[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips September 24, 2002
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, akuadc@xxxxxxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;
- Subject: Clips September 24, 2002
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Tue, 24 Sep 2002 11:18:41 -0400
Clips September 24, 2002
ARTICLES
Northern Va. Group One Step Closer to Managing Dot-Org [ICANN]
Montgomery Says General Election Will Be Smoother
CDC outlines IT needs for emergency vaccination clinics
INS will tighten registration of Saudi visitors
Lab to sample Linux for weapons work
DARPA seeks 'total information awareness'
Justice Department formalizes information sharing guidelines
FBI cyber chief heralds interagency cooperation
Demand for U.S. IT workers remains soft, survey shows
Military, Private Sector Rush to Adopt High-Tech Security
Technology [Biometrics]
FBI Fingerprint Research Helps Spawn an Industry [Biometrics]
Warner to Enable the CD Burning of Its Songs
Plea Bargain Riles Scorned Public Defenders [ID Theft]
More-Engaging Online Content Urged
Internet replacing the college library
U.S. puts money on World Bank "hacktivists"
Judge reserves decision on spam fighter trial
Unguarded moments - why cyber security is on the rise
Library Of Congress Goes Grid
****************************
Washington Post
Northern Va. Group One Step Closer to Managing Dot-Org
By David McGuire
Monday, September 23, 2002; 5:06 PM
Global Internet addressing authorities today reiterated their
recommendation that a Reston, Va.-based nonprofit group should assume
control over the valuable "dot-org" Internet domain.
After sifting through a hundreds of comments from the Internet addressing
community, the Internet Corporation for Assigned Names and Numbers (ICANN)
reaffirmed its recommendation that the Internet Society (known as "ISOC")
take over management of dot-org starting in 2003.
ICANN's international board of directors has final say over whether to
accept the ICANN staff's recommendation. The board is expected to make its
decision next month.
In its final staff report, ICANN dismissed suggestions that ISOC is
financially and technologically unfit to operate dot-org, the world's fifth
largest Internet domain. ICANN manages the Internet's worldwide addressing
system under agreements with the U.S. government.
"We're very pleased with the final staff report, particularly that ICANN
chose to go ahead and thoroughly review any concerns and criticisms," ISOC
spokeswoman Julie Williams said today. "I think it's really to their credit
that they've tried to make it an open process and to make it as fair as
possible."
Earlier this year, 11 organizations from around the world submitted bids to
take control of dot-org when Mountain View, Calif.-based VeriSign Inc.
relinquishes its hold on the domain in December.
After ICANN gave the preliminary nod to ISOC last month, several
competiting organizations took issue both with ICANN's selection process
and with ISOC's qualifications to operate the massive Internet domain.
"The final report is relatively unchanged despite rather serious flaws that
were brought to their attention by NeuStar and others," NeuStar Director of
Business Development Ken Hansen said today.
But in its report, ICANN largely dismissed the argument that ISOC's shaky
fiscal past would make the organization an unstable home for dot-org. ICANN
noted that ISOC's proposal calls for dot-org to be run by a newly created
entity call Public Interest Registry (PIR) that will have no direct fiscal
link to ISOC.
Concerns about ISOC's financial stability are not "applicable," ICANN said.
Hansen disagreed, saying that by ignoring the financial concerns, ICANN was
"unnecessarily putting the timely transition and management of dot-org at
risk."
"The (ICANN) board is going to have an opportunity to base their decision
on the criteria and not on the flawed staff report," Hansen added.
ICANN spokeswoman Mary Hewitt pointed out that none of the dot-org bids
were evaluated based on the submitting organization's financial model.
Rather, the evaluation process gave greater significance to the overall
operational experience and capabilities of the organizations, she said.
Founded in 1991, ISOC serves as the institutional home for two key Internet
standards-setting bodies, the Internet Engineering Task Force and the
Internet Architecture Board. It has members in more than 100 countries.
Accounting for more than 2.3 million Internet addresses worldwide, dot-org
represents a substantial revenue stream for the organization that wins the
registry contract. As the current domain operator, or "registry," VeriSign
charges Internet address retailers (called "registrars") $6 per-year for
every dot-org name they sell. Registrars in turn charge varying retail
prices to individual users.
Mountain View, Calif.-based VeriSign is set to give up its management of
dot-org in December as part of a deal it cut with ICANN last year to
maintain its control of the lucrative dot-com domain.
*****************************
Washington Post
Montgomery Says General Election Will Be Smoother
Votes Were Counted Slowly in Primary
By Annie Gowen
Washington Post Staff Writer
Tuesday, September 24, 2002; Page B04
Two weeks after a primary night meltdown in Montgomery County, elections
officials promised County Council members yesterday that better training
and procedures for a computerized voting system would correct the problems
that delayed election results for hours.
By election night, more judges with better training will be in place and
procedures will be streamlined to avoid a repeat of the confusion of Sept.
10, pledged Montgomery County Board of Elections Director Margaret A.
Jurgensen.
That night, it took hours to produce results in several key races,
including the hotly contested Democratic primary in the 8th Congressional
District, as many judges struggled to tally votes and then hand-delivered
them to the Board of Elections.
"You could send the Gutenberg Bible in the Gobi desert in a nanosecond,"
council member Howard A. Denis (R-Potomac-Bethesda) said after the hearing
before a council subcommittee. "I don't understand why we can't plug into
the election results from Bethesda to Rockville."
Denis said, though, that he felt the elections officials would probably be
able to fix the problems in the coming weeks. "I think that they have a
high sense of urgency," he said. "It was really embarrassing election
night. We were the last to come in."
Council member Philip Andrews (D-Rockville) said he was most concerned that
43 of 237 polling places did not open on time. Jurgensen said two precincts
opened as late as 7:30 a.m. and the rest between 7:05 a.m. and 7:20 a.m. At
Parkland Middle School, 30 voters waited more than a half-hour before
leaving without having voted, according to the county.
At some precincts, the voting booths were not set up, while others lacked
technical support workers or enough election judges, she said. In November,
county workers will be on hand beginning at 11:30 p.m. the night before the
election to see that all of the polling booths are ready to go this time,
Jurgensen told the committee.
Jurgensen said the county was woefully understaffed with election judges
for the primary, short some 400 judges of the 3,200 needed. She hopes to
attract 600 more judges through senior citizen and volunteer organizations
for the Nov. 5 general election.
More than 200 judges who had trouble tabulating results and closing down
machines on primary night will have to be retrained, she said.
The Sept. 10 primary was the official debut for the computerized voting
system -- expected to be statewide in 2006 -- in Montgomery, Prince
George's, Dorchester and Allegany counties.
Although all counties experienced some technical problems during the debut,
only Montgomery had trouble tabulating its returns. Results from Dorchester
and Allegany were completed by 10:30 p.m.; Prince George's results were
online by midnight.
In Montgomery, by contrast, chaos reigned: Inaccurate results were posted
on the Web site while judges in precincts struggled through complicated
forms and tabulation process. Some were so frustrated with the new machines
that many were simply loaded into cars and dumped unceremoniously at the
Board of Elections after the polls closed.
Elections officials are to meet today with schools officials to see which
polling places could use school fax and modem lines to transfer their
election results electronically, as was done in Prince George's. On primary
night, only one legislative district in Montgomery sent results in by
modem. That pilot was dubbed a success.
**************************
Government Computer News
CDC outlines IT needs for emergency vaccination clinics
By William Jackson
The government is offering to help state and local governments design IT
components of smallpox vaccination clinics in the event of an outbreak of
the disease.
The Centers for Disease Control and Prevention released its smallpox
bioterrorism response plan Monday. The Smallpox Vaccination Clinic Guide
for large-scale clinics is part of Version 3 of the Smallpox Response Plan
and Guidelines. The clinic guide is available online at www.cdc.gov. The
full version of the response plan will be available soon.
The 48-page plan deals with the logistical and organizational concerns of
setting up clinics capable of vaccinating 1 million people in 10 days in
the event of a smallpox outbreak. It describes a clinic set up to treat
100,000 people a day in two eight-hour shifts. Among the estimated 117
people needed to staff each shift is one IT support person.
IT requirements specified in the guide are 12 desktop or notebook
computers, each with an Internet connection if Web-based databases are
used. The government will provide technical assistance in designing
databases and developing vaccine-tracking systems. The amount of assistance
available would depend on the scope of the emergency.
IT staff members would also oversee the five telephone lines and one fax
line a large clinic would require.
****************************
News.com
Need Biowarfare Agent? Hop Online
By Kristen Philipkoski
The genome sequence of a potential biowarfare agent called Brucella is
freely and publicly available to anyone with Internet access.
A frightening thought, perhaps, considering terrorists certainly have
Internet access. But experts say it's highly unlikely they would also have
the scientific sophistication to use the information to make a weapon.
Although it's controversial, many scientists believe making the pathogen's
blueprint publicly available can lead to more good than harm. Sharing the
genome sequence, which was deciphered by researchers at The Institute for
Genomic Research (TIGR), will help scientists develop vaccines and find
faster ways to identify the bacteria.
"The more we know about (Brucella's genome), the easier it is to defend
against it," said Mark Wheelis, senior lecturer in microbiology at the
University of California at Davis.
"Although (dangers) are certainly there -- I would say they're greatly
outweighed by the benefits that knowing the sequence will bring to people
doing important basic research in the organism," he said.
In humans, initial symptoms of Brucella infection are somewhat flu-like,
making early detection difficult. Although it's rarely fatal, it can
incapacitate its victims by making them feverish and disoriented, and can
cause severe long-term illnesses, such as arthritis, heart disease and
brain damage.
It can only be treated with large amounts of expensive antibiotics
administered for one year.
The lead researcher on the study, Ian Paulsen, a TIGR associate
investigator, described one incidence of the disease: "He was found
wandering around his front yard delirious in his underpants not knowing
what was going on. If it was used against a military unit, it's not likely
the men could actually fight."
People can contract the disease by handling the tissues of infected
animals, eating contaminated foods or inhaling the pathogen. It is only
rarely passed between humans.
During the 1950s and '60s, the U.S. Army developed artillery shells and
bombs armed with Brucella. The stockpile was destroyed in 1969 when the
government halted its biowarfare program.
However, other countries developed Brucella weapons during the Cold War,
too. And while most experts doubt terrorists are sophisticated enough to
use the genomic information now available online, it's possible a
state-supported biowarfare effort could be.
"Iraq could do that, for instance," Wheelis said. "But terrorists, no."
To alleviate public concern, the National Academy of Sciences and other
organizations are in the process of drawing up guidelines to determine if
some genome sequence information should not be made public.
For now, researchers are focusing on the public health benefits of having
the information accessible.
"Now that we have the genome sequence, we can use genomics-style technology
such as microarray technology to detect the presence or absence of the
pathogen, and also fingerprint the strains," Paulsen said.
Knowing which strain an individual is infected with will be key to
eventually treating people who develop brucellosis.
Paulsen and his colleagues sequenced a strain that mostly infects pigs,
known as Brucella suis, which can also infect humans. They compared it to
the goat version, known as Brucella melitensis.
The next step for the TIGR lab is to sequence a strain of Brucella that's
virulent in sheep but not humans. Comparing the two should point out the
specific genes responsible for causing human sickness.
A surprising finding, of interest mainly to evolutionary biologists, was
the fundamental similarity between the swine Brucella genome and plant
pathogens.
"It shows they had a common ancestor more recently than we would have
thought," Paulsen said. "They probably all came from some ancestral soil
organism tens of millions of years ago."
******************************
Washington Times
INS will tighten registration of Saudi visitors
A program that requires registration of foreign visitors from some
countries in the Middle East and North Africa is being expanded to include
men from Saudi Arabia, a U.S. ally and the home country of 15 of the 19
September 11 hijackers.
An Immigration and Naturalization Service memo obtained by Associated
Press directs immigration inspectors registering aliens to include men,
ages 16 to 45, from Saudi Arabia, Pakistan and Yemen, starting Oct. 1.
A Saudi foreign policy adviser, Adel Al-Jubeir, noted that nationals
of other countries also could be subject to registration and Saudis were
not being singled out.
The Justice Department had begun registering visitors from Iran,
Iraq, Sudan and Libya on the anniversary of the terrorist attacks. As part
of the registration, the foreigners are required to provide fingerprints,
photographs and details about plans while in the United States.
"It is imperative that the officers remain vigilant and verify the
age of all males from these three countries in order to identify properly
those who are subject to special registration," says the Sept. 5 memo, sent
by Johnny Williams, the INS head of field operations.
The memo was sent to INS offices to explain how to implement the
Justice Department policy known as the National Security Entry-Exit
Registration System.
Justice Department spokeswoman Susan Dryden said she could not
comment on the internal INS document. But, she said, "Saudi Arabia is an
ally in the war on terrorism and they are not treated as state sponsors of
terrorism in our enforcement efforts."
James Zogby, president of the Arab American Institute, said the
registrations should be conducted at consulates, not at ports of entry
where the process will create long waits and three lines one for citizens,
one for non-citizens and one for Arab-Americans.
Registration is required on arrival in and departure from the United
States. The foreigners also must be interviewed at an INS office for stays
of more than 30 days and notify the INS within 10 days of any change of
residence, employment or academic institution.
The memo says inspectors also can register visitors for national
security reasons who they determine are worth monitoring. The memo says
inspectors should consider whether the visitor has made an unexplained trip
to Iran, Iraq, Libya, Sudan, Syria, North Korea, Cuba, Saudi Arabia,
Afghanistan, Yemen, Egypt, Somalia, Pakistan, Indonesia or Malaysia, or
whether the visitor's explanation for the trip lacks credibility.
Among other things, inspectors will be told to consider registering
foreign visitors who previously overstayed a U.S. visa or whose behavior,
demeanor or answers indicate that the person may be a security threat,
according to the memo.
The additional scrutiny for Saudi nationals follows introduction of
stricter rules for Saudis who apply for visas to the United States. The
visa paperwork formerly handled by travel agents now requires interviews at
consular offices. The scrutiny also comes as President Bush tries to build
support for a U.S. attack on Iraq, for which Saudi Arabia has said it will
not allow use of its territory unless the attack is under U.N. auspices.
Rep. George Gekas, Pennsylvania Republican, chairman of the House
Judiciary immigration subcommittee, said the registration program seeks to
weed out people that Saudi Arabia and other countries are cracking down on
and arresting.
"It's a natural extension of what is already occurring with respect
to the war on terrorism, which is separate and apart from our relationships
with the governments that are involved in this new round of alien
registration," Mr. Gekas said.
************************
News.com
Lab to sample Linux for weapons work
By Stephen Shankland
Staff Writer, CNET News.com
September 23, 2002, 4:50 PM PT
Los Alamos National Laboratory is buying a $6 million, 2,048-processor
Linux supercomputer to run its nuclear weapons simulation software, an
effort that will test the limits of these less expensive megamachines.
The lab has been a pioneer in building inexpensive supercomputers made out
of ordinary computing components and the Linux operating system. Thus far,
however, LANL's nuclear weapons simulation software runs on more expensive
systems from SGI and Hewlett-Packard such as HP's $215 million "Q" now
under construction.
A $6 million price tag may sound like a bargain in comparison, but software
must be reworked to run using less expensive clusters of Linux machines.
Though the new system will run unclassified programs such as predicting the
properties of new materials, those tests will serve as a proxy to predict
how well nuclear weapons simulation software works, said lab spokesman Jim
Danneskiold.
The lab's central mission is ensuring that U.S. nuclear weapons will work
as planned, despite aging and the current ban on actual nuclear tests. LANL
has software that simulates the physical effects such as the extreme
pressure and intense X-rays that accompany nuclear explosions.
Intel-based supercomputers are becoming less exotic, having escaped
academia and found buyers in the private sector such as Companie General de
Geophysique for oil and gas exploration work and MTU Aero Engine for engine
design.
The new system, called the "Science Appliance" and built by Salt Lake
City-based Linux NetworX, uses a cluster of 1,024 interconnected servers,
each with two 2.4GHz Intel Xeon processors. It's a close relative to
another cluster at LANL's sister laboratory, Lawrence Livermore National
Laboratory.
The Science Appliance, due by the end of the year, will be capable of a
peak computational speed of 10 trillion calculations per second, Linux
NetworX said. The computing nodes will be stacked 50 to a rack, with 27
racks taking up a patch of floor space about 18 by 25 feet. The nodes are
connected with a high-speed switch from Myricom.
There are future expansion options in the LANL deal, said Clark Roundy,
vice president of marketing at Linux NetworX.
There's a major difference compared with Livermore system, though: The Los
Alamos machine has no hard drives. Instead, each computer fires up using
software pulled over the network with the assistance of software called
LinuxBIOS developed by LANL programmer Ron Minnich and others. LinuxBIOS
also dramatically speeds the startup process to about two seconds, said
Jason Lowry, Linux NetworX's product manager for cluster management tools.
Shunning hard drives cuts cost and power consumption, but more importantly,
it improves reliability, Roundy said.
"If you think about what things are going to fail in a system, it's the
hard disk or fan or power supply or something with moving parts," Roundy said.
Linux NetworX could benefit greatly from convincing the Los Alamos and
Livermore labs that Linux clusters are worthwhile. The labs are funded by
the Energy Department's Advanced Simulation and Computing program, which
has spent hundreds of millions of dollars to advance supercomputing using
machines made of comparatively inexpensive components.
The DOE program has underwritten many of the world's fastest computers,
according to university researchers who monitor raw calculation speed at
the Top500 organization. The program has underwritten Nos. 2, 6, 7, 9, 11,
and 15 on the most recent ranking. *************************
Government Computer News
DARPA seeks 'total information awareness'
By Patricia Daukantas
Biometric, language processing, predictive modeling and database
technologies are all key areas of the Defense Advanced Research Projects
Agency's revamped strategy to assist homeland security.
The goal of what DARPA calls its total information awareness programs is to
prevent terrorist attacks, said Robert L. Popp, deputy director of the
agency's Information Awareness Office. Popp spoke yesterday at a conference
in Arlington, Va., sponsored by the Biometric Consortium
DARPA created the Information Assurance Office early this year to develop
new technologies for extracting and analyzing data that could help the war
on terrorism, Popp said.
Among the initiatives that the office has launched this year is Genisys,
which seeks new ways to design ultralarge information repositories for
counterterrorism efforts while protecting the privacy of innocent people,
Popp said.
Translingual Information Detection, Extraction and Summarization, or TIDES,
will help English-speaking analysts understand intercepted messages in
other languages, Popp said. DARPA's initial efforts with TIDES will focus
on Arabic and Chinese, as will a related program to improve the accuracy of
speech recognition.
DARPA's Human Identification at a Distance program is wrapping up a new
round of tests on various facial recognition products, program manager
Jonathon Phillips told conference attendees. Phillips, on detail at DARPA
from the National Institute of Standards and Technology, said that results
of HID tests are scheduled for posting on www.frvt.org in November.
***************************
Government Executive
Justice Department formalizes information sharing guidelines
By Drew Clark, National Journal's Technology Daily
Attorney General John Ashcroft on Monday released guidelines designed to
formalize the way in which federal prosecutors share information, including
data obtained from electronic surveillance, with the CIA and other
intelligence officials.
The guidelines flow from last October's sweeping anti-terrorism bill, which
empowered prosecutors to share information obtained through grand jury
testimony or through electronic, wire or oral interception of information.
Prior to passage of the landmark anti-terrorism legislation, known as the
Patriot Act, prosecutors were specifically barred from sharing such
information to intelligence, protective, immigration, defense or national
security officials.
Justice Department officials said the changes were designed to
institutionalize a procedure for sharing information collected in the
course of criminal investigations. Prior to the passage of the Patriot Act,
sharing of grand jury and surveillance information was barred "even if that
information indicated that terrorists were planning a future attack, unless
such officials were assisting with the criminal investigation itself,"
according to a department press release.
Because information collected and presented to a grand jury has not been
subject to the cross-examination and other checks and balances associated
with a criminal trial, guarding the secrecy of such information has long
been a hallmark of the protections that suspects have been granted under
U.S. criminal law.
Section 203 of the Patriot measure allowed the sharing of such grand jury
information so long as information identifying U.S. citizens is labeled as
such before its disclosure to intelligence officials. But Justice officials
said that any information identifying a U.S. citizen should be labeled
before being passed to intelligence agents.
And while the identity of such U.S. citizens may be passed to intelligence
officials, a top level Justice official said in a background briefing that
the names must be deleted prior to any subsequent usage. But an exception
is made if its disclosure is necessary to understand the context of the
information.
In April, Ashcroft issued a directive to Justice Department officials
regarding procedures for such information sharing, and Monday's guidelines
formalize them for the department's communication with intelligence,
homeland security and other federal officials.
****************************
Government Executive
FBI cyber chief heralds interagency cooperation
By Bara Vaida, National Journal's Technology Daily
Ron Dick, the director of the FBI's National Infrastructure Protection
Center, said the FBI's new effort to partner with the Secret Service on
investigating cyber crimes is aimed at marshalling resources.
At the launch of the national cybersecurity protection plan last week, the
FBI and Secret Service announced a new pilot program where several field
offices of both agencies agreed to work together on investigating cyber
crimes to determine who is behind a particular attack.
"If you look at what we've done with the Infragard program and what they've
done with the Electronic Crimes Task Force...we can leverage the
capabilities of both staffs," said Dick in an interview with National
Journal's Technology Daily.
Infragard, created in 1996, enables the private sector and federal
government to share information about cyber crimes confidentially. The
Secret Service created a national electronic crimes task force in 1995 in
its New York field office to investigate electronic financial crimes.
"There is a shortage of resources and skills and ability to investigate
[security breaches], so if we blend the two [programs]," there will be
strengths in different areas, he said.
Separately, Dick defended the administration's decision not to have
regulations in the national cybersecurity plan. Some critics of the plan
have charged that it is weak because it relies on private sector
cooperation with the government.
"It's the current administration's position not to use regulation or
statutory changes to secure cyberspace ... because 80 percent [of it] is
owned and operated by the private sector, and this has to be a partnership
not mandated by regulation but by good practices," Dick said. "The whole
crux for infrastructure protection comes down to one word: trust."
When asked if there is date by which the nation's computer networks should
be secure, Dick said, "No ... but if we still don't have protection of the
system ... then the government would step in. But we aren't even close to
that. The right model is to attempt to do this with a trusted partnership
and see if it works."
Dick said since last year's terrorist attacks, information sharing efforts
by federal agencies and within the private sector has improved. He noted
that the CIA has detailed a staff member to the NIPC and there is an
interagency group, which includes the NIPC, Treasury, Justice and the
Defense departments aimed at sharing investigative efforts.
"I have seen nothing but willingness of agencies to share information," he
said.
The majority of the NIPC is slated to move to the Homeland Security
Department when Congress approves its creation. The training, outreach and
strategy and analysis portions of the NIPC are scheduled to move to the new
department, while the investigative component is to remain within the FBI,
Dick said.
***************************
Computerworld
Demand for U.S. IT workers remains soft, survey shows
By THOMAS HOFFMAN
SEPTEMBER 23, 2002
Although the U.S. IT workforce has grown by 1%, or 85,000 jobs, since the
beginning of the year, the short-term hiring outlook continues to remain
bleak, according to an updated report being released today by the
Information Technology Association of America and Dice Inc.
Telephone interviews conducted in July and August with hiring managers at
84 IT vendor companies and 216 non-IT companies revealed that "the original
optimistic hiring forecast at the beginning of the year has been tempered
by the economy," said Scot Melland, president and CEO of Dice, a New
York-based provider of online recruiting services for technology
professionals.
Many unemployed IT workers are shifting the blame elsewhere. Computerworld
regularly receives letters from disgruntled IT professionals who claim that
they have in-demand skills such as C++, Java and Oracle training and yet
haven't been able to find work for months. Many of them point the finger at
H-1B visa holders and offshore programming outfits, where a growing number
of companies are shifting their development and maintenance work to reduce
costs.
Influence From Overseas
Earlier this month, the U.S. General Accounting Office (GAO) announced
plans to study whether and to what extent the H-1B visa program is costing
Americans jobs (see story). The results of that study are due out next year.
But some IT professionals say offshore outsourcing is having a more
significant and longer-term impact on U.S. IT workers.
Outsourcing not only leads to job cuts; it also allows corporations to
avoid paying unemployment taxes when demand for labor slackens, said Norman
A. Lane, president of Aztech Professional Services Inc., a Phoenix-based
consulting and contracting firm. Lane contends that to prevent tax losses
to the federal government, U.S. companies that engage in offshore
outsourcing should pay a levy "on every outsourced job to compensate U.S.
taxpayers."
ITAA President Harris Miller has been a lightning rod for H-1B critics,
since the Arlington, Va.-based trade association is largely made up of
technology vendors such as IBM, Cisco Systems Inc. and others who have made
extensive use of foreign IT specialists. While he said he believes the
economy has been the biggest culprit, even he acknowledges that offshore
programming "is having an impact" on the U.S. IT job market.
"The real challenge is offshore programmingnot the few thousand [IT
workers] that come to the U.S., but the workers in Ireland and South Africa
and India that are paid much less to do the work," said Miller. "I think
there is more work going offshore in part due to the pressure to keep costs
down, and there's huge downward pressure on software vendors to keep their
labor rates down," he added.
"So much work is going offshore, we're putting ourselves at a substantial
[intellectual capital and security] risk," said Linda McInnis, an
independent contractor and head of the hiring initiative at BostonSPIN, an
Acton, Mass.-based group of 1,200 Boston-area software professionals.
***************************
Washington Post
Military, Private Sector Rush to Adopt High-Tech Security Technology
By David McGuire
Tuesday, September 24, 2002; 12:00 AM
Deep in the Pentagon, an Army officer approaches a gray box affixed at
roughly eye-level beside a wooden office door. The officer stares at the
box, training his eye on a circular mirror about the size of a half-dollar.
"Identification is completed," purrs a computerized female voice as the
lock clicks, permitting the officer to pass.
The slick plastic box, a device that scans iris patterns and compares them
to a database of iris images taken from personnel who are cleared for
entrance, is just one of a widening array of products designed to identify
individuals by their unique physical characteristics.
Such technology hardly seems out of place in the heart of America's
military industrial complex. But after the Sept. 11, 2001, terrorist
attacks, the iris-scanning device and other security technologies that
focus on physical characteristics are cropping up more and more in civilian
life -- at office complexes, grocery stores, schools and fitness centers
across the country.
The science underpinning such devices is "biometrics," a field long mired
in controversy, but one that has enjoyed a makeover during the past year.
Unlike access cards, the body parts that biometrics devices read cannot be
easily lost, sold or traded among conspirators, and unlike security codes,
they can't be forgotten. The appeal of such a reliable identifier has grown
in the post-Sept. 11 environment, but the use of biometrics for security
purposes has raised questions about potential privacy intrusions and
whether the technology is sufficiently reliable.
Army Pushes Biometrics
Squatting across the road from a tiny regional airport in rural West
Virginia, the U.S. Army's Biometric Fusion Center isn't the gleaming
testament to scientific advancement one might expect. The building -- a
smallish, low-slung structure of textured concrete and faded brown siding -
offers few clues that it's the setting for leading-edge research into
advanced biometrics technologies.
Past the outer door, however, the center starts to hint at its purpose.
Barring entry to the main floor is an iris scanner identical to ones
recently installed in the Pentagon.
Director Paul Howe said the iris scanner, one of several biometric devices
in use throughout the building, serves two purposes: securing the facility,
and giving staffers an opportunity to experience daily life with the device
before recommending it for use throughout the military.
A device that is effective but annoying isn't an ideal solution, Howe said.
"Part of it is saying, 'If I had to use it, would I really like it?'"
The Bridgeport, W.Va., center was founded in 2000 by the Army's
then-fledgling Biometric Management Office (BMO), which is charged with
spurring the deployment of biometric security devices throughout the
military. The center has since become the testing ground for all commercial
biometric products considered for use by the U.S. armed forces.
Howe said Bridgeport was a logical choice to serve as home to the Biometric
Fusion Center. In 2000, West Virginia University boasted one of the
nation's few academic biometrics programs, and the nearby town of
Clarksburg is home to the FBI's massive fingerprint database.
Center officials signed the lease on the dowdy two-story property in August
2000, and eventually engaged a staff of more than 30 contractors, working
under the management of Howe, a civilian employee of the Defense Department.
Since its launch, the center has reviewed about 50 devices, clearing about
a dozen for use in military applications, Howe said. "This is kind of a new
industry. What we like to focus on are those very mature products that
might be useful right away."
On the top floor, a small laboratory is strewn with tens of thousands of
dollars worth of commercial biometric devices. Tiny fingerprint
identification cards that can be plugged into laptops share limited desk
space with chunky hand scanners and slick iris cameras. Devices deemed not
ready for prime time rest forgotten beside those already cleared for use in
military installations and those still facing a battery of tests.
Some super-secure military facilities use custom-made biometric devices not
available to the public (or, for that matter, to the staff of the Biometric
Fusion Center), but many mid-level secure military facilities rely on
commercially available biometrics to provide an "added layer of security,"
Howe said.
One of the most recent installations was the Pentagon Officers Athletic
Club, where the management office has placed iris scanners at the entrance
to the popular gym.
Managers there say that, beyond creating a simplified mechanism to allow
entrance to the athletic club, the placement of the biometric device in
such a central location will help familiarize military personnel with
technology that is likely to become far more prevalent in their lives in
the coming years. Fitness-conscious military personnel of all ranks and
security-clearance levels pass through the athletic center, BMO Senior
Analyst Margo English said.
Placing biometric devices in such high-traffic places will ultimately
acclimate not just military personnel, but the general public to the
devices, allowing most people to get comfortable with biometrics, Howe
predicted. "You're always going to have some people who find it awkward,
just as my mother finds it awkward to remember a password," Howe said.
Reliability
Biometric devices perform one of two basic functions: verifying a person's
identity ("authentication") and picking subjects/suspects out of a crowd
("identification").
Authentication devices -- including finger, iris and hand scanners -- are
used to confirm the identities of people who have clearance to enter secure
areas, log onto sensitive computers, or perform any other sort of
restricted function. By contrast, identification technologies like face
scanners take a more scattershot approach, picking subjects out of crowds
by spotting their unique physical characteristics. Although a less commonly
known application, face scanners can also be used for more traditional
authentication purposes.
Biometric devices may come in many flavors, but all of them share the
underlying recipe for recording and comparing physical characteristics.
Whether scanning fingerprints, facial ridges, iris patterns or hand
contours, all modern biometric devices first obtain "samples" by recording
unique points on a target body part.
The samples are then converted to digital templates, which can be compared
and contrasted at varying speeds and accuracy based on the level of detail
included in the original samples and the thoroughness of the series of
mathematical calculations (or "algorithms") programmed into the device that
are used for processing comparisons.
Raj Nanavati, whose company International Biometric Group of New York tests
devices for reliability, says the technology has gotten faster, smoother
and more accurate in recent years. "The false rejection [and] false
acceptance rates for finger, iris and hand are very low," he said.
Bill Voltmer, the president and chief executive of Moorestown, N.J.-based
Iridian Technologies Inc., said iris scanners using Iridian's proprietary
algorithm can reduce false acceptance rates (instances of unauthorized
people being cleared for access) to almost zero.
But Voltmer conceded that the devices aren't completely foolproof, which
highlights a recurring question about relying solely on biometrics to
protect secure areas. The comparatively high reliability and seemingly
tamperproof nature of the devices could lull users into a false sense of
security, according to critics.
That danger was demonstrated earlier this year when a team of Japanese
scientists released findings of a study in which they used gelatin and
other simple household products to create "gummy fingers" capable of
fooling fingerprint scanners.
But proponents of biometrics say that the devices aren't intended to
replace armed guards or manned security checkpoints. Rather, the devices
should be used to replace access cards and memorized security codes, which
they say are much easier to defeat than comparable biometrics.
"Most of the access control systems today verify authorized pieces of
plastic, when what they really want to do is verify authorized people,"
Recognition Systems Inc. spokesman Bill Spence said. Recognition Systems, a
Campbell, Calif.-based unit of Ingersoll-Rand, is the world's largest
developer of hand geometry scanners.
Richard M. Smith, a private Internet security consultant based in
Cambridge, Mass., said biometric companies still face a tough task in
selling their products to the public.
"These systems can do a good job of doing access control," Smith said. "The
trouble is that they compete with other technologies like cards and key
codes [that] tend to be less expensive and easier to deploy than a
biometric solution."
Biometrics Sales Grow
Posting an anemic $20 million in sales in 1995, the biometrics industry
will sell upwards of $200 million in devices this year, said International
Biometric Industry Association (IBIA) Executive Director Richard Norton,
citing IBIA sales projections. The biometrics industry posted sales of $170
million in 2001, and IBIA predicts annual industry sales of $2 billion by 2006.
Hand, finger, face and iris scanners account for most of the biometrics
products sold, but companies are in the process of developing technologies
to identify people based on their voice patterns, body heat signatures and
keyboard-use characteristics, Norton said.
Biometrics companies say that the private sector is only a few steps behind
the military in adopting biometric technologies.
The sector is small by most standards and has felt the pinch of shrinking
corporate information-technology budgets, but many biometrics companies
continue to post growing sales despite a languishing economy.
And beyond the fiscal evidence of the industry's growth over the past few
years, biometrics executives say the post-Sept. 11 security concerns have
created unprecedented interest in their products.
"The direct impact [of the terrorist attacks] was the realization that
crime and terror is actually a reality in our country and they pose a
threat. It's a wake-up call," said Joseph Atick, president and chief
executive of Identix Inc., a Minnetonka, Minn.-based firm that is one of
the largest in the biometrics sector. "The wake-up call as a result of the
shock of Sept. 11 has led people to accept any identification technology,
within reason of course."
Increased acceptance is critical for Identix, which deals in perhaps the
most controversial breed of biometrics: face recognition. Critics of face
scanners call the technology unreliable, questioning the ability of modern
biometrics to accurately pick people out of crowds.
Biometrics "are very good authentication tools. They are terrible
identification tools," said Bruce Schneier, president of Cupertino,
Calif.-based Counterpane Internet Security and author of the monthly
security newsletter, "Crypto-Gram."
"Where the industry is really overreaching is where they say, 'We can pick
terrorists out of crowds,'" Schneier said.
"One-to-one" biometrics devices -- like the Pentagon iris scanners -- have
a more proven track record, according to industry observers. Facing few
roadblocks and riding a wave of heightened security concerns, manufacturers
of those technologies are looking to ramp up deployment.
Schneier cautioned against over-reliance on the devices. "There are many
circumstances in which biometrics aren't appropriate. That doesn't mean
they're bad ... it just means they aren't the right tool," he said.
Howe, of the Army's biometrics center in West Virginia, said that use of
the devices will continue to proliferate.
"They are getting slicker. They are getting less intrusive," Howe said.
"They'll be as ubiquitous as credit cards."
Tomorrow: Civil liberties groups warn that biometric security devices pose
serious threats to privacy rights.
*******************************
Washington Post
FBI Fingerprint Research Helps Spawn an Industry
Tuesday, September 24, 2002; 12:00 AM
To a large extent, the modern biometrics industry was born out of efforts
to commercialize the Federal Bureau of Investigation's groundbreaking
fingerprint scanning technology.
In the mid-1960s, the FBI asked researchers at the National Bureau of
Standards (now the National Institute of Standards and Technology) to study
the feasibility of using technology to "read" the unique ridges and whorls
of human fingerprints, said Robert Last, a computer specialist and acting
section chief in the FBI's national fingerprinting division.
Delivered to the FBI in 1972, the first prototype device based on that
research was several feet tall, nearly as wide and "extremely slow," Last
said. The device couldn't run comparisons and was only capable of scanning
fingerprints and converting the ridge and whorl patterns into empirical
data points.
By today's standards, the machine's capabilities were extremely limited,
but it laid the groundwork for devices capable of scanning and comparing
human fingerprints Last said.
The FBI fingerprinting technology caught its first criminal in March 1979,
when the scanning devices identified a match that had been overlooked by
investigators using traditional fingerprint comparison procedures, Last said.
Continuing advances in fingerprint scanning technology led to the 1999
completion of the FBI's Integrated Automated Fingerprint Identification
System, which greatly accelerated the speed and level of automation with
which the FBI could run fingerprint comparisons.
-- David McGuire, washingtonpost.com
**************************
Los Angeles Times
Warner to Enable the CD Burning of Its Songs
Internet: Company will make recordable format standard and offer more of
its catalog as singles.
By JON HEALEY
TIMES STAFF WRITER
September 24 2002
In the latest record-industry concession to consumer demand, Warner Music
Group plans to offer tens of thousands of songs through the Internet in a
format that can be burned to CD.
The announcement by Warner and online distributor RioPort Inc. is a
significant change for Warner. Not only is it making more of its catalog
available as singles--more than 30,000 songs instead of the current 300--it
is enabling CD burning as a standard feature.
Warner's move mirrors announcements this year from Universal Music Group
and Sony Music, which pledged to make tens of thousands of songs available
as downloadable singles in formats that allow burning. Songs from all three
companies also are expected to sell for 99 cents to $1.50, less than the
labels initially sought to charge for downloadable music.
Burgeoning Internet piracy is pushing the labels to offer consumers
something more compelling than their initial online collections. Consumers
showed little interest in the major labels' first downloadable singles,
largely because of the high price, limited selection and cumbersome
electronic locks that prevented songs from being copied, moved to portable
devices or recorded onto CD.
The new lineup of Warner songs will still have electronic locks, but buyers
will be able to record the songs onto a standard CD, effectively removing
the limitations. The label expects to make available all songs to which it
has digital rights, which probably will leave out Madonna and a few other
top artists.
The songs are slated to hit the market this month through RioPort's online
retail partners, which include BestBuy.com, MTV.com and HP.com.
**************************
Los Angeles Times
Plea Bargain Riles Scorned Public Defenders
Justice: State attorneys group to seek a tougher sentence for a lawyer who
allegedly used a stolen identity to chastise her colleagues in an online
chat room.
By MONTE MORIN
September 24 2002
Criminal defense lawyers make their living in part by pleading for
forgiveness on behalf of their clients. But in the case of Ana Maria
Patino, members of the California Public Defender Assn. are crying out for
blood.
Patino is a Santa Ana attorney who used the organization's closed Internet
chat room to attack other members with a stream of angry missives,
association officials say.
After being booted out of the group last year, Patino reemerged
surreptitiously, using the online identity of a young law school graduate,
prosecutors said. This prompted an investigation by the FBI and local
police that resulted in charges of identity theft and forgery.
Prosecutors, however, have agreed to dismiss the charges if Patino
apologizes, performs community service and pays $1,500 in fines.
The deal has members of the association crying foul, saying that Patino
victimized them and avoided jail time by hiring a well-connected defense
lawyer. They say prosecutors are letting her off too easily. They also
complain that as the "victims" of the crime, they were never consulted
about the plea deal.
"I'm astounded. Clearly the D.A. doesn't care about identity theft," said
association board member Don Landis, who is an Orange County deputy public
defender. "They're really interested in victims' issues when they want to
be tough on some indigent client who pocketed something at Mervyn's, but
when it comes to dealing with an Orange County lawyer, it's a different
matter. It's hypocritical."
Members of the group--which is open to all defense attorneys--plan to take
the unusual step of asking a judge next month to scuttle the plea bargain
and demand stiffer punishment for Patino.
Patino, a defense lawyer who specializes in appeals cases involving
immigration law, was the chat room's most active participant.
Firing off 10 to 15 critical messages a day on a variety of
criminal-defense topics, Patino would sometimes sign her electronic
missives as "Xena" or "Lady Anne."
Chat-room users say many lawyers felt the heat of Patino's flames, but the
54-year-old attorney allegedly crossed the line when she picked fights with
the leader of the Orange County Bar Assn.
"I really don't know why you would think anyone would care what you think,"
Patino wrote to then-Orange County Bar President Jennifer Keller.
"You never have ceased to amaze me in your pretentious sense of power which
you choose to gloat over people."
Patino also took aim at association director Michael Cantrall, cursing him
and vowing to "bring you down and everyone else associated with you."
The defenders group responded by stripping Patino of her chat-room
privileges and terminating her membership in the association.
But in June of last year, just weeks after she was bounced from the chat
room, Patino reemerged under a false identity, the association said. Using
the name and a bar license number of a 28-year-old law school graduate,
Patino reportedly resumed her electronic chats as Lianna Figueroa.
The alleged ruse worked for several months, association officials said,
until Patino began to complain to the site's Webmaster about service. The
Webmaster reportedly recognized Patino's confrontational style and
telephoned the real Lianna Figueroa to ask whether she was dissatisfied
with the Web site.
"I had no clue what they were talking about," Figueroa said. "I just
finished law school. I never applied to them for an account."
Authorities eventually charged Patino with identity theft, forgery and
fraud. Patino hired powerhouse Orange County defense lawyer Alan Stokke,
who discussed a plea deal with prosecutors.
Deputy Dist. Atty. Susan Riezman said Stokke's political connections played
no role in the deal. "This is an appropriate agreement based on the
totality of the circumstances, and the non-seriousness of the crime,"
Riezman said. "The victim suffered no financial loss nor any loss of
reputation."
Riezman noted the matter would also be investigated by the State Bar of
California.
Patino insists that she has done nothing wrong and is being persecuted by
the association. "I am innocent," Patino said. "I do not know anything
about Lianna Figueroa. I don't know her and I don't know anything about an
apology."
She insists that the public defenders are out to get her. As an appeals
lawyer, she said, she regularly exposes the sloppy work of public defenders.
"Their motivation is to get back at me," Patino said. "I make them look
bad. They're motivated by envy."
Figueroa, the lawyer whose identity Patino allegedly used, said she has
been troubled by the experience. She said prosecutors should hold Patino to
a higher standard because she is a lawyer.
"I have no idea what this person was telling people under my name, and I'm
worried people will think it's me who said it," Figueroa said.
"Nobody seems to care. I went to the police and they said, 'Big whoop,
nobody lost any money.' I want somebody to take this seriously."
**************************
Los Angeles Times
More-Engaging Online Content Urged
By JUBE SHIVER Jr.
September 24 2002
WASHINGTON -- A White House panel studying ways to boost demand for
high-speed Internet access is expected next week to encourage Hollywood and
others to offer more online content. The report also will recommend that
more workers use high-speed lines to telecommute from home.
After intense lobbying by industry groups, the President's Council of
Advisors on Science and Technology sidestepped calls for an overhaul of the
nation's telecommunications networks, such as backing the regional Bell
phone companies' bid to scale back laws that regulate their ability to
compete in the market for high-speed Internet access, or broadband.
Instead, the blue-ribbon panel of industry executives and academics hopes
to encourage the development of more online entertainment, as well as
online government and educational services, as a way to lure more of the 70
million Americans now online to upgrade to broadband, which is four to 30
times faster than a standard dial-up modem.
"We think this report will be a very significant move forward," said
Claudia Jones, a spokeswoman for AT&T Corp., which has been following the
issue closely.
A spokeswoman for the White House Office of Science and Technology Policy
declined to comment on the report.
The Bush administration has been under pressure from Silicon Valley to
implement tax incentives and change the rules governing the phone and cable
TV industries to help boost the number of high-speed Internet connections
amid an industrywide financial meltdown.
Only about 10 million homes have high-speed Internet access, which is more
complex to install and twice as costly as traditional dial-up Internet access.
Many consumers see no compelling reason to pay extra for broadband,
according to a study released Monday by the Commerce Department. The
average $40 to $50 monthly fee for broadband is cited by many consumers as
the main reason they aren't upgrading to faster access, the Commerce
Department said.
Three industry sources who have seen draft copies of the president's
council report said the group generally recommends a laissez-faire and
low-key approach to broadband.
Besides supporting the development of more content, the report is expected
to call for more research and development of high-speed technologies,
including wireless data networks. The report also will recommend the
government use its clout as a big purchaser of technology to promote online
services that could benefit from a fast Internet connection, such as
distance learning and telemedicine.
In calling for more engaging content, the report could put the White House
at odds with Hollywood and other powerful forces seeking greater government
protection for creative works online.
Although government has little broadband content to offer, a report to be
released today by a unit of the Progressive Policy Institute suggests one
novel approach: encourage the nation's public broadcasting stations to put
their television shows online.
*************************
San Francisco Gate
Internet replacing the college library
Washington -- Just because that college junior still has not found his way
to the campus library does not mean he is an academic slacker. Almost
three-quarters of U.S. college students now use the Internet more than the
library, and a strong majority said the Net has been an asset to their
educational experience,
according to a recent report.
The study, conducted by the Pew Internet & American Life Project, found
that 86 percent of college students have gone online, compared with 59
percent of the general population.
"One of the things that jumped out was the degree to which college students
have integrated the Internet into their everyday life. They are used to
high- speed, instant access. They treat it like they would any utility --
water, telephones, television," said Steve Jones, the study's author and
head of the Communications Department at the University of Illinois at
Chicago.
The study is based on more than 2,000 surveys from undergraduate students
at 27 U.S. colleges and universities, as well as observational research
done at 10 schools in the Chicago-area. The research was conducted from
March to June and has a margin of error of plus or minus 2 percentage points.
"This is such an interesting generation," Jones said. "We've known
anecdotally that students are using the Internet a lot, but we didn't have
any hard numbers. Nobody has ever gone out to find out for sure what is
really happening."
Students are using the Net for research purposes, but also to communicate
with professors and other students outside the classroom. Almost half of
the students said they were better able to share thoughts and ideas with
professors through e-mail than in person, and 75 percent have used the
Internet to communicate with peers about academic projects.
The study also found that 85 percent of college students own their own
computer and that most prefer to search the Web from the comfort of home.
Computers have not yet revolutionized the university experience in the
radical ways many predicted. Of the 6 percent of students who chose to take
a class online, only slightly more than half found it to be worthwhile. And
interaction between teachers and pupils on message boards and instant-
messaging programs remains low.
Nearly three-quarters of students check e-mail at least once a day but not
always in anticipation of a new homework assignment. Forty-two percent of
college students use the Internet primarily as a vehicle for social
communication, and almost all students use e-mail to keep in touch with
friends and family at least once a week.
**************************
News.com
U.S. puts money on World Bank "hacktivists"
By Matthew Broersma
September 24, 2002, 6:00 AM PT
The U.S. government is advising system administrators to monitor their
systems for computer attacks planned this week, ahead of the Washington,
D.C., meeting of the World Bank and the International Monetary Fund.
The meetings have spurred protests in previous years, but this year
anti-globalization activists are expected to step up their plans, possibly
attempting to block traffic on the city's streets on Friday. The U.S.
government's National Infrastructure Protection Center (NIPC) said Monday
that those planning physical disruption might also use computer attacks to
"enhance the effects of the physical attack or to complicate the response
by emergency services to the attack."
Although there have been no specific cyberthreats issued against the IMF
and World Bank meetings, the center warned that "several hacker groups"
could be planning Internet protests.
The center said that computer attacks could be carried out either by
idealistic hackers or simply by publicity seekers. "Cyberprotestors can
engage in Web page defacements, denial-of-service attacks, misinformation
campaigns, and the like," the NIPC said in a statement.
The center recommended that system administrators monitor their own
computer networks to prevent hackers from either staging attacks on their
own networks, or using the network as a jumping-off point to attack a third
party.
Administrators were also urged to review their security procedures,
including limiting unnecessary inbound traffic, changing passwords and
login names and keeping up-to-date with software patches. Suspicious
activity can be reported to FBI offices, the NIPC or other authorities, the
NIPC said.
Last summer a European Union summit in Gothenburg, Sweden, was marred by
running battles between police and protesters, causing the World Bank to
cancel a planned Barcelona meeting and turn it into an online videoconference.
The NIPC dates online activism from 1998, when Electronic Disturbance
Theater endorsed a series of attacks on the Web site of the Mexican
government.
ZDNet U.K.'s Matthew Broersma reported from London.
*****************************
Sydney Morning Herald
Judge reserves decision on spam fighter trial
By Perth
September 24 2002
A judge has reserved his decision on whether a "fearless spam fighter"
should face trial for disrupting the $1,000-a-day business of a company
which sends junk email, or "spam".
Perth man Joseph McNicol had lodged an application to strike out a civil
action against him by The Which Company, the parent company of
direct-marketing business t3 direct, which sends bulk unsolicited email.
The Which Company alleges it lost $43,000 in business after Mr McNicol,
annoyed at receiving its emails, `outed' t3 direct by posting its IP
details on the internet.
The West Australian District Court was told yesterday day the IP address
was noted by a not-for-profit group called SPEWS - Spam Prevention Early
Warning System - which blocks spam emails from getting to addresses on the
Internet.
T3 alleges Mr McNicol, described in court as a self-styled "fearless spam
fighter", told SPEWS that t3 was spamming - which caused SPEWS to block the
company's emails.
But Mr McNicol's lawyer Jeremy Malcolm said there was no evidence of any
contact between Mr McNicol and SPEWS.
Deputy Registrar Richard Hewitt suggested SPEWS could provide information
on who tipped them off.
However, Mr Malcolm said contacting SPEWS would prove difficult.
"SPEWS is a totally anonymous body and nobody knows who they are," Mr
Malcolm said.
T3 said Mr McNicol's vendetta against spam, and his outing of t3, made it
likely the Perth man did pass the information to SPEWS.
This should be tested in court, the direct marketer said.
Mr Hewitt said t3 was asking for permission to proceed so it could get
access to the information "locked up in the mind of the defendant".
"At the moment you don't have any evidence to prove your case (but) we have
a demonstrated level of hostility between the defendant and your client,"
Mr Hewitt said.
Mr McNicol has previously alleged, outside court, that Internet users would
have to find an alternative to email if marketing companies got the green
light to send junk email.
Deputy Registrar Hewitt has reserved his decision until October 7.
**************************
Sydney Morning Herald
Unguarded moments - why cyber security is on the rise
By Kim Zetter
September 24 2002
The spike in computer crime in the past two years has been matched by a
parallel spike in the number of security consultants and companies popping
up to relieve organisations of their worries and their budgets.
With promises to plug holes, monitor traffic and chase down criminals,
Managed Security Services can appeal to IT departments too taxed with
administration to maintain security and to companies too small to hire
specialist staff.
Knowing what to do yourself - and what to contract out and to whom - is a
common difficulty.
The advantages of outsourcing are many. It's less expensive to pay a fee
for expert services than to hire and train dedicated staff. Security
providers are aware of the latest vulnerabilities, patches and products.
And if they're monitoring your traffic full-time, they can respond to
attacks in progress rather than a day or week later when your regular
administrators get around to analysing the network logs.
What's more, MSS providers have more experience to respond to attacks
against your system since they are more likely to have seen similar attacks
on others.
But not all offer the same services or quality and not all are financially
stable.
According to industry researchers at Giga Information Group, there are more
than 80 MSS providers in the United States operating nationally - down from
125 last year - a figure that analysts expect to drop to 60. So you should
choose wisely if your security provider goes belly-up.
When it comes to picking a provider, the managed security label can be
misleading since it encompasses a variety of services, from one-time
vulnerability assessments to 24-hour network monitoring.
Some companies that call themselves MSS providers are actually only product
resellers.
Steve Hunt, a research analyst with Giga, says there are six categories of MSS:
On-site consulting to develop a security plan and infrastructure.
Vulnerability testing.
Product sales of security hardware and software.
Remote perimeter management, which involves installing, configuring and
managing a virtual private network.
Network monitoring, a 24x7 service to watch network traffic for suspicious
activity and intrusions.
Compliance monitoring to ensure employees comply with company policies.
Some providers offer a single service, others a smorgasbord. Costs can
range from $US250 ($A474) a day for consulting to $US12,000 a month for
network monitoring.
Small Sydney provider Kyberguard, for instance, has 50 clients including
Nippon Telephone and Telegraph and international engineering group
Montgomery Watson Harza.
It charges $250 a month for small companies, which includes the cost and
installation of a firewall and IDS hardware as well as 24-hour monitoring
of perimeter activity. For 100 to 150 employees they charge $950 a month
for hardware and monitoring of internal-external traffic. They also install
and configure VPNs.
Canberra-based 90East, which has offices around the country, charges $7000
to $10,000 a month for network monitoring. It also offers server hosting
and VPN services.
The company is new to the commercial market after securing government
systems for several years. The founders were government contractors who
built a complex firewall system for federal agencies, then formed 90East
when the government decided to outsource security.
Their clients include 35 federal departments, state governments and legal
firm Minter Ellison.
The company recently acquired Application Service Provider Peakhour.
Giga's Steve Hunt says that before choosing any MSS, you should assess your
business risks and needs to decide what you can do in-house and what you
should outsource. But no company should hand over all security to an outsider.
Greg Nelson, information security manager for chip maker Advanced Micro
Devices, says companies should retain control of security management.
"You can outsource specific tasks but you can't outsource responsibility
for the security of your company," he says.
Bruce Schneier, founder of United States network monitoring service
Counterpane, recommends outsourcing labour-intensive tasks such as
vulnerability assessment, network monitoring, consulting and forensics.
Schneier says companies cannot effectively monitor their own networks.
"Security monitoring is inherently erratic: six weeks of boredom followed
by eight hours of panic," Schneier says. "Attacks against a single
organisation don't happen often enough to keep (staff) engaged and interested.
"The choice is not outsourcing or doing it yourself. Goldman Sachs can do
it themselves. But nobody else can."
AMD, which has 14,000 employees worldwide but only three security staff in
the US, hired Counterpane after trying unsuccessfully to track more than
100 Internet servers.
"We were always a day behind in analysing results and we could never catch
anything as it was happening," AMD's Nelson says.
Counterpane monitors AMD's systems around the clock, while another
undisclosed company runs penetration tests twice a month. Nelson says the
decision was also an economic one.
Counterpane charges about $US12,000 a month, as opposed to the $100,000 to
$200,000 a month it would cost most companies to hire five or six specially
trained employees to monitor their systems around the clock.
AMD at least recognised the need to monitor their networks. But according
to Tim Cranny, senior consulting engineer with 90East, many companies do
not even make the attempt.
"You'd be astonished at the number of companies that have an
intrusion-detection system or firewall but no one watching them," he says.
Although it might be tempting to hire an all-in-one MSS for your needs,
Counterpane's Schneier says you should avoid companies that have a conflict
of interest, such as those that sell products and offer to manage them or
those that offer device management plus monitoring.
If the monitoring staff discover an intrusion to a system that the
device-management team should have secured, they're likely to fix it
quietly without telling you about the mistake. Companies that sell products
and do vulnerability assessments also have an obvious interest in finding
problems their products will solve.
He believes it is better to hire a company that does one thing well and to
hire others for separate tasks.
Giga's Hunt says that penetration tests can sometimes be useless as they
can be used to get an organisation to sign on for other services or by IT
departments to justify larger budgets.
"And all the reports say the same thing," Hunt says. "You have crappy
passwords, you have open ports, your operating system lacks the latest
patches."
Hunt says before authorising a test you should shore up your network with
basic steps such as secure passwords and closed ports and then test only to
find serious problems you would have missed on your own.
In the end, the best providers are leaders in their field and have a good
history behind them. Hunt suggests talking to other companies with security
needs similar to yours and asking analysts for solid security consultants
and companies that will be around for a while.
Before hiring Counterpane, Nelson narrowed AMD's choices to five companies
but by the time they came to make a final decision three of them were
already out of business.
****************************
Earth Web
Library Of Congress Goes Grid
By Paul Shread
Grid computing technology may soon be used to preserve such priceless
artifacts of American history as films of the Spanish-American War and the
1906 San Francisco earthquake, the photographs of Matthew Brady and Ansel
Adams, and Walt Whitman's notebooks.
The Library of Congress is evaluating Grid technology developed at the San
Diego Supercomputer Center to archive and preserve these works and the
Library's other digital collections.
The Library has assembled numerous important digital collections such as
American Memory, a treasure trove of films, recordings, photos and
documents from U.S history and culture. The collection, "rich primary
source materials on the history and culture of the United States," contains
more than 7.5 million digital items on more than 100 topics from the
collections of the Library and other repositories. Items include encoded
text, images, and audio and video files varying in size from 25 kilobytes
to 5 megabytes each, for a total of some 8 terabytes of digital data.
Powerful data Grid technologies such as the Storage Resource Broker (SRB)
developed at the San Diego Supercomputer Center (SDSC) for scientific
computing are showing promise of being able to preserve these digital
holdings. SDSC and the Library are collaborating to evaluate the SRB data
Grid software to preserve and manage priceless national digital collections.
"We're interested in how the SRB can be applied to the task of building a
repository for managing Library of Congress digital holdings," said Martha
Anderson of the Library's Office of Strategic Initiatives.
'Repurposing' Collections
"We're entering an era in which digital libraries can be used to preserve
intellectual capital," said Reagan Moore, co-director of the Data and
Knowledge Systems program at SDSC. "And beyond preservation, the ability to
discover the information and knowledge content within digital holdings will
add even greater value to these collections."
The researchers will investigate the capabilities of the SRB to manage and
"repurpose" Library of Congress collections. Repurposing a collection
involves giving users the ability to generate new views of the digital
holdings. For example, a user might want to gather the material in the
American Memory collection that is relevant to a landing on Mars. This
material might involve NASA material on the mission and space vehicle,
Congressional material on the budget debates involving the funding, and
other material that puts the mission in historical context.
The collaboration will involve the installation at the Library of Congress
of the SRB software and the Metadata Catalog, which keeps track of each
digital object. Library of Congress staff will then build a test collection
and use it to evaluate the capabilities of the SRB data Grid middleware to
preserve both the collection and descriptive information about the
collection; to enable a naming convention that spans the entire collection,
no matter where its components are located; to merge different collections
seamlessly into new virtual collections; and to control access.
Library of Congress researchers are also interested in evaluating the
ability of the SRB to interoperate with other systems using open standards.
"We're looking forward to the research opportunities this collaboration
will give us to understand how digital library, data Grid, and persistent
archive technologies can all be integrated in support of preservation of
digital holdings," said Moore. "This will help extend our ability to
preserve intellectual capital."
*************************
Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx