[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips July 11, 2002

Clips July 11, 2002

ARTICLES

Homeland Security Department would face cybersecurity problems, GAO warns
Pirates of the Web
New Web ID Standards to Be Unveiled
E-Mail Scrambler Has Security Flaw
Uncle Sam Wants You to Play This Game
OPM awards contract to develop an e-learning site
Businesses see bonanza in homeland security
Universal Music provides alternative to file sharing
Hot site Firefighters' digital maps catch on with the public
Recycling law could mean costly PCs
Broadband providers back need for speed
Science lessons 'tedious and dull'
Justice CIO crafting united plan
Focus turned on security officials
Information Age changes warfare rules
FBI hot on records management case
Seattle area police set up sharing
DOD awards translation contract
GAO: E-records overwhelm NARA
Web titans woo India's tech experts
High-tech front in the war on terror
Domain name fight heats up
New security flaw in Outlook, IE
Keep broadband pipes open, group says
U.S. House passes 'tech talent' bill
Identity Management Combines Security, ROI
Moore Says There's More to Moore's Law
Network-Centric WarfareThe Key to the Revolution in Military Affairs


****************************
Government Computer News
Homeland Security Department would face cybersecurity problems, GAO warns
By William Jackson

Combining six IT security agencies into one division of the proposed Homeland Security Department is an opportunity for enhanced efficiency, the General Accounting Office told a congressional panel yesterday. But it will not necessarily fix the weaknesses plaguing federal efforts to secure critical infrastructure.

"Since 1996 we have reported that poor information security is a widespread federal problem," Robert F. Dacey, GAO's director of information security, told a subcommittee of the House Energy and Commerce Committee.

The new department's Information Analysis and Infrastructure Protection division would inherit this problem, Dacey said.

The Subcommittee on Oversight and Investigations held its second day of hearings on the president's proposed legislation to establish the new department. Under the proposal, the department would include the FBI's National Infrastructure Protection Center; the Commerce Department's Critical Infrastructure Assurance Office; the National Institute of Standards and Technology's Computer Security Division; the Energy Department's National Infrastructure Simulation and Analysis Center; the General Services Administration's Federal Computer Incident Response Center; and the multi-departmental National Communications System.

Challenges to bringing these agencies together include:


Lack of a national strategy for critical infrastructure protection
Need to improve analytical and warning capabilities
Need to improve information sharing both within the government and between government and the private sector
Need to address pervasive weaknesses in federal IT security.

CIAO director John S. Tritak told the panel that the president's fiscal 2003 budget proposal calls for establishing an Information Integration Program Office within CIAO to improve coordinating information sharing. CIAO also is a focal point for private-sector input to the national strategies for cybersecurity and homeland security being developed by the Office of Homeland Security.

The strategies are slated for completion this month and released later this year.
************************
News.com
Homeland defense focus shifts to tech
By Declan McCullagh
Staff Writer, CNET News.com
July 10, 2002, 4:00 AM PT

WASHINGTON--Computer security is becoming an increasingly critical part of President Bush's proposal for a homeland defense department.
When Bush formally proposed the department last month, he predicted that the future agency would aid in investigating Al Qaeda and thwarting disasters similar to those of Sept. 11. In the televised address, he never mentioned the Internet or so-called cybersecurity.

But as Capitol Hill scrutinizes the proposal, politicians are fretting about tech-savvy terrorists--and insisting any new agency must shield the United States from electronic attacks as well.


"If we don't make sure the Homeland Security Department is prepared in this area of cybersecurity, we have failed in our duty," House Energy and Commerce Chairman Billy Tauzin, R-La., said Tuesday.

At Bush's urging, House Republicans have asked committees for any suggested changes to the White House-backed bill by the end of the week, and at least four committee votes are scheduled for Wednesday. On Thursday, a special panel chaired by House Majority Leader Dick Armey, R-Texas, will hold its first meeting to work out a final version of the plan.

Until this week, Congress has focused on how the proposal would combine 22 agencies, including the Secret Service, the Coast Guard and the Federal Emergency Management Agency, into a massive Department of Homeland Security.

Also included in the bill, and discussed at length in a pair of hearings Tuesday, are equally radical changes for the U.S. government's Internet defenses. The plan would glue together nearly all computer protection functions, from the Commerce Department's Critical Infrastructure Assurance Office to the Computer Security Division of the National Institute of Standards and Technology to the Federal Computer Incident Response Center.

The complex reshuffling of bureaucracies, including twists such as the proposed department's half-acquisition of the FBI's National Infrastructure Protection Center, has prompted some politicians to ask for more time to examine the plan. Privacy groups also have raised concerns about database sharing and have suggested that the department be subject to traditional open-records laws.

The House Science committee, for instance, plans to propose an amendment that would add an "Undersecretary for Science and Technology" to the department. Currently there are five proposed undersecretaries, a deputy secretary and allowance for "not more than six assistant secretaries."

From Washington's perspective, the concept of cybersecurity remains somewhat murky and marked by exaggeration. Last year, the head of the Defense Intelligence Agency told Congress that Fidel Castro could be planning a "cyberattack" on the United States, and White House cybersecurity czar Richard Clarke has spent years predicting an "electronic Pearl Harbor."

Tech's double-edged sword
Nearly everyone agrees that any electronic-defense plan should anticipate attacks against both government agencies and important systems owned by private companies.

"In the information age, the same technological capabilities that have enabled us to succeed can now also be turned against us," John Tritak, the head of the Critical Infrastructure office, said Tuesday. "Powerful computing systems can be hijacked and used to launch attacks that can disrupt operations of critical services that support public safety and daily economic processes."

President Clinton created Tritak's group by executive order in 1998. Since then, it's spent much of the time working with American businesses to beef up security.

But Tuesday, some politicians questioned whether that approach is working--and whether new laws and regulations are needed to bring executives to heel. Such requirements could include everything from design standards for backup power supplies to security rules for Web servers.

"Do you believe that efforts to regulate security across the private sector are warranted and are even likely to be effective?" asked Rep. James Greenwood, R-Pa., who chairs the Judiciary subcommittee.

"I'd like to think we made some headway in reaching out to industry," Tritak replied.

James McDonnell, the director of the Energy Department's security program, answered by saying he did not think new security laws were necessary, at least not yet.

"If we go forward with our vulnerability assessments and find that industry (is) not using these or (is) not taking care of their assets, then maybe we need to revisit what regulations are required," McDonnell said.

Rep. Bart Stupak, D-Mich., said he was tired of hearing excuses for poor performance by federal IT officials and wondered whether the massive proposed reorganization could exacerbate the situation.

"None of the computers seem to be compatible in the federal government," Stupak said. "Every time we spend billions of dollars to upgrade a computer, it doesn't seem to work and we have to start all over again...Are we going to have another layer of computers that don't talk to each other while cybersecurity is endangered?

"It seems like there's more of a turf war; we won't trust this person with this information, or it's our information and won't go further. I don't think it's all just computer-related problems or security-related problems but leadership problems."

A report that congressional auditors published last year said that instead of becoming a highly sensitive nerve center that responds to computer intrusions, the FBI's National Infrastructure Protection Center (NIPC) had turned into a federal backwater that was surprisingly ineffective in pursing malicious hackers or devising a plan to protect electronic infrastructure. It highlighted the NIPC's turf wars and concluded: "This situation may be impeding the NIPC's ability to carry out its mission."

David Sobel, general counsel of the Electronic Privacy Information Center, said Tuesday that the proposed department should not be completely immune to requests made under the Freedom of Information Act. Private companies have said they need such an exemption to be sure that sensitive information they provide not be disclosed.

"Any claimed private sector reluctance to share important data with the government grows out of, at best, a misperception of current law," Sobel said. "Exemption proponents have not cited a single instance in which a federal agency has disclosed voluntarily submitted data against the express wishes of an industry submitter."
*********************
News.com
Bush security plan may get privacy nod
By Declan McCullagh
Staff Writer, CNET News.com
July 10, 2002, 8:15 AM PT

WASHINGTON--President Bush's proposed Department of Homeland Security is likely to get its own privacy czar.
A panel in the House of Representatives is scheduled to vote this week on a plan to add a chief privacy officer to the planned agency.

A draft of the legislation seen by CNET News.com states that the Secretary of Homeland Security must appoint a privacy officer to ensure that new technologies "sustain and do not erode" privacy protections and to verify that the agency's massive databases operate within federal guidelines.


On Tuesday, the Bush administration told a House subcommittee that it was open to the idea, which key legislators have endorsed.

"I think privacy is a very important function. If you bring us a proposal, I imagine that we would look at it very seriously," Mark Everson, controller of the Office of Management and Budget, told panel Chairman Bob Barr, R-Ga.

In response, Barr suggested that the privacy position could be written in a flexible way that would not require Senate confirmation. "I'd be hard-pressed to argue against that," Everson said.

Rep. Maxine Waters, D-Calif., said she is concerned with the scope of a Homeland Security Department, which would combine 22 agencies including the Secret Service, the Coast Guard, the Federal Emergency Management Agency and part of the FBI's National Infrastructure Protection Center.

"I don't agree with Mr. Barr very much, but I kind of like him heading this subcommittee because he is a protector of privacy and civil liberties--and that makes up for all the other stuff that he's not," Waters said. "I'm very suspicious when people start to talk about flexibility and new powers that won't be abused by this administration...We've got to press hard and look at this flexibility."

The draft seen by News.com says the privacy officer will be responsible for "evaluating legislative proposals involving collection, use, and disclosure of personal information by the federal government" to ensure consistency with privacy laws. In addition, the officer must prepare an annual report to Congress identifying privacy complaints raised by the public and how the department responded.

The full House Judiciary committee is scheduled to vote on the proposal Wednesday or Thursday. After that, it goes to a special panel chaired by House Majority Leader Dick Armey, R-Texas, that will work out a final version of the plan.

"Mr. Armey is very supportive of all efforts to ensure that privacy laws are upheld and strengthened when they need to be," Richard Diamond, a spokesman for Armey, said Wednesday.

After initially opposing the idea of a Cabinet-level agency for homeland security, Bush endorsed it in a televised address last month. Congress is scheduled to vote on the plan before its August recess.

Peter Swire, a top privacy official under President Clinton, told Barr's panel that the existing proposal includes few privacy safeguards. In written testimony, Swire called the bill "a recipe for essentially unrestricted sharing of sensitive personal information, with no apparent incentives to limit such sharing and no remedies if the sharing goes too far."

Swire, who has reviewed the privacy legislation, said Wednesday that "it's a positive step to put the chief privacy officer in a statute. I'm glad that the administration seems to be open to that approach."

If signed into law by the president, the measure would create what appears to be the first legal requirement that a Cabinet secretary appoint a privacy chief. "To my knowledge, this would be the first position," says Chris Hoofnagle, legislative counsel at the Electronic Privacy Information Center.
************************
New York Times
Pirates of the Web
By JENNIFER 8. LEE

LAST week, at age 29, John Sankus Jr. moved out of his parents' house for the first time. He and his parents drove 150 miles from their home in suburban Philadelphia to his new one: a federal penitentiary in Allenwood, Pa.

Mr. Sankus, who entered the minimum-security prison on July 2 to serve a 46-month sentence, is a soft-spoken, churchgoing computer technician who still has the plush stuffed whales from his childhood.

But United States Customs Service investigators and prosecutors say he was also a ringleader of an international gang of software pirates that deprived companies of millions of dollars through the illegal distribution of copyrighted software, games and movies on the Internet. In February, Mr. Sankus pleaded guilty to a felony count of conspiracy to commit copyright infringement.

The piracy group, known as DrinkorDie, was among the chief targets of more than 100 coordinated raids in the United States and abroad last December. So far 15 people in the United States have pleaded guilty to criminal charges as a result of the raids, including a Duke University student, a programmer at the University of California at Los Angeles, an employee at an Internet service provider and several executives at technology companies. So far Mr. Sankus and five others have been sentenced to prison.

Interviews with Mr. Sankus and others involved in the case, including customs and law enforcement officials, offer an unusual glimpse into the world of Internet piracy. It is a community of sorts, with perhaps 30 major groups that issue pirated products by cracking the copy-protection codes of software or making illicit duplicates of movies.

Many of the pirates say they were motivated less by money than by a sense of competition, prestige and the entertainment value of distributing the pirated goods, which they call "warez."

"Most of the people I have been around with are not out to cheat anybody," said Mr. Sankus, a large, shy man who worked as a computer technician at a Gateway store. "They are out to have fun. It's just a hobby."

In an interview before he went off to prison, Mr. Sankus said he earned no money from software piracy. He described it rather as a social activity that consumed him.

He recounted the day when about 40 armed customs agents swooped into his workplace. "I felt like someone who had just murdered 50 people," he said.

Prosecutors say that Mr. Sankus helped steal millions of dollars' worth of intellectual property. And despite the guilty pleas from him and others, they add, the stealing continues because of the nature of the distribution medium.

"That's the difference in the old world, if you stopped the source, you stopped the piracy," said Michael DuBose, a Justice Department lawyer who played a pivotal role in the piracy investigation. "But all the stuff that DrinkorDie put out there continues to be out there."

While Internet piracy slowed immediately after the December raids, activity has picked up again, investigators say. For example, Warcraft III, an eagerly anticipated game from Blizzard Entertainment, was "cracked" and released to the Internet only one day after a master CD for the game was created in mid-June.

For DrinkorDie members, piracy was the technological equivalent of joy riding a form of bravado that could gain them acceptance in a hierarchical social sphere.

"It's all about stature," said David Grimes of Arlington, Tex., a DrinkorDie member who worked as a computer engineer at Check Point Software, a company that specializes in security solutions for software. "They are just trying to make a name for themselves for no reason other than self-gratification." Mr. Grimes is serving a 37-month prison sentence after pleading guilty to the same charge that Mr. Sankus did.

"It's the same reason that people join gangs," said Allan Doody, the Customs Service investigator who led the DrinkorDie investigation, part of a broader anti-piracy campaign called Operation Buccaneer. "They're hanging out on the cyber-street corner."

But in contrast to petty criminals and warring gangs, Internet piracy groups have a worldwide impact of at least tens of millions of dollars, if not more. Such groups secure their reputations by releasing thousands of free movies, games, music and software programs on the Internet each year.

While such groups rarely profit financially from their activities, their warez (pronounced like the word wares), proliferate rapidly around the world, reaching those who do sell them for gain for example, people who hawk the software through pay-for-access Web sites or burn them on CD's for sale on the street, in shops or at Internet auction sites.

The copies "become the raw materials that others use for commercial piracy," said Bob Kruger, president of the Business Software Alliance, an industry group that asserts that software piracy costs $10.1 billion a year in lost sales worldwide.

The victims of piracy take the threat very seriously. Havard Vold, president of an eight-person company in Cincinnati called Vold Solutions, was horrified to discover that DrinkorDie had released a free version of a specialized engineering program that his company sold for $9,500.

"That was very scary," Mr. Vold said. "They do not understand the impact of copyright infringement, especially on the smaller companies."

Although the warez scene took root only in the early 1990's, piracy has expanded rapidly, particularly in the last five years.

Increasing access to the Internet worldwide, cheap computer storage costs and the proliferation of digitized media have helped set off an international online shopping spree in which just about anyone can obtain a pirated version of a coveted software program, computer game or movie openly and easily.

By contrast, the warez groups themselves tend to operate in secrecy, relying on encryption technologies, disguised Internet Protocol addresses and invite-only chat channels. And their world is highly structured, with a strict hierarchy and rules.

The pirates are organized into two main types: release groups that produce the pirated works and courier groups that serve as worldwide distributors.

Government investigators estimate that there are roughly 30 major release groups enlisting some 1,500 people around the world. In the DrinkorDie raids last December, warrants were served on suspected members in Britain, Australia, Finland, Norway and Sweden. Mr. DuBose said that at least half of DrinkorDie's members lived outside the United States.

Different warez groups focus on different product lines. Groups like FairLight and Razor1911 are known for game releases. FTF and Immortal VCD release movies, a pursuit that relies less on overcoming protection schemes than on getting illegitimate access to recent films to duplicate them. A group called POPZ, for Parents on 'Puterz, focuses on children's games.

DrinkorDie, which is perhaps best known for having cracked Windows 95 weeks before it was released by Microsoft, has more recently concentrated on expensive specialized software like Mr. Vold's engineering program.

"It's cool to release something that costs $18,000," said Mr. Grimes, the DrinkorDie member from Arlington, Tex. "Basically, if it wasn't for us, you would never see this piece of software."

Warez involve frenzied competition. Groups race to be the first to release popular movies and games, but quality is important too. Groups take jabs at one another's releases. Immortal VCD called a competitor's release of the Disney film "Lilo and Stitch" subpar, describing the copy as "very dark, shaky and pixilated." It offered its own version as an improvement.

The release groups typically have one or two leaders, two or three other managers called "council members," 10 to 15 staff members who work on releases and 50 to 100 members who simply have access to the releases.

Mr. Sankus, one of the two leaders of DrinkorDie, went by the online name Eriflleh, or "hellfire" spelled backward. The other leader, who goes by the online name Bandido, lives in Australia and has not not been charged, Justice Department officials said.

Like similar release groups, DrinkorDie divided the labor. Suppliers, often insiders at a software company, provided versions of the software. Crackers, who had the most technologically complex role, stripped the programs of their protections. Testers then made sure that the unprotected versions of the software worked properly. Finally, there were packers and "pre-ers" who were responsible for dividing the programs into small files and distributing them to release sites.

Mr. Sankus started out as a tester and a packer for DrinkorDie before moving into a leadership position. "There weren't that many people who wanted to do testing and packing because it was considered grunt work," he said.

The warez community has numerous databases to keep track of the thousands of releases. People can perform what are known as "dupe checks," or searches to determine whether a program or a movie has already been released.

The Isonews Web site (www.isnonews.com) keeps a public database of the information files that accompany each warez release. Such files specify who was responsible for the release, when it was made available and how many files the product has been broken down into, as well as reviews. The warez groups privately maintain a database known as Checkpoint that has automated software agents, or bots, that keep abreast of warez releases as they occur.

Once the files arrive at the release sites, courier groups take over and move them through a systematic distribution chain. Within 10 minutes of a warez release, the pirated product is copied to a few dozen central distribution centers on the Internet.

Government officials estimate that within six hours, lower-level couriers then copy files to about 10,000 publicly available sites around the Internet. Within two or three days, the movies and program trickle onto Usenet groups and onto peer-to-peer software networks like KaZaA and Morpheus. Once the files become public, they are essentially available to anyone who goes looking for them.

"All it takes is one person to put it on a newsgroup then it explodes," said David Rocci, who runs Isonews.

The courier groups, like the release groups, are fueled by competition. The government estimates that 3,500 people are involved in the most elite courier groups, which include RISC and Moonshine.

Couriers are ranked in groups and as individuals with a scoring system. There are weekly rankings, all-time rankings and regional rankings (United States vs. Europe, for example).

Courier groups are sized up in shadowy e-mail publications like American Courier Review and Courier Weektop Scorecard in sports-style commentary. "Just not quite enough for RISC this time but an awesome team effort in which we see some nice individual performance as well," a recent review read.

Although release and courier groups engage in little direct commercial activity, a 1997 extension in federal copyright law made piracy a crime even if there is no monetary profit.

Prosecutors say that money is beside the point in the underground pirate economy. The releases form the basis of a bartering system in which members trade, hoard and collect warez. Access to software storage sites is granted in exchange for hardware, server space and other technological goods.

"You don't need to make money, when you don't need money to buy this stuff," Mr. DuBose said. "By participating in a group, they got the key to the candy store. Any movie, game, software they could ever want, they could get."

Still, given the absence of personal profit, some DrinkorDie members were surprised by the prison sentences they received, generally from three to four years. "We weren't criminal-minded," Mr. Grimes said. "We never anticipated that a company would lose a sale as a result of one guy in China downloading it and burning it onto a CD and selling it to half of China."

But that argument fails to resonate for copyright holders like Mr. Vold. "If you like torching houses for fun, you don't gain anything from torching somebody's house," he said. "But that homeowner will certainly suffer a material loss."
**************************
Associated Press
New Web ID Standards to Be Unveiled
Thu Jul 11, 6:13 AM ET
By D. IAN HOPPER, AP Technology Writer

WASHINGTON (AP) - An industry coalition is set to unveil standards for identity authentication on the Internet, the first step toward making the task of remembering long lists of Web site passwords a thing of the past.


The Liberty Alliance, which includes companies like Sun Microsystems, Sony, American Express, Mastercard and Bank of America, plans to release the details Monday.

The standard is designed to make it easy to log into different systems from making online purchases to checking bank or credit card accounts while making different authentication systems speak the same language. That realm is currently dominated by Microsoft, whose Passport system runs on about 200 Web sites.

"The promise of electronic commerce has not been delivered on," said United Airlines chief information officer Eric Dean, who also serves as the head of the group's management board. "There are huge possibilities."

Privacy advocates, however, say the creation of a single identification standard will make it easier for businesses to profile Internet users for marketing purposes.

"They want identification data to find new marketing avenues," said Chris Hoofnagle, legislative counsel for the Electronic Privacy Information Center. "What it means for the individual is more spam, more direct mail, more telemarketing."

Hoofnagle said a single Internet ID also will place individual financial data at greater risk for disclosure over the Internet.

"It's like using the same key for your house and your car and your safe deposit box," he said. "Compromise that one key and all the golden eggs are compromised."

Dean said Liberty Alliance is starting small. Users will be able to choose to "link" different accounts, so Mastercard.com will be able to identify the same user that visits United.com, without having to type in another password.

More robust features, like a detailed profile that contains the user's address and phone number to be shared with all the Liberty-enabled sites, will come later. Dean said the slow ramp-up is designed so Web site developers can start using it within months.

"We can extend United.com to do this without having to launch a rocket to the moon," Dean said.

It has been almost a year since Liberty Alliance was announced. Without any real product or service to speak of, most of the attention has focused on friction between Liberty members and Microsoft.

During Microsoft's antitrust penalty hearings in April, Microsoft lawyers derided Liberty's name as an attack on Microsoft. They said it means "liberty from Microsoft hegemony." While testifying against Microsoft, Jonathan Schwartz, Sun Microsystems's top Liberty representative, called that interpretation of the name "paranoid."

Microsoft and Liberty members have discussed Microsoft joining the alliance, but no deal has been struck.

Microsoft has not yet seen the Liberty standard. While Microsoft said it agrees a single Internet ID standard is a good idea, it wants Liberty to use Microsoft's Passport system.

"We are not distracted by Liberty versus Passport battles," Microsoft spokesman Adam Sohn said in a statement. "We are instead focused on answering broader customer demand for security in the Web services environment."

Dean downplayed Liberty's disagreements with Microsoft, including the idea that Microsoft may join Liberty only to co-opt and change the standards for its own purposes. Several critics, including Liberty members Sun and AOL Time Warner, have said Microsoft has done that to other technology standards, essentially "breaking" them so competing products don't work as well as Microsoft's.

"There were some concerns about that at the beginning," Dean said. "We have not talked about that much in the past six months."
****************************
Associated Press
E-Mail Scrambler Has Security Flaw
Thu Jul 11, 6:14 AM ET
By TED BRIDIS, Associated Press Writer

WASHINGTON (AP) - The world's most popular software for scrambling sensitive e-mails suffers from a programming flaw that could allow hackers to attack a user's computer and, in some circumstances, unscramble messages.


The software, called Pretty Good Privacy, or PGP, is the de facto standard for encrypting e-mails and is widely used by corporate and government offices, including some FBI ( news - web sites) agents and U.S. intelligence agencies. The scrambling technology is so powerful that until 1999 the federal government sought to restrict its sale out of fears that criminals, terrorists and foreign nations might use it.

The new vulnerability, discovered weeks ago by researchers at eEye Digital Security Inc., does not exploit any weakness in the complex encrypting formulas used to scramble messages into gibberish. Instead, hackers are able to attack a programming flaw in an important piece of companion software, called a plug-in, that helps users of Microsoft Corp.'s Outlook e-mail program encrypt messages with a few mouse clicks.

Outlook itself has emerged as the world's standard for e-mail software, with tens of millions of users inside many of the world's largest corporations and government offices. Smaller numbers use the Outlook plug-in to scramble their most sensitive messages so that only the recipient can read them.

"It's not the number of people using PGP but the fact that they're using it because they're trying to safeguard their data," said Marc Maiffret, the eEye executive and researcher who discovered the problem. "Whatever the percentage is, it's very important data."

Maiffret said there was no evidence anyone had successfully attacked users of the encryption software with this technique. He said the programming flaw was "not totally obvious," even to trained researchers examining the software blueprints.

Network Associates Inc. of Santa Clara, Calif., which until February distributed both commercial and free versions of PGP, made available on its Web site a free download to fix the software. The company announced earlier it was suspending new sales of the software, which hasn't been profitable, but moved within weeks to repair the problem in existing versions. The company's shares fell 50 cents to $17.70 in Tuesday trading on the New York Stock Exchange ( news - web sites).

Free versions of PGP are widely available on the World Wide Web.

The flaw allows a hacker to send a specially coded e-mail which would appear as a blank message followed by an error warning and effectively seize control of the victim's computer. The hacker could then install spy software to record keystrokes, steal financial records or copy a person's secret unlocking keys to unscramble their sensitive e-mails. Other protective technology, such as corporate firewalls, could make this more difficult.

"You can do whatever you want execute code, read e-mails, install a backdoor, steal their keys. You could intercept all that stuff," Maiffret said.

Experts said the convenience of the plug-ins for popular e-mail programs broadened the risk from this latest threat, since encryption software is famously cumbersome to use without them. Even the creator of PGP, Philip Zimmermann, relies on such a plug-in, although Zimmermann uses one that works with Eudora e-mail software and does not suffer the same vulnerability as Outlook's.

A plug-in for Microsoft's Outlook Express a scaled-down version of Outlook is not affected by the flaw.

Maiffret said his company immediately deactivated the vulnerable software on all its computers, which can be done with nine mouse-clicks using Outlook, until it could apply the repairs from Network Associates. The decision improved security but "makes it kind of a pain" to send encrypted e-mails, he said.

Zimmermann, in an interview, said PGP software is used "quite extensively" by U.S. agencies, based on sales when he formerly worked at Network Associates. He also said use of the vulnerable companion plug-in was widespread. Zimmermann declined to specify which U.S. agencies might be at risk, but other experts have described trading scrambled e-mails using PGP and Outlook with employees at the FBI, the Energy Department and even the super-secret National Security Agency.

In theory, only nonclassified U.S. information would be at risk from this flaw. Agencies impose strict rules against transmitting any classified messages encrypted or not over the Internet, using the government's own secret networks instead.

"The only time the government would use PGP is when it's dealing with sensitive but unclassified information and has a reasonable degree of assurance that both parties have PGP," said Mark Rasch, a former U.S. prosecutor and expert on computer security. "It's hardly used on a routine basis."
*************************
New York Times
Uncle Sam Wants You to Play This Game
By BRIAN KENNEDY

BE all you can be"? Ancient history. "An army of one"? Last year's news. The military's newest promotional campaign is not even televised; it is America's Army, a free computer game produced by the military and aimed at winning the hearts and minds of tech-minded teenagers.

The game is the brainchild of Lt. Col. Casey Wardynski, director of the Office of Economic and Manpower Analysis at West Point. Although Colonel Wardynski is not a gamer himself, his two sons are, and his oldest, 17-year-old Casey, is a big fan of the action game Delta Force. The colonel said the idea for the game came to him three years ago while he was researching ways to attract computer-adept recruits for an increasingly high-tech military.

The Army is looking to hire 79,500 young adults this year and, as Colonel Wardynski said, "Gaming tends to be very interesting to young Americans."

Colonel Wardynski concluded that releasing a free, high-quality game and encouraging gamers to copy it and share it with friends would be an effective (and relatively inexpensive) way to reach those budding computer whizzes.

America's Army is actually two games. The first, Operations, is a multiplayer first-person shooter inspired by the popular game Counterstrike. Players log on through the Internet, take on the roles of United States soldiers and team up to battle terrorists.

But Operations is no Rambo-style shoot-'em-up. Although it uses the engine or basic structural programming from the newest version of the sci-fi game Unreal, the Army has gone to great lengths to make the game as realistic as possible, soliciting input from soldiers at bases nationwide.

The designers, primarily the Modeling, Virtual Environments and Simulation Institute at the Naval Postgraduate School in Monterey, Calif., say they have modeled each weapon accurately. A player's aim will be affected by his stance, breathing and movement. A player who charges an enemy trench, wildly firing his rifle, is unlikely to hit very much.

Everything from the direction and velocity of shell ejection to the way soldiers high crawl when carrying a rifle is based on the way the Army really operates, said Michael Capps, the game's executive director and a professor at the modeling institute.

Unlike many multiplayer games, Operations features mechanisms to ensure participants' good behavior. Gun down your drill sergeant on the rifle range, for example, and you'll serve hard time in a virtual Fort Leavenworth.

In another departure from gaming norms, Operations is not very bloody.

"We don't want to use violence as an entertainment vehicle," Colonel Wardynski said. Bullet hits are registered by puffs of blood instead of the sprays of gore typical of some first-person shooters. The game is rated appropriate for teenage players (most graphic first-person shooters are rated for mature players).

The enemy is designed to look as generic as possible. "We've got blond guys who are bad guys, black guys who are bad guys," Colonel Wardynski said. "Usually, they're not well shaven."

In the second part of the game, Soldiers, players progress through a virtual career in the Army, serving in a variety of units and improving their ratings in categories like loyalty, honor and personal courage as they go.

A preliminary version of the Operations game released on July 4 includes two training missions and four combat operations, including an assault on a terrorist camp that Colonel Wardynski said was modeled after a raid conducted in the early days of the Afghanistan campaign.

Maj. Chris Chambers, the project's deputy director, said that more than 500,000 copies of the game had been downloaded by Wednesday morning prompting a frantic rush for additional servers and an accelerated plan to release "community software" allowing groups to play without tapping into a server.

The full version of America's Army is scheduled for release in late August or early September. It will be available free as a two-CD set or by downloading from the Internet at americasarmy.com.

The Army is hoping the game will help cut down on one of its biggest expenses filling its ranks. Doug Smith, a spokesman for the Army Recruiting Command in Fort Knox, Ky., said the Army spends about $15,000 to recruit every soldier.

Colonel Wardynski said the government will have spent about $7.6 million to develop the game by September; he said he expected the cost of creating new missions and other updates to be about $2.5 million a year and the cost of maintaining the multiplayer infrastructure to be about $1.5 million.

If the game draws 300 to 400 recruits in the next year, he said, it will have been worth the cost especially since the game is considered likely to attract people attending or considering college, who tend to be more expensive to recruit.

He also hopes that by providing more information to prospective soldiers, the game will help cut down on the number of recruits who wash out during the nine weeks of basic training and subsequent specialized training, which can last up to a year. (All told, the Army loses 13.7 percent of recruits during training, according to a spokesman for the Training and Doctrine Command in Fort Monroe, Va.)

Recruits who signed up but then quickly changed their mind "had an information problem," Colonel Wardynski said.

"That's $15,000 down the drain," he added.

Initial reaction among gamers has been positive. The Army's display booth at the Electronics Entertainment Expo in Los Angeles in May was packed despite, or perhaps because of, the presence of uniformed soldiers and military vehicles instead of the typical scantily clad women. Army officials said they had received more than 150,000 advance orders for the game before the preliminary version became available for download on July 4.

"It's a blast," said Amer Ajami, an editor at Gamespot.com who spent last weekend playing the game online. "It's pretty realistic you take one or two shots and you go limp, you take one more and you're done."

From a marketing standpoint, Mr. Ajami said, its prospects are excellent. "You see all these commercials on TV with catchy phrases, but nothing beats going in and seeing what the Army really does," he said. "Without actually having to do it."
**************************
Government Computer News
OPM awards contract to develop an e-learning site
By Jason Miller

The Office of Personnel Management last month moved closer to unveiling its new e-learning Web site. It awarded a task order to Geolearning Inc. of West Des Moines, Iowa, to redesign the National Learning Center's site and provide courses.

Norm Enger, OPM's e-government director, has said he wants the new site up by the end of July [see www.gcn.com/21_13/news/18836-1.html].

The project is a part of the Office of Management and Budget's 24 e-government initiatives and is one of five projects OPM is managing. OPM will rename the site www.golearn.gov.

Along with Geolearning, OPM hired Karta Technologies Inc. of San Antonio, NetG of Naperville, Ill., and Skillsoft Corp. of Nashua, N.H., to provide online courses for the site, an OPM spokesman said.
**************************
USA Today
Businesses see bonanza in homeland security

By Jim Drinkard, USA TODAY

WASHINGTON As government workers browse the booths at a high-tech expo here, a large placard declares, "Homeland Security and Defense is SERIOUS BUSINESS."

Unstated is another truth: It's also serious money. The Sept. 11 terrorist attacks on the United States have created a wave of government spending reminiscent of the space program in the 1960s or the savings and loan bailout of the 1980s. New federal outlays for homeland defense are expected to hit $57.2 billion by next year, and President Bush has made it clear the investment will continue for years to come. In a faltering economy, it's one of the few things growing.

That has gotten the attention of thousands of businesses claiming to have the solution to the government's security needs. Companies ranging from global giant IBM to tiny Nasatka Barriers, a Maryland manufacturer of vehicle blockades, are thronging the capital with brochures and demonstrations in hand.

"There is a gold rush," says Lee Hamilton, a former chairman of the House Intelligence Committee who is still active in national security issues. "There is a tremendous market out there for security devices that has exploded in the past few months."

As with any gold rush, the homeland security bonanza is likely to attract pretenders along with patriotic entrepreneurs. It will be up to government agencies at the federal and local levels to exercise care in their buying decisions.

"There have been a lot of folks who have risen to what they see as an opportunity, who offer a product that may or may not do what they say it does," says Douglas Eaton, marketing director for NBC Team Ltd., maker of several products that combat bioterrorism.

President Bush's homeland security director, Tom Ridge, welcomes the capitalist impulse. "The entrepreneurial spirit is a potent weapon against terrorism," he told the Electronic Industries Alliance, a high-tech trade group. "We look to your enlightened self-interest. We want you to do well by doing good."

Most of the new money is still finding its way through Congress. When it does begin to reach the marketplace in a few months, much of it will flow to state and local governments. Most of the money spent has flowed through federal hands.

"Since Sept. 11, the government has been the predominant source of our business," says John Centeno of Solar Security Films, a company that applies anti-shattering film to building windows. "As people become aware of the billions of dollars assigned to homeland security, more and more are going to try to get a slice of that."

The film, designed by 3M to keep occupants safer in the event of an explosion, has been applied to 17 buildings on Capitol Hill, to the windows at Reagan National Airport and to MacDill Air Force Base in Tampa, home of the Pentagon's Central Command.

Centeno was in Washington last month trolling for more government business, along with dozens of other companies at the Homeland Security Summit and Expo. Such trade shows are becoming common in the nation's capital: On Wednesday, 54 mostly small companies crowded into a Senate office building's auditorium to show off their wares.

Many products developed for other uses are finding a place in the new market. "Everybody is looking at their products and seeing if they can redefine them and market them as a homeland security item," says Ron Kaufman, a Washington lobbyist.

Varian Medical Systems, which has long made X-ray equipment for hospitals, was at last month's expo showing off a mobile unit that can be used to see inside trucks and shipping containers at ports or border crossings.

"U.S. Customs has been talking about cargo screening for years," says Chuck Stirm, a company salesman. Now, "there are purchase orders stacked on desks this high," he says, holding his hands a foot apart.

Nearby, Telephonics Corp. displayed an oscillating flat panel mounted on a tripod that uses Doppler radar to detect human movement over broad open spaces. Company officials had demonstrated the $175,000 device two days earlier for intelligence and defense officials. They set it up at Reagan National Airport to show how it could trigger alarms if someone tried to sneak onto a runway from a small boat in the Potomac River. Samuel Evans, the company's Washington lobbyist, says Telephonics hopes to market the radars to military bases, airports, nuclear plants and the Border Patrol, among others.

John Scolaro's product couldn't fit into the expo's exhibit hall, so he brought a computer display of a vehicle trying to crash through Nasatka's traffic gate. The barriers, which allow only authorized vehicles to enter a parking lot or building, are in use around the US Capitol.

'How much is your budget?'

"Before Sept. 11, the question was how to persuade a client to buy," Scolaro says. "Now the question is, 'How much is your budget?' "

Viisage Technology is opening a Washington office to tout its software. It captures an image of a person's face, then compares it with a database of suspects on a watch list an electronic version of the police mug shot book. First developed to help gambling casinos keep out cheaters, the technology has promise for screening airline passengers or crowds coming into large events such as the Super Bowl, says marketing vice president Cameron Queeno.

"We've heard over the last months that there are terrorists in this country, living among us," he says. "Anything we can do to identify who they are and what they are up to is a step toward enhancing our homeland security." The cost? "A couple of million bucks per airport," he says.

E-Z-EM, a health care equipment company in New York, rented a Washington hotel meeting room recently to demonstrate a tent-like enclosure that can be placed over a "dirty" radiological bomb or other explosive device. If the bomb detonates, the tent's tough fabric expands and holds in shrapnel as well as radiation or other toxins. A foam decontaminant neutralizes biological terror agents such as anthrax or mustard gas. The recently declassified device, which is already used in Canada, was deployed at the two major US political party conventions in 2000 and the Super Bowl in New Orleans.

The company also is selling sponges soaked with decontaminant, for use by firefighters, police and emergency medical personnel who respond to a bioterrorism scene. The US Capitol has bought 20,000 gas masks to issue to lawmakers, staff and tourists in case of a terrorist emergency. And there is a boom in sales of potassium iodide tablets, which can protect the thyroid gland from absorbing dangerous levels of radiation if someone is exposed to a "dirty bomb."

The marketing frenzy extends beyond items normally associated with terrorism defense. A team from Kurz and Co., a German business that makes hologram-like foil seals, says its high-tech appliqués could be used on US currency to make it harder to counterfeit. That might take away an avenue of economic disruption that terrorists could exploit, since American money is among the world's easiest to fake, company official John Tye says.

"Guatemala has more secure banknotes than you do," he says. "So does Zaire."

The company has hired the venerable Washington lobbying firm of Verner Liipfert to push its idea of affixing hologram-like seals to $100 and $50 bills among the most counterfeited and to promote the technology to make documents such as passports, visas and pilots' licenses harder to duplicate.

"We don't want to seem like 9/11 opportunists," says Kurz spokesman Robert Skelly, "but it has created an environment where the American government will be a little more accepting of change."

The homeland-security gold rush is creating a bottleneck in Washington. Companies are clamoring to be seen by the people who matter. Congressional aides have filled their calendars with meetings, and Ridge's office has been besieged with requests.

"There's bound to be frustration when you've got 1,000 companies that believe their technology is going to solve everything, but they can't link up" with the appropriate government office, says John Marburger, President Bush's science adviser.

IBM security services manager Rusine Mitchell-Sinclair says even a Fortune 500 company is challenged to keep up with the fast-evolving marketplace. "It's been a moving ball, who's in charge," she says. "It is a bit of an adventure."
*********************
San Francisco Gate
Universal Music provides alternative to file sharing
Rare old albums can be bought, downloaded on EMusic.com

Universal Music Group today will begin selling downloadable MP3 versions of old albums from artists like Muddy Waters, B.B. King, Gladys Knight and Bing Crosby.

In a limited test, Universal Music, the largest of the world's big five record labels, will release about 1,000 of its hard-to-find back catalog albums through its online music subscription subsidiary, EMusic.com.

In another groundbreaking step, Universal will allow the downloaded tracks to be burned onto recordable CDs or transferred to a portable digital audio player, actions the record industry has been reluctant to allow for fear of cannibalizing already falling CD sales revenue.

Analysts said the move is yet another sign that the recording industry is finally making progress in providing an alternative to popular file-sharing programs like KaZaa, which already allow users to download, copy and transfer MP3 songs at will.

"It's another baby step," said analyst Phil Leigh, vice president of technology research at Raymond James & Associates. "If they find it does generate significant incremental revenue, I think they'll be prepared to take the next step."

Beginning today, EMusic.com, which charges $10 to $15 per month for a subscription, will offer Universal's jazz, pop and classic hits from the 1950s,

1960s and early 1970s. The artists include Olivia Newton-John, Aretha Franklin, B.B. King, Gladys Knight, Oingo Boingo, Chuck Berry and Pat Boone.

Larry Kenswil, president of Universal's ELabs Internet commerce unit, said Universal wants to see whether it can generate new revenue streams from albums that are no longer making money from retail sales. Therefore, it's not worried about downloading and CD burning -- two major factors the record industry blames for a global sales slump.

Still, the Universal-EMusic deal remains only a test. It will not include any current chart toppers like Eminem. Nor does Universal, a subsidiary of struggling French media giant Vivendi Universal, have any near-term plans to expand the selection.

The Universal partnership gives EMusic -- known mainly for its selection of tracks from lesser known independent artists -- a major label, even though it is an in-house deal.

EMusic.com, formerly based in Redwood City, was purchased in 2001 by Vivendi Universal, which subsequently moved the company to the San Diego offices of another online startup, MP3.com.

Vivendi's Internet operations posted an operating loss of $301 million last year.

E-mail Benny Evangelista at bevangelista@xxxxxxxxxxxxxxxx

************************
Mercury News
Hot site Firefighters' digital maps catch on with the public
By Ian Austen
New York Times

Firefighters, particularly those who take on forest fires, are longtime users of Geographic Information Systems programs that marry database information with digital maps.

So it was not a tremendous leap two years ago when several agencies with responsibilities related to forest fires got together to consolidate their GIS data and make it available to each other through the Internet.

What they did not anticipate, however, was that a Web site conceived as a professional tool would become even more popular with the public.

``The intent was to make it for firefighting planners,'' said Liz Lile, a cartographer and the U.S. Geological Survey's project coordinator for the Web site. ``But it quickly became evident back then that the public was going to use it as well.''

That has especially been the case in recent weeks as forest fires have swept through large areas of Arizona and Colorado. The Web site, www.geomac

.gov, logged 4.3 million requests for page views last month. Jeff Baranyi, an adviser to the project from ESRI, a maker of GIS software, said that the overwhelming majority of visitors used domain names associated with consumer Internet service providers. ``It's very much a public Internet site,'' he said.

Unlike the professionals, such visitors were not concerned with issues like how to deploy firefighting equipment. Lile and Baranyi said that e-mail messages to the site indicated that people were instead using it as a tool to determine whether their homes or those of relatives were in the path of a spreading blaze.

``What they really want to know is, `Where am I in relation to a fire and am I in danger?' '' Baranyi said.

The dense smoke from forest fires prevents the site from displaying satellite images of individual houses in or near fire zones. What it does offer users are maps displaying the boundaries of all major fires that are active in the continental states and Alaska.

The boundary maps are created, for the most part, by observers who fly around the perimeters of blazes. Online visitors can overlay simple road maps and insert a relief map background.

In theory, it is possible to zoom in on very small areas on the maps. But Lile, whose agency hosts the Web site, said that the accuracy of the maps declined once a certain zoom level was passed. By design, the background relief map turns into a pattern of blocky pixels when users try to push the system beyond its limits.

Because the system combines data from several agencies -- in addition to the Geological Survey, the Bureau of Land Management, the National Park Service and the Forest Service -- and was designed for use by people without access to GIS software, its maps are always somewhat behind the times.

The GIS data is gathered at regular intervals -- in some cases every hour -- and transferred to a large database operated by the Geological Survey. Web server software then responds to requests from visitors and, using the database, generates the maps.

The system's next feature may be one solely designed for visitors who are not experts. Lile said it should be technically feasible to introduce a variation on the online map services offered by companies like Mapquest. Users could type in their addresses and see a map indicating their proximity and vulnerability to the nearest forest fire.

Such a feature would be popular, Baranyi said. ``Already we've had people sitting in high school gymnasiums trying to figure if their house has burned or not.''
************************
BBC
Recycling law could mean costly PCs

Computers could become more costly thanks to European laws that force makers to recycle old machines.
Soon to be enforced directives make the manufacturers of personal computers responsible for what happens to old machines when customers upgrade their stock of machines.

Experts fear that the cost of disposal and recycling and research into new ways to dispose of the obsolete hardware could push up the price of computers.

The Department of Trade and Industry estimates that the total bill to British industry of the directives could top £3bn.

Price push

Technology magazine Computing warns that the prices of computers could rise by up to $50 when European environmental laws come into force.

The Waste from Electrical and Electronic Equipment directive covers recycling of equipment such as computers, and the Hazardous Substances in Electrical and Electronic Equipment Directive would ban certain substances used in the manufacturing of IT equipment.

"IT directors should be warning the board that they will be expected to pay for this in their acquisition costs," said Brian Gammage, principal analyst at research firm Gartner.

"People will start looking at leasing options and per seat options, especially in larger companies as a way to overcome these costs."

Speading the cost

Technology trade body Intellect said the expense of the new legislation would only hinder firms.

"It's certainly not going to help companies struggling out of the downturn," said Hugh Peltor, director of consumer electronics at Intellect.

"However, if we're going to save the planet, the bottom line is we will have to share these costs. It can't all be down to industry."

But Phil Reakes, managing director of recycling and refurbishing firm Selway Moore, said the cost of setting up recycling operations might not be too costly.

"Somewhere in the product cost model will be a small slice that covers disposal," he said.

But, he said, problems could emerge because manufacturers were currently not ready to deal with the large numbers of old computers they have already sold to customers.

"What will happen to the equipment that corporations are getting rid of?" he asked, "Because they will be getting rid of thousands of machines at a time."

Mr Reakes also questioned what would happen when a large company picked a new supplier when it upgraded its machines. The new supplier was unlikely to be willing to pay to dispose of machines from a rival, he said.
**************************
BBC
Broadband providers back need for speed

Broadband users could pay a premium for faster connections as providers look at ways of making more money from high-speed services.
Operators that ignore the idea of superfast premium services do so at their peril, warn cable operators who already offer tiered prices for broadband.

Currently most operators offer a standard 512K service for between £20 and £35 which gives users around 10 times faster speeds than dial-up access.

But cable operators NTL and Telewest have realised that there is a market for even faster broadband and both have launched a 1MB service for its customers.

No turning back

It is more expensive. Telewest's service is £39.99 per month, falling to £35.99 if users take other services from the cable firm. NTL charges even more - £49.99 per month.

Broadband users could pay a premium for faster connections as providers look at ways of making more money from high-speed services.
Operators that ignore the idea of superfast premium services do so at their peril, warn cable operators who already offer tiered prices for broadband.

Currently most operators offer a standard 512K service for between £20 and £35 which gives users around 10 times faster speeds than dial-up access.

But cable operators NTL and Telewest have realised that there is a market for even faster broadband and both have launched a 1MB service for its customers.

No turning back

It is more expensive. Telewest's service is £39.99 per month, falling to £35.99 if users take other services from the cable firm. NTL charges even more - £49.99 per month.

"Customers' needs and expectations evolve as their tenure and usage patterns increase and successful ISPs will develop targeted value propositions to meet the needs of distinct segments," said Chad Raube, head of internet services at Telewest.

"Tiered service offerings are therefore an essential element of any leading ISPs product portfolio.

"Those ISPs that get this product equation right will meet consumers' needs and continue to thrive, while those that get it wrong will jeopardise their business success," he said.

NTL is also convinced that offering premium high-speed services makes a lot of business sense.

"The faster your connection, the more you can do," said Director of Internet Services Bill Goodland.

"ISPs that don't offer it will find that over time customers will get more and more frustrated and, we hope, desert them for cable."

Tiny fraction

While the cable operators have seen the benefit of pay-for-speed services, for the 200 or so internet service providers that take their ADSL wholesale from BT it is not an option at the moment because BT only offers one version of broadband.

"There was a 1MB offering from BT but it was for businesses and was nowhere near mass market prices," said a spokesman for AOL, one of the ISPs that relies on BT for its ADSL service.

He is not convinced the market is mature enough yet for tiered pricing to attract consumers.

"Mass market broadband is very much in its infancy in the UK and only a very tiny fraction of online household have any sort of broadband connection," he said.

BT in trouble

While the promise of even faster speeds may attract the early adopters of broadband it may not appeal to everyone.

"More speed of itself will not necessarily chime with the mass market," said the AOL spokesman.

BT may not offer superfast services to customers at the moment but its advertisments suggest that it does, and it must change them says the Advertising Standards Authority (ASA).

Following a complaint from Telewest, BT has got a rap over the knuckles from the ASA for confusing customers about how much speed they could expect from their ADSL service.

"The advertisement implied that a connection "up to 40 times faster" was standard for domestic customers and businesses.

"Because that implication was not true, the Authority concluded that the claim was misleading and advised the advertisers to amend the advertisement," read the ruling.

Telewest believes it is unhelpful that BT is confusing consumers in this way.

"Consumers are having a hard enough time getting their heads round broadband, without BT getting its sums wrong," said Telewest's Marketing Director David Hobday.
*************************
BBC
Science lessons 'tedious and dull'

Science lessons for teenagers are so boring they are putting pupils off science for life, a cross-party group of MPs warned.

GCSE science is based on rote learning of facts of little use and has made practical work a "tedious and dull activity", the Commons science and technology committee said.

The situation could have a major impact on scientific research in the future with pupils not inspired to continue with science beyond 16, the MPs warned.

Their report called for greater flexibility in the science curriculum and greater focus on contemporary science.

The MPs blamed the exam boards and the Qualifications and Curriculum Authority for the problem, saying their approach to testing GCSE science was preventing good science from being taught in schools.

"Current GCSE courses are overloaded with factual content, contain little contemporary science and have stultifying assessment arrangements," the committee's report said.

"Coursework is boring and pointless. Teachers and students are frustrated by the lack of flexibility. Students lose any enthusiasm that they once had for science."

Poor facilities

The report also expressed concern about the pay and conditions for laboratory technicians, saying an additional 4,000 were needed in schools.

MPs fear poor laboratory facilities, coupled with a shortage of technicians, are to blame for the lack of exciting practical work being done in class.

The report calls on the Department for Education to invest more money in refurbishment programmes and address pay levels for technicians.

The department has already given £60m for refurbishment, but the committee says at least a further £120m is needed.

'Boring'

Chairman of the committee Dr Ian Gibson MP said: "Science should be the most exciting subject on the school curriculum: scientific controversies and breakthroughs hit the headlines every day."

"But school science can be so boring it puts young people off science for life," said Dr Gibson.

"GCSE science students have to cram in so many facts that they have no time to explore interesting ideas, and slog through practical exercises which are completely pointless.

"This is a disaster: We need to encourage a new generation of young scientists and to ensure that the rest of the population has a sound understanding of scientific principles."

The Association for Science Education (ASE), which represents science teachers, said the report findings needed to be highlighted.

"We're still concerned about the supply and recruitment of teachers - it's chicken and egg, if you don't have enough teachers, the larger the classes get and the harder it is for teachers to deliver effectively," said ASE chief executive Dr David Moore.

Changes were being made in science teaching, said Dr Moore, but it would take time for them to take effect.

A spokeswoman for the Department for Education said a recent study by the Organisation for Economic Co-operation and Development found 15 year olds in the UK came fourth out of 32 countries in scientific literacy.

"Over 110,000 of these have gone on to study a science subject at A-level this year," the spokeswoman said.

"This is a major achievement and the £60m invested in school labs in the last two years will further boost standards. But there is even more we can do and we will continue the drive to improve our science base in schools and universities," she said.
************************
Federal Computer Week
Justice CIO crafting united plan

A strategic technology plan circulating through the Justice Department this week says that the department can no longer tolerate 39 fiefdoms "doing their own thing" with computer systems and networks.

Vance Hitch, the department's new chief information officer, said he is determined to craft a Justice-wide information technology architecture and require that new computer systems be used by several and in some cases by all divisions within Justice.

Three months into his job, Hitch depicts Justice as a fragmented agency hobbled by aged computers and incompatible systems.

Justice's computer systems security is so bad that Hitch said he wanted to hire a deputy CIO and a cadre of IT security specialists whose sole focus will be to fix "security holes."

"There are hundreds or thousands of them" in the department's computer systems, Hitch told a gathering of technology vendors July 9 at a breakfast meeting sponsored by Federal Sources Inc., a market research firm in McLean, Va. To say that security must be improved "is an understatement," he said. At present, security is so poor it would be "very easy to take out a lot of our infrastructure."

The FBI, one of Justice's most technologically troubled divisions, is ill-prepared to deal with IT security holes, he said. "They did not even have a good handle on how many systems they had," let alone what their security problems are, Hitch said.

The state of security "is embarrassing," he said.

Poor security and many other IT problems can be traced to Justice's organization and its lack of a departmentwide IT architecture, Hitch said.

The department is composed of 39 components, from such well-known agencies as the Immigration and Naturalization Service, the FBI and the Drug Enforcement Administration to lesser-known entities such as the National Institute of Corrections and the U.S. Parole Commission.

"They all did their own thing" when it came to developing computer and data systems, Hitch said. Even when they hired the same vendors to assemble similar systems, the various components did not end up with systems that were interoperable, he said.

"It is not the culture of the Justice Department" to operate as a single agency, he said.

But there is pressure now to change that, Hitch said. Justice has a new mission counterterrorism and President Bush and Attorney General John Ashcroft are emphasizing the need for improving information sharing, increasing information security, streamlining and simplifying.

Justice plans to spend $2 billion on IT in 2003, and Hitch said his aim is to modernize and unify the department's IT infrastructure.

Among his goals:

* Develop a departmentwide public-key infrastructure to share information securely.

* Adopt common systems and solutions to make collaboration easier.

* Save money by adopting a departmentwide financial system.

* Search for ways technology can change and improve department operations. In the past, technology has been adapted to department operations.

As Justice CIO, Hitch said he has been assured by Ashcroft of a degree of influence over the agencywide IT budget, but he said he also wants "to be a part of the components' IT process." That could mean a shift in authority for components such as the FBI and the INS, which have their own CIOs.
************************
Federal Computer Week
Focus turned on security officials

Updated guidance for agencies' annual reports on information security management capabilities includes a new focus on performance measures for officials who are accountable for systems security.

The Office of Management and Budget's new guidance, released July 2, builds on baseline created from the first reports submitted last year under the Government Information Security Reform Act (GISRA) of 2000. That law requires federal chief information officers and inspectors general to perform annual evaluations of agency information security practices and report the results to OMB, which will then provide a summary to Congress.

OMB submitted the fiscal 2001 report to Congress in February.

Last year, OMB officials asked agencies to identify the performance measures they used to evaluate officials. But according to the guidance, most agencies did not provide this information, and many requested that OMB develop such measures.

So this year, to highlight the importance of information security to program managers, OMB is requiring the agency and IG reports to include an evaluation of agency officials' performance against a set of high-level management measures defined by OMB in the reporting guidance.

"The OMB-provided performance measures represent a minimum required response and must be completed," according to the guidance.

These performance measures range from the percentage of systems that have an up-to-date security plan to the number of employees that received specialized security training.

Last year's guidance also included requirements for agencies to create "plans of action and milestones," which outline how officials planned to fix the vulnerabilities discovered in the evaluations. Those plans were incorporated into the fiscal 2003 budget request, and future plans will continue to be part of the budget-development process, according to the guidance.

This year the action plans will also be included in OMB's report to Congress.

The evaluation of agencies' security capabilities is also now part of the President's Management Agenda scorecard, under the e-government section. Agencies will be assessed on their information security management progress at both the departmentwide level and at the bureau, agency or office level.

"This step will further reinforce the roles and responsibilities of agency program officials...for the security of systems that support their programs and the agency chief information officer for the systems and the agencywide security program," the guidance states.

GISRA expires on Nov. 29, 2002, but there are several efforts in Congress to extend its authority, most notably the Federal Information Security Management Act, introduced by Rep. Tom Davis (R-Va.).
**************************
Federal Computer Week
Information Age changes warfare rules

Conducting warfare in the Information Age requires the Defense Department to operate under a new set of rules, with a greater focus on "ascending" technologies that aid cognitive tasks and less spent on tools in the physical domain, according to the head of DOD's transformation office.

Retired Navy Vice Adm. Arthur Cebrowski, director of the Pentagon's Office of Force Transformation, said the resources available now and those being developed in the cognitive and information domains are "ascending." He characterized tools in the physical realm as being in a "devolution," and DOD's focus and funding must support the new paradigm.

"The movement from the Industrial Age to the Information Age is the driver of transformation," Cebrowski said during a July 9 conference at the National Defense University in Washington, D.C. "All other things flow from that."

New rules for combat accompany transformation and network-centric warfare which seeks to make data available to those who need it across the organization or on the battlefield. Such rules include a greater focus on managing and speeding information to commanders, increased and offensive use of sensors, and less attention on earlier assumptions that future wars would include long-range weapons on sparsely populated battlefields, he said.

"As we move deeper and deeper into the Information Age, the new rules sets will become clearer, and we must respond to them," Cebrowski said.

Edward Smith Jr., senior analyst for network-centric and effects-based operations at Boeing Co., agreed and said effects-based operations, which focus on "stimulus and response" as opposed to targets and damage infliction, should be the successful end to network-centric means.

Smith, a retired Navy captain with about 20 years of intelligence experience, said the transition will not be easy because it relies heavily on human information, which can be wrong and difficult to verify. But combining that with information technology and sensors to get knowledge to the commanders who need it is essential, he said.

"It's more an organizational than a technological problem," Smith said, adding that at the rate technology has been improving, it should be there to support the new capabilities. "If you're looking for [artificial intelligence] with answers to the human mind than the answer is 'no.' But if it's an intelligence tool to tap expertise and the knowledge databases that use them, that's probably doable."
***************************
Federal Computer Week
FBI hot on records management case

For most of its 94-year history, records management at the FBI was as basic as paper documents stashed in a cardboard box and stuffed under an agent's desk. But William Hooton intends to change that.

Hooton, who helped introduce digital imaging to the Internal Revenue Service in the 1970s and to the National Archives and Records Administration in the 1980s, was hired in March to bring modern electronic records management to the FBI. His mission, he said, is to move the FBI "from the era of Hoover to the modern age."

Embarrassed last year by the Timothy McVeigh records fiasco and laboring to build a user-friendly automated case management system, senior FBI officials concluded that building a well-organized electronic records system is essential.

"Records management is at the heart of the FBI's integrity as a law enforcement organization," FBI Director Robert Mueller told a House committee this spring. "We must be able to eliminate any doubt about the accuracy, completeness and fairness of our investigations."

Now that the FBI has assembled its Records Management Division, the next step is to determine just what records the FBI possesses, Hooton said.

"The FBI has more than a billion pages of information in its archives," most of them on paper, said Robert Chiaradio, who recently stepped down as the FBI's chief of administration.

That's a guess, Hooton said. "We really won't know until we do an inventory," he said. "I'm sure we have trash, duplicate copies and lots of stuff we can get rid of." The idea is to build an electronic records system that FBI agents can use from their desktop computers to find records relevant to the cases they handle.

Hooton plans to start by creating electronic versions of the FBI's case files by scanning them. The process creates a digital image of each paper document. The bureau has the capability to scan about a million documents in 24 hours, he said.

Even so, "we will never convert all of it" to digital, Hooton said. Files unlikely to be used again will be kept in their present form, which is either paper or microfilm.

When the digital files have been made, if they are clear, they can be read by an optical character recognition system, which converts the digital image into digital text. The text can then be searched for keywords or phrases, enabling fast and easy retrieval of records by agents.

Handwritten documents, documents with unclear text, photos and other records that lack easy-to-read text will have to be manually tagged so they can be retrieved during searches, Hooton said.

Ideally, Hooton said his goal is to create a single central records repository, but he may have to settle for several smaller repositories linked electronically.

Building the records management system alone won't solve all of the FBI's records management problems, Mueller said. He plans to have "every employee at the FBI attend a full day of back-to- basics training [that] focuses extensively on proper document production, retrieval and management," he told Congress.

Hooton, meanwhile, is busy filling the Records Management Division. "I fully intend to attract the best people I can," he said. "I'm on the prowl."

He has already hired two senior records managers from NARA to fill two of five Senior Executive Service slots. They are Michael Miller, director of NARA's Modern Records Programs, and Marie Allen, director of the Life Cycle Management Division of Modern Records Programs.

The e-records system will become part of a new FBI-wide system of computers and networks called Trilogy, which should be in place at the end of 2003.

***

New priorities

Questions were raised about FBI records management when the agency belatedly discovered more than 3,100 pages of records that it had failed to turn over to defense lawyers for Oklahoma City bomber Timothy McVeigh.

An inspector general's investigation blamed the missing document debacle on "antiquated and inefficient computer systems, inattention to information management and inadequate quality control systems." FBI Director Robert Mueller responded by creating a Records Management Division. With almost 1,000 employees, 22 units and five Senior Executive Service managers, it is the largest division in the FBI's headquarters in Washington, D.C.

"That's the Records Management Division, guys. Unbelievable," said William Hooton, assistant director of the FBI's Records Management Division, in an address June 28 to government records managers and vendors. "Records management has always been at the bottom of the pile. It has always gotten the least respect," he said in an interview. But records are critical, especially for an agency like the FBI.

"Now, all of a sudden, records management is getting a lot of attention, and rightly so," Hooton said.
************************
Federal Computer Week
Seattle area police set up sharing

Thirty-nine law enforcement agencies in the Seattle metropolitan region are developing a Web-based system to share crime information.

"Right now I could have a neighboring city...that's got a series of crimes where someone's trying to lure a child near a school into a car," said Keith Haines, chief of the Tukwila Police Department. "And we could start having similar crimes here and not know much at all about what's going on there. And they may have had a witness that saw the color of a car or a description of a suspect or a partial license plate number or something that could really help an investigator in another jurisdiction."

Right now, officers have to call other jurisdictions to glean information. The proposed system would enable those with security clearance to search for a name, license plate number, description of a suspect or particular words or phrases in police reports. The Tukwila and Bellevue police departments and King County Sheriff's Office plan to participate in a 90-day pilot project beginning Sept. 1. Haines said that adding the other 36 agencies including the Seattle Police Department would depend on how the pilot progresses. He said they still have to plan that out and see what associated costs there may be.

Microsoft Corp. is helping develop the system at no cost to the participating pilot agencies.

Jeff Langford, a dot-net technology specialist with the Microsoft's public safety group, said the police-only, Web-based system would run on a dot-net framework and link all the records management repositories of about 20 different systems to create a searchable portal. Eventually, the secure system, which will export data in an Extensible Markup Language format, will contain rich media, including mug shots, photos and other records. However, each agency maintains control over its own data, he said.

It's not the region's first attempt at sharing. Agencies also use WIRE, or Web-Based Information for Regional Enforcement, in which crime bulletins are posted for officers and detectives to read every day.

"Agencies are submitting that information for the most serious crimes as a way for us all to stay fairly informed of what's going on around us," Haines said. "But it's still doesn't give us that step that this new system will."

Although local agencies have access to the federal National Crime Information Center and other federal databases for felony warrants, stolen vehicles and other items, Haines said the majority of information is housed in individual records management systems.

Because agencies are usually reluctant to share data, moving toward an information-sharing attitude is evolving, he said.

"We didn't have any particular incident at all that sparked this," he said. "Just a growing acknowledgement by law enforcement leaders that we would be much more effective if we find an automated way to share our records data."
*************************
Federal Computer Week
DOD awards translation contract

In an effort to more quickly translate the massive amounts of information it is gathering in the worldwide war on terrorism, the Defense Department recently awarded McNeil Technologies Inc. a contract for language translation services.

The contracted services include digitizing and searching information being gathered as part of operations Enduring Freedom and Noble Eagle.

James McNeil, chairman and chief executive officer of the Springfield, Va.-based firm, said the company is not only providing human translators as part of the one-year, $3 million deal, but it first digitizes all the documents and stores them in searchable databases, which makes responses to DOD requests for specific information faster and easier.

For example, if DOD would like information pertaining to "bank accounts," McNeil employees can search the digitized documents and give the highest priority to translating the intelligence containing that search term, McNeil said.

Since Sept. 11, "our demand for language services has gone up exponentially," McNeil said, adding that this DOD contract is a perfect example. The original award was made in May for $1.5 million, but last week DOD doubled that amount because of its burgeoning translation needs.

McNeil's language services offer translation, interpretation and intelligence analysis in more than 95 percent of the world's languages, including Arabic, Farsi, Pashtu and Urdu, McNeil said. He added that the company's software can search them all, and its biggest problem currently is with Asian languages and translating those characters.

McNeil Technologies Language Research Center in Hyattsville, Md., provides the company with more than 6,000 reference and research materials on the less-commonly taught languages of the world. The center also has an enormous tape library, which includes 1,000 samples of spoken language tape recordings and written documentations of the major languages and dialects.

In other McNeil news, the firm announced this week that it won a one-year, $3.2 million contract from the Energy Department's Office of Building Technology, State and Community Programs (BTS) for management, administrative and technical support services.

Under the contract, McNeil will assist BTS' communications by helping to promote the agency's programs aimed at increasing energy efficiency and renewable energy technologies for commercial and residential buildings. McNeil also will help the office design, develop, implement and maintain database systems to facilitate internal and external communications by providing analytical and evaluation services to support its budgeting and program planning activities.
************************
Federal Computer Week
GAO: E-records overwhelm NARA

The torrent of electronic records generated by federal agencies has overwhelmed the ability of the nation's official recordkeeper, the National Archives and Records Administration, to identify and preserve them, a congressional audit concluded.

While agencies churn out millions of electronic documents, e-mail messages, Web pages and databases that qualify as official records, NARA continues a policy of printing e-records to preserve them, according to a General Accounting Office report issued June 17 to Reps. Stephen Horn (R-Calif.) and Ernest Istook (R-Okla.).

But e-records that are printed represent only a fraction of the records agencies create. GAO auditors said that less than 10 percent of the mission-critical data systems they examined at four agencies had been placed in an inventory, so neither agency officials nor NARA archivists knew what government records the systems contained, how important they might be or how long they should be saved.

Thus, some records may be kept longer than necessary and others may be deleted while they are still needed for legal, fiscal or administrative purposes, the GAO report said.

In a separate study, NARA examined 11 agencies and found "instances where valuable permanent e-records were not being appropriately transferred to NARA's archives" because they had not been appraised or identified as important enough to be deemed permanent records.

GAO auditors said NARA's "policies and processes on electronic records have not yet evolved to reflect the modern recordkeeping environment." And despite repeated efforts by NARA to clarify its rules on e-records, the guidelines remain confusing.

"Electronic records are really problematic," said Bruce Craig, director of the National Coordinating Committee for the Promotion of History.

The volume of e-records alone is a problem the Clinton administration produced some 40 million e-mail records that will take years to sort and catalog, he said.

Compounding that, each agency currently makes its own rules regarding e-records retention, so some agencies keep many e-records, while other agencies fearing future disclosures of embarrassing information elect to keep far fewer, he said.

Even when e-records are preserved, they are often difficult to examine for needed information. Search engines capable of reading message contents, rather than just the subject line, are only in the experimental stage, Craig said.

"Everyone recognizes we're going to have to deal with e-records," he said. But no one yet knows exactly how to do it.

NARA requires federal agencies to do two things: maintain an inventory of all agency information systems to identify items that qualify as records and "schedule" the records, which means determining how long they must be kept and how they must be destroyed.

Those things are seldom done, the GAO report says.

Even when agencies and NARA are aware of electronic records, the rule for dealing with them, General Records Schedule 20, is inadequate, GAO officials said. GRS 20 permits the deletion of electronic records if paper copies have been printed for long-term or permanent storage.

But GRS 20 does not address what to do about such common electronic items as Web pages or PDF files.

E-records problems are unlikely to be fixed anytime soon, according to the report. Agencies generally give low priority to records management and lack the technology tools to manage records effectively.

U.S. Archivist John Carlin, NARA chief, said the GAO report "recognizes the enormous challenges the federal government faces in managing and preserving electronic records. We agree that more must be done."

But poor e-records management isn't just NARA's fault, Carlin said. Each agency head "is charged with the responsibility to make and preserve records" and maintain an active records management program, he noted in a letter to GAO.

***

E-records endangered

A General Accounting Office review has concluded that lax attention paid to preserving electronic records puts them at peril. Government agencies fail to keep e-records inventories and the National Archives and Records Administration has failed to develop and enforce clear rules on e-record preservation the report said. As a result:

* Historically valuable e-records are not being identified and sent to NARA for safekeeping.

* Valuable e-records may be at risk of loss.

* Records management guidance is inadequate given today's technology.

* Records management is a low priority for most agencies.
*************************
CNN
Web titans woo India's tech experts

BANGALORE, India (Reuters) -- Cheap hardware, free trips to the United States, all the popcorn you can eat -- life's a junket if you're a computer programmer in India.

In their tussle to dominate the emerging industry for Internet-based services, industry giants Microsoft Corp. and Sun Microsystems are doling out incentives as they woo programmers worldwide to back their rival software.

The courting is particularly competitive in India, where by some estimates more than 10 percent of the world's programmers work for some of the industry's lowest wages.

"They keep contacting us and say 'spend time with us'," said Shanti Sivakumar, a co-founder of iTech Workshop, which writes software for the healthcare and communications industries.

At stake is the nascent market for Web services, which will allow companies to do business over the Internet.

Microsoft and Sun are pushing rival standards -- called .NET and SunONE respectively -- for programming Web services.

Persuading programmers and developers to back one standard is a key battle in the fight to dominate the industry.

S.Sadagopan, director of the Bangalore-based Indian Institute of Information Technology, said about 70 percent of India's software programmers are developers -- those who design the specifications for software that is then coded by other programmers.

The creativity of developers helps popularize standards, and demand for code-generating tools rises as more developers adopt a standard.

Fun and challenges
Wooing programmers and their employers in Bangalore, India's southern software center, involves blending serious mental challenges with fun. Microsoft and Sun line up day-long seminars and months-long competitions, laced with entertainment.

In the past few weeks, Microsoft, Sun and chipmaker Intel have all held seminars for Indian developers. Sun's "Tech Days" saw 1,000 paid attendees, the Intel Developers Forum 700 and Microsoft's VisualStudio tool show drew 7,500.

Techie seminars are turning increasingly glitzy, with huge screens, music and lights fit for rock shows.

"It's 99 percent serious, but we also have popcorn and candy and bands playing," Sun spokeswoman Aparna Devi Pratap said of the company's annual developer show.

Exports of software and allied services from India ignored a slowdown last year, growing 29 percent to $7.5 billion in the 12 months to March. The current year is expected to see a 30 percent rise despite a sagging recovery in the United States.

Underlining the importance of the industry, Microsoft Senior Marketing Manager Daniel Ingitaraj says the number of programmers in India is expected this year to equal the 500,000 to 550,000 in the United States.

But people are hard to count in the world's second most populous country, and other estimates of the number vary wildly from 350,000 to 700,000.

The huge number of programmers is one reason for the low wages.

"There is an abundance of skills in Microsoft technologies. Because of this, the price at which you can hire the skills is lower," said Gopal Kulkarni, chief executive of Kendra Technologies, which makes software to help human resource managers sift job applications.

Ten for the price of one
In Bangalore, home to more than 1,000 software companies, you can hire a young programmer of Sun's Java language for around $200 a month -- less than a tenth of what a U.S. counterpart would cost.

At least the incentives from the software companies are good: Sun's include up to 60 percent discounts on hardware for developers, while Microsoft offers software at a fraction of market cost.

"They have a developer program where you pay $2,000 to $3,000 and you get an entire suite...which is not heard from other vendors," said Kulkarni.

Ingitaraj said Microsoft also wooed Indian developers this year with a competition to make faster, more reliable software.

Academic winners got a free trip to Microsoft's Redmond headquarters, while professionals won digital cameras.

For all these efforts, the software giants may run the risk of a poor return for some of their marketing bucks.

For one thing, many firms are waking up fast to Linux, the free operating system trying to rival Microsoft's Windows, said Kulkarni.

And Sivakumar of iTech Workshop said developers from her company attend technical seminars only to catch up with the latest trends.
**************************
CNN
High-tech front in the war on terror
Measures the energy emitted or reflected from an object

WASHINGTON (CNN) -- While United States soldiers press on with their mission in Afghanistan and domestic security agencies try to flush out potential attackers, the war on terror is also being fought on another, more subtle front: in the laboratory.

New technology -- some of it still under development -- has the potential to increase the effectiveness of intelligence-gathering efforts.

For instance, officials at the Salt Lake City Olympic Games used 3-D maps to help plot their security strategy -- determining where to put observation posts and which facilities were most vulnerable to a terrorist attack, from which angles.

And although black-and-white images are useful, and color images even more so, they still have drawbacks. Neither kind of image can reveal camouflaged facilities like a command post or bunker.

Experts say a new technique called hyperspectral imaging can do just that. The devices measure the energy emitted or reflected from an object in more detail than can be provided by a conventional camera or thermal imager.

"With hyperspectral imaging you're looking at literally hundreds of different colors, and minute differences in those colors can tell you the difference between leaves and a camouflaged command post," says John Pike, director of GlobalSecurity.org, an Alexandria, Virginia-based group that analyzes security risks and weapons improvement.

Hyperspectral imagery can also be used to detect heat sources -- such as a campfire in a cave, or heat escaping from an underground vent -- and even trace chemicals in the air that might be escaping from a clandestine weapons factory.

Researchers are also developing tools to help security agencies sort through the babble of global communications by analyzing patterns in the volume of mass transmissions.

A telephone company, for instance, can tell which team is winning the Super Bowl "simply by looking at how many people are making phone calls at any given time," Pike explains. "The National Security Agency uses this technique to monitor calls in Afghanistan or Pakistan, to try to predict an impending terrorist attack."

"If you see an up-tic of electronic activity in a certain area," adds House Intelligence Committee Chairman Porter Goss, Republican of Florida, "you might expect that something is happening. It might be a nuclear test, it might be conversations on cell phones, it might be people warming airplane engines, it might be people getting ready to test rockets."

There are, of course, other implications of these and other developing intelligence capabilities that officials don't want to discuss publicly. But in the intelligence war on terrorism, technology is a powerful tool.
*************************
CNEWS
Domain name fight heats up

TORONTO (CP) -- Beer giant Molson's attempt to wrest the Internet domain name Canadian.biz from a consultant "is a polite form of highway robbery," a lawyer for the Toronto man said Tuesday in court.

Molson Canada challenged Douglas Black's ownership of the Web site soon after he registered it in March. The brewery holds the trademark for the word Canadian as it applies to beer.

Despite telling the brewery he intended to use the Web site as an all-purpose meeting place for Canadian businesspeople -- not to compete with Molson Canadian beer -- Molson demanded Black hand over the Web site.

After Black refused to do so, Molson took the matter to an Internet arbitration panel, which ruled in Molson's favour.

Because the arbitration panel has no established appeal process, Black's case is now before Ontario Superior Court.

Black's lawyer, Zak Muscovitch, pointed out Tuesday that his client would have been hard pressed to find a more appropriate name for his intended business.

"Canadian.biz speaks of something to do with business and something to do with Canada," said Muscovitch.

In arguing against Molson holding the trademark for the word Canadian, Muscovitch reminded the court Molson hadn't coined the word.

"Molson Canadian probably wouldn't have named its beer that if there hadn't been a country of that name in the first place," Muscovitch said.

The court was to hear from a lawyer representing Molson on Tuesday afternoon.
*************************
News.com
New security flaw in Outlook, IE
By Robert Lemos
Staff Writer, CNET News.com
July 10, 2002, 5:25 PM PT


A Danish security researcher warned users of Microsoft's Internet Explorer, Outlook and Outlook Express applications that a recently discovered software flaw could leave their system open to malicious code carried on Web pages or in e-mails.
In an advisory released Wednesday, Thor Larholm, a security researcher and partner at risk-assessment company PivX Solutions, warned that HTML objects embedded in Web pages and e-mails could carry code that allows an attacker to check out victims' cookie files, read their documents, and execute programs on their computer.

The bug, known as a cross-domain scripting flaw, was discovered on June 25, and information about it has been posted on several security lists since then. Larholm also informed Microsoft of the bug the day it was discovered.



"Since this is possibly very publicly known...I have decided to release this advisory after only two weeks time," Larholm said in the warning.

Microsoft thought Larholm had overstated the seriousness of the flaw. "Thor's advisory doesn't make it clear that there are significant mitigating factors associated with the issue," said a company representative, adding that people who limited their browsing to trusted sites would be safe as would people who had installed one of the software giant's patches for its e-mail clients.

The company chose to lambaste Larholm for disclosing the flaw too quickly. "It's a shame that Thor chose to publicize this issue before the patch could be completed, because by doing so, he's significantly increased the risk to customers," the representative said.

The amount of information disclosed about a flaw, and how fast consultants make the disclosure, has been a point of contention between software makers and the bug finders based at security companies. Recent research suggests, however, that the corporate customers who suffer from software maker's slipups actually want flaws disclosed more quickly.

Hackers and security experts frequently find software flaws in Microsoft's Internet Explorer. In June, Microsoft released a patch for an IE flaw that allowed attackers to run code on a victim's computer by exploiting links to an old pre-Web protocol known as Gopher. The month before that, the company released a patch for IE that fixed six different flaws.

To repair the current problem, Larholm recommended that users disable ActiveX in the security settings for Internet Explorer, or run IE and Outlook in "Restricted" mode, at least until Microsoft releases a patch.

Microsoft said a patch will be available soon.

************************
News.com
Keep broadband pipes open, group says
Reuters
July 10, 2002, 2:45 PM PT

Free expression on the Internet could be endangered if cable television providers continue to dominate high-speed access services, civil liberties groups said Tuesday.
If cable providers such as AOL Time Warner and Comcast don't allow rivals to offer high-speed Internet access through their networks, they could stifle innovation and curtail the freewheeling, wide-open nature of the global computer network, the American Civil Liberties Union and several other activist groups said.

"We think this really may be the key First Amendment issue for the 21st century," said Barry Steinhardt, an ACLU director.

Thousands of ISPs (Internet service providers) offer standard dial-up service, but consumers typically can only choose from a handful of the companies if they want to sign up for broadband access that allows them to surf the Internet at much faster speeds.

While broadband technologies that use existing telephone lines or wireless links are available, roughly two-thirds of the nation's 25 million broadband users connect through their cable television provider, according to industry figures.

The Federal Communications Commission is currently determining what rules apply to broadband cable connections, but has already indicated that they will be subject to fewer regulations than telephone systems and other "common carriers," meaning they may not be required to accommodate rival ISPs.

Some cable providers have allowed a few rivals like EarthLink onto their systems, but Steinhardt and other activists said the government should require cable companies to open their networks to more ISPs. Existing arrangements do not provide enough competition, they said, as competitors often simply resell the cable provider's service instead of offering a distinct service of their own.

While cable companies so far have shied away from blocking Web sites outright, some have limited home networks, banned file-sharing services or imposed other restrictions, said Andrew Afflerbach, principal engineer at Columbia Telecommunications, which was hired by the ACLU to analyze the issue.

Innovation is stifled as new uses are discouraged, said Mark Cooper, director of the Consumer Federation of America.

"Why bother to develop a service if the gatekeeper will determine whether or not they will let it go?" Cooper said. "The policy destroys the innovation before it happens."

A cable industry spokesman was not immediately available for comment.

Steinhardt, Cooper and Jeffrey Chester of the Center for Digital Democracy said they planned meet with FCC Chairman C. Michael Powell Wednesday to present their views.
*************************
U.S. House passes 'tech talent' bill


Looking to expand the number of undergraduate students pursuing studies in science and technology, the U.S. House of Representatives on Tuesday passed a bill to fund programs designed to graduate more professionals in these and related fields.

The Tech Talent Act (HR 3130) proposes that the federal government's National Science Foundation (NSF) provide nearly $390 million in grants over a five-year period to colleges and universities so they can fund more undergraduate programs in math, science, engineering, and technology. In turn, the institutions would be responsible for graduating more students who specialize in these areas, according to a press release from the House Committee on Science's office.

"The problem is that fewer and fewer American college students are majoring in mathematics, engineering, technology, or science," said the bill's sponsor Sherwood Boehlert, a Republican from New York and chairman of the House Committee on Science, in a prepared statement. "In today's world, just about every job has a component that is informed by science and technology, from the assembly line to the boardroom. And yet, we have fewer and fewer Americans who have the background to understand and analyze technical information."

According to an NSF study, the country has seen a declining number of students graduating with engineering degrees in the past ten years.

In addition to funding the expansion of undergraduate programs, the grants proposed by the bill would also cover the cost of faculty training and related equipment acquisition.

Having passed the House, the bill now moves to the U.S. Senate for consideration.
*******************
Internet.com
Identity Management Combines Security, ROI
By Paul Desmond

It was September 1999, at the Networld + Interop show in Atlanta, when I first heard about the concept of automated provisioning of applications and other IT resources to end-users. The idea came from the folks at Business Layers, a company that was founded earlier that year. I remember thinking, "This will be really something -- if it works."

At the time, the idea was a rather confusing one that seemed nearly impossible to pull off. It entailed lots of links between various corporate directories and human resources applications such as PeopleSoft. When a new employee joined a company, an HR administrator could click a few buttons and set off a string of events to get the new employee set up with email, phone service and a suite of applications and access rights appropriate to the employee's role in the company. As the employee's role changed over time, access privileges could be changed accordingly. When the employee finally left the firm, access to all resources could be cut off with a few mouse clicks.

Nearly three years removed from that meeting, the concept of "e-provisioning," as Business Layers calls it, has matured considerably. A number of players are now in the market telling compelling stories of improved security and real return on investment (ROI). And the marketing message has morphed considerably, into a category that many call identity management.

I was reminded of the Business Layers meeting after another recent meeting, this one with some folks at Waveset Technologies. Waveset was founded in January 2000 by four ex-Tivoli employees and launched its Lighthouse product in June 2001. The company offers essentially the same type of products as Business Layers but focuses the discussion more on identity management and ROI. To varying degrees, other players in the identity management space include Access360, BMC, Computer Associates, Courion, Entact and Tivoli.

Two aspects of identity management make it particularly compelling: improved security and ROI. Identity management tools improve security by enabling companies to keep closer -- and more accurate -- tabs on who can access what enterprise resources. The best products do this by working with a company's existing directories and applications such as PeopleSoft, where access privilege data is typically stored, so you don't have to install yet another database of such information.

Some, Waveset included, can detect changes in a PeopleSoft application, for example, and make sure that change is reflected in other relevant directories and databases.

The most extreme example is when an employee is fired. As soon as the change is noted in the HR application, the identity management tools can kick off a series of steps to make sure the user is denied access to all IT resources. Waveset can also detect when a user who wasn't supposed to have access to a financial application mysteriously is granted access, maybe because he talked his IT administrator buddy into hooking him up. Lighthouse will then fire off a message to the owner of the financial package to determine whether the user should be allowed access.

Such features can dramatically improve security within an organization simply by making sure that users don't have access to resources that they shouldn't have access to. In an organization with even a few hundred users, that can be a daunting -- if not impossible -- task to perform manually. Extrapolate to partners, suppliers and customers that have access via extranets, and the problem gets even more serious.

Which gets to the ROI discussion. If all these routines are happening with little to no human intervention, it clearly saves the company money that would be spent on system administrators. Additionally, many identity management tools have facilities that enable users to handle their own password changes or deal with forgotten passwords, easing a major cost burden on enterprise help desks.

Waveset claims to further save users money because Lighthouse doesn't require software agents to be installed on various enterprise servers. Maintaining the appropriate agent versions as servers come and go can be laborious and expensive for large organizations, the company says.

Identity management vendors are now putting the ROI issue front and center, with some even helping you make the case. Business Layers and Waveset, for example, both have simple ROI calculators on their Web sites. (See www.businesslayers.com/roi.asp and www.waveset.com/Solutions/Resources/roi_calculator/index.html.)

It's rare indeed when you can make a solid ROI case for buying any given security product. While there are some emerging metrics, you often have to go with your gut and make the case based on what might happen if you don't buy the product -- not exactly what the bean counters typically want to hear.

Desmond is a writer and editor based in Framingham, Mass. He serves as editor of eSecurityPlanet.com, a source of practical security information for IT managers, CIOs and business executives. Email him at paul_desmond@xxxxxxxxxxxxxxxxx
*************************
Electronic News
Moore Says There's More to Moore's Law
By Liz Neely, Electronic News -- 7/10/2002 1:11:00 PM

Intel Corp. co-founder Gordon Moore says Moore's Law could slow down in the next few years.
Moore, who was awarded the Presidential Medal of Freedom at the White House Tuesday, said the observation he first made in 1965, and later amended a decade later, could change once again.

Moore made the comments during a conference call with journalists after receiving the award. Moore's Law states that the number of transistors per square inch on an IC will double every other year, and Moore's prediction has held steady for the last 27 years.

"I changed the law once already, from doubling every year to doubling every other year, in 1975," Moore said. That cycle could slow down to every four or five years, Moore said.

Moore also said he believes that CMOS technology will be extended well under 100nm. "It's amazing how creative people get when it seems like they are approaching a limit," Moore said.

Once a skeptic of the foundry model, Moore said the high costs associated with building fabs has made him change his tune. Moore said he believes foundries will continue to be successful as they serve companies that, unlike Intel, aren't looking to manufacture products in high-volume quantities.

Moore also spoke about corporate responsibility Tuesday, saying much more needs to be done to avoid the accounting scandals currently making headlines.

"There needs to be an emphasis on transparency," Moore said. "Analysts have to say the same thing internally as they say externally. They can't play games. ? Clearly there ought to be enough checks and balances in corporations to make sure things published are correct."

Moore and 11 others received the award, the nation's highest civilian honor. Recipients included Nelson Mandela, Katherine Graham, Nancy Reagan and Bill Cosby, among others. Moore received the award once before when President Bush's father was in office. The ceremony was much the same as is was a dozen years ago, Moore said.

"Same room, just a different Bush," Moore joked.
**************************
IEEE News and Analysis
Network-Centric WarfareThe Key to the Revolution in Military Affairs

Electronic networking is what has made precision-guided weaponry and highly equipped elite ground forces so effective

WASHINGTON, D.C., 1 July 2002While Afghan tribesmen feud over ancient land disputes, a new model of how to conduct war known as network-centric warfare is being tested in their country's mountains and valleys. When a B-2 Stealth Bomber, deployed from Whiteman Air Force base in Missouri, is tasked by the U.S. Central Command at MacDill Air Force Base in Tampa, Fla., to attack certain targetsand then in mid-flight is ordered to alter course and attack different targets by an intermediate headquarters based in Prince Sultan Air Force base in Saudia Arabiasomething truly revolutionary is in play.

Former F-14 aviator Vice Admiral Arthur Cebrowski, director of the Pentagon's Office of Force Transformation and the father of network-centric warfare, found his inspiration in U.S. shopping malls [see "Contributing Editor, Paula R. Kaufman, interviews the Father of Net-Centric Warfare"]. Cebrowski knew he was on to something when he saw how retail giant Wal-Mart overran its competitors by using networked operations in a synchronized top-down demand and supply chain. The store's strategy exploited real-time awareness and information superiority to speed up transactions and increase profits. "What we observed in the commercial sector was the co-evolution of technology and organization of process," said John Garstka, assistant director for Concepts and Operations, Office of Force Transformation.

By heavily leveraging information technologies with continuous, high-speed, digitized communications within a joint armed forces structure, Cebrowki and Garstka have helped implement one of the most profound transformations ever seen in the U.S. armed services. At the same time, as their vision has been realized, benefits and drawbacks of network-centric warfare are coming into focus as the struggle in Afghanistan and against the Al-Qaeda network goes forward.



Centralized data processing
Garstka, working closely with Cebrowski, applied this model to coordinate information flows between sensors, computational nodes, and even different communication grids. The goal was to coordinate data to ensure that a common picture of the battlefield emerged. When this information was consolidated and fused in real time, the results were staggering: a tighter sensor-to-shooter gap and much faster deployment of key assets by all branches of the armed servicesspace satellites, battleships, attack aircraft, submarines, ground vehicles, and teams of special forces soldiers. Another advantage was a surge in combat power.

Examining how the network-centric warfare model works in practice may be helpful. Data picked up by intelligence sensors from cellphone or radio frequency (RF) emissions are moved by voice or digitally via datalinks to optical or other types of sensing platforms. The platforms might include, for example, an unmanned aerial vehicle operated by the Central Intelligence Agency, a Navy F/A-18 Hornet, or an Air Force AC-130 gunship. Intelligence gathered is then analyzed on whether to attack the target or continue observing it. If a decision is made to attack, command centers are tasked to take out the target by the best-positioned shooter.

"Locating and destroying diffused and highly mobile enemies in the Afghan mountain ranges is near impossible without [these] network-centric capabilities," said Michael Vickers, director of Strategic Studies, Center for Strategic and Budgetary Assessment (Washington, D.C.).

Operating in Afghanistan, U.S. forces have been small, outnumbered, lightly armed, and geographically dispersed throughout an area the size of Texas. The answer to these conditions has been highly intelligent use of U.S. Special Operations Forces units, networked to the hilt, outfitted with a host of communication, position location, and surveillance equipment [see "U.S. Generals Describe Search and Rescue," IEEE Spectrum, December 2001, pp. 26-27].

The basic idea is that "soldiers can digitally relay enemy positions into the network via datalinks, calling for air support to bomb targets," observes Major General Steven W. Boutelle, director for information operations, networks, and space (DISK4) at the Pentagon.



Some pitfalls and limitations
Of course, things do not always go right, and a wily and alert adversary sometimes can take advantage of technical glitches to devastating effect. In March, a breakdown in voice and possibly digital communications was at least partly responsible for seven U.S. servicemen being killed when a combat search and rescue (CSAR) attempt went tragically wrong, the Washington Post reported.

The CSAR team had landed their Chinook Helicopter on a ridge where a raging battle between U.S. forces and Al-Qaeda was under way. The rescue team never knew they were walking into a firefight, the Post reported. Voice communication between command posts at Bagram air base, the CSAR team, and already engaged U.S. ground forces was intermittent, faulty, or even nonexistent.

"What we saw here was the antithesis of [network-centric warfare]," said Garstka. "Interoperability between systems is crucial when you send soldiers into battle."

By the same token, should digital technologies become "vulnerable to certain types of counter-measures like the ability to jam these networks," the military could be left exposed to enemy counter-measures. How far, then, has the military come as this technology moves from concept to reality? "It is uneven," said Garstka. "In several mission areas, some of the armed forces are more robustly networked than others."

There are other limits, too. Now that the United States and its allies have Al-Qaeda and the Taliban on the run, these groups have broken into smaller units. How then can a highly decentralized enemy ordered into cells with little communication between each unit be targeted? In this situation, good old-fashioned human intelligence turns out to be as, or more, important than electronic and optical sensors, platforms, and information grids previously deployed. But even now, the human intelligence must be disseminated to those capable of acting on it (OK?), and again, that depends on real-time networking.



Dependence on intelligence
For all that, close observers of Afghanistan agree that network-centric warfare has been the single most important contributor to the greatly enhanced combat power wielded by the United States and its allies.

What is more, the digitalization of warfare has diminished the chance of human error, protecting not only allied forces but civilians caught in the line of fire as well. Laser-guided weapons glide into targets with a speed and an exactitude not previously known.

Speed of action disrupts the enemy's decision-making cycle. But, can the sourcing and gathering of information and intelligence ever reach perfection? What is the outcome of target selections made in haste, or of intelligence based on degraded information or inaccuracies?

It is evident that network-centric warfare has brought about alterations in the top-to-bottom military hierarchy, so that decisions flow faster within this flatter structure. Thus, observes the Pentagon's Boutelle, if a decision turns out to have been correct, it is chalked up to the power of the Internet. The downside is that if near-instantaneous decision and action is based on faulty information, there is no time to undo the decision. If it is wrong, you need to undo that decision, he added. Sadly, sometimes you cannot.

Paula R. Kaufman
****************************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx