Clips August 20, 2002

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips August 20, 2002

ARTICLES

[NY] Mayor Promising Better Response to Catastrophes
Airports Push for Deadline Extension
Visa-tracking law big headache for colleges
Mac Figurehead Hits His Waterloo
Under their thumb
Firms beef up cybersecurity as breaches soar
Report: Average Worker's Tech Skills Not Keeping Pace
DOD, FEMA test systems link
NARA seeks ideas for e-records archive
Justice sets deadline for fingerprint matching
Homeland security chiefs outline IT requirements
BlackBerry to get S/MIME security
White House to launch Web site for government, industry tech experts
Record labels sue ISPs over access to site
FAA says you can use PDA on jet
Telecommuters find they're not missing out on promotions
Privacy fear over plan to store email [UK]
Group warns of massive EU surveillance
Hackers Prove People are the Weakest Link

**************************
New York Times
Mayor Promising Better Response to Catastrophes
By AL BAKER

Mayor Michael R. Bloomberg promised yesterday to make major changes in how 
the New York Police and Fire Departments handle future catastrophes, 
including improvements in technology and basic emergency procedures. At the 
plan's core is an ambitious goal: a profound change in the culture of the 
Police and Fire Departments, two agencies with a long history of rivalry.

Among the most significant technological changes is a proposal to outfit 
high-rise buildings throughout the city with special equipment to boost the 
radio signals rescuers use. In procedural changes, fire chiefs will now 
routinely ride in police helicopters to gauge a cataclysm from the air. And 
the police will stage their responses from a safe distance, preventing too 
many officers from rushing in too soon. These and other proposals were 
included in an independent consultant's two reports, whose final versions 
were released yesterday, about the agencies' responses to the Sept. 11 attacks.

The most elemental change, perhaps, is the effort to foster cooperation 
between firefighters and police officers, from the rank and file to the top 
chiefs, the mayor said. The two departments have a long history of 
competition that stretches back generations. Friction at emergency scenes 
is legendary. They are even stubborn foes on the athletic fields, where 
shoving matches have been known to break out on the sidelines.

"Interagency competition may be unavoidable, and even healthy to some 
extent, but it can never impair our ability to respond to emergencies," 
Mayor Bloomberg said. "The stakes are just too high."

To make his point, the mayor was flanked by Police Commissioner Raymond W. 
Kelly, Fire Commissioner Nicholas Scoppetta and other top officials from 
both departments, deliberately shuffled together. The reports are not 
considered codified into city policy, said one city official. Rather, they 
are tools that can be used at the will of the city and the two agencies, to 
pick and choose what they like and discard the rest. It is yet to be 
determined how many of the proposals the departments adopt.

The reports come after about five months in which McKinsey & Company, a 
corporate consultant best known for its expertise in management practices, 
interviewed fire and police officials, reviewed tapes of audio 
transmissions from that day, read computer files and operational logs and 
spoke with outside experts.

But the city was careful not to present the research into the response as 
an all-encompassing investigation or as a moment-by-moment re-creation of 
what happened. The reports themselves acknowledged that the hundreds of 
interviews represented only a small fraction of the thousand or more people 
who responded in some way to the attacks. Nonetheless, the officials said 
that the research had been exhaustive enough to base their recommendations 
on it and to find out, as Mayor Bloomberg phrased it, what worked and what 
did not, to better prepare for any future cataclysm.

After attending scores of wakes, funerals, memorial Masses and other solemn 
ceremonies in 11 months, Mr. Bloomberg said: "There is no doubt in my mind 
that we are doing today what the heroes of 9/11 would have wanted us to do. 
It is in that spirit that we present these reports."

Details from the reports have been known for weeks, after drafts were 
obtained by The New York Times. Copies of the final reports were to be 
distributed to firehouses and the survivors of the more than 2,800 people 
who were killed.

The consultant charged the city only for out-of-pocket costs, like travel 
expenses, but not for things like the production of the reports or the 
hours logged in preparing it. Those fees amounted to $75,000 for the Fire 
Department and less than $20,000 for the Police Department, said Andrew 
Giangola, a McKinsey spokesman.

According to the consultant, the Fire Department was plagued by problems in 
radio communication, lapses in discipline and a lack of coordinated efforts 
with a Police Department that itself suffered from leadership lapses, 
coordination problems and a lack of proper planning and training, according 
to the more than 250 combined pages of the reports. (The Fire Department 
report is 169 pages; the Police Department report is 88 pages.)

In recommending improvements for the Fire Department, the consultant said 
it should fortify its hazardous materials unit, develop mutual aid 
agreements with other agencies and improve its communications and 
operational preparedness. The Police Department, it said, should enhance 
the way it mobilizes officers and clearly define the roles of its top 
officials in the event of a disaster.

In many cases, the city independently identified many of the problems, the 
mayor said. In the case of the Police Department, for example, one of Mr. 
Kelly's first acts was to establish a counterterrorism bureau and to expand 
the department's Intelligence Division. Mr. Kelly has also outfitted 
officers with radiation detection equipment and has augmented catastrophe 
planning, including creating redundant command centers and a plan for 
continuity of command in an emergency.

Mr. Scoppetta has begun to try to improve the radio communication system, 
though he noted that there is no perfect portable radio that will function 
perfectly in a city of concrete and steel high rises. Specifically, he 
said, new radios will be used in regular fire operations in Staten Island, 
beginning next Monday. A study will be done to determine if the Police 
Department's elaborate repeater system, designed to boost the signal of the 
radios, can also support or aid the Fire Department radios.

Among the major findings of the report was that firefighters, in their zeal 
to respond, often disregarded procedures that were created to protect them 
and others. For example, the report said, many firefighters ignored orders 
to go to certain staging areas. Others simply assigned themselves to the 
twin towers, although the report said only 4 of 200 units had done that.

The report also noted that several other units had kept calling dispatchers 
to assign them until dispatchers finally relented, and this made the scene 
hard to control.

Since Jan. 1, officials from both departments have begun to meet regularly, 
and have established an interagency senior executive coordinating committee 
to review and resolve operational issues. In the field, joint incident 
command, with top officials from each department standing next to each 
other, needs to be reinforced, a senior fire official said.

Some officials have questioned, however, whether the research was extensive 
enough to be the basis for the reports' conclusions. Others have said that 
a long study was not needed to point out problems that have been evident 
for years.

And the reports left major questions unanswered, especially what went wrong 
with the radio communication that day. Although the report points out the 
difficulty some commanders encountered in using a device to boost the radio 
signal, it makes no mention of an audiotape discovered later, in the 
search, that Port Authority officials say confirms that the device actually 
did work.

Mr. Giangola said that the consultant was legally prohibited from 
commenting on the tapes. But he said that the tape was listened to and that 
it confirmed their recommendations.

"You do need to ask the question, `Was there any information that they did 
not use in compiling the report?' " said Jim Slevin, vice president of the 
Uniformed Firefighters Association. "And if so, would that information have 
been helpful in making some of these recommendations?"

In another unexplained discrepancy, the authors chose to adopt a figure of 
25,000 as the number of people evacuated from the towers that day, although 
other analysts have placed the number at half that.

"I think the effort over all is inadequate," said Charles R. Jennings, an 
assistant professor of fire science and public administration at John Jay 
College of Criminal Justice, who noted that he had not read the reports.

"I think the fact that we had two separate investigations, each one of 
which was captive to a particular agency, is a problem," he said.
**************************
Washington Post
Airports Push for Deadline Extension


By Sara Kehaulani Goo

Directors of 133 U.S. airports urged senators yesterday to delay a 
requirement that all passenger luggage be screened for explosives by the 
end of the year, a request that comes only days after James M. Loy, head of 
the Transportation Security Administration, said he may support efforts to 
push back the deadline.

Last month, as part of legislation to create a Cabinet-level Homeland 
Security Department, the House moved the luggage-screening deadline to Dec. 
31, 2003.

Meanwhile, two Massachusetts men who were doing work for Airtag Inc. of 
Cedar Grove, N.J., were indicted yesterday in federal courts in Boston and 
Providence, R.I., for allegedly attempting to bribe TSA officials who were 
testing the company's luggage-screening equipment at T.F. Green Airport in 
Providence.

These developments came as the TSA raced to meet new requirements to 
improve airport security and prevent hijackings. They demonstrate the 
challenges faced by the agency, which is under pressure from airports to 
abandon policies that could cause delays and to quickly approve new 
technologies that could help both security and efficiency.

Under a law passed by Congress in November, the TSA must screen all checked 
luggage for explosives by Dec. 31.

In yesterday's letter -- signed by managers of major airports, including 
Baltimore-Washington International and Washington Dulles International -- 
officials said the TSA plan "involves squeezing both equipment and 
personnel into already-congested airport ticket lobbies."

As a result, said the letter, at some airports, "it is estimated that 
passenger delays could exceed three hours during peak travel times."

Sen. John Ensign (R-Nev.) has proposed legislation similar to the version 
in the House, but key Senate Democrats are opposed.

Senate Commerce Committee Chairman Ernest F. Hollings (D-S.C.) may consider 
delays on a case-by-case basis, his spokesman Andy Davis said, but he is 
wary of granting a blanket delay.

In testimony before Congress in July, Loy said he intended to meet the 
deadline. But last week, he told some airport directors that he was growing 
skeptical about the timetable, given the current budget constraints.

Transportation Secretary Norman Y. Mineta said in May that the TSA, which 
is part of the Transportation Department, needed $4.4 billion. But Congress 
authorized only $3.85 billion on the recommendation of Mitchell E. Daniels 
Jr., director of the Office of Management and Budget.

In yesterday's indictments, Darrall Loren Redburn of Weymouth, Mass., and 
Angelo M. Troisi of Peabody, Mass., are accused of conspiring to offer 
payments of $1,000 to TSA employees testing Airtag equipment.

The men were arrested yesterday by agents of the Transportation 
Department's inspector general. Neither is an employee of Airtag. Redburn 
worked for an Airtag contractor, according to the U.S. attorney's office in 
Providence. It did not release details of Troisi's employment, and his 
attorney, John Wall, said he did not know further details.

Airtag makes a plastic clip and a plastic tag that can be attached to the 
zipper of luggage to show that it has been screened. To open the luggage, 
the clip or tag must be cut.

William Dimitri, an attorney for Redburn, said his client pleaded not 
guilty yesterday. Wall said his client will plead not guilty later this week.

An employee at Airtag reached yesterday said he was unaware of the indictments.
******************************
Washington Times
Visa-tracking law big headache for colleges


     Universities across the country are scrambling to comply with new 
federal regulations requiring administrators to set up electronic databases 
that would track foreign student-visa holders.
    By law, universities must have the new Student and Exchange Visitor 
Information System (SEVIS)  part of a change in Immigration and 
Naturalization Service rules  operating by Jan. 30.
     But many school officials said last week they may not make that 
deadline, which, according to preliminary reports, would prohibit 
universities from issuing immigration documents for foreign students or 
prevent already enrolled international students from attending classes next 
winter.
     School officials said the costs associated with purchasing the 
software and the lack of adequately trained administrators could prevent 
their schools from meeting the deadline. The new system could cost a 
university up to $25,000 for software and maintenance and requires that a 
number of employees be trained to use it.
     School officials said they want the INS to assure them that the 
system will work before they purchase the necessary equipment. They also 
said the INS has not yet released its final regulations, leaving many 
officials with unanswered questions five months before going live with the 
program.
     "A vast majority of the universities want international students to 
study at their campuses," said Chris Simmons, assistant director of 
government relations at the American Council on Education, which represents 
1,800 colleges and universities nationwide. "But the schools don't want to 
be investing in something that may not work. We want to make sure that this 
is high quality, most efficient and the most effective system that's out 
there. We want to get this thing going, too."
     INS officials deny there is any widespread problem with compliance 
and said 500 schools are already registered and beginning to use the system.
     The program will affect thousands of students in the United States. 
Some 547,876 persons held student visas in the 2001-2002 academic year, 
according to statistics compiled by the Institute of International 
Education. Some 514,723 students held visas in the 1999-2000 school year, 
statistics show.
     University officials say there are still lots of questions that 
remain about the program, including what sort of information the INS will 
want them to submit by Jan. 30.
     "We're still waiting," said Karen Hartwig, assistant director of 
admissions at the University of Iowa, which has about 1,800 international 
students. "And we're afraid that once we do get it, we'll have to rush to 
write the program, learn how to use it, get any bugs out before that 
deadline. We certainly hope to be ready. We don't want to lose our ability 
to enroll international students."
     One question is: Must universities enter already enrolled students by 
that deadline or just new students?
     "We don't exactly know who has to be logged in by that date," said 
Ted Goode, director of services for international students and scholars at 
the University of California at Berkeley. Berkeley has about 5,500 people 
it would need to log into the system before the deadline, which Mr. Goode 
called an impossible task.
     Universities like Berkeley that enroll a large number of 
international students have asked the government to implement a batch 
software, which school officials say will efficiently gather and be able to 
send large amounts of information at once.
     The batch software has not yet been written, but should be ready for 
distribution sometime this fall.
     The INS has been under pressure from Congress to have SEVIS running 
since the September 11 attacks. For three decades, the INS required 
universities to compile information on international students. But because 
of the volume of paperwork it received, the INS told schools in 1988 to 
keep the files on campus.
     The INS came under increased scrutiny last fall when it was learned 
that all 19 hijackers who carried out the attacks entered the United States 
legally. Three of the hijackers were in the country on student visas.
     One hijacker, Hani Hanjour, entered the United States on a student 
visa but failed to show up at the campus where he was supposed to study. 
Two others, including Mohamed Atta, entered on travel visas and switched to 
student visas.
     Federal officials have said SEVIS will help the INS receive 
information sooner. SEVIS requires schools to track foreign students and 
traveling-scholar visa holders. It requires schools to collect registered 
visa holders' names, addresses and telephone numbers and their class schedules.
     Schools will be required to notify the INS within 24 hours if a 
student doesn't show up or drops out and to report the student's status 
after each term. A student will have 30 days rather than six months to show 
up on campus after entering the country.
     The system will link every U.S. consulate with every INS port of 
entry and all 74,000 educational institutions eligible to host foreign 
students.
*****************************
Chronicle of Higher Education
Virginia Looks for Economic Lift From Academic-Technology Center
By DAN CARNEVALE

Despite budget troubles, Virginia has found money to begin construction of 
an $18-million academic-technology center that officials hope will spur 
economic development in the southern part of the state.

The new facility, called the Institute for Advanced Learning and Research, 
is being built in Danville and will be jointly run by Averett University 
and Danville Community College, both also in Danville, and Virginia Tech, 
in Blacksburg.

The three institutions plan to offer joint degree programs in technology 
fields, including computing, Web design, and information-systems 
technology. Students will be able to transfer credits from the community 
college through Virginia Tech's graduate programs. Courses will be offered 
both face-to-face and online, with faculty members from each institution 
contributing.

The new academic-technology center will provide equipment and facilities 
that students will be able to use to conduct research. Supercomputers will 
be available for students to study a variety of topics, including plant 
genomes that might lead to new crops to help reduce the regional economy's 
reliance on tobacco.

Budget deficits have halted many other construction projects at Virginia 
colleges. And economic difficulties have forced institutions around the 
country to cut back on technology programs. About $15-million of the 
research-institute project will be financed through the state's portion of 
the national tobacco settlement. Virginia has set aside about half of its 
settlement money to refurbish the economies of areas in the state that 
currently grow tobacco.

The institute, which is being built on former tobacco fields, is meant to 
help turn rural towns into technology hotbeds so they can groom 
computer-savvy workers and attract technology companies. "To really recruit 
companies to the area, we have to have a large pool of IT workers," says 
Betty Foster, vice president for academic services at Danville Community 
College.

High-speed Internet cables are being installed in the area for the 
institute and to act as another lure to technology companies. The 
90,000-square-foot institute building is expected to be ready for both 
instruction and research by fall 2003.

Tim Franklin, executive director of the institute, says the nearest 
research institution is more than an hour's drive away -- and it's in North 
Carolina. Building the institute in the Daville area and providing powerful 
Internet access should help revive the area's economy, he says.

"The bigger metropolitan areas will always get the better services first, 
so there's no way to catch up," says Mr. Franklin, who is also director of 
university outreach programs at Virginia Tech for Southside Virginia. "This 
was really a leapfrog strategy."
*************************
Washington Post
Northern Virginia Group Takes Lead in Dot-Org Bidding Process


By David McGuire
washingtonpost.com Staff Writer
Tuesday, August 20, 2002; 2:01 AM


"Dot-org," the world's fifth-largest Internet domain and online home to 
thousands of nonprofit groups, should be managed by a Northern 
Virginia-based group when the domain comes up for re-delegation in 
December, global Internet addressing authorities said late Monday night.

The staff of the Internet Corporation for Assigned Names and Numbers 
(ICANN) recommended that its governing board of directors choose the 
Reston-based Internet Society (ISOC) to run dot-org when it awards the 
contract later this year.

Operated for years by Internet addressing giant VeriSign Inc., dot-org is 
slated to get a new landlord in December when VeriSign relinquishes its 
hold on the domain.

Earlier this year, eleven entities applied to operate dot-org, which 
accounts for more than 2.3 million Internet addresses.

ICANN, which manages the Domain Name System (DNS) under agreements with the 
U.S. government, commissioned three evaluation teams to weigh the technical 
and individual merits of the 11 proposals.

"The ISOC proposal was the only one that received top ranking from all 
three evaluation teams. On balance, their proposal stood out from the 
rest," ICANN President Stuart Lynn said in a prepared statement.

The recommendation will be thrown open for public comment before being 
submitted for final approval by the ICANN board in late September. In the 
past, the board has tended to closely follow staff recommendations on major 
decisions.

ISOC Officials were not immediately available for comment. But last month, 
ISOC spokeswoman Julie Williams said the group's longtime involvement in 
coordinating the development of Internet standards and protocols made it a 
logical choice to operate dot-org.

"ISOC was formed in 1991 by a lot of the pioneers that originally developed 
he Internet as a focal point for cooperation and coordination in the 
development of the Internet," Williams said in July.

ISOC has members in more than 100 countries and serves as the institutional 
home for two key Internet standards-setting bodies, the Internet 
Engineering Task Force (IETF) and the Internet Architecture Board (IAB).

In its bid, the nonprofit ISOC said it would rely on a for-profit 
addressing company to provide backend operation of the domain.

Under the ISOC proposal, Afilias, based in Horsham, Pa., would administer 
the physical operation of dot-org, charging ISOC a flat fee for each name 
registered in the domain. Williams said last month that while ISOC was 
still hammering out the details of that arrangement, the fee was expected 
to be in the range of $3 to $5 per name, per year.

If the bid is ultimately confirmed, ISOC would maintain the annual 
wholesale cost of a dot-org name at or below its current level of $6, 
Williams said in July.

Individual Internet users buy dot-com, dot-org and other domain names from 
Internet address retailers (called "registrars") who in turn pay flat 
per-name wholesale fees to the registries that manage the domains.

VeriSign, the current dot-org registry, is giving up its management of the 
domain as part of a deal it struck last year to cement its control of the 
valuable dot-com domain.
***************************
Wired News
Mac Figurehead Hits His Waterloo
By Leander Kahney

Shane Anderson, the "list dad" of the once-mighty Mac EvangeList mailing 
list, is in jail after being charged with two misdemeanors: unauthorized 
computer access and criminal mischief of the third degree.

Anderson was arrested Friday at his Waterloo, Iowa, home, following 
accusations that he broke into the computer of a would-be business partner.

Anderson is being held at the Black Hawk County jail on $5,250 bail. No 
trial date has been set and Anderson has no lawyer yet.

Anderson, 28, runs the Mac EvangeList, an offshoot of Apple's Evangelist, 
which in the mid-1990s was one of the most influential publications on the 
Internet. Run by Apple's Guy Kawasaki, the Evangelist once had 45,000 
subscribers, many of whom would besiege publications whenever they wrote 
negative articles about the company.

Anderson took over the list's name and some of its subscribers when 
Kawasaki retired the list after leaving Apple.

Anderson's arrest follows a complaint by Carl Blake, owner of Macaquarium 
and a local ISP called Blake Systems, alleging Anderson remotely cracked 
into his computer after business discussions went sour.

Blake said Anderson had been invited to Iowa to discuss setting up a 
nationwide Macintosh-oriented ISP. Blake said he allowed Anderson to stay 
at his home, provided him with free office space and hosted the Mac 
EvangeList on one of his computers.

But after 2-1/2 months of free board and lodging, Blake said he finally 
asked Anderson to leave.

"I threw him out," Blake said. "He stayed here 2-1/2 months and he paid for 
nothing."

Blake said after evicting Anderson, he locked some of his luggage and 
computer equipment in his office.

Blake said shortly afterwards he caught Anderson trying to remotely crack 
into his computer. He alleged Anderson attempted to retrieve the Mac 
EvangeList database. Blake complained to police, who seized Anderson's 
computer in early May.

Waterloo Police Lieutenant Bruce Arends said Blake provided a log of the 
server's activity, and that Anderson's machine has been examined by the 
local office of the Secret Service.

The Secret Service was involved because of its expertise in computer 
forensics.

Anderson wasn't available for comment, but in an e-mail interview conducted 
in June, Anderson denied Blake's accusations. Anderson confirmed he'd gone 
to Iowa to discuss business with Blake, but came away believing Blake was a 
"slick con man."

"He turned out to be a compulsive liar to the extreme," Anderson wrote in 
an e-mail. "I told him that I had decided I was not going to do business 
with him. The next day he changed the locks on the office space he had 
given me and has kept all my equipment and he stole the Mac EvangeList 
database. The police will not charge him as they say it is a civil matter."

When asked to discuss the complaints in greater detail, Anderson declined 
to elaborate, referring instead to the front page of the Mac EvangeList 
website, which described being cheated by an unnamed con man. The page has 
since been removed.

Anderson has long been dogged by controversy. For the last 18 months, 
Anderson has been on the grandly named "Mac EvangeList World Tour," 
reporting Mac users' personal stories from Europe and the United States for 
list subscribers.

But according to former business partners, advertisers and hosts, Anderson 
has left a string of angry people in his wake.

"My blood boils every time his name comes up," said Bonnie Anderson (no 
relation), an executive with software publisher Casady & Greene, who claims 
to have paid Anderson $4,000 to sponsor his world tour.

Bertram Haller, who runs MacGuardians, said a couple of European Mac user 
groups last year warned members not to accommodate Anderson during his tour.

And an early business partner, Walter Blanchard, who worked with Anderson 
on the MacMarines mailing list, claimed Anderson hijacked the list.

Anderson was recently soliciting offers for the Mac EvangeList, which he 
claimed has 42,000 members.

However, Blake contends there are fewer than 1,000 members, based on the 
list he has seen and the traffic generated from his servers when he was 
hosting the Mac EvangeList.
*************************
Azcentral.com
Under their thumb

Glen Creno
The Arizona Republic
Aug. 20, 2002

Retailers looking for a better way to identify shoppers and cut check fraud 
are turning to high-tech fingerprint scanners to verify who's in the 
checkout line.


The scanners are one of the latest wrinkles in biometrics, a field that 
uses devices such as retina scans, face scans or voice recognition to 
identify customers.

Some retailers say the systems save them thousands of dollars in bad-check 
losses, but analysts worry that consumers will see it as yet another 
intrusion into their privacy.

"That sounds awfully Big Brother to me," Scottsdale consultant Mike Adams 
said. "I don't know how far the consumer wants to step into that."

A handful of mom-and-pop stores in Arizona use a fingerprint scanning 
system from BioPay of Virginia. It stores customers' personal data and a 
photo and links them with a fingerprint.

Jason Barno, manager of Los Amigos Market in Phoenix, figures the two bad 
checks totaling about $900 wouldn't be sitting by the checkout counter if 
the store had picked up the machine a few weeks earlier. He said the 
previous owners of the store, which cashes payroll checks, once racked up 
$10,000 in bad checks in one month, but he doesn't expect that to happen again.

The machine tipped the store to $700 in counterfeit checks from scammers 
with access to a computer and sophisticated laser printer. He said 
customers don't hesitate to sign up for fingerprint scanning so they can 
easily cash their checks.

"I look at every check as a bad check," he said. "You have to convince me. 
But with this there's no more pressure on your head, no more worries."

Biometrics business officials said personal identification is crucial in an 
era when identity theft is on the rise and an estimated 500 million checks 
are forged annually.

BioPay's system costs $8,900 to $10,000. Retailers get a computer to store 
shoppers' personal data, a camera for photos and the scanning system to 
record fingerprints.

The company is developing a quick-checkout system where a customer could 
store an account number from a bank or credit card, swipe a finger at the 
checkout and have the entire transaction approved and charged in an instant.

"You don't need to have cards or checks or anything," said Don Bauernfeind, 
the company's chief operating officer.

Supermarket giant Kroger, which runs Fry's in Arizona, is testing a 
fingerprint ID in Texas. Circle K tested a face-recognition system in 
Arizona, but abandoned the idea when the vendor, InnoVentry Corp., went out 
of business last year.

"We were having a lot of positive feedback from the machines as far as 
people liking the convenience of check cashing at our stores," Circle K 
spokeswoman Julie Igo said.

Hypercom, the Phoenix provider of credit-card terminals, launched a 
fingerprint scanner that connects to a cash register. The company estimates 
that fraud cost the card-payment industry more than $4 billion last year.

This month, Hypercom formed a special group to look for "growth 
opportunities" in biometrics, secure identification, age verification and 
other transaction security.

"Positive identification could virtually eliminate fraud overnight," 
Hypercom spokesman Pete Schuddekopf said. "That's been the goal of the 
electronic-payment industry from Day 1."


Reach the reporter at glen.creno@xxxxxxxxxxxxxxxxxxx or (602) 444-8972.
***************************
USA Today
Firms beef up cybersecurity as breaches soar
By Jim Hopkins

SAN FRANCISCO  Companies across the U.S., worried that cyberspace will be 
terrorism's next battleground, have shored up security since Sept. 11.

About 77% of businesses improved defenses against hackers, viruses and 
other attacks, says a survey of 233 corporations by Computer Economics.

Such threats are real. Cyberspace attacks jumped 64% from a year ago, says 
security firm Riptech  especially from countries such as Iran and Pakistan 
that are known to harbor terrorists.

Also, 90% of big corporations and government agencies responding to a 
survey by the Computer Security Institute and FBI said they uncovered 
computer security breaches in the past year.

Earlier this month, the FBI warned America Online, Microsoft and other 
Internet service providers about possibly imminent hacker attacks. AOL and 
Microsoft took steps to shield their 43.7 million subscribers. No damage 
was reported. Experts expect more such warnings as Sept. 11's first 
anniversary nears.

The cyberspace threat is greatest for the nation's 5.6 million small 
companies, which employ half of all workers and are the economy's backbone.

Small firms often lack money to hire full-time information-technology 
professionals  and rarely think they are likely terrorist targets.

Still, Computer Economics says companies with less than $1 million in 
annual revenue were the biggest proportion of those that bolstered security 
with:

Anti-virus programs. In Ann Arbor, Mich., chiropractor Darren Schmidt used 
software before Sept. 11 to hunt for viruses contained in e-mail.
But after the attacks, Schmidt learned the program wasn't getting updated 
often enough to guard against newly hatched viruses. Around the time of the 
attacks, Schmidt had one virus attack that shut down his computer for a 
week. Now Schmidt, who keeps contact information for 200 patients on his 
computer, updates his software daily.

File-backup gear. In Charlotte, outplacement firm Forum Group was 
sporadically copying computer files before the attacks. "We thought we were 
in pretty good shape," says co-owner Bill Crigger. But employees fretted 
about security after Sept. 11, so Crigger hired a consultant who 
recommended a daily backup schedule.
Companies in remote places often think they don't need to worry about 
terrorists targeting their computer networks. "Everyone believes it won't 
happen here," says Jerry Rackley, a publicist in Stillwater, Okla. Yet 
Oklahoma residents felt immune to terrorism until the 1995 bombing of the 
Alfred P. Murrah Federal Building in Oklahoma City.

"The reality is, you have to prepare for the worst and hope for the best," 
Rackley says.
***************************
News Factor
Report: Average Worker's Tech Skills Not Keeping Pace

Although unemployment continues to make headlines, the glut in information 
technology  workers is only temporary, experts say. Once the economy 
improves, demand for IT skills will rise again. But will the workforce be 
ready? http://www.newsfactor.com/perl/story/19062.html
******************************
Federal Computer Week
DOD, FEMA test systems link
Joint exercise focuses on homeland security

Representatives from all armed services, the Federal Emergency Management 
Agency and other organizations recently began exploring how compatible 
their communications systems would be in homeland defense situations.

The 2002 Joint Users Interoperability Communications Exercise (JUICE), 
which began Aug. 5 and runs through the end of the month, is using a mix of 
legacy and new technologies to support communications, command and control 
requirements for a deployed joint task force in simulated homeland defense 
scenarios.

In such scenarios, the Defense Department plays a supporting role to FEMA 
and other groups, said John Caruso, chief of DOD's Executive Agent for 
Theater Joint Tactical Networks.

"We're looking for collaborative scenarios and making sure [military] 
communications equipment is interoperable with FEMA's," Caruso said, which 
includes not only establishing links among systems, but also identifying 
redundancies. "We want to define the processes, methodologies and 
information flows that are in place."

During JUICE, systems and operational approaches are being tested, 
including network defense from cyberattacks. "We're putting a network up 
and testing the defenses available," he said. "We'll be actively attacking 
our network in a controlled fashion."

Technical and military personnel in about 60 units worldwide, representing 
all the armed services, are participating in this month's exercise and will 
be manning the Joint Communications Control Center, the communications hub 
for JUICE.

The center, which was set up by the Army Communications-Electronics Command 
Software Engineering Center and the Program Executive Office for Command, 
Control and Communications-Tactical at Fort Monmouth, N.J., is controlling 
all satellite and terrestrial communications and sensor activity during JUICE.

Air Force Lt. Col. Tom Dixon, senior military communications officer for 
JUICE, said the exercise enables all of the services to test new software 
upgrades and equipment and "work through the issues that come into play."

JUICE is being carried out in phases, the first of which  establishing 
links for satellite communications among the different players  is under 
way, Dixon said. "Once those are set up, we'll begin the proof of concept 
with the equipment that's online."

FEMA, which participated in JUICE for the first time last year, is playing 
a bigger role in this year's exercise as part of a new collaborative 
initiative with the military, Caruso said. FEMA Mobile Emergency Response 
System detachments will participate along with civil support teams from a 
number of states including Arkansas, Louisiana, Massachusetts, Missouri, 
New Jersey, New York, Oklahoma, Pennsylvania and Texas.

Eric Hainzer, a telecommunications specialist in FEMA's mobile operations 
branch, said that although his agency has vast experience responding to 
disasters, exercises such as JUICE and others offer "opportunity training" 
for working with DOD in scenarios involving homeland defense and weapons of 
mass destruction.

Air Force Senior Master Sgt. Carl Sherblum, watch chief for JUICE, said the 
Defense Message System (DMS) is one of the main systems being tested during 
the exercise. DMS is the secure messaging system that is replacing DOD's 
Automatic Digital Network, commonly known as Autodin. Testing DMS during 
JUICE is essential because FEMA also uses a version of it, he said.

"What we're trying to do, whatever homeland security ends up being, is to 
have a skeleton in which to operate...and templated off to latch up the DOD 
and civilian communities," Hainzer said, adding that FEMA is the only 
civilian agency with a deployable DMS that is compatible with the defense 
community. "That's a critical element that's been missing for some time, 
that cross-connect between the two."

Participation in JUICE, which was first conducted in 1996, is voluntary and 
participating agencies and units pay their own way, Caruso said. "There's 
no centralized pot of money. People participate because there's something 
in it for them."

***

JUICE Mix

During the Joint Users Interoperability Communications Exercise, which was 
first conducted in 1996, members from the armed services, the Federal 
Emergency Management Agency and the Defense Department explore how 
compatible their communications systems would be in homeland defense 
situations.

This year's exercise began Aug. 5 and runs through the end of the month 
using a mix of legacy and new technologies to support communications, 
command and control requirements.

The initial focus this year is on establishing links for satellite 
communications among the various players.
**************************
Federal Computer Week
NARA seeks ideas for e-records archive

After devoting three years and spending more than $20 million to research 
and build some of the basic components of an electronic records archive, 
the federal government is asking private companies to submit any ideas they 
might have to help turn the idea into reality.

The National Archives and Records Administration is searching for some 
workable way to save electronic records for decades or even centuries. But 
the agency faces at least two daunting problems: Fast-changing technology 
means that electronic files created just a few years ago are already in 
obsolete formats and may no longer be retrievable. And the sheer volume of 
e-records  36.5 billion a year in e-mail messages alone  is overwhelming.

In a request for information to vendors, NARA officials indicate that they 
are open to any suggested solutions.

"We want to be sure there isn't something else out there that we should be 
looking at," said Reynolds Cahoon, NARA's chief information officer. "We're 
vitally interested in seeing what the vendor community has to offer."

NARA is especially interested in "off-the-shelf products" that might meet 
its e-records storage needs, he said.

The RFI notes that NARA is already involved in "a number of research 
activities and prototypes" for long-term e-records storage systems but, the 
agency stresses, prior work "does not imply any commitment by NARA" to 
those technologies and architectures.

"We want to get as many creative ideas coming forth as possible," said 
Lewis Bellardo, deputy archivist of the United States. "We did not want to 
constrain the responses we might get" by listing system requirements 
specific to the prototypes NARA has already developed.

Records management officials at NARA were not available to discuss whether 
the prototypes they have developed still appear likely to solve the 
agency's e-records problems.

In 1991, U.S. Archivist John Carlin announced that a major breakthrough in 
storage technology could mean that a pilot version of an e-record archive 
could be operating by 2004 or 2005.

But Bellardo and other NARA officials make it clear that they are open to 
other solutions. A statement released by NARA says the RFI is intended to 
generate information "from vendors and integrating contractors in order to 
determine the best solution for building" the e-records archive.

To ensure that NARA receives enough good ideas, the agency intends to issue 
two more RFIs, Bellardo said.

NARA hopes to award two or three system design contracts that will lead, 
after 18 months, to a single system designer.

Ultimately, NARA intends to use "a modular contracting approach" that will 
divide the e-records archive project into segments, with each segment 
producing a usable component of the archive.

Companies have until Sept. 4 to respond to the RFI, but some may be 
reluctant to offer their best ideas, said Michael Tankersley of Public 
Citizen. "I do not know why anyone would give very meaningful information 
at this point since it might benefit competitors."

After the other two RFIs are issued, NARA plans to hold an industry 
conference on the e-records archive next spring.

Two years ago, Carlin told Congress it would cost $130 million and take 
five years to build an e-records archive.
************************
Federal Computer Week
Justice sets deadline for fingerprint matching

Starting Sept. 11, hundreds of foreign visitors who step off airplanes or 
arrive at U.S. border crossings will be directed to immigration inspectors, 
who will fingerprint and photograph them.

While inspectors collect information on the visitors' backgrounds and their 
reasons for coming to the United States, computers will be comparing their 
fingerprints to tens of thousands of prints collected from foreign felons, 
terrorists and suspected terrorists.

If there is a match, the visitors may be denied entry or arrested. If they 
are cleared for admission to the United States, their fingerprints and 
photographs will be added to a database for future identification purposes.

For those cleared, the whole process should take no more than 10 minutes, 
according to Kris Kobach, a Justice Department official involved in an 
aggressive effort to tighten immigration practices in the aftermath of last 
year's terrorist attacks.

Aside from the photos and fingerprints at ports of entry, the department 
will require foreign visitors to register with the Immigration and 
Naturalization Service when they have been in the United States for 30 days 
and once a year thereafter.

That means foreign visitors must "appear in person at an INS field office" 
to answer questions about their activities in the United States and supply 
proof of where they are living, working or attending school, Justice 
officials said.

INS will require visitors to disclose much more information about 
themselves than they have in the past, Kobach said.

Finally, visiting foreigners will be required to register with INS when 
they leave the United States. Failure to register upon departure could make 
them ineligible for re-entry.

The fingerprinting, photographing and reporting requirements are intended 
to "expand substantially America's scrutiny of those foreign visitors who 
may present an elevated national security risk," Attorney General John 
Ashcroft said Aug. 12.

Initially, INS will target visitors from Iran, Iraq, Libya, Sudan and 
Syria, as well as visitors from other countries who are identified by the 
State Department as being a risk to national security or who fit INS 
criteria for closer inspection.

But Ashcroft said he sees the system as the first step toward developing a 
comprehensive entry/exit system that will eventually be used to check 
almost all foreign visitors.

The plan is greeted with skepticism from some immigration experts.

"It's a false solution to a real problem," said Judy Golub, senior director 
of advocacy and public affairs for the American Immigration Lawyers 
Association.

Fingerprinting and photographing arriving foreigners is unlikely to catch 
many terrorists, but it is bound to cause major delays at ports of entry, 
she said. Most of the Sept. 11 terrorists had no prior records and were not 
included on watch lists.

Meanwhile, making foreign visitors report to the INS periodically while 
they're in the United States will catch no terrorists at all, Golub said. 
Those here to commit terrorism simply won't report in, she said.

More effective efforts include greater intelligence gathering and sharing 
among agencies, including the State Department, and "preinspection and 
preclearance" of foreign visitors at U.S. consulates overseas, she said.

But Justice officials said that fingerprinting and photographing people at 
ports of entry have already been proven to work.

Since January, INS inspectors have been using the technology at a number of 
ports of entry and have averaged more than 70 matches a week between the 
fingerprints of arriving foreigners and prints in databases of wanted 
felons. As a result, INS officials have made more than 2,000 arrests.

"It has been staggeringly good," Kobach said. n

Looking for a match The screening that begins Sept. 11 will include 
fingerprint comparisons against a database that contains prints collected 
in Afghanistan and Pakistan, including prints collected by U.S. forces at 
al Qaeda training camps. "We're very excited about that," said Kris Kobach, 
a Justice Department official involved in the effort. The Immigration and 
Naturalization Service may be able to link people to fingerprints that were 
almost certainly left by terrorists. Allies around the world have sent the 
U.S. digital fingerprints of suspected terrorists. Foreign visitors' prints 
will be checked against those and against prints in the FBI's Integrated 
Automated Fingerprint Identification System and INS' IDENT database of more 
than 4.5 million foreign visitors' prints. Justice officials said up to 
200,000 visiting foreigners a year will be fingerprinted and photographed. 
That's "a small percentage of the more than 35 million nonimmigrant aliens 
who enter the United States each year," Attorney General John Ashcroft said.
*************************
Government Computer News
Homeland security chiefs outline IT requirements
By Wilson P. Dizard III

PHILADELPHIAIT leaders from the White House and intelligence agencies gave 
homeland security a push forward today by pooling their information-sharing 
plans.

"It's about all of us figuring out how to share information to meet the 
needs of those combating terrorism," said Homeland Security Office CIO 
Steven I. Cooper at the Government Symposium on Information Sharing and 
Homeland Security

Cooper said the government needs to open a dialogue on the effects of laws 
and policies that restrict information sharing among federal agencies. But, 
he added, "it is important that we do not swing the pendulum too far and 
jeopardize our civil rights and civil liberties."

Cooper has formed four CIO working groups to analyze matters surrounding 
information-sharing: border and transportation security; first responders; 
chemical, biological, radiological and nuclear weapons of mass destruction; 
and state and local information. He said the border and transportation 
group is the furthest along in its work

"Just last week we met with a team that the National Association of State 
CIOs chartered to develop some definitions and plans," Cooper said.

Cooper cited several conditions that must be avoided in improving 
information sharing among agencies:


Redundant efforts
Political and cultural roadblocks
Problems introducing new IT, especially against the backdrop of the 
government's impending loss of IT professionals through retirement
Inadequate funding
Poor communications with the public.

Winston Wiley, associate CIA director for homeland security, said his 
agency would support all activities of the proposed Homeland Security 
Department, not just its intelligence operations. The CIA director "said 
the department's most important role would be translating the enemy's 
activities overseas into a system of protection for this country," Wiley said.
************************
Government Computer News
BlackBerry to get S/MIME security
By Susan M. Menke

BlackBerry handheld devices used in the military services can get a 
government-specific Secure Multipurpose Internet Mail Extensions protocol 
upgrade of their software under a National Security Agency contract with 
the devices' maker, Research In Motion Ltd.

Mike Lazaridis, president of the Waterloo, Ontario, company, said Defense 
Department users of the BlackBerry 957, 5810 or 6710 handhelds would pay 
undisclosed licensing fees for the S/MIME public-key cryptography upgrades 
from NSA. He declined to give the value of the development contract.

The software upgrade will encrypt messages and attachments to and from a 
user's desktop system and a synchronized BlackBerry, under a second 
password for that user's existing DOD digital certificate. The BlackBerry 
already has Triple Data Encryption Standard e-mail protection and Federal 
Information Processing Standard 140-1 certification, Lazaridis said. S/MIME 
will extend that security by guaranteeing user-to-user authorship over 
different e-mail systems, he said.

The encrypted messages cannot be viewed in the device's in-box without the 
second password, Lazaridis said. A color BlackBerry screen is under 
development.
*************************
Government Executive
White House to launch Web site for government, industry tech experts
By Molly M. Peterson, National Journal's Technology Daily

PHILADELPHIA -- The White House plans to launch a Web site that would 
enable government and private-sector technology experts to exchange ideas 
for better information-sharing practices, the Office of Homeland Security's 
chief information officer announced in Philadelphia Monday.

"I need your help," Steven Cooper told more than 900 high-tech 
professionals from 32 states during a keynote address at a three-day 
homeland security conference. "We can't get a view of America from inside 
the Beltway. ... We don't know it all. We've got to hear from everybody."

Cooper said the Web site would enable high-tech firms and agencies at all 
levels of government to share their "best practices" for data fusion and 
integration with the Office of Homeland Security. He noted that the Sept. 
11 terrorist attacks prompted communities in many statesincluding 
Pennsylvania, Texas, Minnesota, Utah and Californiato launch 
information-sharing initiatives that have proven effective and that might 
be worth implementing nationwide.

Cooper said several communities in the Dallas area, for example, 
collaborated with the local FBI field office and the private sector to 
develop an emergency-response network that allows for the "reasonably 
secure" exchange of sensitive data regarding suspected criminal activity. 
He said the new system already has led to several arrests.


"They did it on a shoe string ... but it is extremely successful," Cooper 
said. "It's an example of something we can replicate ... in other parts of 
the country."

Cooper said he expects the Web site to be online in two to three weeks. 
"Once it's done, please talk to us," he said. "I need to know about best 
practices, centers of excellence and capabilities that already exist in 
America today. The Web site will enable us to share and communicate what's 
going on."


Pennsylvania Republican Curt Weldon, who chairs the House Armed Services 
Procurement Subcommittee and served as Monday's other keynote speaker, said 
that by failing to establish an effective, nationwide information-sharing 
system well before Sept. 11, the government "basically failed the American 
people."


"We could have and should have had, before 9/11, a better capability for 
fusing our data," Weldon said, noting that he has been calling for a 
nationwide center since the late 1990s. "There's no integrated domestic 
communications system in America."

Another problem, Weldon said, is that the U.S. education system does not 
place enough emphasis on information security and information sharing. 
"Every college trains young people how to use computers," Weldon said. "The 
real need in the 21st century is to be able to ensure the security of that 
data."


Cooper said federal agencies with homeland security functions will face a 
critical shortage of data-security experts in about five years, when about 
half of their information technology employees will be eligible for 
retirement. He said replacing those employees with "skilled and talented 
information technology professionals" will be a challenge because the 
federal government cannot compete with most private-sector salaries and 
benefits.


"We're losing people," Cooper said. "It's a problem because we don't have 
the skill sets to introduce new technologies."
****************************
Computerworld
Record labels sue ISPs over access to site

Five major record companies have sued four of the biggest Internet service 
providers in an attempt to stop what the record companies say is blatant 
copyright infringements occurring at a music Web site registered in China.
The suit, filed Friday in U.S. District Court for the Southern District of 
New York, seeks a preliminary injunction ordering AT&T Broadband Corp., 
Cable & Wireless USA, Sprint Corp. and WorldCom Inc.'s UUnet division to 
block Internet communications to and from servers run by www.listen4ever.com.

As of today, the site couldn't be accessed. But it was unclear whether the 
operators had voluntarily shut it down or moved it to another site.

The suit alleges that the site makes available "for illegal copying and 
distribution on the Internet" recordings that are the copyright property of 
BMG Music, a division of German media giant Bertelsmann AG; Sony Music 
Entertainment Inc.; UMG Recordings Inc.; Virgin Records America Inc.; and 
Warner Brothers Records Inc. The recording companies targeted the four 
Internet service providers because Web users in the U.S. rely on their 
backbone routing services to gain access to the site.

These services put the four service providers in a unique position to cut 
off access to Listen4ever.com at the Internet entry point into the U.S., 
the Recording Industry Association of America Inc. said in a statement 
Friday. The record companies' goal is to stop the infringements occurring 
at the site.

The suit says Listen4ever.com has engaged in a number of tactics that make 
its operation more egregious than the music-sharing service run by Napster 
Inc., which was shut down by court order. For example, Listen4ever.com lets 
users download entire music albums, while Napster's focus was individual 
songs, the suit says. It also hosts the digital music on a central server, 
while Napster provided a peer-to-peer software that allowed users to search 
the hard drives of other users for music files they wanted. In addition, 
Listen4ever.com has made available at least one album before its commercial 
release.

The suit also alleges that the site uses offshore servers in an attempt to 
shield itself from the reach of U.S. law. The domain name is registered to 
an individual in Tianjin, China, whom the suit doesn't identify. The link 
from the site for contacting its operators sends e-mail to an anonymous 
Yahoo Inc. e-mail account.

"In enacting the Digital Millennium Copyright Act, Congress anticipated 
that infringers might attempt to move offshore to avoid U.S. law," the suit 
says. "The DMCA permits a copyright owner to seek injunctive relief to 
require ISPs to block access to such sites. That is exactly the situation 
here and the limited relief plaintiffs are seeking."

Spokesmen for AT&T Broadband, Sprint and WorldCom declined to comment on 
the suit, citing company policies against discussing ongoing litigation. A 
call to Cable & Wireless USA wasn't returned.
**************************
USA Today
FAA says you can use PDA on jet
By Christopher Elliott, special for USA TODAY

On a recent flight from Newark, N.J., to Orlando, Mike Corbo decided to 
check his e-mail. Instead of plugging into a $3.99-a-minute in-flight 
phone, he powered up his Palm VII and downloaded the messages wirelessly, 
at 35,000 feet.

"I found that as long as we were flying over a major city, I would easily 
connect and send or receive e-mail without a problem," says the Lyndhurst, 
N.J., information systems manager.

No one tried to stop Corbo because what he did is legal. The Federal 
Aviation Administration doesn't ban the onboard use of a personal digital 
assistant  even one that can connect to the Internet through a cellular 
network  according to FAA spokesman Paul Takemoto. "He isn't violating any 
rule," he says.

If, on the other hand, Corbo had been using a portable phone, he'd be 
breaking a Federal Communications Commission rule that prohibits the use of 
cellular devices on planes, Takemoto adds. The operation of a cellular 
phone is thought to interfere with an aircraft's navigational systems.

But in an age of convergence, who's to say what's a PDA or a cell phone?

That's a question Bob Johnson may have to ask himself soon. The Houston 
consultant uses his BlackBerry to connect to the Internet wirelessly all 
the time  including from a commercial airplane.

"It connects every time I pass over a served city and am in range of a 
transmitter," he says.

"So when I go from Houston to Denver, I have connected service over Dallas 
and approaching Colorado Springs," Johnson says. "I've only had one person 
tell me to make sure the transmitter is turned off, and that was on the 
ground in Austin last week."

What if Johnson decides to upgrade to a BlackBerry 5810, which offers 
optional phone service? Is he still using a PDA or is it a phone  or 
something in between? Do the FCC rules apply to his handheld device?

Terry Wiseman, an expert on in-flight communications systems and editor of 
the newsletter Airfax.com, says people may bicker over where a PDA ends and 
a cell phone begins, but in some respects, both devices do the same thing. 
"A personal digital assistant may use less bandwidth to check e-mail, but 
basically you're using the same frequency as a cellular phone, and in much 
the same way," he says.

He suggests that the government's policy on PDAs may be outdated, given the 
convergence of phones and computing devices.

Matt Greer hopes the rules stay the way they are. On some PDAs, you can't 
power down the wireless connection unless you shut the device completely off.

"Unless there's a way to disable the phone part of the device so you could 
use other applications, like text editors, you won't be able to get 
anything done during the flight," says Greer, a chemical engineer from Lake 
Jackson, Texas.

Others, like John Turner, are skeptical that the existing rules are 
anything more than a ploy to help airlines earn more money.

"Do cell phones interfere with navigational equipment?" asks the McLean, 
Va., frequent traveler. "Make them prove it. I'm an electrical engineer, 
and I can't for the life of me see how a cell phone is going to mess up 
aircraft navigation systems. I'm suspicious that they just want to sell 
minutes on those seat-back phones."

But Sharon Wingler, a flight attendant and author of the book Travel Alone 
& Love It: A Flight Attendant's Guide to Solo Travel, thinks using any kind 
of wireless device aboard a plane is unsafe and that any loopholes in 
policy should be closed as soon as possible.

"It's hard to describe how frightening it is when the pilots call back to 
tell me that they're having instrument problems and ask me to hurry through 
the cabin to see if some idiot is using his cell phone or illegal PDA," she 
says. "Don't we have enough to worry about now?"
***************************
USA Today
Telecommuters find they're not missing out on promotions

CHARLOTTESVILLE, Va. (Reuters)  Four years ago, when pharmacist Donna 
Zarzuela's physician husband, Jose, had to relocate to Baltimore, she 
stopped by Zeneca Pharmaceutical's human resources office in Wilmington, 
Del., to tender her resignation.

She had been commuting 230 miles daily round trip to Wilmington from 
Ellicott City, Md., and now her employer was moving to Frazier, Pa. and the 
lengthier drive would have been just too much time behind the wheel.

"It wasn't company policy to let people work at home then but they said 
they would look into it and I became the first person in my department to 
telecommute," she said.

The results came up roses for Zarzuela, who has been promoted twice since 
and now earns more money working 30 hours a week part-time than she did 
putting in 40 hours full-time five years ago.

What's more, with commuting time slashed, Zarzuela has more time with 
daughters Kira, 4, and Audrey, 6 months. While Zarzuela works, her mother, 
Inocencia, cares for Audrey, and Kira attends preschool.

Zarzuela's experience is becoming increasingly common as employers step up 
telework options for employees and cut office space costs.

According to economist John Sargent of the Bureau of Labor Statistics, in 
Washington, nearly 20 million people did some work at home as part of their 
primary job last year. That's about 15% of the labor force  a figure that 
grows steadily.

Like many employees reassigned as teleworkers, Zarzuela worked with little 
supervision in an office by telephone largely on her initiative, and did 
not meet directly with customers on a daily basis. Her title is Senior 
Medical Information Manager.

Her doctorate in pharmacy qualified her to answer medical inquiries about 
Zeneca's products from doctors and other health care professionals. Company 
sales staffers load questions put to them by doctors into their laptops and 
e-mail them to Zarzuela.

After the British Zeneca Group merged with Swedish Astra in 1999 to form 
AstraZeneca, corporate policy changed to allow more staffers to telecommute.

"Almost everybody teleworks one or two days and that includes 
administrators as well as managers," Zarzuela said. "Of 80 people in our 
department, 40 telework once a week."

Since she began telecommuting, Zarzuela has continued to earn excellent 
performance reviews and her pay increases have totaled 30%. She credits the 
raises in part to the fact that "I get a lot more work done at home than 
when I was in the office."

"You're not taking coffee breaks. There isn't somebody walking by your door 
and chatting to say 'Hello.' So I tend to get a lot more work done in a 
shorter period of time," Zarzuela said.

Lynda Finis, Zarzuela's team director, agreed. "As manager in a group in 
which most everyone telecommutes at least some times, I find that 
productivity is actually increased."

Telecommuting also improves teamwork, "since the work group has to make 
sure there is adequate coverage, and meetings are scheduled for when people 
are physically available," Finis said.

Many teleworkers say the danger in working from home is not so much 
sloughing off as overdoing.

"You have to separate yourself from your office," Zarazuela said. "When 
you're walking through your house on the weekend and you have two hours and 
nothing to do and you're a workaholic, you have to resist working. The 
company is very concerned that you may neglect your family and they don't 
want you spending so much time at work."

For Zarzuela, teleworking is "sitting in my home office four days, seven 
and a half hours a day, either answering questions or reviewing documents 
for scientific accuracy." One day a week she drives to the Malvern office 
to touch base with colleagues and attend meetings.

"If you work from home as much as I do, when you go to the office you have 
to make an extra effort to get out and see everyone and network," Zarzuela 
advised. "I have good rapport with my manager but you also need to be 
visible with other people in the department." In that sense, her need to 
touch base is reminiscent of expatriates.

Zarzuela's home office replicates the one she had at work: an IBM Think Pad 
computer hooked up to a secure, high-speed line, monitor with mouse and 
keyboard, fax machine, printer, business phone and pager, and cell phone.

The idea of teleworking, apparently, is catching on at Astrazeneca, 
Zarzuela said. "Other departments are trying to find out how we do it 
because they want to telework as well," she said.
**************************
The Guardian
Privacy fear over plan to store email
EU wants data retained to help fight against crime
Richard Norton-Taylor and Stuart Millar

Records of personal communications, including all emails and telephone 
calls, will be stored for at least a year under a proposal to be decided by 
EU governments next month.
Under the plan, all telecommunications firms, including mobile phone 
operators and internet service providers, will have to keep the numbers and 
addresses of calls and emails sent and received by EU citizens. The 
information, known as traffic data, would be held in central computer 
systems and made available to all EU governments.

The move could lead to a further extension in the powers of European 
security and intelligence agencies, allowing them to see the contents of 
emails and intercepted calls and faxes, civil liberty groups fear.

The plan, drafted in Brussels, has been leaked to Statewatch, an 
independent group monitoring threats to privacy and civil liberties in the EU.

"The traffic data of the whole population of the EU - and the countries 
joining - is to be held on record. It is a move from targeted to 
potentially universal surveillance," Tony Bunyan, Statewatch editor, warned 
yesterday. "EU governments claimed that changes to the 1997 privacy 
directive would not be binding on member states - each national parliament 
would have to decide. Now we know that all along they were intending to 
make it compulsory across Europe."

Although the move was initially explained by the need to fight terrorism, 
EU officials now argue it is necessary to fight all serious crime, 
including paedophilia and racism.

A "draft framework decision" for the European council states that it is 
essential for all member states to apply the same rules. It said that the 
purpose was to harmonise the retention of traffic data to allow criminal 
investigation.

The decision is a victory for the UK which, encouraged by Washington, has 
been pushing for a compulsory EU-wide data retention regime.

But civil liberties campaigners claim that compelling communications 
companies to retain the records of all their customers for long periods 
amounts to blanket surveillance on the entire EU population and will lead 
to law enforcement agencies conducting "fishing expeditions" against 
innocent citizens.

The EU admits the plan involves an invasion of privacy but says the periods 
for which it must be retained - a minimum of 12 months and a maximum of 24 
months - is "not disproportionate".

The data would include information identifying the source, destination, and 
time of a communication, as well as the personal details of the subscriber 
to any "communication device".

For law enforcement agencies to access the data, the draft EU decision 
gives a minimum list of offences, including "participation in a criminal 
organisation, terrorism, trafficking in human beings, sexual exploitation 
of children", drug trafficking, money-laundering, fraud, racism, hijacking 
and "motor vehicle crime".

It states that the "confidentiality and integrity" of retained traffic data 
must be "ensured" but does not say how. Individuals have no right to check 
whether the information held about their personal communications is 
accurate or legally challenge decisions about its use by EU authorities.

A member state will not be able to refuse a request for information from 
another member state on human rights or privacy grounds. There is also no 
common EU list of crimes caught by the plan or of public agencies which 
could demand the information.

But there is one element in the EU plan that the Britain will not welcome. 
It says that personal data could be handed to security services and law 
enforcement authorities only with judicial approval.

In Britain, the regulation of investigatory powers act allows law 
enforcement and intelligence agencies to access personal communications 
data covering a wide range of purposes, including public health and tax 
collection, without any court or executive warrant.

In June, the Guardian revealed plans to extend the powers to access data to 
all local councils, seven ministries and 11 quangos. David Blunkett, the 
home secretary, bowing to intense public and political pressure, admitted 
the government had "blundered" into the issue and that further consultation 
was needed.

But the legality of the entire data retention framework in this country has 
been cast into doubt. The information commissioner, Elizabeth France, has 
warned the Home Office that the new powers could be illegal because another 
law - the Anti-Terrorism Act rushed through parliament after the September 
11 attacks - allows such data to be retained and accessed only on national 
security grounds. According to legal advice from an eminent QC, this would 
be illegal under human rights law.
***************************
News.com
Group warns of massive EU surveillance
By Graeme Wearden

Privacy advocates claim that the European Union plans to make sweeping 
changes to laws that govern communications-related data retention and 
privacy, requiring the long-term storage of such information and making it 
available to governments.
Statewatch, a U.K.-based Internet organization that monitors threats to 
civil liberties within Europe, said Monday that European governments are 
planning to force all of the continent's telephone carriers, mobile network 
operators and Internet service providers to store details of their 
customers' Web use, e-mails and phone calls for up to two years.

This data would be made available to governments and law enforcement agencies.


The European Parliament is currently debating changes to the 1997 EU 
Directive on privacy in telecommunications, which governs existing laws on 
communications data retention. This directive states that traffic data can 
only be retained for billing purposes and must then be deleted.

European governments were expected to agree to changes to the 1997 
directive that would allow individual countries to bring in laws forcing 
communications companies to retain data.

Statewatch, though, said it has seen a copy of a binding "framework 
decision" that is currently being worked on by some EU governments. The 
framework decision, which could be voted into law next month, would force 
all governments to pass laws that would compel communications companies to 
retain all traffic data for 12 months to 24 months.

As previously reported, it has been rumoured for some time that EU 
governments were secretly working on such changes.

"EU governments claimed that changes to the 1997 EC Directive on privacy in 
telecommunications to allow for data retention and access by the law 
enforcement agencies would not be binding on member states--each national 
parliament would have to decide. Now we know that all along they were 
intending to make it binding, compulsory across Europe," Tony Bunyan, 
editor of Statewatch, said in a statement.

Bunyan added that the draft framework decision would sweep away the basic 
rights of data protection, scrutiny by supervisory bodies and judicial review.

The framework decision may include the provision that the police would need 
to obtain a judicial order before gaining access to traffic data, but 
Statewatch warns that such conditions have been sidestepped before.
************************
Wired News
Haiku'da Been a Spam Filter
By Michelle Delio   Win a 50" HDTV or a Xerox Printer!

Refined poetry and ruthless legal prosecution have been brought together in 
the latest effort to stop spam.

A hidden scrap of copyrighted poetry embedded in e-mails will be used to 
guarantee that any message containing the verse is spam free. And if 
spammers dare to hijack the haiku, they will be aggressively sued for 
copyright infringement.

The service is being offered by "Habeas," a new spam-filtering service 
headed by anti-spam activist and attorney Anne P. Mitchell.

Habeas doesn't stop spam by blocking suspicious e-mail. It prevents it by 
aggressively monitoring who is using the service to send mail, and then 
allowing people to set up e-mail program filters specifying that all 
messages containing the Habeas haiku should be delivered -- no matter how 
"spammy" the contents might appear to the average e-mail filter.

E-mail filters are lists that block or redirect the delivery of e-mail that 
comes from known spammers, or messages that contain words and phrases 
typically found in spam. But legitimate e-mail may also contain references 
to the sorts of health, sexual, financial and legal issues that often 
appear in standard spam.

Due to increasingly aggressive filtering, publishers of subscription e-mail 
newsletters complain that they are being forced to self-censor their 
publications, carefully omitting phrases or sometimes even deliberately 
misspelling words that might trigger a spam filter.

Writers, reporters and editors say that some e-mailed stories and news 
releases never arrive at their destinations due to spam filtering.

And a number of people from Asian countries -- increasingly the subjects of 
wide-scale spam blocks -- have all but given up on sending messages to 
their friends and colleagues in the United States and Europe.

And still the spam keeps coming.

"Existing law offers little protection from spammers, who continue to find 
new ways to beat even the most sophisticated filtering technologies," 
Mitchell, former legal affairs director for Mail Abuse Prevention System 
(MAPS), said.

"Technology alone can't stop spam. But existing copyright and trademark law 
used in conjunction with Habeas' system allows us to sue and shut down 
spammers while protecting senders of legitimate mail."

Mitchell says if a spammer uses the Habeas haiku along with other 
trademarked text in an e-mail, Habeas can and will seek penalties of $1 
million and more for copyright and trademark violation. It will also help 
shut down offenders' businesses through legal injunctions and -- in the 
worst cases -- refer them for criminal prosecution.

Dun and Bradstreet have agreed to serve as Habeas' collection agency, 
Mitchell said. And several major commercial spam filtering services, such 
as "Spam Assassin" and "Mail-Filters.com" intend to add Habeas to their 
spam-filtering arsenal.

Habeas also intends to provide lists of unrepentant spammers to maintainers 
of the "blacklists," which many systems administrators use to block all 
e-mail from known spammers.

Some publishers of small, subscription-based newsletters say they welcomed 
the new filtering system since it's becoming increasingly difficult to 
deliver their product past spam filters. The struggle has forced many to 
self-censor the information they provide to their subscribers.

"What is absolutely as annoying as hell, from the ethical e-mail 
publisher's perspective, is the idea that you may have to edit your word 
choices and phrasing or a percentage of your subscribers won't see what you 
deliver to them because the mail will simply not reach them, or will go 
into a 'Suspected Spam' folder that they may not ever open," Steve Outing, 
senior editor at the Poynter Institute for Media Studies, said.

Ironically, Outing's recent column for Editor and Publisher on why he hates 
spam filters was trapped by a spam filter and not delivered to his editor.

"I purposely loaded the column with some words that filters tend not to 
like to make a point about not wanting to be censored by software," Outing 
said. "I e-mailed it to my editor at E&P, but it got blocked by the spam 
filter installed on his company's server."

"This was particularly annoying, because the filter was set to just trash 
what it identified as spam; my editor had no way of knowing I'd sent him 
anything, and I didn't get a bounce-back message saying I'd been blocked."

He eventually had to e-mail the column to his editor's home e-mail address.

"The root of the problem, or course, is spam," Outing said. "Spammers not 
only annoy the majority of Internet users and suck up ISP bandwidth, they 
also cost ethical e-mail publishers money. The ultimate solution is to 
outlaw spam. I doubt there can be such a thing as a perfect spam filter."

Habeas' success will depend on how aggressively the company pursues 
violators, and how many people opt to use the service and notify the 
company of any spam they may receive that was "sanctioned" by Habeas.

Individuals can freely use Habeas filtering with their existing e-mail 
programs. The service is also free for Internet service providers. 
Businesses will be charged $200 a year for use of Habeas' services.

Commercial e-mailers who meet Habeas' strict definition of non-spam will be 
billed a penny per sent message for the warranting service, capped at 
$3,000 per month.

The fee may seem steep for small-scale publishers and marketers, but some 
said it would be worth it to guarantee their product would actually arrive 
in subscribers' in-boxes.
****************************
IEEE Spectrum
Hackers Prove People are the Weakest Link
By Stephen Cass, Associate Editor

The Hackers on Planet Earth Conference in New York City takes on big 
industry and big government

1 August 2002  "Shhhhhhh!" chorused several hundred hackers gathered on the 
top floor of the Hotel Pennsylvania in New York City during the fourth 
biannual Hackers on Planet Earth (HOPE) conference. Up on the stage 
Emmanuel Goldstein, editor of 2600: The Hacker Quarterly, was about to make 
one luckless employee of the Starbucks coffee shop chain look worryingly 
stupid.

HOPE was organized by 2600, a touchstone publication for that subset of the 
hacker community that concerns itself with communications, network, and 
security technologies and increasingly with concomitant political, legal, 
and social issues.

Goldstein was now starring in the HOPE conference's most popular panel: 
social engineering. The object was to demonstrate that you don't need 
thousands of dollars' worth of electronics and a library of arcane software 
tricks to pierce the veil of security surrounding most organizationsa 
telephone, confidence, and some luck will do just as well. Goldstein picked 
the number of a Starbucks coffee shop out of the yellow pages at random and 
dialed it live on stage. As the sounds of a crowded room would have been 
difficult to pass off as normal background noise, this required a certain 
discipline from the normally vocal attendeeshence mass shushing as the ring 
tones came over the public address system.

An employee answered and Goldstein announced that he was from the 
Starbucks' IT department and there was a report that the store had had some 
computer trouble. It took about seven minutes for the employee to begin 
helping out an apparently harried and befuddled Starbucks IT technician by 
reading out the details, including the name, expiry date and number, of an 
American Express credit card used to pay for a $3.75 coffee the day before 
(the number was muted by the HOPE sound technicians).

Apart from taking a stab at Starbucks, and pointing out that the biggest 
weakness in any organization's security is its own members, not outsiders, 
the demonstration echoed one of the dominant notes of the HOPE conference: 
with such low-tech options available to actual criminals, what is the point 
of governmental attempts to aggressively regulate high-tech tools?



Technological activism
Indeed, HOPE was as much about such social and legal issues as it was about 
the technical details of things like the wireless network standard IEEE 
802.11. Anti-corporate activists attended in force, notably Jello Biafra, 
former lead singer of the antiestablishment rock group The Dead Kennedys. 
Their message, coming on the heels of recent high-profile management 
scandals, resonated with many attendees who already have deep concerns 
about such legislation as the U.S. Digital Millennium Copyright Act (DMCA) 
of 1998, which makes circumventing digital copy protection for almost any 
purpose illegal. It is generally seen by hackers as little more than an 
attempt by the music industry to shield its business model from modern 
technologyand violate First Amendment rights in the process.

Oppressive governments as well as allegedly oppressive industries were 
targeted at the conference. On display were new tools with which 
technically naive users could evade the government Internet censorship 
common in such countries as the People's Republic of China. The software 
techniques, created by a group known as Hacktivismo, simplify the process 
(known as steganography) of embedding and extracting messages hidden in any 
image that can be placed on a Web page or sent via e-mail.

Taking aim at the U.S. government, conference-goers were concerned about a 
number of Federal Communications Commission issues, from frequency 
allocations allowing new microwave-based lighting systems to disrupt 
wireless networks, to difficulties local community radio stations have 
trying to get licenses.

Rights to property and privacy were also key issues, one being trademark 
disputes over domain names. For instance, Tokyo's Nissan Motor Co. is 
trying to claim Nissan.com, since 1994 the address of a computer company 
owned by Israeli émigré Uzi Nissan. An exemplary threat to privacy: a live 
demonstration of the ability of private and public investigators to 
cross-reference commercially available databases and build up amazingly 
detailed profiles of individuals without ever leaving the office.



Past and present glories
But HOPE wasn't all protest and politics. The network room on the second 
floor of the hotel was filled with an incredible collection of computer 
hardware, from the latest tricked-out laptops to early computers from the 
dawn of the PC age and before. An early Wang calculator relying on bulky 
terminals with Nixie tube displays occupied one table, while on the next a 
sewing-machinesized portable computer from 1983 proudly displayed its 
Microsoft Basic prompt (running on the CP/M operating system no less). 
Pocket calculators and watches from the LED era were also on show. Nearly 
everything displayed could be picked up, prodded, and programmed by all.

This, more than anything else, caught the spirit behind the HOPE 
conference; that technology is meant to be enjoyed and shared as much as 
possible. The PC revolution sprang from a very similarly minded group of 
people. I couldn't help but wonder as I wandered around and looked at some 
young hackers pecking in delight at a microcomputer keyboard a shade older 
than themselves: what indispensable piece of the future will be sculpted by 
their ingenuity and innovation?
***************************


Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx