[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips July 2, 2002

Clips July 2, 2002

ARTICLES

Congress To Postpone Revamping Of FBI, CIA
White House crafting homeland security technology plan
FBI to valley: Tell us about attacks
Vote on NIST smart-card standards is set for next week
OMB models its site redesign on FirstGov portal
GAO gives White House passing grade on IT efforts
Tech firms seek separate cybersecurity agency
Cyberlaw: Cybersmart or cybersilly?
Swedish e-postal service delivers wherever you want
Foes vow to challenge Spanish Internet law
Suspected hi-tech pedophiles arrested
Modems in danger of hackers gaining entry

***************************
Washington Post
Congress To Postpone Revamping Of FBI, CIA
Homeland Security Agency Becomes Legislative Focus
By Walter Pincus

Congress will put off a reorganization of the FBI and CIA to improve the performance of the intelligence community until it establishes a Department of Homeland Security, according to Bush administration and congressional sources.

The decision will delay any significant revamping of the nation's intelligence system until at least next year, a marked shift in priorities since the Sept. 11 attacks, which prompted members of Congress to identify serious shortcomings in the FBI and CIA's performance that they said required urgent attention.

In a move backed by the White House, Sen. Joseph I. Lieberman (D-Conn.), chairman of the Senate Governmental Affairs Committee, which will produce the legislation establishing a Department of Homeland Security, has now agreed to put off tackling any changes to the CIA and FBI.

"I think that it's so controversial that it might delay and obstruct the passage and creation of the new department," Lieberman said at a hearing last week.

The delay underscored the increasing awareness on Capitol Hill that reorganizing the CIA, FBI, National Security Agency and other intelligence bodies is an extraordinarily complex undertaking about which there is little agreement on what needs to be fixed or, indeed, whether any changes are even required.

FBI Director Robert S. Mueller and CIA Director George J. Tenet have made no secret of their opposition to any major intelligence overhaul, and the joint House-Senate intelligence committee established this year to examine the intelligence agencies' performance and recommend changes has been struggling in its investigation.

The panel held two weeks of closed hearings but has now apparently delayed until September its first public sessions, which were originally scheduled for last month.

Reorganization of the intelligence agencies has been under discussion for more than a year, but since Sept. 11 it has focused primarily on changes to fight the war on terrorism. Among the proposals expected to be taken up by the intelligence panel are combining the counterterrorism centers at the CIA and FBI within the proposed Department of Homeland Security; creating an internal security service that would absorb the FBI's counterterrorism and counterintelligence functions; and giving the director of central intelligence control over Pentagon technical collection agencies while eliminating his direct control over the CIA.

One result of the decision to create the Homeland Security Department before tackling the issue of restructuring the intelligence agencies is that the new department will be dependent on the FBI and CIA for collecting domestic intelligence. It also will put off any move to replace the FBI's domestic intelligence-collection role with a new federal internal security service. Both ideas have generated significant interest on Capitol Hill.

Lieberman said last week that one task facing his committee was deciding "how to redress the awful lack of coordination and information-sharing among key agencies, including the FBI and the CIA, that now appears to have been the most glaring failure of our government leading up to September 11th."

But, he said, he saw the proposed Department of Homeland Security as primarily an "aggressive, agile and demanding . . . consumer of intelligence," but not one that would have "operational or collection capability" that the FBI and CIA have. Lieberman will also write into the legislation that the new department will have access to all raw intelligence on terrorism and the authority to task the CIA, FBI and other Pentagon intelligence agencies to collect specific information.

At a hearing last Thursday, Mueller opposed taking counterterrorism away from the bureau. "Such a move at this critical moment would disrupt our ongoing battle against terrorism," he said. Mueller said his FBI reorganization plan, which adds agents and analysts to meet the challenge posed by terrorism, was the answer.

Sen. Bob Graham (D-Fla.), chairman of the Senate Select Committee on Intelligence, has said the joint House-Senate intelligence committee would study whether a different domestic intelligence collection system is needed.

Graham said three questions still have to be determined if something different from today's FBI approach to counterterrorism would be needed: Who would be the targets of surveillance, what legal methods for collection would be available and where within the federal government would it be housed?

Graham said these "may end up being some of the most contentious issues that will have to be faced" either within the proposed department or elsewhere in the intelligence system. "We'll have to come back and have the national debate over domestic intelligence-gathering," Graham said.

Senior CIA and FBI officials have begun to question publicly whether members of Congress and the Bush administration, pushed by what they perceive as public pressure for more security, may be promising too much and going too far in providing them tools to fight terrorism.

In a soon-to-be-published Georgetown University book, Paul R. Pillar, formerly deputy chief of the CIA Counterterrorism Center and currently a senior intelligence officer, writes that the pressure "to be seen doing things in new and different ways . . . means that the challenge for U.S. intelligence will be not only to do the best possible job of collecting and analyzing information about terrorism but to respond to the demand for change in ways that avoid doing more harm than good."

One important risk for CIA and the intelligence community, Pillar said, "is the political risk of standing up to these short-term pressures in order not to undermine long-term effectiveness."

One longtime FBI agent, who asked not to be identified, recently questioned the new rules that have been established for agents in field offices to initiate counterterrorism investigations without first obtaining approval from headquarters.

"I'm worried about six or seven years from now when there are five or six Arab-American members of Congress and they call me before some committee to grill me on my actions against their people," the agent said.

Pillar said that if the United States is "successful enough and fortunate enough to avoid another major terrorist attack, counterterrorism will no longer be an overriding priority." Then, he asked, if attention is refocused on human rights, privacy and the domestic intelligence activities, what happens in the future to the intelligence officer "who takes the risk [now] of making a recruitment that becomes controversial?"
************************
Government Executive
White House crafting homeland security technology plan
By Shane Harris
sharris@xxxxxxxxxxx


The White House is writing a massive blueprint, known as an information technology architecture, to integrate the computer systems of all of the agencies that would be moved into the new Homeland Security Department under Bush administration plans.


The Office of Homeland Security, the Office of Management and Budget and the agencies slated to move into the new department are preparing a "communication document" to explain to federal, state and local officials, as well as to private companies, how the plan will work, said Steve Cooper, the chief information officer at the Office of Homeland Security, in an interview with Government Executive.


The new department's architecture will mirror the overall federal enterprise architecture, designed by the Chief Information Officers Council in 1999 as "a road map for the federal government in achieving better alignment of technology solutions with business mission needs."


That alignment has yet to occur. The General Accounting Office has reported that most agencies trying to write their technology architectures haven't moved beyond the planning stage. Norman Lorentz, a former technology company executive, became OMB's chief technology officer in January and was told to help agencies develop their architectures.


The Office of Homeland Security has established three working groups to examine architectures in three of the four proposed divisions of the new department: border and transportation security; emergency preparedness and response; and chemical, biological, radiological and nuclear countermeasures.


Cooper said the Office of Homeland Security is "mapping and documenting the business strategies" for the new department. Those strategies are designed to mesh with the overall homeland security plan that Homeland Security Director Tom Ridge was expected to announce in June. Cooper said that plan would go to President Bush for his approval within the next two to three months.


The national strategy will define the "vision" of what the department hopes to achieve, and what homeland security means for federal, state and local agencies, as well as the private sector, Cooper said.


Cooper described the Homeland Security Department's information architecture as a pyramid, with this vision at the top. The next level down will address "business processes"such as border security or biodefenseand all their respective activities: clearing people in and out of the country or inspecting shipping containers for explosives, for example.


The third level of the architecture consists of "information products"such as terrorist watch lists and shipping manifeststhat are essential to conducting the department's business, Cooper said.


The fourth and fifth levels cover the actual technologies that would be employed at the new department. Ridge's Office of Homeland Security has asked technology chiefs at the merging agencies to make a quick assessment of the technology assetsincluding hardware, software applications and databasesthat they think are relevant to the new department's mission, Cooper said. These assets may or may not make their way into the department if it is created. The inventory is "probably 60 percent complete."


CIOs commonly list accounting for technology assets among their most difficult tasks. The arduous process of cataloging such assets often must rely on inadequate or incomplete records of what has been purchased or deployed in offices throughout the country. One CIO said recently that finding all the technology assets in a particular agency is like "trying to find all the fat marbled through a piece of steak."


Cooper acknowledged the technology inventory could show a gap between what the vision calls for and what agencies already have. In that case, Cooper said his team would develop a "migration strategy" that could involve both buying new technology and upgrading existing systems.


The overall homeland security strategy, which is being written by a separate team in the Office of Homeland Security, and the development of the technology architecture are proceeding simultaneously. Cooper said that wouldn't stop his team from moving forward with plans for the departmental architectureeven though by design, the architecture can't be executed without the top-level strategy in place.


Agencies involved in homeland security have already launched $6 billion to $8 billion worth of technology modernization efforts, Cooper said. Despite the fact that agencies might be buying and installing incompatible systems, those initiatives haven't been stopped. Rather, Cooper's team is working to coordinate them with the architecture.


Cooper said he hopes to have the inventory of border security and transportation functions completed within the next 90 days. He didn't give an estimated completion date for the entire architecture.


Cooper said whoever is named CIO of Homeland Security will inherit the enterprise architecture and probably take over finishing the plan, presuming the official is named before the entire architecture is complete.
***************************
MSNBC
FBI to valley: Tell us about attacks
By Andrew F. Hamm
SILICON VALLEY/SAN JOSE BUISNESS JOURNAL

July 1 Businesses have remained tight-lipped when it comes to reporting cyberattacks or other breaches of their security for fear that the bad publicity would also bombard their bottom lines. But the FBI has begun offering them anonymity and critical information in exchange for their much-needed cooperation in battling hackers and other terrorists.
THE NEW INFORMATION-SHARING initiative is an extension of Infraguard, a 3-year-old program first put together to stem attacks on the nation's economic infrastructure, including businesses, medical facilities, financial institutions, and water, energy and transportation agencies, says Peter Trahon, supervisory special agent at the FBI's Regional Computer Intrusion Squad. The organization now has about 80 Bay Area companies involved.
According to a Bay Area-based survey funded in part by the FBI, 90 percent of survey respondents, primarily large corporations and government agencies, reported computer security breaches in the past 12 months and 80 percent acknowledged financial losses. The most serious included the loss of proprietary information and financial fraud, with 74 percent saying the attack came via the Internet.
While companies have been eager to receive information on problems other companies are having, they have been loathe to report their own, says Rich Davies, executive director of the Western Disaster Center at Moffett Field and a member of Infraguard's board of directors.
Mr. Trahon says the new program gives businesses a secure way to circulate information through the FBI about any problems without fear that the information will come back to bite them.
"I see the value of it. It helps me validate potential problems or invalidate them, depending on what is out there," says Bob Landgraf, program director for Hewlett-Packard Federal, a subsidiary of Hewlett-Packard Co. and a member of Infraguard. "Many of the large companies are well-prepared for these attacks," Mr. Landgraf says. "I would say smaller companies and those in hot technologies are in the most trouble. Large companies can sustain a $1 million loss ... but that could put some smaller companies out of business."
Companies have been mum about security breaches because of fears of giving competitors an advantage, reaction by investors, bad publicity and simple egos, says Rich Jackson, executive director of Infraguard's San Francisco Bay Area chapter.
"I think the FBI realizes they've had some bad relationships in the past, Mr. Jackson says. "They are working very hard to gain the trust of the [business community]."
And then there's the paperwork.
It can be onerous, Mr. Jackson admits, but is a necessary tool to help find and punish the attackers.
"[The FBI] is trying to make it as easy as possible," Mr. Jackson says. "But remember, a lot of court cases get thrown out on a technicality. So you have to document carefully."
The FBI began pushing what it calls "secure" membership after the number of companies attending quarterly Infraguard meetings tripled after the Sept. 11 terrorist attacks.
"It became very obvious that we need the high-tech community talking to each other in case of attack," says David Kovar, director of information technology at the Western Disaster Center.
Participating in the secure membership allows companies to offer sensitive information and receive information about ongoing FBI investigations information not available to the general public or even Infraguard members who don't have the "secure" membership, the FBI's Mr. Trahon says.
"It's a subtle difference, but one that could make all the difference," Mr. Trahon says.
Mr. Jackson says the FBI is still fine-tuning how and what information is handed out and how to keep that information secure.
There also has been a growing realization that there are industrywide concerns that only cooperation can overcome, Mr. Jackson says. "The realization is that when the individual company suffers, the whole industry suffers."
The fear of attack is very real, says Mr. Jackson, who demonstrated that by asking that the Business Journal not reveal the name of the large Bay Area company he works for.
"There are hackers out there who attack on the whim," Mr. Jackson says. "Having my company's name exposed in the context of a story like this could needlessly expose it to attack."
Sharing information is important because the attackers, whether they be political, terrorist or economic in nature or just some bored teen-ager somewhere constantly upgrade and change their mode of operation, says Livio Ricciulli, chief technology officer for the Redwood City-based Reactive Network Solutions, a computer security company.
"The problem is ... we're talking about a very dynamic situation," he says. "The attackers' behavior is always changing and up-to-date information is critical." Mr. Ricciulli says Infraguard, while a good start, should be more specialized to better meet members' needs. For instance, financial institutions, software organizations and telecom companies should have their own Infraguard-like organizations to share information quicker.
The FBI has been looking into splitting up the Bay Area Infraguard chapter into three chapters one each in Silicon Valley, San Francisco and the East Bay or Oakland partly because of those areas' particular specialties and partly because of volume.
"The bottom line is, the public sector can be our eyes and ears to helping [the FBI] contain and find those who attack our country," Mr. Trahon says.

       Copyright 2002 American City Business Journals Inc.
***********************
Government Computer News
Vote on NIST smart-card standards is set for next week
By Dipka Bhambhani

The government's interagency smart-card group next week will vote on whether to adopt newly released interoperability standards for smart-card hardware and software.

The Government Smart Card Interoperability Committeewith representatives from the Defense Department, General Services Administration and National Institute of Standards and Technologyis expected to approve the GSC Interoperability Specification Version 2.0. NIST last week released its latest draft of the interoperability framework. It is posted online at smartcard.nist.gov/GSCISV2-0.pdf.

The standards would require that products used for government smart-card programs meet the GSC-IS Version 2.0 specification.

"I strongly believe that interoperability is the issue that will make or break the smart-card market in the U.S.," said James Dray, NIST's principal scientist for the GSC program.
**************************
Government Computer News
Navy opens third NMCI center in Hawaii

By Dawn S. Onley
GCN Staff


Today in Hawaii, the Navy is opening its third network operations center to support the Navy-Marine Corps Intranet.

Seventy-five employees at the Hawaii NOC on Ford Island will manage network traffic throughout the region and will monitor NMCI servers, routers and networks. The center will also monitor intrusion attempts, Navy officials said.

Navy projects that the Hawaii facility will eventually grow to more than 200 civilian, enlisted and contract workers.

The Navy also has opened NOCs in Norfolk, Va., and San Diego to support the NMCI program.

So far, under the $6.9 billion contract, Electronic Data Systems Corp. has cut over about 59,000 seats to the NMCI environment and has authority to take over 90,000 more. Ultimately, NCMI is intended to link more than 400,000 desktop PCs across the United States, Puerto Rico, Iceland and Cuba.
****************************
Government Computer News
OMB models its site redesign on FirstGov portal
By Jason Miller

Keeping in line with the redesign of the FirstGov portal, the Office of Management and Budget has revamped its Web site applying the same three-clicks-to-service approach.

OMB yesterday launched its new site at www.omb.gov.

The sitealso modeled after the White House's home pageadded navigation tools down the left side to ease and speed sifting through documents. Users can browse through subject areas such as the president's 2003 budget proposal and agency information directly instead of having to click through several layers.

OMB also added features such as The Wastebasket, where visitors can e-mail examples of mismanagement or government waste, and Feedback and Forth, where the public can submit opinions directly to OMB.

The front page now offers the latest media advisories and administration policy announcements, as well as links to information about the President's Management Agenda and agencies' scorecards.
************************
Government Computer News
House makes resolutions in XML
By Susan M. Menke

The House of Representatives is pioneering its shift to Extensible Markup Language with simple resolutions, which started in January.

"Our goal is to begin production of some introduced bills using XML by January 2003," said Joe Carmel, chief of legislative computer systems. Testing is now under way on XML output of new bills, he said.

The House last year completed more than 100 document type definitions (DTDs) for its entire output of bills, resolutions, correspondence and other production elements [see story at www.gcn.com/20_25/inbrief/16922-1.html].

Current House output is searchable only by bill numbers or keywords, but in XML it would be searchable by titles, names, tables, subheadings and other components. A folder of XML documents essentially becomes a database searchable by browser.

A sample of the XML coding for a House bill appears at xml.house.gov/hr10.xml. It shows how each line, name and term has an identifying tag, created by exporting the document from a word processor such as Microsoft Word or Corel WordPerfect into a special XML template. The tags automatically control typography and create entries for tables of contents and indexes. They can serve for paper or electronic publication.

The House DTDs, which the Government Printing Office helped design, are in the public domain.
************************
Government Computer News
GAO gives White House passing grade on IT efforts
By Jason Miller

The Executive Office of the President has advanced its handling of its systems, but there's still room for improvement, the General Accounting Office told lawmakers in an analysis released yesterday.

"EOP's efforts at this juncture should be viewed as work in progress, as opposed to completed tasks. This means that the office's modernization success largely depends on its ability and resolve in fulfilling its plans and commitments," said the letter sent to Capitol Hill committees with White House oversight.

The fiscal 2002 EOP Appropriations Act mandated that EOP submit a report to the House and Senate Appropriations committees outlining its work in developing four items:


An officewide architecture
A capital planning and investment control process
A capital investment plan
A human capital management plan.

Congress had limited EOP's spending on systems modernization until it detailed its progress to lawmakers. The White House sent its report to Congress in mid-April.

"EOP has made progress, and it has made plans and future commitments relative to each of the four areas addressed in its report," said the review signed by Randolph C. Hite, GAO's'director of IT architecture and systems issues.

In response to a draft of the analysis, the associate counsel to the president told GAO that the EOP's systems chief "was satisfied with the substance of the report and that the White House had no substantive comments."

EOP has finished a business reference model that describes its administrative processes and IT requirements, noted the review, Executive Office of the President: Analysis of Mandated Report on Key IT Areas.

The model also outlines the White House's existing networks and infrastructure. EOP still is working on an officewide architecture, which will be used to modernize its operations, the GAO analysis said.

The CIO's office controls IT investments by requiring that project managers submit a standard briefing each month, GAO said. The EOP briefing template evaluates an initiative's progress against cost, schedule and performance commitments.

EOP is focusing on low-risk and high-payoff projects such as a $5 million redesign and relocation of its data center and a $1.5 million project to replace desktop PCs and improve customer service, GAO said.

Finally, the audit team found the White House's IT team is assessing its human resources needs against 14 core knowledge and skill areas it has identified as crucial to support current and future operations. EOP has begun training staff in some of the 14 areas and plans on hiring additional staff, GAO said.
************************
Government Executive
Tech firms seek separate cybersecurity agency
From National Journal's Technology Daily

Lawmakers should include a cybersecurity agency within the plans for a new Homeland Security Department, a trade association said last week.


In a letter to Virginia Republican Tom Davis, chairman of the House Government Reform Technology and Procurement Policy Subcommittee, the Business Software Alliance (BSA) touted the need for a special agency focused on cyberterrorism.


"The unique nature of the cybersecurity challenge thus requires that a separate coordinating body exist within the Department of Homeland Security," BSA President and CEO Robert Holleyman wrote.


Davis' subcommittee is one of several panels reviewing the Bush administration's request for the new department.


BSA also offered comments on competing homeland security proposals. And Holleyman noted that guidelines for federal cybersecurity and provisions to promote information sharing between the private sector and public agencies should be included in such legislation.
**************************
MSNBC
Cyberlaw: Cybersmart or cybersilly?
Sketpics cast doubt on hot new legal field
By Lee Gomes
THE WALL STREET JOURNAL

July 1 Is there really a cyberspace full of "cybercitizens" who need only be accountable to their own "cyberlaws"? A loose-knit group of law professors is bucking one of the big fads in the legal field by calling that whole idea "cybersilly."
LAW INVOLVING the online world is hot right now. Law schools trying to stay current have courses in it, which tend to be popular with a generation of law students reared on Wired magazine and Napster. Experts in so-called cyberlaw typically have technology-friendly legal views, and are thus frequent guests at the tech world's many conferences. They're also quoted all the time in media accounts of online legal disputes.
There is, though, a much less well-known but equally determined group of legal experts let's call them the "cyberskeptics" who are deeply troubled by just about everything about this trend. The skeptics start by questioning the very existence of cyberspace, which they say is no more real than a "phone space" involving all the people on the telephone at a given time. They go on to argue that something happening online shouldn't be treated any differently by the law than if it occurred on Main Street.
You can usually find the skeptics in law journals rather than at tech conferences. Orin S. Kerr, of George Washington University Law School, for example, is wary of courts looking at Internet legal issues from the perspective of users, who may indeed think of themselves as cavorting about in cyberspace. A more productive approach, he says, might be to look at what is happening in the real world, where one usually simply finds a group of computers connected to each other and passing along data.
Timothy Wu, a professor at the University of Virginia School of Law, writes that there is no single Internet, but instead, many different Internet applications that all need to be discussed differently.
Jack Goldsmith, of the University of Chicago law school, defends a decision two years ago by a French judge who said that Yahoo couldn't sell Nazi memorabilia in France, which bans the material. Netizens pounced on the ruling as an affront to their brave new digital world. But Prof. Goldsmith says that Yahoo, since it has a subsidiary in France, should no more be immune to French laws than General Motors is.
More importantly, he says, the French judge went through with the ruling only after determining that it was feasible, through various screening technologies, for Yahoo to prevent its French visitors from seeing the ads but still display them to others.

'EXCEPTIONALISM' REJECTED
While the skeptics emphasize different points, they all have as a core principle a rejection of the notion of "Internet exceptionalism," or the idea that the Internet is a new, unique thing that requires its own special laws. "The steam engine ... probably transformed American law, but the 'law of the steam engine' never existed," writes Joseph H. Sommer, counsel at the Federal Reserve Bank of New York, in a law review article called "Against Cyberlaw." He also fretted that the cyberbuffs are afflicted with "insufficient perspective, disdain for history, unnecessary futurology and technophilia."
The skeptics have no particular beef with computer and Internet technology. Most, in fact, are avid users. They just think that it shouldn't be pandered to. And they certainly deride the ideas behind the "Declaration of Independence of Cyberspace," which is posted on many Web sites and poses a "hands off" challenge to government.
The dispute between the buffs and the skeptics doesn't have the usual left-right overlay to it. The skeptics tend to be Republican but come from both sides of the spectrum.
A better question, perhaps, involves the politics of the cyberspacians not their defenders in law schools as much as the cyberactivists themselves. Many observers assume them to be politically progressive, beyond their obvious libertarianism.
But are they really? Prof. Wu thinks not, calling them deeply technocratic and elitist despite their populist rhetoric. And most of the activists continue to see the Internet as a utopian ideal despite the fact that many progressives are beginning to worry that the Web is really just a very efficient way for companies to move white-collar U.S. jobs overseas.
Prof. Goldsmith says that most law professors are becoming increasingly wary of the legal claims being made for cyberspace. But what about his students? Well, he concedes, they're another matter. Many of them, with the passion of youth, are still enthralled with the whole idea of a separate universe, one they can call their own.

       Copyright © 2002 Dow Jones & Company, Inc. All Rights Reserved.
***********************
CNN
Swedish e-postal service delivers wherever you want

STOCKHOLM, Sweden (AP) -- Forget paper invoices, junk circulars and credit card statements that pile up in the mailbox.

That's what Posten, Sweden's national post office, is encouraging with an Internet mail delivery service that aims to make most physical mail go the way of the typewriter.

"Our vision is that the hall carpet or mailbox will never be cluttered with anything but the occasional love letter or invitation to a party," says Posten spokeswoman Margareta Chowra.

Posten's ePostbox is cheap, environmentally friendly and lets recipients pick up mail at any Internet-connected computer, anywhere in the world.

The Swedish post office is urging large-volume mail-senders like banks, city governments and housing agencies to trade paper correspondence for its Internet service.

To send mail through ePostbox, companies pay about 2 kronor (19 cents) per item, some 25 percent less than it would cost to have the mail delivered by carriers.

The service is free for mail recipients. Customers who register can choose from which companies they want to receive mail electronically.

Posten, which launched the service in December and promotes it with TV and Internet ads, hopes that what's good for its customers will be good for itself.

Like many national postal services, 366-year-old Posten has seen its revenues gouged by competition from private delivery services and electronic messages sent on computers and phones, said Posten vice president Boerge Oesterholm.

"When the market needs are changing, it's natural for us to give the market what it wants," Chowra said.

A growing trend
The service is still in its infancy.

Posten signed up nearly 50 companies, but only 10 have started sending through it. Chowra won't say how many customers have registered. For now, only one bank allows customers to pay bills through ePostbox.

Reineke Reitsman, a technology and consumer behavior analyst at Forrester Research, said the Internet makes sense for direct marketing, traditionally a core business for post offices.

Companies using the service send digital versions of mail items to Posten. Postal workers sort it for distribution to the registered customers' ePostboxes via a secured internal mailing system.

Customers access their ePostboxes through Web browsers with 128-bit encryption.

Canada Post has been offering a similar service since November 1999 and has drawn some 200,000 customers and about 90 companies as users.

A Finnish equivalent, dubbed Netposti, started in January 2001 and has some 130,000 customers and 100 member companies. Spokesman Tom Sandman said the service was not yet profitable.

In the United States, customers can receive and pay bills online through the U.S. Postal Service. They can also send money from a bank account to anyone with an e-mail address. Spokeswoman Sue Brennan would not release usage figures.

The U.S. Postal Service is also testing a system that would allow companies to prepare newsletters and other bulk items electronically that it would then print and deliver to physical mailboxes. The service printed more than 2 million items in fiscal 2001.

But because of lack of interest, the Postal Service recently dropped PosteCS, a system for delivering electronic documents with postmarks.

Chowra, who declined to say how much Posten has invested in ePostbox, said Sweden's service is unique because mail will be delivered physically if it doesn't match an electronic mailbox.

All aspects of Posten's system, from registration to usage and transmission of messages, are secured. An electronic postmark tracks the date and time a message is sent and opened. The postmark guarantees the mail has not been tampered with during transmission.

"The messages never leave Posten's own system," Chowra said. "They are handled within our 'fireproof doors' all the time."

Copyright 2002 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
***************************
CNN
Foes vow to challenge Spanish Internet law

MADRID, Spain (AP) -- Opponents of a new e-commerce law -- which requires Internet service providers to keep tabs on users -- have vowed to challenge it in court as a violation of constitutional rights.

But the head of a national Internet users association applauded the protections it offers for online consumers.

The Law on Services for the Information Society is one of the first to comply with a European Union directive on regulating the Internet in the 15 member countries.

The law was adopted Thursday in the Congress of Deputies, the lower house of Spain's parliament. It is expected to become law over the summer after its publication in the Official State Gazette.

The law covers a broad range of Internet commerce issues. It prohibits distribution of mass unsolicited e-mail and stipulates that Internet transactions be considered judicially with the same validity as signed paper agreements.

It will also require Internet service providers to retain records on users and collaborate with law enforcement authorities by shutting down Web sites involved in illegal activities. Providers must keep a one-year record of IP addresses that can help police identify users who sent threatening e-mails or published sites promoting racial hatred.

Failure to do comply with the law may result in fines of up to $595,000.

Javier Maestre, a lawyer who has led opposition to the bill in Spain, said the law violates constitutional rights to privacy, freedom of expression and the presumption of innocence.

"You can't have the presumption of innocence in the real world and be treated by the police as a suspected criminal in the virtual world," he said.

Maestre and other opponents have started an online petition drive to challenge the law before the Constitutional Court.

But Javier Sola, director of the Association of Internet Users, said the law will be a boost for online shopping because businesses on the Web must identify themselves with their tax identification numbers.

"Consumers want to deal with companies, not Web sites," he said. "If there is a problem, you want to be able to file a claim against the company."
***********************
CNET
Suspected hi-tech pedophiles arrested
By SUE LEEMAN -- Associated Press

LONDON (AP) -- Police in seven countries on Tuesday arrested around 50 suspected members of a high-tech child abuse ring calling itself "Shadowz Brotherhood" that made and distributed obscene images of children, including babies, on the Internet, British authorities said.

Hundreds of police officers swooped on suspects' homes in synchronized raids early Tuesday, seizing dozens of computers, videos and compact discs, according to Britain's National High-tech Crime Unit, which coordinated the operation with the European police organization Europol.

Police said 31 people were arrested in Germany and others were arrested in Britain, but did not give the other five countries.

"This group were using highly sophisticated technical means to continue their criminal activities and to avoid detection," said Detective Chief Supt. Len Hynds, the unit's head. "It was a level of sophistication we have not seen in law enforcement before."

"In terms of the kinds of material they are posting and allowing access to it's the worst group I have encountered," Hynds added.

The ring used sophisticated encryption techniques, sometimes hiding material in seemingly innocent picture files, and was structured in cells whose members knew only each other for security, officials said.

Authorities say some members of the group sexually abused children and then posted the images on their Web site, which also provided advice on how to meet children in Internet chat rooms.

Police believe the group was set up around two years ago and had members in Britain, the United States, Canada, Belgium, Denmark, Germany, Italy, the Netherlands, Romania, Spain, Sweden and Switzerland.

Sixteen suspected members of the group were already in custody in several countries; one suspect in the United States, an air force officer, has committed suicide while in custody.

Hynds said the group had about 100 members, including 23 "systems administrators" who ran the group's Web site and "monitored bulletin boards and chat rooms ensuring people were using proper security measures and excluded people from the site if they weren't."

Administrators also provided advice about police tactics and techniques so they could avoid detection, he added.

Police said administrators operated a "star" system to rate members: after initial vetting, new members received a one-star rating, allowing them to enter certain chat rooms, newsgroups and bulletin boards.

To gain further stars they had to post images of child sex abuse on the group's site; as they gained stars, they obtained greater access to restricted sites containing the most graphic material.
*********************
Sydney Morning Herald
First Internet cafes to open in Kabul
Kabul
July 2 2002





After decades of near-total communications isolation, Afghans are about to make a leap onto the World Wide Web with the opening of the country's first Internet cafes.

"We plan to open up to three Internet cafes in Kabul within the next two to three weeks," said Alex Grinling, managing director of the Afghan Wireless Communication Company (AWCC) which will become the war-ravaged country's first Internet service provider.

Afghanistan took a major step forward in the telecommunications field in April when the state-affiliated AWCC company launched the first cellular telephone network. President Hamid Karzai placed a call to an Afghan refugee living in Germany, something nearly impossible through the old telephone lines that served the hardline Islamic Taliban regime.

The nation's thirst for telecommunications became apparent during the loya jirga, the grand council that met last month to choose a new national leadership. All week, delegates chatting into cellular phones strolled the sunny plaza outside the meeting hall, and were provided a temporary Internet access in a nearby hotel.

Reliable telecommunications are considered critical to knitting back together a nation long divided by a bitter civil war.

"We expect there will be a lot of interest for the Internet here, especially among the people who know what Internet is - those Afghans who have lived in exile and are now returning home," Grinling said.

He conceded that there may be some practical problems at the outset.

Few locals in the city of two million people know what the Internet is.

"Internet? What is that?" asked Mustafa Brahimi, 49, as he pushed through a crowd in Kabul's dusty open-air Mandawy market.

When told about the network, his questions reflected other complications.

"It sounds great," he said. "But what about electricity? How will it work without it?"

Kabul's infrastructure is in a shambles after two decades of neglect and warfare. Power cuts are frequent, and most of the city's telephone lines were destroyed by fighters digging trenches and eventually stripped for copper by scavengers.

The capital's 7,000 working analog telephones can't connect with 5,000 phones on the two-year-old digital system installed under the Taliban. There are just 12,000 functioning telephones in a city of nearly two million people.

"Thus the Internet cafes," says Grinling, who heads operations in the Western-run Afghan Wireless. "We'll install a wireless communication system into the cafes for an easy link with the Internet. I'm sure it will become a major hit among the Afghans."

Among those looking forward to the Internet cafes is Arif Amonullah, a 28-year-old engineer who returned to Kabul last month after eight years in exile in Russia.

"I never dreamed that Afghanistan will ever have mobile phones, not to speak about Internet," Amonullah said. "I have relatives in England and can't wait to exchange a few e-mails with them. They won't believe that I'm sending them from, imagine, a Kabul Internet cafe!"
*************************
Sydney Morning Herald
Intelligence for the open-source war
By Adam Turner

Depending on who you ask, the open-source movement is either a cancer spreading through the IT world or a miracle cure to Microsoft domination. Like most battles these days, the open-source war will be fought in the courtroom as much as on the server or the desktop.

RedHat senior vice-president and chief legal counsel Mark Webbink, Samba developer Andrew Tridgell and a gaggle of IT lawyers are among the guest speakers in Brisbane tomorrow at a conference titled Legal Issues Relating to Free and Open Source Software.

Such software is often covered by the GNU General Public License (GPL). Often referred to as "copy-left" or open source, software covered by the GNU GPL is free of charge to the general public. If a programmer develops software containing code covered by the GNU GPL, that software also becomes open source.

Run by Queensland University of Technology's School of Law, tomorrow's conference grew from a series of intellectual property lectures delivered in California by QUT's head of law, Professor Brian Fitzgerald.

Keynote addresses and panels will cover legal issues involved in using free and open-source software in business, security aspects and integrating proprietary and open-source models.

Tomorrow's conference is designed to counteract the campaign of fear, uncertainty and doubt that has dogged the open-source movement, says the organiser, QUT law researcher Graham Bassett.

"We're trying to combine the expertise of lawyers who are experts in this software licensing area and the area of open source, with practitioners creating large-scale projects."

Microsoft's new Software Assurance licensing system is encouraging government and private sectors around the world to consider open-source alternatives, says Bassett.


Other guest speakers at the conference include Sun Microsystems' Bill Lard and independent developer Rhys Weatherley, who is an important contributor to the GNU.NET project - and open-source competitor to Microsoft's .NET.
****************
New Zealand Herald
Modems in danger of hackers gaining entry
By ADAM GIFFORD

Owners of Jetstream modems are being urged to conduct basic checks to ensure they are not vulnerable to hackers, who can use them as relays for spam emails or to conceal where data is going.

"Strictly speaking they are not modems but routers connected to the internet as long as they are plugged in and powered up," said Unitec networking student Alan Birch.

His investigations into the configurations on his own Nokia ADSL (asynchronous digital subscriber line) modem revealed it could be hacked into from the outside.

Birch said he had assumed his modem was secure after asking his sister to try to access it from outside by putting in its IP address - found using a program called Samspade - into a browser.

"The problem was the IP address is dynamic, and the one I gave her had expired when she put it in the browser ," Birch said.

"After I read the article in the Herald last week I thought I still might not be safe, so I downloaded the administration manual from the Nokia website and found I could access the modem's command line through Hyperterminal.

"When I did that I saw there were no passwords in place - I just needed to hit enter to get in."

Birch used Hyperterminal to create passwords for all the access levels.

Networking specialist Darren Clarke of Service Direct said most DSL modem brands had the remote configuration features disabled by default, and could be accessed only from inside the network.

"If remote management or external configuration options are required, the customer needs to know and understand the risks, and the reseller must take all necessary precautions to minimise this risk, such as changing default passwords to secure password formats," Clarke said.

Clarke suggests DSL modem users download a port scanning tool such as Shields Up - https://grc.com/x/ne.dll?bh0bkyd2 from the internet to test their modem.

"It scans the different port numbers to see which are open.

"The two ports we are concerned about are port 80, which is the HTTP web browser, and port 23, which is telnet.

"If either is available, it could allow someone to play around in your configurations."

Clarke said people should also look for pinholes, ports which were open to allow data to be redirected.

"If I want to have an email server in my organisation I would have to put in a pinhole, which is port 25 for SMTP.

"Normally most environments don't need any ports open. If the mail just goes to a POP mailbox, you don't need that port open."

Clarke said companies installing DSL modems should check the configurations to ensure they were not vulnerable.

"There is also an opportunity for a smart web developer to create a site which will check those two ports, 80 and 23," he said.

Clarke said if people were unsure of their vulnerability they should ask their internet service provider or local modem service agent to help check it.
*************************


Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx