[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips July 11, 2002
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, CSSP <cssp@xxxxxxx>;, glee@xxxxxxxxxxxxx;, John White <white@xxxxxxxxxx>;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, computer_security_day@xxxxxxx;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, akuadc@xxxxxxxxxxx;
- Subject: Clips July 11, 2002
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Thu, 11 Jul 2002 11:26:45 -0400
Clips July 11, 2002
ARTICLES
Homeland Security Department would face cybersecurity problems, GAO warns
Pirates of the Web
New Web ID Standards to Be Unveiled
E-Mail Scrambler Has Security Flaw
Uncle Sam Wants You to Play This Game
OPM awards contract to develop an e-learning site
Businesses see bonanza in homeland security
Universal Music provides alternative to file sharing
Hot site Firefighters' digital maps catch on with the public
Recycling law could mean costly PCs
Broadband providers back need for speed
Science lessons 'tedious and dull'
Justice CIO crafting united plan
Focus turned on security officials
Information Age changes warfare rules
FBI hot on records management case
Seattle area police set up sharing
DOD awards translation contract
GAO: E-records overwhelm NARA
Web titans woo India's tech experts
High-tech front in the war on terror
Domain name fight heats up
New security flaw in Outlook, IE
Keep broadband pipes open, group says
U.S. House passes 'tech talent' bill
Identity Management Combines Security, ROI
Moore Says There's More to Moore's Law
Network-Centric WarfareThe Key to the Revolution in Military Affairs
****************************
Government Computer News
Homeland Security Department would face cybersecurity problems, GAO warns
By William Jackson
Combining six IT security agencies into one division of the proposed
Homeland Security Department is an opportunity for enhanced efficiency, the
General Accounting Office told a congressional panel yesterday. But it will
not necessarily fix the weaknesses plaguing federal efforts to secure
critical infrastructure.
"Since 1996 we have reported that poor information security is a widespread
federal problem," Robert F. Dacey, GAO's director of information security,
told a subcommittee of the House Energy and Commerce Committee.
The new department's Information Analysis and Infrastructure Protection
division would inherit this problem, Dacey said.
The Subcommittee on Oversight and Investigations held its second day of
hearings on the president's proposed legislation to establish the new
department. Under the proposal, the department would include the FBI's
National Infrastructure Protection Center; the Commerce Department's
Critical Infrastructure Assurance Office; the National Institute of
Standards and Technology's Computer Security Division; the Energy
Department's National Infrastructure Simulation and Analysis Center; the
General Services Administration's Federal Computer Incident Response
Center; and the multi-departmental National Communications System.
Challenges to bringing these agencies together include:
Lack of a national strategy for critical infrastructure protection
Need to improve analytical and warning capabilities
Need to improve information sharing both within the government and between
government and the private sector
Need to address pervasive weaknesses in federal IT security.
CIAO director John S. Tritak told the panel that the president's fiscal
2003 budget proposal calls for establishing an Information Integration
Program Office within CIAO to improve coordinating information sharing.
CIAO also is a focal point for private-sector input to the national
strategies for cybersecurity and homeland security being developed by the
Office of Homeland Security.
The strategies are slated for completion this month and released later this
year.
************************
News.com
Homeland defense focus shifts to tech
By Declan McCullagh
Staff Writer, CNET News.com
July 10, 2002, 4:00 AM PT
WASHINGTON--Computer security is becoming an increasingly critical part of
President Bush's proposal for a homeland defense department.
When Bush formally proposed the department last month, he predicted that
the future agency would aid in investigating Al Qaeda and thwarting
disasters similar to those of Sept. 11. In the televised address, he never
mentioned the Internet or so-called cybersecurity.
But as Capitol Hill scrutinizes the proposal, politicians are fretting
about tech-savvy terrorists--and insisting any new agency must shield the
United States from electronic attacks as well.
"If we don't make sure the Homeland Security Department is prepared in this
area of cybersecurity, we have failed in our duty," House Energy and
Commerce Chairman Billy Tauzin, R-La., said Tuesday.
At Bush's urging, House Republicans have asked committees for any suggested
changes to the White House-backed bill by the end of the week, and at least
four committee votes are scheduled for Wednesday. On Thursday, a special
panel chaired by House Majority Leader Dick Armey, R-Texas, will hold its
first meeting to work out a final version of the plan.
Until this week, Congress has focused on how the proposal would combine 22
agencies, including the Secret Service, the Coast Guard and the Federal
Emergency Management Agency, into a massive Department of Homeland Security.
Also included in the bill, and discussed at length in a pair of hearings
Tuesday, are equally radical changes for the U.S. government's Internet
defenses. The plan would glue together nearly all computer protection
functions, from the Commerce Department's Critical Infrastructure Assurance
Office to the Computer Security Division of the National Institute of
Standards and Technology to the Federal Computer Incident Response Center.
The complex reshuffling of bureaucracies, including twists such as the
proposed department's half-acquisition of the FBI's National Infrastructure
Protection Center, has prompted some politicians to ask for more time to
examine the plan. Privacy groups also have raised concerns about database
sharing and have suggested that the department be subject to traditional
open-records laws.
The House Science committee, for instance, plans to propose an amendment
that would add an "Undersecretary for Science and Technology" to the
department. Currently there are five proposed undersecretaries, a deputy
secretary and allowance for "not more than six assistant secretaries."
From Washington's perspective, the concept of cybersecurity remains
somewhat murky and marked by exaggeration. Last year, the head of the
Defense Intelligence Agency told Congress that Fidel Castro could be
planning a "cyberattack" on the United States, and White House
cybersecurity czar Richard Clarke has spent years predicting an "electronic
Pearl Harbor."
Tech's double-edged sword
Nearly everyone agrees that any electronic-defense plan should anticipate
attacks against both government agencies and important systems owned by
private companies.
"In the information age, the same technological capabilities that have
enabled us to succeed can now also be turned against us," John Tritak, the
head of the Critical Infrastructure office, said Tuesday. "Powerful
computing systems can be hijacked and used to launch attacks that can
disrupt operations of critical services that support public safety and
daily economic processes."
President Clinton created Tritak's group by executive order in 1998. Since
then, it's spent much of the time working with American businesses to beef
up security.
But Tuesday, some politicians questioned whether that approach is
working--and whether new laws and regulations are needed to bring
executives to heel. Such requirements could include everything from design
standards for backup power supplies to security rules for Web servers.
"Do you believe that efforts to regulate security across the private sector
are warranted and are even likely to be effective?" asked Rep. James
Greenwood, R-Pa., who chairs the Judiciary subcommittee.
"I'd like to think we made some headway in reaching out to industry,"
Tritak replied.
James McDonnell, the director of the Energy Department's security program,
answered by saying he did not think new security laws were necessary, at
least not yet.
"If we go forward with our vulnerability assessments and find that industry
(is) not using these or (is) not taking care of their assets, then maybe we
need to revisit what regulations are required," McDonnell said.
Rep. Bart Stupak, D-Mich., said he was tired of hearing excuses for poor
performance by federal IT officials and wondered whether the massive
proposed reorganization could exacerbate the situation.
"None of the computers seem to be compatible in the federal government,"
Stupak said. "Every time we spend billions of dollars to upgrade a
computer, it doesn't seem to work and we have to start all over again...Are
we going to have another layer of computers that don't talk to each other
while cybersecurity is endangered?
"It seems like there's more of a turf war; we won't trust this person with
this information, or it's our information and won't go further. I don't
think it's all just computer-related problems or security-related problems
but leadership problems."
A report that congressional auditors published last year said that instead
of becoming a highly sensitive nerve center that responds to computer
intrusions, the FBI's National Infrastructure Protection Center (NIPC) had
turned into a federal backwater that was surprisingly ineffective in
pursing malicious hackers or devising a plan to protect electronic
infrastructure. It highlighted the NIPC's turf wars and concluded: "This
situation may be impeding the NIPC's ability to carry out its mission."
David Sobel, general counsel of the Electronic Privacy Information Center,
said Tuesday that the proposed department should not be completely immune
to requests made under the Freedom of Information Act. Private companies
have said they need such an exemption to be sure that sensitive information
they provide not be disclosed.
"Any claimed private sector reluctance to share important data with the
government grows out of, at best, a misperception of current law," Sobel
said. "Exemption proponents have not cited a single instance in which a
federal agency has disclosed voluntarily submitted data against the express
wishes of an industry submitter."
*********************
News.com
Bush security plan may get privacy nod
By Declan McCullagh
Staff Writer, CNET News.com
July 10, 2002, 8:15 AM PT
WASHINGTON--President Bush's proposed Department of Homeland Security is
likely to get its own privacy czar.
A panel in the House of Representatives is scheduled to vote this week on a
plan to add a chief privacy officer to the planned agency.
A draft of the legislation seen by CNET News.com states that the Secretary
of Homeland Security must appoint a privacy officer to ensure that new
technologies "sustain and do not erode" privacy protections and to verify
that the agency's massive databases operate within federal guidelines.
On Tuesday, the Bush administration told a House subcommittee that it was
open to the idea, which key legislators have endorsed.
"I think privacy is a very important function. If you bring us a proposal,
I imagine that we would look at it very seriously," Mark Everson,
controller of the Office of Management and Budget, told panel Chairman Bob
Barr, R-Ga.
In response, Barr suggested that the privacy position could be written in a
flexible way that would not require Senate confirmation. "I'd be
hard-pressed to argue against that," Everson said.
Rep. Maxine Waters, D-Calif., said she is concerned with the scope of a
Homeland Security Department, which would combine 22 agencies including the
Secret Service, the Coast Guard, the Federal Emergency Management Agency
and part of the FBI's National Infrastructure Protection Center.
"I don't agree with Mr. Barr very much, but I kind of like him heading this
subcommittee because he is a protector of privacy and civil liberties--and
that makes up for all the other stuff that he's not," Waters said. "I'm
very suspicious when people start to talk about flexibility and new powers
that won't be abused by this administration...We've got to press hard and
look at this flexibility."
The draft seen by News.com says the privacy officer will be responsible for
"evaluating legislative proposals involving collection, use, and disclosure
of personal information by the federal government" to ensure consistency
with privacy laws. In addition, the officer must prepare an annual report
to Congress identifying privacy complaints raised by the public and how the
department responded.
The full House Judiciary committee is scheduled to vote on the proposal
Wednesday or Thursday. After that, it goes to a special panel chaired by
House Majority Leader Dick Armey, R-Texas, that will work out a final
version of the plan.
"Mr. Armey is very supportive of all efforts to ensure that privacy laws
are upheld and strengthened when they need to be," Richard Diamond, a
spokesman for Armey, said Wednesday.
After initially opposing the idea of a Cabinet-level agency for homeland
security, Bush endorsed it in a televised address last month. Congress is
scheduled to vote on the plan before its August recess.
Peter Swire, a top privacy official under President Clinton, told Barr's
panel that the existing proposal includes few privacy safeguards. In
written testimony, Swire called the bill "a recipe for essentially
unrestricted sharing of sensitive personal information, with no apparent
incentives to limit such sharing and no remedies if the sharing goes too far."
Swire, who has reviewed the privacy legislation, said Wednesday that "it's
a positive step to put the chief privacy officer in a statute. I'm glad
that the administration seems to be open to that approach."
If signed into law by the president, the measure would create what appears
to be the first legal requirement that a Cabinet secretary appoint a
privacy chief. "To my knowledge, this would be the first position," says
Chris Hoofnagle, legislative counsel at the Electronic Privacy Information
Center.
************************
New York Times
Pirates of the Web
By JENNIFER 8. LEE
LAST week, at age 29, John Sankus Jr. moved out of his parents' house for
the first time. He and his parents drove 150 miles from their home in
suburban Philadelphia to his new one: a federal penitentiary in Allenwood, Pa.
Mr. Sankus, who entered the minimum-security prison on July 2 to serve a
46-month sentence, is a soft-spoken, churchgoing computer technician who
still has the plush stuffed whales from his childhood.
But United States Customs Service investigators and prosecutors say he was
also a ringleader of an international gang of software pirates that
deprived companies of millions of dollars through the illegal distribution
of copyrighted software, games and movies on the Internet. In February, Mr.
Sankus pleaded guilty to a felony count of conspiracy to commit copyright
infringement.
The piracy group, known as DrinkorDie, was among the chief targets of more
than 100 coordinated raids in the United States and abroad last December.
So far 15 people in the United States have pleaded guilty to criminal
charges as a result of the raids, including a Duke University student, a
programmer at the University of California at Los Angeles, an employee at
an Internet service provider and several executives at technology
companies. So far Mr. Sankus and five others have been sentenced to prison.
Interviews with Mr. Sankus and others involved in the case, including
customs and law enforcement officials, offer an unusual glimpse into the
world of Internet piracy. It is a community of sorts, with perhaps 30 major
groups that issue pirated products by cracking the copy-protection codes of
software or making illicit duplicates of movies.
Many of the pirates say they were motivated less by money than by a sense
of competition, prestige and the entertainment value of distributing the
pirated goods, which they call "warez."
"Most of the people I have been around with are not out to cheat anybody,"
said Mr. Sankus, a large, shy man who worked as a computer technician at a
Gateway store. "They are out to have fun. It's just a hobby."
In an interview before he went off to prison, Mr. Sankus said he earned no
money from software piracy. He described it rather as a social activity
that consumed him.
He recounted the day when about 40 armed customs agents swooped into his
workplace. "I felt like someone who had just murdered 50 people," he said.
Prosecutors say that Mr. Sankus helped steal millions of dollars' worth of
intellectual property. And despite the guilty pleas from him and others,
they add, the stealing continues because of the nature of the distribution
medium.
"That's the difference in the old world, if you stopped the source, you
stopped the piracy," said Michael DuBose, a Justice Department lawyer who
played a pivotal role in the piracy investigation. "But all the stuff that
DrinkorDie put out there continues to be out there."
While Internet piracy slowed immediately after the December raids, activity
has picked up again, investigators say. For example, Warcraft III, an
eagerly anticipated game from Blizzard Entertainment, was "cracked" and
released to the Internet only one day after a master CD for the game was
created in mid-June.
For DrinkorDie members, piracy was the technological equivalent of joy
riding a form of bravado that could gain them acceptance in a hierarchical
social sphere.
"It's all about stature," said David Grimes of Arlington, Tex., a
DrinkorDie member who worked as a computer engineer at Check Point
Software, a company that specializes in security solutions for software.
"They are just trying to make a name for themselves for no reason other
than self-gratification." Mr. Grimes is serving a 37-month prison sentence
after pleading guilty to the same charge that Mr. Sankus did.
"It's the same reason that people join gangs," said Allan Doody, the
Customs Service investigator who led the DrinkorDie investigation, part of
a broader anti-piracy campaign called Operation Buccaneer. "They're hanging
out on the cyber-street corner."
But in contrast to petty criminals and warring gangs, Internet piracy
groups have a worldwide impact of at least tens of millions of dollars, if
not more. Such groups secure their reputations by releasing thousands of
free movies, games, music and software programs on the Internet each year.
While such groups rarely profit financially from their activities, their
warez (pronounced like the word wares), proliferate rapidly around the
world, reaching those who do sell them for gain for example, people who
hawk the software through pay-for-access Web sites or burn them on CD's for
sale on the street, in shops or at Internet auction sites.
The copies "become the raw materials that others use for commercial
piracy," said Bob Kruger, president of the Business Software Alliance, an
industry group that asserts that software piracy costs $10.1 billion a year
in lost sales worldwide.
The victims of piracy take the threat very seriously. Havard Vold,
president of an eight-person company in Cincinnati called Vold Solutions,
was horrified to discover that DrinkorDie had released a free version of a
specialized engineering program that his company sold for $9,500.
"That was very scary," Mr. Vold said. "They do not understand the impact of
copyright infringement, especially on the smaller companies."
Although the warez scene took root only in the early 1990's, piracy has
expanded rapidly, particularly in the last five years.
Increasing access to the Internet worldwide, cheap computer storage costs
and the proliferation of digitized media have helped set off an
international online shopping spree in which just about anyone can obtain a
pirated version of a coveted software program, computer game or movie
openly and easily.
By contrast, the warez groups themselves tend to operate in secrecy,
relying on encryption technologies, disguised Internet Protocol addresses
and invite-only chat channels. And their world is highly structured, with a
strict hierarchy and rules.
The pirates are organized into two main types: release groups that produce
the pirated works and courier groups that serve as worldwide distributors.
Government investigators estimate that there are roughly 30 major release
groups enlisting some 1,500 people around the world. In the DrinkorDie
raids last December, warrants were served on suspected members in Britain,
Australia, Finland, Norway and Sweden. Mr. DuBose said that at least half
of DrinkorDie's members lived outside the United States.
Different warez groups focus on different product lines. Groups like
FairLight and Razor1911 are known for game releases. FTF and Immortal VCD
release movies, a pursuit that relies less on overcoming protection schemes
than on getting illegitimate access to recent films to duplicate them. A
group called POPZ, for Parents on 'Puterz, focuses on children's games.
DrinkorDie, which is perhaps best known for having cracked Windows 95 weeks
before it was released by Microsoft, has more recently concentrated on
expensive specialized software like Mr. Vold's engineering program.
"It's cool to release something that costs $18,000," said Mr. Grimes, the
DrinkorDie member from Arlington, Tex. "Basically, if it wasn't for us, you
would never see this piece of software."
Warez involve frenzied competition. Groups race to be the first to release
popular movies and games, but quality is important too. Groups take jabs at
one another's releases. Immortal VCD called a competitor's release of the
Disney film "Lilo and Stitch" subpar, describing the copy as "very dark,
shaky and pixilated." It offered its own version as an improvement.
The release groups typically have one or two leaders, two or three other
managers called "council members," 10 to 15 staff members who work on
releases and 50 to 100 members who simply have access to the releases.
Mr. Sankus, one of the two leaders of DrinkorDie, went by the online name
Eriflleh, or "hellfire" spelled backward. The other leader, who goes by the
online name Bandido, lives in Australia and has not not been charged,
Justice Department officials said.
Like similar release groups, DrinkorDie divided the labor. Suppliers, often
insiders at a software company, provided versions of the software.
Crackers, who had the most technologically complex role, stripped the
programs of their protections. Testers then made sure that the unprotected
versions of the software worked properly. Finally, there were packers and
"pre-ers" who were responsible for dividing the programs into small files
and distributing them to release sites.
Mr. Sankus started out as a tester and a packer for DrinkorDie before
moving into a leadership position. "There weren't that many people who
wanted to do testing and packing because it was considered grunt work," he
said.
The warez community has numerous databases to keep track of the thousands
of releases. People can perform what are known as "dupe checks," or
searches to determine whether a program or a movie has already been released.
The Isonews Web site (www.isnonews.com) keeps a public database of the
information files that accompany each warez release. Such files specify who
was responsible for the release, when it was made available and how many
files the product has been broken down into, as well as reviews. The warez
groups privately maintain a database known as Checkpoint that has automated
software agents, or bots, that keep abreast of warez releases as they occur.
Once the files arrive at the release sites, courier groups take over and
move them through a systematic distribution chain. Within 10 minutes of a
warez release, the pirated product is copied to a few dozen central
distribution centers on the Internet.
Government officials estimate that within six hours, lower-level couriers
then copy files to about 10,000 publicly available sites around the
Internet. Within two or three days, the movies and program trickle onto
Usenet groups and onto peer-to-peer software networks like KaZaA and
Morpheus. Once the files become public, they are essentially available to
anyone who goes looking for them.
"All it takes is one person to put it on a newsgroup then it explodes,"
said David Rocci, who runs Isonews.
The courier groups, like the release groups, are fueled by competition. The
government estimates that 3,500 people are involved in the most elite
courier groups, which include RISC and Moonshine.
Couriers are ranked in groups and as individuals with a scoring system.
There are weekly rankings, all-time rankings and regional rankings (United
States vs. Europe, for example).
Courier groups are sized up in shadowy e-mail publications like American
Courier Review and Courier Weektop Scorecard in sports-style commentary.
"Just not quite enough for RISC this time but an awesome team effort in
which we see some nice individual performance as well," a recent review read.
Although release and courier groups engage in little direct commercial
activity, a 1997 extension in federal copyright law made piracy a crime
even if there is no monetary profit.
Prosecutors say that money is beside the point in the underground pirate
economy. The releases form the basis of a bartering system in which members
trade, hoard and collect warez. Access to software storage sites is granted
in exchange for hardware, server space and other technological goods.
"You don't need to make money, when you don't need money to buy this
stuff," Mr. DuBose said. "By participating in a group, they got the key to
the candy store. Any movie, game, software they could ever want, they could
get."
Still, given the absence of personal profit, some DrinkorDie members were
surprised by the prison sentences they received, generally from three to
four years. "We weren't criminal-minded," Mr. Grimes said. "We never
anticipated that a company would lose a sale as a result of one guy in
China downloading it and burning it onto a CD and selling it to half of
China."
But that argument fails to resonate for copyright holders like Mr. Vold.
"If you like torching houses for fun, you don't gain anything from torching
somebody's house," he said. "But that homeowner will certainly suffer a
material loss."
**************************
Associated Press
New Web ID Standards to Be Unveiled
Thu Jul 11, 6:13 AM ET
By D. IAN HOPPER, AP Technology Writer
WASHINGTON (AP) - An industry coalition is set to unveil standards for
identity authentication on the Internet, the first step toward making the
task of remembering long lists of Web site passwords a thing of the past.
The Liberty Alliance, which includes companies like Sun Microsystems, Sony,
American Express, Mastercard and Bank of America, plans to release the
details Monday.
The standard is designed to make it easy to log into different
systems from making online purchases to checking bank or credit card
accounts while making different authentication systems speak the same
language. That realm is currently dominated by Microsoft, whose Passport
system runs on about 200 Web sites.
"The promise of electronic commerce has not been delivered on," said United
Airlines chief information officer Eric Dean, who also serves as the head
of the group's management board. "There are huge possibilities."
Privacy advocates, however, say the creation of a single identification
standard will make it easier for businesses to profile Internet users for
marketing purposes.
"They want identification data to find new marketing avenues," said Chris
Hoofnagle, legislative counsel for the Electronic Privacy Information
Center. "What it means for the individual is more spam, more direct mail,
more telemarketing."
Hoofnagle said a single Internet ID also will place individual financial
data at greater risk for disclosure over the Internet.
"It's like using the same key for your house and your car and your safe
deposit box," he said. "Compromise that one key and all the golden eggs are
compromised."
Dean said Liberty Alliance is starting small. Users will be able to choose
to "link" different accounts, so Mastercard.com will be able to identify
the same user that visits United.com, without having to type in another
password.
More robust features, like a detailed profile that contains the user's
address and phone number to be shared with all the Liberty-enabled sites,
will come later. Dean said the slow ramp-up is designed so Web site
developers can start using it within months.
"We can extend United.com to do this without having to launch a rocket to
the moon," Dean said.
It has been almost a year since Liberty Alliance was announced. Without any
real product or service to speak of, most of the attention has focused on
friction between Liberty members and Microsoft.
During Microsoft's antitrust penalty hearings in April, Microsoft lawyers
derided Liberty's name as an attack on Microsoft. They said it means
"liberty from Microsoft hegemony." While testifying against Microsoft,
Jonathan Schwartz, Sun Microsystems's top Liberty representative, called
that interpretation of the name "paranoid."
Microsoft and Liberty members have discussed Microsoft joining the
alliance, but no deal has been struck.
Microsoft has not yet seen the Liberty standard. While Microsoft said it
agrees a single Internet ID standard is a good idea, it wants Liberty to
use Microsoft's Passport system.
"We are not distracted by Liberty versus Passport battles," Microsoft
spokesman Adam Sohn said in a statement. "We are instead focused on
answering broader customer demand for security in the Web services
environment."
Dean downplayed Liberty's disagreements with Microsoft, including the idea
that Microsoft may join Liberty only to co-opt and change the standards for
its own purposes. Several critics, including Liberty members Sun and AOL
Time Warner, have said Microsoft has done that to other technology
standards, essentially "breaking" them so competing products don't work as
well as Microsoft's.
"There were some concerns about that at the beginning," Dean said. "We have
not talked about that much in the past six months."
****************************
Associated Press
E-Mail Scrambler Has Security Flaw
Thu Jul 11, 6:14 AM ET
By TED BRIDIS, Associated Press Writer
WASHINGTON (AP) - The world's most popular software for scrambling
sensitive e-mails suffers from a programming flaw that could allow hackers
to attack a user's computer and, in some circumstances, unscramble messages.
The software, called Pretty Good Privacy, or PGP, is the de facto standard
for encrypting e-mails and is widely used by corporate and government
offices, including some FBI ( news - web sites) agents and U.S.
intelligence agencies. The scrambling technology is so powerful that until
1999 the federal government sought to restrict its sale out of fears that
criminals, terrorists and foreign nations might use it.
The new vulnerability, discovered weeks ago by researchers at eEye Digital
Security Inc., does not exploit any weakness in the complex encrypting
formulas used to scramble messages into gibberish. Instead, hackers are
able to attack a programming flaw in an important piece of companion
software, called a plug-in, that helps users of Microsoft Corp.'s Outlook
e-mail program encrypt messages with a few mouse clicks.
Outlook itself has emerged as the world's standard for e-mail software,
with tens of millions of users inside many of the world's largest
corporations and government offices. Smaller numbers use the Outlook
plug-in to scramble their most sensitive messages so that only the
recipient can read them.
"It's not the number of people using PGP but the fact that they're using it
because they're trying to safeguard their data," said Marc Maiffret, the
eEye executive and researcher who discovered the problem. "Whatever the
percentage is, it's very important data."
Maiffret said there was no evidence anyone had successfully attacked users
of the encryption software with this technique. He said the programming
flaw was "not totally obvious," even to trained researchers examining the
software blueprints.
Network Associates Inc. of Santa Clara, Calif., which until February
distributed both commercial and free versions of PGP, made available on its
Web site a free download to fix the software. The company announced earlier
it was suspending new sales of the software, which hasn't been profitable,
but moved within weeks to repair the problem in existing versions. The
company's shares fell 50 cents to $17.70 in Tuesday trading on the New York
Stock Exchange ( news - web sites).
Free versions of PGP are widely available on the World Wide Web.
The flaw allows a hacker to send a specially coded e-mail which would
appear as a blank message followed by an error warning and effectively
seize control of the victim's computer. The hacker could then install spy
software to record keystrokes, steal financial records or copy a person's
secret unlocking keys to unscramble their sensitive e-mails. Other
protective technology, such as corporate firewalls, could make this more
difficult.
"You can do whatever you want execute code, read e-mails, install a
backdoor, steal their keys. You could intercept all that stuff," Maiffret said.
Experts said the convenience of the plug-ins for popular e-mail programs
broadened the risk from this latest threat, since encryption software is
famously cumbersome to use without them. Even the creator of PGP, Philip
Zimmermann, relies on such a plug-in, although Zimmermann uses one that
works with Eudora e-mail software and does not suffer the same
vulnerability as Outlook's.
A plug-in for Microsoft's Outlook Express a scaled-down version of
Outlook is not affected by the flaw.
Maiffret said his company immediately deactivated the vulnerable software
on all its computers, which can be done with nine mouse-clicks using
Outlook, until it could apply the repairs from Network Associates. The
decision improved security but "makes it kind of a pain" to send encrypted
e-mails, he said.
Zimmermann, in an interview, said PGP software is used "quite extensively"
by U.S. agencies, based on sales when he formerly worked at Network
Associates. He also said use of the vulnerable companion plug-in was
widespread. Zimmermann declined to specify which U.S. agencies might be at
risk, but other experts have described trading scrambled e-mails using PGP
and Outlook with employees at the FBI, the Energy Department and even the
super-secret National Security Agency.
In theory, only nonclassified U.S. information would be at risk from this
flaw. Agencies impose strict rules against transmitting any classified
messages encrypted or not over the Internet, using the government's own
secret networks instead.
"The only time the government would use PGP is when it's dealing with
sensitive but unclassified information and has a reasonable degree of
assurance that both parties have PGP," said Mark Rasch, a former U.S.
prosecutor and expert on computer security. "It's hardly used on a routine
basis."
*************************
New York Times
Uncle Sam Wants You to Play This Game
By BRIAN KENNEDY
BE all you can be"? Ancient history. "An army of one"? Last year's news.
The military's newest promotional campaign is not even televised; it is
America's Army, a free computer game produced by the military and aimed at
winning the hearts and minds of tech-minded teenagers.
The game is the brainchild of Lt. Col. Casey Wardynski, director of the
Office of Economic and Manpower Analysis at West Point. Although Colonel
Wardynski is not a gamer himself, his two sons are, and his oldest,
17-year-old Casey, is a big fan of the action game Delta Force. The colonel
said the idea for the game came to him three years ago while he was
researching ways to attract computer-adept recruits for an increasingly
high-tech military.
The Army is looking to hire 79,500 young adults this year and, as Colonel
Wardynski said, "Gaming tends to be very interesting to young Americans."
Colonel Wardynski concluded that releasing a free, high-quality game and
encouraging gamers to copy it and share it with friends would be an
effective (and relatively inexpensive) way to reach those budding computer
whizzes.
America's Army is actually two games. The first, Operations, is a
multiplayer first-person shooter inspired by the popular game
Counterstrike. Players log on through the Internet, take on the roles of
United States soldiers and team up to battle terrorists.
But Operations is no Rambo-style shoot-'em-up. Although it uses the
engine or basic structural programming from the newest version of the
sci-fi game Unreal, the Army has gone to great lengths to make the game as
realistic as possible, soliciting input from soldiers at bases nationwide.
The designers, primarily the Modeling, Virtual Environments and Simulation
Institute at the Naval Postgraduate School in Monterey, Calif., say they
have modeled each weapon accurately. A player's aim will be affected by his
stance, breathing and movement. A player who charges an enemy trench,
wildly firing his rifle, is unlikely to hit very much.
Everything from the direction and velocity of shell ejection to the way
soldiers high crawl when carrying a rifle is based on the way the Army
really operates, said Michael Capps, the game's executive director and a
professor at the modeling institute.
Unlike many multiplayer games, Operations features mechanisms to ensure
participants' good behavior. Gun down your drill sergeant on the rifle
range, for example, and you'll serve hard time in a virtual Fort Leavenworth.
In another departure from gaming norms, Operations is not very bloody.
"We don't want to use violence as an entertainment vehicle," Colonel
Wardynski said. Bullet hits are registered by puffs of blood instead of the
sprays of gore typical of some first-person shooters. The game is rated
appropriate for teenage players (most graphic first-person shooters are
rated for mature players).
The enemy is designed to look as generic as possible. "We've got blond guys
who are bad guys, black guys who are bad guys," Colonel Wardynski said.
"Usually, they're not well shaven."
In the second part of the game, Soldiers, players progress through a
virtual career in the Army, serving in a variety of units and improving
their ratings in categories like loyalty, honor and personal courage as
they go.
A preliminary version of the Operations game released on July 4 includes
two training missions and four combat operations, including an assault on a
terrorist camp that Colonel Wardynski said was modeled after a raid
conducted in the early days of the Afghanistan campaign.
Maj. Chris Chambers, the project's deputy director, said that more than
500,000 copies of the game had been downloaded by Wednesday
morning prompting a frantic rush for additional servers and an accelerated
plan to release "community software" allowing groups to play without
tapping into a server.
The full version of America's Army is scheduled for release in late August
or early September. It will be available free as a two-CD set or by
downloading from the Internet at americasarmy.com.
The Army is hoping the game will help cut down on one of its biggest
expenses filling its ranks. Doug Smith, a spokesman for the Army
Recruiting Command in Fort Knox, Ky., said the Army spends about $15,000 to
recruit every soldier.
Colonel Wardynski said the government will have spent about $7.6 million to
develop the game by September; he said he expected the cost of creating new
missions and other updates to be about $2.5 million a year and the cost of
maintaining the multiplayer infrastructure to be about $1.5 million.
If the game draws 300 to 400 recruits in the next year, he said, it will
have been worth the cost especially since the game is considered likely to
attract people attending or considering college, who tend to be more
expensive to recruit.
He also hopes that by providing more information to prospective soldiers,
the game will help cut down on the number of recruits who wash out during
the nine weeks of basic training and subsequent specialized training, which
can last up to a year. (All told, the Army loses 13.7 percent of recruits
during training, according to a spokesman for the Training and Doctrine
Command in Fort Monroe, Va.)
Recruits who signed up but then quickly changed their mind "had an
information problem," Colonel Wardynski said.
"That's $15,000 down the drain," he added.
Initial reaction among gamers has been positive. The Army's display booth
at the Electronics Entertainment Expo in Los Angeles in May was
packed despite, or perhaps because of, the presence of uniformed soldiers
and military vehicles instead of the typical scantily clad women. Army
officials said they had received more than 150,000 advance orders for the
game before the preliminary version became available for download on July 4.
"It's a blast," said Amer Ajami, an editor at Gamespot.com who spent last
weekend playing the game online. "It's pretty realistic you take one or
two shots and you go limp, you take one more and you're done."
From a marketing standpoint, Mr. Ajami said, its prospects are excellent.
"You see all these commercials on TV with catchy phrases, but nothing beats
going in and seeing what the Army really does," he said. "Without actually
having to do it."
**************************
Government Computer News
OPM awards contract to develop an e-learning site
By Jason Miller
The Office of Personnel Management last month moved closer to unveiling its
new e-learning Web site. It awarded a task order to Geolearning Inc. of
West Des Moines, Iowa, to redesign the National Learning Center's site and
provide courses.
Norm Enger, OPM's e-government director, has said he wants the new site up
by the end of July [see www.gcn.com/21_13/news/18836-1.html].
The project is a part of the Office of Management and Budget's 24
e-government initiatives and is one of five projects OPM is managing. OPM
will rename the site www.golearn.gov.
Along with Geolearning, OPM hired Karta Technologies Inc. of San Antonio,
NetG of Naperville, Ill., and Skillsoft Corp. of Nashua, N.H., to provide
online courses for the site, an OPM spokesman said.
**************************
USA Today
Businesses see bonanza in homeland security
By Jim Drinkard, USA TODAY
WASHINGTON As government workers browse the booths at a high-tech expo
here, a large placard declares, "Homeland Security and Defense is SERIOUS
BUSINESS."
Unstated is another truth: It's also serious money. The Sept. 11 terrorist
attacks on the United States have created a wave of government spending
reminiscent of the space program in the 1960s or the savings and loan
bailout of the 1980s. New federal outlays for homeland defense are expected
to hit $57.2 billion by next year, and President Bush has made it clear the
investment will continue for years to come. In a faltering economy, it's
one of the few things growing.
That has gotten the attention of thousands of businesses claiming to have
the solution to the government's security needs. Companies ranging from
global giant IBM to tiny Nasatka Barriers, a Maryland manufacturer of
vehicle blockades, are thronging the capital with brochures and
demonstrations in hand.
"There is a gold rush," says Lee Hamilton, a former chairman of the House
Intelligence Committee who is still active in national security issues.
"There is a tremendous market out there for security devices that has
exploded in the past few months."
As with any gold rush, the homeland security bonanza is likely to attract
pretenders along with patriotic entrepreneurs. It will be up to government
agencies at the federal and local levels to exercise care in their buying
decisions.
"There have been a lot of folks who have risen to what they see as an
opportunity, who offer a product that may or may not do what they say it
does," says Douglas Eaton, marketing director for NBC Team Ltd., maker of
several products that combat bioterrorism.
President Bush's homeland security director, Tom Ridge, welcomes the
capitalist impulse. "The entrepreneurial spirit is a potent weapon against
terrorism," he told the Electronic Industries Alliance, a high-tech trade
group. "We look to your enlightened self-interest. We want you to do well
by doing good."
Most of the new money is still finding its way through Congress. When it
does begin to reach the marketplace in a few months, much of it will flow
to state and local governments. Most of the money spent has flowed through
federal hands.
"Since Sept. 11, the government has been the predominant source of our
business," says John Centeno of Solar Security Films, a company that
applies anti-shattering film to building windows. "As people become aware
of the billions of dollars assigned to homeland security, more and more are
going to try to get a slice of that."
The film, designed by 3M to keep occupants safer in the event of an
explosion, has been applied to 17 buildings on Capitol Hill, to the windows
at Reagan National Airport and to MacDill Air Force Base in Tampa, home of
the Pentagon's Central Command.
Centeno was in Washington last month trolling for more government business,
along with dozens of other companies at the Homeland Security Summit and
Expo. Such trade shows are becoming common in the nation's capital: On
Wednesday, 54 mostly small companies crowded into a Senate office
building's auditorium to show off their wares.
Many products developed for other uses are finding a place in the new
market. "Everybody is looking at their products and seeing if they can
redefine them and market them as a homeland security item," says Ron
Kaufman, a Washington lobbyist.
Varian Medical Systems, which has long made X-ray equipment for hospitals,
was at last month's expo showing off a mobile unit that can be used to see
inside trucks and shipping containers at ports or border crossings.
"U.S. Customs has been talking about cargo screening for years," says Chuck
Stirm, a company salesman. Now, "there are purchase orders stacked on desks
this high," he says, holding his hands a foot apart.
Nearby, Telephonics Corp. displayed an oscillating flat panel mounted on a
tripod that uses Doppler radar to detect human movement over broad open
spaces. Company officials had demonstrated the $175,000 device two days
earlier for intelligence and defense officials. They set it up at Reagan
National Airport to show how it could trigger alarms if someone tried to
sneak onto a runway from a small boat in the Potomac River. Samuel Evans,
the company's Washington lobbyist, says Telephonics hopes to market the
radars to military bases, airports, nuclear plants and the Border Patrol,
among others.
John Scolaro's product couldn't fit into the expo's exhibit hall, so he
brought a computer display of a vehicle trying to crash through Nasatka's
traffic gate. The barriers, which allow only authorized vehicles to enter a
parking lot or building, are in use around the US Capitol.
'How much is your budget?'
"Before Sept. 11, the question was how to persuade a client to buy,"
Scolaro says. "Now the question is, 'How much is your budget?' "
Viisage Technology is opening a Washington office to tout its software. It
captures an image of a person's face, then compares it with a database of
suspects on a watch list an electronic version of the police mug shot
book. First developed to help gambling casinos keep out cheaters, the
technology has promise for screening airline passengers or crowds coming
into large events such as the Super Bowl, says marketing vice president
Cameron Queeno.
"We've heard over the last months that there are terrorists in this
country, living among us," he says. "Anything we can do to identify who
they are and what they are up to is a step toward enhancing our homeland
security." The cost? "A couple of million bucks per airport," he says.
E-Z-EM, a health care equipment company in New York, rented a Washington
hotel meeting room recently to demonstrate a tent-like enclosure that can
be placed over a "dirty" radiological bomb or other explosive device. If
the bomb detonates, the tent's tough fabric expands and holds in shrapnel
as well as radiation or other toxins. A foam decontaminant neutralizes
biological terror agents such as anthrax or mustard gas. The recently
declassified device, which is already used in Canada, was deployed at the
two major US political party conventions in 2000 and the Super Bowl in New
Orleans.
The company also is selling sponges soaked with decontaminant, for use by
firefighters, police and emergency medical personnel who respond to a
bioterrorism scene. The US Capitol has bought 20,000 gas masks to issue to
lawmakers, staff and tourists in case of a terrorist emergency. And there
is a boom in sales of potassium iodide tablets, which can protect the
thyroid gland from absorbing dangerous levels of radiation if someone is
exposed to a "dirty bomb."
The marketing frenzy extends beyond items normally associated with
terrorism defense. A team from Kurz and Co., a German business that makes
hologram-like foil seals, says its high-tech appliqués could be used on US
currency to make it harder to counterfeit. That might take away an avenue
of economic disruption that terrorists could exploit, since American money
is among the world's easiest to fake, company official John Tye says.
"Guatemala has more secure banknotes than you do," he says. "So does Zaire."
The company has hired the venerable Washington lobbying firm of Verner
Liipfert to push its idea of affixing hologram-like seals to $100 and $50
bills among the most counterfeited and to promote the technology to make
documents such as passports, visas and pilots' licenses harder to duplicate.
"We don't want to seem like 9/11 opportunists," says Kurz spokesman Robert
Skelly, "but it has created an environment where the American government
will be a little more accepting of change."
The homeland-security gold rush is creating a bottleneck in Washington.
Companies are clamoring to be seen by the people who matter. Congressional
aides have filled their calendars with meetings, and Ridge's office has
been besieged with requests.
"There's bound to be frustration when you've got 1,000 companies that
believe their technology is going to solve everything, but they can't link
up" with the appropriate government office, says John Marburger, President
Bush's science adviser.
IBM security services manager Rusine Mitchell-Sinclair says even a Fortune
500 company is challenged to keep up with the fast-evolving marketplace.
"It's been a moving ball, who's in charge," she says. "It is a bit of an
adventure."
*********************
San Francisco Gate
Universal Music provides alternative to file sharing
Rare old albums can be bought, downloaded on EMusic.com
Universal Music Group today will begin selling downloadable MP3 versions of
old albums from artists like Muddy Waters, B.B. King, Gladys Knight and
Bing Crosby.
In a limited test, Universal Music, the largest of the world's big five
record labels, will release about 1,000 of its hard-to-find back catalog
albums through its online music subscription subsidiary, EMusic.com.
In another groundbreaking step, Universal will allow the downloaded tracks
to be burned onto recordable CDs or transferred to a portable digital audio
player, actions the record industry has been reluctant to allow for fear of
cannibalizing already falling CD sales revenue.
Analysts said the move is yet another sign that the recording industry is
finally making progress in providing an alternative to popular file-sharing
programs like KaZaa, which already allow users to download, copy and
transfer MP3 songs at will.
"It's another baby step," said analyst Phil Leigh, vice president of
technology research at Raymond James & Associates. "If they find it does
generate significant incremental revenue, I think they'll be prepared to
take the next step."
Beginning today, EMusic.com, which charges $10 to $15 per month for a
subscription, will offer Universal's jazz, pop and classic hits from the
1950s,
1960s and early 1970s. The artists include Olivia Newton-John, Aretha
Franklin, B.B. King, Gladys Knight, Oingo Boingo, Chuck Berry and Pat Boone.
Larry Kenswil, president of Universal's ELabs Internet commerce unit, said
Universal wants to see whether it can generate new revenue streams from
albums that are no longer making money from retail sales. Therefore, it's
not worried about downloading and CD burning -- two major factors the
record industry blames for a global sales slump.
Still, the Universal-EMusic deal remains only a test. It will not include
any current chart toppers like Eminem. Nor does Universal, a subsidiary of
struggling French media giant Vivendi Universal, have any near-term plans
to expand the selection.
The Universal partnership gives EMusic -- known mainly for its selection of
tracks from lesser known independent artists -- a major label, even though
it is an in-house deal.
EMusic.com, formerly based in Redwood City, was purchased in 2001 by
Vivendi Universal, which subsequently moved the company to the San Diego
offices of another online startup, MP3.com.
Vivendi's Internet operations posted an operating loss of $301 million last
year.
E-mail Benny Evangelista at bevangelista@xxxxxxxxxxxxxxxx
************************
Mercury News
Hot site Firefighters' digital maps catch on with the public
By Ian Austen
New York Times
Firefighters, particularly those who take on forest fires, are longtime
users of Geographic Information Systems programs that marry database
information with digital maps.
So it was not a tremendous leap two years ago when several agencies with
responsibilities related to forest fires got together to consolidate their
GIS data and make it available to each other through the Internet.
What they did not anticipate, however, was that a Web site conceived as a
professional tool would become even more popular with the public.
``The intent was to make it for firefighting planners,'' said Liz Lile, a
cartographer and the U.S. Geological Survey's project coordinator for the
Web site. ``But it quickly became evident back then that the public was
going to use it as well.''
That has especially been the case in recent weeks as forest fires have
swept through large areas of Arizona and Colorado. The Web site, www.geomac
.gov, logged 4.3 million requests for page views last month. Jeff Baranyi,
an adviser to the project from ESRI, a maker of GIS software, said that the
overwhelming majority of visitors used domain names associated with
consumer Internet service providers. ``It's very much a public Internet
site,'' he said.
Unlike the professionals, such visitors were not concerned with issues like
how to deploy firefighting equipment. Lile and Baranyi said that e-mail
messages to the site indicated that people were instead using it as a tool
to determine whether their homes or those of relatives were in the path of
a spreading blaze.
``What they really want to know is, `Where am I in relation to a fire and
am I in danger?' '' Baranyi said.
The dense smoke from forest fires prevents the site from displaying
satellite images of individual houses in or near fire zones. What it does
offer users are maps displaying the boundaries of all major fires that are
active in the continental states and Alaska.
The boundary maps are created, for the most part, by observers who fly
around the perimeters of blazes. Online visitors can overlay simple road
maps and insert a relief map background.
In theory, it is possible to zoom in on very small areas on the maps. But
Lile, whose agency hosts the Web site, said that the accuracy of the maps
declined once a certain zoom level was passed. By design, the background
relief map turns into a pattern of blocky pixels when users try to push the
system beyond its limits.
Because the system combines data from several agencies -- in addition to
the Geological Survey, the Bureau of Land Management, the National Park
Service and the Forest Service -- and was designed for use by people
without access to GIS software, its maps are always somewhat behind the times.
The GIS data is gathered at regular intervals -- in some cases every hour
-- and transferred to a large database operated by the Geological Survey.
Web server software then responds to requests from visitors and, using the
database, generates the maps.
The system's next feature may be one solely designed for visitors who are
not experts. Lile said it should be technically feasible to introduce a
variation on the online map services offered by companies like Mapquest.
Users could type in their addresses and see a map indicating their
proximity and vulnerability to the nearest forest fire.
Such a feature would be popular, Baranyi said. ``Already we've had people
sitting in high school gymnasiums trying to figure if their house has
burned or not.''
************************
BBC
Recycling law could mean costly PCs
Computers could become more costly thanks to European laws that force
makers to recycle old machines.
Soon to be enforced directives make the manufacturers of personal computers
responsible for what happens to old machines when customers upgrade their
stock of machines.
Experts fear that the cost of disposal and recycling and research into new
ways to dispose of the obsolete hardware could push up the price of computers.
The Department of Trade and Industry estimates that the total bill to
British industry of the directives could top £3bn.
Price push
Technology magazine Computing warns that the prices of computers could rise
by up to $50 when European environmental laws come into force.
The Waste from Electrical and Electronic Equipment directive covers
recycling of equipment such as computers, and the Hazardous Substances in
Electrical and Electronic Equipment Directive would ban certain substances
used in the manufacturing of IT equipment.
"IT directors should be warning the board that they will be expected to pay
for this in their acquisition costs," said Brian Gammage, principal analyst
at research firm Gartner.
"People will start looking at leasing options and per seat options,
especially in larger companies as a way to overcome these costs."
Speading the cost
Technology trade body Intellect said the expense of the new legislation
would only hinder firms.
"It's certainly not going to help companies struggling out of the
downturn," said Hugh Peltor, director of consumer electronics at Intellect.
"However, if we're going to save the planet, the bottom line is we will
have to share these costs. It can't all be down to industry."
But Phil Reakes, managing director of recycling and refurbishing firm
Selway Moore, said the cost of setting up recycling operations might not be
too costly.
"Somewhere in the product cost model will be a small slice that covers
disposal," he said.
But, he said, problems could emerge because manufacturers were currently
not ready to deal with the large numbers of old computers they have already
sold to customers.
"What will happen to the equipment that corporations are getting rid of?"
he asked, "Because they will be getting rid of thousands of machines at a
time."
Mr Reakes also questioned what would happen when a large company picked a
new supplier when it upgraded its machines. The new supplier was unlikely
to be willing to pay to dispose of machines from a rival, he said.
**************************
BBC
Broadband providers back need for speed
Broadband users could pay a premium for faster connections as providers
look at ways of making more money from high-speed services.
Operators that ignore the idea of superfast premium services do so at their
peril, warn cable operators who already offer tiered prices for broadband.
Currently most operators offer a standard 512K service for between £20 and
£35 which gives users around 10 times faster speeds than dial-up access.
But cable operators NTL and Telewest have realised that there is a market
for even faster broadband and both have launched a 1MB service for its
customers.
No turning back
It is more expensive. Telewest's service is £39.99 per month, falling to
£35.99 if users take other services from the cable firm. NTL charges even
more - £49.99 per month.
Broadband users could pay a premium for faster connections as providers
look at ways of making more money from high-speed services.
Operators that ignore the idea of superfast premium services do so at their
peril, warn cable operators who already offer tiered prices for broadband.
Currently most operators offer a standard 512K service for between £20 and
£35 which gives users around 10 times faster speeds than dial-up access.
But cable operators NTL and Telewest have realised that there is a market
for even faster broadband and both have launched a 1MB service for its
customers.
No turning back
It is more expensive. Telewest's service is £39.99 per month, falling to
£35.99 if users take other services from the cable firm. NTL charges even
more - £49.99 per month.
"Customers' needs and expectations evolve as their tenure and usage
patterns increase and successful ISPs will develop targeted value
propositions to meet the needs of distinct segments," said Chad Raube, head
of internet services at Telewest.
"Tiered service offerings are therefore an essential element of any leading
ISPs product portfolio.
"Those ISPs that get this product equation right will meet consumers' needs
and continue to thrive, while those that get it wrong will jeopardise their
business success," he said.
NTL is also convinced that offering premium high-speed services makes a lot
of business sense.
"The faster your connection, the more you can do," said Director of
Internet Services Bill Goodland.
"ISPs that don't offer it will find that over time customers will get more
and more frustrated and, we hope, desert them for cable."
Tiny fraction
While the cable operators have seen the benefit of pay-for-speed services,
for the 200 or so internet service providers that take their ADSL wholesale
from BT it is not an option at the moment because BT only offers one
version of broadband.
"There was a 1MB offering from BT but it was for businesses and was nowhere
near mass market prices," said a spokesman for AOL, one of the ISPs that
relies on BT for its ADSL service.
He is not convinced the market is mature enough yet for tiered pricing to
attract consumers.
"Mass market broadband is very much in its infancy in the UK and only a
very tiny fraction of online household have any sort of broadband
connection," he said.
BT in trouble
While the promise of even faster speeds may attract the early adopters of
broadband it may not appeal to everyone.
"More speed of itself will not necessarily chime with the mass market,"
said the AOL spokesman.
BT may not offer superfast services to customers at the moment but its
advertisments suggest that it does, and it must change them says the
Advertising Standards Authority (ASA).
Following a complaint from Telewest, BT has got a rap over the knuckles
from the ASA for confusing customers about how much speed they could expect
from their ADSL service.
"The advertisement implied that a connection "up to 40 times faster" was
standard for domestic customers and businesses.
"Because that implication was not true, the Authority concluded that the
claim was misleading and advised the advertisers to amend the
advertisement," read the ruling.
Telewest believes it is unhelpful that BT is confusing consumers in this way.
"Consumers are having a hard enough time getting their heads round
broadband, without BT getting its sums wrong," said Telewest's Marketing
Director David Hobday.
*************************
BBC
Science lessons 'tedious and dull'
Science lessons for teenagers are so boring they are putting pupils off
science for life, a cross-party group of MPs warned.
GCSE science is based on rote learning of facts of little use and has made
practical work a "tedious and dull activity", the Commons science and
technology committee said.
The situation could have a major impact on scientific research in the
future with pupils not inspired to continue with science beyond 16, the MPs
warned.
Their report called for greater flexibility in the science curriculum and
greater focus on contemporary science.
The MPs blamed the exam boards and the Qualifications and Curriculum
Authority for the problem, saying their approach to testing GCSE science
was preventing good science from being taught in schools.
"Current GCSE courses are overloaded with factual content, contain little
contemporary science and have stultifying assessment arrangements," the
committee's report said.
"Coursework is boring and pointless. Teachers and students are frustrated
by the lack of flexibility. Students lose any enthusiasm that they once had
for science."
Poor facilities
The report also expressed concern about the pay and conditions for
laboratory technicians, saying an additional 4,000 were needed in schools.
MPs fear poor laboratory facilities, coupled with a shortage of
technicians, are to blame for the lack of exciting practical work being
done in class.
The report calls on the Department for Education to invest more money in
refurbishment programmes and address pay levels for technicians.
The department has already given £60m for refurbishment, but the committee
says at least a further £120m is needed.
'Boring'
Chairman of the committee Dr Ian Gibson MP said: "Science should be the
most exciting subject on the school curriculum: scientific controversies
and breakthroughs hit the headlines every day."
"But school science can be so boring it puts young people off science for
life," said Dr Gibson.
"GCSE science students have to cram in so many facts that they have no time
to explore interesting ideas, and slog through practical exercises which
are completely pointless.
"This is a disaster: We need to encourage a new generation of young
scientists and to ensure that the rest of the population has a sound
understanding of scientific principles."
The Association for Science Education (ASE), which represents science
teachers, said the report findings needed to be highlighted.
"We're still concerned about the supply and recruitment of teachers - it's
chicken and egg, if you don't have enough teachers, the larger the classes
get and the harder it is for teachers to deliver effectively," said ASE
chief executive Dr David Moore.
Changes were being made in science teaching, said Dr Moore, but it would
take time for them to take effect.
A spokeswoman for the Department for Education said a recent study by the
Organisation for Economic Co-operation and Development found 15 year olds
in the UK came fourth out of 32 countries in scientific literacy.
"Over 110,000 of these have gone on to study a science subject at A-level
this year," the spokeswoman said.
"This is a major achievement and the £60m invested in school labs in the
last two years will further boost standards. But there is even more we can
do and we will continue the drive to improve our science base in schools
and universities," she said.
************************
Federal Computer Week
Justice CIO crafting united plan
A strategic technology plan circulating through the Justice Department this
week says that the department can no longer tolerate 39 fiefdoms "doing
their own thing" with computer systems and networks.
Vance Hitch, the department's new chief information officer, said he is
determined to craft a Justice-wide information technology architecture and
require that new computer systems be used by several and in some cases by
all divisions within Justice.
Three months into his job, Hitch depicts Justice as a fragmented agency
hobbled by aged computers and incompatible systems.
Justice's computer systems security is so bad that Hitch said he wanted to
hire a deputy CIO and a cadre of IT security specialists whose sole focus
will be to fix "security holes."
"There are hundreds or thousands of them" in the department's computer
systems, Hitch told a gathering of technology vendors July 9 at a breakfast
meeting sponsored by Federal Sources Inc., a market research firm in
McLean, Va. To say that security must be improved "is an understatement,"
he said. At present, security is so poor it would be "very easy to take out
a lot of our infrastructure."
The FBI, one of Justice's most technologically troubled divisions, is
ill-prepared to deal with IT security holes, he said. "They did not even
have a good handle on how many systems they had," let alone what their
security problems are, Hitch said.
The state of security "is embarrassing," he said.
Poor security and many other IT problems can be traced to Justice's
organization and its lack of a departmentwide IT architecture, Hitch said.
The department is composed of 39 components, from such well-known agencies
as the Immigration and Naturalization Service, the FBI and the Drug
Enforcement Administration to lesser-known entities such as the National
Institute of Corrections and the U.S. Parole Commission.
"They all did their own thing" when it came to developing computer and data
systems, Hitch said. Even when they hired the same vendors to assemble
similar systems, the various components did not end up with systems that
were interoperable, he said.
"It is not the culture of the Justice Department" to operate as a single
agency, he said.
But there is pressure now to change that, Hitch said. Justice has a new
mission counterterrorism and President Bush and Attorney General John
Ashcroft are emphasizing the need for improving information sharing,
increasing information security, streamlining and simplifying.
Justice plans to spend $2 billion on IT in 2003, and Hitch said his aim is
to modernize and unify the department's IT infrastructure.
Among his goals:
* Develop a departmentwide public-key infrastructure to share information
securely.
* Adopt common systems and solutions to make collaboration easier.
* Save money by adopting a departmentwide financial system.
* Search for ways technology can change and improve department operations.
In the past, technology has been adapted to department operations.
As Justice CIO, Hitch said he has been assured by Ashcroft of a degree of
influence over the agencywide IT budget, but he said he also wants "to be a
part of the components' IT process." That could mean a shift in authority
for components such as the FBI and the INS, which have their own CIOs.
************************
Federal Computer Week
Focus turned on security officials
Updated guidance for agencies' annual reports on information security
management capabilities includes a new focus on performance measures for
officials who are accountable for systems security.
The Office of Management and Budget's new guidance, released July 2, builds
on baseline created from the first reports submitted last year under the
Government Information Security Reform Act (GISRA) of 2000. That law
requires federal chief information officers and inspectors general to
perform annual evaluations of agency information security practices and
report the results to OMB, which will then provide a summary to Congress.
OMB submitted the fiscal 2001 report to Congress in February.
Last year, OMB officials asked agencies to identify the performance
measures they used to evaluate officials. But according to the guidance,
most agencies did not provide this information, and many requested that OMB
develop such measures.
So this year, to highlight the importance of information security to
program managers, OMB is requiring the agency and IG reports to include an
evaluation of agency officials' performance against a set of high-level
management measures defined by OMB in the reporting guidance.
"The OMB-provided performance measures represent a minimum required
response and must be completed," according to the guidance.
These performance measures range from the percentage of systems that have
an up-to-date security plan to the number of employees that received
specialized security training.
Last year's guidance also included requirements for agencies to create
"plans of action and milestones," which outline how officials planned to
fix the vulnerabilities discovered in the evaluations. Those plans were
incorporated into the fiscal 2003 budget request, and future plans will
continue to be part of the budget-development process, according to the
guidance.
This year the action plans will also be included in OMB's report to Congress.
The evaluation of agencies' security capabilities is also now part of the
President's Management Agenda scorecard, under the e-government section.
Agencies will be assessed on their information security management progress
at both the departmentwide level and at the bureau, agency or office level.
"This step will further reinforce the roles and responsibilities of agency
program officials...for the security of systems that support their programs
and the agency chief information officer for the systems and the agencywide
security program," the guidance states.
GISRA expires on Nov. 29, 2002, but there are several efforts in Congress
to extend its authority, most notably the Federal Information Security
Management Act, introduced by Rep. Tom Davis (R-Va.).
**************************
Federal Computer Week
Information Age changes warfare rules
Conducting warfare in the Information Age requires the Defense Department
to operate under a new set of rules, with a greater focus on "ascending"
technologies that aid cognitive tasks and less spent on tools in the
physical domain, according to the head of DOD's transformation office.
Retired Navy Vice Adm. Arthur Cebrowski, director of the Pentagon's Office
of Force Transformation, said the resources available now and those being
developed in the cognitive and information domains are "ascending." He
characterized tools in the physical realm as being in a "devolution," and
DOD's focus and funding must support the new paradigm.
"The movement from the Industrial Age to the Information Age is the driver
of transformation," Cebrowski said during a July 9 conference at the
National Defense University in Washington, D.C. "All other things flow from
that."
New rules for combat accompany transformation and network-centric
warfare which seeks to make data available to those who need it across the
organization or on the battlefield. Such rules include a greater focus on
managing and speeding information to commanders, increased and offensive
use of sensors, and less attention on earlier assumptions that future wars
would include long-range weapons on sparsely populated battlefields, he said.
"As we move deeper and deeper into the Information Age, the new rules sets
will become clearer, and we must respond to them," Cebrowski said.
Edward Smith Jr., senior analyst for network-centric and effects-based
operations at Boeing Co., agreed and said effects-based operations, which
focus on "stimulus and response" as opposed to targets and damage
infliction, should be the successful end to network-centric means.
Smith, a retired Navy captain with about 20 years of intelligence
experience, said the transition will not be easy because it relies heavily
on human information, which can be wrong and difficult to verify. But
combining that with information technology and sensors to get knowledge to
the commanders who need it is essential, he said.
"It's more an organizational than a technological problem," Smith said,
adding that at the rate technology has been improving, it should be there
to support the new capabilities. "If you're looking for [artificial
intelligence] with answers to the human mind than the answer is 'no.' But
if it's an intelligence tool to tap expertise and the knowledge databases
that use them, that's probably doable."
***************************
Federal Computer Week
FBI hot on records management case
For most of its 94-year history, records management at the FBI was as basic
as paper documents stashed in a cardboard box and stuffed under an agent's
desk. But William Hooton intends to change that.
Hooton, who helped introduce digital imaging to the Internal Revenue
Service in the 1970s and to the National Archives and Records
Administration in the 1980s, was hired in March to bring modern electronic
records management to the FBI. His mission, he said, is to move the FBI
"from the era of Hoover to the modern age."
Embarrassed last year by the Timothy McVeigh records fiasco and laboring to
build a user-friendly automated case management system, senior FBI
officials concluded that building a well-organized electronic records
system is essential.
"Records management is at the heart of the FBI's integrity as a law
enforcement organization," FBI Director Robert Mueller told a House
committee this spring. "We must be able to eliminate any doubt about the
accuracy, completeness and fairness of our investigations."
Now that the FBI has assembled its Records Management Division, the next
step is to determine just what records the FBI possesses, Hooton said.
"The FBI has more than a billion pages of information in its archives,"
most of them on paper, said Robert Chiaradio, who recently stepped down as
the FBI's chief of administration.
That's a guess, Hooton said. "We really won't know until we do an
inventory," he said. "I'm sure we have trash, duplicate copies and lots of
stuff we can get rid of." The idea is to build an electronic records system
that FBI agents can use from their desktop computers to find records
relevant to the cases they handle.
Hooton plans to start by creating electronic versions of the FBI's case
files by scanning them. The process creates a digital image of each paper
document. The bureau has the capability to scan about a million documents
in 24 hours, he said.
Even so, "we will never convert all of it" to digital, Hooton said. Files
unlikely to be used again will be kept in their present form, which is
either paper or microfilm.
When the digital files have been made, if they are clear, they can be read
by an optical character recognition system, which converts the digital
image into digital text. The text can then be searched for keywords or
phrases, enabling fast and easy retrieval of records by agents.
Handwritten documents, documents with unclear text, photos and other
records that lack easy-to-read text will have to be manually tagged so they
can be retrieved during searches, Hooton said.
Ideally, Hooton said his goal is to create a single central records
repository, but he may have to settle for several smaller repositories
linked electronically.
Building the records management system alone won't solve all of the FBI's
records management problems, Mueller said. He plans to have "every employee
at the FBI attend a full day of back-to- basics training [that] focuses
extensively on proper document production, retrieval and management," he
told Congress.
Hooton, meanwhile, is busy filling the Records Management Division. "I
fully intend to attract the best people I can," he said. "I'm on the prowl."
He has already hired two senior records managers from NARA to fill two of
five Senior Executive Service slots. They are Michael Miller, director of
NARA's Modern Records Programs, and Marie Allen, director of the Life Cycle
Management Division of Modern Records Programs.
The e-records system will become part of a new FBI-wide system of computers
and networks called Trilogy, which should be in place at the end of 2003.
***
New priorities
Questions were raised about FBI records management when the agency
belatedly discovered more than 3,100 pages of records that it had failed to
turn over to defense lawyers for Oklahoma City bomber Timothy McVeigh.
An inspector general's investigation blamed the missing document debacle on
"antiquated and inefficient computer systems, inattention to information
management and inadequate quality control systems." FBI Director Robert
Mueller responded by creating a Records Management Division. With almost
1,000 employees, 22 units and five Senior Executive Service managers, it is
the largest division in the FBI's headquarters in Washington, D.C.
"That's the Records Management Division, guys. Unbelievable," said William
Hooton, assistant director of the FBI's Records Management Division, in an
address June 28 to government records managers and vendors. "Records
management has always been at the bottom of the pile. It has always gotten
the least respect," he said in an interview. But records are critical,
especially for an agency like the FBI.
"Now, all of a sudden, records management is getting a lot of attention,
and rightly so," Hooton said.
************************
Federal Computer Week
Seattle area police set up sharing
Thirty-nine law enforcement agencies in the Seattle metropolitan region are
developing a Web-based system to share crime information.
"Right now I could have a neighboring city...that's got a series of crimes
where someone's trying to lure a child near a school into a car," said
Keith Haines, chief of the Tukwila Police Department. "And we could start
having similar crimes here and not know much at all about what's going on
there. And they may have had a witness that saw the color of a car or a
description of a suspect or a partial license plate number or something
that could really help an investigator in another jurisdiction."
Right now, officers have to call other jurisdictions to glean information.
The proposed system would enable those with security clearance to search
for a name, license plate number, description of a suspect or particular
words or phrases in police reports. The Tukwila and Bellevue police
departments and King County Sheriff's Office plan to participate in a
90-day pilot project beginning Sept. 1. Haines said that adding the other
36 agencies including the Seattle Police Department would depend on how
the pilot progresses. He said they still have to plan that out and see what
associated costs there may be.
Microsoft Corp. is helping develop the system at no cost to the
participating pilot agencies.
Jeff Langford, a dot-net technology specialist with the Microsoft's public
safety group, said the police-only, Web-based system would run on a dot-net
framework and link all the records management repositories of about 20
different systems to create a searchable portal. Eventually, the secure
system, which will export data in an Extensible Markup Language format,
will contain rich media, including mug shots, photos and other records.
However, each agency maintains control over its own data, he said.
It's not the region's first attempt at sharing. Agencies also use WIRE, or
Web-Based Information for Regional Enforcement, in which crime bulletins
are posted for officers and detectives to read every day.
"Agencies are submitting that information for the most serious crimes as a
way for us all to stay fairly informed of what's going on around us,"
Haines said. "But it's still doesn't give us that step that this new system
will."
Although local agencies have access to the federal National Crime
Information Center and other federal databases for felony warrants, stolen
vehicles and other items, Haines said the majority of information is housed
in individual records management systems.
Because agencies are usually reluctant to share data, moving toward an
information-sharing attitude is evolving, he said.
"We didn't have any particular incident at all that sparked this," he said.
"Just a growing acknowledgement by law enforcement leaders that we would be
much more effective if we find an automated way to share our records data."
*************************
Federal Computer Week
DOD awards translation contract
In an effort to more quickly translate the massive amounts of information
it is gathering in the worldwide war on terrorism, the Defense Department
recently awarded McNeil Technologies Inc. a contract for language
translation services.
The contracted services include digitizing and searching information being
gathered as part of operations Enduring Freedom and Noble Eagle.
James McNeil, chairman and chief executive officer of the Springfield,
Va.-based firm, said the company is not only providing human translators as
part of the one-year, $3 million deal, but it first digitizes all the
documents and stores them in searchable databases, which makes responses to
DOD requests for specific information faster and easier.
For example, if DOD would like information pertaining to "bank accounts,"
McNeil employees can search the digitized documents and give the highest
priority to translating the intelligence containing that search term,
McNeil said.
Since Sept. 11, "our demand for language services has gone up
exponentially," McNeil said, adding that this DOD contract is a perfect
example. The original award was made in May for $1.5 million, but last week
DOD doubled that amount because of its burgeoning translation needs.
McNeil's language services offer translation, interpretation and
intelligence analysis in more than 95 percent of the world's languages,
including Arabic, Farsi, Pashtu and Urdu, McNeil said. He added that the
company's software can search them all, and its biggest problem currently
is with Asian languages and translating those characters.
McNeil Technologies Language Research Center in Hyattsville, Md., provides
the company with more than 6,000 reference and research materials on the
less-commonly taught languages of the world. The center also has an
enormous tape library, which includes 1,000 samples of spoken language tape
recordings and written documentations of the major languages and dialects.
In other McNeil news, the firm announced this week that it won a one-year,
$3.2 million contract from the Energy Department's Office of Building
Technology, State and Community Programs (BTS) for management,
administrative and technical support services.
Under the contract, McNeil will assist BTS' communications by helping to
promote the agency's programs aimed at increasing energy efficiency and
renewable energy technologies for commercial and residential buildings.
McNeil also will help the office design, develop, implement and maintain
database systems to facilitate internal and external communications by
providing analytical and evaluation services to support its budgeting and
program planning activities.
************************
Federal Computer Week
GAO: E-records overwhelm NARA
The torrent of electronic records generated by federal agencies has
overwhelmed the ability of the nation's official recordkeeper, the National
Archives and Records Administration, to identify and preserve them, a
congressional audit concluded.
While agencies churn out millions of electronic documents, e-mail messages,
Web pages and databases that qualify as official records, NARA continues a
policy of printing e-records to preserve them, according to a General
Accounting Office report issued June 17 to Reps. Stephen Horn (R-Calif.)
and Ernest Istook (R-Okla.).
But e-records that are printed represent only a fraction of the records
agencies create. GAO auditors said that less than 10 percent of the
mission-critical data systems they examined at four agencies had been
placed in an inventory, so neither agency officials nor NARA archivists
knew what government records the systems contained, how important they
might be or how long they should be saved.
Thus, some records may be kept longer than necessary and others may be
deleted while they are still needed for legal, fiscal or administrative
purposes, the GAO report said.
In a separate study, NARA examined 11 agencies and found "instances where
valuable permanent e-records were not being appropriately transferred to
NARA's archives" because they had not been appraised or identified as
important enough to be deemed permanent records.
GAO auditors said NARA's "policies and processes on electronic records have
not yet evolved to reflect the modern recordkeeping environment." And
despite repeated efforts by NARA to clarify its rules on e-records, the
guidelines remain confusing.
"Electronic records are really problematic," said Bruce Craig, director of
the National Coordinating Committee for the Promotion of History.
The volume of e-records alone is a problem the Clinton administration
produced some 40 million e-mail records that will take years to sort and
catalog, he said.
Compounding that, each agency currently makes its own rules regarding
e-records retention, so some agencies keep many e-records, while other
agencies fearing future disclosures of embarrassing information elect to
keep far fewer, he said.
Even when e-records are preserved, they are often difficult to examine for
needed information. Search engines capable of reading message contents,
rather than just the subject line, are only in the experimental stage,
Craig said.
"Everyone recognizes we're going to have to deal with e-records," he said.
But no one yet knows exactly how to do it.
NARA requires federal agencies to do two things: maintain an inventory of
all agency information systems to identify items that qualify as records
and "schedule" the records, which means determining how long they must be
kept and how they must be destroyed.
Those things are seldom done, the GAO report says.
Even when agencies and NARA are aware of electronic records, the rule for
dealing with them, General Records Schedule 20, is inadequate, GAO
officials said. GRS 20 permits the deletion of electronic records if paper
copies have been printed for long-term or permanent storage.
But GRS 20 does not address what to do about such common electronic items
as Web pages or PDF files.
E-records problems are unlikely to be fixed anytime soon, according to the
report. Agencies generally give low priority to records management and lack
the technology tools to manage records effectively.
U.S. Archivist John Carlin, NARA chief, said the GAO report "recognizes the
enormous challenges the federal government faces in managing and preserving
electronic records. We agree that more must be done."
But poor e-records management isn't just NARA's fault, Carlin said. Each
agency head "is charged with the responsibility to make and preserve
records" and maintain an active records management program, he noted in a
letter to GAO.
***
E-records endangered
A General Accounting Office review has concluded that lax attention paid to
preserving electronic records puts them at peril. Government agencies fail
to keep e-records inventories and the National Archives and Records
Administration has failed to develop and enforce clear rules on e-record
preservation the report said. As a result:
* Historically valuable e-records are not being identified and sent to NARA
for safekeeping.
* Valuable e-records may be at risk of loss.
* Records management guidance is inadequate given today's technology.
* Records management is a low priority for most agencies.
*************************
CNN
Web titans woo India's tech experts
BANGALORE, India (Reuters) -- Cheap hardware, free trips to the United
States, all the popcorn you can eat -- life's a junket if you're a computer
programmer in India.
In their tussle to dominate the emerging industry for Internet-based
services, industry giants Microsoft Corp. and Sun Microsystems are doling
out incentives as they woo programmers worldwide to back their rival software.
The courting is particularly competitive in India, where by some estimates
more than 10 percent of the world's programmers work for some of the
industry's lowest wages.
"They keep contacting us and say 'spend time with us'," said Shanti
Sivakumar, a co-founder of iTech Workshop, which writes software for the
healthcare and communications industries.
At stake is the nascent market for Web services, which will allow companies
to do business over the Internet.
Microsoft and Sun are pushing rival standards -- called .NET and SunONE
respectively -- for programming Web services.
Persuading programmers and developers to back one standard is a key battle
in the fight to dominate the industry.
S.Sadagopan, director of the Bangalore-based Indian Institute of
Information Technology, said about 70 percent of India's software
programmers are developers -- those who design the specifications for
software that is then coded by other programmers.
The creativity of developers helps popularize standards, and demand for
code-generating tools rises as more developers adopt a standard.
Fun and challenges
Wooing programmers and their employers in Bangalore, India's southern
software center, involves blending serious mental challenges with fun.
Microsoft and Sun line up day-long seminars and months-long competitions,
laced with entertainment.
In the past few weeks, Microsoft, Sun and chipmaker Intel have all held
seminars for Indian developers. Sun's "Tech Days" saw 1,000 paid attendees,
the Intel Developers Forum 700 and Microsoft's VisualStudio tool show drew
7,500.
Techie seminars are turning increasingly glitzy, with huge screens, music
and lights fit for rock shows.
"It's 99 percent serious, but we also have popcorn and candy and bands
playing," Sun spokeswoman Aparna Devi Pratap said of the company's annual
developer show.
Exports of software and allied services from India ignored a slowdown last
year, growing 29 percent to $7.5 billion in the 12 months to March. The
current year is expected to see a 30 percent rise despite a sagging
recovery in the United States.
Underlining the importance of the industry, Microsoft Senior Marketing
Manager Daniel Ingitaraj says the number of programmers in India is
expected this year to equal the 500,000 to 550,000 in the United States.
But people are hard to count in the world's second most populous country,
and other estimates of the number vary wildly from 350,000 to 700,000.
The huge number of programmers is one reason for the low wages.
"There is an abundance of skills in Microsoft technologies. Because of
this, the price at which you can hire the skills is lower," said Gopal
Kulkarni, chief executive of Kendra Technologies, which makes software to
help human resource managers sift job applications.
Ten for the price of one
In Bangalore, home to more than 1,000 software companies, you can hire a
young programmer of Sun's Java language for around $200 a month -- less
than a tenth of what a U.S. counterpart would cost.
At least the incentives from the software companies are good: Sun's include
up to 60 percent discounts on hardware for developers, while Microsoft
offers software at a fraction of market cost.
"They have a developer program where you pay $2,000 to $3,000 and you get
an entire suite...which is not heard from other vendors," said Kulkarni.
Ingitaraj said Microsoft also wooed Indian developers this year with a
competition to make faster, more reliable software.
Academic winners got a free trip to Microsoft's Redmond headquarters, while
professionals won digital cameras.
For all these efforts, the software giants may run the risk of a poor
return for some of their marketing bucks.
For one thing, many firms are waking up fast to Linux, the free operating
system trying to rival Microsoft's Windows, said Kulkarni.
And Sivakumar of iTech Workshop said developers from her company attend
technical seminars only to catch up with the latest trends.
**************************
CNN
High-tech front in the war on terror
Measures the energy emitted or reflected from an object
WASHINGTON (CNN) -- While United States soldiers press on with their
mission in Afghanistan and domestic security agencies try to flush out
potential attackers, the war on terror is also being fought on another,
more subtle front: in the laboratory.
New technology -- some of it still under development -- has the potential
to increase the effectiveness of intelligence-gathering efforts.
For instance, officials at the Salt Lake City Olympic Games used 3-D maps
to help plot their security strategy -- determining where to put
observation posts and which facilities were most vulnerable to a terrorist
attack, from which angles.
And although black-and-white images are useful, and color images even more
so, they still have drawbacks. Neither kind of image can reveal camouflaged
facilities like a command post or bunker.
Experts say a new technique called hyperspectral imaging can do just that.
The devices measure the energy emitted or reflected from an object in more
detail than can be provided by a conventional camera or thermal imager.
"With hyperspectral imaging you're looking at literally hundreds of
different colors, and minute differences in those colors can tell you the
difference between leaves and a camouflaged command post," says John Pike,
director of GlobalSecurity.org, an Alexandria, Virginia-based group that
analyzes security risks and weapons improvement.
Hyperspectral imagery can also be used to detect heat sources -- such as a
campfire in a cave, or heat escaping from an underground vent -- and even
trace chemicals in the air that might be escaping from a clandestine
weapons factory.
Researchers are also developing tools to help security agencies sort
through the babble of global communications by analyzing patterns in the
volume of mass transmissions.
A telephone company, for instance, can tell which team is winning the Super
Bowl "simply by looking at how many people are making phone calls at any
given time," Pike explains. "The National Security Agency uses this
technique to monitor calls in Afghanistan or Pakistan, to try to predict an
impending terrorist attack."
"If you see an up-tic of electronic activity in a certain area," adds House
Intelligence Committee Chairman Porter Goss, Republican of Florida, "you
might expect that something is happening. It might be a nuclear test, it
might be conversations on cell phones, it might be people warming airplane
engines, it might be people getting ready to test rockets."
There are, of course, other implications of these and other developing
intelligence capabilities that officials don't want to discuss publicly.
But in the intelligence war on terrorism, technology is a powerful tool.
*************************
CNEWS
Domain name fight heats up
TORONTO (CP) -- Beer giant Molson's attempt to wrest the Internet domain
name Canadian.biz from a consultant "is a polite form of highway robbery,"
a lawyer for the Toronto man said Tuesday in court.
Molson Canada challenged Douglas Black's ownership of the Web site soon
after he registered it in March. The brewery holds the trademark for the
word Canadian as it applies to beer.
Despite telling the brewery he intended to use the Web site as an
all-purpose meeting place for Canadian businesspeople -- not to compete
with Molson Canadian beer -- Molson demanded Black hand over the Web site.
After Black refused to do so, Molson took the matter to an Internet
arbitration panel, which ruled in Molson's favour.
Because the arbitration panel has no established appeal process, Black's
case is now before Ontario Superior Court.
Black's lawyer, Zak Muscovitch, pointed out Tuesday that his client would
have been hard pressed to find a more appropriate name for his intended
business.
"Canadian.biz speaks of something to do with business and something to do
with Canada," said Muscovitch.
In arguing against Molson holding the trademark for the word Canadian,
Muscovitch reminded the court Molson hadn't coined the word.
"Molson Canadian probably wouldn't have named its beer that if there hadn't
been a country of that name in the first place," Muscovitch said.
The court was to hear from a lawyer representing Molson on Tuesday afternoon.
*************************
News.com
New security flaw in Outlook, IE
By Robert Lemos
Staff Writer, CNET News.com
July 10, 2002, 5:25 PM PT
A Danish security researcher warned users of Microsoft's Internet Explorer,
Outlook and Outlook Express applications that a recently discovered
software flaw could leave their system open to malicious code carried on
Web pages or in e-mails.
In an advisory released Wednesday, Thor Larholm, a security researcher and
partner at risk-assessment company PivX Solutions, warned that HTML objects
embedded in Web pages and e-mails could carry code that allows an attacker
to check out victims' cookie files, read their documents, and execute
programs on their computer.
The bug, known as a cross-domain scripting flaw, was discovered on June 25,
and information about it has been posted on several security lists since
then. Larholm also informed Microsoft of the bug the day it was discovered.
"Since this is possibly very publicly known...I have decided to release
this advisory after only two weeks time," Larholm said in the warning.
Microsoft thought Larholm had overstated the seriousness of the flaw.
"Thor's advisory doesn't make it clear that there are significant
mitigating factors associated with the issue," said a company
representative, adding that people who limited their browsing to trusted
sites would be safe as would people who had installed one of the software
giant's patches for its e-mail clients.
The company chose to lambaste Larholm for disclosing the flaw too quickly.
"It's a shame that Thor chose to publicize this issue before the patch
could be completed, because by doing so, he's significantly increased the
risk to customers," the representative said.
The amount of information disclosed about a flaw, and how fast consultants
make the disclosure, has been a point of contention between software makers
and the bug finders based at security companies. Recent research suggests,
however, that the corporate customers who suffer from software maker's
slipups actually want flaws disclosed more quickly.
Hackers and security experts frequently find software flaws in Microsoft's
Internet Explorer. In June, Microsoft released a patch for an IE flaw that
allowed attackers to run code on a victim's computer by exploiting links to
an old pre-Web protocol known as Gopher. The month before that, the company
released a patch for IE that fixed six different flaws.
To repair the current problem, Larholm recommended that users disable
ActiveX in the security settings for Internet Explorer, or run IE and
Outlook in "Restricted" mode, at least until Microsoft releases a patch.
Microsoft said a patch will be available soon.
************************
News.com
Keep broadband pipes open, group says
Reuters
July 10, 2002, 2:45 PM PT
Free expression on the Internet could be endangered if cable television
providers continue to dominate high-speed access services, civil liberties
groups said Tuesday.
If cable providers such as AOL Time Warner and Comcast don't allow rivals
to offer high-speed Internet access through their networks, they could
stifle innovation and curtail the freewheeling, wide-open nature of the
global computer network, the American Civil Liberties Union and several
other activist groups said.
"We think this really may be the key First Amendment issue for the 21st
century," said Barry Steinhardt, an ACLU director.
Thousands of ISPs (Internet service providers) offer standard dial-up
service, but consumers typically can only choose from a handful of the
companies if they want to sign up for broadband access that allows them to
surf the Internet at much faster speeds.
While broadband technologies that use existing telephone lines or wireless
links are available, roughly two-thirds of the nation's 25 million
broadband users connect through their cable television provider, according
to industry figures.
The Federal Communications Commission is currently determining what rules
apply to broadband cable connections, but has already indicated that they
will be subject to fewer regulations than telephone systems and other
"common carriers," meaning they may not be required to accommodate rival ISPs.
Some cable providers have allowed a few rivals like EarthLink onto their
systems, but Steinhardt and other activists said the government should
require cable companies to open their networks to more ISPs. Existing
arrangements do not provide enough competition, they said, as competitors
often simply resell the cable provider's service instead of offering a
distinct service of their own.
While cable companies so far have shied away from blocking Web sites
outright, some have limited home networks, banned file-sharing services or
imposed other restrictions, said Andrew Afflerbach, principal engineer at
Columbia Telecommunications, which was hired by the ACLU to analyze the issue.
Innovation is stifled as new uses are discouraged, said Mark Cooper,
director of the Consumer Federation of America.
"Why bother to develop a service if the gatekeeper will determine whether
or not they will let it go?" Cooper said. "The policy destroys the
innovation before it happens."
A cable industry spokesman was not immediately available for comment.
Steinhardt, Cooper and Jeffrey Chester of the Center for Digital Democracy
said they planned meet with FCC Chairman C. Michael Powell Wednesday to
present their views.
*************************
U.S. House passes 'tech talent' bill
Looking to expand the number of undergraduate students pursuing studies in
science and technology, the U.S. House of Representatives on Tuesday passed
a bill to fund programs designed to graduate more professionals in these
and related fields.
The Tech Talent Act (HR 3130) proposes that the federal government's
National Science Foundation (NSF) provide nearly $390 million in grants
over a five-year period to colleges and universities so they can fund more
undergraduate programs in math, science, engineering, and technology. In
turn, the institutions would be responsible for graduating more students
who specialize in these areas, according to a press release from the House
Committee on Science's office.
"The problem is that fewer and fewer American college students are majoring
in mathematics, engineering, technology, or science," said the bill's
sponsor Sherwood Boehlert, a Republican from New York and chairman of the
House Committee on Science, in a prepared statement. "In today's world,
just about every job has a component that is informed by science and
technology, from the assembly line to the boardroom. And yet, we have fewer
and fewer Americans who have the background to understand and analyze
technical information."
According to an NSF study, the country has seen a declining number of
students graduating with engineering degrees in the past ten years.
In addition to funding the expansion of undergraduate programs, the grants
proposed by the bill would also cover the cost of faculty training and
related equipment acquisition.
Having passed the House, the bill now moves to the U.S. Senate for
consideration.
*******************
Internet.com
Identity Management Combines Security, ROI
By Paul Desmond
It was September 1999, at the Networld + Interop show in Atlanta, when I
first heard about the concept of automated provisioning of applications and
other IT resources to end-users. The idea came from the folks at Business
Layers, a company that was founded earlier that year. I remember thinking,
"This will be really something -- if it works."
At the time, the idea was a rather confusing one that seemed nearly
impossible to pull off. It entailed lots of links between various corporate
directories and human resources applications such as PeopleSoft. When a new
employee joined a company, an HR administrator could click a few buttons
and set off a string of events to get the new employee set up with email,
phone service and a suite of applications and access rights appropriate to
the employee's role in the company. As the employee's role changed over
time, access privileges could be changed accordingly. When the employee
finally left the firm, access to all resources could be cut off with a few
mouse clicks.
Nearly three years removed from that meeting, the concept of
"e-provisioning," as Business Layers calls it, has matured considerably. A
number of players are now in the market telling compelling stories of
improved security and real return on investment (ROI). And the marketing
message has morphed considerably, into a category that many call identity
management.
I was reminded of the Business Layers meeting after another recent meeting,
this one with some folks at Waveset Technologies. Waveset was founded in
January 2000 by four ex-Tivoli employees and launched its Lighthouse
product in June 2001. The company offers essentially the same type of
products as Business Layers but focuses the discussion more on identity
management and ROI. To varying degrees, other players in the identity
management space include Access360, BMC, Computer Associates, Courion,
Entact and Tivoli.
Two aspects of identity management make it particularly compelling:
improved security and ROI. Identity management tools improve security by
enabling companies to keep closer -- and more accurate -- tabs on who can
access what enterprise resources. The best products do this by working with
a company's existing directories and applications such as PeopleSoft, where
access privilege data is typically stored, so you don't have to install yet
another database of such information.
Some, Waveset included, can detect changes in a PeopleSoft application, for
example, and make sure that change is reflected in other relevant
directories and databases.
The most extreme example is when an employee is fired. As soon as the
change is noted in the HR application, the identity management tools can
kick off a series of steps to make sure the user is denied access to all IT
resources. Waveset can also detect when a user who wasn't supposed to have
access to a financial application mysteriously is granted access, maybe
because he talked his IT administrator buddy into hooking him up.
Lighthouse will then fire off a message to the owner of the financial
package to determine whether the user should be allowed access.
Such features can dramatically improve security within an organization
simply by making sure that users don't have access to resources that they
shouldn't have access to. In an organization with even a few hundred users,
that can be a daunting -- if not impossible -- task to perform manually.
Extrapolate to partners, suppliers and customers that have access via
extranets, and the problem gets even more serious.
Which gets to the ROI discussion. If all these routines are happening with
little to no human intervention, it clearly saves the company money that
would be spent on system administrators. Additionally, many identity
management tools have facilities that enable users to handle their own
password changes or deal with forgotten passwords, easing a major cost
burden on enterprise help desks.
Waveset claims to further save users money because Lighthouse doesn't
require software agents to be installed on various enterprise servers.
Maintaining the appropriate agent versions as servers come and go can be
laborious and expensive for large organizations, the company says.
Identity management vendors are now putting the ROI issue front and center,
with some even helping you make the case. Business Layers and Waveset, for
example, both have simple ROI calculators on their Web sites. (See
www.businesslayers.com/roi.asp and
www.waveset.com/Solutions/Resources/roi_calculator/index.html.)
It's rare indeed when you can make a solid ROI case for buying any given
security product. While there are some emerging metrics, you often have to
go with your gut and make the case based on what might happen if you don't
buy the product -- not exactly what the bean counters typically want to hear.
Desmond is a writer and editor based in Framingham, Mass. He serves as
editor of eSecurityPlanet.com, a source of practical security information
for IT managers, CIOs and business executives. Email him at
paul_desmond@xxxxxxxxxxxxxxxxx
*************************
Electronic News
Moore Says There's More to Moore's Law
By Liz Neely, Electronic News -- 7/10/2002 1:11:00 PM
Intel Corp. co-founder Gordon Moore says Moore's Law could slow down in the
next few years.
Moore, who was awarded the Presidential Medal of Freedom at the White House
Tuesday, said the observation he first made in 1965, and later amended a
decade later, could change once again.
Moore made the comments during a conference call with journalists after
receiving the award. Moore's Law states that the number of transistors per
square inch on an IC will double every other year, and Moore's prediction
has held steady for the last 27 years.
"I changed the law once already, from doubling every year to doubling every
other year, in 1975," Moore said. That cycle could slow down to every four
or five years, Moore said.
Moore also said he believes that CMOS technology will be extended well
under 100nm. "It's amazing how creative people get when it seems like they
are approaching a limit," Moore said.
Once a skeptic of the foundry model, Moore said the high costs associated
with building fabs has made him change his tune. Moore said he believes
foundries will continue to be successful as they serve companies that,
unlike Intel, aren't looking to manufacture products in high-volume
quantities.
Moore also spoke about corporate responsibility Tuesday, saying much more
needs to be done to avoid the accounting scandals currently making headlines.
"There needs to be an emphasis on transparency," Moore said. "Analysts have
to say the same thing internally as they say externally. They can't play
games. ? Clearly there ought to be enough checks and balances in
corporations to make sure things published are correct."
Moore and 11 others received the award, the nation's highest civilian
honor. Recipients included Nelson Mandela, Katherine Graham, Nancy Reagan
and Bill Cosby, among others. Moore received the award once before when
President Bush's father was in office. The ceremony was much the same as is
was a dozen years ago, Moore said.
"Same room, just a different Bush," Moore joked.
**************************
IEEE News and Analysis
Network-Centric WarfareThe Key to the Revolution in Military Affairs
Electronic networking is what has made precision-guided weaponry and highly
equipped elite ground forces so effective
WASHINGTON, D.C., 1 July 2002While Afghan tribesmen feud over ancient land
disputes, a new model of how to conduct war known as network-centric
warfare is being tested in their country's mountains and valleys. When a
B-2 Stealth Bomber, deployed from Whiteman Air Force base in Missouri, is
tasked by the U.S. Central Command at MacDill Air Force Base in Tampa,
Fla., to attack certain targetsand then in mid-flight is ordered to alter
course and attack different targets by an intermediate headquarters based
in Prince Sultan Air Force base in Saudia Arabiasomething truly
revolutionary is in play.
Former F-14 aviator Vice Admiral Arthur Cebrowski, director of the
Pentagon's Office of Force Transformation and the father of network-centric
warfare, found his inspiration in U.S. shopping malls [see "Contributing
Editor, Paula R. Kaufman, interviews the Father of Net-Centric Warfare"].
Cebrowski knew he was on to something when he saw how retail giant Wal-Mart
overran its competitors by using networked operations in a synchronized
top-down demand and supply chain. The store's strategy exploited real-time
awareness and information superiority to speed up transactions and increase
profits. "What we observed in the commercial sector was the co-evolution of
technology and organization of process," said John Garstka, assistant
director for Concepts and Operations, Office of Force Transformation.
By heavily leveraging information technologies with continuous, high-speed,
digitized communications within a joint armed forces structure, Cebrowki
and Garstka have helped implement one of the most profound transformations
ever seen in the U.S. armed services. At the same time, as their vision has
been realized, benefits and drawbacks of network-centric warfare are coming
into focus as the struggle in Afghanistan and against the Al-Qaeda network
goes forward.
Centralized data processing
Garstka, working closely with Cebrowski, applied this model to coordinate
information flows between sensors, computational nodes, and even different
communication grids. The goal was to coordinate data to ensure that a
common picture of the battlefield emerged. When this information was
consolidated and fused in real time, the results were staggering: a tighter
sensor-to-shooter gap and much faster deployment of key assets by all
branches of the armed servicesspace satellites, battleships, attack
aircraft, submarines, ground vehicles, and teams of special forces
soldiers. Another advantage was a surge in combat power.
Examining how the network-centric warfare model works in practice may be
helpful. Data picked up by intelligence sensors from cellphone or radio
frequency (RF) emissions are moved by voice or digitally via datalinks to
optical or other types of sensing platforms. The platforms might include,
for example, an unmanned aerial vehicle operated by the Central
Intelligence Agency, a Navy F/A-18 Hornet, or an Air Force AC-130 gunship.
Intelligence gathered is then analyzed on whether to attack the target or
continue observing it. If a decision is made to attack, command centers are
tasked to take out the target by the best-positioned shooter.
"Locating and destroying diffused and highly mobile enemies in the Afghan
mountain ranges is near impossible without [these] network-centric
capabilities," said Michael Vickers, director of Strategic Studies, Center
for Strategic and Budgetary Assessment (Washington, D.C.).
Operating in Afghanistan, U.S. forces have been small, outnumbered, lightly
armed, and geographically dispersed throughout an area the size of Texas.
The answer to these conditions has been highly intelligent use of U.S.
Special Operations Forces units, networked to the hilt, outfitted with a
host of communication, position location, and surveillance equipment [see
"U.S. Generals Describe Search and Rescue," IEEE Spectrum, December 2001,
pp. 26-27].
The basic idea is that "soldiers can digitally relay enemy positions into
the network via datalinks, calling for air support to bomb targets,"
observes Major General Steven W. Boutelle, director for information
operations, networks, and space (DISK4) at the Pentagon.
Some pitfalls and limitations
Of course, things do not always go right, and a wily and alert adversary
sometimes can take advantage of technical glitches to devastating effect.
In March, a breakdown in voice and possibly digital communications was at
least partly responsible for seven U.S. servicemen being killed when a
combat search and rescue (CSAR) attempt went tragically wrong, the
Washington Post reported.
The CSAR team had landed their Chinook Helicopter on a ridge where a raging
battle between U.S. forces and Al-Qaeda was under way. The rescue team
never knew they were walking into a firefight, the Post reported. Voice
communication between command posts at Bagram air base, the CSAR team, and
already engaged U.S. ground forces was intermittent, faulty, or even
nonexistent.
"What we saw here was the antithesis of [network-centric warfare]," said
Garstka. "Interoperability between systems is crucial when you send
soldiers into battle."
By the same token, should digital technologies become "vulnerable to
certain types of counter-measures like the ability to jam these networks,"
the military could be left exposed to enemy counter-measures. How far,
then, has the military come as this technology moves from concept to
reality? "It is uneven," said Garstka. "In several mission areas, some of
the armed forces are more robustly networked than others."
There are other limits, too. Now that the United States and its allies have
Al-Qaeda and the Taliban on the run, these groups have broken into smaller
units. How then can a highly decentralized enemy ordered into cells with
little communication between each unit be targeted? In this situation, good
old-fashioned human intelligence turns out to be as, or more, important
than electronic and optical sensors, platforms, and information grids
previously deployed. But even now, the human intelligence must be
disseminated to those capable of acting on it (OK?), and again, that
depends on real-time networking.
Dependence on intelligence
For all that, close observers of Afghanistan agree that network-centric
warfare has been the single most important contributor to the greatly
enhanced combat power wielded by the United States and its allies.
What is more, the digitalization of warfare has diminished the chance of
human error, protecting not only allied forces but civilians caught in the
line of fire as well. Laser-guided weapons glide into targets with a speed
and an exactitude not previously known.
Speed of action disrupts the enemy's decision-making cycle. But, can the
sourcing and gathering of information and intelligence ever reach
perfection? What is the outcome of target selections made in haste, or of
intelligence based on degraded information or inaccuracies?
It is evident that network-centric warfare has brought about alterations in
the top-to-bottom military hierarchy, so that decisions flow faster within
this flatter structure. Thus, observes the Pentagon's Boutelle, if a
decision turns out to have been correct, it is chalked up to the power of
the Internet. The downside is that if near-instantaneous decision and
action is based on faulty information, there is no time to undo the
decision. If it is wrong, you need to undo that decision, he added. Sadly,
sometimes you cannot.
Paula R. Kaufman
****************************
Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx