[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips August 1, 2002

To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, CSSP <cssp@xxxxxxx>;, glee@xxxxxxxxxxxxx;, John White <white@xxxxxxxxxx>;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, computer_security_day@xxxxxxx;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, akuadc@xxxxxxxxxxx;
Subject: Clips August 1, 2002
From: Lillie Coney <lillie.coney@xxxxxxx>
Date: Thu, 01 Aug 2002 11:04:31 -0400

Clips August 1, 2002

ARTICLES

Man Hoped to Win Woman He Met on Web
A Think Tank That Needs to Spell It Out
Cybercafe Crackdown May Trip Up Leering Boys
Applicants for New Dot-Org Domain Controller Under Review
Security czar points finger of blame
Burns tackling BIA troubles
A Shift Registers in Willingness to Pay for Internet Content
OMB freezes management systems
Experts translate voice tech needs
Taxpayers will file 2002 federal returns online for free
Administration launches a clearinghouse for volunteers

***********************
Man Hoped to Win Woman He Met on Web
Pr. William Jury Urges Death for Couple's Killer
By Josh White

A Prince William County jury recommended a death sentence for Larry "Bill" Elliott yesterday, suggesting the highest penalty for the former Army intelligence officer who became obsessed with a woman he had met on the Internet and then killed a Woodbridge couple to win her love.

Jurors deliberated for more than 10 hours over three days in making the choice between the death penalty and a life sentence without parole for Elliott, 52, of Hanover, Va., deciding ultimately that the gruesome nature of the crime deserved death. Jurors took less than half that time last week to find Elliott guilty of the Jan. 2, 2001, murders of Robert Finch, 30, and Dana Thrall, 25.

Elliott also received a life prison sentence for the murders and a mandatory eight years in prison on weapons violations. Circuit Court Judge William D. Hamblen is scheduled to confirm the sentences at a Sept. 20 hearing, during which he has the option of reducing the death sentence to a life term.

Elliott, a career military intelligence official, became entangled in a bizarre relationship with a woman he had met through an adult Web site, giving her more than $450,000 over 18 months to help her out of financial trouble. Elliott developed an obsession with the woman, Rebecca Gragg, but she rebuffed his attempts at having a sexually intimate relationship.

According to testimony and argument in court during the past three weeks, Elliott's obsession turned him into a frustrated and jealous murderer. He killed Finch, Gragg's ex-boyfriend, apparently because he perceived Finch to be an obstacle to Gragg's love, witnesses said.

"There's no question that if Mr. Elliott hadn't gotten involved with Rebecca Gragg, two people would be alive today," Commonwealth's Attorney Paul B. Ebert said. "But he killed them. To think about eliminating someone is what the death penalty is designed to prevent."

Elliott went to Thrall's Woodbridge townhouse on Jan. 2 in the early-morning darkness and shot Finch three times. He then shot Thrall, beat her over the head, reloaded his revolver and shot her three more times in the head. Thrall's two children -- ages 6 and 4 at the time -- were in an upstairs bedroom and heard the gunshots and Thrall's scream.

"He looked right into Dana's eyes and beat the life out of her and didn't even care," said Jennifer Finch, Robert Finch's younger sister and one of Thrall's best friends.

She said yesterday that she was bothered by Elliott's unwavering stare as the verdicts were read. "It makes me angry that he has shown no remorse for what he did," she said.

Kim Lephart, Thrall's older sister, said she doesn't believe the death sentence will change much for the family, other than giving Thrall's children some solace that "the bad guy" won't ever be out on the streets.

"I want Dana's scream to haunt him," Lephart said.

Police linked Elliott to the scene with a spot of his blood that was found on a back gate, and witnesses saw him near the home before the slayings. Elliott's truck was also spotted near the scene, and he later made cryptic remarks to Gragg about having to clean up a mess.

Elliott's defense team tried to put the blame on Gragg during the trial, telling the jury that she wanted Finch out of her life because of a bitter custody dispute. Henry W. Asbill and William A. Moffitt, Elliott's attorneys, argued that Gragg could have sent an unknown person to commit the murders.

In arguing for Elliott's life, Moffitt told jurors Monday that his client fell victim to one of the most human emotions: love.

"There's no question that Mr. Elliott fell in love with Rebecca Gragg, and a more unfortunate circumstance cannot be contemplated," Moffitt said. "This is a case that cries out in its humanness; it's completely understandable in human terms. It cries out for him to be punished severely and harshly, but it does not call out for his death."

Gragg said yesterday that she resents Elliott.

"He told me at first that he just wanted to help me make a better life for my children, and what he actually did was tear our lives apart," Gragg said. "If anything, I feel that he is getting off easy. He won't have to live with this for very long, and we will have to live with this for the rest of our lives." ******************* Washington Post A Think Tank That Needs to Spell It Out By Shannon Henry

Virginia's Center for Innovative Technology is trying to reinvent itself again, although who knows if this time will be the charm.

Since the CIT was founded in 1984, it has evaded several near-shutdowns. Its mission has never been clear to many taxpayers and technologists. And now, Anne Armstrong, who since 1999 has been the president of the nonprofit technology think tank, has suddenly left.

Armstrong would not talk about the circumstances of her departure.

"Everybody thought it was time to make a change," says CIT Chairman Paul Brubaker, who is also chief executive of Aquilent in Laurel. He says the decision was mutual.

Its last president, Bob Templin, was ousted by the CIT board as then-Gov. James Gilmore (R-Va.) appointed his own secretary of technology to oversee the group. Now there's another new governor and soon there will be another CIT president.

The group says that in coming weeks it will unveil an operating plan that will finally explain to everyone what happens in the slanted glass building off the Dulles Toll Road and what it intends to accomplish in the future.

"I don't think anybody in the private sector knows what [CIT] is," says venture capitalist Jack Biddle of Novak Biddle Venture Partners in Bethesda.

Still, the CIT has a $9.2 million annual budget. But the pool has been shrinking: Last year's budget was $12.5 million.

The new operating plan, says Brubaker, will outline CIT's intent to bring more federal research and development to Virginia, more commercialization to the state, and a continued focus on economic development. "It represents a shift in priorities," says Brubaker about the plan.

There's a sense of immediacy. By Nov. 6, the current secretary of technology, George Newstrom, is supposed to deliver a report to Virginia's General Assembly explaining whether "the mission of CIT can be fulfilled elsewhere in Northern Virginia," and an analysis of the prominent building's land and property value.

Brubaker says the group needs to better demonstrate a return on investment for the state. However, he thinks much of the problem is articulating the group's goals and actions, rather than a deeper problem of failed accomplishments. The attitude that the CIT doesn't do much is "all perception and zippo reality," he says. "If there was a sin, it was taking on new activity without giving up the old activity."

Bobbie Kilberg, president of the Northern Virginia Technology Council, which is housed in the CIT building, says the change in management was political. After Mark Warner (D) was elected governor, he installed Newstrom, a former EDS executive, to take over for the state's first chief technology officer, Don Upson. Armstrong, a former newspaper editor, had been Upson's choice. "When administrations change, people change," says Kilberg, who has been a supporter of keeping the CIT alive and well funded.

She says if the group can clearly outline three or so goals in its new plan and then stick to them, it will be in good shape. CIT's challenge is to explain to its funders and to Virginia natives what it does.

Brubaker hopes to have a new CIT president in place within 90 days. "We're looking for a CEO type," says Brubaker. The search is being led by Alan Merten, president of George Mason University. In the meantime, Newstrom will serve as acting president. "In this economy, there will be a lot of good people out there," says Kilberg of the applicant pool.

Harry Glazer, who made his name in the tech heyday in Washington as a lawyer to start-up companies, is leaving law firm Greenberg Traurig at the end of the month to join Sherwood Partners of Los Angeles, which advises financially troubled corporations. While Sherwood is known for winding companies down, Glazer will open the Washington-area office of the firm to jump in at an earlier stage to give advice, ideally before things get too bad. He'll be a principal owner in the business. "I'm heading up their healthy company practice," says Glazer.

Shannon Henry's e-mail address is henrys@xxxxxxxxxxxxx
*************************
Wired News
Sprint Calls Audible in Spam Suit

A lawsuit charging Sprint with sending illegal, unsolicited e-mail appears to be turning into a test case for how much evidence a company can recover when defending against allegations of wrongful spamming.

The class-action suit, Terry Gillman v. Sprint Communications, claims that the phone company violated a recently enacted Utah statute that places restrictions on senders of unsolicited e-mail.

The suit seeks damages of $10 per day for each unwanted e-mail the Utah plaintiffs received from Sprint (FON), along with payment of court costs.

Under Utah law, spammers can be forced to pay up to $10 for each unsolicited e-mail they send or $25,000 for each day they continue to spam.

Plaintiffs' lawyers said the case was modeled after a lawsuit filed nearly four years ago by Washington's state attorney general against a notorious spammer.

The new suit took an unusual twist in early July, however, when Sprint filed a motion requesting it be provided with the lead plaintiff's hard drive for the discovery phase of the case.

Sprint spokesman Mark Bonavia declined to comment on the suit, saying it is company policy not to discuss pending litigation.

In a motion filed in Utah's 3rd District Court in Salt Lake City, however, the phone company rejected the charges, adding that it "intends to discontinue the allegedly actionable behavior."

Sprint also requested Gillman, the lead plaintiff in the suit, provide all electronic and hard copies of the allegedly inappropriate e-mail.

"This will permit Sprint to better investigate and prevent such alleged violations and will also prevent plaintiff from artificially increasing his damages by refusing to provide the basic information supporting his claim," the motion states.

Denver Snuffer, the attorney for the plaintiffs, characterized the request for the hard drive as an intimidation tactic. He said demands for physical evidence such as computer hard drives are not feasible in the context of a spam class-action lawsuit.

"There are an estimated 1.4 million Internet users in Utah who may have received Sprint spam, and to ask that many people to literally remove and deliver their hard drives to Sprint is ridiculous," he said.

Sprint's motion contained a request only for Gillman's hard drive. As of yet, no equipment has been turned over.

Judge Denise Lindberg of 3rd District Court, State of Utah ordered instead that both Sprint and the plaintiffs not delete any electronic records that may be pertinent in the case, Snuffer said.

The lawsuit is intended to represent all Utah residents who received the unwanted e-mail from Sprint after the state's anti-spam statute took effect on May 7. Currently, more than half of U.S. states have anti-spam statutes in place, though specific restrictions on commercial e-mail vary.

Under Utah's law, companies aren't prohibited from sending unsolicited e-mail. However, senders must clearly state their legal name and address, include the letters "ADV:" in the subject line, and provide a convenient way for the recipient to opt out of getting further messages.

Snuffer said the Sprint messages did not comply with these rules.
*************************
New York Times
Cybercafe Crackdown May Trip Up Leering Boys
By IAN FISHER

LAHORE, Pakistan, July 27 Shahid Masood is a bit down on the Internet these days. But he has never seen anyone who looks like a terrorist at the cybercafe he owns here.

Mostly he sees boys trying to see girls without their clothes.

"People do not use it in a positive manner," he said in this vibrant city with two universities and many students, who make for enthusiastic customers if not always rich ones. "Most of the people access porn sites. Then it is e-mail and chat sites. Otherwise, there is not much usage of the Internet."

In this sense cybercafes in Pakistan are not too different from those in the rest of the world. But in this strict Islamic society of segregation between the sexes and strict bans on sexual content in the media, privacy on the Internet is highly prized. So there is more than a little worry about new government rules, set down in the name of fighting terrorism, that would keep track of cybercafe users.

Under the rules, Pakistan's thousands of unregulated cybercafes often no more than a hot hallway with a few computers and no refreshments will be required to register with the government. Then, starting a month from now, the cafes will have to ask every customer for proof of identity.

The idea is to provide a way of tracking terrorists and deny them the use of computers in perfect anonymity. But the Internet here is also a way for young people to do things society does not normally allow them, and any intrusion into this new zone of privacy could mean a huge drop in business, cybercafe owners and their customers say.

"How is it practical?" complained Azir Raziullah, 28, who owns the Web Zone cybercafe in a mall here with no fewer than seven of them. "If you go to a hair-cutting shop, do you show ID? If you go to a boutique and buy a shirt, do you show ID? What is the Internet? It's just business."

But it is, in fact, much more than just business, and some Internet users say they would not take the risk with their privacy in a country as confusing as Pakistan on the issue of personal freedom. Pakistan has, on the one hand, a famously outspoken press and fewer blocks on Internet sites than some Muslim countries although one site used by Al Qaeda supporters was recently blocked.

Then again, it is possible to be stoned here for blasphemy.

"I don't think giving an ID is a good idea," said one young computer student who identified himself only as Atif. For one, he admits to occasional glimpses at pornographic sites. He would not like that fact known, much less traced.

Second, he regularly chats with young women online, women he normally could get nowhere near mostly talking, with disappointing tameness, about the food they eat.

"It's a good service," he said earnestly. "It has affected my life. I get a lot of information," he added, and then smiled: "And when I want I can chat."

It is perhaps more risky for women. Kiran Anwar, 21, also a computer student, said she too has found the Internet a rewarding, and socially safe, way to talk to people she would not meet otherwise. She noted, however, that chatters seem to be major liars. Everyone she encounters online, it seems, is rich, attractive and from a good family.

"I think of it as fun, as enjoyment, as passing the time," she said. "There are no side effects to that. As long as we are just having chat not meeting up."

And, she said, "It is very private."

Shahzada Alam, chairman of the Pakistan Telecommunication Authority, which regulates the Internet as well as mobile and fixed-line phones, said the rules are aimed at potential terrorists not curious or lovesick teenagers.

Part of the concern, he said, arose after the disappearance in January of Daniel Pearl, the Wall Street Journal reporter whose captors sent messages and photographs via e-mail, though apparently through home computers. Cybercafes, he said, are so far completely unregulated, a hole in Pakistan's national security that he said needed to be narrowed, though not closed completely. Requiring identification, he said, seemed like a gentle step.

"You have to have a balance, that is most important," he said. "If you over-control or over-regulate you will discourage people from using it. But if you keep it totally uncontrolled, it could be used by criminals."

That balance is a noble goal, said Mueen Sadiq Malik, chief executive of Paknet, the state-owned Internet provider, but not an easy one to put in place. He said that Paknet, one of the largest of the 100 Internet service providers in Pakistan, has been the first required to register cybercafes and inform them that they must ask their customers for identification.

To begin complying, his workers have combed their records for heavy Internet users, one clue to which of his 100,000 customers are cybercafes. He has also sent his workers to the streets. So far, he said, they have learned that Internet cafes have spread with the same chaotic freedom as the Internet itself.

"In the ultimate analysis, it's not going to go too far," he said of the government plan.

He added that he does not think terrorists "depend on this as a major means of communication."

He continued: "You can place phone calls. You can use mobiles and keep changing them."

He smiled at the impossibility of halting communications, modern or not. "They could send pigeons across," he said. ************************* Washington Post Applicants for New Dot-Org Domain Controller Under Review By David McGuire

The "dot-org" Internet domain, operated for years by Internet addressing giant VeriSign Inc., will find out who its new landlord will be in late September, before VeriSign relinquishes its hold on the domain at the end of the year.

Eleven entities, including three in the Washington region, have applied to operate the "dot-org" Internet domain, and global Internet addressing authorities are now slogging through hundreds of pages of application documents in search of a winning bidder.

"Dot-org is important now because it is the one space on the Internet that . . . has been devoted to noncommercial speech," said Barry Steinhardt, the director of the American Civil Liberties Union's Technology and Liberty Program. "If it were to be turned into just another dot-com, that would be a blow to speech."

In the Internet atlas, "dot-org" shows up as the stuffy university town on the outskirts of the commerce-steeped "dot-com" downtown. But dot-org is indispensable to consumer advocates, public interest groups and political dissidents, many of whom are watching closely to see who will be chosen to take the helm of the domain.

Dot-org will represent a lucrative asset for whatever organization takes the reins. As the wholesale seller of dot-org names, VeriSign makes $6 a year for every registered dot-org name. With more than 2.3 million registrations already in place, dot-org will provide its operator with a predictable revenue stream in an often shaky Internet environment.

The Internet Corporation for Assigned Names and Numbers (ICANN), the organization that will choose the new registry operator, said it won't give preference to nonprofit bidders. The top priority, ICANN President M. Stuart Lynn said, is finding a stable operator to replace VeriSign.

"I don't believe the [ICANN] board would favor a decision to jeopardize the stability of dot-org, so that becomes a very primary criteria," Lynn said. "ICANN's first priority is to preserve the stability and reliability of the Internet and the [Domain Name Server]."

If selected, a nonprofit organization will be eligible for a $5 million endowment from VeriSign to bring its registry operations up to speed. Commercial bidders are not eligible to receive the endowment. ICANN plans to award the contract in late September.

In exchange for giving up dot-org, VeriSign solidified its control of dot-com, the world's most heavily populated domain extension.

Registry operators such as VeriSign serve as domain-name wholesalers, charging the industry's retailers, called registrars, a flat fee for every name they sell to customers. Some registry operators, including VeriSign, also act as registrars.

ICANN is seeking a new bidder for dot-org as part of its ongoing mandate to bolster competition in the domain-name industry. Dulles-based Network Solutions, which was bought by VeriSign in 1999, maintained a government-approved monopoly over the industry until 1999, providing both front- and back-end services for all names sold with dot-com, dot-net and dot-org extensions.

Eleven bidders paid $35,000 registration fees, submitting massive amounts of documents outlining their preparedness to take the job. Their applications comprise a wide range of theories on how best to promote and manage the domain.

Two of those bidders, the Washington-based DotOrg Foundation and Reston-based Internet Society, say they intend to operate dot-org as a nonprofit enterprise, while the third, Washington-based NeuStar Inc. is taking a commercial approach.

Ken Hansen, director of development for NeuStar, which runs the recently christened "dot-biz" and "dot-us" domains, said a for-profit entity with experience operating Internet domains would provide the most stable environment for dot-org.

The noncommercial entities that rely on their dot-org addresses don't care who runs the domain, so long as it runs smoothly, Hansen said. "These organizations use their Web sites to get their message out, they use it to raise money [and] they use it to provide mission-critical services."

Officials at both the DotOrg Foundation and the Internet Society say they would use the proceeds from operating dot-org to develop online tools and services designed to help noncommercial groups expand their online offerings. Neither the DotOrg Foundation, which was created solely to bid for the dot-org contract, nor the Internet Society have direct experience operating domain names.

Both organizations have made deals with outside registry operators to provide back-end services for dot-org in the event that they win the bid.

The dot-org registry operator will not set the retail price for dot-org addresses but will establish the wholesale price that registrars must pay when they sell names to retail customers. Lower wholesale prices could translate into lower retail prices for domain-name shoppers.

Bidders have proposed wholesale prices ranging from the current rate of $6 per name, per year, to less than $4 per name. *********************** Government Computer News Security adviser previews national strategy

By William Jackson
GCN Staff

LAS VEGASPresidential cybersecurity adviser Richard Clarke drew ovations from a crowd of 1,500 security experts attending the Black Hat Briefings when he criticized the performance of software developers.

"The software industry has an obligation to do a better job of creating software that works," Clarke said.

Clarke, head of the president's Critical Infrastructure Protection Board, also drew applause when he said, "I don't trust the government to regulate the Internet." He made the comments while giving a preview of the National Strategy for Securing Cyberspace, which the administration plans to release Sept. 18.

The 2,800-page report focuses on creating responsibility and accountability for cybersecurity. The strategy responds to more than 200 questions, and experts from the private sector developed much of it. Clarke said the administration would update it several times a year.

"Chances are we will get it wrong in some aspects the first time around," he said.

Without revealing specific recommendations, Clarke outlined the strategy's major areas:

Software development: Clarke called for more rigorous development practices on the part of developers, and continued input from users to disclose vulnerabilities.

Wireless networking: Wireless LANs are notoriously unsecure, he said. Vendors have a responsibility to create more easily securable systems, and users should not use systems with known vulnerabilities.

Broadband access: Telecommunications companies and Internet service providers should provide firewall and other security services to customers using always-on Internet connections, which leave systems open to hacking over the Internet.

Internet security: There is no clear-cut responsibility for developing secure Internet technologies, and the government should take a leadership role in promoting security. The government should not regulate the Internet, but it cannot walk away from this responsibility either, Clarke said.

Federal government: Agencies need to do their part by using the security products it is encouraging industry to develop. Clarke cited a number of secure computing initiatives by hardware and software developers and said that if they produce significantly more secure products, he would recommend a massive replacement or upgrade of government systems. ************************ Associated Press Bush Adviser Encourages Hacking Wed Jul 31, 1:37 PM ET By D. IAN HOPPER, AP Technology Writer

LAS VEGAS (AP) - A presidential advisor encouraged the nation's top computer security professionals and hackers Wednesday to try to break computer programs, but said they might need protection from the legal wrath of software makers.

Richard Clarke, President Bush ( news - web sites)'s computer security advisor, told hackers at the Black Hat conference that most security holes in software are not found by the software maker.

"Some of us, here in this room, have an obligation to find the vulnerabilities," Clarke said.

Clarke said the hackers should be responsible about reporting the programming mistakes. A hacker should contact the software maker first, he said, then go to the government if the software maker doesn't respond soon.

Hackers commonly share their findings with others in their community through e-mail lists or Web sites. But how much they should disclose is an ongoing debate among computer security professionals. Some argue that full disclosure is best, while others say a hacker should only warn that a problem exists without showing how to take advantage of it.

Clarke said hackers shouldn't help criminals by showing how to exploit a programming bug before the software maker has a chance to fix the problem by issuing a patch, or fix.

"It's irresponsible and sometimes extremely damaging to release information before the patch is out," Clarke said.

Companies differ in their response to independent researchers. While some encourage or even reward bug-hunters, others are more concerned about the possibility of extortion or embarassment to the company. In some instances, they seek civil or criminal charges against the hacker.

Clarke said that situation is "very disappointing," as long as the hacker acts in good faith.

"If there are legal protections they don't have that they need, we need to look at that," he said. ************************** News.com Security czar points finger of blame By Robert Lemos

LAS VEGAS--Software makers and Internet service providers must share the blame for the nation's vulnerable networks, President Bush's special adviser on cyberspace security said Wednesday. Speaking to a thousand attendees at the annual Black Hat Security briefings here, Richard Clarke identified five specific groups responsible for the vulnerability and said that people who can secure the Internet must step up to the plate.

"There are a lot of people in our country that rely on cyberspace, who are not taking responsibility for securing their part of cyberspace," he said.

The speech, which precedes the Bush administration's rollout on Sept. 18 of the national strategy for critical infrastructure protection, outlined many of the issues that Clarke and others had to consider in constructing the new strategy.

The major issue, Clarke said, is that companies and organizations that create the hardware, software and services that makeup the Internet aren't doing enough to secure their products. In laying the blame for the vulnerabilities in the Internet, he pointed not only to software makers and ISPs, but also to those who create and use wireless networks, to the lack of a group responsible for securing the Internet, and to the government itself.

While he didn't outline the national strategy's recommendations, Clarke's list of the five groups shows whom the government is targeting with the new initiative.

Clarke saved much of his rhetoric to lambaste the software industry.

"The software industry has an obligation to do a better job producing software that works," he said. "It's no longer acceptable that we can buy software and run software on sensitive systems that is filled with glitches."

Clarke pointed to statistics published by the Computer Emergency Response Team (CERT) Coordination Center that show that the number of software vulnerabilities found by researchers has increased every year. The number of flaws found to date has already surpassed the total flaws found last year, he said.

He also said that while few firms acknowledged the incidents, nearly every major financial and banking company was hit hard by the Nimda virus last September. He cited damage figures of nearly $3 billions attributed to the virus.

He stressed, however, that the virus got into computers through vulnerabilities that at the time were known.

"It's not because the vulnerabilities has not been identified (that Nimda spread), but because the patches had not been applied," he said.

He called on software makers to provide patches that are easy to install and also have been checked for compatibility with the major software applications used by most companies.

"That's why Nimda was so successful," he said. "Not because (the system administrators) didn't have a chance to put the patches on but because they wanted to test the patches themselves."

ISPs to step up Internet service providers also have to be more security conscious, Clarke said. By selling broadband connectivity to home users without making security a priority, telecommunications companies, cable providers and ISPs have not only opened the nation's homes to attack, but also created a host of computers with fast connections that have hardly any security.

"Millions of houses are getting connected, which means that more and more are getting vulnerable," he said.

In a measure of how greatly wireless networks are undermining corporate and home-user security, Clarke put such networks in his top five of security offenders. Already, he said, the Department of Defense has ordered the shutdown of all wireless LANs in use within the department and in the various military forces.

"Companies throughout the country have networks that are wide open because of wireless LANs," he said.

Clarke also called on the government to drive more secure standards for the Internet and for the Net's gurus to form an organization responsible for the network's security.

Clarke likened the situation to Winston Churchill's early warnings of Germany's air force buildup prior to World War II that prepared Great Britain for the air war against Germany. He said that today's system administrators must do the same.

"You all have responsibility to be Winston Churchills, to be out there in front of anyone who will listen to say we are vulnerable," he told the attendees. "If a cyberwar comes, and come it will, we will be like the (Royal Air Force) and win." ******************* Federal Computer Week Burns tackling BIA troubles

Brian Burns, an information technology expert with 18 years of experience in government and the private sector, has been named the chief information officer at the troubled Bureau of Indian Affairs.

Until recently, Burns was the deputy assistant secretary for information resources management and the deputy chief information officer at the Department of Health and Human Services, where he oversaw an IT budget of $3.5 billion.

"I depend on the chief information officer to keep the BIA's computer network well-maintained and secure for our employees and service beneficiaries," said Neal McCaleb, the assistant secretary for Indian Affairs.

In taking this new job, Burns will be responsible for helping to fix BIA's computerized systems. Citing security concerns, U.S. District Judge Royce Lamberth pulled the plug on the Interior Department's Web sites in December 2001 to protect data maintained under its Trust Asset and Accounting Management System.

Since the shutdown, most of the department has gone back online. The remaining systems, including those maintained by the Bureau of Indian Affairs, are responsible for much of the agency's trust operations.

Interior has held American Indian-owned lands in trust for more than 100 years, leasing the properties and processing revenue earned from farming and drilling. A group of beneficiaries filed a class action lawsuit in 1996, claiming that poor bookkeeping has prevented landowners and their descendants from determining their account balances. They estimate as much as $10 billion in lost or missing funds.

Burns is no stranger to troubleshooting. He has specialized in program management, systems architecture and telecommunications and security technology.

At HHS, he oversaw the department's enterprise IT investment strategy, architecture and security across 12 agencies, including the Indian Health Service, the Centers for Disease Control and Prevention, the Centers for Medicare and Medicaid Services, the National Institutes of Health, and the Food and Drug Administration. He also oversaw HHS' successful Year 2000 conversion and worked to make sure HHS computer systems and their data was protected following the Sept. 11 terrorist attacks.

Last month, Melissa Rose Chapman became CIO at HHS, where she will oversee the department's IT resources, program systems and infrastructure. In addition, she will be responsible for the development of the agency's enterprise architecture plan.

Prior to taking the HHS job, Chapman was a career executive with the Food and Drug Administration, where she most recently was acting CIO. In that post, she oversaw more than $200 million in IT expenditures.

Among her projects at the FDA, she led an IT team in planning for the reauthorization of the Prescription Drug User Fee Act and spearheaded development of FDA's e-commerce systems that provided electronic review of drug applications.

Megan Lisagor contributed to this report.
*************************
News.com
Wi-Fi users warned of pirates


By Ben Charny
Staff Writer, CNET News.com
July 31, 2002, 3:49 PM PT

AT&T Broadband is warning customers to secure their Wi-Fi networks after an unusual case in which a subscriber played an unwitting role in dispatching a pirated movie over the Internet, the company's spokeswoman said. The movie pirate lived next door to the subscriber, and was able to access his neighbor's Wi-Fi wireless network to send the movie out over his neighbor's AT&T Broadband high-speed Internet service, according to AT&T Broadband spokeswoman Sara Eder.

The actual pirate was ultimately caught, and the AT&T Broadband customer got a break.

"All we could do was ask the neighbor to encrypt his Wi-Fi network," said Eder, who added that they tracked down the problem after getting a complaint from an agency representing the movie's producers.

The incident has sparked an "educational effort" by the company, which is asking customers with Wi-Fi networks to turn on the encryption that comes standard with most of these devices, but is usually not activated when shipped by manufacturers.

The case is another example of how insecure most Wi-Fi networks are and comes at a time when DSL (digital subscriber line) providers are beginning to crack down on users who share their bandwidth via Wi-Fi. Broadband providers say Wi-Fi networks are an easy, anonymous way to shuttle pirated content onto the Web.

Time Warner Cable recently sent letters out to a dozen or so Wi-Fi subscribers who are sharing their bandwidth over a wireless network. The letters point out that sharing bandwidth opens subscribers up to legal risks if others use it for untoward purposes. The company has yet to shut down any customers, a spokeswoman said.

Tim Pozar, of the Bay Area Wireless Users Group, still ruffles at Time Warner Cable's claims that somehow a Wi-Fi user could be found liable for unauthorized use of a broadband network. The latest case of the pirated movie is a sign that the DSL providers threats are toothless, he said.

"It's like someone tapping your line, then using (you) for a drug drop," he said.

Pozar said the movie case is the first he's heard of involving pirated material being shuttled over a Wi-Fi network. The most egregious use until now was spamming, he said.

NIST fit While Wi-Fi makes it possible to roam a 300-foot area and connect to the Internet or another device without wires, hackers continue to show that the networks are porous. The latest slam came from the National Institute of Standards and Technology (NIST), which reviews new technology for government agencies.

NIST called current Wi-Fi networks "an unacceptable risk" for government agencies because they don't meet government security needs. NIST recommends the agencies "simply wait" for more mature security standards to come out before adding 802.11b networks into their work places or operations.

New security standards aren't expected to be ratified until later this year, which would put more secure products on the market sometime next year.

While the warnings to activate the encryption are helpful to consumers, businesses generally do not need them. Often they are already familiar with security holes in WEP (Wireless Equivalent Privacy), the standard security measures on every piece of Wi-Fi equipment, said Tom Hussey, wireless Internet product manager for Nortel Networks.

"Fortune 500 types are well aware of the inefficiencies," and they add more security measures on their own, he said. ************************ New York Times A Shift Registers in Willingness to Pay for Internet Content

More Internet users are showing a willingness to pay for content online subscribing to news sites, for example, or paying fees to send e-greeting cards suggesting a shift in consumers' expectations that online services should be free, according to a survey of cyberspending patterns released yesterday.

But the survey, put out by the Online Publishers Association, an industry trade group, also shows that a relative handful of businesses benefit from these purchases and that advertising remains the overwhelming source of income for supporting digital content.

Extrapolating the online transactions of 1.1 million consumers, the survey found that consumers spent $675 million for digital goods and services in 2001, nearly double the $350 million they spent the year earlier. The survey found that 12.4 million Americans paid for some type of content in the first quarter of this year, compared with 7 million in the first quarter of 2001. The survey did not include payments made to pornography sites.

A big chunk of the spending accrued to business and financial news sites, which in 2001 racked up $214.3 million in revenue from selling content, mainly through monthly and annual subscriptions.

"It's where people need information the fastest that influences their livelihood," said Michael A. Zimbalist, executive director of the Online Publishers Association, which is based in New York. The association includes about 20 major online publishers, including New York Times Digital, The Wall Street Journal Online, Washingtonpost.Newsweek Interactive, MSNBC.com, ESPN.com and CBS Marketwatch.

The strength of business and financial news sites comes as little surprise given that financial sites started selling content relatively early in the history of the Web; the category has been anchored by the success of The Wall Street Journal Online, which, with roughly 650,000 subscribers, accrued the second-most revenue, after Real Networks, a distributor of audio and video material.

Several other prominent media companies have recently introduced for-pay packages on their Web sites. ABC.com said yesterday that it would begin charging $4.95 a month for "ABC News On Demand," which includes news clips and day-after replays of "World News Tonight" and "Nightline," as well as 30 days of the programs' archives. CNN.com began charging for access to video on its site earlier this year.

Mr. Zimbalist said the industry had also been heartened by a very recent surge of content sales in several emerging categories, notably personals and dating sites, one of the fastest-growing categories, with $72 million in sales in 2001. In just the first quarter of 2002, it had sales of $53.1 million.

In addition, there has been a sudden growth of revenue among sports sites, which are selling subscriptions to fantasy sports leagues and access to sports news and statistics, and among online greeting card companies, some of which now charge people to send virtual cards. American Greetings.com has accrued 1.5 million subscribers, who pay $11.95 a year, since it started selling subscriptions in December, according to the company's chief executive, Josef Mandelbaum.

Mr. Zimbalist said the growth in these categories suggested that businesses are beginning to figure out how to package their services in ways that appeal to consumers, and that consumers are overcoming the idea that content on the Internet should be free.

Mr. Mandelbaum, whose company also owns Blue Mountain Arts, eGreetings and Beatgreets, said: "In the past five years, we trained consumers that content was free that was our fault." He added that there had been a "general reluctance, but slowly but surely, people are paying for content."

The story behind the growth in sales of e-greeting cards, however, underscores that in some regards the spending patterns are quite narrow. Mr. Mandelbuam said AmericanGreetings and its subsidiaries controlled some 75 percent of the free e-greeting market; it and Hallmark.com, a competitor, now command much of the subscriber-based market, meaning that the growth in the category is accruing to just a few businesses.

Similarly, just as The Wall Street Journal dominates subscription revenue in the online financial category, Real Networks draws more than half of the revenue in the entertainment-lifestyle category. Real Networks, which has 750,000 subscribers to its premium services, had the most revenue from content sales in 2001.

Generally, the survey found that of the 1,700 sites charging for content, the 100 with the most revenue drew 97 percent of all revenue and the top 50 sites drew 85 percent of the revenue.

Neil Budde, publisher of The Wall Street Journal Online, said that one common theme he has seen among sites that are successfully charging for content is that they have created an audience eager to return for information or services on a frequent basis. "If most of your traffic is once a month, or once every couple of months," he said, "you've got less of a chance than if you've got regular repeat visitors."

According to the survey, revenue from sales of online content in 2001 constituted about one-eleventh of the $7.2 billion in advertising-based online revenue. But Mr. Zimbalist, noting that content sales hit $300 million in the first quarter of this year nearly half the total for all of last year said he believed that fees paid for content could become an increasingly large piece of the pie, perhaps as much as one-fifth of the revenue. "It is becoming a leg on the stool that supports online publishing," he said. *********************** Federal Computer Week OMB freezes management systems

The Office of Management and Budget on July 30 issued a memo to the agencies that are moving to the proposed Homeland Security Department, directing them to freeze all planned investments on major management systems.

The freeze is a step toward creating an information technology architecture for the proposed department.

The memo focuses on the financial, human resources and procurement management systems at the agencies. It also describes how the proposed department could take advantage of particular initiatives already under way as part of the E-Government Strategy.

Those initiatives, which are being developed by multi-agency teams under OMB's leadership, are designed to improve efficiency and effectiveness and include e-Training, Integrated Acquisition Environment, e-Travel, Recruitment One Stop, and Integrated Human Relations and Payroll Processing.

The affected agencies include the Federal Emergency Management Agency and the Agriculture, Commerce, Justice, Transportation and Treasury departments.

Each of those agencies has its own management systems, and they have millions of dollars worth of modernization efforts planned or under way. Among the largest investments over fiscal 2002 and 2003 are:

* $86 million for the Customs Service's Automated Commercial Environment.

* $24.1 million for the Coast Guard's Finance Center Total System.

* $23.9 million for the Immigration and Naturalization Service's Federal Financial Management System.

The freeze affects all investments more than $500,000, pending a quick review by the Business Systems IT Review Group created by the memo. Initial estimates show consolidation of the financial systems alone could save up to $85 million over the next two years, according to OMB.

The review group will be led by OMB and the Office of Homeland Security, and will be made up of chief financial officers, procurement executives, chief information officers and human resources executives from each of the agencies. The group will define high-level requirements, recommend actions and track savings.

The memo outlines a review structure similar to the one in place for all homeland security IT investments, detailed in a July 19 OMB memo. Under that process, reviews of agency investments are expected to take only days or weeks, according to OMB officials. ********************* Federal Computer Week Experts translate voice tech needs

The universal translator made popular in Star Trek movies is still years, if not decades away, but speech and voice recognition technologies can and are helping the U.S. armed services achieve their missions.

However, government users must better define their requirements to get applicable tools into warfighters' hands, according to government and industry experts.

"Our responsibility [in the armed services] is to better explain what we need to do," said Ashley Johnson, science adviser for the Marine Corps' Marine Forces Pacific. "It's the art of the possible with requirements. For high-tech analysis and intelligence stuff at the three-letter agencies, there are good tools, but moving that capability to the front line targeted to mission areas, we're just starting to scratch the surface."

Speaking July 30 at a speech and voice technology conference in Washington, D.C., Johnson said getting quality technologies, including translation tools, into warfighters' hands requires a "management of expectations" from Defense Department users and commercial technology providers.

He added that pocket "phrase-a-lators," which can translate basic phrases in foreign languages, are being used in Afghanistan and elsewhere in the world with some success.

Judith Markowitz, president of J. Markowitz, Consultants, said the speech and voice technology market is expected to be worth about $6 billion by 2006, with government and military customers accounting for 15 percent to 20 percent of that spending.

The three main types of technologies are:

* Voice biometrics, which includes speaker authentication.

* Speech and voice generation, which includes text-to-speech synthesis.

* Speech and language recognition, which includes audio mining.

But if a vendor suggests a device is "all things to all people," military users will quickly be disappointed when it doesn't meet expectations, and then they will "throw it in the back of the truck," Johnson said.

"You have got to target a device towards an environment," Johnson said. "If a Marine understands what he's got and how to use it, even if it's only 70 or 80 percent, he can deal with that."

Jake Hodges, vice president of operations at Eumetria Inc., a consulting firm that has evaluated numerous speech and voice technologies for government agencies, agreed and said that determining operational requirements and how a device is going to be used are the key elements.

"First, you have to understand what a users' requirements are or they will take the systems out there and the portions that it applies to [will use it] and for the others that it doesn't work, it becomes a doorstop," Hodges said. "One piece of equipment can't satisfy everybody."

However, dependability is equally important as a small footprint, reliable power source and usability, Johnson said.

"It must also be user-friendly," he said. "If you need a Ph.D. to use it and you hand that to a 19-year-old Marine who is used to five or six sentences explaining how to use [equipment], that's not the right environment." But that tool could work for a senior intelligence analyst, she added. "You have to understand the target." ************************** Federal Computer Week Letters to the editor Defining Homeland rules

Following are responses to an FCW.com poll question that asked, "Given an opportunity, would you work for the Homeland Security Department?"

With this uncertainty, the new department heads must be held accountable to a much more stringent law or oversight. So assuring correctness and holding accountable all those in charge of the new department on operational and personnel activities is a must! Specific rules applying to those agency heads must be outlined and fleshed out immediately! Otherwise, we slow down the intent of the agency, namely to assure homeland security.

Name withheld by request

***

An opportunity to work in and for a new agency with expanded powers comes but once in a lifetime. Once the Federal Aviation Administration was the ultimate agency to work for, with vast powers to regulate and build a better United States. Now it is fast becoming the Homeland Security Department. What better way to complete federal service than to have a helping hand in building this new agency?

Name withheld by request

***

As a federal employee, I would not work at the Homeland Security Department until Congress decides on how our current civil service rights and guarantees are to be handled. I will stay with the Army and still serve my country yet retain my civil service security.

Name withheld by request
************************
Government Computer News
Taxpayers will file 2002 federal returns online for free
By Jason Miller

The Office of Management and Budget yesterday said it came to an agreement with tax software vendors to let citizens file their tax returns online at no cost. OMB said it will publish a Federal Register notice detailing the terms of the agreement and open a 30-day comment period.

After the comment period, OMB will review suggestions and put a new free tax filing consortium Web page online by Dec. 31 so taxpayers can file 2002 returns electronically.

The Web site is one of the milestones for the EZ Tax Filing e-government projectone of the 24 Quicksilver initiatives OMB is leading.

OMB officials said they expect 78 million taxpayers to file online next year. Previously, companies charged individuals an average of $12.50 to file their taxes online. Under this agreement, the consortium will offer free online tax preparation and filing, and the IRS will not compete with the group by offering free services. The IRS also will provide links to the companies in the consortium. ************************* Government Computer News Administration launches a clearinghouse for volunteers By Dipka Bhambhani

President Bush this week introduced the USA Freedom Corps Volunteer Network, a Web portal that will act as a clearinghouse for more than 50,000 volunteer organizations nationwide.

The new site, at www.usafreedomcorps.gov, connects users to service opportunities within organizations such as America's Promise, the National Mentoring Partnership, Points of Light Foundation, SERVEnet, United Way and VolunteerMatch.

Users enter basic search information such as how they would like to volunteer and where. They receive a detailed list of opportunities that match their criteria.

"We understand that serving others meets needs that a government can never fulfill," President Bush said at the White House Tuesday. "We're promoting service to prepare for crises at home, to strengthen our communities, to help people in need, and to extend American compassion throughout the world." ***********************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx

Prev by Date: ACM TechNews - Wednesday, July 31, 2002
Next by Date: ACM TechNews - Friday, August 2, 2002
Previous by thread: ACM TechNews - Wednesday, July 31, 2002
Next by thread: ACM TechNews - Friday, August 2, 2002
Index(es):
- Date
- Thread