Clips November 11, 2002

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips November 11, 2002

ARTICLES

Is Open Source More Secure?
Panhandling moves into the Internet age
Baby Bells Hoping for a Reprieve
Lott Says Senate Could Pass Security Bill Within Days
Customs Chief Balances U.S. Security, Global Trade
States seek stiffer penalties for securities fraud
Mr. Qaddafi, You've Got Mail
'Stupidity expert' arrested for Internet solicitation
Amazon Writes a Drama in Canada
GIS group advances info-sharing project
National Archives and Records Administration seeks user input on data storage
GAO: Agencies share data despite laws
Mitre: Open-source code rife at DOD
'Sensitive' classification still a sensitive issue
Privacy questions still loom over biometrics
Public still unaware of biometrics
Agencies struggle with flood of homeland tech
Congress jumped the gun on biometrics, FBI official says
Skills gap shrinks between public, private tech workers
Standards agency seeks input on computer security


*****************************
TechTV
Is Open Source More Secure?
Network security expert Gene 'Spaf' Spafford offers some surprising 
opinions on the vulnerability of Linux.
Watch today at 2:30 a.m., 7:30 a.m., 12 p.m. Eastern.
By Gene Spafford

Editor's note: Professor Spafford will appear live on the Wednesday, 
November 6, episode of "The Screen Savers."

We often hear debate about which is more secure: open source or proprietary 
source. Each side makes arguments and refutes the arguments of others. In 
truth, neither is correct (or both are). Whether or not source is 
proprietary does not determine if the software is better.
Instead, other factors are more important in determining the overall 
quality and trustworthiness of a system.

·	Completeness and consistency of design
·	Training and dedication of developers
·	Type and quality of tools used to develop the system
·	Extent and fidelity of testing
·	Complexity of the user interface

From this standpoint, few current offerings, whether open or proprietary, 
are really trustworthy, and this includes both Windows and Linux, the two 
systems that consistently have the most security vulnerabilities and 
release the most security-critical patches.

Know thy user

Security is highly dependent on context and requirements. A system that is 
adequate for use by a trained technologist in a closed development 
environment has very different requirements than a system deployed for use 
in business WWW server applications, and neither is likely to have 
requirements similar to a high-security military communications environment.

Unfortunately, too many people base their decisions on acquisition cost or 
compatibility of word processing software or upon the simple comparison of 
only two or three systems. The result is, not surprisingly, a significantly 
vulnerable computing base.

Know thy history

Many of the people who are most vocal in this debate have never formally 
studied security and have no experience with any of the security-certified 
systems. Thus, the comparisons made to justify their arguments are really 
too limited.

For instance, some of the most secure systems ever developed (e.g. S/COMP, 
GEMSOS, Trusted Solaris) were proprietary. However, those same systems met 
the old Orange Book criteria for B-3 or A-1 trust certification. Those 
systems developed in a proprietary environment were by organizations that 
employed consistent specification methods, strong development tools, and 
highly trained personnel. They also were able to develop specific design 
criteria with security as a core principle.

However, this is not a characteristic that is always associated with 
proprietary source. Open-source systems have been developed the same way, 
and few of today's proprietary systems are developed with such care.

Some open-source projects are clearly more trustworthy than their 
proprietary counterparts. As an example, compare the Apache Web server 
(open source) against the Microsoft IIS server (proprietary code). The IIS 
code consistently has five to 10 times as many serious security flaws 
reported each year than does the Apache server.

Yet compare the vulnerabilities reported in Linux this year against those 
for Solaris or AIX (both proprietary source), and you find that Linux has 
three to five times as many vulnerabilities. If you look at several years 
of such reports and do the comparisons, it becomes clear there is no 
argument to be made generally for open vs. proprietary, although it is 
certainly possible to say that some systems are less likely to have flaws 
that render them vulnerable to attacks.

Debunking the open-source arguments

Open-source advocates often claim that the true security benefits of open 
source are that the code is open to inspection by many eyes and that flaws, 
when found, can be patched quickly. Let's look at each of these arguments 
separately.

That many eyes can review the code is not necessarily correlated to making 
software more secure. For one thing, if the people examining the code don't 
know what to look for or are depending only on manual inspection (without 
testing), then there is no guarantee they will find security-related flaws.

Faults that depend on subtle interactions with other software or hardware 
are easy to miss unless they are examined together. Few people have the 
training to do security audits that include nuances such as these.

This is why we have seen reports of security flaws in software that has 
been in the open for years, such as Kerberos and OpenSSL. What is more 
surprising is that these are packages of security software in widespread 
use! Clearly, more is needed than simply making the software available for 
inspection.

The second argument is based on an abuse of the word "secure." A system 
that needs frequent patching is not secure, even if it is simple and quick 
to apply those patches. By analogy, if you owned a car that frequently blew 
up or ran into walls because the brakes or steering failed, the fact that 
you could replace the bumpers or tires yourself would not make the car 
"safer." A secure system is one that works correctly under stress and under 
attack -- it does not need frequent patching.

That one can more easily patch Linux than Windows simply means that it may 
be more maintainable, or easier to administer. By itself, maintainability 
is not security.

A perfect system?

I personally use Mac OS X and Solaris. In our center, we use those systems, 
as well as FreeBSD, OpenBSD, every version of Windows, Mac OS 9, and 
several versions of Linux (including Debian, RedHat, and SUSE), along with 
several research systems.
I've used all of these, and at least another score of operating systems 
over the last 20 years. I've seen excellent software produced in closed 
shops and in the open-source community. I've also seen terrible software 
produced in each.

Our experience has been that having trained administrators, good policies, 
appropriate tools, and a mixed environment of systems can result in a 
highly dependable and productive computing environment. In both development 
and operation, the human factor transcends the issue of how open the source 
might be and is the most important for security.

Gene Spafford is director of Purdue University's Center for Education and 
Research in Information Assurance and Security (CERIAS). He is author of 
"Practical Unix and Internet Security," now available from Amazon.com.
*****************************
Houston Chronicle
Panhandling moves into the Internet age
Associated Press
NEW YORK -- After an 18-month bacchanal buying Manolo Blahnik, Gucci and 
Prada, Karyn Bosnak found herself unemployed and more than $20,000 in 
credit card debt.

When the 29-year-old spotted a sign in a supermarket with an odd request -- 
"Wanted: $7,000 To Pay Off Debt" -- it made perfect sense. The television 
producer launched a similar appeal to a much larger audience: the World 
Wide Web.

Internet panhandling was born.

Now, more than 3 1/2 months after launching www.savekaryn.com, Bosnak has 
received more than $12,900 from hundreds of donors worldwide. Coupled with 
the online auction of the high-ticket items that drove her into debt, plus 
earnings from a new job, she is about $700 shy of breaking even.

"At first I figured it wouldn't work, but I could collect some stories out 
of it and maybe I'd write a book," she said. "But it must have struck some 
sort of a chord because people just started sending me money.

"I guess many people can relate to debt."

Yet for every person who feels her pain, or simply admires her creativity, 
there is another who condemns her method. One angry e-mailer wished she 
would die of cancer.

And there's the internet backlash, with anti-Karyn sites like 
www.dontsavekaryn.com, which promises to "waste your money in inventive and 
creative ways."

Or www.savekarynnot.com, which asks people to donate money to charity 
rather than finance Karyn's "bikini wax binge and Prada party."

"I never thought I would offend anyone," she said. "I guess I was wrong."

Still, the venture has been an undeniable success, landing Bosnak in 
"People" magazine and on NBC's "Today" show. Even better, the collected 
money was tax-free -- considered a gift, according to the Internal Revenue 
Service.

Bosnak says she has even been approached by a publisher for a possible book 
deal, and a producer about selling the movie rights.

"It's an issue of timing and a great concept, and of course great word of 
mouth," said Frank Catalano, author of "Internet Marketing for Dummies."

"Stuff like this is not easily replicable. It utilizes the watercooler 
factor," he said, "but really, it's an inspired anomaly."

He said he doesn't find the bipolar response surprising.

"If you're going to stand up in public and flash people, some folks will 
take photos, and others will throw ice water on you," he said.

Karyn's financial troubles began when she moved to New York from Chicago in 
May 2000, near the end of the economic boom. She had just taken a job as a 
producer for King World Productions on a short-lived reality courtroom 
program called "Curtis Court."

Earning "well over $100,000 a year," Karyn rented an expensive apartment in 
midtown Manhattan within walking distance of Henri Bendel, Bergdorf Goodman 
and Bloomingdale's.

"I didn't know that many people here, so I just walked around checking out 
the city and I'd end up buying things," she said.

Which meant charging $400 Prada slingback shoes, $500 Gucci purses, 
pedicures and $150 trips to the hair salon on her six credit cards.

"In my mind I was making a lot of money, so I should live like I make a lot 
of money," she said. "Spending $500 on a Gucci purse didn't seem like a big 
deal."

But after the failure of "Curtis Court," and a stint with the even 
shorter-lived "Ananda Lewis Show," Karyn found herself out of a job and 
faced with an enormous debt in the shaky post-Sept. 11 economy.

"I got really depressed," she said. "And then I snapped back into reality."

First, she moved from her midtown digs to a more modest, shared apartment 
in Brooklyn. For the following four months she was unemployed and living la 
vida frugal -- no more trips to the beauty shop, no more nights on the town.

In April, she finally got a job on the Animal Planet show "Dog Days," but 
took more than a 50 percent pay cut. After doing the math, she figured it 
would take 40 years to pay off the debt. Then she saw the sign in the 
supermarket, and the rest is history.

Karyn says she intends to "pass the buck" when her debt is paid off, 
turning the site over to a similarly indebted soul. Any money she receives 
after clearing her debt will go to charity, she says.

"Also, if this movie thing should happen, then I'll match whatever everyone 
gave me and give it to charity," she said.

But has she really learned her lesson?

"Oh yes, definitely," she said. "Becoming the face of consumer debt was not 
necessarily a situation I wanted to find myself in, and I certainly would 
never want to find my way here again."
**********************************
New York Times
Baby Bells Hoping for a Reprieve

I n the clubby world of Senate policy-making, a single senator in a 
critical position can effectively bring legislation to a standstill.

Senator Ernest F. Hollings, Democrat of South Carolina, largely 
accomplished just that in the costliest lobbying battle over the last 
year  one that may decide which companies will have an edge in the next 
generation of telecommunications.

The senator's gatekeeper role as chairman of the Commerce Committee helped 
to stifle a bill that was backed by the regional Bell telephone companies 
and had passed the House by an almost two-thirds majority. The legislation, 
which would have freed the Bells from being forced to lease their advanced 
data communications networks to competitors, had been opposed by AT&T and 
other communications carriers who count Senator Hollings among their allies.

But now that the Republicans have regained control of the Senate, Senator 
Hollings will be replaced as the committee's chairman by John McCain, the 
Arizona Republican who had led the panel until a year and a half ago and 
has a close relationship with the chairman of the Federal Communications 
Commission. By tradition, the Commerce Committee typically takes the lead 
on communications issues.

While telecommunications is not generally a partisan issue, the Baby Bells 
are welcoming a reprieve from one of their harshest opponents.

"Senator Hollings has historically been very clear about his opinion of the 
Bells," said William M. Daley, a secretary of commerce in the Clinton 
administration who now serves as president of SBC Communications. SBC is 
second only to Verizon Communications, another offspring of the breakup of 
the Bell System, among the nation's largest local phone companies. "McCain 
may be a little more open to some of the positions that we as an industry 
articulate."

Still, while Senator McCain generally favors deregulation as a way to 
stimulate competition, the Baby Bells will not necessarily find him a 
strong ally, given his populist tones.

"Senator McCain places consumer interests above special interests," Pia 
Pialorsi, his spokeswoman, said. "He advocates a deregulatory environment 
that he believes will best support the growth of competitive markets and 
benefit consumers."

As with many aspects of his policy-making, Senator McCain has historically 
chosen an independent path on telecommunications issues. He was one of five 
senators  and the only Republican  to vote against the Telecommunications 
Act of 1996, which helped begin a process of relaxing many telephone 
industry regulations and easing the Bells' way into the long-distance market.

At the time, Senator McCain argued that the law did not take deregulation 
far enough and would lead to prolonged litigation. Indeed, a number of 
provisions of the 1996 law wound up in federal courts.

For the Bells and their competitors, the big contest involves the future of 
the broadband, or high-capacity high-speed networks, that business 
customers and consumers are demanding. It is a business worth billions of 
dollars in annual revenues, and the open questions around the network 
include who will build it, who will have access to it, who will control it 
and who will subsidize it.

The Baby Bells  which in addition to Verizon and SBC are BellSouth and 
Qwest Communications International  argue that they need to be unshackled 
from their obligations under the 1996 law. To promote local competition, 
the law required the Bell companies to open their longtime monopoly 
networks to rivals, generally by leasing access to all the pieces of those 
networks at wholesale prices.

But the Bells say this process has put them at an economic disadvantage to 
cable television companies, which do not face such requirements and which 
have sprinted ahead of the local phone companies in offering broadband 
Internet service to residential customers. Last February, a bill sponsored 
by Representatives Billy Tauzin, Republican of Louisiana, and John D. 
Dingell, Democrat of Michigan, passed the House in a bipartisan vote of 273 
to 157, freeing the Bells from many of the leasing requirements.

"Tauzin-Dingell was all about telling the F.C.C. that the majority of house 
thought the Telecom Act was broken," said Scott Cleland, the chief 
executive of the Precursor Group, a communications research firm in 
Washington. "That message was sent and received."

Opposing the Bells is a large coalition of long-distance carriers like 
AT&T, WorldCom and Sprint; Internet service providers; upstart phone 
companies; and cable companies.

"We're not opposed to deregulation, but we think the competition ought to 
be developed first," said Peter G. Jacoby, vice president of Congressional 
relations at AT&T.

Along with the House majority, Senator McCain and Michael K. Powell, the 
chairman of the Federal Communications Commission, seem to be in general 
agreement that deregulation is the solution to stimulating the 
telecommunications markets. The differences may lie in the details, methods 
and timing.

In August, Senator McCain introduced a bill on broadband deregulation, one 
seen as more of an intellectual exercise than as a pragmatic piece of 
legislation. The proposal, in which both sides find things to like and 
dislike, was seen as the senator's way of injecting his views into the 
debate, without taking sides.

"Unlike other bills which clearly favored one side or another, it takes a 
much more market-by-market approach," said Blair Levin, a former chief of 
staff at the F.C.C. who is now an analyst for the investment firm Legg 
Mason Wood Walker.

The bill, for example, continues to provide the Bells' competitors with 
access to the older technologies in the Bells' networks, while taking a 
hands-off approach to broadband facilities that the Bells may build.

The proposal, focusing on the residential market, also takes an 
antiregulation stance, by restricting the ability of the F.C.C. and state 
agencies to impose requirements on high-speed Internet providers.

While Senator McCain's legislation is dormant, it serves as a signal of his 
thinking to the F.C.C., which is now conducting evaluations that are very 
likely to remove a number of the obstacles for the Baby Bells, industry 
analysts say. Senator McCain and Mr. Powell share a cordial relationship 
and deregulatory philosophy. It was Senator McCain's intervention in 1997, 
after all, that helped Mr. Powell win a seat on the F.C.C. during the 
Clinton administration.

It is at the F.C.C. where the industry now expects the broadband matter to 
be decided. But Senator McCain will still be able to use the Commerce 
Committee as a bully pulpit on his other pet telecommunications 
issues  like rising cable television prices. In April, he asked the General 
Accounting Office to conduct a review of why cable prices have climbed so 
steeply. Since 1996, cable rates have risen 36 percent, almost three times 
the pace of inflation, the Consumers Union said.

While he has not taken a position on EchoStar's proposed acquisition of its 
satellite television rival DirecTV, which the Justice Department and F.C.C. 
have both rejected, Senator McCain has said that the satellite industry 
needs more support to make inroads into cable's market share. He has also 
criticized the broadcast industry for what he considers its foot-dragging 
in the transition to digital television.

A maverick proposal is the senator's call to broadcasters to grant free air 
time for political candidates  a campaign reform measure which the National 
Association of Broadcasters, one of the largest and most influential 
lobbying groups, strictly opposes. Senator McCain said free time would 
de-emphasize large contributions by reducing candidates dependence on 
fund-raising.
***********************
New York Times
November 11, 2002
Lott Says Senate Could Pass Security Bill Within Days
By DAVID FIRESTONE

WASHINGTON, Nov. 10  Trent Lott, the Senate Republican leader, said today 
that he hoped the Senate could approve a vast new Homeland Security 
Department this week, a move that would break a two-month deadlock and 
begin the long-awaited reorganization of the federal government to prevent 
terrorism.

"I think we are very close," Mr. Lott said this morning on the NBC program 
"Meet the Press." "We hope by Tuesday or Wednesday we would have a bill 
that could be passed by the Senate by a wide margin."

But Mr. Lott, who is not yet the majority leader, did not explain how such 
a momentous vote could take place so quickly, within the first three days 
of the lame-duck Congressional session that begins on Tuesday. At least for 
two weeks, the Republicans still lack a majority to push through the Bush 
administration's version of the department, which would eliminate many of 
the Civil Service protections that federal employees have in most other 
government agencies.

Mr. Lott said he believed his side now had the votes to approve the 
administration's plan. Before the election recess, Democrats had 51 votes 
in the Senate for their plan, while Republicans, with 49 votes, were 
filibustering to prevent it from being approved.

During that period, Senator Paul Wellstone, a staunch supporter of the 
Democratic plan, was killed in a plane crash, and his temporary 
replacement, Dean Barkley, has not said which version he plans to support. 
Mr. Lott said today that he "had the impression" that Mr. Barkley might 
join the Republicans. Unless he has received a private pledge of Mr. 
Barkley's vote, the Republicans would have to rely on a Democrat to switch 
sides, and none have yet publicly stated an intention to do so.

Most of the new Republican senators elected last week will take office next 
year. The Republicans will gain the Senate majority in about two weeks, 
when the votes that elected James M. Talent as the new senator from 
Missouri are certified. (Mr. Talent can take office early because he is 
filling the last four years of the term of Mel Carnahan, who died two years 
ago in a plane crash.)

Also on "Meet the Press," the Senate Democratic leader, Tom Daschle, 
repeated his offer from last month to allow the Republicans a straight vote 
on their version of the domestic security bill, followed by a vote on the 
Democratic plan. Republicans rejected that offer at the time.

"My offer still holds," he said. "I don't think I should change the rules 
or change my position on procedure just because we may or may not have the 
votes now."

He noted that Republicans had used the domestic security issue effectively 
against two Democratic senators who lost their re-election bids and 
suggested they might back off their insistence on Civil Service changes now 
that the issue had served its political purpose.

"They've opposed getting it done before the election so they could blame 
the Democrats, because they knew the president had the megaphone," Mr. 
Daschle said. "So we understand that. There were all kinds of political 
games being played. Now we have got to get the job done. Now the game 
should be over."

But it appears unlikely that the Republicans will back off their plans, 
knowing they will control the Senate in a matter of weeks.

Mr. Lott agreed to an accelerated timetable for approving the Homeland 
Security Department at the insistence of President Bush, who said last week 
that quick passage of the agency was now the top priority of the White House.

"It's imperative that it pass in the 107th Congress," said Andrew H. Card 
Jr., the White House chief of staff, on the same program today. "So that 
when the 108th Congress convenes we do have a department up and ready to run."
*****************************
Washington Post
Customs Chief Balances U.S. Security, Global Trade
By John Mintz
Washington Post Staff Writer
Monday, November 11, 2002; Page A23


It was early on Sept. 11, 2001, and Robert C. Bonner, newly named but not 
yet confirmed to head the U.S. Customs Service, was at the Treasury 
Department receiving a briefing. Suddenly, the building was evacuated 
following news of the attacks in New York. Minutes later, speaking by 
secure phone with a top aide he had barely met, Bonner was told, "Sir, we 
need to declare a Level One Security Alert."

Bonner had one question: "Ahhh, what's a Level One Security Alert?"

He realized then that, whatever his inexperience at the agency, he now had 
the difficult job of refocusing the 22,000-employee agency toward a new 
mission -- stopping terrorists from penetrating U.S. borders.

Since that day, Bonner has received strong reviews for the grit and 
aggressiveness he has brought to the job, and also for his sensitivity to 
the needs of the U.S. business community, which fears obsession with 
security will choke off global trade.

Customs did shift to Level One security that day, and its inspectors at 301 
ports of entry immediately ratcheted up scrutiny of incoming cars, trucks, 
trains and ships. Soon, lines at the bridges connecting Canada and Michigan 
stretched for miles, and waiting times grew to 12 hours.

U.S. car manufacturers, who would have to shutter their plants without 
Canadian parts, feared an economic catastrophe, and Bonner quickly learned 
the dangers of overcorrecting. He hurriedly lined up help from Canadian 
officials and the Michigan National Guard, and he had lines at the border 
back to normal within days.

"We have these two huge twin goals that we need to attend to, providing 
security and allowing for trade and travel," Bonner said in a recent interview.

"I give Bonner a lot of points," said Stephen E. Flynn, a former Coast 
Guard commander who directed an authoritative Council on Foreign Relations 
task force on domestic security last month that issued scathing criticisms 
of vulnerabilities at U.S. harbors. "He's done a great job" at the main 
tasks of a Customs commissioner in this crisis, Flynn said.

Instead, Flynn said, U.S. port security has been hobbled in part because 
Treasury Department and congressional officials failed to fully fund some 
security needs.

Bonner has earned a reputation for forcefulness throughout his career. As a 
U.S. attorney in Los Angeles in the 1980s, he prosecuted the Mexican 
murderers of kidnapped Drug Enforcement Administration agent Kiki Camarena, 
winning convictions against 10 men, including some Mexican officials.

Named DEA administrator in 1990, he immediately ordered his subordinates to 
make cases against big-time money launderers. For the first time, the U.S. 
government would stanch drug dealers' money flow. The DEA unit devoted to 
the task grew from two people to 80 almost overnight.

"He's all about taking action and changing things," said Gregory Passic, 
who ran that DEA team and now probes terrorist financing for the National 
Security Council. "He was one of the first guys to realize the importance 
of financial investigations."

Bonner aides point out the irony that this former DEA chief is now 
traveling the nation, urging Customs employees to end their single-minded 
pursuit of finding narcotics in people's luggage and to focus more on 
spotting enriched uranium and nuclear bombs.

FBI officials say Bonner has been overly ambitious in steering Customs into 
complex terrorism investigations, such as the probes of terror funding by 
its Operation Greenquest. Customs agents, the FBI officials say, are in 
over their heads in the realm of terrorism and lack the security clearances 
to do the job.

Bonner's defenders scoff at the criticism, saying that Customs has decades 
of experience attacking money laundering and that the FBI criticism is 
based on turf consciousness.

Bonner declined to respond. Passic explains why: "This is not a parochial guy."

Bonner again demonstrated his penchant for action weeks after the Sept. 11, 
2001, attacks. Congress was passing a new law requiring foreign airlines to 
provide Customs with lists of arriving passengers. But the law wouldn't 
take effect for months, and some Middle Eastern airlines balked. So Bonner 
ordered that all passengers of uncooperative airlines be searched upon arrival.

"Within days, we had 100 percent compliance because he played hardball," a 
Bonner aide said. "We got a quick education who this guy is."

Much of Bonner's time has been devoted to enlisting 1,000 U.S. importers, 
shipping firms and other businesses in a counter-terrorism program of his 
design. They must perform employee background checks and take other steps 
to tighten security; in exchange, they receive expedited processing of 
goods across borders.

But his top priority has been intermodal containers, the 40-foot-long metal 
boxes that are loaded on ships, trains and trucks and handle 90 percent of 
the world's cargo. Customs inspectors can scrutinize only 2 percent of the 
millions of containers entering U.S. ports every year.

In an effort to, in Bonner's words, "extend the perimeter outward," he has 
traveled the world, persuading 14 of the world's top 20 ports -- from 
Rotterdam to Singapore -- to agree to new security procedures and allow 
Customs employees to inspect goods at their seaports. Their payoff, again, 
is faster processing of goods entering this country.

Trade experts express amazement at the speed with which Bonner has 
persuaded foreign trade ministries to join in -- and with minimal help from 
other U.S. agencies. Just two weeks ago, he got China's two mega-ports on 
board, and last week Italy's port of Genoa signed up.

Bonner has generated more controversy in ramming through his bureaucracy a 
new rule requiring importers to provide Customs with manifests of their 
incoming cargo 24 hours before the goods are loaded at a foreign port. 
Customs officials said they need such data to decide which containers 
should be scanned with high-tech machinery or searched.

Some trade firms, especially Customs brokers, protested, saying the rule 
would require too much paperwork and cost them money. Bonner granted a few 
concessions -- exempting bulk importers of oil and lumber, for example -- 
but essentially stuck to his plan.

"I don't know if I'd say it was quite ramming down our throat," said 
Federico C. Zuniga, president of the National Customs Brokers and 
Forwarders Association, "but they had a set plan and they followed it."
*********************************
USA Today
States seek stiffer penalties for securities fraud
By Edward Iwata, USA TODAY

SAN FRANCISCO  Eager to jail more corporate crooks, state enforcers are 
seeking to strengthen state laws against financial fraud.

Their moves come as federal and state authorities continue to investigate 
scandals such as Enron that have cost investors billions of dollars.

Securities regulators, attorneys general and lawmakers in California, 
Oregon, Kansas, Ohio and Pennsylvania are proposing longer prison terms and 
higher fines for corporate wrongdoers.

"White-collar criminals should be held accountable and punished 
accordingly," says Kansas Securities Commissioner David Brant.

In Kansas, proposed laws would more severely punish those nailed for 
securities fraud. For instance, a stockbroker convicted for peddling $1.3 
million in bogus investments could be serving a 5-year maximum term  not 
the 19-month maximum he received.

California Attorney General Bill Lockyer is seeking laws to permit his 
office to take on all civil and criminal securities cases. Only state 
prosecutors in New York, New Jersey, Maryland and Delaware can do both now. 
Elsewhere, securities regulators handle civil cases that may result in 
fines and license revocations for wrongdoers. They refer criminal 
actions  carrying harsher penalties  to state prosecutors and local 
district attorneys.

Lockyer and other state prosecutors hope to wield the same legal clout as 
New York Attorney General Eliot Spitzer, who has won fame for his 
investigations of Wall Street banks. New York's1921 Martin Act is touted as 
the nation's strongest state securities law.

"We can't afford to be lapdogs," says Lockyer, president-elect of the 
National Association of Attorneys General.

Some legal experts say more state laws will overburden a highly regulated 
industry and cause clashes between state and federal authorities. "Enacting 
52 different laws and policies isn't the answer," says New York attorney 
Mark Astarita of Beam & Astarita.

The key problem is a dearth of staffing and money, not weak laws, says 
Indiana Securities Commissioner Brad Skolnik.

"Unfortunately," he says, "white-collar crime still isn't as high on our 
national agenda as it needs to be."
**********************************
New York Times
November 10, 2002
Mr. Qaddafi, You've Got Mail
By DAVID F. GALLAGHER

IF you've sent an e-mail message to Saddam Hussein lately, you should know 
that his in-box is a little backed up and that it might take him a while to 
get back to you.

This public service announcement comes by way of Brian McWilliams, a 
freelance reporter for the technology Web site Wired News. Last month, Mr. 
McWilliams took advantage of some poor security measures and gained access 
to a trove of unread e-mail messages sent to the Iraqi leader by visitors 
to his official Web site.

In an article about the break-in, Mr. McWilliams said he stumbled on 
messages of support, business proposals and obscene death threats, along 
with the usual load of spam.

Mr. McWilliams's minor hacking job raises some obvious ethical issues. But 
it also raises a question for these troubled times: how easy is it for the 
average Internet user to communicate with the world's least friendly regimes?

A quick tour of government Web sites suggests that would-be desktop 
diplomats face some hurdles. Even though the most technophobic nations have 
some kind of Internet presence nowadays, few seem interested in having a 
serious dialogue with Web surfers. It's also clear that the more prickly 
countries tend not to be adept at online public relations. A sampler follows.

?

North Korea relies on a Spain-based group called the Korean Friendship 
Association to maintain its official Web site, www.Korea-DPR.com. The site 
solicits e-mail feedback and posts contributions from visitors, but only if 
they celebrate the memory of Kim Il Sung, North Korea's founder and the 
father of the current ruler, Kim Jong Il. One contribution is attributed 
only to "Internet guest":


Kim Il Sung!

Where would I be without your guidance?

Kim Il Sung!

Your picture adorns my every wall.

Kim Il Sung!

We are such good comrades.

Kim Il Sung!

Without you my world would fall.

The Chinese government tries a little harder to engage the online masses. 
At the China Internet Information Center (www.china.org.cn), editors answer 
questions from readers in the tone of a patient librarian. In response to a 
request for fish recipes, they offer one in which the finished fish 
"beautifully resembles the shape of a squirrel." The site also includes 
letters from readers offering opinions on more contentious topics  opinions 
that seem to line up perfectly with those of China's leaders. This letter 
is said to be from a 14-year-old boy in Melbourne, Australia:


One of the things I hope to see completed in my lifetime is for Taiwan to 
become part of China again. Taiwan is truly inalienable from China, it 
shares the same culture, same history, and just as Hong Kong became just as 
prosperous under Chinese government, so would Taiwan be if China governed 
it. It is only prolonging suffering of its people by having people of the 
same heritage "split" in different countries. . . . I hope to work in China 
one day! Thank you for reading my mail, and please reply if you have time.

Libya's official Web presence is limited to a simple site for its United 
Nations consulate. But a chaotic London-based site called Mathaba.net has 
picked up the slack, providing a virtual shrine to Col. Muammar el-Qaddafi 
that invites visitors to send him an S.M.S., a short text message typically 
transmitted between cellphones. The site's owner did not respond to a 
request for information on exactly how this works, and Colonel Qaddafi did 
not respond to a message. But a few notes from other visitors are posted on 
the site. Here are a few, with the senders' names omitted:


I have followed your progress and I am proud of you. I would like to have 
an office telephone number and fax number to make contact with you. God 
bless you.

 United States

Dear Mr. Qaddafi, Salam, we honor your independent stance in the world 
policy; let us always keep in view our COMMON ENEMIES: Israel and zionized 
America . . . Allah Akbar!

 Ukraine

Glad to see recent statements by your gov. concerning Libya's desire to 
improve its human rights record, return to the community of nations and 
renounce terrorism as state policy.

 United States

Dear Muammar. Hope 2cu soon again in the desert.

 Austria

Western "democracy" has changed into oppressive tyranny  liberty lost. No 
truth in press. My eyes are opening. Good Luck.

 Australia

The gold star for online friendliness among axis-of-evil nations goes to 
Iran, whose elected president, Mohammad Khatami, is famous for embracing 
the Internet. His site (www.president .ir) offers his e-mail address and a 
form that allows visitors to send him messages in Farsi. The form actually 
lets users replace Mr. Khatami's address and write to anyone in the world, 
provided it's in Farsi, though it is not clear whether this is a bug or an 
added feature.

Of course, Mr. Khatami is also famous for the way his reform agenda has 
been undermined by the harder-line clerics who hold ultimate 
power  including the power to repress dissent  in Iran. Still, he soldiers 
on in the cause of openness, maintaining an English-language guest book, an 
apparently uncensored forum where visitors can leave their comments for all 
to read. The postings are full of pro- and anti-Iranian sentiment, much of 
it from Americans, and include several incoherent rants. Some excerpts:


This Web site is one of the most despicable pieces of Orwellianism I've 
ever seen! You say you hate terrorism  yet you are the biggest terrorist in 
the world. . . . LONG LIVE DEMOCRACY! FREE SPEECH! RELIGIOUS FREEDOM! GO 
TEXAS RANGERS BASEBALL!

 United States

Mr. President, allow me permission to travel from Spokane, Washington, to 
Tehran, Iran, to teach you how to get more imports/exports into your 
country. Your people need the food and clean water. I can show you how to 
do this and you will be the hero. Think about it. Thank you.

 United States

India stands shoulder to shoulder with Iran. I am very happy with the 
strategic relationship you have formed with the Russians. Russia, Iran and 
India are a deadly combination that can end the American hegemony in the 
world. . . . With some of their major companies collapsing like a pack of 
cards the American economy is all set for a thunderous fall.

 India

We should all be very afraid of the tension with the U.S. They have 
technology we can not even imagine. I know, I've seen it in Iraq. Please 
Mr. President, comply with their demands before they send us all to Allah.

 Iran

Dear Mr. Khatami, I love Iran, I love its culture, I love its people and so 
do most Americans but in order to receive the fruits of that love you must 
meet us halfway and at least put forth an effort to help rid the world of 
terrorism. Please help before your country, people and culture suffer the 
fate of all our enemies, complete destruction. And that would be most 
unfortunate. Thanks.

 United States

Mr. Khatami: You are a shame for Iranians. You are nothing but a coward, 
you have wasted the opportunity given by the people. . . . If you had a 
shred of dignity, you would have long resigned by now. . . . But you don't!

 Iran

To call Iran part of a make-believe evil axis is to not represent the true 
thoughts of Americans. We know most Iranian people are good, innocent, 
nonviolent people. We know you love as Americans do and that a family is a 
family no matter what continent we live on. . . . May Mr. Bush stop his 
words of hate and progress to words of encouragement toward the beautiful 
Iranian people.

 United States

Iran is so great!! The freedom to be a true Muslim is cool. The West is so 
so repressive and has caused all the world's problems. . . . I hope Allah 
will punish those evil Americans. Allah bless Iran.

 United States

Of course, Web niceties do little good unless the leaders actually read 
their mail. Questions about President Khatami's Internet habits, e-mailed 
to his address and that of his site staff, went unanswered last week. A 
Pennsylvania man was shocked a year ago when his e-mail message to Saddam 
Hussein about the Sept. 11 terrorist attacks prompted a 10-page reply 
ostensibly from Mr. Hussein himself. Yet Mr. McWilliams said that when he 
looked into Mr. Hussein's e-mail account last month it was filled 
completely with unread messages. It seems the endless barrage of spam can 
wear down even the most hardened ruler.
*******************************
USA Today
'Stupidity expert' arrested for Internet solicitation

LANTANA, Fla. (AP)  A man who has written two books on stupidity was 
arrested for allegedly trying to arrange sex with a 15-year-old girl over 
the Internet. The girl turned out to be an undercover male detective.

James F. Welles, the 61-year-old author of The Story of Stupidity and 
Understanding Stupidity, was taken into custody last week after arranging 
to meet the girl at a restaurant, investigators said.

He was charged with soliciting a minor over the Internet and was released 
on bail. He did not immediately return a call to his Pompano Beach home 
Friday.

According to police, Welles was aware of the possibility of a sting, saying 
in one message that he worried about "the state of Florida looming in the 
background."
*****************************
Los Angeles Times
Cyber Crime Fighters Escape Funding Cut
Thousands of high-tech crimes confront law enforcement, including an 
intrusion into the state controller's computer.
By William Overend
Times Staff Writer

November 10 2002

SACRAMENTO -- California's computer crime force was on the chopping block. 
It was May, and state budget cutters were threatening the five regional 
investigative squads with a 30% slash in funding.

Then came disclosure of a high-tech crime close to home at Sacramento's 
Teale Data Center: A hacker had accessed the state controller's computer, 
which holds the Social Security numbers of 265,000 state employees, 
including Gov. Gray Davis.

As investigators followed the trail, they discovered computer intrusion on 
a global scale. By hacking into a computer server known as "Godzilla," the 
intruder had gained access to nearly every state computer in California. 
Systems in 156 countries had also been cracked, including those of more 
than 1,000 businesses and agencies in the United States.

The complex case, still unsolved, is just one of thousands of computer 
crimes confronting California law enforcement.

Whether the breach at the Teale Data Center influenced the Legislature, no 
one wants to say. But the 30% cut was eliminated, despite the state's 
continuing budget crunch. A spokesman for the governor's office of criminal 
justice planning said last week that full funding would continue for the 
state's high-technology crime investigators.

"The task forces will be funded at the same level as the previous year's 
funding," said the spokesman, Tim Herrera. "There has been speculation 
about cuts, but the governor sees this as an area that needs funding so 
these cyber cops can do their jobs."

State Atty. Gen. Bill Lockyer believes that even more computer 
investigators are required.

"We need to dramatically expand these operations," said Lockyer. "If we 
doubled them in size, that might be a start.... This is the fastest-growing 
crime in America."

From the most violent murders to the most common frauds, police and 
prosecutors increasingly find that high-tech detective work is now a 
necessary part of almost every investigation. Even if a computer is not 
used to commit a crime, it still can hold valuable evidence in its memory.

"The computer takes away what I call the moral speed bumps," said Deputy 
Atty. Gen. Robert Morgester, who helped start the state task force system. 
"Like stalking somebody. Without a computer, you have to leave your house 
and do it yourself. Now you can do it right in your home."

A few years ago, the state had only one high-tech criminal investigator. 
Today there are 167 from state, federal and local agencies. Together, they 
receive about $13 million from the state and similar amounts from local 
funding and grants.

Just as the state has beefed up its resources, the FBI has made cyber crime 
an increasingly important priority. Larger police agencies have done the 
same. And the Secret Service recently announced the opening of new task 
forces in Los Angeles and San Francisco, aimed primarily at protecting 
banking and other financial infrastructures from cyber terrorists.

Some computer-based swindles net tens of millions of dollars; some hit 
hundreds or thousands of people for small amounts each. Some people use 
computers to stalk and terrorize. Many more use them for sexual 
exploitation, especially of children.

People using computers can counterfeit everything from bank checks to 
high-quality $100 bills. A Social Security or credit card number is often 
all a criminal needs to clean somebody out.

Altogether, according to state statistics through June 2001, in just two 
years, 410,000 people were affected by cyber crime. The amount known to 
have been lost by companies and individuals approaches $333 million.

Most recently, the San Diego task force was called to help solve a 
Riverside County case that had court officials puzzled. Employees had 
noticed that bail amounts had been reduced to zero in some cases and future 
court dates had been deleted.

Investigators logged on to the computer system and began watching it around 
the clock, said the task force leader, Michael Groch.

"The investigators could see the suspect activity while it was taking 
place," Groch said. "Eventually, it turned out to involve a man with 
considerable computer skills."

According to investigators, Brandon Wilson and William Grace cracked into 
the county's court computer system 72 times, altering Wilson's records and 
those of four other people to make it appear that their cases had been closed.

Charges included possession of illegal drugs and weapons, failure to appear 
in court, driving under the influence, and manufacturing and importing 
weapons. Officials say Wilson changed the records to show that the charges 
had been dismissed.

Wilson also changed drug and gun charges for one woman, and traffic charges 
for a man, investigators said. Wilson also was charged with altering the 
records of an accused embezzler and another man charged with driving under 
the influence.

Facing 216 felony counts each since their arrest in June, Wilson and Grace 
have pleaded not guilty and await trial in Riverside County.

Morgester said one problem in past computer crime cases has been a history 
of light sentences. In addition, many prosecutors are reluctant to pursue 
them because they are often complex and pose difficult jurisdictional 
problems. A criminal can touch victims thousands of miles away.

"An old adage in law enforcement is, 'If it doesn't bleed, it isn't a 
crime,' " Morgester said.

As with the state's other task forces in San Jose, Napa, Los Angeles and 
San Diego, the Sacramento office is a mix of top electronics experts and 
cops pulled from other duties.

On a Tuesday morning, Sacramento County Sheriff's Det. Dave Wright, 
assigned to a federally funded program on Internet crimes against children, 
said thousands of chat rooms focus on child porn.

"Computers are great for business, but they are wrecking our society," 
Wright said. "Child porn is as common as speeding on the freeway."

The range of cyber cases is just as broad for the Southern California High 
Tech Task Force in Norwalk, led by Los Angeles County Sheriff's Deputy Rick 
Craigo.

"One of our biggest cases was counterfeit software coming in from Taiwan," 
Craigo said. "We received information last November from Microsoft and 
[the] U.S. Customs [Service] that it was arriving. We arrested the chief 
suspect the same day, and ultimately wound up with $100 million in 
counterfeit software of Microsoft and Symantec products. The chief suspect 
here faces a possible sentence of up to nine years."

Such cases are only the most visible types of cyber crime, however, Craigo 
said.

"By Dec. 31 this year, we estimate we will have 12,000 identity theft cases 
in Los Angeles alone. We have 11 investigators to handle them," Craigo said.

But even as cyber crime investigators scratch for more money, they speak of 
the need for U.S. businesses and private citizens to take a more critical 
view of the personal information now being routinely gathered on every citizen.

"Ask yourself: Does your dentist really need to know your Social Security 
number?" said Lt. Mike Tsuchida of the Sacramento task force. "Do all those 
businesses out there really need all the information they gather now? 
Should you be giving it so freely?"

Much the same point is made by those on the academic side of the issue. 
Fred Cotton, director of a national computer training center based in 
Sacramento, said government and businesses need to rethink their 
information-gathering processes.

"We really need to think about how we can be more cautious," he said. "The 
public needs to question this too. The bad guys are taking advantage of 
home systems. Most people need to protect themselves better."
******************************
Los Angeles Times
Amazon Writes a Drama in Canada
Booksellers, usually protected from foreign rivals, are irked by lack of 
government action against U.S. e-tailer.
By David Streitfeld
Times Staff Writer
November 10 2002

VICTORIA, Canada -- It used to be easy to identify Canadians. They were 
quiet, law-abiding folks, partial to Wayne Gretzky's hockey, Margaret 
Atwood's novels and Leonard Cohen's music. They shopped at Hudson's Bay Co. 
stores and knew who the Canadian prime minister was. They had Canadian 
passports.

To keep Canadian culture as Canadian as possible, the government erected a 
multitude of barriers. One was that a non-Canadian couldn't own a book 
publisher or distributor. The fear was that an outsider would promote the 
novels of John Grisham, say, over domestic talent.

Jeff Bezos, founder and controlling shareholder of Web retailer Amazon.com, 
was born in New Mexico and lives in Seattle. Yet ever since he launched a 
Canadian Web site in June, he's been one of the biggest booksellers in Canada.

Canadian booksellers are annoyed with Bezos but furious with their 
government, which they say is treating the billionaire entrepreneur like a 
native. They want a federal court to restore those once-sharp distinctions 
between what is local and foreign.

"Amazon has the best of both worlds," said Dave Hill of Munro's Books, one 
of the most prominent independent stores in the country. "It has the 
benefits and the power of being a Canadian company without any of the 
responsibilities."

The cultural laws were drawn up before Internet retailing was even a notion.

"Technology has blurred the edges of commerce," lamented Hill. "How does 
one define Canadian in the Internet era?"

The Net long has been a modernizing force in developing as well as 
politically repressive countries. China is finding it impossible to control 
the Net and the news and ideas it brings. Artisans around the world use Web 
sites to sell directly to U.S. and European consumers.

In industrialized countries, the Net is having an equally pronounced but 
less noticed effect.

"It's an extraordinarily powerful weapon for breaking down national 
cultures," said Mel Hurtig, author of "The Vanishing Country: Is It Too 
Late to Save Canada?" "Canadians like Americans, but they don't want to 
become Americans."

With one-tenth the population of the United States, most of its citizens 
speaking English and living within 100 miles of the border, Canada has had 
to fight to maintain any sort of home-grown culture.

Over the last three decades, a variety of measures have been put in place 
to fund local artists and arts organizations, including publishers, and to 
keep the blockbusters from Hollywood and the bestsellers from New York from 
complete domination.

Canadian songs, for instance, are required to make up a minimum of 35% of 
radio stations' airplay each week. At least 60% of TV programming must be 
produced by Canadians. Foreigners cannot own more than 49% of a book 
publisher or distributor.

When the tools of cultural dispersal were physical, the laws did what they 
were intended to do. A plan by U.S. bookstore chain Borders Group Inc. to 
open a superstore in Toronto in 1996 was nixed by the government.

Even though the store's majority owners would have been Canadian, the 
government worried that Borders' computerized inventory system would give 
less exposure to "Canadian stories, Canadian books, Canadian authors," one 
government official said.

An attempt this year by a U.S. bookstore chain to open an outlet in the 
airport at Halifax, Nova Scotia, also foundered, booksellers here say.

What allowed Amazon to proceed was its virtuality. The company has no 
offices or employees in Canada. Warehousing and shipping are contracted out 
to a division of the Canadian postal service. The Web site, Amazon.ca, 
might appear Canadian, but it floats in the no man's land of cyberspace.

*

Passing Critical Tests

The Department of Canadian Heritage decided that Amazon was neither 
establishing a Canadian business nor acquiring control of an existing one 
-- the two triggers for review. The Web site literally was beyond the law.

"This was fairly black and white in our estimation," said Heritage 
spokesman Len Westerberg, although he acknowledged, "Maybe it's a little 
colorful for other people."

The Heritage ruling brought together two traditional foes: the Canadian 
Booksellers Assn., made up of 1,000 independent stores, and the country's 
sole bookselling chain, Indigo Books & Music Inc.

"We still don't hug," said CBA President Todd Anderson. "But in this case, 
we agree that the government isn't doing its job."

The CBA and Indigo have jointly filed suit in the Federal Court of Canada, 
seeking a declaration that Amazon has established a new business in Canada. 
If the booksellers pass that hurdle, the Department of Canadian Heritage 
would take up the issue of whether Jeff Bezos is Canadian.

"It's a cop-out to say Amazon isn't really in business in Canada," Anderson 
said. "They have inventory here. The government is going to have to stand 
up and put the big-boy pants on and decide whether this is good or bad."

Amazon officials say the Amazon.ca Web site, despite not being owned by 
Canadians, is one of the best things to happen to Canadian culture in a 
long time.

"What we're doing is helping Canadian publishers, Canadian authors, 
Canadian artists reach out not only to Canadians but all across the world 
because Amazon.ca will make Canadian products available to people all over 
the world," Bezos said in June. He declined to be interviewed for this story.

The biggest, most aggressive and most innovative e-commerce company, Amazon 
sees international expansion as a key to growth. It owns one of the two big 
online book sites in Britain and operates the other. Germany, Japan and 
France have their own Amazon Web sites.

In the year before Amazon.ca was started, the company says, 250,000 
Canadian customers bought from the U.S. Web site. By providing direct 
access to Canadian material and eliminating customs delays, Amazon hopes to 
make deeper inroads into the $2-billion Canadian book market.

Although Amazon didn't break out Canadian sales in its recent third-quarter 
report, sales in the North American books, music and video division rose 
17%. In earlier quarters, the unit's growth had been minimal.

Amazon is famous for having lost billions of dollars in its short life. It 
can't be recouping much of those losses in Canada, where it has been 
engaging in a price war with Chapters, the online division of the Indigo chain.

*

Feeling the Competition

At Bolen Books, a 27-year-old store in a Victoria shopping mall, customers 
have started coming in with computer printouts of pages from Amazon, asking 
whether Bolen will supply the same book at the same price. Amazon discounts 
can be as high as 40% on a few bestsellers, although many older titles 
aren't discounted.

"We try to explain that we don't match prices," said co-owner Samantha 
Holmes. "We try to tell them what we have to offer -- that we're a locally 
owned, family-run business. That we employ 60 people here, pay taxes here, 
give to their baseball teams, support their hospitals. Sometimes that 
convinces people."

But it doesn't convince all of them. Special orders at the store are down 
about 30% since Amazon.ca started.

"It's a real long-term business threat," Holmes said. "If we were going to 
expand our Web site, that's stifled."

The Web is a seductive place, where promises are easy to make but can be 
hard to fulfill. The hottest book in Canada at the moment is Yann Martel's 
"Life of Pi." Last month it won the Mann Booker Prize, the most prestigious 
literary award in the British commonwealth, affirming the vitality of 
Canadian writing. Bolen sold 144 copies in two days.

The publisher said it would be weeks before more were available. But Amazon 
was telling its customers it could ship in two to three days. Holmes 
ordered one, trying to determine whether the publisher was playing favorites.

After a week, Amazon sent her an e-mail saying it would be several weeks 
before copies came in. Meanwhile, Bolen's copies arrived early. It was a 
modest victory for physical stores.

"We're adaptable. We'll be OK," Holmes said. "But why after 27 years are we 
still fighting and fighting and fighting for our place? I suppose business 
just isn't fair."

If the booksellers lose their request for government review, they say, soon 
the cultural laws will be further eroded. Indigo is losing money, and there 
probably aren't many Canadian companies that would like to acquire it. A 
much better prospect to buy Indigo is the U.S. chain Barnes & Noble Inc., 
which would be able to argue that Amazon already was operating north of the 
border.

Pretty soon, said "Vanishing Country" author Hurtig, "someone will walk 
into a big Barnes & Noble in Toronto or Calgary and ask, 'What do you have 
on the history of our prime ministers?' And they'll be told, 'Would you be 
interested in a book on the great American presidents? How about something 
on how the Americans won the second world war single-handedly?' "

Hurtig, a former chairman of the Committee for an Independent Canada, 
thinks the battle to save the Canadian identity already has been lost. 
"Canada will become a northern Puerto Rico," he predicted.

Even those booksellers who aren't quite so pessimistic say they feel 
betrayed whenever they see a Canadian postal service delivery truck. The 
sides of the trucks display advertising for Amazon.

"The government has made these rules and laws that you have to buy 
Canadian, but on the other hand a government company is putting out that 
Americans are great," Holmes fumed. "It's incredible."

As for Amazon, the company is serene, confident of ultimate victory. Time 
is on its side, Amazon.ca General Manager Marven Krug said in a September 
interview with news agency Canadian Press.

The more time the matter spends in court, Krug said, the more customers 
Amazon will have a chance to acquire.

"I think it would be completely absurd at that point to try and shut us 
down," he said.
********************************
Federal Computer Week
GIS group advances info-sharing project
Open GIS Consortium, Census Bureau work on prototypes for sharing 
geospatial data
BY Brian Robinson
Nov. 11, 2002.

The Open GIS Consortium Inc. (OGC) this month expects to launch the next 
stage of an initiative to help federal, state and local governments share 
information about systems of vital interest to national security.

OGC expects to announce participants for the second phase of the pilot 
program of its Critical Infrastructure Protection Initiative (CIPI), with 
hopes of having systems to demonstrate by April.

Through CIPI, OGC is developing a network via which different jurisdictions 
can share geospatial information about power plants, telecommunications 
networks and other core systems.

The first CIPI phase, CIPI-1, began in October and is focused on creating 
an underlying system for CIPI applications, called the Critical 
Infrastructure Collaborative Environment.

CIPI-2, sponsored by the U.S. Census Bureau, will result in two prototype 
applications: WebBAS, an online Boundary and Annexation Survey (BAS) that 
updates information on government boundaries collected from state, county 
and local governments; and a server solution for delivering Topologically 
Integrated Geographic Encoding and Referencing (TIGER) data via the Web for 
use by the public and organizations in compiling their own versions of maps.

The consortium has been encouraged by the response to a general call made 
several months ago for communities to participate in its programs, said 
Jeffrey Harrison, director of OGC's interoperability program.

"Communities showed us they were very excited with the idea of using open 
standards for information sharing and were ready to start collaborating 
with each other," he said. "We had a significant response from the 
technology development sector, with some very robust proposals put forward."

With the second phase of the program, OGC seeks to make existing 
information resources maintained by the federal government more readily 
available to state and local agencies.

BAS is currently a paper-based process that is highly labor-intensive, said 
Paul Daisey, an information technologist at the Census Bureau. WebBAS will 
save governments money and enable those that are too small to have their 
own dedicated geographic information system staff to update the information 
on the Web.

TIGER data, which is used to build maps, is currently delivered online, he 
said, but uses a proprietary format that has to be updated every few years, 
which is a cumbersome process. An OGC-compliant server solution will use 
open standards such as Geography Markup Language (GML).

CIPI-2 "is the only initiative we have going on now which is a departure 
from the way we have done things in the past," Daisey said. "The Office of 
Management and Budget has been after us for the last 10 years to automate 
these processes."

With the free flow of information among local, state and federal 
governments and the private sector seen as the underpinning of homeland 
security, OGC's efforts are being watched with interest, said David Sonnen, 
senior consultant for spatial data management at IDC.

Compatibility between different vendors' GIS tools will be vital for this, 
he said, as will the compatibility of the data they produce. Given the 
checkered history of other information technology standards programs, there 
is considerable skepticism about whether OGC will produce the necessary 
level of compatibility for what have, until now, been proprietary systems, 
Sonnen said.

The issues that OGC is tackling will show how GML and other GIS-specific 
geometry and text formats will manage that translation, he said, "and it's 
not a trivial thing to do."

Robinson is a freelance journalist based in Portland, Ore. He can be 
reached at hullite@xxxxxxxxxxxxxxx

***

Starting one-stop access

The Open GIS Consortium Inc. has published a request for quotations for a 
joint pilot program with the Office of Management and Budget's Geospatial 
One-Stop initiative. The aim is to provide one-stop access to government 
geospatial data resources.

The pilot would build a Web portal and a two-state network to show how data 
from different communities  which typically don't use the same models to 
construct and store data  can be combined to provide a comprehensive 
transportation map.

Active server nodes hosted by California, Oregon, Oregon's Jackson County, 
and California's Siskiyou County will provide the transportation data.

If the prototype is successful, users will be able to view data and maps 
via the portal.
******************************
Federal Computer Week
National Archives and Records Administration seeks user input on data storage
BY Diane Frank
Nov. 11, 2002

The National Archives and Records Administration plans to involve users in 
developing the solution for storing electronic records, officials said Nov. 8.

The challenge is coming up with a format for an electronic record, such as 
a word processing document, that can be maintained once the original 
technology is no longer available.

NARA officials believe part of the solution is to store information in 
basic templates, which provide a standardized way of describing the context 
and presentation of a record, said Dan Jansen, a project manager for the 
Electronic Records Archive (ERA) program.

Although NARA will establish the basic template, agency officials plan to 
ask different user communities to help refine the template for particular 
kinds of records, Jansen said at an ERA conference.

Industry has taken a similar approach with Extensible Markup Language 
(XML), which is a standard for tagging information so it can be easily 
transmitted between systems.

Over the past several years, various communities of interest have developed 
special XML schemas for particular uses, such as e-commerce transactions 
and legal information.

The templates are part of NARA's efforts to develop solutions to ensure 
that archivists, agency records management officers and the general public 
can have access to the billions of electronic records agencies being moved 
to archives now, even as more are being generated.

"Electronic government is exploding, and electronic record keeping is not 
keeping up," Reynolds Cahoon, assistant archivist for human resources and 
information services and chief information officer at NARA, said at the ERA 
user conference. "We need to find a way to free electronic records from the 
hardware and software that created them."

NARA does not plan to issue a solicitation for the ERA solution until 
fiscal 2004, and does not expect the final solution to be available until 
fiscal 2007.
*****************************
Federal Computer Week
GAO: Agencies share data despite laws
BY William Matthews
Nov. 11, 2002

Technology is making it easier for government agencies to share 
information, so they are  including details about your bank accounts, 
medical complaints and family lives.

Personal information from an electronic application for a student loan, for 
example, may be transmitted to 10 other government agencies and private 
entities such as consumer reporting agencies, schools and lawyers.

Financial details from a farm loan application sent to the Agriculture 
Department may be sent to other recipients.

And medical records of a government worker seeking compensation for a 
work-related injury or illness may end up in 18 other locations.

"The American public is increasingly concerned about protecting its 
privacy," said Sen. Joe Lieberman (D-Conn.).

A privacy study Lieberman ordered shows that government agencies are 
generally conscientious about following privacy laws, but it reveals the 
distances that personal information can travel once it is submitted to a 
federal agency.

Names and addresses may be checked against criminal databases at the 
Justice Department. Incomes and bank accounts may be compared to tax 
returns at the Internal Revenue Service. Personal information may be sent 
to courts, law enforcement agencies, even the U.S. Postal Service, 
according to a study by the General Accounting Office.

Personal data also may be sent to commercial collection agencies, financial 
consultants, health care providers, labor unions and parties involved in 
litigation.

The practice of sharing information widely increases the risk that 
information will be misused and privacy will be violated, Lieberman said 
Oct. 30 when the GAO report was released.
******************************
Federal Computer Week
Mitre: Open-source code rife at DOD
BY Dan Caterinicchia
Nov. 11, 2002

The use of open-source software within the Defense Department continues to 
gain momentum, especially in the critical area of cybersecurity, despite 
the fact that DOD and industry leaders have raised numerous concerns about 
vulnerabilities associated with the technology.

But what if open-source software applications and development were banned 
in DOD?

A recent study conducted by Mitre Corp. for DOD posed that hypothetical 
question and found that without open-source software, DOD's cybersecurity 
capabilities would be crippled and other areas would be severely impacted.

In open-source software, such as Linux, the source code is publicly 
available and gives users the right to use and change it without asking 
permission from any external group or person.

DOD officials asked Mitre to list the agency's open-source software 
applications and collect examples of how that software is being used.

A two-week e-mail survey identified 115 applications. The survey also found 
251 examples of how the software is used, but the company acknowledged that 
actual use could be "tens of thousands of times larger than the number of 
examples identified."

The report, titled "Use of Free and Open-Source Software (FOSS) in the U.S. 
Department of Defense," was released last month to the Defense Information 
Systems Agency. The report found that open-source software is most 
important in infrastructure support, software development, security and 
research.

"The main conclusion of the analysis was that FOSS software plays a more 
critical role in the DOD than has generally been recognized," the report 
stated.

But the Mitre report is flawed because it is based on a question that 
assumes that open-source software would be banned within DOD, said Robert 
Kra.mer, vice president of public policy at the Computing Technology 
Industry Association Inc. and executive director of the Initiative for 
Software Choice (ISC).

"I know of no one who is saying that," Kramer said. "The ISC is not for 
that at all. The premise is unusual to say the least."

After receiving a working draft of the report in May, DISA solicited 
insights from DOD and the private sector, said Rob Walker, DISA's 
Net-Centric Enterprise Services program manager, in a presentation at an 
open-source conference in Washington, D.C., last month.

The comments collected raised three potential downsides to using 
open-source software:

n Exposure of system vulnerabilities.

n The introduction of Trojan software, which is hostile software covertly 
placed in ordinary applications.

n Conflicts with new software that incorporates "general public license" 
(GPL) source code. If personnel use GPL source code in the course of 
research and development, the entire product of that work is protected, 
whereas other open-source licenses are not as restrictive.

DOD officials' main concern is the licensing question, but "with reasonable 
care, GPL software can be used without disrupting other licenses," Walker 
said. He added that the introduction of unusually restrictive licenses, 
like some used by Microsoft Corp., "presents a more significant issue."

Open-source software is increasingly being used by government agencies, and 
the Mitre report proved that by saying there are thousands more 
applications within the Pentagon than were identified, Kramer said.

"Why do you need a policy to point to either [open-source or proprietary] 
software" when it is continuing to be competitive in the government 
marketplace? he asked.

DISA officials said that how much DOD uses open-source software in the 
future will largely depend on the results of the ongoing policy 
review.joint development Mitre Corp.'s report for the Defense Department 
recommended three policy-level actions to help promote use of open-source 
software in DOD:

n Create a "generally recognized as safe" open-source software list to 
provide official recognition of applications that are commercially 
supported, widely used and have proven track records of security and 
reliability.

n Develop generic policies to promote broader and more effective use of 
open-source software, and encourage the use of commercial products that 
work well with the software. A second layer of customized policies then 
should be created to deal with the four major use areas  infrastructure, 
development, security and research.

n Encourage the use of open-source software to promote diversity in systems 
architecture, which would reduce the cost and security risks of being fully 
dependent on a single software product.Related links:
*****************************
Federal Computer Week
'Sensitive' classification still a sensitive issue
BY William Matthews
Nov. 11, 2002

Presidents from three government science academies have urged the Bush 
administration not to declare information "sensitive but unclassified" to 
withhold it from the public.

During the past year, dozens of federal agencies have adopted informal 
policies of restricting access to information they think could be helpful 
to terrorists planning future attacks against the United States. And since 
summer, the Office of Management and Budget has been considering whether to 
adopt a formal policy for withholding sensitive information.

The presidents of the National Academy of Sciences, the National Academy of 
Engineering and the Institute of Medicine said withholding such information 
could "stifle scientific creativity" and weaken national security.

In a statement in mid-October, the three called "sensitive but 
unclassified" a "poorly defined" category that would "generate deep 
uncertainties" about what can and can't be published.

The presidents agreed that access to some information must be restricted 
"to safeguard strategic secrets." But they said openness remains essential 
for scientific progress and to enhance the public's understanding of 
potential threats.

They urged the Bush administration to stick with a policy the Reagan 
administration set at the height of the Cold War in 1985 that generally 
bans restrictions on the conduct or publishing of federally funded research 
not yet classified.

The National Academies had its own run-in recently with the Bush 
administration over publishing sensitive information. The Agriculture 
Department tried to suppress a National Academies research report on the 
vulnerability of U.S. agriculture to bioterrorism, said National Academies 
spokesman Bill Kearney.

Researchers found that harmful foreign pests and pathogens are "widely 
available and pose a major threat to U.S. agriculture" and that the 
department has failed to plan a defense against a biological attack. USDA 
officials wanted the unclassified report withheld.

"Their objection was that by saying this we are endangering national 
secu.rity," Kearney said. Even after the National Academies removed details 
from the report, USDA officials continued to object, leading some at the 
National Academies to believe the department really wanted to suppress the 
report's criticism, he said.

The National Academies published the report anyway. "We want scientists to 
be enlisted in the fight against terrorism. If secrecy wins the day, you 
won't get the full cooperation of scientists," Kearney said.

Some unclassified information clearly should not be available to the 
public, said Ari Schwartz, associate director of the Center for Democracy 
and Technology. A blueprint of a federal building is an example. Some 
blueprints used to be available on government Web sites, but they should 
not be, he said.

However, the National Academies bioterrorism report shows "there is also a 
legitimate concern that agencies will use new categories of information to 
withhold information that should be made public," Schwartz said.
******************************
Federal Computer Week
Privacy questions still loom over biometrics
BY Dibya Sarkar
Nov. 11, 2002

Biometric technologies have expanded greatly in the past decade, especially 
following the Sept. 11, 2001, terrorist attacks, but experts say there are 
few policies, procedures and laws regarding the collection of biometric 
identifiers, even as public policy debates have swelled over their use and 
potential to invade people's privacy.

SEARCH, the National Consortium for Justice Information and Statistics, 
held a two-day conference on legal and policy implications of biometric use 
in New York City Nov. 5-6, featuring law enforcement, government, industry, 
and privacy and civil liberties experts.

Biometric technologies have been around for some time, most notably 
fingerprinting. However, newer technologies, such as facial recognition and 
iris and retina scanning, are being considered more and more by many 
public- and private-sector organizations for verification of identification 
and authentication.

"What we see today are a lot of pilots, a lot of tests, a lot of 
demonstrations, and not a lot of deployments," said Robert Belair, SEARCH 
general counsel.

The events of Sept. 11, 2001, have spurred support for such technologies, 
said Rebecca Dornbusch, deputy director of the International Biometric 
Industry Association. However, the federal government's inability to pass 
this fiscal year's budget is hampering further deployments.

But not all biometric technologies are the same, officials said, and use 
should be considered carefully. Concerns include invasion of privacy, 
misuse of databases, surveillance and tracking of people, and the linking 
of databases to create, in essence, a national identification database, 
Belair said.

Barry Steinhardt, director of the Technology and Liberty Program for the 
American Civil Liberties Union, said his group supports the use of reliable 
biometrics to authenticate access to secure locations, DNA analysis of 
crime scene evidence and X-rays of air cargo and baggage.

When it comes to facial recognition  where video cameras scan and capture a 
person's face and then software tries to match it against a database 
presumably composed of known criminals and/or terrorists  the technology 
doesn't work, he said, citing uses in Tampa, Fla., and other places. Such 
"surreptitious surveillance" is a waste of law resources and will be 
misused, he said.

Wayne Crews, technology policy director at the Cato Institute, a 
libertarian, market-oriented think tank, said he's less worried about 
facial recognition as long as incidental data is thrown away or not 
collected in the first place.

Chris Hoofnagle, legislative council for the Electronic Privacy Information 
Center, said that industry, the public and the government must address 
questions of how vulnerable the data is to theft or abuse and limit its use 
to a certain purpose.

M. Paul Collier, executive director of the Biometric Foundation, a 
nonprofit group that focuses on research, education and standards, said 
successful implementation will occur when those installing the technology 
work to address the public's questions and concerns.
*****************************
Federal Computer Week
Public still unaware of biometrics
BY Dibya Sarkar
Nov. 11, 2002

Despite widespread media coverage of biometrics since last year's Sept. 11 
terrorist attacks, a new national survey shows that only half of the 
general public is aware of such technologies.

However, the survey also indicates that fighting terrorism and identity 
fraud are the "two strongest drivers" for supporting greater government and 
private-sector use of biometrics.

The public opinion poll was commissioned by SEARCH, the National Consortium 
for Justice Information and Statistics. The first poll was conducted Sept. 
18-30, 2001, shortly after the terrorist attacks, and the second, Aug. 
15-18, 2002.

Despite the public's lack of familiarity, personal experience with 
biometrics rose slightly from 3 percent in 2001 to 5 percent, representing 
10 million people, in 2002, said Alan Westin, a retired Columbia University 
professor of public law and government who helped develop and oversee the 
poll. And although there were slight declines of acceptance during the 
year, public support of law enforcement using biometrics for anti-terrorism 
measures or crime prevention remained high  86 percent in 2001 and 80 
percent in 2002.

The survey also reported strong public insistence that privacy safeguards 
be considered. Eighty percent of respondents in 2001 and 73 percent in 2002 
believed that society will likely adopt such safeguards if and when 
biometric technologies are widely used, Westin said.
*****************************
Federal Computer Week
Agencies struggle with flood of homeland tech
Many companies not aware of federal buying process
BY Diane Frank
Nov. 11, 2002

Federal agencies are still sorting through the wide range of technologies 
that industry is hopes will meet the government's homeland security needs, 
according to officials at the Industry Advisory Council's (IAC) Executive 
Leadership Conference last week.

Since the Sept. 11, 2001, terrorist attacks, companies already in the 
federal market  and many more new to the market  have been offering 
agencies solutions for everything from information sharing to biometrics. 
But while some agency officials have been able to organize those offerings 
for later review, most have found they do not have the time, resources or 
expertise to cull the most useful solutions.

At the Federal Emergency Management Agency, the response from industry was 
"a little overwhelming," said Rose Parkes, FEMA's chief information 
officer. Not all of the solutions fit immediate needs, but FEMA officials 
were concerned they might lose track of solutions that could fill future 
requirements.

The agency set up a database with all the information from vendor 
offerings, market research and responses to specific requests for 
information. When new requirements come up, officials first search the 
database to see if solutions have been offered that could fill the need.

"If the requirement is there and the information isn't, then there's no 
match," Parkes said.

FEMA is one of the 22 agencies and organizations designated to move to the 
proposed Homeland Security Department, and agency officials know that the 
information held in the database possibly could help others.

"As we move into the new department, we will absolutely share the 
information," Parkes said.

Officials involved in setting up the proposed department also recognize the 
need to work with industry to find useful solutions. "We need to provide 
some guidance and direction about where we need help," said Steve Cooper, 
senior director for information integration and CIO of the Office of 
Homeland Security.

Once Congress passes the bill to create the department, "we can pick up the 
pace [on that guidance] significantly," he said.

FEMA's database could also help the Office of Homeland Security evaluate 
solutions already in place at the state and local levels, Cooper said.

The database, however, does not solve a more complex problem that agencies 
are facing. Many, even those with comparatively large information 
technology budgets, do not have the ability to understand and evaluate 
"edge technologies," said Scott Hastings, CIO at the Immigration and 
Naturalization Service.

There has been talk about creating a center within government to evaluate 
new technologies, but officials also hope industry will help weed through 
ideas before they get to the agencies, Hastings said. For instance, 
established federal contractors, which have greater resources and expertise 
than most agencies, could sort through offerings from smaller or less 
experienced vendors, he said.

There is also the concern that in the flood of ideas, agencies might not be 
finding the more innovative solutions available because there are many 
companies that simply do not know how to work with government.

All too often a company pitches an idea without fully understanding the 
federal contracting process and expects that agency officials will be able 
to buy whatever product or solutions they deem interesting, Hastings said. 
Industry associations  such as IAC, the Information Technology Association 
of America and AFCEA International Inc.  also could play a role by finding 
and working with companies "out on the edge," he said. For example, the 
Defense Department last year received more than 12,000 proposals in 
response to its broad appeal for new technology ideas to combat terrorism. 
DOD was overwhelmed by the responses, and officials have been working to 
create a process that allows the department to deal with these requests in 
a more formal way.
******************************
Government Computer News
New York tries biometric kiosks for probationers

By Dipka Bhambhani
GCN Staff

Low-risk offenders on probation in New York City no longer have to check in 
monthly with their probation officers so long as at least one of their 
hands is on file. Kael Goodman, the Probation Department's assistant 
commissioner and CIO, has installed 14 biometric-enabled kiosks at offices 
in several boroughs where probationers can report their whereabouts and 
progress.

About 11,000 offenders are required to use the kiosks instead of making 
appointments to see an officer. Eliminating in-person appointments reduces 
human error and frees probation officers to deal with higher-risk 
criminals, Goodman said. Seventy-six percent of the criminals on probation 
in New York City are high-risk felons.

The kiosks connect directly to the department's Adult Restructuring 
Tracking System database. A subject places one hand on the hand-geometry 
reader, answers a few questions and leaves. The system automatically 
informs a designated officer if a probationer fails to report once a month.

Offenders initially have a photo and hand-geometry indicia recorded for the 
tracking database. "We know who our people are, we know where they live," 
Goodman said. "We've leveraged the best biometric technology we can find."

Hand-geometry readers might deny access if a subject is wearing jewelry, 
has longer fingernails or has changed body weight, he said. Goodman plans 
to add kiosks with voice-recognition technology, which tests voice stress 
and intonation as a backup identifier. Offenders could then call in their 
reports verbally. But voice technology is less reliable, he said, because 
it sometimes doesn't pick up varied speech patterns and accents correctly.
****************************
Government Computer News
Congress jumped the gun on biometrics, FBI official says
By Dipka Bhambhani
GCN Staff

The implementation of biometric technology became a hot topic when Congress 
passed the Patriot Act and Border Security Act last year after the Sept. 11 
terrorist attacks, but the measures were premature, the FBI's acting deputy 
CIO said.

Both pieces of legislation appropriated funds for biometric systems, but 
the technology is not yet ready for widespread implementation, the FBI's 
Selena Hutchinson said this week at a conference in New York, Beyond the 
Technology: The Law and Policy Implications of Biometric Use.

And development of biometric systems will be slowed by other concerns, such 
as the potential war on Iraq, Hutchinson said.

Part of the government's vision for biometrics is linking subjects' 
biometric identifiers with information in databases at various agencies. 
Sharing that information, Hutchinson said, will require agencies to share 
the technologies they use.

"It's going to be incumbent on us to leverage from each other," she said.

The FBI's Integrated Automated Fingerprint Identification System is the 
closest thing to enterprise adoption of biometrics by the federal 
government, said Raj Nanavati, a partner in the International Biometric 
Group in New York, who also spoke at the conference.

Linda Phillips, director of technology consultant PNL Associates LLC of 
Falls Church, Va., said the government hasn't implemented any large-scale 
use of biometrics and probably won't barring another catastrophe similar to 
the terrorist attacks.

"It's going to take another crisis to use biometrics on any level," 
Phillips said.

While several speakers envisioned slow adoption of biometrics, Capt. Thomas 
Cowper of the New York State Police predicted significant progress in the 
near future . "We are on an exponential curve," he said of law enforcement 
use of biometrics.

Cowper said that in 10 to 12 years some police officers might wear 
biometric scanners while walking a beat, allowing them to determine the 
identities of suspects instantly while in the field.
******************************
Government Computer News
Northrop Grumman wins $228 million INS contract
By William Welsh
Washington Technology

The Immigration and Naturalization Service this week awarded a five-year, 
$228 million contract for IT services to Northrop Grumman Corp.

The contract, a blanket purchasing agreement, calls for Northrop Grumman 
Information Technology of Herndon, Va., to support the primary IT 
infrastructure and provide IT support services for more than 100 INS 
offices in the United States and at several overseas offices.

The agreement was awarded through the General Services Administration's 
Federal Technology Service on behalf of INS. It covers about 40,000 desktop 
PCs, servers and LANs supporting more than 1,400 sites.

The agreement is one of the company's largest contracts with the federal 
government, said Jim Perriello, president of government solutions for 
Northrop Grumman IT.

The company will provide a range of IT support services, including hardware 
maintenance; desktop and server management; asset management; 
infrastructure deployment; design, planning, installation and certification 
of the infrastructure cable plant; daily IT security operational support; 
and IT training. The company also will maintain ADP operations.
***************************
Government Executive
November 11, 2002
Skills gap shrinks between public, private tech workers
By Molly M. Peterson, National Journal's Technology Daily


Efforts to boost information technology training for government employees 
have helped narrow the skills gap between public- and private-sector IT 
workers, according to a recent study by Brainbench, an online 
skills-testing firm.

"Government IT workers are showing significant strengths in some important 
technology areasespecially the increasingly popular Unix [and] Linux 
arenas," said Mike Russiello, president and CEO of the Chantilly, Va.-based 
company.

The study compared the scores of more than 4,000 government employees and 
more than 7,000 private-sector workers who took Brainbench's IT skills 
tests online. The study analyzed the workers' test scores in eight major 
areas and found that government workers' scores surpassed those of private 
sector workers in three categories.

Government workers' average scores on tests of skills of the Unix and Linux 
operating systems were 3 percent higher than those of private-sector 
workers, according to the report, which was released Oct. 29. Government 
workers also scored 5 percent higher than private-sector workers on skills 
tests involving Microsoft technology administration and 8 percent higher on 
Microsoft applications tests.

Russiello said those scores indicate that a "historical skills gap" between 
government and private-sector IT workers has begun to close. "The increased 
attention that has been paid to this historical skills gap by such leading 
organizations as the federal government's Chief Information Officer's 
Council and the National Academy of Public Administration have played a 
role in helping to close this ... gap," he said.

But the study also found that private-sector workers outperformed 
government employees in five of the eight major tech categories. In tests 
of entry-level tech skills, private-sector workers' scores were 17 percent 
higher than those of public-sector workers. Private-sector workers also 
scored 17 percent higher than government workers on programming-language 
skills tests.

Private-sector employees also garnered higher scores than government 
workers on tests of networking skills, database skills and Internet skills.

Virginia Republican Tom Davis, who chairs the House Government Reform 
Technology and Procurement Policy Subcommittee, said his bill to create a 
"digital tech corps," H.R. 3925, which the House approved last April, would 
help further close the skills gaps.

"This study shows that our heightened efforts to offer better training and 
pay to government IT workers are beginning to pay dividends," Davis said 
recently. "But we still face severe challenges when it comes to recruiting 
and retaining top-notch IT specialists."
*********************************
Government Executive
November 8, 2002
Standards agency seeks input on computer security
From National Journal's Technology Daily

The National Institute for Standards is soliciting public comments on two 
of its draft reports concerning the security of federal technology systems.


The agency, which historically has published reference materials and 
guidance in the computer security, has prepared a draft report called 
Security Considerations in Federal Information Technology Procurements, 
which aims to provide broad resources to federal procurement officials to 
take into consideration when purchasing new equipment.


It also details security steps that must be integrated into procurement 
phases, including the mission and planning of purchases to the disposition 
and closeout of a contract. NIST's Guide to Selecting Information 
Technology Security Products details specific technologies to meet computer 
security needs.


The agency's staff will take the comments, which are due Monday, into 
consideration when formulating final reports, which come out sometime early 
next year.
******************************
Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx