[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips May 23, 2002

Clips May 23, 2002


ARTICLES

Open-Source Fight Flares At Pentagon
Computers Would Track Terror Threat
GAO pushes training for Army teams
Study Looks at Health Web Site Use
DOD focus on joint networks urged
Top 10 e-mail scams exposed
Text message votes 'trivialises' elections
Screens blamed for 'air blunders'
Internet2 speed record
Plan to give comunities access to broadband internet
DOD IT projects come under fire
Terror warning issued for nation's ports
Ventura body slams ISP lobby on privacy

******************
Washington Post
Open-Source Fight Flares At Pentagon
Microsoft Lobbies Hard Against Free Software
By Jonathan Krim

Microsoft Corp. is aggressively lobbying the Pentagon to squelch its growing use of freely distributed computer software and switch to proprietary systems such as those sold by the software giant, according to officials familiar with the campaign.

In what one military source called a "barrage" of contacts with officials at the Defense Information Systems Agency and the office of Defense Secretary Donald H. Rumsfeld over the past few months, the company said "open source" software threatens security and its intellectual property.

But the effort may have backfired. A May 10 report prepared for the Defense Department concluded that open source often results in more secure, less expensive applications and that, if anything, its use should be expanded.

"Banning open source would have immediate, broad, and strongly negative impacts on the ability of many sensitive and security-focused DOD groups to protect themselves against cyberattacks," said the report, by Mitre Corp.

A Microsoft Corp. spokesman acknowledged discussions between the company and the Pentagon but denied urging a ban on open-source software. He also said Microsoft did not focus on potential security flaws.

Spokesman Jon Murchinson said Microsoft has been talking about how to allow open-source and proprietary software to coexist. "Our goal is to resolve difficult issues that are driving a wedge between the commercial and free software models," he said.

John Stenbit, an assistant secretary of defense and the Defense Department's chief information officer, said that Microsoft has said using free software with commercial software might violate companies' intellectual-property rights. Stenbit said the issue is legally "murky."

The company also complained that the Pentagon is funding research on making free software more secure, which in effect subsidizes Microsoft's open-source competitors, Stenbit said.

Microsoft's push is a new front in a long-running company assault on the open-source movement, which company officials have called "a cancer" and un-American.

Software is designated open source when its underlying computer code is available for anyone to license, enhance or customize, often at no cost. The theory is that by putting source code in the public domain, programmers worldwide can improve software by sharing one another's work.

Vendors of the proprietary systems, such as Microsoft and Oracle Corp., keep their source codes secret, control changes to programs and collect all licensing fees for their use.

Government agencies use a patchwork of systems and software, and proprietary software is still the most widely used. But open source has become more popular with businesses and government.

The Mitre report said open-source software "plays a more critical role in the DOD than has been generally recognized."

The report identified 249 uses of open-source systems and tools, including running a Web portal for the Defense Intelligence Agency, running network security for the Army command in Europe and support for numerous Air Force Computer Network Defense tools.

Among the most high-profile efforts is research funded by the National Security Agency to develop a more secure version of the open-source Linux operating system, which competes with Microsoft's Windows.

The report said banning open-source software would drive up costs, though it offered no specifics. Some government agencies have saved significantly by using open source.

At the Census Bureau, programmers used open-source software to launch a Web site for obtaining federal statistics for $47,000, bureau officials said. It would have cost $358,000 if proprietary software were used, they said.

Microsoft has argued that some free-licensing regimes are antithetical to the government's stated policy that moneymaking applications should develop from government-funded research and that intellectual property should be protected.

Microsoft also said open-source software is inherently less secure because the code is available for the world to examine for flaws, making it possible for hackers or criminals to exploit them. Proprietary software, the company argued, is more secure because of its closed nature.

"I've never seen a systematic study that showed open source to be more secure," said Dorothy Denning, a professor of computer science at Georgetown University who specializes in information warfare.

Others argue that the flexibility provided by open-source software is essential, enabling users to respond quickly to flaws that are found.

"With open source, there is no need to wait for a large software firm to decide if a set of changes is in its best interests," said Eugene Spafford, a computer-science professor at Purdue University who specializes in security.

Jonathan Shapiro, who teaches computer science at Johns Hopkins University, said: "There is data that when the customer can inspect the code the vendor is more responsive. . . . Microsoft is in a very weak position to make this argument. Whose software is the largest, most consistent source of security flaws? It's Microsoft."

Stenbit said that the debate is academic and that what matters is how secure a given piece of software is. To that end, the Defense Department is now prohibited from purchasing any software that has not undergone security testing by the NSA. Stenbit said he is unaware of any open-source software that has been tested.
***********************
MSNBC
Telemarketing telecoms draw ire
Opt-in? Opt-out? Just don't call me, consumers plead

INDIANAPOLIS, May 22 When Jason Settles added his name to Indiana's new "no-call" list, he expected relief from the tyranny of telemarketers. But the computer consultant's dreams of dinner in peace quickly turned to alarm when he learned his own phone company intended to share details of his calling habits with its corporate affiliates.
UNLESS CUSTOMERS CALL a toll-free number to request otherwise, Ameritech plans to share information about what numbers they call, how often they call and how much they pay.
Could telephone offers of Internet, wireless service and other products be far behind? Settles asked.
"From a marketing standpoint, they're taking the path of least resistance if you don't do anything, we're going to have the right to use that information," Settles said. "Most people don't ever get around to calling that number."
While insisting they are upholding their legal obligation to protect customers' calling data, many of the nation's biggest phone companies have begun sharing that information with affiliates.

'OPT-OUT' PLANS DRAW FURY
Verizon, Ameritech parent SBC Communications Inc. and Sprint are among the telecommunications giants using an "opt-out" approach: notifying customers about their data-sharing plans, typically through fliers tucked into phone bills, and assuming customers approve unless they call a toll-free number.
This backfired for Denver-based Qwest Communications International, which withdrew its "opt-out" plans in January after thousands of customers in the West expressed privacy concerns.
Verizon also has responded to consumer resistance, mailing "opt-out" notices to local-service customers in 30 of the 31 states it serves. The exception was Washington, where the mailing was postponed after the Qwest outcry, spokesman Bill Kula said.
The turmoil comes as consumer groups and attorneys general in 38 states are urging federal regulators to reinstate restrictions that required phone companies to employ an "opt-in" approach for sharing customer calling information with affiliates.
The banking industry also is in a long-running fight against information-sharing restrictions, with lobbyists defeating "opt-in" legislation in several states.
"The whole idea that a company can freely market their customers' sensitive or personal information unless a customer expressly tells them not to is troubling to me and should be troubling to anyone who values personal privacy," said Michigan Attorney General Jennifer Grandholm, one of the AGs who wrote the Federal Communications Commission in December to urge an "opt-in" requirement.
In 1999, US West, a former Baby Bell company, challenged the previous "opt-in" requirement as an unconstitutional infringement of commercial speech, and the 10th U.S. Circuit Court of Appeals invalidated the rule.
In response, the FCC is reconsidering regulation of customer calling data. New rules could emerge by year's end, FCC spokesman Michael Balmoris said.
Privacy on the Internet also is a target. Legislation has been introduced in the Senate by Sen. Ernest Hollings, D-S.C., that would allow data such as addresses, records of items purchased, user preferences and Web browsing histories, to be shared with third parties unless customers take the initiative to forbid it.

TELECOMS: CONSUMERS GAIN
Telephone companies that have chosen the "opt-out" route concede that sharing customer data will lead to more phone sales pitches. But they argue consumers gain by learning about service options and bill-cutting strategies.
"I think the biggest misperception people have is that we're selling this information to third parties," said Mike Marker, a spokesman for SBC Ameritech of Indiana.
Ultimately, Marker said, sharing of calling data among affiliates will help usher in a new era of "bundled" communications in which customers will pay a single bill for a variety of communications services.
Jeff Kagan, an independent telecommunications analyst in Atlanta, agreed that consumers could benefit in the long run.
"If I'm doing business with the company, I already trust them. So I would like to know what other products they are offering," he said. "It's a way of solidifying the customer base."
Still, many consumers want more protection from telemarketers, not less. More than 25 states have passed "no-call" list legislation, most with penalties. Typically, violators are fined, from $2,000 in New York to $10,000 for first-time violators in Indiana.
Under Indiana's law, corporate affiliates of phone companies are barred from making sales pitches to phone customers on the state's list.
That's a relief to Settles, who said he unknowingly tossed out the flier Ameritech inserted into January phone bills to notify customers that had to call to protect their data.
Ameritech should require customers to "opt-in" if they want to share their calling details, he said.
"As a paying customer, I feel that it is poor service" to take the opposite approach, he said.
********************
Associated Press
Computers Would Track Terror Threat
By MICHELLE LOCKE, Associated Press Writer

LIVERMORE, Calif. (AP) - National lab scientists are developing a plan to help cities track biological and chemical agents such as anthrax and other nearly invisible weapons of mass destruction.


The program, demonstrated Wednesday at the Lawrence Livermore National Laboratory, links cities by computer to the National Atmospheric Release Advisory Center (NARAC), which now provides emergency planning response help to the Energy and Defense departments.

In case of accident or attack, cities would send NARAC the coordinates where a toxic release is believed to have taken place. Using weather and previously gathered geographic information, NARAC would map out where the substance is likely to spread.

The information, available on the city's computers within minutes, should help emergency response workers decide where to evacuate and what areas represent safe haven.

"This will provide them generally with a situational analysis of what is going on," said Don Ermak, leader of the lab's Atmospheric Release Assessment Program.

Scientists picked Seattle as the pilot city for the program, working with the nonprofit group Public Technology Inc., an affiliate of the National League of Cities and other municipal associations.

Lab scientists showed an image of a lemon yellow cloud superimposed over a map of Seattle in a simulation of what could happen if a release of sprayed anthrax occurred for about an hour downtown.

The plume, which extended for about 10 miles, showed a small red zone near the point of release where 85 percent of the population might have received a lethal dose.

Schools, hospitals and police stations were also highlighted on the map.

Ermak said officials are still working with Seattle to gather information for the model and hope to begin testing and training exercises this summer.

The initial cost of linking a city to NARAC is between $300,000 and $500,000. In Seattle's case, the city is providing manpower and the lab is picking up the bill for the rest. However, Ermak said lab officials hope to expand their program to five or six cities and bring the cost down to between $25,000 and $50,000 per city.

Eventually, they hope to have 100 cities involved, with information available to city, state and federal officials.

"This project is extremely exciting for us because it brings a technology not only to the city of Seattle ... but potentially to other cities and towns across the country," said Ronda Mosley-Rovi of Public Technology Inc., who spoke at the Wednesday demonstration by way of a video hookup.
*******************
Federal Computer Week
GAO pushes training for Army teams

The Army faces numerous obstacles, including a shrinking workforce and difficulties in training soldiers on digitized systems, as it plans to field its first Interim Brigade Combat Team (IBCT) one year from now, according to a General Accounting Office report.

The IBCT is intended to be a lethal and survivable deterrent force that can be rapidly deployed anywhere in the world. It is supposed to fill a gap in military capability between the Army's heavy combat forces, which are lethal and survivable, and its light infantry forces, which are rapidly deployable.

Its digital systems are designed to enable soldiers to "see" an enhanced view of the battlefield through intelligence, reconnaissance and surveillance, which should make it possible to engage an enemy before coming into actual contact, according to the May 17 report, "Military Transformation: Army Actions Needed to Enhance Formation of Future Interim Brigade Combat Teams."

"Successful formation of the first IBCT is critical to the Army's transformation plan because it will begin to fill a near-term gap in military capability and test new concepts that would be integrated into the future Objective Force," the report said. "Although Army officials are pleased with the progress made thus far, concerns remain about whether all capabilities envisioned for the brigade will be achieved in time for the IBCT's May 2003 certification milestone."

The Army's first IBCTs, stationed at Fort Lewis, Wash., will be without two interim armored vehicles, and "maintaining proficiency in digital systems has challenged the IBCT due to personnel turnover," according to the GAO report.

To address these shortcomings, the watchdog agency recommended that the secretary of Defense direct the Army's leadership to:

* Expedite development of a program to sustain personnel skills on digitized equipment so that it will be available for subsequent IBCTs.

* Collect and analyze data on why soldiers leave the IBCTs and take appropriate action to reduce personnel turnover.

* Estimate the extent and cost of facility improvements that will be needed at installations scheduled to accommodate the subsequent IBCTs to assist them in their planning.

* Establish an organization like the one at Fort Lewis that was set up to ensure the successful formation of the first two IBCTs at subsequent IBCT locations to deal with daily challenges.

* Provide a central collection point for IBCT lessons learned to make the information available to personnel throughout the Army.

In a May 3 letter responding to a draft copy of the GAO report, Spiros Pallas, acting director of strategic and tactical systems in the Office of the Undersecretary of Defense for Acquisition, Technology, and Logistics, said the Defense Department "generally" agreed with the recommendations.

With respect to GAO calling for the Army to expedite development of a program for personnel training on digitized equipment, DOD officials said that its ability to accelerate digitized training was limited by equipment delivery schedules.

But GAO said that during its review, "Army officials expressed concerns that the individual soldiers' digitization skills would quickly erode without a continuing focused regimen of trainingÖ[and] we continue to believe that the Army needs to expedite developing such a program and implement it as a part of each IBCT's training program."
***********************
New York Times
Associated Press
Study Looks at Health Web Site Use

NEW YORK (AP) -- Nearly two in three U.S. Internet users go online for health information, and many may not be applying a healthy enough dose of skepticism to the advice they find, a new study shows.

The Pew Internet & American Life Project, in a study released Wednesday, found that only a quarter of Americans who seek health information online always follow recommended procedures for checking its source and timeliness. Another quarter did so most of the time, while half did so only sometimes, hardly ever or never.

Eighteen percent of those surveyed said they had used the Internet to diagnose or treat a medical condition without consulting a doctor.

``A lot of people are going back to their doctors when they have questions or checking with other authoritative sources,'' said Lee Rainie, director of the Pew project. ``There's no evidence people are doing completely whacky self-diagnoses.''

The Medical Library Association, a nonprofit educational organization, recommends Internet users check who sponsors the Web site, when the information was last updated and whether the information is fact or opinion. In addition, users should visit several sites and consult with medical professionals, according to the California HealthCare Foundation.

The Pew study found that 62 percent of Internet users, or 73 million Americans, have gone online for health information. About 6 million use it on a given day -- more than those who visit health professionals.

Most Internet users who seek health information look for information about a particular illness or condition, the study found. Other frequent searches involve information about nutrition, weight control and prescription drugs.

Most users use a search engine or portal to find medical Web sites, which can lead to questionable sites.

``How do you know what's an ad for a product? How do you know who's even providing the information?'' said Vicky Rideout, a vice president at the nonprofit health group Kaiser Family Foundation. ``The best information is often not in the first 10 results returned.''

The better approach, she said, is to start with a site recommended by a doctor or other trusted source.

``I think people have more skepticism in theory, ... but in practice the Internet is rapidly becoming one of the most common sources of health information,'' Rideout said. ``So while they may say they don't trust it as much, they are relying on it.''

The Pew report notes that health care seekers often apply common sense rather than specific techniques when evaluating sites. For example, if the same information appears on multiple sites, the user will consider it trustworthy.

But the report also notes that sites often pool resources, so that the same piece of information can appear at multiple sites, leading users to mistakenly believe that it comes from multiple sources.

The study was primarily based on telephone interviews with 500 online health seekers age 18 and older conducted June 19 to Aug. 6, 2001. The survey has an error margin of plus or minus 4 percent.
*********************
Washington Post
Industry, Government Want 'Whois' Fixes


By David McGuire
Washtech.com Staff Writer
Wednesday, May 22, 2002; 3:06 PM


Rampant inaccuracies in public lists of Internet address holders are crippling efforts to track down con artists, pirates and other online wrongdoers, government and industry representatives told a congressional panel today.

"It's hard to overstate the importance of accurate (registrant) data to our Internet investigators," Federal Trade Commission Director of Consumer Protection Howard Beales said today. "We cannot easily sue fraudsters if we cannot find them."

Beales testified alongside representatives from the Internet addressing industry at a hearing on the reliability of the "Whois" databases that are maintained by domain-name sellers.

Witnesses at today's hearing stopped short of asking Congress to fix the problem, but panel Chairman Howard Coble (R-N.C.) said legislation might be the right answer.

While Internet registrars - the retail sellers of domain names - are supposed to maintain up-to-date information about their customers in publicly available Whois databases, the lists are replete with willful inaccuracies and incomplete data, Beales told the House Judiciary Committee's Subcommittee on Courts, the Internet and Intellectual Property.

Although some Whois inaccuracies stem from honest mistakes, much of the false information is deliberately keyed in by domain buyers trying to obscure their identities, Beales said.

Steven Metalitz, the vice president and general counsel of the Copyright Coalition on Domain Names, questioned the resolve of Internet registrars to clean up their databases.

"It's hard to escape the conclusion that most registrars don't care about the quality of the Whois data they collect," Metalitz said.

Instead of congressional action, some witnesses at today's hearing suggested that the Internet Corporation for Assigned Names and Numbers (ICANN) - which manages the Internet's global addressing system - should take a more active role in tackling the problem of fraudulent Whois data.

"I think ICANN is the logical party to do this," Metalitz said. "If ICANN won't do it, I think you have to look at legislative and other" options, he said.

ICANN Chief Policy Officer Andrew McLaughlin said following the hearing hat while there was no "magic bullet" for cleaning up Whois data, ICANN wants to collaborate with interested parties to solve the problem.

Michael Palage, an attorney who represents Internet registrars within ICANN, said that verifying the accuracy of Whois data poses problems for address sellers. Palage said that registrars and the Internet community at large would benefit from the development of uniform guidelines for weeding out bad Whois data.

Coble and Subcommittee Ranking Democrat Howard Berman (D-Calif.) earlier this year introduced legislation that would make it a crime in some cases for Internet address buyers to willfully submit false contact information to registrars.

Coble today said that his frustration with continued Whois problems had changed his previous view that Congress should avoid introducing legislation to deal with the problem.
*******************
Federal Computer Week
DOD focus on joint networks urged

The Defense Department should direct more resources toward information technology that can drive joint, networked operations, a former vice chairman of the Joint Chiefs of Staff said.

DOD has made strides toward joint forces, but the process is moving far too slowly, said retired Adm. William Owens, vice chairman and co-chief executive officer for Teledesic LLC, speaking May 21 at the Network Centric Warfare 2002 conference in Arlington, Va.

Instead of focusing on the evolutionary changes that can come from implementing network-centric operations, the military has been focused on such things as the Army's controversial Crusader weapon system or the Navy's next-generation warship, the DDX.

DOD officials need to focus on integrating systems and pulling together all of the pieces so they work jointly, Owens said.

However, DOD lacks a central authority that could look at using commercial technologies to improve warfighting efforts, he said. "Where do you go in DOD to talk about commercial technologies?" Owens asked. "That's the great strength of this country."

The United States needs to take this seriously because other countries are looking to leverage technology to find the U.S. military's weak points, he said. Other countries understand that they cannot take on the U.S. military in a conventional battle, so they are looking for new and innovative ways to enable their armed forces. The Chinese government, for example, has been spending money on such initiatives, he said.

"It's the next blitzkrieg," he said, and the United States is not spending adequate amounts of money or effort if it is going to maintain its superiority.

"We are here in the United States where we focus on mass" in terms of the size and strength of forces. But others are thinking about leveraging information technology and information warfare, he warned.

Owen also was critical of Defense agencies. Although many of those agencies were created in the hopes of enabling joint operations, that effort has largely failed. "We've wound up with nine additional stovepipes, and they are sucking up money," he said.
**********************
Federal Computer Week
Wanted: Expert 'change managers'

Steve Cooper is looking for change management experts to help the Office of Homeland Security, and he is convinced he will find some good ones within the federal government.

Chief information officers across government have discovered time and again that the biggest challenge to creating e-government, or even just installing a new system, is not the technology but the cultural changes that must be made to accommodate the technology. And when agencies must integrate systems and cultures as is often the case when using information technology to support the Bush administration's homeland security efforts the cultural backlash can be even greater.

Cooper, senior director of information integration and CIO for the Office of Homeland Security, is determined to face those barriers head-on by finding and using the people who already know how to manage change in government.

Even though people use the phrase "change management" throughout the government, you cannot go to an agency and ask to speak to the change management experts, Cooper said, "because you'll get blank stares."

So he's taking a different tack to find the people he needs: He's asking agency officials about the most successful projects they've participated in or know about and then identifying the program director and executive who championed them.

"I guarantee you what that project did was effectively manage change," he said. "And I guarantee you in those two people, either one or both of them might be the kind of person I'm looking for, but in absolute certainty, they will be able to identify the people who will carry the skills and the characteristics that I'm looking for."

This is really the only way to find people who can manage the types of changes that homeland security information-sharing systems and policies require, said Donald Kettl, professor of political science and public affairs at the University of Wisconsin-Madison and a senior fellow at the Brookings Institution. Users are another important group to get input from, to see if they also believe the projects were successful, he said.

"It's finding the people out there who are already finding the ways to crack the system?and it's basically a networking challenge," he said.

Good change management leaders share some common traits (see box, below), but basically they are people who are driven to solve problems, Kettl said.

Cooper already has a list of more than 50 government programs that fit his profile. His next step is talking to program managers to identify leaders who can help the Office of Homeland Security as it seeks to eliminate many of the cultural and organizational barriers in government, he said. n

The best change management experts are:

Problem-oriented. They identify the most important problems and devote resources to solving them. Performance-driven. They measure success or failure at every point in a project against the identified goals.

Not hierarchy-bound. They work within the organizational structure but are not limited by it when considering options.
**********************
BBC
Top 10 e-mail scams exposed

Ninety-four percent of respondents to a National Consumers League survey said they had received unsolicited emails offering financial services or touting dubious money-making schemes.

The NCL, the main US consumer lobby, warned that many of these offers could be fraudulent.

"Consumers should be very suspicious of anyone who promises them easy money, incredibly cheap prices, or 'free' services that may have hidden costs," said Susan Grant, director of the NCL's Internet Fraud Watch programme.

Beware the inbox

The fastest-growing internet fraud is an online version of the notorious 'Nigerian money offer'.

Reports of e-mailed Nigerian money scams - designed to obtain recipients' bank account details by offering to transfer large sums to them for safekeeping - rose by 900% between 2000 and 2001, the NCL said.

Scams of this kind, which often emanate from Nigeria or other African countries, have been circulating for years through the post or by fax.

Other frequent internet scams include bogus auctions, dubious work-at-home schemes, and phoney credit card offers.

Hall of shame

The top 10 internet frauds reported to the NCL last year were:


Bogus online auctions, where the items purchased are never delivered.
Deliberate misrepresentation or non-delivery of general merchandise purchased online.
Nigerian money offers.
Deliberate misrepresentation or non-delivery of computer equipment or software purchased online.
Internet access scams, where bogus internet service providers fraudulently charge for services that were never ordered or received.
Credit card or telephone charges for services that were never ordered or misrepresented as free. These often include charges for accessing 'adult' material.
Work-at-home schemes promising wildly exaggerated sales and profits.
Advance fee loans, where consumers are duped into paying upfront charges for loans which never materialise.
Phoney offers of cheap-rate credit card deals, once again on payment of upfront fees.
Business opportunities or franchises sold on the basis of exaggerated profit estimates.
Law enforcement agencies have long warned that the rise of the internet has opened up fresh opportunities for fraudsters.

Last year, the European Commission said that online shopping sites had contributed to a 50% rise in credit card fraud in the European Union during 2000.
******************
BBC
Text message votes 'trivialises' elections

The survey suggests that many worried about the security and privacy of e-voting, while others found it difficult to key in accurately personal identification numbers (Pin) that would identify them.

There was also little support for the use of text voting from mobile phones because it was felt "to trivialise" the election process, although its use has not been ruled out.

The De Montford University-led study into alternative ways of voting aimed to root out barriers to e-voting in a bid to offer an e-enabled general election sometime after 2006.

Trials on 2.5 million potential voters carried out at the local elections earlier this month found that in some areas, like two wards in Liverpool, turnout increased from 20.71% to 27.49%.

But in Newham, where electronic voting and e-counting were trialled, turnout fell by 0.4% to 27.6%.

Abuse safeguards

Local Government Minister Nick Raynsford said the sole purpose of the research was to make it easier for people to vote.

"This was an important stage in the government programme to test alternative ways of voting that may make it easier for people to exercise their democratic rights," he said.

"Any changes to the voting system must be properly researched to ensure that they are of real benefit to the public, as well as incorporating effective safeguards against abuse.

"Whatever else we do, we must maintain confidence in the whole polling process and we must maintain the integrity of the ballot.

"We are proceeding in a very measured way with a series of pilots, all of which will be evaluated by the independent Electoral Commission.

"I believe the pilots were a success. The postal voting pilots clearly did have a positive impact on the level of turn out."

Resistance

Mr Raynsford said the e-voting was found to be easy to use and more than 10% of those who voted in Swindon, voted by internet - higher than those who voted by post.

Dr Laurence Pratchett, who led the research, said: "There is support for e-voting in the population, even among those who won't use it.

"A lot of older people in the focus groups said that they wouldn't use electronic voting, but they couldn't see why others shouldn't use it."

But he added: "There were significant pockets of resistance."

The use of cash and lottery machines were seen as "non starters as far as the public is concerned", said Dr Pratchett.

Public confidence

The affect of e-voting on the numbers of people going to the polls is likely to be "minimal".

"Those who don't vote are no more likely to vote," he said.

Dr Pratchett said some people felt e-voting disconnected the voter from the system even further.

The survey said widescale remote voting by electronic means should not be embarked on until issues of secrecy, security and public confidence in the different voting methods were addressed.

Electors should be able to choose from a range of ways to vote, including the traditional polling station, to suit their commitments and lifestyles, it added.

Mr Raynsford said e-voting would make it easier for local authorities to test public views instantly on issues, including the rate of council tax.


Ben Fairweather, from De Montford University, said e-voting needed to be designed to detect hacking immediately.

Postal voting in May's local elections was reported to have increased by 28%, while e-voting increased by 5% and online voting by 1%.

Local Government Secretary Stephen Byers suggested on Tuesday that the 2004 European elections could be the first nationwide all-postal vote.
**********************
BBC
Screens blamed for 'air blunders'

According to confidential documents obtained by the magazine, Computer Weekly, the controller had difficulty distinguishing the codes for the two cities.

Another also reportedly misread the heights of planes and sent an aircraft into the wrong airspace.

The problems are said to have arisen because of the small size of the text on computer screens at the £623m new centre.

The Civil Aviation Authority (CAA) and National Air Traffic Services (Nats) insist that safety has not been compromised - a claim backed by the air traffic controllers union, Prospect.

Testing on an improved display is due to begin shortly.

Computer Weekly claims Nats and the CAA told it that only a small number of controllers have had screen-reading difficulties and it was not a safety-related concern.

But in a confidential report by controllers seen by the magazine, the controllers themselves categorised the errors as safety-related issues.

In one report, a controller reported having had "great difficulty" seeing clearly EGPF (the location code for Glasgow) and EGFF (the location code for Cardiff).

Cancelled flights

The controller had initially treated the aircraft as if bound for Cardiff and then discovered it was headed for Glasgow.

Computer Weekly editor Karl Scheider said: "These are the sort of teething problems you expect with a new computer system - the trouble is most don't have responsibility for controlling aircraft in the skies."

The magazine reported the Swanwick controllers had repeatedly misread the height displayed on a screen by thousands of feet.

One controller reportedly mixed up FL360 (36,000ft) with FL300 (30,000ft) as the displayed height of an aircraft on his screen.

The report added the controller had been "repeatedly misreading" requested flight levels.

A further warning report said a controller misread a requested aircraft height level on an electronic flight strip and "co-ordinated the aircraft into the incorrect sector".

The mistake was spotted by another controller and corrected.

Radar screen

Iain Findlay of the air traffic controllers union Prospect, said safety had not been jeopardised as the problem did not affect the main control screens.

"It has to be made clear that there are two screens we are talking about.

"One is the planning screen where there are problems with the font size and the typeface - but that's not the screen that controls the aircraft.

"The radar screen has all the information and is reading properly."

He added: "We take safety very seriously indeed... controllers put safety first, second, third and last."

Computer problems at Swanwick delayed the opening of the new centre from 1996 to January of this year.

Another computer problem at the centre caused many flights to be cancelled or delayed last weekend.

On Tuesday, the CAA refused to allow the cash-strapped Nats to raise the charges it imposes on airlines.
*********************
Sydney Morning Herald
Internet2 speed record

An international team has set a new record for Internet performance by transferring the equivalent of an entire CD's contents across more than 12,272km of network in 13 seconds.

The rate of 401 megabits per second achieved in transferring 625 megabytes of data from Fairbanks, Alaska to Amsterdam in the Netherlands is over 8000 times greater than the fastest dial-up modem.

The team consisted of the University of Alaska at Fairbanks, the Faculty of Science of the University of Amsterdam, and SURFnet, the national computer network for higher education and research in the Netherlands. At both ends, standard PC-like hardware running Debian GNU/Linux was used.

With an Internet connection of this size transferring all six CDs of Woody, the soon-to-be released version 3.0 of Debian, from Fairbanks to Amsterdam would only require 78 seconds. Faster CD burners are needed, it would seem.

"This shows that geography is no barrier to advanced network applications," said Kerry Digou, the systems programmer who headed the University of Alaska team. "Using standard equipment and infrastructure developed in the Internet2 community, we've pushed the boundaries to the edges."
*******************
The New Zealand Herald
Plan to give comunities access to broadband internet

Rural and provincial communities will get access to broadband internet as part of new plan unveiled in today's Budget.

Tens of millions of dollars will be spent over the next two years putting broadband access into schools and communities.

The earliest beneficiaries will be schools, but Dr Cullen says that once deployed, the access to high speed internet will also benefit local businesses and most government departments.

In his Budget speech, Dr Cullen described broadband as the nervous system of the new economy, and said it was as important to New Zealand as roads, power lines, railways, and telephone cables were last century.

The objective of the plan is that the majority of schools will have access to high speed two-way internet by end of 2003.

The infrastructure will be made available to remote schools by the end of 2004.

Telecommunication suppliers will be asked to tender for the work region by region.

It is hoped that a substantial portion of the work will be completed by the end of 2002.

The initiative is jointly funded through education and economic development funding.

The Government has conducted five regional pilot projects to test demand.
******************
Computerworld
DOD IT projects come under fire

Despite the recent fanfare surrounding what the U.S. Navy called a successful test and evaluation phase of its $6.9 billion Navy/Marine Corps Intranet program, deployment problems are threatening the project, according to internal memos obtained by Computerworld.
In an April 25 e-mail to employees of Plano, Texas-based Electronic Data Systems Corp., the Navy's prime contractor on the program, Mike Hatcher, EDS's N/MCI director for Navy Operating Forces, warned that the current deployment schedule could put the future of the program at risk.

"We have agreed with [N/MCI director Rear Adm. Charles] Munns . . . that ruthlessly rolling seats is the only way for N/MCI to survive and prosper," wrote Hatcher. "Our present way of working . . . if left unchanged would spell an end to the N/MCI program by summertime."

The N/MCI program is designed to replace hundreds of disparate Navy and Marine Corps computer networks with a centrally managed setup operated by EDS.

A Scorched-Earth Rollout?

In addition to an initial 60,000 seats, the Pentagon on May 3 granted the Navy permission to purchase an additional 100,000 seats based on EDS's success in meeting the requirements of the initial test and evaluation phase.

Officials had hoped to have 135,000 seats deployed this year. However, the Hatcher e-mail warned the EDS N/MCI team that the current deployment rate would likely result in only 60,000 seats being operational by the end of the year, leaving the program open to criticism and political attacks that could put its future in jeopardy.

In fact, Hatcher referred to a meeting between Munns and Al Edmonds, president of EDS's government information solutions division, during which Edmonds reportedly characterized the new deployment plan as "a scorched-earth seat rollout."

Rick Rosenberg, EDS's program executive for N/MCI, downplayed the e-mail, calling it a "rallying cry for the troops" that used inappropriate language.

Part of the EDS/Navy "scorched-earth" deployment plan includes a directive to EDS installers to no longer wait for security certifications to make their way through the various bureaucratic layers of the Navy before beginning installation of N/MCI seats. Instead, EDS employees will now install N/MCI systems simultaneously while waiting for the Navy to issue final, signed Interim Authority to Operate letters. Any application that fails or is expected to fail security certification, or that doesn't run on Windows 2000, will be automatically installed on a kiosk separate from N/MCI, "no questions asked," according to Hatcher's e-mail.

Although a staff member of the House Armed Services Committee has been reviewing the contents of the e-mail for what one Capitol Hill source called "at best an overzealous e-mail and at worst possible violations of federal or Defense Department security policy," EDS and Navy representatives vehemently denied that any policy infractions took place or that the program has hit a major snag.

"We do not connect anything to N/MCI without the Navy's approval," said Rosenberg. In addition, "there may have been an isolated incident [causing delays], but that is not the status today," he said.

Technical Snags

However, there have been recent technical snags. In one major instance, glitches caused the CIO at the Naval Air Systems Command (NAVAIR), one of the first Navy organizations to use N/MCI, to temporarily halt deployment until the technical problems could be fixed.

Such problems and delays shouldn't be downplayed, said an IT industry lobbyist and vocal supporter of the N/MCI program who regularly meets with lawmakers on Capitol Hill to discuss the contract.

EDS kept falling further and further behind due to the testing delays and because of the large number of legacy applications that had to be dealt with, the source said, adding that "the delays were killing this contract."
********************
Computerworld
Terror warning issued for nation's ports

WASHINGTON -- A new terrorism warning surfaced this week indicating that as many as 25 terrorists of Middle Eastern origin may have slipped into the U.S. unnoticed after stowing away aboard cargo ships that entered four major U.S. seaports.
The new warning, sent by the U.S. Coast Guard and reviewed by members of the Senate Select Committee on Intelligence, states that the 25 dressed as stevedores and simply walked off cargo ships and melted into the cities and towns around ports in Miami, Fort Lauderdale, Georgia and California.

The threat, while not new, underscores the need for better IT security systems to help port authorities and local law enforcement agencies better track suspected terrorists and criminals that attempt to jump ship in the nation's seaports, say port authority officials.

The security systems could also help defend against terrorists that attempt to load a ship container with weapons of mass destruction, say port authority officials.

Beth Rooney, manager of port security at the Port Authority of New York and New Jersey, where specific threats to historical landmarks this week have put officials on a heightened state of alert, said one of the biggest problems facing port security is that ship cargo information isn't received by port authorities until three to five days before the ship arrives in port.

"We are pushing for [systems to ensure] supply chain integrity and the integrity of the contents of the container, including that there's not a person in there," said Rooney.

"I would also like to see a database or notification system for ports and law enforcement agencies affiliated with the port to network and alert each other when we discover something out of the ordinary," said Lindy Rinaldi, chief of police for the South Carolina State Ports Authority. "Right now we do not have any communication [systems] to link other ports and law enforcement agencies together.

"Currently all notifications are made by phone," Rinaldi said. "This can cause serious delays in passing along much needed information that would be useful for our homeland security protection."

Anne Moise, manager of port security at the South Carolina State Ports Authority, said her organization has big plans for improving security, but little funding. For example, at the port in Charleston, S.C., an identification system is in place that's tied to the port authority's computer system. The computer lets the port police officer know if a specific person is approved for access.

However, "this system is not fully utilized yet due to funding issues, but the format is in place," Moise said.

Funding may be on its way, however. A Department of Defense appropriations bill would provide $93.3 million to the new Department of Transportation's Transportation Security Administration to fund port security assessments and enhancements. Likewise, the Port and Maritime Security Act of 2001, which passed the Senate Dec. 20, calls for $390 million in grants for port security infrastructure improvements.

And improvements to the infrastructure at large ports may be the most important move needed in the near term, said Rooney.

"Transactions between the buyer and seller take place 40 to 50 days ahead of time," said Rooney. "If you can provide the purchase order information to the authorities at the time the transaction is made then the we can have intelligence on what to look for," she said. "It's integration. The systems and the data is out there."

The Port Authority of New York and New Jersey recently requested funding to build and test an element of such a purchase order transaction monitoring function in its system. Grants will be awarded by the Transportation Security Administration in June.

"We can build the functionality and have it ready to go in July," Rooney said.
*****************************
Computerworld
Ventura body slams ISP lobby on privacy

Minnesota Gov. Jesse Ventura this afternoon signed a controversial Internet privacy bill that one Internet service provider (ISP) lobbying group said would force ISPs to abandon the North Star State. The bill prevents ISPs from selling information about the Web-surfing habits of users to outside companies.
Last month, Emily Hackett, executive director of the Washington-based Internet Alliance, predicted that ISPs would probably stop doing business in Minnesota if Ventura signed the bill. The organization lobbies state legislatures on behalf of ISPs and marketing and high-tech companies, including @Once, 24/7 Real Media Inc., AOL Time Warner Inc., the Council of Better Business Bureaus, Encirq Corp., Cox Interactive Media, Juno Online Services Inc., IBM, Microsoft Corp., WorldCom Inc. and Verizon Communications.

This morning, however, Hackett said she wasn't sure whether ISP flight would indeed happen.

"Now we will see," Hacket said. "It is the first broad privacy bill that has been passed in the 50 states."

Hackett said she fears Minnesota's action may prompt other states to take similar action, which could result in such a patchwork of laws that it would be impossible for ISPs to operate without running afoul of them.

Not everyone sees that as bad thing, however.

Telemarketers, cable TV providers and many other industries have to comply with myriad state laws, and all do so effectively, said Chris Hoofnagle, senior counsel for the Washington-based Electronic Privacy Information Center (EPIC).

"Cable is regulated state by state, and sometimes county by county," Hoofnagle said, adding that specific state laws are better than "vague federal standards."

"Most commerce is interstate, but most consumer protection [is] on a state basis," Hoofnagle said. He noted that the same argument can be made by those who claim that the Internet is a global entity that can't be regulated by a state.

Commerce is global as well, he pointed out -- and it is regulated by the states.

Still, Hackett questioned whether the Minnesota law would eventually be found unconstitutional on the federal level because it might interfere with interstate commerce.

Ari Schwartz, associate director of the Washington-based Center for Democracy & Technology (CDT), said he would like to see a strong federal privacy standard but he understands why Minnesota chose to act.

"States are going to act, if the federal government doesn't step up to the plate," Schwartz said. "The CDT would prefer a federal standard for privacy, but the longer that takes to happen, the more we will see states pick up the issues."

Although the announcement that Ventura had signed the bill into law was posted as a bulletin on the Minnesota governor's Web site, a longer statement has not yet been released.

In the past, Ventura's office said that the governor had mixed feelings about the law because although he doesn't like government regulation, he does value his own privacy.
*******************
CNET
Microsoft warns of new debugger flaw


By Robert Lemos
Staff Writer, CNET News.com
May 22, 2002, 5:25 PM PT


Microsoft warned Windows NT and 2000 users on Wednesday of a new flaw in its debugger tools that could let attackers give themselves complete control of a system once they've gained basic access to that system.
The vulnerability involves a flaw in the debugger's authorization feature. The flaw lets any user run any program on the system, with the highest privileges.

The hole could be used in conjunction with other Windows vulnerabilities that allow a remote attacker to run as a local user, said Marc Maiffret, chief hacking officer with network-protection company eEye Digital Security.



"By itself, I would say it's not that dangerous, but coupled with other vulnerabilities, it's nasty," Maiffret said. "It makes threats like Nimda possible."

The Nimda worm used a similar double whammy to gain base-level access to a system and then elevate its privileges to take control of the infected computer.

Microsoft gave the vulnerability a "critical" rating for client systems but would not estimate what portion of Windows NT 4.0 and Windows 2000 computers might be vulnerable to the new flaw.

"Being able to log on to the computer in the first place, and being able to run code (once logged on), are the two limiting factors for this flaw," said Christopher Budd, security program manager for Microsoft's security response center.

For example, a guest account could be co-opted by an attacker and used to exploit the flaw to run code only if the system's administrator allowed guests access to the console and let them introduce code to the machine, Budd said.

Microsoft has posted an advisory and a patch for the problem.
***********************



Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 507
1100 Seventeenth Street, NW
Washington, D.C. 20036-4632
202-659-9711