[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips September 4, 2002



Clips September 4, 2002

ARTICLES

Hundreds file requests to see cops' 'spy files'  [Privacy]
Air Security Focusing on Flier Screening [Airport Security]
Army picks two for tech to lighten soldiers' loads
Recording industry site hit again
TSA system would dig up passenger info
Sept. 11 keeps disaster recovery in forefront
ICANN Threatens to Take Away VeriSign's '.com' Privileges [ICANN]
Consumer Groups Target Spam
Governments employing high-tech surveillance techniques
Windows flaw could be used to forge digital signatures
E-Mail, Net Abuse Tops List of 'Sackable' Offenses
Ghana's burgeoning hacker culture
Data watchdog against EU data retention plans
Japanese firm develops computer screen that cannot be seen


************************** Denver Post Hundreds file requests to see cops' 'spy files' Records contain some surprises By Carol Kreck

Wednesday, September 04, 2002 - Several hundred people packed Denver police headquarters Tuesday evening to see whether they were in the department's "spy files."

Waving signs saying "Freedom of speech is not criminal activity" and "Big Brother is Watching You," the diverse crowd included gun-rights activists as well as Denver Copwatch members.

Tuesday was the first day the department accepted requests to see the controversial files kept by the Intelligence Unit. People can apply to see their files through Nov. 1.

Barbara Cohen, a member of Denver Copwatch, was surprised to see two entries in her 16-page file associating her with the Brothers Fast motorcycle club.

"I've never heard of them," she said. "I've never been on a motorcycle." The file also says she has an FBI number.

Two people were amazed by how little there was in their files.

The file for JoJo Padilla, 27, said he was a member of Barrio Warriors de Aztlan, a Denver Latino service-activist group that the file defined as a protest group.

It's a Hispanic group that "frequently protests regarding problems in Chiapas, Mexico, and of the police killing of Ismael Mena," the file says, an accurate description.

His file cited one date, Oct. 26, 1999, but "I don't even remember this one (date)," and Barrio Warriors have been in many more demonstrations than the one listed in his file, Padilla said.

The lack of information on the Warriors' activities was somewhat surprising, he said. "I've heard it before - the Denver Intelligence Unit isn't very good."

Lt. Steven Carter, who took applications to see the files, said dates cited in files weren't necessarily of events. They could be input dates, he said.

Larry Leaman-Miller of Denver, former director of Colorado American Friends Service Committee, the Quakers' political arm, had a file six pages long.

Five pages contained blacked-out names of people listed as "indirect relationships."

An entry dated May 31, 2000, cites a photograph of Leaman-Miller shot by Intelligence Unit Detective David Pontarelli.

Leaman-Miller was classified variously as "criminal extremist G," protest group, civil disobedience and task force.

Denver police have kept intelligence files on Denver citizens since 1954. In 2000, a sophisticated software program called Orion was purchased to track groups, but police never were properly trained to use it.

In transferring files from a giant Rolodex to the computer, many files were purged.

Carter, who took applications from people wanting to see the files and had the names checked with the files, said Orion had categories for people that were applied inconsistently.

Police say they will continue to maintain an Intelligence Unit database, but only of people and groups suspected of criminal activity.

The department is drafting better-defined categories for those under surveillance, Carter said.

Jack Mudry, a Denver activist since the 1970s, was told he didn't have a file and figures it may have been destroyed.

"It could be in other hands," said Mudry, who is involved in causes related to peace and justice. "It could have been forwarded to other agencies to look at or keep."

Jack and Lois Anthony, members of the Chiapas Coalition based at St. Dominic's Catholic Church, were cited in files.

Members of the group, which supports Mexico's indigenous people, were listed as "criminal extremists with intent to overthrow the Mexican government," Lois Anthony, 72, said, laughing.

"Our pastor says, 'There's those terrorists sitting out in the congregation,' " she said.

Most applicants who arrived in the morning waited about half hour to find out whether they were in the files.

Later in the day, activist groups gathered as planned to wait in line and show solidarity. By 6 p.m., the lobby was jammed and few files were being turned over.

The American Civil Liberties Union announced last March it had proof Denver police were spying on citizens who weren't participating in criminal activity.

Mayor Wellington Webb appointed a three-judge panel to look at the files and recommend what to do with them.

The judges concluded the collection was flawed and should be destroyed, but some protested it should be preserved as a historical document.
************************
Washington Post
Air Security Focusing on Flier Screening
Complex Profiling Network Months Behind Schedule
By Robert O'Harrow Jr.


From the moment the Transportation Security Administration was formed, agency officials have been consumed by the idea of a vast network of supercomputers that would instantly probe every passenger's background for clues about violent designs.

The agency has spent millions of dollars and innumerable hours studying how the secret profiling system known as CAPPS II could enable them to "deter, prevent or capture terrorists" before they board an airplane, government documents show.

In recent months, the agency hired four teams of technology companies that have honed their expertise in profiling for casinos, marketing companies and financial institutions. Their mission was to demonstrate how artificial intelligence and other powerful software can analyze passengers' travel reservations, housing information, family ties, identifying details in credit reports and other personal data to determine if they're "rooted in the community" -- or have an unusual history that indicates a potential threat.

Now transportation and intelligence officials believe that CAPPS II -- short for the second-generation Computer Assisted Passenger Prescreening System -- will form the core of a new framework in aviation security: a far more intense focus on people rather than baggage. They intend to extend its use to screen truckers, railroad conductors, subway workers and others whose transportation jobs involve the public trust.

Transportation Secretary Norman Y. Mineta, who oversees the TSA, recently described CAPPS II as "the foundation" on which all other far more public security measures really depend.

But after a nine-month-long crash program, CAPPS II remains a promising yet unfulfilled idea that won't be ready for live testing until next year, months later than agency officials had hoped. It is still unclear when the system will have a meaningful impact on security at the nation's airports. "We're still between the conceptual and the reality," one senior government official acknowledged.

The CAPPS II program demonstrates the extraordinary challenges facing the nation as it overhauls its aviation security system -- and the lengths to which government officials believe they must go in examining the lives of ordinary Americans to avoid a repeat of the security and intelligence failures of Sept. 11.

Few details about the program have emerged publicly because officials worry that the more terrorists know about it, the less effective it will be. Indeed, even before Sept. 11, security specialists had concluded that the integrity of the current, far less sophisticated CAPPS system had been eroded because of disclosures about how it assesses passengers for risk -- examining, for example, those who pay for a ticket in cash or travel one-way.

A review of documents and interviews with people close to CAPPS II show that the project has been hindered by the daunting complexity of the task -- in effect, the creation of the nation's largest domestic surveillance system. Agency officials have been unable to decide on the technology and companies that can make CAPPS II work. They have moved forward deliberately, officials familiar with the project said, because they do not want to waste time and money on the wrong approach.

The agency also has not resolved key questions about the system's impact on civil liberties, although officials have wrestled with the issue and acknowledge that the system would be intrusive if used inappropriately. A host of other policy issues that might need congressional input, such as limits on law enforcement agencies' access to the system for criminal profiling, have not been formally broached on Capitol Hill.

Given the immense importance of CAPPS II to the new air security framework, officials argue, the extra few months are worth taking. Not only will CAPPS II protect passengers, these officials say, it will make life easier for travelers at the airport because screening will be more efficient.

In a first concrete step, transportation officials plan to begin working this fall with some technology companies and at least one major airline on an electronic watch list that would more swiftly communicate the names of terrorists and suspects who should not be allowed to fly. That system, if successful, would become a key element of the more sophisticated CAPPS II network.

"It's probably the most important security tool we have in our arsenal -- if we develop it intelligently, which we will do," one official said, speaking on the condition of anonymity. The official added that the TSA intends to begin buying software for the watch list this month. "What we now have is a chance to build a significantly more powerful tool."

Some lawmakers are uneasy that the TSA has not begun a pilot program, saying they worry about the nation's vulnerability to another attack.

"I'm totally frustrated by it. It should never have taken this long," said Rep. John L. Mica (R-Fla.), chairman of the House Transportation Committee's aviation subcommittee. "It's very serious. It leaves us exposed. We don't have a thinking system."

At the same time, civil liberties activists warn that privacy issues could embroil CAPPS II in controversy and undermine its effectiveness if these issues are not publicly resolved before the system begins operation.

"This is the last thing that should be done in secret," said Mihir Kshirsagar, a policy analyst at the Electronic Privacy Information Center (EPIC), which sued the TSA for more information about the project this year. "It's the kind of change that will always be with us."

Katie Corrigan, a legislative counsel at the American Civil Liberties Union in the District, questions whether it can work and said she worries that innocent but offbeat or politically radical travelers will be swept up in the system. "This system challenges core values, such as privacy, the right to travel and the right to engage in certain activities," she said.

Connecting the Electronic Dots
The plan for the new passenger-profiling network intends to piggyback on the data-collection revolution of the 1990s. Marketers and data services were able to take advantage of leaps in computer power and networking technology to compile demographic, public-record and consumer files about virtually every adult in the United States, documents show.


The TSA wants to devise a virtually new data-driven system, according to the documents, which would electronically absorb every passenger reservation, authenticate the identity of the travelers and then create a profile of who they are.

Under the plan, passengers would be required, when making their reservations, to provide identifying information -- a name and address, plus such things as passport, Social Security and frequent-flier numbers. Those details would be used by private data services, such as ChoicePoint Inc., an identification and verification company, to supply more information about the individual.

TSA computers would then use artificial intelligence and other sophisticated software, along with behavior models developed by intelligence agencies, to determine whether the passenger is "rooted in the community" -- whether he or she is well established in the United States -- and find links to others who might be terrorists, according to government documents and interviews.

The aim is to create an "automated system capable of integrating and simultaneously analyzing numerous databases from Government, industry and the private sector . . . which establishes a threat risk assessment on every air carrier passenger, airport and flight," according to a government document.

"This is about the government electronically connecting the dots," one official close to the project said, noting the system will be run by the government, not the airlines.

Mineta said the profiling will be based on behavior, not race or ethnic characteristics. "People are saying, 'Mineta's against profiling.' That's not the case at all," Mineta said in a recent interview, suggesting that he understands the need for profiling because he was once an Army intelligence officer based in Korea. "This is the foundation for the aviation security system."

A Glut of Proposals
The overall vision of CAPPS II has evolved as officials have learned more about the capabilities of available technology.


In December, the government called for a system that would predict risk by drawing on information from all airlines, public and private data sources, and watch lists of known or suspected terrorists.

A more refined proposal emerged in January, when the TSA decided to test a prototype in Salt Lake City during the Winter Olympics the next month, according to a document describing the scope of work.

In that plan, private companies were supposed to crunch information from commercial databases, state driver's-license agencies, telephone numbers, deceased-persons files, airline reservation systems, the FBI and the Secret Service to develop a risk "score" for each passenger.

But the Salt Lake initiative faltered. Agency officials lost confidence that it could be quickly implemented, according to people familiar with the process. One of the vendors complicated matters by expressing concern about its legal liability for making a mistake, according to an e-mail obtained by EPIC.

"We weren't satisfied we were going to get the most bang for the buck," one official said.

At the time, the TSA was bombarded with unsolicited proposals from technology companies, government agencies and Congress.

Former national security adviser John M. Poindexter, now the director of the Information Awareness Office at the Defense Advanced Research Projects Agency (DARPA), offered his services. His office, created by the government in January, aims to achieve a system capable of "total information awareness," using the Internet, databases and other technology "aimed at exposing terrorists and their activities."

The National Aeronautics and Space Administration proposed a system that would depend in part on examining passengers' brain waves with "neuro-electric sensing" devices to assess risk, documents obtained by EPIC show.

"At some point, you just run out of hours in the day to listen to people who are smart," one official said.

In February, agency officials decided to run a comparison test of systems. A March 8 request for "white papers" required companies to demonstrate they had experience with the financial industry, fraud detection, risk assessment and the authentication of individuals. It also required the companies to describe how they would handle "Privacy Rights and Interests/Civil Rights/Confidentiality."

Two months later, four teams received grants. Officials from the companies declined to publicly discuss their roles in CAPPS II, saying they were warned by the TSA that such disclosures might undermine national security.

The companies included Austin-based Infoglide Software Corp., which says in promotional materials that its software "makes it easy for the user to find relevant connections between people, places, and/or events, thereby uncovering possible incidences of fraud and threat." It received a $253,450 grant for the project, according to a government document.

Infoglide is partners with Language Analysis Systems Inc., a Herndon firm that until recently worked so closely with intelligence services that it could not publicly acknowledge its own existence. The company, which specializes in name-recognition software, helped track some of the Sept. 11 hijackers to Florida.

Ascent Technology Inc. of Cambridge, Mass., was awarded $225,587. It specializes in the integration of a wide array of technology, including artificial intelligence, to improve security, track flights, assign optimal parking positions for airplanes and otherwise maximize the allocations of resources at airports.

The giant military vendor Lockheed Martin Corp. received a $469,179 grant for its effort. It's not clear what kind of system the Bethesda-based company is proposing. But industry officials said Lockheed is working with the Las Vegas company Systems Research & Development (SRD), which has received funding from In-Q-Tel Inc., the CIA venture capital arm.

Using a system called Non-Obvious Relationship Awareness, SRD can sort through oceans of data in real time, seeking links among people. It also can determine when an individual has transposed names or intentionally tried to obscure details about himself. That's what SRD has done for MGM Mirage Inc. and other Las Vegas casino companies worried about card counters and organized gangs of cheaters.

SRD founder and chief scientist Jeff Jonas said the company is "particularly good at putting people into context" through the use of software that can learn and that relies on "fuzzy logic."

"We're talking about instant, perpetual, real-time analysis," he said.

HNC Software, now a part of Fair, Isaac & Co., won the largest grant, $551,001. HNC is a risk-detection specialist that works for credit card issuers, telephone companies, insurers and others.

It works with several other companies that have access to seating records of virtually every U.S. airline passenger or that collect such information as land records, car ownership, projected income, magazine subscriptions and telephone numbers.

HNC employs neural networks, which can discern subtle patterns and relationships by processing millions, or billions, of records. The company, which has received funding from DARPA, uses its software to profile the activity of millions of credit card owners, telephone callers and insurance beneficiaries for fraud.

About the time of the Salt Lake initiative, HNC proposed a prototype that would allow authorities, based in control rooms, to examine potential threats across the aviation system. One computer screen included a "prioritized passenger list" that ranked passengers on a flight from the highest risk to the lowest. The same screen displayed a box with the names of other travelers the computer had somehow linked to a high-risk passenger. Other screens showed an aggregate threat for planes, airports and the entire system.

Officials at the TSA declined to discuss whether they have chosen finalists from among the four teams.

The TSA has received $45 million for fiscal 2002 and has asked Congress for $35 million to fund CAPPS II's development next year, but it does not have clear estimates of how much it will cost to build and operate the system.

'Sensitive Intelligence'
Finding the right companies and technology is only one of several tasks facing the TSA. Another is selling the program to Congress and to passengers. According to knowledgeable sources, TSA officials plan to brief Congress and the White House about the program in more detail this fall.


The agency also intends to conduct some sort of public outreach, including discussions about civil liberties. TSA officials, for example, plan to ask Congress to restrict the use of CAPPS II by other law enforcement agencies.

"This is not about finding deadbeat dads," one official said. "We're telling our law enforcement colleagues, 'This is not a universal law enforcement tool.' "

The TSA will also spell out how it intends to design a system that, while profiling passengers universally, retains little information once they are cleared to fly, the official said. At the same time, the agency plans to seek authority to gather and maintain more information about foreigners traveling the United States.

Once those efforts are made, however, the TSA intends to treat the system as a sensitive matter of national security and probably will not discuss it much after it begins operation. "This is going to be classified," one official said. "What's inside that box contains some very sensitive intelligence."

Critics are fearful those efforts will not give them enough information to assess whether the system will be intrusive -- or even work as promised.

Corrigan, the ACLU counsel, said there is no question the government has a compelling interest in improving security. But it should not do so in the dark, she said, particularly when creating a surveillance infrastructure that could dramatically expand authorities' power to peer into the lives of ordinary Americans.

"The government needs to make the case to the American public, first of all, that this will be effective and make air travel safer. And second of all, [that] this is the least intrusive approach," she said. "There's no independent public oversight. There's no public discussion."

Transportation Secretary Mineta acknowledges these concerns and says that is why the effort will take some time. "It's never quick enough in terms of getting done. On the other hand, what we're trying to do is be deliberate enough to leave no stone unturned," Mineta said.

"What is the government's responsibility to the citizens? It's really to protect them. That's what we're trying to do here," he said.
*************************
Washington Post
Senate to Debate Homeland Plan
Parties Still Split on Worker Rights


By Bill Miller
Washington Post Staff Writer
Wednesday, September 4, 2002; Page A10


The Senate agreed yesterday to move forward with debate about creating a Department of Homeland Security, but Republicans and Democrats remained sharply divided over giving the White House new flexibility to manage the 170,000-member workforce.


President Bush and Homeland Security Director Tom Ridge met with Republican senators yesterday to cement support for the new department and focused their discussions on the workplace issues. Bush wants the secretary of the department to have the ability to design a new personnel system that would make it easier to hire, reward, discipline and move employees.

Democrats want to keep intact all existing civil service protections and make it more difficult for Bush to move workers out of unions for national security reasons. Bush has threatened to veto any legislation that includes such provisions.

The debate, which Senate leaders said will likely last three weeks, will cover much of the same ground already visited in the Republican-led House, where members voted in July to approve most details of Bush's plan to merge 22 agencies into a single department focused on defending against terrorism. The Democratic-controlled Senate appears willing to go along, but some members have balked at the proposed new management freedoms and the way the department's intelligence apparatus would function.

After meeting with Bush, Sen. Fred D. Thompson (R-Tenn.) said many of the agencies that would be part of the new department are "dysfunctional" and could only be repaired by giving the new secretary greater flexibility. "We can't apply the same type management that we've had in the past to this new department," he said. "The stakes are too great."

Thompson, who is leading the Republican side of the Senate debate, could introduce an amendment on the labor union issue as early as today Sen. Joseph I. Lieberman (D-Conn.), who wrote much of the Senate's version of the bill in his role as chairman of the Senate Governmental Affairs Committee, is managing the Democratic efforts.

One hurdle was overcome yesterday when the Senate voted to move forward despite concerns raised by Sen. Robert C. Byrd (D-W.Va.). Byrd, chairman of the Appropriations Committee, helped delay Senate action on the bill before the August recess, contending that the Bush plan, released in June, required more thorough study.

"The president's proposal has been barreling through Congress like a Mack truck, threatening to run over anyone who dares to stand in its way," Byrd said yesterday.

Byrd said he supported the creation of a new department but feared that it could "careen out of control." He said he will pursue an amendment that would require the White House to obtain congressional approval stage by stage as the major components of the department are assembled during a one-year transition period.
**************************
Federal Computer Week
Army picks two for tech to lighten soldiers' loads


The Army, which is seeking to transform its troops into a more agile force, has selected two lead integrators to compete for the opportunity to create technology that will enable soldiers to fight more effectively while carrying less of a load.

Eagle Enterprise Inc. of Westminster, Md., an arm of Defense contracting giant General Dynamics Corp., and Exponent Inc. of Menlo Park, Calif., on Aug. 29 were both awarded $7.5 million contracts for the concept development phase of the Objective Force Warrior.

Objective Force Warrior, one of the Army's flagship science and technology initiatives, seeks to develop and demonstrate revolutionary capabilities that will enable Army soldiers to do more while carrying less. The goal is to reduce the weight of the combat soldier's load from 100 pounds to less than 50 pounds by 2008.

Much as the Army's Future Combat System focuses on using technology to create a more mobile yet more lethal force, Objective Force Warrior will make it possible to deploy troops and equipment more quickly. The Objective Force Warrior seeks to do the same for soldiers, so they can be lighter on their feet.

Objective Force Warrior covers work on multifunction sensors, networked communications, positioning navigation, and unmanned air and ground systems.

"Our challenge is to help them be the most survivable and lethal soldiers in the world, to complete their missions with a goal of a 40-pound fighting load in all terrain and weather conditions, with a long-term goal of getting the soldiers' fighting load [down] to 15 pounds," said A. Michael Andrews, deputy assistant secretary of the Army for research and technology, in a statement to Federal Computer Week.

Objective Force Warrior applies the "systems of systems" approach in concepts, designs and technology demonstrations for soldiers, said Scott Myers, vice president of Eagle Enterprise.

That approach requires a change in thinking, Myers said. "There are clearly a lot of new challenges here," he said, because you have to design for a distributed communication network and a computational network.

The two teams must present their concepts by April.

During this eight-month phase, the two competing integrator teams will work with the Army to develop the Objective Force Warrior concept design and systems of systems architecture.

In the second phase, the Army will select a single lead technology integrator that will complete preliminary and detailed designs, and then integrate component technologies.

Myers said it would be important for the Objective Force Warrior program to keep tabs on the work being done with the Future Combat System, because the two will need to be compatible.

***

Well Connected

The Objective Force Warrior program seeks to demonstrate technologies for lightweight gear for Army soldiers, including:

* Integrated, multifunction sensors.

* Networked communications.

* Collaborative situational awareness.

* Enhanced positioning navigation.

* Medical status monitoring.
****************************
News.com
Recording industry site hit again
By Declan McCullagh

For the third time in five weeks, the Recording Industry Association of America has come under online attack, apparently by activists irate about the group's legal efforts to curtail music-swapping.
As of Tuesday afternoon, access to the RIAA.org site was sporadic. Over the weekend, it had been defaced to include a faux announcement that it would "offer the latest albums for download from RIAA.org" and a small collection of MP3 files.


"The RIAA wishes to apologize for the heavy-handed manner in which the popular Chinese site Listen4Ever was closed down, and would like to present the following items for free download as a token of its goodwill," the defacement said. That was a reference to a lawsuit that the RIAA filed to force U.S. network providers to block access to the Listen4ever site, which is now offline.


An RIAA spokesman said he needed more time to research what happened and could not immediately comment.


The trade association, along with the Motion Picture Association of America (MPAA), has won many critics in its quest to shut down popular file-trading networks such as Napster. The group says Net piracy has badly cut into legitimate sales and recently released a report that said CD sales for the first six months of 2002 had dropped because of online piracy.

Both groups have endorsed a bill backed by Reps. Howard Berman, D-Calif., and Howard Coble, R-N.C. It would rewrite federal law to permit nearly unchecked electronic disruptions if a copyright holder has a "reasonable basis" to believe that piracy is occurring on peer-to-peer networks.

Last month, the RIAA took legal action after a dispute with Verizon Communications over tracing an alleged peer-to-peer pirate. It asked a federal judge in Washington, D.C., for an order compelling Verizon to reveal the name of a customer accused of illegally trading hundreds of songs. Citing privacy concerns and potential legal liability, Verizon has refused to comply with a subpoena the RIAA sent last month.

In a legal brief filed last Friday, Verizon said what the RIAA wanted was not sufficiently privacy protective and could lead to "widespread abuse" in the court system. RIAA's reply brief is due Wednesday.

The latest RIAA.org defacement comes after a similar action last week and a denial-of-service attack that took place in late July.

This weekend's electronic vandalism, which is a federal crime, included a faked apology for being overly litigious and a statement saying: "With the legal file-sharing service Kazaa still online, the Recording Industry Association of America today announced that it intends to offer the latest albums for download from RIAA.org."
**************************
Federal Computer Week
TSA system would dig up passenger info
Privacy advocates warn of 'extensive profiling' by agency
BY William Matthews


By late fall, federal airport security officers hope to begin installing computer systems that can instantly check the personal backgrounds of airline passengers and alert security officials to any who are deemed dangerous before they can board planes and take off.

The tool, a substantially advanced version of the Computer Assisted Passenger Prescreening System (CAPPS) now in use, is being designed to comb multiple government and commercial databases for information that could indicate that a passenger poses a threat.

Although installation of the system at airports is scheduled to begin in late fall, a government official, speaking on background, said it could be delayed if, as expected, the Transportation Security Administration is pulled out of the Transportation Department and moved into the Homeland Security Department.

"We're waiting to see what happens with the new department," the official said.

The House of Representatives has approved a Bush administration plan to create the Homeland Security Department and move TSA and about two dozen other federal entities into it. But the Senate has only begun to examine the proposal.

Last spring, TSA hired four companies to design rival versions of essential software for the passenger screening system, and agency officials expect a final design of the system to be finished this fall.

The system should be able to conduct "real-time preflight background threat evaluation" of airline passengers by using names and personal information taken from passenger manifests, according to TSA and industry sources.

The system, called CAPPS II, would compare information from manifests with information culled and analyzed instantaneously from "numerous databases from government, industry and the private sector" to determine whether any passengers pose a security threat.

A computer using a security scoring algorithm and criteria and weights set by TSA would decide whether a passenger posed a threat. The system would also consider "threat data gathered from state, federal and private-sector sources," TSA officials wrote in a report on CAPPS II.

An existing version of CAPPS provides threat information to airline employees, who are then supposed to pass it on to airport security personnel. The new version is being designed to provide threat alerts directly to "front-line security forces," including via secure wireless communication, the report states.

TSA's plan to use information from commercial databases worries privacy advocates.

The Electronic Privacy Information Center warns that "each airline passenger will be subjected to an extensive profiling" if CAPPS II goes forward. Lawyers for EPIC sued TSA, saying the agency failed to disclose enough information about how the system will work.

EPIC wants to know what factors would trigger a threat alarm, how accurate data in the databases would be, what recourse travelers would have if they are falsely identified as being a threat, and whether the system violates constitutional prohibitions, including those against unreasonable searches.

TSA officials are guarded about discussing the system. In a notice about CAPPS II sent to software developers this spring, TSA warned that "there shall be no public release of information concerning the requirements" of the system or proposals by companies interested in developing it.

But industry officials insist it will work. "It could be very effective" in identifying potentially dangerous passengers, said Allen Shay, president of Teradata, a data warehousing division of NCR Corp.

The system is likely to focus on passengers who pay cash, buy one-way tickets or have questionable or conflicting identification documents, criminal records or other information in databases that arouses suspicion, he said. Similar automated background checks are common in the financial industry and commerce, Shay said. Banks, for example, check employment, credit and financial records when marketing loans.

But the passenger-screening system is almost certain to raise concerns about privacy and profiling, Shay said. "When it is done in the commercial world, it is known as customer resource management. When it is done by the government, it's an invasion of privacy," he said. "To move forward in a positive way, that's something we're going to collectively have to get over."
**************************
Computerworld
Sept. 11 keeps disaster recovery in forefront
By Stacy Cowley, IDG News Service


In February 2001, Gartner Inc. published a white paper titled "How Will You Get Your Data Back After the [insert catastrophe here]?" Seven months later, the Sept. 11 terrorist attacks filled in that blank, stunning the U.S. and forcing businesses to consider disaster recovery on a previously unimagined scale.
By 9 a.m. that day, as hundreds of thousands of workers passed through lower Manhattan on their way to their jobs, smoke was billowing over the city from the first hijacked plane's crash into the World Trade Center's north tower (see story). Within hours, the entire complex was in ruins, throwing Manhattan's transportation and communications systems into turmoil and the nation into shock over the vicious attacks on New York and Washington.


"There was a sudden awareness: We could have not just a building, but a regional catastrophe," said Dianne McAdam, an analyst at Illuminata Inc. in Nashua, N.H. "What happened with Sept. 11 in Manhattan, it was a loss of the phone lines, the data lines, the transportation, of parts of the entire communications infrastructure."

In February 2001, Gartner Inc. published a white paper titled "How Will You Get Your Data Back After the [insert catastrophe here]?" Seven months later, the Sept. 11 terrorist attacks filled in that blank, stunning the U.S. and forcing businesses to consider disaster recovery on a previously unimagined scale.
By 9 a.m. that day, as hundreds of thousands of workers passed through lower Manhattan on their way to their jobs, smoke was billowing over the city from the first hijacked plane's crash into the World Trade Center's north tower (see story). Within hours, the entire complex was in ruins, throwing Manhattan's transportation and communications systems into turmoil and the nation into shock over the vicious attacks on New York and Washington.


"There was a sudden awareness: We could have not just a building, but a regional catastrophe," said Dianne McAdam, an analyst at Illuminata Inc. in Nashua, N.H. "What happened with Sept. 11 in Manhattan, it was a loss of the phone lines, the data lines, the transportation, of parts of the entire communications infrastructure."

**************************
Washington Post
ICANN Threatens to Take Away VeriSign's '.com' Privileges
By David McGuire

VeriSign Inc. was threatened yesterday with the loss of its right to sell ".com" domain names if it fails to clean up its public database that records who owns which Web sites.

The Internet Corporation for Assigned Names and Numbers (ICANN), which manages the Internet's global addressing system, said VeriSign, owner of the largest and first commercial dot-com registrar, "blatantly ignored" its obligation to fix inaccuracies in its "Whois" database, citing 17 violations over the past 18 months.

ICANN said that while all of the 150 registrars occasionally have inaccurate entries, VeriSign's Dulles-based Network Solutions unit "has exhibited a pattern of persistent violations of its contractual obligations to take reasonable steps to correct inaccurate or incomplete Whois data in spite of repeated requests and reminders by ICANN."

VeriSign is the first registrar to be threatened with the loss of its right to sell registrations, ICANN said.

The company will correct the violations immediately, spokesman Brian O'Shaughnessy said. But he objected to ICANN's saying that 17 violations established a pattern of abuse. VeriSign maintains more than 10 million Internet addresses, he noted.

"It's like holding a few grains of sand in your hand and calling it a beach," O'Shaughnessy said. "We're going to correct these because we take our obligations seriously, [but] calling it a pattern and dictating that it's cavalier is an unfair characterization."

All accredited Internet registrars are required to maintain publicly available Whois databases, which often provide the only clues to the identities of Web sites' operators. Although registrars are not obligated to verify the accuracy of the information in their databases, they must remedy any incorrect entries brought to their attention.

ICANN, in its formal notice to VeriSign, said that "in many cases it appears that [the firm] simply ignores the complaints." In one case that ICANN cited, VeriSign failed to correct an entry in which a domain name was registered to a "Toto," who listed "the yellow brick road, Oz, KS" as a street address.

VeriSign has 15 working days to fix the errors, or ICANN said it may terminate the company's accreditation agreement.

ICANN spokeswoman Mary Hewitt said it wasn't the violations themselves that were ICANN's main source of concern, but rather VeriSign's attitude toward rectifying its mistakes.

"How many notices do we give before it becomes an issue?" Hewitt asked. "Other registrars usually address these issues rapidly."

ICANN also announced yesterday the establishment of an online form that people can use to report faulty Whois data. The organization will also establish a tracking system to notify registrars of reported inaccuracies.

In addition to being the largest registrar, or retailer, of .com names, VeriSign is the sole registry, or wholesaler, of names ending in .com, .net and .org. It's VeriSign's retail rights, not its wholesale responsibilities, that are at risk under this complaint.

In its function as a registry, VeriSign charges Internet registrars (including its own registrar unit) a flat annual fee of $6 for every .com name they sell to customers. Registrars, in turn, charge consumers varying annual fees to maintain their Internet addresses. VeriSign's registrar charges its customers $35 a year.

VeriSign used to have a government-approved monopoly over wholesale and retail sales of .com names. But in 1998, the Commerce Department, which maintains control of the Internet's authoritative "root server," commissioned the nonprofit ICANN to inject competition into the addressing sector. The root server is the master list of Net addresses ending in "top-level" domains including .com, .net and .org.

ICANN has since accredited dozens of new address retailers and has approved the creation of several new domains to spur competition at the wholesale level.

ICANN and VeriSign clashed often during the early stages of ICANN's existence as they bickered over the means for introducing competition to the addressing industry. After VeriSign signed accreditation deals with ICANN in 1999, the entities appeared to enter a truce. But hostilities flared again in August, when VeriSign joined with other Internet registries in urging the federal government to scale back ICANN's powers.

In addition to operating its extensive addressing business, Mountain View, Calif.-based VeriSign is one of the world's largest Internet security companies. But the dot-com downturn has taken its toll. The company earlier this year laid off more than 400 employees and reported a $4.8 billion loss in the quarter ended June 30, on revenue of $317 million. Its stock closed yesterday at $6.53 per share.
**********************************
Washington Post News Briefs
Consumer Groups Target Spam


A trio of consumer groups on Wednesday will ask the Federal Trade Commission to draft new rules to crack down on unsolicited junk e-mail, or "spam."

Consumer Action, the National Consumers League and the Telecommunications and Research Action Center say they also plan to release a "new tool" that will allow consumers to forward their personal spam horror stories to the FTC.

Earlier this year, the FTC launched a program to combat spam, but the commission has so far focused on deceptive and fraudulent messages.

Consumers already forward the commission approximately 10,000 individual pieces of spam every day. Since 1998, the FTC has collected nearly 9 million spam samples. The agency invites consumers to send any deceptive e-mail they receive to uce@xxxxxxxx
-- Brian Krebs (09/03/02)
****************************
USA Today
Governments employing high-tech surveillance techniques


WASHINGTON (AP) Governments worldwide have made it easier for authorities to augment citizen databases and eavesdrop on telephone and online conversations in order to fight terror, according to a survey of privacy regulations released Tuesday.


The report, written by privacy activists Electronic Privacy Information Center and Privacy International, show the United States was not alone in passing new laws that value increased security over personal privacy.


"It's a general theme toward total identification," said Sarah Andrews, an author of the report. "When you're outside in public or when you're online, you can be identified."

That dismays privacy groups, who worry about free speech restrictions and abuses of power. They have fought new laws like the U.S. anti-terror legislation that lowered the bar on surveillance requirements by authorities.

"They haven't been backed up by evidence that law enforcement and intelligence agencies were hampered before because they didn't have these powers," Andrews said.

Stewart Baker, a former general counsel for the National Security Agency, said increased data sharing might have helped identify the Sept. 11 hijackers.

He said many surveillance proposals were already moving toward passage, and speeded up by legitimized fears of a terrorist threat.

"They're really complaining about changes in the world rather than changes in the law," said Baker, now a lawyer with Steptoe & Johnson in Washington.

In addition to the United States, the report listed new anti-terrorism legislation in Australia, Austria, Britain, Canada, Denmark, France, Germany, India, Singapore and Sweden.

In June of this year, the European Union allowed its member states to require that Internet providers retain traffic and location data of all people using any electronic communications device, like mobile phones, faxes, e-mails, chat rooms or the Internet.

The Russian internal security service recently tried to order all Internet providers to install surveillance software, at the company's cost, so that police could perform instant searches without a warrant. After an Internet company sued, a Russian court decided the rule was unconstitutional.

There also is increased interest in personal surveillance through biometric technology and spy cameras. The report lists the use of cameras at the Super Bowl in Tampa, to search for suspected terrorists. Perhaps no country likes such cameras more than Britain, where an estimated 1.5 million cameras watch public streets and parks.

The report found that governments also want to merge their existing databases, such as those for social programs and traffic infractions, to create profiles to catch suspected terrorists.

Many of the proposals, the report notes, had been proposed and rejected for years. Only after the terror attacks, it said, did they gain acceptance.

"The environment was ripe for these things to go through without the necessary debate," Andrews said. "People weren't asking the same questions anymore."

The report doesn't just show invasions of privacy, however. Several countries in Eastern Europe, Asia and Latin America have new laws to protect personal data from unauthorized disclosure. Finland, Sweden and Russia are working on regulations to protect privacy in the workplace.

The United States recently has brought action against companies that inadvertently leak personal information.

Magazine publisher Ziff-Davis last month agreed to pay three states a total of $100,000 after an Internet security breach that exposed subscriber information, and Microsoft recently made changes to its Internet services after the Federal Trade Commission worried that its security was too loose to protect customer data.

"Before, people were barely held to account for things they were doing deliberately," Andrews said. "Now, there is more accountability for even accidental disclosures."
**************************
Info World
Windows flaw could be used to forge digital signatures
By John Fontana, Network World


AN INDEPENDENT RESEARCHER who last month documented a flaw in Microsoft's cryptography software now says the same vulnerability could be used to forge digital signatures on e-mail sent to users of the Outlook email program.
http://www.infoworld.com/articles/hn/xml/02/09/03/020903hnoutlook.xml
***************************
Reuters Internet Report
E-Mail, Net Abuse Tops List of 'Sackable' Offenses


LONDON (Reuters) - E-mail and Internet abuse, including the downloading of pornography, has overtaken theft of office supplies and lying to the boss as the top disciplinary action reported in the work place, a new study said.

More disciplinary cases have been brought against employees for violating company e-mail and Internet policies than for acts of dishonesty, violence or health and safety breaches, according to a survey by KLegal, a law firm associated with global accounting group KPMG, and Personnel Magazine.

KLegal and Personnel Magazine compiled the survey in June, polling 212 UK companies. Survey participants reported taking action in 358 disciplinary cases related to e-mail and Internet abuses compared to 326 cases for incidents of violence, dishonesty and safety breaches.

The survey is the latest evidence that corporate chiefs are cracking down on employees' e-mail and Internet privileges in an effort to ward off potential lawsuits and damage to the company's image.

In July, computer and printer maker Hewlett-Packard Co. suspended approximately 150 staff in Britain and Ireland and dismissed two for inappropriate use of company e-mail.

Twenty percent of the firms polled said they monitor employee e-mail and Internet usage on a daily basis. In a similar survey published by KLegal 18 months ago, 11 percent said they checked on employees on a daily basis.

The top three Internet-related abuses were excessive personal use of the company's Internet or e-mail connection, sending pornographic e-mails and accessing pornographic Web sites, the survey said.

There was only one reported case involving racial harassment through e-mail, a matter that resulted in a dismissal, the survey said.

The survey also revealed that employees are nearly ten times more likely to be dismissed for exchanging pornographic e-mails than they would be for sending an e-mail that contains damaging information about the company.
*****************************
MSNBC
Ghana's burgeoning hacker culture
A hint of technology's promise for Africa
By G. Pascal Zachary


ACCRA, Ghana, Aug. 30 On a Sunday night in July, a light rain is falling on the pot-holed streets of this West African capital city, and Eric Osiakosian is side-stepping rats on his way to the entrance of his preferred hangout, the Java Café on Ring Road, the central drag. He passes up a flight of steps and through a set of glass doors into what looks like a computer graveyard; Old PCs are strewn everywhere, discarded keyboards and hard disks lie in a pile.
HUNCHED NEAR THE DETRITUS is Eric's friend, Michael Akoto who, like Eric, is self-taught in the ways of geekhood. By day Michael runs the PC network for a radio station; by night he does the same for the Java Café. He is 24 years old, one year younger than Eric. Neither has studied at a university; they can't afford to and besides, technical education in Ghana, even at the country's premier engineering school in Kumasi, a regional capital, is poor. "A whole course of study in computing might cost me $3,000," Michael says. "Instead, mostly we sit behind the computer and study."
Conversation between the two opens with the afternoon's soccer game between Ghana's top two teams, but quickly shifts to a discussion of how best to create a fixed-wireless data network. By using wireless stations linked to a satellite connection, they hope to bypass the moribund government-owned Ghana Telecom. A few minutes later, the principal owner of the Web café, who goes by the name of Prince, joins in the discussion.
Ghana Telecom is a joke, he says. "The government would do better to abandon the mess," he says.
Fat chance. The government, which was elected 18 months ago on a reform program, has vowed to improve Ghana Telecom by making it the Web backbone for the nation. But the company lacks essential expertise and needs an infusion of cash. The plight of Ghana Telecom and the reality of lousy telephone service in West Africa epitomizes the way the so-called digital divide plays out in many of the poorest places on the planet. Despite this difficult environment, a young generation of computer-savvy people is taking root in Accra, a burgeoning class of indigenous African hackers.
Listen to the analysis of the African situation by development experts, and these independent, ambitious young men should not even exist in Accra. Yet against great odds, many youths are finding ways to tap into the global computing culture creating new jobs and identities in the process.


BUILDING THE 21ST (AND 20TH) CENTURY
A few days before our conversation at the Java café, Eric and I attended a training seminar for Ghanaian journalists in BusyInternet, a clean, air-conditioned no-frills office building that doubles as the city's leading Web café and is a magnet for local computer fanatics. Eric's crusade is to persuade local reporters and editors to make better use of computers and report more on Ghana's infant IT industry. When asked how many of the 40 journalists in attendance wrote their stories on a PC, only about a third raised their hands just a few more than those who said they used typewriters. Many also mailed their articles to editors (and they didn't mean e-mail).
The disclosures were a reminder that Ghana remains a country where "wiring a school" means installing electricity service, not the Internet. Some police stations don't have telephones, let alone computers. The usual cost for a PC about $1,000 is almost twice the yearly wages of a typical worker. The country lacks a single decent highway link between major cities. More than a third of the food grown in Ghana rots before it reaches markets; partly as a result the country spends a good portion of its cash on imported food, spending $100 million on rice alone. "We talk about moving into the 21st century, but the truth is that we never mastered the technologies of the 20th century: roads, electricity, the telephone, water and the like," says Kwaku Boadu, who runs a computer networking company in Accra.
Boadu, who spoke before me at the training seminar, added that Ghana faced a double burden of having to create the infrastructure of the "old economy" and the "new economy" simultaneously. While the government struggles with bringing computers to the schools and fixing its broken phone company, it must also build roads, expand its water system and increase its sources of electricity. "If we don't start getting things right now, not only won't we live in the 21st century we won't even live in the 20th century," he warned.
The truth about Ghana is that its citizens will get a taste of both centuries at the same time. Dan Odamtten, an Accra-based programmer, wrecked his car recently on the road from Accra to the historic city of Cape Coast-a road where the holes are so big that they consume not just tires but entire cars. Bruised and battered from the wreck, he walked away with a serious injury-and more convinced than ever that bad roads, not bad universities, are the real enemies of good software in Ghana. Odamtten hopes for a better future but realizes that Ghana may always be a place "with one foot in the last century and the other in this one."
Still, half a loaf is better than none, a point that the media often misses when they highlight the world's digital inequalities. Media depictions of Africa almost always highlight disease, disaster and mayhem, with AIDS, famine and civil wars hogging the print and television coverage in the U.S. and Europe. Yet Accra has made news lately that doesn't fall into the usual stereotypes.
When Bono arrived this spring with U.S. Treasury Secretary Paul O'Neill, they visited BusyInternet and the offices of ACS, a U.S. company that employs nearly one thousand Ghanaians to enter data from American health care forms for Aetna and other providers. In July, the New York Times published a page one story about how data from New York City traffic tickets was being computerized by Ghanaians working from BusyInternet's second-floor offices. The flurry of positive attention, coupled with the growing awareness of the tech-savvy youth scene, has intoxicated some of Accra's elite. "We are destined for greatness as an information hub," says Ken Ofori-Atta, executive chairman of Databank, a local investment bank and money manager.


BROADENING OPTIONS
There would be some justice in Accra's ascent into the ranks of regional IT centers. In the 1950s, in the dying days of European colonialism in Africa, Accra was a storied city where black revolutionaries plotted an independent future. Ghanaian nationalist Kwame Nkrumah gave voice to the yearnings of people of African descent all over the world by arguing in favor Pan-Africanism. Nkrumah, while skillful in global affairs, was an autocrat in Ghana and, fearing domestic enemies, imprisoned and killed his critics. In 1965, he was deposed in a military coup, which ushered in 35 years of turmoil for Ghana, a period something like the long sleep of Stalinism in the former Soviet Union. To Ghanaians, the rest of the 1960s and 70s were a blur of military coups and economic mismanagement. In 1981, Jerry Rawlings, a Ghanaian Air Force officer, seized power for a second time, controlling the government until January 2001.
The ghost of Nkrumah still hangs over Ghana. The independence leader never used a computer or divined the Internet, but his Pan-African philosophy suits a world where telecommunications and computing combine to destroy distance. The first beneficiaries of Ghana's improved connectivity are the estimated two million Ghanaians who live outside of the country. Consider the journey of Kwame Bonsu who returned home to live in 1998 after 20 years in the U.S. Bonsu worked two decades for IBM, making him one of just a handful of people in Ghana with international computing experience. His last job was in Atlanta, where he helped public schools put PCs to good use. The experience made him want to do the same in Ghana. He did, computerizing several schools and a village. Recently, Bonsu shifted gears, forming a company with three people in the U.S. in order to provide software and services to large companies that want to out-source their call centers.
Bonsu's company, Rising Data, hasn't yet attracted call centers to Accra, but he employs four programmers to write code that helps to out-source call-center activity. "Our biggest problem is to create challenging jobs for our bright kids," he says of his present and potential employees. "They reach a plateau and then what do they do next? We're trying to broaden their options so that some of their aspirations can be fulfilled in Ghana."
Back at the Java Café, on another Sunday night in Accra, Eric Osiakosian is helping me rid my laptop of a computer virus foolishly acquired from a strange disk. The virus is so severe that we leave the computer with his friend Michael Akoto and retreat to a nearby bar, where we hoist a few Star Lagers. Osiakosian is celebrating because he's just been hired to run a program aimed at helping the youth of Ghana learn how to conceive of and launch new technology businesses. The program is supported by professors and African students at MIT. Earlier this year they asked Osiakosian to run an entrepreneurs contest in Accra. Scores of students submitted business plans. Osiakosian plans to hold a second contest and run workshops on forming high-tech businesses. The goal, he says, is to make Accra a place worth living for the nerds of his twenty-something generation.
"Many of us have no choice but to make the best of tough situation," Osiakosian says. "We can't all leave for Britain and the U.S. These countries won't take us all. Information technology makes us more aware of what we are missing, but also makes us more able to stand on our own feet. Having bridged the digital divide as best we can, the question now is 'how do we begin to change our world?'"
*************************
Euromedia.net
Data watchdog against EU data retention plans
04/09/2002 Editor: Joe Figueiredo


The 'College Bescherming Persoonsgegevens' (CBP), the independent Dutch data protection authority, has declared that the retention of telecom traffic details (typically used for routing and billing) for long periods, is both unacceptable and disproportionate.

The CBP raised these concerns in a letter to the Dutch Justice Minister Donner, reacting to the recent news that the EU is to introduce a law obliging telecom operators and service providers to hold details of all communications for a year.

This data retention would include information such as addresses, date, time and length of the connection, on all fixed-line and mobile calls, e-mail and web activity. At present, such information may only be retained for short periods, when necessary.

In addition, the CBP is also concerned about the added financial burden this law would impose on telecom operators and ISPs.

Opponents of the proposed law also point out that it would violate Article 8 of the Geneva Convention on Human rights.
**************************
Sydney Morning Herald
Japanese firm develops computer screen that cannot be seen
By Tokyo


A Japanese electronics firm plans to market a computer display that looks totally blank unless the user wears a special pair of glasses, an official said yesterday.

"To others, you would look like someone with sunglasses working in front of a totally white screen," said an official in charge of development at Iizuka Denki Kogyo (IDK), a Tokyo-based electronics parts manufacturing and repair company.

The effect is partly achieved by removing a polarising sheet of film on the screen, whose function is replaced by the specially-made glasses, but the company declined to reveal its new technology.

The firm has made samples with the picture-protective technology with a view to launching sales by the end of the year, said the official who declined to be named.

A 38 cm liquid crystal display with the special glasses would cost Y200,000-300,000 ($A3,000-4,600), compared with some Y100,000 ($A1,500) for an ordinary monitor with the same grade.

IDK hopes to sell 3,000 displays in the initial year.

The company has already received inquiries from scores of companies such as an accounting firm, an Internet cafe operator and electronics manufacturers as well as a government ministry, the official said.
**************************



Lillie Coney Public Policy Coordinator U.S. Association for Computing Machinery Suite 510 2120 L Street, NW Washington, D.C. 20037 202-478-6124 lillie.coney@xxxxxxx