[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips October 30, 2002

To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, akuadc@xxxxxxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;
Subject: Clips October 30, 2002
From: Lillie Coney <lillie.coney@xxxxxxx>
Date: Wed, 30 Oct 2002 14:05:23 -0500

Clips October 30, 2002

ARTICLES

EMI to Use Audible Magic to Track Web Piracy
China appears to have dropped plan for Chinese-script addresses [ICANN]
CIA warns of Net terror threat
Powell takes path to free up airwaves
With Venture Funds Scarce, Start-Up Firms Turn to U.S.
Verizon, Spam Co. Reach Settlement
There's more than one way to post your message
Windows 2000 gets Common Criteria OK
FIPS testing finds lots of mistakes in crypto IT
Court questions Interior on e-mail destruction
OMB issues draft standards to increase info-sharing, cut IT costs
Defense, cybersecurity officials praise 'open source' software
Virginia DOT fires, disciplines workers for Internet abuse
ICANN critics may create rival Internet administration group
TechNet leader joins Bush administration
Virtual touch achieved
Patch and Reboot: Microsoft's Groundhog Day?
Court helps out cable TV pirates
Politicians, police recruited to talk up IT security


******************************
Los Angeles Times
EMI to Use Audible Magic to Track Web Piracy
By Jon Healey
Times Staff Writer
October 30 2002

Looking for more help battling Internet piracy, EMI Recorded Music announced plans Tuesday to work with a Bay Area company that tracks unauthorized copying of music online.

The label, home to such artists as the Beatles, the Beach Boys and Garth Brooks, expects to launch an anti-piracy project with Audible Magic Corp. of Los Gatos this year, the companies announced.

"We're going to use [the technology] to look at different ways of keeping track of what's going on with our content, whether it's uses that we've authorized or uses that are stealing from our artists," said Jay Samit, senior vice president of new media at EMI.

Audible Magic identifies music files as they're passing through the Internet, comparing a small sample of each file against the company's database of audio "fingerprints," or unique sonic characteristics. Chief Executive Vance Ikezoye said the Recording Industry Assn. of America has been using his company's technology to gather evidence of copyright infringement for its lawsuits against online file-sharing networks.

The technology can't stop people from making unauthorized copies of music, Ikezoye said, but it could be an effective deterrent when combined with some of the other anti-piracy tools the labels have been exploring. "We can be used as a tool to understand both where the opportunities to affect [piracy] are and maybe how effective those techniques are," he said.

The monitoring services also could help EMI give its artists a clearer picture of what's happening to their music online. Several of the company's biggest acts, including the Beatles, have refused to make their music available through legitimate online music services despite pressure from the label to support alternatives to the unauthorized outlets.

Audio fingerprinting technology also has been used to combat piracy by CD-pressing firms. In the latest development, the RIAA announced Tuesday that Cinram International Inc. of Toronto, a major CD replicator, has agreed to pay $10 million to settle piracy claims. ***************************** Associated Press China appears to have dropped plan for Chinese-script addresses that threatened to split World Wide Web Wed Oct 30,12:28 AM ET

SHANGHAI, China - Two years after threatening to split the online world by issuing its own set of Chinese-script Web addresses, China appears to have quietly dropped such plans.

Chinese officials at a world Internet congress in Shanghai this week say the government has no plans to disrupt the integrity of the Web by challenging a core component its centrally administered addressing system.

Hu Qiheng, chairwoman of the state-run Internet Society of China, said Beijing would only exercise authority over Chinese-script addresses registered with China's ".cn" country suffix. She said that would be an extension of its current practice with addresses written in English letters.

"We aren't seeking control of the Chinese-script Internet," Hu said.

Hu spoke briefly to The Associated Press following a panel discussion on the use of non-English letters in Internet addresses at a meeting of the Corporation for Assigned Names and Numbers, known as ICANN (news - web sites), the organization that oversees Net addresses.

Non-Chinese specialists at the conference confirmed that they hadn't seen any indication that China was going ahead with its plans. However, they said Chinese authorities are still unhappy that their government doesn't control registration of Chinese-language addresses.

Such control became a hot issue after China locked horns with VeriSign Inc. the U.S. company that keeps track of addresses with endings such as ".com" and ".org."

The U.S. company announced in November, 2000, that it would begin registering addresses written in Chinese, Japanese and Korean.

That was part of a wider movement to make the Internet domain name system, which currently recognizes only English letters, more meaningful outside the English-speaking world.

China responded by protesting to ICANN, claiming that only Beijing had the right to issue addresses in the ideograms used to write Chinese.

The government unveiled a competing system that had the potential to disrupt the system of computers spread around the world that direct traffic on the Internet.

Users worried that Beijing might start issuing Chinese-language addresses that already were in use by Web sites elsewhere. If that happened, Web surfers who typed in the same Chinese address could wind up at different sites.

Hu was quoted in Chinese state media at the time as saying the stance was justified because Chinese-script domain names had "special cultural and historical meanings."

The often nationalistic official media called VeriSign's move an infringement on Chinese sovereignty.

Growth of Internet use in China has been spectacular. More than 45 million Chinese use the Web regularly and 127,475 domain names had been registered under the ".cn" suffix by August.

With those numbers, China wants a say in global Internet policy.

Money also plays a role. VeriSign says it has signed up about 1 million addresses in the new scripts most of them Chinese. At US$6 for each registration, it's a lucrative market.

No official statement has been issued about China's current position and Hu wouldn't say whether the proposed competing system had been formally withdrawn.

If it has, though, technical complexity may be a major factor.

Experts at the ICANN conference warned of chaos if a solution for overlapping codes is not found before addresses in Chinese, Japanese and Korean enter widespread use.

Differences between the systems of ideograms used to write Chinese in China and elsewhere also threaten to complicate the issue.

After the 1949 revolution, China's communist government introduced "simplified characters" ideograms written with fewer strokes. Taiwan, Hong Kong, Singapore and other Chinese-speaking communities use either the traditional, more complicated characters or a mix of the two systems.

About 20 percent of dot-com names registered in traditional characters conflict with those registered in simplified characters, said Vincent Chen of the Taiwan Network Information Center.

Given such challenges, it isn't clear whether China could marshal the money and skills to put its competing system smoothly into service. ******************************* CNET News.com CIA warns of Net terror threat By Declan McCullagh Staff Writer, CNET News.com October 29, 2002, 2:15 PM PT

Al-Qaida is not the only terrorist network hoping to wreak havoc on the United States through "cyberwarfare," the CIA says. America's spooks have named Sunni extremists, Hezbollah and Aleph--formerly known as Aum Shinrikyo--as other top threats.

"These groups have both the intentions and the desire to develop some of the cyberskills necessary to forge an effective cyberattack modus operandi," the CIA said in a report to the Senate Intelligence Committee.

The CIA's report, which responds to a list of questions from senators, also says that scientific data posted online aids terrorists: "Terrorist groups worldwide have ready access to information on unconventional weapons, including nuclear weapons, via the Internet."

After the Sept. 11, 2001 terrorist attacks, government pressure to self-censor scientific information has grown. It prompted the presidents of the National Academies to say in a statement on Oct. 18 that "restrictions are clearly needed to safeguard strategic secrets, but openness also is needed to accelerate the progress of technical knowledge and enhance the nation's understanding of potential threats."

"Aleph, formerly known as Aum Shinrikyo, is the terrorist group that places the highest level of importance on developing cyberskills," said the CIA report prepared by Stanley Moskowitz, the agency's director of congressional affairs. "These could be applied to cyberattacks against the U.S. This group identifies itself as a cybercult and derives millions of dollars a year from computer retailing."

The Aum Shinrikyo religious group carried out the deadly nerve gas attack in a Tokyo subway in 1995, which killed 12 people and sent more than 5,000 to hospitals. The group is a doomsday cult that believes the end of the world is near.

The CIA report, along with two others from the State Department and the Defense Intelligence Agency, were prepared in March and April but were not made public by the Senate until this month.

In September, the White House released a 64-page report on securing networks and thwarting "cyberterrorism." Richard Clarke, an adviser to President Bush, said at the time: "We rely on cyberspace, and it is not yet secure. We know the vulnerabilities, and we know the solutions. Let us all work together."

In the past, some intelligence officials have been criticized for being overly alarmist. At an unclassified hearing in February 2001, Adm. Tom Wilson, head of the Defense Intelligence Agency, predicted that Fidel Castro might be preparing a cyberattack against the United States.

Wilson told the Senate Intelligence Committee that Castro's armed forces could initiate an "information warfare or computer network attack" that could "disrupt our military."

Castro denied the charge as "craziness," saying his nation did not have the technical ability to succeed in such an attack even if it wanted to launch one. ************************************ USA Today Powell takes path to free up airwaves By Paul Davidson, USA TODAY

The nation's top communications regulator is expected today to fire the first salvo in a controversial plan to liberalize the use of the nation's increasingly scarce airwaves.

That could free spectrum space for high-speed wireless Internet services and revive the telecommunications industry by jump-starting innovation. Critics say it also could create interference and disrupt existing services.

In a speech at the University of Colorado, Michael Powell, chairman of the Federal Communications Commission, will trumpet the wider use of unlicensed spectrum, say people familiar with his plans.

He also will call for relaxing rules on how mobile-phone carriers, broadcasters and satellite companies use the licensed spectrum they buy at FCC auctions, they say.

FCC officials would not comment, but Powell, a free-market proponent, has long signaled his leanings on the subject.

His speech is expected to be followed in the next couple of weeks by the release of an FCC task-force report on spectrum policy and, in six to 12 months, new rules.

Today the FCC earmarks specific blocks of frequencies for, say, TV broadcasters or wireless companies, charging billions of dollars for them at auction. The agency also makes it tough for companies to lease their spectrum to others or use it for different purposes.

Powell is expected to propose loosening those restrictions in a bid to free up airwaves.

Also, just a couple of frequency bands are reserved for unlicensed services, such as the Wi-Fi (wireless fidelity) Internet networks sprouting in cafes and airports.

Users of unlicensed bands don't pay for airwaves. Instead, they share them with other services, avoiding interference by operating at low power and using smart antennas that can pluck out relevant signals and ignore all others.

Academics have long argued that more bands should be set aside for unlicensed services and that they could even share certain frequencies with licensed services without interfering.

Powell is expected to encourage those ideas, paving the way for further study and likely action by Powell and the three other FCC commissioners.

Details have yet to be worked out, but Powell's vision would let more companies use the USA's fast-dwindling stock of airwaves. It also could spur innovation by suppliers, who must now tailor their offerings to the few big firms that control the airwaves.

"Entrepreneurs and high-tech companies will be freed up to experiment, innovate, invest ... rejuvenating a key sector of our economy," Rep. Ed Markey, D-Mass., sponsor of a bill promoting unlicensed services, said in a recent letter to Powell.

Early this year, for example, the FCC approved a breakthrough unlicensed service called ultrawideband, which can permit wireless home video networks and other new services.

But big wireless companies worry about the interference that might result if unlicensed services are allowed to share their spectrum.

"People paid billions for their licenses with the expectation of their ability to perform," says Tom Wheeler, president of the Cellular Telecommunications & Internet Association. ****************************** Washington Post With Venture Funds Scarce, Start-Up Firms Turn to U.S. By Shannon Henry Washington Post Staff Writer Tuesday, October 29, 2002; Page E01

Seth Murray, president of StreamSage Inc. in Washington, had a promise of $3 million from a group of private investors, including venture capitalists and a large corporation. Finally, after months of looking for financing, someone had come through. But then the corporate investor, a telecommunications company, was hit with its own disasters. The deal was pulled.

Now, Murray looks back at that moment as good luck. Worried about his business's future, he began to hunt for other kinds of funding, and he was willing to try anything. One of his employees heard about an opportunity to attract some government money. Murray was skeptical at first -- his company is no systems integrator. Its software searches and indexes video and audio files.

But in October 2001, StreamSage received $2 million from the Advanced Technology Program of the National Institute of Standards and Technology (NIST), part of the Commerce Department. It's a three-year grant, which requires meeting several demanding milestones, but at the end, no one but StreamSage owns StreamSage. And Murray is thrilled.

He's not alone. As venture funding has dried up for the earliest-stage companies, executives are flocking to the deep well of the federal government.

From 1998 to 2001, the federal grant program saw about 400 to 500 business proposals per year. In 2002 so far, it has received 1,075 proposals.

"In the dot-com heyday, people turned their nose up at government funding," said Murray. "It's much more accepted now."

The goal of the grant program is to fund ideas and concepts that otherwise may never turn into businesses. While many private investors in the headiest days of the Internet frenzy also funded such infant companies, financiers are now more likely to look for businesses with established products and customer rosters.

And NIST is looking for exactly the opposite: the unproven, the unfundable, the barely visible question mark of a company. And it's happy to take over where venture capitalists are leaving off.

"VCs want to go directly into the market with something that has been proven," said Arden L. Bement Jr., director of NIST. "We tend to be more patient capital."

Bement said however, that he doesn't think of the technology grant program as a competitor to venture capitalists, but as one that serves as more of a warm-up stage before VCs come in. Many VCs track companies funded by the grants and consider funding them at the end of the program, he said, when they are more fully formed.

Since 1991, the federal grant program has been holding competitions, usually two a year, to find new investments. About 40 companies receive funding in each competition. The U.S. program has a current annual budget of about $184 million. Most grants are about $2 million. Companies entering the program submit quarterly reports with updates on technical achievements, the management team, the business plan, and a budget.

In the past three years, 10 Washington area companies have received the federal grants. There is officially no geographical bias, but Murray said being close to NIST lets him have a closer relationship with his project manager. He drops by often for advice. The types of work the 10 Washington region companies are doing -- in areas from circuits to stem cells -- shows not only what is new in technological innovation, but how diverse the grant-program portfolio has become.

XTremeSpectrum Inc. of Vienna, for example, is creating a radio system designed to locate firefighters inside buildings. Conclusive Technology Inc. of Vienna is developing Internet data encryption; Iomai Corp. of Gaithersburg is working on a cancer vaccine. What these groups have in common is that they are developing projects that are unlikely to be funded by private equity sources.

To get in the running for a federal grant, a company has to show not a complete product or service, but a concept with "scientific merit." The main criteria for companies is that they are creating an innovative, high-risk technology. It also has to prove to NIST that the creation would have an impact on an industry, and that the company intends to eventually make the product or service commercially available.

"It's to jump-start novel projects," says Michael Newman, a spokesman for NIST. "A venture capitalist would look down on some of these projects."

Still, some have criticized the program for its liberal grant-making. The program considers a company a success if it develops a project that has impact on the nation. But after the grant period is over, the government does not own any part of the business.

"There was concern that this would be corporate welfare," said Newman. "But this is definitely not a handout."

There are very few strings, however, to this award, and word is now getting out to executives of start-up companies in search of funding. Robert W. Schumann, chief executive of Cinea Inc. of Herndon, heard about the program after he had made an unsuccessful pitch to an "angel" investing group. He began to talk to one of the other presenters, Seth Murray, who told him about his own experience with the program.

At first, Schumann, whose company is creating an anti-camcorder technology that would stem digital piracy of movies, was leery.

"Your core reaction is 'Oh, God, it's the government,' " said Schumann. But now, Schumann said, NIST's advice and $2 million grant, which he received earlier this month, have helped his business get off the ground. And the process, he said, from initial interviews to cash on hand, was faster than he'd seen with venture capitalists.

"There's not a lot of money out there, but there's a lot of great technology," said Schumann. "We've learned the government is not a terrible abyss." **************************** Associated Press Verizon, Spam Co. Reach Settlement Tue Oct 29, 5:21 PM ET By MATTHEW BARAKAT, AP Business Writer

McLEAN, Va. (AP) - One of the world's most prolific purveyors of bulk e-mail, or spam, has been barred from sending messages to Verizon customers under a legal settlement.

Under the agreement, parts of which are secret, Verizon's 1.64 million Internet customers in 40 states will no longer receive spam from Alan Ralsky, whose Michigan-based company, Additional Benefits LLC, is considered one of the largest sources of bulk e-mail.

"It's not like these guys file SEC reports, but as best as folks can tell he is one of the bigger spammers out there," said John Mozena, a spokesman for the Coalition Against Unsolicited Commercial E-mail.

Verizon filed its lawsuit against Ralsky in March 2001 in Virginia federal court after several 2000 incidents in which Verizon Online customers were inundated by millions of e-mail solicitations from companies that work with Ralsky, said Verizon spokeswoman Bobbi Henson.

The initial lawsuit against Ralsky had sought to shut him down entirely but Henson called the settlement a victory.

"People should see this and think twice about sending spam on our lines," Henson said. She said Ralsky must also pay an undisclosed fine.

Ralsky's company would send e-mail solicitations for online casinos, diet pills, and companies that promise to fix bad credit, among others, according to the complaint filed by Verizon.

The complaint said Ralsky broke federal and Virginia law by among, other things, clogging Verizon's network with a flood of illegitimate e-mails.

Mozena said most Internet providers work hard to keep spam from their customers, using filters and other technology, although the recent telecom meltdown has left some cash-strapped providers dependent on money they can earn from trafficking in spam.

Occasionally, he said, a provider will file a lawsuit against a person or business it considers a particularly egregious abuser of its e-mail network. *************************** Federal Computer Week Homeland goes interstate route BY Dibya Sarkar Oct. 29, 2002

If you're having a hard time envisioning what the national strategy for homeland security would look like, try using the interstate highway system, built more than 50 years ago, as an example.

That's what Steve Cooper, senior director of information integration and chief information officer for the White House Office of Homeland Security, told attendees at the National Association of State Chief Information Officers in St. Louis on Oct. 28.

Cooper said that Lois Clark McCoy, president of the National Institute for Urban Search and Rescue, told him several weeks ago that "national" wasn't the best term to describe the homeland security strategy and suggested another description: an "interstate communications expressway."

Cooper said that "national" conjures up a hierarchy, while "interstate isn't politically charged to anybody."

In essence, an interstate communications expressway means linking networks with each other to create a "network of networks," he said. "So . . . we really don't have to start from scratch."

He said the "communications expressway" would be different from the Internet.

"A lot of what we need to do for homeland security needs to be secure. The Internet's not. But the reality is that an awful lot of what travels over the Internet is lost. It never gets there," Cooper said.

"We would envision something along the lines of a virtual private network or some type of secure type of network," he continued. "And we will use portions of the Internet, but we will encrypt information and we will add capabilities so that what travels across is secure in and of itself as it's transmitted."

Cooper said the federal government would help build the "on-ramps" to an interstate communications expressway, but that state and local governments must have systems adhering to certain national standards and be architecturally compliant.

However, Georgia Technology Authority CIO Larry Singer said that to develop an interstate communications system, states must have a strong intrastate system, requiring a collaboration between government and industry. ****************************** Government Computer News There's more than one way to post your message By Patricia Daukantas GCN Staff

Speakers at yesterday's FedWeb fall conference offered a number of tips for delivering online content to audiences who speak little or no English.

Among the suggestions:
Get a search engine that accepts diacritical marks
Watch out for formatting problems
Review document translations carefully
Be aware of regional dialects
Present metadata in the same language as the Web site's.

At the Arlington, Va., gathering, the Social Security Administration and Small Business Administration showed off new Spanish-language portals, at www.ssa.gov/espanol and www.sba.gov/espanol.

SBA launched its Spanish site in September, said Patricia Chavez-Villanueva, a special assistant in SBA's Office of Women's Business Ownership. It garnered more than 50,000 hits during the week of Sept. 22, she added.

About 10 percent of SSA's clients speak Spanish, but only 1 percent speaks other non-English languages, said Lonnie Albright, a webmaster and public affairs specialist in SSA's Office of Communications. About 80 percent of SSA's Web content is now presented in Spanish, but many of the 14 other languages on the site are represented only with basic forms and explanatory fact sheets.

The agency presents many forms in Adobe Portable Document Format because HTML posed too many font problems with non-Latin alphabets, Albright said. A contractor handles most of the non-Spanish translations.

When making a Spanish version of the MedlinePlus service, at www.nlm.nih.gov/medlineplus/spanish/medlineplus.html, officials at the National Library of Medicine chose to put a toggle link on the header of each page, NLM systems librarian Paula Kitendaugh said. Readers can search for a medical term and then toggle back and forth between English and Spanish to the same content in either language.

MedlinePlus in Spanish went online Sept. 9, Kitendaugh said.
***************************
Government Computer News
Windows 2000 gets Common Criteria OK
By William Jackson

Microsoft Windows 2000 Server and desktop operating systems today received a Level 4 Common Criteria certification from the National Security Agency. The designation, recognized by 15 countries, took three years of evaluation and cost Microsoft "many, many millions of dollars," chief technology officer Craig Mundie said. "It is a Herculean task to put a product of the complexity of Windows through the process."

Windows XP and .Net Server products also will undergo Common Criteria evaluation, Mundie said at the Federal Information Assurance Conference at the University of Maryland. The evaluations are carried out by third-party commercial laboratories, and certified products receive preference in U.S. government purchases.

"There is a movement, accelerated in the post-Sept. 11 environment, where government procurements may require evaluated products for a significant class of systems," Mundie said. "We think this will expand the range of applications to which Windows 2000 can apply."

The certification covers Win 2000 components in addition to the OS kernel. They include Active Directory, virtual private networking capability, the encrypted file system, the network and desktop management mechanisms, and the flaw remediation process.

Mundie said Win 2000 shares some features with Win XP and .Net Server, which will speed up their Common Criteria evaluations. ************************ Government Computer News FIPS testing finds lots of mistakes in crypto IT By William Jackson

About half of the cryptographic modules submitted for Federal Information Processing Standard validation have security flaws, a survey by the National Institute of Standards and Technology has found. Almost all evaluated products had documentation errors, said Annabelle Lee, director of NIST's Cryptographic Module Validation Program.

Speaking today at the Federal Information Assurance Conference at the University of Maryland, Lee cited the impact the FIPS validation program is having on cryptography vendors. She said 80 of 164 crypto modules submitted for evaluation had flaws involving physical security, random number generation or key management. Of 332 algorithms validated, 88, or about one-fourth, had security flaws, and about two-thirds had documentation errors.

Federal organizations must use FIPS-compliant crypto products for sensitive but unclassified data. FIPS 140-1 was the operative standard until it was replaced last year by FIPS 140-2. Since May, products can be evaluated only against 140-2.

Seven commercial laboratories in the United States, Canada and England are accredited to do the testing. NIST has simplified revalidation requirements to make it easier for 140-1-certified products to be certified under the new standard, Lee said. More than 260 validations have been issued for about 300 products from 60 companies. *************************** Government Computer News Court questions Interior on e-mail destruction By Wilson P. Dizard III

The U.S. District Court for the District of Columbia has demanded that the Justice Department explain why the Interior Department destroyed e-mail messages related to a court case over American Indian trust funds despite court orders to the contrary. Justice is representing Interior in the case of Cobell v. Norton [see story at www.gcn.com/21_29/news/20110-1.html].

Court-appointed attorney Alan Balaran wrote to Justice recently asking why Interior destroyed e-mail messages to assistant secretary for Indian affairs Neal McCaleb dated between Dec. 1, 2001, and Oct. 1, 2002. Justice attorney Sabrina McCarthy replied to Balaran that Interior is investigating whether the messages can be reconstructed from backup tapes. Interior also has hired document management vendor Zantaz Inc. of Pleasanton, Calif., to retrieve the messages.

Balaran told Justice in a recent letter that the destruction of the e-mails "suggests the absence of effective policies and procedures that ensure the preservation and retention of electronic correspondence.

"It further suggests the absence of any auditing protocols whereby incidents of destruction are detected and reported immediately," Balaran wrote.

Interior is under court order not to destroy any records related to the Indian trust litigation, which has proceeded for six years over the issue of mismanagement of Indian funds held in trust by the government. **************************** Government Executive OMB issues draft standards to increase info-sharing, cut IT costs By Tanya N. Ballard tballard@xxxxxxxxxxx

The Office of Management and Budget issued a draft report last Friday outlining federal technology standards designed to increase information sharing among agencies and reduce overall technology costs.

"These standards will greatly facilitate the ability to share and reuse a common set of technology components, while also leading to reduced information technology investment," according to a draft report from OMB's Federal Enterprise Architecture Program Management Office, which is charged with designing a governmentwide IT plan. The standards discussed in the report will initially be applied to 24 technology projects the Bush administration plans to fund over the next three years to maximize efficiency and improve its service to citizens and businesses.

Federal agencies spend millions of dollars on the development and acquisition of technology components, according to OMB, but just a few agencies are effectively using those resources. The majority of agencies continue to struggle to adopt best practices. Several agencies also duplicate efforts by separately collecting and processing identical information, instead of just sharing the data they've gathered.

The adoption of standards that describe which products need to be bought to support the exchange of data and which technologies should be used would also save money. Earlier this month, the Energy Department unveiled a new e-signature tool it has licensed for governmentwide use. OMB Director Mitch Daniels praised agency officials for allowing the new tool to benefit the entire federal government.

Ideally, the enterprise architecture office envisions the use of more Web-based solutions to accomplish agency missions, making their systems more interoperable. For example, a fictional Border Patrol e-government initiative described in the report could theoretically create an environment where different agencies share pertinent information with the system, ultimately improving their ability to accomplish their individual core missions.

Such information might include whether warrants have been issued against a driver importing illegal goods (State Department), whether a particular animal should be allowed entry into the U.S. (Agriculture Department), whether food being shipped is packaged correctly (Food and Drug Administration) and whether the driver fits any descriptions of wanted suspects (Justice Department).

There are some challenges to creating this interoperable technology environment, the office found.

"Agencies often work independently, which has led to a proliferation of stovepiped processes that make horizontal and vertical information sharing difficult to achieve," the report said. Government and industry stakeholders may also be resistant to accepting the group's recommendations, according to the report.

To overcome those challenges, OMB plans to put in place incentives for adopting its recommendations, including preferential scoring of agency IT initiatives that reuse or share technology during budget deliberations. OMB also plans to work with agency officials to better understand the obstacles agencies face in putting the measures in place. ***************************** Government Executive Defense, cybersecurity officials praise 'open source' software By Drew Clark, National Journal's Technology Daily

A Defense Department technology expert and a White House cybersecurity official on Tuesday praised government's use of "open source" software and said that its security can be preferable to that of commercial software.

Speaking at a conference sponsored by Dell Computer and Red Hat, which distributes the Linux open-source software, the defense and cybersecurity officials said they anticipate that government use of the software will continue to increase. The source code for Linux and other such software is open for public inspection, unlike that of proprietary software.

"Open source allows us the opportunity to have a pro-active and pre-emptive identification of security holes by friendly analysis," said Ken Linker of the Defense Information Systems Agency. He read the written presentation of Robert Walker, the program manager for the agency, which runs the software for a large portion of the department's command-and-control systems.

"As a result, this early identification and rapid repair of security vulnerabilities has become a major advantage of open source over more proprietary approaches to software development," Linker read. The presentation was replete with positive references to the security advantages of open-source software.

Whether open or propriety software is more conducive to cybersecurity recently has become a matter of debate. The Microsoft-supported Alexis de Tocqueville Institution has said that use the use of open-source software puts the government at greater risk of cyberterrorism.

In his presentation, Walker said Defense has heard three criticisms of open source: that it exposes software vulnerabilities, that it could introduce "Trojan horse" viruses, and that intellectual property rights are jeopardized by the use of the "general public license," or GPL, which is a common open-source license attacked by Microsoft for its "viral" nature.

Addressing the first point head on, Walker said the "con" that open source "facilities subversion by hostile analysts of otherwise reliable software" must be balanced against the "pro" that it "allows pre-emptive identification of security holes by friendly analysts." As a result, he said open source is superior.

Walker also said the "risk of Trojan software in open source appears to be no greater than the risk for proprietary" and may be less because of the ability to conduct friendly analysis.

He said Defense's key open-source concern involves the GPL. "For [the department], 'capture' of proprietary software is a concern for the areas of software development and research support," Walker said. But he also criticized Microsoft for "unusually restrictive licenses."

Marcus Sachs, director of the communication infrastructure protection in the White House cyber-security office, said "the government isn't going to take a position" for or against open source. "I think, personally, there is room for both. The two can absolutely work together. The question is, how do you make it secure?"

Sachs also said that nearly one-third of all government Web sites use Apache, the leading open-source server software. The number of military Web sites using it is 22 percent, second to Microsoft's server software, but military use of Apache is growing rapidly, he said. ***************************** Computerworld Virginia DOT fires, disciplines workers for Internet abuse By LINDA ROSENCRANCE OCTOBER 28, 2002

The Virginia Department of Transportation (VDOT) earlier this month fired 17 workers for surfing pornography sites during business hours. In addition, the agency fired eight contract workers and suspended 61 others for two weeks without pay, for excessive use of the Internet, not including accessing sexually explicit sites, according to VDOT spokeswoman Tamara Neale.

Neale said the department's internal auditor began monitoring employees' use of the Internet during work hours after several workers complained that one worker was spending too much time surfing the Internet and not enough time working.

According to Neale, the first internal audit, which was done during the week of April 8, identified 86 employees, out of the agency's 10,000 workers, who were online at nonwork-related sites for two or more hours on one day during that week.

She said the auditor then monitored workers' Internet use during other weeks and months to determine if there was a pattern of abuse.

Neale said the agency could not tolerate employees who used the Internet excessively or employees who were accessing porn sites.

"If an employee wants to pay a bill online, or make hotel reservations, we don't have a problem with that. If you use the Internet, do it in moderation," Neale said. "When an employee is hired he is made aware of our policies regarding use of the Internet, and he is then asked to sign a paper saying he agrees with it."

She said the commissioner of the VDOT also let managers know, in no uncertain terms, that they needed to pay attention to what their employees are doing during work hours and that they would be held accountable for the actions of the people they manage.

Neale also said the department may continue to monitor Internet use by employees in the future. *************************** Computerworld ICANN critics may create rival Internet administration group By TODD R. WEISS OCTOBER 29, 2002

The Internet Corporation for Assigned Names and Numbers (ICANN), the nonprofit group that runs the Internet's Domain Name System, might be challenged next year for some of its administrative power by a group of dissatisfied top-level domain (TLD) holders who feel ICANN holds too much sway. Rob Courtney, a policy analyst at the Washington-based Center for Democracy and Technology (CDT), a nonprofit public policy group, said rumblings of a possible challenge to ICANN were raised yesterday at a four-day session being held by ICANN in Shanghai to consider changes to its bylaws and structure.

Courtney is attending the meetings on behalf of the CDT, which has criticized ICANN's recently proposed reforms as not going far enough to bring needed changes. In June, the ICANN board unanimously approved the proposed reform blueprint.

The idea, Courtney said, is that a number of TLD holders may want to take over some of the Internet's administrative work now done by ICANN under a contract with the U.S. Department of Commerce. The so-called Internet Assigned Numbers Authority (IANA) maintains administrative contacts for the Internet, updates name servers and completes other administrative tasks, he said.

Under an idea being floated at the ICANN meetings, some TLD holders are thinking of making their own bid for the next IANA contract, which expires at the end of March.

"I think it's potentially very significant," Courtney said of the concept. "ICANN has always done those functions and set the policies. Those things have always been paired since ICANN's creation in 1998. This would split that. It would require a real rethinking of how ICANN operates."

So far, Courtney stressed, it's just an idea, but it could jell into a firm proposal before ICANN's meetings conclude on Thursday. "None of the TLDs have come up with the detailed proposals needed yet to do such a thing," he said.

"The new proposal for the IANA function kind of posits a new world," Courtney said. "This is a new idea that has not been put forward before in practical terms."

A spokesman for ICANN could not be reached for comment today.

Tomorrow in Shanghai, ICANN will hold a public forum to collect opinions about its proposed reforms and other issues related to the group. Comments are expected from many parties, including regional internet registries, TLD holders and others.

On Thursday, the ICANN board will meet to vote on the proposed reforms and changes. The group will then meet in Amsterdam in December to decide how to implement the coming changes.

ICANN has been criticized often for its authority and operations in recent years. The reform efforts are intended to address some of those concerns, though critics say more changes are needed. ************************************** Washington Post Md. Plans Broadband Backbone Launch


By Michael P. Bruno
washingtonpost.com Staff Writer
Wednesday, October 30, 2002; 7:09 AM

Maryland officials today will formally launch an Internet backbone network aimed at ensuring access to broadband service for every university, school, police department and any other public-sector organization in the state.

The $18 million networkMaryland project does not provide Internet service itself. Any local government entity that wants to be on the network must pay for its own connection via a local Internet service provider. What networkMaryland provides is a statewide broadband backbone, or "information highway system," connecting the state's four local telecommunications networks for data-only traffic.

NetworkMaryland's users so far include the governor's office in Annapolis, Frostburg State University in western Allegany County and the Charles County government in La Plata, organizers said.

"This brings affordable broadband access to all regions of the state for the public sector," said Margo Burnett, networkMaryland's senior project manager.

"It's a small step but a significant one," said Renee Winsky, deputy executive director of the Maryland Technology Development Corp. and a member of networkMaryland's advisory group. "Everyone that is public sector can get on it."

Earlier this year, Maryland officials released initial results of a survey of broadband service across the state. The eReadiness Maryland survey reported an abundance of broadband service availability in the four counties between Washington and Baltimore, but a dearth of similar access in the western third of Maryland and the Eastern Shore.

NetworkMaryland is part of longstanding effort by the state government to bring broadband access to every corner of the state. To create the networkMaryland broadband system, officials established four points-of-presence, called POPs, on the four local telecom networks in Maryland. POPs are connection points to a larger telecom network. Two of the POPs on the network are owned and managed by Maryland, while the other two are leased from unidentified private vendors, Burnett and Winsky said.

The project started in 1999 but the pace was slow, Winsky said. Early this year the legislature demanded results and formed an advisory board to oversee a launch this fall.

"Early on, there was an assumption that [networkMaryland] would be everything to everyone, and that just won't be the case," Burnett said.

Maryland's projected $1.7 billion budget shortfall could pose problems for the networkMaryland project.

"We're not sure what the pricing will be on all of this going down the road," Winsky said. "We have to go ask for money and this is going to be a tough fiscal year. A lot of this will depend on what the state wants to do."

Virginia also has a project to provide its public sector with broadband access, but it works quite differently despite its similar name, networkVirginia. Rather than owning or managing any part of its public backbone, Virginia acts only as a contract mediator between public groups and ISPs Sprint and Verizon.

Jeff Crowder, networkVirginia's project director, said the six-year-old system serves 70 percent of Virginia's K-12 schools and every university or college in the state. More than 1.5 million users access the network, he said. *************************** San Francisco Chronicle TechNet leader joins Bush administration Correll named to technology advisory role

A top executive at the TechNet public policy group has taken a job in the U.S. Commerce Department as an adviser on technology issues, potentially boosting Silicon Valley's clout in Washington, D.C.

Connie Correll, TechNet's executive vice president, will serve as counselor and senior adviser to Philip Bond, the department's undersecretary for technology. She starts her new job Dec. 2.

Correll, who before joining TechNet spent years working on Capitol Hill, is but the latest member of Silicon Valley's tech community tapped for a spot in President Bush's administration.

Soon after taking office, Bush lured to D.C. another TechNet leader, Lezlee Westine, to head his Office of Public Liaison and named venture capitalist E. Floyd Kvamme as co-chair of the President's Council of Advisers on Science and Technology. Kvamme had helped found TechNet.

Seeding Washington with people who understand the valley's culture and issues can only help the industry, said Rick White, TechNet's chief executive officer and a former U.S. representative from Washington state.

"When I was on the hill, we used to say it was hard to imagine two worlds that were more different -- the tech industry and the government," White said Tuesday. "It's important to have people who can explain one to the other."

Correll, 33, echoed that point.

"Two years in the valley really gives you a better idea of how the tech industry works," she said. "I've really learned a lot, below the surface, of what our companies do every day."

Her new job won't necessarily entail pushing the issues championed by TechNet, a bipartisan group that includes executives of more than 300 technology firms. Correll will run both legislative affairs and public affairs for the department's technology administration and will report directly to Bond, whom she has known for more than five years.

Some of TechNet's issues, however, dovetail with the administration's policy goals and may become part of her job, Correll said.

Bond, through a spokeswoman, declined comment on the appointment until after Correll has been completely vetted for the post. Spokeswoman Cheryl Mendonsa, however, confirmed that Correll already had been offered and had accepted the job.

Silicon Valley proved a fertile fund-raising region for both Bush and Democrat Al Gore during the last presidential election, and Bush's policy positions have often mirrored the tech industry's. He has opposed counting stock options as an expense on earnings reports and wants increased foreign trade -- two of the issues closest to the valley's heart.

And yet Bruce Cain, director of UC Berkeley's Institute of Governmental Studies, cautioned that Bush has often been more likely to throw his full weight behind economic initiatives that play well in swing states rather than in Democratic California. Silicon Valley executives, he said, may find that some of their issues aren't foremost on Bush's agenda.

"They'll get some consideration because what happens to Silicon Valley has a lot to do with economic recovery in the state," Cain said. "Unfortunately for Silicon Valley, they're stuck in a Democratic ghetto." **************************** Mercury News Virtual touch achieved MILESTONE PORTENDS PROGRESS IN MEDICINE, EDUCATION By Chris O'Brien Mercury News

The world got a little smaller Tuesday after scientists reached around the globe via the Internet and touched.

Or rather, the scientists -- in London, Boston and Los Angeles -- picked up a virtual cube on a computer screen at the same time and pushed it around. The scientists, holding robotic arms, could feel the force being exerted by the others as well as the texture of the cube.

Though computers have been able to transmit such sensations in close quarters for several years, the distance between the scientists was a new milestone that they hope will eventually lead to new collaborative applications in telemedicine, education and art.

``I think the most important applications are the ones we don't know yet,'' said Mandayam Srinivasan, director of the Massachusetts Institute of Technology's Touch Lab and leader of the MIT team that developed the technology. ``When Alexander Graham Bell invented the telephone, he didn't see all the possibilities.''

The breakthrough actually occurred in May and was detailed in a paper presented Oct. 9 in Portugal at the conference called Presence 2002: The 5th Annual International Workshop on Presence. Tuesday marked the first public demonstration.

By adding a sense of touch, researchers hope to improve the experience of various virtual environments, which are usually limited to sight and sound. The field of research involving touch is referred to as ``haptics.''

There were three demonstrations Tuesday. The first occurred between labs at MIT and the University College London. Later, links were established between the University of Southern California and MIT and with the London school. Each team's computer had a robotic arm with a stylus at the end. On the computer screen was a blue box. A researcher wrapped a finger around the stylus to move a cursor on the screen. When the cursor hit the box, which is programmed to ``feel'' like hard rubber, the software transmits signals through the arm that vary the amount of tension felt.

When the cursor controlled by the second team touches the box, it changes the level of tension felt by the first team. As each team experienced different levels of resistance, participants moved the cursors around the box and together lifted it up and moved it across the screen.

The robotic arm and the software have been commercially available for several years. But the teams altered the software so the program could be used across the Internet. Despite the breakthrough, researchers said they were well aware of the limitations.

The arms have to be moved very slowly because the transmission of signals across the Internet can often be slow and jumpy. Srinivasan said researchers will be focused on improving the network performance, the processing speed of the computers and the software to fine-tune their work.

``As the software becomes more sophisticated and computers become faster, we can have widespread virtual environments where we interact more naturally,'' Srinivasan said. ******************************** News Factor Patch and Reboot: Microsoft's Groundhog Day?

An onslaught of software updates and patches can prove frustrating for any system administrator. But this deluge may be particularly vexing for those running Microsoft Windows systems, which often must be rebooted after a patch is installed, unlike Linux or Unix. Fortunately, the software giant is beginning to overcome that Achilles heel. [Story http://www.newsfactor.com/perl/story/19817.html] ******************************* CNET News.com Court helps out cable TV pirates By Declan McCullagh October 30, 2002, 8:59 AM PT

A father-and-son pair of cable TV pirates violated the law but a $30 million judgment against them should be reduced, an appeals court said Tuesday. The Seventh Circuit Court of Appeals said in a 15-page decision that the two Chicago-area men were denied crucial information during their trial that could have helped their defense.

A three-judge panel said that Cablevision, which brought the suit against Frank Redisi Sr. and Frank Redisi Jr., should have made its chief of security available for depositions. The Redisis argued that because Cablevision waited until May 1999 to sue them, the two-year statute of limitations had expired and the lawsuit should be dismissed.

"As director of corporate security with responsibility for cable theft investigations, (Cablevision's Robert Astarita) alone could provide the answer to the relevant question of whether Cablevision had knowledge sufficient to trigger a duty to investigate more than 24 months before it brought suit," the court said.

Federal law prohibits the "manufacture or distribution of equipment" that can be used to descramble cable TV broadcasts without authorization. The law also says that cable companies must file suit "within two years."

The FBI raided the Redisis in 1992 in an investigation that led to the son pleading guilty to one count of distributing illegal descramblers. It seemed to have little deterrent effect, and the Redisis continued to sell approximately 2,700 decoders over the next seven years.

According to FBI records, Cablevision had been alerted about the Redisis' return to the family business by 1995, which could mean the damages award would be reduced from $29.8 million to something closer to $3 million because of the statute of limitations.

The appeals court also said that Cablevision's method of estimating how much money the Redisi family cost the company yielded excessively high numbers. Cablevision used the number of people in the Redisis' customer database multiplied by an estimate of $154.75 of lost revenue per month.

That was nothing but speculation, the judges said. "If a viewer spent a few seconds scanning through 20 or so pay-per-view movies with his remote control, and each movie costs $5, Cablevision would assess its damages at $100 ... (The law) does not give an injured party carte blanche to provide wild guesses at its damages."

But the family won't be getting off the hook; the judges said "even in a best-case scenario for the Redisis, we agree with the district court that they are liable for sales within the two-year period of limitations. That means at a minimum that they must account for their post-May 1997 sales of illegal decoders." **************************** Information Week Feds Weigh Establishment Of Interstate Communications System By Eric Chabrow Oct. 28, 2002

Government will link existing networks to create the system and will pay for entry and exit points for those who use agreed-upon standards, White House CIO says.

The Bush administration is exploring the possibility of creating an "interstate communications expressway," patterned after the interstate highway system, to quicken the exchange of homeland-security information among federal, state, and local governments, the CIO of the White House Office of Homeland Security told attendees Monday at the annual conference of the National Association of State CIOs in St. Louis. http://www.informationweek.com/story/IWK20021028S0005 **************************** Info World Politicians, police recruited to talk up IT security By Bernhard Warner, European Internet Correspondent October 30, 2002 6:19 am PT

LONDON (REUTERS) - Politicians, law enforcement and national security advisers have descended on London this week for a computer security event, covering topics that more reflect surviving global conflict than safeguarding computer networks. http://www.infoworld.com/articles/hn/xml/02/10/30/021030hnpolice.xml?s=REUTERS *************************** Sydney Morning Herald Technology to control what children buy from canteens Sydney October 30 2002

Big Brother is set to enter Australian schools with the national launch of new smart card technology allowing parents to control what their child buys from the school canteen.

When swiped by canteen staff, the prepaid card brings up a photo-ID of the child and a a list of foods they are banned from buying and any spending limits.

The system also records the purchases made, allowing children to be "rewarded" for selecting healthier foods.

The initiative was developed by the milk cooperative company Dairy Farmers, in consultation with the Federation of Canteens in Schools, after Dairy Farmers was approached by a Sunshine Coast computer software company which developed the technology for pubs and clubs.

Dairy Farmers Group marketing manager Andrew Lawrence said the card was about improving childrens' health and giving parents peace of mind.

He said it gave parents the opportunity to prevent their children buying foods high in fat or sugar, foods a child may be allergic to, or foods they should not have for health reasons, such as diabetes.

"With increased attention being given to healthier food choices we are proud to be launching a program that provides parents with a practical tool to help fight Australia's childhood obesity epidemic," he said.

"The smart card is a simple and effective solution that gives parents peace of mind, ensuring their child's healthy eating habits carry from home to the school yard."

He said the system would also teach children about budgeting and prevent children being bullied for money.

The card has the backing of Nutrition Australia and the Australian Council for Health, Physical Education and Recreation.

The NSW Federation of Parents and Citizen's Associations said on the surface the card appeared to be a good idea, particularly in relation to providing allergy information.

However a spokesman said there were some concerns relating to the electronic surveillance of children.

"It really is a case of parents having another technological means of monitoring their kids without taking an active role themselves," he said.

"It certainly seems to be a case of Big Brother entering the school canteen."

Sydney high school student Mia Spears, 14, said the idea had good and bad elements but was unlikely to change the eating habits of teenagers.

"I suppose the card idea is okay because you don't always have to go to the trouble of scabbing money off other people," she said.

"But if your parents decided, 'Oh, you're not allowed to have this', you'd be a bit annoyed.

"Being little mischievous people that we are, I think we'd just get our friends to buy it for us." **************************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx

Prev by Date: Clips October 29, 2002
Next by Date: Clips October 31, 2002
Previous by thread: Clips October 29, 2002
Next by thread: Clips October 31, 2002
Index(es):
- Date
- Thread