[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips August 20, 2002



Clips August 20, 2002

ARTICLES

[NY] Mayor Promising Better Response to Catastrophes
Airports Push for Deadline Extension
Visa-tracking law big headache for colleges
Mac Figurehead Hits His Waterloo
Under their thumb
Firms beef up cybersecurity as breaches soar
Report: Average Worker's Tech Skills Not Keeping Pace
DOD, FEMA test systems link
NARA seeks ideas for e-records archive
Justice sets deadline for fingerprint matching
Homeland security chiefs outline IT requirements
BlackBerry to get S/MIME security
White House to launch Web site for government, industry tech experts
Record labels sue ISPs over access to site
FAA says you can use PDA on jet
Telecommuters find they're not missing out on promotions
Privacy fear over plan to store email [UK]
Group warns of massive EU surveillance
Hackers Prove People are the Weakest Link

**************************
New York Times
Mayor Promising Better Response to Catastrophes
By AL BAKER

Mayor Michael R. Bloomberg promised yesterday to make major changes in how the New York Police and Fire Departments handle future catastrophes, including improvements in technology and basic emergency procedures. At the plan's core is an ambitious goal: a profound change in the culture of the Police and Fire Departments, two agencies with a long history of rivalry.

Among the most significant technological changes is a proposal to outfit high-rise buildings throughout the city with special equipment to boost the radio signals rescuers use. In procedural changes, fire chiefs will now routinely ride in police helicopters to gauge a cataclysm from the air. And the police will stage their responses from a safe distance, preventing too many officers from rushing in too soon. These and other proposals were included in an independent consultant's two reports, whose final versions were released yesterday, about the agencies' responses to the Sept. 11 attacks.

The most elemental change, perhaps, is the effort to foster cooperation between firefighters and police officers, from the rank and file to the top chiefs, the mayor said. The two departments have a long history of competition that stretches back generations. Friction at emergency scenes is legendary. They are even stubborn foes on the athletic fields, where shoving matches have been known to break out on the sidelines.

"Interagency competition may be unavoidable, and even healthy to some extent, but it can never impair our ability to respond to emergencies," Mayor Bloomberg said. "The stakes are just too high."

To make his point, the mayor was flanked by Police Commissioner Raymond W. Kelly, Fire Commissioner Nicholas Scoppetta and other top officials from both departments, deliberately shuffled together. The reports are not considered codified into city policy, said one city official. Rather, they are tools that can be used at the will of the city and the two agencies, to pick and choose what they like and discard the rest. It is yet to be determined how many of the proposals the departments adopt.

The reports come after about five months in which McKinsey & Company, a corporate consultant best known for its expertise in management practices, interviewed fire and police officials, reviewed tapes of audio transmissions from that day, read computer files and operational logs and spoke with outside experts.

But the city was careful not to present the research into the response as an all-encompassing investigation or as a moment-by-moment re-creation of what happened. The reports themselves acknowledged that the hundreds of interviews represented only a small fraction of the thousand or more people who responded in some way to the attacks. Nonetheless, the officials said that the research had been exhaustive enough to base their recommendations on it and to find out, as Mayor Bloomberg phrased it, what worked and what did not, to better prepare for any future cataclysm.

After attending scores of wakes, funerals, memorial Masses and other solemn ceremonies in 11 months, Mr. Bloomberg said: "There is no doubt in my mind that we are doing today what the heroes of 9/11 would have wanted us to do. It is in that spirit that we present these reports."

Details from the reports have been known for weeks, after drafts were obtained by The New York Times. Copies of the final reports were to be distributed to firehouses and the survivors of the more than 2,800 people who were killed.

The consultant charged the city only for out-of-pocket costs, like travel expenses, but not for things like the production of the reports or the hours logged in preparing it. Those fees amounted to $75,000 for the Fire Department and less than $20,000 for the Police Department, said Andrew Giangola, a McKinsey spokesman.

According to the consultant, the Fire Department was plagued by problems in radio communication, lapses in discipline and a lack of coordinated efforts with a Police Department that itself suffered from leadership lapses, coordination problems and a lack of proper planning and training, according to the more than 250 combined pages of the reports. (The Fire Department report is 169 pages; the Police Department report is 88 pages.)

In recommending improvements for the Fire Department, the consultant said it should fortify its hazardous materials unit, develop mutual aid agreements with other agencies and improve its communications and operational preparedness. The Police Department, it said, should enhance the way it mobilizes officers and clearly define the roles of its top officials in the event of a disaster.

In many cases, the city independently identified many of the problems, the mayor said. In the case of the Police Department, for example, one of Mr. Kelly's first acts was to establish a counterterrorism bureau and to expand the department's Intelligence Division. Mr. Kelly has also outfitted officers with radiation detection equipment and has augmented catastrophe planning, including creating redundant command centers and a plan for continuity of command in an emergency.

Mr. Scoppetta has begun to try to improve the radio communication system, though he noted that there is no perfect portable radio that will function perfectly in a city of concrete and steel high rises. Specifically, he said, new radios will be used in regular fire operations in Staten Island, beginning next Monday. A study will be done to determine if the Police Department's elaborate repeater system, designed to boost the signal of the radios, can also support or aid the Fire Department radios.

Among the major findings of the report was that firefighters, in their zeal to respond, often disregarded procedures that were created to protect them and others. For example, the report said, many firefighters ignored orders to go to certain staging areas. Others simply assigned themselves to the twin towers, although the report said only 4 of 200 units had done that.

The report also noted that several other units had kept calling dispatchers to assign them until dispatchers finally relented, and this made the scene hard to control.

Since Jan. 1, officials from both departments have begun to meet regularly, and have established an interagency senior executive coordinating committee to review and resolve operational issues. In the field, joint incident command, with top officials from each department standing next to each other, needs to be reinforced, a senior fire official said.

Some officials have questioned, however, whether the research was extensive enough to be the basis for the reports' conclusions. Others have said that a long study was not needed to point out problems that have been evident for years.

And the reports left major questions unanswered, especially what went wrong with the radio communication that day. Although the report points out the difficulty some commanders encountered in using a device to boost the radio signal, it makes no mention of an audiotape discovered later, in the search, that Port Authority officials say confirms that the device actually did work.

Mr. Giangola said that the consultant was legally prohibited from commenting on the tapes. But he said that the tape was listened to and that it confirmed their recommendations.

"You do need to ask the question, `Was there any information that they did not use in compiling the report?' " said Jim Slevin, vice president of the Uniformed Firefighters Association. "And if so, would that information have been helpful in making some of these recommendations?"

In another unexplained discrepancy, the authors chose to adopt a figure of 25,000 as the number of people evacuated from the towers that day, although other analysts have placed the number at half that.

"I think the effort over all is inadequate," said Charles R. Jennings, an assistant professor of fire science and public administration at John Jay College of Criminal Justice, who noted that he had not read the reports.

"I think the fact that we had two separate investigations, each one of which was captive to a particular agency, is a problem," he said.
**************************
Washington Post
Airports Push for Deadline Extension



By Sara Kehaulani Goo


Directors of 133 U.S. airports urged senators yesterday to delay a requirement that all passenger luggage be screened for explosives by the end of the year, a request that comes only days after James M. Loy, head of the Transportation Security Administration, said he may support efforts to push back the deadline.

Last month, as part of legislation to create a Cabinet-level Homeland Security Department, the House moved the luggage-screening deadline to Dec. 31, 2003.

Meanwhile, two Massachusetts men who were doing work for Airtag Inc. of Cedar Grove, N.J., were indicted yesterday in federal courts in Boston and Providence, R.I., for allegedly attempting to bribe TSA officials who were testing the company's luggage-screening equipment at T.F. Green Airport in Providence.

These developments came as the TSA raced to meet new requirements to improve airport security and prevent hijackings. They demonstrate the challenges faced by the agency, which is under pressure from airports to abandon policies that could cause delays and to quickly approve new technologies that could help both security and efficiency.

Under a law passed by Congress in November, the TSA must screen all checked luggage for explosives by Dec. 31.

In yesterday's letter -- signed by managers of major airports, including Baltimore-Washington International and Washington Dulles International -- officials said the TSA plan "involves squeezing both equipment and personnel into already-congested airport ticket lobbies."

As a result, said the letter, at some airports, "it is estimated that passenger delays could exceed three hours during peak travel times."

Sen. John Ensign (R-Nev.) has proposed legislation similar to the version in the House, but key Senate Democrats are opposed.

Senate Commerce Committee Chairman Ernest F. Hollings (D-S.C.) may consider delays on a case-by-case basis, his spokesman Andy Davis said, but he is wary of granting a blanket delay.

In testimony before Congress in July, Loy said he intended to meet the deadline. But last week, he told some airport directors that he was growing skeptical about the timetable, given the current budget constraints.

Transportation Secretary Norman Y. Mineta said in May that the TSA, which is part of the Transportation Department, needed $4.4 billion. But Congress authorized only $3.85 billion on the recommendation of Mitchell E. Daniels Jr., director of the Office of Management and Budget.

In yesterday's indictments, Darrall Loren Redburn of Weymouth, Mass., and Angelo M. Troisi of Peabody, Mass., are accused of conspiring to offer payments of $1,000 to TSA employees testing Airtag equipment.

The men were arrested yesterday by agents of the Transportation Department's inspector general. Neither is an employee of Airtag. Redburn worked for an Airtag contractor, according to the U.S. attorney's office in Providence. It did not release details of Troisi's employment, and his attorney, John Wall, said he did not know further details.

Airtag makes a plastic clip and a plastic tag that can be attached to the zipper of luggage to show that it has been screened. To open the luggage, the clip or tag must be cut.

William Dimitri, an attorney for Redburn, said his client pleaded not guilty yesterday. Wall said his client will plead not guilty later this week.

An employee at Airtag reached yesterday said he was unaware of the indictments.
******************************
Washington Times
Visa-tracking law big headache for colleges


Universities across the country are scrambling to comply with new federal regulations requiring administrators to set up electronic databases that would track foreign student-visa holders.
By law, universities must have the new Student and Exchange Visitor Information System (SEVIS) part of a change in Immigration and Naturalization Service rules operating by Jan. 30.
But many school officials said last week they may not make that deadline, which, according to preliminary reports, would prohibit universities from issuing immigration documents for foreign students or prevent already enrolled international students from attending classes next winter.
School officials said the costs associated with purchasing the software and the lack of adequately trained administrators could prevent their schools from meeting the deadline. The new system could cost a university up to $25,000 for software and maintenance and requires that a number of employees be trained to use it.
School officials said they want the INS to assure them that the system will work before they purchase the necessary equipment. They also said the INS has not yet released its final regulations, leaving many officials with unanswered questions five months before going live with the program.
"A vast majority of the universities want international students to study at their campuses," said Chris Simmons, assistant director of government relations at the American Council on Education, which represents 1,800 colleges and universities nationwide. "But the schools don't want to be investing in something that may not work. We want to make sure that this is high quality, most efficient and the most effective system that's out there. We want to get this thing going, too."
INS officials deny there is any widespread problem with compliance and said 500 schools are already registered and beginning to use the system.
The program will affect thousands of students in the United States. Some 547,876 persons held student visas in the 2001-2002 academic year, according to statistics compiled by the Institute of International Education. Some 514,723 students held visas in the 1999-2000 school year, statistics show.
University officials say there are still lots of questions that remain about the program, including what sort of information the INS will want them to submit by Jan. 30.
"We're still waiting," said Karen Hartwig, assistant director of admissions at the University of Iowa, which has about 1,800 international students. "And we're afraid that once we do get it, we'll have to rush to write the program, learn how to use it, get any bugs out before that deadline. We certainly hope to be ready. We don't want to lose our ability to enroll international students."
One question is: Must universities enter already enrolled students by that deadline or just new students?
"We don't exactly know who has to be logged in by that date," said Ted Goode, director of services for international students and scholars at the University of California at Berkeley. Berkeley has about 5,500 people it would need to log into the system before the deadline, which Mr. Goode called an impossible task.
Universities like Berkeley that enroll a large number of international students have asked the government to implement a batch software, which school officials say will efficiently gather and be able to send large amounts of information at once.
The batch software has not yet been written, but should be ready for distribution sometime this fall.
The INS has been under pressure from Congress to have SEVIS running since the September 11 attacks. For three decades, the INS required universities to compile information on international students. But because of the volume of paperwork it received, the INS told schools in 1988 to keep the files on campus.
The INS came under increased scrutiny last fall when it was learned that all 19 hijackers who carried out the attacks entered the United States legally. Three of the hijackers were in the country on student visas.
One hijacker, Hani Hanjour, entered the United States on a student visa but failed to show up at the campus where he was supposed to study. Two others, including Mohamed Atta, entered on travel visas and switched to student visas.
Federal officials have said SEVIS will help the INS receive information sooner. SEVIS requires schools to track foreign students and traveling-scholar visa holders. It requires schools to collect registered visa holders' names, addresses and telephone numbers and their class schedules.
Schools will be required to notify the INS within 24 hours if a student doesn't show up or drops out and to report the student's status after each term. A student will have 30 days rather than six months to show up on campus after entering the country.
The system will link every U.S. consulate with every INS port of entry and all 74,000 educational institutions eligible to host foreign students.
*****************************
Chronicle of Higher Education
Virginia Looks for Economic Lift From Academic-Technology Center
By DAN CARNEVALE


Despite budget troubles, Virginia has found money to begin construction of an $18-million academic-technology center that officials hope will spur economic development in the southern part of the state.

The new facility, called the Institute for Advanced Learning and Research, is being built in Danville and will be jointly run by Averett University and Danville Community College, both also in Danville, and Virginia Tech, in Blacksburg.

The three institutions plan to offer joint degree programs in technology fields, including computing, Web design, and information-systems technology. Students will be able to transfer credits from the community college through Virginia Tech's graduate programs. Courses will be offered both face-to-face and online, with faculty members from each institution contributing.

The new academic-technology center will provide equipment and facilities that students will be able to use to conduct research. Supercomputers will be available for students to study a variety of topics, including plant genomes that might lead to new crops to help reduce the regional economy's reliance on tobacco.

Budget deficits have halted many other construction projects at Virginia colleges. And economic difficulties have forced institutions around the country to cut back on technology programs. About $15-million of the research-institute project will be financed through the state's portion of the national tobacco settlement. Virginia has set aside about half of its settlement money to refurbish the economies of areas in the state that currently grow tobacco.

The institute, which is being built on former tobacco fields, is meant to help turn rural towns into technology hotbeds so they can groom computer-savvy workers and attract technology companies. "To really recruit companies to the area, we have to have a large pool of IT workers," says Betty Foster, vice president for academic services at Danville Community College.

High-speed Internet cables are being installed in the area for the institute and to act as another lure to technology companies. The 90,000-square-foot institute building is expected to be ready for both instruction and research by fall 2003.

Tim Franklin, executive director of the institute, says the nearest research institution is more than an hour's drive away -- and it's in North Carolina. Building the institute in the Daville area and providing powerful Internet access should help revive the area's economy, he says.

"The bigger metropolitan areas will always get the better services first, so there's no way to catch up," says Mr. Franklin, who is also director of university outreach programs at Virginia Tech for Southside Virginia. "This was really a leapfrog strategy."
*************************
Washington Post
Northern Virginia Group Takes Lead in Dot-Org Bidding Process



By David McGuire washingtonpost.com Staff Writer Tuesday, August 20, 2002; 2:01 AM


"Dot-org," the world's fifth-largest Internet domain and online home to thousands of nonprofit groups, should be managed by a Northern Virginia-based group when the domain comes up for re-delegation in December, global Internet addressing authorities said late Monday night.


The staff of the Internet Corporation for Assigned Names and Numbers (ICANN) recommended that its governing board of directors choose the Reston-based Internet Society (ISOC) to run dot-org when it awards the contract later this year.

Operated for years by Internet addressing giant VeriSign Inc., dot-org is slated to get a new landlord in December when VeriSign relinquishes its hold on the domain.

Earlier this year, eleven entities applied to operate dot-org, which accounts for more than 2.3 million Internet addresses.

ICANN, which manages the Domain Name System (DNS) under agreements with the U.S. government, commissioned three evaluation teams to weigh the technical and individual merits of the 11 proposals.

"The ISOC proposal was the only one that received top ranking from all three evaluation teams. On balance, their proposal stood out from the rest," ICANN President Stuart Lynn said in a prepared statement.

The recommendation will be thrown open for public comment before being submitted for final approval by the ICANN board in late September. In the past, the board has tended to closely follow staff recommendations on major decisions.

ISOC Officials were not immediately available for comment. But last month, ISOC spokeswoman Julie Williams said the group's longtime involvement in coordinating the development of Internet standards and protocols made it a logical choice to operate dot-org.

"ISOC was formed in 1991 by a lot of the pioneers that originally developed he Internet as a focal point for cooperation and coordination in the development of the Internet," Williams said in July.

ISOC has members in more than 100 countries and serves as the institutional home for two key Internet standards-setting bodies, the Internet Engineering Task Force (IETF) and the Internet Architecture Board (IAB).

In its bid, the nonprofit ISOC said it would rely on a for-profit addressing company to provide backend operation of the domain.

Under the ISOC proposal, Afilias, based in Horsham, Pa., would administer the physical operation of dot-org, charging ISOC a flat fee for each name registered in the domain. Williams said last month that while ISOC was still hammering out the details of that arrangement, the fee was expected to be in the range of $3 to $5 per name, per year.

If the bid is ultimately confirmed, ISOC would maintain the annual wholesale cost of a dot-org name at or below its current level of $6, Williams said in July.

Individual Internet users buy dot-com, dot-org and other domain names from Internet address retailers (called "registrars") who in turn pay flat per-name wholesale fees to the registries that manage the domains.

VeriSign, the current dot-org registry, is giving up its management of the domain as part of a deal it struck last year to cement its control of the valuable dot-com domain.
***************************
Wired News
Mac Figurehead Hits His Waterloo
By Leander Kahney


Shane Anderson, the "list dad" of the once-mighty Mac EvangeList mailing list, is in jail after being charged with two misdemeanors: unauthorized computer access and criminal mischief of the third degree.

Anderson was arrested Friday at his Waterloo, Iowa, home, following accusations that he broke into the computer of a would-be business partner.

Anderson is being held at the Black Hawk County jail on $5,250 bail. No trial date has been set and Anderson has no lawyer yet.

Anderson, 28, runs the Mac EvangeList, an offshoot of Apple's Evangelist, which in the mid-1990s was one of the most influential publications on the Internet. Run by Apple's Guy Kawasaki, the Evangelist once had 45,000 subscribers, many of whom would besiege publications whenever they wrote negative articles about the company.

Anderson took over the list's name and some of its subscribers when Kawasaki retired the list after leaving Apple.

Anderson's arrest follows a complaint by Carl Blake, owner of Macaquarium and a local ISP called Blake Systems, alleging Anderson remotely cracked into his computer after business discussions went sour.

Blake said Anderson had been invited to Iowa to discuss setting up a nationwide Macintosh-oriented ISP. Blake said he allowed Anderson to stay at his home, provided him with free office space and hosted the Mac EvangeList on one of his computers.

But after 2-1/2 months of free board and lodging, Blake said he finally asked Anderson to leave.

"I threw him out," Blake said. "He stayed here 2-1/2 months and he paid for nothing."

Blake said after evicting Anderson, he locked some of his luggage and computer equipment in his office.

Blake said shortly afterwards he caught Anderson trying to remotely crack into his computer. He alleged Anderson attempted to retrieve the Mac EvangeList database. Blake complained to police, who seized Anderson's computer in early May.

Waterloo Police Lieutenant Bruce Arends said Blake provided a log of the server's activity, and that Anderson's machine has been examined by the local office of the Secret Service.

The Secret Service was involved because of its expertise in computer forensics.

Anderson wasn't available for comment, but in an e-mail interview conducted in June, Anderson denied Blake's accusations. Anderson confirmed he'd gone to Iowa to discuss business with Blake, but came away believing Blake was a "slick con man."

"He turned out to be a compulsive liar to the extreme," Anderson wrote in an e-mail. "I told him that I had decided I was not going to do business with him. The next day he changed the locks on the office space he had given me and has kept all my equipment and he stole the Mac EvangeList database. The police will not charge him as they say it is a civil matter."

When asked to discuss the complaints in greater detail, Anderson declined to elaborate, referring instead to the front page of the Mac EvangeList website, which described being cheated by an unnamed con man. The page has since been removed.

Anderson has long been dogged by controversy. For the last 18 months, Anderson has been on the grandly named "Mac EvangeList World Tour," reporting Mac users' personal stories from Europe and the United States for list subscribers.

But according to former business partners, advertisers and hosts, Anderson has left a string of angry people in his wake.

"My blood boils every time his name comes up," said Bonnie Anderson (no relation), an executive with software publisher Casady & Greene, who claims to have paid Anderson $4,000 to sponsor his world tour.

Bertram Haller, who runs MacGuardians, said a couple of European Mac user groups last year warned members not to accommodate Anderson during his tour.

And an early business partner, Walter Blanchard, who worked with Anderson on the MacMarines mailing list, claimed Anderson hijacked the list.

Anderson was recently soliciting offers for the Mac EvangeList, which he claimed has 42,000 members.

However, Blake contends there are fewer than 1,000 members, based on the list he has seen and the traffic generated from his servers when he was hosting the Mac EvangeList.
*************************
Azcentral.com
Under their thumb


Glen Creno
The Arizona Republic
Aug. 20, 2002

Retailers looking for a better way to identify shoppers and cut check fraud are turning to high-tech fingerprint scanners to verify who's in the checkout line.


The scanners are one of the latest wrinkles in biometrics, a field that uses devices such as retina scans, face scans or voice recognition to identify customers.


Some retailers say the systems save them thousands of dollars in bad-check losses, but analysts worry that consumers will see it as yet another intrusion into their privacy.

"That sounds awfully Big Brother to me," Scottsdale consultant Mike Adams said. "I don't know how far the consumer wants to step into that."

A handful of mom-and-pop stores in Arizona use a fingerprint scanning system from BioPay of Virginia. It stores customers' personal data and a photo and links them with a fingerprint.

Jason Barno, manager of Los Amigos Market in Phoenix, figures the two bad checks totaling about $900 wouldn't be sitting by the checkout counter if the store had picked up the machine a few weeks earlier. He said the previous owners of the store, which cashes payroll checks, once racked up $10,000 in bad checks in one month, but he doesn't expect that to happen again.

The machine tipped the store to $700 in counterfeit checks from scammers with access to a computer and sophisticated laser printer. He said customers don't hesitate to sign up for fingerprint scanning so they can easily cash their checks.

"I look at every check as a bad check," he said. "You have to convince me. But with this there's no more pressure on your head, no more worries."

Biometrics business officials said personal identification is crucial in an era when identity theft is on the rise and an estimated 500 million checks are forged annually.

BioPay's system costs $8,900 to $10,000. Retailers get a computer to store shoppers' personal data, a camera for photos and the scanning system to record fingerprints.

The company is developing a quick-checkout system where a customer could store an account number from a bank or credit card, swipe a finger at the checkout and have the entire transaction approved and charged in an instant.

"You don't need to have cards or checks or anything," said Don Bauernfeind, the company's chief operating officer.

Supermarket giant Kroger, which runs Fry's in Arizona, is testing a fingerprint ID in Texas. Circle K tested a face-recognition system in Arizona, but abandoned the idea when the vendor, InnoVentry Corp., went out of business last year.

"We were having a lot of positive feedback from the machines as far as people liking the convenience of check cashing at our stores," Circle K spokeswoman Julie Igo said.

Hypercom, the Phoenix provider of credit-card terminals, launched a fingerprint scanner that connects to a cash register. The company estimates that fraud cost the card-payment industry more than $4 billion last year.

This month, Hypercom formed a special group to look for "growth opportunities" in biometrics, secure identification, age verification and other transaction security.

"Positive identification could virtually eliminate fraud overnight," Hypercom spokesman Pete Schuddekopf said. "That's been the goal of the electronic-payment industry from Day 1."


Reach the reporter at glen.creno@xxxxxxxxxxxxxxxxxxx or (602) 444-8972. *************************** USA Today Firms beef up cybersecurity as breaches soar By Jim Hopkins

SAN FRANCISCO Companies across the U.S., worried that cyberspace will be terrorism's next battleground, have shored up security since Sept. 11.

About 77% of businesses improved defenses against hackers, viruses and other attacks, says a survey of 233 corporations by Computer Economics.

Such threats are real. Cyberspace attacks jumped 64% from a year ago, says security firm Riptech especially from countries such as Iran and Pakistan that are known to harbor terrorists.

Also, 90% of big corporations and government agencies responding to a survey by the Computer Security Institute and FBI said they uncovered computer security breaches in the past year.

Earlier this month, the FBI warned America Online, Microsoft and other Internet service providers about possibly imminent hacker attacks. AOL and Microsoft took steps to shield their 43.7 million subscribers. No damage was reported. Experts expect more such warnings as Sept. 11's first anniversary nears.

The cyberspace threat is greatest for the nation's 5.6 million small companies, which employ half of all workers and are the economy's backbone.

Small firms often lack money to hire full-time information-technology professionals and rarely think they are likely terrorist targets.

Still, Computer Economics says companies with less than $1 million in annual revenue were the biggest proportion of those that bolstered security with:

Anti-virus programs. In Ann Arbor, Mich., chiropractor Darren Schmidt used software before Sept. 11 to hunt for viruses contained in e-mail.
But after the attacks, Schmidt learned the program wasn't getting updated often enough to guard against newly hatched viruses. Around the time of the attacks, Schmidt had one virus attack that shut down his computer for a week. Now Schmidt, who keeps contact information for 200 patients on his computer, updates his software daily.


File-backup gear. In Charlotte, outplacement firm Forum Group was sporadically copying computer files before the attacks. "We thought we were in pretty good shape," says co-owner Bill Crigger. But employees fretted about security after Sept. 11, so Crigger hired a consultant who recommended a daily backup schedule.
Companies in remote places often think they don't need to worry about terrorists targeting their computer networks. "Everyone believes it won't happen here," says Jerry Rackley, a publicist in Stillwater, Okla. Yet Oklahoma residents felt immune to terrorism until the 1995 bombing of the Alfred P. Murrah Federal Building in Oklahoma City.


"The reality is, you have to prepare for the worst and hope for the best," Rackley says.
***************************
News Factor
Report: Average Worker's Tech Skills Not Keeping Pace


Although unemployment continues to make headlines, the glut in information technology workers is only temporary, experts say. Once the economy improves, demand for IT skills will rise again. But will the workforce be ready? http://www.newsfactor.com/perl/story/19062.html
******************************
Federal Computer Week
DOD, FEMA test systems link
Joint exercise focuses on homeland security


Representatives from all armed services, the Federal Emergency Management Agency and other organizations recently began exploring how compatible their communications systems would be in homeland defense situations.

The 2002 Joint Users Interoperability Communications Exercise (JUICE), which began Aug. 5 and runs through the end of the month, is using a mix of legacy and new technologies to support communications, command and control requirements for a deployed joint task force in simulated homeland defense scenarios.

In such scenarios, the Defense Department plays a supporting role to FEMA and other groups, said John Caruso, chief of DOD's Executive Agent for Theater Joint Tactical Networks.

"We're looking for collaborative scenarios and making sure [military] communications equipment is interoperable with FEMA's," Caruso said, which includes not only establishing links among systems, but also identifying redundancies. "We want to define the processes, methodologies and information flows that are in place."

During JUICE, systems and operational approaches are being tested, including network defense from cyberattacks. "We're putting a network up and testing the defenses available," he said. "We'll be actively attacking our network in a controlled fashion."

Technical and military personnel in about 60 units worldwide, representing all the armed services, are participating in this month's exercise and will be manning the Joint Communications Control Center, the communications hub for JUICE.

The center, which was set up by the Army Communications-Electronics Command Software Engineering Center and the Program Executive Office for Command, Control and Communications-Tactical at Fort Monmouth, N.J., is controlling all satellite and terrestrial communications and sensor activity during JUICE.

Air Force Lt. Col. Tom Dixon, senior military communications officer for JUICE, said the exercise enables all of the services to test new software upgrades and equipment and "work through the issues that come into play."

JUICE is being carried out in phases, the first of which establishing links for satellite communications among the different players is under way, Dixon said. "Once those are set up, we'll begin the proof of concept with the equipment that's online."

FEMA, which participated in JUICE for the first time last year, is playing a bigger role in this year's exercise as part of a new collaborative initiative with the military, Caruso said. FEMA Mobile Emergency Response System detachments will participate along with civil support teams from a number of states including Arkansas, Louisiana, Massachusetts, Missouri, New Jersey, New York, Oklahoma, Pennsylvania and Texas.

Eric Hainzer, a telecommunications specialist in FEMA's mobile operations branch, said that although his agency has vast experience responding to disasters, exercises such as JUICE and others offer "opportunity training" for working with DOD in scenarios involving homeland defense and weapons of mass destruction.

Air Force Senior Master Sgt. Carl Sherblum, watch chief for JUICE, said the Defense Message System (DMS) is one of the main systems being tested during the exercise. DMS is the secure messaging system that is replacing DOD's Automatic Digital Network, commonly known as Autodin. Testing DMS during JUICE is essential because FEMA also uses a version of it, he said.

"What we're trying to do, whatever homeland security ends up being, is to have a skeleton in which to operate...and templated off to latch up the DOD and civilian communities," Hainzer said, adding that FEMA is the only civilian agency with a deployable DMS that is compatible with the defense community. "That's a critical element that's been missing for some time, that cross-connect between the two."

Participation in JUICE, which was first conducted in 1996, is voluntary and participating agencies and units pay their own way, Caruso said. "There's no centralized pot of money. People participate because there's something in it for them."

***

JUICE Mix

During the Joint Users Interoperability Communications Exercise, which was first conducted in 1996, members from the armed services, the Federal Emergency Management Agency and the Defense Department explore how compatible their communications systems would be in homeland defense situations.

This year's exercise began Aug. 5 and runs through the end of the month using a mix of legacy and new technologies to support communications, command and control requirements.

The initial focus this year is on establishing links for satellite communications among the various players.
**************************
Federal Computer Week
NARA seeks ideas for e-records archive


After devoting three years and spending more than $20 million to research and build some of the basic components of an electronic records archive, the federal government is asking private companies to submit any ideas they might have to help turn the idea into reality.

The National Archives and Records Administration is searching for some workable way to save electronic records for decades or even centuries. But the agency faces at least two daunting problems: Fast-changing technology means that electronic files created just a few years ago are already in obsolete formats and may no longer be retrievable. And the sheer volume of e-records 36.5 billion a year in e-mail messages alone is overwhelming.

In a request for information to vendors, NARA officials indicate that they are open to any suggested solutions.

"We want to be sure there isn't something else out there that we should be looking at," said Reynolds Cahoon, NARA's chief information officer. "We're vitally interested in seeing what the vendor community has to offer."

NARA is especially interested in "off-the-shelf products" that might meet its e-records storage needs, he said.

The RFI notes that NARA is already involved in "a number of research activities and prototypes" for long-term e-records storage systems but, the agency stresses, prior work "does not imply any commitment by NARA" to those technologies and architectures.

"We want to get as many creative ideas coming forth as possible," said Lewis Bellardo, deputy archivist of the United States. "We did not want to constrain the responses we might get" by listing system requirements specific to the prototypes NARA has already developed.

Records management officials at NARA were not available to discuss whether the prototypes they have developed still appear likely to solve the agency's e-records problems.

In 1991, U.S. Archivist John Carlin announced that a major breakthrough in storage technology could mean that a pilot version of an e-record archive could be operating by 2004 or 2005.

But Bellardo and other NARA officials make it clear that they are open to other solutions. A statement released by NARA says the RFI is intended to generate information "from vendors and integrating contractors in order to determine the best solution for building" the e-records archive.

To ensure that NARA receives enough good ideas, the agency intends to issue two more RFIs, Bellardo said.

NARA hopes to award two or three system design contracts that will lead, after 18 months, to a single system designer.

Ultimately, NARA intends to use "a modular contracting approach" that will divide the e-records archive project into segments, with each segment producing a usable component of the archive.

Companies have until Sept. 4 to respond to the RFI, but some may be reluctant to offer their best ideas, said Michael Tankersley of Public Citizen. "I do not know why anyone would give very meaningful information at this point since it might benefit competitors."

After the other two RFIs are issued, NARA plans to hold an industry conference on the e-records archive next spring.

Two years ago, Carlin told Congress it would cost $130 million and take five years to build an e-records archive.
************************
Federal Computer Week
Justice sets deadline for fingerprint matching


Starting Sept. 11, hundreds of foreign visitors who step off airplanes or arrive at U.S. border crossings will be directed to immigration inspectors, who will fingerprint and photograph them.

While inspectors collect information on the visitors' backgrounds and their reasons for coming to the United States, computers will be comparing their fingerprints to tens of thousands of prints collected from foreign felons, terrorists and suspected terrorists.

If there is a match, the visitors may be denied entry or arrested. If they are cleared for admission to the United States, their fingerprints and photographs will be added to a database for future identification purposes.

For those cleared, the whole process should take no more than 10 minutes, according to Kris Kobach, a Justice Department official involved in an aggressive effort to tighten immigration practices in the aftermath of last year's terrorist attacks.

Aside from the photos and fingerprints at ports of entry, the department will require foreign visitors to register with the Immigration and Naturalization Service when they have been in the United States for 30 days and once a year thereafter.

That means foreign visitors must "appear in person at an INS field office" to answer questions about their activities in the United States and supply proof of where they are living, working or attending school, Justice officials said.

INS will require visitors to disclose much more information about themselves than they have in the past, Kobach said.

Finally, visiting foreigners will be required to register with INS when they leave the United States. Failure to register upon departure could make them ineligible for re-entry.

The fingerprinting, photographing and reporting requirements are intended to "expand substantially America's scrutiny of those foreign visitors who may present an elevated national security risk," Attorney General John Ashcroft said Aug. 12.

Initially, INS will target visitors from Iran, Iraq, Libya, Sudan and Syria, as well as visitors from other countries who are identified by the State Department as being a risk to national security or who fit INS criteria for closer inspection.

But Ashcroft said he sees the system as the first step toward developing a comprehensive entry/exit system that will eventually be used to check almost all foreign visitors.

The plan is greeted with skepticism from some immigration experts.

"It's a false solution to a real problem," said Judy Golub, senior director of advocacy and public affairs for the American Immigration Lawyers Association.

Fingerprinting and photographing arriving foreigners is unlikely to catch many terrorists, but it is bound to cause major delays at ports of entry, she said. Most of the Sept. 11 terrorists had no prior records and were not included on watch lists.

Meanwhile, making foreign visitors report to the INS periodically while they're in the United States will catch no terrorists at all, Golub said. Those here to commit terrorism simply won't report in, she said.

More effective efforts include greater intelligence gathering and sharing among agencies, including the State Department, and "preinspection and preclearance" of foreign visitors at U.S. consulates overseas, she said.

But Justice officials said that fingerprinting and photographing people at ports of entry have already been proven to work.

Since January, INS inspectors have been using the technology at a number of ports of entry and have averaged more than 70 matches a week between the fingerprints of arriving foreigners and prints in databases of wanted felons. As a result, INS officials have made more than 2,000 arrests.

"It has been staggeringly good," Kobach said. n

Looking for a match The screening that begins Sept. 11 will include fingerprint comparisons against a database that contains prints collected in Afghanistan and Pakistan, including prints collected by U.S. forces at al Qaeda training camps. "We're very excited about that," said Kris Kobach, a Justice Department official involved in the effort. The Immigration and Naturalization Service may be able to link people to fingerprints that were almost certainly left by terrorists. Allies around the world have sent the U.S. digital fingerprints of suspected terrorists. Foreign visitors' prints will be checked against those and against prints in the FBI's Integrated Automated Fingerprint Identification System and INS' IDENT database of more than 4.5 million foreign visitors' prints. Justice officials said up to 200,000 visiting foreigners a year will be fingerprinted and photographed. That's "a small percentage of the more than 35 million nonimmigrant aliens who enter the United States each year," Attorney General John Ashcroft said.
*************************
Government Computer News
Homeland security chiefs outline IT requirements
By Wilson P. Dizard III


PHILADELPHIAIT leaders from the White House and intelligence agencies gave homeland security a push forward today by pooling their information-sharing plans.

"It's about all of us figuring out how to share information to meet the needs of those combating terrorism," said Homeland Security Office CIO Steven I. Cooper at the Government Symposium on Information Sharing and Homeland Security

Cooper said the government needs to open a dialogue on the effects of laws and policies that restrict information sharing among federal agencies. But, he added, "it is important that we do not swing the pendulum too far and jeopardize our civil rights and civil liberties."

Cooper has formed four CIO working groups to analyze matters surrounding information-sharing: border and transportation security; first responders; chemical, biological, radiological and nuclear weapons of mass destruction; and state and local information. He said the border and transportation group is the furthest along in its work

"Just last week we met with a team that the National Association of State CIOs chartered to develop some definitions and plans," Cooper said.

Cooper cited several conditions that must be avoided in improving information sharing among agencies:


Redundant efforts
Political and cultural roadblocks
Problems introducing new IT, especially against the backdrop of the government's impending loss of IT professionals through retirement
Inadequate funding
Poor communications with the public.


Winston Wiley, associate CIA director for homeland security, said his agency would support all activities of the proposed Homeland Security Department, not just its intelligence operations. The CIA director "said the department's most important role would be translating the enemy's activities overseas into a system of protection for this country," Wiley said.
************************
Government Computer News
BlackBerry to get S/MIME security
By Susan M. Menke


BlackBerry handheld devices used in the military services can get a government-specific Secure Multipurpose Internet Mail Extensions protocol upgrade of their software under a National Security Agency contract with the devices' maker, Research In Motion Ltd.

Mike Lazaridis, president of the Waterloo, Ontario, company, said Defense Department users of the BlackBerry 957, 5810 or 6710 handhelds would pay undisclosed licensing fees for the S/MIME public-key cryptography upgrades from NSA. He declined to give the value of the development contract.

The software upgrade will encrypt messages and attachments to and from a user's desktop system and a synchronized BlackBerry, under a second password for that user's existing DOD digital certificate. The BlackBerry already has Triple Data Encryption Standard e-mail protection and Federal Information Processing Standard 140-1 certification, Lazaridis said. S/MIME will extend that security by guaranteeing user-to-user authorship over different e-mail systems, he said.

The encrypted messages cannot be viewed in the device's in-box without the second password, Lazaridis said. A color BlackBerry screen is under development.
*************************
Government Executive
White House to launch Web site for government, industry tech experts
By Molly M. Peterson, National Journal's Technology Daily


PHILADELPHIA -- The White House plans to launch a Web site that would enable government and private-sector technology experts to exchange ideas for better information-sharing practices, the Office of Homeland Security's chief information officer announced in Philadelphia Monday.

"I need your help," Steven Cooper told more than 900 high-tech professionals from 32 states during a keynote address at a three-day homeland security conference. "We can't get a view of America from inside the Beltway. ... We don't know it all. We've got to hear from everybody."

Cooper said the Web site would enable high-tech firms and agencies at all levels of government to share their "best practices" for data fusion and integration with the Office of Homeland Security. He noted that the Sept. 11 terrorist attacks prompted communities in many statesincluding Pennsylvania, Texas, Minnesota, Utah and Californiato launch information-sharing initiatives that have proven effective and that might be worth implementing nationwide.

Cooper said several communities in the Dallas area, for example, collaborated with the local FBI field office and the private sector to develop an emergency-response network that allows for the "reasonably secure" exchange of sensitive data regarding suspected criminal activity. He said the new system already has led to several arrests.


"They did it on a shoe string ... but it is extremely successful," Cooper said. "It's an example of something we can replicate ... in other parts of the country."


Cooper said he expects the Web site to be online in two to three weeks. "Once it's done, please talk to us," he said. "I need to know about best practices, centers of excellence and capabilities that already exist in America today. The Web site will enable us to share and communicate what's going on."


Pennsylvania Republican Curt Weldon, who chairs the House Armed Services Procurement Subcommittee and served as Monday's other keynote speaker, said that by failing to establish an effective, nationwide information-sharing system well before Sept. 11, the government "basically failed the American people."



"We could have and should have had, before 9/11, a better capability for fusing our data," Weldon said, noting that he has been calling for a nationwide center since the late 1990s. "There's no integrated domestic communications system in America."


Another problem, Weldon said, is that the U.S. education system does not place enough emphasis on information security and information sharing. "Every college trains young people how to use computers," Weldon said. "The real need in the 21st century is to be able to ensure the security of that data."


Cooper said federal agencies with homeland security functions will face a critical shortage of data-security experts in about five years, when about half of their information technology employees will be eligible for retirement. He said replacing those employees with "skilled and talented information technology professionals" will be a challenge because the federal government cannot compete with most private-sector salaries and benefits.



"We're losing people," Cooper said. "It's a problem because we don't have the skill sets to introduce new technologies."
****************************
Computerworld
Record labels sue ISPs over access to site


Five major record companies have sued four of the biggest Internet service providers in an attempt to stop what the record companies say is blatant copyright infringements occurring at a music Web site registered in China.
The suit, filed Friday in U.S. District Court for the Southern District of New York, seeks a preliminary injunction ordering AT&T Broadband Corp., Cable & Wireless USA, Sprint Corp. and WorldCom Inc.'s UUnet division to block Internet communications to and from servers run by www.listen4ever.com.


As of today, the site couldn't be accessed. But it was unclear whether the operators had voluntarily shut it down or moved it to another site.

The suit alleges that the site makes available "for illegal copying and distribution on the Internet" recordings that are the copyright property of BMG Music, a division of German media giant Bertelsmann AG; Sony Music Entertainment Inc.; UMG Recordings Inc.; Virgin Records America Inc.; and Warner Brothers Records Inc. The recording companies targeted the four Internet service providers because Web users in the U.S. rely on their backbone routing services to gain access to the site.

These services put the four service providers in a unique position to cut off access to Listen4ever.com at the Internet entry point into the U.S., the Recording Industry Association of America Inc. said in a statement Friday. The record companies' goal is to stop the infringements occurring at the site.

The suit says Listen4ever.com has engaged in a number of tactics that make its operation more egregious than the music-sharing service run by Napster Inc., which was shut down by court order. For example, Listen4ever.com lets users download entire music albums, while Napster's focus was individual songs, the suit says. It also hosts the digital music on a central server, while Napster provided a peer-to-peer software that allowed users to search the hard drives of other users for music files they wanted. In addition, Listen4ever.com has made available at least one album before its commercial release.

The suit also alleges that the site uses offshore servers in an attempt to shield itself from the reach of U.S. law. The domain name is registered to an individual in Tianjin, China, whom the suit doesn't identify. The link from the site for contacting its operators sends e-mail to an anonymous Yahoo Inc. e-mail account.

"In enacting the Digital Millennium Copyright Act, Congress anticipated that infringers might attempt to move offshore to avoid U.S. law," the suit says. "The DMCA permits a copyright owner to seek injunctive relief to require ISPs to block access to such sites. That is exactly the situation here and the limited relief plaintiffs are seeking."

Spokesmen for AT&T Broadband, Sprint and WorldCom declined to comment on the suit, citing company policies against discussing ongoing litigation. A call to Cable & Wireless USA wasn't returned.
**************************
USA Today
FAA says you can use PDA on jet
By Christopher Elliott, special for USA TODAY


On a recent flight from Newark, N.J., to Orlando, Mike Corbo decided to check his e-mail. Instead of plugging into a $3.99-a-minute in-flight phone, he powered up his Palm VII and downloaded the messages wirelessly, at 35,000 feet.

"I found that as long as we were flying over a major city, I would easily connect and send or receive e-mail without a problem," says the Lyndhurst, N.J., information systems manager.

No one tried to stop Corbo because what he did is legal. The Federal Aviation Administration doesn't ban the onboard use of a personal digital assistant even one that can connect to the Internet through a cellular network according to FAA spokesman Paul Takemoto. "He isn't violating any rule," he says.

If, on the other hand, Corbo had been using a portable phone, he'd be breaking a Federal Communications Commission rule that prohibits the use of cellular devices on planes, Takemoto adds. The operation of a cellular phone is thought to interfere with an aircraft's navigational systems.

But in an age of convergence, who's to say what's a PDA or a cell phone?

That's a question Bob Johnson may have to ask himself soon. The Houston consultant uses his BlackBerry to connect to the Internet wirelessly all the time including from a commercial airplane.

"It connects every time I pass over a served city and am in range of a transmitter," he says.

"So when I go from Houston to Denver, I have connected service over Dallas and approaching Colorado Springs," Johnson says. "I've only had one person tell me to make sure the transmitter is turned off, and that was on the ground in Austin last week."

What if Johnson decides to upgrade to a BlackBerry 5810, which offers optional phone service? Is he still using a PDA or is it a phone or something in between? Do the FCC rules apply to his handheld device?

Terry Wiseman, an expert on in-flight communications systems and editor of the newsletter Airfax.com, says people may bicker over where a PDA ends and a cell phone begins, but in some respects, both devices do the same thing. "A personal digital assistant may use less bandwidth to check e-mail, but basically you're using the same frequency as a cellular phone, and in much the same way," he says.

He suggests that the government's policy on PDAs may be outdated, given the convergence of phones and computing devices.

Matt Greer hopes the rules stay the way they are. On some PDAs, you can't power down the wireless connection unless you shut the device completely off.

"Unless there's a way to disable the phone part of the device so you could use other applications, like text editors, you won't be able to get anything done during the flight," says Greer, a chemical engineer from Lake Jackson, Texas.

Others, like John Turner, are skeptical that the existing rules are anything more than a ploy to help airlines earn more money.

"Do cell phones interfere with navigational equipment?" asks the McLean, Va., frequent traveler. "Make them prove it. I'm an electrical engineer, and I can't for the life of me see how a cell phone is going to mess up aircraft navigation systems. I'm suspicious that they just want to sell minutes on those seat-back phones."

But Sharon Wingler, a flight attendant and author of the book Travel Alone & Love It: A Flight Attendant's Guide to Solo Travel, thinks using any kind of wireless device aboard a plane is unsafe and that any loopholes in policy should be closed as soon as possible.

"It's hard to describe how frightening it is when the pilots call back to tell me that they're having instrument problems and ask me to hurry through the cabin to see if some idiot is using his cell phone or illegal PDA," she says. "Don't we have enough to worry about now?"
***************************
USA Today
Telecommuters find they're not missing out on promotions


CHARLOTTESVILLE, Va. (Reuters) Four years ago, when pharmacist Donna Zarzuela's physician husband, Jose, had to relocate to Baltimore, she stopped by Zeneca Pharmaceutical's human resources office in Wilmington, Del., to tender her resignation.

She had been commuting 230 miles daily round trip to Wilmington from Ellicott City, Md., and now her employer was moving to Frazier, Pa. and the lengthier drive would have been just too much time behind the wheel.

"It wasn't company policy to let people work at home then but they said they would look into it and I became the first person in my department to telecommute," she said.

The results came up roses for Zarzuela, who has been promoted twice since and now earns more money working 30 hours a week part-time than she did putting in 40 hours full-time five years ago.

What's more, with commuting time slashed, Zarzuela has more time with daughters Kira, 4, and Audrey, 6 months. While Zarzuela works, her mother, Inocencia, cares for Audrey, and Kira attends preschool.

Zarzuela's experience is becoming increasingly common as employers step up telework options for employees and cut office space costs.

According to economist John Sargent of the Bureau of Labor Statistics, in Washington, nearly 20 million people did some work at home as part of their primary job last year. That's about 15% of the labor force a figure that grows steadily.

Like many employees reassigned as teleworkers, Zarzuela worked with little supervision in an office by telephone largely on her initiative, and did not meet directly with customers on a daily basis. Her title is Senior Medical Information Manager.

Her doctorate in pharmacy qualified her to answer medical inquiries about Zeneca's products from doctors and other health care professionals. Company sales staffers load questions put to them by doctors into their laptops and e-mail them to Zarzuela.

After the British Zeneca Group merged with Swedish Astra in 1999 to form AstraZeneca, corporate policy changed to allow more staffers to telecommute.

"Almost everybody teleworks one or two days and that includes administrators as well as managers," Zarzuela said. "Of 80 people in our department, 40 telework once a week."

Since she began telecommuting, Zarzuela has continued to earn excellent performance reviews and her pay increases have totaled 30%. She credits the raises in part to the fact that "I get a lot more work done at home than when I was in the office."

"You're not taking coffee breaks. There isn't somebody walking by your door and chatting to say 'Hello.' So I tend to get a lot more work done in a shorter period of time," Zarzuela said.

Lynda Finis, Zarzuela's team director, agreed. "As manager in a group in which most everyone telecommutes at least some times, I find that productivity is actually increased."

Telecommuting also improves teamwork, "since the work group has to make sure there is adequate coverage, and meetings are scheduled for when people are physically available," Finis said.

Many teleworkers say the danger in working from home is not so much sloughing off as overdoing.

"You have to separate yourself from your office," Zarazuela said. "When you're walking through your house on the weekend and you have two hours and nothing to do and you're a workaholic, you have to resist working. The company is very concerned that you may neglect your family and they don't want you spending so much time at work."

For Zarzuela, teleworking is "sitting in my home office four days, seven and a half hours a day, either answering questions or reviewing documents for scientific accuracy." One day a week she drives to the Malvern office to touch base with colleagues and attend meetings.

"If you work from home as much as I do, when you go to the office you have to make an extra effort to get out and see everyone and network," Zarzuela advised. "I have good rapport with my manager but you also need to be visible with other people in the department." In that sense, her need to touch base is reminiscent of expatriates.

Zarzuela's home office replicates the one she had at work: an IBM Think Pad computer hooked up to a secure, high-speed line, monitor with mouse and keyboard, fax machine, printer, business phone and pager, and cell phone.

The idea of teleworking, apparently, is catching on at Astrazeneca, Zarzuela said. "Other departments are trying to find out how we do it because they want to telework as well," she said.
**************************
The Guardian
Privacy fear over plan to store email
EU wants data retained to help fight against crime
Richard Norton-Taylor and Stuart Millar


Records of personal communications, including all emails and telephone calls, will be stored for at least a year under a proposal to be decided by EU governments next month.
Under the plan, all telecommunications firms, including mobile phone operators and internet service providers, will have to keep the numbers and addresses of calls and emails sent and received by EU citizens. The information, known as traffic data, would be held in central computer systems and made available to all EU governments.


The move could lead to a further extension in the powers of European security and intelligence agencies, allowing them to see the contents of emails and intercepted calls and faxes, civil liberty groups fear.

The plan, drafted in Brussels, has been leaked to Statewatch, an independent group monitoring threats to privacy and civil liberties in the EU.

"The traffic data of the whole population of the EU - and the countries joining - is to be held on record. It is a move from targeted to potentially universal surveillance," Tony Bunyan, Statewatch editor, warned yesterday. "EU governments claimed that changes to the 1997 privacy directive would not be binding on member states - each national parliament would have to decide. Now we know that all along they were intending to make it compulsory across Europe."

Although the move was initially explained by the need to fight terrorism, EU officials now argue it is necessary to fight all serious crime, including paedophilia and racism.

A "draft framework decision" for the European council states that it is essential for all member states to apply the same rules. It said that the purpose was to harmonise the retention of traffic data to allow criminal investigation.

The decision is a victory for the UK which, encouraged by Washington, has been pushing for a compulsory EU-wide data retention regime.

But civil liberties campaigners claim that compelling communications companies to retain the records of all their customers for long periods amounts to blanket surveillance on the entire EU population and will lead to law enforcement agencies conducting "fishing expeditions" against innocent citizens.

The EU admits the plan involves an invasion of privacy but says the periods for which it must be retained - a minimum of 12 months and a maximum of 24 months - is "not disproportionate".

The data would include information identifying the source, destination, and time of a communication, as well as the personal details of the subscriber to any "communication device".

For law enforcement agencies to access the data, the draft EU decision gives a minimum list of offences, including "participation in a criminal organisation, terrorism, trafficking in human beings, sexual exploitation of children", drug trafficking, money-laundering, fraud, racism, hijacking and "motor vehicle crime".

It states that the "confidentiality and integrity" of retained traffic data must be "ensured" but does not say how. Individuals have no right to check whether the information held about their personal communications is accurate or legally challenge decisions about its use by EU authorities.

A member state will not be able to refuse a request for information from another member state on human rights or privacy grounds. There is also no common EU list of crimes caught by the plan or of public agencies which could demand the information.

But there is one element in the EU plan that the Britain will not welcome. It says that personal data could be handed to security services and law enforcement authorities only with judicial approval.

In Britain, the regulation of investigatory powers act allows law enforcement and intelligence agencies to access personal communications data covering a wide range of purposes, including public health and tax collection, without any court or executive warrant.

In June, the Guardian revealed plans to extend the powers to access data to all local councils, seven ministries and 11 quangos. David Blunkett, the home secretary, bowing to intense public and political pressure, admitted the government had "blundered" into the issue and that further consultation was needed.

But the legality of the entire data retention framework in this country has been cast into doubt. The information commissioner, Elizabeth France, has warned the Home Office that the new powers could be illegal because another law - the Anti-Terrorism Act rushed through parliament after the September 11 attacks - allows such data to be retained and accessed only on national security grounds. According to legal advice from an eminent QC, this would be illegal under human rights law.
***************************
News.com
Group warns of massive EU surveillance
By Graeme Wearden


Privacy advocates claim that the European Union plans to make sweeping changes to laws that govern communications-related data retention and privacy, requiring the long-term storage of such information and making it available to governments.
Statewatch, a U.K.-based Internet organization that monitors threats to civil liberties within Europe, said Monday that European governments are planning to force all of the continent's telephone carriers, mobile network operators and Internet service providers to store details of their customers' Web use, e-mails and phone calls for up to two years.


This data would be made available to governments and law enforcement agencies.


The European Parliament is currently debating changes to the 1997 EU Directive on privacy in telecommunications, which governs existing laws on communications data retention. This directive states that traffic data can only be retained for billing purposes and must then be deleted.


European governments were expected to agree to changes to the 1997 directive that would allow individual countries to bring in laws forcing communications companies to retain data.

Statewatch, though, said it has seen a copy of a binding "framework decision" that is currently being worked on by some EU governments. The framework decision, which could be voted into law next month, would force all governments to pass laws that would compel communications companies to retain all traffic data for 12 months to 24 months.

As previously reported, it has been rumoured for some time that EU governments were secretly working on such changes.

"EU governments claimed that changes to the 1997 EC Directive on privacy in telecommunications to allow for data retention and access by the law enforcement agencies would not be binding on member states--each national parliament would have to decide. Now we know that all along they were intending to make it binding, compulsory across Europe," Tony Bunyan, editor of Statewatch, said in a statement.

Bunyan added that the draft framework decision would sweep away the basic rights of data protection, scrutiny by supervisory bodies and judicial review.

The framework decision may include the provision that the police would need to obtain a judicial order before gaining access to traffic data, but Statewatch warns that such conditions have been sidestepped before.
************************
Wired News
Haiku'da Been a Spam Filter
By Michelle Delio Win a 50" HDTV or a Xerox Printer!


Refined poetry and ruthless legal prosecution have been brought together in the latest effort to stop spam.

A hidden scrap of copyrighted poetry embedded in e-mails will be used to guarantee that any message containing the verse is spam free. And if spammers dare to hijack the haiku, they will be aggressively sued for copyright infringement.

The service is being offered by "Habeas," a new spam-filtering service headed by anti-spam activist and attorney Anne P. Mitchell.

Habeas doesn't stop spam by blocking suspicious e-mail. It prevents it by aggressively monitoring who is using the service to send mail, and then allowing people to set up e-mail program filters specifying that all messages containing the Habeas haiku should be delivered -- no matter how "spammy" the contents might appear to the average e-mail filter.

E-mail filters are lists that block or redirect the delivery of e-mail that comes from known spammers, or messages that contain words and phrases typically found in spam. But legitimate e-mail may also contain references to the sorts of health, sexual, financial and legal issues that often appear in standard spam.

Due to increasingly aggressive filtering, publishers of subscription e-mail newsletters complain that they are being forced to self-censor their publications, carefully omitting phrases or sometimes even deliberately misspelling words that might trigger a spam filter.

Writers, reporters and editors say that some e-mailed stories and news releases never arrive at their destinations due to spam filtering.

And a number of people from Asian countries -- increasingly the subjects of wide-scale spam blocks -- have all but given up on sending messages to their friends and colleagues in the United States and Europe.

And still the spam keeps coming.

"Existing law offers little protection from spammers, who continue to find new ways to beat even the most sophisticated filtering technologies," Mitchell, former legal affairs director for Mail Abuse Prevention System (MAPS), said.

"Technology alone can't stop spam. But existing copyright and trademark law used in conjunction with Habeas' system allows us to sue and shut down spammers while protecting senders of legitimate mail."

Mitchell says if a spammer uses the Habeas haiku along with other trademarked text in an e-mail, Habeas can and will seek penalties of $1 million and more for copyright and trademark violation. It will also help shut down offenders' businesses through legal injunctions and -- in the worst cases -- refer them for criminal prosecution.

Dun and Bradstreet have agreed to serve as Habeas' collection agency, Mitchell said. And several major commercial spam filtering services, such as "Spam Assassin" and "Mail-Filters.com" intend to add Habeas to their spam-filtering arsenal.

Habeas also intends to provide lists of unrepentant spammers to maintainers of the "blacklists," which many systems administrators use to block all e-mail from known spammers.

Some publishers of small, subscription-based newsletters say they welcomed the new filtering system since it's becoming increasingly difficult to deliver their product past spam filters. The struggle has forced many to self-censor the information they provide to their subscribers.

"What is absolutely as annoying as hell, from the ethical e-mail publisher's perspective, is the idea that you may have to edit your word choices and phrasing or a percentage of your subscribers won't see what you deliver to them because the mail will simply not reach them, or will go into a 'Suspected Spam' folder that they may not ever open," Steve Outing, senior editor at the Poynter Institute for Media Studies, said.

Ironically, Outing's recent column for Editor and Publisher on why he hates spam filters was trapped by a spam filter and not delivered to his editor.

"I purposely loaded the column with some words that filters tend not to like to make a point about not wanting to be censored by software," Outing said. "I e-mailed it to my editor at E&P, but it got blocked by the spam filter installed on his company's server."

"This was particularly annoying, because the filter was set to just trash what it identified as spam; my editor had no way of knowing I'd sent him anything, and I didn't get a bounce-back message saying I'd been blocked."

He eventually had to e-mail the column to his editor's home e-mail address.

"The root of the problem, or course, is spam," Outing said. "Spammers not only annoy the majority of Internet users and suck up ISP bandwidth, they also cost ethical e-mail publishers money. The ultimate solution is to outlaw spam. I doubt there can be such a thing as a perfect spam filter."

Habeas' success will depend on how aggressively the company pursues violators, and how many people opt to use the service and notify the company of any spam they may receive that was "sanctioned" by Habeas.

Individuals can freely use Habeas filtering with their existing e-mail programs. The service is also free for Internet service providers. Businesses will be charged $200 a year for use of Habeas' services.

Commercial e-mailers who meet Habeas' strict definition of non-spam will be billed a penny per sent message for the warranting service, capped at $3,000 per month.

The fee may seem steep for small-scale publishers and marketers, but some said it would be worth it to guarantee their product would actually arrive in subscribers' in-boxes.
****************************
IEEE Spectrum
Hackers Prove People are the Weakest Link
By Stephen Cass, Associate Editor


The Hackers on Planet Earth Conference in New York City takes on big industry and big government

1 August 2002 "Shhhhhhh!" chorused several hundred hackers gathered on the top floor of the Hotel Pennsylvania in New York City during the fourth biannual Hackers on Planet Earth (HOPE) conference. Up on the stage Emmanuel Goldstein, editor of 2600: The Hacker Quarterly, was about to make one luckless employee of the Starbucks coffee shop chain look worryingly stupid.

HOPE was organized by 2600, a touchstone publication for that subset of the hacker community that concerns itself with communications, network, and security technologies and increasingly with concomitant political, legal, and social issues.

Goldstein was now starring in the HOPE conference's most popular panel: social engineering. The object was to demonstrate that you don't need thousands of dollars' worth of electronics and a library of arcane software tricks to pierce the veil of security surrounding most organizationsa telephone, confidence, and some luck will do just as well. Goldstein picked the number of a Starbucks coffee shop out of the yellow pages at random and dialed it live on stage. As the sounds of a crowded room would have been difficult to pass off as normal background noise, this required a certain discipline from the normally vocal attendeeshence mass shushing as the ring tones came over the public address system.

An employee answered and Goldstein announced that he was from the Starbucks' IT department and there was a report that the store had had some computer trouble. It took about seven minutes for the employee to begin helping out an apparently harried and befuddled Starbucks IT technician by reading out the details, including the name, expiry date and number, of an American Express credit card used to pay for a $3.75 coffee the day before (the number was muted by the HOPE sound technicians).

Apart from taking a stab at Starbucks, and pointing out that the biggest weakness in any organization's security is its own members, not outsiders, the demonstration echoed one of the dominant notes of the HOPE conference: with such low-tech options available to actual criminals, what is the point of governmental attempts to aggressively regulate high-tech tools?



Technological activism
Indeed, HOPE was as much about such social and legal issues as it was about the technical details of things like the wireless network standard IEEE 802.11. Anti-corporate activists attended in force, notably Jello Biafra, former lead singer of the antiestablishment rock group The Dead Kennedys. Their message, coming on the heels of recent high-profile management scandals, resonated with many attendees who already have deep concerns about such legislation as the U.S. Digital Millennium Copyright Act (DMCA) of 1998, which makes circumventing digital copy protection for almost any purpose illegal. It is generally seen by hackers as little more than an attempt by the music industry to shield its business model from modern technologyand violate First Amendment rights in the process.


Oppressive governments as well as allegedly oppressive industries were targeted at the conference. On display were new tools with which technically naive users could evade the government Internet censorship common in such countries as the People's Republic of China. The software techniques, created by a group known as Hacktivismo, simplify the process (known as steganography) of embedding and extracting messages hidden in any image that can be placed on a Web page or sent via e-mail.

Taking aim at the U.S. government, conference-goers were concerned about a number of Federal Communications Commission issues, from frequency allocations allowing new microwave-based lighting systems to disrupt wireless networks, to difficulties local community radio stations have trying to get licenses.

Rights to property and privacy were also key issues, one being trademark disputes over domain names. For instance, Tokyo's Nissan Motor Co. is trying to claim Nissan.com, since 1994 the address of a computer company owned by Israeli émigré Uzi Nissan. An exemplary threat to privacy: a live demonstration of the ability of private and public investigators to cross-reference commercially available databases and build up amazingly detailed profiles of individuals without ever leaving the office.



Past and present glories
But HOPE wasn't all protest and politics. The network room on the second floor of the hotel was filled with an incredible collection of computer hardware, from the latest tricked-out laptops to early computers from the dawn of the PC age and before. An early Wang calculator relying on bulky terminals with Nixie tube displays occupied one table, while on the next a sewing-machinesized portable computer from 1983 proudly displayed its Microsoft Basic prompt (running on the CP/M operating system no less). Pocket calculators and watches from the LED era were also on show. Nearly everything displayed could be picked up, prodded, and programmed by all.


This, more than anything else, caught the spirit behind the HOPE conference; that technology is meant to be enjoyed and shared as much as possible. The PC revolution sprang from a very similarly minded group of people. I couldn't help but wonder as I wandered around and looked at some young hackers pecking in delight at a microcomputer keyboard a shade older than themselves: what indispensable piece of the future will be sculpted by their ingenuity and innovation?
***************************



Lillie Coney Public Policy Coordinator U.S. Association for Computing Machinery Suite 510 2120 L Street, NW Washington, D.C. 20037 202-478-6124 lillie.coney@xxxxxxx