[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips August 12, 2002



Clips August 12, 2002

ARTICLES

Number of H-1B visas issued has fallen by half
Radio Silence
Open source's new weapon: The law?
Texas launches health network
Campaigns Embrace New Technologies
Financial Institutions May Facilitate Identity Theft
Spamming the World
Encryption Flaw May Decode E-Mail
Protesters Tear Up Japan ID Numbers
Laptops lost, stolen at Justice
Report: Creativity needed [Homeland Security]
Congress 'taming e-mail monster'
Army taps pair of vendors to compete for battlefield network project
State will promote cybersecurity guidelines
Trade bill includes billions for border security technology
FCC mulls ways to protect digital TV broadcasts from piracy


************************* Mercury News Number of H-1B visas issued has fallen by half By Jennifer Bjorhus

The number of H-1B visas issued to temporary foreign workers has dropped by half so far this year, a sign of the torpid economy and tech implosion.

The INS issued about 60,500 new H-1B visas in the first three quarters of its fiscal year, from Oct. 1, 2001, to June 30 -- a 54 percent drop from the 130,700 H-1B visas it issued in the same period of its previous fiscal year. There are 18,000 petitions pending, the INS said.

The plunge comes on the heels of a record year. Last year, Congress raised the annual cap on the visas to 195,000 and created exemptions for university researchers among others.

H-1B visas are good for up to six years and are popular in the tech industry for importing engineers. About half of H-1B visas go to people doing computer-related work, many of whom come from India and China. Tech companies such as Oracle, Intel and Hewlett-Packard are among the program's biggest users.

Post-Sept. 11 scrutiny of visas and the reorganization of the Immigration and Naturalization Service have also likely played a role in the drop, said one immigration attorney.

``Right now immigration is sort of in a mess,'' said Margaret Wong, a longtime immigration attorney in Cleveland. Wong said wait times for H-1B visas have increased from a month to 16 weeks.

Critics and supporters of the long-controversial H-1B program agree the drop is not surprising, but they interpret it differently.

Harris Miller, president of the Information Technology Association of America, said the decline shows that employers are using the H-1B program appropriately. They're importing fewer foreign workers because they're doing less hiring and there are more U.S. workers available, he said. Miller said he doesn't think increased scrutiny of visas after Sept. 11 has anything to do with the drop.

``Clearly H-1Bs are for use when there's a shortage. With the continued slowdown in the IT industry and other industries that use them, then the system is working as it was designed,'' Miller said. IEEE-USA, the U.S. arm of the Institute of Electrical and Electronics Engineers, disagrees.

It argues that the visa numbers may be down, but that 60,500 new H-1B visas are still too many, given how many U.S. engineers are out of work.

The IEEE-USA has called on Congress to study how the expanded H-1B visa program and the increasing use of overseas engineering staffs are affecting the job market for U.S. engineers. Unemployment among engineers rose to 4 percent in the second quarter of this year, and increased even higher for computer scientists and electronics engineers, according to data the IEEE-USA released last month. While that's below the 5.9 percent national unemployment rate, it's a high for engineers.

``We clearly have many unemployed domestic high-tech workers that could be available for those same jobs,'' said John Steadman, an IEEE-USA vice president.
*********************
Federal Computer Week
DOD preps virtual Pentagon
Program will consist of three contracts


The Defense Department has launched a program to create a virtual Pentagon that would provide backup networks and communications to avoid the loss of essential functions that the Pentagon experienced during the Sept. 11 terrorist attack.

The Pentagon Renovation Program Office has issued a presolicitation notice for its estimated $400 million Command Communications Survivability Program (CCSP), formerly known as the virtual Pentagon. Defense officials said that although the name has changed,the program's focus remains the same.

"The goal of this program is to ensure redundancy, survivability, recoverability, manageability, availability, scalability and security" for Pentagon systems, according to a presolicitation notice issued by the Pentagon Renovation Program Office late last month.

Among the problems DOD encountered Sept. 11 was a computing environment with many points of failure applications or databases that, if removed, could not be recovered and critical network links that, if down, could not be worked around.

DOD officials have said that the terrorist attacks were a dramatic wake-up call. The attacks severed one of the Pentagon's main communications lines and destroyed some Army and Navy servers.

The program also fits into DOD chief information officer John Stenbit's goal to improve DOD's network-centricity.

"Whether it is the Pentagon, whether it is the collaborative environment out and around the Pentagon...we are very much focused on being network-centric," said Owen Wormser, principal director for spectrum, space, sensors and command, control and communications in the Office of the Assistant Secretary of Defense.

Stenbit has stressed that DOD needs to make information available on a network that people can rely on and trust.

The idea is to eliminate the need to be in a particular location to access critical data, DOD officials said. Therefore, the virtual Pentagon plan will create redundancies so that the network is available regardless of where the Pentagon is damaged.

"The objective is to build in logical and physical improvements within each area for survivability of the networks and systems against catastrophes," program officials said.

CCSP encompasses four areas voice, networks, mainframes and messaging and the integration of those areas into a seamless infrastructure, officials said.

According to the presolicitation notice, DOD officials are preparing a request for proposals for a CCSP systems integrator "who will be responsible for making necessary changes to the information technology infrastructure in the Pentagon and selected DOD facilities associated with the Pentagon."

CCSP will consist of three acquisitions. "The integration contract covers the overall integration of all four areas," program officials said. The integrator will also design and deploy the voice, networks and mainframe solutions.

Messaging design and deployment will be accomplished using a separate contract. The third contract will cover the facilities needed to house the IT network and voice components.

The CCSP integrator contract will be carried out in two phases. Soon officials declined to say when DOD officials will issue a request for qualifications. Then, they will select vendors who will participate in the second phase.

Contingency planning experts, however, said Pentagon officials would be wise to focus not only on IT, but on critical business processes as well.

"We seem to forget that the info tech systems are tools that are used by people," said Dale Windle, a disaster recovery planner and project manager for DisasterRecovery.com, a firm that specializes in helping organizations create disaster recovery plans. "We always find that the real issue is continuity of business operations," and that is carried out by people.

After Sept. 11, "many organizations had well-developed and well-planned disaster recovery plans, but they did not have crisis management plans and emergency response plans," said Joseph Flach, managing director of business continuity planning for Eagle Rock Alliance Ltd., a consulting firm that specializes in contingency plans.

***

Creating a virtual Pentagon

The Pentagon is looking for a systems integrator for the Command Communications Survivability Program. CCSP, formerly known as the virtual Pentagon, will create redudancies so that Pentagon networks, mainframes, voice components and messaging systems will be accessible in the event of a catastrophe. The program will cost more than $400 million and take more than three years to complete, according to the Pentagon Renovation Program Office.

"The integration challenge is related to the objective of a single seamless network infrastructure to support all areas of the CCSP," program officials said.
************************
Chronicle of Higher Education
Radio Silence
Fees force college stations to stop Webcasting
By DAN CARNEVALE


Almost all American college radio stations have listeners who call in to make song requests. But few have people calling in from Israel.

At the University of Akron, however, WZIP-FM reached a worldwide audience by transmitting its music over the Internet at the same time it broadcast a traditional radio signal locally. At its peak, the station's Webcasts of hip-hop and dance music attracted up to 300 online listeners an hour in places as distant as the Middle East and Australia. Song requests from Jerusalem and Sydney were common.

But in March, WZIP ended its Webcasts. Station officials estimated that WZIP would have to pay more than $10,000 a year under a new royalty-fee plan that was then being considered by James H. Billington, the librarian of Congress. Mr. Billington oversees the U.S. Copyright Office.

"It absolutely broke our hearts to pull the plug," says Thomas G. Beck, general manager of the station.

In anticipation of the fees, which were finally announced earlier this summer, dozens of college radio stations stopped transmitting music over the Internet. They joined hundreds of commercial and noncommercial stations that shut down their Webcasts to avoid both racking up hundreds or thousands of dollars in fees and meeting expensive new record-keeping requirements.

The fees are the result of a provision in the Digital Millennium Copyright Act of 1998 that states that the recording industry and artists should be compensated for music played over the Internet. After months of tense negotiations and arbitration run by the U.S. Copyright Office, Mr. Billington decided in June what fees Webcasters will pay to the record industry. The average college station offering Webcasts -- a licensed noncommercial college station that simultaneously plays its over-the-air broadcasts online -- would pay two-hundredths of a cent per listener per song for every song it plays.

The rates are scheduled to be renewed every two years. The next round of negotiations could begin as early as this fall.

'A Tremendous Amount'

Although the rates are discussed in hundredths of a penny, Mr. Beck says multiplying them by hundreds of thousands of songs played, and by hundreds of listeners, could mean thousands of dollars in fees for stations. "It looks like nothing, but it adds up to a tremendous amount," he says.

So far, few college radio stations have attracted hundreds of online listeners -- most Webcasts pull in an audience of a couple dozen at most. But officials at college stations say the new fees discourage success. If a Webcast becomes too popular, the station soon wouldn't be able to afford to stay in business.

Many radio stations, both Webcasting and traditional, argue that the fees are unreasonably high. They say a flat rate of about $200 per year would be fair for all parties.

Broadcasters say they are even more afraid of a proposal, made by an arbitration panel from the Copyright Office, to require Webcasters to track detailed information about every song they play.

Under that proposal, radio and online stations would have to report each song's title, the artist or group that performed it, the album title, the record label, the catalog number, the International Standard Recording Code (which identifies each track of a compact disk), and the date and time of transmission. For each song, the station also has to keep track of how many listeners were online at the time the song was playing.

Software to collect that sort of information isn't on the market, station officials say. Even if it were, they add, collecting the information would be prohibitively expensive.

Mr. Billington has yet to rule on the panel's record-keeping recommendation, and Copyright Office officials say it may be weeks before he does.

Some of the Webcasters that shut down, like one at the University of California at Los Angeles, were online only. Other stations have continued to play music online, gambling that the courts or Congress will intervene to make the fees and record-keeping rules more radio-friendly. But the recording industry has argued that the fees are already too low and that they don't adequately compensate the companies that produce the music people want to hear.

One group of college radio stations has filed a lawsuit in an appeals court, asserting that smaller stations were unable to participate in the negotiations that helped determine the fees.

And some members of Congress have introduced legislation that might help lower the rates that smaller stations would have to pay to play music online.

In the meantime, students and faculty advisers at college stations are pulling out their calculators to tally what it would cost to continue making Webcasts under the new fees and how much they owe for Webcasting over the past four years.

A Unique Requirement

The fees and proposed record-keeping requirements are unique to online transmissions. Radio stations don't pay fees to the record industry for traditional broadcasts -- the assumption is that the record companies benefit from publicity that leads listeners to buy CD's. But the stations do pay a flat rate, usually around $500 a year, to the songwriters through organizations that support composers, authors, and publishers.

Will Robedee, vice chairman of Collegiate Broadcasters Inc., a trade group for campus radio stations, says broadcasters shouldn't have to pay the record industry and the performers because the record labels depend on radio to drum up sales.

He says the fees for Webcasting are especially far out of line. "It's higher than the broadcast fees for a lower quality and a smaller audience," says Mr. Robedee, who is also general manager of Rice University's radio station, KTRU-FM. He is leading a lobbying effort to get Congress to change the fees and other requirements in the Digital Millennium Copyright Act.

Another college radio station, San Jose State University's KSJS-FM, plays a mix of music that's not usually heard on commercial stations, including classic jazz, death metal, and techno. But KSJS shut down its Webcast of music in January to avoid having to pay fees and keep intricate records.

"As soon as I saw the suggested rates, I thought, 'I don't even want to play this game anymore,'" says Nick Martinez, general manager at the station. "It's not worth it."

The station's traditional broadcasts reach an audience of about 25,000 a week.

The Webcasts attracted only a handful of listeners. "It wasn't any more than 10 to 15 listeners an hour," Mr. Martinez says. "And 99 times out of 100, it was the parents of the DJ's wanting to listen to their son or daughter."

But Amanda Collins, a spokeswoman for the Recording Industry Association of America, says stations could one day make lots of money from playing music online. "Webcasting is in its earliest stage of development," she says. "The fact that they're using our members' works to create a business, that means our members should be compensated."

Ms. Collins says the recording industry is willing to continue negotiating with college stations to reach a conclusion that satisfies both sides. "We're hearing the concerns that the college radio stations are raising, and we're prepared to work with them," she says.

Keeping Track of Listeners

For stations with only a few online listeners, as well as for stations with larger numbers, the proposed record-keeping requirements are at least as daunting as the fees, says Mr. Beck, of the University of Ak-ron. First the station would have to create a database of all the required information about each piece of music. Then it would have to determine how many people are listening to the Webcasts as the songs are playing.

He says no software is available that can handle all of that, meaning his staff members would have to do the work. "That is damn near an impossibility," Mr. Beck says. "We're an all-volunteer staff."

Some stations decided early on to stay out of the Webcasting business, sensing that the copyright law's provisions foretold burdensome rules. A community radio station operated by the University of Virginia, WTJU-FM, considered transmitting its broadcasts online, but decided against it. "We never Webcast, but a lot of it had to do with the financial situation," says Chuck Taylor, general manager of the station. "As a small station, we really could not afford to take that risk."

The station is a member of the Corporation for Public Broadcasting, which negotiated its own fee rate with the recording industry and which covers the Webcasting fees for its member stations. The rate is kept confidential.

But the record-keeping requirements would have been too expensive for the station. Like many radio stations, WTJU currently keeps records the old-fashioned way -- DJ's scribble the names of songs and artists into a logbook.

The books don't include even half the information that's proposed for the new record-keeping requirements, and all of that information would have to be converted to digital form. It would take a full-time employee to handle the work, Mr. Taylor says.

Besides the fees and the record-keeping, the Digital Millennium Copyright Act restricts the number of tracks from one CD or by one artist that can be broadcast online. Webcasters cannot play more than two songs consecutively from one CD, or more than three songs consecutively from a boxed set. Nor can they play more than three songs from one disk or more than four songs from a boxed set within a three-hour period.

That hurts many college radio stations, which often offer a different type of programming than commercial stations.

For example, a college station might broadcast a special on Miles Davis, but the program would be prohibited online if it involved playing too many songs from a single album.

"If you've listened to community or college radio, that's pretty much what we do," Mr. Taylor says. Now Webcasters' options are running out. The Intercollegiate Broadcasting System, a trade group representing about 800 college stations, and the Harvard Radio Broadcasting Company filed a lawsuit in July against the librarian of Congress in the U.S. Court of Appeals for the District of Columbia. The suit asks that Mr. Billington's decision on fees be thrown out.

Going to Court

The stations argue that the fees are especially detrimental to smaller stations. They also say that small stations were left out of the arbitration proceedings because the cost of participating was so high. Under U.S. Copyright Office rules, members of copyright-arbitration panels pick up the cost of the process -- which in this instance meant that each panel member paid about $300,000 to participate, an amount that the stations say skewed the panel's membership in favor of the record industry and large broadcasters.

Whether Congress will take any action remains to be seen. The Senate Judiciary Committee held a hearing on Webcasting in May. A Senate staff member says the committee may meet again now that the fees have been decided.

Some college-station managers are looking for help from a bill introduced in the House of Representatives in July. The bill's sponsors are Rep. Jay Inslee, a Washington Democrat, Rep. Rick Boucher, a Virginia Democrat, and George R. Nethercutt Jr., a Washington Republican.

As written, the legislation would exempt small businesses from having to pay the royalty fees until the next round of negotiations with the Copyright Office. It would also exempt small businesses from having to pay arbitration costs for future proceedings with the office. Mr. Robedee, of the Collegiate Broadcasters Inc., says he'll ask the lawmakers to amend the bill to include colleges in the exemptions.

Joel Willer, general manager of KXUL-FM, the radio station at the University of Louisiana at Monroe, is working with Mr. Robedee to lobby Congress for changes to the Digital Millennium Copyright Act. Mr. Willer, whose station has continued its Webcasts (http://www.kxul.com), says is difficult to gauge whether members of Congress are merely sympathetic to their needs or if they will actually take action.

"They nod politely," he says. "But if they're really going to do something, it's difficult to get that sense."

Mr. Martinez, of the San Jose State radio station, says he is hopeful that the regulations will be changed so his station can resume Webcasting.

"It's college radio," Mr. Martinez says. "Have fun, play music, and leave it at that."


-------------------------------------------------------------------------------- PAYING FOR WEBCASTS

The following are the Webcasting fees and related rules set by James H. Billington, the librarian of Congress:

* Noncommercial radio stations -- including college stations -- that have simultaneous Internet transmissions must pay two-hundredths of a cent per listener per song for every song they play. Commercial radio stations that offer simultaneous Internet transmission will pay seven-hundredths of a cent per song for each online listener.

* Noncommercial stations that broadcast exclusively online must pay seven-hundredths of a cent per song per listener. Noncommercial radio stations that play music online from an archived broadcast -- permitting listeners to hear music on demand instead of what's playing live -- must pay two-hundredths of a cent per listener per song.

* All radio stations that play music online will be required to pay a minimum fee of $500 per year. All of the fees, which begin on September 1, are retroactive to October 1998, when the Digital Millennium Copyright Act went into effect. The first payments are due October 20.

* To determine how much the retroactive fees will be, Webcasters will estimate the number of listeners they had during the past four years. To calculate the fees, the number of listeners is multiplied by 12 songs an hour for traditional radio stations, and by 15 songs an hour for Internet-only stations.

* The income from the fees will be split three ways: Half goes to the record label, 45 percent goes to the featured artist, and 5 percent goes to non-featured artists.

Here are some examples of how much college stations would have to pay under the regulations:

* A radio station that Webcasts 15 songs an hour, 365 days a year, 24 hours a day and attracts 200 online listeners an hour would pay the recording industry $5,256 per year.

* A radio station that Webcasts 15 songs an hour, nine months every year, 18 hours a day and attracts 10 online listeners an hour would rack up fees of $146, but the station would pay the minimum $500 per year.

* An online-only station that Webcasts 15 songs an hour, 365 days a year, 24 hours a day and attracts 100 online listeners an hour would pay the recording industry $9,198 per year.
*******************
News.com
Open source's new weapon: The law?
By Michael Kanellos and Stephen Shankland


Open-source software advocates will unfurl a legislative proposal next week to prohibit the state of California from buying software from Microsoft or any other company that doesn't open its source code and licensing policies.
Named the "Digital Software Security Act," the proposal essentially would make California the "Live Free or Die" state when it comes to software. If enacted as written, state agencies would be able to buy software only from companies that do not place restrictions on use or access to source code. The agencies would also be given the freedom to "make and distribute copies of the software."


"The legislative intent is that for software to be acceptable to the state, it is not enough that it is technically capable of fulfilling a task, but that the contractual condition for purchase and/or licensing must satisfy a series of requirements regarding the license," the proposal states.


Programmers and other open-source fans plan to march Thursday in San Francisco during the LinuxWorld Conference and Expo to promote their argument that Linux and other open-source projects can be used to prevent abuses by proprietary software companies such as Microsoft.


"Having had great success in gaining the support of several legislators, we are making a public announcement," said Walt Pennington, a San Diego attorney specializing in tort who is the driving force behind the bill. "We have planned several Sacramento meetings to surreptitiously lobby for this legislation."

Linux seller Red Hat will be among those backing legislation, Chief Operating Officer Michael Tiemann said.

"If we can get the open-source movement as excited about modifying legal code as they are about C++ and Java, I think they lobbying will take off itself," Tiemann said.

The point of the proposal isn't to punish developers of proprietary software. Instead, advocates point out that "closed" software adds costs and creates security risks, two problems the state needs to reduce.

The proposal won't be delivered to the legislature just yet.

Pennington said backers include Assemblyman Juan Vargas, D-San Diego, whose district near the Mexico border includes nonprofit agencies that use Linux. But Pennington said he needs more support before the bill is actually introduced.

"It's code, hopefully soon to be legal code, and it requires the participation of an extraordinary number of people to get it good enough that people will like it," Tiemann said.

Other supporters include IBM, MandrakeSoft and Linux International, Pennington said.

When Tiemann talks about the bill at the San Francisco City Hall on Thursday, "Microsoft is going to flood San Diego with free hardware, free software and free services," Pennington predicted.
*******************
Federal Computer Week
Texas launches health network


Calling it a "work in progress," Texas has launched a statewide electronic health communications network that so far connects 64 public health organizations in an effort to improve surveillance and reporting of infectious diseases and possible bioterrorist attacks.

The state's Health Alert Network (HAN), in development for three years, is among the first such system in the nation to be launched, state health officials said in an Aug. 9 teleconference sponsored by Dell Computer Corp., which supplied much of the hardware.

"Hours and days could mean the difference between 10 and tens of thousands of casualties," said Michael Mastrangelo, co-founder of Texas HAN.

HAN actually is a nationwide initiative led by the Centers for Disease Control and Prevention since 1999 to bolster secure, high-speed, two-way communication among the federal government and states about emerging infectious diseases, environmental health dangers, potential bioterrorist attacks as well as other surveillance and laboratory data.

CDC has provided about $90 million in funding and technical assistance to more than three dozen state health agencies and metropolitan health departments, and three centers for public health preparedness to develop their statewide systems. Health officials have previously said that across the nation, about 10 percent of local public health departments do not have e-mail and up to 40 percent do not have high-speed Internet access.

Texas HAN began with about $15 million in state funding and portions of $52 million awarded by the federal government this year, said Wayne Farrell, district director of the Bell County Public Health District, located in the central part of the state.

Mastrangelo estimated that about half the local health departments in Texas didn't have adequate Internet access, defined as continuous access. Each of the 64 sites, which represent only a part of the state's health system, is equipped with Dell PowerEdge 500SC servers and up to five Dell desktop or notebook computers. The network allows sites to maintain their link via automatic redundant connections if the main high-speed connection fails, he said.

Eventually the state plans to equip all public health centers, hospitals, clinics and law enforcement agencies, he said, meaning that 90 percent of the state population will be covered by the network. However, one challenge is persuading the state's political leadership to continue investment in telecommunications infrastructure so the network can grow. Officials said funding is being sought and studies are being done to connect other sites.

Another major benefit of the state HAN is being able to tap into training and distance learning. Mastrangelo said there are plans to double the number of sites with interactive two-way videoconferencing, which stands at 17 now. He said they are working with university medical centers and other groups to provide content now that they've laid the communications network down.

He said it might take up to five years before all pieces of the network are in place.
*************************
Washington Post
Campaigns Embrace New Technologies
Databases, Recordings From Candidates Help Get Out Message in a Different Way


The elections of 2002 have yet to produce any technodramas as compelling as Jesse Ventura's Internet-driven run for governor in Minnesota in 1998 or Sen. John McCain's online fundraising surge in the 2000 presidential campaign, but politicians, lobbyists and consultants continue to exploit technological advances for advantages large and small.

With the reach of the Web and the detail embedded in online databases, they're spreading their messages broadly and cheaply -- and specifically.

"Politics tracks warfare," said John Jameson, head of the Democratic firm Winning Connections. "In the Vietnam War, you had carpet bombing, and that was the rough equivalent of television advertising. Now, in warfare, you have precision bombing; in politics, you have precision targeting."

The use of the Web has given rise to two contradictory trends. It has provided improved access to the political system for outsiders and mechanisms for spontaneous expression of public attitudes. But there also are more opportunities for finely tuned manipulation by politicians and special interests willing to pay the costs.

Members of the House, determined to improve reelection prospects, are increasingly turning to recorded phone messages to such targeted constituencies as the elderly, SUV owners and environmentalists.

"This service gives Members the unique opportunity to reach their base quickly, with a message, in their voice," FLS-DCI, one of the companies selling the service, says on its Web site. "These calls can be paid for with official funds when the script is approved through the House Mailing Standards."

Another candidate seeking reelection, Florida Gov. Jeb Bush (R), has discovered that a fundraising technique many would reject as demeaning in fact has proved highly effective.

The governor recorded a message asking for money that was then phoned to contributors to the 2000 presidential campaign of his brother, George W. Bush. "They loved it," an operative reported.

Fundraisers are now experimenting with recorded voice messages from such prominent figures as President Bush, former president Bill Clinton and others that are designed to play only when a voice-mail machine answers, not a real person.

"You would be amazed at how very sophisticated people will not only respond to such a message, but they will save it and play it for their friends," one GOP fundraiser reported.

In Iowa, door-to-door Democratic political workers are carrying hand-held electronic organizers so they can both receive and send vital voter information to campaign and state party headquarters.

In a lobbying drive now underway, brewer Anheuser-Busch Inc. is using advertising on the Web to bolster a traditional lobbying drive to win House sponsors for legislation that would kill a 1990 tax on beer. The ads, which appear on sites run by such publications at Congressional Quarterly and National Journal, drive traffic to a beertax.org site, run by Anheuser-Busch.

That site -- expressly designed for "government officials and staff, journalists and other opinion leaders on public policies that impact the brewing industry" -- tells visitors: "Every time you buy a beer, an incredible 44% of the price you pay comes from taxes. . . . While excise taxes collected from wealthy Americans have been eliminated, working Americans continue to pay the beer tax at the rate of $65 million a week."

So far, 224 House members, more than a majority, have joined on as co-sponsors.

But even as they exploit the Web, political professionals are somewhat mindful of its anarchic cultural heritage -- on the lookout for unpredictable, tech-driven developments analogous to Ventura's outsider gubernatorial campaign or McCain's dramatic grass-roots fundraising during his presidential campaign.

"This is not to say that the uberdog has a disadvantage, but messages that are for the underdog seem to have a better resonance on the Web," said Jonah Seiger, co-founder and chief strategist for Mindshare, which specializes in building constituencies for political and legislative campaigns. "McCain capitalized on a moment. The Web provides a very powerful way of harnessing that moment."

In trying to add a personal touch to their political messages, operatives are using more data that many voters would consider private -- credit histories, buying patterns, income, number of children, cost of home, magazine subscriptions. Such data are easily bought, and improved software is driving down the price.

InfoUSA, for example, offers commercial and political interests lists of millionaires, baby boomers with incomes over $75,000, owners of all-terrain vehicles and owners of certain motorcycles. ATV and motorcycle owners, according to political operatives, become sources of votes to the GOP on environmental and regulatory issues.

Then there's Atlantic Lists, which offers a database on donors to research on Alzheimer's disease. It is broken down by such criteria as whether the donors own a boat or use a computer, or even by the value of their homes.

More curious is Atlantic's Diamonds Are Forever Newlywed Database -- women's names and credit card and phone numbers, sortable by factors including ethnic/religious background and wedding date.

While a database of newlyweds might seem unrelated to politics, polling shows that married women are significantly more Republican than single women. That makes them ideal targets for the GOP, which is seeking to shrink the gender gap.
***********************
New York Times
Financial Institutions May Facilitate Identity Theft
By MATT RICHTEL


he Internet, which has opened up a new world of commerce, also eases the trade of a good that many people will find troubling: their own identities. And what victims may find more troubling is that the accomplices may be their own financial institutions.

That essentially is a conclusion of a survey released this month that finds that theft and sale of people's identities used to make fraudulent credit card purchases, launder money, and commit other crimes is burgeoning, in part because of the Internet. The report, from Celent Communications, a market research firm, said that by 2006, 25 percent of all cases of identity theft would originate on the Internet. That is up from 5 percent in 1998.

The reasons may seem obvious. As more companies and individuals put information online, there is a greater opportunity to obtain that information. "Information brokers," the survey says, are selling Social Security numbers, medical and driving records and credit-card information.

What is less obvious is one of the report's central conclusions: that financial institutions are contributing to the theft by failing to take obvious steps to prevent it. "The majority of credit card fraud is the result of financial institutions' leniency in the account-opening process," according to the report. It said thieves used victims' identities to open fraudulent accounts and then used those accounts, for example, to launder money.

The report's author, Ariana-Michelle Moore, a Celent analyst, said that financial institutions did a poor enough job verifying the identify of customers. She said the problem had become worse as banks permitted more people to open accounts online; she noted, for example, that 40 percent of bank accounts were now opened online, a figure she expected to rise quickly to 60 percent.

"The very basics of preventing identity theft verifying people's identity, authenticating customers, such basic and logical practices as those are not being done," she said.
***********************
MSNBC
Spamming the World
In a popularity contest, 'bulk e-mailers' would rank just above child pornographers. But the scourge of the Internet is defending its vocation
By Brad Stone and Jennifer Lin
NEWSWEEK


Aug. 19 issue Al Ralsky would like you to have thick, lustrous hair. He also wants to help you buy a cheap car, get a loan regardless of your credit history and earn a six-figure income from the comfort of your home. But according to his critics, Ralsky's not a do-gooder, but a bane of the Interneta spammer, responsible for deluging e-mail accounts and choking the Internet service providers (ISPs) that administer IN REAL LIFE, the 57-year-old father of three lives in a middle-class suburb of Detroit. He started bulk e-mailing seven years ago, when he was flat broke. To buy his first two computer servers, he had to sell his 1994 Toyota Camry. These days Ralsky sends out more than 30 million e-mails a day and raves about the possibilities of marketing on the Internet. "It's the most fair playing field in the world," he says. "It makes you equal with any Fortune 500 company."
In a popularity contest among Net users, spammers would probably rank only slightly above child pornographers. Spamunsolicited messages that make their way to your e-mail inbox with misleading subject lines and dubious propositions (from pyramid schemes to porno come-ons)accounts for 30 to 50 percent of all e-mail traffic on the Net. Users are fed up, and big ISPs like AOL and Earthlink, increasingly overwhelmed by the excess traffic, are taking some spam operators to court. Meanwhile, vigilante anti-spam organizations like SpamCop are aggressively blacklisting spam operators and publishing their home and family information on the Web. Anti-spam sentiment has even evolved to the point where spammers themselves are feeling like victims, and are defending what they call an honest, legal living. Maryland e-mailer Alan Moore, also known as "Dr. Fat" for his herbal weight-loss pills, says spammers are "helping the economy and adding to the GNP. People need to realize this."


ATTACK OF THE SPAMBOTS
Spam operations are often, by necessity, fly-by-night businesses. Bulk e-mailers gather addresses using "spambots" like the $179 Atomic Harvester, a piece of software that scours the Internet 24/7, vacuuming up addresses it encounters on bulletin boards and directories. Spammers often don't charge clients anything up front, but will take 40 to 50 percent of the revenue an ad generates (or, with products like insurance, $7 a lead). Since most U.S. ISPs have policies that prohibit sending out spam, the majority of spammers operate by sending their messages to "blind" relays, computers in China, South Korea or Taiwan that redirect the e-mail and make it difficult to trace.
Recently, life has become more onerous for bulk e-mailers. Companies and ISPs are using new software to identify and stop spam as it comes into the network, before it gets distributed to individual inboxes. (This is why spam subject lines are now misleadingly banal or end in numbers: to trick the software, not you.) And with so many more marketing messages clogging Net accounts, users are increasingly inclined to hit the DELETE button when they see a piece of spam. One bulk e-mailer says that when she started spamming in 1999, she could send out 100,000 e-mails and get 25 responses. Today, she has to send out a million messages to get the same response (a .0025 percent hit rate).
While most spammers claim they've made hundreds of thousandssome even say millionsof dollars in past years by taking big cuts of their clients' revenue, they're tight-lipped about their current income. Spamhaus.org founder Steve Linford, whose anti-spam agents snoop on the e-mailers' private online forums to stay on top of trends in the business, says there's good reason: "We know they hardly make anything because they're always complaining about it." Several spam operations are also being threatened by litigation. For example, Al Ralsky has been sued in Virginia state court for allegedly sending millions of messages in mid-2000 that crashed the servers of Verizon Online. (His lawyer denies the charges.) The trial is set for this fall, but the judge in the Ralsky case has already ruled a spammer can be held liable in any state where his messages are received.
SPAMMERS FIGHT BACK
In a world where every niche industry speaks loudly to defend its interests, perhaps it's not surprising that spammers are joining forces and trying to fight back. Thirty prolific e-mailers recently banded together in something called the Global E-mail Marketing Association (GEMA). The director, a southern California-based e-mailer who would like to be called "Tara," says the purpose of GEMA is to regulate the industry and ensure its members abide by certain rules, such as allowing recipients to opt out of any list. She also wants to improve the public's perception of spamming. First step: changing the name. "We are 'commercial bulk e-mailers', not spammers," she says. "I would appreciate if NEWSWEEK would at least give us the dignity of that."
Ronnie Scelson is another spammer showing defiance in the face of distaste for his profession. The 28-year-old father of three from Slidell, La., dropped out of high school in the ninth grade but says he's made millions sending out 560 million e-mail messages a week, hawking everything from travel deals to lingerie. As a result, he drives a 2001 Corvette, and recently bought a five-bedroom home with a game room and pool. In May, the company Scelson founded, Opt-In Marketing, turned the tables and sued two ISPs and three anti-spam organizations in Civil District Court in New Orleans. The suit alleges that the ISPs, New Jersey-based CoVista and its Denver-based backbone provider Qwest, cut off his Internet access and denied his free-speech rights.
Scelson draws a distinction between his old profession, spamming, and his new one, bulk e-mailing: he says he currently allows people to take themselves off his lists and uses American ISPs to send e-mail instead of foreign relays. But spam is in the eye of the beholder, and recently one of his high-speed Internet lines was temporarily blocked by his new ISP. Now Scelson wonders aloud if playing by the rules is even worth it and threatens to return to his old ways. "I'm going back to spamming. I don't care if I have to relay, work through a proxy or spoof an IP address, I'll do it."
Anti-spammers practically leak venom when it comes to addressing the bid for dignity made by their rivals. Julian Haight, the founder of SpamCop, says spammers deserve "every ounce of the image that they have ... The correlation between spamming and rip-off deals is unreal." Verizon exec Tom Daly says spam is insidious because it shifts the costs and burden of handling massive volumes of mail to the network providers. And Internet users: well, no one is exactly clamoring for more e-mail about get-rich-quick schemes or magical ways to enhance their you-know-what. For spammers (er, commercial bulk e-mailers), the quickest route to respectability may be to find another line of work altogether.
*************************
Associated Press
Encryption Flaw May Decode E-Mail
Mon Aug 12,12:06 AM ET
By ANICK JESDANUN, AP Internet Writer


NEW YORK (AP) - Snoopers on the Internet could decode sensitive e-mail messages simply by tricking recipients into hitting the reply button, computer security researchers warned Monday.

The flaw affects software using Pretty Good Privacy, the most popular tool for scrambling e-mail.

Researchers at Columbia University and Counterpane Internet Security Inc. found that someone intercepting an encrypted message could descramble it by repackaging the message and passing it on to the recipient.

The message would appear as gibberish, possibly prompting the recipient to request a resend.

If the recipient includes the original text with that request as many people have their configured their software to do automatically when they reply the interceptor could then read the original message.

Bruce Schneier, Counterpane's chief technology officer, said most people would never dream that security can be compromised simply by returning gibberish.

Intercepting a message is trivial using software known as sniffers, and companies may use such programs to monitor employees on its network. An oppressive government may snoop on its citizens if it also controls service providers or other access points.

Thus, human rights workers, some FBI ( news - web sites) agents and even the son of a jailed mobster have used PGP to encrypt messages sent over the Internet and data stored on computers.

So powerful is the technology that the U.S. government until 1999 sought to restrict its sale out of fears that criminals, terrorists and foreign nations might use it.

Jon Callas, principal author of the OpenPGP standard at the Internet Engineering Task Force, said the vulnerability is serious but very difficult to exploit.

And, he said, many PGP software packages compress messages before sending. Researchers found that such compression can sometimes thwart the unauthorized decoding.

Nonetheless, an update to the OpenPGP standard was to be released Monday to coincide with the announcement of the flaw. Many developers already have begun to write software fixes, Callas said.

In the meantime, Schneier and Callas urged recipients of PGP e-mail to avoid including full text of messages when replying.

Schneier and co-researchers Kahil Jallad and Jonathan Katz, who were at Columbia University when they discovered the flaw, identified its possibility about a year ago. The latest paper offered a demonstration of the flaw in practice.

The findings come weeks after researchers at eEye Digital Security Inc. discovered that hackers could exploit a programming flaw in companion software a plug-in for Microsoft Corp.'s Outlook program to attack a user's computer and in some cases, unscramble messages.

In neither case does the flaw affect the actual encrypting formulas used to scramble messages.
************************
Associated Press
Protesters Tear Up Japan ID Numbers
Mon Aug 12, 5:10 AM ET
By NATALIE OBIKO PEARSON, Associated Press Writer


TOKYO (AP) - Protesters tore up government notices assigning them ID numbers at Japan's Public Management Ministry in downtown Tokyo on Monday, the latest civil disobedience against the new nationwide resident registry system.



Outfitted in prison stripes and cow costumes, the demonstrators denounced the "Juki Net" residents network set up last week, implying that it treats them like convicts or cattle. It links all citizens' personal data on a national computer network.

The protesters decried it as a "Big Brother" system.

"We don't want to be administered by numbers or have our information monitored!" read one banner. Some of the protesters had bar codes painted on their faces.

By assigning each of Japan's 126 million citizens an 11-digit ID number much like the U.S. social security ( news - web sites) system the government says it will be able to streamline administrative procedures.

The system is supposed to make it easier and faster for officials anywhere in the country to verify anyone's basic personal information. Officials say once the system is fully operational, residents will be able to obtain everything from passports to pensions from any local government office.

"The information will not be used indiscriminately by the government. It is to be used solely for verifying residence-related information," Public Management Ministry spokesman Tatsuro Yoshiyama said.

So far, the network can only be used to issue proof-of-residence documents needed to open a bank account or apply for a driver's license. Eventually, the system will cover more than 260 administrative procedures.

But not everyone agrees that convenience should be the deciding factor. Many have expressed worries about possible leaks and abuses of personal data.

"This system only makes things easier for bureaucrats, not for private citizens," said Keiko Fukuda, a 40-year-old piano teacher from Tokyo. "Besides, you only have to go a couple times a year to the city office. I just don't think it's necessary."
************************
Federal Computer Week
Laptops lost, stolen at Justice
Sensitive information 'could compromise national security,' Justice IG reports


More than 400 laptop computers at Justice Department agencies and bureaus that stored sensitive information have been lost or stolen, according to the department's Office of the Inspector General.

"It is possible that the missing laptop computers would have been used to process and store national security or sensitive law enforcement information that, if divulged, could harm the public," according to the IG report.

The FBI lost 317 laptops, which represents 2 percent of the total 15,000 laptops in its inventory, according to the report. The U.S. Marshals Service lost 56. The Federal Bureau of Prisons reported 27 missing laptops, out of an inventory of 2,690. The Bureau of Prisons and the Marshals Service's audits cover laptop computers reported lost, stolen or missing from October 1999 to August 2001, and the FBI's audit covers equipment reported missing from October 1999 to January 2002.

The Drug Enforcement Administration could not provide the IG with the number of lost or stolen laptops because of the "unreliability of data," according to the report.

"The loss of these items is significant because of the sensitive nature of the missing property," Justice IG Glenn Fine says in the audit. "The information contained on these laptop computers could compromise national security or jeopardize ongoing investigations."

Before last year, the FBI had not taken a complete inventory of laptop computers in almost a decade, breaking an agency policy that requires inventory to be taken every two years, Fine said.

In a statement, FBI officials said they are tightening inventory control by strictly enforcing rigorous and regular property accounting procedures, promising a prompt and robust response to the loss of any sensitive property, such as a laptop, and defining and enforcing individual liability for negligently lost property.

"We commend the inspector general and his staff for thorough investigation into this matter involving unaccounted-for laptop computers," according to an FBI statement released last week.

John Pike, a former defense analyst at the Federation of American Scientists and now director of GlobalSecurity.org, said the loss and theft of laptop computers is a problem that will continue to plague agencies regardless of security measures. "It is a known fact that these laptops have been known to get up and walk off by themselves," he said.

But Pike was not optimistic that the FBI's controls would be successful. "Personally, I think the problem is going to get a lot worse once the Trilogy system is completed."

Trilogy is the FBI's $400 million information technology upgrade that will provide FBI agents with improved access to investigation files and other information. The IG report listed a series of recommendations for Justice agencies to follow. The proposals include:

* Using bar codes and scanning devices to better track sensitive property.

* Tightening requirements for reporting the loss of laptop computers.

* Revising the guidelines for retrieving sensitive property from employees who leave.

* Requiring that laptop computer disposal documents certify that all sensitive information has been removed from the laptops' hard drives before the computer has been discarded.

As a result of the IG's recommendations, FBI officials said they could strengthen and better enforce current policies and practices as well as apply new security procedures (see box).

"It is possible to reduce the number of lost or stolen laptops within these agencies, but I truly believe that there is no way to completely eliminate the problem," Pike said.

***

Keeping Track

The FBI, which is missing 317 of the more than 400 laptops lost or stolen at the Justice Department, plans to tighten its policies. The FBI will:

* Conduct inventories of sensitive property, such as weapons and laptop computers, every year instead of every other year.

* Establish firm deadlines for employees to report the loss or theft of FBI property to their supervisors and for supervisors to report to headquarters, for the Office of Professional Responsibility to initiate and complete investigations and for employees to enter losses into the National Crime Information Center, when appropriate.

* Improve disciplinary measures applied to employees who lose a laptop or have one stolen from them.

* Strengthen the policy for proper storage of FBI property outside the office.

* Ensure that when employees leave the bureau, all property is accounted for and reimbursement is made for any missing property.

* Improve the documentation of the destruction of excess laptop computers and hard drives.
****************
Federal Computer Week
Report: Creativity needed
Homeland security requires unusual approaches to R&D, presidential council sa Homeland security research and development must use unusual yet proven practices from the public and private sectors to increase the likelihood that the federal government can successfully combat terrorism, according to a draft report approved last week by a presidential council.


The report, prepared by the President's Council of Advisors on Science and Technology (PCAST), outlines an organization for the proposed Homeland Security Department that takes advantage of the government's resources while incorporating the flexibility of the private sector.

"It's very rare to have a clean canvas to start out with," said Norm Augustine, former chairman of Lockheed Martin Corp. and co-chairman of the PCAST panel that wrote the report.

PCAST is composed of 23 industry and academic leaders including the chairman of Dell Computer Corp. and the president of the Georgia Institute of Technology. PCAST's co-chairman is John Marburger III, the director of the White House Office of Science and Technology Policy.

The report states that homeland security R&D does not fit into the traditional science and technology research model. Combating terrorism will require research into other sciences, such as social behavior and psychology. Homeland security R&D must be flexible enough to take into account those elements.

Indeed, R&D flexibility "is essential," said James Lewis, director of technology and public policy at the Center for Strategic and International Studies. "Just dumping information technology on top of a problem doesn't do any good. You have to have the analytical capability, and that will come from a mix of sciences. They will need to bring in the social sciences."

The report recommends an undersecretary for science and technology who would be responsible for the R&D strategy and budget from concept development to product implementation. This would ensure that priorities are balanced across the department and that the best technologies are bought and deployed correctly.

The report also recommends that the department have managerial flexibility, which would enable scientists to react to changes in science and technology research.

Part of that flexibility includes creating an independent advisory body for the undersecretary, an organization that would function like a federally funded R&D center, a model the Defense Department uses. A group such as Mitre Corp. would assist with systems analysis and support systems engineering, and perform tests to find flaws or gaps in existing solutions. That way, "it's easier to stay at the cutting edge," Lewis said.

The report recommends creating other organizations within the department, and each would need similar managerial flexibility, such as a rapid prototyping capability, which puts development of promising new technologies on a fast track (see box).

PCAST rushed to approve the report on Aug. 5 so that once the public comment period is closed at the end of the month, the document can go to the White House and then Congress as the final decisions are made on the proposed department's structure, said Floyd Kvamme, co-chairman of PCAST.

"I think the report has come out nicely, and it will be a good starting point," Marburger said. "I know the president is looking forward to it."

The report is welcome reinforcement of the organizational recommendations made in the National Academies' June study on R&D priorities for the proposed department, said Lewis Branscomb, co-chairman of the study.

And several ideas from the report are already reflected in the House version of the homeland security bill, so "I would think that this PCAST report will be very helpful in the conference [meetings] to help bring the House and Senate versions together," Branscomb said.

Congress may take a serious look at the report because of the high-powered members on PCAST, Lewis said.

"It's a range of people who have some political clout," he said. "So if they're coming out and supporting [the report's concepts], then it's more likely Congress will pay attention."

***

Getting ahead

The President's Council of Advisors on Science and Technology issued a report last week recommending a structure for the research and development functions of the proposed Homeland Security Department. Among the recommendations are:

* A homeland security national laboratory, focused on high-payoff but high-risk, long-term goals.

* An operational test and evaluation center to validate the performance of newly developed solutions.

* A rapid prototyping group, which would conduct fast-track development of promising new technologies.

* Specialized development groups, structured around technologies and focused on cybersecurity, information management and other issues.
***********************
Federal Computer Week
Congress 'taming e-mail monster' Members of Congress have made strides toward handling the stream of e-mail messages that clogs their portion of cyberspace, according to a new study.


Although the volume remains at staggering levels the House and Senate received 117 million inbound messages in 2001 both sides are taking advantage of information technology solutions, such as filters and Web-based forms, an Aug. 7 special report by the Congress Online Project found (www.congressonlineproject.org). Also, the growth rate of e-mail reaching the House has slowed this year.

"Congress is becoming more competent at taming the e-mail monster," said Brad Fitch, deputy director of the Congressional Management Foundation, the Congress Online Project's parent organization.

The report updates a study released in March 2001 that described how members were "literally drowning in a sea of email," Fitch said. Now they seem to have swum to the surface just in time to deal with an ever-growing demand.

Consider the following: Last year, 13 million Americans participated in an online lobbying campaign, 23 million sent comments to public officials about policy choices, and 68 million visited a government Web site, according to an April 2002 report by the Pew Internet and American Life Project.

On a typical day in 2001, House offices received 234,245 messages, Senate 88,009.

"More people are going online," Fitch said. "It's just that Congress is getting better at handling those communications."

A number of measures are contributing to this rosier picture. More offices are answering e-mail with e-mail, replacing their public e-mail addresses with Web-based forms, and using filters to weed out spam.

Further reducing the overload, private-sector and grassroots communities have become more sophisticated and better at helping constituents tailor messages to individual members instead of the entire institution.

"Groups are getting smarter about how to e-mail Congress," said Bob Hansan, president and chief executive officer of Capitol Advantage, which creates online tools for special-interest groups. And "Capitol Hill is finally getting the message that electronic [messaging] is here to stay and they're learning to manage it."

The payoffs have been great. The House experienced a "surprising" drop in the rate of e-mail growth during the past six months, according to the study. The number of inbound messages is projected to increase by 2.5 percent this year, in contrast with a 78 percent surge in 2001.

The Senate, however, is not expected to see a similar respite. Its e-mail volume is estimated to go up 24 percent, 2 percent more than it did last year.

Experts attribute this to it being a transition time for the Senate, which is upgrading its e-mail system. It also has been slower to adopt Web-based forms than the House and probably gets more spam, Hansan said.
************************
Government Computer News
Army taps pair of vendors to compete for battlefield network project
By Dawn S. Onley


The Army Communications Electronics Command on Friday chose teams led by Lockheed Martin Corp. and General Dynamics Corp. for a fly-off competition to build the $6.6 billion Warfighter Information Network-Tactical.

Under the fly-off contracts, worth up to $75 million each, the vendors will spend a year setting WIN-T risk management, technology readiness and coordination plans.

As part of this first phase, the service wants Lockheed Martin and General Dynamics to identify how WIN-T will mesh with other Army programs, such as the Future Combat System, Joint Tactical Radio System and the Objective Force Warrior, the Army's high-tech vision for 21st-century combat forces.

Through the WIN-T program, the Army plans to build a high-speed, high-capacity network for wired and wireless voice, data and video communications for soldiers on the battlefield, whether they are riding in combat vehicles, manning radio systems or located at stationary command posts.

During Phase 2, which will run 23 months, the teams will develop prototype systems for government testing. By 2006, the Army wants to pick one of the two vendors to begin rolling out WIN-T.
************************
Government Computer News
State will promote cybersecurity guidelines
By Wilson P. Dizard


The State Department is endorsing the development of a "culture of security" as described in the Organization for Economic Cooperation and Development's new guidelines for protecting systems.

OECD, an economic analysis agency in Paris, was founded after World War II to coordinate international development. Its support comes from Western European countries, Australia, Canada, Japan and the United States. In recent years, however, it has been overshadowed by the European Union, the Association of South East Asian Nations and the group of seven leading democratic economies, or G-7.

Last week, OECD issued Guidelines for the Security of Information Systems and Networks: Toward a Culture of Security. The new document, which replaced 1992 guidelines, stresses awareness and responsibility when developing systems security programs. The organization developed the guidelines in response to a U.S. proposal. Originally, OECD had planned to issue the guidance next May, but it accelerated the process.

State said it will encourage businesses, the public and governments to use the guidelines to bolster IT security. It said it is developing outreach plans to promote the guidelines.
************************
Government Executive
Trade bill includes billions for border security technology
By William New, National Journal's Technology Daily


The bill to renew presidential trade-negotiating authority passed by the Senate Thursday includes billions of dollars earmarked for new border security technologies and contains explicit negotiating objectives on e-commerce and services.

The Senate passed the bill, H.R. 3009, by a vote of 64-34. Sections of the bill that would reauthorize the Customs Service have attracted mixed reactions from the high-tech industry and civil liberties groups.

"It's good for Customs, and it's good for the tech industry because it provides the funds to modernize the system and gives us an opportunity to do the work," said former customs attorney Joseph Tasker, now senior vice president at the Information Technology Association of America.

The Customs portion of the bill would authorize $1.37 billion in fiscal 2003 and $1.4 billion in fiscal 2004 for the agency's non-commercial operations, and $1.64 billion in fiscal 2003 and $1.68 billion in fiscal 2004 for commercial operations.

The money would include $308 million each year to modernize Customs procedures through the completion of the Automated Commercial Environment computer system.

In addition, $90 million would be spent in fiscal 2003 to acquire and implement technology to combat terrorism and illicit narcotics at U.S. borders. The technologies include a variety of X-ray mechanisms, communications systems, surveillance cameras, sensors and software to read license plates. In fiscal 2004, the focus would turn to "technologically superior" equipment.

The American Civil Liberties Union (ACLU) on Wednesday raised privacy concerns about the Customs sections, including a proposal that it characterized as "unwarranted" immunity for Customs officials from legal cases arising from their searches of people or property if they were acting in "good faith." ACLU also criticized a provision that would allow Customs officials to open sealed, outbound international mail for any reason.

"The problem with this provision is that it is taking away judicial oversight," ACLU legislative counsel Rachel King said. "What is scary about this is how we are just eliminating checks and balances in our system."

Another provision would mandate advanced electronic information on incoming cargo. The Treasury Department, which currently includes Customs, would have to promulgate rules for Customs within one year for the use of an electronic data-interchange system. The detailed parameters for the information that the Senate previously sought were softened to become "guidelines" in the House-Senate compromise version of the measure.

The bill also would authorize $10 million in fiscal 2003 to implement a program to prevent child pornography and exploitation established by Customs' Child Cyber-Smuggling Center.

And trade negotiators would be directed to ensure that electronically delivered goods and services receive the same treatment as physically delivered goods, among other objectives.

Americans for Technology Leadership in a statement Thursday urged the Senate to quickly pass the trade bill. The group said passage would "ensure the growth of the technology industry by opening new markets and giving our technology companies the opportunity to sell their products in markets that are not currently open to American companies."
**************************
Computerworld
Update: NASA investigating hacker theft of sensitive documents
By DAN VERTON


WASHINGTON -- NASA cybercrime investigators are looking into the theft of militarily significant design documents pertaining to the next generation of reusable space vehicles.
The documents, which are restricted under current export laws from being shared with foreign nationals or governments and are also strictly controlled under the International Trafficking in Arms Regulations (ITAR), were obtained by Computerworld from a hacker who claims to be based in Latin America.


The documents were authored by contractors from The Boeing Co. and a joint venture between East Hartford, Conn.-based Pratt & Whitney and Sacramento, Calif.-based Aerojet. All of the vendors also labeled the documents "competition sensitive," and while it is not yet clear whether sensitive data on military and commercial technologies may have been compromised, defense and intelligence experts said the incident could have both national security and political ramifications.

Bob Jacobs, a spokesman for NASA, confirmed that the documents contain sensitive military information and should have been stored in a closed database. There is no information on how or from where the documents were stolen, and investigators couldn't confirm whether a hacking incident had taken place.

However, a hacker known only by the nickname RaFa, a former member of the now defunct World of Hell Hacker gang, uploaded to a Web site more than 43MB worth of documents, including a 15-part PowerPoint presentation that included detailed engineering drawings. The documents also included detailed mechanical design information on the COBRA space shuttle engine design program, and the risk reduction plan for the Boeing TA4 Advanced Checkout, Control & Maintenance System (ACCMS). The ACCMS is essentially the ground control system for the next generation of space shuttles.

NASA's 2nd Generation Reusable Launch Vehicle (RLV) program is part of the agency's long-term Space Launch Initiative, a multibillion-dollar effort to design a new, safer and more efficient space transportation architecture by 2005. The Defense Department is a key partner in the effort because of its interest in the RLV program's applicability to military satellite programs and future military space plane designs.

After Computerworld broke the story of the NASA hacking on its Web site Thursday afternoon, RaFa told the publication that he didn't understand the sensitivity of the information he had, and he acknowledged that he has shared the documents with hackers in France.

RaFa also showed Computerworld evidence of a second hack into systems at NASA's White Sands Test Facility. He produced dozens of user accounts and claimed to have used an anonymous FTP vulnerability to conduct both hacks.

The incident may not be an isolated one. When asked how easy or difficult it is to crack into NASA systems, a hacker by the nickname Hackah Jak, a member of the defacement group known as Hackweiser, replied, "Who hasn't hacked NASA?"

"Anyone can put together a scanner and in a few minutes have access to a few government systems," the hacker said. "In fact, many hackers sit around and break into government systems just to secure them because they feel that the government is way too lazy."

Breaking into the systems allows hackers to show system administrators where vulnerabilities are, Hackah Jak said.

Regarding the stolen NASA documents, "These particular records would probably be of most interest to a country trying to build their own space launch vehicle," said Steven Aftergood, an analyst at the Federation of American Scientists in Washington. However, "I'm not sure that anyone else could use them either for good or ill."

On the other hand, "the ITAR provisions are quite strict, and they entail serious penalties for violations," said Aftergood. "If a private person transferred ITAR documents abroad, he could be subject to hefty fines or jail time."

Allen Thomson, a former CIA scientist, said this type of information would likely be of interest to so-called "peer competitors" in the commercial and military space market, such as Russia and Japan. However, the general concern is that the documents could contain information that would be of use in countering the capabilities of a military version of the RLV, said Thomson.

John Pescatore, an analyst at Stamford, Conn.-based Gartner Inc., said the disclosure of the documents on the Internet is "a very bad thing," mainly because it may represent only "the tip of the iceberg."

"Many limited distribution documents can be aggregated to indicate very sensitive information," said Pescatore. "Another problem is the ability for someone to modify one of these documents and put it back where they found it -- there are many more possibilities for damaging incidents under that scenario, too."

Walt Rice, a spokesman for Boeing, said the company doesn't have enough information on the incident to comment. However, it plans to offer any assistance to NASA investigators that is requested. Patrick Louden, a spokesman for Pratt & Whitney, said the company is deferring all comment on the incident to NASA.
**************************
USA Today
FCC mulls ways to protect digital TV broadcasts from piracy


WASHINGTON (AP) The Federal Communications Commission stepped up pressure on the technology, entertainment and consumer electronics industries on Thursday to end a long-running dispute over protecting digital television broadcasts from piracy.


With key members of Congress already threatening to legislate some form of digital security, the FCC said it will consider whether to mandate a so-called broadcast flag on digital programming. The broadcast flag is an electronic marker that could tell DVD recorders and other devices not to record those programs.


It is aimed at preventing widespread copying and distribution over the Internet, which commissioners called a hurdle in the transition to digital TV. (See related story: FCC to require digital tuners in all TVs by 2007)

Broadcasters have been reluctant to embrace digital TV until security measures are in place to prevent bootlegging. Digital programming can be copied and widely distributed via the Internet, with no degradation in quality.

"Given digital media's susceptibility to piracy, the issue of content protection must be resolved before broadcasters will make new, innovative and expensive digital content widely available," Commissioner Michael Copps said.

FCC Chairman Michael Powell said the issue is tricky because there is a "delicate balance" between protecting creative work from unauthorized reproductions and insuring consumers' long-held rights to make copies for their own use.

A group of Silicon Valley and Hollywood executives reached a partial consensus in June, agreeing that there should be a broadcast flag that would allow for personal copies, but prevent bootlegging. The agreement represented an unusual degree of cooperation between the content and technology industries, which have argued for years over who should take responsibility for controlling rampant piracy.

But the parties could not agree on several key issues, including the scope of the protection and how to enforce new security measures.

Copps and others said the specter of FCC involvement could spur agreement on the remaining issues "or they will face a solution imposed on them in the near-term future."

Some in the entertainment industry have said they would welcome regulation or legislation. Technology executives doubt that a marker would be effective, arguing that the rapid pace of change in their field means no safeguard survives for long.

Consumer groups and electronics makers worry that new rules could make equipment obsolete and also restrict viewers' rights to make copies for their own use.

The FCC set a deadline of Oct. 30 to receive comments on whether a broadcast flag would be effective and whether the FCC should mandate its use.
*********************



Lillie Coney Public Policy Coordinator U.S. Association for Computing Machinery Suite 510 2120 L Street, NW Washington, D.C. 20037 202-478-6124 lillie.coney@xxxxxxx