
things, but it won't work until they get together and people can go to one
place for all the music that's out there. Consumers don't know what label
their favorite artist is on. It's irrelevant. Go back to the VCR analogy.
They fought the VCR, but at the end of the day, the VCR created a whole new
revenue stream for every movie release.
Is that all there is to it--just a difference in point of view? That is,
Silicon Valley saying, 'Dudes, you just don't get it; there is no way to
stop digital piracy?'
The technology industry thinks there's a way to solve it, but it's not to
say all digital music is bad, so let's keep using CDs.
Do you think music downloading from a Kazaa or Morpheus site is stealing?
I never said that. I don't think that's necessarily right, but all digital
music isn't bad. If you buy a CD and want to put your favorite songs on one
CD, you should be able to do that. The Hollings bill wants to redefine fair
use. But I have never advocated stealing music.
But if I download music from Kazaa, am I in violation of the law?
Not all (downloading) is illegal. Wouldn't it be great if you could go to a
service and say, "Here's my 100 CDs, and I want to listen to them in mixed
format anywhere. Now, teach me about new music in streaming format, and if
I like it, I can click and buy in a radio format." There are other ways of
doing it, but nobody wants to go and listen. Last weekend, I was going on a
trip and went to two stores looking for CDs. I couldn't find them, so I
went to the Web, looking a legal way to download, but it wasn't there. I
didn't do it personally, but a friend loaned me a copy--and then I lost the
CD anyway. That was the only way I could get the song. But I was willing to
pay for it.
Do you download and then burn music CDs?
I don't spend a lot of time doing it, but I have done--just from a research
standpoint.
Do you plan to continue your campaign?
We're going to do a variety of things. It's more about the public education
of the issue. We'll have more things in July, utilizing our training
facilities to educate people about what's legal and what's not.
OK, a couple of business questions. For a lot of this year, you've been
cutting prices and sacrificing profits to build market share. IDC had you
flat in the first quarter compared with the fourth quarter. I'm not
bringing any news when I say it's a still a tough market. Will the success
of your strategy depend upon a real turnaround in the economy?
Our strategy's not based on share. It's growth based on fixed cost
structure. We're pricing products as if we were twice our size. Our
consumer business was sequentially up in the quarter for the first time in
the history of the company, and we're continuing that momentum. What's
going on with HP and Compaq means there's share up for grabs. I could
debate the IDC numbers, but we feel real good about momentum in the business.
If the turnaround stalls, will you consider closing the rest of the Gateway
stores to contain your costs?
We're committed to the stores. We're looking at each one on a
store-by-store basis...If the economy stalls, it will just take longer, but
we'll keep plugging away.
************************
MSNBC
Scientists enlist themselves in war on terrorism
Data networks can help thwart attacks, scientists say
WASHINGTON, May 28 Seismologists are looking to shake up the war on
terrorism by using the vast amounts data collected by their "always on"
research networks. The same devices that can pinpoint the epicenter of an
earthquake also can used to determine the "signature" of a car bomb or
nuclear test explosion, and in turn, help law enforcement and intelligence
networks to better understand the origin of terrorist events, scientists say.
ALTHOUGH THESE RESEARCH networks have been tapped for investigative
work in the past they remain a critically under-utilized tool in the war on
terrorism, seismologists said in a briefing Tuesday.
Joining the seismologists are thousands of other researchers,
across several scientific disciplines, who maintain a global network of
monitoring devices and sensors. Those networks record everything from
earthquakes to weather patterns to astronomical occurrences.
For example, "near surface geophysical" techniques involving
"surface wave imaging" could "routinely monitor the shallow subsurface
along the U.S. borders to recognize changes in physical earth properties
likely related to tunneling," says a written presentation to be delivered
Tuesday during a Geophysics vs. Terrorism seminar at a meeting of the
American Geophysical Union.
But the scientific community remains a nearly forgotten resource
for helping detect the "signatures" of terrorist activity, said Greg van
der Vink, director of Planning for the Incorporated Research Institutions
for Seismology (IRIS) consortium.
Acts of terrorism or potential terrorism such as the testing of a
small nuclear device is likely to first appear on a data collection
network operated for other purposes, van der Vink said.
There are some 10,000 seismologic monitoring devices worldwide.
"These are our ears to the ground," said Terry Wallace, professor of
geosciences at the University of Arizona. Such networks are capable of much
more than simply monitoring earthquakes or volcanic eruptions, Wallace
said. They also provide records of industrial explosions, clandestine
nuclear weapons testing and terrorist bombings.
Operating in this capacity these networks create a kind of
unblinking, apolitical neighborhood watch for the global village, Wallace said.
FORENSIC SEISMOLOGY
The use of seismic data for more than earthquake monitoring can be
traced back to 1915 when, during World War I, the English used crude
seismic data to figure out the location of the enemy's artillery pieces,
Wallace said.
A new discipline, called "forensic seismology" has grown up around
the verification of small nuclear explosions. "But it clearly is also
useful in putting constraints on terrorist bombs," Wallace said. Reason:
Each bomb blast has a unique "signature," that is recorded and cataloged by
the seismic instruments.
Using these bomb signatures, scientists working with law
enforcement can help pinpoint what type of bomb or bombs were used and
identify points of origin for previous explosions.
Coupled with other intelligence data, the seismic information can
make for a compelling and damning trail of evidence. This type of analysis
was used in the 1998 truck-bombing of the U.S. embassy in Nairobi, Kenya.
Seismologists were able to pinpoint the exact time of the explosion and the
size of the bomb. The data proved invaluable to the FBI, which was sent to
the country to investigate the bombing. By the time the FBI arrived, the
crater had already been filled in, making it impossible for the agents to
carry out their usual crime-scene investigation.
And sometimes the data collection is important for its ability to
prove what wasn't. In the immediate, terrifying chaos that enveloped the
events of Sept. 11th, rumor mixed with fear that quickly became a swirling
cauldron of conspiracy theories, especially with regard to the fate of
American Airlines flight 93 that went down in Pennsylvania.
One early, favored myth was that the government had been forced to
shoot down the plane to save potentially thousands of other lives. On a day
when the world turned upside down, such a rumor, however unfounded, was
easy for many to swallow.
But Wallace and others were able to prove that the plane had not
been shot down, nor had it exploded, but had, in fact, impacted the ground
intact.
"The seismic signature we saw [of flight 93] matched the signatures
we already had on record of other plane crashes," Wallace said. "We could,
therefore, say without a doubt that the plane hadn't been shot down."
And in 2000, seismic data was used to prove that the Russian
nuclear submarine Kursk sunk because of an explosion rather than a
collision, as the Russian government originally claimed.
CONNECT THE DOTS
Despite the high profile successes of using scientific data to
augment various investigations, the scientific community is hardly on the
radar screen when it comes to the U.S. government's efforts to combat
terrorism.
In truth, organizations like the CIA and FBI are "operational" and
busy with the task at hand, Wallace said, whereas researchers "are pushing
the frontiers of science" to come up with "new ways of looking at data."
The various intelligence communities have their own specialized networks,
but as recent news events show, officials of the agencies tasked with
protecting against terrorism didn't heed the warnings of their own agents
let alone tap the resources of other agencies. Getting these agencies to
now bring the scientific community into the fold to help augment the war on
terrorism "is a challenge" said van der Vink.
But the intelligence community simply "may not have had ways to
connect the dots," van der Vink said, referring to the array of networks
represented by the scientific community.
And there lays the Gordian Knot when trying to mesh the data from
the intelligence and scientific communities. "Coherent integration and
analysis of these large installations of diverse networks" begs the
question, "How do we connect the dots?" in the first place, van der Vink asked.
The move by the scientific community to raise their profile by
enlisting in the war on terrorism isn't entirely without a self-serving angle.
Monitoring networks are complex, high-tech and high maintenance;
they are costly to install, maintain and manage. Getting law enforcement
and intelligence communities to depend more on scientific data means higher
visibility and that visibility translates directly into cash by way of
government grants or contracts, said van der Vink.
But that turns out to be a win-win situation, van der Vink
asserted. Maintaining monitoring networks "provide a baseline" of data that
makes it possible to test future events to gauge whether they are terrorist
activity or not, he said.
*********************
USA Today
Instant messaging at work can open door to hackers
By Michelle Kessler, USA TODAY
SAN FRANCISCO That instant message you send from work could put your
company's computer network at risk.
That's because popular free IM systems, such as AOL Instant Messenger and
MSN Messenger, lack basic security features needed to protect corporate
networks. That wasn't a problem when the systems, geared to consumers, were
used for chitchat. But this year, 54 million people will use consumer IM
systems on the job, research firm IDC says.
Security is kept lax so that they are easy to use. "They're this huge
gaping security risk for companies," says Dan Ingevaldson of Internet
Security Systems. Making changes:
Web company NetPOS.com stopped using free messaging when it realized
"anybody sniffing the Net could see what we were doing," says Chief
Technical Officer Chris Kaltwasser. Most free IM systems don't scramble
messages as they travel via the Internet. The company now uses a secure
service from Imici.
American Puzzles recently removed AOL Instant Messenger from its computer
servers after suspecting that hackers were using it to try to break in.
Co-owner Albert Farrell uses it to communicate with vendors but keeps it on
a less crucial computer.
This fall, students at Embry-Riddle Aeronautical University will access the
college's network through a portal that blocks consumer IM systems. They
can use a secure system from tech firm Bantu. Chief Information Officer
Marty Smith says many of the school's 20,000 students set up free accounts,
creating a security risk.
First Community Credit Union of Houston put in a secure IM system from
WiredRed two years ago because workers used the free ones.
AOL and Microsoft say the systems were never intended for sensitive
messages. AOL says it is building a secure IM service for companies.
Microsoft and others sell similar products. Costs vary. Some run about $35
a user.
Many firms think consumer IM systems are secure, says IDC analyst Robert
Mahowald. He expects use to decline as more companies become aware of the
risk. More than 50% of companies using IM use free systems not more secure
ones that cost money, says INT Media Research.
Other companies don't know that employees install their own IM systems,
which often bypass network safeguards such as anti-virus software and
firewalls. That can create back doors for hackers.
The fallout can be huge. Last year, hackers stole hundreds of sensitive
instant messages from the CEO of start-up eFront and posted them on the
Net. Five executives resigned from eFront, which has gone under.
*******************
Tech News
Liberty Alliance expands membership
By Mike Ricciuti
Staff Writer, CNET News.com
May 28, 2002, 9:00 PM PT
http://news.com.com/2100-1001-927232.html
The Liberty Alliance Project gained five new members Wednesday, boosting
Sun Microsystems' effort to outgun Microsoft's Passport online
identification system.
The Liberty Alliance Project seeks to establish a standard method for
online identification, so a computer user can log on to a Web site once,
then have other sites recognize that user as authenticated. Microsoft
already offers a single sign-on technology called Passport.
New members include Cingular Wireless, i2 Technologies, Nippon Telegraph
and Telephone, SAP and Wave Systems. The companies join the Liberty
Alliance as sponsors, meaning they can attend and vote in meetings. The
Alliance, launched last September, now has more than 40 members, including
United Airlines, Sony, Fidelity Investments, AOL Time Warner and others,
according to Michael Barrett, who is vice president of Internet strategy at
American Express and a member of the Liberty Alliance management board.
The Alliance also announced a new "affiliate" level of membership intended
to boost representation among government agencies and nonprofit
organizations, and an "associate" level membership that targets small
companies. Affiliate-level membership is free of charge; associate members
pay a fee of $1,000 per year, Barrett said.
The Alliance has yet to release a specification for how its technology will
work. Barrett said the specification will be available this summer, as was
originally planned.
In contrast, the number of Microsoft Passport users jumped to 14 million,
from 7 million, between last August and February, according to a survey by
market researcher Gartner.
Sun and other Microsoft competitors have waged a steady campaign against
Microsoft's Passport as a way to give people a digital identity on the
Internet. Sun instead favors a neutral method that's not controlled by a
single company. Microsoft in September said it would retool Passport and
open it to the broader business market, which could include rivals.
Critics of Passport, including AOL, Sun, privacy groups and state
trustbusters, have challenged Microsoft's use of Windows XP and other
desktop or Web products to drive Passport adoption.
Barrett downplayed competitive issues between the Liberty Alliance members
and Microsoft, saying that board members have invited the software giant to
join the Alliance. "Nothing has been decided. But we have built a very good
working relationship with the Passport team," Barrett said.
Barrett also said that American Express, which took part in Microsoft's
launch of .Net My Services, a consumer Web services plan that uses Passport
extensively, is still debating how it will support both Passport and .Net
My Services, in addition to the Liberty Alliance specification. "Companies
that represent consumers tend to be more agnostic as far as things that go.
It could be that over time, will see their (Passport's) lower level spec
and our higher-level business concerns combined," he said.
Microsoft executives did not immediately respond to requests for comment.
******************
Washington Post
FCC OK Unleashes XtremeSpectrum
By Michael Bruno
Washtech.com
Wednesday, May 29, 2002; Page E05
It's been a long wait for Vienna-based XtremeSpectrum Inc.
The company has been developing semiconductor technology for wireless
transmission of information since it was first funded in November 1998. But
the ultra-wideband technology, caught up in a 3 1/2-year examination by the
Federal Communications Commission, was just approved a month ago. The
company now plans to ship its ultra-wideband chips to its business partners
in the next two months.
The move means that by Christmas 2003, consumers may be able to wirelessly
transfer movies, digital photos, MP3 clips and other large multimedia files
between their computing devices at speeds 10 times faster than the current
leading technology.
It also means that XtremeSpectrum hopes to become a leading provider of
consumer-focused UWB technology, a field some analysts believe will burgeon
soon.
UWB is the latest technology to take on the personal-area-network market,
the mass of cables and electronic devices that pervades many homes and
small businesses. For the past few years, users have had the option to go
wireless, but the trade-off was that their data transfer speeds were not as
fast.
Devices such as digital TVs, personal data assistants and MP3 players all
use data formats where the speed of the data flow ranges from thousand of
bits per second, such as MP3 at 320 Kbps, to millions of bits per second,
such as DVDs at 10 Mbps.
Up to now, users had to choose from three formats -- Bluetooth, Wi-Fi
(802.11b) or 802.11a -- to connect their equipment, and each has a
downside. Bluetooth, once promoted by big-name tech companies, requires
little power but offers speeds of only around 1 Mbps. Wi-Fi, the most
prominent of the three technologies, offers speeds of 11 Mbps but needs
more power. And 802.11a offers speeds of 54 Mbps but requires lots of power.
On the other hand, UWB promises speeds up to 100 Mbps and requires low
power. A stand-alone device can be powered with a single AA battery,
according to XtremeSpectrum.
The difference is in how the technology works. Traditionally, a carrier,
such as a radio station, has an assigned frequency. UWB operates across a
wide gamut of spectrum -- 3.1 to 10.6 gigahertz and 24 GHz -- and pulses
the information instead of carrying it.
"We believe this will be a serious threat to Bluetooth and 802.11," said
David Hoover, an analyst at the Precursor Group in Washington.
Gemma Paulo, a wireless analyst with Arizona-based market research firm
In-Stat/MDR, is less sanguine. She said UWB could complement Bluetooth but
that it is "not really" a serious threat because federal regulations say it
must limit its effectiveness to within 10 meters -- although that
limitation could be loosened.
According to In-Stat, the home networking market is expected to reach $3.5
billion in 2004 and $4.9 billion in 2006. The wireless portion of that
market should hit $2.5 billion in 2004 and grow to $3.7 billion in 2006.
Neither Precursor nor In-Stat provide consulting or investment banking
services, the analysts said. Their respective research groups also do not
have financial relationships with the companies they cover.
The UWB concept was first developed in the 1950s but didn't get anywhere
until the late 1970s when the Defense Advanced Research Products Agency, a
research and development organization for the U.S. military, became
interested. In other forms, UWB can be a radar technology that can "see"
through walls, forests and under ground.
"They got very interested in ultra-wideband because of its very low cost,"
said Robert J. Fontana, president and founder of Germantown-based
Multispectral Solutions Inc.
Multispectral Solutions has completed 64 contracts on UWB systems, such as
ground-penetrating radar, with the military since late 2000. The 15-person
company has been profitable from the start, and Fontana predicts that
annual revenue will grow from almost $3 million to $4.5 million or $5
million as the federal government beefs up homeland defense efforts.
But before UWB could be applied commercially, the FCC had to approve it,
and that was a long and controversial process. Since UWB spans a range of
frequencies already used by wireless phone carriers and various federal
agencies, including the global positioning system community, several
established interests saw UWB as competition or merely interference. It
took the National Telecommunications and Information Administration from
September 1998 to February 2002 to negotiate a compromise. The FCC
finalized its approval on April 23.
Because UWB pulses a low-power signal across a swath of radio spectrum,
rather than streaming a signal on a specific frequency, it would not
interfere with broadcasts on any one band.
"It probably produces less interference than a hair dryer being turned on,"
said Rich Doherty, an analyst at the Envisioneering Group of Seaford, N.Y.
Still, the FCC is permitting its use in stages; the radio-frequency noise
from a UWB device must be2,000 times lower than that emitted by a personal
computer, baby monitor or garage door opener. If that produces no
interference with other systems, higher levels of power -- and increased
range of effectiveness -- may be approved.
Likewise, because UWB does not boost a signal on a particular frequency,
UWB providers do not have to use equipment needed to carry a signal, which
in turn knocks down the cost of UWB products.
XtremeSpectrum invested heavily in winning approval of UWB. Although Martin
Rofheart, XtremeSpectrum chief executive and co-founder, declined to
discuss how much was spent lobbying the government, the company hired 18
people for the effort.
"It was huge," said analyst Hoover. "They spent a good portion of their
[money] on lobbying."
It was worth it, Rofheart said. Because XtremeSpectrum -- formed a month
after the regulatory debate began -- was so intimately involved in the
regulatory process, its chipsets were ready as soon as the FCC gave the
final go-ahead.
"We're trying to beat everyone to market," Rofheart said.
"They basically designed their [chipset] around how they thought the FCC
was going to rule," analyst Paulo said.
Rofheart won't discuss revenue projections for 57-person XtremeSpectrum,
but he said the company won't start counting sales until next year when its
manufacturing partners start selling their consumer products during the
holidays. He expects profitability in 2004.
Meanwhile, the company will rely on its venture capital. Funders include
Cisco Systems Inc., Motorola Inc., Texas Instruments Inc., Alliance
Technology Ventures, Granite Ventures and Novak Biddle Venture Partners.
XtremeSpectrum officials have declined to discuss how much they have raised
but plan to announce more funding, including new investors, within a month.
That's good news since the competition is growing. Multispectral Solutions
is expanding from government sales to the commercial market. Fontana said
his company would introduce geolocation services and audio networking, such
as audio systems in churches and arenas, over the next six months.
XtremeSpectrum's leading rival, Time Domain Corp. of Alabama, has said its
PulsON chipsets also will be available to its partners this year. Time
Domain, which has an office in the District, is focusing on wireless
broadband links and precision radar products.
According to analyst Hoover, Time Domain and XtremeSpectrum are sitting
pretty: They are the leading companies in a marketplace that looks to take off.
"They definitely have their foothold," he said. "They're going to be around."
Paulo with In-Stat said XtremeSpectrum has the edge.
"Time Domain wants to be in the consumer space, but they don't seem to have
an organized focus," she said. "XtremeSpectrum is the only company that
seems to know how to play in the commercial realm. The other companies seem
to be a little bit more disorganized."
*******************
Washington Post
Artesia Software to Track DreamWorks Files
By Nicholas Johnston
Washington Post Staff Writer
Wednesday, May 29, 2002; Page E05
Artesia Technologies Inc., a developer of software that helps companies
manage large amounts of digital information, is going Hollywood with its
latest software sale to entertainment studio DreamWorks SKG.
"It's not the biggest deal we've ever done, and it's not the smallest,"
said Artesia's president and chief operating officer, D. Scott Bowen. But
it charts new territory for Artesia among entertainment companies.
"Adoption of technology like ours is really in its infancy" among many
entertainment companies, Bowen said. "In terms of Hollywood studios, this
is our first."
Rockville-based Artesia does count Discovery Communications Inc. in
Bethesda and Home Box Office as other entertainment customers. Discovery
uses Artesia's information management software to keep track of audio and
video files. DreamWorks will use Artesia's technology for more efficient
storage and online distribution of marketing materials such as movie
trailers, pictures and promotional graphics.
"Typically things go back and forth to foreign territories quite a bit,"
said Tom Kotlarek, head of information technology at DreamWorks. "When you
have to put those things on a disk and overnight express them around the
world, costs can potentially add up."
Initially the software will be used only for still images and text
documents, but Kotlarek said DreamWorks plans to expand use of the software
to video clips and movie trailers and possibly to other non-marketing uses.
"We're starting with one department and we'll expand both in the types of
assets and in the number of departments," he said.
Financial terms of the deal were not disclosed, but Bowen said the type of
software platform DreamWorks bought costs $175,000 on average. There is
also a yearly support fee that varies but is usually about 20 percent of
the purchase price.
Artesia raised $26 million in venture capital financing in September 2000.
The round was led by private equity firm Warburg Pincus Ventures and
included other institutional investors and technology firms. Bowen said the
company has plenty of cash available and should approach break-even status
early next year.
"Capital-wise, we're fine right now," Bowen said. "Warburg Pincus has
committed to fund the company operationally through that break-even point."
Bowen expects the company to do more fundraising in the next 60 days, with
additional cash coming from Warburg Pincus and other strategic investors.
More stories in SOFTWARE online at Washtech.com.
*******************
Washington Post
State Cybersecurity Center In Doubt
William Welsh
Washington Technology
Tuesday, May 28, 2002; 8:43 PM
The plan for a national information sharing and analysis center to support
cybersecurity at the state government level has not yet materialized,
despite hopes that it would be ready soon.
Rock Regan, president of the National Association of State Chief
Information Officers (NASCIO) and Connecticut CIO, said May 23 that the
group remains determined to establish such a center and may issue a request
for proposal soon.
"There are still a lot of unknowns. We don't know if it is doable or not,"
Regan said.
Chris Dixon, NASICO's digital government coordinator, said the principal
matters to be addressed before the project can move forward concern funding
and whether information provided by the states to the federal government
would be subject to the Freedom of Information Act.
Dixon said the organization is confident it can secure adequate funding,
but the funds might come from multiple sources, depending on the amount
required. These sources might include federal and state funding as well
other public and private funding, he said.
Aldona Valicente, a NASCIO past president and Kentucky CIO, said the
federal government has encouraged the states to proceed with the project.
An information sharing and analysis center would record and report security
breaches across state IT enterprises, provide early warnings to other
states of network breaches, offer patches to fix violated systems and act
as a clearinghouse for sharing best practices among states.
Reported By Washington Technology, http://www.wtonline.com .
********************
Washington Post
Net Governance Chief Will Step Down Next Year
By David McGuire
Washtech.com Staff Writer
Tuesday, May 28, 2002; 3:53 PM
The president of the organization that manages the Internet's global
addressing system plans to retire next year.
At a closed-door meeting of the Internet Corporation for Assigned Names and
Numbers (ICANN) this weekend, Stuart Lynn announced that he will retire
from his duties as ICANN president next March, when his first term is set
to expire.
Lynn cited the stress and demands of his job as key factors influencing his
decision not to seek reappointment by the ICANN board of directors.
"I'm 65. This is a 7-by-24 job and I've got to take care of myself and my
family," Lynn said.
Lynn said he will continue to spearhead a controversial effort to reform
ICANN, which he said he hopes to complete before his departure next year.
"I plan to put as much of my energy as I can into making that successful,"
he said.
At a meeting in Ghana in March, ICANN voted to restructure itself, in the
process abandoning plans to establish a global mechanism to allow ordinary
Internet users to directly elect some of ICANN's leaders.
Instead, the ICANN board of directors ordered an internal committee to
develop a plan to reform the organization, drawing on a proposal drafted by
Lynn.
Lynn's retirement announcement came at an ICANN board meeting in Garden
City, N.Y., over the Memorial Day weekend that was convened to discuss the
efforts of the internal committee charged with mapping the reform process.
A key issue is how the ICANN board is comprised. The board currently
includes five members (out of 19) who were elected by the Internet public
in a pilot election two years ago.
Lynn and other ICANN insiders have questioned the reliability of
large-scale online elections, saying that they are vulnerable to "capture"
by special interest groups. Lynn said that officials elected by world
governments would do a more comprehensive job of representing public
interests online.
Public interest groups and ICANN critics have responded that public
elections are the only way to keep ICANN's internal bureaucracy in touch
with the needs of ordinary Internet users.
The ICANN reform committee is slated to issue its final report on Friday.
Lynn's retirement announcement coincided with the resignation this weekend
of ICANN Vice President and Chief Policy Officer Andrew McLaughlin.
McLaughlin, who has been with ICANN since 1999, will stay on as a part time
adviser.
Sometime in the next month, ICANN will covene a search committee charged
with finding Lynn's replacement, ICANN spokeswoman Mary Hewitt said today.
The committee will search for candidates internally and from the Internet
community at large, she said.
******************
Federal Computer Week
Identity crisis
Proposed legislation renews debate about value of a national ID card
Shane Ham looks forward to the day when he can make a credit card purchase,
borrow a library book, board an airplane, enter his locked office building
or pay a parking lot fee all with one card his driver's license.
An encrypted biometric identifier would protect his license, making it
utterly useless to anyone else thief, computer hacker or dishonest waiter.
When Barry Steinhart contemplates the same card, he is aghast.
The idea is dangerous for America as a society, Steinhart said. "It would
facilitate the creation of the surveillance society that Americans have
always resisted," he said.
Before long, Steinhart fears, the card will be demanded at doctors'
offices, gas stations and highway tollbooths. It will be required not only
for boarding airplanes, but for boarding subways and buses as well.
Every time a police officer, a security guard or a store clerk scans the
card, Steinhart worries it will add to a database that keeps track of where
the holder has been and what he or she has been doing.
To Ham, a technology policy analyst at the Progressive Policy Institute,
the multiuse, smart card driver's license offers a neat technological
solution to the glaring weakness of current identification documents and
it throws in the benefit of promoting e-commerce and e-government.
To Steinhart, associate director of the American Civil Liberties Union, the
idea is simply a national ID card disguised as a high-tech driver's license
and is likely to evolve into an "internal passport."
Debate over national ID cards dates back decades. The Reagan administration
briefly considered them as a way to discourage illegal aliens from entering
the country an ID would be required to get a job. Then, during the 1990s,
various versions of national ID cards were considered as ways to track
"deadbeat dads," distribute health care benefits, control gun sales and
reform Social Security.
All were rejected. "This idea has failed several other times," said Ari
Schwartz, a policy analyst at the Center for Democracy and Technology.
But since the Sept. 11 terrorist attacks, calls for national ID cards are
being heard again. "This is an attempt to push national IDs under the
national security banner," Schwartz said.
Proposals in Play
In January, the American Association of Motor Vehicle Administrators
launched the effort that now has the most momentum. AAMVA is urging
Congress to require and fund the creation of more secure, nationally
uniform driver's licenses. Driver's licenses, the association said, "have
become the most requested form of identification in North America."
AAMVA wants all states to be required to adopt uniform and stricter
standards by which states verify the identities of people applying for
licenses. The association wants licenses to include a "unique identifier,"
such as a fingerprint or eye scan, as well as other security features. And
it wants state databases to be linked so authorities in any state would
have virtually instant access to the driving records of all other states.
Legislation introduced by Rep. Jim Moran (D-Va.) would fulfill AAMVA's
wishes and then some. Drafted with help from Ham, Moran's Driver's License
Modernization Act of 2002 would require states to issue driver's licenses
with embedded "smart chips" to hold encrypted biometric data, such as a
digitized fingerprint or eye scan.
A driver's data would take up only a fraction of the chip memory. The extra
space could be partitioned to hold additional applications, from credit
card accounts and digital food stamps to voter registrations and fishing
licenses. The license could also hold a digital signature, enabling license
holders to verify their identities online.
That feature, the Progressive Policy Institute contends, "will jump-start
the New Economy, making off-line and online transactions more convenient
and more secure than ever before."
AAMVA asked for $100 million to fund the uniform license initiative, but
Moran has proposed spending $315 million. He introduced his bill May 1 with
Rep. Tom Davis (R-Va.), decrying that terrorists had been "able to weave
into the fabric of American society" by fraudulently obtaining driver's
licenses. He said his legislation "could make a profound difference in
personal and national security."
Moran ensured that his legislation would prohibit using the new driver's
licenses to track individuals. The bill contains "very strict controls for
privacy," he said.
National ID or Not?
Ham, who explained the technical details of the bill, insisted, "This bill
does not create a national ID card in any sense."
That's a claim the ACLU and others dispute. "It clearly establishes a
national ID system," said Katie Corrigan, the ACLU's legislative counsel.
And a committee of the prestigious National Academy of Sciences agrees.
In a report in April, the committee said the "AAMVA proposal to link state
motor vehicle databases is a nationwide identity system. So is the recent
proposal to create a traveler ID and database to expedite security checks
at airports."
A "trusted traveler card" for frequent airline passengers is being
developed by the Transportation Department. Like the smart driver's
license, the trusted traveler card would contain a biometric identifier and
personal information in digital form.
To qualify as trusted travelers, individuals would have to be thoroughly
screened by law enforcement agencies to ensure that they pose no security
threat. Then, with trusted traveler cards in hand, they would be allowed to
move quickly through airport security checkpoints while other travelers are
subjected to more thorough searches.
But shortening lines at airports and ensuring the identities of driver's
license holders is just a fraction of what the ID cards and their
associated computer systems can do, according to the National Academy of
Sciences' Committee on Authentication Technologies and Their Privacy
Implications.
Every time a driver's license or trusted traveler card is used, it could
create another footprint in an electronic trail left by its owner,
compiling a record of individuals' travel, purchases and other activities.
The cards would permit "a tremendous amount of tracking," said Stephen
Kent, the committee's chairman.
To Kent, that raises serious questions: "Under what circumstances would you
be required to present the ID? Every time you use a credit card? When you
pay for something with a check? When you use cash to make certain purchases?"
From a law enforcement perspective, the enormous amount of data that could
be collected might open a vast front for investigation. Data mining could
detect "abnormal or suspicious patterns of behavior that accompany the
planning or execution of a terrorist act," the committee wrote.
An unusual series of gun purchases, atypical sales of explosive materials
or suspicious money transfers uncovered by data mining could point police
toward potential terrorists or criminals, Kent said. It could also,
however, cast suspicion on entirely innocent activity. Such data collection
and analysis would also constitute an enormous invasion of privacy that
"the country as a whole would have to buy into," Kent said.
Personal Protections
To alleviate worries about high-tech driver's licenses, AAMVA officials are
urging Congress to strengthen the Driver's Privacy Protection Act of 1994
to prohibit private entities from collecting data from the smart licenses,
according to Jay Maxwell, president of AAMVA.net, a telecommunications
affiliate of the association.
For example, a bar might require patrons to swipe their smart driver's
licenses through a card reader to verify that they are old enough to drink.
But while the electronic card reader is checking the holder's age, it can
also record name, address and other personal information. Using the card
for age verification is fine, Maxwell said, but AAMVA wants to make
collecting other information illegal.
AAMVA officials also want states to do a better job of verifying the
accuracy of personal information license applicants submit before licenses
are issued. That means more thorough background checks. Over time, making
driver's licenses more secure could improve the reliability of other
documents as well, Maxwell said. Social Security numbers, passports and
other official documents are issued, in part, on the strength of
identification provided by driver's licenses.
But today, driver's licenses can be bought on street corners and the
Internet. "A tremendous amount of counterfeiting goes on now," Maxwell
said. "The average slob in his basement can whip [up a driver's license] in
a moment, and they do. We've got to close that down."
Still, the current driver's license debate never strays far from the
subject of national security.
Sen. Richard Durbin (D-Ill.), who also intends to introduce legislation
based on AAMVA's plan, said better driver's licenses are needed to "help us
seal some of the cracks in our internal security systems."
"We learned that some of the terrorists who were responsible for the Sept.
11 tragedy carried driver's licenses issued to them by states that had
extremely lax application processes," Durbin told Senate colleagues last
winter.
"A driver's license is a key that opens many doors," Durbin said. "In
America, anyone who can produce a valid driver's license can access just
about anything. It can get you a motel room, membership in a gym, airline
tickets, flight lessons and even the ability to buy guns, all without
anyone ever questioning you about who you are. If you can produce a
driver's license, we just assume that you are legitimate and you have a
right to be here.
"My bill is about making the driver's license, which some consider a de
facto national ID card, more reliable and verifiable as a form of personal
identification than it is today."
Durbin's law would have AAMVA set standards that states would follow to
verify identities before issuing driver's licenses. He would also give
state motor vehicle officials limited access to Social Security
Administration and Immigration and Naturalization Service databases to
check identifications.
National Security
But will better ID cards really improve national security?
"No one really knows if a nationwide identity system could detect or deter
terrorism," the National Academy of Sciences committee wrote. "Unless the
database of suspects includes a particular individual, the best possible
identity system would not lead to apprehension."
Better identification probably would not have prevented the Sept. 11
attacks, conclude computer scientists from Computer Professionals for
Social Responsibility, a public interest alliance.
Most of the terrorists were in the United States legally, most had no
records to trigger suspicion of the FBI or other security agencies, and the
terrorists apparently made no effort to hide their identities, the group
said. Thus, verifying their identities would not have aroused suspicion or
led to their arrests.
"Knowing the identity of people will not prevent crime," the group said.
Ironically, high-tech driver's licenses themselves could create new
opportunities for crime, according to Chris Hoofnagle, legislative counsel
for the Electronic Privacy Information Center. Greater use of driver's
licenses not just as permits to operate motor vehicles, but for access to
government and commercial services "dramatically raises the incentives to
forge or steal such credentials," Hoofnagle said.
"The economic incentive to counterfeit these cards could turn out to be
much greater than the economic incentive to counterfeit U.S. currency,"
warns the National Academy of Sciences committee.
But there is another reason Moran's proposal to use chip-bearing smart
cards as driver's licenses is alarming, Schwartz said. "Smart cards can be
easily hacked." In May, two computer security researchers disclosed that
they were able to retrieve protected information from smart cards using a
camera flashgun and a microscope.
And there is a constant game of "hack and patch" played in the chip card
industry, Schwartz said. Suppliers of satellite TV service, for example,
have found that they must frequently switch smart cards to foil hackers.
"It's one thing if a hacker is getting free satellite TV. But once
someone's biometric is stolen, that's major trouble," he said.
Consider what would happen if one person's personal information was stolen
and linked to another's biometric identifier. "It would be extremely
difficult for victims of identity theft to prove their identity once a
biometric other than theirs is associated with their driver's license,"
Hoofnagle said.
Licenses using magnetic stripes and other forms of memory, electronic chips
and even biometric identifiers are all, to some degree, susceptible to
forgery, the National Academy of Sciences committee said. Even if the cards
themselves were foolproof, the large numbers of state employees needed to
create the cards and maintain the databases would offer numerous
opportunities for error and fraud.
But Kent said his committee is not ready to recommend against smart
driver's licenses, trusted traveler cards or even national IDs. "We
expressly did not take sides in this debate," he said, but called for much
greater public scrutiny and a thorough engineering analysis of any proposed
national ID system.
"We felt that the right thing to do was come up with set of questions,"
Kent said. Thus committee members, who include university faculty members
and industry researchers and executives, raised dozens of questions about
matters ranging from legal to technical concerns:
When must the ID be carried? When must it be presented to a government
official? What happens if the holder refuses to present it?
May only the government use or request an ID? Under what circumstances?
Which branches of the government? May any private person or commercial
entity request presentation of an ID within the system? May any private
person or commercial entity require presentation of an ID?
What happens if the ID has been lost or stolen? What if the infrastructure
is down and the ID cannot be verified?
So far, there are few answers. "We felt at the time we were preparing the
report that hardly any of the questions had been addressed," Kent said.
******************
Los Angeles Times
Ventura County to Go Live on the Web
Technology: Computer users will be able to view the weekly Board of
Supervisors meetings. Only a handful of local governments in the state
offer such a service.
By CATHERINE SAILLANT
TIMES STAFF WRITER
May 28 2002
The Ventura County Board of Supervisors meetings are going global.
Starting next week, anyone with an Internet connection can watch the five
politicians hash out county policy, set sewer rates and, occasionally,
trade insults.
Ventura County joins only a handful of local governments in California that
have put live sessions on the Internet, said Matt Carroll, the county's
chief information officer. The county may be particularly well-suited for
the technology because it ranks No. 1 in the state for homes with
high-speed Internet connections, Carroll said.
The board's weekly Tuesday meeting, which begins at 8:30 a.m., will be
relayed live with sound and pictures.
"Maybe we should call it 'Tuesday Morning Live!'" Chief Deputy Executive
Officer Bert Bigler said, joking.
A copy of each meeting will be available on the county's Web page for three
months. That way, someone who wants information on a particular issue can
download previous meetings to see what happened, Carroll said.
Meetings will also be available to the public on compact disc.
To find the link to live board meetings, go to the Web page, at
www.countyofventura.org.
The public's first chance to check out a live meeting will be June 4.
******************
Federal Computer Week
Mixed messages
In March, a poll of 1,120 Americans by the research organization Gartner
Inc. concluded that "U.S. citizens remain wary of a national ID
system...even though virtually all U.S. citizens already have a de facto
national ID in the form of a driver's license."
Researcher Richard Hunter said his poll revealed that 41 percent of
Americans oppose the idea of national identification cards and only 26
percent support it.
Yet just two weeks later, a poll by the American Association of Motor
Vehicle Administrators (AAMVA) found that 87 percent of Americans favor a
nationwide plan to issue driver's licenses with biometric identifiers. And
88 percent of those polled favor linking state motor vehicle databases so
that law enforcement officials anywhere could check records on anyone with
a license.
AAMVA concluded that the "American public overwhelmingly favors cooperative
state and federal efforts" to replace current driver's licenses with
high-tech licenses and a national system of linked driver databases.
Why such different findings?
The answers depend a lot on what questions are asked and how they are
asked, according to the National Council on Public Polls. "Polls usually
are not conducted for the good of the world. They are conducted for a
reason either to gain helpful information or to advance a particular
cause," according to a council report.
Gartner researchers asked poll participants about "national ID cards" and
"national ID databases" as part of its ongoing research into technology and
national security, said Hunter, who headed the Gartner effort.
AAMVA, on the other hand, asked about a plan that "strengthens the current
system of issuing a driver's license or ID card," closes "loopholes" in
license issuing and makes licenses "more resistant to tampering and
counterfeiting."
Gartner's findings:
* Opposition to a national ID database is particularly strong in the South,
West and Midwest.
* Americans trust banks and credit card companies more than government
agencies to manage databases of personal information.
* The agencies that Americans trust the least are state motor vehicle
departments and the Internal Revenue Service.
* The public strongly supports the use of national ID cards for airport
security and for foreigners seeking entry into the country.
* Overall, "people are quite suspicious of what governmental agencies might
do" with ID cards and personal data.
AAMVA's findings:
* 65 percent of Americans believe it is too easy to obtain a false ID card,
such as a fake driver's license.
* 77 percent favor modifying the current system of issuing driver's
licenses and ID cards.
* 87 percent say driver's licenses should be made more resistant to
tampering and counterfeiting by using biometrics such as fingerprints and
holograms.
* 88 percent say states should be allowed to search one another's records
to verify the identities and driving histories of those applying for
driver's licenses.
*************************
Federal Computer Week
A critical difference
Talk of data mining and electronic tracking exasperate officials at the
American Association of Motor Vehicle Administrators.
"The only thing we're interested in tracking is driver information,"
insisted Jay Maxwell, president of AAMVA.net, a telecommunications
affiliate of the association.
"People confuse what the technology is capable of doing with what we're
planning to do with the technology," he said. "If we don't design a system
to track, it won't track."
More secure driver's licenses are not national ID cards, Maxwell said. He
outlined several differences:
* National ID cards would be mandatory, but no one is required to get a
driver's license. Licenses are issued only to those who can pass driving tests.
* When asked for an ID, people can use something other than a driver's
license.
* A national ID, presumably, would have to be carried at all times. A
driver's license can be revoked for poor driving, failure to pay child
support, theft of gasoline and other offenses.
"The purpose we're pursuing is only tangentially related to terrorists,"
Maxwell said. "We're primarily interested in highway safety."
Smart cards with biometric identifiers and security features such as
holograms would make driver's licenses harder to counterfeit, and
interconnected driver databases would give police access to driving
records. That would make it much harder for bad drivers to get new
licenses, according to AAMVA. And better driver's licenses could reduce
underage drinking and alcohol-related crashes, Maxwell said.
Those who fear electronic tracking should be more concerned about credit
card companies, telephone companies, Internet businesses and other
corporate entities that already collect, analyze, store and sell vast
amounts of personal data, Maxwell said. "To a certain extent, we already
have tracking with private-sector data warehouses."
********************
Federal Computer Week
Will privacy be protected?
Since the events of Sept. 11, some commentators and a few government
officials have begun calling for the collection, analysis and use of ever
more information on American citizens and others who are legally in the
country. At first blush, this may seem reasonable. However, these efforts
could represent a severe threat to individual privacy interests, depending
on how they are implemented.
The chief protection for personal information collected by the U.S.
government is the Privacy Act of 1974. Under this law, government agencies
in general are prohibited from disclosing any "record" on any individual
that is "contained in a system of records," including computerized
information and databases, without that person's consent.
The law includes numerous procedural safeguards to ensure compliance and
stipulates that any government employee who knowingly discloses private
information in violation of the law is subject to criminal penalties.
Because the law is designed to protect individual privacy interests,
agencies are allowed to release information they collect if they first
delete from the records all identifying features that would enable the
information to be associated with particular individuals.
The Privacy Act applies to many government contractors "when an agency
provides by contract for the operation by or on behalf of the agency a
system of records to accomplish an agency function." Moreover, the law
explicitly states that the contractor's employees are subject to the same
criminal penalties for improper disclosure of private information as are
government personnel.
All of this sounds like a lot of protection for the personal information
collected by the government and its agents. However, there are a number of
exceptions, some of which are big enough to drive a truck through.
Most important is an exception that allows agencies to disclose personal
information to anyone at any time for any "routine purpose." A "routine
purpose" in this context is any purpose that is compatible with the one for
which the information was collected in the first place, as long as the
agency has previously published in the Federal Register a notice that
information of that sort might be disclosed.
For example, a court recently found that the exception allowed an agent of
the Bureau of Alcohol, Tobacco and Firearms to inform a condominium
association that one of its members was requesting a gun dealer's license,
because the disclosure was compatible with the bureau's need to verify
information on the member's application.
Allowing federal agencies to collect and keep the kinds of extensive
information on Americans that some people are advocating is not necessarily
a clear solution. One thing is clear, however. If Congress is going to
allow this, it should first strengthen the Privacy Act in order to ensure
that the information is not used to the detriment of innocent Americans.
********************
Federal Computer Week
Great expectations
Editorial
The 6-month-old Transportation Security Administration has an opportunity
to do what many agencies likely dream about: build an agency and an
information technology infrastructure from scratch.
TSA is preparing to launch a $1 billion-plus contract to give it the latest
and greatest technology it needs to equip and connect its far-flung offices
and airports around the country.
Many agencies would love to toss out their legacy systems and aging
applications and construct a gleaming new IT infrastructure that would
propel them into the interactive world of e-government. What's more, TSA,
with its homeland security role, is attracting procurement, technology,
security and other experts from across government who want to make the
agency's vision a reality.
But creating an agency from scratch under any circumstance is no easy task.
Thousands of moving parts must come together.
Sharing information with other agencies still struggling to replace their
aging systems will be a challenge. Add to that the pressure of the schedule
that governs TSA's every move and its central role in securing air travel,
and it's clear that the road ahead is a long one.
It appears, however, that TSA is on the right track. According to its most
recent update to Congress, the agency is incorporating the items in the
President's Management Agenda to make it a truly performance-based
organization.
For instance, it will be able to automatically tie resource requirements
and expenditures to performance and results. In accordance with the
Government Performance and Results Act, TSA has laid out specific goals,
such as improving customer satisfaction, and ways to measure progress. On
April 25, the agency launched an initial system that collects performance
data and presents the information via Web-based reports.
TSA must make sure this work continues. Agency officials can't let their
desire for a quick fix distract them from doing it right the first time
around. This is an opportunity that can't be missed.
*********************
Federal Computer Week
Weldon envisions virtual hearings
If one Congressman has his way, a virtual hearing room on Capitol Hill will
help transform the legislative process.
Imagine this: The United States has suffered an embarrassing military
blunder on a base in the Pacific Rim and members of Congress want answers.
The House Armed Services Committee is demanding a hearing on the gaffe and
has given the commander of the installation less than 24 hours to prepare a
brief on the events.
Without hesitation, the commander, seated in his office halfway around the
world, agrees and soon begins briefing the full committee seated
comfortably in a Capitol Hill hearing room.
Right now, this hearing scenario is impossible. But Rep. Curt Weldon
(R-Pa.) has made it a priority for next year to create a virtual hearing
room on Capitol Hill.
Speaking last week at the International Quality and Productivity Center's
Network Centric Warfare 2002 conference, Weldon said the key to getting
Congress' support for funding military transformation initiatives is
educating members and making them adapt.
Most members of Congress do not understand network-centric warfare which
seeks to make data available to those who need it across the organization
or on the battlefield or consider it a priority because there is not a
natural constituency for the concept as there is for building more
warships, he said.
"Legacy systems have the attention of Congress; transformation doesn't,"
said Weldon, who is chairman of the House Armed Services Committee's
Military Procurement Subcommittee. "If we expect to win the battle of
network-centric warfare, we have to have a transformation of the Congress
as well."
To do that, Weldon said he'd like to see a virtual hearing room built in
one of the congressional buildings on Capitol Hill. The room would be
equipped with secure workstations for all the members and enable real-time
programming to locations around the world.
For example, if the engineers at the Army's Communications-Electronics
Command in Fort Monmouth, N.J., developed a revolutionary piece of
technology and wanted to brief Congress on it, they could do so without
having to come to Capitol Hill, Weldon said.
John Garstka, assistant director of concepts and operations in the Office
of Force Transformation in the Office of the Secretary of Defense, said
that he's seen similar capabilities, specifically videoconferencing and
visualization tools, used in comparable settings and does not see why it
couldn't work on Capitol Hill.
"I would not see any technological challenges," Garstka said, adding that
politics and resources would be the main obstacles. "If Congress wanted to
do it, they could fund it."
If funding is made available, other issues would need to be addressed, such
as security and bandwidth capabilities.
When asked if Congress could do something similar, Fredric Lederer,
chancellor professor of law at the College of William and Mary, said, "It's
a cinch, but it depends how high-tech you want to go. The concept of
[virtual] hearing rooms on Capitol Hill is a very fine idea because it
allows Congress the opportunity to take testimony from those that can't
travel and replicate things" that aren't easily done in Washington, D.C.
Still, security would be a major concern, especially for members wanting to
conduct briefings on top-secret subjects.
"The key word is 'secure' as far as the setup goes," Lederer said, adding
that the defense and intelligence communities have defined levels of
security to meet, and even that might not be enough. "I'd assume there are
subjects they couldn't ever talk about in that room."
If security and bandwidth issues were addressed, a virtual hearing room
could be set up in about a week, he said.
*******************
Federal Computer Week
Anti-terror bills march forward
Congress is moving forward to put money and muscle behind programs to fight
terrorism and protect the homeland.
The House passed a bill early this morning to provide $29 billion to fight
terrorism at home and abroad. Billions would be showered on information
technology projects to tighten security systems and fund such tools as
devices that detect explosives at airports. The Senate is considering a
bill with even more money $31 billion.
The money is the second installment of anti-terrorism funding in fiscal
2002 since the Sept. 11 attacks. Late last year, lawmakers approved $40
billion for fiscal 2002. Lawmakers are working on other spending packages
for fiscal 2003.
The House approved several other anti-terrorism measures, which still await
Senate action, including:
* Approving a bioterrorism package that would give authorities more clout
in preparations for and responding to public health emergencies.
* Authorizing $9.1 billion for the Customs Service to purchase and deploy
anti-terrorism detection equipment along the Canadian and Mexican borders.
* Authorizing $100 million for the Department of Veterans Affairs to
develop four new research centers, with at least one focused on biological
terrorism, one on chemical and one on radiological threats.
********************
Federal Computer Week
FAA workers to get smart cards
The Federal Aviation Administration plans to equip all of its employees
with smart cards as part of a new pilot program.
"This will be the second-largest agency rollout," said Bill Holcombe,
director of e-business technologies at the General Services Administration.
"That's significant. With these congressional mandates, if the FAA does it
first, we'll all be watching very closely."
Since the Sept. 11 terrorist attacks, federal officials have pushed
agencies to bring secure identification technologies into the public
sector. The Aviation Security Act requires the Transportation Department to
develop a universal transport worker ID system.
"The FAA is mirroring the pressure that all the government agencies have,"
said Randy Vanderhoof, president and chief executive officer for the Smart
Card Alliance, a nonprofit association of 185 firms that promotes the use
of smart card technology.
The Defense Department began handing out the Common Access Card, a secure,
multi-application smart card, in October 2001. Delaying its target delivery
by a year, DOD now hopes to get the cards to each of its 3.5 million
workers by October 2003.
Meanwhile, the FAA is getting ready to launch its own smart card program.
Although the agency is much smaller than DOD, with about 51,400 employees,
it will serve as a model for the entire Transportation Department,
including the high-profile Transportation Security Administration.
The FAA expects to release a request for proposals for the pilot in the
next couple weeks, said Tammy Jones, a spokeswoman for the agency.
The cards initially will have holograms and eventually will include some
type of biometric technology, said Jones, adding that workers will use them
to gain physical and systems access. The FAA anticipates benefits that
include standardizing the process for handling badges, reducing the number
of IDs issued and being able to deactivate cards when employees leave, she
said.
A top priority is ensuring interoperability throughout DOT, said Dan Mehan,
FAA's chief information officer, speaking May 22 at the Information
Technology Association of America's E-Security and Homeland Defense
conference in New York City.
GSA already has developed smart card interoperability specifications. A
final version will be out this summer, Holcombe said.
"We think it's critical agencies follow the specifications to avoid ending
up with proprietary systems that can't talk to each other," he said. "The
government has a great foundation for them to depart from."
DOD, which began its program before the specifications were out, said it
would align with GSA's specifications, he added.
The FAA "will be wise to follow that standard," Vanderhoof said. "The
challenge is very significant. The issue is to marry the policy decision
along with the technology decision so the architecture is workable within
the way the government does business."******************
Federal Computer Week
DOD tech pushed for first responders
Rep. Curt Weldon (R-Pa.) included an amendment in this year's Defense
authorization bill that would enable the nation's firefighters and other
emergency response personnel to use DOD-developed technologies to help them
do their jobs better and safer.
Speaking May 22 at the International Quality and Productivity Center's
Network Centric Warfare 2002 conference in Arlington, Va., Weldon said he
didn't see why a firefighter shouldn't have access to the same thermal
imaging unit or other tools that soldiers in the battlefield use if
civilian agencies could use them to save lives.
"Why is the life of a firefighter less important than the life of a
soldier?" Weldon asked.
To help put appropriate military-driven technologies in the hands of
civilian personnel who need them, Weldon said he would like to establish a
National Technology Transfer Center. (The center would be different than
the organization of the same name that is designed to help government
contractors transfer their technology into the commercial market.)
The amendment calls for DOD to find "an independent, nonprofit,
technology-oriented entity that has demonstrated the ability to facilitate
the transfer of defense technologies, developed by both the private and
public sectors, to aid federal, state and local first responders."
Specifically, it calls for DOD to establish an outreach program in
coordination with the Interagency Board for Equipment Standardization and
Interoperability and first responders to develop an awareness of available
technology and equipment to support crisis response.
"The idea is to take cutting-edge military technology and transfer it to
the civilian community," Weldon told Federal Computer Week, adding that the
focus will be on firefighters, emergency medical workers and other first
responders because DOD has already begun sharing with the law enforcement
community.
Weldon said he would like to see the center serve as a "central operations
center" and run by a nonprofit organization. He intends to meet next week
with representatives of one such organization, Battelle, to discuss the
project.
The amendment calls for the secretary of Defense to enter into an agreement
with a technology partner by Jan. 15, 2003, and to submit a report on the
actions taken and strategic plan developed to the House and Senate Armed
Services Committees by March 15, 2003.
********************
Federal Computer Week
Intrusion-detection net revived
The General Services Administration and Carnegie Mellon University this
fall will start testing a new technology to analyze and report on patterns
in the cyber intrusion information gathered across government, an idea that
was first floated and eventually sunk two years ago.
The data analysis capability (DAC) being developed by the CERT Coordination
Center for GSA's Federal Computer Incident Response Center will analyze
data already being collected by intrusion- detection systems at many
agencies, said Sallie McDonald, assistant commissioner for information
assurance and critical infrastructure protection at GSA.
Those systems typically report on unusual or unauthorized network activity
that might indicate that someone is attempting to attack or break into
agency systems. The DAC will gather data from the sensors or from agencies'
own analyses at a central point within FedCIRC for identification of
potential vulnerabilities and attacks.
That analysis will then be shared with participating agencies, along with
steps to protect against, react to or recover from any incidents, McDonald
said. FedCIRC is the overarching source for security incident warnings and
analysis for all civilian agencies.
The idea of a governmentwide system for analyzing intrusion-detection data
first emerged in 1999 as part of the Clinton administration's National Plan
for Information Systems Protection.
Privacy concerns raised by advocacy groups and Congress after erroneous
reports that the analysis would be performed on private-sector networks as
well as government networks forced GSA and the administration to withdraw
the proposed Federal Intrusion Detection Network in 2000.
Even as more agencies turn to vendors for intrusion data analysis within
their own networks, this type of centralized analysis capability is a
necessary tool for raising the entire government's information security
posture, said Amit Yoran, a former director of the Defense Department
CERT's Vulnerability Assessment and Assistance Program.
And it is technically feasible to analyze the vast amount of information
that the DAC will have to handle from all of the civilian agencies, said
Yoran, co-founder of Riptech, a managed security services company. Riptech
handles approximately 2 terabytes of incident information every day from
all of its government and industry clients, he said.
As an incentive for agencies, GSA will allow participants in the pilot
project to use the technology to analyze their own incident information in
real time, McDonald said. That analysis will then be sent to FedCIRC to map
the governmentwide incident and vulnerability status.
If the pilot project is successful, the DAC is expected to reach full
operating ability in fiscal 2003, she said.
************************
Federal Computer Week
Industry opposes security standards
The private sector has signaled its opposition to language requiring the
National Institute of Standards and Technology to develop benchmark
security standards for federal agencies. The wording was added May 17 to a
bill passed by the Senate Commerce, Science and Transportation Committee.
Industry representatives said last week, however, that they hope to work
with the committee to resolve their opposition to the amendment to the
Cyber Security Research and Development Act (S. 2182), which seeks to
improve federal information security.
Working through NIST and the National Science Foundation, the act would
inject more than $900 million into security research, grants, training and
education during five years. A companion bill passed the full House in
February.
Educators and researchers have often called for such rates of federal
funding in recent years, and researchers in industry and academia have
praised the act since it was introduced in the Senate this year and in the
House at the end of last year.
The amendment, offered by Sens. Ron Wyden (D-Ore.) and John Edwards
(D-N.C.), increased the funding level. But it also added a requirement for
NIST to establish benchmark security standards for federal agencies
developed in conjunction with industry, academia, the Office of Management
and Budget and the CIO Council. Under the amendment, those standards would
be reviewed and updated at least every six months.
The standards would be "a baseline minimum security configuration for
specific computer hardware or software components, an operational procedure
or practice, or organizational structure that increases the security of the
information technology assets of a department or agency," according to the
amendment.
Other requirements in the amendment include reports by the National Academy
of Sciences and the CIO Council (see box).
The Business Software Alliance (BSA) and the Information Technology
Association of America (ITAA) oppose the idea of standards. According to
both organizations' statements, establishing such standards would hinder
efforts to quickly respond to changing security threats and could possibly
spill over to impose standards on the private sector.
Officials for both organizations said they are working closely with the
committee staff, and BSA officials are "optimistic that we can get
something resolved before the bill gets to the floor," said Jeri Clausing,
director of public relations for policy at the alliance.
However, only the complete removal of the standards language would be
acceptable to ITAA, said Shannon Kellogg, vice president for information
security programs at ITAA.
"The bill as originally proposed is something that we've been supportive
of," Kellogg said. "But anything that's in the bill that focuses on the
standards area is unacceptable."
The committee's intention was not to set technology-specific standards that
could block innovation or new technologies, according to a staff member who
asked not to be named.
If agencies were not already paying attention to the problem of
accountability and standards, and were not already working internally to
address those issues, then congressional action might help raise awareness,
said Harris Miller, president of ITAA.
But since agencies are in fact taking action on their own, any standards
will only cause confusion or harm, he said. Any accountability measures
should focus more on performance, and such measures are already included in
the bills to reauthorize the Government Information Security Reform Act of
2000, Miller said.
***
Reporting on standards
An amendment to the Cyber Security Research and Development Act submitted
by Sens. Ron Wyden (D-Ore.) and John Edwards (D-N.C.) would mandate several
studies to determine whether requiring agencies to adopt benchmark security
standards would benefit or harm the agencies
.
For one report, the National Academy of Sciences would examine the impact
of the security standards on agencies. That study, which would have to be
completed within three months after the bill becomes law, would look at the
following issues:
* The extent to which an agency's security would be improved by the
adoption of benchmark standards.
* The operational benefits, costs and consequences of adopting such standards.
* The effect of agencies' different security needs on determining and
adopting standards.
The CIO Council would be required to submit a report to Congress within
three years providing details on three issues:
* The status of the adoption of benchmark standards at each department and
agency.
* The costs associated with such adoption.
* Any barriers to adoption and recommendations for overcoming such barriers.
***********************
Federal Computer Week
To protect and serve
Web content management software protects servers against hackers
Paranoia can be a healthy trait when it comes to Web security. Most Web
sites, including those at federal agencies and departments, are far more
vulnerable than even most Webmasters believe.
Hackers recently compromised a system hosting thousands of "parked" domains
that, instead of showing the usual "Under Construction" banner, featured an
image of a mutilated rag doll along with a taunting message indicating that
the site had been pirated.
It could happen to you. A recent study by Gartner Inc. predicted that 50
percent of all small to midsize enterprises would be hacked by 2003, with
almost 60 percent of those not even knowing they had been hacked.
The increasing vulnerability can be attributed to a rise in hacking
activity, but it is also caused by the ever-increasing complexity of Web
sites today. Not so long ago, manual methods could be employed, such as
looking at each piece of content and repairing it as needed. The complexity
of today's Web sites including numerous pages, images and associated
features make this manual method ineffective.
Fortunately, there is a solution: Lockstep Systems Inc.'s WebAgain Version
2.5. By acting as an intermediate server, the software ensures that content
is staged and preserved before deployment on the Web site. At configurable
intervals, the staging server will query the Web site and compare files for
differences. Should one be found, the contents and/or files are captured
and quarantined on the Lockstep server, and the original content is
restored. The sofwware puts an entry in a log and sends a message to the
administrator.
Although many products on the market today, such as Tripwire for Web Pages
from Tripwire Inc. and Watchguard AppLock from Watchguard Technologies
Inc., offer similar protection, only WebAgain is able to tout self-healing
capabilities via content restoration without human intervention.
In addition to protecting against deliberate hacker attacks, the solution
is a great way to eliminate the threat of accidental content corruption by
well-meaning but perhaps technologically deficient employees. Moreover, it
also serves as a wonderful audit trail for all changes made to the Web
site. What makes it even better is that, should you decide to implement it,
the only change in process is that you publish to the WebAgain server
rather than directly to your Web server.
New features in this release include increased security via support for
virtual private network tunnels and virtual directories, faster
performance, a Japanese version and compliance with Microsoft Corp. Windows XP.
Installation and setup of the application was easy and straightforward.
Upon completion of installation, the software immediately guided me to the
Web site management wizard, where I quickly configured the solution to work
with a simple Web site consisting of three main pages and six subpages.
Within this interface, I defined the way the content would be transferred
(FTP, shared folder, etc.), whether it would sit behind a firewall and the
number of times the site would be tested.
By making adjustments such as simple price changes on static pages,
replacing images and putting additional files on the Web server, I was able
to create a nice test bed from which to operate. Because I had previously
set the frequency of scans to 15 minutes, I needed to wait that amount of
time to see whether my changes were recognized.
As expected, the solution caught my changes, informing me of each
infraction via my selected method, e-mail. Should I have wanted, a Simple
Network Management Protocol event could also have been generated and
transmitted to an administrator.
During testing, I found very little to complain about. The only concern is
that the server runs as a Windows NT service, making it less than ideal for
agencies that are pure Unix shops.
Aside from that, I found WebAgain to be an excellent tool, and I highly
recommend it. Its low price, ease of use and extra protection make it a
must-have tool in any situation where content security is important to
Webmasters.
Fielden is a freelance writer based in St. Paul, Minn. He can be reached at
tfielden@xxxxxxxxxx
*********************
Federal Computer Week
Wireless on the battlefield
Commercial products not always best security solution for Defense Department
Concerns over battery life, the need for ruggedized machines and
ever-present bandwidth issues are among the many obstacles that the Defense
Department faces as it attempts to outfit soldiers with reliable,
interoperable wireless communications on the battlefield.
But securing those communications is still far and away the biggest
challenge the department must overcome. And despite a push to use
commercial off-the-shelf (COTS) solutions to do it, those solutions may not
be the best answer, according to some academic and industry experts.
Marine Corps Lt. Col. J.D. Wilson, team leader for tactical wireless in the
program manager's office for communications systems, said the military has
a "burning need" for tactical wireless communications and asked the private
sector to develop the technologies necessary to make that happen. He spoke
at an Armed Forces Communications and Electronics Association information
technology conference earlier this month in Quantico, Va.
The problem for the military in using COTS solutions on the battlefield is
that the solutions are being used in environments and exposed to
threats for which the developers never planned, said John McHugh, senior
member of the technical staff at the CERT Coordination Center at Carnegie
Mellon University in Pennsylvania. "The information I've seen says we're in
a lot of trouble," McHugh said.
Eugene Spafford, director of the Center for Education and Research in
Information Assurance and Security at Indiana's Purdue University and a
participant in a separate forum on wireless security in Washington, D.C.,
agreed. The issues surrounding security for wireless communications, he
said, connect to a higher-level issue in government procurement: an
over-reliance on COTS products.
Spafford said that although COTS products may be inappropriate for certain
situations, the fact that they are more affordable than the alternatives
means the government will buy them anyway.
"It's a symptom rather than a feature," he said. "Why would you use a COTS
product for a high-reliance, high-risk environment" if it wasn't developed
for that purpose? Instead, DOD should use a long-range architecture plan to
accommodate systems on the battlefield, rather than buying COTS solutions
and altering them, Spafford said.
Wilson said the Marine Corps uses traditional radios to send encrypted
"data grams" through modems on voice networks to reach a destination, but
would like to move to a wireless, peer-to-peer environment that would also
enable multicasting and avoid "manual intervention."
The solution may come through DOD's Joint Tactical Radio System (JTRS),
which is essentially a computer with a radio front end. The
software-programmable, multiband, multiuse radio will permit communications
across DOD services, something that has been difficult or impossible
because of radio frequency problems, Wilson said.
DOD is requesting $172 million for JTRS in fiscal 2003, up from $165
million in fiscal 2002.
Still, there will be a time in the near future when traditional radios work
side-by-side with software-programmable models, "and we'll need to be able
to route and secure them properly," Wilson said.
Stephen Orr, a systems engineer for Cisco Systems Inc.'s DOD northeast
division, said that even if industry comes up with a new form of encryption
or other security device, it usually takes more than two years to get DOD
approval.
That lag time means that hackers and other adversaries probably have
figured out a way to beat it, McHugh said.
***
Solution seekers
A recent wireless forum brought together leading security experts from
government, industry and academia to identify leading security problems
associated with wireless proliferation and propose solutions.
The forum, "A Roadmap for a Safer Wireless World," was closed to the
public, but the resulting recommendations will be released as a report
"definitely by the end of June, if not before," said David Black, security
technologies manager for Accenture, who moderated the event. "It's not
necessarily going to be a consensus, but it will identify the major themes."
Accenture and the Center for Education and Research in Information
Assurance and Security (CERIAS) at Indiana's Purdue University sponsored
the event, held in Washington, D.C.
In addition to representatives from Accenture and CERIAS, roundtable
participants included the Justice Department's Computer Crime Unit, the
National Security Agency, the universities of Pennsylvania and Maryland,
AT&T Labs, Intel Corp. and Cisco Systems Inc.
***********************
Federal Computer Week
E-gov security gateway in works
The General Services Administration this fall plans to take bids on the
development of one of the linchpins of the Bush administration's vision for
e-government: a security gateway that would provide a single point at which
users can sign on to access services that require passwords or other means
of authentication.
GSA is the lead agency on the e-Authentication initiative, one of two
crosscutting initiatives under the administration's e-government strategy.
The initiative aims to provide whatever level of authentication is deemed
appropriate a password, online digital certificate or smart card for
services offered as part of the other 22 e-government initiatives. The
other initiatives include services such as online grant applications and
electronic disaster benefits payments.
Not everyone or every service will require authentication. Many people
visit Web sites only to search for information and others may choose to
authenticate themselves only when they get to the site where the
application resides, said Sallie McDonald, GSA's assistant commissioner for
information assurance and critical infrastructure protection.
"But if you want to engage in a transaction with government, and you want
to authenticate at the gateway, then you can do that and only authenticate
yourself once," she said.
Most of the initiative services will be accessed through the FirstGov Web
portal, and GSA plans to release a request for proposals (RFP) in September
for an authentication gateway that will be attached to FirstGov, according
to McDonald, speaking last week at the E-Security and Homeland Defense
conference in New York City.
Before GSA issues the RFP, Mitretek Systems Inc. will define the
requirements and start developing a pilot program, said Steve Timchak,
program manager for the e-Authentication initiative.
Citizens, vendors and government employees will provide their
authentication when they sign on through FirstGov. A password will provide
access to services with relatively low security requirements. For every
higher level of authentication, a broader range of services will be
available, McDonald said.
The gateway takes authentication technology to a height that few have tried
to reach before, said Alan Paller, director of research at the SANS
Institute, a security education and consulting organization.
"This is an example of the government leading by example," Paller said.
"The best part of this is it's a demo [of authentication technology] and
it's a wonderful use of FirstGov."
For the gateway, GSA will analyze the security risks associated with four
of the initiatives that are the farthest along to identify what
authentication might be needed, Timchak said.
GSA will perform the analysis using the Operationally Critical Threat,
Asset and Vulnerability Evaluation (OCTAVE) tool developed by the CERT
Coordination Center at Carnegie Mellon University in Pennsylvania.
OCTAVE is intended for use on mature systems, so GSA is waiting for the
center to modify the tool for use on systems during the
requirements-development phase, Timchak said. The modifications should be
completed within the next month.
***
E-Authentication timeline
Now: Mitretek Systems Inc. is determining technical options.
June 18: General Services Administration briefs vendors.
Summer: Request for information released.
September: Request for proposals released.
Sept. 30: Mitretek gateway pilot project reaches initial operating capability.
Sept. 30, 2003: Vendor prototype gateway reaches final operating capability.
**************************
Government Computer News
DOD adjusts its plans on hiring foreign workers
By Dawn S. Onley
The Defense Department has rethought plans to disqualify foreign nationals
from jobs that include handling unclassified but sensitive IT.
If would-be workers pass background investigations and get letters of
approval from the agency chiefs seeking to employ them, the department will
allow the hires to proceed, senior DOD managers said.
Defense agency chiefs are encouraged to hire U.S. citizens first for
sensitive IT positions, said Pete Nelson, DOD's deputy director for
personnel security. Foreign nationals can still work on systems within DOD
provided they are "properly vetted for the material to which they have
access," he said.
When DOD issued its no-foreigners proposal in March, some industry
officials expressed concern that the rule would call for foreign employees
to be removed from positions in which they would handle sensitive but
unclassified information. Such data includes personnel data and information
on weapons systems.
"There is no per se rule to disqualify foreign nationals other than to
encourage use of U.S. citizens in [sensitive but unclassified] positions,
but that is ultimately up to the system owner or agency head," Nelson said.
He said DOD would require U.S. citizens as well as foreign nationals to
pass background investigations to gain access to secure data.
It is still unclear how many contractors would be affected by the proposal.
DOD expects to issue a final policy by September.
*******************
Government Computer News
Senate awards $100 million IT services contract
By Jason Miller
The Senate Sergeant of Arms recently awarded Signal Corp. a $100 million
contract for systems services at all Senate offices in Washington and at
450 field offices across the country.
The Fairfax, Va., company will provide help desk support, IT installation
and maintenance, and hardware and software products. The contract, which
has one base year and five one-year options, begins June 1 and covers 9,000
desktop computers and 1,000 servers nationwide.
Signal's team includes Hewlett-Packard Co. and Interstate Relocation
Service Inc. of Springfield, Va. HP will install new equipment and provide
on-site technical support. Interstate Relocation Service will supply
inventory and transportation services.
The Senate might expand the contract to include LAN design, threat and
vulnerability analyses, network performance monitoring, security and
systems administration, Signal officials said.
**********************
BBC
Being wired helps you connect
Quite the opposite, argues Professor Keith Hampton, an expert in
cyber-sociology at the Massachusetts Institute of Technology.
"The social impact of new communications technologies is a greater number
of social ties, more diverse social ties, more support," he said.
"It doesn't cut into your phone communication. It doesn't interfere with
your face-to-face contact. It just increases communication," Professor
Hampton told the BBC programme, Go Digital.
Binding communities
Various studies have suggested that people who spend time online are more
vulnerable to unhappiness and loneliness.
One report by researchers at Carnegie Mellon University suggested that even
spending an hour a week surfing the internet could increase depression.
But in his research on the relationship between technology, social
relationships and the urban environment, Professor Hampton has found that
the internet can serve to bind a community together.
"It's all garbage," he said of studies labelling net users as depressed or
lonely individuals.
He argues that the key difference between his research and other studies is
that he sees the internet as part of people's everyday lives.
"The internet is just another communication medium that any of us use to
communicate with friends and family," he said.
"If you look at it as just another technology that provides you with access
to people, you see that communication online leads to more communication,
in person or on the phone."
Unique neighbourhood
Professor Hampton is a pioneer of cyber-sociology.
For his doctorate, he spent two years as a member of the Netville project,
a wired neighbourhood in the suburbs of Toronto.
The community was built from the ground up with a high-speed computer
network - offering fast internet access - a videophone, an online jukebox,
online health services, local discussion forums and entertainment and
educational software.
Professor Hampton found that living in a wired community encouraged greater
community involvement, strengthened relationships with neighbours and
family, and helped maintain ties with friends and relatives living farther
away.
"Netville was a unique situation," he said. "It allowed people to form
social relationships when they moved in and solve all sorts of problems you
encounter when you move to a new suburban community.
"When you move into a new home, one of the first questions is where can I
find a babysitter, where can I find the best pizzeria? All these questions
were answered online with information by existing residents."
Ironically, once the research project was over, the companies that had
provided the technology that went into people's homes decided to take it
all out.
Faced with the loss of their technology infrastructure, the residents
pulled together to replace what they had lost.
"They now all have cable modem access and they have replicated their
neighbourhood e-mail list," said Professor Hampton.
"These were the most important technologies to them - broadband access to
the internet and simple e-mail technology that allows you to communicate
with your neighbours."
********************
BBC
Turkey tightens controls on the net
Controversial new controls on the internet in Turkey have provoked protests
from websites which fear they may be driven out of existence.
The new measures are part of a new wide-ranging broadcasting law which
place the internet under the same legislation as the rest of Turkey's media
for libel and an offence called "lying news".
Under the new law, websites could face having to be officially registered
and send copies of their material to the authorities.
The measures have been condemned by much of the internet sector, from
service providers to users, who warn that the whole future of the net in
Turkey could be at stake.
Impact on internet sector
Savas Unsal, Managing Director of Superonline, Turkey's largest internet
provider, is furious, describing it as a "dirty law".
"There's not going to be a certain direction, no freedom of speech and this
is going to impact the local content and local hosting services and
eventually the whole internet sector," he said.
"They might easily put me and my chairman out of business."
With around a million subscribers, Superonline has been part of the
country's rapidly growing internet sector.
Many burgeoning Turkish internet websites carry criticism of ministers,
including material newspapers dare not publish.
But Dr Oktay Vural, Minister of Transport and Communications, insists the
measures are not intended to stiffle sites.
"There are no restrictions. It is only that there have been several things
which have been forbidden by the law," he said.
"So if these actions were taken through the internet, then the regulations
will cover for those actions only. We cannot be an eye in the chatrooms;
that is not the aim of that law.
"Let's see what happens. I don't think it will affect the internet. I think
time will show the truth," he said.
Media controls
The new law puts the internet under the control of Turkey's Supreme Radio
and Television Board.
According to Savas Unsal, that opens the door to the internet facing the
similar restrictions as the rest of the country's media.
"A judge can tell you to bring a copy of your website whenever you update
it to be approved by the local authorities," he said.
The law is unclear what it actually covers. According to Fikret Ilkiz,
media lawyer for the Turkish daily newspaper, Cumhuriyet, internet
providers could be liable for prosecution for anything written, even in
chatrooms.
He also argues that the notion of "lying news" is too ambiguous.
"The biggest problem is that the law is very unclear. The law forbids fake
or lie news. But what is this?" he asked.
"The law doesn't define what it is. It just says it's forbidden. And this
could apply to chatrooms.
"The way the law is now, it will be defined by many court cases. For now,
there is great uncertainty. No one knows what is legal and what is not. It
is chaos."
'Ambiguous law'
Reaching a definition of the law by court cases could well be an expensive
process for internet providers and users, with fines of up to $195,000 for
each offence.
But some critics of the law argue it is deliberately ambiguous. Much of
Turkey's legislation governing the control of the media is characterised by
catch all phrases.
The internet until now has been largely exempt from such legislation. Such
freedom has allowed it to become a powerful forum for criticising politicians.
Many journalists publish articles on the internet which neither television
nor newspapers dare print, due in part to existing legislation.
The European Union, which Turkey aspires to join, has strongly condemned
such legislation. This latest law has also drawn the ire of the EU, with
officials calling for its repeal.
That could well happen because Turkey's President Ahmet Necdet Sezer has
sent the law to the Constitutional Court, accusing it of breaching the
constitution.
The court could take up to a year to make a ruling. In the meantime, the
law remains in force.
Internet slowdown
The uncertainty created by the new legislation could prove most damaging of
all to Turkey.
Professor Haluk Sahin, who teaches media studies at Istanbul's Bilgi
University, warns that Turkey risks repeating the mistakes of the past
"A lot people in Turkey realize that Turkey must not make the mistake of
200 years ago," he says.
"Some 200 years ago, the Ottoman Empire missed the Industrial Revolution.
Now, we believe that the internet, and computers in general, provide us
with a second chance.
"A new train has arrived. Whether we embark on that train or not is up to
us and the younger generations seem determined to do that.
"Unfortunately, the older generations and the politicians do not seem to be
of the same mind," he said.
You can hear more about how Turkey is controlling the internet on the BBC
World Service programme, Go Digital.
*******************
USA Today
Schools taking high-tech approach
WASHINGTON (AP) When architects turned a former Safeway grocery store into
a public charter school in 1999, they ditched the dusty chalkboards.
Instead, each of the 17 classrooms at the SouthEast Academy of Scholastic
Excellence got a glossy whiteboard and set of colored markers to the
delight of special education teacher JoAnne Anthony.
"I love it because I have allergies and I don't like chalk," said Anthony.
"I don't like it on my hands and on my clothes."
While the old-fashioned chalkboard remains a fixture in most U.S.
classrooms, school designers have all but eliminated it.
Taking a page from the business world, they're outfitting most new and
remodeled schools with whiteboards, in some cases installing high-tech
devices that turn them into virtual computer screens.
Teachers can surf the Internet in front of class, save and print out
lessons or even create animated diagrams that students can review on a home
computer.
"It's helped us to teach the way we've always wanted the class to go," said
Albert Throckmorton, director of curriculum technology at Episcopal High
School in Alexandria, Va.
Even before such gee-whiz devices came along, educators say, the chalkboard
was on the way out, killed by computers. Chalk is compressed dust, after
all, and dust is the enemy of computers. To a lesser degree, schools also
worry about dust allergies.
Nancy Myers, an Indiana school planner, said that people in her firm "don't
even consider chalkboards in most cases" and that schools like the modern,
businesslike look of whiteboards.
The dust-and-computers problem might be a bit overblown, she said.
"The truth is, unless the computers are sitting right on top of the
chalkboards, there isn't going to be an issue."
First used widely in the United States in the mid-1800s, the schoolroom
chalkboard was itself revolutionary, replacing the handheld slate as
schools began educating large numbers of students, said Peggy Kidwell, a
curator at the Smithsonian Institution's National Museum of American History.
While the popularity of plastic-coated whiteboards took off in the 1990s,
these days most are actually made of the same stuff as chalkboards a thin
coating of porcelain over steel. Chalkboards get a satin finish so the
chalk will bite, while whiteboards get a glossy finish.
A few companies have turned whiteboards into oversize computer screens. One
company sells a $10,000 plasma screen that teachers can use to project
images from a computer the teacher's hand becomes the computer mouse on
the touch-sensitive screen.
For about $3,500, schools can buy a device that allows teachers to draw on
a board, hit a button and print copies on a laser printer or save text and
drawings to a hard drive or Web server.
An even cheaper device simply sticks to a whiteboard with suction cups,
each of its four markers fitted with a computer stylus. The mimio Xi,
manufactured by Massachusetts-based Virtual Ink Corp., saves words or
drawings stroke-by-stroke into a computer file, allowing teachers to create
a digital movie of a lesson. Students can download and review it using a
VCR-like program.
At Episcopal, a coed boarding school near Washington, Throckmorton bought
four mimio Xis for $1,500. He said students are now "liberated to
participate and understand more in class" because they know they can replay
the lesson especially helpful in understanding mathematical proofs,
supply-and-demand curves, cell diagrams and electron cycles, he said.
"In the classes where the board is used frequently, especially in our
science department, we've discovered that students are more interested in
participating in class and not be so bound to the manual task of note
taking," he said. A few schools use a microphone so the teacher's comments
accompany the animation.
Even with such advances, said Henry Ruggiero, president of New York
Blackboard of NJ, a major blackboard manufacturer, teachers often plead
with him not to replace their chalkboards. The grit offers just enough
resistance for writing.
"It seems to help the children with their handwriting," he said.
Indeed, a common complaint of whiteboards is that they're so slick students
end up writing faster than their brains can think.
Ohio industrial designer Sandy Kate said many teachers simply like the feel
of chalk. "I think it's just one of those things," she said. "People get
used to something and don't want to give it up."
Kate gives chalkboards five years at most making for a brighter, whiter
future, but without the simple joy of clapping dusty erasers on the side of
the school building.
"I do wonder what's going to happen to all the youth who were sent forward
to clean erasers," Kidwell said. "That always seemed like a good use of
youthful energy."
***************
MSNBC
FBI wants more surveillance power
Report: Bureau asked telecom firms to change networks
By Ben Heskett
The Federal Bureau of Investigation has asked telecommunications companies
to make changes in their state-of-the-art networks to make it easier for
the FBI to conduct surveillance, according to a report.
THE FBI, WHICH hopes to gain the same access to voice communications
that it has gained with e-mail through use of its controversial Carnivore
snooping technology, made the request in a 32-page document sent to telecom
companies earlier this month, The Wall Street Journal reported Wednesday.
The FBI's request was in the works before the Sept. 11 terrorist
attacks, according to the report, but those events have lent new credence
to the issue. Expanded law enforcement capabilities have been a priority
since the attacks, with the new Patriot Act giving law enforcement broad
powers amid criticism from civil libertarians.
The request encompasses both land-based and wireless networks,
potentially including companies such as Qwest Communications International
and AT&T Wireless, for example.
The FBI is concerned about technological developments in networks
and their ability to keep up with accompanying surveillance techniques, the
report said.
In recent years, a new wave of communications based on "packet"
technologies has changed the way telecom companies transmit phone calls,
allowing a voice call to be broken down into numerous bits and reassembled
at its destination. That makes surveillance and tapping of such
transmissions more difficult.
The FBI's request was made under the 1994 Communications Assistance
to Law Enforcement legislation, which requires phone companies to tweak
their networks so authorities can conduct surveillance.
***********************
MSNBC
Eminem CD shows piracy patterns
By John Borland
May 28 Well before rapper Eminem's new record hit store shelves Sunday, it
had already become the second-most-played CD in computer drives around the
world, according to one closely watched measure. That figure comes care of
Gracenote, a company whose window into computer users' listening habits
offers a sobering look at the changing patterns of Internet piracy and
traditional music bootlegging.
GRACENOTE MAINTAINS A huge online database that can identify CDs by
calling up the exact list and length of songs. Most of the popular music
software programs for computers, such as Winamp or Windows Media Player,
check this database when a new CD is put into a computer, allowing the
software to tell a listener the name of the CD and its song titles.
Generally, this high-tech "Top 40" holds few surprises. But last
week, Eminem's "The Eminem Show," which was yet to be released, cracked the
chart at No. 2. Although pirated versions of the album were widely
acknowledged to be online in MP3 format, Gracenote's figures look only at
physical CDs, not downloads played on a computer.
"It's pretty safe to say that it's all CD-Rs that people have
bought off the streets or burned from friends," said Gracenote CEO David
Hyman. "This is the first time anything unreleased has shown up at No. 2."
Eminem's label, Vivendi Universal-owned Interscope, twice moved up
the album's release date, citing widespread Internet piracy. Some retailers
reportedly began selling it Friday in advance of Sunday's last-minute
official release date. But the direct link between pre-release online
song-swapping and bootlegged CDs has rarely been drawn as clearly as with
this album.
GET IT EARLY, JUST $5
The Friday before the Eminem album's long-awaited release, a busy
street corner in New York was dotted with bootleggers' card tables and
blankets, each strewn with pirated copies of CDs and movies for sale.
"The Eminem Show," priced at just $5 a copy, sat next to videotapes
of "Star Wars: Attack of the Clones," released into theaters two weeks ago.
Bootleggers, who declined to be identified by name, said the Eminem
CDs came from the Internet, although they didn't give details about how
they downloaded, burned or bought the copies.
The Internet "is the only place where we can touch it," said one
street vendor, who didn't want to be identified.
Gracenote's data shows a few patterns that may lie behind these
bootleggers' business, however.
The company's database examines CDs' tables of contents down to
slices just one-seventy-fifth of a second long. Copies that look identical
at that scale almost always come from the same master copy, the company says.
In the case of the Eminem CD, eight slightly different versions
accounted for most of the traffic. That means there's likely "eight major
guys doing most of the pressing of this," Hyman said.
The company did a little detective work to figure out where most of the
traffic originated. About 86 percent of the CD listening came from inside
the United States. Los Angeles was the top listening location, and New York
was second, Hyman said. The company hasn't crunched the numbers enough to
figure out whether each location had its own dominant version of the
bootleg, he said.
Gracenote doesn't give exact figures on traffic, but it said the No. 2
slot in its charts represented a total figure of listeners in the "mid-tens
of thousands" over the course of the week. Because most major music
software stores song information on the computer after checking Gracenote's
database once, many or most of those tens of thousands represent individual
listeners, rather than multiple listens by the same person.
Will listeners buy the real thing?
Eminem's previous album, "The Marshall Mathers LP," set sales
records in 2000, with more than 1.7 million copies sold in the first week
after release. The industry will be watching the new release closely, both
as a sign of the health of the struggling music business and as an
indicator of the effects of early Internet piracy on major releases.
Analysts caution, however, that the real result of the early piracy
will be impossible to untangle, whether sales figures are high or low. The
online versions and bootlegging could serve as a marketing vehicle,
whetting fans' appetite for the real thing, noted P.J. McNealy, research
director for GartnerG2, a division of the Gartner research firm. Or it may
cut into sales.
"We've yet to see hard numbers on what the marketing effects of
piracy are," McNealy noted. "This could be like "Attack of the Clones."
People may have pirated that, but they still went out and saw it in the
theater."
Sales figures for the first two days of the Eminem release weren't
yet available.
Gracenote would not comment on whether it has been contacted by
Interscope as a result of its information. An Interscope representative
could not immediately be reached for comment.
Hyman said the company didn't keep enough information in its
database to be useful to anti-piracy investigators. The technology does log
Internet addresses and count CD titles, as well as keep a username for
people checking the database, but it does not correlate this data, he said.
"We don't keep the data" that antipiracy investigators might want,
Hyman said. "The last thing we'd ever want to do is become some kind of
policing entity."
News.com's Jim Hu contributed to this report from New York.
Copyright © 1995-2002 CNET Networks, Inc. All rights reserved
*******************
MSNBC
Modem owners pay more for AT&T
May 28 A new pricing structure from AT&T will result in modem owners
paying an extra $7 for their high-speed Internet service.
AT&T BROADBAND INTERNET will announce several changes to the way it
charges for its cable modems. AT&T marketing executives framed the changes
as price reductions based on the decreasing cost of hardware, but the end
result will be higher costs for roughly 162,500 AT&T customers who own
their own cable modems.
Almost all AT&T broadband customers now pay $35.95 per month for
high-speed Internet service. Those who lease modems through AT&T pay an
additional $10 per month for a total of $45.95, and those who own their own
modems pay no additional fee.
Starting on June 1 in most regions, AT&T will increase the monthly
service rate to $42.95. Customers who lease their modem from AT&T will have
their lease fee reduced by $7, paying an additional $3 per month for the
modem. That will make their monthly bill come to $45.95the same price they
paid last month.
But bills will increase for the 10 percent of AT&T's 1.63 million
customers who own their own modems. Their monthly service fee will also go
up to $42.95, which means they're going to pay $7 per month more than they
paid last month.
Although the price restructuring will appear in customers' next
statement, modem owners won't feel the sting for six months. AT&T will
include in the next statement six coupons for $7 off monthly service,
letting modem owners off the hook for the new rates until January. New
subscribers who own their own modems will pay $42.95 per month as soon as
they sign up.
Darrel Hegar, vice president of Internet services for Englewood,
Colo.-based AT&T Broadband, said the changes reflected price reductions for
cable modems. When home broadband access became popular in the late 1990s
and in 2000, cable modems cost $300 or more. But in the past two years, the
price has dropped to $100 or less, thanks in part to aggressive marketing
promotions at computer hardware stores.
Hegar also noted that AT&T's service is still priced lower than
alternative broadband service from DSL (digital subscriber line) providers,
which typically charge $50 or more per month. Although connection speeds
for cable modem users aren't as consistent as those for DSL subscribers,
cable modem users generally report faster upstream speeds.
"If you look at the price of our service, it really still reflects
one of the best values in the marketplace," Hegar said Tuesday morning.
"Cable Internet continues to be the best way to access broadband vs. DSL or
satellite. If you look at availability, speed and price, we are still a
value leader."
Based on the number of people paying an additional $7 per month, AT&T
stands to gain $1.14 million in monthly revenue from the restructuring. But
it's unclear why AT&T representatives announced the restructuring as a
break for modem leasers as opposed to a simple price hike for 10 percent of
customers.
The decision to increase prices for modem owners could be due to
the fact that owners have sunk more of their own money into the service and
would be less likely to switch to DSL or another broadband alternative,
according to Mark Kersey, broadband industry analyst for La Jolla,
Calif.-based research group ARS.
"People who own their modems are pretty much locked in to staying
with AT&T," Kersey said. "It's a way to extract a little more money out of
a small percentage of people. That's a fairly politically smart thing to do
because it doesn't affect the vast majority of customers."
The restructuring could also be an effort to make AT&T's broadband
unit more attractive to smaller rival Comcast, which in December announced
its intention to purchase the AT&T unit for about $37 billion. The combined
company, AT&T Comcast, would be the No. 1 U.S. cable TV operator with more
than 22 million subscribers. But the structure of the new company recently
came under fire, and shareholders are beginning to question whether to
approve the deal.
Despite efforts to boost revenue, AT&T cannot raise monthly
broadband rates indiscriminately. Although demand for high-speed Internet
connections is still growing, the economic slump has slowed growth somewhat
and has resulted in a growing number of broadband defectors. And the
industry is still reeling from the painful collapse of former front-runner
Excite@Home.
The company's demise caused cable partners, particularly AT&T, to
scramble to migrate consumers to independent networks, causing customer
service nightmares for millions of people. Before its collapse last fall,
Excite@Home had 4.1 million customers and controlled about 45 percent of
the U.S. home-broadband market.
Customers are already grumbling that the government should regulate
broadband service and access rates, which have risen steadily in the past
year. An ARS study determined that cable broadband Internet prices rose 12
percent in 2001, from an average of $39.40 per month in January to $44.22
per month in December. Consumer DSL prices rose 10 percent during the same
time frame from $47.18 in January to $51.67 in December.
Copyright © 1995-2002 CNET Networks, Inc. All rights reserved
**********************
CNN
EU aims to boost broadband
BRUSSELS, Belgium (Reuters) -- The European Commission will for the first
time this week suggest that European Union governments use regional aid or
other financial incentives to boost high-speed Internet, a draft report
showed on Monday.
In its "eEurope 2005" report on how to foster information technology -- to
be unveiled on Wednesday -- the European Union executive will put
high-speed broadband Internet access on top of its agenda to raise the
bloc's competitiveness.
Although competition is driving Internet connection costs down, broadband
remains generally expensive in the EU, with less than two percent of
households having fast Internet connections against 13 percent in the
United States.
Without broadband, which is 25 times faster than a standard phone line,
industry cannot easily offer consumers advanced multimedia Internet
services such as videos, graphics or musical files.
The report stresses that any aid should be targeted to remote and
underdeveloped areas where the creation of a broadband network would not be
commercially viable.
"Member states in cooperation with the Commission should support, where
necessary, deployment (of broadband) in less favored areas and where
possible may use structural funds and/or financial incentives," the draft
document, obtained by Reuters, said.
Structural funds, accounting for roughly a third of the nearly 100 billion
euro EU budget, are given to help economic development in poorer and
peripheral regions of the 15-nation bloc. The EU already supports IT
projects in all member states.
The strategy, the first comprehensive plan to foster broadband, is expected
to be endorsed by EU leaders when they meet at a summit in Seville, Spain,
in June.
Aid to rural areas
State support for fast Internet access would help telecoms operators that
are struggling under the burden of huge debts incurred to pay governments
for third-generation cell phone licenses.
In the document, the Commission says any incentive should be in line with
existing EU competition policy. But member states should intervene where
the market forces are not sufficiently driving development.
"Competition is expected to drive investment, generate innovation and lower
prices," the document said. "Therefore, public policy should focus on
issues where competition is not effective or where political objectives,
e.g. territorial coverage with a view to cohesion, need to be ensured."
In the document, the Commission calls on member states to set the examples
by starting investing in broadband for their own administrative
infrastructure.
The document says governments should aim at having broadband connections
for all public administrations and schools by 2005.
As part as the EU's project to create a common health card to allow EU
citizens access to healthcare anywhere in the bloc, governments should aim
to develop high-speed data connection between points of care such as
hospitals and laboratories.
In the document the Commission looks at building a network infrastructure
that is secure to boost consumers' confidence.
Europe's efforts to increase broadband Internet access to bridge the gap
with the United States have so far focused on liberalizing the last mile of
telecoms networks, a process that was kicked off in January 2001 but which
has proved slow.
***********************
Nando Times
Picture slowly changes for TV buyers
By NOEL C. PAUL, Christian Science Monitor
(May 28, 2002 10:12 a.m. EDT) - Those "next generation" televisions you've
been reading about are showing up in Americans' homes - today.
Credit falling prices.
Sharp, for example, offered its 20-inch, liquid-crystal-display (LCD) TV
for $5,000 last year. It has since cut the price of the small, wall-mounted
unit in half. That's far from cheap, but it may be low enough to lure some
"early adopter" consumers.
Sales of LCD TVs this year have begun to stir at Flanner's Audio and Video,
for example, where even affluent videophiles had been holding off on buying
the futuristic sets for the past few years.
"More people replacing their older TVs are buying up," says Lance
Zabrowski, a salesman at the Brookfield, Wisconsin, electronics store.
Zabrowski partly credits the surging interest to improved picture quality.
"Every year we notice they've all gotten better," says Zabrowski.
Experts say prices will have to drop much further, however, before these
new sets appear in most living rooms.
"Americans are less willing to pay a lot, even when the product is of a
high quality," says Geoffrey Hughes, director of communications for Samsung
Corp.
High-definition televisions (HDTV), which broadcast crystal-clear picture
and sound, have long been touted as the most important TV innovation since
color. Last year, however, Americans only bought 900,000 HDTV sets,
compared with 21 million standard color sets.
HDTV models range in price from about $1,500 to $4,000, but experts predict
that prices will drop below $1,000 within a few years as broadcasters offer
more high-definition programming.
"Historically, prices drop rapidly," says Jenny Miller, a spokesperson for
the Consumer Electronics Association. "It's all about economies of scale."
While HDTVs offer an upgrade in picture and sound, most new products
address the TV's traditional clunky frame.
LCD screens are the marquee innovation. The transmission in LCD sets is not
carried through a tube, but through a layer of liquid crystal. Because the
material takes up very little space, the entire TV can be very thin - as
little as 6 inches deep - so users usually mount them on a wall.
They also weigh much less. A traditional 45-inch set weighs about 500
pounds; an LCD set of a similar size weighs 30 pounds.
While the picture is not as sharp as that of a standard TV, experts say,
the screen is brighter and uses less power. A battery connected to the back
runs most LCD sets. Larger sets must be plugged in.
Sizes range from 5 inches to 30 inches with prices ranging from $280 to
$8,000. Next year, Samsung plans to introduce a 40-inch model.
Projection TVs offer a mix between a standard TV and LCD, without the main
drawbacks of each. The projection technology sends light through liquid
crystal and then magnifies it with a lens. Thinner than a standard set, it
also offers better picture resolution than an LCD. The spectrum of colors
is more limited, however, and the picture blurs from side angles, according
to Hughes. Prices are competitive with HDTV models. Toshiba, for example,
offers a 50-inch model for $1,400.
Plasma sets have screens that look similar to LCD models, but represent a
significant jump in quality and price. The plasma is an ionized gas
contained in a chamber. Unlike other types of televisions, it lights each
TV pixel instantaneously, eliminating even split-second flickering. Plasma
sets are as thin and light as LCD units, but the picture quality is nearly
equal to that of traditional sets. Because of the higher resolution, plasma
screens can be much larger than LCDs.
For most consumers, the price is prohibitively high. Philips' 42-inch
plasma set costs $7,000. But observers agree the plasma display will likely
be standard in less than 10 years.
In a few years, consumers can also expect three-dimensional programming to
be common on their TVs, experts say. Dynamic Digital Depth (DDD) in Santa
Monica, Calif., is developing a technology that would allow viewers to
switch from 2-D to 3-D with the click of the remote.
Americans' growing interest in video games is partly responsible for the
3-D push. Game players are increasingly demanding realism in characters and
dimension. "They want real depth. They want to tell how far the characters
are from each other," says Andrew Millin, a DDD engineer.
******************
Nando Times
Gates Foundation gives nearly $3 million to kids in China
RENTON, Wash. (May 28, 2002 2:24 p.m. EDT) - A $2.9 million grant from the
Bill & Melinda Gates Foundation will enable a suburban Seattle group to
open a center for physically disabled children in China.
The center is set to open Saturday in Luoyang in Henan Province, 450 miles
south of Beijing, said Janice Neilson, executive director of the World
Association for Children and Parents.
Operating in partnership with the Chinese government, the Children's Center
of Luoyang is intended to help disabled children living in an adjacent
orphanage as well as those who remain with their families. The disabilities
range from heart disease and cleft palates to poor motor skills,
"The children who will come to the center are ... oftentimes kids who have
been really hidden in Chinese society," Neilson said. "We believe we are
preventing the abandonment of children and, hopefully, allowing kids to
stay with families when that is possible."
The association has been helping to arrange adoptions in China since 1990,
and Neilson said the center also should make it easier for disabled orphans
to find adoptive homes.
Full funding for the program from the Chinese government is expected when
the three-year Gates grant runs out, she added.
The foundation is endowed by Microsoft Corp. chairman Bill Gates and his
wife, Melinda.
******************
Nando Times
Web sites let survivors celebrate loved ones
SACRAMENTO, Calif. (May 27, 2002 10:21 p.m. EDT) - The year since Memorial
Day 2001 has seen more memorials than usual. The deaths of more than 3,000
Americans in the Sept. 11 attacks filled newspapers with obituaries.
But for those who've lost someone, every death is momentous. And the
effects of that death, and the memory of the deceased, last long after an
obituary has been printed or a memorial service has ended.
Which is one reason memorial Web sites are a fast-growing segment of the
online world. Beingremembered.com, legacy.com and americanmemorials.com are
just a few of the dozens of online memorial services that have sprung up in
recent years.
Each offers a slightly different service, at different prices, but the
common element is the opportunity to create a memorial for a loved one that
will live beyond the normal life of an obituary.
Perhaps the most successful of these Web sites is legacy.com, a
Chicago-based site that offers mourners a chance, through posting their
thoughts in an online "guest book," to feel connected to their loved ones,
and to other people who knew their mother, or grandfather, or child.
"It's a way of showing what the person meant to you," says Scott Stuart of
Sacramento, whose mother, Barbara Stuart, died in January. At the
suggestion of a friend, she was honored with a legacy.com guest book.
"I wasn't going to put anything in, it was too hard," says Stuart, 38. "But
one day I was reading other entries, and I decided to say a lot of stuff.
That way I can let other people know how much she meant to me. She deserved
that."
For these reasons, in less than four years, legacy.com has grown
dramatically, and is now posting some 60,000 guest book entries a month.
The guest books are accessible at legacy.com or through links with the
funeral notices sections of more than 1,000 newspapers around the country.
"It has taken off in ways we could not have imagined," says Hayes Ferguson,
a former journalist with People magazine who is chief operating officer of
legacy.com.
"We thought people would use it the way they use a guest book at a funeral,
just sign their name," she says. "But we find people writing to their loved
ones, people coming to the site to mark special occasions, anniversaries,
to talk to their loved ones. It was very rare at first, but it has become
common."
Stuart is certainly one of those people.
"I miss my mother, we were very close, so this is a place where I can sit
down in private time, and talk to her," he says. "It's a way of showing
what the person meant to you."
And he is particularly happy about the dozens of guest book entries he's
been able to read. His printouts of the entries filled 18 pages.
"I can read each of those letters and know what they're talking about," he
says. "It means a lot to me."
Reading through online memorials at the different sites can be an emotional
experience, as friends and relatives pour out their sadness and sympathy,
along with memories of a person that would never fit in a standard funeral
notice.
Even on the pages of complete strangers, little bits and pieces of distant
lives take on a resonance.
Thus, we hear about Alice Stringham's love of garage sales in a memorial on
memoriesofme.com, or view Robert Lee Peace's photos from his days as a bush
pilot in Africa on virtual-memorials.com.
"The guest books offer a lot better insight into people's lives than the
actual notice does, because a notice is just the facts of their life,"
Ferguson says. "It adds a lot of dimension to the people."
Prices vary. The guest books on legacy.com are free for the first 30 days.
To keep the guest book open permanently, legacy.com charges $49. To create
a Legacy Life Story, a deluxe package that includes up to five photos,
tributes, suggestions of charities for donations and a guest book,
legacy.com charges $195.
Of course, because this is on the Internet, it's open season for anyone who
wants to say anything, in good taste or not. Ferguson says that one of
legacy.com's functions in running the site is to keep an eye on the entries
to make sure that anything inappropriate doesn't sneak in.
"We delete 1 to 3 percent of the messages that are posted," Ferguson says.
"Some are inappropriate, and we're sensitive that these will be read by
family members. We've seen efforts by folks who have tried to proselytize
with religious messages, or tried to sell things. And we get kids or
mean-spirited people writing not very nice things."
And even the nice things that are written are unlikely to guarantee the
immortality that the sites seem to promise. Many of the sites are small and
run by a single person, and even the big sites such as legacy.com, which is
expected to post a profit this year, are subject to the vagaries of the
Internet economy.
But if these collections of memories and wishes survive into the future,
they may serve as a valuable resource for those looking back, giving loving
detail to the portraits of ancestors who were once just names on a
gravestone or photographs in albums.
*****************
Euromedia.net
E-learning in the spotlight at education conference
27/05/2002 Editor: Lisa Gardner
E-learning initiatives were at the forefront and Europe in the
spotlight last week at the Lisboa Congress Centre in Lisbon, Portugal,
where more than 1,700 people gathered from more than 930 organizations
worldwide for the World Education Market's (WEM) third International
Exhibition and Conference Program.
Speaking on the developments in education within the international
marketplace, Claudio Dondi, president of Scienter, a non profit
organization based in Bologna specializing in European innovation of
education and training said that " probably the most important trend is the
growth of relative weight of education and training in the policymaking
area, thanks to a new generation of information society programmes and
initiatives in which e-learning often plays an important role."
With its emphasis on educational ICT, broadcasting and software, the UK
demonstrated its 30 years' experience in educational technology as world
leader in this field through vast representation.
British participants ranged from educational broadcasters such as 4
learning, BBC Worldwide and Pearson Broadband, to software providers such
as New Media, Sherston Software and Birchfield Interactive.
Also on display was Promethean's interactive White Board, which allows
instructors to combine their personal tutoring skills with the newest ICT.
Partnering with the European Institute for E-Learning (EIfEL) , the Total
E-learning Experience (TE-LE) Village designed a three-day series of
exhibits and events to clarify and outline the opportunities presented by
e-learning.
"The idea behind the concept of the TE-LE Village is simple," explained
Serge Ravet, President of ElfEL. "We wanted to bring both exhibitors and
visitors of e-learning events into a process that can lead to a much deeper
understanding of the e-learning value chain.
That means developing a partnership with the leading e-learning companies
to illustrate the steps involved in creating and deploying truly effective
learning tools."
********************
Nando Times
Retired tennis star wins case against Microsoft
BERLIN (May 28, 2002 1:01 p.m. EDT) - Former tennis star Steffi Graf won a
court case against Microsoft Germany on Tuesday over fake nude photos of
her that were posted on a Web site run by the company.
The state appeals court in Cologne upheld a ruling last October by a lower
court, which had ruled that Microsoft Germany was responsible for the
content of the site and must ensure that such pictures don't appear there.
The company would have to pay a fine if similar photos emerge on the site
in future, court spokesman Christian Grueneberg said.
The photos - computer manipulations that put Graf's head on a nude body -
appeared last year on the site operated by Microsoft Germany where users
could post pictures and texts to share with others.
The photos were taken down in June at Graf's request, but the company
declined to sign a formal agreement that they wouldn't appear again, and
Graf sued.
Microsoft Germany spokesman Bernhard Grander said the company disagrees
with the court's decision and said it "endangers the existence of live-chat
and private (Internet) communities."
Grander said Microsoft is "examining further legal steps."
*******************
Sydney Morning Herald
New York attorney-general sues spammers
Albany, New York
New York Attorney-General Eliot Spitzer is suing a firm he says sent more
than 500 million messages to computer users, many of them unwanted "spam"
advertisements.
Spitzer said MonsterHut.com of Niagara Falls sent hundreds of millions of
the ads through emails since March 2001 to people who didn't want the
messages or specifically tried to block the stream of commercial offers.
MonsterHut.com had told its clients that the recipients wanted the messages
through "permission-based" agreements, according to court records.
About 750,000 computer users complained about receiving MonsterHut.com
spam, or junk mail, Spitzer said.
Spam comes from many sources worldwide and increasingly clogs email systems
with pitches that include ways to lose weight, earn extra income or to view
pornography.
MonsterHut officials didn't immediately respond to a request for comment.
It's website no longer is active.
Since the mid-1990s, Internet service providers America Online, EarthLink
and others have won millions of dollars in settlements and judgments
against spammers under trespass, computer fraud and other laws.
Spitzer is suing under the state's traditional deceptive practice and false
advertising statutes that could exact civil penalties of $US500 ($A900) for
each offence.
Nineteen other states now have anti-spam laws that prohibit false messages
or headers in email messages, require labels in subject lines or the option
of declining a marketer's future mailings.
********************
Sydney Morning Herald
Guide helps digital users stay honest
By Jenny Sinclair
May 28 2002
Users of digital content in Australia will get a custom-made guide to help
them negotiate the minefield of copyright, intellectual property rights and
paying for what they use.
The Federal Government will pay a national consortium just under $90,000 to
produce the guide, which will be aimed at smaller organisations and sole
operators who may not have the resources to pay for their own legal and
copyright advice.
The Australian Interactive Multimedia Industry Association will work with
law firm Gilbert and Tobin, digital rights consultants IPR Systems and
security company Securenet to create the guide. It is expected to be
available later this year.
The association's executive director, Lynne Spender, says the five-part,
Web-based guide will cover everything from basic information to providing
tools for managing digital property.
She says that rather than take the "enforcement" view of ensuring each
creator is paid, the association wants the guide to make it easier for
creators of all kinds of digital material to use Australian content.
Part of the guide will help content creators put the right metadata in
their work, which, in turn, will make it simpler for would-be users of
their images, music or other digital content to ensure they are paid. There
are three basic questions, Spender says: "Who owns it, how much is it, and
can you use it?"
The publication will include a guide to commercial digital rights
management. It will give case studies of how digital rights work in
Australian companies and productions.
"Since the industry (has been) producing CD-ROMs, one of the biggest
headaches has been identifying the (digital) rights and paying for the
rights," Spender says.
A spokesman for Information and Communications Minister Richard Alston says
that although no specific event has triggered the decision, Alston's
department received complaints about the use of copyright material online
"from time to time". He says the changes to Australia's copyright laws last
year have created more of a need for the guide.
Victoria's Cinemedia (now the Australian Centre for the Moving Image)
created a guide to digital rights for performers and artists in 1999,
noting that the flexibility of digital material created a minefield of
copyright problems.
Spender says the association is in contact with the authors of that guide.
*********************
Sydney Morning Herald
Phone radiation limits raised
By Rachael Quigley
May 28 2002
Next
Australia has raised the allowable level of mobile phone radiation
emissions, despite CSIRO fears that they could pose a health risk.
The new standard raises limits on human exposure to radio-frequency (RF)
radiation from a range of sources, including mobile phones and base
stations, and changes the way the emissions are measured.
The guidelines, which bring Australia into line with international
standards, were approved by the Australian Radiation Protection and Nuclear
Safety Agency on May 7.
The agency and the CSIRO agree that there is no scientific proof that
low-level exposure to mobile phone radiation causes health problems, but
the CSIRO maintains that it cannot be ruled out.
Agency CEO Dr John Loy said that because low levels of exposure had not
been proved to cause health problems, potential adverse effects of
low-level radiation had not been considered when setting the basic
restrictions in the new standard.
The standard is modelled on the guidelines recommended by the World Health
Organisation and the international Mobile Manufacturers Forum, which take
into account "proven health risks".
Dr Loy said the new Australian standard "is more detailed than the
international guidelines" and "technically superior to earlier (Australian)
standards". It includes a comprehensive rationale and a question-and-answer
guide for consumers.
The CSIRO, which had been involved in the technical and scientific
development of all previous Australian RF radiation standards, opposed the
adoption of the new one.
In its submission to last year's Senate inquiry into electro-magnetic
radiation, the CSIRO argued that the acceptable limits of exposure should
not be relaxed because it "is not possible at present to conclude that
exposure to RF radiation, even at levels below national guidelines, is
without potential adverse health effects".
Dr Stan Barnett, the CSIRO representative appointed to the working group
that drafted the new standard, resigned after the first meeting. He said
the committee "was intent on adopting the (new) guidelines without proper
consideration of all the available evidence".
The CSIRO maintains: "There are no clearly demonstrated and compelling
technological, economic or sociological reasons to justify relaxation of
the (previous) Australian standard."
Democrats Senator Lyn Allison, who chaired the Senate inquiry, said: "The
new standard reflects the needs of the telecommunications industry rather
than the need to protect human health."
She said the need to develop a standard for shielding products had been
ignored.
Allison said that as long as there was no standard or requirement for
independent testing and labelling of hands-free devices in Australia,
consumers would be kept in the dark about their effectiveness in reducing
exposure to radiation.
The Australian Mobile Telecommunications Association supports the idea of a
national standard, testing and labelling for hands-free devices, but says
guidelines will be hard to develop. Both the AMTA and the Mobile
Manufacturers Forum have endorsed the new standard.
AMTA CEO Ross Monaghan said: "The industry supports the inclusive
scientifically robust way in which the standard was developed."
MMF secretary-general Michael Milligan said: "I think that it is important
to stress that these safety limits are based on guidelines developed by an
independent committee of experts who are leaders in this field.
"The other key benefit to Australians in adopting a standard which is
harmonised with most other major nations is that mobile phone products can
now be designed once, tested once and sold in all of these countries . . .
in a more timely and efficient manner."
**********************
Peoples Daily
US Programming Competition Organizer Adds China to Developer Community
TopCoder, a U.S. company organizing computer programming competitions for
college students and professionals, said Tuesday that it has expanded
eligibility to its online and onsite contests to include citizens of China,
New Zealand and Ireland.
TopCoder, a U.S. company organizing computer programming competitions for
college students and professionals, said Tuesday that it has expanded
eligibility to its online and onsite contests to include citizens of China,
New Zealand and Ireland.
These three countries alone have more than 300,000 professional developers
in residence, said TopCoder, quoting a report published in 2001 by market
researcher International Data Corporation
The company launched its competitions in February 2001, and citizens of
Canada, Australia, India and the United Kingdom are also eligible to
compete with the primarily U.S. member base. After incorporating Australia
and India at the end of 2001, TopCoder has added close to 9,500 new members
in the first five months of 2002.
Each year, hundreds of software jockeys in the United States -- usually
students -- battle each other in competitions, often sponsored by tech
vendors and trade associations. The winners can earn big bucks. Sponsors
also can win by building brand loyalty with top minds of the
next-generation IT worker. And business- technology managers get an early
look at potential members of their future workforce.
TopCoder organizes and hosts such competitions for its members. The best
performing members are invited to compete in annual tournaments.
Hosted by TopCoder and Sun Microsystems, the latest contest was held in
April for a prize of 150,000 U.S. dollars. Stanford University junior
Daniel Wright beat out 15 programmers from some of the U.S. most prominent
schools for computer science and won a prize of 100,000 dollars.
********************
New Zealand Herald
Porn was for software filter test says defendant
29.05.2002
By PETER GRIFFIN
A man convicted of importing more than 100,000 illegal pornographic images
says he was gathering the pictures to test filtering software that would
block the material.
Computer specialist Bryce Coad said an error of judgment that led him to
bring the electronic images across New Zealand's border would probably
destroy his career in the IT industry.
Yesterday, in the Manukau District Court, he lost a request for discharge
without conviction and was fined $750 after pleading guilty to importing
material deemed objectionable under the Films, Videos and Publications Act
1993 and the Customs Act.
He had earlier sought to defend himself on a range of charges but changed
his plea on agreement that other charges would be withdrawn.
The Customs Service, acting on a tip-off, had seized a laptop and two hard
drives belonging to Coad.
They contained objectionable images, including some depicting children
being sexually exploited.
The computer hardware was seized in June 2000 as Coad came through Auckland
Airport after a business trip to Israel, where, he said, he downloaded the
images from the internet for use in developing his Moderator net-filtering
software.
Coad said the software was designed to go beyond mainstream
content-filtering software such as Net Nanny by targeting newsgroups and
internet relay chat channels where the worst porn-trading was taking place.
"It specifically targets the most evil news groups that are there, using
information from the people that are posting images, as well as the images
themselves," he said.
Moderator would then compare information about the images stored in a
database with downloaded pictures to determine whether they were
objectionable and should be blocked.
Judge David Harvey said that while the software Coad was developing was
legitimate and if commercialised would be useful for safety-conscious net
users, the large number of images and the fact that Coad had not declared
them as he went through Customs warranted a conviction.
"The number of images would probably justify a higher penalty. [But] the
development of such a utility should be encouraged," the judge said.
Previous porn prosecutions are believed to have resulted from the seizure
of up to 80,000 objectionable images, so the Coad case is one of the
biggest in New Zealand history.
Coad said the implications of the conviction would go far beyond the $750
fine.
"It's equivalent to [the judge] chopping off my left hand and telling me to
be a concert violinist," he said.
Last night, he tendered his resignation as chief technology officer and
board member at software specialist and internet provider Zombie. He said
the reputation of his own firm, Lookitup, would be irreparably damaged.
He had no immediate plans to continue work on Moderator, and said he would
probably appeal against the conviction.
************************
Computerworld
FCC delays auction of upper UHF TV band spectrum
Faced with the fact that digital television is unlikely to be widespread in
the U.S. for years, the Federal Communications Commission has delayed for
seven months an auction of a portion of the UHF TV spectrum to cellular
carriers.
The FCC announced (download PDF) last Friday that it plans to delay a
multibillion-dollar auction of the spectrum occupied by TV channels 60
through 69 until Jan. 14, 2003, while proceeding with a June 19 auction in
the 698-746-MHz band currently occupied by TV channels 52 to 59.
Congress mandated the auctions in the Balanced Budget Act of 1997 in an
effort to pump billions of dollars into the U.S. Treasury, with a deadline
for selling the spectrum space of this month. That left the FCC little
wiggle room to delay the auction -- despite a concerted campaign in the
past three months by the Cellular Telecommunications and Internet
Association (CTIA), which has wanted the auction postponed indefinitely.
President Bush's current federal budget does allow the FCC to delay the
747-MHz to 806-MHz band auction until 2004, and FCC Chairman Michael Powell
said in a statement (download PDF) that while he doesn't support an
indefinite delay, he does see "compelling reasons" to postpone the
upper-band auction until January.
The House of Representatives has already passed a bill allowing a delay
despite the 1997 law. A similar bill is stalled in the Senate.
But, Powell added, he couldn't ignore existing law based on "the prospect
of legislative change". He said the commission couldn't put off the
auctions any longer because "Congress has passed a statute -- signed into
law by the president -- that directs this agency to auction this spectrum
by specific dates and for specific purposes."
The Washington-based CTIA sought the delay because TV stations don't have
to vacate their channels until they convert to digital TV operations. The
earliest date for such a conversion is Jan. 1, 2007, effectively tying up
the substantial payments cellular carriers are expected to make in the two
upcoming auctions. (The carriers can, however, negotiate with the
broadcasters and compensate them for giving up their channel spectrum
before 2007, a process known as "band clearing.")
FCC Commissioner Kevin Martin disagrees with Powell's interpretation
governing the FCC's oversight of spectrum auctions. He said in a statement
(download PDF) that the FCC has a mandate to "manage the radio spectrum
effectively and efficiently in the public interest."
Martin said that from his perspective, "the public interest would best be
served by delaying the 700-MHz auctions indefinitely," while the FCC
examines the best frequencies and bands to support a number of wireless
users and applications, including cellular and pubic safety communications.
Tom Wheeler, CEO of the CTIA, said in a statement that "moving forward with
the auction of the lower 700-MHz band sacrifices important spectrum
management opportunities."
Nancy Udell, a spokeswoman for Paxson Communications Corp., a West Palm
Beach, Fla.-based broadcaster, said the company "wants the auctions to
proceed." She added that Paxson considered court action to force the FCC to
conduct the auctions, but it abandoned that option after realizing that any
court ruling wouldn't come until next January, the new date for the upper
UHF band auctions.
The FCC has already begun to gear up for the June auctions by notifying
bidders they must make upfront payments for the June auction by Thursday.
The FCC plans to auction 758 cellular licenses in the lower UHF TV band and
has put the value of the minimum bids for all the licenses at $303.1 million.
********************
Computerworld
Microsoft faces EU privacy probe
BRUSSELS -- The European Commission is investigating whether Microsoft
Corp.'s .Net Passport breaches European privacy laws, a spokesman for the
European Commission confirmed yesterday.
The commission, the executive body of the European Union, began to examine
Microsoft's .Net Passport last year, spokesman Jonathan Todd said. Data
protection authorities from the EU's 15 member nations are also examining
the authentication system.
Concerns about the authentication system include the problem of Internet
users who don't sign up for .Net Passport and are denied access to some
Microsoft online services.
"The commission is ... looking into this as a matter of priority, in
concert with national data protection agencies, as regards the system's
compatibility with EU data protection law," wrote Frits Bolkestein,
European commissioner for the internal market, in a letter to Erik Meijer,
a member of the European Parliament, dated May 7.
Microsoft senior counsel for Europe John Frank described the examination of
the .Net Passport as "a routine ongoing dialog."
"There is no indication that there are special concerns about noncompliance
with European data protection laws," Frank said.
Microsoft's .Net Passport authentication system is still very basic, Frank
said. "It will evolve. There will be more elaborate ones over time," he
added. The original plan was to create a platform around .Net and attract
companies to locate their Web sites on it. "We tried without success to get
companies to gather round," Frank said.
Microsoft now tries to license its .Net Passport system to companies so
they can carry it on their own Web sites. "It is early days for online
authentication. It is important to get it right, not just the letter but
also the principle of privacy law. We think we do a good job with that,"
Frank said.
Microsoft signed up to the EU/U.S. safe-harbor agreement in 2000. The
agreement grants immunity to U.S. companies from some of Europe's more
stringent privacy laws. In return, the companies agree to abide by EU laws,
including the 1995 data protection directive, which requires that
organizations collecting personal data about a user must tell that person
who they are, why they are collecting the data and grant the user full
access to the information.
The probe into .Net Passport is unconnected to the ongoing antitrust
investigation being conducted by the European Commission.
*******************
News.com
Privacy worries with EU online policing bill
By Reuters
The European Union is on the verge of adopting an Internet bill that could
give police forces greater power to keep records of personal communications
such as phone calls or Web surfing, a key legislator said Wednesday.
The bill is the final element of a package to modernize EU
telecommunications law and aims to protect the confidentiality of
electronic communication to boost confidence in e-commerce. But it also
contains provisions to allow police access to phone, fax and e-mail
records, something that governments view as a useful tool to fight crime
and terrorism in the wake of the Sept. 11 attacks in the United States.
Marco Cappato, the Italian parliamentarian who is guiding the legislation
through the European Parliament, says these provisions risk opening the
door to large-scale storage of personal data for long periods.
"The priority in the fight against terrorism should be to invest in experts
that can analyze the data" as and when needed, Cappato, a member of Italy's
Radical Party, told a news briefing. "Instead, we risk giving carte blanche
to member states to open the door to undiscriminating data retention."
Despite strong opposition from civil liberty groups and the industry, the
bill is likely to include the data retention rules because of support from
the European Socialist Party and the European People's Party, the
assembly's main political groups.
The bill is potentially damaging for the European Union's prized privacy
rights and could lead to costly storage requirements for companies.
"We are very worried that we will be faced with new heavy obligations to
log all this data," said Sjoera Nas of Dutch-based Internet service
provider XS4all.
The 626 member assembly is due to cast its final vote on the bill Thursday.
To become law, the bill needs joint approval by Parliament and the 15 EU
governments.
Toeing the line
The text Parliament will vote on calls for immediate erasure of electronic
data after the period needed for billing purposes. But it says governments
can force operators to store data for a longer period--even years--if
deemed necessary for security reasons.
Parliament had earlier amended the law to limit access to electronic data
by public authorities to the strict minimum. But this move was criticized
by member states, notably Britain, which wanted greater power to monitor
the Internet. U.S. officials also criticized the bill, fearing that the
request to erase data would hinder prosecution of criminals.
Fearing that this legislative clash would ultimately kill the bill, the two
biggest parliamentary groups have now aligned themselves with the member
states.
The European Commission, which drafted the legislation, said it could
accept the new version.
"We can live with it," European Commissioner Erkki Liikanen told reporters.
He said the privacy rights of EU citizens were guaranteed by the European
Convention of Human Rights, which all member states have signed.
Liikanen said he would be ready to launch infringement procedures if member
states abused their power to retain data.
The bill also contains EU-wide provisions against unsolicited e-mails, or
spam. It calls for an opt-in system, whereby online marketing companies may
only send commercial e-mails if customers explicitly ask them to do so.
The bill prohibits the placement of files such as cookies, which are
written to a hard drive by some Web sites when the computer user views them
in a browser, on a computer without the person's explicit permission.
Previously, the Parliament had opposed the bill, saying that a total ban on
spam could hamper freedom of expression and fair commercial practice,
without preventing professional spammers from sending illicit and often
offensive electronic messages.
Story Copyright © 2002 Reuters Limited. All rights reserved.
*********************
Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 507
1100 Seventeenth Street, NW
Washington, D.C. 20036-4632
202-659-9711