Clips August 16, 2002

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips August 16, 2002

ARTICLES

Justice puts limits on TIPS
NIPC seeks cyberalert support
Cyber Corps funding boosted
Energy turns on link to Internet2
Miller joins Homeland transition
Web security is hit-or-miss at local level
Senator asks OMB to tackle problem of missing government computers
Sleuths Invade Military PCs With Ease
Audit Shows More PCs At the IRS Are Missing
Computer Programmers Rally for Bill
FBI agent charged with hacking
Firms push for homeland-security work
Talk City users upset by site's shuttering
Internet Address Retailers Join Debate Over ICANN Future
U.S. Aiding Asia-Pacific Anti-Cybercrime Efforts
Airlines, FAA turn to Web for security, flight planning
Steering wheel TV installers under scrutiny
E-mail becoming crime's new smoking gun
Japanese embrace inexpensive Net phone calls
Navy taps private industry for new defense technology
The Trouble with Software Patches
Microsoft to change Passport privacy statements as part of legal settlement
Anti-spam system launched
Norton Antivirus Tackles Instant Messaging

****************************
Federal Computer Week
Justice puts limits on TIPS

The telephone installer won't be using the terrorism TIPS hot line to 
report what he sees in your house after all. And the mailman won't e-mail 
messages about you to the FBI.

Operation TIPS will go on, but without help from tens of thousands of 
workers whose jobs give them access to homes and private property, the 
Justice Department has decided.

The department's Bureau of Justice Assistance plans to give $800,000 to the 
National White Collar Crime Center (www.nw3c.org) to set up an 
Internet-based system and a telephone hot line that workers in certain 
industries can use to report activity or incidents that might indicate 
terrorist activity.

The National White Collar Crime Center, a nonprofit organization, plans to 
establish a system that automatically forwards information from callers and 
e-mailers to local, state and federal law enforcement agencies, the Justice 
Department reports. Data will not be stored in a central government 
database, Attorney General John Ashcroft has said.

Initially, the Justice Department hoped to enlist a broad range of workers 
in the TIPS program, including letter carriers, utility workers, cable TV 
installers and others whose jobs regularly take them into communities.

But an outcry over the idea of enlisting service workers to spy in American 
homes prompted the department to narrow its army of informants. 
Participation in the program now will be limited to workers in the 
transportation, trucking, shipping, maritime and mass transit industries, 
and they are to report only what they observe in public places, the Justice 
Department announced.

"It's a relief that utility workers or letter carriers will not be 
recruited to snoop on private activity in our homes," said Rachel King, a 
legislative counsel for the American Civil Liberties Union. But it's "still 
troubling that armies of truckers, dockworkers and railway personnel 
untrained in the demands of our civil liberties will be enlisted to snoop," 
King said. "America should never be a place where citizen is pitted against 
citizen."

Justice Department officials have said that the incident reporting hot line 
and Web site could help police across the country "connect the dots" during 
a terrorist attack by alerting police to separate terrorist strikes 
occurring in multiple locations.

The National White Collar Crime Center was hired by the Justice Department 
immediately after the terrorist attacks of Sept. 11 to operate a Web page 
(https://www.ifccfbi.gov/complaint/terrorist.asp) where the public can 
report information related to terrorist activity to the FBI. The page has 
received more than 200,000 tips.
**************************
Federal Computer Week
NIPC seeks cyberalert support

The National Infrastructure Protection Center this week issued a request 
for quotations to get contractor support for its Analysis and Warning 
Section  the group that provides cybersecurity alerts and advice to the 
public and private sectors.

The statement of work outlines several requirements the NIPC is looking for 
a contractor to fill, including:

* Supporting the center's ability to identify and predict security threats 
and trends.

* Performing analysis and assessment of threat information.

* Providing historical incident data.

* Distributing the information to partners and the general public.

The General Accounting Office and many outside organizations have 
criticized the NIPC for its slow response time to potential and immediate 
threats. During the past year, the center has formed many partnerships with 
information-sharing organizations created in the public and private sectors.

The NIPC resides within the FBI, and although it is an interagency group, 
it is staffed mainly by FBI agents and personnel. Under a Bush 
administration proposal, the center will become part of the proposed 
Homeland Security Department's information analysis and infrastructure 
protection function.

The General Services Administration's Federal Computer Incident Response 
Center is another group that would move into that function. FedCIRC 
provides analysis and warnings specifically for federal civilian agencies 
and last year signed a support contract with Global Integrity, a security 
services provider.
**********************
Federal Computer Week
Cyber Corps funding boosted

The government's Scholarship for Service program is getting an infusion of 
new money, thanks to the supplemental funding bill signed by President Bush 
Aug. 2.

The supplemental included $19.3 million for the program, which offers 
scholarships to undergraduate and graduate students studying information 
assurance in exchange for two years of government service in the federal 
Cyber Corps. The program also funds capacity building programs.

About $8 million of the $19.3 million will go toward expanding the program 
to four new schools, said Ernest McDuffie, program director for the 
Scholarship for Service program at the National Science Foundation, which 
runs the program.

The four schools, which have not yet been named, will be added to the 11 
institutions that now participate in the scholarship program. They will be 
chosen from a list of "highly ranked proposals" that have been submitted 
but were not previously funded because of lack of money, McDuffie said.

The remaining money will be used to help the schools already involved in 
the scholarship program increase the number of students that can 
participate, McDuffie said.

The extra funding will help double the size of the scholarship program, 
from more than 100 students within the next six months to 200 to 300 
students within the next two to three years, McDuffie said.

Preston Gillmore, a Scholarship for Service graduate student at the 
University of Tulsa, said the plan to expand the program is a wise one 
because "there are not enough trained network security professionals 
available for either the public or private sectors."

However, program officials should "allow the schools to continue to expand 
their programs to create more information assurance instructors and to 
adequately compensate their existing instructors," so that the program can 
handle the increase in students, he said.
****************************
Federal Computer Week
Energy turns on link to Internet2

The Energy Department's Oak Ridge National Laboratory officially threw the 
switch Aug. 14 to connect part of the federal government's next-generation 
Internet initiative to the university-run Internet2.

The high-speed network connection from the Energy Sciences Network, or 
ESnet, will transmit data between the lab and universities on the Southern 
Crossroads network at up to 20 times faster than a typical Internet 
connection. This means that files that previously took hours to download, 
could take only seconds, according to officials from Oak Ridge.

The ESnet connection will be made through the Chattanooga, Tenn., "offramp" 
created by Oak Ridge and IBM Corp. last year.

ESnet, which is supported by Qwest Communications International Inc., is 
one of several high-performance research networks across government 
included in the Next Generation Internet program, now called the Large 
Scale Networking program. Other networks, supported by other vendors, are 
run by agencies including NASA, the Defense Department and the National 
Science Foundation.

The high-speed Internet backbone is necessary for many scientific research 
initiatives that transmit huge data, voice and video files. Researchers at 
Oak Ridge said they expected to see the new connection have an immediate 
impact on several projects  including a $20 million study into how oceans 
will affect the Earth's climate in the future  that need the increased 
transmission speeds to keep up with the computing power used.

The Large Scale Networking and Internet2 programs are research projects 
themselves, testing the limits of the next version of Internet Protocol, IPv6.

"The network forms a test bed that will serve as the basis for network 
research and development that will carry DOE's computational mission 
forward for the next five to 10 years," Thomas Zacharia, associate lab 
director of the Computing and Computational Sciences Director at Oak Ridge, 
said in a statement.

"Soon we will need to transport petabyte-size files, and this network and 
the research it enables will be crucial," he said.
************************
Federal Computer Week
Miller joins Homeland transition

Starting today, Ronald Miller, the Federal Emergency Management Agency's 
chief information officer, will take his involvement with the proposed 
Homeland Security Department one step further as he becomes a member of the 
administration's Transition Planning Office.

President Bush created the office by executive order June 20 to lead the 
administration's efforts in laying the foundation for the more than 22 
federal organizations that will move to the proposed department.

Tom Ridge, the president's homeland security adviser, serves as director of 
the office within the Office of Management and Budget.

Miller has been working for months with a team of federal information 
technology officials under OMB and the Office of Homeland Security to 
develop the IT architecture for the proposed department. Most recently, he 
served on the investment review team considering which planned IT 
investments will go forward to support the proposed department.

Rose Parks, FEMA's deputy CIO, will serve as acting CIO while Miller is on 
detail to the transition office, Miller said.
**************************
Government Computer News
Web security is hit-or-miss at local level
By Wilson P. Dizard III

More than half of local governments surveyed recently said they did not 
have policies and procedures in place for Web site security, according to 
the International City/County Management Association. ICMA reported that 
55.8 percent of local government respondents lacked online security 
policies, and 44.2 percent of the governments did have policies.

ICMA's survey of counties and municipalities with populations greater than 
2,500 generated 4,123 responses.

Two-thirds of the respondents said their security practices remained 
unchanged after the Sept. 11 terrorist attacks. Less than 18 percent 
reported that they planned to purchase additional network security 
equipment or services, and 15.1 percent said they would make major changes 
to existing security processes and practices. Ten and a half percent of 
respondents said they had removed information from their Web sites for 
security reasons.

Three-quarters of the governments polled said they conduct Web site 
operations and management with their own staff.

For additional survey results, visit 
icma.org/download/cat15/grp120/sgp224/egov2002web.pdf.
**************************
Government Executive
Senator asks OMB to tackle problem of missing government computers
By Tanya N. Ballard
tballard@xxxxxxxxxxx

A lawmaker urged the Office of Management and Budget Thursday to tackle the 
problem of missing computers at several federal agencies.


"I'm worried that just as dryers have the knack of making socks disappear, 
the federal government has discovered a core competency of losing 
computers," Sen. Charles Grassley, R-Iowa, wrote in an Aug. 15 letter to 
OMB Director Mitch Daniels.

In recent weeks, the Justice Department and several of its agencies, 
including the Immigration and Naturalization Service and the FBI; the 
Defense Department; and the Customs Service have all reported that 
computers have been lost or stolen. On Thursday, an audit by the Treasury 
Department's inspector general for tax administration (TIGTA) revealed that 
the Internal Revenue Service could not account for thousands of computers 
used by volunteers in a tax assistance program.

"This inventory control problem is serious and must be addressed," Grassley 
said in a statement issued Thursday. "It involves tax dollars and 
potentially confidential taxpayer information and data related to national 
security and criminal investigations."

The agency also cannot verify that taxpayer information had been removed 
from the missing computers before they were lost or stolen, Grassley said.

"The fact that the IRS cannot account for this equipment is troubling, 
particularly given that, and I quote the TIGTA report here, 'Every year 
since 1983 the IRS has reported a material weakness with respect to its 
inventory controls in its annual assurance statement to the Department of 
the Treasury,'" Grassley said. "TIGTA's report notes that these problems 
are not new and previous TIGTA reports highlighted the issue, made 
suggested corrections and the IRS has not acted."

Based on recommendations from the inspector general, IRS officials agreed 
to conduct an inventory of the equipment used in its volunteer programs, to 
temporarily stop buying computer hardware and to issue guidance requiring 
managers to delete taxpayer information from volunteer computers after tax 
filing season. Grassley said he was concerned that IRS would not keep its 
promises and asked agency officials to inform him when the changes were made.

In his letter to Daniels, Grassley praised the OMB director's efforts to 
eliminate waste, fraud and abuse in other areas of the government and asked 
him to take "aggressive action to control government inventory."


"This most recent report highlights what appears to be a disturbing trend 
of government coming up short as stewards of the taxpayers' money," 
Grassley wrote. "Fortunately, inspector general reports show that there are 
a few government agencies that have been exemplary in accounting for 
taxpayer money. Clearly, it is possible for government agencies to account 
for their computers."
***************************
Washington Post
Sleuths Invade Military PCs With Ease
By Robert O'Harrow Jr.

SAN DIEGO, Aug. 15 -- Security consultants entered scores of confidential 
military and government computers without approval this summer, exposing 
vulnerabilities that specialists say open the networks to electronic 
attacks and spying.

The consultants, inexperienced but armed with free, widely available 
software, identified unprotected PCs and then roamed at will through 
sensitive files containing military procedures, personnel records and 
financial data.

One computer at Fort Hood in Texas held a copy of an air support squadron's 
"smart book" that details radio encryption techniques, the use of laser 
targeting systems and other field procedures. Another maintained hundreds 
of personnel records containing Social Security numbers, security clearance 
levels and credit card numbers. A NASA computer contained vendor records, 
including company bank account and financial routing numbers.

Available on other machines across the country were e-mail messages, 
confidential disciplinary letters and, in one case, a memo naming couriers 
to carry secret documents and their destinations, according to records 
maintained by ForensicTec Solutions Inc., the four-month-old security 
company that discovered the lapses.

ForensicTec officials said they first stumbled upon the accessible military 
computers about two months ago, when they were checking network security 
for a private-sector client. They saw several of the computers' online 
identifiers, known as Internet protocol addresses. Through a simple 
Internet search, they found the computers were linked to networks at Fort Hood.

Former employees of a private investigation firm -- and relative newcomers 
to the security field -- the ForensicTec consultants said they continued 
examining the system because they were curious, as well as appalled by the 
ease of access. They made their findings public, said ForensicTec President 
Brett O'Keeffe, because they hoped to help the government identify the 
problem -- and to "get some positive exposure" for their company.

"We were shocked and almost scared by how easy it was to get in," O'Keeffe 
said. "It's like coming across the Pentagon and seeing a door open with no 
one guarding it."

In response to an inquiry by The Washington Post, military investigators 
this week confirmed some of the intrusions at Fort Hood, saying they were 
occurred on PCs containing unclassified information. Senior officials said 
they are preparing an Army-wide directive requiring all shared computer 
files containing sensitive information to be password-protected. Sensitive 
information includes such items as Social Security numbers, confidential 
plans and so on, officials said.

The Army has never before focused so intently on the security of desktop 
computers containing unclassified data, but it is doing so now because so 
many more machines are linked to vulnerable networks, officials said. These 
systems are not as strictly secured because they are not supposed to 
contain or communicate any classified material. More secure networks are 
typically not linked to the Internet and employ much more stringent 
safeguards, including procedures to authenticate the identities of computer 
users.

"Everything is connected," said Col. Thaddeus Dmuchowski, director of 
information assurance for the Army. "Our 'defense in-depth' has to go down 
to the individual computer."

ForensicTec's electronic forays show that the government continues to 
struggle with how to close off systems to prying eyes -- including 
terrorists and foreign agents -- after a presidential directive last fall 
making cybersecurity a national priority.

That struggle was underscored by a General Accounting Office report last 
month that concluded the government wasn't doing an adequate job 
coordinating efforts to protect its online systems. Next month, the White 
House's new Critical Infrastructure Protection Board will release a 
sweeping national plan intended to bolster computer security.

None of the material made available by ForensicTec appears to be 
classified. But government and private specialists said that such open 
systems pose a threat because compromised machines may contain passwords, 
operational plans or easy pathways to more sensitive networks.

They also could be used to mount an electronic attack anonymously or to 
gather enormous amounts of unclassified information to gain insight about 
what an agency or military unit is privately contemplating, specialists said.

"If you had an organized spy effort, that would be the real concern," 
Richard M. Smith, an Internet security consultant based in Cambridge, 
Mass., said of ForensicTec's findings. "This is a widespread problem."

Kevin Poulsen, another security specialist, worries that an intruder could 
place onto an unsecured network malicious software such as a virus, worm or 
Trojan horse program that could wind up on more-sensitive networks as 
desktop machines migrate from one place to another.

"The government is now lagging behind the sophisticated Internet users, 
when they should be leading," said Poulsen, editorial director of 
SecurityFocus, a Web site devoted to such matters.

A spokesman for the Pentagon agency responsible for computer network 
defense said he could not discuss the ForensicTec activity because the 
vulnerabilities are under investigation. Maj. Barry Venable, a spokesman 
for the U.S. Space Command, said the military takes seriously all such 
intrusions, even if the system entered does not contain classified data. He 
said hackers rarely gain control of military computers.

"Even one successful intrusion or instance of unauthorized activity is too 
many," he said. "The services and DOD agencies are working hard to educate 
their computer users and administrators to practice and implement proper 
computer security practices and procedures in a very dynamic information 
environment."

The issue of computer security has become more pressing in recent years as 
vastly more computers and networks have been linked to the Internet. Many 
public and private computers still have not been properly configured to 
block outsiders, and security components of operating software often are 
left set on the lowest default level to ease installation.

Even though it's a felony under U.S. law to enter a computer without 
authorization, the number of intrusions has skyrocketed, according to data 
collected by the CERT Coordination Center at Carnegie Mellon University. 
The number of incidents reported to CERT -- the leading clearinghouse of 
information about intrusions, viruses and computer crimes -- increased from 
406 in 1991 to almost 53,000 last year.

Howard Schmidt, vice chairman of the White House Critical Infrastructure 
Protection Board, said officials have been crisscrossing the country to 
push for better practices. But he acknowledged that many individuals still 
don't take rudimentary precautions, such as adopting passwords more complex 
than "password" or a pet's name. And system administrators often do not fix 
known flaws with widely available software "patches."

Schmidt said the board's strategy, to be announced next month, will provide 
clearer guidance about how to achieve better security for government 
agencies and businesses alike. A crucial element will be to encourage 
people to follow through on existing rules and procedures.

"This reinforces to us that there's still a lot of work to be done," he 
said of the ForensicTec findings. "It's more than technology. . . . It's 
people not following the rules, people not following the policies."

The GAO report last month said the "risks associated with our nation's 
reliance on interconnected computer systems are substantial and varied," 
echoing a series of earlier reports chronicling the government's inability 
to secure its computers.

"By launching attacks across a span of communications systems and 
computers, attackers can effectively disguise their identity, location and 
intent," it said. "Such attacks could severely disrupt computer-supported 
operations, compromise confidentiality of sensitive information and 
diminish the integrity of critical data."

ForensicTec consultants said it wasn't hard to probe the systems. They 
employed readily available software tools that scan entire networks and 
issue reports about linked computers. The scans showed that scores of 
machines were configured to share files with anyone who knew where to look. 
The reports also contained people's names and revealed that many of the 
computers required no passwords for access, or relied on easily crackable 
passwords such as "administrator."

The consultants said they identified other Internet addresses during their 
exploration of Fort Hood, including those for machines at the National 
Aeronautics and Space Administration, the DOD Network Information Center, 
the Department of Energy and other state and federal facilities. Scans of 
those systems yielded similar results: hundreds of virtually unprotected 
computer files.

O'Keeffe, the company president, said his consultants concluded that they 
had tripped across a serious problem.

"If we can do this, other governments' intelligence agencies, hackers, 
criminals and what have you can do it, too," he said, adding that he hopes 
to help the government by bringing the vulnerabilities to light. "We could 
have easily walked away from it."

The material they saw ranged from poetry and drafts of personal letters to 
spreadsheets containing personal and financial information about soldiers.

A couple of memos to members of a squadron at Fort Hood included the 
location of several safes and the inventory of one: secret operations 
information on hard drives, floppy disks and CDs.

Another memo designated a courier -- by name, rank and Social Security 
number -- who would "be hand-carrying classified information" to Fort Irwin 
Army Installation in California, apparently from February to June.

The consultants also obtained access to spreadsheets and e-mail messages at 
NASA containing details about vendor relationships, account numbers and 
other matters. NASA spokesman Brian Dunbar said he could not confirm the 
provenance of the information obtained by ForensicTec. But he said the 
agency was investigating its claims of vulnerability in accounting-related 
computers.

"We will investigate what's going on here," he said. "If this information 
is in the clear, it poses a risk to these companies and we need to get it 
fixed."

Steven Aftergood, a research analyst and government information specialist, 
said that much of the data the consultants came across is, by itself, "of 
limited sensitivity." But the easy access to government machines represents 
a substantial security challenge, at a time when military, government and 
business officials rely on computer networks more than ever.

"It's a qualitatively new kind of vulnerability that the government has not 
quite come to terms with yet," said Aftergood, a senior research analyst at 
the Federation of American Scientists. "And it is a vulnerability that will 
increase in severity if the government doesn't do something about it."
*************************
Washington Post
Audit Shows More PCs At the IRS Are Missing
Machines May Contain Sensitive Information
By Albert B. Crenshaw

The Internal Revenue Service has lost to thieves or has misplaced another 
batch of computers, adding to the thousands already missing from that and 
other government agencies.

In the latest case, there are fears that some of the missing machines might 
carry private taxpayer information and Social Security numbers.

An audit released yesterday by the Office of the Treasury Inspector General 
for Tax Administration found that the IRS cannot account for an unknown 
number of the 6,600 laptop and desktop computers it lends to volunteers who 
assist low-income, disabled and senior citizen taxpayers in preparing their 
returns.

Earlier audits found that the Customs Service couldn't account for about 
2,000 computers and the Justice Department for about 400. Earlier this 
summer, the inspector general reported that about 2,300 computers were 
unaccounted for in other areas of the IRS.

Sen. Charles E. Grassley (R-Iowa), the ranking minority member of the 
Senate Finance Committee, said senior government officials have to work out 
better ways for keeping track of computers.

"I'm worried that just as clothes dryers have the knack of making socks 
disappear, the federal government has discovered a core competency of 
losing computers," Grassley said in a letter to Mitchell E. Daniels Jr., 
director of the Office of Management and Budget.

The latest report found computers missing from the IRS's Volunteer Income 
Tax Assistance (VITA) and Tax Counseling for the Elderly (TCE) programs, 
which offer taxpayers who receive assistance the option of filing their 
returns electronically, the Treasury audit said. During the 2001 filing 
season, volunteers prepared approximately 1.1 million tax returns and 
e-filed more than 700,000, or 64 percent, it said.

The report concluded that "the IRS does not have adequate internal 
controls" over the computers it provides to the VITA and TCE programs. The 
agency cannot physically account for computers provided to volunteers, nor 
can it ensure that taxpayers' electronic data were removed from volunteer 
computers at the end of the filing season.

The inspector general has made recommendations to solve the problem, 
including seeking legislation that would allow the IRS simply to donate 
computers to organizations that provide these kinds of taxpayer assistance. 
Such transfer of ownership is currently prohibited by law.

The IRS said it agreed with most of the recommendations and was 
implementing new procedures to deal with the problems. It noted that any 
information contained on the missing computers would have been supplied by 
taxpayers for preparation of their returns; it would not have come from 
central IRS files or computers.

"We've been working for some time to improve our internal controls over 
computers we provide to volunteers," an IRS spokeswoman said. "We are going 
to continue to work to put in place appropriate procedures so we can 
continue to assist the volunteers who help elderly and low-income taxpayers 
across the country."
***************************
New York Times
Computer Programmers Rally for Bill
By THE ASSOCIATED PRESS

SAN FRANCISCO (AP) -- Comparing their cause to America's fight for 
independence from England, computer programmers rallied Thursday to support 
a proposal that would require the state of California to purchase more 
open-source software.

Michael Tiemann, chief technology officer for Raleigh, N.C.-based software 
company Red Hat, led about 30 protesters from the Linux World Conference & 
Expo to a podium outside City Hall. He urged politicians to adopt the 
Digital Software Security Act, a month-old proposal gaining support among 
hackers, civil libertarians and people opposed to Microsoft's dominance of 
the global software industry.

``Government and monopolists want to take away our right to write software 
and use computers as we want to use them,'' Tiemann said to marchers, 
mainly shaggy-haired men in T-shirts and jeans. ``Open source is the true 
spirit of democracy, and we must preserve it.''

The proposal would require California state agencies to use open-source 
software such as the Linux operating system as an alternative to 
proprietary software such as Microsoft Windows. Tiemann and several other 
open-source enthusiasts wrote the proposal and published it online, but 
they're asking programmers around the world to suggest changes.

Open-source programs can be downloaded from the Internet for free, and they 
don't require users to pay licensing fees. Installing Linux on servers has 
saved Amazon.com, 7-Eleven, Deutsche Telekom, the Chinese government and 
other groups millions of dollars.

Mainly because of the reduced cost, government agencies and corporations 
around the world are switching to open-source software to run databases and 
manage e-mail. According to research firm A.D.H. Brown Associates, about 20 
million people are using the Linux operating system, the most popular 
example of open-source software.

But the Computing Technology Industry Association blasted the notion that 
California adopt an open-source approach. The Washington-based trade group 
said the proposal would stifle innovation in corporate America and cause 
``unintended repercussions for California, its (information technology) 
industry and its citizens.''

A Microsoft spokesman refused to comment on the bill but said the world's 
largest software company supported the CTIA's position.

Microsoft's snubbing didn't surprise protesters. Many worried that 
Microsoft could extend its dominance in operating systems and Internet 
browsers to gain access to personal data stored on computers, including 
passwords or financial information. They feared digital privacy bills 
introduced earlier this year, including one to put government-mandated 
anti-copying mechanisms in consumer electronic devices.

``They're all in cahoots -- Microsoft, the government, corporate America,'' 
said protester Mike Collins, 48, a computer consultant in Austin, Texas, 
who sported a tattoo of the Linux penguin logo on his calf. ``We are at a 
pivotal point. We need open source now more than ever.''

But the rally's sparse attendance may underscore challenges facing the 
proposal. Only about 30 of the 15,000 Linux World attendants marched to 
City Hall. Open-source enthusiasts are known for their libertarianism and 
disdain for politics.

``Programmers are more comfortable in front of a keyboard, not at a 
podium,'' said Raj Nagra, 33, a network specialist who supports the 
proposal because he's seen significant cost savings after installing 
Linux-based systems for the city of Fresno. ``They'll submit code and maybe 
they'll send a check to support their cause, but they probably won't take 
their cause to the streets.''
*************************
MSNBC
FBI agent charged with hacking
Russia alleges agent broke law by downloading evidence
By Mike Brunker

Aug. 15  In a first in the rapidly evolving field of cyberspace law, 
Russia's counterintelligence service on Thursday filed criminal charges 
against an FBI agent it says lured two Russian hackers to the United 
States, then illegally seized evidence against them by downloading data 
from their computers in Chelyabinsk, Russia.


       IGOR TKACH, an investigator with Russia's Federal Security Service, 
or FSB, started criminal proceedings against FBI Agent Michael Schuler for 
unauthorized access to computer information, according to the Interfax news 
agency.
       The agency reported the complaint had been forwarded to the U.S. 
Justice Department and that the FSB was awaiting a response.
       The FBI said Thursday it had no comment on the case, and the 
Justice Department did not immediately respond to a request seeking comment.
       Interfax quoted sources with the FSB as describing the criminal 
complaint as an effort to restore traditional law enforcement borders.
       "If the Russian hackers are sentenced on the basis of information 
obtained by the Americans through hacking, that will imply the future 
ability of U.S. secret services to use illegal methods in the collection of 
information in Russia and other countries," the news agency quoted one 
source as saying.

RUSE WAS WIDELY PRAISED
       Schuler and other agents were widely praised for an elaborate ruse 
that led to the arrests of Vasily Gorshkov, 25, and Alexey Ivanov, 20, in 
November 2000. Court papers described the men as kingpins of Russian 
computer crime who hacked into the networks of at least 40 U.S. companies 
and then attempted to extort money.
       The pair was lured to the United States after Ivanov identified 
himself in an e-mail threatening to destroy data at a victimized company, 
Stephen Schroeder, a now-retired assistant U.S. attorney in Seattle who 
prosecuted Gorshkov, told MSNBC.com last year.
       FBI agents then found Ivanov's resumé online and, posing as 
representatives of a fictitious network security company called Invita, 
contacted him to offer him a job.
       Once Ivanov and Gorshkov arrived in Seattle, agents posing as 
Invita officials asked the men to demonstrate their prowess on a computer 
outfitted with "sniffer" software to record every keystroke. After 
arresting the men, the agents used account numbers and passwords obtained 
by the program to gain access to data stored on the pair's computers in 
Russia.
       Fearing that an associate would "pull the plug" on the computer in 
Russia, the agents downloaded evidence before obtaining a search warrant, 
according to court papers.

AGENTS HONORED
       In a news release issued last week honoring Agents Schuler and 
Marty Prewett with the director's award for excellence, the FBI's field 
office in Seattle said the case was the first in the the bureau's history 
to "utilize the technique of extra-territorial seizure." The procedures 
employed by the agents had been incorporated into the attorney general's 
guidelines for law enforcement personnel, it said.
       Court papers allege that Ivanov and Gorshkov broke into and 
obtained financial information from a number of large U.S. companies and 
penetrated the computer networks of two banks  the Nara Bank of Los Angeles 
and Central National Bank-Waco, based in Texas.
       They also were accused of orchestrating "a massive scheme" to 
defraud the Internet-based payment company PayPal, based in Palo Alto, 
Calif., by using "proxy" e-mail addresses from such institutions as public 
schools and stolen credit-card numbers to buy goods.
       Prosecutors have indicated they also believe the Russians are 
linked to two other high-profile cases: the theft of data on 300,000 credit 
cards from the CD Universe Web site and another
       15,700 credit cards from a Western Union Web site.
       Gorshkov was convicted in Seattle in September 2001 of 20 counts of 
wire fraud, charges that carry a maximum sentence of 100 years in prison. 
Sentencing was scheduled for January, but court records do not reflect that 
a punishment had been imposed.
       Ivanov also has been indicted in New Jersey and Connecticut, where 
he currently is in custody and awaiting trial.
       In pretrial motions, Gorshkov's lawyer, Kenneth Kanev, argued that 
the FBI agents had violated Gorshkov's Fourth Amendment right against 
unreasonable search and seizure by secretly obtaining passwords and account 
numbers.
       But U.S. District Judge John C. Coughenour of Seattle ruled that 
Gorshkov and Ivanov gave up any expectation of privacy by using computers 
in what they believed were the offices of a public company.

NO EXPECTATION OF PRIVACY
       "When (the) defendant sat down at the networked computer ? he knew 
that the systems administrator could and likely would monitor his 
activities," Coughenour wrote. "Indeed, the undercover agents told 
(Gorshkov) that they wanted to watch in order to see what he was capable of 
doing."
       He also found that the Fourth Amendment did not apply to the 
computers, "because they are the property of a non-resident and located 
outside the United States," or to the data  at least until it was 
transmitted to the United States.
       The judge noted that investigators obtained a search warrant before 
viewing the vast store of data  nearly 250 gigabytes, according to court 
records. He rejected the argument that the warrant should have been 
obtained before the data was downloaded, noting that "the agents had good 
reason to fear that if they did not copy the data, (the) defendant's 
co-conspirators would destroy the evidence or make it unavailable."
       Finally, Coughenour rejected defense arguments that the FBI's 
actions "were unreasonable and illegal because they failed to comply with 
Russian law," saying that Russian law does not apply to the agents' actions.

NT VULNERABILITY EXPLOITED
       Ivanov, Gorshkov and other unidentified associates used the 
Internet to gain illegal access to the U.S. companies' computers, often by 
exploiting a known security vulnerability in Windows NT, according to court 
papers. A "patch" for the vulnerability had been posted on the Microsoft 
Web site for almost two years, but the companies hit by the cyberbandits 
hadn't updated their software.
       (MSNBC is a Microsoft-NBC joint venture.)
       At least one company, Lightrealm Communications of Kirkland, Wash., 
acceded to a demand that it hire Ivanov as a security consultant after he 
broke into the Internet service provider's computers, according to court 
documents. Ivanov then used a Lightrealm account to break into other 
companies' computers, they indicated.
       Eastern Europe and nations of the former Soviet Union have become a 
hotbed for computer crime aimed at businesses in the United States and 
other Western nations.
       When MSNBC.com first reported on the problem of overseas computer 
crime in 1999, Mark Batts, the special agent in charge of the FBI's 
Financial Institution Fraud Unit, said he was not aware of any prosecutions 
of credit card thieves operating from Eastern Europe and the nations of the 
former Soviet Union.
**************************
Seattle Times
Firms push for homeland-security work
By Nancy Gohring
Seattle Times business reporter

As the government scrambles to improve homeland security, safeguarding the 
nation's coastlines is a top priority.

StarCom Wireless of Bellingham believes it has a 
wireless-data-communications technology that can help the Coast Guard track 
and identify vessels on the water.

But before the company can secure a piece of the $38 billion 
homeland-security pie, it must first navigate the waters of Capitol Hill. 
To do so, it has turned to Cassidy & Associates, one of the largest 
lobbying firms in Washington, D.C.


Without such help, StarCom isn't sure it would have a chance of winning a 
contract.

"Not being able to get the ear of the people who can move it along 
literally would be the same as not having it," said Bruce Scapier, chairman 
of StarCom Wireless. Just as many travelers need guides to weave through 
the tangled streets of faraway cities, small technology firms like StarCom 
are increasingly relying on Washington, D.C., insiders to find what they're 
looking for in the nation's capital.

High-tech firms are among many businesses salivating over potential 
contracts from the proposed Homeland Security Department. When the White 
House announced intentions to create the department, it gave it the 
sky-high budget of $38 billion for 2003. That figure has sent companies 
that may have never wanted government work to the nation's capital, hoping 
to sell their wares.

The problem is, many small- and medium-sized companies have no idea whose 
doors to knock on. Rather than try to figure it out on their own or add a 
full-time staff member to handle government relations, they're retaining 
outside help.

Once they employ a lobbyist or federal-marketing firm, they've got a leg up 
on companies without enough cash to do the same.

"One of the problems with a system that relies heavily on expensive 
lobbyists is it leaves small companies at a disadvantage," said Larry 
Noble, executive director for the Center for Responsive Politics, a 
nonprofit, nonpartisan group that watches where money goes in the capital 
so that citizens can mark its impact on policy.

Sagem Morpho and StarCom Wireless are two Western Washington companies that 
can afford outside help and they're both chasing government deals related 
to homeland security.

Opening the right doors

Cassidy, which represents StarCom, and McBee Strategic, which represents 
Sagem Morpho, lobby legislators and also offer federal marketing, where 
they open doors to decision-makers and controllers of government purse 
strings. The effort is no small feat.

"For looking at major government initiatives like these, it's an enormous 
maze to try to sort through," said Tom Larson, vice president of strategic 
development for Sagem Morpho of Tacoma, which develops biometrics and 
fingerprint-identification systems. "It's an alphabet soup of government 
agencies," he said.

Cassidy has seen a spike of interest from companies looking for help to 
meet government workers who may grant contracts related to homeland defense.

"If you're not aware of how the game is played, it can be pretty 
mystifying," said Matthew Trant, senior vice president of Cassidy.

The firm, though, has been picky in choosing clients, he said. Because 
there are so many companies lining up for the homeland-security initiative, 
Cassidy doesn't want to inundate decision-makers with companies touting 
products that might be a stretch.

Either independently or through hired help, many companies start by 
approaching their representatives in Congress, which writes legislation 
that calls for government contracts.

Help shape legislation

"Where lobbyists really serve their purpose is to make sure that bills are 
written in ways that are fair to the industry," said Noble. They'll try to 
get requirements written into laws that might position their client at the 
top of the list of potential vendors.

StarCom leaders met with U.S. Rep. Jim McDermott, D-Seattle, to pitch their 
product and show him how American Medical Response, the ambulance-services 
company, uses the technology in Seattle.

Even before the laws are written, companies also pitch their products to 
the agencies they think might eventually dole out contracts. In the case of 
the Homeland Security Department, still under debate in Congress, no one 
has the authority to spend a dime yet.

Based on an audit of the Coast Guard's response system and congressional 
hearings about the Coast Guard, StarCom deduced its technology could be 
helpful to the agency, said Trant.

It has pitched its service to homeland-security and Department of Commerce 
personnel and received a good reception, he said. But no agency has said 
outright it plans to deploy a new system that will do what StarCom offers.

Laying groundwork

So far, Cassidy has sent white papers and background information to the 
Coast Guard and other agencies that could find the technology useful. "Now 
we're following up to get meetings set up," Trant said.

He calls those moves steps within the "courtship process."

McDermott spokesman John Larmett said the process of companies identifying 
a need that branches of the government may not know they have and then 
pitching their system to meet that need, is a common practice.

While lobbyists are keeping busy, Noble notes small companies have been 
known to win contracts without the help of hired insiders. Those companies 
can turn directly to legislators or their staffers for help in finding the 
proper contacts.

"Some people haven't the slightest idea whom to talk to. I've worked in the 
White House and I can do it a lot faster than they can," said Larmett, who 
regularly helps companies get in touch with decision-makers.

Many would argue, however, that without outside help, it's tough for small 
firms to be heard. "I don't think we could do it without a lobbying firm," 
said Larson.

While lobbying is only one piece of a campaign to win government business, 
it's a necessary one, Larson said.

"They can help me sort through a shifting maze of everything that goes on 
in D.C., especially as Homeland Security is reorganized," he said. "Every 
day there's someone different in charge."

Nancy Gohring can be reached at 206-464-2140 or ngohring@xxxxxxxxxxxxxxxxx
*****************************
News.com
Talk City users upset by site's shuttering
By Troy Wolverton

The shutdown of Talk City has left many of its former customers upset and 
at no loss for words.
Saying they were given no warning of the closure, many users whose Web 
sites were hosted by online chat company Talk City are upset that they were 
unable to back up those sites. Meanwhile, other users are simply saddened 
by the end of Talk City's popular chat services.

"I'm so sick about this," said Tamara Latham, whose poetry Web site 
disappeared when Talk City shut down. "All that work for nothing."


Talk City shuttered its site last week after filing for Chapter 7 
bankruptcy several days earlier. The company, which had been involved since 
January in a legal dispute with LiveWorld, the former owner of the Talk 
City site, could no longer afford to continue the litigation, said Robert 
Young, Talk City's chief executive.

Young said he didn't know what would happen to the Web sites or the servers 
they were hosted on.

"It's effectively not my company anymore," Young said. "I don't know, 
because it's not in my control."

Talk City's lawyers did not return calls seeking comment. The trustee of 
Talk City's bankruptcy was not immediately available for comment.

LiveWorld sued Talk City in January seeking to collect the money Talk City 
agreed to pay for the site. LiveWorld is still trying to recover that money 
or at least some of Talk City's assets, said Peter Friedman, CEO of LiveWorld.

However, even if he were able to get back the servers, Friedman said there 
was little chance he or anyone else would resurrect the Talk City site, 
which hosted about 2.5 million home pages when LiveWorld was still running 
it. There are no assets left in Talk City, and LiveWorld can't afford to 
re-open the site, Friedman said.

"I think that basically there's very little chance of people recovering 
anything," Friedman said. "It's unfortunate. If I could do something about 
it in practical way, I would."

Little recourse, little hope
The Talk City customers are only the latest Net users to be left in the 
lurch by the closure of a dot-com company. Late last year, online photo 
company PhotoPoint shut down abruptly, leaving customers without any way to 
retrieve the photographs they had saved on the site. The company later 
offered to burn the photos on to CDs, but for a fee.

Many Excite@Home customers also faced problems retrieving their saved 
e-mail after they were switched over to AT&T Broadband's network.

Legal experts have said that customers who lose files because an online 
company has shut down have little recourse and little hope of recovering them.

Canine trainer Stephanie Johnson had a Web site hosted by Talk City 
dedicated to her borzoi breeding business. Johnson, whose site had been on 
Talk City for about three years, chose the company because its site was 
easy to use.

Although she had back-up or hard copies of photographs and other 
information, Johnson said she's had to reconstruct the extensive dog 
pedigrees she had on her Talk City site.

"I've just been retyping and retyping and retyping," said the Tupelo, 
Miss., resident. "I'm really beating myself up over not saving it."

Jan Cantu didn't have a Web page on Talk City, but had been an active 
member of the site's chat room for people 40 and older for nearly five 
years. She met hundreds of friends through the chat room, many of whom 
provided support for her when her father died several years ago.

Cantu paid $12 for the chat service when Talk City introduced yearly fees 
last year, but said she wasn't bitter that she had lost her money. The 
Bakersfield, Calif., bookkeeper said she offered to pay fees for some of 
her other friends and would have done more to keep the site going if she 
could.

"It's really sad," Cantu said. "It was a big part of a lot of people's lives."

************************
Washington Post
Internet Address Retailers Join Debate Over ICANN Future
Registrars Take Opposing View to VeriSign Over Internet Body's Powers
By David McGuire

Responding to a high-level push to scale back the powers of the 
organization that manages the Internet's worldwide naming system, dozens of 
Internet address retailers are lobbying the U.S. government to protect the 
powers of the Internet Corporation for Assigned Names and Numbers (ICANN).

While ICANN isn't perfect, it has done yeoman's work to introduce 
competition into the domain name industry and still has a major role to 
play in ensuring the stability of the Internet, a clutch of Internet 
registrars wrote in a letter that will go out to Commerce Department 
Undersecretary Nancy Victory in the next couple of days. Victory heads 
Commerce's National Telecommunications and Information Administration (NTIA).

Seven of the top ten Internet address sellers signed the letter along with 
more than 30 smaller registrars from 13 countries, said Mike Palage, who 
coordinated the signatures. Palage is the chair of the Internet registrar 
constituency within ICANN.

"We agree that there needs to be an ICANN and that ICANN is about 
protecting competition and not about protecting individual competitors," 
Palage said describing the Internet registrar community's view.

Palage won't release the names of the signatories until the letter is sent 
either Friday or Monday.

The registrars' letter comes less than a month after the three largest 
Internet registries (which act as domain name "wholesalers" to the 
registrar "retailers") called on the Commerce Department to scale back some 
of ICANN's powers.

VeriSign and two other major registries, DENIC and Nominet UK, sent a 
letter to Victory in which they outlined their "common view of a 
lightweight ICANN." Together, the three companies control world's five 
largest Internet domains -- VeriSign operates the "dot-com," "dot-net" and 
"dot-org" domains, while DENIC operates Germany's "dot-de" domain and 
Nominet UK operates the United Kingdom's "dot-uk."

Managing the Domain Name System under a series of agreements with the 
Commerce Department, ICANN wields a substantial amount of power over how 
both registries and registrars do business. ICANN decides what Internet 
suffixes are added to the system; oversees dispute resolution policies; and 
has a hand in determining domain name pricing.

In September, NTIA will have to decide whether to renew, revise or revoke 
the ICANN agreements.

Palage questions VeriSign's motives in calling for a weaker ICANN so close 
to that decision.

"The question that needs to be asked is, 'Is VeriSign acting on behalf of 
Internet stakeholders or on behalf of VeriSign shareholders?'" Palage said.

VeriSign runs "dot-com," "dot-net" and "dot-org" under agreements with 
ICANN that prevent VeriSign from raising the wholesale price of the 
addresses it sells, or substantially changing the way it runs the domains.

VeriSign, DENIC and Nominet maintain that ICANN should not be in the 
business of setting wholesale prices for domain names.

VeriSign spokeswoman Cheryl Regan said that VeriSign benefits most when the 
addressing system is healthy and well run. "Whatever is good for the 
Internet is good for our shareholders and that is first and foremost what 
this is about -- what's good for the Internet," Regan said.

Rather than trying to take powers away from ICANN, VeriSign wants to see 
the Commerce Department approach the contract renewal with an eye toward 
"getting back to the original intent of [ICANN] and not letting their 
powers creep into inhibiting the market."

The registrars' letter is virtually identical to a letter sent last week to 
Victory by the operators of the seven Internet domains approved for 
creation by ICANN in November 2000. ICANN commissioned those domains to 
boost competition and to ease crowding in dot-com, dot-net and dot-org.

ICANN applauded the registrars' letter writing efforts.

"It's gratifying to see that many of our participants voiced their support 
for ICANN as the best alternative. Despite all the comments and criticism, 
at the end of the they're still supporting our concept," ICANN spoeswoman 
Mary Hewitt said.
************************
Washington Post
U.S. Aiding Asia-Pacific Anti-Cybercrime Efforts
By Brian Krebs

U.S. law enforcement officials will meet with representatives from a host 
of Asia-Pacific countries this weekend as part of an international training 
program to help developing nations combat computer crime and cyberterrorism.

The two-day event, to take place in Moscow in conjunction with the Asia 
Pacific Economic Cooperation (APEC) ministerial forum, is intended to 
provide expert advice and other assistance on how national laws and 
investigative techniques can be updated to address a range of traditional 
crimes that have migrated to the Internet. Topics on the agenda include 
overviews of the myriad technologies employed by cybercriminals and models 
for international cooperation in cybercrime investigations.

"Our experience has been that these countries are always looking to see 
where the weaknesses in their legal system are, and whether their laws need 
to be rewritten to take into account new technologies," said one Justice 
Department official familiar with the program.

The forum also will address methods for identifying computer viruses and 
cyber threats to vital national infrastructures.

The outreach effort, led by the Justice Department and the FBI with support 
from the State Department and the U.S. Agency for International Development 
(USAID), is aimed at decision-makers and legal experts from nearly all 26 
members of the APEC forum, including Brunei, China, Malaysia, the 
Philippines, Singapore, South Korea, Thailand and Vietnam.

The program comes as the Bush administration is seeking increased 
cooperation from foreign nations in prosecuting cybercrime and steeling 
U.S-based infrastructures against potential cyberterrorists.

Southeast Asian foreign ministers last month joined U.S. Secretary of State 
Colin Powell in signing a counter-terrorism declaration that included a 
promise to strengthen and harmonize laws against cybercrime. In September, 
the White House is expected to release its national strategy for protecting 
the nation's most critical computer systems from cyberattack.

Following the U.S. Lead
Many APEC nations lack laws to prosecute hackers within their borders, much 
less assist other nations in multinational cybercrime investigations. Yet, 
nearly 40 percent of all cyberattacks involve computers located in Asian 
nations, according to the latest statistics from DShield.org, a company 
that monitors network intrusions.

In contrast, while the U.S. is also the origin of a large number of 
cyberattacks, it has some of the toughest computer crime laws in the world, 
some of which were put in place in the wake of last September's terrorist 
attacks on New York and Washington.

The USA Patriot Act, signed into law in November, increased the maximum 
sentence for unauthorized hacking from 5 years to 10 years. And a bill 
passed last month by the House of Representatives would send hackers to 
jail for life if they cause someone serious injury or death in the process, 
either intentionally or by accident.

Justice Department officials say their outreach program is less about 
encouraging nations to adopt U.S.-style cybercrime laws than using them as 
examples of ways to proceed in drafting their own computer crime statutes 
and mutual assistance agreements with other nations.

A few Asian nations that have recently enacted cybercrime laws now levy 
civil - not criminal - penalties and fines for a broad range of hacking 
activity.

In Vietnam, for example, using someone else's password to illegally access 
Internet services carries a fine ranging from $13 to $67. A person 
convicted of sending computer viruses faces a maximum penalty of $1,333 to 
$3,333, according to a survey by the Work-it Group, which specializes in 
information and infrastructure security issues from the legal and 
management perspective.

"My experience is that the legal frameworks in many countries are woefully 
deficient," said Work-it Group President Jody Westby. "Many developing 
countries are not now working on an international level, and they need help 
on how to do that. Just having a 24-7 point of contact (on cybercrime 
issues) is probably something that hasn't occurred to most of them."

Westby is also chair of the American Bar Association's International 
Cybercrime Project, which circulated a draft version of its "International 
Guide to Combating Cybercrime," at its annual meeting in Washington, D.C. 
this week.

The 224-page report outlines the law enforcement challenges posed by 
cybercriminals, and offers a blueprint for countries struggling to overhaul 
their laws to include a range of common computer crimes.

Balancing Privacy & Security
The ABA report also provides guidance on more ethical considerations, such 
as balancing the need for acceptable search and seizure procedures with 
privacy and human rights concerns.

Such considerations are especially important for developing nations in 
which the government still maintains a controlling stake in the 
telecommunications infrastructure, said James X. Dempsey, deputy director 
of the Center for Democracy and co-chair of the report's Electronic Search 
& Seizure Working Group.

"The tradition in most developing countries has been zero controls on 
government surveillance because the telephone company is frequently a 
branch of government," Dempsey said. "What this report says is that as 
countries around the world grapple with cybercrime laws and necessarily 
address the question of government access to communications data, they need 
adopt legal standards that limit government surveillance to ensure a 
certain level of public trust in those networks."

Without that trust, Dempsey said, developing nations risk alienating 
investors.

"If countries are looking to attract foreign investment and compete 
globally in the information age, economically they need to address privacy 
and give assurances that the host government will not arbitrarily monitor 
the communications networks," he said.

The ABA report represents an unusual collaboration among more than 60 
industry, law enforcement and privacy groups. In fact, the search and 
seizure portion of the study was drafted with the help of some the most 
vocal critics of US privacy and surveillance laws, including the Electronic 
Privacy Information Center and the Electronic Frontier Foundation.

"The fact is that for all the concerns that and other privacy advocates and 
I sometimes share about the Patriot Act and other U.S. surveillance laws, 
U.S. law is far and away the best system in the world in terms of privacy 
protection," Dempsey said.
*************************
Computerworld
Airlines, FAA turn to Web for security, flight planning

WASHINGTON -- Several major airlines and the Federal Aviation 
Administration are turning to the Internet, with all of its inherent 
security vulnerabilities, to improve antiterror information sharing and the 
safety of flight operations.
In the wake of last year's terrorist hijackings and the near success of the 
shoe-bomb plot on an American Airlines flight on Dec. 22, American and 
other airlines have turned to the Internet as a way to keep pilots informed 
of critical federal security warnings in a more timely manner. In addition, 
the FAA in recent weeks has established a public Web site that commercial 
and general aviation pilots can use to download visual-range data for most 
of the nation's major airports. Visual-range data is used to plan alternate 
landing routes in the event of bad weather.

According to a report in The Washington Post, American, Delta Air Lines 
Inc., United Air Lines Inc. and US Airways Group Inc. have established 
Web-based systems to keep pilots informed of urgent security advisories 
sent out by the Transportation Security Administration. The issue was 
thrust into the spotlight when a government warning about the potential use 
of shoe explosives was sent to American on Dec. 11 but was not forwarded to 
pilots before the bombing attempt 11 days later.

A spokeswoman for United declined to provide details on the company's 
Web-based bulletin board system, saying only that doing so would "open the 
door to what we do from a security perspective and how we do it." American, 
Delta and US Airways didn't return calls for comment.

Larry Johnson, CEO and co-founder of international business-consulting 
company The Business Exposure Reduction Group Associates LLC and a former 
deputy director of transportation security in the State Department's Office 
of Counterterrorism, applauded the airlines for using the Web to "make the 
pilots part of the [security] solution."

"The U.S. government has to do a better job of keeping other security 
professionals informed," said Johnson.

However, he's less enthusiastic about the FAA putting operational data on 
the Internet. "Posting visual-range data on a public Internet is insane," 
said Johnson. "That makes the terrorist job of doing operational planning 
easier."

"There's always a concern with putting operational data on the Internet," 
acknowledged James Wetherly, research and development lead for the FAA's 
Traffic Flow Management Integrated Product Team. However, "with [visual 
range data], a lot of this information is about the environment that is 
often available locally," he said.

"The Web is being used for advisory purposes only, not to replace the 
tried-and-true method of communicating [range] data ... which is voice," 
said Wetherly. "We take every precaution to ensure that the systems and 
data viewed from the outside are secure. And we have an infrastructure that 
provides a pretty deep moat to ensure that."
*********************
USA Today
Steering wheel TV installers under scrutiny
By Earle Eldridge, USA TODAY

Federal vehicle safety investigators are gathering information about custom 
shops that remove air bags from steering wheels to install TVs. Federal law 
prohibits removing a safety device from a car.

Adding TVs to cars, including in the steering wheel, is popular with 
professional athletes, rappers and urban youths.

But it is widely criticized because the potentially lifesaving air bag is 
replaced with a TV that a driver can see, a distraction that could cause an 
accident.

Tim Hurd, spokesman for the National Highway Traffic Safety Administration, 
says each case of removing a safety device could result in a $5,000 fine.

"We don't have a formal investigation, but we are looking into this issue 
of conversion shops disconnecting air bags to install TVs," he says. 
Investigators will look at how widespread the trend is and what shops are 
doing the work.

Meanwhile, makers of small video screens built for vehicles say they 
discourage installers from putting TVs where drivers can see them.

Most require installers to agree to enable a locking mechanism in any 
monitor the driver can see that keeps it from working while the car is moving.

Alpine Electronics of America, a leading maker of TV monitors for cars, 
says installers it finds violating the agreement can lose their Alpine 
retailer's license.

Even so, the policy is "difficult to police" says Steve Witt, vice 
president of marketing for Alpine.

Witt, who is chairman of a consumer electronics industry committee 
overseeing use of video monitors in vehicles, says electronics makers, 
automakers and federal regulators are working on industry standards for 
installing TVs in vehicles.

TV monitors in vehicles is the fasting growing segment of the consumer 
electronics industry, he says.
*************************
USA Today
E-mail becoming crime's new smoking gun

WASHINGTON (AP)  Not since the glory days of letter-writing, before the 
advent of the telephone, have people committed so much revealing 
information to written form as they do in the age of computers.


All those e-mail messages and electronic files are a treasure trove of 
evidence for law enforcement officers, whether they are targeting 
terrorists, crooked CEOs or local drug dealers.

The challenge for police and prosecutors is learning how to dig up and 
preserve these electronic gems.

"Any agent can come in and look through papers, but not every agent can do 
a thorough computer search," said David Green, deputy chief of the Justice 
Department's computer crime section, which helps train federal and state 
investigators.

Green teaches that a mistake as simple as turning off a computer can wipe 
away valuable evidence. Knowing such basics, and the ins and outs of 
privacy law, is essential when electronic evidence may play a role in so 
many cases.

"It's like the gift that keeps on giving," said Tom Greene, a deputy 
attorney general in California, one of the states suing Microsoft in an 
antitrust case built largely on computer messages. "People are so chatty in 
e-mail."

E-mail revealed the shredding of documents at Arthur Andersen, and exposed 
Merrill Lynch analysts condemning stocks as a "disaster" or a "dog" while 
publicly touting them to investors.

Anti-American sentiments in messages Taliban fighter John Walker Lindh and 
shoe bomb suspect Richard Reid sent to their mothers were gathered as 
evidence against them.

And when Wall Street Journal reporter Daniel Pearl was kidnapped and killed 
in Pakistan, investigators used e-mails from his abductors to track them down.

When drug dealers are arrested, police search their electronic organizers 
and cell phones for associates' names and telephone numbers. When someone 
is accused of molesting a child, his computer is searched for child 
pornography. When a company is sued, it can be forced to turn over 
thousands of employee messages.

"E-mail has become the place where everybody loves to look," said Irwin 
Schwartz, president of the National Association of Criminal Defense Lawyers.

One reason is that computer data is difficult to destroy. Just clicking 
"delete" won't do it, as Oliver North learned during the 1980s Iran-Contra 
probe, one of the earliest investigations to rely on backup copies of 
electronic messages.

Deleted files can linger, hidden on a computer's hard drive until that 
space is overwritten with new information.

"The best way to get rid of computer data is to take the hard drive and 
pound it with a hammer and throw it in a furnace," said John Patzakis, 
president of Guidance Software, which makes forensic software that helps 
police find hidden files.

Even that might not work with e-mail, which investigators may also be able 
to track down in an employee's office server, stored by Internet providers, 
or in the recipient's computer.

To go hunting through computer data, law officers need a search warrant 
issued by a judge. Winning legal permission to eavesdrop on e-mail as it's 
transmitted is more difficult, because that is considered the same as 
wiretapping a telephone. Investigators generally need a court order based 
on probable cause that the wiretap will reveal evidence of a felony.

Criminals, or people who simply want to protect their secrets, can use 
encryption software to scramble their e-mail. And special software can 
overwrite computer files, so they are truly deleted. Most criminals aren't 
that savvy yet, prosecutors say.

Even law officers make the mistake of indiscreet e-mail. Defense attorneys 
commonly scour messages between police or prosecutors to look for 
ammunition to question investigative techniques or suggest bias. Or, one of 
the prosecution's expert witnesses may have posted notes on the Internet 
that contradict his testimony.

Every U.S. attorney's office across the country has a computer and 
telecommunications coordinator, and the Justice Department is pushing more 
of its prosecutors to take cybercrime courses. The department also finances 
some training for state and local law enforcement.

"The problem is the uninitiated police officer who will go in and turn on a 
computer to look to see if it's worthwhile to send the computer in for 
examination," said Peter Plummer, assistant attorney general in Michigan's 
high-tech crime unit.

"When you boot up a computer, several hundred files get changed, the date 
of access, and so on," Plummer said. "Can you say that computer is still 
exactly as it was when the bad guy had it last?"

A defense attorney could argue it's not, and try to convince a jury that 
evidence has been mishandled or tampered with.

When feasible, investigators usually prefer to use special software to make 
an exact copy of the contents of a computer's hard drive. This can be done 
without even turning on the computer.
***************************
USA Today
Japanese embrace inexpensive Net phone calls

TOKYO (AP)  For years, the high cost of phone calls was the biggest 
obstacle to Internet growth. These days, that curse is proving to be a bit 
of a blessing.


As always-on broadband Internet service becomes more available, towering 
tariffs for traditional voice calls are encouraging adoption of a 
technology that has yet to make much headway with consumers elsewhere: 
voice over Internet.

More than 300,000 people have signed up for the service from BB 
Technologies, a subsidiary of Tokyo Internet company Softbank. That's 
easily more than three times the estimated U.S. consumer market.

The service, which began in April, doesn't require a new telephone. With a 
book-size modem, one gets voice quality comparable to that of regular voice 
lines  at a fraction of the cost.

Subscribers to Softbank's Yahoo broadband Internet service get voice over 
Internet for free. Non-subscribers pay about $10 per month including modem 
rental after a $30 installation fee.

Users keep their same phone number. The broadband service is an asymmetric 
digital subscriber line that runs over existing wires. Customers still must 
pay a line fee that starts at about $12 a month to Nippon Telegraph and 
Telephone, the former state monopoly that still controls nearly all fixed 
lines to homes.

Even so, callers can save drastically.

Although traditional phone fees are gradually coming down as the sector 
opens up to newcomers, a three-minute long-distance phone call in Japan 
still costs as much as 66 cents while the same call to New York costs $1.30.

With BB Phone, three-minute calls within Japan and to the United States 
cost 6 cents. The rates for calls to other countries vary but are all 
generally cheaper than old-style phone calls. Calls to another BB Phone are 
free.

A long-distance romance has Ayumu Mizuno, a 24-year-old engineer, sold on 
BB Phone. He expects to save hundreds of dollars in calls to his 
out-of-town girlfriend, who lives with her parents.

The service is in such demand that customers have complained about long 
waits for service and support. Another catch is that free calls happen 
rarely because BB Phones remain rare.

"It's too bad I have no other BB Phone person to call," said Yoshio 
Inohara, a 43-year-old electrician who switched to BB Phone last month. 
"The only BB Phone I've ever called is the support center."

Softbank, which has invested $720 million to set up its broadband network, 
believes homes of the future will be linked over the Internet through all 
kinds of devices, not just telephones and computers, but also home 
entertainment centers, ovens and refrigerators.

"The BB Phone is a result of the natural changes in technological 
advancement," Softbank spokeswoman Misao Konishi said. "The market is 
certain to get bigger."

Last year marked a period of explosive growth for broadband in Japan.

Half of Japanese households are already connected in some way to the 
Internet, up from just a quarter of households two years ago, according to 
InfoCom Research, a Tokyo company that compiles Net data.

Those using high-speed connections  including ADSL, cable and optical 
fiber  total 4 million people, or nearly 8% of Japanese households.

A recent study by the Nihon Keizai newspaper found thirtyfold growth in 
high-speed digital connections in Japan over the 12 months ending in March.

Although some 12 million American homes have broadband connections, voice 
over Internet has not penetrated the U.S. consumer market nearly as well.

That's primarily because basic phone service in the United States is 
relatively cheap, about $20 a month, said analyst Norm Bogen at Cahners 
In-Stat. Besides, voice over Internet requires new equipment and service 
that is not as reliable as traditional voice calls, he said.

In larger U.S. companies, it's a completely different story.

More than 40% of U.S. companies with 500 or more employees have begun 
converting to Internet-based telephony, according to the research and 
consulting firm InfoTech.

In Japan, the road ahead for BB Phone remains precarious despite its early 
success.

Telecom giants such as NTT and KDDI, as well as other startups, are 
beginning to offer rival services.

This month, NTT's long-distance unit began offering a videophone feature 
for its Net phone service, which has attracted 13,000 users.

"NTT has marketing power," says Shinji Moriyuki, analyst with Daiwa 
Institute of Research in Tokyo, adding that only the best of efforts from 
smaller companies is likely to survive. "NTT may lose some market share, 
but not all ventures are going to succeed."
************************
USA Today
NYTimes.com, NPR team up for civics education Web site

NEW YORK (AP)  NYTimes.com and National Public Radio on Wednesday announced 
the launch of Justice Learning, a civics education Web site for high school 
students and teachers based on NPR's radio program, Justice Talking.


The Web site will use content from Justice Talking and related lesson plans 
and articles from The New York Times Learning Network, a free service for 
teachers, parents and students in grades 3-12.

Justice Learning is designed around eight distinct civics issues that are 
updated twice a year. Current issues include affirmative action, civil 
liberties, death penalty, gun control, juvenile justice and Web censorship.

"The New York Times Learning Network brings news issues to life for its 
audience," said Gary Kalman, communications director of Justice Talking.

The Learning Network receives nearly four million page views a month during 
the school year, the company said.

NPR's Justice Talking is produced by the Annenberg Public Policy Center at 
the University of Pennsylvania.

New York Times Digital is the Internet division of The New York Times Co.
************************
Nando Times
Navy taps private industry for new defense technology

WASHINGTON (August 14, 2002 3:56 p.m. EDT) - As private companies take on 
more of the burden for developing new defense technologies their military 
customers are facing unfamiliar challenges of coordination, intellectual 
property rights and civilians unfamiliar with wartime needs, Navy officials 
said Tuesday at a Washington conference.

In the face of a scattered terrorist threat with multiple capabilities, the 
U.S. military has to become just as adaptable, said Paul Schneider, 
principal deputy to the secretary of the Navy's research, development and 
acquisition programs. To do this the Navy is turning more and more to 
private sector firms for creative solutions.

Innovative programs have tackled supposedly "unsolvable" challenges, such 
as creating a new, smaller breed of torpedo for clearing minefields and 
other littoral (close-to-shore) operations, said Rear Adm. Jay Cohen, chief 
of naval research. The "half-torpedo" project is expected to test a 
real-world design later this summer, he told the Naval-Industry R&D 
Partnership Conference. Successfully fielding the device will enhance the 
abilities of current Los Angeles-class attack submarines.

An Office of Naval Research Web site is also gathering and evaluating 
technology suggestions from service members in the field, he said.

But broader cooperation with industry is presenting new challenges. 
Military organizations must ensure that war fighter needs are properly 
translated. To do this technology rollouts are being structured to match 
technology experts with the people who carry out missions, Schneider told 
the conference. "We're trying to set up the stage for industry ... to be 
more directly involved with battle experiments so we can figure out better 
ways to use the technology and be adaptable."

Military suppliers also have to rethink what competition means in light of 
these goals, Schneider said. The idea of networking different platforms 
into a more powerful system falls apart if companies' technical standards 
are incompatible.

"As much as I dislike the term, the military wants 'plug and play' 
standards ... so that we can get competition on the actual sensor and 
weapons technologies," Schneider said. "We don't want (industry) spending 
money designing components that should be standardized."

At the same time, the issue of intellectual property protection is gaining 
attention as smaller, non-traditional sources of technology become 
available to the military, Schneider said. Unless those companies' 
interests in their development work is protected, they will have little or 
no incentive to share their discoveries, he noted.

The Navy's science and technology organizations are dealing with these and 
other challenges, Cohen said. For example, Cohen has won congressional 
approval to give private venture capitalists a look at the more than $1 
billion in intellectual property naval research has amassed, he said.

The Navy is building on the example of the flexible B-52 bomber and the 
Ohio-class ballistic missile submarine, Schneider said. The nearly 
50-year-old B-52 design has been revamped to carry precision munitions for 
close air support in Afghanistan, while the Navy is looking at older Ohios, 
originally destined for scrap, as platforms to carry cruise missiles and 
special-operations forces, he said.

Going forward, developers are reconsidering the requirements for a 
next-generation destroyer, Schneider said, to take into account emerging 
technologies while reducing the risk associated with introducing them. The 
same approach will be applied in designing a "littoral combat ship," 
designed for operations very close to shore, he said.

"The program there is going to focus on what we need from this 'truck,' and 
on finding approximations of what the mission suites will be," Schneider 
said. "We want to design this ship with maximum flexibility."

In order to keep these differing efforts going, however, the Navy must 
address its aging in-house scientific workforce, Cohen said. One ONR 
program is successfully offering high school juniors and seniors summer 
internships at naval laboratories to interest them in the work being done 
there, he said.

"If you have sustained science and technology work that looks at the 'Navy 
after next' ... when you suddenly need deliverables in 30 days, you get 
them," Cohen told the conference.

The event, sponsored by the Office of Naval Research, is meant to bring 
together technology providers, military acquisition executives and 
uniformed personnel in order to improve the relationship between the Navy 
and its industrial partners.
*****************
News Factor
The Trouble with Software Patches

Despite the lessons taught by nasty viruses like Code Red and Nimda, 
experts say that software patching continues to lag far behind discovered 
vulnerabilities. Analysts typically blame the lag on the sheer number of 
patches, which are issued with increasing frequency. Indeed, patching 
remains a dreaded chore in most IT departments, where a lack of resources 
means many companies have been left behind. "Quite simply, patching isn't 
all that sexy a task to do," Forrester analyst Laura Koetzle told 
NewsFactor.  [For the complete story see: 
http://www.newsfactor.com/perl/story/19023.html]
**************************
Euromedia.net
Microsoft to change Passport privacy statements as part of legal settlement
09/08/2002  Editor: Cathy O'Sullivan

As part of a settlement agreement with the Federal Trade Commission , 
Microsoft is to change its privacy statements on Passport to accurately 
reflect what information is collected and how it is used.

The FTC's investigation followed a number of complaints by a group of 
privacy organisations who claimed that Passport and the accompanying Wallet 
service violated Section 5 of the Federal Trade Commission Act, which 
covers unfair or deceptive practices. The complaint was subsequently 
amended to include a claim that Kids Passport did not comply with 
Children's Online Privacy Protection Act and that Microsoft was using 
Windows XP to force signups of the authentication system .

FTC chairman Timothy Muris agreed with the groups on a number of points: 
"We believe that Microsoft made a number of misrepresentations, dealing 
with, one, the overall security of the Passport system and personal 
information stored on it; two, the security of online purchases made with 
Passport Wallet; three, the kinds of personal information Microsoft 
collects of users of the Passport service; and four, how much control 
parents have over the information collected by Web sites participating in 
the Kids Passport program."

Microsoft failure to adhere to its own privacy statements about Passport, 
Passport Wallet or Kids Passport resulted in the problems, said the FTC.

The settlement, which is valid for twenty years, "prohibits Microsoft from 
misrepresenting its privacy and security practices," Muris said. "The 
settlement... also requires Microsoft to establish a program to protect the 
security, confidentiality and integrity of its customers' personal 
information."

Furthermore, for the next five years Microsoft, is obligated to provide the 
FTC with all documentation concerning the collection of personal 
information and any information that might question Microsoft's compliance 
with the settlement.

The FTC's privacy complaint focused the collection by Microsoft of detailed 
information from people's sign-in information and the web sites onto which 
which they logged on without notifying customers of the activity. According 
to Brad Smith, general counsel for Microsoft, the company used the 
information for customer support purposes. In response to the complaint, 
Microsoft has "changed our privacy statement so that our current privacy 
statement does make very clear that we collect this information", Smith said.

Potential security problems with Passport were also identified by the FTC, 
which Microsoft asserts it is addressing.
********************
Sydney Morning Herald
Anti-spam system launched

Bluebottle Systems has launched a system that protects a user's email 
accounts including Hotmail and Yahoo! from spam, a media release says. A 
patent is pending.

The system works by only accepting email from known senders. When 
Bluebottle receives an email from a sender not on a users whitelist, a 
verification request is sent asking the sender to verify themselves in one 
of two ways - by simply replying to the verification request, (which 
automatically places them on the whitelist) or by replying with the user's 
full name to ensure the sender knows with whom he or she is communicating 
with and that the message is not unsolicited.

Spammers are unlikely to respond to these requests as in most cases the 
reply address has been forged. In the event that the spammer actually 
receives the request, it is almost impossible for them to know the 
recipient's full name. It is the users choice which verification method 
they use.

Bluebottle's CEO, Robert Pickup, said the problem was addressed by not 
accepting any email into a network before it had been verified, therefore 
eliminating the bandwidth and disk storage costs.

Bluebottle is developing a number of services that leverage its core 
verification technology, including an offering for small businesses, ISPs 
and enterprise customers. It is also looking to engage, and work with the 
Open Source community to ensure its widespread adoption and 
interoperability with other open systems.
*************************
Earthweb
Norton Antivirus Tackles Instant Messaging
By Sharon Gaudin

Symantec Corp. is answering the latest wave of online messaging attacks by 
gearing up to battle viruses coming through instant messaging.

Norton Antivirus 2003, Symantec's well-known desktop software, will scan 
files transferred over instant messengers for malicious viruses, Trojans 
and worms. Antivirus software has guarded email messages from harm, but IM 
users have been virtually left out in the cold.

The antivirus software, which is geared toward the consumer and small 
business, is designed to work on instant messengers from Yahoo, MSN and 
AOL. Symantec is aiming at pushing its IM cleansing technology into the 
enterprise arena within a year, according to Laura Garcia-Manrique, a 
senior product manager at Symantec, but they moved on the consumer market 
first because of IM's enormous popularity there.

''The more people use instant messaging, the more attackers will use 
instant messaging,'' says Garcia-Manrique. ''The more people use IM to 
share information and files, it's a natural evolution for viruses to begin 
using those vehicles.''

Symantec's announcement comes on the heals of a warning that IM users are 
being duped into downloading viruses and opening the door to intruders who 
use their systems to launch distributed attacks across the Net. Hackers are 
increasingly attacking systems through instant messaging, said Art Manion, 
Internet Security Analyst at CERT, a federally funded high-tech research 
and development center at Carnegie Mellon University.

In a recent interview, Manion says CERT has tens of thousands of reports of 
systems being compromised through instant messengers. ''Instant messaging 
is being used a lot and people aren't paying attention to the security 
risks that are out there,'' said Manion. ''People are still way too 
trusting, and they think instant messaging can't be used against them. But 
it can.''

Garcia-Manrique also notes that Symantec is handling some of the decision 
making for users.

She explains that currently when the antivirus software detects malicious 
code, an alert dialogue box will pop up asking the user if she wants to 
delete the virus, quarantine it or repair it. The new version, which will 
be widely available next month, will delete the virus automatically and 
then alert the user that it was taken care of.

''We did that because we've seen for the most part that the average home 
user doesnt know how to react if a virus is found on the system,'' says 
Garcia-Manrique, who adds that any user who wants manual control can change 
the default setting. ''It's safer for the antivirus software to delete a 
virus or repair something that is broken.
***********************
Earthweb
Russia Becoming IT Powerhouse
By Drew Robb

For many years, India has been the poster child of the offshore software 
development industry. Many of the Fortune 500 have been quietly beating a 
path to Indian vendors to reduce software development costs and speed up 
time to market. As well as their much-publicized work on Y2K and mainframe 
maintenance, these companies also take on Java and Oracle assignments.

But a serious rival now is emerging, one with the resources and 
determination to take on India -- Russia.

The technology sector in Russia achieved $3 billion in revenue last year, 
up 19% from the previous year. Offshore software development now is a large 
slice of that total, growing at an estimated rate of 50% a year.

U.S. giants like Dell, Intel, Siemens and Motorola have huge Russian 
development centers. And Boeing, GE, Sun Microsystems, IBM, Citibank, the 
U.S. Department of Energy and many others now are turning to Russia for all 
manner of complex software tasks.

''Our research shows that Russian development resources have stronger math 
skills and are often used to develop algorithms and complex formulas,'' 
said analyst Laura Carrillo of Boston-based AMR Research.

Carrillo pinpoints the Russian education system as offering high-tech 
workers there a competitive advantage. In Indian universities, students 
learn generic development and mass-produced coding for Java and C++.

''Russia takes a higher-level approach, picking individuals more carefully 
in a similar manner to MIT,'' said Carrillo. ''As a result, Russian 
programmers and developers are more schooled on advanced math and computing 
techniques than their Indian counterparts.''

Not surprisingly, Russia is earning a reputation as the place to go for 
development work that involves sophisticated algorithms and complex coding. 
Last month, for instance, Dell established a Moscow-based Software 
Engineering Center. It utilizes the Moscow production facilities and 
manpower capacity of Luxoft, probably the largest of the new breed of 
Russian offshore firms.

''Having delegated some projects to the Luxoft center, we intend to free up 
the time and energy of our IT departments, while keeping the scale of IT 
deliverables at the current and even higher pace,'' said J.R. Carter, a 
senior manager of EMEA technologies at Dell Computer Corp.

The choice of Moscow had a lot to do with the sheer quantity and quality of 
science and computing graduates -- 50% of Russian graduates major in 
science -- 55 out of every 10,000 people in Russia are engineers, one of 
the highest ratios in the world -- 4% of programmers working in the world 
today are Russian.

''Russia possesses a unique intellectual capital that should translate into 
existing investment opportunities in the years to come,'' said Alexander 
Andreev, a financial analyst at Brunswick UBS Warburg.

Due to this wealth of resources, Luxoft was easily able to comply with 
Dell's stringent conditions. Dell demanded a scalable-on-request team of 
software engineers. Every team member was selected by Dell based on 
experience, domain knowledge and educational background.

''As a result of the educational system and culture, Russian code expertise 
is married up with a quality that American companies find highly desirable 
-- the ability to innovate and be creative in their approach to solving 
customer problems,'' said Luxoft CEO Dmitry Loschinin. ''I believe that 
this gives Russia a distinct advantage as we go beyond code writing 
competence into the realm of resolving the complex IT challenges of the 
modern enterprise.''

Loschinin cites Boeing Company's experience. After starting on a few 
smaller projects some years back, Boeing now trusts Luxoft with many 
high-level development tasks, such as:


An Internet-based catalog that removed the annual nightmare of updating and 
reissuing hard copies of all documentation. Tools and technologies used, 
included J2EE (Servlets, EJB, JSB, JDBC), XML, DHTML, Web Gain Studio, 
Arbortext Epic and Adobe Distiller;
Development of a PDF utility that manipulates a massive PDF database and 
makes files easily available in print, CD, Internet or Microfilm formats. 
This system uses Rational Rose 2000, XML and works across Sun Solaris, 
Windows NT/2000 and Linux;
Migration and redevelopment of a mainframe drawing and blueprint 
distribution system. Developed in the 1970s in Fortran running on Unix with 
more than a million entries and accessed by 23 separate IT systems, Luxoft 
converted it to Websphere/Oracle/ Java, while preserving existing business 
logic and retaining full functionality.
''The old drawing/blueprint system was of high quality but out of date,'' 
said Scott Griffin, vice president and CIO of Boeing. ''Luxoft converted 
our drawing system to a modern Web-based platform, while preserving 
existing business logic and retaining full functionality. This improved 
system stability, reliability, and access. It also reduced cycle-time and 
increased flexibility, allowing for the support of new requirements and 
thereby lowering maintenance costs.''

While customers, such as Boeing, begin small, most quickly grew into 
large-scale contracts. This tendency to retain clients and expand their 
dependence on Russian resources is explained when you take a closer look at 
the pains some of the top offshore vendors take to validate the quality of 
their development processes.

With Boeing being a big supporter of the Software Engineering Institute's 
(SEI) Capability Maturity Model (CMM), an industry-standard benchmark to 
assess an organization's software development process and methodologies, it 
demanded a partner that could match its own standards. Several divisions of 
Boeing, in fact, operate at CMM Level 5. Among the elite corps of about 200 
companies that have achieved Level 4 or 5 CMM are dozens of offshore 
software developers. Only one U.S.-based software company made the grade. 
Luxoft, on the other hand, is Level 4 CMM, the highest rating in Russia. 
That makes it on a par with the big Indian developers.

Many analysts use SEIs model to advise clients about potential offshore 
vendors.

''I recommend to clients that they only deal with companies who are CMM 
Level 3 at least,'' said Gartner Group Research Director Rita Terdiman.

Buggy software, of course, isn't big news in America. What isn't well 
known, though, is the extent of the problem. According to the SEI, one 
third of IT development projects are cancelled before completion. The 
average budget overrun is 189%. The average schedule overrun for 'difficult 
projects' is 222%. And the delivered product generally only contains 61% of 
originally specified features.

Only 16% of software projects, in fact, are completed on time and one 
budget. On the other side of the coin, SEI figures reveal that 
organizations operating at CMM levels 3-5 operate at or close to budget and 
time line targets, and achieve an average of 5:1 ROI on development projects.

With so many offshore companies dominating the ranks of the highest CMM 
levels, it's no surprise that more than half the Fortune 500 currently use 
overseas software talent. Forrester Research reports that they save an 
average of 25% on development costs and that U.S. companies are expected to 
spend $17.6 billion on offshore outsourcing by 2005.

Russia is planning to take a large slice of that total. As well as having a 
well-educated talent pool, the Russian offshore industry offers distinct 
price advantages over India.

''With outsourcing to offshore development firms becoming a mainstream 
practice, competition is definitely growing from Russia in high-end, as 
well as low-end work,'' said AMR's Carrillo. ''Further, we are beginning to 
see offshore firms successfully go up against the big American consulting 
and integration firms for development and integration jobs.''
************************
News.com
File-swapping foes exert P2P pressure
By Declan McCullagh
August 13, 2002, 6:48 AM PT

news analysis WASHINGTON--The anti-piracy war is about to spill over onto 
the home front.
Until now, the entertainment industry has relied on civil lawsuits aimed at 
companies, not individuals, to limit widespread copyright infringement on 
peer-to-peer networks.

Napster fell to legal assaults, and MP3.com soon came under fire by the 
recording industry. MP3Board.com, Scour.com, and Sharman Networks, which 
markets Kazaa, have been targets of the entertainment industry's legal 
fusillades against suspected copyright infringers.



Now, however, the entertainment industry is revising its strategy. The new 
plan appears to extend the target beyond companies with an apparent 
declaration of legal warfare against individuals who the industry believes 
are swapping illicit songs or movies through peer-to-peer networks. The 
outcome could include jail time for those convicted of wrongful file swapping.

This move comes as copyright holders are striving to combat the continued 
popularity of peer-to-peer networks, which permit millions of people to 
link their PCs to a massive collection of files, some legal to distribute 
and some not. Napster's courtroom demise has not ended the popularity of 
such services, which are less centralized and more difficult to dismember 
with one legal stroke.

The new strategy relies on a two-pronged approach. Part one, as previously 
reported by CNET News.com, appears to widen legal efforts to include civil 
lawsuits against individuals.

Trading copyrighted wares without permission generally runs afoul of 
current federal law, which means that the Recording Industry Association of 
America (RIAA), if it chooses could pursue the matter in court. That has 
some benefits: If the RIAA wins a judgment, it can take a cut of the 
defendant's future paychecks and inheritances, and the debt does not 
disappear even if that person files for bankruptcy.

But suing individual pirates is expensive. Some of the most prolific 
file-swappers may have few assets to seize, and trying to hold parents 
financially responsible for their teenager's legally dubious online 
activities could become a public-relations nightmare.

Swap a song, go to jail?
Enter part two of the new strategy, which seeks to enlist the resources of 
the federal government in an attempt to put peer-to-peer pirates in federal 
prison.

Last Friday, Reuters reported that some of the most senior members of 
Congress are pressuring the Justice Department to invoke a little-known 
law: the No Electronic Theft (NET) Act.

Under the NET Act, signed by President Clinton in 1997, it is a federal 
crime for a person to share copies of copyrighted products such as 
software, movies or music with friends and family members if the value of 
the work exceeds $1,000. Violations are punishable by one year in prison, 
or if the value tops $2,500, not more than five years in prison.

That's a mighty weapon to wield against peer-to-peer pirates, especially 
when so many Americans are potential federal felons, but it seems likely 
that the Justice Department will honor Congress' request. The agency 
already has used the NET Act to imprison software pirates, a move that tech 
companies hailed as "an important component of the overall effort to 
prevent software theft."

During his confirmation hearing in June 2001, Attorney General John 
Ashcroft told Congress that, "Given the fact that much of America's 
strength in the world economy is a result of our being the developer and 
promoter of most of the valuable software, we cannot allow the assets that 
are held electronically to be pirated or infringed. And so we will make a 
priority of cybercrime issues."

Neither the Justice Department nor the RIAA commented when contacted on 
Monday.

A copy of the letter from Congress, seen by CNET News.com, complains of "a 
staggering increase in the amount of intellectual property pirated over the 
Internet through peer-to-peer systems." The 19 members of 
Congress--including Sen. Joseph Biden, D-Del., Rep. James Sensenbrenner, 
R-Wisc., and Sen. Dianne Feinstein, D-Calif.--urged Ashcroft "to prosecute 
individuals who intentionally allow mass copying from their computer over 
peer-to-peer neworks."

Peter Jaszi, a law professor at American University who is a critic of 
recent additions to copyright law, says he welcomes the idea of 
prosecutions under the NET Act.

"It's positive in the sense that this decision is going to make everyone 
aware of what the real stakes in this contest are," Jaszi said. On the 
other hand, he said, "I think (the industry) is going to have a 
tremendously difficult time trying to find judges and juries who will 
convict individuals who are engaging in content sharing of this type."

Any NET Act prosecution could send a chill through the entire peer-to-peer 
community inside the United States, with possible prison time for what most 
people seem to view as a harmless activity--illegal, perhaps, but easy to 
forgive--like speeding on an interstate highway.

Jaszi says any future trial "may become a trial of the whole question of 
whether we regard content sharing" as a criminal act.

Closing a loophole
Rampant file-swapping is precisely the activity that the NET Act was 
designed to punish. Rep. Bob Goodlatte, R-Va., the co-chairman of the 
Congressional Internet Caucus, drafted the NET Act to close what had become 
known as the "LaMacchia Loophole."

In 1994, David LaMacchia was a junior at the Massachusetts Institute of 
Technology who was charged with wire fraud for creating a file-swapping 
site on the Internet. But a federal judge dismissed the criminal charges, 
ruling that although LaMacchia could be sued in civil court, he was not 
guilty as charged. "It is not clear that making criminals of a large number 
of consumers of computer software is a result that even the software 
industry would consider desirable," U.S. District Judge Richard Stearns ruled.

A second section of the NET Act that does not include the $1,000 minimum 
limit could make prosecutions even easier. If a person links to a 
peer-to-peer network and shares copyrighted content against the law in 
"expectation" that others will do the same, that triggers felony penalties 
automatically.

Separately, Reps. Howard Berman, D-Calif., and Howard Coble, R-N.C., have 
introduced a bill that would permit nearly unchecked electronic disruptions 
if a copyright holder has a "reasonable basis" to believe that piracy is 
occurring on a computer connected to a peer-to-peer network.
***************************
Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx