[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips July 8, 2002
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, CSSP <cssp@xxxxxxx>;, glee@xxxxxxxxxxxxx;, John White <white@xxxxxxxxxx>;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, computer_security_day@xxxxxxx;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, akuadc@xxxxxxxxxxx;
- Subject: Clips July 8, 2002
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Mon, 08 Jul 2002 11:52:33 -0400
Clips July 8, 2002
ARTICLES
Hacker Drops Appeal of DVD Piracy Case
House to Try Scanned-In Letters
Educause Considers Letting More Colleges Use '.Edu' Addresses
Court Backs Danish Papers' Linking Ban
Nuclear safety agency rejects IT audit
Woman faces charges of online auction fraud
Hackers Target Energy Industry
Cyber-Security Is Underplayed, Industry Says
Can Computers Fly on the Wings of a Chicken?
EU May Broaden Action Vs. Telecoms
Telecom job losses may top last year's record
Career roadmap for federal IT workers mulled
California couple charged with software piracy
Swedes upset about possible porn label
Internet's Longtime Diplomat Vinton Cerf
Some Businesses Balk at Giving Secrets for U.S. Terrorism Fight
FCC Steps Up Airwave Hunt
Control freaks tightening their grip on the Internet
Replace your mouse with your eye
Mobile spam on the rise
Device could detect overdose drugs
Net body accused of bullying tactics
OMB's new hand (proposed way for the administration to shift IT funding)
Accessibility law under scrutiny
Senate proposes DOD tech review panel
An evolving Web-based work space
Report: Cyberterrorism still more of a threat than a reality
Homeland security bill becomes a magnet for cybersecurity initiatives
The perils facing school science labs
China says Internet service providers regulating content
Human rights group condemns Egyptian's conviction over online poem
Workers at e-mail tilt point
Possible privacy violation in pursuing internet copyright infringement
Hide and sneaks (attacks on web sites)
X marks the spot for hackers
*****************************
Reuters Internet Report
Hacker Drops Appeal of DVD Piracy Case
Wed Jul 3,10:18 PM ET
SAN FRANCISCO (Reuters) - The publisher of a hacker Web site will not
appeal a ruling that prohibits the posting of links to software that
unlocks digital copyright protections on DVDs, attorneys said on Wednesday.
Both the New York District Court and the 2nd Circuit Court of Appeals have
ruled that Eric Corley and his 2600 Magazine Web site violated the 1998
Digital Millennium Copyright Act ( news - web sites), which was enacted to
protect intellectual property rights from digital piracy.
Corley had planned to appeal to the U.S. Supreme Court ( news - web sites),
but has decided against doing so, attorneys at the Electronic Frontier
Foundation who helped in his defense said.
"This decision ends the publication's two-and-a-half-year legal battle"
with eight motion picture studios, said the EFF, a civil liberties
organization based in San Francisco.
The group vowed to support other challenges to the DMCA, which makes it
illegal to produce or distribute software that could circumvent copy
protections.
Corley's Web site had linked to software that allows people to unscramble
copyright protections on DVDS. The software was written by a Norwegian
teenager who said he wanted to be able to play DVDs on computers running
the open source Linux ( news - web sites) operating system.
**********************
Washington Post
House to Try Scanned-In Letters
Pilot Program Aims to Speed Delivery Without Adding Risk
By David Enrich
States News Service
More than eight months after anthrax spores crippled the Capitol Hill mail
system, the House is preparing to launch a program that could fundamentally
change the way Americans communicate with their representatives in Washington.
In the next few weeks, dozens of lawmakers' and committee offices will be
selected to participate in a voluntary pilot program in which their
incoming mail will be opened by private contractors, scanned into computers
and then delivered electronically.
Ultimately, the goal is for the digital mail program to replace the current
mail distribution system for the House's 700 member, leadership and
committee offices.
"This would obviously be a tremendous difference in how we get mail," said
Stacey Farnen, a spokeswoman for Rep. Steny H. Hoyer (Md.), the ranking
Democrat on the Committee on House Administration.
The program, spearheaded by the House Office of the Chief Administrative
Officer (CAO) and the House Administration Committee, is being touted as a
way to speed mail delivery without sacrificing safety.
Heightened security in the wake of the anthrax attacks has slowed mail
delivery to a crawl. After being shipped to New Jersey for irradiation and
aired out for days, letters take more than two weeks to arrive in a
congressional office, an increase from the five days it took before the
anthrax scare.
Under the digital mail program, private contractors would receive unopened,
non-irradiated mail and have 24 hours to scan the contents into the House
computer network. Congressional staffers then would log on to access mail
that was addressed to their office.
Staples and other fasteners would have to be removed from letters to allow
them to be fed into high-speed scanning machines, said Bill Brewster,
director of document imaging at Pitney Bowes Inc., the company that
operates the House mail-processing center and is competing with more than
20 other vendors to run the digital mail program.
After being scanned, documents would be subjected to decontamination and
quarantine before eventually being delivered to the intended offices.
Griping about sluggish mail delivery has become a popular pastime on
Capitol Hill. Jim Forbes, a spokesman for Rep. Robert W. Ney (R-Ohio),
chairman of the House Administration Committee, said several lawmakers have
said they are interested in participating in the digital mail pilot program
to try to get their mail faster.
But many congressional aides are concerned about the program and said they
doubt their offices would participate. They cited issues ranging from
constituents' privacy to the potential impact on requests for American flags.
"The mail is intended for the congressional office and not for the
contractor. It's not like it's addressed, 'Dear Pitney Bowes,' " said Jared
Hautamaki, an aide to Rep. John Conyers Jr. (D-Mich.). "Some of the stuff
our constituents write to us is about court cases and complaints against
corporations. Some of those are kind of sensitive."
"Clearly the privacy a person puts in a letter to their congressman is of
real importance," said Lou Zickar, who runs the office of Rep. William M.
"Mac" Thornberry (R-Tex.). "That's a fundamental principle."
The CAO's office has acknowledged the concerns. In its recent request for
bids to operate the digital mail program, the CAO said the contractor would
have to provide "a secure environment for mail processing and delivery and
employ appropriate security procedures to protect against unauthorized
disclosure of information."
Other aides worried about how a digital mail system would affect their
office's operations.
The office of Rep. Ron Kind (D-Wis.) keeps hard copies of all letters it
receives from constituents. Press secretary Darin Schroeder said that
although the office would eventually receive the original mail, it would be
difficult to process correspondence that comes in both electronic and paper
formats.
Aides also worried about what would happen when constituents write to their
representative requesting an American flag that was flown above the
Capitol. Those letters often include checks to pay for the flag, and they
could be misplaced if envelopes are opened before arriving in congressional
offices.
Rick Shapiro, executive director of the Congressional Management
Foundation, said the myriad criticisms of the digital mail program are
"just resistance to change."
"In the short term, [the program] is going to be viewed as problematic by
congressional staffers, but, in the long term, I am projecting that they
will come to find that easier," Shapiro said. "It's a process that offices
might come to say that it's really been a blessing for us."
***********************
Chronicle of Higher Education
Educause Considers Letting More Colleges Use '.Edu' Addresses
By DAN CARNEVALE
The organization that decides which institutions get to put ".edu" at the
end of their Internet addresses may loosen the requirements this fall,
possibly opening the door to hundreds of colleges that are currently barred
from the domain.
Educause, an education-technology group that is also in charge of assigning
".edu" Internet addresses, is considering a proposal to allow any
higher-education institution that is accredited by any board recognized by
the Department of Education to receive a ".edu" address.
The current policy requires the institution to grant degrees and be
accredited by one of the six major regional accrediting bodies.
The proposed policy change could open up opportunities for institutions
that offer courses and training -- but not degrees -- and that are approved
by national accrediting boards. Officials at institutions like Pioneer
Pacific College in Oregon, and Westchester Business Institute, in New York,
have indicated that they want an ".edu" domain name. Currently those
institutions use ".com" or ".org" addresses.
Mark Luker, vice president of Educause, says the organization wants to
guard ".edu" addresses so that illegitimate institutions and diploma mills
cannot use them. The question then remains where to draw the line, but he
said that Educause was not indicating whether it was leaning toward
changing the policy. "The discussion is under way right now," he says.
Officials from colleges that are ineligible for ".edu" addresses have
pushed Educause to reconsider the policy. Educause is holding an online
discussion until August 15 about access to the domain. Within 90 days of
that date, the organization will make a recommendation to the Commerce
Department, which will decide the matter.
Before Educause took over the duty of assigning ".edu" addresses last year
from the Department of Commerce, generally only four-year universities were
given the popular suffix. Educause immediately changed the policy to allow
two-year institutions to adopt ".edu" addresses as well.
One person supporting the proposed change is the Rev. Mark S. Pranaitis,
president of Career Colleges of Chicago. His institution is a secular
proprietary college that offers associate degrees and certificates in legal
and medical subject areas. Students can then become court reporters,
medical secretaries, and the like.
The college is approved by the Accrediting Council for Independent Colleges
and Schools, a national accrediting body. Career Colleges does not have
regional accreditation, so its Web address ends in ".com."
That causes problems because potential students associate an ".edu" address
with legitimate institutions, Mr. Pranaitis says. Other Internet suffixes
raise questions in the students' minds.
The ".edu" suffix causes most prospective students to say, "Oh, this is a
school," Mr. Pranaitis says. "When people go searching for a college to
attend, I think it's reasonable for them to expect that '.edu' is the
universe they'll be in."
He said the current situation would be tantamount to the Yellow Pages'
trying to exclude Career Colleges of Chicago from the "schools" portion of
the phone book.
Dozens of other people have sent e-mail messages to Educause's electronic
discussion boards supporting the proposed policy change. The only criticism
has been that the proposal is too narrow. Some writers have suggested that
high schools and state-licensed schools should also be able to get ".edu"
addresses.
But Mr. Luker says high schools are unlikely to be included. "There's been
a very strong tradition that ".edu" has been for postsecondary schools," he
says.
**********************
New York Times
Court Backs Danish Papers' Linking Ban
By THE ASSOCIATED PRESS
COPENHAGEN, Denmark (AP) -- Challenging the World Wide Web's fundamental
premise of linking, a Danish court ordered an Internet news service to stop
linking to Web sites of Danish newspapers.
Copenhagen's lower bailiff's court ruled Friday that Newsbooster.com was in
direct competition with the newspapers and that the links it provided to
specific news articles damaged the value of the newspapers' advertisements.
The case was among the latest to challenge the Web's basic premise of
encouraging the free flow of information through linking.
Requiring permission before linking could jeopardize online journals,
search engines and other sites that link -- which is to say, just about
every site on the Internet.
Newsbooster.com immediately removed its links to 20 Danish newspapers that
belong to the Danish Newspaper Publishers Association, which filed the
complaint and welcomed the ruling.
``It would have been difficult for newspapers to do business if the
bailiff's court had reached the opposite result,'' spokesman Ebbe Dal said.
Anders Lautrup, the manager of Copenhagen-based Newsbooster.com, said,
``We're deeply shocked. I trust this will have consequences for search
engines worldwide.''
Newsbooster.com connects users to specific pages on the Internet rather
than to a site's home page. It's much like a search engine -- subscribers
choose keywords and other criteria, and the service returns a set of news
articles that match the descriptions.
Unlike most search engines, though, Newsbooster charges a subscription fee
and lets users choose to automatically receive links by e-mail.
The publishers association, whose members market their own Web sites,
demanded that the group negotiate payments with them, or remove links to
its sites.
Newsbooster.com retains links to about 4,480 newspapers worldwide. ``We
have not heard one word from these foreign newspapers,'' Lautrup said.
He said Newsbooster.com would appeal the ruling.
Newsbooster.com argued it didn't steal information, but simply made it
easier to find.
***********************
Government Computer News
Nuclear safety agency rejects IT audit
By Wilson P. Dizard III
The National Nuclear Safety Administration has rejected the recommendations
of an audit that found fault with the systems it uses to track nuclear
material.
The Energy Department¡¦s inspector general last month issued a report
criticizing the operations of about 50 nuclear material tracking systems
with which the department accounts for nuclear materials. DOE said it
spends $217 million annually to operate the systems.
¡§Because these systems are not fully integrated, obtaining comprehensive
data about nuclear materials is inefficient,¡¨ the report said. DOE has
been using one of the major parts of the accounting system, the Nuclear
Materials Management Safeguards System, since 1965, according to the report.
The inspector general urged NNSA to develop a coordinated approach to
nuclear accounting systems and impose a moratorium on systems development
until it generates a modernization plan.
NNSA rejected the two recommendations, saying: ?h it is more important to
establish and maintain accurate nuclear materials information than it is to
implement an information architecture ?h a moratorium would prevent the
agency from adjusting to program changes and improving efficiency.
DOE and the Nuclear Regulatory Commission have been studying ways to
modernize the nuclear materials tracking systems for the past three years,
the report said. But though the department has spent more than $700,000 on
the project, it has yet to complete its plans to develop a corporate-level
accounting system, the auditors said.
The department and NRC also have allowed nuclear operations organizations
to develop or upgrade systems, at a projected cost of $7.5 million, that
might not be compatible. The NNSA has started a redesign of the safeguards
system but has not required program offices to provide the necessary
funding, the report said.
*********************
Computerworld
Woman faces charges of online auction fraud
A woman facing civil fraud charges in Massachusetts for selling on auction
Web sites at least $750,000 worth of computers that were never delivered
has said through her attorney that she intends to pay back everyone who is
entitled to a refund.
Massachusetts Attorney General Thomas Reilly yesterday filed suit in
Superior Court in Worcester, Mass., against Teresa Smith, alleging that she
sold at least $750,000 worth of Apple Macintosh computers through her
companies Smith/Berkeley LLC and Shadow SB but never delivered the
merchandise.
The suit calls for Smith to make full restitution and asks for a permanent
injunction barring Smith from selling computers both online and off-line in
Massachusetts. Smith, who until recently lived in Massachusetts, now
resides in Manchester, Conn.
Sources in Reilly's office said the U.S. attorney's office may also look
into Smith's online computer businesses.
Smith's attorney, Angelo Catanzaro of Ashland, Mass., wouldn't comment on a
widening investigation against his client and said Smith is working with
Reilly to resolve the problem.
Smith allegedly sold computers to at least 260 customers nationwide on the
eBay and Auctionworks Web sites and took payments through PayPal, wire
transfer or certified check.
While some customers received their computers, most did not.
When customers sent e-mails asking Smith where their computers were, they
got an automated response telling them that the machines were on their way.
Those who called got voice-mail messages.
Smith sent refund checks to some consumers, but many of those checks
bounced, according to Sarah Nathan, a spokeswoman for the attorney
general's office.
Catanzaro said Smith's attempts to make refunds show that she mismanaged
her business and didn't try to intentionally defraud anyone.
"She intends to reimburse everyone who is entitled to a refund," he said.
But in a statement, Reilly referred to Smith's business as "a scam" and
said she was in violation of the state's Consumer Protection Act.
"This individual is accused of selling merchandise that she knew she did
not have," Reilly said. "She set delivery dates, told consumers falsely
that computers had been shipped and then failed to provide refunds."
A hearing on the preliminary injunction will be held July 12 in Superior
Court in Worcester.
***********************
Los Angeles Times
Hackers Target Energy Industry
Computers: Attacks at power companies are up substantially. Some experts
blame industrial spying and mischief, others fear terrorism.
By CHARLES PILLER
SAN FRANCISCO -- Power and energy companies are fast becoming a primary
target of computer hackers who have managed to penetrate energy control
networks as well as administrative systems, according to government
cyber-terrorism officials and private security experts.
Experts cite a number of potential sources for the post-Sept. 11 increase
in hacker attacks, including industrial espionage and malicious mischief,
but Ronald Dick, director of the FBI's cybercrime division, said he is
concerned that the nation's power grid now may be moving into the
cross-hairs of cyber-terrorists.
"The event that I fear most is a physical attack in conjunction with the
success of a cyber attack on an infrastructure such as electric power or
911," the emergency telephone system, Dick said. The raft of recent attacks
has been confirmed by private computer security companies.
Riptech Inc., an Alexandria, Va., security firm, said that since January,
14 of its 20 energy-industry clients have suffered severe cyber attacks
that would have disrupted company networks if they had not been detected
immediately. The number of attacks is up 77% since last year.
Power and energy companies experienced an average of 1,280 significant
attacks each in the last six months--far more than companies in any other
industry sector--according to Riptech's semiannual client analysis.
"Unequivocally, these nets are vulnerable to cyber attack, and,
unequivocally, one outcome could be disruption of power supplies," said Tim
Belcher, Riptech's chief technology officer.
Last year's power crisis in California, the Enron Corp. scandal and the
declaration of bankruptcy by Pacific Gas & Electric Co. have revealed an
industry that is fragile, high- profile and wracked with confusion and
administrative chaos. Experts suspect that the glare of adverse publicity
has drawn the attention of not just joyriding hackers, but also corporate
saboteurs and terrorists.
More than 70% of the attacks came from North America and Europe, suggesting
that traditional hackers are now turning to a fresh and vulnerable victim.
The second-most popular hacking target among Riptech clients was financial
service companies, a longtime hacker favorite. Riptech, which serves
Fortune 500 corporations, smaller companies and government agencies, was
founded by former top Defense Department officials to provide computer
security.
A geographical analysis of Riptech data also shows that a small number of
attacks--1,260 out of a total of more than 180,000--originated in countries
where terrorists groups are known to be concentrated. Hackers in those
countries targeted power and energy companies more consistently and
aggressively than any other industry. The most active attacks originated
from Kuwait, Egypt and Pakistan--countries that have relatively developed
computer networks and a growing pool of experienced hackers.
Energy power systems have ironically become a choice target because of
efforts to modernize them for greater efficiency. The weak link--a group of
remote control devices known as Supervisory Control and Data Acquisition
systems--"have been designed with little or no attention to security,"
according to a recent report by the National Research Council, an arm of
the National Academy of Sciences.
The systems, which are used to control the flow of oil and water through
pipelines, and monitor power grids, were once impervious to hackers because
they were completely isolated from other computer systems.
Today many such systems are connected to the Internet, and therefore
vulnerable to hacking. The FBI also blames a rapid increase in hacking
attacks in recent years on the proliferation of hacking software posted
online. Such tools require little computer expertise, are readily available
worldwide and are becoming increasingly simple to use. Some are directly
applicable to electrical power systems.
"One of the places [hackers] are certainly attacking are those known
vulnerabilities," Dick said. "The rise in the number of incidents reflects
of the ease with which these tools are utilized."
Surreptitious hacking tests conducted by special Defense Department
information warfare squads known as "red teams" in 1997 found power grid
control systems susceptible to attacks; recent, similar vulnerability
testing by Riptech for its own clients resulted in network penetrations
virtually 100% of the time, Belcher said.
"Two years ago, there were people who didn't have a clue--who said, 'Why
would somebody want to attack us?' That is not the case today," said Will
Evans, vice president of People's Energy, a diversified power company in
Chicago.
"The problem is not today, but tomorrow," he said. "Whatever you've got
today someone may discover and exploit against that tomorrow.... You need
to finance a very active cyber-security program."
Evans, consistent with the policy of nearly all energy companies, declined
to comment on specific attacks against his company.
Even using advanced computer forensic methods, law enforcement officials
cannot identify the individual hackers behind the barrage of attacks on
power companies.
The Washington Post reported last month that some government officials
suspect the Al Qaeda terrorist network of plotting cyber-terrorist actions
against power stations and emergency services in the San Francisco Bay Area.
Riptech's Belcher, a former cyber-security consultant for the Defense
Department, is skeptical of such claims, saying that the ability to wage
effective information warfare is many levels beyond the ability to merely
penetrate a network.
"I see no evidence that there are expert cyber-terrorists today," he said.
Although a concentration of attacks come from countries identified with
terrorist groups, he cautioned that many such countries are major energy
producers--suggesting that the hacks may be the product of more mundane
industrial espionage, rather than terrorism. Similarly, Hong Kong--a key
financial center--is a hotbed for cyber attacks on the financial services
industry, he said.
But some experts believe that some of the attacks may be a kind of training
exercise for terrorists. Al Qaeda worked for three years on the Sept. 11
attacks, according to U.S. intelligence agencies, and may be making a
similar investment in cyber-terrorism.
"The terrorists out there are well-educated and determined to get the
training and knowledge to carry this out, and they are very patient," Dick
said.
A number of terrorist organizations have developed rudimentary technical
skills. For example, in 1997, the Tamil Tigers, a Sri Lankan rebel army
known for terrorist bombings and assassinations, hacked into and shut down
the servers of Sri Lanka's embassies in Seoul and Washington.
"Why haven't they done more of it? My main hypothesis is that they didn't
need to because their conventional weapons--the gun and the bomb--were
adequate," said Bruce Hoffman, a terrorism expert with the Rand Corp.
But the new war on terrorism has hampered terrorists' ability to operate
elaborate base camps, and has dramatically tightened security for physical
infrastructure--from airports to power plants to government buildings.
Cyber-warfare may represent a safer, more effective alternative.
"You don't need training camps or a robust logistical and intelligence
support structure," said Hoffman, "just a modem and a safe house.... This
is the ultimate anonymous attack."
************************
Washington Post
Cyber-Security Is Underplayed, Industry Says
By Ariana Eunjung Cha
07/04/02
Among the more contentious questions to arise from President Bush's
proposal last month for a Department of Homeland Security is one it did not
explicitly address: How should the government deal with threats in cyberspace?
Bush proposed merging various agencies, scattered around the government,
that oversee different aspects of computer security. But the fact that the
White House's draft bill doesn't mention "cyber-security" or its variations
set off furious lobbying on Capitol Hill.
Some of the nation's largest high-tech companies and industry groups say
government workers protecting cyberspace should have a higher profile.
"Cyber-security and electronic infrastructure are such a pervasive
foundation of everything in our country that we need to raise the focus of
that in the legislation," said Tim Hackman, director of public affairs for
International Business Machines Corp. government programs.
Figuring out how to secure cyberspace is more critical now than ever
before, given the dependence of government and the economy on computer
networks. Studies by government and private researchers have found numerous
problems in the digital infrastructure that make it vulnerable to attack.
The Information Technology Association of America and the Business Software
Alliance want a Bureau of Cyber Security, headed by an assistant secretary.
"The challenges in the cyber-world are sufficiently different from those in
the physical world to merit a separate, focused entity," the ITAA wrote in
a letter that was sent on Tuesday to key members of Congress.
Rep. Sherwood L. Boehlert (R-N.Y.) wants a more comprehensive
research-and-development program, headed by an undersecretary. The only R&D
program now in the bill would be headed by an undersecretary for chemical,
biological, radiological and nuclear countermeasures.
"Cyber-security R&D has become a backwater and . . . as a result the nation
does not have the tools it needs to foil a cyber-attack," Boehlert said.
A spokesman for the Office of Homeland Security, Gordon Johndroe, said the
government is open to ideas but it believes "the president's proposal
brings together the appropriate agencies in the right form to deal with the
threat of cyber-security."
Nevertheless, government sources said homeland security director Tom Ridge,
in response to the lobbying, is reviewing a proposal for a more robust
cyber-security component in the new department.
Although the White House bill makes no specific mention of the Internet and
security, it would merge six government groups with responsibilities in
that area. The reorganization, described by White House cyber-security
adviser Richard Clarke in a recent speech, would take agencies that were
"appendages in their parent organization" and put them together to create a
"center of gravity" for fighting cyber-threats.
Many in industry, such as Microsoft Corp.'s chief security strategist,
Scott Charney, say they are generally satisfied by the proposed
reorganization of the first four groups.
"Right now the responsibility is spread out," Charney said. "To the extent
that it's brought under one organization makes coordinating
government-industry interaction a lot more efficient. That's a good thing."
But there is debate over the practical and philosophical consequences of
shifting parts of the Commerce Department's National Institute of Standards
and Technology and the FBI's National Infrastructure Protection Center to
the new department.
The outreach and education sections of NIPC would go to homeland security,
while the threat analysis and warning section would remain in the FBI.
Implementation might be tricky.
Infra Guard, the FBI's public-private network that supports the sharing of
information about cyber-threats, is run by FBI field agents on the
investigations and operations side even though its function is outreach and
education. Would the FBI agents move to the Homeland Security Department?
Or would they stay in the FBI and work with the new department?
Another controversial question is what would happen to NIST's
computer-security division, a largely academic group that is one of the
federal government's key links to industry. It provides research and other
resources and recommends standards to be adopted by industry.
Some have raised concern that separating the unit from NIST would make it
difficult for it to carry out its mission. They also worry that if it is
part of what is essentially a defense organization, it will make decisions
based more on national security concerns than on technical merit.
"The analytical, academic approach that they have currently as a more or
less independent research organization could in part be compromised," said
Harris Miller, president of the ITAA.
********************
Washington Post
Can Computers Fly on the Wings of a Chicken?
By Louis Jacobson
In late June, a chemical engineer from the University of Delaware filed a
patent that described a new generation of microchips. The patent proposes
to replace silicon -- which has long served as the basis for microchips --
with another material. And what might this mystery component be? Chicken
feathers.
Richard Wool understands that nonspecialists will find this strange. But
he's used to it. Wool and his colleagues at the university's ACRES project
(Affordable Composites from Renewable Sources) have been developing new
uses for plant fibers, oils and resins. Using such raw materials as the
humble soybean, Wool and his colleagues are designing prototypes for
everything from simple adhesives to hurricane-proof roofs.
The idea of using natural and waste materials in other ways is not new.
Henry Ford grew soybeans around his Dearborn, Mich., headquarters, Wool
notes, to find a variety he could use to fabricate auto parts. But when
World War II broke out, the work was shelved.
In recent years, environmental concerns have spurred broad efforts to use
waste materials, said Brian Love, an associate professor of materials
science and engineering at Virginia Tech. These efforts have been bolstered
by advances in such fields as engineering, materials science, biotechnology
and genetic engineering.
Wool's approach is unusual, said Peter Preuss, a plant physiologist and
biochemist who directs the EPA's National Center for Environmental Research
-- one of the agencies that has funded Wool's work. Unlike many other
researchers who start with a waste product and then decide what it might be
used for, Preuss said, Wool looks at existing products and tries to find a
waste product or an easy-to-grow crop that could be used to fabricate it.
"This is going to lead to sustainable technologies that are very
environmentally friendly," Wool said. "They can help ease the global
warming situation in at least two ways. Growing the plants will suck carbon
dioxide out of the atmosphere, and reducing the amount of petrochemicals
that need to be burned will mean less atmospheric carbon in the first place."
Moreover, Wool said, his raw materials -- soybeans, olives, flax -- can be
grown easily and cheaply. And by substituting for petroleum-based plastics,
renewable products could reduce the nation's dependence on foreign and
domestic oil.
The chicken-feather microchip is not as weird as it sounds. A microchip is
basically a wafer of silicon inscribed with a dense maze of transistors.
For the chip to do its computational magic, electric signals have to travel
across these transistors.
These signals travel faster in the presence of some materials than others.
Air, for instance, allows the fastest movement of all, because it provides
essentially no resistance. When traveling near solids, however, the
movement tends to kick up opposing positive charges. These charges can
distract the signal from completing its appointed rounds.
Though these signals move more slowly in the presence of silicon than they
do in air, silicon offers less resistance than many other materials do.
That's why it has been used in microchips for so long. But engineers are
always looking for ways to turbocharge their chips. Historically, they have
been able to do this by inscribing more transistors into ever-tinier
spaces. But some worry that a physical limit may be approaching.
One possible alternative for increasing a chip's speed is finding a quicker
material than silicon. So Wool turned to the chicken feather. He knew that
feathers contain lots of air; because birds need to fly, their feathers are
strong but light, mainly due to their high air content. Perhaps, Wool
figured, the presence of air would make electrons travel faster.
Wool's team took chicken feathers and plant oils and molded them into a
composite material that approximates the shape and feel of silicon. When
the researchers tested it for speed, they found that the composite allowed
movement at about twice the rate of silicon. Though that's still slower
than the speed in air, Wool said, "I was jumping up and down."
Energy Department chemical engineer Mark Paster noted that Wool's results
are "preliminary" and "a long way from going commercial." But he added that
"if they hold up, they are very intriguing."
Wool acknowledged that the future of the chicken-feather chip technology is
very much a "wild card." Not only would the microchip industry have to
change its production methods, but other alternatives may also exist. Wool
said researchers have been trying to introduce "micro-bubbles" into silicon
to achieve the same effect as his chicken feathers. Wool speculates that
those bubbles "should work fine -- maybe as well as our own composite does."
Even if the chicken-feather chips don't catch on, Wool has lots of other
ideas. About five years ago, his team began to develop a soybean-based
composite for use in John Deere harvesters. Deere & Co. made its first
prototypes three years ago and began full-blown production last year.
Wool is also working with a carmaker -- he won't name which one -- to
replace petroleum-based components, such as those made of plastic, with
renewable materials. In a similar vein, he's collaborating with Tyson Foods
Inc. to make renewable-based replacement parts for the company's fleet of
3,000 Mack trucks. In an effort to use "every part of the bird," Tyson is
working with a number of scientists, including Wool, to develop alternative
products made from chicken feathers, said spokesman Barry Griffith.
Vehicle parts are a natural focus for such research, Wool said. "The
greatest thing for a truck or a car from an environmental point of view is
to make it lightweight, because you'll make a significant impact on fuel
consumption," he said. "You wouldn't build a truck out of feathers -- it
sounds outrageous -- but you could build non-load-bearing parts from them.
You'd even get great sound damping."
Historically, the market for alternative technologies has been something of
a Catch-22. A new product's price tag inevitably drops as production levels
increase -- but those production levels can be hard to achieve early on,
when market prices are relatively high. For the moment, "green" marketing
is helping Wool sell the idea to early adapters such as Deere and Tyson.
But Wool said he knows that full utilization will require more than that.
Corporate manufacturing processes tend to be static, because managers
prefer to stick with techniques they know well, rather than chance it with
new methods. EPA's Preuss added that creating an infrastructure to collect
waste or biomass materials has sometimes proved costly.
"In the end, the only thing private industry is interested in is making
money, so the question is whether systems he's developing will be
cost-competitive with the systems they're replacing," said the Energy
Department's Paster. "The answer, we believe, is that there's a very good
chance. That's why we're funding his work."
**************************
Washington Post
EU May Broaden Action Vs. Telecoms
BRUSSELS, Belgium The European Union's antitrust enforcer hinted Monday he
may broaden his fight to bring down high Internet access charges after
receiving complaints of discrimination by entrenched telecommunications
firms against newcomers.
Opening a public hearing on telecom deregulation, competition commissioner
Mario Monti said progress remained "extremely disappointing" despite years
of efforts to increase competition, especially among providers of
high-speed broadband service.
He said his office may soon "expand its field of action" to investigate new
complaints of discrimination and "ensure a level playing field between all
actors on the market."
Monti was urged on by Germany's Arcor and QSC, France's Cegetel, Italy's
Wind and Cable & Wireless of Britain.
"Unless urgent action is taken, incumbents will shamelessly continue to
pre-empt the market to the detriment of new entrants," the chief executives
of the five companies said in a joint letter.
EU regulators opened a formal investigation last May into Germany's former
monopolist Deutsche Telekom AG, accusing it of trying to force new
companies off the market with "unfair pricing practices" for access to the
local fixed lines.
France Telecom's Wanadoo unit came under investigation in December for
allegedly undercutting its competitors.
Monti's spokeswoman, Amelia Torres, said the latest, informal complaints
were "not so much about prices, but more about the conditions at which new
entrants are allowed to install equipment in the premises of current
dominant players."
She said they were concerned about inferior services, delays and
"unjustifiable conditions" placed on newcomers in "several" EU countries.
"I believe that there is no smoke without fire and that the numerous
complaints by access seekers at national and European levels do reflect
actual competition problems," Monti said in his speech.
EU officials see deregulation of this "last mile" of wire connecting homes
and businesses as crucial to bringing down Europe's relatively high
telephone charges and promoting broadband access to the Internet.
But more than two years after EU leaders identified an "urgent need for
Europe to quickly exploit the opportunities of the new economy and
particularly the Internet," Monti said "the overall picture is still bleak."
In many countries, incumbent telephone operators had made such poor
progress that Monti dismissed their efforts "merely experimental."
While acknowledging that many telecom companies are suffering financially
since the bursting of the Internet bubble, Monti said that only made
keeping markets competitive "more crucial."
Apart from the corporate complaints, the Commission already has cases
against Germany, Greece and Portugal for failing to allow adequate access
to newcomers.
***********************
USA Today
Telecom job losses may top last year's record
CHICAGO (Reuters) Last year may have been bad for job losses in the U.S.
telecommunications industry, but this year is shaping up as even worse,
according to a new study.
The 165,840 job cuts announced in the U.S. telecom sector through June of
this year are 27% higher than the 130,422 announced in the first half of
2001. The final tally will likely match or exceed last year's record figure
of 317,777, according to Chicago-based Challenger, Gray & Christmas.
"Telecommunications continues to surprise us month after month with
significant job-cut numbers," Challenger Chief Executive John Challenger
said in a statement released Monday. "The fact that telecom downsizing is
on track to beat last year's total really tells where this industry is headed.
"Not only are the companies having trouble selling their goods and
services, there is now the added element of questionable accounting,
WorldCom being just the most recent example," he added. "This path of
self-destruction will not help matters and we could eventually see the
industry implode on itself."
WorldCom, the No. 2 U.S. long-distance telephone and data services company,
has been accused of violating securities laws by covering up $1.22 billion
in losses by improperly booking $3.85 billion in expenses.
Overall, technology-related industries, including the computer, electronics
and e-commerce industries, have announced 243,200 job cuts through June of
this year, or one third of the total for all U.S. industries, according to
Challenger. However, the tech sector total this year is 23% lower than
those announced in the first six months of last year.
The tech industries announced a total of 695,581 job cuts in all of last
year, or 36% of the total cuts announced by all U.S. industries, Challenger
said.
The telecom sector also represented nearly one of every four of the 735,527
job cuts announced in all U.S. industries through June, according to
Challenger. That is the highest rate by any industry since the outplacement
firm started tracking job cuts in 1993.
While telecom job cuts are on the rise, other tech-related industries have
declined from a year ago, Challenger said.
The computer industry saw its announced cuts in the first six months finish
almost 26% below last year, although it did see a dramatic increase in the
second quarter as 42,186 cuts were announced, up from 13,212 in the first
quarter.
The biggest decline in the tech sector was the e-commerce category, where
fewer than 2,000 job cuts were announced through the first half of 2002,
compared with almost 50,000 in the same period last year, according to
Challenger. Electronics saw its announced job cuts decline to slightly more
than 20,000 in the first half from more than 59,000 last year.
Challenger said the high-tech job cuts are likely to continue for the
balance of the year, with no turnaround for telecom in sight.
**********************
USA Today
Career roadmap for federal IT workers mulled
By Colleen O'Hara, Federal Computer Week
Training for federal program and project managers and drafting a career
road map for federal information technology workers are priorities for the
CIO Council's Workforce and Human Capital for IT Committee, according to
Ira Hobbs, co-chairman of the committee.
In a briefing with reporters July 2, Hobbs also said the committee is
trying to keep alive recommendations in an August 2001 National Academy of
Public Administration report that proposed the idea of a market-based pay
system for federal IT workers, among other reforms.
The "seeds were planted for a new approach" to how IT workers are
recruited, managed and compensated, Hobbs said. "Any effort of this scope
will take time and care" and must be nurtured.
Plans to give the proposed Homeland Security Department workforce
flexibilities are in line with the NAPA recommendations, which are backed
by the CIO Council, Hobbs said. "I think that a lot of what you're seeing
reflects elements of what's come out of NAPA study about how you can do
things differently," he said.
During the next six to nine months, Hobbs said the workforce committee
plans to advance a number of specific programs. Included on the list are:
? Work with the Office of Personnel Management to modernize and standardize
project and program manager positions. This is similar to the efforts done
about a year ago to reclassify computer specialists into a new GS-2210 series.
? Develop an automated tool to help IT workers governmentwide assess where
they are in their career and how to find the courses to gain the skills
they need to advance.
? Launch a virtual IT job fair similar to the one held in April.
*********************
USA Today
California couple charged with software piracy
FREMONT, Calif. (AP) A federal judge has ordered a couple accused of
software piracy to turn over $261,000 believed to be held in a Pakistani
bank account to the U.S. District Court.
Mirza Ali, 54, and Sameena Ali, 48, husband-and-wife owners of a Fremont
company called Samtech Research, are accused of buying up companies
licensed to resell Microsoft products at discounts to schools and selling
the products instead to some dealers who were also arrested for software
piracy.
The couple are accused of laundering their profits through international
bank accounts. Microsoft says the couple's operation cost the company $100
million.
The indictment says that during the time of the sales, the Alis wired
$319,000 to an account in Karachi, Pakistan from a Fremont bank. The
Internal Revenue Service could not trace $58,000 of the money to the Alis.
The accusations against the Alis followed a two-year investigation of
software piracy by local and federal authorities, resulting in the arrest
of 27 people in April on copyright infringement, counterfeiting and money
laundering charges.
Undercover agents bought $5.5 million worth of the fake software.
***********************
USA Today
Swedes upset about possible porn label
STOCKHOLM, Sweden (AP) It's happened to American cities from Baltimore to
Detroit. Now city officials in Stockholm fear the Swedish capital is about
to have its name associated with a pornographic Web site.
The city is looking for ways to stop an adult entertainment company in
Spain from launching a Web site on a domain that uses the city's name, a
spokesman said Wednesday.
Stockholm has tried unsuccessfully for 10 years to acquire the domain,
initially held by an individual in Florida, information technology
department head Kjell Bergefall said.
But the issue became more pressing this week when it became clear that the
travel information previously posted on the site would be replaced with
adult entertainment, he said.
"Before it contained tourist information about Stockholm. Now it will
contain a message we don't think our citizens are as interested in,"
Bergefall said.
The domain contained an announcement from Barcelona-based Private Media
Group, saying it would launch a Web site in the fall with a "unique picture
of Sweden, its natural beauty and charm."
Spokesman Andre Ribeiro confirmed the company would launch a Web site on
the domain but declined to comment further.
Several American cities including San Diego, Seattle and Nashville have had
their names appropriated for pornography.
Apart from the city of Barcelona, which wrested www.barcelona.com away from
a New York-based company that used it for a news site, few cities have been
successful in court battles over domain names.
"Generally speaking when it comes to geographic names, there isn't the same
protection that there is for brand names," City of Stockholm legal
department spokesman Oscar Jacobsson said.
*************************
Los Angeles Times
Hackers Target Energy Industry
Computers: Attacks at power companies are up substantially. Some experts
blame industrial spying and mischief, others fear terrorism.
By CHARLES PILLER
TIMES STAFF WRITER
July 8 2002
SAN FRANCISCO -- Power and energy companies are fast becoming a primary
target of computer hackers who have managed to penetrate energy control
networks as well as administrative systems, according to government
cyber-terrorism officials and private security experts.
Experts cite a number of potential sources for the post-Sept. 11 increase
in hacker attacks, including industrial espionage and malicious mischief,
but Ronald Dick, director of the FBI's cybercrime division, said he is
concerned that the nation's power grid now may be moving into the
cross-hairs of cyber-terrorists.
"The event that I fear most is a physical attack in conjunction with the
success of a cyber attack on an infrastructure such as electric power or
911," the emergency telephone system, Dick said. The raft of recent attacks
has been confirmed by private computer security companies.
Riptech Inc., an Alexandria, Va., security firm, said that since January,
14 of its 20 energy-industry clients have suffered severe cyber attacks
that would have disrupted company networks if they had not been detected
immediately. The number of attacks is up 77% since last year.
Power and energy companies experienced an average of 1,280 significant
attacks each in the last six months--far more than companies in any other
industry sector--according to Riptech's semiannual client analysis.
"Unequivocally, these nets are vulnerable to cyber attack, and,
unequivocally, one outcome could be disruption of power supplies," said Tim
Belcher, Riptech's chief technology officer.
Last year's power crisis in California, the Enron Corp. scandal and the
declaration of bankruptcy by Pacific Gas & Electric Co. have revealed an
industry that is fragile, high- profile and wracked with confusion and
administrative chaos. Experts suspect that the glare of adverse publicity
has drawn the attention of not just joyriding hackers, but also corporate
saboteurs and terrorists.
More than 70% of the attacks came from North America and Europe, suggesting
that traditional hackers are now turning to a fresh and vulnerable victim.
The second-most popular hacking target among Riptech clients was financial
service companies, a longtime hacker favorite. Riptech, which serves
Fortune 500 corporations, smaller companies and government agencies, was
founded by former top Defense Department officials to provide computer
security.
A geographical analysis of Riptech data also shows that a small number of
attacks--1,260 out of a total of more than 180,000--originated in countries
where terrorists groups are known to be concentrated. Hackers in those
countries targeted power and energy companies more consistently and
aggressively than any other industry. The most active attacks originated
from Kuwait, Egypt and Pakistan--countries that have relatively developed
computer networks and a growing pool of experienced hackers.
Energy power systems have ironically become a choice target because of
efforts to modernize them for greater efficiency. The weak link--a group of
remote control devices known as Supervisory Control and Data Acquisition
systems--"have been designed with little or no attention to security,"
according to a recent report by the National Research Council, an arm of
the National Academy of Sciences.
The systems, which are used to control the flow of oil and water through
pipelines, and monitor power grids, were once impervious to hackers because
they were completely isolated from other computer systems.
Today many such systems are connected to the Internet, and therefore
vulnerable to hacking. The FBI also blames a rapid increase in hacking
attacks in recent years on the proliferation of hacking software posted
online. Such tools require little computer expertise, are readily available
worldwide and are becoming increasingly simple to use. Some are directly
applicable to electrical power systems.
"One of the places [hackers] are certainly attacking are those known
vulnerabilities," Dick said. "The rise in the number of incidents reflects
of the ease with which these tools are utilized."
Surreptitious hacking tests conducted by special Defense Department
information warfare squads known as "red teams" in 1997 found power grid
control systems susceptible to attacks; recent, similar vulnerability
testing by Riptech for its own clients resulted in network penetrations
virtually 100% of the time, Belcher said.
"Two years ago, there were people who didn't have a clue--who said, 'Why
would somebody want to attack us?' That is not the case today," said Will
Evans, vice president of People's Energy, a diversified power company in
Chicago.
"The problem is not today, but tomorrow," he said. "Whatever you've got
today someone may discover and exploit against that tomorrow.... You need
to finance a very active cyber-security program."
Evans, consistent with the policy of nearly all energy companies, declined
to comment on specific attacks against his company.
Even using advanced computer forensic methods, law enforcement officials
cannot identify the individual hackers behind the barrage of attacks on
power companies.
The Washington Post reported last month that some government officials
suspect the Al Qaeda terrorist network of plotting cyber-terrorist actions
against power stations and emergency services in the San Francisco Bay Area.
Riptech's Belcher, a former cyber-security consultant for the Defense
Department, is skeptical of such claims, saying that the ability to wage
effective information warfare is many levels beyond the ability to merely
penetrate a network.
"I see no evidence that there are expert cyber-terrorists today," he said.
Although a concentration of attacks come from countries identified with
terrorist groups, he cautioned that many such countries are major energy
producers--suggesting that the hacks may be the product of more mundane
industrial espionage, rather than terrorism. Similarly, Hong Kong--a key
financial center--is a hotbed for cyber attacks on the financial services
industry, he said.
But some experts believe that some of the attacks may be a kind of training
exercise for terrorists. Al Qaeda worked for three years on the Sept. 11
attacks, according to U.S. intelligence agencies, and may be making a
similar investment in cyber-terrorism.
"The terrorists out there are well-educated and determined to get the
training and knowledge to carry this out, and they are very patient," Dick
said.
A number of terrorist organizations have developed rudimentary technical
skills. For example, in 1997, the Tamil Tigers, a Sri Lankan rebel army
known for terrorist bombings and assassinations, hacked into and shut down
the servers of Sri Lanka's embassies in Seoul and Washington.
"Why haven't they done more of it? My main hypothesis is that they didn't
need to because their conventional weapons--the gun and the bomb--were
adequate," said Bruce Hoffman, a terrorism expert with the Rand Corp.
But the new war on terrorism has hampered terrorists' ability to operate
elaborate base camps, and has dramatically tightened security for physical
infrastructure--from airports to power plants to government buildings.
Cyber-warfare may represent a safer, more effective alternative.
"You don't need training camps or a robust logistical and intelligence
support structure," said Hoffman, "just a modem and a safe house.... This
is the ultimate anonymous attack."
**********************
Los Angeles Times
Internet's Longtime Diplomat
Vinton Cerf is a voice of reason for the medium he helped create.
By ANICK JESDANUN
ASSOCIATED PRESS
July 8 2002
Vinton Cerf sounded an alarm when some U.S. lawmakers wanted to fence off
Internet pornography by creating an ".xxx" domain name: He didn't see how
adult sites could be forced to move there.
Persuaded largely by Cerf's arguments, the lawmakers opted instead for a
".kids.us" domain that kid-friendly sites could voluntarily inhabit and
that would respect global differences by being an American address.
Once again, a man widely respected as one of the fathers of the Net
exercised a moderating influence over the medium he helped create. More
than a quarter of a century after co-developing the communications
protocols that glue the Internet together, Cerf still binds the global
meta-network: He is a savvy mediator among the technical, business and
political communities that try to shape it.
Cerf tries to keep bad decisions from wrecking the Internet--chiefly by
translating geekspeak into English.
"I do consider myself a kind of advocate for understanding as much as
possible about the Net, even if it's just a matter of having a kind of
cartoon model of how it works," Cerf said. "Even cartoon models can lead
you to reason correctly about the effect of various decisions."
Advocate. Ambassador. Voice of reason.
"What Vint has brought to the table very much is the ability to talk about
what the Internet is outside the tech community," said David Farber, former
chief technologist for the Federal Communications Commission. "By being in
the middle, he keeps them from doing a lot of damage."
All that, and a sense of humor too.
Describing Internet-enabled socks that can monitor vital signs, Cerf
speculated: Why not use the same technology to let the left sock call out
to the right when the two separate?
His speech at the recent Internet Society conference drew laughs and a wide
round of applause.
On behalf of that group, Cerf articulates a vision of a shared
responsibility among Internet users and developers for making the Internet
available, secure, affordable, accessible to everyone and free of excessive
government and commercial control.
He also stays involved in research.
At WorldCom Inc., Cerf is a senior vice president for advanced networking,
including services that combine data, voice and video. He was with MCI
years before it merged with WorldCom and helped design MCI Mail, one of the
Net's first commercial applications.
At NASA's Jet Propulsion Laboratory, Cerf works on extending the Net's
reach into outer space.
Cerf also is honorary chairman of the IPv6 Forum, which promotes a
next-generation numbering system to accommodate the ever-growing armies of
Internet-ready wireless devices, game consoles and even wine corks.
And in one of his most contentious roles, Cerf is chairman of the Internet
Corp. for Assigned Names and Numbers, the key oversight body for domain names.
All this wouldn't have happened without the TCP/IP protocols that Cerf and
Robert Kahn invented in the 1970s.
The Net in its earliest days was a single network operated by the Defense
Department. Cerf and Kahn were charged with changing its communications
protocols to interconnect--internet--multiple networks.
The team decided to make the new protocols dumb but flexible--in contrast
to rivals' feature-rich, proprietary techniques.
That proved crucial and allowed applications such as e-mail and the World
Wide Web to connect, along with personal computers and wireless devices not
anticipated then.
Cerf always understood that technology doesn't exist in a vacuum.
Hearing impaired since 13, Cerf found in e-mail an ability to communicate
with clarity that he couldn't get on the telephone, even with hearing aids.
His recognition that the Internet was as much about the people as about
computers and wires would be his guiding force in years to come.
"He's given the Internet a heart," said Don Heath, former chief executive
for the Internet Society.
Michael Nelson, a former White House aide and now an IBM Corp. executive,
described Cerf as "someone whom policymakers and industry leaders look to
for advice."
Cerf often visits the White House, on his own or as part of an advisory
group. He is a regular on Capitol Hill and has met leaders in Britain,
Germany, Japan, India and other countries.
Cerf recalls one recent conversation with a congressman who wanted to
tackle security by ensuring that every data packet was authenticated by
computer routers, the Internet's traffic cops. He said he succeeded in
explaining that if routers had to do that, they wouldn't have any computing
power left to perform their basic tasks.
Not that governments always listen.
Cerf testified before a French court deciding whether Yahoo Inc. should
have to remove Nazi-related materials from its online auctions, even though
they were legal elsewhere. Though Cerf and other experts warned that the
requirement was impractical, the judge imposed it anyhow.
Nor does Cerf always succeed in mediating.
Questions of authority and legitimacy continue to dog ICANN, even after
Cerf assumed chairmanship of the naming oversight body in 2000.
"He's a little bit out of his realm in this policy debate," said Karl
Auerbach, a board member and frequent critic of ICANN.
Cerf rarely appears in public without a three-piece suit--he wore them back
in high school too, noted Steve Crocker, a classmate and fellow Internet
pioneer. Even then, Crocker said, Cerf was "tremendously well-rounded. He
was in the math club and took a prize in a poetry magazine."
Cerf tested the first Internet hookups in 1969 as a UCLA graduate student
and developed the networking protocols as a Stanford University professor.
In 1997, then-President Clinton presented him and Kahn the National Medal
of Technology.
Carl Malamud, founder of the nonprofit Internet Multicasting Service, said
Cerf commands respect because of his vast knowledge.
"No matter what meeting he'd show up at, he'd show up for five minutes and
he'd have something constructive to say," Malamud said.
And hence a distinction bestowed on him as a father of the Internet, a
label "he's a little uncomfortable with [but has] come to accept," Malamud
said.
Cerf would rather stress the teamwork behind the Internet.
"I'm very resistant to that label--as if to say only one or two or a few
people can cause something like this to happen. There were thousands of
people," Cerf said. "But I do acknowledge ... I was around at the very
beginning."
**********************
Los Angeles Times
Some Businesses Balk at Giving Secrets for U.S. Terrorism Fight
Security: Utilities and high-tech firms are reluctant to turn over
information about their operations for fear that it could be compromised.
By NICK ANDERSON
WASHINGTON -- Prominent business groups, usually allied with the Bush
administration, are showing unexpected resistance to government efforts to
gauge the nation's vulnerability to terrorism.
While the White House says private-public cooperation has blossomed since
the Sept. 11 attacks, representatives of banking, information technology,
utilities and other industries in recent months have declined to share
crucial details of how their systems work and where they might be
compromised. They say that sensitive data shared with Washington could
quickly become public, undercutting corporate trade secrets, scaring off
customers or providing would-be terrorists with valuable clues about targets.
The motives for withholding data vary from sector to sector and business to
business. Without exception, industry leaders say they want to help the
government. But Shannon L. Kellogg, a vice president for security at the
Information Technology Assn. of America trade group, said, ''The bottom
line is, the information is not flowing.'' In response, the Bush
administration has proposed exempting from the federal public disclosure
law much of the information it wants private industry to voluntarily supply
to the new Department of Homeland Security. Critics attack this proposal as
an unwarranted break for big business. And they charge that, because some
of its records would not be subject to public review, the department would
be effectively ''above the law.''
But advocates say the government can't fend off terrorists without winning
cooperation from private industry. ''The best scenario is for the
government and all the [business] players to be connected with full
information but for the terrorists to still be in the dark,'' said Sen.
Robert F. Bennett (R-Utah).
The dispute shows anew how the challenge of securing America from terrorist
attack in a post-Sept. 11 world raises fundamental questions about how much
information can and should be shared with the government.
At issue is how the government can help protect what has come to be known
as ''critical infrastructure'': telecommunication networks, information
systems, financial service links, utility grids, power plants, chemical
depots, transportation hubs and so on.
Many of those assets are in private hands.
And the government, with some exceptions, cannot compel the owners to
disclose systemic weaknesses or even to report threats and attacks.
Bennett recounts one incident to prove the point. After Sept. 11, he said,
a financial institution called him for advice on how to handle a serious
terrorist threat it had received against its internal systems. But the
company's officers did not want to relay the threat to government agencies
for fear that it would become public and spark employee or customer panic.
The threat turned out to be a hoax, but Bennett called it ''a classic
example of something that the Homeland Security Department would want to
know.''
In April, an FBI survey of businesses and other institutions found that 90%
of respondents had experienced significant computer security breaches
within a one-year period, most of them causing financial loss, but that
only 34% had reported the incidents to law enforcement.
At a hearing in May before the Senate Governmental Affairs Committee,
Ronald L. Dick, director of the FBI's National Infrastructure Protection
Center, explained why.
''The two primary reasons for not making a report were negative publicity
and the recognition that competitors would use the information against
them,'' Dick said.
The Office of Homeland Security, a White House unit formed after Sept. 11,
also has found resistance.
Laurence W. Brown, legal affairs director for the Edison Electric
Institute, which represents investor-owned utilities, said he attended a
conference in April in which homeland security officials asked industry
representatives for security information.
Brown said the officials were told: ''We'd love to tell you where our
critical facilities are, but we're not going to because you can't keep a
secret.''
Tom Ridge, the White House homeland security director, acknowledged in
testimony before Congress last week that getting information from private
industry is ''a problem that's been experienced by a lot of the Cabinet
secretaries and even during the work of the Office of Homeland Security.''
But solving that problem is especially tricky for a Republican
administration that aims simultaneously to expand government's
anti-terrorism powers and curb government's regulation of private enterprise.
Rather than passing new laws or issuing executive orders requiring business
to hand over critical information, the White House has concluded that a
voluntary approach will work best.
To that end, Ridge argues that businesses should be granted the exemption
to the government's Freedom of Information Act, a goal supported by a loose
coalition of industries and prominent companies. Microsoft Corp., for
instance, purchased a newspaper advertisement last month calling for an
FOIA exemption for sensitive security information.
Enacted in 1966, the FOIA enables interest groups, journalists and others
to petition the government for access to its records. While the act is
meant to promote open and accountable government, many types of records
already are exempt from disclosure.
For example, the act allows federal agencies to shield from public view
records related to national defense, foreign policy, law enforcement, trade
secrets and certain kinds of commercial or financial information, among
other categories.
The Bush administration's proposed homeland security exemption would go
further, exempting from disclosure information voluntarily provided to the
new agency in connection with ''infrastructure vulnerabilities or other
vulnerabilities to terrorism.''
Some critics, including the American Civil Liberties Union, contend no
changes to the law are needed to protect the sort of records industry
leaders claim would be vulnerable to public disclosure. Others say the
proposal is too broad.
What, they ask, is ''infrastructure''? What are ''vulnerabilities''?
Rena Steinzor, an attorney for the Natural Resources Defense Council, an
environmental group, said the proposed exemption could shield from public
view an application to expand a power plant. Or data from a chemical plant
on real or potential toxic leaks. Or any other information a business
considers embarrassing or a liability.
Mark Tapscott, a scholar at the conservative Heritage Foundation think tank
who served in the Reagan administration, called the proposed exemption
''overly broad.'' Congress appears split, which could slow legislation the
administration wants passed this year to create the Cabinet-level
Department of Homeland Security.
Sen. Patrick J. Leahy (D-Vt.), chairman of the Senate Judiciary Committee,
chastised Ridge last month, saying that the FOIA exemption and other
provisions of the administration's homeland security bill seek to place the
new agency ''above the law.'' He called that ''very troubling.''
But Rep. W.J. ''Billy'' Tauzin (R-La.), chairman of the House Energy and
Commerce Committee, applauded the proposal.
''We ought to cut a delicate balance here, because we are a free society
and we want people to know what our government is doing,'' Tauzin said.
''But there's a line we have to draw when it comes to providing free to
anybody who wants it a road map of how to get into a nuclear plant.... "
***********************
Los Angeles Times
FCC Steps Up Airwave Hunt
Wireless: Regulators have intensified the search for bandwidth as carriers
spend billions to expand calling capacity but try to avert financial downfall.
By JUBE SHIVER Jr.
07/05/02
WASHINGTON -- Federal regulators and industry officials have stepped up
their search for more airwaves for the beleaguered wireless industry as
carriers try to stave off the financial carnage that has engulfed the rest
of the telecom industry.
A shortage of airwaves has forced Sprint PCS Group, VoiceStream Wireless
and other companies to borrow heavily to handle calls placed by the
nation's 128 million mobile phone users.
Although wireless companies are spending nearly $10 billion this year to
expand calling capacity and provide new high-speed data services, revenue
per minute of mobile telephone use has plummeted to 14 cents, from 53 cents
in 1992, according to industry figures. That's because the industry's
titans, in an effort to gain market share, have been underpricing their
services relative to their costs.
"There's a basic rule of economics: If you sell something for $1 that costs
you $1.05, you can't make money," said Herschel Shosteck, president of
Shosteck Group, a Wheaton, Md., telecommunications consulting firm.
A major spectrum expansion is critical if the industry is to avert an
erosion in the quality of cell phone service or a financial meltdown in the
next two years, analysts said. At stake are the pace of innovation in a key
industry sector and tens of thousands of jobs. That's particularly true in
California, the industry's nerve center and home to Qualcomm Inc. and about
2,000 other wireless firms employing 60,000 workers.
"There are so many types of events out there that could spell doom for the
industry," said Adam Zawel, an analyst for Cambridge, Mass.-based Yankee
Group, citing uncertain government policy, new competing wireless
technologies and the economy. "But there are also still a heck of a lot of
people out there without a cell phone," Zawel said. "The challenge is ...
to get more phones into the market and get everyone to use advanced
wireless services," which generate more revenue.
In a controversial move to alleviate the crunch, the Federal Communications
Commission announced last week that it would auction 740 wireless licenses
beginning Aug. 27. But those airwaves are currently used by television
broadcasters, and some wireless firms and lawmakers have opposed an auction
because carriers would then be forced to spend years and hundreds of
millions of dollars to relocate broadcasters to other parts of the spectrum.
What's more, those airwaves represent only about 78 megahertz of spectrum,
about one-third of the 200 MHz the industry says it needs to satisfy
wireless demand.
"The wireless revolution is becoming a victim of its own success," said
Thomas J. Sugrue, chief of the Federal Communications Commission's wireless
bureau. "The simple truth is that as our society grows increasingly
dependent on wireless technology and services, spectrum demand is stressing
the supply, and that has made spectrum management difficult for government."
This bleak picture is a stark contrast with two years ago, when the
wireless industry was flying high and aggressively building networks and
pursuing acquisitions. But carriers have since found it more difficult to
attract customers because most American consumers who want a mobile phone
now have one. The remaining 50% of Americans who don't have one are mostly
the elderly, the poor and children too young to own a phone.
Carriers have compounded their woes by following in the footsteps of
dot-com and fiber-optic entrepreneurs, borrowing too heavily and building
too aggressively in the face of slowing demand. The number of mobile phone
subscribers will increase 14% this year--an all-time low rate, according to
Prudential Securities Inc.
With less business to go around, experts predict the industry will shrink
to no more than four major players within two years.
One likely combination, industry experts said, involves the nation's No. 3
carrier, AT&T Wireless, and No. 2 Cingular Wireless, which is owned by SBC
Communications Inc. and BellSouth Corp. Because their networks share
similar technology, the two firms could save billions of dollars by
combining. Market leader Verizon Wireless could achieve a similar synergy
by acquiring No. 4 Sprint PCS, experts said.
But Sprint may still be wary of a deal after the Justice Department's
rejection of its proposed $115-billion merger with WorldCom Inc. two years
ago. And federal regulators are likely to be skeptical of mergers that
would leave 65% of the wireless market controlled by two companies owned by
the regional Bells. The fear is that the Bells might then easily overwhelm
the market's remaining two weaker competitors, Nextel Communications Inc.
and VoiceStream.
The unpleasant options leave the industry's major players with little
choice but to hunker down, for now.
Nextel, which is carrying $14 billion in debt, has slashed capital spending
20% to $2 billion this year. But the company continues to generate cash and
remains hopeful that its "credit profile will improve significantly over
the next few years" from subscriber growth and lower operating costs, Chief
Financial Officer Paul Saleh said.
Nextel hopes to keep afloat for the short term with $1 billion in cash, a
line of bank credit for $1.5 billion and other sources that might provide
as much as $5 billion more in capital if needed.
Rival Sprint PCS faces a similar cash crunch. Though the company added 4
million subscribers last year, it lost $1.25 billion in 2001 and recently
reduced its 2002 wireless subscriber growth forecast by 10% to 15% from an
earlier target of 3 million. Executives even have hinted at selling assets
to improve Sprint's balance sheets.
"A lack of capital will continue to hamstring expansion plans," Sprint
Corp. Chairman William E. Esry said in a speech at an Atlanta trade show
last month. But, he added, Sprint is still committed to delivering a
wireless network "where you can move from your office to your home ... with
total uninterrupted, fast and secure communications."
The diminutive cell phone seems an unlikely device to drive such an
ambitious strategy.
When introduced 20 years ago, cell phones weighed as much as a brick and
cost more than $3,000. The FCC, which in 1982 set aside 40 MHz of spectrum
for mobile phones--nearly seven times the amount used by a single
television station--believed it would take decades for demand to exceed
capacity, recalled Martin Cooper, a former project manager at Motorola Inc.
who is known as the father of cellular phones for his pioneering work on
the technology in the early 1970s.
But the devices proved an immediate hit with on-the-go consumers who reaped
the benefits of a take-no-prisoners price war among carriers. The demand
forced the FCC to quadruple to 180 MHz the amount of airwaves devoted to
wireless services.
The demand also has spawned a vicious upgrade cycle that has forced
carriers to spend billions of dollars each year on system improvements.
After building the initial analog phone system, for instance, carriers
spent billions more to add digital mobile phone service. Now, with another
costly upgrade in the works--this time for high-speed Internet
access--profits will elude the wireless industry for at least two more
years, predicts Roger Enter, a wireless analyst for Yankee Group.
But carriers are betting that consumers will flock to high-speed phones,
which will allow them to do such things as display maps for travel
directions, download audio files and use other potentially lucrative
subscriber services.
However, even if high-speed wireless data appeal to consumers, their growth
probably will be constrained by the shortage of airwaves that appears more
dire now than it did only a few months ago.
The industry has been seeking to double the amount of spectrum allocated
for wireless use. Carriers have been eyeing a 140-MHz swath of airwaves in
the 1710-MHz-to-1850-MHz band that the military is using for defense
operations, as well as a 190-MHz block of airwaves being used by some of
the nation's universities and churches for educational television and
wireless networking
But in the wake of the Sept. 11 terrorist attacks, the Pentagon has
strengthened its hold on its airwaves. In October, the Commerce Department,
which manages airwaves owned by the federal government, removed all but
about 45 MHz of the 140 MHz of military airwaves that had been under
consideration for possible commercial wireless use. And the FCC said last
year that it would not reallocate the schools' and churches' airwaves to
commercial wireless carriers. Those moves come on top of an FCC decision to
keep wireless carriers on the hook for $16 billion worth of disputed
wireless licenses the industry won't be able to use for at least a year.
Hawthorne, N.Y.-based NextWave Telecom Inc. originally acquired the
licenses for $4.7 billion at a 1996 FCC auction. But it failed to pay for
them and filed for bankruptcy protection.
The FCC took the licenses back and re-auctioned them to Verizon and 19
other carriers for $16 billion during a red-hot wireless market last year.
But the sale was thrown into question when NextWave successfully sued to
recover its licenses.
The dispute is pending before the Supreme Court.
"The large carriers in the industry are between a rock and a hard place,"
said S. Mark Tuller, general counsel for Verizon Wireless.
"The FCC spectrum task force is a good idea. But when you talk about
spectrum policy, the NextWave issue is like the elephant in the room. It
has a paralyzing effect."
The FCC formed a Spectrum Policy Task Force this month with an eye toward
freeing up more airwaves for wireless carriers. The Senate Commerce
Committee also recently held hearings to examine the issue.
But cellular pioneer Cooper has been advocating that the industry change
its ways. His company, Arraycom Inc. of San Jose, has petitioned the FCC to
force carriers to use spectrum more efficiently.
"It doesn't take a genius to see that wireless carriers could get all the
spectrum they want and still not be able to serve the market" at the price
they are giving away service. "We need a sounder policy; we just can't
continue this [cell phone] spectrum grab."
**********************
Mercury News
Control freaks tightening their grip on the Internet
By Dan Gillmor
Mercury News Technology Columnist
CAMBRIDGE, Mass. - Do the currently disorganized, decentralized forces of
bottom-up creativity have a prayer of countering the highly organized,
moneyed forces who want to maintain their top-down grip on creativity and
information?
That wasn't the specific question on the agenda at the start of a five-day
``Internet Law Program'' at Harvard Law School's Berkman Center for
Internet & Society this week. But as some of the top minds in the field
lectured and discussed some critical issues with lawyers, educators,
government officials and others here, it might as well have been.
Here's the bad news:
The idea that cyberspace would or could remain a zone of utter freedom may
have been impossible, or at least naive. Now, however, we are risking the
opposite -- an assertion of harsh and innovation-stifling rules by a few
who fear the future.
The Net, once so promising, is being carved up by governments and
corporations for control and exploitation. Intellectual property -- a term
that deserves execution -- is turning into one of the most brazen land
grabs, if the metaphor must be used, of all time.
Now, the good news:
Maybe we, the people, can do something about it. Maybe we, with the help of
our peers, savvy technologists and, yes, government (law), can retake the
future.
Lawrence Lessig, a Stanford law professor and author of several important
books on our technology-influenced future, was the program's pessimist.
He's been jetting around the world for several years, warning of what's coming.
And what's coming, he keeps saying, is a victory of the control freaks. The
people have been couch potatoes so long that they may not know how to
respond, much less have the means.
You have to understand the interrelated factors that influence the debate,
he said. We operate under markets, norms, laws and -- crucially --
architecture. The latter, key to one of Lessig's signature notions, is that
the way people build computers and software is, itself, creating law --
because it determines limits on how we use technology.
Cheer up, countered Yochai Benkler, professor of law at New York University
and Director of the Engleberg Center for Innovation Law and Policy as well
as the Information Law Institute. Code, and the power of the newly
organizing entities we're seeing in places like the free software movement,
are central to a more hopeful future.
Benkler made a persuasive case that free software (also known as
open-source software) development is a model for something big --
``variously sized collections of individuals effectively producing
information goods without price signals or managerial commands.''
Self-organizing systems are letting human ingenuity and humane values
challenge the authoritarian model of traditional industry.
Some rules will apply, no matter what. Nation-states may be threatened, but
they will not allow anarchy.
Jonathan Zittrain, co-founder of the Berkman Center and a law professor at
Harvard, anticipates increased efforts to ``zone'' content on the Net, for
example. What an American sees on a given Web site may not be what a person
from France sees even when both type in the same URL, or Uniform Resource
Locator (web address). This raised at least two questions, and I'm less
certain of the answer today than a week ago: Is such zoning an altogether
bad idea on a multicultural planet? Is it simply inevitable?
Inevitability is clearly an enemy. We still have choices.
A BETTER WAY TO GET THIS: I spent the five days taking voluminous notes,
perhaps too many for effective reflection. But the level of conversation
was so exceptional that I wanted other people -- namely you -- to get a
sense of what I was hearing. I've posted it all on my weblog
(www.dangillmor.com), along with links to other observations on the
program. Please take a look if you have the time.
***********************
BBC
Replace your mouse with your eye
Computers of the future could be controlled by eye movements, rather than a
mouse or keyboard.
Scientists at Imperial College, London, are working on eye-tracking
technology that analyses the way we look at things.
The team are trying to gain an insight into visual knowledge - the way we
see objects and translate that information into actions.
"Eye-trackers will one day be so reliable and so simple that they will
become yet another input device on your computer, like a much more
sophisticated mouse," said Professor Guang-Zhong Yang of the Department of
Computing at Imperial College.
Needle in a haystack
The scientists at Imperial College have been using an infra-red
eye-tracking headset to understand how the eye moves when given a task.
For the research, people have been shown an image and given a limited
amount of time to find a specific target, such as a waving hand in a crowd.
Searching for something like a hand in a crowd requires as much mental
effort as, for example, solving a crossword puzzle. The scientists are
trying to understand how this visual knowledge works.
"You can see things but you may not be able to recognise things," Professor
Yang told the BBC programme Go Digital.
"It is the only when the eye registers with the cognitive part of the brain
that things start to happen.
"We are trying to unravel how biological visual systems work and
reverse-engineer better computer vision systems," he said.
Eye-control
The team is looking at applying its research for use in areas such as
keyhole surgery or robotic surgery.
"If you want to operate on a moving object using keyhole surgery, such as
the beating heart to do a coronary bypass, you want to have a stable view,"
he explained.
"So we could have the camera move in correspondence with this rhythm so
what you see is a stationary picture."
Professor Yang believes eye-tracking technology could also help the way we
interact with machines, such as computers.
Other potential applications include installing an eye-tracker in a car
dashboard to warn a driver who is falling asleep, or enable a fighter pilot
to aim missiles by simply looking at a target.
Professor Yang was presenting his work at the Royal Society Summer Science
Exhibition in London, which showcases researchers at the cutting edge of
science in the UK.
**********************
BBC
Mobile spam on the rise
Unwanted text messages are becoming a growing nuisance for UK consumers,
who are often confused about how they received such messages.
Complaints to regulators have soared over the last year as advertisers
directly target mobile phone users.
Increasingly, such unsolicited texts dupe people into phoning premium rate
numbers. One method is to send a romantic message from an mystery admirer.
Premium rate calls watchdog Icstis has received more than 150 complaints in
the past nine months about unsolicited messages.
Wireless confusion
The Advertising Standards Authority has also seen a rise in problems and
has upheld six complaints about text message promotions this year, compared
with none the previous year.
Unwanted text messages are becoming a growing nuisance for UK consumers,
who are often confused about how they received such messages.
Complaints to regulators have soared over the last year as advertisers
directly target mobile phone users.
Increasingly, such unsolicited texts dupe people into phoning premium rate
numbers. One method is to send a romantic message from an mystery admirer.
Premium rate calls watchdog Icstis has received more than 150 complaints in
the past nine months about unsolicited messages.
Wireless confusion
The Advertising Standards Authority has also seen a rise in problems and
has upheld six complaints about text message promotions this year, compared
with none the previous year.
Responsible SMS marketing must involve a two-way relationship between
advertiser and customer, ensuring that all recipients have opted-in to
receive messages and allowing them to opt-out at any time, said Mr Gelenbe.
He disagrees that mobile spam is a huge problem.
"In reality, there isn't a lot of spam over the air because marketers have
to pay between 5p and 10p for each message and unless you get a decent
response rate you would go bankrupt," he said.
In Japan, where recipients rather than senders are charged for messages,
spam is a much bigger problem with nine out of every 10 messages on the
DoCoMo network estimated to be spam.
Tighter regulation
Orange urges users of its network to contact its customer service lines if
an unsolicited text message is received.
"If the message has been generated using a number on the Orange UK network
we can bar the subscription or block the ability to send text messages from
that number," reads a statement from the company.
If the text message has been generated using a number on another network,
Orange can either bar the sender number from sending SMS to Orange
customers or block the message centre concerned.
Spam generated overseas is harder to control but Orange says it is "taking
measures" to deal with it and is also working on software that would block
spam.
At a government level the European Union is considering forcing marketers
to get explicit permission from customers before sending e-mails or text
messages for advertising purposes.
Action needed to be taken as soon as possible, said the spokesman for the
Consumers' Association, himself a victim of airwave spammers.
"Tighter regulation is necessary so that users can regain control over what
they get on their phones," he said.
**********************
BBC
Device could detect overdose drugs
Scientists are developing a hi-tech device which could help casualty
doctors treat patients who have taken an overdose.
The biosensor would detect what drugs they had taken much faster than the
lab tests currently used, helping doctors give a patient the treatment they
need more quickly.
The device acts by testing patients' blood.
Early tests have shown it can detect glucose, and researchers are also
looking at whether it could detect creatinine, a product in the body, which
is an indicator of kidney dysfunction.
It is hoped biosensors can be developed which would detect paracetamol,
antidepressants and even illegal drugs.
Its developers say it would take just a few minutes to give a result,
whereas sending a sample off to a laboratory may take hours to come back
with a result.
The device, which could cost hospitals around £1,000 is at a very early
stage of development and it could be three to five years before it would be
in use.
Reaction chamber
The biosensor has a disc-shaped quartz crystal, around a centimetre in
diameter and 0.2 millimetres thick at its centre.
When it is charged with electricity it vibrates millions of times a second,
and the frequency at which it vibrates changes if anything sticks to the
crystal's surface.
Above the crystal is a small reaction chamber where blood samples are placed.
The biosensor can be designed so that a particular series of chemical
reactions will take place if a certain substance is present, forming a
solid product.
That will then attach itself to the crystal and change the vibration
frequency showing that the substance is present.
Its makers claim the chemical reaction can be made to be highly specific so
that other substances will not interfere with the readings.
Faster treatment
Dr Sub Reddy, a lecturer in biosensors at the University of Surrey, UK, led
the research, which is backed by the Engineering and Physical Sciences
Research Council.
He said: "Our sensor is portable and will be easy to use even by unskilled
staff."
Dr Reddy told BBC News Online: "You could have a bank of these devices in
the ambulance, so you could have the results on a whole series of drugs
that the patient could have taken as soon as they arrived in A&E.
"That would improve the speed of treatment, and mean doctors could give any
antidote."
Dr Fiona Lecky, an A&E consultant at Hope Hospital, Salford, said: "We do
have to wait for the results of blood tests.
"Also the blood tests are very limited in what they will pick up - aspirin
and paracetamol.
"It would be useful to know immediately what the patient has taken,
particularly in an unconscious patient.
"The main issue with this device would be is it reliable, and its cost."
************************
BBC
Net body accused of bullying tactics
The internet's top body has been accused of bullying European domain
administrators into handing over confidential databases against their will.
Icann, which oversees the running of key parts of the net's addressing
system, wants access to the databases before it makes changes to master net
address books on behalf of the European groups.
Icann's actions have been condemned as "unacceptable" by the industry body
representing organisations who keep European internet addresses running.
In its defence Icann says it needs to see the data to ensure the stability
and reliability of the net.
Network crash
The collapse of telecommunications firm KPNQwest has given rise to the row
between Icann, the Internet Corporation for Assigned Names and Numbers, and
the administrators of many European country codes.
Before it went bust, KPNQwest was looking after duplicate databases for 67
national domain administrators.
The firm's collapse meant that these duplicate databases, which are
consulted when someone wants to visit a domain that has a national suffix,
had to be moved.
Once moved, the master lists for the internet, overseen by Icann, had to be
updated with their new net location.
However, Icann has refused to update the master lists unless it can have
ongoing access to the national domain administrator's databases that list
the net location of all their customers.
"We can not understand how Icann, an organisation that needs to demonstrate
its legitimacy and improve its working relationship with a sceptical
[country code] community, can perform in the way it has," said a statement
from Centr, which represents European domain administrators.
Long wait
Some country code administrators have been waiting for weeks to have the
master address lists changed.
Vaggelis Segredakis, administrator of Greek's ".gr" domain said it had an
"ongoing issue" with Icann and had first made a request to change the
master lists over a month ago.
Some domain administrators are known to have given Icann access to their
customer databases until the changes were made and then closed them down
again afterwards.
"We do hope Icann will place a moratorium on this requirement in order to
put internet stability first," said Kim Davies, technical policy advisor
director at Centr, "particularly given that there may be more turmoil with
networks that operate name servers in the near future."
Nigel Roberts, operations manager for the Channel Islands domain registry,
said he was shocked that Icann was trying to use the problems caused by
KPNQwest to force changes on domain administrators.
Icann argues it needs to have access to the databases to make sure that the
net's entire addressing scheme is reliable and stable.
It said its operating policy gave it the right to regularly inspect the
databases.
But Mr Roberts said the new policy was only introduced earlier this year
and had not been properly debated and ratified by Icann.
**********************
Federal Computer Week
OMB's new hand
Editorial
The Bush administration has pulled out a budgetary trump card, citing a
little noticed provision in the Clinger-Cohen Act of 1996 giving it the
power to cut or move funding for information technology programs even if
Congress already appropriated money for the program. This card could change
the game considerably, and the administration would do well to collaborate
with agencies and Congress when they play it.
Norman Lorentz, chief technology officer at the Office of Management and
Budget, said last month that the administration planned to exercise a
provision of Clinger-Cohen that gives OMB the authority to cut or move
funding for redundant and underperforming IT programs. This obscure power
is one of the most powerful weapons in OMB's arsenal to implement its
E-Government Strategy, part of which entails consolidating similar IT
programs scattered throughout agencies and cutting IT spending in general.
OMB is certainly headed for a tussle with Congress, which doesn't want its
dictates for IT spending changed substantially, and with government IT
workers, who will be affected by the changes. Some members of Congress have
already said OMB should be ready for a fight. Other longtime federal IT
experts with agency and OMB experience are a bit surprised by the agency's
bravado.
The impending fight doesn't mean that OMB's goals namely, redirecting IT
spending to save money and supporting programs that can improve government
services aren't a good idea. It depends on how officials go about
achieving them.
One way to avoid, or at least scale back, the impending battle is for OMB
to seek input from agencies and Congress and simply talk to those who would
be affected. Often, such openness allows managers to avoid a policy's
unforeseen problems. Those in the know can alert managers to pitfalls, and
discussions can remove any misunderstandings and build a common ground.
Will such cooperation block potential infighting? No, but OMB could end up
with a politically viable solution.
************************
Federal Computer Week
Accessibility law under scrutiny
For the past year, federal agencies have been required to buy only
accessible technology, but they have been banned from requiring vendors to
"certify" that their products meet accessibility requirements. Now the
General Services Administration is considering reversing that ban.
"Some people feel that by using certification, they get some sort of extra
promise" that products will meet accessibility requirements, said David
Drabkin, GSA's deputy associate administrator for acquisition policy.
Technology vendors strongly oppose the idea, according to Michael Mason, an
attorney who specializes in federal contracting law. "Certification brings
in elements of fraud" that could carry serious penalties if products are
found not to meet accessibility requirements, he said.
Guaranteeing that products will meet accessibility requirements is
difficult in the realm of fast-changing technology, where accessibility
often depends on how well hardware, software and other products work
together, Mason said.
"Accessibility" refers to the ability of technology typically office
equipment, software and Web pages to be used by people with disabilities
such as sight or hearing impairments or mobility or dexterity limitations.
Standards that products must meet to be considered accessible are detailed
in Section 508, a law that took effect in June 2001.
When the law was written, "We decided to not require certification from
companies that [their] products were 508-compliant," Drabkin said. "We were
trying to keep the number of certifications that a business would have to
provide to an absolute minimum."
But during the past year, Drabkin said he heard reports that a number of
agencies attempted to include certification requirements in solicitations
and contracts for technology purchases. He said he does not know which
agencies did so, but industry sources say the Treasury and Interior
departments and the U.S. Postal Service have tried to include certification
requirements in contracts.
"Certifications carry all kinds of consequences, from civil to criminal,"
Drabkin said. GSA wants to learn "whether there is really a need for it, or
if it's overkill."
Whether agencies will be allowed to require certification in information
technology contracts is likely to be decided by the Civilian Agency
Acquisition Council and the Defense Acquisition Regulations Council.
The councils published a notice in the Federal Register June 27 asking for
comments on whether changes are needed to the Federal Acquisition
Regulation. The notice points out that the FAR now "does not require
vendors to certify" that their products comply with Section 508 and states
that under most circumstances, "agencies are not to require such
certification."
But Drabkin said that could change if agencies indicate a strong preference
for certification requirements during the comment period, which ends Aug. 26.
In addition to comments on certification, the two acquisition councils want
comments on whether Section 508 would benefit from the addition of a clause
that spells out in more detail the legal obligations and limits to legal
obligations of vendors that sell government agencies electronic and
information technology.
A long and highly technical law, Section 508 has been a challenge for
vendors and agency procurement officials.
The problem is that the law is "being interpreted differently by different
people depending on particular circumstances," said Larry Allen, executive
vice president of the Coalition for Government Procurement.
The law includes detailed technical standards that hardware and software
must meet to be considered accessible, but it also permits agencies to buy
products that meet accessibility requirements in ways not detailed in the
technical standards.
"There are different standards for different technologies and even
different standards for the same technologies when they are used in
different ways," Allen said.
The variety of circumstances, rules and interpretations is frustrating for
many who sell products to federal agencies, he added. But vendors do not
agree on the solution.
"Some vendors think there should be a series of relatively hard and fast
rules that direct contractors on what their responsibilities are in a
clear, concise and reasonably unambiguous way," he said.
But others argue that hard and fast rules do not apply because each
situation is different and technology keeps changing, Allen said.
Under Section 508, the legal responsibility for achieving accessibility
falls only on federal agencies. They risk lawsuits if they fail to provide
accessible technology to workers and accessible Web sites, information
kiosks and other technology to the public.
That liability has prompted some agencies to draft contract clauses and
certification requirements that industry officials complain are an attempt
to shift compliance liability to product vendors.
That raises the prospect of a "proliferation of agency-specific clauses"
that would increase confusion over Section 508, the acquisition councils
said. A single, catch-all electronic and information technology clause to
the FAR might be preferable, the councils said in the notice requesting
comments.
Drabkin said it may take "six months or so" to decide whether changes to
the FAR are needed.
***
Comfort zone
As the government's procurement umpires prepare to review the rules on
buying accessible technology, industry representatives say the need to
change the rules appears less urgent than it did last summer. "Companies
and agencies are more comfortable than were we were a year ago" dealing
with Section 508- related acquisitions, said Ken Salaets, director of
government relations for the Information Technology Industry Council.
Last summer, when the accessibility law took effect and agencies could be
sued for failing to comply, federal contracting officials responded by
inserting an array of clauses into purchase contracts to shift legal
liability from agencies to product and service vendors.
But there have been no suits, disputes between agencies and vendors have
been quietly resolved, and agencies have grown "considerably calmer and
more confident" in dealing with Section 508, Salaets said. Plagued by a
plethora of clauses last summer, members of the Information Technology
Association of America sought to simplify matters by proposing a single
clause to be used by all agencies.
Now, however, ITAA officials are having second thoughts. After a year of
experience with Section 508, an association committee plans to "take a
fresh look" at the clause question. This time, it may recommend adopting no
clause at all, an ITAA official said.
*************************
Federal Computer Week
Senate proposes DOD tech review panel
Handling of NMCI criticized in House report
With scores of terrorism-fighting technology proposals flooding the Defense
Department, lawmakers recommend creating a panel within DOD to help review
such proposals, according to the Senate fiscal 2003 Defense authorization bill.
The program is designed to encourage small businesses and nontraditional
defense contractors to submit proposals that are potentially beneficial for
combating terrorism, according to the bill, passed by the Senate June 27 by
a vote of 97-2.
The Senate version of the fiscal 2003 authorization bill, S. 2514, a policy
bill that approves programs for DOD totaling $393 billion, must be resolved
with the House's version of the bill, which was approved in May.
The House, meanwhile, voted to approve its version of the fiscal 2003
Defense appropriations bill, H.R. 5010, by a 413-18 vote, providing $355
billion in defense spending.
The bills endorse much of President Bush's proposed increases in defense
spending and funds for waging the war against terrorism. The bill provides
$33.8 billion more than what was appropriated for fiscal 2002, although it
is $2.1 billion less than the Bush administration had requested.
How exactly DOD should invest its money is one matter of concern. The
Pentagon received more than 12,000 proposals last fall in response to its
broad appeal for new technology ideas to combat terrorism. But Defense
officials have yet to review or respond to many of those proposals,
according to the committee.
The panel proposed by the Senate would recommend potential contractors to
the undersecretary for acquisition, technology and logistics. Members would
consist of technology experts from the Pentagon and military services, as
well as the private and academic sectors.
Olga Grkavac, executive vice president of the Enterprise Solutions Division
at the Information Technology Association of America, said there is a
similar provision in the House bill, but the Senate version includes $50
million to fund the initiative. Overall, industry has been supportive of
the initiative, although ITAA has not taken a formal position on it, she said.
NMCI Catches Heat
The Senate bill mirrors the House version enabling the Navy to extend the
Navy Marine Corps Intranet contract with lead vendor EDS by two years.
Lawmakers, however, voiced their dissatisfaction with the pace of NMCI.
The House version of the DOD spending bill trimmed NMCI funding, a staff
member for the House Appropriations Committee said. EDS officials, however,
noted that the cuts would come out of the Navy's overall information
technology budget so NMCI will continue to be fully funded for fiscal 2003.
The report that accompanies the spending bill, however, includes some harsh
criticism of how the Navy has managed NMCI's implementation and questioned
the testing process that was used to certify the viability of NMCI.
Therefore, the House recommends that the Navy take a slower, steadier
approach, the staff member said.
NMCI, the Navy's massive effort to create a single network across more than
400,000 seats for its shore-based facilities, has been bogged down by
scores of legacy applications that need to be accommodated. At one point,
the Navy tallied nearly 100,000 separate applications.
The House bill would prohibit the Navy from ordering seats beyond the
160,000 that are currently authorized and would require the Pentagon to
conduct further tests once 20,000 seats have been rolled out.
"The committee believes that the delay in seat orders that will result will
also provide the Navy and [EDS] much needed time to address the legacy
application problems which will arise from the order of the first 160,000
seats," the committee report says.
An NMCI spokesman said that the Navy could not comment on the legislation
until it had been presented to officials.
The DOD spending bill had been criticized for lacking a transformational
vision. But Ray Bjorklund, vice president of consulting services at Federal
Sources Inc., a market research firm in McLean, Va., said that Defense
Secretary Donald Rumsfeld sees transformation as more evolutionary than
revolutionary.
These proposals are in line with that view, he said.
***
At a glance
Proposals from the House and Senate Defense authorization bills
* The Senate bill includes a provision that would create a $50 million
"technology transition" initiative to deliver new technologies to the
battlefield more quickly. The bill would create a Technology Transition
Council, staffed by military acquisition officials and high-tech industry
leaders, and it would require each branch of the military to assign a
senior official to serve as a technology transition advocate.
* The House bill includes funds for Advanced Concept Technology
Demonstrations and Quick Reactio
n Special Projects, as part of the effort to speed the transition of tools
for warfighters in the field.
* The House bill includes funding to expand the bandwidth capacity of the
Global Information Grid to 10G.
**********************
Federal Computer Week
An evolving Web-based work space
Three agencies make the shift from e-mail to true online collaboration
For better or worse, e-mail has quietly wormed its way into our daily work
lives, becoming the primary tool we use to correspond, share ideas, set up
meetings, confirm agreements and exchange documents.
The trouble is that e-mail, though convenient and nearly ubiquitous, is
hardly the best application for the many uses to which it's put.
Among its ills: It's a lousy filing system for individuals and even worse
for groups; it provides little help making sure that everybody works from
the same versions of documents; and it's poorly designed, architecturally
speaking, to handle such work, because it chokes networks and clogs up
storage resources with countless redundant files.
Now, a growing number of agencies are discovering an alternative in
Web-based team collaboration software that was designed in large part to
address e-mail's shortcomings.
Although some agencies such as the Census Bureau and the Bureau of Justice
Statistics are now putting collaboration software through its paces on
smaller projects, others such as the Federal Aviation Administration's Air
Traffic Services (ATS) are using it as the backbone for their entire
operations, cutting administrative and travel costs and increasing
productivity so that projects are completed faster.
A big reason the software is taking off now is that it caters to the
regular work routines of its users rather than forcing them to change their
work habits. For example, instant messaging and online chat features allow
users to communicate spontaneously in real time as project problems
arise the online equivalent of throwing an impromptu meeting.
Like a greatest hits collection of music, products such as eRoom Technology
Inc.'s eRoom, Open Text Corp.'s Livelink and SiteScape Inc.'s Enterprise
Forum, among others, combine several useful tools in one package.
Among the features offered are document management, project workflow, team
scheduling and on-screen shared application work spaces, called
whiteboards. The more robust feature set has helped broaden the potential
customer base for the software.
"There's a huge opportunity to use team collaborative applications in the
government and commercial worlds," said Mark Levitt, research vice
president for collaborative computing at IDC, "though what we've seen to
date are mostly pockets of users or, in some limited cases, full
enterprisewide rollouts."
Managing Performance
Although it is still in the initial stages of its deployment of
collaborative software, the FAA's ATS, which builds and maintains air
traffic control systems and facilities, plans to roll out the software
enterprisewide to all 37,000 ATS employees, according to Rick Ford, chief
information officer for ATS in Washington, D.C.
The system is supporting an initiative to transform ATS into what will be
called the Air Traffic Organization, an entity created on paper by
President Clinton in December 2000 but not yet officially in existence.
ATO will be a performance-based organization, which means that it is
supposed to operate more like a private business than a traditional
government bureaucracy, with tough performance and accountability standards
and monetary incentives for senior executives if they help the organization
reach its goals. The designation also implies using technology to help
carry out that mission.
That being the case, the builders of ATO put at the top of their shopping
list Web-based software that could provide a single platform for team
collaboration and project management primary activities of ATS engineers.
With the help of systems integrator Titan Systems Corp., ATS officials
selected Open Text's Livelink collaboration software in April 2001 and got
the first users on the system just six months later.
ATS employees use only a Web browser and a connection to the office's
wide-area network to access the system, called pb-ICE, short for
performance-based integrated collaborative environment. Secure Web pages
serve as the access points to different projects and all of the system's
tools. From there users can:
n Set up and manage projects and use a graphical-based workflow tool to
assign tasks to team members, outline the desired process and track progress.
n Exchange, index, store and retrieve project files, while maintaining the
information's integrity through file version control features.
n Schedule meetings and notify team members when new information is posted.
n Collaborate from any of ATS' locations via bulletin board-style
discussion groups, real-time messaging and whiteboards.
The Web-based architecture enables users to participate in a project
without needing specialized software.
"For example, in [ATS], there's a need to have access to facility-level
engineering drawings that are produced in CAD/CAM systems," said Allan
VanDeventer, vice president of Titan Secure Solutions, a division of Titan
Systems. "Those drawings can be rendered in HTML and visible through this
tool without having the CAD/CAM software on the desktop."
In the nine months that pb-ICE has been used by about 600 employees, the
system is already delivering anticipated benefits, such as less travel and
fewer time-consuming meetings, as well as a significant reduction in staff
work because project-related information is better organized and far more
accessible, Ford said. By providing one place to store all related
information and schedules, projects are running more smoothly than before.
"There's much more clarity in who is responsible for what in a given
project," Ford said. "Task assignments are clearly understood, so there's
not that confusion and murkiness that you often see in project management."
Prices for collaborative software can range from a few thousand dollars up
to several hundred thousand dollars for big installations, though they have
come down considerably in the past few years, IDC's Levitt said.
ATS spent about $8 million to develop pb-ICE. As part of an outsourcing
contract, Titan Systems hosts and maintains all the software, then charges
ATS $1,150 per user per year to access the system, a price that will go
down as more users are added, Ford said.
Besides the collaborative software, that price also includes several other
vendors' software packages, which are tightly integrated and assist with
planning programs and tracking financial and team performance measurements,
all of which are crucial to ATS' mission to become a performance-based
organization.
An Evolving Discussion
The Bureau of Justice Statistics uses team collaboration software in a less
encompassing, but no less important, way. Approximately 14 bureau employees
are using SiteScape's Enterprise Forum software as they develop a survey
that will ask 36,000 businesses nationwide about incidences of
computer-related crimes.
Although the collaboration software could easily connect team members in
far-flung offices using a secure Internet connection, the primary benefit
of the tool for the bureau's Washington, D.C.-based team is the centralized
online work space, said Marshall DeBerry, acting chief of the crime
measurement and methodologies section at the bureau.
"We use the system to initiate discussion topics and post material for the
team to review," DeBerry said. "With the archival features like document
storage and the ability to record threaded group discussions, we can also
see how a particular topic evolved, which has been very helpful."
DeBerry's office shares the cost and use of the $10,000, 200-user SiteScape
license with the Census Bureau, which also uses the software to manage
various projects.
Indeed, although the recent addition of integrated, real-time
communications features enhances team collaboration products, the whole
suite of project management tools is really what makes them valuable.
"It's more than just collaboration for collaboration's sake," VanDeventer
said. "It's a toolset with a lot of depth that comes with a recipe for how
to do business in a different way. Government used to do a lot of work on
paper, then e-mail came along and replaced a lot of that. These tools take
it to another level."
***
Case Study: A tactical advantage
Reflecting an industry trend toward greater customization of Web-based team
collaboration software, SiteScape Inc. introduced a new version of a
product last week tailored for use by Defense Department program management
offices.
The Tactical Calendaring, Action-Item and Meeting Management (TCAMM) system
was developed with input from the Navy's Tactical Information Technology
Integration Program Office (TacIT IPO).
Military program managers can use TCAMM to create a central Web page that
serves as a sort of home page of their program's activities. From there
they can assign tasks, schedule meetings, track the status of projects and
provide a single place where team members can go to access all
project-related information such as action items, agendas, presentations
and meeting minutes.
"There's a long-term benefit in having all that information in one place,"
said Peter Gaston, vice president of government solutions at SiteScape.
"For example, TCAMM provides what's called the 'decision history,' a record
of why things were done a certain way, which can then be used in future
projects."
To meet the government's special security requirements, TCAMM supports FIPS
140-1 and X.509 digital certificates. "We designed this solution to
leverage DOD public-key infrastructure, which provides higher security and
eliminates the need for passwords," said Phillip Butch, program manager,
TacIT IPO. Currently, there are more than 1,000 TCAMM users in the Navy.
Besides customizing applications for specific industry uses, collaboration
software vendors are creating solutions that support business processes,
such as résumé tracking and computer help-desk management.
*********************
Government Computer News
Report: Cyberterrorism still more of a threat than a reality
By William Jackson
Hacking activity tracked by managed security services provider Riptech Inc.
of Alexandria, Va., increased 28 percent in the last six months, but target
enterprises appear to be better equipped to detect and fend off serious
attacks, according to Volume II of the company's Internet Security Threat
Report, released today.
Despite the increase in overall activity, the number of companies
experiencing a severe attack from January through June this year declined
by half compared to the previous six months. Government organizations
monitored did not suffer any highly aggressive attacks in the past six
months. Although hacking remains a real threat, cyberterrorism has not
emerged as a serious problem, said Riptech CTO Tim Belcher.
"I have never seen signs of expert cyberterrorism anywhere," Belcher said.
He defined "expert" as a level of skill on par with professional security
teams that do penetration testing. But he warned that hacking tools and
resources are readily available, and this could quickly change.
The report is based on an analysis of 180,000 confirmed attacks culled from
11 billion firewall and intrusion detection system data points from 400
Riptech customers. Few of the customersless than 2 percentare government
agencies, and most of those are state and local rather than federal.
Among the findings:
Nearly two-thirds of confirmed attacks were launched from systems using
Microsoft Windows.
The United States is the leading source of attacks, accounting for 40 percent.
The power and energy, financial service and high-tech sectors were the most
frequent targets.
Attacks from countries on a cyberterrorism watch list, including seven
countries designated by the State Department as sponsors of terrorism,
accounted for less than 1 percent of the attacks monitored. But scanning
from those countries tended to focus on different types of services and
different types of companies from the average, suggesting possible
differences in motives, the report warned. Belcher said those differences
could be a reflection of the small numbers from those countries, where
Internet connectivity is low.
"I don't think what we're seeing today is extremely threatening," he said.
One disturbing detail that turned up was a small percentage of Code Red
worm scansabout 2 percentapparently originating from Unix systems. Because
Unix systems are not susceptible to Code Red infection, Belcher warned,
these could be the work of someone hiding behind the worm.
"We've checked and double-checked and triple-checked," Belcher said. "We
feel this is a smoke screen."
And for what it's worth, hackers seem to be average working Joes. Over the
past six months, the rate of hacker activity on weekdays was 19 percent
higher than on weekends.
Volume II of the Internet Security Threat Report is posted on Riptech's Web
site at www.riptech.com.
**********************
Government Executive
Homeland security bill becomes a magnet for cybersecurity initiatives
By William New, National Journal's Technology Daily
Legislation to create a Homeland Security Department, a top congressional
priority, has begun to attract previously introduced cybersecurity and
other technology-related bills as riders.
The most activity is in the House, where numerous committees and
subcommittees with jurisdiction on homeland security have until July 12 to
recommend changes to the legislation, H.R. 5005. Staffers for Virginia
Republican Tom Davis, for instance, have redrafted several of his bills as
potential amendments to the homeland measure.
"Debate over how to best structure a new Department of Homeland Security
offers an excellent opportunity for Congress to address many critical,
related issues," Davis said Tuesday. For instance, he said the White House
proposed an information-sharing framework on threats to critical
infrastructure that "gives us the momentum we need to move our
information-sharing bill [H.R. 2435]."
According to Davis' spokesman, a "breakthrough" has led to changes in the
information-sharing bill, such as deleting the term "cybersecurity" to
allow for the inclusion of physical security; clarifying the structure of
the information sharing process; and deleting the original antitrust
language that sparked Justice Department concerns.
Davis also is eyeing the homeland bill to reauthorize and "give teeth" to
the Government Information Security Reform Act, which expires in November,
through his separate bill, H.R. 3844, on the issue. He also intends to
attach procurement-related legislation: H.R. 3832, which would establish an
acquisition workforce-training fund and streamline the procurement process;
and H.R. 4694, which would give procurement officers more flexibility.
Davis also may try to add H.R. 4629, a bill to create a central office to
help vet new homeland security technologies. And Rep. Sherwood Boehlert,
R-N.Y., has shown interest attaching a Senate-introduced bill, S. 2037, to
create a "NetGuard" of tech experts for emergencies.
On the Senate side, there may be fewer changes to the homeland security
legislation at the committee level. The Governmental Affairs Committee,
chaired by Joseph Lieberman, D-Conn., has sole jurisdiction. Lieberman sent
letters to relevant committees on June 14, asking for input before the
committee votes. The vote is tentatively scheduled for the week of July 15,
his spokeswoman said Tuesday. Committee members may offer amendments
germane to the bill.
The homeland security bill is the third item on legislative calendar after
the Senate returns from this week's recess, with final action planned by
the August recess.
Sen. John Edwards, D-N.C., is trying to get sections of his two
cyber-security bills, S. 1900 and S. 1901, passed as part of another bill,
S. 2182, sponsored by Ron Wyden, D-Ore. The two senators' offices are
negotiating, and the resulting measure could be added to the homeland bill.
"We're on the lookout for the best way to get [the cybersecurity bill]
through Congress, and that might include any homeland security
legislation," said Michael Briggs, Edwards' press secretary.
***********************
MSNBC
The perils facing school science labs
GENOA, Ill, July 7 In a blinding flash, the routine high school chemistry
experiment turned to chaos. An alcohol-fueled fireball shot into the
classroom, searing the skin of three junior honor students in the front
row. They took the brunt of the blast on their faces, necks, arms, hands
and legs. The teacher pulled burning jeans off one of the girls; scorched
skin fell from the boy's face. The rest of the class scrambled for the
door, leaving burned backpacks and books behind.
THE FIRE at Genoa-Kingston High School last October may have been a
horrible accident, but it was not isolated. Across the country, at least
150 students have been seriously injured in school laboratory accidents in
the last four years.
But the number is almost certainly much higher, according to
interviews with researchers, school officials and insurance companies. And
the stage is set for a significant increase, they said.
As schools try to meet tough new science education standards set by
the National Academy of Sciences in 1996, students are spending more time
in laboratories. Some are crowded. Some have teachers with no safety
training. Some are in 19th-century buildings ill-equipped for 21st-century
science.
"Before, most kids were reading out of textbooks, but the new
federal science standards absolutely, strongly advocate hands-on,
inquiry-based science," said Kenneth Roy, who chairs an advisory board on
science safety for the National Science Teachers Association. "What this
means is, you have to have safety concerns as job one, but some schools don't."
And while teachers are protected in the workplace by state laws,
students are not covered by those laws. There is little regulation of
school labs, and no government or private agency collects official data on
accidents that happen there. As a result, the exact number of accidents is
unknown.
Almost all of the accidents and injuries could have been prevented
with simple safety measures, experts said. But many teachers are unaware of
the dangers, and there is no formal system to share information on
accidents so teachers can learn from others' mistakes.
Yet they occur often enough to be considered a serious problem,
according to safety experts and insurers who have paid millions of dollars
to settle claims.
"There have been some terrible accidents and injuries that are just
absolutely gross," said John Wilson, executive director of the Schools
Excess Liability Fund in California, which recently paid more than $1
million in one case involving a chemistry accident and more than $3 million
in another.
A settlement is pending in a third accident, involving a Riverside,
Calif., girl who was burned over 20 percent of her body. She is getting
treatment to reduce scarring and improve the use of her badly burned right arm.
There is evidence that the number of accidents has risen since
schools began adopting the new teaching standards. In Iowa, there were 674
accidents in the three school years from fall 1990 through the spring 1993,
but more than 1,000 in the following three years, said Jack Gerlovich, who
teaches science safety at Drake University.
The increase came after Iowa schools began adopting an early
version of the new standards, he said. The number of lawsuits soared, too,
from 96 to 245. Gerlovich said he suspects the same thing is happening in
other states.
"I think this was the tip of an iceberg," Gerlovich said.
If accurate statistics were gathered, he said, "I think the actual
numbers would be much, much higher, but it's the kind of problem nobody
wants to face."
Safety lessons unlearned
When the swoosh of fire hit Autum Burton, she was returning to her
seat in her chemistry class after taking a closer look at the colors of the
flames in the six petri dishes on the teacher's table.
In an instant, she was engulfed in flames.
"I could feel it eating at me and I could smell my skin burning,"
she recalled recently. "I was on the floor trying to get this off with my
hands."
By the time someone finally managed to wrap her in a blanket and
put out the fire, she was burned over almost half her body: face, neck,
chest, arms and legs.
Burton, 19, now attends Columbia College in Chicago. Despite eight
skin graft operations and three laser treatments to diminish scarring on
her face, she will be disfigured for the rest of her life.
The accident happened two years ago at Lakeview High School in
Battle Creek, Mich. Just two months earlier, a 16-year-old girl was
severely burned in a similar accident that had happened about 40 miles
away, at Waverly High School near Lansing. In both cases, the experiments
involved methyl alcohol.
ALCOHOL'S TOLL
A volatile chemical that ignites easily, methyl alcohol often is
involved in the most catastrophic accidents. In recent years, it also has
caused flash fires at schools in Santa Clarita and Riverside, Calif.;
Genoa, Ill.; Midland, Texas; New Berlin, Wis., and Washington, D.C. It has
also caused explosions in which students were injured by flying glass.
If the teacher does not use an exhaust system, leaves the cap off
the alcohol jug or pours too much into the dishes, fumes can build up and,
if exposed to flame, create a flash fire. If the fumes come from an open
bottle, the explosion can eject the liquid, followed by a ball of fire.
"You get a flame-thrower effect," said Steve Weston, a lawyer
representing Burton and the student from Lansing. "It jettisons fluid from
the bottle, whose opening is pointed like a gun right at these students."
The fire marshal in Battle Creek determined Burton's accident could
have been prevented if an exhaust system in the room had been used to draw
away fumes. And the injuries might have been minimized if the teacher had
used a plastic shield or required the students to wear goggles.
In many cases, school officials believed such protection was
unnecessary when students were watching, rather than participating in, an
experiment even though most states have laws requiring eye protection
under such circumstances.
LACK OF SAFETY TRAINING
But a high percentage of science teachers have never had safety
training, and in some cases, the schools didn't even own the necessary
safety equipment, experts said.
Gerlovich, the Drake University researcher, has found, for example,
that more than 70 percent of North Carolina science teachers had never
received safety training. He said surveys in 17 other states found an
average of 55 percent to 65 percent of teachers have never been trained in
safety.
Alan Paradise, assistant principal of East Bakersfield High School
in California, said he never imagined students were in serious jeopardy in
the chemistry lab until a glass bottle of methanol exploded three years
ago, sending a teacher and 22 students to a hospital with cuts, headaches
and nausea. After that, the district began requiring shields and goggles
and sent teachers to safety training.
Suggestions for a safer lab http://www.labsafety.org/40steps.htm
"We had done this demonstration for years and years without
problems," Paradise said. "We're fortunate nothing worse happened."
The lack of training is alarming for another reason, experts said:
Many teachers don't know how to safely store chemicals, which can cause
dangerous reactions if they accidentally mix. Some teachers store chemicals
alphabetically instead of by chemical type, or they keep them beyond their
safe life span.
In Rogersville, Tenn., last March, old, unlabeled bottles of
chemicals being removed from a school accidentally leaked and mixed,
causing an explosion and fire. No one was hurt.
In Valley, Neb., officials cleaning out a school lab last year
found a canister of picric acid, which crystallizes and becomes highly
explosive with age. When they realized it could be 30 years old, they
called a bomb squad, which blew up the canister.
Lack of oversight
Eight months after the Genoa-Kingston flash fire, Rachel Anderson,
Eric Baenziger and Kara Butts are still recovering from their burns. Kara
and Eric wear pressure garments 24 hours a day to reduce scarring, and both
will require skin grafts, said their lawyer, Michael Alesia. The students
declined to be interviewed for this story.
All eventually returned to school. Administrators are trying to
sort out what happened and whether they should change their chemistry
procedures. The teacher was not disciplined and remains on staff, according
to the school's superintendent, Richard Leahy. The teacher did not respond
to a request for an interview, but Leahy said, "No one agonized more than
this man over hurting his students. He's a retired professional chemist; he
teaches because he loves it."
FEW LAWS, LITTLE ENFORCEMENT
The Genoa-Kingston case illustrates a lack of school safety
oversight common in most states, where laws, if they exist, are almost
never enforced in schools. Aside from eye protection requirements, few laws
are aimed specifically at students. School labs rarely undergo inspections
from state or federal authorities, and there usually are no requirements
that accidents be reported to anyone outside the school.
"The schools are pretty much left on their own," said James A.
Kaufman, director of the Massachusetts-based Laboratory Safety Institute, a
nonprofit agency that promotes school lab safety. "They all assume these
are smart people, they have a science degree, they know how to do this
properly. This is not true in some significant measure."
Federal Occupational Safety and Health Administration rules do not
cover local or state employees, and in most states, similar workplace
safety laws apply only to employees. There is no OSHA equivalent to protect
students; instead, it is assumed that if laws including OSHA's laboratory
standards protect teachers, students also will be safe, experts said.
The Illinois Labor Department, for example, investigates school
accidents only if someone reports them, said Al Juskenas, the department's
manager of safety inspection and education. But schools are only required
to report accidents if someone is killed, or if three or more
employees not students are injured seriously enough to go to the
hospital. The department investigated the Genoa-Kingston case because a
teacher complained, Juskenas said.
"I think lawmakers need to take another look at things," said Roy,
of the National Science Teachers Association. "But there is a lot on the
books now that needs to be enforced, and teachers need training. You send
your kids to school because you think they're safe. It burns me that
(accidents) are happening when they're preventable."
***********************
Nando Times
China says Internet service providers regulating content
BEIJING (July 7, 2002 11:06 a.m. EDT) - China's Internet service providers
are increasingly censoring their own content for subversive political
material through so-called "self-discipline pacts," it was announced Friday.
The China Internet Association said the agreements banned signatories from
producing or releasing content that was "harmful to national security and
social stability" or illegal, the state Xinhua news agency reported.
An official from the association, a self-regulatory body for China's
Internet sector, said the deal also left service providers responsible for
ensuring surfers "use the Web in a civilized way," without specifying what
this meant.
News of the initiative, which began in March, comes amid a major crackdown
on China's increasingly popular Internet cafes, where software is
reportedly being installed to detect computer users' attempts to access
banned sites.
China's authorities have an ambiguous attitude toward the rapid spread of
the Internet in the country, which saw almost 34 million people log on by
the end of last year.
While the government is aware that a technologically switched-on population
is a boon for economic growth, it is deeply nervous about how easily
citizens can discover - and spread - news and opinions through the Internet
and e-mail.
China has long tried to limit access to Web sites with information on
certain political or spiritual groups and foreign news, as well as
pornography.
However, given the extreme difficulty of blocking millions of pages,
authorities are instead relying increasingly on the booming Internet
industry to censor itself.
The new self-discipline scheme has spread rapidly from Beijing to provinces
around the country, Xinhua said.
Last weekend, the government announced that all the country's legally run
cybercafes - thought to number only 46,000 out of about 200,000 in
existence - would have to apply for re-registration.
At the same time, there has been a major crackdown on unlicensed
operations, stoking fears the government is seeking to limit public access
to the Web.
The drive follows a June 16 fire at an Internet cafe in Beijing that killed
24 young people, who were trapped behind a locked door and barred windows.
It was reported last week that Internet cafes nationwide are being ordered
to install software that can block access to up to 500,000 foreign Web
sites and notify police when Web surfers try to access illicit pages.
The filtering software has already been installed at Internet cafes in
several cities, the Hong Kong-based Information Center for Human Rights and
Democracy said.
**************************
Nando Times
Human rights group condemns Egyptian's conviction over online poem
The Associated Press
CAIRO, Egypt (July 7, 2002 10:54 a.m. EDT) - The sentencing to prison of a
Web site designer for posting a sexually explicit poem on the Internet was
a blow to freedom, Egypt's best-known rights group said Saturday.
Shohdy Surur, 40, was sentenced on June 30 to one year in prison and fined
$43 for posting a work written by his father, the poet Naguib Surur.
The poem, which has an obscene name, had never been published in print
because of the language that Surur used to condemn government officials for
Egypt's defeat in its 1967 war with Israel.
However, the poem is known in Arab literary circles and is circulated on
private cassette tapes. Naguib Surur died in 1978.
The Egyptian Organization for Human Rights said Surur's sentence was "a new
setback to freedom of opinion and expression in Egypt and a threat to
publishing on the Internet."
Police arrested Shohdy Surur in November. The poem was removed from the
Internet shortly afterward.
Surur is free pending his appeal, which is due to be heard Aug. 26.
**********************
Chicago Sun-Times
Workers at e-mail tilt point
July 6, 2002
BY JUDY OLIAN
According to industry figures:
* Eight billion e-mails are exchanged each day over the Internet. This
figure is expected to at least triple by 2005.
* Americans are second only to the Japanese in access to the Internet, with
68 percent of U.S. businesses operating online. In fact, most American
employees rely on e-mail as their primary means of workplace communication.
And we'll soon become much more mobile in accessing the Internet.
* Globally, 500 million people use mobile devices (primarily cell phones,
but also Blackberries and other wireless e-mail communication devices),
with this number expected to double by next year.
These statistics should translate into great efficiency during workdays,
since American workers are able to exchange information and data at the
click of a fingertip. But it also means, according to KPMG, that U.S.
office workers spend about four hours a day dealing with an average of 50
e-mail messages. And, based on a survey by General Interactive, 27 percent
of U.S. workers consider the amount of e-mail they receive as excessive or
intolerable.
Americans are at the delicate tilt point hovering between e-mail as a
productivity-enhancement mechanism vs. e-mail as a tool that creates
bondage to work stations in order to deal with unnecessary, irrelevant or
downright annoying information and facts.
That's without considering the pain of spam e-mails or hackers' deliberate
attempts to paralyze business systems.
Brightmail Inc., a maker of spam-filtering software, estimates that in the
12 months preceding May 2002, its users received 4.7 million mass mailings
or spam attacks, a five-fold increase over the same point last year.
Over the last four years, at least five anti-spamming bills have been
introduced in Congress, but none has yet passed. Most require that
unsolicited commercial e-mail messages be overtly labeled as such, that
recipients have a bona fide choice to opt in or opt out of the receiver
list, and that the routing information is not concealed. In an attempt to
fill the federal void, more than two dozen states have passed legislation
requiring the accurate labeling of e-mail messages and forbidding concealed
message origination. In Pennsylvania, the law is targeted only at
commercial distribution of explicit sexual materials.
As recipients become increasingly frustrated and consumed with the task of
screening messages and rebuilding systems that have been corrupted by
spammers, a new growth industry has emerged.
Software developers have invented increasingly sophisticated systems that
filter unwanted e-mails originating from blacklisted addresses. The
question, of course, is whether the anti-spamming software can stay one
step ahead of the ever more deliberate spammers who are constantly devising
new and creative methods of breaking into even the most elaborate corporate
firewalls.
There's an interesting angle in the battle against spamming--claims of free
speech. Case law provides for protection of anonymity and free speech, even
in the commercial arena, as long as the purpose of expression is not
threatening. Legislation designed to require identification of the message
originator is being challenged by the ACLU, which has spearheaded lawsuits
against a handful of state anti-spamming laws.
Several of these laws have been struck down by courts for restricting free
speech or for trying to legislate interstate commerce, which comes under
federal statutory authority.
But something will have to be done as spamming increasingly hampers the
utility of e-mail. AOL estimates that spam messages already account for
about 30 percent of the e-mails to its members. The solutions cannot rest
solely on the latest and greatest filtering software to screen out unwanted
messages, because the filters will never be fail-safe against the most
conniving and virulent spammers.
It's inevitable that part of every employee's orientation training program
will include a menu of strategies to prioritize and manage incoming e-mail,
and to spot those that are trivial, irrelevant, annoying and dangerous.
Each category will need different handling, and it will fall upon the users
to be the ultimate filters and triggers of precautions and counterattacks,
over and above the company's firewall.
Welcome to the Internet Age.
Judy Olian is dean of Penn State University's Smeal College of Business and
a leading expert in strategic human-resources management.
*******************
Euromedia.net (Netherlands)
Possible privacy violation in pursuing internet copyright infringement
05/07/2002 Editor: Joe Figueiredo
Although pursuing individual copyright violators, rather than trying to
prosecute suppliers of enabling tools, makes more sense legally, this
approach could raise privacy issues and also turn music buyers en masse
against the industry, according to Dutch solicitor Christiaan Alberdingk
Thijm.
Alberdingk Thijm successfully defended KaZaA, the Dutch online supplier of
Internet peer-to-peer (P2P) software for finding and downloading music
files, in a court case and subsequent appeal brought several months ago by
Buma/Stemra, the Dutch copyright association.
In KaZaA's defence, Alberdingk Thijm showed that the software supplier was
not responsible for the possible misuse of its products. That
responsibility lay with the users.
Although pursuing the individual violator does seem the logical route,
there are privacy issues to consider. Gathering evidence that such
'downloaders' also offer music files from their own computers requires
identifying the users and accessing information stored on their computers.
That is an invasion of privacy.
Moreover, such a witch-hunt of individuals could lead to a backlash against
the industry.
**********************
Sydney Morning Herald
Hide and sneaks
July 6 2002
Silent attackers are playing havoc with home pages. Nicole Manktelow
discovers Internet hijacking is a growing menace.
You have lost control. The home page, error pages and settings are out of
your grasp. The attackers were unseen, but now your browser is theirs.
You've just been hijacked, Internet-style.
Internet users are discovering the Web can be far more interactive than
they thought, with some sites able to exploit browser vulnerabilities and
permanently capture an unwitting audience.
It takes just one visit to a maliciously-coded Web site and, if the hijack
is successful, an Internet user may return to find that their home page is
no longer the TV guide but something as charming as Big Bertha's House of
Celebrity Smut.
Browser hijacking methods have grown in complexity and the tricks that were
once easily reversed are now much harder to combat.
There's no point saying bye-bye to Big Bertha if she reappears when the
computer is restarted - and no point even in trying to reset if the
controls are disabled.
The worst hijacking examples leave Internet users searching through the
operating system, attempting to weed out obnoxious pieces of code. It's a
precarious business requiring a relatively high level of expertise.
"I've noticed far more people begging for help on this problem lately than
a year ago when I first started to notice it," says Mike Healan, the Web
master behind Spywareinfo.com, which helps people fight a growing variety
of online nasties.
Some software products, for example, collect customer data including
tracking which Web sites are visited. Those that go too far - operating in
secret - have been dubbed "spyware" by annoyed Internet users.
If there's anything more annoying than prying eyes, it's having one's
browser hijacked, which Healan describes on his site as a "despicable"
practice.
"I get emails and message board posts every day about various hijacks," he
says. Healan provides prevention tips as well as some instructions for
those who have already been stung.
Whatever method they use, many hijackers send their victims to similar,
somewhat predictable destinations.
"The worst are the error-page hijacks and the start-page hijacks," says
Healan. "When you open the browser or when you mistype an address, you are
sent off to the Web site of the hijacker's choice."
Healan believes at least some of the techniques are published on hacker Web
sites, which may indicate the problem is set to get worse. As more site
owners discover how to control visiting browsers, chances are, more Web
surfers will be caught out.
Hijack tactics have become more sophisticated, utilising the programming
languages and browser features originally intended to make the Web a
richer, more useful experience.
To reduce the risk of hijack, Internet users, particularly those using
Internet Explorer, should be employing higher security levels, . "The
default settings are not enough," argues Healan.
Another step towards prevention is to ensure the browser's ability to run
unsigned ActiveX Controls is disabled - a setting that is found by going to
the Tools menu, Internet options, then clicking the Security tab (ensure
the option "download unsigned ActiveX Controls" is set to "disable").
"That one thing will prevent much of this," Healan says.
The vigilantes
Web sites, message board operators and software designers are banding
together to combat hijackings, spyware and other problems.
Start Page Guard is the most highly regarded preventive measure, stopping
unwanted changes to browsers and getting rid of many known offenders.
Ad-Aware, designed to detect and remove all traces of spyware from
computers, now also identifies some hijacker-harbouring programs.
Meanwhile, BHODemon from Definitive Solutionsscans systems to detect any
Browser Helper Objects users may not be aware of.
Anti-virus software is, of course, a key weapon in online security. Experts
also recommend personal firewall software and that users keep an eye out
for security updates and patches for their Internet software.
**********************
New Zealand Herald
X marks the spot for hackers
Strange chalked symbols have begun to appear among the graffiti sprayed on
the walls of Melbourne's city buildings.
They are the marks of the "war chalkers" - computer hackers who roam the
streets with radio-equipped notebook computers, trying to find open or
unguarded wireless computer networks they can penetrate.
The signs tell others where these networks are and what, if any, security
they have.
It's called "war-chalking", a term derived from "war-dialling", a computer
hacker practice dating back to the beginning of the Internet.
War-dialling hackers set up their computers to dial phone numbers until
they find one that gives them access to a network.
Wireless networks enable hackers to use their computers on the road. Soon
they were "war-driving" and "war-walking" city streets with notebook
computers, often hooked to makeshift antennae, looking for unprotected
wireless networks through which to log in.
A wireless access card and a piece of software to sniff the airwaves
enabled these "warriors" to find, and often hack into, the thousands of
private wireless networks operating in almost every city of the world.
Melbourne has hundreds of so-called "Wi-Fi" networks, many of them
insecure. Some found in the CBD last week were using the factory default
settings - and every hacker knows the passwords to those.
These networks use technology called 802.11b, also known as Wi-Fi. This is
the worldwide standard for broadband wireless connectivity over short
distances. It is always on, does away with expensive cabling and is
available to all within 30 metres of the base station, including mobile
hackers. Efficient antennae can tap into networks from up to five
kilometres away.
Wireless networks start cheap. Wireless cards cost as little as $60; a
simple base station is less than $500. Apple Computer markets a system
called Airport, widely used in schools and small businesses.
Hackers love Wi-Fi. It gives them free Internet access and sometimes to
places they have no right to be. "War-driving" and "war-walking" flourished
as hackers scoured the streets for networks they could penetrate.
Then one of them worked out a system to tell colleagues the sites of
wireless nodes they had found.
Matt Jones, a web designer with the BBC in London, reached into hobo
history for the means of communication.
Jones put his ideas on his website late last month. Now they are all over
the world.
The signs are simple. If war-chalkers find an open Wi-Fi network they draw,
in chalk, two halves of a circle back to back. If the node is closed, the
two halves are reversed, joined into a circle. If the node is protected,
the circle contains a W, short for Wired Equivalent Privacy.
Other information is written around the symbol - the ssid (service set
identifier) that acts as a password when a mobile device tries to connect
to the network; the bandwidth available; access contact and so on.
Jones says the intention is to identify networks that are open to sharing -
and many are, including a number in cafes run by Starbucks, the US coffee
house chain, which is happy to let people log in and buy a cup of Java
while they do it.
But the signs can also be used to point to corporate networks where
security is less than it should be.
As war-chalkers might say, if the moving hand has chalked upon your wall,
it could be time to move on... and get some network protection.
*************************
Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx