[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips September 18, 2002

To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, akuadc@xxxxxxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;
Subject: Clips September 18, 2002
From: Lillie Coney <lillie.coney@xxxxxxx>
Date: Wed, 18 Sep 2002 15:10:43 -0400

Clips September 18, 2002

ARTICLES

Czar of Cyber Security Defends Easing of Rules
Key Players in U.S. Government's Cybersecurity Efforts
Trade group: P2P not illegal or immoral
Parties trade blame for delay of homeland security bill
Plan to Extend Bag Deadline at Some U.S. Airports
Homeland Security: High Tech Starts Kicking In
Interior officials found in contempt
Credit card scam exposes e-commerce security holes
Roster Change Federal Computer Week
Utah CIO bent rules in hiring, auditors say
Web sites reinforce security and privacy policies, review finds
House panel backs bill to make agencies protect data
Under lobbying, high-tech panel alters recommendations
Dissension, lobbying narrow administration's cyber plan
National cyberdefense strategy draft released
Merchant: FBI probes major credit card scam
Block on digital recordings worries consumer groups
Biometric trials point to passport fraud
Cable Likely to Hold Lead in Broadband-Report
Help On The Way In Spam Wars

**************************** Los Angeles Times Czar of Cyber Security Defends Easing of Rules Policy: He tells critics of his strategy that industry, and not government, has the right answers. By CHARLES PILLER and JUBE SHIVER JR. September 18 2002

SAN FRANCISCO -- Federal cyber security czar Richard Clarke fired back Tuesday at critics who have lambasted his national strategy for cyberspace security as weak and meaningless, saying that government regulation would only make the problem worse.

"Why are we requesting that industry help us, rather than demanding it?" Clarke asked. "Industry frequently knows better than government about the [information technology] infrastructure."

Clarke argued that the problem of cyber security is so complex that it defies a centralized approach. Any regulatory process would be outdated before it took force in the fast-moving world of technology.

The National Strategy to Secure Cyberspace, set for release today, and previewed Tuesday to some experts and members of the media, emphasizes recommendations for better security practices and guidelines for detecting and repelling hackers. It contains no proposals for tax incentives, regulations or legislation to compel businesses or other organizations to safeguard their networks, and thereby increase the nation's overall cyber security.

Experts say there has been a litany of similar reports in recent years, and Clarke's 65-page document adds few new ideas or incentives for industry to patch its security holes.

The Bush administration backed away from several tougher steps, including requiring Earthlink, America Online and other Internet service providers to include security technology with their software, said Michael A. Aisenberg, a director of public policy for VeriSign Inc., a leading security software firm.

White House officials also dropped plans to restrict the use of wireless networks because of rampant security holes, according to industry sources.

Critics have charged that Clarke abandoned those initiatives because of intense lobbying from technology firms, which have wanted to remain free of potentially costly government restrictions.

Clarke denied allegations of undue pressure but would not comment further on earlier drafts of the report.

Some leading security experts rejected the entire report as irrelevant.

"It's not a law. Who cares what it says?" said Bruce Schneier, chief technology officer for Counterpane Internet Security, based in San Jose. "A bunch of voluntary recommendations won't work," given financial pressures in a down economy.

The report, which will be sent to the president in about two months, urges increased public awareness and personal responsibility as a way to create market pressure for better security products and services.

The strategy repeatedly mentions the vulnerability of America's computer networks to cyber attacks by terrorists; much of the urgency behind the report was generated by fears that terrorist organizations may use cyberspace to enhance their attacks in the physical world--a point some security experts say has been vastly exaggerated by government officials.

But Clarke downplayed the terrorist threat as one among many.

"Stop worrying about threats and start worrying about vulnerabilities," he said, noting that perpetrators for many of the most destructive computer viruses and worms--such as Nimda, which was unleashed one year ago and caused billions of dollars of damage--have never been discovered.

"It doesn't really matter if the person who attacked your operation is Al Qaeda ... a criminal cartel or a nation state," Clark added.

Alan Paller, research director for the Sans Institute, a cooperative nonprofit security research organization that works with industry and government agencies, applauded the new emphasis on vulnerabilities and praised the report as a good first step.

But he remains skeptical that a purely voluntary approach will have enough impact in the long run.

Cyber attacks are increasing year by year, despite prior warnings, in part because "whenever there is a perceived conflict between self interest and the national interest, industry has acted in its self interest," he said. ****************************** Washington Post Key Players in U.S. Government's Cybersecurity Efforts Compiled by Brian Krebs Wednesday, September 18, 2002; 12:00 AM

The Administration:

Richard Clarke: President Bush's cybersecurity adviser has sought to make computer security a national security issue, taking his case to the private sector companies that now operate the majority of the nation's most vital computer systems.

John Tritak: Director of the Commerce Department's Critical Infrastructure Assurance Office (www.ciao.gov). The Bush administration wants to fold CIAO into its planned Homeland Security Department, where it will be responsible for ensuring information sharing among the various intelligence departments slated for inclusion in the proposed cabinet level agency.

Ron Dick: Serves as director of the National Infrastructure Protection Center (www.nipc.gov), an arm of the FBI responsible for coordinating communication on computer security concerns between the federal government and the private sector. The NIPC is also targeted for inclusion in the Bush administration's proposed Department of Homeland Security.

Phil Bond: Undersecretary of Commerce for Technology, U.S. Commerce Department.

Richard Pethia: Director of CERT, a government-funded computer security watchdog group at Carnegie Mellon University in Pittsburgh.

U.S. Congress:

Sen. Robert Bennett (R-Utah): Introduced the Critical Infrastructure Information Security Act of 2001, a bill that would encourage businesses to share data about cyber attacks and vulnerabilities with the federal government by exemption the information from Freedom of Information Act requests. The proposal also would give companies limited antitrust protections for sharing such information within individual business sectors.

Reps. Tom Davis (R-Va.) and James Moran (D-Va.): Co-sponsors of a similar antitrust and FOIA exemption bill in the House.

Rep. Lamar Smith (R-Texas): Sponsor of the "Cyber Security Enhancement Act," which requires the U.S. Sentencing Commission to consider a number of new aspects of online crime in coming up with sentencing recommendations in criminal cases.

Sen. Ron Wyden (D-Ore.): Author of the "Cyber Security Research and Development Act," legislation that would earmark $970 million in funding over five years for government agencies to research ways to improve U.S. computer and network security. The bill awaits action by the full Senate.

Rep. Sherwood Boehlert (R-NY): Author of a similar bill, the "Cyber Security Research and Development Act." The bill, which passed the House earlier this year, contains slightly less funding than the Senate version.

Rep. Stephen Horn (R-Calif.): Chairman of the House Government Reform subcommittee that hands out annual computer security report cards to each executive branch agency. The average grade last year was a "D-minus," prompting the White House Office of Management and Budget to promise that will slash funding for key programs at agencies that do no make computer security a higher priority.

Private Sector:

Vinton Cerf: Now a vice president for WorldCom, Cerf helped develop computer protocols that allows computers to communicate through the Internet.

Harris Miller: President of the Information Technology Association of America (www.itaa.org).

Alan Paller: Director of research for the SANS Institute, a computer security training organization that has worked with the federal government on a variety of cybersecurity issues (www.sans.org).

Tatiana Gau: senior vice president, Integrity Assurance, for America Online. Worked on the nation strategy's recommendations for home users and small businesses.

Robert Holleyman: President of the Business Software Alliance (www.bsa.org).

Scott Charney: Microsoft's chief security strategist.
*****************************
News.com
Trade group: P2P not illegal or immoral
By John Borland
September 17, 2002, 4:08 PM PT

After months of making low-key complaints, a consumer electronics maker trade group on Tuesday launched a bitter attack on record labels' and movie studios' anti-piracy campaigns. In a speech given at a storage technology conference in San Francisco, Consumer Electronics Association CEO Gary Shapiro blasted the copyright owners' "scorched earth" legal and policy drives. He also warned policymakers against passing new legislation without serious scrutiny of labels' and movie studios' claims.

"The entire theme of the copyright community is that downloading off the Web is both illegal and immoral," Shapiro said, according to the text of his speech. "It is neither."

The speech marks Shapiro and the consumer electronics community's boldest recent statement against the record companies' and movie studios' efforts. The group's words place it squarely in the midst of a cross-industry backlash to the copyright holders' war on Internet piracy, however. ISPs (Internet service providers) and technology companies have separately made their own displeasure public in recent weeks.

For the most part, consumer electronics companies have been careful to say that they are working with copyright holders to find an appropriate balance between consumer and copyright holder rights, and that they respect the labels' and studios' goals.

But the heightening rhetoric leveled at people who download movies and music off the Net, and the bills introduced in Congress that would force electronics companies to change the way they make their products, have brought matters to an unacceptable situation, Shapiro said.

"The copyright community has declared war on technology and is using lawsuits, legislatures and clever public relations to restrict the ability to sell and use new technologies," Shapiro said. "Content providers would be served better by working with technology companies to deploy (anti-piracy technologies) rather than suing everyone and lobbying Congress."

Record and movie studios have blamed a decline in record sales on the spread of Internet file-sharing and unauthorized CD burning. Fast-rising downloads of movies online threatens to have a similar impact on movie industry profits, studios contend.

The Recording Industry Association of America (RIAA) recently said that CD shipments for the first half of the year were down nearly 7 percent. The music industry group pointed to consumer behavior studies it said showed that people who use file-swapping networks tend to buy fewer CDs.

The motion picture industry has been even more aggressive in petitioning Congress for help against what it perceives as online threats. Several controversial bills have been introduced that would force computer and technology companies to add anti-piracy features to their products and would let copyright owners use hacker-style attacks on peer-to-peer networks that have been used to swap billions of copies of their products.

In his speech, Shapiro hit several familiar notes, saying that the music and movie companies should not "whine" about the inability to compete with free file-swapping services, and instead should "should stop complaining so much and look for technological solutions to its own problems."

Much of the last few years has been dedicated to looking for "technological solutions," however. The music-industry sponsored Secure Digital Music Initiative (SDMI) and several movie industry-backed efforts, both with participation by technology and consumer electronics companies, have spent considerable time looking at different ways to protect content against illegal copying.

Most of these efforts have broken down after the various participants have found themselves unable to agree on a solution. ***************************** Washington Times Parties trade blame for delay of homeland security bill

The White House yesterday accused Senate Democrats of filibustering the homeland security bill in order to punish President Bush for insisting on management flexibility in the proposed department and the ability to have a related White House agency

"Some senators who can't have their way are creating an environment where no one will get their way, that no department will be created," White House Press Secretary Ari Fleischer said yesterday.

Hours later Senate Majority Leader Tom Daschle, South Dakota Democrat, responded by filing a cloture motion that, if it passes, would bring debate to a close on a Democratic counterproposal. The vote will come tomorrow.

The Senate has been debating the Democratic proposal for two weeks, but has not made much progress on many thorny issues. The House already has passed a bill that the White House supports.

"There is no desire to slow this legislation down," Mr. Daschle said, though he blamed the president for the bill not having been completed. "If the president had supported homeland security legislation when Democrats first offered it last summer, we probably would have completed it by now."

But Mr. Bush, speaking at a political fund-raiser in Nashville, Tenn., accused Senate Democrats of being "more interested in Washington's special interests than they are in the interests of protecting the American people."

The president wants to pull together 170,000 federal employees from scores of scattered departments and put them into a new Department of Homeland Security, under his direct command.

Democrats want the employees protected by civil service regulations and collective-bargaining agreements that would make hiring and firing more difficult.

"I don't want to see people fired because they disagree with their boss. I don't want to see people fired because they're Republican or Democrat. I don't want to see people fired simply because they had made a statement and it appears on one of the front pages of the newspapers," Mr. Daschle said.

But the administration said leaving the president without flexibility sets the new department up for failure.

"I hope they get a good bill out of the Senate before they go home to campaign," Mr. Bush said. "But I'm going to make good on my promise that if the flexibility is not in the bill, I'm going to use my veto power."

The House passed its version of the bill, which the president has said he will accept, in a 295-132 vote July 26. The Senate began considering the bill just before its August recess, and has been debating the bill since returning Sept. 3.

But in the two weeks since that time, senators have only passed two amendments one codifying a test program to let airline pilots have access to firearms in cockpits and the other to prohibit companies that move overseas to avoid taxes from bidding on Homeland Security Department contracts.

Mr. Fleischer accused the Democrats of effectively filibustering the bill through endless debate and the drafting of alternatives unacceptable to Mr. Bush.

"It's being talked to death," he told reporters aboard Air Force One. "Debate is entirely appropriate. But there reaches a tipping point where the Senate becomes an institution of inaction and nothing but debate, nothing but talk."

Since Thursday, Sen. Robert C. Byrd, West Virginia Democrat, had refused to relinquish control of the debate, arguing that the Senate was rushing to create this new department and would give too much power to the executive branch without enough congressional oversight.

Republicans, though, said they think Democrats are trying to set the bill up for failure. They wondered why Mr. Daschle had to file his motion to end debate, rather than just ask Mr. Byrd to sit down.

Even more curious, they said, was that Mr. Byrd then signed the petition to end debate.

"There's one easy way to end this filibuster. The Democratic senator who is engaged in the filibuster could simply stand down," said Senate Minority Leader Trent Lott, Mississippi Republican. "What's going on otherwise is a clear effort to kill any chances of the Senate passing the homeland security bill that the president can sign."

? Bill Sammon reported from Nashville while traveling with President Bush. ***************************** New York Times Plan to Extend Bag Deadline at Some U.S. Airports

WASHINGTON (Reuters) - Legislation introduced on Tuesday in the U.S. Senate would relax the year-end deadline imposed by Congress for screening checked bags for bombs at up to 40 airports.

Crafted by members of the Commerce Committee chaired by South Carolina Democrat Ernest Hollings, the bipartisan proposal would also dramatically tighten security procedures for cargo on commercial planes, and extend government-backed ``war risk'' liability coverage for airlines.

The bill to be considered by the commerce panel on Thursday represents a successful step in a campaign by the Transportation Department to get the Dec. 31 deadline pushed back at 10 percent of the nation's 429 commercial airports that officials have said are not likely to meet it.

This compromise must still be reconciled with legislation passed by the House of Representatives earlier this summer as part of its homeland security package that would extend the bag deadline by a year.

Some airport executives have complained that the deadline approved in the aftermath of the Sept. 11 hijack attacks was too ambitious.

They asserted that it created unmanageable logistical challenges and cost pressures that were at odds with the goal of providing an efficient and safe system for screening checked baggage for explosives.

The backbone of the new security system is a network of machines the size of sport utility vehicles that can scan hundreds of bags each hour.

Manufacturing and installing them quickly in airport terminals has proven extremely difficult for some big airports, some of which have had to tear down walls and rearrange space in terminals.

UP TO 35 AIRPORTS WILL MISS DEADLINE

James Loy, the director of the Transportation Security Administration, told the commerce panel last week that up to 35 airports would not meet the deadline for checked-bag screening and recommended an extension for them. They were not named.

The Senate proposal would grant extensions for up to 40 airports, which will be required to submit progress reports every 30 days.

The legislation would also tighten security procedures for hauling air cargo. The industry uses a government-approved program that relies on shippers to ensure cargo is safe. The so-called ``known-shipper'' program has been criticized as too lax but transportation planners say it is reasonable and cost-effective for now.

But the bill would require the Transportation Department to establish a formal inspection program for all cargo transported by air as well as boost checks of shipping companies and their facilities. The legislation also requires the agency to beef up security for airlines that only handle cargo.

Any plan for those companies must include background checks for all employees with access to cargo operations as well as screening of flight crews and others on board the planes.

Also, the bill would extend government coverage of third-party terrorism liability coverage while the industry tries to develop a private fund that it could tap to pay the ``war-risk'' premiums. Details were still being worked out but the airline industry had requested a one-year extension.

Airlines could not afford to operate without government insurance backing because many big insurers fear the prospect of more hijack attacks. Those underwriters have mainly pulled out of the market or dramatically raised premiums and cut coverage below the levels required under international law for commercial airlines to fly.

The government, through the Federal Aviation Administration, has periodically extended coverage in excess of $50 million over the past year. The current extension expires in mid-October. The bill would extend coverage for another nine months. ************************* Business Week Homeland Security: High Tech Starts Kicking In Despite agonizing delays, money is flowing at last to fund the bold proposals for bolstering security

Shortly after the World Trade Center came crashing down, a contingent of tech industry heavyweights, including Hewlett-Packard's (HPQ ) Carly Fiorina, AOL Time Warner's (AOL ) Steve Case, and AT&T's (T ) C. Michael Armstrong, flew to Washington to meet with Administration officials. And during the following 12 months, 100 or so tech leaders held a flurry of follow-up meetings with the White House and the Defense Dept. The subject at hand: how best to marshal the strongest ideas from Silicon Valley in the new war against terrorism.

http://www.businessweek.com:/print/magazine/content/02_37/b3799608.htm?mainwindow
************************
Federal Computer Week
Interior officials found in contempt
BY Megan Lisagor
Sept. 17, 2002

Finding them "unfit trustee-delegates," a federal judge held Interior Department Secretary Gale Norton and Assistant Secretary for Indian Affairs Neal McCaleb in civil contempt today.

"The agency has indisputably proven to the court, Congress and the individual Indian beneficiaries that it is either unwilling or unable to administer competently the [Individual Indian Money (IIM)] trust," U.S. District Judge Royce Lamberth wrote in a 267-page opinion. "Worse yet, the department has now undeniably shown that it can no longer be trusted to state accurately the status of its trust reform efforts."

Norton and McCaleb committed four counts of fraud and one of litigation misconduct for a range of actions that include making false and misleading statements about computer security for IIM data, Lamberth concluded.

Interior has leased American Indian-owned properties and processed revenue earned from farming and drilling for more than 100 years. A group of beneficiaries, led by Elouise Cobell, filed a class-action lawsuit in 1996, claiming poor bookkeeping has prevented landowners and their descendants from determining their account balances. The plaintiffs estimate as much as $10 billion in lost or missing funds and have asked the court to place the trust in receivership out of the department's control.

Lamberth has now paved the way for that action by finding that the appointment of a receiver is warranted and constitutionally permissible, plaintiffs said.

"Clearly, they ought not to be trusted in either administrating the IIM trust competently or reporting accurately," they said in a statement today. "The court has set the foundation for proper resolution."

Meanwhile, officials at the Interior and Justice departments maintain that Interior "has worked very hard over the past 18 months to improve the trust management system and will continue to do so," according to a joint statement issued this afternoon.

"Justice does not believe that the facts of this case or the applicable law justify a finding of contempt," said Robert McCallum Jr., assistant attorney general of the department's civil division. "We disagree with the court's decision and are evaluating it to consider all of the options for appeal."

Lamberth has expressed frustration with the department throughout the case. In 1999 he held then-Secretary Bruce Babbitt, then-Assistant Secretary for Indian Affairs Kevin Grover and then-Secretary of the Treasury Department Robert Rubin in civil contempt.

The situation didn't improve.

In December, he ordered Interior to disconnect from the Internet to protect data maintained under its Trust Asset and Accounting Management System (TAAMS). Some of the department remains offline and, subsequently, under his watch.

TAAMS -- originally deployed in 2000 by Babbitt -- was designed to replace two of the department's legacy systems: the Land Records Information System, which tracks such data as land ownership, and the Integrated Records Management System. IRMS holds a wide variety of data, including information on oil and gas leases and royalties, and is used to distribute royalty payments to more than 300,000 American Indians.

Even before Interior began attempting to intertwine the old and new systems, however, the General Accounting Office predicted trouble.

"According to Interior, [these] two mainframe-based systems are not integrated, have no electronic interfaces and duplicate much of the same information," GAO officials reported to Congress in September 2000. Moreover, "the accuracy, availability and completeness of trust fund records has been a long-standing problem. Tens of thousands of records on trust fund accounts, for example, contain incorrect addresses for the account holders or lack Social Security or taxpayer identification numbers."

That "long-standing" nature prompted some politicians to come to Norton's defense.

"On days like this, it's important to note that the mishandling of Indian trust funds dates back two centuries; Secretary Norton has been in office less than two years," Rep. J.D. Hayworth (R-Ariz.), co-chairman of the Congressional Native American Caucus, said in a statement today. "She deserves commendation, not contempt, for the commitment and energy she has brought to bear on this problem and for the real results she has achieved."

In recent months, Norton had killed her proposal to consolidate trust fund duties into a new agency -- after the plan was panned throughout Indian country -- and instead began working to hash out a new solution with a joint Interior/tribal task force. Those discussions, however, disintegrated as both parties came to an impasse over standards for management, according to the National Congress of American Indians.

"Trust reform is a complex undertaking," Interior and Justice officials said in their joint statement. "This administration has done more to fix a very broken trust management system than any previous administration in history.

A third contempt trial for Norton and McCaleb will begin Dec. 18.
**************************
USA Today
Credit card scam exposes e-commerce security holes

SAN FRANCISCO (AP) A mysterious credit card scam involving more than 100,000 bogus Internet transactions has delivered another alarming reminder about online commerce's security weaknesses.

Although no money was actually transferred in the scheme, more than 60,000 of the illicit transactions received authorization codes during a con job exposed late last week.

The authorization codes verified the validity of those account numbers, opening the door for more widespread theft had the ruse not been detected.

All the affected account numbers have been deactivated and investigations have been opened by federal authorities, said John Rante, president of Online Data, a Chicago-based credit card processor that authorized the bogus transactions.

"People have nothing to be concerned about," Rante said. "We are cooperating with the authorities and we will catch the people behind this."

It's unclear how many account numbers and merchants accounts were targeted in the ruse.

Spitfire Ventures, a startup whose novelty items include a talking toilet paper holder, received 140,000 credit card submissions in 90 minutes on Sept. 12 and 62,477 were authorized at $5.07 each, said Paul Hynek, the company's chief executive.

Los Angeles-based Spitfire discovered the fraud after getting swamped with calls from worried credit card holders swept up in the scam.

"The scary part is that more than 60,000 people had their credit card accounts violated and a lot of them don't even know about it," Hynek said.

Online Data pegged the number of bogus transactions at 104,000. All the transactions involved just a few cents or dollars.

Spitfire's Web site usually processes five to 30 daily transactions, but the Sept. 12 surge in activity didn't immediately trigger security concerns.

Mountain View-based Verisign, the online security firm that handled the transactions, said fewer than 20 merchants received bogus credit card purchase requests. But Hynek said he was told by Online Data that 25 merchants got hit.

Last week's wave of bogus credit card transactions could be a sign of an even bigger problem if the crooks got the numbers by hacking into the customer database of a major Internet merchant.

"The bigger story is where the thieves got this information," said Dan Clements, who follows credit card fraud for Cardcops.com. "It's possible that the thieves found a hole in a database that still needs to be plugged. They could still be mining for credit card numbers."

The scheme's method indicates the culprits relied on a computer program to spit out randomly generated account numbers in search of authorization codes to verify their existence, Rante said. "I'm pretty confident that this didn't originate with a block of stolen credit cards."

The scam's successful retrieval of so many authorization codes exposed cracks in the online credit card processing system.

The credit card processors say the breach probably wouldn't have happened if the perpetrators hadn't been able to crack the affected merchants' passwords.

"This underscores the importance of using strong passwords," said Verisign spokesman Tom Galvin.

When a merchant opens a credit account, Online Data issues a default password and advises the password be changed every few weeks, said Nicole Mondia, the processor's executive vice president of operations.

"When you don't change the password, that leaves the system vulnerable," she said.

Spitfire Ventures never received any advice about its password after it started accepting credit cards three months ago, Hynek said.

"If the passwords are so important, why did they start us off behind the eight ball by giving us an easy-to-break password?" Hynek said. ************************* Federal Computer Week Roster Change Federal Computer Week

Art Money, former Defense Department chief information officer, has been elected to Rainbow Technologies Inc.'s board of directors, effective Sept. 5. Rainbow Technologies is a provider of information security solutions.

Money is president of ALM Consulting, which specializes in command, control, communications, intelligence, signal processing and information operations. From 1999 to 2001, he was assistant secretary of Defense for command, control, communications and intelligence and DOD CIO.

***

Retired Air Force Brig. Gen. Russell Anarde has been recruited to lead the space operations and systems support organization for CACI International Inc., according to a company announcement released Sept. 11.

Anarde is former director of plans and programs for the Air Force Space Command at Peterson Air Force Base, Colo.

CACI officials say that Anarde's recruitment reflects the company's increased focus on providing information technology solutions to U.S. military space commands and related activities of the federal government and commercial space organizations.

Anarde will be based at CACI's Colorado Springs location and will help craft a business development program that focuses on CACI's solutions for command, control, communications, computers, intelligence, surveillance and reconnaissance, tailored to the needs of the space market.

***

Edwin Patton has been named vice president and technical director for systems engineering at Dimensions International Inc., the IT company announced Sept. 10.

Patton will be responsible for developing and managing systems engineering programs for defense, federal and commercial customers, with an emphasis on requirements analysis, telecommunications, IT, network management and security.

Patton previously held senior leadership positions at Teledyne Brown Engineering, TRW Inc. and Science Applications International Corp. He also has an extensive engineering and management background in telecom, IT and software development. As one of the first engineers hired by MCI WorldCom, he was instrumental in the design and engineering of the company's nationwide backbone network.

***

Transportation Secretary Norman Mineta last week announced the selection of five federal security directors who will assume responsibility for 13 airports:

* Thomas Anthony, Palm Springs International Airport, Calif.

* Debora Jean Brooke, Savannah International Airport, Ga. She will also be responsible for Hilton Head Airport, S.C.

* Nicholas Bruich, Yeager Airport, Charleston, W.Va. He will also be responsible for Tri-State Airport in Huntington, Benedum Airport in Bridgeport, Wood County Airport in Parkersburg and Morgantown Municipal Airport, all in West Virginia.

* John Peoples, Saipan International Airport.

* David Bassett, Greater Rochester International Airport, N.Y. He will also be responsible for Elmira-Corning Regional Airport in Horseheads, Binghamton Regional Airport in Johnson City and Tompkins County Airport in Ithaca. ************************** Federal Computer Week War hero shares IT lessons learned BY Dan Caterinicchia Sept. 17, 2002

Special operations troops deployed in Afghanistan have had to wage war in some of the most challenging environments imaginable, and for the most part, their information technology tools have performed admirably.

But something must be done to lighten soldiers' battlefield loads, which can exceed 140 pounds, with more than 73 percent of that weight coming from equipment, according to Air Force officials who have had to carry those packs.

"It's absolutely unacceptable that we have to walk with that much weight with the technology we have today," said Air Force Reserve Tech. Sgt. James Hotaling, a combat controller in the 720th Special Tactics Group in the Air Force's Special Operations Command. Hotaling carried a 143.3-pound pack during Operation Anaconda in March, and he knew many of the more than one dozen troops who were killed or injured in that battle.

Speaking Sept. 16 at the Air Force Association's 2002 National Convention in Washington, D.C., Hotaling briefed the audience on his participation in direct action and strategic reconnaissance missions during Operation Enduring Freedom, serving as the communications specialist for U.S. and coalition forces.

Some missions required scaling ridges thousands of feet high, others were conducted in the desert, and still others were conducted in the snow. The packs carried into all of those locations were made heavier by outdated, inefficient technology, he said.

"The batteries we use [for the portable radios] are lithium and weigh 2 pounds each," Hotaling said. "It takes two to power the radio we're using and that only lasts a day. For a 12-day mission, that's 24 batteries [weighing 48 pounds] and that's crazy."

Col. Craig Rith, commander of the 720th Special Tactics Group, said the Air Force is partnering with industry to lighten the load. He also said the Air Force research laboratories have played a key role in integrating off-the-shelf technologies in the first of a three-part effort aimed at shortening the time needed to strike an enemy target.

The second step will be producing and using "better, lighter versions" of the tools, and the third stage calls for going even lighter and providing "click, click technology," in which the images and intelligence captured by combat controllers on the ground are automatically sent to the closest aircraft and the weapons systems they are carrying, Rith said.

That final step is crucial because different aircraft currently require different information, or at least data presented in different ways, the Air Force officials said.

Still, IT has helped coalition forces immensely in Afghanistan, including the Air Force's Predator, an unmanned aerial vehicle that uses radar, a TV camera and an infrared camera for surveillance, reconnaissance and targeting, Hotaling said.

Personnel at various air operations centers viewed the video feeds from Predators and relayed pertinent data to Hotaling to help him navigate through foreign locales and serve as the "point man" on some missions, he said.

U.S. allies also contributed useful IT, particularly for mission planning. Before various coalition teams would begin a mission, the allied forces' computers, imagery and mapping tools would provide 3-D maps of areas, which enabled the teams to do virtual walk-throughs, Hotaling said.

Hotaling, who was activated in September 2001 and will return to his job as a Washington state trooper when he completes his tour this month, also said that IT interoperability was never really a problem in Afghanistan because Special Forces teams are trained to work jointly, "and that's all we know."

"There's always going to be glitches, but it's mostly things like they got the frequency wrong, but the radio is OK," he said. ************************* Government Computer News Utah CIO bent rules in hiring, auditors say By Wilson P. Dizard III

Utah CIO Phillip Windley and others in the Information Technology Services Office violated and manipulated the state's personnel and contracting rules to hire former employees of Excite At Home, a bankrupt company where Windley had worked, state auditors said.

"We think what happened here is probably some bad management," legislative auditor general Wayne Welsh said. Abuse of personnel rules is not a criminal matter, he said.

"The CIO and some other officials exhibited favoritism to employees of Excite At Homeand they circumvented procedures to get those employees on board," Welsh said.

The auditors' investigation of the matter appeared in a report issued Monday on hiring practices of the CIO and ITS. "While individual cases may not raise strong concerns, taken together we believe these cases display a pattern which does yield strong concerns of favoritism," the report said. The auditors questioned practices used to hire nine state employees, according to the report.

Windley and other Utah state officials, including officials in the governor's office, were not available for comment. In a letter responding to the audit, Windley and other officials appointed by Gov. Mike Leavitt emphasized that the qualifications and competence of the employees discussed in the report had not been disputed. They noted that the report pointed out areas for improvement in hiring practices.

"I would say this is unusual," Welsh said of the incident. "We haven't come across many cases like this." The resolution of the matter is up to Leavitt, who appointed Windley and the other officials and can remove them, Welsh said. **************************** Government Computer News Web sites reinforce security and privacy policies, review finds By Wilson P. Dizard III

A Brown University analysis of government Web sites found that more federal and state sites are taking security and privacy seriously compared to last year.

The Center for Public Policy at Brown analyzed 1,265 federal and state sites, measuring available features, variations between state and federal sites, and responsiveness to citizens' information requests.

According to the study, 34 percent of the sites now have a visible security policy, up from 18 percent last year. And 43 percent have some form of privacy policy, up from 28 percent two years ago.

But the attention to security has led to an increase in restricted areas on government Web sites, some of which require registration and passwords for access, and occasionally fees. Six percent of government sites surveyed had restricted areas and 1 percent had premium features requiring payment.

"These developments are encouraging the creation of a two-class society in regard to e-government," the Brown report said.

The study found that 93 percent of government sites provide access to publications and 57 percent provide access to databases. Of the Web sites examined this year, 23 percent offered services that users could execute fully online, roughly the same number as last year. The most frequently offered services were tax payment, job application, driver's license renewal, and hunting and fishing licensing.

Twenty-eight percent of the sites now have a measure of access for users with disabilities, compared to 27 percent last year, the study said. Seven percent of sites offered some foreign language access, up from 6 percent last year.

The Brown researchers gave high marks to the sites of seven federal organizations: the Labor, Treasury and State departments; Environmental Protection Agency; Federal Communications Commission; General Services Administration's FirstGov; and Social Security Administration. The lowest rankings went to the sites run by the U.S. circuit courts and the Supreme Court.

Among state sites, the researchers praised the sites of California, Connecticut, Nevada, New Jersey, Pennsylvania, Tennessee, Texas, South Dakota, Utah and Washington. They assigned low ratings to the sites of Alabama, Colorado, Mississippi and Wyoming.

Public officials' responsiveness to Web inquiries has fallen, the study said. Last year, 80 percent of government officials answered the researchers' sample query, only 55 percent did so in 2002. ************************** Government Executive House panel backs bill to make agencies protect data By Michael Posner, CongressDaily

A bill to protect privacy of people and businesses that provide information to government statistical agencies cleared a House Government Reform subcommittee Tuesday.

The legislation (H.R. 1152) was approved by voice vote in the Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations and sent on to the parent committee. Only the chairman, Rep. Stephen Horn, R-Calif., and Rep. Janice Schakowski, D-Ill., were present among the nine subcommittee members.

Uniform protections are outlined in the bill to keep confidential data individuals and businesses give government agencies for statistical purposes. Currently different agencies have different rules for protecting privacy and some don't have any.

In addition to adding protections, the bill would let the Census Bureau, the Bureau of Labor Statistics and the Bureau of Economic Analysis share data under limited circumstances to get more accurate information and to limit requests to businesses to file data to different government statistics collectors.

The approved legislation was a substitute by subcommittee chairman Horn to the originally introduced bill. The substitute was partly in response to a Heritage Foundation request. It clarified that non-government researchers could continue to get information they now receive on a limited basis as long as it does not identify the identities of those who supplied it. ************************* Government Computer News Under lobbying, high-tech panel alters recommendations From CongressDaily

Under intense lobbying by industry groups, a White House panel studying ways to protect America's high-tech backbone has dropped several security ideas and turned others into topics for discussion rather than government mandates, according to the latest version of the plan circulated Monday.

The ideas dropped include requiring companies to pay into a fund to improve national computer security and restricting use of emerging wireless networks until their security is approved, according to the draft obtained by the Associated Press.

"We're just identifying the stuff we already know to be a problem, and saying it's a problem," said Russ Cooper, of network security firm TruSecure Corp., who was briefed on the plan. "I thought there was going to be some meat, and there's not."

The cybersecurity panel headed by President Bush's computer security adviser, Richard Clarke, is expected to release its recommendations Wednesday.

Once called the "National Strategy to Secure Cyberspace," the draft circulated Monday added the words, "For Comment" to the title. ****************************** Government Executive Dissension, lobbying narrow administration's cyber plan By Bara Vaida, National Journal's Technology Daily

In the days before the unveiling of the Bush administration's national strategy to protect cyberspace, dissension within the administration and continued lobbying by some business groups led to a whittled down version of the initial plan, according to high-tech industry sources.

Earlier in the month, the administration's Critical Infrastructure Protection Board had planned to release a hefty strategy report that ambitiously outlined actions that business sectors and the federal government should take to secure their computer networks and critical infrastructure, according to industry sources.

The official draft to be released Tuesday evening is 66 pages and clearly marked "draft." It is voluntary and contains no government mandates. It, like earlier versions, states that the document was expected to evolve and undergo updates as technology and national security progressed. Technology Daily obtained a copy of the official draft from industry sources.

Several days ago, a version sent to government agencies was 340 pages, but disagreements from the private sector and within government agencies prompted the board, chaired by Richard Clarke, to make numerous changes, industry sources said.

"To give them the benefit of the doubt, they are trying to get an awful lot of people in the government to sign off, and what always happens with these reports is every agency has its own agenda," said Jim Dempsey, deputy director of the Center for Democracy and Technology.

"That was compounded by ... having to get clearance from the private sector, which was appropriately included in this process. You had to get seven sectors of the [economy] to sign off on this, from the telecommunications sector to the power sector to the computer sector."

Private-sector fears were of particular concern to the administration, as the mid-term election is only a few weeks away and White House officials are reluctant to upset potential campaign donors, said James Lewis, chief technology policy director for the Center for Strategic and International Studies.

"We are in the season where everything is looked at through the prism of the election," Lewis said.

Further, Lewis said Clarke might have overreached with the broader cybersecurity plan. "Dick tried to do too much," Lewis said. "Maybe it would have been better to bite off a small part of [of cybersecurity] like the federal government. ... I would have picked the top 10 doable things rather than try to do everything."

In an example of one change to the report, cybersecurity action plans for defense and intelligence agencies were noted in the 340-page version but eliminated in the 66-page version.

The White House organized a Tuesday afternoon briefing with reporters on the plan and has embargoed its official release for 8 p.m.

Clarke will publicly release the plan at Stanford University on Wednesday, with high-tech industry executives expected to attend, including representatives from Microsoft, Oracle, Apple Computer and Sun Microsystems. ****************************** Computerworld National cyberdefense strategy draft released

The President's Critical Infrastructure Protection Board today released a draft copy of the long-awaited National Strategy to Secure Cyberspace, giving the private sector 60 days to review it and provide feedback before the final version is sent to the president for approval. According to the plan, obtained by Computerworld, the strategy being formally unveiled for the first time today will continue to evolve as individual sectors of the nation's private economy develop their own cybersecurity strategies and the government refines details of the plan (see story).

"This strategy is not written in stone," the document states.

The White House is scheduled to release the draft strategy to the public in an event at Stanford University later today.

In a letter accompanying the strategy, signed by both Richard Clarke, chairman of the President's Critical Infrastructure Protection Board, and Howard Schmidt, vice chairman, the White House stressed the need to form a public/private partnership that is flexible.

"This unique partnership and process is necessary because the majority of the country's cyber resources are controlled by entities outside of government," the letter states. "For the strategy to work, it must it must be a plan in which a broad cross-section of the country is both invested and committed."

To further solidify the public-private partnership and to obtain more feedback on the draft strategy, the White House plans to conduct eight more so-called town-hall meetings around the country. Feedback on the draft strategy released today is due to the White House by Nov. 18.

Feedback forms are available at the White House special Web site, www.securecyberspace.gov. **************************** Computerworld Merchant: FBI probes major credit card scam

The CEO of a Los Angeles-based novelty company, Spitfire Ventures Inc., said the FBI is investigating a major credit card scam involving 140,000 fraudulent credit card transactions at the company's Web site, TalkingTP.com. Spitfire's CEO, Paul Hynek, said he was told by the company's credit card processor, Online Data Corp. in Westchester, Ill., that the scam may have affected as many as 25 other companies. But Online Data President John Rante said he believes only 15 to 20 merchants were affected and that a total of 100,000 fraudulent credit card transactions were involved.

The FBI couldn't be reached for comment.

According to Hynek, Online Data approved more than 60,000 of the false charges, worth $5.07 each, on Sept. 12. Online Data is a reseller of Mountain View, Calif.-based VeriSign Inc.'s credit card payment gateway services, which actually performed the authorizations.

Although about $300,000 in charges were approved by VeriSign, the company stopped the transactions before they were completed, so no money was ever transferred to Spitfire, according to Hynek. However, the authorizations let the thieves know that those credit cards were valid.

As soon as Online Data became aware of the problem, Rante said, the company worked closely with VeriSign to notify the credit card companies, which then deactivated the cards. Rante said the credit card companies are cooperating with federal authorities investigating the fraud.

If the scam hadn't been detected, Hynek said, thousands of dollars in fraudulent charges could have been racked up before cardholders became aware of any problem.

Spitfire, whose products include a talking toilet paper holder, learned of the scam when customers who noticed false charges on their accounts began calling the company, Hynek said.

Hynek, Rante and VeriSign spokesman Tom Galvin all said they believe thieves most likely got the credit card numbers by cracking the passwords of the affected merchants.

But Dan Clements, a credit fraud expert at Malibu, Calif.-based CardCops.com, disagreed.

"The real story here hasn't been told yet," he said. "Since they had 140,000 cards, they probably have a lot more."

Clements said he believes the crooks may have exploited a hole in the customer database of a large Internet merchant that didn't properly secure its Web site.

According to Clements, during their investigations, the credit card companies involved will pull information on the accounts of some of the affected cardholders looking for common denominators.

"Say, if Amazon.com showed up on all their statements, then that's most likely where the credit cards came from," he said. "These numbers were not randomly generated. This was not a crapshoot." **************************** Mercury News Block on digital recordings worries consumer groups By Dawn C. Chmielewski Mercury News

Some subscribers to one of the nation's largest cable systems are unable to make digital recordings of television shows in what the company labeled an unforeseen technological glitch but consumer advocates called a chilling curb on home recording.

An industry newsletter reported that Cablevision has invoked copy restrictions on all unscrambled digital TV programming delivered to its 3 million subscribers in metropolitan New York. It renders a range of cable shows -- from late 1970s sitcoms like ``Diff'rent Strokes'' to Formula One racing on Speedvision -- unrecordable on certain types of devices.

The incident shows how easy it is for cable providers to block recording, consumer advocates said. Even if what Cablevision did was inadvertent, they said, it is a example of how copy-blocking can be used to set limits on how individuals use the most ubiquitous of technologies -- the television set.

``The trend here is if Hollywood has its way, this is what the future looks like,'' said Joe Kraus, co-founder of dig italconsumer.org, an advocacy group. ``The future looks like the world where you press record and it doesn't work and you don't know why. You no longer control the media you pay for.''

The blocking affects a small number of subscribers who use an advanced digital recording device.

Cablevision, the nation's seventh-largest cable company, said it didn't deliberately suspend home recording. Rather, it blamed an unexpected clash between its conditional access system -- which makes sure subscribers see only the TV programs they've paid for -- and the software inside Sony's television set-top boxes.

This software conflict somehow triggered a copy protection scheme known as 5C, which is designed to prevent mass duplication of television shows and movies. It labeled all digital programming off limits to copying.

For now, the glitch prevents viewers from digitally taping any cable show using a next-generation digital videotape recorder called DVHS, the HDTV Insider newsletter reported. These devices recognize the programming as copy-blocked -- and turn off.

Cablevision said it is scrambling to eradicate the bug, identified three weeks ago.

But it notes the problem only affects subscribers who attempt to record programming through the IEEE 1394 interface, a high-speed digital connection known as Firewire or iLink found on high-end digital televisions manufactured by Mitsubishi, RCA and Hitachi, certain set-top boxes and DVHS recorders.

Cablevision says it does not prevent recording on more familiar consumer devices, such as a videocassette recorder or a Tivo-like digital video recorder.

Advocacy groups said the rollout of 5C's copy-protection scheme -- together with the entertainment industry's attempts to extend copy-protection to over-the-air television broadcasts -- are eroding home recording rights, with little consumer input.

``The content industry denies it will affect how consumers watch, enjoy and record television,'' said Kraus. ``But the Cablevision example goes to prove these technologies impact consumers dramatically.''

An attorney for the consortium of technology companies that developed the 5C copy-protection technology said just the opposite is true. He says rules are designed to reflect home use -- while addressing piracy fears that prevent Hollywood from releasing more high-quality content.

Cablevision violated strict licensing agreements when it imposed copy bans on generic cable programming -- shows that consumers should be entitled to copy freely, said Seth Greenstein, a Washington lawyer who negotiates 5C licenses for the consortium.

The only time 5C licensing rules allow copying to be prohibited is with special categories of paid programming, such as on-demand movie services or pay-per-view events, like the Oscar de la Hoya and Fernando Vargas prize fight.

And the movie studios and broadcasters ultimately get to decide what shows to protect -- the cable and satellite operators act as distributors, who honor the rules. They're not supposed to impose copy bans unilaterally.

``We have to figure what happened here,'' said Greenstein. ``5C worked awfully hard to put these encryption rules into its agreement to achieve a certain level of consumer recording rights. Having fought for it, we don't intend to relinquish it.'' **************************** News.com Biometric trials point to passport fraud By Andrew Colley September 18, 2002, 10:15 AM PT

The Australian federal government is poised to crack down on identity fraud amid indications that biometric technology trials have yielded instances of illegal multiple passports. Sources close to the trial said testing of the biometric technology against Passport Australia's existing database of passport information has identified individuals' unique facial biometrics in more than one stored passport. Passport Australia is the agency that issues passports in the country.

The sources said this indicated that individuals may have applied for and been issued multiple passports fraudulently.

However, Australia's Department of Foreign Affairs and Trade declined to confirm that such instances had occurred. "We have undertaken limited testing using facial biometric recognition technology. Some issues did arise during the tests, and these have been addressed and appropriate action taken where necessary," a DFAT representative said.

The representative declined to elaborate on the issues that arose and the additional action the department intends to take.

The facial biometric--a machine-readable algorithm generated from an individual's facial features--is as unique as a fingerprint. Theoretically, a biometric algorithm generated from photos held in Passport Australia's database should only match a passport once.

Sources close to the trial indicated that Passport Australia was exploring the technology because it believes that searching through photographs manually to find instances of fraud is too human-resource intensive.

They indicated trials of the technology had revealed it was 95 percent accurate.

ZDNet Australia's Andrew Colley reported from Sydney.
************************
Reuters Internet Report
Cable Likely to Hold Lead in Broadband-Report
Wed Sep 18,12:23 PM ET

BOSTON (Reuters) - Cable modems, the primary means currently used to connect to the Web for high-speed service, are the next growth area for the Internet as more consumers seek out digital movies and music, a research firm said on Wednesday.

In a research report, Yankee Group said 58 percent of high-speed Internet users were accessing the Web while about one-third of users are using digital subscriber lines.

Cable modems will easily maintain leadership as the most important technology used to connect to high-speed services. At the end of 2001, more than 7 million consumers and 500,000 business subscribers were connecting via cable modem ( news - web sites), Yankee Group said. But cable will likely have to chase DSL in the small business area, they said.

"Emerging technologies have the potential to shake up this forecast in the 2004-2007 timeframe, however, over the next two to three years, the market share for broadband access technologies is unlikely to change substantially," said Matt Davis, broadband access technologies director at Yankee Group.

Internet companies have been aggressively seeking deals with cable operators and digital subscriber lines so they can offer high-speed, or broadband, access to subscribers wherever they live.

For example, in some areas Internet service providers do not have deals to offer their subscribers access via cable but they do have a deal for DSL.

To the consumer, cable modems and DSL offer about the same type of service although some have complained the implementation process for DSL is more cumbersome.

Meanwhile, consumer access of high-speed Internet service through satellite technology has not grown at the rate it had expected, the research firm said, because it saw the proposed merger of EchoStar Communications Corp. and Hughes Network Systems being approval by regulators more quickly.

Between the close of 2001 and the beginning of 2003, 5.6 million U.S. broadband subscribers will be added to the 13.3 million that make up the installed base, Yankee said in its report.

As dial-up growth slows, Internet giants such as AOL Time Warner Inc.'s America Online, Microsoft Corp.'s MSN and Yahoo Inc. have stepped up their efforts to offer high-speed access and services.

"The question most important to mass-market broadband proliferation is now changing from 'Can I get broadband?' to 'Do I want broadband?,"' Yankee Group said, adding that the core issue at the moment was pricing as it costs more than $40 per month in most areas. ************************** Sydney Morning Herald Internet subscribers down September 18 2002

The number of Australians Internet subscribers decreased by 43,000 in the six months ending March 2002, according to figures released by the Australian Bureau of Statistics today.

The drop was attributed to the decline of services offering free access (180,000 subscribers) and hourly access (155,000). An increase of 292,000 subscribers with monthly, quarterly, annual, volume and other access kept the fall to 43,000.

The number of ISPs also decreased during this period, continuing a trend that began in September 2000. Australia now has 571 ISPs, of which only six can be considered very large - with over 100,000 subcribers. These six ISPs provided connectivity to two-thirds of the country's subcribers - 2.8 million out of 4.2 million.

Thirty-two ISPs went out to the wall between September 2001 and March 2002. Only Tasmania (2) and the Northern Territory (4) showed an increase in ISPs during this period.

Of the 4.2 million subscribers, there were 3.7 million were from households and 505,000 from business and government. ***************************** Earthweb Help On The Way In Spam Wars By Sharon Gaudin

New spam-fighting tools will flood the market in the next 18 months helping companies and consumers battle the growing deluge of spam that's filling inboxes with an increasing amount of porn and money schemes, according to a new report from Giga Information Group.

"The amount of spam has increased more than four-fold during the past year," reports Jonathan Penn, a research director at Giga, a Cambridge, Mass.-based analyst firm. "The content has become more offensive. Spam messages are no longer just innocuous solicitations, but marketing of pornographic material or services. The anti-spam market will develop rapidly in the next 18 months, as content security and anti-virus vendors address this growing problem."

Penn points out that SurfControl's Email Filter and Cipher Trust's IronMail are two new spam-fighting products that already have hit the market.

Penn and other industry watchers say a slew of other products will be following close behind.

"The more tools on the market, the better," says Ray Everett-Church, chief privacy officer for ePrivacy Group and a board member for the Coalition Against Unsolicited Email. "Users are more fed up than normal. The flood of spam has increased so dramatically in the past six or eight months that people who were merely annoyed before are now on the verge of revolution."

Everett-Church says he too sees a growing wave of spam-fighting tools that are about to hit the market and he adds that it's about time vendors tackle the problem. "More tools on the market means companies and consumers have more opportunities to defend themselves against spam," he says.

Kelly Thompson, an independent anti-spam consultant and co-founder of the Forum for Responsible and Ethical Email, says she's not overly impressed with most of the anti-spam tools that are out there now.

"They vary widely in their efficacy," says Thompson. "None of them are something I would use on my inbox."

But Thompson also says she has a lot of hope for strong spam-fighting tools to start coming out.

"At some point, companies perceived that there was no business justification for blocking spam," she says. "Users are becoming more angry about it. And the volume has increased so it's costing companies more money. It's more economically justified to buy a spam-blocking tool. It's creating a market."

And a major reason for users' anger is that spam is smuttier than ever. Brightmail Inc., a San Francisco-based anti-spam company that sells software and rules to filter out spam, reported recently that email inboxes are being flooded with about 400% more unsolicited bulk email, or spam, than they were back in September.

Numbers from Mail-Abuse Prevention Systems LLC (MAPS), one of the largest anti-spam organizations out there, backs that up with its own numbers. Margie Arbon, director of operations at MAPS, recently reported that they've seen 600% to 700% more spam between April and June of this year, compared to the same time frame last year.

And a growing percentage of that spam is pornographic, with graphic subject lines and even images.

But with companies trying harder to block spam, Everett-Church warns network managers to be careful that they're not blocking legitimate email along with it.

"The real challenge is to make sure these tools don't wind up blocking legitimate email," he warns. "That's a real danger. You can block a lot of spam but if you block a lot of legitimate mail, you're not a lot better off." **************************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx

Prev by Date: Clips September 13, 2002
Next by Date: ACM TechNews - Wednesday, September 18, 2002
Previous by thread: Clips September 13, 2002
Next by thread: ACM TechNews - Wednesday, September 18, 2002
Index(es):
- Date
- Thread