Clips September 24, 2002

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips September 24, 2002

ARTICLES

Northern Va. Group One Step Closer to Managing Dot-Org [ICANN]
Montgomery Says General Election Will Be Smoother
CDC outlines IT needs for emergency vaccination clinics
INS will tighten registration of Saudi visitors
Lab to sample Linux for weapons work
DARPA seeks 'total information awareness'
Justice Department formalizes information sharing guidelines
FBI cyber chief heralds interagency cooperation
Demand for U.S. IT workers remains soft, survey shows
Military, Private Sector Rush to Adopt High-Tech Security 
Technology  [Biometrics]
FBI Fingerprint Research Helps Spawn an Industry [Biometrics]
Warner to Enable the CD Burning of Its Songs
Plea Bargain Riles Scorned Public Defenders [ID Theft]
More-Engaging Online Content Urged
Internet replacing the college library
U.S. puts money on World Bank "hacktivists"
Judge reserves decision on spam fighter trial
Unguarded moments - why cyber security is on the rise
Library Of Congress Goes Grid

****************************
Washington Post
Northern Va. Group One Step Closer to Managing Dot-Org
By David McGuire
Monday, September 23, 2002; 5:06 PM

Global Internet addressing authorities today reiterated their 
recommendation that a Reston, Va.-based nonprofit group should assume 
control over the valuable "dot-org" Internet domain.

After sifting through a hundreds of comments from the Internet addressing 
community, the Internet Corporation for Assigned Names and Numbers (ICANN) 
reaffirmed its recommendation that the Internet Society (known as "ISOC") 
take over management of dot-org starting in 2003.

ICANN's international board of directors has final say over whether to 
accept the ICANN staff's recommendation. The board is expected to make its 
decision next month.

In its final staff report, ICANN dismissed suggestions that ISOC is 
financially and technologically unfit to operate dot-org, the world's fifth 
largest Internet domain. ICANN manages the Internet's worldwide addressing 
system under agreements with the U.S. government.

"We're very pleased with the final staff report, particularly that ICANN 
chose to go ahead and thoroughly review any concerns and criticisms," ISOC 
spokeswoman Julie Williams said today. "I think it's really to their credit 
that they've tried to make it an open process and to make it as fair as 
possible."

Earlier this year, 11 organizations from around the world submitted bids to 
take control of dot-org when Mountain View, Calif.-based VeriSign Inc. 
relinquishes its hold on the domain in December.

After ICANN gave the preliminary nod to ISOC last month, several 
competiting organizations took issue both with ICANN's selection process 
and with ISOC's qualifications to operate the massive Internet domain.

"The final report is relatively unchanged despite rather serious flaws that 
were brought to their attention by NeuStar and others," NeuStar Director of 
Business Development Ken Hansen said today.

But in its report, ICANN largely dismissed the argument that ISOC's shaky 
fiscal past would make the organization an unstable home for dot-org. ICANN 
noted that ISOC's proposal calls for dot-org to be run by a newly created 
entity call Public Interest Registry (PIR) that will have no direct fiscal 
link to ISOC.

Concerns about ISOC's financial stability are not "applicable," ICANN said.

Hansen disagreed, saying that by ignoring the financial concerns, ICANN was 
"unnecessarily putting the timely transition and management of dot-org at 
risk."

"The (ICANN) board is going to have an opportunity to base their decision 
on the criteria and not on the flawed staff report," Hansen added.

ICANN spokeswoman Mary Hewitt pointed out that none of the dot-org bids 
were evaluated based on the submitting organization's financial model. 
Rather, the evaluation process gave greater significance to the overall 
operational experience and capabilities of the organizations, she said.

Founded in 1991, ISOC serves as the institutional home for two key Internet 
standards-setting bodies, the Internet Engineering Task Force and the 
Internet Architecture Board. It has members in more than 100 countries.

Accounting for more than 2.3 million Internet addresses worldwide, dot-org 
represents a substantial revenue stream for the organization that wins the 
registry contract. As the current domain operator, or "registry," VeriSign 
charges Internet address retailers (called "registrars") $6 per-year for 
every dot-org name they sell. Registrars in turn charge varying retail 
prices to individual users.

Mountain View, Calif.-based VeriSign is set to give up its management of 
dot-org in December as part of a deal it cut with ICANN last year to 
maintain its control of the lucrative dot-com domain.
*****************************
Washington Post
Montgomery Says General Election Will Be Smoother
Votes Were Counted Slowly in Primary
By Annie Gowen
Washington Post Staff Writer
Tuesday, September 24, 2002; Page B04


Two weeks after a primary night meltdown in Montgomery County, elections 
officials promised County Council members yesterday that better training 
and procedures for a computerized voting system would correct the problems 
that delayed election results for hours.

By election night, more judges with better training will be in place and 
procedures will be streamlined to avoid a repeat of the confusion of Sept. 
10, pledged Montgomery County Board of Elections Director Margaret A. 
Jurgensen.

That night, it took hours to produce results in several key races, 
including the hotly contested Democratic primary in the 8th Congressional 
District, as many judges struggled to tally votes and then hand-delivered 
them to the Board of Elections.

"You could send the Gutenberg Bible in the Gobi desert in a nanosecond," 
council member Howard A. Denis (R-Potomac-Bethesda) said after the hearing 
before a council subcommittee. "I don't understand why we can't plug into 
the election results from Bethesda to Rockville."

Denis said, though, that he felt the elections officials would probably be 
able to fix the problems in the coming weeks. "I think that they have a 
high sense of urgency," he said. "It was really embarrassing election 
night. We were the last to come in."

Council member Philip Andrews (D-Rockville) said he was most concerned that 
43 of 237 polling places did not open on time. Jurgensen said two precincts 
opened as late as 7:30 a.m. and the rest between 7:05 a.m. and 7:20 a.m. At 
Parkland Middle School, 30 voters waited more than a half-hour before 
leaving without having voted, according to the county.

At some precincts, the voting booths were not set up, while others lacked 
technical support workers or enough election judges, she said. In November, 
county workers will be on hand beginning at 11:30 p.m. the night before the 
election to see that all of the polling booths are ready to go this time, 
Jurgensen told the committee.

Jurgensen said the county was woefully understaffed with election judges 
for the primary, short some 400 judges of the 3,200 needed. She hopes to 
attract 600 more judges through senior citizen and volunteer organizations 
for the Nov. 5 general election.

More than 200 judges who had trouble tabulating results and closing down 
machines on primary night will have to be retrained, she said.

The Sept. 10 primary was the official debut for the computerized voting 
system -- expected to be statewide in 2006 -- in Montgomery, Prince 
George's, Dorchester and Allegany counties.

Although all counties experienced some technical problems during the debut, 
only Montgomery had trouble tabulating its returns. Results from Dorchester 
and Allegany were completed by 10:30 p.m.; Prince George's results were 
online by midnight.

In Montgomery, by contrast, chaos reigned: Inaccurate results were posted 
on the Web site while judges in precincts struggled through complicated 
forms and tabulation process. Some were so frustrated with the new machines 
that many were simply loaded into cars and dumped unceremoniously at the 
Board of Elections after the polls closed.

Elections officials are to meet today with schools officials to see which 
polling places could use school fax and modem lines to transfer their 
election results electronically, as was done in Prince George's. On primary 
night, only one legislative district in Montgomery sent results in by 
modem. That pilot was dubbed a success.
**************************
Government Computer News
CDC outlines IT needs for emergency vaccination clinics
By William Jackson

The government is offering to help state and local governments design IT 
components of smallpox vaccination clinics in the event of an outbreak of 
the disease.

The Centers for Disease Control and Prevention released its smallpox 
bioterrorism response plan Monday. The Smallpox Vaccination Clinic Guide 
for large-scale clinics is part of Version 3 of the Smallpox Response Plan 
and Guidelines. The clinic guide is available online at www.cdc.gov. The 
full version of the response plan will be available soon.

The 48-page plan deals with the logistical and organizational concerns of 
setting up clinics capable of vaccinating 1 million people in 10 days in 
the event of a smallpox outbreak. It describes a clinic set up to treat 
100,000 people a day in two eight-hour shifts. Among the estimated 117 
people needed to staff each shift is one IT support person.

IT requirements specified in the guide are 12 desktop or notebook 
computers, each with an Internet connection if Web-based databases are 
used. The government will provide technical assistance in designing 
databases and developing vaccine-tracking systems. The amount of assistance 
available would depend on the scope of the emergency.

IT staff members would also oversee the five telephone lines and one fax 
line a large clinic would require.
****************************
News.com
Need Biowarfare Agent? Hop Online
By Kristen Philipkoski

The genome sequence of a potential biowarfare agent called Brucella is 
freely and publicly available to anyone with Internet access.

A frightening thought, perhaps, considering terrorists certainly have 
Internet access. But experts say it's highly unlikely they would also have 
the scientific sophistication to use the information to make a weapon.

Although it's controversial, many scientists believe making the pathogen's 
blueprint publicly available can lead to more good than harm. Sharing the 
genome sequence, which was deciphered by researchers at The Institute for 
Genomic Research (TIGR), will help scientists develop vaccines and find 
faster ways to identify the bacteria.

"The more we know about (Brucella's genome), the easier it is to defend 
against it," said Mark Wheelis, senior lecturer in microbiology at the 
University of California at Davis.

"Although (dangers) are certainly there -- I would say they're greatly 
outweighed by the benefits that knowing the sequence will bring to people 
doing important basic research in the organism," he said.

In humans, initial symptoms of Brucella infection are somewhat flu-like, 
making early detection difficult. Although it's rarely fatal, it can 
incapacitate its victims by making them feverish and disoriented, and can 
cause severe long-term illnesses, such as arthritis, heart disease and 
brain damage.

It can only be treated with large amounts of expensive antibiotics 
administered for one year.

The lead researcher on the study, Ian Paulsen, a TIGR associate 
investigator, described one incidence of the disease: "He was found 
wandering around his front yard delirious in his underpants not knowing 
what was going on. If it was used against a military unit, it's not likely 
the men could actually fight."

People can contract the disease by handling the tissues of infected 
animals, eating contaminated foods or inhaling the pathogen. It is only 
rarely passed between humans.

During the 1950s and '60s, the U.S. Army developed artillery shells and 
bombs armed with Brucella. The stockpile was destroyed in 1969 when the 
government halted its biowarfare program.

However, other countries developed Brucella weapons during the Cold War, 
too. And while most experts doubt terrorists are sophisticated enough to 
use the genomic information now available online, it's possible a 
state-supported biowarfare effort could be.

"Iraq could do that, for instance," Wheelis said. "But terrorists, no."

To alleviate public concern, the National Academy of Sciences and other 
organizations are in the process of drawing up guidelines to determine if 
some genome sequence information should not be made public.

For now, researchers are focusing on the public health benefits of having 
the information accessible.

"Now that we have the genome sequence, we can use genomics-style technology 
such as microarray technology to detect the presence or absence of the 
pathogen, and also fingerprint the strains," Paulsen said.

Knowing which strain an individual is infected with will be key to 
eventually treating people who develop brucellosis.

Paulsen and his colleagues sequenced a strain that mostly infects pigs, 
known as Brucella suis, which can also infect humans. They compared it to 
the goat version, known as Brucella melitensis.

The next step for the TIGR lab is to sequence a strain of Brucella that's 
virulent in sheep but not humans. Comparing the two should point out the 
specific genes responsible for causing human sickness.

A surprising finding, of interest mainly to evolutionary biologists, was 
the fundamental similarity between the swine Brucella genome and plant 
pathogens.

"It shows they had a common ancestor more recently than we would have 
thought," Paulsen said. "They probably all came from some ancestral soil 
organism tens of millions of years ago."
******************************
Washington Times
INS will tighten registration of Saudi visitors

     A program that requires registration of foreign visitors from some 
countries in the Middle East and North Africa is being expanded to include 
men from Saudi Arabia, a U.S. ally and the home country of 15 of the 19 
September 11 hijackers.

     An Immigration and Naturalization Service memo obtained by Associated 
Press directs immigration inspectors registering aliens to include men, 
ages 16 to 45, from Saudi Arabia, Pakistan and Yemen, starting Oct. 1.

     A Saudi foreign policy adviser, Adel Al-Jubeir, noted that nationals 
of other countries also could be subject to registration and Saudis were 
not being singled out.

     The Justice Department had begun registering visitors from Iran, 
Iraq, Sudan and Libya on the anniversary of the terrorist attacks. As part 
of the registration, the foreigners are required to provide fingerprints, 
photographs and details about plans while in the United States.

     "It is imperative that the officers remain vigilant and verify the 
age of all males from these three countries in order to identify properly 
those who are subject to special registration," says the Sept. 5 memo, sent 
by Johnny Williams, the INS head of field operations.

     The memo was sent to INS offices to explain how to implement the 
Justice Department policy known as the National Security Entry-Exit 
Registration System.

     Justice Department spokeswoman Susan Dryden said she could not 
comment on the internal INS document. But, she said, "Saudi Arabia is an 
ally in the war on terrorism and they are not treated as state sponsors of 
terrorism in our enforcement efforts."

     James Zogby, president of the Arab American Institute, said the 
registrations should be conducted at consulates, not at ports of entry 
where the process will create long waits and three lines  one for citizens, 
one for non-citizens and one for Arab-Americans.

     Registration is required on arrival in and departure from the United 
States. The foreigners also must be interviewed at an INS office for stays 
of more than 30 days and notify the INS within 10 days of any change of 
residence, employment or academic institution.

     The memo says inspectors also can register visitors for national 
security reasons who they determine are worth monitoring. The memo says 
inspectors should consider whether the visitor has made an unexplained trip 
to Iran, Iraq, Libya, Sudan, Syria, North Korea, Cuba, Saudi Arabia, 
Afghanistan, Yemen, Egypt, Somalia, Pakistan, Indonesia or Malaysia, or 
whether the visitor's explanation for the trip lacks credibility.

     Among other things, inspectors will be told to consider registering 
foreign visitors who previously overstayed a U.S. visa or whose behavior, 
demeanor or answers indicate that the person may be a security threat, 
according to the memo.

     The additional scrutiny for Saudi nationals follows introduction of 
stricter rules for Saudis who apply for visas to the United States. The 
visa paperwork formerly handled by travel agents now requires interviews at 
consular offices. The scrutiny also comes as President Bush tries to build 
support for a U.S. attack on Iraq, for which Saudi Arabia has said it will 
not allow use of its territory unless the attack is under U.N. auspices.

     Rep. George Gekas, Pennsylvania Republican, chairman of the House 
Judiciary immigration subcommittee, said the registration program seeks to 
weed out people that Saudi Arabia and other countries are cracking down on 
and arresting.

     "It's a natural extension of what is already occurring with respect 
to the war on terrorism, which is separate and apart from our relationships 
with the governments that are involved in this new round of alien 
registration," Mr. Gekas said.
************************
News.com
Lab to sample Linux for weapons work
By Stephen Shankland
Staff Writer, CNET News.com
September 23, 2002, 4:50 PM PT


Los Alamos National Laboratory is buying a $6 million, 2,048-processor 
Linux supercomputer to run its nuclear weapons simulation software, an 
effort that will test the limits of these less expensive megamachines.
The lab has been a pioneer in building inexpensive supercomputers made out 
of ordinary computing components and the Linux operating system. Thus far, 
however, LANL's nuclear weapons simulation software runs on more expensive 
systems from SGI and Hewlett-Packard such as HP's $215 million "Q" now 
under construction.

A $6 million price tag may sound like a bargain in comparison, but software 
must be reworked to run using less expensive clusters of Linux machines. 
Though the new system will run unclassified programs such as predicting the 
properties of new materials, those tests will serve as a proxy to predict 
how well nuclear weapons simulation software works, said lab spokesman Jim 
Danneskiold.


The lab's central mission is ensuring that U.S. nuclear weapons will work 
as planned, despite aging and the current ban on actual nuclear tests. LANL 
has software that simulates the physical effects such as the extreme 
pressure and intense X-rays that accompany nuclear explosions.

Intel-based supercomputers are becoming less exotic, having escaped 
academia and found buyers in the private sector such as Companie General de 
Geophysique for oil and gas exploration work and MTU Aero Engine for engine 
design.

The new system, called the "Science Appliance" and built by Salt Lake 
City-based Linux NetworX, uses a cluster of 1,024 interconnected servers, 
each with two 2.4GHz Intel Xeon processors. It's a close relative to 
another cluster at LANL's sister laboratory, Lawrence Livermore National 
Laboratory.

The Science Appliance, due by the end of the year, will be capable of a 
peak computational speed of 10 trillion calculations per second, Linux 
NetworX said. The computing nodes will be stacked 50 to a rack, with 27 
racks taking up a patch of floor space about 18 by 25 feet. The nodes are 
connected with a high-speed switch from Myricom.

There are future expansion options in the LANL deal, said Clark Roundy, 
vice president of marketing at Linux NetworX.

There's a major difference compared with Livermore system, though: The Los 
Alamos machine has no hard drives. Instead, each computer fires up using 
software pulled over the network with the assistance of software called 
LinuxBIOS developed by LANL programmer Ron Minnich and others. LinuxBIOS 
also dramatically speeds the startup process to about two seconds, said 
Jason Lowry, Linux NetworX's product manager for cluster management tools.

Shunning hard drives cuts cost and power consumption, but more importantly, 
it improves reliability, Roundy said.

"If you think about what things are going to fail in a system, it's the 
hard disk or fan or power supply or something with moving parts," Roundy said.

Linux NetworX could benefit greatly from convincing the Los Alamos and 
Livermore labs that Linux clusters are worthwhile. The labs are funded by 
the Energy Department's Advanced Simulation and Computing program, which 
has spent hundreds of millions of dollars to advance supercomputing using 
machines made of comparatively inexpensive components.

The DOE program has underwritten many of the world's fastest computers, 
according to university researchers who monitor raw calculation speed at 
the Top500 organization. The program has underwritten Nos. 2, 6, 7, 9, 11, 
and 15 on the most recent ranking. *************************
Government Computer News
DARPA seeks 'total information awareness'
By Patricia Daukantas

Biometric, language processing, predictive modeling and database 
technologies are all key areas of the Defense Advanced Research Projects 
Agency's revamped strategy to assist homeland security.

The goal of what DARPA calls its total information awareness programs is to 
prevent terrorist attacks, said Robert L. Popp, deputy director of the 
agency's Information Awareness Office. Popp spoke yesterday at a conference 
in Arlington, Va., sponsored by the Biometric Consortium

DARPA created the Information Assurance Office early this year to develop 
new technologies for extracting and analyzing data that could help the war 
on terrorism, Popp said.

Among the initiatives that the office has launched this year is Genisys, 
which seeks new ways to design ultralarge information repositories for 
counterterrorism efforts while protecting the privacy of innocent people, 
Popp said.

Translingual Information Detection, Extraction and Summarization, or TIDES, 
will help English-speaking analysts understand intercepted messages in 
other languages, Popp said. DARPA's initial efforts with TIDES will focus 
on Arabic and Chinese, as will a related program to improve the accuracy of 
speech recognition.

DARPA's Human Identification at a Distance program is wrapping up a new 
round of tests on various facial recognition products, program manager 
Jonathon Phillips told conference attendees. Phillips, on detail at DARPA 
from the National Institute of Standards and Technology, said that results 
of HID tests are scheduled for posting on www.frvt.org in November.
***************************
Government Executive
Justice Department formalizes information sharing guidelines
By Drew Clark, National Journal's Technology Daily

Attorney General John Ashcroft on Monday released guidelines designed to 
formalize the way in which federal prosecutors share information, including 
data obtained from electronic surveillance, with the CIA and other 
intelligence officials.

The guidelines flow from last October's sweeping anti-terrorism bill, which 
empowered prosecutors to share information obtained through grand jury 
testimony or through electronic, wire or oral interception of information.

Prior to passage of the landmark anti-terrorism legislation, known as the 
Patriot Act, prosecutors were specifically barred from sharing such 
information to intelligence, protective, immigration, defense or national 
security officials.

Justice Department officials said the changes were designed to 
institutionalize a procedure for sharing information collected in the 
course of criminal investigations. Prior to the passage of the Patriot Act, 
sharing of grand jury and surveillance information was barred "even if that 
information indicated that terrorists were planning a future attack, unless 
such officials were assisting with the criminal investigation itself," 
according to a department press release.

Because information collected and presented to a grand jury has not been 
subject to the cross-examination and other checks and balances associated 
with a criminal trial, guarding the secrecy of such information has long 
been a hallmark of the protections that suspects have been granted under 
U.S. criminal law.

Section 203 of the Patriot measure allowed the sharing of such grand jury 
information so long as information identifying U.S. citizens is labeled as 
such before its disclosure to intelligence officials. But Justice officials 
said that any information identifying a U.S. citizen should be labeled 
before being passed to intelligence agents.

And while the identity of such U.S. citizens may be passed to intelligence 
officials, a top level Justice official said in a background briefing that 
the names must be deleted prior to any subsequent usage. But an exception 
is made if its disclosure is necessary to understand the context of the 
information.

In April, Ashcroft issued a directive to Justice Department officials 
regarding procedures for such information sharing, and Monday's guidelines 
formalize them for the department's communication with intelligence, 
homeland security and other federal officials.
****************************
Government Executive
FBI cyber chief heralds interagency cooperation
By Bara Vaida, National Journal's Technology Daily

Ron Dick, the director of the FBI's National Infrastructure Protection 
Center, said the FBI's new effort to partner with the Secret Service on 
investigating cyber crimes is aimed at marshalling resources.

At the launch of the national cybersecurity protection plan last week, the 
FBI and Secret Service announced a new pilot program where several field 
offices of both agencies agreed to work together on investigating cyber 
crimes to determine who is behind a particular attack.

"If you look at what we've done with the Infragard program and what they've 
done with the Electronic Crimes Task Force...we can leverage the 
capabilities of both staffs," said Dick in an interview with National 
Journal's Technology Daily.

Infragard, created in 1996, enables the private sector and federal 
government to share information about cyber crimes confidentially. The 
Secret Service created a national electronic crimes task force in 1995 in 
its New York field office to investigate electronic financial crimes.

"There is a shortage of resources and skills and ability to investigate 
[security breaches], so if we blend the two [programs]," there will be 
strengths in different areas, he said.

Separately, Dick defended the administration's decision not to have 
regulations in the national cybersecurity plan. Some critics of the plan 
have charged that it is weak because it relies on private sector 
cooperation with the government.

"It's the current administration's position not to use regulation or 
statutory changes to secure cyberspace ... because 80 percent [of it] is 
owned and operated by the private sector, and this has to be a partnership 
not mandated by regulation but by good practices," Dick said. "The whole 
crux for infrastructure protection comes down to one word: trust."

When asked if there is date by which the nation's computer networks should 
be secure, Dick said, "No ... but if we still don't have protection of the 
system ... then the government would step in. But we aren't even close to 
that. The right model is to attempt to do this with a trusted partnership 
and see if it works."

Dick said since last year's terrorist attacks, information sharing efforts 
by federal agencies and within the private sector has improved. He noted 
that the CIA has detailed a staff member to the NIPC and there is an 
interagency group, which includes the NIPC, Treasury, Justice and the 
Defense departments aimed at sharing investigative efforts.

"I have seen nothing but willingness of agencies to share information," he 
said.

The majority of the NIPC is slated to move to the Homeland Security 
Department when Congress approves its creation. The training, outreach and 
strategy and analysis portions of the NIPC are scheduled to move to the new 
department, while the investigative component is to remain within the FBI, 
Dick said.
***************************
Computerworld
Demand for U.S. IT workers remains soft, survey shows
By THOMAS HOFFMAN
SEPTEMBER 23, 2002

Although the U.S. IT workforce has grown by 1%, or 85,000 jobs, since the 
beginning of the year, the short-term hiring outlook continues to remain 
bleak, according to an updated report being released today by the 
Information Technology Association of America and Dice Inc.
Telephone interviews conducted in July and August with hiring managers at 
84 IT vendor companies and 216 non-IT companies revealed that "the original 
optimistic hiring forecast at the beginning of the year has been tempered 
by the economy," said Scot Melland, president and CEO of Dice, a New 
York-based provider of online recruiting services for technology 
professionals.

Many unemployed IT workers are shifting the blame elsewhere. Computerworld 
regularly receives letters from disgruntled IT professionals who claim that 
they have in-demand skills such as C++, Java and Oracle training and yet 
haven't been able to find work for months. Many of them point the finger at 
H-1B visa holders and offshore programming outfits, where a growing number 
of companies are shifting their development and maintenance work to reduce 
costs.

Influence From Overseas

Earlier this month, the U.S. General Accounting Office (GAO) announced 
plans to study whether and to what extent the H-1B visa program is costing 
Americans jobs (see story). The results of that study are due out next year.

But some IT professionals say offshore outsourcing is having a more 
significant and longer-term impact on U.S. IT workers.

Outsourcing not only leads to job cuts; it also allows corporations to 
avoid paying unemployment taxes when demand for labor slackens, said Norman 
A. Lane, president of Aztech Professional Services Inc., a Phoenix-based 
consulting and contracting firm. Lane contends that to prevent tax losses 
to the federal government, U.S. companies that engage in offshore 
outsourcing should pay a levy "on every outsourced job to compensate U.S. 
taxpayers."

ITAA President Harris Miller has been a lightning rod for H-1B critics, 
since the Arlington, Va.-based trade association is largely made up of 
technology vendors such as IBM, Cisco Systems Inc. and others who have made 
extensive use of foreign IT specialists. While he said he believes the 
economy has been the biggest culprit, even he acknowledges that offshore 
programming "is having an impact" on the U.S. IT job market.

"The real challenge is offshore programmingnot the few thousand [IT 
workers] that come to the U.S., but the workers in Ireland and South Africa 
and India that are paid much less to do the work," said Miller. "I think 
there is more work going offshore in part due to the pressure to keep costs 
down, and there's huge downward pressure on software vendors to keep their 
labor rates down," he added.

"So much work is going offshore, we're putting ourselves at a substantial 
[intellectual capital and security] risk," said Linda McInnis, an 
independent contractor and head of the hiring initiative at BostonSPIN, an 
Acton, Mass.-based group of 1,200 Boston-area software professionals.
***************************
Washington Post
Military, Private Sector Rush to Adopt High-Tech Security Technology
By David McGuire
Tuesday, September 24, 2002; 12:00 AM

Deep in the Pentagon, an Army officer approaches a gray box affixed at 
roughly eye-level beside a wooden office door. The officer stares at the 
box, training his eye on a circular mirror about the size of a half-dollar. 
"Identification is completed," purrs a computerized female voice as the 
lock clicks, permitting the officer to pass.

The slick plastic box, a device that scans iris patterns and compares them 
to a database of iris images taken from personnel who are cleared for 
entrance, is just one of a widening array of products designed to identify 
individuals by their unique physical characteristics.

Such technology hardly seems out of place in the heart of America's 
military industrial complex. But after the Sept. 11, 2001, terrorist 
attacks, the iris-scanning device and other security technologies that 
focus on physical characteristics are cropping up more and more in civilian 
life -- at office complexes, grocery stores, schools and fitness centers 
across the country.

The science underpinning such devices is "biometrics," a field long mired 
in controversy, but one that has enjoyed a makeover during the past year.

Unlike access cards, the body parts that biometrics devices read cannot be 
easily lost, sold or traded among conspirators, and unlike security codes, 
they can't be forgotten. The appeal of such a reliable identifier has grown 
in the post-Sept. 11 environment, but the use of biometrics for security 
purposes has raised questions about potential privacy intrusions and 
whether the technology is sufficiently reliable.

Army Pushes Biometrics
Squatting across the road from a tiny regional airport in rural West 
Virginia, the U.S. Army's Biometric Fusion Center isn't the gleaming 
testament to scientific advancement one might expect. The building -- a 
smallish, low-slung structure of textured concrete and faded brown siding - 
offers few clues that it's the setting for leading-edge research into 
advanced biometrics technologies.

Past the outer door, however, the center starts to hint at its purpose. 
Barring entry to the main floor is an iris scanner identical to ones 
recently installed in the Pentagon.

Director Paul Howe said the iris scanner, one of several biometric devices 
in use throughout the building, serves two purposes: securing the facility, 
and giving staffers an opportunity to experience daily life with the device 
before recommending it for use throughout the military.

A device that is effective but annoying isn't an ideal solution, Howe said. 
"Part of it is saying, 'If I had to use it, would I really like it?'"

The Bridgeport, W.Va., center was founded in 2000 by the Army's 
then-fledgling Biometric Management Office (BMO), which is charged with 
spurring the deployment of biometric security devices throughout the 
military. The center has since become the testing ground for all commercial 
biometric products considered for use by the U.S. armed forces.

Howe said Bridgeport was a logical choice to serve as home to the Biometric 
Fusion Center. In 2000, West Virginia University boasted one of the 
nation's few academic biometrics programs, and the nearby town of 
Clarksburg is home to the FBI's massive fingerprint database.

Center officials signed the lease on the dowdy two-story property in August 
2000, and eventually engaged a staff of more than 30 contractors, working 
under the management of Howe, a civilian employee of the Defense Department.

Since its launch, the center has reviewed about 50 devices, clearing about 
a dozen for use in military applications, Howe said. "This is kind of a new 
industry. What we like to focus on are those very mature products that 
might be useful right away."

On the top floor, a small laboratory is strewn with tens of thousands of 
dollars worth of commercial biometric devices. Tiny fingerprint 
identification cards that can be plugged into laptops share limited desk 
space with chunky hand scanners and slick iris cameras. Devices deemed not 
ready for prime time rest forgotten beside those already cleared for use in 
military installations and those still facing a battery of tests.

Some super-secure military facilities use custom-made biometric devices not 
available to the public (or, for that matter, to the staff of the Biometric 
Fusion Center), but many mid-level secure military facilities rely on 
commercially available biometrics to provide an "added layer of security," 
Howe said.

One of the most recent installations was the Pentagon Officers Athletic 
Club, where the management office has placed iris scanners at the entrance 
to the popular gym.

Managers there say that, beyond creating a simplified mechanism to allow 
entrance to the athletic club, the placement of the biometric device in 
such a central location will help familiarize military personnel with 
technology that is likely to become far more prevalent in their lives in 
the coming years. Fitness-conscious military personnel of all ranks and 
security-clearance levels pass through the athletic center, BMO Senior 
Analyst Margo English said.

Placing biometric devices in such high-traffic places will ultimately 
acclimate not just military personnel, but the general public to the 
devices, allowing most people to get comfortable with biometrics, Howe 
predicted. "You're always going to have some people who find it awkward, 
just as my mother finds it awkward to remember a password," Howe said.

Reliability
Biometric devices perform one of two basic functions: verifying a person's 
identity ("authentication") and picking subjects/suspects out of a crowd 
("identification").

Authentication devices -- including finger, iris and hand scanners -- are 
used to confirm the identities of people who have clearance to enter secure 
areas, log onto sensitive computers, or perform any other sort of 
restricted function. By contrast, identification technologies like face 
scanners take a more scattershot approach, picking subjects out of crowds 
by spotting their unique physical characteristics. Although a less commonly 
known application, face scanners can also be used for more traditional 
authentication purposes.

Biometric devices may come in many flavors, but all of them share the 
underlying recipe for recording and comparing physical characteristics.

Whether scanning fingerprints, facial ridges, iris patterns or hand 
contours, all modern biometric devices first obtain "samples" by recording 
unique points on a target body part.

The samples are then converted to digital templates, which can be compared 
and contrasted at varying speeds and accuracy based on the level of detail 
included in the original samples and the thoroughness of the series of 
mathematical calculations (or "algorithms") programmed into the device that 
are used for processing comparisons.

Raj Nanavati, whose company International Biometric Group of New York tests 
devices for reliability, says the technology has gotten faster, smoother 
and more accurate in recent years. "The false rejection [and] false 
acceptance rates for finger, iris and hand are very low," he said.

Bill Voltmer, the president and chief executive of Moorestown, N.J.-based 
Iridian Technologies Inc., said iris scanners using Iridian's proprietary 
algorithm can reduce false acceptance rates (instances of unauthorized 
people being cleared for access) to almost zero.

But Voltmer conceded that the devices aren't completely foolproof, which 
highlights a recurring question about relying solely on biometrics to 
protect secure areas. The comparatively high reliability and seemingly 
tamperproof nature of the devices could lull users into a false sense of 
security, according to critics.

That danger was demonstrated earlier this year when a team of Japanese 
scientists released findings of a study in which they used gelatin and 
other simple household products to create "gummy fingers" capable of 
fooling fingerprint scanners.

But proponents of biometrics say that the devices aren't intended to 
replace armed guards or manned security checkpoints. Rather, the devices 
should be used to replace access cards and memorized security codes, which 
they say are much easier to defeat than comparable biometrics.

"Most of the access control systems today verify authorized pieces of 
plastic, when what they really want to do is verify authorized people," 
Recognition Systems Inc. spokesman Bill Spence said. Recognition Systems, a 
Campbell, Calif.-based unit of Ingersoll-Rand, is the world's largest 
developer of hand geometry scanners.

Richard M. Smith, a private Internet security consultant based in 
Cambridge, Mass., said biometric companies still face a tough task in 
selling their products to the public.

"These systems can do a good job of doing access control," Smith said. "The 
trouble is that they compete with other technologies like cards and key 
codes [that] tend to be less expensive and easier to deploy than a 
biometric solution."

Biometrics Sales Grow
Posting an anemic $20 million in sales in 1995, the biometrics industry 
will sell upwards of $200 million in devices this year, said International 
Biometric Industry Association (IBIA) Executive Director Richard Norton, 
citing IBIA sales projections. The biometrics industry posted sales of $170 
million in 2001, and IBIA predicts annual industry sales of $2 billion by 2006.

Hand, finger, face and iris scanners account for most of the biometrics 
products sold, but companies are in the process of developing technologies 
to identify people based on their voice patterns, body heat signatures and 
keyboard-use characteristics, Norton said.

Biometrics companies say that the private sector is only a few steps behind 
the military in adopting biometric technologies.

The sector is small by most standards and has felt the pinch of shrinking 
corporate information-technology budgets, but many biometrics companies 
continue to post growing sales despite a languishing economy.

And beyond the fiscal evidence of the industry's growth over the past few 
years, biometrics executives say the post-Sept. 11 security concerns have 
created unprecedented interest in their products.

"The direct impact [of the terrorist attacks] was the realization that 
crime and terror is actually a reality in our country and they pose a 
threat. It's a wake-up call," said Joseph Atick, president and chief 
executive of Identix Inc., a Minnetonka, Minn.-based firm that is one of 
the largest in the biometrics sector. "The wake-up call as a result of the 
shock of Sept. 11 has led people to accept any identification technology, 
within reason of course."

Increased acceptance is critical for Identix, which deals in perhaps the 
most controversial breed of biometrics: face recognition. Critics of face 
scanners call the technology unreliable, questioning the ability of modern 
biometrics to accurately pick people out of crowds.

Biometrics "are very good authentication tools. They are terrible 
identification tools," said Bruce Schneier, president of Cupertino, 
Calif.-based Counterpane Internet Security and author of the monthly 
security newsletter, "Crypto-Gram."

"Where the industry is really overreaching is where they say, 'We can pick 
terrorists out of crowds,'" Schneier said.

"One-to-one" biometrics devices -- like the Pentagon iris scanners -- have 
a more proven track record, according to industry observers. Facing few 
roadblocks and riding a wave of heightened security concerns, manufacturers 
of those technologies are looking to ramp up deployment.

Schneier cautioned against over-reliance on the devices. "There are many 
circumstances in which biometrics aren't appropriate. That doesn't mean 
they're bad ... it just means they aren't the right tool," he said.

Howe, of the Army's biometrics center in West Virginia, said that use of 
the devices will continue to proliferate.

"They are getting slicker. They are getting less intrusive," Howe said. 
"They'll be as ubiquitous as credit cards."

Tomorrow: Civil liberties groups warn that biometric security devices pose 
serious threats to privacy rights.
*******************************
Washington Post
FBI Fingerprint Research Helps Spawn an Industry
Tuesday, September 24, 2002; 12:00 AM

To a large extent, the modern biometrics industry was born out of efforts 
to commercialize the Federal Bureau of Investigation's groundbreaking 
fingerprint scanning technology.

In the mid-1960s, the FBI asked researchers at the National Bureau of 
Standards (now the National Institute of Standards and Technology) to study 
the feasibility of using technology to "read" the unique ridges and whorls 
of human fingerprints, said Robert Last, a computer specialist and acting 
section chief in the FBI's national fingerprinting division.

Delivered to the FBI in 1972, the first prototype device based on that 
research was several feet tall, nearly as wide and "extremely slow," Last 
said. The device couldn't run comparisons and was only capable of scanning 
fingerprints and converting the ridge and whorl patterns into empirical 
data points.

By today's standards, the machine's capabilities were extremely limited, 
but it laid the groundwork for devices capable of scanning and comparing 
human fingerprints Last said.

The FBI fingerprinting technology caught its first criminal in March 1979, 
when the scanning devices identified a match that had been overlooked by 
investigators using traditional fingerprint comparison procedures, Last said.

Continuing advances in fingerprint scanning technology led to the 1999 
completion of the FBI's Integrated Automated Fingerprint Identification 
System, which greatly accelerated the speed and level of automation with 
which the FBI could run fingerprint comparisons.

-- David McGuire, washingtonpost.com
**************************
Los Angeles Times
Warner to Enable the CD Burning of Its Songs
Internet: Company will make recordable format standard and offer more of 
its catalog as singles.
By JON HEALEY
TIMES STAFF WRITER

September 24 2002

In the latest record-industry concession to consumer demand, Warner Music 
Group plans to offer tens of thousands of songs through the Internet in a 
format that can be burned to CD.

The announcement by Warner and online distributor RioPort Inc. is a 
significant change for Warner. Not only is it making more of its catalog 
available as singles--more than 30,000 songs instead of the current 300--it 
is enabling CD burning as a standard feature.

Warner's move mirrors announcements this year from Universal Music Group 
and Sony Music, which pledged to make tens of thousands of songs available 
as downloadable singles in formats that allow burning. Songs from all three 
companies also are expected to sell for 99 cents to $1.50, less than the 
labels initially sought to charge for downloadable music.

Burgeoning Internet piracy is pushing the labels to offer consumers 
something more compelling than their initial online collections. Consumers 
showed little interest in the major labels' first downloadable singles, 
largely because of the high price, limited selection and cumbersome 
electronic locks that prevented songs from being copied, moved to portable 
devices or recorded onto CD.

The new lineup of Warner songs will still have electronic locks, but buyers 
will be able to record the songs onto a standard CD, effectively removing 
the limitations. The label expects to make available all songs to which it 
has digital rights, which probably will leave out Madonna and a few other 
top artists.

The songs are slated to hit the market this month through RioPort's online 
retail partners, which include BestBuy.com, MTV.com and HP.com.
**************************
Los Angeles Times
Plea Bargain Riles Scorned Public Defenders
Justice: State attorneys group to seek a tougher sentence for a lawyer who 
allegedly used a stolen identity to chastise her colleagues in an online 
chat room.
By MONTE MORIN
September 24 2002

Criminal defense lawyers make their living in part by pleading for 
forgiveness on behalf of their clients. But in the case of Ana Maria 
Patino, members of the California Public Defender Assn. are crying out for 
blood.

Patino is a Santa Ana attorney who used the organization's closed Internet 
chat room to attack other members with a stream of angry missives, 
association officials say.

After being booted out of the group last year, Patino reemerged 
surreptitiously, using the online identity of a young law school graduate, 
prosecutors said. This prompted an investigation by the FBI and local 
police that resulted in charges of identity theft and forgery.

Prosecutors, however, have agreed to dismiss the charges if Patino 
apologizes, performs community service and pays $1,500 in fines.

The deal has members of the association crying foul, saying that Patino 
victimized them and avoided jail time by hiring a well-connected defense 
lawyer. They say prosecutors are letting her off too easily. They also 
complain that as the "victims" of the crime, they were never consulted 
about the plea deal.

"I'm astounded. Clearly the D.A. doesn't care about identity theft," said 
association board member Don Landis, who is an Orange County deputy public 
defender. "They're really interested in victims' issues when they want to 
be tough on some indigent client who pocketed something at Mervyn's, but 
when it comes to dealing with an Orange County lawyer, it's a different 
matter. It's hypocritical."

Members of the group--which is open to all defense attorneys--plan to take 
the unusual step of asking a judge next month to scuttle the plea bargain 
and demand stiffer punishment for Patino.

Patino, a defense lawyer who specializes in appeals cases involving 
immigration law, was the chat room's most active participant.

Firing off 10 to 15 critical messages a day on a variety of 
criminal-defense topics, Patino would sometimes sign her electronic 
missives as "Xena" or "Lady Anne."

Chat-room users say many lawyers felt the heat of Patino's flames, but the 
54-year-old attorney allegedly crossed the line when she picked fights with 
the leader of the Orange County Bar Assn.

"I really don't know why you would think anyone would care what you think," 
Patino wrote to then-Orange County Bar President Jennifer Keller.

"You never have ceased to amaze me in your pretentious sense of power which 
you choose to gloat over people."

Patino also took aim at association director Michael Cantrall, cursing him 
and vowing to "bring you down and everyone else associated with you."

The defenders group responded by stripping Patino of her chat-room 
privileges and terminating her membership in the association.

But in June of last year, just weeks after she was bounced from the chat 
room, Patino reemerged under a false identity, the association said. Using 
the name and a bar license number of a 28-year-old law school graduate, 
Patino reportedly resumed her electronic chats as Lianna Figueroa.

The alleged ruse worked for several months, association officials said, 
until Patino began to complain to the site's Webmaster about service. The 
Webmaster reportedly recognized Patino's confrontational style and 
telephoned the real Lianna Figueroa to ask whether she was dissatisfied 
with the Web site.

"I had no clue what they were talking about," Figueroa said. "I just 
finished law school. I never applied to them for an account."

Authorities eventually charged Patino with identity theft, forgery and 
fraud. Patino hired powerhouse Orange County defense lawyer Alan Stokke, 
who discussed a plea deal with prosecutors.

Deputy Dist. Atty. Susan Riezman said Stokke's political connections played 
no role in the deal. "This is an appropriate agreement based on the 
totality of the circumstances, and the non-seriousness of the crime," 
Riezman said. "The victim suffered no financial loss nor any loss of 
reputation."

Riezman noted the matter would also be investigated by the State Bar of 
California.

Patino insists that she has done nothing wrong and is being persecuted by 
the association. "I am innocent," Patino said. "I do not know anything 
about Lianna Figueroa. I don't know her and I don't know anything about an 
apology."

She insists that the public defenders are out to get her. As an appeals 
lawyer, she said, she regularly exposes the sloppy work of public defenders.

"Their motivation is to get back at me," Patino said. "I make them look 
bad. They're motivated by envy."

Figueroa, the lawyer whose identity Patino allegedly used, said she has 
been troubled by the experience. She said prosecutors should hold Patino to 
a higher standard because she is a lawyer.

"I have no idea what this person was telling people under my name, and I'm 
worried people will think it's me who said it," Figueroa said.

"Nobody seems to care. I went to the police and they said, 'Big whoop, 
nobody lost any money.' I want somebody to take this seriously."
**************************
Los Angeles Times
More-Engaging Online Content Urged
By JUBE SHIVER Jr.
September 24 2002

WASHINGTON -- A White House panel studying ways to boost demand for 
high-speed Internet access is expected next week to encourage Hollywood and 
others to offer more online content. The report also will recommend that 
more workers use high-speed lines to telecommute from home.

After intense lobbying by industry groups, the President's Council of 
Advisors on Science and Technology sidestepped calls for an overhaul of the 
nation's telecommunications networks, such as backing the regional Bell 
phone companies' bid to scale back laws that regulate their ability to 
compete in the market for high-speed Internet access, or broadband.

Instead, the blue-ribbon panel of industry executives and academics hopes 
to encourage the development of more online entertainment, as well as 
online government and educational services, as a way to lure more of the 70 
million Americans now online to upgrade to broadband, which is four to 30 
times faster than a standard dial-up modem.

"We think this report will be a very significant move forward," said 
Claudia Jones, a spokeswoman for AT&T Corp., which has been following the 
issue closely.

A spokeswoman for the White House Office of Science and Technology Policy 
declined to comment on the report.

The Bush administration has been under pressure from Silicon Valley to 
implement tax incentives and change the rules governing the phone and cable 
TV industries to help boost the number of high-speed Internet connections 
amid an industrywide financial meltdown.

Only about 10 million homes have high-speed Internet access, which is more 
complex to install and twice as costly as traditional dial-up Internet access.

Many consumers see no compelling reason to pay extra for broadband, 
according to a study released Monday by the Commerce Department. The 
average $40 to $50 monthly fee for broadband is cited by many consumers as 
the main reason they aren't upgrading to faster access, the Commerce 
Department said.

Three industry sources who have seen draft copies of the president's 
council report said the group generally recommends a laissez-faire and 
low-key approach to broadband.

Besides supporting the development of more content, the report is expected 
to call for more research and development of high-speed technologies, 
including wireless data networks. The report also will recommend the 
government use its clout as a big purchaser of technology to promote online 
services that could benefit from a fast Internet connection, such as 
distance learning and telemedicine.

In calling for more engaging content, the report could put the White House 
at odds with Hollywood and other powerful forces seeking greater government 
protection for creative works online.

Although government has little broadband content to offer, a report to be 
released today by a unit of the Progressive Policy Institute suggests one 
novel approach: encourage the nation's public broadcasting stations to put 
their television shows online.
*************************
San Francisco Gate
Internet replacing the college library

Washington -- Just because that college junior still has not found his way 
to the campus library does not mean he is an academic slacker. Almost 
three-quarters of U.S. college students now use the Internet more than the 
library, and a strong majority said the Net has been an asset to their 
educational experience,

according to a recent report.

The study, conducted by the Pew Internet & American Life Project, found 
that 86 percent of college students have gone online, compared with 59 
percent of the general population.

"One of the things that jumped out was the degree to which college students 
have integrated the Internet into their everyday life. They are used to 
high- speed, instant access. They treat it like they would any utility -- 
water, telephones, television," said Steve Jones, the study's author and 
head of the Communications Department at the University of Illinois at 
Chicago.

The study is based on more than 2,000 surveys from undergraduate students 
at 27 U.S. colleges and universities, as well as observational research 
done at 10 schools in the Chicago-area. The research was conducted from 
March to June and has a margin of error of plus or minus 2 percentage points.

"This is such an interesting generation," Jones said. "We've known 
anecdotally that students are using the Internet a lot, but we didn't have 
any hard numbers. Nobody has ever gone out to find out for sure what is 
really happening."

Students are using the Net for research purposes, but also to communicate 
with professors and other students outside the classroom. Almost half of 
the students said they were better able to share thoughts and ideas with 
professors through e-mail than in person, and 75 percent have used the 
Internet to communicate with peers about academic projects.

The study also found that 85 percent of college students own their own 
computer and that most prefer to search the Web from the comfort of home.

Computers have not yet revolutionized the university experience in the 
radical ways many predicted. Of the 6 percent of students who chose to take 
a class online, only slightly more than half found it to be worthwhile. And 
interaction between teachers and pupils on message boards and instant- 
messaging programs remains low.

Nearly three-quarters of students check e-mail at least once a day but not 
always in anticipation of a new homework assignment. Forty-two percent of 
college students use the Internet primarily as a vehicle for social 
communication, and almost all students use e-mail to keep in touch with 
friends and family at least once a week.
**************************
News.com
U.S. puts money on World Bank "hacktivists"
By Matthew Broersma
September 24, 2002, 6:00 AM PT

The U.S. government is advising system administrators to monitor their 
systems for computer attacks planned this week, ahead of the Washington, 
D.C., meeting of the World Bank and the International Monetary Fund.

The meetings have spurred protests in previous years, but this year 
anti-globalization activists are expected to step up their plans, possibly 
attempting to block traffic on the city's streets on Friday. The U.S. 
government's National Infrastructure Protection Center (NIPC) said Monday 
that those planning physical disruption might also use computer attacks to 
"enhance the effects of the physical attack or to complicate the response 
by emergency services to the attack."

Although there have been no specific cyberthreats issued against the IMF 
and World Bank meetings, the center warned that "several hacker groups" 
could be planning Internet protests.

The center said that computer attacks could be carried out either by 
idealistic hackers or simply by publicity seekers. "Cyberprotestors can 
engage in Web page defacements, denial-of-service attacks, misinformation 
campaigns, and the like," the NIPC said in a statement.

The center recommended that system administrators monitor their own 
computer networks to prevent hackers from either staging attacks on their 
own networks, or using the network as a jumping-off point to attack a third 
party.

Administrators were also urged to review their security procedures, 
including limiting unnecessary inbound traffic, changing passwords and 
login names and keeping up-to-date with software patches. Suspicious 
activity can be reported to FBI offices, the NIPC or other authorities, the 
NIPC said.

Last summer a European Union summit in Gothenburg, Sweden, was marred by 
running battles between police and protesters, causing the World Bank to 
cancel a planned Barcelona meeting and turn it into an online videoconference.

The NIPC dates online activism from 1998, when Electronic Disturbance 
Theater endorsed a series of attacks on the Web site of the Mexican 
government.

ZDNet U.K.'s Matthew Broersma reported from London.
*****************************
Sydney Morning Herald
Judge reserves decision on spam fighter trial
By Perth
September 24 2002





A judge has reserved his decision on whether a "fearless spam fighter" 
should face trial for disrupting the $1,000-a-day business of a company 
which sends junk email, or "spam".

Perth man Joseph McNicol had lodged an application to strike out a civil 
action against him by The Which Company, the parent company of 
direct-marketing business t3 direct, which sends bulk unsolicited email.

The Which Company alleges it lost $43,000 in business after Mr McNicol, 
annoyed at receiving its emails, `outed' t3 direct by posting its IP 
details on the internet.

The West Australian District Court was told yesterday day the IP address 
was noted by a not-for-profit group called SPEWS - Spam Prevention Early 
Warning System - which blocks spam emails from getting to addresses on the 
Internet.

T3 alleges Mr McNicol, described in court as a self-styled "fearless spam 
fighter", told SPEWS that t3 was spamming - which caused SPEWS to block the 
company's emails.

But Mr McNicol's lawyer Jeremy Malcolm said there was no evidence of any 
contact between Mr McNicol and SPEWS.

Deputy Registrar Richard Hewitt suggested SPEWS could provide information 
on who tipped them off.

However, Mr Malcolm said contacting SPEWS would prove difficult.

"SPEWS is a totally anonymous body and nobody knows who they are," Mr 
Malcolm said.

T3 said Mr McNicol's vendetta against spam, and his outing of t3, made it 
likely the Perth man did pass the information to SPEWS.

This should be tested in court, the direct marketer said.

Mr Hewitt said t3 was asking for permission to proceed so it could get 
access to the information "locked up in the mind of the defendant".

"At the moment you don't have any evidence to prove your case (but) we have 
a demonstrated level of hostility between the defendant and your client," 
Mr Hewitt said.

Mr McNicol has previously alleged, outside court, that Internet users would 
have to find an alternative to email if marketing companies got the green 
light to send junk email.

Deputy Registrar Hewitt has reserved his decision until October 7.
**************************
Sydney Morning Herald
Unguarded moments - why cyber security is on the rise
By Kim Zetter
September 24 2002

The spike in computer crime in the past two years has been matched by a 
parallel spike in the number of security consultants and companies popping 
up to relieve organisations of their worries and their budgets.

With promises to plug holes, monitor traffic and chase down criminals, 
Managed Security Services can appeal to IT departments too taxed with 
administration to maintain security and to companies too small to hire 
specialist staff.

Knowing what to do yourself - and what to contract out and to whom - is a 
common difficulty.

The advantages of outsourcing are many. It's less expensive to pay a fee 
for expert services than to hire and train dedicated staff. Security 
providers are aware of the latest vulnerabilities, patches and products. 
And if they're monitoring your traffic full-time, they can respond to 
attacks in progress rather than a day or week later when your regular 
administrators get around to analysing the network logs.

What's more, MSS providers have more experience to respond to attacks 
against your system since they are more likely to have seen similar attacks 
on others.

But not all offer the same services or quality and not all are financially 
stable.

According to industry researchers at Giga Information Group, there are more 
than 80 MSS providers in the United States operating nationally - down from 
125 last year - a figure that analysts expect to drop to 60. So you should 
choose wisely if your security provider goes belly-up.

When it comes to picking a provider, the managed security label can be 
misleading since it encompasses a variety of services, from one-time 
vulnerability assessments to 24-hour network monitoring.

Some companies that call themselves MSS providers are actually only product 
resellers.

Steve Hunt, a research analyst with Giga, says there are six categories of MSS:

On-site consulting to develop a security plan and infrastructure.
Vulnerability testing.
Product sales of security hardware and software.
Remote perimeter management, which involves installing, configuring and 
managing a virtual private network.
Network monitoring, a 24x7 service to watch network traffic for suspicious 
activity and intrusions.
Compliance monitoring to ensure employees comply with company policies.
Some providers offer a single service, others a smorgasbord. Costs can 
range from $US250 ($A474) a day for consulting to $US12,000 a month for 
network monitoring.

Small Sydney provider Kyberguard, for instance, has 50 clients including 
Nippon Telephone and Telegraph and international engineering group 
Montgomery Watson Harza.

It charges $250 a month for small companies, which includes the cost and 
installation of a firewall and IDS hardware as well as 24-hour monitoring 
of perimeter activity. For 100 to 150 employees they charge $950 a month 
for hardware and monitoring of internal-external traffic. They also install 
and configure VPNs.

Canberra-based 90East, which has offices around the country, charges $7000 
to $10,000 a month for network monitoring. It also offers server hosting 
and VPN services.

The company is new to the commercial market after securing government 
systems for several years. The founders were government contractors who 
built a complex firewall system for federal agencies, then formed 90East 
when the government decided to outsource security.

Their clients include 35 federal departments, state governments and legal 
firm Minter Ellison.

The company recently acquired Application Service Provider Peakhour.

Giga's Steve Hunt says that before choosing any MSS, you should assess your 
business risks and needs to decide what you can do in-house and what you 
should outsource. But no company should hand over all security to an outsider.

Greg Nelson, information security manager for chip maker Advanced Micro 
Devices, says companies should retain control of security management.

"You can outsource specific tasks but you can't outsource responsibility 
for the security of your company," he says.

Bruce Schneier, founder of United States network monitoring service 
Counterpane, recommends outsourcing labour-intensive tasks such as 
vulnerability assessment, network monitoring, consulting and forensics.

Schneier says companies cannot effectively monitor their own networks.

"Security monitoring is inherently erratic: six weeks of boredom followed 
by eight hours of panic," Schneier says. "Attacks against a single 
organisation don't happen often enough to keep (staff) engaged and interested.

"The choice is not outsourcing or doing it yourself. Goldman Sachs can do 
it themselves. But nobody else can."

AMD, which has 14,000 employees worldwide but only three security staff in 
the US, hired Counterpane after trying unsuccessfully to track more than 
100 Internet servers.

"We were always a day behind in analysing results and we could never catch 
anything as it was happening," AMD's Nelson says.

Counterpane monitors AMD's systems around the clock, while another 
undisclosed company runs penetration tests twice a month. Nelson says the 
decision was also an economic one.

Counterpane charges about $US12,000 a month, as opposed to the $100,000 to 
$200,000 a month it would cost most companies to hire five or six specially 
trained employees to monitor their systems around the clock.

AMD at least recognised the need to monitor their networks. But according 
to Tim Cranny, senior consulting engineer with 90East, many companies do 
not even make the attempt.

"You'd be astonished at the number of companies that have an 
intrusion-detection system or firewall but no one watching them," he says.

Although it might be tempting to hire an all-in-one MSS for your needs, 
Counterpane's Schneier says you should avoid companies that have a conflict 
of interest, such as those that sell products and offer to manage them or 
those that offer device management plus monitoring.

If the monitoring staff discover an intrusion to a system that the 
device-management team should have secured, they're likely to fix it 
quietly without telling you about the mistake. Companies that sell products 
and do vulnerability assessments also have an obvious interest in finding 
problems their products will solve.

He believes it is better to hire a company that does one thing well and to 
hire others for separate tasks.

Giga's Hunt says that penetration tests can sometimes be useless as they 
can be used to get an organisation to sign on for other services or by IT 
departments to justify larger budgets.

"And all the reports say the same thing," Hunt says. "You have crappy 
passwords, you have open ports, your operating system lacks the latest 
patches."

Hunt says before authorising a test you should shore up your network with 
basic steps such as secure passwords and closed ports and then test only to 
find serious problems you would have missed on your own.

In the end, the best providers are leaders in their field and have a good 
history behind them. Hunt suggests talking to other companies with security 
needs similar to yours and asking analysts for solid security consultants 
and companies that will be around for a while.

Before hiring Counterpane, Nelson narrowed AMD's choices to five companies 
but by the time they came to make a final decision three of them were 
already out of business.
****************************
Earth Web
Library Of Congress Goes Grid
By Paul Shread

Grid computing technology may soon be used to preserve such priceless 
artifacts of American history as films of the Spanish-American War and the 
1906 San Francisco earthquake, the photographs of Matthew Brady and Ansel 
Adams, and Walt Whitman's notebooks.

The Library of Congress is evaluating Grid technology developed at the San 
Diego Supercomputer Center to archive and preserve these works and the 
Library's other digital collections.

The Library has assembled numerous important digital collections such as 
American Memory, a treasure trove of films, recordings, photos and 
documents from U.S history and culture. The collection, "rich primary 
source materials on the history and culture of the United States," contains 
more than 7.5 million digital items on more than 100 topics from the 
collections of the Library and other repositories. Items include encoded 
text, images, and audio and video files varying in size from 25 kilobytes 
to 5 megabytes each, for a total of some 8 terabytes of digital data.

Powerful data Grid technologies such as the Storage Resource Broker (SRB) 
developed at the San Diego Supercomputer Center (SDSC) for scientific 
computing are showing promise of being able to preserve these digital 
holdings. SDSC and the Library are collaborating to evaluate the SRB data 
Grid software to preserve and manage priceless national digital collections.

"We're interested in how the SRB can be applied to the task of building a 
repository for managing Library of Congress digital holdings," said Martha 
Anderson of the Library's Office of Strategic Initiatives.

'Repurposing' Collections

"We're entering an era in which digital libraries can be used to preserve 
intellectual capital," said Reagan Moore, co-director of the Data and 
Knowledge Systems program at SDSC. "And beyond preservation, the ability to 
discover the information and knowledge content within digital holdings will 
add even greater value to these collections."

The researchers will investigate the capabilities of the SRB to manage and 
"repurpose" Library of Congress collections. Repurposing a collection 
involves giving users the ability to generate new views of the digital 
holdings. For example, a user might want to gather the material in the 
American Memory collection that is relevant to a landing on Mars. This 
material might involve NASA material on the mission and space vehicle, 
Congressional material on the budget debates involving the funding, and 
other material that puts the mission in historical context.

The collaboration will involve the installation at the Library of Congress 
of the SRB software and the Metadata Catalog, which keeps track of each 
digital object. Library of Congress staff will then build a test collection 
and use it to evaluate the capabilities of the SRB data Grid middleware to 
preserve both the collection and descriptive information about the 
collection; to enable a naming convention that spans the entire collection, 
no matter where its components are located; to merge different collections 
seamlessly into new virtual collections; and to control access.

Library of Congress researchers are also interested in evaluating the 
ability of the SRB to interoperate with other systems using open standards.

"We're looking forward to the research opportunities this collaboration 
will give us to understand how digital library, data Grid, and persistent 
archive technologies can all be integrated in support of preservation of 
digital holdings," said Moore. "This will help extend our ability to 
preserve intellectual capital."
*************************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx