[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips November 26, 2002

Clips November 26, 2002

ARTICLES

Three Charged With Stealing 30,000 Credit Reports
Cash-strapped parents turn to their kids for credit
Students' Computers Seized at Annapolis
Critics Say Government Deleted Web Site Material [Censorship]
Court to Decide on Online Copyright Suit
The Censor and the Artist: A Murky Border
Wireless LAN vendors attack security issues
Georgia CIO Singer resigns
Counterterrorism project assailed by lawmakers, privacy advocates
Users Begin to Demand Software Usability Tests
Homeland security bill limits vendor liability
America Online blocks instant spam
Global Network Battles Bioterror
Why we're all at risk of ID theft
New credit cards dangle from keychains
EU Networks for e-government
New email worm detected
DARPA Looks to Quantum Future
ISPs Must Better Prepare For Attacks, Report Warns
Nearly 1 Million IT Jobs Moving Offshore
E-Mail -- A Company's Forensic Nightmare

*************************
November 25, 2002
Three Charged With Stealing 30,000 Credit Reports
By THE ASSOCIATED PRESS

NEW YORK (AP) -- Federal authorities charged three men with orchestrating a huge identity-theft scheme in which credit information was allegedly stolen from more than 30,000 victims.

Manhattan U.S. Attorney James Comey said the arrests announced Monday mark the largest identity theft case in U.S. history, with initial losses pegged at $2.7 million and growing.

``With a few keystrokes, these men essentially picked the pockets of tens of thousands of Americans and, in the process, took their identities, stole their money and swiped their security,'' Comey said.

More than 15,000 credit reports were stolen using passwords belonging to Ford Motor Credit Corp. to access information from Experian, a commercial credit history bureau, officials said. Credit reports also were stolen from other companies, authorities said.

Authorities say the scheme began about three years ago when Philip Cummings, a help-desk worker at a computer software company, agreed to give an unidentified co-conspirator the passwords and codes for downloading consumer credit reports.

The FBI also charged Linus Baptiste and Hakeem Mohammed with roles in the far-flung fraud.

Cummings was paid roughly $30 for each report, and the information was then passed on to at least 20 individuals who then set out to make money from the stolen information.

Victims have reported losing money from their bank accounts, seeing their credit cards hit with unauthorized charges, and having their identities assumed by strangers.

Baptiste allegedly downloaded hundreds of credit reports with Cummings' access passwords. Mohammed has pleaded guilty to mail fraud for making changes to individual credit accounts.
******************************
Chicago Sun-Times
Cash-strapped parents turn to their kids for credit
November 26, 2002
BY MARTHA IRVINE
Chicago Sun-Times

It was her first credit card application, or so she thought, prompted by an offer on her Ohio college campus for a free T-shirt.

But a rejection letter uncovered troubling news--someone had already opened four credit cards in her name and racked up $50,000 in debt.

That someone was her father.

''I couldn't believe it,'' says the young woman, who asked not to be named. Her father has not been charged.

Now 25 and living in Chicago, she says she knew her father was struggling financially after his divorce from her mother and the failure of his restaurant. But she never imagined he'd fill out credit card applications sent to his home in her name. ''He completely violated my trust and my privacy and my future,'' she says.

With the proliferation of credit cards, experts say, parents who've botched their own finances are increasingly tempted to dip into their children's credit. As co-signers, all they need is a birth date and Social Security number.

''I've seen it happen a lot--and the damage it takes to correct it is tremendous,'' says Howard Dvorkin, president of Florida-based Consolidated Credit Counseling Services. ''These people don't go in with the intention of screwing up their kids' credit. The problem is, old habits are hard to break.''

Not wanting to file a complaint against her dad, she persuaded him to consolidate the $50,000 credit card debt and pay it off by having his wages garnisheed.

Meanwhile, she had $30,000 in student loans of her own.

''I worried about everything. Am I going to be able to get a car when I graduate? Am I going to be able to get an apartment? Am I going to find someone who's going to want to marry someone with $80,000 debt?'' she says.

Her father, now a bus driver, declined to comment. But five years later, the debt is finally gone.

In some cases, law enforcement is stepping in. Last month, a father from Billings, Mont., was sentenced to five years in prison for charging $12,000 to credit cards in his daughter's name.

Some parents put bills--cable TV, utilities--in their kids' names.

Dionicio Campos, a 29-year-old Chicagoan, says he's been stuck untangling the trouble caused by his mother's ex-boyfriend and others using his Social Security number.

''I'm sure a 17-year-old kid isn't worrying about his mom taking his stuff from him--but maybe he should,'' Campos says.

Overall, identity theft and credit card fraud have reached an ''epidemic level,'' says Carl Pergola, national director of fraud investigations for accounting firm BDO Seidman.

Vital information, he says, is stolen by everyone from parents to co-workers to hucksters who post fake job listings or run other schemes.

He says young people whose parents have money problems should consider running regular credit reports--and request that the three major credit agencies notify them when new accounts are opened in their name.

Last year, the Federal Trade Commission says, 6 percent of the 86,168 people who reported identity theft to the agency said a family member was responsible. Joanna Crane, an attorney who manages the FTC's identity theft program, says those figures are ''only the tip of the iceberg,'' because many cases go unreported or are reported directly to credit providers.

Even if parents aren't stealing credit, experts say, young people whose parents are bad money managers should still seek help with their finances--even for simple matters like creating a monthly budget.

''Parents don't realize that their bad financial habits are being passed on to their kids,'' says Michelle Hoesly, a member of the Million Dollar Round Table, an organization of finance professionals.

For children whose parents have abused their credit, the options include paying off the debt in big chunks or filing a complaint that could send the parent to jail. ''Those choices are not very good,'' Dvorkin says.
******************************
Washington Post
Students' Computers Seized at Annapolis
Academy Battling Music, Film Theft
By Amy Argetsinger and Jonathan Krim
Tuesday, November 26, 2002; Page A01

The U.S. Naval Academy in Annapolis has seized nearly 100 student computers suspected of containing illegally downloaded music and movies, the toughest action yet in higher education's struggle against the trading of copyrighted material over colleges' Internet servers.

Navy officials said punishment could range from loss of leave time to court-martial and expulsion.

Though the consequences for midshipmen may be unusually steep, in part because the computers are government property, the issue is bedeviling college administrators across the country.

In recent years, students have taken advantage of super-fast campus Internet networks to swap a wide variety of entertainment -- movies, music, television shows -- for free. The industry objects to any copyrighted content being exchanged electronically -- whether the next single by Eminem or the latest episode of "The West Wing." That is in contrast to the taping of TV shows and music on video and audio cassettes, which cannot be distributed to millions of people at the touch of a button.

The music and film industries -- having vanquished Napster, the mother of all music-sharing software, in court -- are pleading with universities to help stop a new generation of file-sharing, which they say cuts into their sales and violates copyrights.

Meanwhile, colleges have found their computer systems slowing to a crawl because of the strain placed on them by the nearly constant downloading of audio and visual files.

"Our outbound service to the Internet gets maxed out," said Carl Whitman, executive director of e-operations at American University in the District. "If you're a prospective student interested in applying or a student trying to do work from home, you can't get into our system sometimes because it's saturated."

Many schools have adopted computer policies that prohibit students from circulating copyrighted materials and cut off repeat offenders from Internet-server privileges. Yet school officials continue to come up against the casual attitudes of students, many of whom have few moral qualms about something as cheap and easy as downloading a song.

"This is a lot better deal than going out and spending $15 for 20 other tracks on a CD you don't want," said Evan Wagner, 20, a junior at AU. "It takes you five or 10 seconds to type in. There's no risk, and it's one of those things where you don't see the victim."

Last month, four entertainment industry lobbying groups sent letters to 2,300 colleges and universities urging them to crack down on piracy by students. This was part of an aggressive, multi-pronged campaign, stretching far beyond college campuses, against file-swapping technologies and their users.

The Recording Industry Association of America has been successful in suing to force Napster and other popular services out of business. The entertainment industry has lobbied Congress, so far unsuccessfully, for legislation that would mandate building barriers into computers to block illegal copying and that would allow copyright owners to hack into offending computer systems.

The content industry also has sought to compel companies that provide Internet access to consumers to identify users who illegally download copyrighted material. In a case awaiting a ruling in federal court in Washington, the RIAA is seeking to force Verizon Corp. to divulge the name of a customer suspected of downloading music files illegally.

The letters to colleges, many of which operate their own networks, avoided direct threats. Instead, they urged the schools to develop methods of raising awareness of copyright theft and stamping it out.

The Naval Academy had issued several warnings to students before taking action Thursday, when computers were seized while midshipmen were in class. Cmdr. Bill Spann, academy spokesman, confirmed that an investigation is underway but declined to comment further.

Higher education lawyers suggested that the academy took stronger action than most institutions because it is a federal installation. "The academy may be wanting to send a strong message to midshipmen, as a shot across the bow," said Sheldon E. Steinbach, general counsel of the American Council on Education.

In only a few other cases has strong action been taken against college students. In August 1999, a 22-year-old University of Oregon student negotiated a plea agreement under which he was convicted of distributing illegal music files and received probation. A year later, campus police at Oklahoma State University seized the computer of a 19-year-old student who had more than 10,000 songs on file that he was sharing with others. He pleaded no contest to a misdemeanor.

This year, University of Georgia officials reported to the student judicial system that a freshman had downloaded a copy of "Austin Powers 3: Goldmember." Ben Albert, 18, of Roswell, Ga., said he was shocked to be singled out, because "every one of my friends does it."

Albert received six months' probation from the university and was ordered to write a paper on copyright law. But he asked why the industry is going after people like himself. "They should be targeting the people higher up on the media food chain, who are actually encoding [the material] and putting it up on the Internet," he said. "That would have much more effect."

Some colleges have put in special programs to prevent students from using too much of the campus's computer capacity or to limit the amount of capacity that can be used for file-sharing. Campuses are reluctant to block file-sharing altogether because of free-speech and privacy concerns.

"We don't pretend to know that what's being shared is inappropriate," said AU's Whitman. "We're not in a position to monitor and make that presumption. We're sensitive to people's privacy."

Most colleges simply send warnings to students whom industry groups have reported as downloading copyrighted material. "We make sure the music is taken off the hard drive and inform the student that if we get another message, we'll take their computer off the server," said Joy Hughes, vice president for information technology at George Mason University.

That usually does the trick, she said: "I don't think the students realize that there's a record of their having done this. When we send them a letter, citing the time, date and machine number, it's enough to make them understand."

Some in the technology community criticize the content industry's tactics as an assault on the concept of "fair use," under which it is generally accepted that a person can lend a book, tape a song or share videos of TV programs.

They argue that rather than going after file-sharing, the movie and recording studios should concentrate on building online services that offer copyrighted material at reasonable prices.
****************************
November 26, 2002
Critics Say Government Deleted Web Site Material to Push Abstinence
By ADAM CLYMER
New York Times

WASHINGTON, Nov. 25 Information on condom use, the relation between abortion and breast cancer and ways to reduce sex among teenagers has been removed from government Web sites, prompting critics to accuse the Department of Health and Human Services of censoring medical information in order to promote a philosophy of sexual abstinence.

Over the last year, the department has quietly expunged information on how using condoms protects against AIDS, how abortion does not increase the risk of breast cancer and how to run programs proven to reduce teenage sexual activity. The posting that found no link between abortion and breast cancer was removed from the department's Web site last June, after Representative Christopher H. Smith, a New Jersey Republican who is co-chairman of the House Pro-Life Caucus, wrote a letter of protest to Secretary Tommy Thompson calling the research cited by the National Cancer Institute "scientifically inaccurate and misleading to the public."

The removal of the information has set off protests from other members of Congress, mainly Democrats, and has prompted a number of liberal health advocacy groups to accuse the department of bowing to pressure from social conservatives.

The controversy began drawing attention late last month, when Representative Henry A. Waxman, the California Democrat, and other members of Congress wrote to Mr. Thompson protesting the removal of the material. Bill Pierce, the department's deputy assistant secretary for media affairs, said that in all three cases the removals were made so that material could be rewritten with newer scientific information. He also said the decisions to remove material had been made by the Centers for Disease Control and Prevention or the National Institutes of Health without any urging from the department's headquarters.

But in one case the removal of information about condoms from a C.D.C. Web site he was contradicting a C.D.C. official. That official, Dr. Ron Valdiserri, deputy director of the center's program for H.I.V., S.T.D. and TB Prevention, said on Oct. 31, when questioned about the removal of Web site information at a news briefing on syphilis trends, that it was a joint C.D.C.-Health and Human Services decision. Asked about the contradiction, Mr. Pierce said it was a C.D.C. "decision to do it."

The department has previously been accused of subverting science to politics by purging advisory committees and choosing scientific experts with views on occupational health favorable to industry.

In an interview, Mr. Waxman said: "We're concerned that their decisions are being driven by ideology and not science, particularly those who want to stop sex education. It appears that those who want to urge abstinence-only as a policy, whether it's effective or not, don't want to suggest that other programs work, too."

One Republican congressman, Representative James C. Greenwood of Pennsylvania, joined Mr. Waxman and 10 other Democrats, in writing Secretary Thompson on July 9 to complain about the deletion of the breast cancer report. Mr. Greenwood had no comment today.

Mr. Smith, who asked that the breast cancer report be expunged, could not be reached. In his letter, which was signed by 27 of his colleagues in the House, objections to the study were termed scientific, not political. Their letter contended that the large majority of studies showed a relationship between abortion and breast cancer, and argued that the study relied on by the National Cancer Institute "contains many significant flaws."

The deletions have caused anger among some health activists. Gloria Feldt, president of the Planned Parenthood Federation of America, had a sharp criticism of H.H.S. She said: "They are gagging scientists and doctors. They are censoring medical and scientific facts. It's ideology and not medicine. The consequences to the health and well-being of American citizens are secondary to this administration."

James Wagoner, president of Advocates for Youth, a public health organization dealing with adolescent sexual health, objected to the removal of information on programs aimed at reducing sexual activity among teenagers, which was contained on the Web site of the National Center for Chronic Disease Prevention and Health Promotion, saying that there "seems to be a concerted effort to censor science and research that supports contraception in favor of `abstinence-only until marriage' programs."

Terje Anderson of the National Association of People with AIDS, speaking of the deleted condom information, which was removed from the National Center for H.I.V., S.T.D. and TB Prevention Web site on July 23, 2001, said, "Something doesn't need to disappear for a year and a half to be updated."

The Web site said, in part: "Studies have shown that latex condoms are highly effective in preventing H.I.V. transmission."

Kitty Bina, a spokeswoman for the C.D.C. in Atlanta, said the revised version, which would explain that condoms did not always provide protection from other sexually transmitted diseases, had been sent to department headquarters for review.

The National Cancer Institute's removed document, "Abortion and Breast Cancer," said: "The current body of scientific evidence suggests that women who have had either induced or spontaneous abortion have the same risk as other women for developing breast cancer."

Dorie Hightower, a press officer at the National Cancer Institute, said: "We regularly review our fact sheets. We regularly update them for accuracy and scientific relevance. This was taken off the Web to review it for accuracy in July." She said that the review was to see if there had been other scientific studies. "There is supposed to be an interim statement that is going to be posted shortly," she said.

The C.D.C. Web site had also published information about intervention programs designed to discourage teenage sexual activity. Some mentioned abstinence, one mentioned condoms. Katharine Harvin, speaking for the C.D.C. in Atlanta, said the information was removed in June because some "communities and schools did not adopt packaged interventions, because some parts were disliked, or parts were liked and disliked."
********************************
Associated Press
Court to Decide on Online Copyright Suit
November 26, 2002

By SANDRA MARQUEZ, Associated Press Writer

LOS ANGELES (AP) - A federal judge has signaled his support for a bid by record companies and movie studios to sue the parent company of Kazaa, a popular online file-swapping service.



U.S. District Judge Stephen Wilson heard arguments Monday on whether Sharman Networks Ltd., which is headquartered in Australia and incorporated in the Pacific Island nation of Vanuatu, is subject to U.S. copyright laws.


"It is a difficult question, but it has to be resolved," Wilson said. "The court will do its best to resolve it promptly."


Although Wilson did not indicate when he plans to issue a ruling, he appeared to tip his hand, noting that he "would be inclined to find there's jurisdiction against Sharman."


"I find the argument about providing the service to so many California residents compelling," Wilson said, referring to the plaintiffs' claims that Kazaa provides free access to copyrighted music and films to some 21 million users in the United States. The company has advertising revenue of about $4 million.


The Sharman case is one of the largest in the recent copyright wars testing the international reach of U.S. courts. If Wilson decides Sharman can be sued, the company would be thrust into the same legal predicament that has stymied popular swapping services such as Napster (news - web sites) and Aimster.


David Casselman, an attorney representing Sharman, said holding the online swapping company liable for copyright violations would be akin to prosecuting a computer manufacturer for the actions of computer hackers.


David Kendall, an attorney representing six movie studios, including Disney, Fox and Paramount, said the fact that Sharman's product is available in this country is sufficient cause to face trial in a U.S. court.


"It does not violate due process to have them stand here to answer for their conduct," Kendall said.


Sharman attorney Rod Dorman countered that such a move could open a door for a judge in "communist China" to rule against U.S. companies that operate online. The judge did not appeared swayed by the argument.
*******************************
New York Times
November 26, 2002
The Censor and the Artist: A Murky Border
By EMILY EAKIN

Does using software to remove potentially offensive language, sex and violence from R-rated movies constitute censorship? Or, by allowing viewers to tailor films to their tastes, is it a reasonable concession to consumer choice?

This was one of the questions confronted at a conference on free expression and the arts at Columbia University last week that focused on new limits on artistic freedom in a high-tech culture. In this evolving environment, artists seeking access to images and information often find themselves in battle with companies determined to protect their content and trademarks from unauthorized use.

In two days of heated discussion, several dozen scholars, activists, artists, foundation officers and media executives invoked a baffling array of recent cultural developments, including corporate consolidation of radio stations, the extension of the copyright term and the crackdown on illegal Internet file-sharing. And though no consensus emerged, many panelists seemed to agree that artists may face more resistance from private companies than from the political and religious groups that have objected to certain expressions in the past.

In his keynote address on Wednesday morning, Lee C. Bollinger, the university's president and a law professor who specializes in the First Amendment, noted that the Supreme Court did not define free speech until 1919. As a set of constitutional rules and interpretations, he told participants gathered in a lecture hall at Columbia's Graduate School of Journalism, free speech is "simply an invention of the 20th century."

Already, conference organizers argued, free speech doctrine is taking a backseat to the murky thicket of copyright law, at least when it comes to fights over artistic expression. Michael Janeway, director of the National Arts Journalism Program, which sponsored the conference, said censorship battles were no longer being waged primarily against governmental bans on books or movies but "amid increasingly chaotic definitions of intellectual copyright, against a backdrop of technological revolution and legal and regulatory confusion."

While outside the building, Columbia students exercised their free speech rights by staging an antiwar protest with posters declaring, "Bush is the real terrorist," Andras Szantos, deputy director of the arts journalism program, joked that the First Amendment was so tangential to current art censorship cases that someone had suggested calling the conference "Does the First Amendment matter anymore?" (It was called "The New Gatekeepers" instead.) "These days, many artists are more afraid of getting a cease-and-desist letter than of outright censorship," Mr. Szantos said.

Several panelists endorsed this claim, painting a picture of media corporations that monopolize content, demand exorbitant licensing fees from artists and Internet users and threaten violators with legal action. "Some copyright holders would have individuals believe users have no rights to reuse a work or parody it," said Wendy Seltzer, a fellow at the Berkman Center for Internet and Society at Harvard Law School and the founder of Chilling Effects Clearinghouse, a Web site that collects cease-and-desist letters sent to Internet users and advises them on their rights.

Often, Ms. Seltzer said, the law is unclear. In one letter that appears on the site (www.chillingeffects.org), for example, a lawyer from Paramount Pictures warns a Star Trek fan in Peoria, Ill., that the plot synopsis of "Star Trek: First Contact," he posted on his Web site constituted copyright infringement. In fact, Chilling Effects' legal team explains that this is not necessarily true. Since its Web site was inaugurated four months ago, Ms. Seltzer said, Chilling Effects has received 450 letters (including some, she stressed, from users who had clearly been breaking the law).

Gigi B. Sohn, president of Public Knowledge, a nonprofit advocacy group in Washington, said that measures like the 1998 law that extended the copyright term by 20 years, along with more aggressive enforcement by corporate copyright holders, were compelling some artists to engage in self-censorship. Rather than risk a lawsuit, she said, some hip-hop musicians have abandoned sampling, once the genre's signature technique.

But other panelists disputed this dire view. "Taking a work, unaltered and using it, that is theft," said Richard Masur, an actor and former president of the Screen Actors Guild. Shira Perlmutter, associate general counsel for intellectual property policy at AOL Time Warner, called the copyright extension an "incremental addition" to existing law, pointing out that it was designed to protect artists and their heirs as well as corporations.

Charles C. Mann, a correspondent for The Atlantic Monthly, noted that despite the talk about corporate censorship, it was easier to download a bootleg copy of "Steamboat Willie," the 1928 Disney film that prompted the company's successful campaign to extend the copyright term, than to rent a legal one at a video store. Summing up the paradox, Mr. Mann said, "Copyright is stronger than ever, which experts say will plunge us into the Dark Ages. Copyright is weaker than ever, which experts say will plunge us into the Dark Ages. The confusing thing is that both statements happen to be true."

There is also evidence that traditional free speech issues persist. Sarah Jones, a performance artist, spoke about her suit against the Federal Communications Commission after it declared indecent "Our Revolution," her spoken-word song parodying hip-hop misogyny, and fined a Portland, Ore., radio station $7,000 for playing it.

One panelist who seemed unfazed by the unfolding debate was Breck Rice, co-founder of Trilogy Studios, a Utah company whose software program Moviemask is used to sanitize R-rated movies. On Thursday afternoon Mr. Rice demonstrated the latest advances in his company's technology.

A famous scene from the film "Titanic" flashed across his computer screen. There was Leonardo DiCaprio lovingly sketching Kate Winslet as she lounged seminude on her stateroom bed. Then the scene flashed by again. This time Ms. Winslet's torso was decorously sheathed, and on Mr. DiCaprio's sketch pad there was a ruffled bodice where seconds before a naked breast had been.

"Censorship is one person or one group imposing their point of view on the public," Mr. Rice explained. "We provide choice to consumers."

But neither artists' advocates nor corporate executives seem ready to accept that argument. The Directors Guild of America has already filed a lawsuit against Trilogy and other companies that use similar technology, and Hollywood studios are expected to join in.

"It's worrisome as a matter of artistic integrity," said Marjorie Heins, director of the Free Expression Policy Project, a Manhattan organization that tracks censorship in the arts. "To mutilate somebody's work in that way, whether or not it's violation of copyright, is offensive to somebody who cares about art."
********************************
Government Executive
November 25, 2002
Former Education Department official, e-gov pioneer dies

By Amelia Gruber
agruber@xxxxxxxxxxx





Greg Woods, a former Education Department official who helped lead efforts to make the federal government more citizen-friendly, died of pancreatic cancer last Thursday.


Woods, 59, was the former chief operating officer of the Education Department's Federal Student Aid (FSA) office and pioneered the e-government concept.


"If there's a school in heaven, and if a student needs financial aid, there's a new administrator there today who probably can't wait to get down to business," said G. Kay Jacks, general manager of FSA's Web site about financial aid, referring to Woods.


Woods was the FSA's first COO, joining the office when it was created in the fall of 1998. He retired this September.


"Greg was truly dedicated to the mission of the department to provide access to postsecondary education for millions of students," Education Secretary Rod Paige said in a statement. "He was committed to his work and the challenge of streamlining and updating the technology systems that deliver aid to help make the goal of college education a reality for so many."


While trying to help his six-year-old granddaughter understand his job, Woods came up with the slogan used by the roughly 1,100 FSA employees: "We help put America through school."


Woods also made his mark pushing the government to provide citizens with wider electronic access to its services. He developed the Access America Program, a predecessor to what is now known as "e-government," a core element of the president's management agenda.


"Few possessed the sweeping knowledge and experience in information technology, successful business practices, and government reform that Greg Woods brought to bear on the challenge of delivering federal student aid to America's students," a FSA statement said.


After graduating from California Southern University with a mechanical engineering degree in 1965, Woods worked as an engineer at AiResearch Manufacturing Co. and helped design the Apollo command module's life support system. He was an expert in thermodynamics and held several patents for heat exchange systems.


Woods began his career with the government in 1970, when he served as chief European analyst for the secretary of Defense. In that position, he helped engineer the Mutual Balance Force Reduction Agreement between NATO and the Warsaw Pact by assisting the negotiation delegation and presenting congressional testimony on the agreement's viability. In 1974, Woods won the Arthur Flemming Award, which recognizes outstanding young people in government.


Following a 17-year stint at private consulting firms, Woods returned to public service in 1993 to help with then-Vice President Al Gore's "reinventing government" initiative. He used his business expertise to help the government develop more cost-effective methods for buying technology.


These methods were later incorporated into the 1996 Clinger-Cohen Act, which eliminated some rules and reporting requirements to make government purchasing easier.


Woods also drafted President Clinton's executive order on improving government customer service and chaired the Internal Revenue Service's customer service task force. He worked on regulatory reform as well, helping the Clinton administration develop a strategy to reach its goals for regulating water quality and air travel safety.


In addition, Woods helped lead efforts to create Performance Based Organizations in the federal government. In PBOs, executives are given broad exemptions from federal procurement and personnel rules in exchange for tough performance standards. The organizations are based on the belief that some federal programs can perform better if they are run more like private companies.


Woods is survived by his mother, Helene; wife, Lee; two daughters, Denise Shultz and Kristen Martinez; a son, Brian; and six grandchildren.


Funeral services will be held at 1:30 p.m. on Tuesday, Nov. 26 at St. Mary's Catholic Church, 312 S. Royal St., Alexandria, Va.
*******************************
Government Computer News
Wireless LAN vendors attack security issues
By Thomas R. Temin

When the Pentagonno small potential customercracked down recently on the installation of wireless LANs, the industry sat up and took notice.

Why? The inherent vulnerabilities of the technology. If you simply go to the nearest computer dealer and buy a $99 access point and plug it in, your wireless link will be insecure.

But vendors are bringing out commercial equipment to make it easier to overcome the security problems that plague wireless LANs. They are splitting access points into two parts so that the 2.4- and 5.0-Gigahertz radio signals can be showered anywhere, but a second component behind the corporate firewall will arbitrate the access or movement of data.

"That's how the 802.11 standard was set up in the first place," said Graham Melville, director of wireless technical marketing for Symbol Technologies Inc. The Holtsville, N.Y., company recently introduced Mobius, a wireless system "that goes back to the original wired specification," he said.

With Mobius, Symbol has put the intelligence and access controls into a rack-mountable switch controlled from behind a firewall. Access ports containing only an antenna connect to the switch using Ethernet cabling, over which they also get power. The ports resemble flying saucers.

"This gives extensive security improvement," Melville said. There are no traditional access points at the edge of the network, and policies can be set to examine individual data packets, he said.

SMC Networks Inc. of Irvine, Calif., has taken a similar approach with its 2504W EliteConnect, a rack-mounted WLAN server that combines Layer 3 intelligence and management in the wiring closet.

Chief executive officer Sean Keohane said one federal reseller is testing the machine for the Navy and Veterans Affairs Department.

With the intelligence and control separate from the access points, an administrator can ensure unauthorized users "can't get network access without authentication. It bypasses Wired Equivalent Privacy with virtual LAN technology," Keohane said.

Keohane predicted the next generation of WLAN products would have more features for security and management, such as variable antenna output to limit the area of coverage and prevent signals from heading outside to the streets. Also coming, he said, would be access points with Simple Network Management Protocol agents for remote management, and broadband modems and access points integrated into single boxes.
*****************************
Government Computer News
11/25/02
Georgia CIO Singer resigns
By Trudy Walsh

Georgia CIO Larry Singer today announced his resignation, effective Dec. 9. Singer also was executive director of the Georgia Technology Authority. He will return to Public Interest Breakthroughs, a nonprofit consulting company where he worked before becoming the state's CIO two and a half years ago.

Before he leaves, Singer will help negotiate plans for the Converged Communications Outsourcing Project, a program to upgrade the state's telecommunications services, especially in remote areas of the state.

In his tenure as CIO, Singer said he was most excited about working to improve the relationship between citizens and government through e-government initiatives such as the state's Web portal, electronic voting and online driver's license renewal. "I wouldn't have missed it for the world," he said.
*****************************
Government Executive
November 25, 2002
Counterterrorism project assailed by lawmakers, privacy advocates
By Shane Harris
sharris@xxxxxxxxxxx

Lawmakers, privacy advocates and civil libertarians are criticizing a controversial Defense Department research project as an invasion of personal privacy, and are questioning whether it should be scrapped.


In January, the Defense Advanced Research Projects Agency (DARPA) began a multi-year effort to look for ways that technology could be used to pre-empt terrorist attacks. Known as the Total Information Awareness (TIA) system, much of the work centers on theoretical ways to use information technology and human analysis to analyze transactions, such as credit card purchases or phone calls, to find patterns that might indicate a terrorist attack is being plotted.


The project has outraged groups that support restrictions on the use of personal data. At a press conference Monday in Washington, Marc Rotenberg, executive director of the Electronic Privacy Information Center, said the TIA system was the "hub" of a far-reaching effort by the government to "extend surveillance of the American public."


Rotenberg objected to the appointment of John Poindexter as the project's director. Poindexter, who brought the idea for the system to the Pentagon, served as President Ronald Reagan's national security adviser and was convicted for lying to Congress during the Iran-Contra scandal in the 1980s. The conviction was overturned.


Rotenberg called Poindexter "the architect of a program to extend surveillance of private databases," pointing to his involvement in a 1984 policy directive that privacy advocates and some lawmakers feared would give the National Security Agency control over privately held information. The 1987 Computer Security Act voided the directive.


Sen. Charles Schumer, D-N.Y., sent a letter to Defense Secretary Donald Rumsfeld on Sunday, urging him to fire Poindexter. On ABC's "This Week," Schumer said Poindexter shouldn't head such a sensitive project, given his past. "If we need a 'Big Brother,' John Poindexter is the last guy on the list that I would choose," Schumer said.


In a recent interview, Robert Popp, the deputy director of the TIA system, said DARPA has made no decision about what technologies the system eventually might include. The agency is using fictional data to test some components, but ultimately DARPA will not actually build a working machine, Popp said. Rather, its mission is to build a conceptual prototype and then to share that design information with agencies that want it.


Rotenberg said "the picture coming into focus" about DARPA's work suggests the system would result in a sweeping monitoring of citizens' everyday activities. But Popp stressed that work on the system is in the early stages, and that DARPA has no authority to decide what information the government should gather or analyze. That decision would be left to individual agencies and to Congress.


Part of DARPA's role is to determine if using technology to predict terrorist attacks is even feasible. Steven Aftergood, who heads the Federation of American Scientists' projects on government secrecy and intelligence, said he doubts that technology can be precise enough to distinguish a few suspicious transactions in a sea of activity. "I don't know that they will ever be able to detect a meaningful signal above the background noise," he said.


Popp said protecting the privacy of citizens is a chief concern of the project team, which is experimenting with ways to remove a person's name from any transactional data that an unauthorized government employee might see. The agency has asked companies to propose devices that would "protect the privacy of individuals not affiliated with terrorism," according to a solicitation notice posted on DARPA's Web site.


Congressional hearings on the TIA system are likely, given the opposition of some lawmakers to the program. On Friday, Sen. Charles Grassley, R-Iowa, asked that the Defense Department's inspector general review the project and examine the particulars of how Poindexter was hired.


Grassley's spokeswoman accused the Pentagon of "getting into domestic law enforcement issues" by supporting the project. Grassley wants to know whether DARPA officials have coordinated with federal law enforcement officials about the TIA system, and whether the agency received their input before funding began.
*****************************
Computerworld
Users Begin to Demand Software Usability Tests
Boeing requiring vendors to follow new usability standard for products
By Patrick Thibodeau
NOVEMBER 25, 2002

WASHINGTON -- The Boeing Co. is changing the way it buys software and is making a product's usabilitythe ease with which end users can be trained on and operate the producta fundamental purchasing criterion. It's a move the aerospace giant sees as an essential means of controlling IT costs.
"We simply can't afford to pay for products that cost us a lot of overhead anymore," said Keith Butler, a technical fellow at Boeing's Phantom Works research and development arm. When thousands of end users are involved, design flaws can cost millions of dollars in lost time and productivity, he said.

What's helping Boeing change its purchasing approach is the recent development of a standard for comparing product usability that was spearheaded by the National Institute of Standards and Technology.

Called the Common Industry Format for Usability Test Reports, the standard outlines a format for reporting test conditions and results and gives user companies enough information about a test to replicate it. It's a means for objectively evaluating software, say its backers.

Next month, NIST intends to seek international standards recognition. The standard has already received American National Standards Institute certification.

CIF's success as a purchasing tool depends on whether other companies follow Boeing and make usability a "peer," as Boeing officials put it, of such traditional purchasing criteria as a product's functionality, price and system requirements. If that happens, users say, the standard could have a far-reaching effect in improving the usability of software.

"The real value of CIF, quite honestly, is that if vendors know we are expecting it, meaning large software purchasers, they will focus their attention on usability and hopefully make their products better before they ever come out the door," said Jack Means, superintendent of usability at State Farm Insurance Cos. in Bloomington, Ill.

Boeing played a lead role in the development of CIF after its experience and internal studies showed that usability played a significant role in total cost of ownership. In one pilot of the CIF standard on a widely deployed productivity application, the Chicago-based company said improved product usability had a cost benefit of about $45 million.

Butler said it's much better to have vendors refine an interface design "than to have thousands of end users doing it involuntarily on top of their jobs and then just feeling frustrated."

Spotting Problems Early

Doug Francisco, director of IS architecture at Boeing's commercial airplane division, maintains that CIF will improve the ability of the IT department to spot problems before a product is rolled out to employees. The company has looked at usability in purchasing, "but sometimes we wouldn't discover the inefficiencies of a software product until we brought it in-house," he said.

Microsoft Corp., in its capacity as a CIF development participant, has incorporated the usability testing it conducted on its Windows XP, Windows ME and Windows 2000 operating systems into the CIF format, said Kent Sullivan, Microsoft's usability lead for the Windows client.

Sullivan said Microsoft is prepared to use CIF but noted that its adoption will depend on customer demand. Microsoft typically doesn't receive questions about usability from customers, so when users do ask about it, he said, "it indicates that they are ahead of the curve a little bit."

In the past year, interest in CIF has grown from about 50 firms taking part in the NIST effort to more than 150, including PeopleSoft Inc., Oracle Corp. and Eastman Kodak Co.

The CIF format will also be adapted for hardware testing, said Emile Morse, who heads the effort for NIST. Morse said she believes CIF makes it possible for vendors and users to discuss usability as a science rather than marketing hype. "I think CIF gives a lot of credibility to the practice of usability," she said.
********************************
Computerworld
Homeland security bill limits vendor liability
By PATRICK THIBODEAU
NOVEMBER 25, 2002

WASHINGTON -- It's common practice for IT vendors to limit their liability for the products they sell. But the homeland security bill passed by Congress last week may provide a federally supported framework within which vendors can protect themselves from legal action by corporate users (see story).
The intent of the bill is to safeguard technologies that vendors may be reluctant to make available without liability limits, such as chemical, biological and radiological sensors.

But the legislation is so broad that qualifying technologies may include widely used products, such as firewalls, antivirus software and intrusion-detection systems, said experts familiar with the bill. The new Department of Homeland Security must determine which technologies qualify as contributing to antiterrorism efforts.

Echoes of UCITA

John Pescatore, an analyst at Gartner Inc. in Stamford, Conn., compared the federal liability provision to an effort to limit IT product liability in the states under the Uniform Computer Information Transactions Act (UCITA).

"This seems to be trying to sneak in 'UCITA lite' on the federal level," said Pescatore.

David Colton, a vice president of the Information Technology Association of America, an industry trade group in Arlington, Va., that backed the liability-limiting provision, said the protections are critical to ensuring that vendors can offer their most advanced hardware and software.

The legislation will be especially helpful for start-ups and smaller companies, "where many of the most innovative and cutting-edge solutions come from," said Colton.

But if the liability protections are extended to systems that are routinely used by businesses, it could only add to the skepticism about the law's intent.

The legislation limits vendor liability to the maximum amount of "reasonably available" insurance and bans punitive damages. It's primarily aimed at government use of these technologies, but it doesn't exclude businesses that purchase the same products. For most user companies, however, a law limiting liability won't significantly change what now goes on, observers said. Most contracts already limit liability.

"It doesn't change the world too much, because we're not focused enough on holding vendors' feet to the fire to build quality software," said Gerry Brady, chief technology officer at Guardent Inc. in Waltham, Mass.

Liability limitation in software has been a contested issue for many years. Alan Paller, director of research at the SANS Institute in Bethesda, Md., said he believes buyers can address some of the contractual concerns if they exercise their "community responsibility" to require vendors to provide proactive, automatic correction of problems, rather than searching for fixes on a Web site.

"Since the problem is caused contractually, it can be solved contractually," Paller said.
***************************
CNET.com
America Online blocks instant spam
By Robert Lemos
Staff Writer, CNET News.com
November 25, 2002, 4:51 PM PT


Internet service America Online has changed its network to block pop-up spam from reaching its customers, the company said Monday.
In a move quickly discovered by spammers, the AOL Time Warner subsidiary made a few technical changes last week to stop a relatively new type of annoying message that uses the Windows messenger service to cause unsolicited marketing to appear on a person's screen.

"In the ongoing fight against spam on a wide-ranging front, this is a big victory for our members," said AOL spokesman Andrew Weinstein.


The technique uses a feature of Windows intended to let network administrators notify their customers of critical maintenance issues such as server downtime or schedule backups. The text-only messages pop up in a dialog box on top of any other window being used at the time. The vulnerability affects Windows 95, 98, NT, 2000 and XP.

Software from companies such as DirectAdvertiser and BroadcastMarketer allow direct marketers to send thousands to hundreds of thousands of such messages every hour to random Internet addresses. Each success means a message appears on a PC's desktop. Spammers like the technique because it forces an Internet user to see a message and close it.

Response rates are high, said Anish Dhingra, president of Broadcast Marketer. Dhingra claims that the technique isn't spam, because affected users can simply turn off the Windows feature that allows the pop-up messages to appear.

"It is pretty hard to opt out completely from spam," he said. His company noticed that AOL had made the modification when customers started calling in, he said.

Dhingra, whose software can send up to 135,000 messages in an hour, believes the company's software will be able to get past AOL's blockade in a few weeks. "Pretty much our next version will have a workaround for AOL," he said.

That means that America Online may find itself in an arms race. "We've blocked this exploit, and we'll continue to fight spam," AOL's Weinstein said.

Last month, with the release of its AOL 8.0 service, the company vowed to cease delivering pop-up ads, even though it said it would lose millions in revenue by doing so.
*********************************
Wired News
Global Network Battles Bioterror

Dr. Alan Zelicoff is willing to go many extra miles to combat the threat of bioterrorism.

The Albuquerque physician-turned-researcher just returned from a trip to the NATO Summit in Prague, where he hoped to persuade President Bush and the other 19 member nations that a global health surveillance network is the best way to protect people from manufactured disease.

A former internist who is now a senior scientist at Sandia National Labs, Zelicoff said the current system of disease reporting is too slow and haphazard for a world in perpetual danger of bioterror attacks. The self-described "recovering physician" said his internist wife "learns about outbreaks of disease by reading the newspaper."

Public health officials receive information only after physicians have confirmed cases of disease, Zelicoff said, which is far too slow to counteract the distribution of biochemical agents like the bacteria that causes anthrax. The reporting system is paper-based, he said, and rarely routes information from public health officials back to the physicians who are treating patients.

"The current system is exquisitely designed to fail," Zelicoff said.

The solution to the problem, he said, is to send information about symptoms to epidemiologists when patients show up at clinics, emergency rooms and doctors' offices -- well before a diagnosis is made.

But health care professionals often focus only on the big or small picture.

"Your doctor is not a population biologist and doesn't care about the population, he cares about the person he's taking care of," Zelicoff said. "An epidemiologist doesn't care about you, he cares about the population as a whole, so you have discordance there."

Speeding up the reporting process is critical to limiting the spread of infectious disease, said Amy Kelchner, a spokeswoman for the Pennsylvania Department of Health. "The faster you can see a trend and contain it, the faster you're saving lives," she said.

To enable a two-way flow of information, Zelicoff created an Internet-based database application called Rapid Syndrome Validation Project, or RSVP.

Physicians and clinicians use a touch screen to pick from a menu of disease symptoms such as fever with skin rash, respiratory ailments or influenza-like illness. The system does not list personal information about patients other than an age range and a ZIP code. A map of "hot spots" -- locations that have seen many patients with those symptoms -- appears and allows workers to take appropriate action. The system also provides daily updates from the leading world health organizations and epidemiological news services.

RSVP was recently installed in 16 clinics and hospitals in New Mexico and Texas. Zelicoff hopes that eventually it will be used to battle infectious diseases around the world.

In August, the Senate passed a bill that would provide $150 million over the next two years to set up hospitals and clinics in developing nations with the necessary equipment to access an RSVP-like network. Since the House has adjourned for the year, funding is on hold for now.

Tigi Ward, public health coordinator for the city of Lubbock, Texas, said the clinicians in her agency quickly understood the value of RSVP, which was installed in September.

Ward recently sent out an alert after noting 19 cases of shigellosis, a bacteria-driven disease, in a week. Instead of trying to reach hospitals and clinics by phone or fax, she reported the cases in the system, which sent an alert to all doctors in the area.

Ward said if the system were installed internationally it would make it much easier to identify pathogens contracted by patients who have recently traveled.

"I used to think, 'It's nice to know something is happening in Mozambique,'" she said. But with the threat of bioterrorism and an increasingly mobile population, "it's becoming essential."
***********************
MSNBC
Why we're all at risk of ID theft
Identity fraud is rampant and protection options limited
ANALYSIS
By Bob Sullivan
MSNBC

Nov. 25 Almost certainly, none of the 30,000 victims knew Philip Cummings when he allegedly sold their identities for $30. They probably hadn't heard of Teledata Communications Inc., the company Cummings worked for when their data was stolen. And many of them had probably followed all the standard advice: protecting their Social Security numbers, using hard-to-guess bank PINS, maybe even shredding documents. But it didn't matter. The truth about the huge identity theft ring that was uncovered Monday is this: there was nothing any of the victims could have done to stop it.

CAREFULLY GUARD YOUR Social Security number, the experts say. Don't enter it in Web pages; don't give it out to companies and watch your bank statements like a hawk. It's all good advice. But for hundreds of thousands of victims who had their personal financial data stolen in the past year, it's cold comfort.
Even people who did everything by the book have seen their data exposed. And then it becomes a waiting game: Wait and see if your bank accounts are drained, if car loans are taken out in your name, if your homes are mortgaged and equity stolen right out from under your roof.
Monday's theft revelations make that point all too clear. If you had a Social Security number, and you'd ever been involved in any financial transaction that involved credit, Philip Cummings had access to your data. The truth revealed by the incident is this: A help-desk employee at a small 65-person firm in Long Island managed to shake down the nation's entire credit reporting system.
"At end of the day other people have custody of your information and it's very difficult for consumers to control that," said Betsy Broder, the Federal Trade Commissions identity theft expert. "Even when you give the information to legitimate merchants, it's only as safe as that institution's safeguards."
About 750,000 people had their identities copied last year and suffered the consequences, said Rob Douglas, CEO of American Privacy Consultants Inc., including high-profile incidents at Ford Motor Company allegedly victimized by Cummings and the State of California, which saw its entire employee database leaked by a hacker. The crime is so easy and risk-free that even drug dealers are turning to identity theft as a safer way to make money, says Robert Douglas, CEO of American Privacy Consultants.

WHAT CAN YOU DO? NOT MUCH
What can a concerned potential victim do? The truth is, not much.
"The problem is a little bit in the intractable category," said Larry Ponemon, CEO of the Privacy Council. "For the most part, we rely on the good intentions of companies (that have customers' personal data). But the empirical evidence says you cannot rely on that any more. Bad things will happen. ... Sooner or later it's going happen. I don't know if there's really much we can do."
The recent spate of high-profile data thefts suggests just that. In Ford's case, there was no way potential victims could have protected themselves they didn't even have to be Ford customers.
Thieves were able to impersonate the company and order thousands of credit checks through Experian, one of the big three credit reporting companies. Experian thought Ford was requesting the data, and forked over 15,000 reports between April 2001 and February of this year before someone noticed the suspicious activity. Most victims weren't customers of Ford Credit; the identity thieves simply used Ford's name to get credit reports on victims living in affluent neighborhoods, according to the Detroit News, which first reported the theft. Ford sent letters to all the victims starting last month.
There have already been victims connected to the Ford data leak. The CUNA Mutual Group sent a memo to its member credit unions warning about financial fraud connected to the incident.
"At least one credit union has suffered losses from member account identity takeover because the member's credit report was one of the stolen credit reports," the memo said.

265,000 EMPLOYEES WARNED
California state employees victimized earlier this year couldn't have done much, either. Corporations and government agencies push hard to convince employees to receive their paychecks through direct deposit. It's cheaper for banks and companies, and often more convenient for employees. But that convenience meant all that personal financial information was kept in one place, and now, it's likely in the hands of financial thieves.
"My only consolation regarding the whole payroll screwup is that it affects everyone from the board members on down," wrote one victim to MSNBC.com. "For 20 years I've never had a single late payment on anything but now my credit history could be toast due to some lowly paid state worker."

CORPORATE COVER-UP
Another leak at Bank One in May was equally as difficult for consumers to stop. In that incident, a 21-year-old former female employee of the firm's Pewaukee, Wis., office sold hundreds of financial records to an identity theft ring. Tom Kelly, a Bank One spokesperson, said the firm only found 250 stolen records during an investigation. But WISN 12 News, which first reported the incident, suggested thousands more records were sold.
The incident also highlights what privacy experts say as the biggest problem surrounding identity theft incidents corporate secrecy. Bank One never told its customers about the problem. Disclosure only came eight months after the theft when a victim received a call from the Secret Service, discovered someone had purchased a Jaguar in his name and contacted WISN.
"We were a little tardy in telling customers," Kelly admits. "We should have told them sooner."
In fact, it's common that consumer victims aren't told about a break-in, as companies try to avoid the potential embarrassment and cross their fingers that no crimes will actually be committed with the stolen data. Bank One played that kind of Russian roulette with its customer data and lost. But Bank One is hardly alone.
"Most of these still go unreported and are swept under the carpet," Ponemon said. "God forbid, you lose confidence in your bank or insurance company."

PARTIAL DISCLOSURE NOT ENOUGH
And sometimes, even the disclosures victims do receive are hardly complete. Douglas, from American Privacy Consultants, thinks California's warning to state employees was too vague.
A letter sent to employees said someone may have accessed a data center containing payroll information, but adds that "there is no indication the information contained in the database was targeted or will be used for any unlawful purposes."
That left employees wondering what really happened, what was really taken, and what to do. Should they close all their bank accounts, or just sit and wait for the bad news? What are the odds that a theft will occur?
"I think the California government has a responsibly to be more forthcoming about what happened, what have they determined from the logs ... so employees can make an educated decision on what do to," Douglas said. "Just making public statements released late on a Friday afternoon doesn't cut it."
Douglas said the state should go even further than full disclosure its should fix the problem it created with sloppy security practices. He said he "yelled out loud" when he read that employees are being left to fend for themselves, told to order credit reports at their own expense.
"Doesn't the state have some obligation to do something for these people?" he said. "Their data is compromised .. and then they tell employees 'Here's all the things you should do to protect yourself.' Why don't they contact the credit agencies themselves? The state isn't doing diddlysquat other than to go protect themselves."

LEGAL RECOURSE?
Helpless consumers can only hope that ultimately companies and state agencies face some legal obligations when a data breach occurs, said privacy consultant Richard Smith, who operates ComputerBytesMan.com. Mistakes do happen, but in the world of computer security "very small mistakes can have really bad results," he said.
"This gets back to getting a liability system in place," Smith said. "Now the state of California has some bad press. But if actually turns into identity theft, shouldn't the state have liability?"
Customers who find their credit reports marred by car loans or other illegal financial activity should have recourse against companies that failed to disclose a data breach, he said. "Like Bank One. The fact that they knew and didn't tell customers, that's inexcusable. There ought to be the threat of liability hanging over it."
But currently, it's up to consumers to watch their own backs they generally aren't liable for money that's stolen as the result of ID theft, but only if they report the theft in a timely matter. And estimates show that the laborious paperwork and time lost to cleaning up a blemished credit report can cost between $500 and $1,000.
To make things a little easier, the FTC created a identity theft affidavit which can be sent to all financial institutions by victims to alert them of potential fraud. It's available from the agency's Web site.
****************************
CNN Online
New credit cards dangle from keychains
Companies aim to make paying faster, easier
By Jeordan Legon
CNN
Tuesday, November 26, 2002 Posted: 10:05 AM EST (1505 GMT)

(CNN) -- New credit cards are smaller than a stick of chewing gum. And a pinky-size keychain wand lets customers pay at the pump.

Welcome to the future of digital paying, where checking out is as easy as reaching for car keys.

Combining advances in technology with marketing muscle, businesses are spending millions to come up with new forms of payment that make it possible for consumers to charge it even when they've left their wallets behind.

Firms are using radio frequency signals, scanners and stronger plastics to make it easier for customers to give in to impulse. It's too soon to know whether the new plastic will go the way of the 8-track. But analysts say in the cutthroat credit card business, impressing finicky customers counts -- especially when a product makes it faster and more convenient to get through a checkout line.

"It's a gimmick," said Greg McBride, a Bankrate.com analyst who tracks banking products. "Every day there are new programs. Something to get people to carry a particular card."

Death to the wallet?
In the past 20 years, customers have learned to love debit cards, which deduct money from bank accounts, eliminating the need for cash. They've also come to consider ATMs indispensable and embraced online banking. But through it all, the wallet has remained a staple. Now, some are wondering whether wallets will someday be passe.

"A new generation of consumers who have grown up in an electronic age are more willing to accept and embrace these new payment technologies," said James Harris, an executive with Unisys, which helps companies implement new payment systems.

Harris said much of the innovation is fueled not by costumers' needs but because it saves companies money.

"It can reduce the cost of processing payments and gives businesses credit for transactions much faster," he said.

Discover was the first U.S. financial services company to introduce diminutive cards as a way to stand out from other credit cards. The kidney-shaped Discover cards, introduced in June, come with a keychain and cover, and they've been a hit with the public, said spokeswoman Jennifer Kang.

"We're working 'round-the-clock to produce these because the demand is so high," she said.

Banks say customers like mini plastic
Not to be left behind, Bank of America introduced a mini card in October. It's about half the size of a regular credit card and is made of more-durable plastic with a hole in a corner that lets customers slip it on their keychains. A debit mini card from Bank of America will be introduced in the first quarter of next year, spokeswoman Lisa Gagnon said.

The bank is also testing a product it calls QuickWave, which allows customers to wave tiny cards in front of a blue sensor pad to pay for purchases at restaurants and shops in a neighborhood in Charlotte, North Carolina.

"People like having things on their keychain. It all comes back to convenience," Gagnon said.

Over at ExxonMobil, consumers have been using a keychain payment system for years. The chip-embedded plastic SpeedPass is about an inch long and looks like a tiny, black wand.

Customers fill out an application that links their credit card to the wand. Then they use the device to pay at the pump or buy convenience store items at 7,500 Exxon and Mobil stations nationwide. The wand transmits a signal to a sensor that allows the gas station to process the transaction.

Paying at the drive-thru

The company says more than 6 million people have signed up for SpeedPass. A pilot program is testing the wand in the drive-thrus and counters of 440 McDonald's restaurants in Chicago, Illinois.

"It breeds loyalty," said Betsy Eaton, spokeswoman for ExxonMobil. "It makes it so much easier to get in and out."

Critics of the programs say regular-size credit cards work just fine and that because keys are misplaced so often, keychain devices could lead to more cards being lost or stolen. They also raise security issues, saying thieves could steal credit card numbers from dangling keychains. And keychains might be too big to fit in pockets when they look like overloaded charm bracelets.

"The question is whether consumers really want everything in one gadget," Bill Tice, managing director of Abt Associates' telecommunications consulting business, told The Orlando Sentinel. "If it incorporates your car keys and credit cards, what happens if it breaks? If that device stops working, your life will stop, too."
*******************************
Euromedia.net
EU Networks for e-government
26/11/2002
Editor: eGov Monitor

The European Commission has announced a decision allowing the governments of 11 candidate countries to collaborate in trans-national e-government initiatives with the EU Member States ahead of their formal accession to the Union.

From January next year the countries will be permitted to share data with EU administrations on the application of EU law, enforcement of Internal Market rules, as well as the supply of e-government services across borders to citizens and enterprises.

Participation in the Commission's Interchange of Data Between Administrations (IDA) programme, a strategic initiative supporting e-government activities and best practice exchange between EU Member States, has already been extended to Poland with procedures to formally bring Slovenia on board due to conclude shortly.

The IDA programme will be opened to the remaining candidate countries, namely Bulgaria, Cyprus, the Czech Republic, Estonia, Hungary, Latvia, Lithuania, Romania and Slovakia, on 1 January 2003.

Turkey and Malta are also expected to follow in a matter of months.

The Commission said that IDA's E25m work programme for 2003, currently under preparation, will be taking into account the needs of all candidate countries.
******************************
Sydney Morning Herald
New email worm detected
November 26 2002

Anti-virus software maker F-Secure has reported the presence of a new email worm called Winevar.

The company has ranked it as a level 2 alert - a new worm causing large infections which might be local to a specific region.

The worm was found in the wild in South Korea towards the end of November. It was apparently released during the AVAR 2002 Conference (Anti-Virus Researcher's Asia) in Seoul.

The worm's file is a Windows PE executable about 91k long written in Microsoft Visual C++. Winevar resembles the Bridex worm that appeared earlier.

The worm arrives in an email that contains three attachments. The names are variable but they will have the format:

WIN[some characters].TXT (12.6 KB) MUSIC_1.HTM
WIN[some characters].GIF (120 bytes) MUSIC_2.CEO
WIN[some characters].PIF

The file with the .HTM extension exploits an old vulnerability, the Microsoft VM ActiveX Component Vulnerability to register the .CEO extension as an executable file.

The e-mail message is formed to take advantage of the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability.

On system restart the worm displays the message "Make a fool of oneself: What a foolish thing you've done!". If the "OK" button is pressed the worm deletes all deletable files in all folders.

The worm continuously tries to download the front page of the Symantec Web site to a temporary file, then deletes this file. This may lead to a denial of service attack in case the worm becomes widespread.

The worm also changes Windows registration information on an infected computer:
Registered Organization: Trand Microsoft Inc.
Registered Owner: AntiVirus
**************************
Broadband Networking Regulator News
Senators to Introduce Wireless Broadband Bill
Senators Barbara Boxer (D-CA) and George Allen (R-VA) will introduce a bill in the next Congress (the 108th) aimed at accelerating the wireless broadband market. The proposed legislation would require the FCC to make more broadcast spectrum available for Wi-Fi and other such technologies. The Boxer-Allen bill would also require the FCC to develop guidelines for the expanded portion of the broadcast spectrum that will be used by these devices to avoid signal congestion and interference.

http://boxer.senate.gov/newsroom/200211/20021121_tech.html
http://allen.senate.gov/PressOffice/wifi.pdf

U.S. Senate, 22-Nov-02

Key points of the proposed Boxer-Allen "Jumpstart Broadband Act"

The FCC would allocate no less than 255 MHz of continuous spectrum below 6 GHz for unlicensed use while ensuring that Department of Defense devices and systems are not compromised.

The FCC would be required adopt minimal technical and service rules to facilitate efficient use of the spectrum.
The FCC would be required to amend rules to require that all wireless broadband devices be designed and manufactured to maximize spectral efficiency and to use the minimum power necessary to provide broadband service and to minimize interference.

The National Telecommunications and Information Administration would be charged with establishing standards for interference protection.
******************************
Datamation.com
DARPA Looks to Quantum Future
November 22, 2002
By Roy Mark

The Defense Advanced Research Projects Agency (DARPA) is asking five government vendors to develop studies on the architecture of the high-performance computers of 2010. Today's most powerful computers have their design roots in the late 1980's and DARPA is seeking new ideas to meet the future super computing needs of the defense and intelligence communities.

Companies competing in the design phase include Cray, Hewlett-Packard, IBM, SGI and Sun Microsystems. DARPA will eventually ask as many as three of the vendors to provide more detailed plans and one or two vendors will be chosen for a detailed engineering plan. DARPA did not reveal the amount of money to be spent on the program.

The idea behind the program, known as High Performance Computing Systems (HPCS), is to bridge the gap between today's super computers and the promise of quantum computing, a fundamentally new mode of information processing that allows for the faster performance of multiple computations simultaneously.

Gathering at a Baltimore conference Thursday, the five vendors agreed the super computers of the future should become easier to program, improve computer performance, increase bandwidth to reduce memory and I/O bottlenecks, become more robust, and decrease the idea-to-solution timeline.

Robert B. Graybill, HPCS program manager in DARPA's Information Processing Technology Office, said the agency was seeking to double the value of high-end computers every 18 months. Graybill cautioned, however, that value and productivity gave different meanings to different groups of the user community.

Graybill said one of the challenges was to develop new super computer measurement tools other than calculating the theoretical performance from processor clock speeds.
******************************
Datamation.com
ISPs Must Better Prepare For Attacks, Report Warns
November 21, 2002
By Sharon Gaudin


While the Internet proved itself resilient and an important communications resource on Sept. 11, a new report warns that ISPs need to further prepare themselves to handle future emergencies.

The overall damage to the Internet on Sept. 11, 2001, when terrorist attacks collapsed the World Trade Center and punctured the Pentagon, destroying networks and communications equipment, was minimal, according to a report released yesterday by the National Academies' National Research Council. But the council warned that IT leaders shouldn't take that digital resiliency as a reason to slack off security efforts -- especially since the attack did not focus specifically on the network.

"Internet service providers and users need to address some operational issues to better prepare for and respond to future emergencies in light of the useful role the Internet played after the attacks," warns the council.

The council's report noted that the telephone system, the more traditional and widely spread method of communications, suffered more damages than online communications, such as email and online news sites. One-third of Americans, according to the council, had trouble making a telephone call on the day of the attacks, while the Internet suffered only a small loss of connectivity. And that is despite the fact that New York, which suffered the greatest force of the terrorist attacks, is home to major network hubs.

"The terrorist attacks provoked a national emergency during which we could see how the nation and the world uses the Internet in a crisis," says Craig Partridge, chair of the committee that wrote the report and chief scientist at Cambridge, Mass.-based BBN Technologies. "Overall, the Internet displayed not only its resilience on Sept. 11, but also its role as a resource."

The committee found that serious effects on the Internet were isolated to New York City and a few other locations. Most of the damage was quickly fixed through the rapid deployment of new equipment and the rerouting of Internet traffic to bypass failed parts of the network.

Sept. 11, though not focused on attacking the network, shed some light on potential vulnerabilities.

The committee warns IT administrators in key businesses or in the service sector to review their dependency on the Internet and plan accordingly. Contingency plans should be put in place, set up the ability to coordinate with local authorities and prepare a hot site, or a mirrored system in a remote location so the company would have a means of restoring service. Prepare for not only an interruption in Internet service but in electric power, as well, the committee warns.
*****************************
Datamation.com
Nearly 1 Million IT Jobs Moving Offshore
November 19, 2002
By Sharon Gaudin


Nearly 1 million IT-related jobs will move offshore over the course of the next 15 years, according to a new report released by Forrester Research, Inc.

And that will leave some U.S. IT workers -- largely base- to mid-level programmers -- out in the cold if they don't upgrade their skills and move up the ladder away from the work that will be shipped out of the country.

''The people who make this transition will be people who can manage these offshore projects,'' says John McCarthy, group director of research for Forrester. ''Programmers and your base IT worker will have opportunities if they evolve -- just like the American manufacturer had to evolve. IT workers will have to become more business-centric and not just stay in their little technology cocoons.''

McCarthy says there will be a wave of jobs moving offshore over the next 16 months. He then predicts a two-year slow down while corporate executives digest the economies of the move, and then there will be an acceleration in jobs moving to other countries from 2005 through 2015.

''Gradually, you're going to see an increase in the pace of this,'' says McCarthy, who did the interview from India, one of the main countries absorbing U.S. IT work. ''It's already been happening. GE has been offshoring for almost 10 years now. The size of the deals, the number of deals, that's what is increasing.''

And IT jobs are only part of it.

McCarthy estimates that about 3.3 million American jobs and $136 billion in wages will move to countries like India, Russia, China and the Philippines. The IT industry, however, will be leading the initial exodus.

Just as with the textile, shoe and automotive manufacturing industries, IT work can be had more cheaply outside of the U.S. Cheaper labor and more relaxed labor rules means a huge cost savings. But McCarthy says that's not the only reason that U.S. CIOs are turning to foreign workers.

''They're getting better quality work done,'' he says. ''India is a culture more focused on quality and process than America is. They tend to be much more disciplined. They've done the most to turn IT development away from a mystical black art to a real business process... 'Just wing it' is not part of the culture there.''

But Humberto Andrade, director of professional services at Hampton, N.H.-based Technology Business Research, Inc., would take issue with that.

Andrade puts a premium on U.S. IT skills and work, saying that while the bulk of IT jobs may move offshore, U.S. workers will still have the high-end, value-add jobs. ''Companies will outsource the infrastructure, the low-end, the time-consuming parts,'' he explains. ''But you're always going to have offices here and you'll have a large section of work done here.''

Gordon Haff, an analyst at Nashua, N.H.-based Illuminata, agrees that critical IT work will remain in the U.S. but those without high-end skills will suffer.

''There's some types of work that basically lend themselves to being farmed out,'' says Haff. ''Maintenance programming and basic programming that is straightforward are easily sent overseas. But if something is strategic to your company, you want to maintain very close control over it. And when you're pushing the technology envelope, you need to have much closer communications with the people doing the development.''

Andrade also disagrees with Forrester that there will be a two-year lull in the exodus of jobs. He notes that many companies have being doing this -- possibly in small batches -- for four, five or six years. They've had time to calculate the benefits and expenses and now, battling a down economy, they're ready to move ahead with offshoring a chunk of their work.

''The Internet and broadband are helping everyone develop large projects outside the country,'' adds Andrade. ''There's a pool of well-educated people overseas, specifically in India. And with the economy slowing down, everyone has been reevaluating their processes and they're ready to keep moving [in this direction].''
*********************************
Datamation.com
E-Mail -- A Company's Forensic Nightmare
November 18, 2002
By Cynthia Flash


Lawyers are having a field day sifting through electronic documents in their attempts to unearth evidence of corporate scandals.

They've had considerable success, as can be seen by the recent corporate black eyes or maimings given to executives at companies like Enron, Arthur Andersen LLP and WorldCom, Inc.

In most cases involving corporate fraud or investigations run by government regulators, a company's vast stores of electronic data have been used as evidence against it. Merrill Lynch in May agreed to pay $100 million in fines after government lawyers found internal e-mails in which research analysts for the Wall Street brokerage house described the same stocks they were recommending to clients as ''junk.''

Despite the recent headlines, few companies appear to have their electronic documents under control. And this is regardless of the fact that within four years there will be 60 billion daily worldwide e-mail messages exchanged, according to Framingham, Mass.-based market research firm International Data Corp.

A September 2002 survey by Chicago-based management consulting firm Cohasset Associates Inc. found that 53% of some 500 to 600 organizations surveyed said they don't include electronic records in their records management program. The survey also found that 68% are not at all confident or only slightly confident that their organization could successfully demonstrate that its electronic records are accurate, reliable and trustworthy many years after they were created. And 39% of the organizations do not have a formal policy regarding retention practices for e-mail.

''In litigation, the largest cost component is discovery and the most fertile source of evidence is e-records, specifically e-mail,'' Cohasset president Robert F. Williams wrote in his report. ''Not having any e-mail retention policies (means) amassing vast volumes of communications that are costly to retain, even more expensive to search through in response to discovery requests, and may unwittingly supply information that is harmful to the organization if disclosed in response to discovery requests.''

In the past, many companies took a reactive approach to electronic record management and waited until they had to produce documents as a result of a lawsuit or corporate merger. But that decision could ultimately cost them more.

Waiting, say analysts, is not a viable option.

This past July, President George W. Bush signed the Sarbanes-Oxley Act of 2002 in an effort to create more corporate oversight and protect shareholders from future Enron-like debacles.

The Act sets penalties for destructing records, lays out document production requirements and specifies how long certain records must be retained.

More than ever, corporations are turning to experts in electronic discovery and data retention to help them determine what to do with their digital records.

''Nobody is immune from having to produce data,'' says Deanna Loy Schuler, an industry consultant and former vice president of sales and marketing with Electronic Evidence Discovery in Seattle. ''If you get on the wrong side of litigation, you'll be asked to pull data. If you can't do it, you'll be turning over more than you need to.''

Industries that are highly regulated by government agencies -- pharmaceutical, health care and financial services companies -- are leaders in this area because of already set government regulations. But other companies need to take this as seriously, say industry observers.

For help, they can turn to companies that specialize in this area, such as Cohasset, Electronic Evidence Discovery, or Applied Discovery. They also can turn to the large consulting firms, like Deloitte & Touche or Ernst & Young, which have their own divisions that specialize in this area.

Companies that can't afford to hire a consultant can turn to trade groups, like The American Records Management Association (ARMA) or The Association for Information and Image Management (AIIM), which offer seminars and free advice online.

These consultants and organizations help companies do three things with regards to records management. First, companies must determine what records they have and where they're stored. Second, companies must determine what records to keep and how to keep them in a way that is easily accessible if they are required to produce them. Third, companies must establish a retention schedule so they don't have to keep records forever and they can defend -- in court if need be -- their decision to destroy old records.

Virginia Llewellyn, lawyer and director of industry relations for Applied Discovery based in Scottsdale, Ariz., cited a lawsuit in which an IT professional for a large Silicon Valley firm let slip that he had more than 800 backup tapes in a closet. His lawyers didn't know this and the firm was forced to make those tapes available to the opposing side.

''It was devastating to the case,'' Llewellyn said. ''It cost millions of dollars to review that amount of information.''

Just as important as having an electronic records policy is educating employees about it.

Employees must be told that just because they pushed the delete button on an e-mail or an electronic file doesn't mean it's really gone.

Having a successful electronic records policy requires the cooperation of the IT department and the company's lawyers.

''All companies need to worry about their records,'' says Betsy Fanning, director of standards and content development for the Association for Information and Image Management. ''You have to look at it as if your records are a snapshot of your company... Companies need to think in terms of how do they want their company to be remembered.''
*****************************


Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx