[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips August 20, 2002
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, CSSP <cssp@xxxxxxx>;, glee@xxxxxxxxxxxxx;, John White <white@xxxxxxxxxx>;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, akuadc@xxxxxxxxxxx;
- Subject: Clips August 20, 2002
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Tue, 20 Aug 2002 10:01:43 -0400
Clips August 20, 2002
ARTICLES
[NY] Mayor Promising Better Response to Catastrophes
Airports Push for Deadline Extension
Visa-tracking law big headache for colleges
Mac Figurehead Hits His Waterloo
Under their thumb
Firms beef up cybersecurity as breaches soar
Report: Average Worker's Tech Skills Not Keeping Pace
DOD, FEMA test systems link
NARA seeks ideas for e-records archive
Justice sets deadline for fingerprint matching
Homeland security chiefs outline IT requirements
BlackBerry to get S/MIME security
White House to launch Web site for government, industry tech experts
Record labels sue ISPs over access to site
FAA says you can use PDA on jet
Telecommuters find they're not missing out on promotions
Privacy fear over plan to store email [UK]
Group warns of massive EU surveillance
Hackers Prove People are the Weakest Link
**************************
New York Times
Mayor Promising Better Response to Catastrophes
By AL BAKER
Mayor Michael R. Bloomberg promised yesterday to make major changes in how
the New York Police and Fire Departments handle future catastrophes,
including improvements in technology and basic emergency procedures. At the
plan's core is an ambitious goal: a profound change in the culture of the
Police and Fire Departments, two agencies with a long history of rivalry.
Among the most significant technological changes is a proposal to outfit
high-rise buildings throughout the city with special equipment to boost the
radio signals rescuers use. In procedural changes, fire chiefs will now
routinely ride in police helicopters to gauge a cataclysm from the air. And
the police will stage their responses from a safe distance, preventing too
many officers from rushing in too soon. These and other proposals were
included in an independent consultant's two reports, whose final versions
were released yesterday, about the agencies' responses to the Sept. 11 attacks.
The most elemental change, perhaps, is the effort to foster cooperation
between firefighters and police officers, from the rank and file to the top
chiefs, the mayor said. The two departments have a long history of
competition that stretches back generations. Friction at emergency scenes
is legendary. They are even stubborn foes on the athletic fields, where
shoving matches have been known to break out on the sidelines.
"Interagency competition may be unavoidable, and even healthy to some
extent, but it can never impair our ability to respond to emergencies,"
Mayor Bloomberg said. "The stakes are just too high."
To make his point, the mayor was flanked by Police Commissioner Raymond W.
Kelly, Fire Commissioner Nicholas Scoppetta and other top officials from
both departments, deliberately shuffled together. The reports are not
considered codified into city policy, said one city official. Rather, they
are tools that can be used at the will of the city and the two agencies, to
pick and choose what they like and discard the rest. It is yet to be
determined how many of the proposals the departments adopt.
The reports come after about five months in which McKinsey & Company, a
corporate consultant best known for its expertise in management practices,
interviewed fire and police officials, reviewed tapes of audio
transmissions from that day, read computer files and operational logs and
spoke with outside experts.
But the city was careful not to present the research into the response as
an all-encompassing investigation or as a moment-by-moment re-creation of
what happened. The reports themselves acknowledged that the hundreds of
interviews represented only a small fraction of the thousand or more people
who responded in some way to the attacks. Nonetheless, the officials said
that the research had been exhaustive enough to base their recommendations
on it and to find out, as Mayor Bloomberg phrased it, what worked and what
did not, to better prepare for any future cataclysm.
After attending scores of wakes, funerals, memorial Masses and other solemn
ceremonies in 11 months, Mr. Bloomberg said: "There is no doubt in my mind
that we are doing today what the heroes of 9/11 would have wanted us to do.
It is in that spirit that we present these reports."
Details from the reports have been known for weeks, after drafts were
obtained by The New York Times. Copies of the final reports were to be
distributed to firehouses and the survivors of the more than 2,800 people
who were killed.
The consultant charged the city only for out-of-pocket costs, like travel
expenses, but not for things like the production of the reports or the
hours logged in preparing it. Those fees amounted to $75,000 for the Fire
Department and less than $20,000 for the Police Department, said Andrew
Giangola, a McKinsey spokesman.
According to the consultant, the Fire Department was plagued by problems in
radio communication, lapses in discipline and a lack of coordinated efforts
with a Police Department that itself suffered from leadership lapses,
coordination problems and a lack of proper planning and training, according
to the more than 250 combined pages of the reports. (The Fire Department
report is 169 pages; the Police Department report is 88 pages.)
In recommending improvements for the Fire Department, the consultant said
it should fortify its hazardous materials unit, develop mutual aid
agreements with other agencies and improve its communications and
operational preparedness. The Police Department, it said, should enhance
the way it mobilizes officers and clearly define the roles of its top
officials in the event of a disaster.
In many cases, the city independently identified many of the problems, the
mayor said. In the case of the Police Department, for example, one of Mr.
Kelly's first acts was to establish a counterterrorism bureau and to expand
the department's Intelligence Division. Mr. Kelly has also outfitted
officers with radiation detection equipment and has augmented catastrophe
planning, including creating redundant command centers and a plan for
continuity of command in an emergency.
Mr. Scoppetta has begun to try to improve the radio communication system,
though he noted that there is no perfect portable radio that will function
perfectly in a city of concrete and steel high rises. Specifically, he
said, new radios will be used in regular fire operations in Staten Island,
beginning next Monday. A study will be done to determine if the Police
Department's elaborate repeater system, designed to boost the signal of the
radios, can also support or aid the Fire Department radios.
Among the major findings of the report was that firefighters, in their zeal
to respond, often disregarded procedures that were created to protect them
and others. For example, the report said, many firefighters ignored orders
to go to certain staging areas. Others simply assigned themselves to the
twin towers, although the report said only 4 of 200 units had done that.
The report also noted that several other units had kept calling dispatchers
to assign them until dispatchers finally relented, and this made the scene
hard to control.
Since Jan. 1, officials from both departments have begun to meet regularly,
and have established an interagency senior executive coordinating committee
to review and resolve operational issues. In the field, joint incident
command, with top officials from each department standing next to each
other, needs to be reinforced, a senior fire official said.
Some officials have questioned, however, whether the research was extensive
enough to be the basis for the reports' conclusions. Others have said that
a long study was not needed to point out problems that have been evident
for years.
And the reports left major questions unanswered, especially what went wrong
with the radio communication that day. Although the report points out the
difficulty some commanders encountered in using a device to boost the radio
signal, it makes no mention of an audiotape discovered later, in the
search, that Port Authority officials say confirms that the device actually
did work.
Mr. Giangola said that the consultant was legally prohibited from
commenting on the tapes. But he said that the tape was listened to and that
it confirmed their recommendations.
"You do need to ask the question, `Was there any information that they did
not use in compiling the report?' " said Jim Slevin, vice president of the
Uniformed Firefighters Association. "And if so, would that information have
been helpful in making some of these recommendations?"
In another unexplained discrepancy, the authors chose to adopt a figure of
25,000 as the number of people evacuated from the towers that day, although
other analysts have placed the number at half that.
"I think the effort over all is inadequate," said Charles R. Jennings, an
assistant professor of fire science and public administration at John Jay
College of Criminal Justice, who noted that he had not read the reports.
"I think the fact that we had two separate investigations, each one of
which was captive to a particular agency, is a problem," he said.
**************************
Washington Post
Airports Push for Deadline Extension
By Sara Kehaulani Goo
Directors of 133 U.S. airports urged senators yesterday to delay a
requirement that all passenger luggage be screened for explosives by the
end of the year, a request that comes only days after James M. Loy, head of
the Transportation Security Administration, said he may support efforts to
push back the deadline.
Last month, as part of legislation to create a Cabinet-level Homeland
Security Department, the House moved the luggage-screening deadline to Dec.
31, 2003.
Meanwhile, two Massachusetts men who were doing work for Airtag Inc. of
Cedar Grove, N.J., were indicted yesterday in federal courts in Boston and
Providence, R.I., for allegedly attempting to bribe TSA officials who were
testing the company's luggage-screening equipment at T.F. Green Airport in
Providence.
These developments came as the TSA raced to meet new requirements to
improve airport security and prevent hijackings. They demonstrate the
challenges faced by the agency, which is under pressure from airports to
abandon policies that could cause delays and to quickly approve new
technologies that could help both security and efficiency.
Under a law passed by Congress in November, the TSA must screen all checked
luggage for explosives by Dec. 31.
In yesterday's letter -- signed by managers of major airports, including
Baltimore-Washington International and Washington Dulles International --
officials said the TSA plan "involves squeezing both equipment and
personnel into already-congested airport ticket lobbies."
As a result, said the letter, at some airports, "it is estimated that
passenger delays could exceed three hours during peak travel times."
Sen. John Ensign (R-Nev.) has proposed legislation similar to the version
in the House, but key Senate Democrats are opposed.
Senate Commerce Committee Chairman Ernest F. Hollings (D-S.C.) may consider
delays on a case-by-case basis, his spokesman Andy Davis said, but he is
wary of granting a blanket delay.
In testimony before Congress in July, Loy said he intended to meet the
deadline. But last week, he told some airport directors that he was growing
skeptical about the timetable, given the current budget constraints.
Transportation Secretary Norman Y. Mineta said in May that the TSA, which
is part of the Transportation Department, needed $4.4 billion. But Congress
authorized only $3.85 billion on the recommendation of Mitchell E. Daniels
Jr., director of the Office of Management and Budget.
In yesterday's indictments, Darrall Loren Redburn of Weymouth, Mass., and
Angelo M. Troisi of Peabody, Mass., are accused of conspiring to offer
payments of $1,000 to TSA employees testing Airtag equipment.
The men were arrested yesterday by agents of the Transportation
Department's inspector general. Neither is an employee of Airtag. Redburn
worked for an Airtag contractor, according to the U.S. attorney's office in
Providence. It did not release details of Troisi's employment, and his
attorney, John Wall, said he did not know further details.
Airtag makes a plastic clip and a plastic tag that can be attached to the
zipper of luggage to show that it has been screened. To open the luggage,
the clip or tag must be cut.
William Dimitri, an attorney for Redburn, said his client pleaded not
guilty yesterday. Wall said his client will plead not guilty later this week.
An employee at Airtag reached yesterday said he was unaware of the indictments.
******************************
Washington Times
Visa-tracking law big headache for colleges
Universities across the country are scrambling to comply with new
federal regulations requiring administrators to set up electronic databases
that would track foreign student-visa holders.
By law, universities must have the new Student and Exchange Visitor
Information System (SEVIS) part of a change in Immigration and
Naturalization Service rules operating by Jan. 30.
But many school officials said last week they may not make that
deadline, which, according to preliminary reports, would prohibit
universities from issuing immigration documents for foreign students or
prevent already enrolled international students from attending classes next
winter.
School officials said the costs associated with purchasing the
software and the lack of adequately trained administrators could prevent
their schools from meeting the deadline. The new system could cost a
university up to $25,000 for software and maintenance and requires that a
number of employees be trained to use it.
School officials said they want the INS to assure them that the
system will work before they purchase the necessary equipment. They also
said the INS has not yet released its final regulations, leaving many
officials with unanswered questions five months before going live with the
program.
"A vast majority of the universities want international students to
study at their campuses," said Chris Simmons, assistant director of
government relations at the American Council on Education, which represents
1,800 colleges and universities nationwide. "But the schools don't want to
be investing in something that may not work. We want to make sure that this
is high quality, most efficient and the most effective system that's out
there. We want to get this thing going, too."
INS officials deny there is any widespread problem with compliance
and said 500 schools are already registered and beginning to use the system.
The program will affect thousands of students in the United States.
Some 547,876 persons held student visas in the 2001-2002 academic year,
according to statistics compiled by the Institute of International
Education. Some 514,723 students held visas in the 1999-2000 school year,
statistics show.
University officials say there are still lots of questions that
remain about the program, including what sort of information the INS will
want them to submit by Jan. 30.
"We're still waiting," said Karen Hartwig, assistant director of
admissions at the University of Iowa, which has about 1,800 international
students. "And we're afraid that once we do get it, we'll have to rush to
write the program, learn how to use it, get any bugs out before that
deadline. We certainly hope to be ready. We don't want to lose our ability
to enroll international students."
One question is: Must universities enter already enrolled students by
that deadline or just new students?
"We don't exactly know who has to be logged in by that date," said
Ted Goode, director of services for international students and scholars at
the University of California at Berkeley. Berkeley has about 5,500 people
it would need to log into the system before the deadline, which Mr. Goode
called an impossible task.
Universities like Berkeley that enroll a large number of
international students have asked the government to implement a batch
software, which school officials say will efficiently gather and be able to
send large amounts of information at once.
The batch software has not yet been written, but should be ready for
distribution sometime this fall.
The INS has been under pressure from Congress to have SEVIS running
since the September 11 attacks. For three decades, the INS required
universities to compile information on international students. But because
of the volume of paperwork it received, the INS told schools in 1988 to
keep the files on campus.
The INS came under increased scrutiny last fall when it was learned
that all 19 hijackers who carried out the attacks entered the United States
legally. Three of the hijackers were in the country on student visas.
One hijacker, Hani Hanjour, entered the United States on a student
visa but failed to show up at the campus where he was supposed to study.
Two others, including Mohamed Atta, entered on travel visas and switched to
student visas.
Federal officials have said SEVIS will help the INS receive
information sooner. SEVIS requires schools to track foreign students and
traveling-scholar visa holders. It requires schools to collect registered
visa holders' names, addresses and telephone numbers and their class schedules.
Schools will be required to notify the INS within 24 hours if a
student doesn't show up or drops out and to report the student's status
after each term. A student will have 30 days rather than six months to show
up on campus after entering the country.
The system will link every U.S. consulate with every INS port of
entry and all 74,000 educational institutions eligible to host foreign
students.
*****************************
Chronicle of Higher Education
Virginia Looks for Economic Lift From Academic-Technology Center
By DAN CARNEVALE
Despite budget troubles, Virginia has found money to begin construction of
an $18-million academic-technology center that officials hope will spur
economic development in the southern part of the state.
The new facility, called the Institute for Advanced Learning and Research,
is being built in Danville and will be jointly run by Averett University
and Danville Community College, both also in Danville, and Virginia Tech,
in Blacksburg.
The three institutions plan to offer joint degree programs in technology
fields, including computing, Web design, and information-systems
technology. Students will be able to transfer credits from the community
college through Virginia Tech's graduate programs. Courses will be offered
both face-to-face and online, with faculty members from each institution
contributing.
The new academic-technology center will provide equipment and facilities
that students will be able to use to conduct research. Supercomputers will
be available for students to study a variety of topics, including plant
genomes that might lead to new crops to help reduce the regional economy's
reliance on tobacco.
Budget deficits have halted many other construction projects at Virginia
colleges. And economic difficulties have forced institutions around the
country to cut back on technology programs. About $15-million of the
research-institute project will be financed through the state's portion of
the national tobacco settlement. Virginia has set aside about half of its
settlement money to refurbish the economies of areas in the state that
currently grow tobacco.
The institute, which is being built on former tobacco fields, is meant to
help turn rural towns into technology hotbeds so they can groom
computer-savvy workers and attract technology companies. "To really recruit
companies to the area, we have to have a large pool of IT workers," says
Betty Foster, vice president for academic services at Danville Community
College.
High-speed Internet cables are being installed in the area for the
institute and to act as another lure to technology companies. The
90,000-square-foot institute building is expected to be ready for both
instruction and research by fall 2003.
Tim Franklin, executive director of the institute, says the nearest
research institution is more than an hour's drive away -- and it's in North
Carolina. Building the institute in the Daville area and providing powerful
Internet access should help revive the area's economy, he says.
"The bigger metropolitan areas will always get the better services first,
so there's no way to catch up," says Mr. Franklin, who is also director of
university outreach programs at Virginia Tech for Southside Virginia. "This
was really a leapfrog strategy."
*************************
Washington Post
Northern Virginia Group Takes Lead in Dot-Org Bidding Process
By David McGuire
washingtonpost.com Staff Writer
Tuesday, August 20, 2002; 2:01 AM
"Dot-org," the world's fifth-largest Internet domain and online home to
thousands of nonprofit groups, should be managed by a Northern
Virginia-based group when the domain comes up for re-delegation in
December, global Internet addressing authorities said late Monday night.
The staff of the Internet Corporation for Assigned Names and Numbers
(ICANN) recommended that its governing board of directors choose the
Reston-based Internet Society (ISOC) to run dot-org when it awards the
contract later this year.
Operated for years by Internet addressing giant VeriSign Inc., dot-org is
slated to get a new landlord in December when VeriSign relinquishes its
hold on the domain.
Earlier this year, eleven entities applied to operate dot-org, which
accounts for more than 2.3 million Internet addresses.
ICANN, which manages the Domain Name System (DNS) under agreements with the
U.S. government, commissioned three evaluation teams to weigh the technical
and individual merits of the 11 proposals.
"The ISOC proposal was the only one that received top ranking from all
three evaluation teams. On balance, their proposal stood out from the
rest," ICANN President Stuart Lynn said in a prepared statement.
The recommendation will be thrown open for public comment before being
submitted for final approval by the ICANN board in late September. In the
past, the board has tended to closely follow staff recommendations on major
decisions.
ISOC Officials were not immediately available for comment. But last month,
ISOC spokeswoman Julie Williams said the group's longtime involvement in
coordinating the development of Internet standards and protocols made it a
logical choice to operate dot-org.
"ISOC was formed in 1991 by a lot of the pioneers that originally developed
he Internet as a focal point for cooperation and coordination in the
development of the Internet," Williams said in July.
ISOC has members in more than 100 countries and serves as the institutional
home for two key Internet standards-setting bodies, the Internet
Engineering Task Force (IETF) and the Internet Architecture Board (IAB).
In its bid, the nonprofit ISOC said it would rely on a for-profit
addressing company to provide backend operation of the domain.
Under the ISOC proposal, Afilias, based in Horsham, Pa., would administer
the physical operation of dot-org, charging ISOC a flat fee for each name
registered in the domain. Williams said last month that while ISOC was
still hammering out the details of that arrangement, the fee was expected
to be in the range of $3 to $5 per name, per year.
If the bid is ultimately confirmed, ISOC would maintain the annual
wholesale cost of a dot-org name at or below its current level of $6,
Williams said in July.
Individual Internet users buy dot-com, dot-org and other domain names from
Internet address retailers (called "registrars") who in turn pay flat
per-name wholesale fees to the registries that manage the domains.
VeriSign, the current dot-org registry, is giving up its management of the
domain as part of a deal it struck last year to cement its control of the
valuable dot-com domain.
***************************
Wired News
Mac Figurehead Hits His Waterloo
By Leander Kahney
Shane Anderson, the "list dad" of the once-mighty Mac EvangeList mailing
list, is in jail after being charged with two misdemeanors: unauthorized
computer access and criminal mischief of the third degree.
Anderson was arrested Friday at his Waterloo, Iowa, home, following
accusations that he broke into the computer of a would-be business partner.
Anderson is being held at the Black Hawk County jail on $5,250 bail. No
trial date has been set and Anderson has no lawyer yet.
Anderson, 28, runs the Mac EvangeList, an offshoot of Apple's Evangelist,
which in the mid-1990s was one of the most influential publications on the
Internet. Run by Apple's Guy Kawasaki, the Evangelist once had 45,000
subscribers, many of whom would besiege publications whenever they wrote
negative articles about the company.
Anderson took over the list's name and some of its subscribers when
Kawasaki retired the list after leaving Apple.
Anderson's arrest follows a complaint by Carl Blake, owner of Macaquarium
and a local ISP called Blake Systems, alleging Anderson remotely cracked
into his computer after business discussions went sour.
Blake said Anderson had been invited to Iowa to discuss setting up a
nationwide Macintosh-oriented ISP. Blake said he allowed Anderson to stay
at his home, provided him with free office space and hosted the Mac
EvangeList on one of his computers.
But after 2-1/2 months of free board and lodging, Blake said he finally
asked Anderson to leave.
"I threw him out," Blake said. "He stayed here 2-1/2 months and he paid for
nothing."
Blake said after evicting Anderson, he locked some of his luggage and
computer equipment in his office.
Blake said shortly afterwards he caught Anderson trying to remotely crack
into his computer. He alleged Anderson attempted to retrieve the Mac
EvangeList database. Blake complained to police, who seized Anderson's
computer in early May.
Waterloo Police Lieutenant Bruce Arends said Blake provided a log of the
server's activity, and that Anderson's machine has been examined by the
local office of the Secret Service.
The Secret Service was involved because of its expertise in computer
forensics.
Anderson wasn't available for comment, but in an e-mail interview conducted
in June, Anderson denied Blake's accusations. Anderson confirmed he'd gone
to Iowa to discuss business with Blake, but came away believing Blake was a
"slick con man."
"He turned out to be a compulsive liar to the extreme," Anderson wrote in
an e-mail. "I told him that I had decided I was not going to do business
with him. The next day he changed the locks on the office space he had
given me and has kept all my equipment and he stole the Mac EvangeList
database. The police will not charge him as they say it is a civil matter."
When asked to discuss the complaints in greater detail, Anderson declined
to elaborate, referring instead to the front page of the Mac EvangeList
website, which described being cheated by an unnamed con man. The page has
since been removed.
Anderson has long been dogged by controversy. For the last 18 months,
Anderson has been on the grandly named "Mac EvangeList World Tour,"
reporting Mac users' personal stories from Europe and the United States for
list subscribers.
But according to former business partners, advertisers and hosts, Anderson
has left a string of angry people in his wake.
"My blood boils every time his name comes up," said Bonnie Anderson (no
relation), an executive with software publisher Casady & Greene, who claims
to have paid Anderson $4,000 to sponsor his world tour.
Bertram Haller, who runs MacGuardians, said a couple of European Mac user
groups last year warned members not to accommodate Anderson during his tour.
And an early business partner, Walter Blanchard, who worked with Anderson
on the MacMarines mailing list, claimed Anderson hijacked the list.
Anderson was recently soliciting offers for the Mac EvangeList, which he
claimed has 42,000 members.
However, Blake contends there are fewer than 1,000 members, based on the
list he has seen and the traffic generated from his servers when he was
hosting the Mac EvangeList.
*************************
Azcentral.com
Under their thumb
Glen Creno
The Arizona Republic
Aug. 20, 2002
Retailers looking for a better way to identify shoppers and cut check fraud
are turning to high-tech fingerprint scanners to verify who's in the
checkout line.
The scanners are one of the latest wrinkles in biometrics, a field that
uses devices such as retina scans, face scans or voice recognition to
identify customers.
Some retailers say the systems save them thousands of dollars in bad-check
losses, but analysts worry that consumers will see it as yet another
intrusion into their privacy.
"That sounds awfully Big Brother to me," Scottsdale consultant Mike Adams
said. "I don't know how far the consumer wants to step into that."
A handful of mom-and-pop stores in Arizona use a fingerprint scanning
system from BioPay of Virginia. It stores customers' personal data and a
photo and links them with a fingerprint.
Jason Barno, manager of Los Amigos Market in Phoenix, figures the two bad
checks totaling about $900 wouldn't be sitting by the checkout counter if
the store had picked up the machine a few weeks earlier. He said the
previous owners of the store, which cashes payroll checks, once racked up
$10,000 in bad checks in one month, but he doesn't expect that to happen again.
The machine tipped the store to $700 in counterfeit checks from scammers
with access to a computer and sophisticated laser printer. He said
customers don't hesitate to sign up for fingerprint scanning so they can
easily cash their checks.
"I look at every check as a bad check," he said. "You have to convince me.
But with this there's no more pressure on your head, no more worries."
Biometrics business officials said personal identification is crucial in an
era when identity theft is on the rise and an estimated 500 million checks
are forged annually.
BioPay's system costs $8,900 to $10,000. Retailers get a computer to store
shoppers' personal data, a camera for photos and the scanning system to
record fingerprints.
The company is developing a quick-checkout system where a customer could
store an account number from a bank or credit card, swipe a finger at the
checkout and have the entire transaction approved and charged in an instant.
"You don't need to have cards or checks or anything," said Don Bauernfeind,
the company's chief operating officer.
Supermarket giant Kroger, which runs Fry's in Arizona, is testing a
fingerprint ID in Texas. Circle K tested a face-recognition system in
Arizona, but abandoned the idea when the vendor, InnoVentry Corp., went out
of business last year.
"We were having a lot of positive feedback from the machines as far as
people liking the convenience of check cashing at our stores," Circle K
spokeswoman Julie Igo said.
Hypercom, the Phoenix provider of credit-card terminals, launched a
fingerprint scanner that connects to a cash register. The company estimates
that fraud cost the card-payment industry more than $4 billion last year.
This month, Hypercom formed a special group to look for "growth
opportunities" in biometrics, secure identification, age verification and
other transaction security.
"Positive identification could virtually eliminate fraud overnight,"
Hypercom spokesman Pete Schuddekopf said. "That's been the goal of the
electronic-payment industry from Day 1."
Reach the reporter at glen.creno@xxxxxxxxxxxxxxxxxxx or (602) 444-8972.
***************************
USA Today
Firms beef up cybersecurity as breaches soar
By Jim Hopkins
SAN FRANCISCO Companies across the U.S., worried that cyberspace will be
terrorism's next battleground, have shored up security since Sept. 11.
About 77% of businesses improved defenses against hackers, viruses and
other attacks, says a survey of 233 corporations by Computer Economics.
Such threats are real. Cyberspace attacks jumped 64% from a year ago, says
security firm Riptech especially from countries such as Iran and Pakistan
that are known to harbor terrorists.
Also, 90% of big corporations and government agencies responding to a
survey by the Computer Security Institute and FBI said they uncovered
computer security breaches in the past year.
Earlier this month, the FBI warned America Online, Microsoft and other
Internet service providers about possibly imminent hacker attacks. AOL and
Microsoft took steps to shield their 43.7 million subscribers. No damage
was reported. Experts expect more such warnings as Sept. 11's first
anniversary nears.
The cyberspace threat is greatest for the nation's 5.6 million small
companies, which employ half of all workers and are the economy's backbone.
Small firms often lack money to hire full-time information-technology
professionals and rarely think they are likely terrorist targets.
Still, Computer Economics says companies with less than $1 million in
annual revenue were the biggest proportion of those that bolstered security
with:
Anti-virus programs. In Ann Arbor, Mich., chiropractor Darren Schmidt used
software before Sept. 11 to hunt for viruses contained in e-mail.
But after the attacks, Schmidt learned the program wasn't getting updated
often enough to guard against newly hatched viruses. Around the time of the
attacks, Schmidt had one virus attack that shut down his computer for a
week. Now Schmidt, who keeps contact information for 200 patients on his
computer, updates his software daily.
File-backup gear. In Charlotte, outplacement firm Forum Group was
sporadically copying computer files before the attacks. "We thought we were
in pretty good shape," says co-owner Bill Crigger. But employees fretted
about security after Sept. 11, so Crigger hired a consultant who
recommended a daily backup schedule.
Companies in remote places often think they don't need to worry about
terrorists targeting their computer networks. "Everyone believes it won't
happen here," says Jerry Rackley, a publicist in Stillwater, Okla. Yet
Oklahoma residents felt immune to terrorism until the 1995 bombing of the
Alfred P. Murrah Federal Building in Oklahoma City.
"The reality is, you have to prepare for the worst and hope for the best,"
Rackley says.
***************************
News Factor
Report: Average Worker's Tech Skills Not Keeping Pace
Although unemployment continues to make headlines, the glut in information
technology workers is only temporary, experts say. Once the economy
improves, demand for IT skills will rise again. But will the workforce be
ready? http://www.newsfactor.com/perl/story/19062.html
******************************
Federal Computer Week
DOD, FEMA test systems link
Joint exercise focuses on homeland security
Representatives from all armed services, the Federal Emergency Management
Agency and other organizations recently began exploring how compatible
their communications systems would be in homeland defense situations.
The 2002 Joint Users Interoperability Communications Exercise (JUICE),
which began Aug. 5 and runs through the end of the month, is using a mix of
legacy and new technologies to support communications, command and control
requirements for a deployed joint task force in simulated homeland defense
scenarios.
In such scenarios, the Defense Department plays a supporting role to FEMA
and other groups, said John Caruso, chief of DOD's Executive Agent for
Theater Joint Tactical Networks.
"We're looking for collaborative scenarios and making sure [military]
communications equipment is interoperable with FEMA's," Caruso said, which
includes not only establishing links among systems, but also identifying
redundancies. "We want to define the processes, methodologies and
information flows that are in place."
During JUICE, systems and operational approaches are being tested,
including network defense from cyberattacks. "We're putting a network up
and testing the defenses available," he said. "We'll be actively attacking
our network in a controlled fashion."
Technical and military personnel in about 60 units worldwide, representing
all the armed services, are participating in this month's exercise and will
be manning the Joint Communications Control Center, the communications hub
for JUICE.
The center, which was set up by the Army Communications-Electronics Command
Software Engineering Center and the Program Executive Office for Command,
Control and Communications-Tactical at Fort Monmouth, N.J., is controlling
all satellite and terrestrial communications and sensor activity during JUICE.
Air Force Lt. Col. Tom Dixon, senior military communications officer for
JUICE, said the exercise enables all of the services to test new software
upgrades and equipment and "work through the issues that come into play."
JUICE is being carried out in phases, the first of which establishing
links for satellite communications among the different players is under
way, Dixon said. "Once those are set up, we'll begin the proof of concept
with the equipment that's online."
FEMA, which participated in JUICE for the first time last year, is playing
a bigger role in this year's exercise as part of a new collaborative
initiative with the military, Caruso said. FEMA Mobile Emergency Response
System detachments will participate along with civil support teams from a
number of states including Arkansas, Louisiana, Massachusetts, Missouri,
New Jersey, New York, Oklahoma, Pennsylvania and Texas.
Eric Hainzer, a telecommunications specialist in FEMA's mobile operations
branch, said that although his agency has vast experience responding to
disasters, exercises such as JUICE and others offer "opportunity training"
for working with DOD in scenarios involving homeland defense and weapons of
mass destruction.
Air Force Senior Master Sgt. Carl Sherblum, watch chief for JUICE, said the
Defense Message System (DMS) is one of the main systems being tested during
the exercise. DMS is the secure messaging system that is replacing DOD's
Automatic Digital Network, commonly known as Autodin. Testing DMS during
JUICE is essential because FEMA also uses a version of it, he said.
"What we're trying to do, whatever homeland security ends up being, is to
have a skeleton in which to operate...and templated off to latch up the DOD
and civilian communities," Hainzer said, adding that FEMA is the only
civilian agency with a deployable DMS that is compatible with the defense
community. "That's a critical element that's been missing for some time,
that cross-connect between the two."
Participation in JUICE, which was first conducted in 1996, is voluntary and
participating agencies and units pay their own way, Caruso said. "There's
no centralized pot of money. People participate because there's something
in it for them."
***
JUICE Mix
During the Joint Users Interoperability Communications Exercise, which was
first conducted in 1996, members from the armed services, the Federal
Emergency Management Agency and the Defense Department explore how
compatible their communications systems would be in homeland defense
situations.
This year's exercise began Aug. 5 and runs through the end of the month
using a mix of legacy and new technologies to support communications,
command and control requirements.
The initial focus this year is on establishing links for satellite
communications among the various players.
**************************
Federal Computer Week
NARA seeks ideas for e-records archive
After devoting three years and spending more than $20 million to research
and build some of the basic components of an electronic records archive,
the federal government is asking private companies to submit any ideas they
might have to help turn the idea into reality.
The National Archives and Records Administration is searching for some
workable way to save electronic records for decades or even centuries. But
the agency faces at least two daunting problems: Fast-changing technology
means that electronic files created just a few years ago are already in
obsolete formats and may no longer be retrievable. And the sheer volume of
e-records 36.5 billion a year in e-mail messages alone is overwhelming.
In a request for information to vendors, NARA officials indicate that they
are open to any suggested solutions.
"We want to be sure there isn't something else out there that we should be
looking at," said Reynolds Cahoon, NARA's chief information officer. "We're
vitally interested in seeing what the vendor community has to offer."
NARA is especially interested in "off-the-shelf products" that might meet
its e-records storage needs, he said.
The RFI notes that NARA is already involved in "a number of research
activities and prototypes" for long-term e-records storage systems but, the
agency stresses, prior work "does not imply any commitment by NARA" to
those technologies and architectures.
"We want to get as many creative ideas coming forth as possible," said
Lewis Bellardo, deputy archivist of the United States. "We did not want to
constrain the responses we might get" by listing system requirements
specific to the prototypes NARA has already developed.
Records management officials at NARA were not available to discuss whether
the prototypes they have developed still appear likely to solve the
agency's e-records problems.
In 1991, U.S. Archivist John Carlin announced that a major breakthrough in
storage technology could mean that a pilot version of an e-record archive
could be operating by 2004 or 2005.
But Bellardo and other NARA officials make it clear that they are open to
other solutions. A statement released by NARA says the RFI is intended to
generate information "from vendors and integrating contractors in order to
determine the best solution for building" the e-records archive.
To ensure that NARA receives enough good ideas, the agency intends to issue
two more RFIs, Bellardo said.
NARA hopes to award two or three system design contracts that will lead,
after 18 months, to a single system designer.
Ultimately, NARA intends to use "a modular contracting approach" that will
divide the e-records archive project into segments, with each segment
producing a usable component of the archive.
Companies have until Sept. 4 to respond to the RFI, but some may be
reluctant to offer their best ideas, said Michael Tankersley of Public
Citizen. "I do not know why anyone would give very meaningful information
at this point since it might benefit competitors."
After the other two RFIs are issued, NARA plans to hold an industry
conference on the e-records archive next spring.
Two years ago, Carlin told Congress it would cost $130 million and take
five years to build an e-records archive.
************************
Federal Computer Week
Justice sets deadline for fingerprint matching
Starting Sept. 11, hundreds of foreign visitors who step off airplanes or
arrive at U.S. border crossings will be directed to immigration inspectors,
who will fingerprint and photograph them.
While inspectors collect information on the visitors' backgrounds and their
reasons for coming to the United States, computers will be comparing their
fingerprints to tens of thousands of prints collected from foreign felons,
terrorists and suspected terrorists.
If there is a match, the visitors may be denied entry or arrested. If they
are cleared for admission to the United States, their fingerprints and
photographs will be added to a database for future identification purposes.
For those cleared, the whole process should take no more than 10 minutes,
according to Kris Kobach, a Justice Department official involved in an
aggressive effort to tighten immigration practices in the aftermath of last
year's terrorist attacks.
Aside from the photos and fingerprints at ports of entry, the department
will require foreign visitors to register with the Immigration and
Naturalization Service when they have been in the United States for 30 days
and once a year thereafter.
That means foreign visitors must "appear in person at an INS field office"
to answer questions about their activities in the United States and supply
proof of where they are living, working or attending school, Justice
officials said.
INS will require visitors to disclose much more information about
themselves than they have in the past, Kobach said.
Finally, visiting foreigners will be required to register with INS when
they leave the United States. Failure to register upon departure could make
them ineligible for re-entry.
The fingerprinting, photographing and reporting requirements are intended
to "expand substantially America's scrutiny of those foreign visitors who
may present an elevated national security risk," Attorney General John
Ashcroft said Aug. 12.
Initially, INS will target visitors from Iran, Iraq, Libya, Sudan and
Syria, as well as visitors from other countries who are identified by the
State Department as being a risk to national security or who fit INS
criteria for closer inspection.
But Ashcroft said he sees the system as the first step toward developing a
comprehensive entry/exit system that will eventually be used to check
almost all foreign visitors.
The plan is greeted with skepticism from some immigration experts.
"It's a false solution to a real problem," said Judy Golub, senior director
of advocacy and public affairs for the American Immigration Lawyers
Association.
Fingerprinting and photographing arriving foreigners is unlikely to catch
many terrorists, but it is bound to cause major delays at ports of entry,
she said. Most of the Sept. 11 terrorists had no prior records and were not
included on watch lists.
Meanwhile, making foreign visitors report to the INS periodically while
they're in the United States will catch no terrorists at all, Golub said.
Those here to commit terrorism simply won't report in, she said.
More effective efforts include greater intelligence gathering and sharing
among agencies, including the State Department, and "preinspection and
preclearance" of foreign visitors at U.S. consulates overseas, she said.
But Justice officials said that fingerprinting and photographing people at
ports of entry have already been proven to work.
Since January, INS inspectors have been using the technology at a number of
ports of entry and have averaged more than 70 matches a week between the
fingerprints of arriving foreigners and prints in databases of wanted
felons. As a result, INS officials have made more than 2,000 arrests.
"It has been staggeringly good," Kobach said. n
Looking for a match The screening that begins Sept. 11 will include
fingerprint comparisons against a database that contains prints collected
in Afghanistan and Pakistan, including prints collected by U.S. forces at
al Qaeda training camps. "We're very excited about that," said Kris Kobach,
a Justice Department official involved in the effort. The Immigration and
Naturalization Service may be able to link people to fingerprints that were
almost certainly left by terrorists. Allies around the world have sent the
U.S. digital fingerprints of suspected terrorists. Foreign visitors' prints
will be checked against those and against prints in the FBI's Integrated
Automated Fingerprint Identification System and INS' IDENT database of more
than 4.5 million foreign visitors' prints. Justice officials said up to
200,000 visiting foreigners a year will be fingerprinted and photographed.
That's "a small percentage of the more than 35 million nonimmigrant aliens
who enter the United States each year," Attorney General John Ashcroft said.
*************************
Government Computer News
Homeland security chiefs outline IT requirements
By Wilson P. Dizard III
PHILADELPHIAIT leaders from the White House and intelligence agencies gave
homeland security a push forward today by pooling their information-sharing
plans.
"It's about all of us figuring out how to share information to meet the
needs of those combating terrorism," said Homeland Security Office CIO
Steven I. Cooper at the Government Symposium on Information Sharing and
Homeland Security
Cooper said the government needs to open a dialogue on the effects of laws
and policies that restrict information sharing among federal agencies. But,
he added, "it is important that we do not swing the pendulum too far and
jeopardize our civil rights and civil liberties."
Cooper has formed four CIO working groups to analyze matters surrounding
information-sharing: border and transportation security; first responders;
chemical, biological, radiological and nuclear weapons of mass destruction;
and state and local information. He said the border and transportation
group is the furthest along in its work
"Just last week we met with a team that the National Association of State
CIOs chartered to develop some definitions and plans," Cooper said.
Cooper cited several conditions that must be avoided in improving
information sharing among agencies:
Redundant efforts
Political and cultural roadblocks
Problems introducing new IT, especially against the backdrop of the
government's impending loss of IT professionals through retirement
Inadequate funding
Poor communications with the public.
Winston Wiley, associate CIA director for homeland security, said his
agency would support all activities of the proposed Homeland Security
Department, not just its intelligence operations. The CIA director "said
the department's most important role would be translating the enemy's
activities overseas into a system of protection for this country," Wiley said.
************************
Government Computer News
BlackBerry to get S/MIME security
By Susan M. Menke
BlackBerry handheld devices used in the military services can get a
government-specific Secure Multipurpose Internet Mail Extensions protocol
upgrade of their software under a National Security Agency contract with
the devices' maker, Research In Motion Ltd.
Mike Lazaridis, president of the Waterloo, Ontario, company, said Defense
Department users of the BlackBerry 957, 5810 or 6710 handhelds would pay
undisclosed licensing fees for the S/MIME public-key cryptography upgrades
from NSA. He declined to give the value of the development contract.
The software upgrade will encrypt messages and attachments to and from a
user's desktop system and a synchronized BlackBerry, under a second
password for that user's existing DOD digital certificate. The BlackBerry
already has Triple Data Encryption Standard e-mail protection and Federal
Information Processing Standard 140-1 certification, Lazaridis said. S/MIME
will extend that security by guaranteeing user-to-user authorship over
different e-mail systems, he said.
The encrypted messages cannot be viewed in the device's in-box without the
second password, Lazaridis said. A color BlackBerry screen is under
development.
*************************
Government Executive
White House to launch Web site for government, industry tech experts
By Molly M. Peterson, National Journal's Technology Daily
PHILADELPHIA -- The White House plans to launch a Web site that would
enable government and private-sector technology experts to exchange ideas
for better information-sharing practices, the Office of Homeland Security's
chief information officer announced in Philadelphia Monday.
"I need your help," Steven Cooper told more than 900 high-tech
professionals from 32 states during a keynote address at a three-day
homeland security conference. "We can't get a view of America from inside
the Beltway. ... We don't know it all. We've got to hear from everybody."
Cooper said the Web site would enable high-tech firms and agencies at all
levels of government to share their "best practices" for data fusion and
integration with the Office of Homeland Security. He noted that the Sept.
11 terrorist attacks prompted communities in many statesincluding
Pennsylvania, Texas, Minnesota, Utah and Californiato launch
information-sharing initiatives that have proven effective and that might
be worth implementing nationwide.
Cooper said several communities in the Dallas area, for example,
collaborated with the local FBI field office and the private sector to
develop an emergency-response network that allows for the "reasonably
secure" exchange of sensitive data regarding suspected criminal activity.
He said the new system already has led to several arrests.
"They did it on a shoe string ... but it is extremely successful," Cooper
said. "It's an example of something we can replicate ... in other parts of
the country."
Cooper said he expects the Web site to be online in two to three weeks.
"Once it's done, please talk to us," he said. "I need to know about best
practices, centers of excellence and capabilities that already exist in
America today. The Web site will enable us to share and communicate what's
going on."
Pennsylvania Republican Curt Weldon, who chairs the House Armed Services
Procurement Subcommittee and served as Monday's other keynote speaker, said
that by failing to establish an effective, nationwide information-sharing
system well before Sept. 11, the government "basically failed the American
people."
"We could have and should have had, before 9/11, a better capability for
fusing our data," Weldon said, noting that he has been calling for a
nationwide center since the late 1990s. "There's no integrated domestic
communications system in America."
Another problem, Weldon said, is that the U.S. education system does not
place enough emphasis on information security and information sharing.
"Every college trains young people how to use computers," Weldon said. "The
real need in the 21st century is to be able to ensure the security of that
data."
Cooper said federal agencies with homeland security functions will face a
critical shortage of data-security experts in about five years, when about
half of their information technology employees will be eligible for
retirement. He said replacing those employees with "skilled and talented
information technology professionals" will be a challenge because the
federal government cannot compete with most private-sector salaries and
benefits.
"We're losing people," Cooper said. "It's a problem because we don't have
the skill sets to introduce new technologies."
****************************
Computerworld
Record labels sue ISPs over access to site
Five major record companies have sued four of the biggest Internet service
providers in an attempt to stop what the record companies say is blatant
copyright infringements occurring at a music Web site registered in China.
The suit, filed Friday in U.S. District Court for the Southern District of
New York, seeks a preliminary injunction ordering AT&T Broadband Corp.,
Cable & Wireless USA, Sprint Corp. and WorldCom Inc.'s UUnet division to
block Internet communications to and from servers run by www.listen4ever.com.
As of today, the site couldn't be accessed. But it was unclear whether the
operators had voluntarily shut it down or moved it to another site.
The suit alleges that the site makes available "for illegal copying and
distribution on the Internet" recordings that are the copyright property of
BMG Music, a division of German media giant Bertelsmann AG; Sony Music
Entertainment Inc.; UMG Recordings Inc.; Virgin Records America Inc.; and
Warner Brothers Records Inc. The recording companies targeted the four
Internet service providers because Web users in the U.S. rely on their
backbone routing services to gain access to the site.
These services put the four service providers in a unique position to cut
off access to Listen4ever.com at the Internet entry point into the U.S.,
the Recording Industry Association of America Inc. said in a statement
Friday. The record companies' goal is to stop the infringements occurring
at the site.
The suit says Listen4ever.com has engaged in a number of tactics that make
its operation more egregious than the music-sharing service run by Napster
Inc., which was shut down by court order. For example, Listen4ever.com lets
users download entire music albums, while Napster's focus was individual
songs, the suit says. It also hosts the digital music on a central server,
while Napster provided a peer-to-peer software that allowed users to search
the hard drives of other users for music files they wanted. In addition,
Listen4ever.com has made available at least one album before its commercial
release.
The suit also alleges that the site uses offshore servers in an attempt to
shield itself from the reach of U.S. law. The domain name is registered to
an individual in Tianjin, China, whom the suit doesn't identify. The link
from the site for contacting its operators sends e-mail to an anonymous
Yahoo Inc. e-mail account.
"In enacting the Digital Millennium Copyright Act, Congress anticipated
that infringers might attempt to move offshore to avoid U.S. law," the suit
says. "The DMCA permits a copyright owner to seek injunctive relief to
require ISPs to block access to such sites. That is exactly the situation
here and the limited relief plaintiffs are seeking."
Spokesmen for AT&T Broadband, Sprint and WorldCom declined to comment on
the suit, citing company policies against discussing ongoing litigation. A
call to Cable & Wireless USA wasn't returned.
**************************
USA Today
FAA says you can use PDA on jet
By Christopher Elliott, special for USA TODAY
On a recent flight from Newark, N.J., to Orlando, Mike Corbo decided to
check his e-mail. Instead of plugging into a $3.99-a-minute in-flight
phone, he powered up his Palm VII and downloaded the messages wirelessly,
at 35,000 feet.
"I found that as long as we were flying over a major city, I would easily
connect and send or receive e-mail without a problem," says the Lyndhurst,
N.J., information systems manager.
No one tried to stop Corbo because what he did is legal. The Federal
Aviation Administration doesn't ban the onboard use of a personal digital
assistant even one that can connect to the Internet through a cellular
network according to FAA spokesman Paul Takemoto. "He isn't violating any
rule," he says.
If, on the other hand, Corbo had been using a portable phone, he'd be
breaking a Federal Communications Commission rule that prohibits the use of
cellular devices on planes, Takemoto adds. The operation of a cellular
phone is thought to interfere with an aircraft's navigational systems.
But in an age of convergence, who's to say what's a PDA or a cell phone?
That's a question Bob Johnson may have to ask himself soon. The Houston
consultant uses his BlackBerry to connect to the Internet wirelessly all
the time including from a commercial airplane.
"It connects every time I pass over a served city and am in range of a
transmitter," he says.
"So when I go from Houston to Denver, I have connected service over Dallas
and approaching Colorado Springs," Johnson says. "I've only had one person
tell me to make sure the transmitter is turned off, and that was on the
ground in Austin last week."
What if Johnson decides to upgrade to a BlackBerry 5810, which offers
optional phone service? Is he still using a PDA or is it a phone or
something in between? Do the FCC rules apply to his handheld device?
Terry Wiseman, an expert on in-flight communications systems and editor of
the newsletter Airfax.com, says people may bicker over where a PDA ends and
a cell phone begins, but in some respects, both devices do the same thing.
"A personal digital assistant may use less bandwidth to check e-mail, but
basically you're using the same frequency as a cellular phone, and in much
the same way," he says.
He suggests that the government's policy on PDAs may be outdated, given the
convergence of phones and computing devices.
Matt Greer hopes the rules stay the way they are. On some PDAs, you can't
power down the wireless connection unless you shut the device completely off.
"Unless there's a way to disable the phone part of the device so you could
use other applications, like text editors, you won't be able to get
anything done during the flight," says Greer, a chemical engineer from Lake
Jackson, Texas.
Others, like John Turner, are skeptical that the existing rules are
anything more than a ploy to help airlines earn more money.
"Do cell phones interfere with navigational equipment?" asks the McLean,
Va., frequent traveler. "Make them prove it. I'm an electrical engineer,
and I can't for the life of me see how a cell phone is going to mess up
aircraft navigation systems. I'm suspicious that they just want to sell
minutes on those seat-back phones."
But Sharon Wingler, a flight attendant and author of the book Travel Alone
& Love It: A Flight Attendant's Guide to Solo Travel, thinks using any kind
of wireless device aboard a plane is unsafe and that any loopholes in
policy should be closed as soon as possible.
"It's hard to describe how frightening it is when the pilots call back to
tell me that they're having instrument problems and ask me to hurry through
the cabin to see if some idiot is using his cell phone or illegal PDA," she
says. "Don't we have enough to worry about now?"
***************************
USA Today
Telecommuters find they're not missing out on promotions
CHARLOTTESVILLE, Va. (Reuters) Four years ago, when pharmacist Donna
Zarzuela's physician husband, Jose, had to relocate to Baltimore, she
stopped by Zeneca Pharmaceutical's human resources office in Wilmington,
Del., to tender her resignation.
She had been commuting 230 miles daily round trip to Wilmington from
Ellicott City, Md., and now her employer was moving to Frazier, Pa. and the
lengthier drive would have been just too much time behind the wheel.
"It wasn't company policy to let people work at home then but they said
they would look into it and I became the first person in my department to
telecommute," she said.
The results came up roses for Zarzuela, who has been promoted twice since
and now earns more money working 30 hours a week part-time than she did
putting in 40 hours full-time five years ago.
What's more, with commuting time slashed, Zarzuela has more time with
daughters Kira, 4, and Audrey, 6 months. While Zarzuela works, her mother,
Inocencia, cares for Audrey, and Kira attends preschool.
Zarzuela's experience is becoming increasingly common as employers step up
telework options for employees and cut office space costs.
According to economist John Sargent of the Bureau of Labor Statistics, in
Washington, nearly 20 million people did some work at home as part of their
primary job last year. That's about 15% of the labor force a figure that
grows steadily.
Like many employees reassigned as teleworkers, Zarzuela worked with little
supervision in an office by telephone largely on her initiative, and did
not meet directly with customers on a daily basis. Her title is Senior
Medical Information Manager.
Her doctorate in pharmacy qualified her to answer medical inquiries about
Zeneca's products from doctors and other health care professionals. Company
sales staffers load questions put to them by doctors into their laptops and
e-mail them to Zarzuela.
After the British Zeneca Group merged with Swedish Astra in 1999 to form
AstraZeneca, corporate policy changed to allow more staffers to telecommute.
"Almost everybody teleworks one or two days and that includes
administrators as well as managers," Zarzuela said. "Of 80 people in our
department, 40 telework once a week."
Since she began telecommuting, Zarzuela has continued to earn excellent
performance reviews and her pay increases have totaled 30%. She credits the
raises in part to the fact that "I get a lot more work done at home than
when I was in the office."
"You're not taking coffee breaks. There isn't somebody walking by your door
and chatting to say 'Hello.' So I tend to get a lot more work done in a
shorter period of time," Zarzuela said.
Lynda Finis, Zarzuela's team director, agreed. "As manager in a group in
which most everyone telecommutes at least some times, I find that
productivity is actually increased."
Telecommuting also improves teamwork, "since the work group has to make
sure there is adequate coverage, and meetings are scheduled for when people
are physically available," Finis said.
Many teleworkers say the danger in working from home is not so much
sloughing off as overdoing.
"You have to separate yourself from your office," Zarazuela said. "When
you're walking through your house on the weekend and you have two hours and
nothing to do and you're a workaholic, you have to resist working. The
company is very concerned that you may neglect your family and they don't
want you spending so much time at work."
For Zarzuela, teleworking is "sitting in my home office four days, seven
and a half hours a day, either answering questions or reviewing documents
for scientific accuracy." One day a week she drives to the Malvern office
to touch base with colleagues and attend meetings.
"If you work from home as much as I do, when you go to the office you have
to make an extra effort to get out and see everyone and network," Zarzuela
advised. "I have good rapport with my manager but you also need to be
visible with other people in the department." In that sense, her need to
touch base is reminiscent of expatriates.
Zarzuela's home office replicates the one she had at work: an IBM Think Pad
computer hooked up to a secure, high-speed line, monitor with mouse and
keyboard, fax machine, printer, business phone and pager, and cell phone.
The idea of teleworking, apparently, is catching on at Astrazeneca,
Zarzuela said. "Other departments are trying to find out how we do it
because they want to telework as well," she said.
**************************
The Guardian
Privacy fear over plan to store email
EU wants data retained to help fight against crime
Richard Norton-Taylor and Stuart Millar
Records of personal communications, including all emails and telephone
calls, will be stored for at least a year under a proposal to be decided by
EU governments next month.
Under the plan, all telecommunications firms, including mobile phone
operators and internet service providers, will have to keep the numbers and
addresses of calls and emails sent and received by EU citizens. The
information, known as traffic data, would be held in central computer
systems and made available to all EU governments.
The move could lead to a further extension in the powers of European
security and intelligence agencies, allowing them to see the contents of
emails and intercepted calls and faxes, civil liberty groups fear.
The plan, drafted in Brussels, has been leaked to Statewatch, an
independent group monitoring threats to privacy and civil liberties in the EU.
"The traffic data of the whole population of the EU - and the countries
joining - is to be held on record. It is a move from targeted to
potentially universal surveillance," Tony Bunyan, Statewatch editor, warned
yesterday. "EU governments claimed that changes to the 1997 privacy
directive would not be binding on member states - each national parliament
would have to decide. Now we know that all along they were intending to
make it compulsory across Europe."
Although the move was initially explained by the need to fight terrorism,
EU officials now argue it is necessary to fight all serious crime,
including paedophilia and racism.
A "draft framework decision" for the European council states that it is
essential for all member states to apply the same rules. It said that the
purpose was to harmonise the retention of traffic data to allow criminal
investigation.
The decision is a victory for the UK which, encouraged by Washington, has
been pushing for a compulsory EU-wide data retention regime.
But civil liberties campaigners claim that compelling communications
companies to retain the records of all their customers for long periods
amounts to blanket surveillance on the entire EU population and will lead
to law enforcement agencies conducting "fishing expeditions" against
innocent citizens.
The EU admits the plan involves an invasion of privacy but says the periods
for which it must be retained - a minimum of 12 months and a maximum of 24
months - is "not disproportionate".
The data would include information identifying the source, destination, and
time of a communication, as well as the personal details of the subscriber
to any "communication device".
For law enforcement agencies to access the data, the draft EU decision
gives a minimum list of offences, including "participation in a criminal
organisation, terrorism, trafficking in human beings, sexual exploitation
of children", drug trafficking, money-laundering, fraud, racism, hijacking
and "motor vehicle crime".
It states that the "confidentiality and integrity" of retained traffic data
must be "ensured" but does not say how. Individuals have no right to check
whether the information held about their personal communications is
accurate or legally challenge decisions about its use by EU authorities.
A member state will not be able to refuse a request for information from
another member state on human rights or privacy grounds. There is also no
common EU list of crimes caught by the plan or of public agencies which
could demand the information.
But there is one element in the EU plan that the Britain will not welcome.
It says that personal data could be handed to security services and law
enforcement authorities only with judicial approval.
In Britain, the regulation of investigatory powers act allows law
enforcement and intelligence agencies to access personal communications
data covering a wide range of purposes, including public health and tax
collection, without any court or executive warrant.
In June, the Guardian revealed plans to extend the powers to access data to
all local councils, seven ministries and 11 quangos. David Blunkett, the
home secretary, bowing to intense public and political pressure, admitted
the government had "blundered" into the issue and that further consultation
was needed.
But the legality of the entire data retention framework in this country has
been cast into doubt. The information commissioner, Elizabeth France, has
warned the Home Office that the new powers could be illegal because another
law - the Anti-Terrorism Act rushed through parliament after the September
11 attacks - allows such data to be retained and accessed only on national
security grounds. According to legal advice from an eminent QC, this would
be illegal under human rights law.
***************************
News.com
Group warns of massive EU surveillance
By Graeme Wearden
Privacy advocates claim that the European Union plans to make sweeping
changes to laws that govern communications-related data retention and
privacy, requiring the long-term storage of such information and making it
available to governments.
Statewatch, a U.K.-based Internet organization that monitors threats to
civil liberties within Europe, said Monday that European governments are
planning to force all of the continent's telephone carriers, mobile network
operators and Internet service providers to store details of their
customers' Web use, e-mails and phone calls for up to two years.
This data would be made available to governments and law enforcement agencies.
The European Parliament is currently debating changes to the 1997 EU
Directive on privacy in telecommunications, which governs existing laws on
communications data retention. This directive states that traffic data can
only be retained for billing purposes and must then be deleted.
European governments were expected to agree to changes to the 1997
directive that would allow individual countries to bring in laws forcing
communications companies to retain data.
Statewatch, though, said it has seen a copy of a binding "framework
decision" that is currently being worked on by some EU governments. The
framework decision, which could be voted into law next month, would force
all governments to pass laws that would compel communications companies to
retain all traffic data for 12 months to 24 months.
As previously reported, it has been rumoured for some time that EU
governments were secretly working on such changes.
"EU governments claimed that changes to the 1997 EC Directive on privacy in
telecommunications to allow for data retention and access by the law
enforcement agencies would not be binding on member states--each national
parliament would have to decide. Now we know that all along they were
intending to make it binding, compulsory across Europe," Tony Bunyan,
editor of Statewatch, said in a statement.
Bunyan added that the draft framework decision would sweep away the basic
rights of data protection, scrutiny by supervisory bodies and judicial review.
The framework decision may include the provision that the police would need
to obtain a judicial order before gaining access to traffic data, but
Statewatch warns that such conditions have been sidestepped before.
************************
Wired News
Haiku'da Been a Spam Filter
By Michelle Delio Win a 50" HDTV or a Xerox Printer!
Refined poetry and ruthless legal prosecution have been brought together in
the latest effort to stop spam.
A hidden scrap of copyrighted poetry embedded in e-mails will be used to
guarantee that any message containing the verse is spam free. And if
spammers dare to hijack the haiku, they will be aggressively sued for
copyright infringement.
The service is being offered by "Habeas," a new spam-filtering service
headed by anti-spam activist and attorney Anne P. Mitchell.
Habeas doesn't stop spam by blocking suspicious e-mail. It prevents it by
aggressively monitoring who is using the service to send mail, and then
allowing people to set up e-mail program filters specifying that all
messages containing the Habeas haiku should be delivered -- no matter how
"spammy" the contents might appear to the average e-mail filter.
E-mail filters are lists that block or redirect the delivery of e-mail that
comes from known spammers, or messages that contain words and phrases
typically found in spam. But legitimate e-mail may also contain references
to the sorts of health, sexual, financial and legal issues that often
appear in standard spam.
Due to increasingly aggressive filtering, publishers of subscription e-mail
newsletters complain that they are being forced to self-censor their
publications, carefully omitting phrases or sometimes even deliberately
misspelling words that might trigger a spam filter.
Writers, reporters and editors say that some e-mailed stories and news
releases never arrive at their destinations due to spam filtering.
And a number of people from Asian countries -- increasingly the subjects of
wide-scale spam blocks -- have all but given up on sending messages to
their friends and colleagues in the United States and Europe.
And still the spam keeps coming.
"Existing law offers little protection from spammers, who continue to find
new ways to beat even the most sophisticated filtering technologies,"
Mitchell, former legal affairs director for Mail Abuse Prevention System
(MAPS), said.
"Technology alone can't stop spam. But existing copyright and trademark law
used in conjunction with Habeas' system allows us to sue and shut down
spammers while protecting senders of legitimate mail."
Mitchell says if a spammer uses the Habeas haiku along with other
trademarked text in an e-mail, Habeas can and will seek penalties of $1
million and more for copyright and trademark violation. It will also help
shut down offenders' businesses through legal injunctions and -- in the
worst cases -- refer them for criminal prosecution.
Dun and Bradstreet have agreed to serve as Habeas' collection agency,
Mitchell said. And several major commercial spam filtering services, such
as "Spam Assassin" and "Mail-Filters.com" intend to add Habeas to their
spam-filtering arsenal.
Habeas also intends to provide lists of unrepentant spammers to maintainers
of the "blacklists," which many systems administrators use to block all
e-mail from known spammers.
Some publishers of small, subscription-based newsletters say they welcomed
the new filtering system since it's becoming increasingly difficult to
deliver their product past spam filters. The struggle has forced many to
self-censor the information they provide to their subscribers.
"What is absolutely as annoying as hell, from the ethical e-mail
publisher's perspective, is the idea that you may have to edit your word
choices and phrasing or a percentage of your subscribers won't see what you
deliver to them because the mail will simply not reach them, or will go
into a 'Suspected Spam' folder that they may not ever open," Steve Outing,
senior editor at the Poynter Institute for Media Studies, said.
Ironically, Outing's recent column for Editor and Publisher on why he hates
spam filters was trapped by a spam filter and not delivered to his editor.
"I purposely loaded the column with some words that filters tend not to
like to make a point about not wanting to be censored by software," Outing
said. "I e-mailed it to my editor at E&P, but it got blocked by the spam
filter installed on his company's server."
"This was particularly annoying, because the filter was set to just trash
what it identified as spam; my editor had no way of knowing I'd sent him
anything, and I didn't get a bounce-back message saying I'd been blocked."
He eventually had to e-mail the column to his editor's home e-mail address.
"The root of the problem, or course, is spam," Outing said. "Spammers not
only annoy the majority of Internet users and suck up ISP bandwidth, they
also cost ethical e-mail publishers money. The ultimate solution is to
outlaw spam. I doubt there can be such a thing as a perfect spam filter."
Habeas' success will depend on how aggressively the company pursues
violators, and how many people opt to use the service and notify the
company of any spam they may receive that was "sanctioned" by Habeas.
Individuals can freely use Habeas filtering with their existing e-mail
programs. The service is also free for Internet service providers.
Businesses will be charged $200 a year for use of Habeas' services.
Commercial e-mailers who meet Habeas' strict definition of non-spam will be
billed a penny per sent message for the warranting service, capped at
$3,000 per month.
The fee may seem steep for small-scale publishers and marketers, but some
said it would be worth it to guarantee their product would actually arrive
in subscribers' in-boxes.
****************************
IEEE Spectrum
Hackers Prove People are the Weakest Link
By Stephen Cass, Associate Editor
The Hackers on Planet Earth Conference in New York City takes on big
industry and big government
1 August 2002 "Shhhhhhh!" chorused several hundred hackers gathered on the
top floor of the Hotel Pennsylvania in New York City during the fourth
biannual Hackers on Planet Earth (HOPE) conference. Up on the stage
Emmanuel Goldstein, editor of 2600: The Hacker Quarterly, was about to make
one luckless employee of the Starbucks coffee shop chain look worryingly
stupid.
HOPE was organized by 2600, a touchstone publication for that subset of the
hacker community that concerns itself with communications, network, and
security technologies and increasingly with concomitant political, legal,
and social issues.
Goldstein was now starring in the HOPE conference's most popular panel:
social engineering. The object was to demonstrate that you don't need
thousands of dollars' worth of electronics and a library of arcane software
tricks to pierce the veil of security surrounding most organizationsa
telephone, confidence, and some luck will do just as well. Goldstein picked
the number of a Starbucks coffee shop out of the yellow pages at random and
dialed it live on stage. As the sounds of a crowded room would have been
difficult to pass off as normal background noise, this required a certain
discipline from the normally vocal attendeeshence mass shushing as the ring
tones came over the public address system.
An employee answered and Goldstein announced that he was from the
Starbucks' IT department and there was a report that the store had had some
computer trouble. It took about seven minutes for the employee to begin
helping out an apparently harried and befuddled Starbucks IT technician by
reading out the details, including the name, expiry date and number, of an
American Express credit card used to pay for a $3.75 coffee the day before
(the number was muted by the HOPE sound technicians).
Apart from taking a stab at Starbucks, and pointing out that the biggest
weakness in any organization's security is its own members, not outsiders,
the demonstration echoed one of the dominant notes of the HOPE conference:
with such low-tech options available to actual criminals, what is the point
of governmental attempts to aggressively regulate high-tech tools?
Technological activism
Indeed, HOPE was as much about such social and legal issues as it was about
the technical details of things like the wireless network standard IEEE
802.11. Anti-corporate activists attended in force, notably Jello Biafra,
former lead singer of the antiestablishment rock group The Dead Kennedys.
Their message, coming on the heels of recent high-profile management
scandals, resonated with many attendees who already have deep concerns
about such legislation as the U.S. Digital Millennium Copyright Act (DMCA)
of 1998, which makes circumventing digital copy protection for almost any
purpose illegal. It is generally seen by hackers as little more than an
attempt by the music industry to shield its business model from modern
technologyand violate First Amendment rights in the process.
Oppressive governments as well as allegedly oppressive industries were
targeted at the conference. On display were new tools with which
technically naive users could evade the government Internet censorship
common in such countries as the People's Republic of China. The software
techniques, created by a group known as Hacktivismo, simplify the process
(known as steganography) of embedding and extracting messages hidden in any
image that can be placed on a Web page or sent via e-mail.
Taking aim at the U.S. government, conference-goers were concerned about a
number of Federal Communications Commission issues, from frequency
allocations allowing new microwave-based lighting systems to disrupt
wireless networks, to difficulties local community radio stations have
trying to get licenses.
Rights to property and privacy were also key issues, one being trademark
disputes over domain names. For instance, Tokyo's Nissan Motor Co. is
trying to claim Nissan.com, since 1994 the address of a computer company
owned by Israeli émigré Uzi Nissan. An exemplary threat to privacy: a live
demonstration of the ability of private and public investigators to
cross-reference commercially available databases and build up amazingly
detailed profiles of individuals without ever leaving the office.
Past and present glories
But HOPE wasn't all protest and politics. The network room on the second
floor of the hotel was filled with an incredible collection of computer
hardware, from the latest tricked-out laptops to early computers from the
dawn of the PC age and before. An early Wang calculator relying on bulky
terminals with Nixie tube displays occupied one table, while on the next a
sewing-machinesized portable computer from 1983 proudly displayed its
Microsoft Basic prompt (running on the CP/M operating system no less).
Pocket calculators and watches from the LED era were also on show. Nearly
everything displayed could be picked up, prodded, and programmed by all.
This, more than anything else, caught the spirit behind the HOPE
conference; that technology is meant to be enjoyed and shared as much as
possible. The PC revolution sprang from a very similarly minded group of
people. I couldn't help but wonder as I wandered around and looked at some
young hackers pecking in delight at a microcomputer keyboard a shade older
than themselves: what indispensable piece of the future will be sculpted by
their ingenuity and innovation?
***************************
Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx