[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips May 3, 2002

To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, CSSP <cssp@xxxxxxx>;, glee@xxxxxxxxxxxxx;, Charlie Oriez <coriez@xxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, computer_security_day@xxxxxxx;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;;
Subject: Clips May 3, 2002
From: Lillie Coney <lillie.coney@xxxxxxx>
Date: Fri, 03 May 2002 11:00:15 -0400

Clips May 3, 2002

ARTICLES

Ashcroft Seeks Tougher Law To Punish Identity Thieves
Key Senator Unveils New Broadband Bill
Building, and Billing, Networks
Privacy Groups Blast Info-Sharing By Financial Institutions
Lawmakers debate 'e-Congress'
Hacker duo say they hack for the sake of national security
How to hack your mobile phone
Hitachi and others break storage capacity barriers
E-government to cost jobs
Tough penalties for mobile phone theft
Servers converge as part of Unisys strategy
Net Guard would function as a virtual National Guard
Court orders video spying
Anti-spam legislation heading to Senate floor
Viruses enlisted as nano-builders
Cyber Scholars
Cell phones you can throw away
Cybersecurity legislation gets mixed reviews
Study claims traffic cameras reduce speeding
Anti-spam legislation stalls
Does P3P promise more than it can deliver?
TV will be 'radically different' in 3 years: report
IBM Software Will Monitor, Repair Problems
Unbreakable Code Could Thwart Cyber Crooks
Cross-strait DVD talks going on


*******************
Washington Post
Ashcroft Seeks Tougher Law To Punish Identity Thieves
By Caroline E. Mayer
Page E02

The Bush administration said yesterday that it will seek speedier trials and tougher penalties for crimes involving identity theft.

Alarmed by increasing reports of identity theft -- the nonprofit Privacy Rights Clearinghouse estimated that there are 500,000 to 700,000 cases annually -- Attorney General John D. Ashcroft said he wants legislation to make aggravated identity theft a crime, and to impose an additional two years of prison time for offenders in the most serious cases. An additional five years would be imposed for terrorist acts involving stolen identities.

"The Department of Justice is committed to seeing to it that criminals and terrorists cannot find refuge in the identities of law-abiding citizens of this country," Ashcroft said in a news conference.

The request for tougher penalties came as the Justice Department completed a nationwide crackdown on crimes that involved stolen identities. U.S. attorneys around the country expedited pending investigations and brought 73 criminal prosecutions against 135 people.

Since Congress established the offense of identity theft in October 1998, 2,223 criminal cases have been filed against 2,899 defendants.

Among the most recent cases announced yesterday, one individual was charged with selling Social Security numbers on eBay. A hospital employee was charged with stealing the identity of patients to obtain credit cards and another individual was charged with stealing the identity of a company executive to exercise options on 176,000 shares of Kmart stock in June 2001. The stock was sold for a profit of $212,000.

The call for tougher penalties won immediate support from a frequent critic of Bush administration policies -- Sen. Dianne Feinstein (D-Calif.), chairman of the Senate Judiciary subcommittee on technology, terrorism and government. Feinstein is seeking legislation that would limit the use of Social Security numbers as identification to make it harder for thieves to obtain and use them to create phony documents and credit-card or bank accounts. The administration has not yet said if it supports her proposal. ********************

Washington Post
Key Senator Unveils New Broadband Bill
By Robert MacMillan

A powerful senator today is introducing legislation that he said would bring high-speed Internet access to rural and "underserved" areas, fortifying his ideological bunker for a showdown between two equally influential and diametrically opposed telecommunications camps.

Commerce Committee Chairman Ernest "Fritz" Hollings' (D-S.C.) "Broadband Telecommunications Act of 2002" would accelerate high-speed Internet access deployment throughout the U.S. through existing telephone taxes and government funding, rather than deregulating the current telecom broadband industry.

According to a Hollings staffer, the bill would use telephone excise tax revenues to offer low-interest loans for rural broadband buildout, and would authorize the National Institute of Standards and Technology to devise the best ways to bring broadband to the rest of the nation.

The bill also would authorize funding for wireless broadband technologies in rural and underserved areas, and promote investment in super-fast broadband technology projects underway at NIST, the National Telecommunications and Information Administration, universities and the National Science Board.

Hollings spokesman Andy Davis said that the bill tackles two major problems: how to make broadband widely available throughout the U.S., and how to develop applications that would drive people to use the technology.

The senator in a letter sent to colleagues earlier today said that 80 percent to 85 percent of the nation can access broadband technology, but only 10 percent to 12 percent do so, mainly because there are not enough compelling reasons to sign on for incrementally faster Internet access.

"People need must-have applications," Davis said, noting that the bill also funds public and private studies on high-speed applications that are practical and useful in everyday life.

Hollings' legislation, along with another bill, S. 1364 that he unveiled in August 2001, directly opposes efforts by other Congress members to widen broadband's reach by allowing Baby Bells and other "incumbent" telecom companies to offer long-distance data service outside of their traditional fenced-in markets without having to make their facilities and networks available to competitors.

Verizon Spokesman Bob Bishop said that the company has not yet seen the bill, and declined to comment on it. The company, and other Baby Bells, oppose S. 1364, since it keeps them under the status quo of the current regulatory regime.

The Association of Local Telecommunications Services (ALTS), which supports maintaining regulations on the Baby Bells, said that Hollings' new bill ensures "that rural Americans can receive high-speed services and have a choice of competitive carriers."

ALTS President John Windhausen also said that the bill is "the right kind of approach to broadband deployment," whether or not his association's member companies receive any of the proposed handouts.

While Baby Bells and other incumbent telecom companies want the Federal Communications Commission to ease the rules that govern how they offer high-speed service, Hollings believes that current laws, which require Baby Bells to open up their networks to local competitors before taking the long-distance leap, are adequate.

Today's bill and the legislation introduced last August will vie for Senate approval at the expense of several other bills introduced by Sens. John Breaux (D-La.), Don Nickles (R-Okla), Sam Brownback (R-Kan.) and Reps. W.J. "Billy" Tauzin (R-La.) and John Dingell (D-Mich.).

Breaux' and Nickles' legislation purportedly promotes regulatory parity that would make all broadband providers subject to the same regulations, or no regulations at all. This move worries Bell opponents because it could strip away regulatory requirements on incumbent local phone companies to make it equally easy for them to deploy DSL service as it is for cable companies to provide their own Internet access.

The Brownback bill, as well as the Tauzin-Dingell bill, also scratch the regulatory requirements in the name of increased competition.

Rep. Robert Goodlatte (R-Va.), who supports the Tauzin-Dingell bill, said that Hollings' legislation is "a government approach to a problem that free enterprise could solve."

"I was interested to see him say that the Breaux bill ... was a Trojan Horse. My response would be that his bill's a red herring," Goodlatte added. "It avoids the issues and tries to lead people away from confronting the fact that we are wasting huge available resources by keeping some of the major competitors in that market from being able to fairly and fully compete..."

Tauzin spokesman Ken Johnson said that "We prefer more of a free-market approach toward solving the problem" than what the Hollings bill offers.

He added that the Hollings bill has its bright side.

"On the one hand, the Hollings bill is a little too regulatory for us, but any broadband bill that will get us into conference with Tauzin-Dingell, we got to like it a little bit," Johnson said.

"There are clear differences between our approaches, but we both want the same thing, and that's competition in the marketplace." ********************

Washington Post
Building, and Billing, Networks
Megisto Systems Helps Providers Charge for Wireless Transactions
By Yuki Noguchi
Page E05

The fine black leather office chairs in Carol Politi's offices are those, actually, of another business down the street.

The first owner of those chairs -- a software business -- went bust, which is why Politi's own Germantown start-up, Megisto Systems Inc., was able to get them for a third of their original price. Megisto also picked up 15 trash cans for a buck apiece.

Frugality. Value.

In the post-boom era, that's the kind of culture Megisto is cultivating, said Politi, a co-founder and vice president of marketing at the two-year-old firm, which employs 91 people and still has most of its $67 million in private funding in the bank. Megisto was founded after the market crash of 2000, and it acts like a firm greeted at birth with a splash of cold water.

Even its business is trying to reverse the "everything for free" Internet culture that ultimately led to the crash of hundreds of dot-com companies, and later, the collapse of so many telecommunications carriers that built their networks.

Now that wireless carriers offer Internet access over the airwaves, Megisto is building equipment that will try to help them charge users for the services they get -- so that the Internet finally pays for itself, said Gordon Saussy, the co-founder, president and chief executive of Megisto.

The economics of today's Internet simply don't make sense, he said. A customer pays for long-distance calls but not to transmit an e-mail across the globe. Similarly, your Internet service provider doesn't earn anything if you buy something from L.L. Bean online, but your phone company collects a fee from L.L. Bean every time you dial the retailer's 800 number.

"The industry cannot afford to be just dumb pipes," Saussy said. Carriers need a way to recoup the massive investments -- $30 billion, by some industry estimates -- they're making to upgrade their networks to carry all that Internet traffic, he said.

Megisto's product essentially allows a wireless carrier to charge a flat fee for an online purchase, or to bill the cell phone user by the minute for e-mailing a friend. The equipment is attached to a wireless network and keeps track of everything that passes through that network -- whether it's an e-mail, a video game, an online order or a phone call. By distinguishing among the different types of traffic, Megisto's technology allows wireless carriers to make money off each type of transaction.

"Now [wireless carriers] are beginning to realize they have problems. The fear is that they're not going to be able to charge" for the various data services they're starting to offer, said Christine Loredo, an analyst with the Strategis Group. A lot of companies are trying to address that need, but few are as well-funded and focused on that task as Megisto is, she said.

Pedigreed private investment firms including Bessemer Venture Partners, Columbia Capital, Grotech Capital Group, New Enterprise Associates, Norwest Venture Partners and Saturn Ventures Partners have funded Megisto. The company announced Monday that former Federal Communications Commission chairman Reed E. Hundt joined its board of directors.

Coming by that capital was tough, but the benefit of running a new company in leaner times is that fewer start-ups get funding in the first place, pruning the competition to a few players, Politi said.

"One of the nice things about being a post-boom company is that in 1999, there would have been 25 companies" similar to Megisto, Politi said. Instead, the stiffest competition it faces is from two other start-ups, WaterCove Networks Inc. near Boston and Tahoe Networks Inc. in San Jose.

In Saussy's assessment, the biggest challenge his company faces right now is "creating demand" for its products.

For now, Megisto is trying to win the attention of European carriers, such as Vodafone, Telecom Italia, T-Mobile (Deutsche Telekom's mobile division) and Orange (France Telecom's wireless division), which already offer higher-speed Internet services over their mobile networks.

Those same carriers find themselves in a deep financial trough because of the billions they spent to buy spectrum licenses for the right to use airwaves for advanced wireless services.

That makes Megisto's sales pitch a bit harder but also makes having a lot of funding still in the bank reassuring, he said.

"I think being a start-up is always a challenge," Saussy said. "Selling to telecom companies that are challenged is a double challenge. The way I navigate that is that I worry mostly about building aproductthat solves a problem." ******************* Washington Post Privacy Groups Blast Info-Sharing By Financial Institutions Michael Bartlett

The Electronic Privacy Information Center (EPIC) and other privacy groups have decried "disturbing" and "abhorrent" practices at financial institutions in submissions to a U.S. Department of the Treasury study of the industry's information-sharing practices.

The groups criticized practices by some institutions - including the sale of personal data - and lamented a loss of individual privacy due to a "lack of control over use of sensitive data."

EPIC was joined by The Privacy Rights Clearinghouse, U.S. PIRG and the Consumers Union. The groups submitted the comments in response to a request for comment on a study of the Financial Services Modernization Act, commonly known as the Gramm-Leach-Bliley Act, or GLBA.

EPIC noted that Congress enacted the GLBA in response to public concern about privacy loss. The GLBA required companies to give notice to consumers about their information-sharing practices. However, consumers were required to "opt-out," or affirmatively respond if they wished to restrict how their information is shared.

Largely because of this "opt-out" requirement, EPIC charges, the GLBA "has failed to provide the adequate protections for consumer privacy in modern financial services."

"Existing privacy protection and regulation under the GLBA does not adequately protect the privacy of a customer's information," the groups wrote. "Any system to protect the privacy of personal information that relies upon silence as agreement has the built-in elements for abuse and eventually public outcry."

The GLBA has several inadequacies, EPIC said. First, the institutions have a financial incentive to create confusing privacy notices and difficult to follow opt-out procedures. Second, it assumes a company has the ability or desire to explain a complex legal principle in a way that allows consumers to make an informed choice. Third, there are no restrictions on the sharing of information about individuals who are not customers.

In addition, the groups charge, the enforcement mechanisms are inadequate to ensure companies are complying with "even existing weak privacy protections."

According to EPIC, when companies sent the required notices to consumers, the notices often were overlooked or thrown away as "junk mail." In many cases, it said, financial institutions used the requirement to send a legal notice as a pretext for sending a document that appeared to be marketing material.

The notices were confusingly written, failed to provide basic information about opt-out deadlines or options, and placed an "unfair burden" on consumers to understand and respond to privacy policies from every creditor or institution where they do business, EPIC asserted.

The solution, the groups insist, is a requirement for consumers to "opt-in" to sharing, and therefore have the ability to restrict the use of their personal information.

"The danger of the opt-out approach lies in the fact that, because customers likely will not read their opt-out notices, there is no assurance that any implied consent would be truly informed," the groups wrote.

"Under an opt-in approach, consumers must give the financial institution express approval before the company can divulge their personally identifiable information, which will minimize any unwanted or unknowing disclosure of the information."

If information sharing has benefits, then financial institutions should be required to convince customers to allow it, EPIC argued.

Without controls, unlimited sharing of personal financial data can lead to identity theft, as well as consumer fraud, the groups said. ************* Federal Computer Week Lawmakers debate 'e-Congress'

With discussion sounding more like a science fiction movie than a congressional hearing May 1, lawmakers began exploring the idea of creating a virtual Congress that could operate in the event of a crippling terrorist attack or disaster.

Although the scenario may have seemed futuristic before Sept. 11, lawmakers now are determined to come up with contingency plans to keep government operating if the Capitol were destroyed or if members of Congress could not convene in the nation's capital.

"Our common sense dictates that we prepare for the unthinkable," said Rep. Steny Hoyer (D-Md.), ranking member of the House Administration Committee, which conducted the hearing.

When hijacked jetliners crashed into the World Trade Center and the Pentagon Sept. 11, the Capitol and its office buildings were evacuated because officials feared another hijacked plane was heading in their direction.

A month later, the Hart Office Building on Capitol Hill was evacuated because of an anthrax attack. Lawmakers and staff members had to find makeshift offices for months while the building was decontaminated.

And now lawmakers say the problems are not over, and it is essential to prepare for congressional continuity in the event of another attack.

Legislation sponsored by Rep. Jim Langevin (D-R.I.), the Ensuring Congressional Security and Continuity Act, envisions making it possible to keep government operating using the Internet and satellite technology to create an "e-Congress."

Langevin's bill, introduced in December 2001, calls for the National Institute of Standards of Technology to conduct a feasibility study of a solution that would enable members of Congress to log on to a system with secure biometrics technology from anywhere in the world.

"The most important thing is for this plan to establish a two-way backup communications system," Langevin said. "The e-Congress idea is simply a means to facilitate an organized system for congressional continuity if, and only if, an attack or disaster strikes again."

However, several congressional experts said creating a virtual environment would be illegal because the Constitution declares that Congress must assemble once a year.

Other experts cited technological problems, saying that it would be impossible to authenticate a congressman on the Internet, and that the importance of the face-to-face negotiating that occurs during a legislative session would be lost.

"I'm worried about the symbolism," said Norman Ornstein, a scholar at the American Enterprise Institute for Public Policy Research. "I want Congress reconvened as soon as possible [after a disaster]."

Ornstein said he would stop short of endorsing an e-Congress because it was not the intention of the framers who wrote the Constitution.

"No matter how advanced the technology, there is no substitute for the face-to-face conversations and informal interactionsÖthat are critical to genuine institutional and individual deliberation," Ornstein said.

Nevertheless, the panel used a videoconference to show how remote technology could work -- one component of a contingency plan.

With his picture beamed behind the panel, Stephen Frantzich, a U.S. Naval Academy professor, participated in the hearing from Prague, Czech Republic. He told the panel, "Just because you can do something doesn't mean you should necessarily do it." ****************** Computerworld Hacker duo say they hack for the sake of national security By LINDA ROSENCRANCE

A pair of hackers who have been penetrating U.S. government computer systems across the country said they're trying to call attention to vulnerabilities in national security.

But analysts said they're probably nothing more than publicity seekers.

On April 24, the hackers, who call themselves the Deceptive Duo, said they "started their mission" of breaking into both government and private-sector computer systems. In an e-mail interview with Computerworld, they said their purpose was "to expose the lack of security within our government and other critical cyber components."

They said they have hacked into classified and nonclassified systems, including those operated by the office of the secretary of Defense, the Space and Naval Warfare Systems Command, the Defense Logistics Agency, Sandia National Laboratories, NASA Jet Propulsion Laboratories, Midwest Express Airlines and a number of banks.

"We had access to data and Web servers which included things such as pictures from Operation Restore Hope [expanded peacekeeping operations in Somalia in the early 1990s] to the personal details of Department of Defense employees," they said.

The hackers said they breached the systems in two ways: They got in through Microsoft SQL servers, which they said have a default password to log in. Some system administrators didn't change the default password when their databases were implemented and their systems went live, the duo said. They also got in through a NetBIOS Brute Force attack, a method in which the hackers repeatedly try to guess passwords to gain entry into a system that could exploit the NetBIOS protocol and allow access to sensitive data.

"Once information was acquired, we targeted an appropriate Web site to post the screenshots at. For instance, we posted the Defense Logistics Agency database on a Web site of the Office of the Secretary of Defense," the hackers said in their e-mail.

Richard Williamson, a spokesman for the Space and Naval Warfare Systems Command, acknowledged that hackers gained access to the system through SQL because the agency had failed to change the default password and administrator's user ID.

"We're embarrassed. We didn't change it. We made a mistake," he said.

Williamson said the pair didn't get access to any classified information. "It was information any taxpayer is entitled to," he said.

The hackers, who wouldn't reveal their ages, said they believed breaking into computer systems was the only way to get system administrators to take action to improve security.

"We must take drastic means for them to take this seriously," they said. "When notifying a system administrator, the situation often times will get brushed away like it was nothing."

The hackers said they have received e-mails from various system administrators of the penetrated computers and they fully cooperate with them in creating a more secure environment for their systems.

"If we did not, our mission would be incomplete," they said.

Screenshots of the information obtained by the Deceptive Duo, including bank databases with customers' personal information and bank account numbers, were posted at a security Web site.

Another database screenshot posted at the same Web site showed names, passport numbers and other personal information apparently gleaned from the U.S. Department of Defense's Defense Logistics Agency.

Lisa Bailey, a spokeswoman for Milwaukee-based Midwest Express, confirmed that the pair hacked into the airline's computer system but gained access only to customer profiles.

"What they hacked into was not manifest information or anything like that," she said. "There was no credit card information [taken]."

Eric Hemmendinger, an analyst at Aberdeen Group Inc. in Boston, said that although he didn't know much about the Deceptive Duo, he believed they were probably "publicity hounds."

Charles Kolodgy, an analyst at IDC, in Framingham, Mass., agreed. He said he didn't believe the pair was on a mission to improve security.

"I think there might be a business reason behind this," he said. "Maybe they're trying to sell security products. And they probably just have too much time on their hands." ******************** BBC How to hack your mobile phone

Changing the ID number of your phone is as easy as swapping the font in a word processing document. Software programs that let you alter this 15-digit number can be readily bought via the web.

Some sites even sell "chipping" kits that bundle cables and software together into one package for less than £50.

With this software and a cable that connects the phone to a laptop or PC, the number can be changed in a few moments.

Number game

"It's not very difficult, anyone could do it," said Jack Wraith, head of the Mobile Industry Crime Action Forum.

He said different chipping programs change different parts of the International Mobile Equipment Identity (IMEI) number borne by GSM handsets.

The 15-digit IMEI is programmed into a handset when it is manufactured.

It is made up of identifiers that reveal where the handset can be used, which factory made it, a unique serial number and a check digit that ensures the whole number is valid.

Like credit card numbers, only certain strings of 15 digits are valid, Chipping software is built using algorithms that work out valid combinations of numbers.

Mr Wraith said the software packages typically change either the last two numbers in an IMEI or the entire 15-digit number.

You can check the IMEI number of a GSM phone, which prevail in Europe, the Middle East and the Far East, by dialling *#06#.

Mobile networks that do not use GSM technology do not use IMEI identifiers.

Mr Wraith said by the end of the summer all the UK's mobile phone networks will be able to block phones by their IMEI numbers.

Currently O2 and Vodafone, which operate the UK's oldest mobile networks, are the only ones that cannot block by IMEI number.

Zero value

Laws being introduced in Britain will make it an offence to sell kits that allow IMEI numbers to be changed.

"There's no legal reason, or very few legal reasons, for that number to be changed," said Mr Wraith.

But he said, the introduction of IMEI blocking may not reduce the number of phones being stolen.

"A mugger who takes your wallet isn't going to leave you with a phone to call the police," he said.

However, it will reduce the saleable value of a stolen phone to almost zero, he said. ***************** Computerworld Hitachi and others break storage capacity barriers By LUCAS MEARIAN

A number of storage technology breakthroughs were announced this week, including the doubling of hard disk and tape memory capacity, vendors said.

Hitachi Ltd. in Japan has developed a technology that can more than double hard-disk memory density, according to North American spokesman Gerry Corbett.

According to Corbett and a Japanese news report, the company will start shipping product samples as early as 2004.

Hitachi's technology, called perpendicular magnetic recording, increases storage per square inch of disk space to 107G bits, 7 more gigabits than is now possible with that particular recording technology.

David Reinsel, research manager for hard drives at IDC's Minnesota office, said the difference between traditional data storage and perpendicular magnetic recording is the polarity of the bits.

"The magnetization for the traditional [recording] being left to right, where as perpendicular moves that polarity to north to south," he said. "Typically, when [the hard drive's head] is entering into the next bit there's a transition period. This eliminates that transition that had been there. It's going to require a different type of head to read it."

Reinsel said Hitachi's perpendicular magnetic recording breakthrough, which was announced a year ago, is significant for the future of storage, but not yet "ready for prime time."

"Horizontal technology still has a ways to go," he said.

For example, Fremont, Calif.-based Read-Rite Corp. yesterday announced that it has achieved 130 billion bit/sq. in. of hard-disk space using horizontal or longitudinal disk technology. That will enable consumers to record 134 full-length VHS motion pictures on a two-disk personal video recorder once the technology reaches the marketplace.

"In less than three years, our skilled team of engineers and strategic partners pushed areal density levels over 950%, from 13.5 billion bit/sq. in. in July 1998 to today's achievement of 130 billion bit/sq. in.," Mark Re, senior vice president of research and development at Read-Rite, said in a statement.

Also yesterday, Sony said it has broken the record for tape storage density by achieving over 11.5G bit/sq. in. of data storage on 1 sq. in. of tape. That nearly doubles the previous record of 6.5G bit/sq. in.

Sony said in a statement that the breakthrough paves the way for its new S-AIT storage format, which will feature the industry's highest compressed capacity -- more than 1TB per tape -- when it debuts this fall.

"This latest density breakthrough will allow the AIT and S-AIT architectures to progress in a parallel manner and achieve our current road maps," said Takao Hiramoto, president for the Server Solutions Company of Sony Corp.'s Broadband Solutions Network Co. in Tokyo.

In other news, a team of storage networking industry vendors announced this week it broke the 2TB/hr. backup barrier.

The performance test, performed on a storage-area network, used equipment from Brocade Communications Corp., Emulex Corp., Storage Technology Corp., Sun Microsystems Inc. and Veritas Software Corp. The companies were backing up an Oracle9i database.

The new benchmark will allow companies to reduce current backup times significantly, said Steve Kenniston, an analyst at the Enterprise Storage Group.

"Improving backup and restore times at a significant level, based on real-world database configurations, will be of great advantage to companies who view maximum uptime as an essential business requirement." Kenniston said. ******************** BBC E-government to cost jobs

Putting government services online could cost up to 20% of civil servant jobs over the next 10 years, according to the UK e-envoy Andrew Pinder. The comments about the jobs cuts, made at a Government Leaders' Conference in Seattle, have left other e-government experts baffled.

Mr Pinder said re-organising the way the public sector worked could be used to increase staff numbers in the health and education sectors.

The e-envoy is charged with the job of getting all government services online by 2005.

More not less

A spokesperson for the e-envoy confirmed that the savings would result from the reorganisation of public services over the next decade.

According to Mr Pinder, the savings are based on those already made by the private sector.

But Peter Friedman, editor of SupportInsight, a website for the support and training industry, is not convinced he has got his sums right.

"I would be very interested to know where Mr Pinder gets that 20% saved by the private sector from," he said.

The need for online support has in fact increased job opportunities, he said.

"In the private sector we are seeing the quality of service issue potentially increasing the resources devoted to customer relationship management."

His comments were echoed by civil service unions.

"My understanding is that there is no definitive answer on how e-government will affect civil service jobs," said a spokesman for the Public and Commercial Services Union.

"It will certainly change work in the civil and public sector and will have an impact on the number of staff but it is too early to say how many."

Redundancies?

According to the union, there is likely to be immense political pressure on the government not to close down local benefit and tax offices.

"A significant proportion of the public will still want face-to-face contacts," said the union spokesman.

He said the union would work closely with the government to ensure civil servants replaced by electronic services were redeployed elsewhere in the public sector.

Ex-civil servant Ken D'Rosario, who now works with NextiraOne on public service projects, said it was far too early to talk about redundancies.

"E-government is nowhere near where it should be so anyone making judgements on staffing levels is being a bit premature," he said.

Mr Pinder declined an interview with BBC News Online about his comments.
***************
BBC
Tough penalties for mobile phone theft

A Bill published by the Home Office on Friday will make it a criminal offence to reprogramme stolen phones to create a new number so they can be used again.

The new tougher penalties aim to curb the growing menace of mobile phone related street crime.

Those found guilty of reprogramming could face jail terms of up to five years or unlimited fines.

The new Mobile Telephones (Reprogramming) Bill would also make it illegal to own or supply any of the equipment for reprogramming handsets.

The Bill has been welcomed by police and the phone industry.

Home Office minister John Denham said: "Mobile phone thefts have been a key factor in rising street crime - stolen mobiles are now involved in 50% of all robberies in London.

"The Bill being published today builds on the concerted action being taken across government to tackle street crime."

Violent attacks

Tim Godwin, a Deputy Assistant Commissioner (DAC) of the Metropolitan Police, said: "Mobile phones are quickly turned into cash by thieves.

"This measure will reduce their value to a thief and therefore we strongly support and welcome it."

About 700,000 mobile phones were stolen last year, many in violent attacks.

Mobile phone operators have already agreed to exchange lists of the unique 15-digit handset identity numbers, known as the International Mobile Equipment Identity (IMEI) numbers, which are programmed on manufacture.

Thus, when a phone is reported stolen, its number can be recognised by other networks and they can refuse to connect it.

Disguise

However, this system alone does not make stolen handsets impossible to use.

Some thieves with specialist software can still change the handset identity number, or alter it to disguise its origin.

This makes it impossible for the manufacturers to trace the handsets, and they can then be sold on.

Phone security experts have for some time been calling for the changing of the IMEI number to be made illegal.

Jack Wraith, of the Mobile Industry Crime Action Forum, said the Bill would help reduce thefts.

"The activities of individuals involved in the reprogramming of stolen mobile devices has, for too long, allowed stolen mobile phones to be reprogrammed with impunity," he said. *************** Computerworld American University to roll out campus wireless system By JUAN CARLOS PEREZ, IDG NEWS SERVICE

American University in Washington will roll out a campuswide wireless system designed to give students, faculty and employees wireless access to university data.

The system is designed to improve voice and data communications in the university and reduce the use of traditional phones on campus, American University said yesterday in a statement. It's expected to be ready in time for the fall semester.

Using wireless devices such as cell phones, personal digital assistants and notebook computers, students, teachers and university staff will be able to, among other things, connect to the Internet, send and receive e-mail messages, and access Web-based university information, such as class schedules.

The system will also allow university officials to push out to the users university-related information, such as alerts about class cancellations and information about campus events. The system has been designed to provide wireless connectivity to users who are indoors or outdoors, the university said.

IT services provider KPMG Consulting Inc. in McLean, Va., is in charge of implementing the system, the university said. The university carried out a two-month trial of the system in its business school and one residence hall.

In the current academic year, American University has 5,501 undergraduate students, 3,161 graduate students and 1,532 students in its law school, as well as a full-time faculty of 566, according to the university's Web site. **************** Computerworld Servers converge as part of Unisys strategy New ClearPath releases aimed at moving users to common architecture By JAIKUMAR VIJAYAN

With three new releases, Unisys Corp. is building on efforts to migrate users of its two proprietary mainframe lines to a common architecture based on Intel Corp. and Windows technologies.

The Blue Bell, Pa.-based company last week introduced ClearPath server models that offer triple the systems capacity and double the partitions of its existing systems, according to the company.

Like their predecessors, the new systems are based on Unisys' Cellular MultiProcessing (CMP) architecture, which allows users to mix applications running on Wintel technology with those running on proprietary Unisys processors in a single box.

The goal is to give users of Unisys' MCP and OS 2200 mainframe operating systems a way to take advantage of their investments while offering a reliable, mainframe-class system for running newer applications, said Rod Sapp, a Unisys director.

The new systems "converge all of Unisys' legacy environments on a single technology," said James Cassell, an analyst at Stamford, Conn.-based Gartner Inc. "Users are not only going to get better price/performance but also increased functionality as a result."

The all-Intel-based ClearPath Plus Server CS 7201 model is targeted at MCP users. The system supports up to 32 processors and eight partitions. Users can take advantage of the partitions to run a mix of MCP, Unix and Windows 2000 Advanced Server or Windows Datacenter Server applications.

The two other models introduced last week are aimed at users of the OS 2200 operating system. The ClearPath Plus Server CS 7402 box supports up to four of Unisys' proprietary CMOS chips or Intel processors and allows users to combine OS 2200 applications with Windows applications in the same box.

Meanwhile, the new CS 7802 model supports up to 32 of Unisys' CMOS processors and is also capable of supporting Intel chips. Like the other models, the system can support a mix of OS 2200, Windows and Unix applications.

Customer Feedback

Carnival Cruise Lines has purchased a 16-processor CS 7802 to run its core reservation and marketing applications, said Doug Eney, vice president of systems at Miami-based Carnival. The system is about four to five times faster than the water-cooled system it replaces and delivers far greater performance, Eney said.

"It's a very hardened, very scalable and very partitionable box," he said.

Carnival's new server is based entirely on Unisys' proprietary CMOS chips and is being used to run only OS 2200-based applications, he said. But the company is considering taking advantage of ClearPath's CMP architecture to consolidate Windows-based applications on such boxes, Eney said. ***************** Government Computer News McNealy: We've already lost privacy By William Jackson

The Transportation Security Administration could guarantee air safety by collecting passenger information from public and private databases, industry executives said at a Washington forum sponsored this week by the Council for Excellence in Government.

"It's not a technology problem, it's a problem of political will, what we are willing to give up" in exchange for greater security, said Steve Perkins, senior vice president for public-sector business at Oracle Corp.

Oracle formed the Liberty Alliance with Electronic Data Systems Corp., PricewaterhouseCoopers Inc. of New York and Sun Microsystems Inc. to sell the database-mining idea to the government.

"Our goal is to push the bounds of the technology," Perkins said. "I don't see a role for the alliance on the policy side." The alliance has proposed authenticating passengers through public databases, cross-referenced against federal watch lists. Trusted passengers would be issued biometric smart cards for faster processing at airport checkpoints.

Sun chief executive officer Scott McNealy downplayed the risks of such a system, calling anonymity "a very dangerous weapon. You're not losing privacy that you haven't already lost anyway."

Government officials, however, said privacy and security policies require industry participation.

"The whole concept of shared databases being at risk is something government can't deal with effectively without private-sector partners that control some of the most extensive databases," said Mary Mitchell, the General Services Administration's program executive for e-government policy.

Chris Israel, deputy assistant secretary of Commerce for technology policy, said risks to privacy grow as personal data is gathered and consolidated for homeland security.

"The paradigm is going to have to be completely changed," Israel said. Biometrics technology is both an answer and a threat to privacy, and government policy will have to be retooled to handle the new risks, he said. "We're going to be confounded by it going forward." **************** Government Computer News Net Guard would function as a virtual National Guard By William Jackson

Two bills to strengthen the nation's cyberdefenses will come up this month before the Senate Commerce, Science and Transportation Committee. Sen. Ron Wyden (D-Ore.), a sponsor of the Science and Technology Emergency Mobilization Act, said his bill would establish volunteer rapid response teams to help restore critical infrastructures in the wake of disasters. The teams, which would be known as the Net Guard, would function like an IT equivalent of the National Guard.

Another bill, the Cyber Security R&D Act that the House passed in February, would make more than $1 billion available over the next five years for security research and education programs. The bill would fund $743 million through the National Science Foundation and $302 million through the National Institute of Standards and Technology.

Lance J. Hoffman, professor of computer science at George Washington University in Washington, told the subcommittee that information security research has been a poor stepchild. It cannot compete with established disciplines because "students and faculty have been driven by available funding to work on problems that are better known," he said.

Hoffman said background checks should be required for Net Guard volunteers under the Science and Technology Emergency Mobilization Act. The national Net Guard database would have to be adequately secured to ensure privacy and restrict unauthorized access, he said. And the guard as described by the act might be too ambitious, he added, whereas local and regional programs would be more workable. ***************** Mercury News Court orders video spying SONICBLUE TO SURVEY CUSTOMER RECORDERS By Dawn C. Chmielewski Mercury News

A federal magistrate in Los Angeles has ordered SonicBlue to spy on thousands of digital video recorder users -- monitoring every show they record, every commercial they skip and every program they send electronically to a friend.

Central District Court Magistrate Charles F. Eick told SonicBlue to gather ``all available information'' about how consumers use the Santa Clara company's latest generation ReplayTV 4000 video recorders and turn the information over to the film studios and television networks suing it for contributing to copyright infringement.

``We've been ordered to invade the privacy of our customers,'' said Ken Potashner, SonicBlue's chairman and chief executive. ``This is something that we find personally very troubling.''

Privacy advocates condemned the ruling which came during the pre-trial discovery process of a series of lawsuits against SonicBlue.

In October, the studios and networks accused SonicBlue of permitting copyright infringement with its latest digital video recorder.

The plaintiffs asked SonicBlue to turn over information on how individuals use the recording devices. SonicBlue said it does not track that information. The magistrate, who is supervising discovery, ordered the company to write software in the next 60 days that would record every ``click'' from every customer's remote control.

Four separate lawsuits focus on a pair of features on the ReplayTV 4000; an ``AutoSkip'' function that allows the device to bypass commercials while recording a program; and a high-speed Internet port that allows users to download programs from the Internet or send them to other ReplayTV 4000 users.

The suits allege these features effectively deprive networks of the means of paying for their programs -- advertising revenue. And they allow people who paid for premium programming -- say HBO's ``Six Feet Under'' -- to send it to consumers who haven't.

A Disney spokeswoman accused SonicBlue of a ``deliberate and completely misleading'' characterization of the court's order. The studios and networks are merely seeking access to the same kind of anonymous data that SonicBlue's privacy policy says it is entitled to collect about its users, she said.

Attorneys for the studios say they need this information to determine the extent to which the ReplayTV 4000 allows consumers to steal copyrighted movies and television shows.

``None of the data the plaintiffs are seeking identifies any individuals,'' said Michelle Bergman, the Disney spokeswoman. ``We respect viewer privacy and the order we obtained respects that important right. We are simply protecting our copyrighted content and all whose livelihoods are dependent on it.''

The court ruling requires SonicBlue to track individual users -- not by name, but through ``unique identification numbers.''

``The concern is once you collect information about an individual, the individual may be concerned that he or she could be linked to that information at some time,'' said SonicBlue attorney Lawrence Pulgram.

``It's an incredible invasion of privacy,'' said Fred von Lohmann, an intellectual property expert for the Electronic Frontier Foundation.

Pulgram said SonicBlue plans to ask the federal district court trial judge to review the magistrate's ruling. ***************** USA Today Anti-spam legislation heading to Senate floor

WASHINGTON (Reuters) A measure that would crack down on the unwanted junk e-mail known as "spam" will soon head to the Senate floor, Sen. Conrad Burns said on Thursday.

The measure enjoys enough support to win the Senate Commerce Committee's stamp of approval when is is brought up for a committee vote this month, tentatively scheduled for May 16, the Montana Republican said.

"It looks like we're finally going to get some action on spamming," Burns said. "I think the bill is in pretty good shape right now."

Burns said he was confident the bill would pass the Senate, although Majority Leader Tom Daschle has not yet committed to bring it up for a vote.

While 22 states have passed anti-spam legislation, efforts in Congress have stumbled over opposition from direct marketers who say their activities would be unfairly limited.

The Federal Trade Commission has since February gone after "spammers" who violate existing laws that prohibit false or deceptive trade practices.

Spammers who use deceptive subject lines or do not respond to consumer requests to be taken off their contact lists are candidates for FTC action, which rarely results in fines or jail time.

Burns' bill, co-sponsored by Oregon Democratic Sen. Ron Wyden, would not impose any new restrictions on commercial e-mail.

Rather, it would strengthen the enforcement authority of the FTC and state attorneys general, allowing them to impose fines of up to $30 per e-mail.

Spammers that hide their identities would also face criminal penalties, and the bill would allow Internet service providers to sue to keep them off their networks.

Burns said spam annoyed Internet users and imposed economic costs on businesses whose e-mail networks carried the unwanted messages.

On a personal level, he said his own e-mail account was overrun with spam.

"I bet you there's 50 (unsolicited messages) on there when I get home tonight, and not one I recognize," Burns said. ****************** MSNBC Viruses enlisted as nano-builders

WASHINGTON, May 2 If you want to build a molecular-scale computer chip, or a minuscule sensor that detects the slightest whiff of an airborne toxin, you're going to need some tiny builders to help put these gadgets together. In Friday's issue of the journal Science, published by the American Association for the Advancement of Science, researchers in Texas show how they hired a virus as their nano-construction worker.

GENETICALLY ENGINEERED to grab up dots of zinc sulfide, these "viral semiconductors" arrange themselves into highly ordered structures that may serve as the raw material for future nanoscale devices. "We want to build things that are as small as the length across a strand of DNA. When you're building things as small as a virus, it makes sense to try to use the biology that already works at this size," explains Angela M. Belcher of the University of Texas. The building blocks of nanotechnology are materials with orderly, often repeating patterns on the scale of a billionth of a meter. It's nearly impossible for researchers to directly create large arrays of these materials with such stunning precision, so scientists seek out systems that can spontaneously arrange themselves. Many biological materials, including viruses in solution, have this promising "self-assembly" quality. Millions of viruses in solution can line up and stack themselves into layers, creating a material that flows like a liquid but maintains an internal pattern. By changing the solution's concentration or applying a magnetic field, scientists can force new patterns and create different liquid crystal structures.

DESIGNER VIRUSES If tiny semiconductor particles could be attached to these orderly viruses, the viruses could do all the tedious and fine work of creating a highly organized nanomaterial, Belcher and her colleagues reasoned. So they set out to design a virus that would recognize and attach itself to zinc sulfide nanocrystals. The researchers began by genetically engineering their chosen nontoxic virus to carry random bits of protein in its outer coat, and comparing each altered virus' ability to latch onto zinc sulfide particles. Belcher and the others aren't exactly sure how the different protein motifs bind to the crystals, but they suspect that the two hook up much like an antibody and antigen. "We think it might work like a lock and key, with the two surfaces complementing each other," says Belcher. After extensive screening, the scientists chose the "best binding" virus and allowed it to infect bacteria where it could make millions of copies of itself. Added to a zinc sulfide solution, the viruses attached themselves to the semiconductor material, grew zinc sulfide nanocrystals at their ends, and assembled themselves into a highly ordered hybrid film with the piggybacked particles. By tinkering with different solution concentrations and applied magnetic fields, Belcher and colleagues were able to alter the stacking direction of the film's layers.

DESIGNER DEVICES Although the zinc sulfide hybrid is their first complete liquid crystal system, the research team has already identified other engineered viruses that can bind to other semiconductor crystals, such as cadmium sulfide, and magnetic materials. The viral films can be stored at room temperature for at least seven months without diluting their concentration or affecting the ability of viruses to infect bacteria. "We've found that this is a reversible process, that you can completely disassemble and reassemble these films, which is interesting from a biotechnology aspect," says Belcher. The researchers are pursuing the intriguing possibility that these films might be a new way to store high-density DNA without freezing. At this point, the technique is "pretty basic, a way of arranging electronic materials where you want them to be," says Belcher. Her team will be spending the next year trying to make simple devices out of this material, with the hope that these materials can be used in self-assembling computer chips, optical devices and sensors that detect biowarfare agents or chemicals. ******************* MSNBC Cyber Scholars C++ meets Chaucer, as universities begin to study the digital world

WHAT I FOUND, however, at the Digital Divides conference convened by the Pacific Regional Humanities Center at the University of California, Davis, was that the academic world has made quite a turnaround. In the 80s and early 90s there were a handful of university folk exploring topics like hypertext or the social impact of computers, but by now the topic of digital change has infiltrated every department from history and linguistics to art and psychology. The Digital Divides event was itself one of a series of three such conferences within the University of California system. The conference topics ranged widely. Martin Kenney, a UC Davis professor, studies the history of Silicon Valley, tracking the influence of the earliest firms on subsequent generations in the same way that literary scholars might follow the influence of the Lake District poets. He theorized, in fact, that the key to Silicon Valley's success was not so much the legendary Hewlett-Packard garage start-up in 1938, but the fact that in 1957 a particularly crucial semiconductor firm, Fairchild, happened to locate there. The company spawned dozens of "Fairchildren" nearby, building the fundamental engines of the digital revolution. Had Fairchild happened to start instead near Boston, the history of digital technology might well have been written on the opposite coast.

Alladi Venkatesh, of UC Irvine, looks at the results, rather than the roots, of the digital revolution: using ethnographic research techniques to study the impact of home networks and highly-wired communities on family life. For his research he has focused on a housing development called Ladera Ranch, in southern Orange County, where homes have "IT nooks," high-speed Internet access and the entire community of 2000 homes is interlinked with a common intranet. "Unlike other appliances," he notes, "Americans haven't yet figured out which room of the house the computer belongs in. This will be a very important time to study." His findings should interest Lee Rainie, head of the Pew Foundation's ambitious Internet and American Life project, which for two years now has conducted in-depth polling to study how the Web is changing U.S. society. At Davis, Rainie presented some newer findings about the 70 million Americans currently not online. Of that number, fully 45 percent say they don't believe they will ever go online, for reasons that include fear, cost issuesand 40 percent who simply say they don't need it. Among the offline, 23 percent are disableda number underscoring the importance of Web site accessibilityand close to 20 percent are "drop-outs" who once had Web access but no longer do. On the connected side, Rainie described the 63 percent of American teenagers who use instant messaging. Among them, 14 percent have used IM to ask for a date, 12 percent have broken off a relationship with IM, and 20 percent have shared their screen name and password with a "best friend." In the last instance, Rainie adds, often with unhappy consequences: "Best friends don't last forever in the teen world." Rogers: How the Web Will Transform Business

Perhaps the most symbolic presentation at Digital Divides came from a non-academic named Rick McGowan, vice-president of a little-known Silicon Valley non-profit company called Unicode. Unicode represents the most fundamental fusion of CP Snow's Two Cultures: nothing less than the effort to make certain that all of the world's languages can be represented in computer form. Unicode began with informal discussions in the late 80's at Apple and the fabled research lab Xerox PARC and is now funded by many of the major computer and software companies. Unicode's goal is to make sure that every form of writing on earth has a unique and universally accepted representation as a string of numbers. By now there are Unicode representations for 96 forms of writing, which in turn represent every language on earth with more than 5 million speakers. Available "scripts" range from old standards like Latin, Greek, Cyrillic, Hebrew; Arabic, Katakana and Han to Thaana, Devanagari, Khmer, Runic, Cherokee and Braille. The goal is to turn every written language into code, and McGowan figures there are at least 25 more "minority" scripts that remain untranslated into Unicode. Unfortunately, as the languages grow more obscure, the battles between experts over what is official grows more intense. An early Unicode developer coined the rule: "For every expert there is an equal and opposite expert." In addition, the rarer the language, the less likely there is much of a market for software, and so the companies that fund Unicode show increasingly less interest. Linguists used to say that a language was a dialect with an army; in the world of Unicode, dialects may turn out to need markets more than armies. But that is where the university world may ultimately come to the rescue. Academic experts are currently working on a Unicode version of Egyptian hieroglyphicsand next on the docket are the symbols of the Rosetta Stone. ****************** USA Today More health insurers let patients file claims online

NEW YORK (AP) Nearly one in three managed care companies now allow patients to file health insurance claims online, a remarkable jump from just six months ago, a new study said.

Health care companies are using the Internet to cut through red tape and make the health care process quicker and easier, according to a survey released Thursday by the consulting firm Cap Gemini Ernst & Young.

For example, nearly 31% of managed care Web sites surveyed allow patients to file claims online, vs. only 4% six months ago, the survey said.

It found that 59% of companies let patients track claims online compared to 27% last summer. Now, 45% of patients can access an explanation of benefits online, compared to 25% six months ago.

The automation also benefits doctors. The survey said 58% of plans have Web sites that allow doctors to make referrals online, compared to 20% just 6 months ago. Moreover, 81% of Web sites let doctors check plans' preferred drug lists vs. 59% six months ago.

The consulting firm reviewed 78 web sites from November 2001 and January 2002 and compared the results with a survey conducted from March 2000 and June 2001.

However, there is still no way to say how many doctors and patients are taking advantage of the technological improvements, said Peter Kongstvedt, head of Cap Gemini's managed care practice.

Kongstvedt said automating tasks now done over the fax, phone and mail will reduce errors and bring down the cost of health care. He said it takes between four years and six years for a company to realize a return on its technological investments.

Kongstvedt said managed care companies spend between 14% and 15% of their revenues on sales and administration. Automating the administrative process should push that down to 8% to 9%, he said. ***************** MSNBC Cell phones you can throw away Intel to provide chipsets for disposable phones

GARDEN GROVE, Calif., May 2 Disposable diapers. Disposable cameras. And now, disposable cell phones. Hop-On , based in Garden Grove, Calif., said Wednesday that it had struck an agreement with Intel Corp. to provide chipsets for its disposable cell phones.

INTEL, THE WORLD'S largest semiconductor company, has a small second-generation chipset business, and is more than happy to sell the older products, an Intel spokesman said.

Hop-On said Intel will provide chipsets using the TDMA cell phone standard for use in its disposable phones worldwide. Initial target markets will be in the United States and Latin America, the company said. Hop-On's disposable cell phones, which it says are recyclable, will carry an hour's worth of prepaid calling minutes in the United States. Hop-On said it "will be distributing its products through some of the nation's largest retailers and convenience stores" and will "provide users with national coverage through some of the nation's preeminent carriers." Hop-On shares trade on the pink sheets for about 17 cents each.

*******************
Government Executive
Cybersecurity legislation gets mixed reviews
By Liza Porteus, National Journal's Technology Daily

Government and industry officials on Thursday hailed a bill aimed at ensuring that federal agencies maintain strong information security but questioned certain aspects of the measure. Two House Government Reform subcommittees--Government Efficiency, Financial Management and Intergovernmental Relations, and Technology and Procurement Policy--held a joint hearing on the bill, H.R. 3844, which would permanently reauthorize the Government Information Security Reform Act (GISRA) and implement additional computer-security measures for federal agencies. Mark Forman, e-government chief for the Office of Management and Budget, said the administration is still developing its position on the legislation. He said the continued strong role of the National Institute of Standards and Technology in information security is "critical." NIST will help agencies conduct security reviews for submission to OMB. Robert Dacey, director of information security at the General Accounting Office, agreed that continuation of GISRA is "essential" but said the administration should do more to obtain technical expertise to protect computer systems and to make sure sufficient resources are available. But certain changes should be made to the legislation, some panelists said. The bill, for instance, calls for an information-emergency response center. But Daniel Wolf, information assurance director for the National Security Agency, said yet another incident-response center like those housed at NSA, the Defense Department and the FBI's National Infrastructure Protection Center would add "unnecessary redundancy." The Commerce Department, meanwhile, does not want the measure to transfer authority on security standards from NIST to OMB. Ron Miller, chief information officer of the Federal Emergency Management Agency, suggested that the bill should include a stronger link between security requirements for information technology and the capital planning process, and that there should be more focus on retaining IT professionals and individual accountability for security. "It would be very useful if the federal government provided IT security training in perhaps the same way that it offers standardized training in technology subjects, management skills, leadership development and other professional disciplines," Miller said. Miller also said effective cybersecurity will require a coordinated effort with the White House Office of Homeland Security to link the federal government with other governmental and industry representatives. Jim Dempsey, deputy director for the Center for Democracy and Technology, also said the measure should not eliminate the Computer System Security and Privacy Advisory Board, which has served as an advisory group for the federal government on privacy issues. "At the current time, when there are so many important privacy issues facing the government and the private sector, it is inadvisable to reduce the federal government's ability to address privacy issues," Dempsey said. Dempsey said the legislation also would not address enough privacy concerns and should include provisions to bring privacy and other aspects of information policy into the development of security standards. He said government should look to privacy practices currently employed by the private sector as a model. A Davis spokesman said the goal is to get the bill marked up in the full House Government Reform Committee within two weeks. GAO and the subcommittees released a report http://www.gao.gov/new.items/d02407.pdf detailing what other actions are necessary to fully implement GISRA and other information security reforms. **************** USA Today Study claims traffic cameras reduce speeding

WASHINGTON (AP) The number of motorists speeding on neighborhood streets in the nation's capital dropped sharply after police began using cameras, a new study shows.

The Insurance Institute for Highway Safety measured travel speeds on seven streets before the cameras and at the same sites six months after deployment. The sites tested were among 60 locations in the city where cameras have been used.

The number of motorists traveling more than 10 mph above the speed limit decreased significantly at each of the seven sites. The decline ranged from 38 to 89%.

For comparison, the researchers also observed speeds during the same time periods at eight sites in Baltimore County, Md., which does not use cameras. In each case, the proportion of speeding motorists stayed about the same or increased slightly.

"The research provides clear indication that speed cameras and red light cameras cause many drivers who would break the law to abide by it," said Richard Retting, the institute's lead researcher.

About 70 communities around the country use cameras mounted at intersections to catch drivers who run red lights. Speed cameras, which measure how fast a vehicle is traveling, are used in only about a dozen communities, Retting said.

The American Civil Liberties Union and others say the cameras infringe on privacy rights. Critics also complain the system unfairly assumes the owner of the car is the person behind the wheel.

Last month, Hawaii's governor ordered a halt to use of speed cameras amid complaints. The next day, the Legislature voted to repeal the three-year pilot program.

Proponents say the cameras make the streets safer for law-abiding drivers and reduce the number of police chases.

The District of Columbia started using speed cameras last summer. Five are mounted on unmarked police cars and rotated among 60 sites. By the end of March, 251,474 tickets had been issued and $10.5 million in fines collected.

Washington police spokesman Kevin Morison said the insurance industry study mirrors observations made by the department. He said one in three motorists passing the cameras last July was speeding, compared with one in eight in March.

"Clearly our own results and now this independent study show these cameras are having their intended effect, and that's to slow people down," Morison said.

House Majority Leader Dick Armey, R-Texas, is among the harshest critics of traffic cameras, saying cities are using them to boost revenue.

Armey spokesman Richard Diamond questioned the objectivity of the insurance industry, which he said benefits from tickets because they lead to higher rates for policyholders.

"If you are seeing lower speeds, that's often just a result of people slamming on their brakes when they realize there is a camera there," Diamond said. "It's a common phenomenon, and it's more of a safety problem than a safety benefit."

The insurance institute plans to release its study this month
******************
Europemedia.net
Anti-spam legislation stalls
22/04/2002  Editor: Kate Flood

Electronic marketing firms and websites are in for a long wait for European anti-spam legislation, after the European Parliament's Citizens' Rights Committee voted that it should be left up to member states to decide if web surfers should opt-in or opt-out of unsolicited e-mail.

At a second reading of the proposed electronic communication data protection directive, the committee voted that individual countries should set policies on whether internet users should give permission before being sent commercial e-mail (opt-in) or merely have the right to demand that they be removed from mailing lists (opt-out).

In December, the European Telecoms Council of Ministers voted in favour of a single opt-in policy, which would allow companies that have done business with customers in the past to send unsolicited e-mails for similar products.

But committee recently voted to take out the word "similar" from the proposed directive, giving companies the option of sending mass e-mails out over different platforms, like fax and SMS, and possibly providing a legislative loophole for spammers.

The legislation is to return to Parliament for a second reading May 14. Amendments need at least 314 votes to pass a second reading, "but as a substantial number of amendments were passed by a only slight majority within the committee, the result of the plenary vote is uncertain," said an European Parliament statement.

If Parliament and the telecoms council can't reach an agreement, the two sides are expected to head into conciliation, which could delay the legislation further.

The committee also voted that user's personal information may not be stored by electronic service providers for longer than necessary for billing purposes and data privacy restrictions could only be lifted in order to conduct criminal investigations or safeguard national or public security.

As well, the committee said that users should have the right to refuse cookies, but rejected Council's opinion that users should receive information on the purpose of cookies in advance. ****************** Europemedia.net Does P3P promise more than it can deliver? 03/05/2002 Editor: Russell Dyas

The World Wide Web Consortium (W3C) recently released the latest version of its web protocol, called Platform for Privacy Preferences (P3P), which promises to change the face of privacy on the web.

But just like when Microsoft releases a version of Windows, these types of promises don't usually live up to expectations.

The basic idea behind P3P is that you have web browser that supports the protocol, and you set how and what information websites can use about you.

Websites then put a file on their site listing what information they require from the user and what that information is going to be used for. If that matches your preferences, the websites can get information from you. If not, then the platform denies the website access to the information or asks you if you wish to view the site.

Sounds great in theory, but in practice it's a different matter. I'll examine the protocol's first hurdle by telling you a story. A client of mine rang up and said that his computer was displaying a security message saying, "you are about to send secure data over a non-secure link."

I have worked in computers for many years so I knew what to do. But this person was a beginner, so I explained it to him simply and his comment was: "why couldn't have they said that with out all this guff?"

The average user will not spend hours trying to work out how to alter P3P settings in a web browser. Chances are users will turn off these settings, or even worse, leave a default setting that may end up denying access to sites that they want to see (like Amazon.com) . But the users, not realising this, could think there is a problem with the websites, not with their browser settings.

The next hurdle is that there is no way of knowing if websites actually practise what they say in their privacy policy. They may have said that your information would not be given to a third party, but you don't know if that's actually the case.

In Europe we have a course of action, as there are strict privacy laws such as the UK's Data Protection Act, and expected European protection laws. But even with these safeguards, you still have to prove that the information was misused by the website. But when you consider other countries like the US have no data protection laws, it spells bad news for the user.

Take the planned Compaq and Hewlett-Packard merger for instance. Imagine that Compaq put P3P on its website and says that it will not use the information for advertising. Five years later, it is bought out by a little-known company, Macrosoft, and then Technology Corp. buys it four years later.

So nine years later Compact still has your information. Can you see them honouring a P3P agreement struck years earlier? Before you know it, you will have a mountain of junk mail the size of Mount Everest.

The other problem with P3P is that the information that is being collected can decrease your privacy. If a website collects your age, it is in fact collecting your date of birth, along with your name, which can uniquely identify you. That's why you need your date of birth on most official forms, from social security to medical records.

But W3C says it is trying to make the protocol more understandable to the average user. It describes it as a "social protocol," not a "technical protocol," which is a daunting task in itself.

This is one of the reasons it has taken a long time to create the protocol, as it has to be in plain English. An average user will know the definition of nudity, whereas how many non-technical users know what the words "click-stream data," "system administrator," or even "protocol" mean?

I know myself, I am holding back implementing it on any websites that I run. At the moment, all I have is a static privacy policy, which users can read on the website by clicking on a link at the bottom of every page.

If P3P is taken up by a majority of sites, then it has the potential to misrepresent the user. It also has the potential to do well, but its future all hangs on how the websites and WC3 market the P3P to the end-users. But, as usual, only time will tell. ****************** Europemedia.net Spain TV will be 'radically different' in 3 years: report

Television will experience a technological revolution over the next three years, according to new research from the Center for Audiovisual Studies in the University of Navarra, Spain.

The study forecasts that the main trend is toward medium convergence, which is supported by digital technology. The platform, the study says, will no longer be relevant and communication entrepreneurs will refer to information as the basic element for their businesses.

Another forecasted trend mentioned in the report is the increasing popularity of reality shows, which are cheaper than soap operas and more appreciated than fiction by the audience.

According to the study, fiction will have to look for continuation in interactive applications, which will change the form, but not the content, although the viewer will participate more in the scripts.

The study also mentions how broadband connections are becoming the new gateway for TV content, and how this will be one of the technological pillars of the TV in the future. Small screens will become bigger, and DVD will produce new content. Other applications that will introduce more changes are video-on-demand and PVR ( personal video recorders). *****************

News Factor
IBM Software Will Monitor, Repair Problems
By Crayton Harrison
May 03, 2002
http://www.newsfactor.com/perl/story/17577.html

IBM is designing new software and technology tools to create computer systems that monitor themselves, fixing what breaks, responding to drastic changes in capacity needs, and switching to emergency back-up systems when disaster strikes. For the complete story see: http://www.newsfactor.com/perl/story/17577.html

************************
News Factor
Unbreakable Code Could Thwart Cyber Crooks
By Lou Hirsh
May 2, 2002

Quantum cryptography could be employed effectively in business security systems, particularly those that handle large numbers of financial transactions. 'You might want to use this in a business when you have to deal with more than one site,' IEEE Spectrum editor Samuel Moore told NewsFactor. Complete story: http://www.newsfactor.com/perl/story/17553.html#story-start

********************** Taipei Times Cross-strait DVD talks going on STAFF WRITER Nineteen Taiwanese DVD man-ufacturers are in talks with counterparts in China to create a new DVD standard to skirt license fees charged by technology owners such as Sony Corp, Chinese-language media reported, citing officials of a local research organization.

Discs and players using the new format will be on the market in the third quarter, according to Derray Huang (¶À±o·ç), deputy general director at Taiwan's Industrial Technology Research Institute (¤u¬ã°|).

The Taiwanese companies hope to avoid disputes about DVD technology, such as a recent lawsuit filed by Sony against distributor Apex Digital for failing to pay license fees.

While the case was settled, Chinese manufacturers that sell through Apex will probably seek to avoid license payments to patent holders like Sony and Royal Philips Electronics NV, the paper said.

Sony and Toshiba Corp are losing their domination of the market for DVD players to Chinese companies such as Sichuan Changhong Electric Co, according to market researcher iSuppli Corp. DVD players are the fastest growing consumer electronics product with sales of US$3.5 billion last year. ****************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 507
1100 Seventeenth Street, NW
Washington, D.C. 20036-4632
202-659-9711

Prev by Date: Clips May 2, 2002
Next by Date: ACM TechNews - Monday, May 6, 2002
Previous by thread: Clips May 2, 2002
Next by thread: ACM TechNews - Monday, May 6, 2002
Index(es):
- Date
- Thread