[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips October 10, 2002

Clips October 10, 2002

ARTICLES

F.B.I. Admits Surveillance Excess
Higher-Education Organizations Urge a Crackdown on Illegal File Sharing
Anti-Porn E-Mailer 'Fesses Up'
Minors Evade Online Age Checks
Want Wi-Fi? Verizon takes it home
Sometimes It's One Voter, 2 ID Cards
Agencies to try out EA system
NSA will test a high-level access card
Treasury set to issue digital certificates with smart cards
Feds testify about improved antiterror systems
DOD forms a senior biometrics group
DOD will soon set information assurance standards
House committee votes to create e-gov administrator
Panel backs bill to let agencies share business data
Colleges Slow Computer Networks [Piracy]
Hackers send Sendmail a message
Justices take up Mickey Mouse case [Copyright Case]
Microsoft rethinks copy restrictions [Intellectual Property]
Bill of Rights [Intellectual Property]


********************************
New York Times
F.B.I. Admits Surveillance Excess
By NEIL A. LEWIS

WASHINGTON, Oct. 9 An F.B.I. memorandum recently provided to Congress disclosed that the bureau exceeded its mandate on several occasions in 2000, when it put in place secret surveillance operations against foreign agents.

The document, released today by a member of Congress, showed that agents acted improperly in at least 10 incidents in the first quarter of the year. Agents illegally videotaped suspects, intercepted e-mail messages after court permissions had expired and recorded the telephone conversations of an innocent person who had taken over the cellphone number of a terrorism suspect.

Representative Bill Delahunt, the Massachusetts Democrat who received the memorandum from the Federal Bureau of Investigation, said through a spokesman tonight that he was angered because the incidents suggested that the agency had concealed the problems from Congress when it was considering legislation on surveillance.

"This was all known to the agency at the time of the hearings on the U.S.A. Patriot Act," said Steven Schwadron, Mr. Delahunt's chief of staff.

Mr. Schwadron said that in the hearings on the measure a broad antiterrorism bill enacted after the Sept. 11 attacks, Mr. Delahunt and others had expressed concerns about provisions to loosen restrictions on the law that governs court permission for covert surveillance.

"We had specific concerns about abuses," he said. "And this information was never disclosed."

The memorandum, sent on April, 14, 2000, from the counterterrorism division of the bureau to all field offices, listed examples, including unauthorized searches and the monitoring of incorrect addresses.

The bureau sent a cover letter to Mr. Delahunt saying it had changed procedures to prevent a recurrence of the improper activities. In addition, a senior F.B.I. official said tonight that the document showed that with more than 1,000 applications, about 1 percent had problems.
*************************
Chronicle of Higher Education
Higher-Education Organizations Urge a Crackdown on Illegal File Sharing
By VINCENT KIERNAN

The leaders of six major higher-education organizations are asking the presidents of all American colleges to take steps to stop illegal distribution of copyrighted materials, such as songs and motion pictures, through college computer networks.

"Digital file sharing technology has made it easier than ever before for individuals to make and share a large number of unauthorized copies of creative works (particularly music and movies) without regard to or consideration of the rights of the copyright owners," the six wrote in a letter to the college presidents, which is dated Tuesday and will be mailed in the next several days. "Unfortunately, in some cases, college and university computer systems are being misused as servers to distribute such unauthorized copies worldwide."

The letter was signed by the presidents of the American Association of Community Colleges, the American Association of State Colleges and Universities, the American Council on Education, the Association of American Universities, the National Association of Independent Colleges and Universities, and the National Association of State Universities and Land-Grant Colleges.

The issue centers on the use, principally by students, of a variety of programs to download digitized music and movie files, or to share those files with others. The music and motion-picture industries, and some artists, complain that such practices infringe on their copyrights. Meanwhile, the constant transferring of large numbers of bulky audio and video files can swamp college networks, hobbling other users.

The Motion Picture Association of America and the Recording Industry Association of America are preparing their own letter to college presidents, requesting a halt to illegal downloads. The text of that letter was not immediately available.

"We share their concern about the use of campus computer networks for inappropriate file sharing," the six higher-education officials wrote in their letter.

The education organizations' letter was motivated, in part, by a "collective concern about potential legal liability for copyright infringement," said Sheldon E. Steinbach, vice president and general counsel for the American Council on Education.

Sharman Networks, the Australia-based company which makes KaZaA, one of the most popular file-sharing systems on college campuses, did not immediately respond to a request for comment.

The six officials asked college presidents to consult with campus officials and consider revisions to campus policies regarding computer use and downloading, as well as to take steps to educate faculty and staff members and students about copyright law. But the letter does not recommend any specific action, such as using technology to limit the amount of downloads, as some colleges have done.

However, Mr. Steinbach said that college presidents should view the file-transfer problem as much as a business and budgetary issue as a legal one. "It's a misappropriation of a university-provided facility for nonacademic use," Mr. Steinbach said of such downloads.

Few college presidents realize the scope of the problem, he said. "It is my belief that only a fragment of university presidents have any knowledge about the issue," he said. One reason, according to Mr. Steinbach, is that presidents tend not to get involved in information-technology problems but rather leave them for others to solve.



--------------------------------------------------------------------------------

Following is the text of the letter from the higher-education organizations.

October 8, 2002

Dear Colleagues:

We are writing to follow up a letter you recently received from several associations representing the music and motion picture industries.

These groups are deeply concerned about copyright infringement that is occurring through the use of peer-to-peer file sharing software on many computer networks, including those on college and university campuses. The letter requests that college and university presidents assess this issue at their own institutions and take positive steps to address illegal practices.

Digital file sharing technology has made it easier than ever before for individuals to make and share a large number of unauthorized copies of creative works (particularly music and movies) without regard to or consideration of the rights of the copyright owners. Unfortunately, in some cases, college and university computer systems are being misused as servers to distribute such unauthorized copies worldwide.

Several university presidents and association executives recently met with representatives of the recording and the movie industries to discuss their concerns and to review materials that documented such abuses.

We share their concern about the use of campus computer networks for inappropriate file sharing and are writing to encourage you to give serious attention to this issue.

Obviously, their letter addresses this topic from the perspective of the recording and movie industries and reflects their interpretation of these issues. Nonetheless, we are in total agreement that this issue is important and merits your attention for multiple reasons.

We urge you to discuss this issue with all appropriate campus officials including provosts, general counsels, chief information officers, business officers, librarians, and student affairs officers. These discussions may well result in a reassessment of your institutional computer usage policies and bandwidth management practices. In addition, given our responsibility as educators to help students make ethical and lawful choices, we encourage you to make efforts to educate students, faculty and staff about appropriate and inappropriate uses of copywritten materials.

This is an exceptionally complex topic that will be of interest to many groups on campus. Indeed, the policies to address peer-to-peer file sharing are likely to have implications for such basic campus values as personal privacy, free speech, and academic freedom.

Some institutions of higher education have already addressed this issue and the recording and movie industries' letter provided several examples. While these illustrations merit your consideration, we do not believe that there is a single solution that will work equally well for all schools. This is a challenge that must be addressed on a campus-by-campus basis.

In short, while this is a vexing issue with no simple solutions, we hope you will join us in addressing the inappropriate use of campus facilities to disseminate-copywritten materials. Thank you for your consideration.

If you have questions concerning these issues, we encourage you to contact any of the following individuals: Sheldon Steinbach (ACE -- 202-939-9361); Richard Harpel (NASULGC -- 202-478-6048); or John Vaughn (AAU -- 202-408-7500).

David Ward President, American Council on Education

Nils Hasselmo President, Association of American Universities

David L. Warren President, National Association of Independent Colleges and Universities

George R. Boggs President, American Association of Community Colleges

Constantine W. Curris President, American Association of State Colleges and Universities

C. Peter Magrath President, National Association of State Universities and Land-Grant Colleges
*********************
Wired News
Anti-Porn E-Mailer 'Fesses Up'
By Noah Shachtman

The Internet stalker terrorizing the porn business confessed his sins yesterday to the FBI.

But the G-Men took no action against Bryan Sullivan, who swamped the inboxes of adult industry bigwigs with bigoted slurs and stomach-turning tales of murder and torture.

Sullivan, 37, an electrical engineer with Kansas City Power & Light, was long suspected of being the man behind dozens of ugly messages from "zodiac_killer" and "pornhater2002." On Tuesday, he confirmed that suspicion to the FBI agents who visited his home.

"I had people scared? I like that. I like playing those mind games," Sullivan said.

"(The agents) told me, 'People think you're going to do something to them,'" he continued. "So be it. If they're so thin-skinned, let 'em think that."

It's a federal crime to harass someone using a "telecommunications device," punishable by up to two years of hard time. Making interstate "threats to injure" is even more serious, with a five-year maximum sentence.

FBI Special Agent Mike Daniels said Sullivan clearly violated the law. But Daniels needs the cooperation of federal prosecutors before making an arrest. So he and colleague Todd Gentry are in the midst of preparing a report on Sullivan for the Western Missouri district of the U.S. Attorney's office.

"We never arrest anybody right then and there," Daniels said. "But we know where he is, he's not going anywhere."

At first glance, Sullivan's e-mails certainly seem both harassing and threatening.

One particularly ugly message -- forwarded to the FBI by Dave Cummings, a 62-year-old porn actor and director -- reads, "I can forsee (sic) your fate...Your ugly white face grinding into the pavement...blood pumping into your lungs...."

But the G-Men made no arrest yesterday. Sullivan claims the agents just told him "to knock it off. They said it was more laughable than threatening."

This is the second time the FBI has visited Sullivan. In April, agents told him to stop his stalking, but Sullivan's torrent of twisted missives continued.

After Tuesday's questioning, Sullivan said he's through sending ugly e-mails, insisting he hasn't sent one since July.
*****************************
Wired News
Minors Evade Online Age Checks
By Amit Asaravala

Habitual porn surfers are now used to having to type in a credit card number the first time they visit a site to prove they're over 18.

The credit card gateway as age verification standard has been in place ever since the late 1990s, when the Communications Decency Act (CDA) and the Child Online Protection Act (COPA) threatened porn publishers with jail time and fines if they transmitted obscene material to minors.

Yet as any savvy porn surfer will tell you, the age verification systems don't necessarily work.

Even companies that develop the systems acknowledge this fact. "It's a big myth. They're not verifying age," admitted the general manager of age-verification software developer ProAdult, in an interview earlier this year. The manager gave his first name, Patrick, but declined to provide a last name.

Although the Supreme Court struck down the prosecution portion of CDA in 1997, and COPA remains in judicial review, owners of adult-oriented sites continue to use age-verification technology in hopes that their self-regulation will keep more strict legislation at bay.

To date, credit card gateways remain the primary means of verifying age online.

"Way back when, credit card companies generally wouldn't issue cards to minors," Patrick explained. "So it's just an assumption that there is a very small percentage of people under 18 who have credit cards."

It's an assumption that's no longer true.

A 1999 survey by the American Savings Education Council found that 28 percent of respondents between the ages of 16 and 22 had at least one major credit card. Since then, credit card companies have been making it even easier for minors to get cards in their names -- a clear attempt to tap into the $4.8 billion that Jupiter Research estimates teens will spend online by 2006.

Age verification is not limited to the adult entertainment industry. Companies that use the Web to market alcohol and tobacco products are in a similar bind. They must find ways to keep minors out, without overburdening their target audience with verification procedures.

Like most beer brewers, Miller Brewing Company adheres to voluntary guidelines published by the Beer Institute. Miller requires visitors to enter a date of birth before they can access any of its websites. Visitors who enter dates that fall within the last 21 years are not admitted.

Scott Bussen, senior manager of Miller Trademark PR, is optimistic about the system's efficacy. "It seems like people, by and large, take it seriously when they see the date-of-birth field," he said.

But even Bussen admits that the system is not perfect. Miller relies on a third-party consumer information database as a secondary means of filtering out minors who get onto the site and sign up to receive additional marketing information. "The ideal scenario is that no one under drinking age is on our site, but we have to operate in reality," said Bussen.

*****************************
CNET News.com
Want Wi-Fi? Verizon takes it home
By Ben Charny
October 9, 2002, 3:39 PM PT


Verizon Communications on Wednesday became the second Web service provider to sell wireless home networking equipment directly to subscribers.
Six million to 8 million U.S. homes have installed home networks that use Wi-Fi, a technology that allows devices located within a 300 foot radius to communicate without wires. Verizon is looking to cash in on a boom in Wi-Fi networks, expected to triple in number by 2006.

Linksys manufactures the Verizon equipment, which includes a Wi-Fi access point and a laptop modem. The access point sells for between $100 and $180, while the modem sells for $90. The networking package also includes a high-speed Web account, which costs between $39 and $49 a month, Verizon representative Bobbi Henson said.

AT&T Broadband has been selling wireless home networking equipment direct to its own subscribers for several months.

Not all broadband providers are jumping on the Wi-Fi wagon. Time Warner Cable does not yet have any plans to sell Wi-Fi equipment, a representative said Wednesday.

One of Time Warner Cable's subsidiaries, Time Warner Cable of New York City, raised the hackles of Wi-Fi users in June when it requested that accounts not be used to offer wireless access points to Wi-Fi surfers for free.

The cable provider didn't comment Wednesday on whether it has actually shut down service to some customers, as it had threatened to do.

With the package, Verizon plans to offer free troubleshooting services to customers. "Most people say they want this," Henson said.

AT&T Broadband directs troubleshooting and installation help to Linksys. AT&T Broadband representative Sara Eder said the company is exploring whether to offer its own service in the future.

Cahners In-Stat analyst Allan Nogee said offering a troubleshooting service could be a costly gamble, as it could cost up to $300 a call if the company has to send a technician to customer's home.
******************************
Government Executive
Better technology will keep benefits out of fugitives' hands, GAO says

By Tanya N. Ballard
tballard@xxxxxxxxxxx




Technology and leadership problems are hindering a program aimed at preventing fugitives from getting federal benefits, according to a new report from the General Accounting Office.


The Social Security Administration's fugitive felon program has helped ferret out more than 45,000 fugitives who have received nearly $82 million in Social Security benefits over the past six years, GAO found. But poor information sharing with law enforcement agencies and a lack of leadership from SSA threaten the program, the report concluded.

"Most of the essential tasks of sharing and verifying information are performed manually," the report said. "SSA currently lacks the capability to accept warrant information from law enforcement agencies online." SSA matches warrant information from the FBI, the Marshals Service and state and local law enforcement agencies against its records to keep fugitives from getting Social Security benefits.

As a result, SSA's partners must download information from their systems and mail or hand-deliver the information to the agency. The SSA's computer systems are also not compatible with the FBI's, which makes exchanging information even harder.


"Collectively, the manual activities in processing warrant information have resulted in an inefficient and time-consuming operation that, based on our analysis of the process used, can take up to 165 days to complete," according to the report.


Some state law enforcement agencies are hesitant to form partnerships with SSA because they do not have the extra resources needed to compile and send the information to the agency. Consequently, SSA has also not been able to gather comprehensive felony warrant information from all 50 states.


Sen. Charles Grassley, R-Iowa, who held a hearing on the issue last year, called on SSA to quickly iron out the program's wrinkles. "The taxpayers are ripped off when fugitives collect payments they don't deserve," he said. "Fugitives from justice don't need a government subsidy to enjoy life on the lam."


For long-term success, GAO recommended that Social Security Commissioner Jo Anne Barnhart designate a program management office and program manager to oversee and direct the fugitive felon program.


GAO also suggested that SSA conduct a detailed assessment of the program's operations and performance, examining the program's information flow, time frame, costs, workload and benefits. The report also recommended that the agency move ahead with automating the program.


"The bottom line is, this program has to work to protect taxpayers," Grassley said. "I'm hopeful SSA will give these recommendations every consideration."


But Barnhart was disappointed in the report's findings and disagreed with most of GAO's recommendations.


"We wish to express our disappointment in the report, as it implied that neither SSA nor the Office of Inspector General has a vision for this program," the commissioner said in a written response to the report. "SSA works diligently to make this program a success."
****************************
New York Times
Sometimes It's One Voter, 2 ID Cards
By MICHAEL WINES

ISLAMABAD, Pakistan, Oct. 9 Pakistani politics, like many a Pakistani, is a flexible creature, adaptable to crisis, forgiving of transgression. Politicians fall in coups, only to leap back into the fray with their own parties. Candidates switch allegiances in midcampaign.

Politics here works a lot like Subsection 11 of the 1974 election law, which warns briskly that "an electoral roll must be revised and corrected annually," then adds that if the roll is not revised, then just use the old one.

There is just one inviolable rule: nobody votes without a National Identity Card.

"I want to be very clear and specific on it," said Khan Ghazni, public relations director for the Elections Commission. "The identity card is a must. It is a must for casting your vote. It is mandated."

Of course, some folks say that rule is flexible too.

Pakistan votes on Thursday, for a new Parliament that its military government calls the harbinger of a brave new democracy, and as in elections past, the National Identity Card has many people smelling a rat.

Their suspicions are simple enough. Although the government insists that each voter present a card before casting a ballot, they allege, it can be considerably less picky about whose card a voter presents at the polling place. Or, for that matter, whether an opponent's supporters have cards at all.

This was supposed to be the year that Pakistan laid that dark past to rest. Last spring the government ordered everyone to replace dogeared paper cards with a new Computerized National Identity Card a space-age miracle crafted of fatigue-resistant green Teslin, embossed with anticounterfeit microprinting and a hologram and striped with a magnetic tape encoded with everything from the bearer's name to his or her thumbprint.

"The National ID Card (NIC) includes a sophisticated array of security features to safeguard against fraud and improper use," the government states on its identity card Web site.

For many uses, like obtaining a passport, that may be true. But when it comes to the election on Thursday, the government's leap into 21st-century technology has only revived complaints of 20th-century politics, Chicago style.

Hours before the vote, hundreds of thousands of Pakistanis more likely millions, many say have yet to receive their new cards, although the old cards were to have become inactive on June 1. Foes of the government say they worry that the cards are being withheld to deprive their supporters of a vote, or that the cards will be whipped out and given to pro-government forces on election day.

The government furiously denies it, and states that both old and new cards will be accepted at polling stations. To rival candidates, the prospect that Pakistan will have two identity cards for almost every voter is even more chilling.

"On the basis of past experience with elections, we have seen that this kind of manipulation and rigging has taken place," said Farhatulla Babar, the spokesman for the parliamentary caucus of the Pakistan People's Party, perhaps the biggest opposition party. "In 1997, in 1993, in 1990 it has happened. We are talking about interpolating the past into the future."

We are also talking, potentially, about sliced baloney, for as Mr. Babar allows, there is no proof that the government is stacking these cards against its opponents. There are only rumors and press reports, and the legacy of what many call a pretty seamy electoral history.

It was a military strongman, Gen. Mohammad Zia ul-Haq, who first required adult Pakistanis to obtain National Identity Cards in the 1980's. Many say the cards have been cleverly stacked against opposition candidates in almost every election since.

"At some places people did not have ID cards," I. A. Rehman, the director of the Human Rights Commission of Pakistan, said in a telephone interview from Lahore. "And at other places they had too many ID cards."

Pro-government workers printed bogus cards on presses in their homes, Mr. Rehman said; women's cards, lacking full addresses or photographs, were widely used to cast false votes. As many as 20 or 30 voters claimed the same address on their identity cards in key precincts.

The government says flatly that those days are gone and that polling places now have antifraud safeguards. Still, if the press is to be believed a leap, as journalism here is famously flexible itself something could be rotten in Rawalpindi.

Consider the recent report from Peshawar, where officials were said to have found 24,798 bogus cards, and the account from Landi Kotal, a tribal area none too fond of the ruling authorities, that cards were being denied to anyone who could not hand over 300 rupees, or about $6.

In Larkana, in south-central Pakistan, the police were said last week to have uncovered a ring that had produced 29,000 fake identity cards. Candidates in Quetta held a rally last week to protest what they claimed was ID-card fraud.

Even in Islamabad, the capital, a People's Party candidate accused the government of failing to send 80,000 cards to voters in his district.

Mr. Ghazni, of the Elections Commission, calls such reports political disinformation, saying he knows of only one fraud case in remote Baluchistan, a case the government itself ferretted out. On Tuesday the government accused the Pakistan People's Party of engineering the Larkana identity card fraud.

As for undelivered cards, Mr. Ghazni said, that is a canard: almost all have been delivered.

But practically everyone questioned by one reporter this week either had not received a new card, despite applying for one, or knew someone who had not. "In some families two or three members get the cards and the others are still waiting for them," said Tariq Aziz, 35, a salesman.

Attique ur-Rehman, 22, a vendor in a local market, said: "I got my new card, but there was a mistake in it, so I sent it back. I haven't heard back. That was three months ago."

Not to worry, though: today a senior election official in Islamabad moved the identity card goal post yet again. Now, it said, election workers will accept not just a new card, nor just an old card, but a photocopy of an old card.

Mind you, only an identity card will do.

That rule is inviolable. "This condition," Mr. Ghazni warned, "cannot be shelved."
****************************
Reuters
China Says Viruses Infect 80 Percent of Computers
Wed Oct 9,11:29 PM ET

BEIJING (Reuters) - Viruses have infected at least 80 percent of China's computers, the official China Daily newspaper said on Thursday, highlighting the vulnerability of one of the world's biggest PC and Internet markets.



The findings were the result of a six-week survey conducted by the National Computer Virus Emergency Response Center, the newspaper said.

"Only 16 percent of computer users we sampled this year reported they were free from any virus attack, while last year nearly one in three users said they suffered no computer infections," the newspaper quoted the center's chief engineer, Zhang Jian, as saying.

Half of the infected machines had suffered data losses, problems browsing the Web, or other damage, the newspaper said.

Computer viruses are small programs often sent via e-mail or hidden in other software. Once inside a computer, they can do malicious tasks like erase data or reproduce and send copies to other machines over the Internet.

However, a recent worm called "Bugbear" -- which records keystrokes makes them vulnerable to hacking attacks -- appeared not to have affected many systems in China, the newspaper said.

Only a small percentage of Chinese have access to computers and the Internet, but with a population of nearly 1.3 billion, the absolute numbers are still huge.

China added 12 million new Internet users in the first six months of this year, pushing its total to more than 45 million, official data show.
***************************
Federal Computer Week
Agencies to try out EA system
BY Diane Frank
Oct. 9, 2002

Later this month, agencies will get their first look at the management system intended to provide an enterprise view of systems in place across government.

The Office of Management and Budget this month plans to use several agencies to test the governmentwide version of the Enterprise Architecture Management System, said Robert Haycock, program manager of the Federal Enterprise Architecture.

EAMS is the repository chosen to hold all of the information on agencies' systems and how they fit within OMB's business reference model, which outlines the common lines of business across government. The business reference model is one of five reference models being developed by OMB's Federal Enterprise Architecture Program Management Office to help identify areas for collaborative investment and eliminate redundancy.

EAMS presently holds all the fiscal 2003 information, and as OMB budget examiners go through agencies' fiscal 2004 budget requests, that information will be added as well, Haycock said.

The two- to three-week "proof of concept" test to begin this month will check to make sure that:

* The system is easy to use.

* The system contains the information agencies need to find potential opportunities for collaboration.

* The reports OMB chose to generate are useful.

* The queries allowed on the system get agencies the information they need.

Following the test of EAMS, OMB officials plan to release the system to all agencies on a read-only basis, but agencies will be able to fully search the repository and generate reports. That full release is expected to come in mid-November, and "that should be well in time for the 2005 [budget] process," Haycock said.

The Federal Enterprise Architecture Program Management Office is evaluating the appropriate access controls for EAMS. In addition to ensuring security controls for federal users, this will be the basis for allowing access to state and local officials so everyone can see "where business lines at the federal level might link up into business lines at the state and local level," Haycock said.

Meetings are already under way between OMB and the National Association of State Chief Information Officers' enterprise architecture group to discuss the potential benefits of this access, he said.
*****************************
Government Computer News
NSA will test a high-level access card
By Dipka Bhambhani

The National Security Agency is planning to test its own version of the Common Access Card at the end of next year.

While most Defense Department employees will use the Common Access Card, top NSA officials will use the Universal Secure Access smart card for physical and network access to DOD facilities.

NSA recently asked SSP-Litronic Inc. of Irvine, Calif., to come up with a stronger, more secure smart card for its Key Management Infrastructure initiative to develop NSA's public-key infrastructure.

"This card will be used for higher levels of security than the CAC," said Michael Butler, chief of smart-card programs at DOD.

Forte meets the FIPS 140-2 security requirements developed by the National Institute of Standards and Technology with Level 3 assurance.

The card is embedded with a 32-bit cryptomath processor and a chip. "It's a minicomputer on a smart card," said Richard Depew, president and chief operating officer of the parent company. "It has a lot more processing capability to do encryption and decryption on the card."

General Dynamics Communication Systems of Needham, Mass., under a $24.4 million contract from NSA to install KMI, is running the Forte pilot at the end of next year.

"The USA card is not presently seen as a direct replacement for the CAC nor will it be fielded to all DOD employees," Butler said.

The KMI initiative is designed to work with the CAC to make it interoperable with the CAC.

"The CAC was made to integrate the multiple identification cards throughout the infrastructure," Butler said.
*************************
Government Computer News
Treasury set to issue digital certificates with smart cards
By Dipka Bhambhani

The Treasury Department plans to issue digital-certificate-embedded smart cards to 7,000 Treasury employees across the country beginning next month, said Bernadette Curry, Treasury's PKI program manager.

Treasury became one of the first four agencies to join the Federal Bridge Certification Authority at the end of last month. Its certificates became interoperable with those of NASA, the National Finance Center and the Defense Department.

"This is a huge deal," Curry said about the cross-certification, because it sets things up for other projects. "We started to issue certificates in the latter part of March of this year," she said.

Only 90 Treasury employees have digital certificates now. Curry said the department decided to wait for its smart-card deployment to issue its certificates.

"We don't have that many people using certificates because we are waiting to issue certificates on smart cards," she said.
****************************
Government Computer News
Feds testify about improved antiterror systems
By Wilson P. Dizard III

State Department, FBI and Immigration and Naturalization Service officials, among others, described improvements to government systems for border control and for tracking terrorists' finances during a hearing today on the effectiveness of the USA Patriot Act.

The act, passed a year ago, comprised a wish list of information-sharing and -gathering provisions assembled by the law enforcement community. Sen. Dianne Feinstein (D-Calif.) convened a hearing of the Senate Judiciary Committee's Subcommittee on Technology, Terrorism and Government Information to evaluate the effectiveness of the law and review the possibility of changes.

Much of the hearing focused on the FBI's lack of a single written plan to confront terror threats, a charge leveled last week by the Justice Department's inspector general, Glenn Fine.

Other testimony highlighted improvements some agencies have made. Stephen A. Edson, acting deputy assistant secretary of State for visa services, described the department's progress in improving databases used to pinpoint terrorists among visa applicants.

Edson focused in part on the department's Consular Lookout and Support System, which he said "uses sophisticated search algorithms to match lookout information to individual visa applicants." Every single visa applicant is run through CLASS, Edson said.

"CLASS records have doubled since Sept. 11 [2001]," Edson said. Under a mandate in the Patriot Act, the department added 7 million names of people with FBI records as of August, augmenting 5.8 million names from State, INS, the Drug Enforcement Administration and intelligence sources.

He said 20,000 records of people identified by the Customs Service as serious violators also have been added. "CLASS now has over 78,000 name records of suspected terrorists, up 40 percent in the past year."

Many of the additional names of potential terrorists have entered CLASS via the Tipoff program, which the State Department runs to add sanitized intelligence information about suspected terrorists gathered from the intelligence community.

According to Edson's testimony, State now is working to improve CLASS by adding:


better data on lost and stolen passports
more deportation records from the INS
a backup facility in Kentucky
hardware and new search algorithms.

Dennis Lormel, chief of the FBI's Terrorist Financing Operations Section in the Counterterrorism Division, added details about the government's use of technology to track enemy funds.

Lormel said the FBI is mining data from financial activities databases, including the Suspicious Activity Report, Currency Transaction Report and Monetary Instrument Report systems it uses in cooperation with the Customs Service and the Financial Crimes Enforcement Network.

According to Lormel's testimony, FinCEN has developed a USA Patriot Act Communication System that allows financial institutions to file reports online and provide financial institutions with alerts and other information about suspicious transactions.

Michael Cronin, INS' assistant commissioner for inspections, testified that the service is evaluating biometric technology for use in the Entry Exit System to track persons crossing the border.
***************************
Government Computer News
DOD forms a senior biometrics group
By Dipka Bhambhani

The Defense Department has created a decision-making group to help guide development of the Biometrics Enterprise Solution, DOD's enterprise architecture for biometrics.

The Biometrics Senior Coordinating Group, composed of DOD officials, had its first meeting yesterday to recognize all members and meet with its chairman, Army CIO David Borland, and to discuss the department's goal to deploy biometrics agencywide.

The plan is to embed biometrics on every Common Access Card and within DOD's tactical environments by 2005.

The group will vote on various facets of the department's enterprise architecture, acting on suggestions from the existing Biometrics Enterprise Solution working groups composed of Army, Navy, Air Force, DOD Biometrics Management Office and other military and civilian DOD agency officials.

All groups report to Defense CIO John Stenbit.

The working groups research biometrics policy and aspects such as economic analysis, requirements, legal architecture, acquisition, collection, storage, access, retrieval and use.

"The working groups are down in the trenches doing the research, actually doing the legwork," said a DOD spokesperson.
****************************
Government Computer News
DOD will soon set information assurance standards
By Dawn S. Onley

In a few weeks, Defense Department CIO John Stenbit will release a directive setting standards for information assurance.

The directive, DOD 8500, will lay out requirements to guide Defense agencies on how to secure their networks. The policy is expected to cover everything from access control capabilities to high-speed firewall protection and will be linked to initiatives in the intelligence agencies.

The directive aims for a layered security approach, or defense in depth, said Bob Lentz, director of information assurance for the Office of the Assistant Secretary of Defense for command, control, communications and intelligence.

It will establish baseline controls so users can keep the requirements in mind as they design networks, acquire products and implement lifecycle decisions, Lentz said. The purpose of DOD 8500 moves beyond encryption, Lentz added, even though all 3 million Defense users will be required to log on and to sign e-mails using a public-key infrastructure by October 2003.

Lentz said the Defense policy will give warfighters a greater sense of situational awareness by securing one of their most precious resources during wartime: information.

"Warfighters must be able to trust all of the information that they need," Lentz said. "[Information] must be dynamic with reduced possibilities of error."

Lentz spoke yesterday at the 2002 Military Communications Conference in Anaheim, Calif.
*****************************
Government Executive
House committee votes to create e-gov administrator
By Molly M. Peterson, National Journal's Technology Daily

A bipartisan bill to create an e-government office within the Office of Management and Budget won approval Wednesday from the House Government Reform Committee.

Approved by voice vote, the legislation, H.R. 2458, aims to improve coordination and deployment of information technology across the federal government and help agencies achieve the IT management reforms required under the 1996 Clinger-Cohen Act.

Virginia Republican Tom Davis, who chairs the Technology and Procurement Policy Subcommittee that approved the bill, said federal agencies' efforts to comply with that law have revealed the lack of a centralized focus on information management and pervasive information security and IT acquisition problems.

"This bill includes language designed to improve the internal management of information, information technology and information security," Davis said. "Additionally, it includes a number of provisions intended to ensure greater citizen access to the federal government through the improved use of information technology."

The proposed e-government office is based largely on the administrative structure established in June 2001, when Mark Forman was appointed associate director of OMB for information technology and e-government.

As introduced by Jim Turner of Texas, the subcommittee's ranking Democrat, the legislation called for a Senate-confirmed chief information officer within OMB. But a bipartisan substitute adopted Wednesday calls for an e-government "administrator" instead of a new CIO. The substitute would allow the administrator to be appointed without Senate confirmation.

Arguing that confirmation "imbues a position with prestige and power," Turner tried to restore that requirement. "We have, for a long time, fought for a strong leadership position on information technology within the federal government," he said. "Not requiring this position to be Senate-confirmed would, in my judgment, weaken the leadership of this new officer."

But Republicans opposed Turner's amendment, and the panel rejected it by voice vote. "We already have six officials at OMB who are subject to confirmation," said Committee Chairman Dan Burton, R-Ind. "So there is plenty of accountability built into the process, and I don't believe we need a seventh."

Democrats also raised concerns about language that would authorize federal agencies to acquire information technology through a limited number of "share-in-savings" contracts. Under such an arrangement, an agency could obtain a product or service from a contractor without paying large, upfront costs. Rather, the agency would agree to pay the contractor a percentage of whatever long-term savings are achieved by using the new product or service.

Davis said the provision would encourage industry to share creative technology and management solutions with the government while enabling agencies to improve efficiency without the big investments.

But Henry Waxman of California, the full committee's ranking Democrat, said analyses by some federal employee unions have indicated that the proposed share-in-savings provision could increase government expenditures.

"This is the exact opposite of what the bill is supposed to achieve, and I believe these concerns ought to be addressed prior to this measure going to the [House] floor," Waxman said.
***************************
Government Executive
Panel backs bill to let agencies share business data
From National Journal's Technology Daily

Legislation to enable three federal statistical agencies to share data while protecting confidential information won quick approval from the House Government Reform Committee Wednesday.

The bipartisan bill, H.R. 5215, which cleared the panel by voice vote, would allow the Census Bureau, the Bureau of Labor Statistics and the Bureau of Economic Analysis to share the business data they collect.

Lawmakers said that provision would help to eliminate duplication and resolve serious data inconsistencies.

"Because these agencies cannot share data, they often collect the same information separately," said Rep. Steve Horn, R-Calif., the bill's chief sponsor. "This wastes taxpayers' dollars and imposes unnecessary burdens on those who supply the data.

The bill also would take steps to prevent the unauthorized use of confidential data.

"This is particularly important with the Census," said Rep. Carolyn Maloney, D-N.Y. "People will not give us the information if they do not believe that we will ... protect their confidentiality."
***************************
Washington Post
Colleges Slow Computer Networks

Ever since Napster appeared on the scene, students have been causing college and university administrators headaches with their constant swapping of music and video clips a habit that can stall a school's computer networks.

Now scores of colleges are fighting back with technology.

Buffalo State College is among schools that are limiting the capacity on the circuits that parcel data packets to residence halls during the day, when faculty and staff are on campus.

The idea is to give administrators enough network capacity to keep the campus running.

Colleges then expand the network pipes that connect the rest of the campus to dorms in the evening, when students are most likely to be sharing files with each other and over the Internet, said Judy Basinski, Buffalo State's associated vice president of computing services.

Wilson Craig, a spokesman for Packeteer, Inc., the California company that sells the line-provisioning technology, said about 600 American colleges and universities are using their PacketShaper program. Another 140 programs are also being used in elementary and high schools nationwide, he said.

The program narrows the flow of data to dorm-room computers a bit like a valve restricting the flow of water through a hose.

Installation of the program has not jeopardized research and academic pursuits on campus networks, said Mark Luker, a senior policy analyst with Educause, an organization that monitors technology in higher education.

It also has not affected students' ability to send e-mail or access academic material such as professors' Web pages, said Kevin Talbert, the chief information officer for technological services at Southern Oregon University.

The transmission of basic data files such as e-mail and Web pages don't degrade network performance as songs or movies do.

"Our experience thus far has been very good," said Talbert, who was responsible for installing the program at Southern Oregon this year.

Everyone's happy except students, like Buffalo State sophomore Carlene Peterson.

Last year, she downloaded up to three tunes a day onto her laptop: This semester, Peterson has yet to record a single song.

"Downloading songs is next to impossible," she said. "It takes terribly long."

An Iowa State University encryption expert says it's only a matter of time before students weaned on the Internet figure out how to widen the pipes and overwhelm campus technology supervisors.

"A lot of schools are barely sustaining their information technology support systems," said Iowa State's Steffen Schmidt. Many are "extremely behind the curve on all this."

Kenneth C. Green, with the Campus Computing Project in Encino, Calif., a high technology advisory group, disagrees. He said colleges and universities deserve credit for staying abreast of developments in the technology sector.
*************************
CNET News.com
Hackers send Sendmail a message
By Robert Lemos
October 9, 2002, 4:21 PM PT

Online vandals hacked into the primary download server for Sendmail.org and replaced key software with a Trojan horse, a Sendmail development team member said Wednesday.
The apparent attack on Sendmail didn't leave a back door in the popular open-source e-mail software package, as previously believed, but compromised the download software on the Sendmail consortium's primary server so that every tenth request for source code would receive a modified copy in reply.

"The exploited code that we see is not in our (development) tree at all," said Eric Allman, chief technology officer of Sendmail Inc., which sells a version of the open-source e-mail server program, and a member of the Sendmail Consortium, the development group for the software. "It seemed to be going to the (Sendmail) host, but it was delivering a corrupted file that wasn't on our server anywhere."

The problem apparently only affects source code for version 8.12.6 of Sendmail downloaded between Sept. 28 and Oct. 6, according to an advisory posted by the Computer Emergency Response Team (CERT) Coordination Center on Tuesday.

While the Sendmail development group is only just starting its forensic analysis of the computer that hosted the files, Allman said that its current theory is that the FTP (file transfer protocol) server had been hacked. If a user tried to download the latest Sendmail source code from the ftp.sendmail.org server, a compromised copy of the code would be sent instead about 10 percent of the time.

"It was a little bizarre that way," said Allman.

If the evidence confirms the theory, the hack would definitely be a strange way to compromise a downloadable file, said Marc Maiffret, chief hacking officer for security software firm eEye Digital Security.

"I'm not sure why they would want to do that," he said.

A Trojan horse--like the instrument that led to the downfall of the city of Troy--is a program that appears to be a legitimate piece of software but in fact has unwanted functions that allow a company or hacker to access the victim's computer.

The FTP server compromised by this attack apparently provided people who requested downloads not with the Sendmail source file, but with a Trojan-horse copy. This copy included a non-Sendmail test component that, when compiled, started a program that opens a covert channel to another server on the Internet. That server has since been configured to block the covert connection, according to messages posted to the Bugtraq security list.

Taking into account the 1-in-10 ratio, about 200 people may have downloaded the corrupted software over that eight-day period, said Sendmail's Allman. The development group is trying to contact everyone who downloaded the source code.

Both Sendmail and the CERT Coordination Center stressed that any software that is downloaded from the Internet should be verified using common cryptographic tools and the file's signature.

"Anyone that downloaded the code and followed good software practices would have found that this software was bogus," said Marty Linder, team leader for incident handling for CERT Coordination Center.

Linder stressed that, while the open development projects that give open-source its name may seem to invite problems like those of Sendmail, companies working on proprietary software have also run into problems.

In October 2000, Microsoft's source code may have been compromised by a hacker that penetrated the company's network allegedly with the help of a malicious program known as the Qaz Trojan.

"The same thing can happen if an intruder compromises the source tree of a private company," Linder said. "It's just another method for injecting badness into software."
***************************
MSNBC
Justices take up Mickey Mouse case
At issue is law that extended copyright by 20 years
ASSOCIATED PRESS

WASHINGTON, Oct. 9 The Supreme Court debated Wednesday whether Congress was wrong to block public access to Mickey Mouse and other classics. In a case with appeal for many people, the court is considering whether it was unconstitutional for Congress to give writers and other creators a 20-year copyright extension. Hanging in the balance are huge profits for companies, like The Walt Disney Co. and AOL Time Warner Inc., which benefit from copyrights.

SOME JUSTICES seemed bothered by the retroactive extension, enacted in 1998, which delayed the release of many old books and movies. But they seemed equally concerned about their standing to intervene.

"I can find a lot of fault with what Congress did," Justice Sandra Day O'Connor said. "This flies directly in the face of what the framers of the Constitution had in mind, but is it unconstitutional?"

The extension protected some depictions of Disney's Mickey Mouse, along with hundreds of thousands of books, movies and songs that were about to be released into the public domain.

"If this (extension) is permitted, then there is no limit," Stanford Law School professor Lawrence Lessig argued on behalf of a New Hampshire Internet publisher who challenged the law.

Solicitor General Theodore Olson told justices that while they may personally disagree with the law, Congress had authority to pass it. "That is where the framers invested the responsibility," he said.

The court's eventual ruling will determine if the books, art and music will become freely available over the Internet or in digital libraries soon and whether people could use them without paying licensing fees.

The Constitution allows Congress to give authors and inventors the exclusive right to their works for a "limited" time. The Supreme Court is considering if the latest extension can apply retroactively.

Congress has repeatedly lengthened the terms of copyrights over the years. With the challenged 1998 extension, the period is 70 years after the death of the creator. Works owned by corporations are now protected for 95 years.

The 20-year extension, included in the Sonny Bono Copyright Term Extension Act, brought U.S. rules in line with those of the European Union. It was supported by Disney and other companies with lucrative copyrights.

Hundreds of groups have filed arguments with the court in this case, some supporting the Bush administration and others on behalf of publisher Eric Eldred.

AOL Time Warner said if the extension were struck down, it would threaten copyrights for some of its movies, including "Casablanca," "The Wizard of Oz" and "Gone With the Wind."

Songs that would come into the public domain are "Stardust," "Yes! We Have No Bananas," and "Yes Sir! That's My Baby," the Songwriters Guild of America told the court.

The court's ruling will not affect trademarks, like the one Disney has for Mickey Mouse.

Erik S. Jaffe, a Washington attorney who filed a friend-of-the-court brief, said Congress could keep extending the copyright protection forever, even though creators have been adequately paid for their inventions.

"It's like the last mortgage note is to be paid, and the bank says, 'No, you've got another 20 years,"' Jaffe said.

Olson told the court in a filing that Congress has been conservative with its extensions.
The case is Eldred v. Ashcroft, 01-618.
******************************
MSNBC
Microsoft rethinks copy restrictions
At issue is use of TV programs recorded on PCs
ASSOCIATED PRESS

SAN JOSE, Calif., Oct. 9 Bowing to criticism, Microsoft Corp. on Wednesday backed off a copyright protection scheme that would have restricted the use of TV programs recorded on computers that run an upcoming version of the Windows XP operating system. Windows XP Media Center Edition, which is to be installed on a new line of Hewlett-Packard Co. personal computers later this year, would have encrypted recordings so that they could only be played on the PC that recorded the program.

AFTER DETAILS OF MICROSOFT'S original plan emerged last month, consumer advocates criticized the system as being more restrictive than traditional technology such as videotape recorders, which let viewers make personal copies of TV shows and watch them on any set. (MSNBC is a Microsoft - NBC joint venture.)

Now, consumers will be able to burn recorded programs onto DVDs to watch on other computers and, by the end of the year, on standalone players, said Murari Narayan, a product marketing director at Microsoft.

The recordings also will be transferrable over the Internet, though that would not be easy given the size of most video files.

"We have to make sure we enable a very good consumer out-of-the-box experience," he said.

The software still will support the Copy Generation Management System, which, if restrictions were encoded into a broadcast, would bar the sharing of a DVD recording, Narayan said. He said less than 1 percent of all broadcast content is encoded with CGMS restrictions.

"We take feedback from partners, customers, press and analysts very seriously," he said. "We heard loud and clear that we have to enable consumer choice."

Frightened by the free-for-all of the late music-swapping Napster service, Hollywood studios and other copyright holders have been pressuring Silicon Valley to create mechanisms for protecting intellectual property.

But Microsoft's original plan is more like the existing experience with home-recorded videos, said Scott Dinsdale, executive vice president of digital strategy for the Motion Picture Association of America.

He said the new plan will open the door to piracy.

"If I have a copy that's digitally encoded on Microsoft's platform, I can then take that and send it out over the Internet to my 10,000 favorite friends," he said. "I would not call that equaling the current consumer experience."

HP applauded Microsoft's decision.

"We think this is definitely a step in the right direction for the consumer because it gives our customers greater flexibility in how they'll be able to manage their digital content," said Tiffany Smith, an HP spokeswoman.

HP's Media Center PCs, which will hit store shelves later this year, will range in price from $1,500 to $2,000.

HP faces competition from Sony, which has announced its own media-focused systems that will not bar the transfer of programs recorded onto its hard drive.

"Obviously, there was a lot of feedback in the industry about it. You saw it everywhere," Smith said. "I'm sure some of that was taken into consideration."
*******************************
CIO Insight
October 2, 2002
Bill of Rights
By Susan J. Marks

Sony had a problem. The hit British rock band, Oasis, wanted to create buzz for its latest CD, Heathen Chemistry, by promoting certain songs before the CD was to hit store shelves last month. Trouble was, the band's record company, Big Brother Recordings Ltd., an arm of Sony Music Entertainment Inc., knew that giving fans advance access to music tracks would be tantamount to profit suicide. The songs would surely find their way online and onto various peer-to-peer networks, letting millions of people download them. Not only would that cool anticipation for the new album; actual sales also would suffer.

Then came an ideaand an important new test of thinking in the post-Napster world of digital commerce. On June 23, nearly two million Britons opened their Sunday edition of the London Times and found a free CD containing three not-yet-released song clips from the band's new album.

But this was no ordinary promotional CD: Using new digital content controls, Sony had encoded it with instructions that, in effect, banned people from playing the three clips for more than just a few times on their home PCs. Fans also were unable to copy the music file and post it to file-sharing networksthereby making it harder to steal. Oasis fans who wanted to hear more had to link to the band's Web site and preorder the new album from U.K.-based retailer HMVor wait until it was released. The idea: Use software code not to ban, but to create buzz for new products without getting burned in the process.

Did it work for Oasis? Preorders of the album exceeded company expectations by 30,000 during the week following the Sunday Times' promotion, and Oasis' record company gained data from 50,000 fans who registered onlinenew information that could be used to sell more CDs in the future. HMV was able to raise the number of visitors to its retail Web site, and even the Sunday Times was able to score a win in the deal: Circulation that day was 300,000its second-highest Sunday circulation ever.
*****************************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx