[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips August 12, 2002
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, CSSP <cssp@xxxxxxx>;, glee@xxxxxxxxxxxxx;, John White <white@xxxxxxxxxx>;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, computer_security_day@xxxxxxx;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, akuadc@xxxxxxxxxxx;
- Subject: Clips August 12, 2002
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Mon, 12 Aug 2002 09:43:01 -0400
Clips August 12, 2002
ARTICLES
Number of H-1B visas issued has fallen by half
Radio Silence
Open source's new weapon: The law?
Texas launches health network
Campaigns Embrace New Technologies
Financial Institutions May Facilitate Identity Theft
Spamming the World
Encryption Flaw May Decode E-Mail
Protesters Tear Up Japan ID Numbers
Laptops lost, stolen at Justice
Report: Creativity needed [Homeland Security]
Congress 'taming e-mail monster'
Army taps pair of vendors to compete for battlefield network project
State will promote cybersecurity guidelines
Trade bill includes billions for border security technology
FCC mulls ways to protect digital TV broadcasts from piracy
*************************
Mercury News
Number of H-1B visas issued has fallen by half
By Jennifer Bjorhus
The number of H-1B visas issued to temporary foreign workers has dropped by
half so far this year, a sign of the torpid economy and tech implosion.
The INS issued about 60,500 new H-1B visas in the first three quarters of
its fiscal year, from Oct. 1, 2001, to June 30 -- a 54 percent drop from
the 130,700 H-1B visas it issued in the same period of its previous fiscal
year. There are 18,000 petitions pending, the INS said.
The plunge comes on the heels of a record year. Last year, Congress raised
the annual cap on the visas to 195,000 and created exemptions for
university researchers among others.
H-1B visas are good for up to six years and are popular in the tech
industry for importing engineers. About half of H-1B visas go to people
doing computer-related work, many of whom come from India and China. Tech
companies such as Oracle, Intel and Hewlett-Packard are among the program's
biggest users.
Post-Sept. 11 scrutiny of visas and the reorganization of the Immigration
and Naturalization Service have also likely played a role in the drop, said
one immigration attorney.
``Right now immigration is sort of in a mess,'' said Margaret Wong, a
longtime immigration attorney in Cleveland. Wong said wait times for H-1B
visas have increased from a month to 16 weeks.
Critics and supporters of the long-controversial H-1B program agree the
drop is not surprising, but they interpret it differently.
Harris Miller, president of the Information Technology Association of
America, said the decline shows that employers are using the H-1B program
appropriately. They're importing fewer foreign workers because they're
doing less hiring and there are more U.S. workers available, he said.
Miller said he doesn't think increased scrutiny of visas after Sept. 11 has
anything to do with the drop.
``Clearly H-1Bs are for use when there's a shortage. With the continued
slowdown in the IT industry and other industries that use them, then the
system is working as it was designed,'' Miller said. IEEE-USA, the U.S. arm
of the Institute of Electrical and Electronics Engineers, disagrees.
It argues that the visa numbers may be down, but that 60,500 new H-1B visas
are still too many, given how many U.S. engineers are out of work.
The IEEE-USA has called on Congress to study how the expanded H-1B visa
program and the increasing use of overseas engineering staffs are affecting
the job market for U.S. engineers. Unemployment among engineers rose to 4
percent in the second quarter of this year, and increased even higher for
computer scientists and electronics engineers, according to data the
IEEE-USA released last month. While that's below the 5.9 percent national
unemployment rate, it's a high for engineers.
``We clearly have many unemployed domestic high-tech workers that could be
available for those same jobs,'' said John Steadman, an IEEE-USA vice
president.
*********************
Federal Computer Week
DOD preps virtual Pentagon
Program will consist of three contracts
The Defense Department has launched a program to create a virtual Pentagon
that would provide backup networks and communications to avoid the loss of
essential functions that the Pentagon experienced during the Sept. 11
terrorist attack.
The Pentagon Renovation Program Office has issued a presolicitation notice
for its estimated $400 million Command Communications Survivability Program
(CCSP), formerly known as the virtual Pentagon. Defense officials said that
although the name has changed,the program's focus remains the same.
"The goal of this program is to ensure redundancy, survivability,
recoverability, manageability, availability, scalability and security" for
Pentagon systems, according to a presolicitation notice issued by the
Pentagon Renovation Program Office late last month.
Among the problems DOD encountered Sept. 11 was a computing environment
with many points of failure applications or databases that, if removed,
could not be recovered and critical network links that, if down, could not
be worked around.
DOD officials have said that the terrorist attacks were a dramatic wake-up
call. The attacks severed one of the Pentagon's main communications lines
and destroyed some Army and Navy servers.
The program also fits into DOD chief information officer John Stenbit's
goal to improve DOD's network-centricity.
"Whether it is the Pentagon, whether it is the collaborative environment
out and around the Pentagon...we are very much focused on being
network-centric," said Owen Wormser, principal director for spectrum,
space, sensors and command, control and communications in the Office of the
Assistant Secretary of Defense.
Stenbit has stressed that DOD needs to make information available on a
network that people can rely on and trust.
The idea is to eliminate the need to be in a particular location to access
critical data, DOD officials said. Therefore, the virtual Pentagon plan
will create redundancies so that the network is available regardless of
where the Pentagon is damaged.
"The objective is to build in logical and physical improvements within each
area for survivability of the networks and systems against catastrophes,"
program officials said.
CCSP encompasses four areas voice, networks, mainframes and messaging and
the integration of those areas into a seamless infrastructure, officials said.
According to the presolicitation notice, DOD officials are preparing a
request for proposals for a CCSP systems integrator "who will be
responsible for making necessary changes to the information technology
infrastructure in the Pentagon and selected DOD facilities associated with
the Pentagon."
CCSP will consist of three acquisitions. "The integration contract covers
the overall integration of all four areas," program officials said. The
integrator will also design and deploy the voice, networks and mainframe
solutions.
Messaging design and deployment will be accomplished using a separate
contract. The third contract will cover the facilities needed to house the
IT network and voice components.
The CCSP integrator contract will be carried out in two phases.
Soon officials declined to say when DOD officials will issue a request
for qualifications. Then, they will select vendors who will participate in
the second phase.
Contingency planning experts, however, said Pentagon officials would be
wise to focus not only on IT, but on critical business processes as well.
"We seem to forget that the info tech systems are tools that are used by
people," said Dale Windle, a disaster recovery planner and project manager
for DisasterRecovery.com, a firm that specializes in helping organizations
create disaster recovery plans. "We always find that the real issue is
continuity of business operations," and that is carried out by people.
After Sept. 11, "many organizations had well-developed and well-planned
disaster recovery plans, but they did not have crisis management plans and
emergency response plans," said Joseph Flach, managing director of business
continuity planning for Eagle Rock Alliance Ltd., a consulting firm that
specializes in contingency plans.
***
Creating a virtual Pentagon
The Pentagon is looking for a systems integrator for the Command
Communications Survivability Program. CCSP, formerly known as the virtual
Pentagon, will create redudancies so that Pentagon networks, mainframes,
voice components and messaging systems will be accessible in the event of a
catastrophe. The program will cost more than $400 million and take more
than three years to complete, according to the Pentagon Renovation Program
Office.
"The integration challenge is related to the objective of a single seamless
network infrastructure to support all areas of the CCSP," program officials
said.
************************
Chronicle of Higher Education
Radio Silence
Fees force college stations to stop Webcasting
By DAN CARNEVALE
Almost all American college radio stations have listeners who call in to
make song requests. But few have people calling in from Israel.
At the University of Akron, however, WZIP-FM reached a worldwide audience
by transmitting its music over the Internet at the same time it broadcast a
traditional radio signal locally. At its peak, the station's Webcasts of
hip-hop and dance music attracted up to 300 online listeners an hour in
places as distant as the Middle East and Australia. Song requests from
Jerusalem and Sydney were common.
But in March, WZIP ended its Webcasts. Station officials estimated that
WZIP would have to pay more than $10,000 a year under a new royalty-fee
plan that was then being considered by James H. Billington, the librarian
of Congress. Mr. Billington oversees the U.S. Copyright Office.
"It absolutely broke our hearts to pull the plug," says Thomas G. Beck,
general manager of the station.
In anticipation of the fees, which were finally announced earlier this
summer, dozens of college radio stations stopped transmitting music over
the Internet. They joined hundreds of commercial and noncommercial stations
that shut down their Webcasts to avoid both racking up hundreds or
thousands of dollars in fees and meeting expensive new record-keeping
requirements.
The fees are the result of a provision in the Digital Millennium Copyright
Act of 1998 that states that the recording industry and artists should be
compensated for music played over the Internet. After months of tense
negotiations and arbitration run by the U.S. Copyright Office, Mr.
Billington decided in June what fees Webcasters will pay to the record
industry. The average college station offering Webcasts -- a licensed
noncommercial college station that simultaneously plays its over-the-air
broadcasts online -- would pay two-hundredths of a cent per listener per
song for every song it plays.
The rates are scheduled to be renewed every two years. The next round of
negotiations could begin as early as this fall.
'A Tremendous Amount'
Although the rates are discussed in hundredths of a penny, Mr. Beck says
multiplying them by hundreds of thousands of songs played, and by hundreds
of listeners, could mean thousands of dollars in fees for stations. "It
looks like nothing, but it adds up to a tremendous amount," he says.
So far, few college radio stations have attracted hundreds of online
listeners -- most Webcasts pull in an audience of a couple dozen at most.
But officials at college stations say the new fees discourage success. If a
Webcast becomes too popular, the station soon wouldn't be able to afford to
stay in business.
Many radio stations, both Webcasting and traditional, argue that the fees
are unreasonably high. They say a flat rate of about $200 per year would be
fair for all parties.
Broadcasters say they are even more afraid of a proposal, made by an
arbitration panel from the Copyright Office, to require Webcasters to track
detailed information about every song they play.
Under that proposal, radio and online stations would have to report each
song's title, the artist or group that performed it, the album title, the
record label, the catalog number, the International Standard Recording Code
(which identifies each track of a compact disk), and the date and time of
transmission. For each song, the station also has to keep track of how many
listeners were online at the time the song was playing.
Software to collect that sort of information isn't on the market, station
officials say. Even if it were, they add, collecting the information would
be prohibitively expensive.
Mr. Billington has yet to rule on the panel's record-keeping
recommendation, and Copyright Office officials say it may be weeks before
he does.
Some of the Webcasters that shut down, like one at the University of
California at Los Angeles, were online only. Other stations have continued
to play music online, gambling that the courts or Congress will intervene
to make the fees and record-keeping rules more radio-friendly. But the
recording industry has argued that the fees are already too low and that
they don't adequately compensate the companies that produce the music
people want to hear.
One group of college radio stations has filed a lawsuit in an appeals
court, asserting that smaller stations were unable to participate in the
negotiations that helped determine the fees.
And some members of Congress have introduced legislation that might help
lower the rates that smaller stations would have to pay to play music online.
In the meantime, students and faculty advisers at college stations are
pulling out their calculators to tally what it would cost to continue
making Webcasts under the new fees and how much they owe for Webcasting
over the past four years.
A Unique Requirement
The fees and proposed record-keeping requirements are unique to online
transmissions. Radio stations don't pay fees to the record industry for
traditional broadcasts -- the assumption is that the record companies
benefit from publicity that leads listeners to buy CD's. But the stations
do pay a flat rate, usually around $500 a year, to the songwriters through
organizations that support composers, authors, and publishers.
Will Robedee, vice chairman of Collegiate Broadcasters Inc., a trade group
for campus radio stations, says broadcasters shouldn't have to pay the
record industry and the performers because the record labels depend on
radio to drum up sales.
He says the fees for Webcasting are especially far out of line. "It's
higher than the broadcast fees for a lower quality and a smaller audience,"
says Mr. Robedee, who is also general manager of Rice University's radio
station, KTRU-FM. He is leading a lobbying effort to get Congress to change
the fees and other requirements in the Digital Millennium Copyright Act.
Another college radio station, San Jose State University's KSJS-FM, plays a
mix of music that's not usually heard on commercial stations, including
classic jazz, death metal, and techno. But KSJS shut down its Webcast of
music in January to avoid having to pay fees and keep intricate records.
"As soon as I saw the suggested rates, I thought, 'I don't even want to
play this game anymore,'" says Nick Martinez, general manager at the
station. "It's not worth it."
The station's traditional broadcasts reach an audience of about 25,000 a week.
The Webcasts attracted only a handful of listeners. "It wasn't any more
than 10 to 15 listeners an hour," Mr. Martinez says. "And 99 times out of
100, it was the parents of the DJ's wanting to listen to their son or
daughter."
But Amanda Collins, a spokeswoman for the Recording Industry Association of
America, says stations could one day make lots of money from playing music
online. "Webcasting is in its earliest stage of development," she says.
"The fact that they're using our members' works to create a business, that
means our members should be compensated."
Ms. Collins says the recording industry is willing to continue negotiating
with college stations to reach a conclusion that satisfies both sides.
"We're hearing the concerns that the college radio stations are raising,
and we're prepared to work with them," she says.
Keeping Track of Listeners
For stations with only a few online listeners, as well as for stations with
larger numbers, the proposed record-keeping requirements are at least as
daunting as the fees, says Mr. Beck, of the University of Ak-ron. First the
station would have to create a database of all the required information
about each piece of music. Then it would have to determine how many people
are listening to the Webcasts as the songs are playing.
He says no software is available that can handle all of that, meaning his
staff members would have to do the work. "That is damn near an
impossibility," Mr. Beck says. "We're an all-volunteer staff."
Some stations decided early on to stay out of the Webcasting business,
sensing that the copyright law's provisions foretold burdensome rules. A
community radio station operated by the University of Virginia, WTJU-FM,
considered transmitting its broadcasts online, but decided against it. "We
never Webcast, but a lot of it had to do with the financial situation,"
says Chuck Taylor, general manager of the station. "As a small station, we
really could not afford to take that risk."
The station is a member of the Corporation for Public Broadcasting, which
negotiated its own fee rate with the recording industry and which covers
the Webcasting fees for its member stations. The rate is kept confidential.
But the record-keeping requirements would have been too expensive for the
station. Like many radio stations, WTJU currently keeps records the
old-fashioned way -- DJ's scribble the names of songs and artists into a
logbook.
The books don't include even half the information that's proposed for the
new record-keeping requirements, and all of that information would have to
be converted to digital form. It would take a full-time employee to handle
the work, Mr. Taylor says.
Besides the fees and the record-keeping, the Digital Millennium Copyright
Act restricts the number of tracks from one CD or by one artist that can be
broadcast online. Webcasters cannot play more than two songs consecutively
from one CD, or more than three songs consecutively from a boxed set. Nor
can they play more than three songs from one disk or more than four songs
from a boxed set within a three-hour period.
That hurts many college radio stations, which often offer a different type
of programming than commercial stations.
For example, a college station might broadcast a special on Miles Davis,
but the program would be prohibited online if it involved playing too many
songs from a single album.
"If you've listened to community or college radio, that's pretty much what
we do," Mr. Taylor says. Now Webcasters' options are running out. The
Intercollegiate Broadcasting System, a trade group representing about 800
college stations, and the Harvard Radio Broadcasting Company filed a
lawsuit in July against the librarian of Congress in the U.S. Court of
Appeals for the District of Columbia. The suit asks that Mr. Billington's
decision on fees be thrown out.
Going to Court
The stations argue that the fees are especially detrimental to smaller
stations. They also say that small stations were left out of the
arbitration proceedings because the cost of participating was so high.
Under U.S. Copyright Office rules, members of copyright-arbitration panels
pick up the cost of the process -- which in this instance meant that each
panel member paid about $300,000 to participate, an amount that the
stations say skewed the panel's membership in favor of the record industry
and large broadcasters.
Whether Congress will take any action remains to be seen. The Senate
Judiciary Committee held a hearing on Webcasting in May. A Senate staff
member says the committee may meet again now that the fees have been decided.
Some college-station managers are looking for help from a bill introduced
in the House of Representatives in July. The bill's sponsors are Rep. Jay
Inslee, a Washington Democrat, Rep. Rick Boucher, a Virginia Democrat, and
George R. Nethercutt Jr., a Washington Republican.
As written, the legislation would exempt small businesses from having to
pay the royalty fees until the next round of negotiations with the
Copyright Office. It would also exempt small businesses from having to pay
arbitration costs for future proceedings with the office. Mr. Robedee, of
the Collegiate Broadcasters Inc., says he'll ask the lawmakers to amend the
bill to include colleges in the exemptions.
Joel Willer, general manager of KXUL-FM, the radio station at the
University of Louisiana at Monroe, is working with Mr. Robedee to lobby
Congress for changes to the Digital Millennium Copyright Act. Mr. Willer,
whose station has continued its Webcasts (http://www.kxul.com), says is
difficult to gauge whether members of Congress are merely sympathetic to
their needs or if they will actually take action.
"They nod politely," he says. "But if they're really going to do something,
it's difficult to get that sense."
Mr. Martinez, of the San Jose State radio station, says he is hopeful that
the regulations will be changed so his station can resume Webcasting.
"It's college radio," Mr. Martinez says. "Have fun, play music, and leave
it at that."
--------------------------------------------------------------------------------
PAYING FOR WEBCASTS
The following are the Webcasting fees and related rules set by James H.
Billington, the librarian of Congress:
* Noncommercial radio stations -- including college stations -- that have
simultaneous Internet transmissions must pay two-hundredths of a cent per
listener per song for every song they play. Commercial radio stations that
offer simultaneous Internet transmission will pay seven-hundredths of a
cent per song for each online listener.
* Noncommercial stations that broadcast exclusively online must pay
seven-hundredths of a cent per song per listener. Noncommercial radio
stations that play music online from an archived broadcast -- permitting
listeners to hear music on demand instead of what's playing live -- must
pay two-hundredths of a cent per listener per song.
* All radio stations that play music online will be required to pay a
minimum fee of $500 per year. All of the fees, which begin on September 1,
are retroactive to October 1998, when the Digital Millennium Copyright Act
went into effect. The first payments are due October 20.
* To determine how much the retroactive fees will be, Webcasters will
estimate the number of listeners they had during the past four years. To
calculate the fees, the number of listeners is multiplied by 12 songs an
hour for traditional radio stations, and by 15 songs an hour for
Internet-only stations.
* The income from the fees will be split three ways: Half goes to the
record label, 45 percent goes to the featured artist, and 5 percent goes to
non-featured artists.
Here are some examples of how much college stations would have to pay under
the regulations:
* A radio station that Webcasts 15 songs an hour, 365 days a year, 24 hours
a day and attracts 200 online listeners an hour would pay the recording
industry $5,256 per year.
* A radio station that Webcasts 15 songs an hour, nine months every year,
18 hours a day and attracts 10 online listeners an hour would rack up fees
of $146, but the station would pay the minimum $500 per year.
* An online-only station that Webcasts 15 songs an hour, 365 days a year,
24 hours a day and attracts 100 online listeners an hour would pay the
recording industry $9,198 per year.
*******************
News.com
Open source's new weapon: The law?
By Michael Kanellos and Stephen Shankland
Open-source software advocates will unfurl a legislative proposal next week
to prohibit the state of California from buying software from Microsoft or
any other company that doesn't open its source code and licensing policies.
Named the "Digital Software Security Act," the proposal essentially would
make California the "Live Free or Die" state when it comes to software. If
enacted as written, state agencies would be able to buy software only from
companies that do not place restrictions on use or access to source code.
The agencies would also be given the freedom to "make and distribute copies
of the software."
"The legislative intent is that for software to be acceptable to the state,
it is not enough that it is technically capable of fulfilling a task, but
that the contractual condition for purchase and/or licensing must satisfy a
series of requirements regarding the license," the proposal states.
Programmers and other open-source fans plan to march Thursday in San
Francisco during the LinuxWorld Conference and Expo to promote their
argument that Linux and other open-source projects can be used to prevent
abuses by proprietary software companies such as Microsoft.
"Having had great success in gaining the support of several legislators, we
are making a public announcement," said Walt Pennington, a San Diego
attorney specializing in tort who is the driving force behind the bill. "We
have planned several Sacramento meetings to surreptitiously lobby for this
legislation."
Linux seller Red Hat will be among those backing legislation, Chief
Operating Officer Michael Tiemann said.
"If we can get the open-source movement as excited about modifying legal
code as they are about C++ and Java, I think they lobbying will take off
itself," Tiemann said.
The point of the proposal isn't to punish developers of proprietary
software. Instead, advocates point out that "closed" software adds costs
and creates security risks, two problems the state needs to reduce.
The proposal won't be delivered to the legislature just yet.
Pennington said backers include Assemblyman Juan Vargas, D-San Diego, whose
district near the Mexico border includes nonprofit agencies that use Linux.
But Pennington said he needs more support before the bill is actually
introduced.
"It's code, hopefully soon to be legal code, and it requires the
participation of an extraordinary number of people to get it good enough
that people will like it," Tiemann said.
Other supporters include IBM, MandrakeSoft and Linux International,
Pennington said.
When Tiemann talks about the bill at the San Francisco City Hall on
Thursday, "Microsoft is going to flood San Diego with free hardware, free
software and free services," Pennington predicted.
*******************
Federal Computer Week
Texas launches health network
Calling it a "work in progress," Texas has launched a statewide electronic
health communications network that so far connects 64 public health
organizations in an effort to improve surveillance and reporting of
infectious diseases and possible bioterrorist attacks.
The state's Health Alert Network (HAN), in development for three years, is
among the first such system in the nation to be launched, state health
officials said in an Aug. 9 teleconference sponsored by Dell Computer
Corp., which supplied much of the hardware.
"Hours and days could mean the difference between 10 and tens of thousands
of casualties," said Michael Mastrangelo, co-founder of Texas HAN.
HAN actually is a nationwide initiative led by the Centers for Disease
Control and Prevention since 1999 to bolster secure, high-speed, two-way
communication among the federal government and states about emerging
infectious diseases, environmental health dangers, potential bioterrorist
attacks as well as other surveillance and laboratory data.
CDC has provided about $90 million in funding and technical assistance to
more than three dozen state health agencies and metropolitan health
departments, and three centers for public health preparedness to develop
their statewide systems. Health officials have previously said that across
the nation, about 10 percent of local public health departments do not have
e-mail and up to 40 percent do not have high-speed Internet access.
Texas HAN began with about $15 million in state funding and portions of $52
million awarded by the federal government this year, said Wayne Farrell,
district director of the Bell County Public Health District, located in the
central part of the state.
Mastrangelo estimated that about half the local health departments in Texas
didn't have adequate Internet access, defined as continuous access. Each of
the 64 sites, which represent only a part of the state's health system, is
equipped with Dell PowerEdge 500SC servers and up to five Dell desktop or
notebook computers. The network allows sites to maintain their link via
automatic redundant connections if the main high-speed connection fails, he
said.
Eventually the state plans to equip all public health centers, hospitals,
clinics and law enforcement agencies, he said, meaning that 90 percent of
the state population will be covered by the network. However, one challenge
is persuading the state's political leadership to continue investment in
telecommunications infrastructure so the network can grow. Officials said
funding is being sought and studies are being done to connect other sites.
Another major benefit of the state HAN is being able to tap into training
and distance learning. Mastrangelo said there are plans to double the
number of sites with interactive two-way videoconferencing, which stands at
17 now. He said they are working with university medical centers and other
groups to provide content now that they've laid the communications network
down.
He said it might take up to five years before all pieces of the network are
in place.
*************************
Washington Post
Campaigns Embrace New Technologies
Databases, Recordings From Candidates Help Get Out Message in a Different Way
The elections of 2002 have yet to produce any technodramas as compelling as
Jesse Ventura's Internet-driven run for governor in Minnesota in 1998 or
Sen. John McCain's online fundraising surge in the 2000 presidential
campaign, but politicians, lobbyists and consultants continue to exploit
technological advances for advantages large and small.
With the reach of the Web and the detail embedded in online databases,
they're spreading their messages broadly and cheaply -- and specifically.
"Politics tracks warfare," said John Jameson, head of the Democratic firm
Winning Connections. "In the Vietnam War, you had carpet bombing, and that
was the rough equivalent of television advertising. Now, in warfare, you
have precision bombing; in politics, you have precision targeting."
The use of the Web has given rise to two contradictory trends. It has
provided improved access to the political system for outsiders and
mechanisms for spontaneous expression of public attitudes. But there also
are more opportunities for finely tuned manipulation by politicians and
special interests willing to pay the costs.
Members of the House, determined to improve reelection prospects, are
increasingly turning to recorded phone messages to such targeted
constituencies as the elderly, SUV owners and environmentalists.
"This service gives Members the unique opportunity to reach their base
quickly, with a message, in their voice," FLS-DCI, one of the companies
selling the service, says on its Web site. "These calls can be paid for
with official funds when the script is approved through the House Mailing
Standards."
Another candidate seeking reelection, Florida Gov. Jeb Bush (R), has
discovered that a fundraising technique many would reject as demeaning in
fact has proved highly effective.
The governor recorded a message asking for money that was then phoned to
contributors to the 2000 presidential campaign of his brother, George W.
Bush. "They loved it," an operative reported.
Fundraisers are now experimenting with recorded voice messages from such
prominent figures as President Bush, former president Bill Clinton and
others that are designed to play only when a voice-mail machine answers,
not a real person.
"You would be amazed at how very sophisticated people will not only respond
to such a message, but they will save it and play it for their friends,"
one GOP fundraiser reported.
In Iowa, door-to-door Democratic political workers are carrying hand-held
electronic organizers so they can both receive and send vital voter
information to campaign and state party headquarters.
In a lobbying drive now underway, brewer Anheuser-Busch Inc. is using
advertising on the Web to bolster a traditional lobbying drive to win House
sponsors for legislation that would kill a 1990 tax on beer. The ads, which
appear on sites run by such publications at Congressional Quarterly and
National Journal, drive traffic to a beertax.org site, run by Anheuser-Busch.
That site -- expressly designed for "government officials and staff,
journalists and other opinion leaders on public policies that impact the
brewing industry" -- tells visitors: "Every time you buy a beer, an
incredible 44% of the price you pay comes from taxes. . . . While excise
taxes collected from wealthy Americans have been eliminated, working
Americans continue to pay the beer tax at the rate of $65 million a week."
So far, 224 House members, more than a majority, have joined on as co-sponsors.
But even as they exploit the Web, political professionals are somewhat
mindful of its anarchic cultural heritage -- on the lookout for
unpredictable, tech-driven developments analogous to Ventura's outsider
gubernatorial campaign or McCain's dramatic grass-roots fundraising during
his presidential campaign.
"This is not to say that the uberdog has a disadvantage, but messages that
are for the underdog seem to have a better resonance on the Web," said
Jonah Seiger, co-founder and chief strategist for Mindshare, which
specializes in building constituencies for political and legislative
campaigns. "McCain capitalized on a moment. The Web provides a very
powerful way of harnessing that moment."
In trying to add a personal touch to their political messages, operatives
are using more data that many voters would consider private -- credit
histories, buying patterns, income, number of children, cost of home,
magazine subscriptions. Such data are easily bought, and improved software
is driving down the price.
InfoUSA, for example, offers commercial and political interests lists of
millionaires, baby boomers with incomes over $75,000, owners of all-terrain
vehicles and owners of certain motorcycles. ATV and motorcycle owners,
according to political operatives, become sources of votes to the GOP on
environmental and regulatory issues.
Then there's Atlantic Lists, which offers a database on donors to research
on Alzheimer's disease. It is broken down by such criteria as whether the
donors own a boat or use a computer, or even by the value of their homes.
More curious is Atlantic's Diamonds Are Forever Newlywed Database --
women's names and credit card and phone numbers, sortable by factors
including ethnic/religious background and wedding date.
While a database of newlyweds might seem unrelated to politics, polling
shows that married women are significantly more Republican than single
women. That makes them ideal targets for the GOP, which is seeking to
shrink the gender gap.
***********************
New York Times
Financial Institutions May Facilitate Identity Theft
By MATT RICHTEL
he Internet, which has opened up a new world of commerce, also eases the
trade of a good that many people will find troubling: their own identities.
And what victims may find more troubling is that the accomplices may be
their own financial institutions.
That essentially is a conclusion of a survey released this month that finds
that theft and sale of people's identities used to make fraudulent credit
card purchases, launder money, and commit other crimes is burgeoning, in
part because of the Internet. The report, from Celent Communications, a
market research firm, said that by 2006, 25 percent of all cases of
identity theft would originate on the Internet. That is up from 5 percent
in 1998.
The reasons may seem obvious. As more companies and individuals put
information online, there is a greater opportunity to obtain that
information. "Information brokers," the survey says, are selling Social
Security numbers, medical and driving records and credit-card information.
What is less obvious is one of the report's central conclusions: that
financial institutions are contributing to the theft by failing to take
obvious steps to prevent it. "The majority of credit card fraud is the
result of financial institutions' leniency in the account-opening process,"
according to the report. It said thieves used victims' identities to open
fraudulent accounts and then used those accounts, for example, to launder
money.
The report's author, Ariana-Michelle Moore, a Celent analyst, said that
financial institutions did a poor enough job verifying the identify of
customers. She said the problem had become worse as banks permitted more
people to open accounts online; she noted, for example, that 40 percent of
bank accounts were now opened online, a figure she expected to rise quickly
to 60 percent.
"The very basics of preventing identity theft verifying people's identity,
authenticating customers, such basic and logical practices as those are
not being done," she said.
***********************
MSNBC
Spamming the World
In a popularity contest, 'bulk e-mailers' would rank just above child
pornographers. But the scourge of the Internet is defending its vocation
By Brad Stone and Jennifer Lin
NEWSWEEK
Aug. 19 issue Al Ralsky would like you to have thick, lustrous
hair. He also wants to help you buy a cheap car, get a loan regardless of
your credit history and earn a six-figure income from the comfort of your
home. But according to his critics, Ralsky's not a do-gooder, but a bane of
the Interneta spammer, responsible for deluging e-mail accounts and choking
the Internet service providers (ISPs) that administer IN REAL LIFE,
the 57-year-old father of three lives in a middle-class suburb of Detroit.
He started bulk e-mailing seven years ago, when he was flat broke. To buy
his first two computer servers, he had to sell his 1994 Toyota Camry. These
days Ralsky sends out more than 30 million e-mails a day and raves about
the possibilities of marketing on the Internet. "It's the most fair playing
field in the world," he says. "It makes you equal with any Fortune 500
company."
In a popularity contest among Net users, spammers would probably
rank only slightly above child pornographers. Spamunsolicited messages that
make their way to your e-mail inbox with misleading subject lines and
dubious propositions (from pyramid schemes to porno come-ons)accounts for
30 to 50 percent of all e-mail traffic on the Net. Users are fed up, and
big ISPs like AOL and Earthlink, increasingly overwhelmed by the excess
traffic, are taking some spam operators to court. Meanwhile, vigilante
anti-spam organizations like SpamCop are aggressively blacklisting spam
operators and publishing their home and family information on the Web.
Anti-spam sentiment has even evolved to the point where spammers themselves
are feeling like victims, and are defending what they call an honest, legal
living. Maryland e-mailer Alan Moore, also known as "Dr. Fat" for his
herbal weight-loss pills, says spammers are "helping the economy and adding
to the GNP. People need to realize this."
ATTACK OF THE SPAMBOTS
Spam operations are often, by necessity, fly-by-night businesses.
Bulk e-mailers gather addresses using "spambots" like the $179 Atomic
Harvester, a piece of software that scours the Internet 24/7, vacuuming up
addresses it encounters on bulletin boards and directories. Spammers often
don't charge clients anything up front, but will take 40 to 50 percent of
the revenue an ad generates (or, with products like insurance, $7 a lead).
Since most U.S. ISPs have policies that prohibit sending out spam, the
majority of spammers operate by sending their messages to "blind" relays,
computers in China, South Korea or Taiwan that redirect the e-mail and make
it difficult to trace.
Recently, life has become more onerous for bulk e-mailers.
Companies and ISPs are using new software to identify and stop spam as it
comes into the network, before it gets distributed to individual inboxes.
(This is why spam subject lines are now misleadingly banal or end in
numbers: to trick the software, not you.) And with so many more marketing
messages clogging Net accounts, users are increasingly inclined to hit the
DELETE button when they see a piece of spam. One bulk e-mailer says that
when she started spamming in 1999, she could send out 100,000 e-mails and
get 25 responses. Today, she has to send out a million messages to get the
same response (a .0025 percent hit rate).
While most spammers claim they've made hundreds of thousandssome
even say millionsof dollars in past years by taking big cuts of their
clients' revenue, they're tight-lipped about their current income.
Spamhaus.org founder Steve Linford, whose anti-spam agents snoop on the
e-mailers' private online forums to stay on top of trends in the business,
says there's good reason: "We know they hardly make anything because
they're always complaining about it." Several spam operations are also
being threatened by litigation. For example, Al Ralsky has been sued in
Virginia state court for allegedly sending millions of messages in mid-2000
that crashed the servers of Verizon Online. (His lawyer denies the
charges.) The trial is set for this fall, but the judge in the Ralsky case
has already ruled a spammer can be held liable in any state where his
messages are received.
SPAMMERS FIGHT BACK
In a world where every niche industry speaks loudly to defend its
interests, perhaps it's not surprising that spammers are joining forces and
trying to fight back. Thirty prolific e-mailers recently banded together in
something called the Global E-mail Marketing Association (GEMA). The
director, a southern California-based e-mailer who would like to be called
"Tara," says the purpose of GEMA is to regulate the industry and ensure its
members abide by certain rules, such as allowing recipients to opt out of
any list. She also wants to improve the public's perception of spamming.
First step: changing the name. "We are 'commercial bulk e-mailers', not
spammers," she says. "I would appreciate if NEWSWEEK would at least give us
the dignity of that."
Ronnie Scelson is another spammer showing defiance in the face of
distaste for his profession. The 28-year-old father of three from Slidell,
La., dropped out of high school in the ninth grade but says he's made
millions sending out 560 million e-mail messages a week, hawking everything
from travel deals to lingerie. As a result, he drives a 2001 Corvette, and
recently bought a five-bedroom home with a game room and pool. In May, the
company Scelson founded, Opt-In Marketing, turned the tables and sued two
ISPs and three anti-spam organizations in Civil District Court in New
Orleans. The suit alleges that the ISPs, New Jersey-based CoVista and its
Denver-based backbone provider Qwest, cut off his Internet access and
denied his free-speech rights.
Scelson draws a distinction between his old profession, spamming,
and his new one, bulk e-mailing: he says he currently allows people to take
themselves off his lists and uses American ISPs to send e-mail instead of
foreign relays. But spam is in the eye of the beholder, and recently one of
his high-speed Internet lines was temporarily blocked by his new ISP. Now
Scelson wonders aloud if playing by the rules is even worth it and
threatens to return to his old ways. "I'm going back to spamming. I don't
care if I have to relay, work through a proxy or spoof an IP address, I'll
do it."
Anti-spammers practically leak venom when it comes to addressing
the bid for dignity made by their rivals. Julian Haight, the founder of
SpamCop, says spammers deserve "every ounce of the image that they have ...
The correlation between spamming and rip-off deals is unreal." Verizon exec
Tom Daly says spam is insidious because it shifts the costs and burden of
handling massive volumes of mail to the network providers. And Internet
users: well, no one is exactly clamoring for more e-mail about
get-rich-quick schemes or magical ways to enhance their you-know-what. For
spammers (er, commercial bulk e-mailers), the quickest route to
respectability may be to find another line of work altogether.
*************************
Associated Press
Encryption Flaw May Decode E-Mail
Mon Aug 12,12:06 AM ET
By ANICK JESDANUN, AP Internet Writer
NEW YORK (AP) - Snoopers on the Internet could decode sensitive e-mail
messages simply by tricking recipients into hitting the reply button,
computer security researchers warned Monday.
The flaw affects software using Pretty Good Privacy, the most popular tool
for scrambling e-mail.
Researchers at Columbia University and Counterpane Internet Security Inc.
found that someone intercepting an encrypted message could descramble it by
repackaging the message and passing it on to the recipient.
The message would appear as gibberish, possibly prompting the recipient to
request a resend.
If the recipient includes the original text with that request as many
people have their configured their software to do automatically when they
reply the interceptor could then read the original message.
Bruce Schneier, Counterpane's chief technology officer, said most people
would never dream that security can be compromised simply by returning
gibberish.
Intercepting a message is trivial using software known as sniffers, and
companies may use such programs to monitor employees on its network. An
oppressive government may snoop on its citizens if it also controls service
providers or other access points.
Thus, human rights workers, some FBI ( news - web sites) agents and even
the son of a jailed mobster have used PGP to encrypt messages sent over the
Internet and data stored on computers.
So powerful is the technology that the U.S. government until 1999 sought to
restrict its sale out of fears that criminals, terrorists and foreign
nations might use it.
Jon Callas, principal author of the OpenPGP standard at the Internet
Engineering Task Force, said the vulnerability is serious but very
difficult to exploit.
And, he said, many PGP software packages compress messages before sending.
Researchers found that such compression can sometimes thwart the
unauthorized decoding.
Nonetheless, an update to the OpenPGP standard was to be released Monday to
coincide with the announcement of the flaw. Many developers already have
begun to write software fixes, Callas said.
In the meantime, Schneier and Callas urged recipients of PGP e-mail to
avoid including full text of messages when replying.
Schneier and co-researchers Kahil Jallad and Jonathan Katz, who were at
Columbia University when they discovered the flaw, identified its
possibility about a year ago. The latest paper offered a demonstration of
the flaw in practice.
The findings come weeks after researchers at eEye Digital Security Inc.
discovered that hackers could exploit a programming flaw in companion
software a plug-in for Microsoft Corp.'s Outlook program to attack a
user's computer and in some cases, unscramble messages.
In neither case does the flaw affect the actual encrypting formulas used to
scramble messages.
************************
Associated Press
Protesters Tear Up Japan ID Numbers
Mon Aug 12, 5:10 AM ET
By NATALIE OBIKO PEARSON, Associated Press Writer
TOKYO (AP) - Protesters tore up government notices assigning them ID
numbers at Japan's Public Management Ministry in downtown Tokyo on Monday,
the latest civil disobedience against the new nationwide resident registry
system.
Outfitted in prison stripes and cow costumes, the demonstrators denounced
the "Juki Net" residents network set up last week, implying that it treats
them like convicts or cattle. It links all citizens' personal data on a
national computer network.
The protesters decried it as a "Big Brother" system.
"We don't want to be administered by numbers or have our information
monitored!" read one banner. Some of the protesters had bar codes painted
on their faces.
By assigning each of Japan's 126 million citizens an 11-digit ID
number much like the U.S. social security ( news - web sites) system the
government says it will be able to streamline administrative procedures.
The system is supposed to make it easier and faster for officials anywhere
in the country to verify anyone's basic personal information. Officials say
once the system is fully operational, residents will be able to obtain
everything from passports to pensions from any local government office.
"The information will not be used indiscriminately by the government. It is
to be used solely for verifying residence-related information," Public
Management Ministry spokesman Tatsuro Yoshiyama said.
So far, the network can only be used to issue proof-of-residence
documents needed to open a bank account or apply for a driver's license.
Eventually, the system will cover more than 260 administrative procedures.
But not everyone agrees that convenience should be the deciding factor.
Many have expressed worries about possible leaks and abuses of personal data.
"This system only makes things easier for bureaucrats, not for private
citizens," said Keiko Fukuda, a 40-year-old piano teacher from Tokyo.
"Besides, you only have to go a couple times a year to the city office. I
just don't think it's necessary."
************************
Federal Computer Week
Laptops lost, stolen at Justice
Sensitive information 'could compromise national security,' Justice IG reports
More than 400 laptop computers at Justice Department agencies and bureaus
that stored sensitive information have been lost or stolen, according to
the department's Office of the Inspector General.
"It is possible that the missing laptop computers would have been used to
process and store national security or sensitive law enforcement
information that, if divulged, could harm the public," according to the IG
report.
The FBI lost 317 laptops, which represents 2 percent of the total 15,000
laptops in its inventory, according to the report. The U.S. Marshals
Service lost 56. The Federal Bureau of Prisons reported 27 missing laptops,
out of an inventory of 2,690. The Bureau of Prisons and the Marshals
Service's audits cover laptop computers reported lost, stolen or missing
from October 1999 to August 2001, and the FBI's audit covers equipment
reported missing from October 1999 to January 2002.
The Drug Enforcement Administration could not provide the IG with the
number of lost or stolen laptops because of the "unreliability of data,"
according to the report.
"The loss of these items is significant because of the sensitive nature of
the missing property," Justice IG Glenn Fine says in the audit. "The
information contained on these laptop computers could compromise national
security or jeopardize ongoing investigations."
Before last year, the FBI had not taken a complete inventory of laptop
computers in almost a decade, breaking an agency policy that requires
inventory to be taken every two years, Fine said.
In a statement, FBI officials said they are tightening inventory control by
strictly enforcing rigorous and regular property accounting procedures,
promising a prompt and robust response to the loss of any sensitive
property, such as a laptop, and defining and enforcing individual liability
for negligently lost property.
"We commend the inspector general and his staff for thorough investigation
into this matter involving unaccounted-for laptop computers," according to
an FBI statement released last week.
John Pike, a former defense analyst at the Federation of American
Scientists and now director of GlobalSecurity.org, said the loss and theft
of laptop computers is a problem that will continue to plague agencies
regardless of security measures. "It is a known fact that these laptops
have been known to get up and walk off by themselves," he said.
But Pike was not optimistic that the FBI's controls would be successful.
"Personally, I think the problem is going to get a lot worse once the
Trilogy system is completed."
Trilogy is the FBI's $400 million information technology upgrade that will
provide FBI agents with improved access to investigation files and other
information. The IG report listed a series of recommendations for Justice
agencies to follow. The proposals include:
* Using bar codes and scanning devices to better track sensitive property.
* Tightening requirements for reporting the loss of laptop computers.
* Revising the guidelines for retrieving sensitive property from employees
who leave.
* Requiring that laptop computer disposal documents certify that all
sensitive information has been removed from the laptops' hard drives before
the computer has been discarded.
As a result of the IG's recommendations, FBI officials said they could
strengthen and better enforce current policies and practices as well as
apply new security procedures (see box).
"It is possible to reduce the number of lost or stolen laptops within these
agencies, but I truly believe that there is no way to completely eliminate
the problem," Pike said.
***
Keeping Track
The FBI, which is missing 317 of the more than 400 laptops lost or stolen
at the Justice Department, plans to tighten its policies. The FBI will:
* Conduct inventories of sensitive property, such as weapons and laptop
computers, every year instead of every other year.
* Establish firm deadlines for employees to report the loss or theft of FBI
property to their supervisors and for supervisors to report to
headquarters, for the Office of Professional Responsibility to initiate and
complete investigations and for employees to enter losses into the National
Crime Information Center, when appropriate.
* Improve disciplinary measures applied to employees who lose a laptop or
have one stolen from them.
* Strengthen the policy for proper storage of FBI property outside the office.
* Ensure that when employees leave the bureau, all property is accounted
for and reimbursement is made for any missing property.
* Improve the documentation of the destruction of excess laptop computers
and hard drives.
****************
Federal Computer Week
Report: Creativity needed
Homeland security requires unusual approaches to R&D, presidential council
sa Homeland security research and development must use unusual yet proven
practices from the public and private sectors to increase the likelihood
that the federal government can successfully combat terrorism, according to
a draft report approved last week by a presidential council.
The report, prepared by the President's Council of Advisors on Science and
Technology (PCAST), outlines an organization for the proposed Homeland
Security Department that takes advantage of the government's resources
while incorporating the flexibility of the private sector.
"It's very rare to have a clean canvas to start out with," said Norm
Augustine, former chairman of Lockheed Martin Corp. and co-chairman of the
PCAST panel that wrote the report.
PCAST is composed of 23 industry and academic leaders including the
chairman of Dell Computer Corp. and the president of the Georgia Institute
of Technology. PCAST's co-chairman is John Marburger III, the director of
the White House Office of Science and Technology Policy.
The report states that homeland security R&D does not fit into the
traditional science and technology research model. Combating terrorism will
require research into other sciences, such as social behavior and
psychology. Homeland security R&D must be flexible enough to take into
account those elements.
Indeed, R&D flexibility "is essential," said James Lewis, director of
technology and public policy at the Center for Strategic and International
Studies. "Just dumping information technology on top of a problem doesn't
do any good. You have to have the analytical capability, and that will come
from a mix of sciences. They will need to bring in the social sciences."
The report recommends an undersecretary for science and technology who
would be responsible for the R&D strategy and budget from concept
development to product implementation. This would ensure that priorities
are balanced across the department and that the best technologies are
bought and deployed correctly.
The report also recommends that the department have managerial flexibility,
which would enable scientists to react to changes in science and technology
research.
Part of that flexibility includes creating an independent advisory body for
the undersecretary, an organization that would function like a federally
funded R&D center, a model the Defense Department uses. A group such as
Mitre Corp. would assist with systems analysis and support systems
engineering, and perform tests to find flaws or gaps in existing solutions.
That way, "it's easier to stay at the cutting edge," Lewis said.
The report recommends creating other organizations within the department,
and each would need similar managerial flexibility, such as a rapid
prototyping capability, which puts development of promising new
technologies on a fast track (see box).
PCAST rushed to approve the report on Aug. 5 so that once the public
comment period is closed at the end of the month, the document can go to
the White House and then Congress as the final decisions are made on the
proposed department's structure, said Floyd Kvamme, co-chairman of PCAST.
"I think the report has come out nicely, and it will be a good starting
point," Marburger said. "I know the president is looking forward to it."
The report is welcome reinforcement of the organizational recommendations
made in the National Academies' June study on R&D priorities for the
proposed department, said Lewis Branscomb, co-chairman of the study.
And several ideas from the report are already reflected in the House
version of the homeland security bill, so "I would think that this PCAST
report will be very helpful in the conference [meetings] to help bring the
House and Senate versions together," Branscomb said.
Congress may take a serious look at the report because of the high-powered
members on PCAST, Lewis said.
"It's a range of people who have some political clout," he said. "So if
they're coming out and supporting [the report's concepts], then it's more
likely Congress will pay attention."
***
Getting ahead
The President's Council of Advisors on Science and Technology issued a
report last week recommending a structure for the research and development
functions of the proposed Homeland Security Department. Among the
recommendations are:
* A homeland security national laboratory, focused on high-payoff but
high-risk, long-term goals.
* An operational test and evaluation center to validate the performance of
newly developed solutions.
* A rapid prototyping group, which would conduct fast-track development of
promising new technologies.
* Specialized development groups, structured around technologies and
focused on cybersecurity, information management and other issues.
***********************
Federal Computer Week
Congress 'taming e-mail monster' Members of Congress have made strides
toward handling the stream of e-mail messages that clogs their portion of
cyberspace, according to a new study.
Although the volume remains at staggering levels the House and Senate
received 117 million inbound messages in 2001 both sides are taking
advantage of information technology solutions, such as filters and
Web-based forms, an Aug. 7 special report by the Congress Online Project
found (www.congressonlineproject.org). Also, the growth rate of e-mail
reaching the House has slowed this year.
"Congress is becoming more competent at taming the e-mail monster," said
Brad Fitch, deputy director of the Congressional Management Foundation, the
Congress Online Project's parent organization.
The report updates a study released in March 2001 that described how
members were "literally drowning in a sea of email," Fitch said. Now they
seem to have swum to the surface just in time to deal with an ever-growing
demand.
Consider the following: Last year, 13 million Americans participated in an
online lobbying campaign, 23 million sent comments to public officials
about policy choices, and 68 million visited a government Web site,
according to an April 2002 report by the Pew Internet and American Life
Project.
On a typical day in 2001, House offices received 234,245 messages, Senate
88,009.
"More people are going online," Fitch said. "It's just that Congress is
getting better at handling those communications."
A number of measures are contributing to this rosier picture. More offices
are answering e-mail with e-mail, replacing their public e-mail addresses
with Web-based forms, and using filters to weed out spam.
Further reducing the overload, private-sector and grassroots communities
have become more sophisticated and better at helping constituents tailor
messages to individual members instead of the entire institution.
"Groups are getting smarter about how to e-mail Congress," said Bob Hansan,
president and chief executive officer of Capitol Advantage, which creates
online tools for special-interest groups. And "Capitol Hill is finally
getting the message that electronic [messaging] is here to stay and they're
learning to manage it."
The payoffs have been great. The House experienced a "surprising" drop in
the rate of e-mail growth during the past six months, according to the
study. The number of inbound messages is projected to increase by 2.5
percent this year, in contrast with a 78 percent surge in 2001.
The Senate, however, is not expected to see a similar respite. Its e-mail
volume is estimated to go up 24 percent, 2 percent more than it did last year.
Experts attribute this to it being a transition time for the Senate, which
is upgrading its e-mail system. It also has been slower to adopt Web-based
forms than the House and probably gets more spam, Hansan said.
************************
Government Computer News
Army taps pair of vendors to compete for battlefield network project
By Dawn S. Onley
The Army Communications Electronics Command on Friday chose teams led by
Lockheed Martin Corp. and General Dynamics Corp. for a fly-off competition
to build the $6.6 billion Warfighter Information Network-Tactical.
Under the fly-off contracts, worth up to $75 million each, the vendors will
spend a year setting WIN-T risk management, technology readiness and
coordination plans.
As part of this first phase, the service wants Lockheed Martin and General
Dynamics to identify how WIN-T will mesh with other Army programs, such as
the Future Combat System, Joint Tactical Radio System and the Objective
Force Warrior, the Army's high-tech vision for 21st-century combat forces.
Through the WIN-T program, the Army plans to build a high-speed,
high-capacity network for wired and wireless voice, data and video
communications for soldiers on the battlefield, whether they are riding in
combat vehicles, manning radio systems or located at stationary command posts.
During Phase 2, which will run 23 months, the teams will develop prototype
systems for government testing. By 2006, the Army wants to pick one of the
two vendors to begin rolling out WIN-T.
************************
Government Computer News
State will promote cybersecurity guidelines
By Wilson P. Dizard
The State Department is endorsing the development of a "culture of
security" as described in the Organization for Economic Cooperation and
Development's new guidelines for protecting systems.
OECD, an economic analysis agency in Paris, was founded after World War II
to coordinate international development. Its support comes from Western
European countries, Australia, Canada, Japan and the United States. In
recent years, however, it has been overshadowed by the European Union, the
Association of South East Asian Nations and the group of seven leading
democratic economies, or G-7.
Last week, OECD issued Guidelines for the Security of Information Systems
and Networks: Toward a Culture of Security. The new document, which
replaced 1992 guidelines, stresses awareness and responsibility when
developing systems security programs. The organization developed the
guidelines in response to a U.S. proposal. Originally, OECD had planned to
issue the guidance next May, but it accelerated the process.
State said it will encourage businesses, the public and governments to use
the guidelines to bolster IT security. It said it is developing outreach
plans to promote the guidelines.
************************
Government Executive
Trade bill includes billions for border security technology
By William New, National Journal's Technology Daily
The bill to renew presidential trade-negotiating authority passed by the
Senate Thursday includes billions of dollars earmarked for new border
security technologies and contains explicit negotiating objectives on
e-commerce and services.
The Senate passed the bill, H.R. 3009, by a vote of 64-34. Sections of the
bill that would reauthorize the Customs Service have attracted mixed
reactions from the high-tech industry and civil liberties groups.
"It's good for Customs, and it's good for the tech industry because it
provides the funds to modernize the system and gives us an opportunity to
do the work," said former customs attorney Joseph Tasker, now senior vice
president at the Information Technology Association of America.
The Customs portion of the bill would authorize $1.37 billion in fiscal
2003 and $1.4 billion in fiscal 2004 for the agency's non-commercial
operations, and $1.64 billion in fiscal 2003 and $1.68 billion in fiscal
2004 for commercial operations.
The money would include $308 million each year to modernize Customs
procedures through the completion of the Automated Commercial Environment
computer system.
In addition, $90 million would be spent in fiscal 2003 to acquire and
implement technology to combat terrorism and illicit narcotics at U.S.
borders. The technologies include a variety of X-ray mechanisms,
communications systems, surveillance cameras, sensors and software to read
license plates. In fiscal 2004, the focus would turn to "technologically
superior" equipment.
The American Civil Liberties Union (ACLU) on Wednesday raised privacy
concerns about the Customs sections, including a proposal that it
characterized as "unwarranted" immunity for Customs officials from legal
cases arising from their searches of people or property if they were acting
in "good faith." ACLU also criticized a provision that would allow Customs
officials to open sealed, outbound international mail for any reason.
"The problem with this provision is that it is taking away judicial
oversight," ACLU legislative counsel Rachel King said. "What is scary about
this is how we are just eliminating checks and balances in our system."
Another provision would mandate advanced electronic information on incoming
cargo. The Treasury Department, which currently includes Customs, would
have to promulgate rules for Customs within one year for the use of an
electronic data-interchange system. The detailed parameters for the
information that the Senate previously sought were softened to become
"guidelines" in the House-Senate compromise version of the measure.
The bill also would authorize $10 million in fiscal 2003 to implement a
program to prevent child pornography and exploitation established by
Customs' Child Cyber-Smuggling Center.
And trade negotiators would be directed to ensure that electronically
delivered goods and services receive the same treatment as physically
delivered goods, among other objectives.
Americans for Technology Leadership in a statement Thursday urged the
Senate to quickly pass the trade bill. The group said passage would "ensure
the growth of the technology industry by opening new markets and giving our
technology companies the opportunity to sell their products in markets that
are not currently open to American companies."
**************************
Computerworld
Update: NASA investigating hacker theft of sensitive documents
By DAN VERTON
WASHINGTON -- NASA cybercrime investigators are looking into the theft of
militarily significant design documents pertaining to the next generation
of reusable space vehicles.
The documents, which are restricted under current export laws from being
shared with foreign nationals or governments and are also strictly
controlled under the International Trafficking in Arms Regulations (ITAR),
were obtained by Computerworld from a hacker who claims to be based in
Latin America.
The documents were authored by contractors from The Boeing Co. and a joint
venture between East Hartford, Conn.-based Pratt & Whitney and Sacramento,
Calif.-based Aerojet. All of the vendors also labeled the documents
"competition sensitive," and while it is not yet clear whether sensitive
data on military and commercial technologies may have been compromised,
defense and intelligence experts said the incident could have both national
security and political ramifications.
Bob Jacobs, a spokesman for NASA, confirmed that the documents contain
sensitive military information and should have been stored in a closed
database. There is no information on how or from where the documents were
stolen, and investigators couldn't confirm whether a hacking incident had
taken place.
However, a hacker known only by the nickname RaFa, a former member of the
now defunct World of Hell Hacker gang, uploaded to a Web site more than
43MB worth of documents, including a 15-part PowerPoint presentation that
included detailed engineering drawings. The documents also included
detailed mechanical design information on the COBRA space shuttle engine
design program, and the risk reduction plan for the Boeing TA4 Advanced
Checkout, Control & Maintenance System (ACCMS). The ACCMS is essentially
the ground control system for the next generation of space shuttles.
NASA's 2nd Generation Reusable Launch Vehicle (RLV) program is part of the
agency's long-term Space Launch Initiative, a multibillion-dollar effort to
design a new, safer and more efficient space transportation architecture by
2005. The Defense Department is a key partner in the effort because of its
interest in the RLV program's applicability to military satellite programs
and future military space plane designs.
After Computerworld broke the story of the NASA hacking on its Web site
Thursday afternoon, RaFa told the publication that he didn't understand the
sensitivity of the information he had, and he acknowledged that he has
shared the documents with hackers in France.
RaFa also showed Computerworld evidence of a second hack into systems at
NASA's White Sands Test Facility. He produced dozens of user accounts and
claimed to have used an anonymous FTP vulnerability to conduct both hacks.
The incident may not be an isolated one. When asked how easy or difficult
it is to crack into NASA systems, a hacker by the nickname Hackah Jak, a
member of the defacement group known as Hackweiser, replied, "Who hasn't
hacked NASA?"
"Anyone can put together a scanner and in a few minutes have access to a
few government systems," the hacker said. "In fact, many hackers sit around
and break into government systems just to secure them because they feel
that the government is way too lazy."
Breaking into the systems allows hackers to show system administrators
where vulnerabilities are, Hackah Jak said.
Regarding the stolen NASA documents, "These particular records would
probably be of most interest to a country trying to build their own space
launch vehicle," said Steven Aftergood, an analyst at the Federation of
American Scientists in Washington. However, "I'm not sure that anyone else
could use them either for good or ill."
On the other hand, "the ITAR provisions are quite strict, and they entail
serious penalties for violations," said Aftergood. "If a private person
transferred ITAR documents abroad, he could be subject to hefty fines or
jail time."
Allen Thomson, a former CIA scientist, said this type of information would
likely be of interest to so-called "peer competitors" in the commercial and
military space market, such as Russia and Japan. However, the general
concern is that the documents could contain information that would be of
use in countering the capabilities of a military version of the RLV, said
Thomson.
John Pescatore, an analyst at Stamford, Conn.-based Gartner Inc., said the
disclosure of the documents on the Internet is "a very bad thing," mainly
because it may represent only "the tip of the iceberg."
"Many limited distribution documents can be aggregated to indicate very
sensitive information," said Pescatore. "Another problem is the ability for
someone to modify one of these documents and put it back where they found
it -- there are many more possibilities for damaging incidents under that
scenario, too."
Walt Rice, a spokesman for Boeing, said the company doesn't have enough
information on the incident to comment. However, it plans to offer any
assistance to NASA investigators that is requested. Patrick Louden, a
spokesman for Pratt & Whitney, said the company is deferring all comment on
the incident to NASA.
**************************
USA Today
FCC mulls ways to protect digital TV broadcasts from piracy
WASHINGTON (AP) The Federal Communications Commission stepped up pressure
on the technology, entertainment and consumer electronics industries on
Thursday to end a long-running dispute over protecting digital television
broadcasts from piracy.
With key members of Congress already threatening to legislate some form of
digital security, the FCC said it will consider whether to mandate a
so-called broadcast flag on digital programming. The broadcast flag is an
electronic marker that could tell DVD recorders and other devices not to
record those programs.
It is aimed at preventing widespread copying and distribution over the
Internet, which commissioners called a hurdle in the transition to digital
TV. (See related story: FCC to require digital tuners in all TVs by 2007)
Broadcasters have been reluctant to embrace digital TV until security
measures are in place to prevent bootlegging. Digital programming can be
copied and widely distributed via the Internet, with no degradation in quality.
"Given digital media's susceptibility to piracy, the issue of content
protection must be resolved before broadcasters will make new, innovative
and expensive digital content widely available," Commissioner Michael Copps
said.
FCC Chairman Michael Powell said the issue is tricky because there is a
"delicate balance" between protecting creative work from unauthorized
reproductions and insuring consumers' long-held rights to make copies for
their own use.
A group of Silicon Valley and Hollywood executives reached a partial
consensus in June, agreeing that there should be a broadcast flag that
would allow for personal copies, but prevent bootlegging. The agreement
represented an unusual degree of cooperation between the content and
technology industries, which have argued for years over who should take
responsibility for controlling rampant piracy.
But the parties could not agree on several key issues, including the scope
of the protection and how to enforce new security measures.
Copps and others said the specter of FCC involvement could spur agreement
on the remaining issues "or they will face a solution imposed on them in
the near-term future."
Some in the entertainment industry have said they would welcome regulation
or legislation. Technology executives doubt that a marker would be
effective, arguing that the rapid pace of change in their field means no
safeguard survives for long.
Consumer groups and electronics makers worry that new rules could make
equipment obsolete and also restrict viewers' rights to make copies for
their own use.
The FCC set a deadline of Oct. 30 to receive comments on whether a
broadcast flag would be effective and whether the FCC should mandate its use.
*********************
Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx