[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips November 20, 2002

To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, akuadc@xxxxxxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;
Subject: Clips November 20, 2002
From: Lillie Coney <lillie.coney@xxxxxxx>
Date: Wed, 20 Nov 2002 14:17:33 -0500

Clips November 20, 2002

ARTICLES

Cabinet Agency for Homeland Security Wins Senate OK Experts: Don't dismiss cyberattack warning Security Rules for Charters Delayed FDA Warns Applied Digital on Chip Implant Japan to Study Linux Software Microsoft Spills Customer Data Homeland Security Bill's secrecy provisions stick Interior remains unplugged Library of Congress stacks bar codes three deep Cooper: Homeland Security Department will move fast Bush aide envisions streamlined review of security products Chip glitch hands victory to wrong candidate [E-Voting] Justice officials defend data mining as anti-terror tool Security adviser presses for new intelligence analysis agency Liberty Alliance updates Net identity spec [Privacy] Dyson Seeks to Amplify the Public's Voice in Internet Policy [ICANN] Agencies Fail Cyber Test F.C.C. Seen Tweaking Universal Service Contributions The New Buzzword for Airport Security The Push For Privacy Federal Court Overturns Ruling on Police Web Searches **************************** Los Angeles Times Cabinet Agency for Homeland Security Wins Senate OK The 90-9 vote for a huge anti-terror department follows approval by the House. It marks the largest government overhaul in 50 years. By Nick Anderson November 20 2002

WASHINGTON -- The Senate overwhelmingly approved the most sweeping government shakeup in half a century Tuesday, passing a bill that will create a new Cabinet department responsible for reducing the nation's vulnerability to terrorist attacks.

The Senate vote, 90 to 9, followed House passage last week of a virtually identical measure to forge a Department of Homeland Security out of about two dozen government agencies.

For the first time, one government agency will be responsible for coordinating protection of the nation's borders, coastlines, airports, landmarks, utilities and other major facilities, both public and private. The new agency, expected to have more than 170,000 employees, will also help lead the nation's defense against potential chemical, biological or nuclear attacks.

Bush pushed hard for the bill after the Republican triumph in this month's midterm elections, and Tuesday's action handed him a major victory as the 107th Congress drew to a close with key Senate votes approving terrorism insurance and stopgap spending legislation, and a new federal appellate judge.

Bush will sign the homeland security bill as soon as lawmakers iron out minor differences between the Senate and House versions and send it to him.

The bill's enactment will set in motion the most extensive reorganization of the executive branch since the creation of the modern Defense Department and intelligence agencies in the late 1940s.

That change was a major legacy of World War II and the Cold War. The new homeland security agency is part of Washington's response to last year's attacks on the World Trade Center and the Pentagon.

In a telephone call from Air Force One while flying to Prague for a NATO summit, Bush congratulated jubilant GOP leaders as the bill neared passage.

"We're making great progress in the war on terror," Bush said via speakerphone. "Part of that progress will be the ability for us to protect the American people at home. This is a very important piece of legislation."

After the bill's passage, the Senate moved toward conclusion of the lame-duck congressional session that began last week. It confirmed a conservative nominated by Bush for the federal appellate court, Dennis W. Shedd, and gave final congressional approval to a bill making the government the insurer of last resort for terrorist attacks.

Late Tuesday, the Senate approved a stopgap budget bill for a raft of government agencies, leaving decisions on increased spending proposals for the new Congress. That finished the Senate's business for the year; the House completed its work last week.

The 108th Congress will convene Jan. 7.

In launching the new security agency, the Bush administration will face fresh challenges: appointing and winning confirmation of the department's leading officials and finding enough money to make the department work.

Tom Ridge, the former Pennsylvania governor who serves as White House director of homeland security, is the leading candidate to head the new Cabinet department.

Funding for the agency, projected to have an annual budget of more than $38 billion, is a major question. Congress failed this year to approve billions of dollars that Bush and lawmakers from both parties had sought to bolster security programs that will be coordinated by the new agency. Leading Republicans say they will act on the funding proposals as soon as the new Congress convenes.

Sen. Joseph I. Lieberman (D-Conn.), one of the first lawmakers to propose a homeland security agency that would merge various functions, said the new department would help bring coherence to a scattershot federal anti-terrorism effort one often criticized for failing to connect crucial pieces of intelligence and then act on them.

"The dots are going to be on one board at this department, and that's going to help our government see the terrorist threats before they attack, and therefore, to stop them," Lieberman said.

The bill will take effect 60 days after Bush signs it. And when the 15th Cabinet department opens for business, the new secretary of Homeland Security will oversee employees drawn from about two dozen agencies now spread throughout the federal government. Only the Defense and Veterans Affairs departments will have more personnel.

Operating under the new department's umbrella will be the Transportation Security Administration, the Coast Guard and the U.S. Customs Service agencies responsible for securing airports, coastal waters and incoming cargo, respectively.

The beleaguered Immigration and Naturalization Service will be officially abolished and its functions split into two bureaus within the new department, one to guard borders and the other to serve immigrants.

Other department components include the Federal Emergency Management Agency, responsible for disaster relief, and the Secret Service, in charge of guarding the president and spearheading security measures at major national events.

The department will be organized into four major divisions: border and transportation security; emergency preparedness and response; science and technology; information analysis and infrastructure protection.

Notably absent from the department's jurisdiction were two agencies that have been criticized for intelligence and law-enforcement breakdowns that preceded the Sept. 11 terrorist strikes: the Central Intelligence Agency and the Federal Bureau of Investigation.

Lawmakers critical of the CIA and FBI may target them for overhaul in the next Congress.

Sen. Fred Thompson (R-Tenn.) cautioned that the new department may not be able to work miracles from the start.

"It's going to be difficult and it's going to take longer than everybody thinks because it's a part of the federal government," Thompson said.

Others promised that the agency would get close congressional oversight, signaling that lawmakers are far from done with the issue.

"This is a huge undertaking. We all know this hasn't been done for 50 years," Senate Minority Leader Trent Lott (R-Miss.) said. "We're going to bring together 170,000 people and try to make this thing out of whole cloth? It's going to be a tremendous challenge."

Sen. Robert C. Byrd (D-W.Va.) fought the bill from the beginning and opposed it to the end. "The nation will have this unfortunate creature, this behemoth, this bureaucratic bag of tricks," he said. "And it will hulk across the landscape of this city, touting its new mission and eagerly gobbling up tax dollars for all manner of things, many of which have nothing to do with saving the lives of American people."

Voting for the bill were 48 Republicans, 41 Democrats including Sens. Dianne Feinstein and Barbara Boxer of California and independent Sen. Dean Barkley of Minnesota. Opposing it were eight Democrats and independent Sen. James M. Jeffords of Vermont. Sen. Frank H. Murkowski (R-Alaska) did not vote.

The vote came after the Senate narrowly rejected a Democratic amendment to strip several special-interest provisions from the legislation, a proposal Republicans said could have derailed the bill.

As it was, the bill's final passage culminated a lengthy and at times clamorous debate that began shortly after the Sept. 11 attacks.

One of Bush's first acts following the attacks was to name Ridge to coordinate federal anti-terrorism efforts from within the White House. But Democrats, led by Lieberman, clamored for more. They wanted a new Cabinet officer with budget authority and power to give orders to far-flung security personnel.

Bush initially resisted. But in a nationally televised address June 6, he shifted course. He embraced the idea of a new department and unveiled a massive reorganization plan that had been a closely kept secret.

The legislation that emerged from Congress more than five months later largely followed Bush's blueprint though at 484 pages, it was much longer than his original 52-page bill.

In the House debate, Bush rolled over most opposition to the merger from senior Republicans who sought to protect bureaucratic turf. He wanted the Coast Guard in the new department. Some lawmakers wanted it out. He won.

Bush wanted agriculture inspectors in the department to help defend against bioterrorism. Some lawmakers wanted them out. He got most of what he wanted the inspectors at border points, seaports and airports.

In the Senate, leading Democrats fiercely objected to language Bush sought to revise normal government personnel rules, giving him more leeway to hire, fire, demote and promote within the department. Democrats proposed to restrict Bush's power to waive collective bargaining rights for more than 40,000 employees within the department now represented by unions.

The clash over workers' rights remained unresolved when Congress recessed a few weeks before the Nov. 5 election. Bush campaigned across the country for GOP candidates who would back him in the dispute.

When elections yielded GOP victory, Bush pressed for the bill to be finished on his terms during the lame-duck session. Ultimately, Democrats were forced to accept a version that gave Bush most of the personnel powers he wanted. As a result, the new department will become a laboratory for civil service reform. ***************************** Computerworld Experts: Don't dismiss cyberattack warning By DAN VERTON NOVEMBER 18, 2002

Security experts and two former CIA officials said today that warnings of cyberattacks by al-Qaeda against western economic targets should not be taken lightly.

Vince Cannistraro, the former chief of counterterrorism at the CIA, said that a number of Islamists, some of them close to al-Qaeda, have developed expertise in computer science.

"And some are well schooled in how to carry out cyberattacks," he said. "We know from material retrieved from [al-Qaeda] camps in Afghanistan that this is true. But their expertise seems mostly dedicated to communicating securely among al-Qaeda cells. Cyberattacks would probably render them less secure by focusing attention on their location."

In an exclusive interview with Computerworld on Monday, Sheikh Omar Bakri Muhammad, a London-based fundamentalist Islamic cleric with known ties to Osama bin Laden, said al-Qaeda and various other fundamentalist Muslim groups around the world are actively planning to use the Internet as a weapon in their "defensive" jihad, or holy war, against the West.

Bakri, founder of the London-based group Jama'at Al-Muhajirun and the spokesman for Osama bin Laden's International Islamic Front for Jihad Against Jews and Crusaders (see story), said all types of technology, including the Internet, are being studied for use against the West.

"In a matter of time you will see attacks on the stock market," he said, referring specifically to the markets in New York, London and Tokyo.

His comments represent the first time that a high-profile radical Muslim cleric with known links to bin Laden has spoken publicly about the use of cybertactics for offensive purposes.

Cyberterrorism experts offered mixed views of whether such attacks could, or would, be carried out. Cannistraro, for example, called Bakri a "fire breather" with no special insight into al-Qaeda operations or plans.

But they stressed that the threat should not be dismissed out of hand.

According to Bakri, a Syrian-born Muslim cleric whom the FBI and British intelligence have tied to some of the Sept. 11 hijackers and others seeking flight training in the U.S., Islam justifies the use of "all types of technologies" in the defense of Muslim lands, including psychological and economic weapons "or a weapon of mass destruction."

Jihad groups around the world are very active on the Internet, Bakri said, speaking from a cell phone near his north London office. And while his group, Jama'at Al-Muhajirun, is primarily focused on supporting the political goals of Al-Qaeda and other radical Islamic groups, Bakri said the military wings of these various groups are also using and studying the Internet for their own operations.

"That is what al-Qaeda is skillful with," said Bakri. "I would not be surprised if tomorrow I hear of a big economic collapse because of somebody attacking the main technical systems in big companies," he said, referring to an ongoing threat of an attack.

Michael Caloyannides, a senior fellow at Mitretek Systems Inc., in Falls Church, Va., and a former CIA scientist, said the skills required to launch a strategic cyberattack with devastating economic consequences are far different from what terrorist groups have focused on in the past. However, the Internet remains "very vulnerable" to serious disruptions, including those focusing on domain name servers, border gateway protocol routers and various single points of failure, said Caloyannides.

"While the Internet was originally designed and configured to be survivable, its transformation to a commercial entity has caused it to become economically efficient at the expense of no longer being anywhere near as survivable," said Caloyannides.

He said any such attack launched by al-Qaeda or in direct support of al-Qaeda could have a significant impact on the Bush administration's war on terrorism. In particular, Caloyannides warned of potentially dire consequences for any nation that knowingly allows such an attack to be launched from systems and networks within its borders. "Any country that allows its territory to be used for a massive Internet attack on the U.S. may want to think twice of the likely consequences," he said.

In April, the CIA sent an analysis paper to the Senate Select Committee on Intelligence outlining the cyberthreat posed by international terrorist groups, particularly al-Qaeda.

"Cyberwarfare attacks against our critical infrastructure systems will become an increasingly viable option for terrorists as they become more familiar with these targets and the technologies required to attack them," the CIA paper stated. "Various terrorist groups, including al-Qa'ida [sic] and Hizballah, are becoming more adept at using the Internet and computer technologies. These groups have both the intentions and the desire to develop some of the cyberskills necessary to forge an effective cyber attack modus operandi."

To date, al-Qaeda's cybercapabilities have been the subject of much debate. Most Internet security professionals have doubted such groups' interest in cybertactics on the grounds that physical bombings and other forms of attack provide the fear and bloodshed that al-Qaeda is looking for. However, in recent statements made by bin Laden, the terror leader has shown a clear desire to inflict catastrophic damage on the U.S. economy as a way to force the U.S. to withdraw its military forces from Afghanistan and to curtail its support for Israel.

"There are millions of Muslims around the world involved in hacking the Pentagon and Israeli government sites," said Bakri. "The struggle will continue," he said, referring to the millions of young bin Laden supporters who are now studying computer science as a way to support the cause.

"I believe that Osama bin Laden has earned his leadership and most [Muslim students] who are graduating in computer science and computer programming and IT technology are supporting Osama bin Laden," Bakri said.

"I would advise those who doubt al-Qaeda's interest in cyberweapons to take Osama bin Laden very seriously," he said. "The third letter from Osama bin Laden a few months ago was clearly addressing using the technology in order to destroy the economy of the capitalist states.

"This is a matter that is very clear, and Osama bin Laden must be taken very seriously."

Just last week, an intelligence threat assessment by Chantilly, Va.-based iDefense Inc. of pro-Islamic, pro-al-Qaeda hacking activity raised concerns about the ongoing development of malicious code by hackers, particularly those based in Malaysia, who are sympathetic to the cause of radical Islamic terrorist groups.

One hacker who goes by the handle "Melhacker" is thought to be responsible for the Nedal worm ("Laden" spelled backwards). Analysis of the worm conducted by iDefense found that it contained encrypted code and numerous Muslim names whose significance is unclear, as well as at least one and possibly two references to al-Qaeda.

"While this does not prove a direct link to al-Qaeda, it certainly shows empathy to the terrorist organization and an apparent willingness to act on their behalf," the iDefense study concludes.

Melhacker is also reportedly working on a new mega-worm that has been referred to as a "3-in-one." According to iDefense's director of threat intelligence, Jim Melnick, the worm will supposedly combine features of SirCam, Klez and Nimda and will be named Scezda.

"This should be viewed as a major threat," wrote Melnick in the iDefense study. "The continuing development of malicious code from pro-Islamic and pro-al-Qaeda hackers, especially in Malaysia, is of great concern, and one that needs to be closely watched."

The public threat from Bakri may be part of the attack. Steven Aftergood, a defense and intelligence analyst at the Federation of American Scientists in Washington, said statements such as Bakri's are "themselves a crude form of information warfare," intended to incite, alarm and confuse. "They need to be viewed dispassionately in that light," said Aftergood.

"There is always room for improvement in information systems security," he said. "And it would be prudent to take the existence of an adversarial threat seriously."

Officials at the White House said Richard Clarke, chairman of the President's Critical Infrastructure Protection Board, and his vice chairman, Howard Schmidt, are unavailable for comment. ***************************** Washington Post Security Rules for Charters Delayed TSA Must Rethink Screening Methods By Sara Kehaulani Goo Wednesday, November 20, 2002; Page A06

The Transportation Security Administration said yesterday that it will delay issuing new security screening rules for large charter airplanes because the task is more complex than it originally thought.

Security experts say charter flights remain vulnerable to terrorists because charter companies -- even those that carry groups of vacationers and sports teams on large jets -- are not required to screen passengers or luggage. The TSA originally imposed a Dec. 1 deadline on about half a dozen operators of large charter planes -- those weighing more than 95,000 pounds -- to begin new screening methods, but it had not told the companies what additional steps to take. Yesterday, a TSA official told the charter industry's largest association, the National Air Transportation Association, that it would issue security rules "shortly" and that charter companies would have 30 days to comply.

"We thought we'd get it out by December 1, but we're not going to make December 1," said Heather Rosenker, a TSA spokeswoman. Rosenker said the agency would come up with new rules "within weeks" because "it's an area of vulnerability."

Jim Coyne, president of the charter association, said it's difficult to come up with uniform security rules for the charter industry because its offerings include private services, such as flying corporate executives, as well as services for the public, such as tour operators that fly seasonally to vacation spots.

While the TSA has focused on addressing security at the 429 airports that have scheduled commercial flights, charter operators use as many as 5,000 smaller airports, many of which are not equipped with metal detectors and explosive-detection machines used in major airports with commercial airlines.

"TSA has not really had the resources internally to deal with the amount of effort that was required" with security rules for charter flights, Coyne said. "I think they underestimated." ***************************** Reuters FDA Warns Applied Digital on Chip Implant Tue Nov 19, 6:23 PM ET

WASHINGTON (Reuters) - Applied Digital Solutions Inc. (NasdaqNM:ADSX - news) has improperly marketed its implanted microchip for medical uses, U.S. regulators warned in a letter made public on Tuesday.

The VeriChip is a scannable device, implanted under the skin, that contains a unique verification number. The company has said the chip has a variety of "security, financial, emergency identification and other applications."

The U.S. Food and Drug Administration (news - web sites) ruled in October that it would not regulate the VeriChip as a medical device unless it was sold for medical applications, such as providing access to information to assist with diagnosis or treatment.

In the letter dated Nov. 8, the FDA said it "had understood from ADS's repeated assurances" that the company had no immediate intention of marketing the chip for medical uses without first consulting the agency.

"We now see that ADS has resumed its marketing of the VeriChip for precisely these applications," said the FDA letter.

Applied Digital Solutions President Scott Silverman, in a statement, said the company "has advised the FDA it is not marketing the VeriChip as a medical device or for medical applications."

The letter, posted on the FDA Web site on Tuesday, was written by Philip Frappaolo, acting director of the compliance office in the FDA's Center for Devices and Radiological Health.

"ADS's conduct flagrantly disregards FDA's prior comprehensive advice," the letter added.

The FDA ordered the Palm Beach, Florida-based company to correct the marketing violations immediately.

"If ADS continues to market the VeriChip for medical applications, FDA is entitled to initiate enforcement action without further informal notice," the letter said.

Such actions may include seizing the product, preventing the company from further marketing the VeriChip or civil monetary penalties, the letter said.

The company is going to work with the FDA to determine how it may properly market the chip for health-related uses, Applied Digital spokesman Matthew Cossolotto said.

Applied Digital Solutions stock lost 1 cent, or 2.04 percent, to close at 48 cents on the Nasdaq market on Tuesday. ******************************** Associated Press Japan to Study Linux Software Tue Nov 19,10:21 PM ET Add Technology - AP to My Yahoo!

TOKYO (AP) - Eager to catch up with nations switching to computer systems other than Microsoft Windows, Japan will study the possibility of using open-source software such as Linux (news - web sites) at the government level.

The public management ministry is earmarking 50 million yen ($410,000) for a panel of scholars and computer experts, including Microsoft officials, to finish the study by March 2004, Tatsuya Kawachi, a ministry deputy director, said Wednesday.

Japan lags behind Germany, the United States, China and other nations looking into or using open-source software such as Linux, which can be used and modified for free.

Although Tokyo does not disclose a breakdown, government computer systems mostly use Windows, a closed system.

Members of the government panel have not yet been selected, but they will travel to see how other countries chose and use operating systems, Kawachi said.

Concerns about costs and security from heavy reliance on Windows have been growing here. Ruling party politicians have been urging the government to consider other operating systems, which may offer lower costs and better security.

But Kawachi said the Japanese government cannot decide on hearsay and wants "an objective study" on the options. The study will not recommend a system, leaving that decision up to ministries and local governments. ***************************** Wired News Microsoft Spills Customer Data

Microsoft took a public file server offline Tuesday after Internet users discovered that the system contained scores of internal Microsoft documents, including a huge customer database with millions of entries.

The file transfer protocol server ordinarily enables Microsoft customers to download drivers, software patches and other files, as well as to upload files to the company's PSS Security Response Team.

But an apparent configuration error, along with what experts say was an ineffective internal security policy, enabled the public to have full access to folders containing confidential company presentations, spreadsheets, internal reports and other company information.

Among the files accessible to any Internet user was a 1 GB database containing millions of names and mailing addresses. The data was kept in a compressed archive named dmail_11_04_02.zip. The file, which was protected with the password "dbms," was easily opened with freely available password-cracking software.

Although the FTP server was intended for use by Microsoft's product support organization, marketing staff appeared to be using the server, unaware that it was accessible from the Internet, said Russ Cooper, "surgeon general" at security services provider TruSecure.

"They probably thought they were sharing the files just with other Microsoft people and that it was a protected server," Cooper said.

A Microsoft spokesperson said the company had no immediate comment about the incident.

Among the many people who stumbled upon the open FTP server was Andreas Marx, a virus researcher with GEGA IT-Solutions. In a phone interview, Marx said he first noticed the security problem Nov. 15 after connecting to the FTP server to download a security patch for Microsoft Office. Marx said numerous directories in a section of the site marked "outgoing" were accessible and contained files with "really interesting names."

Marx said he reported the problem to Microsoft, and the company appeared to take the FTP server offline Monday. When the server was restored later in the day, it had been "completely cleaned" of confidential files, Marx said.

But shortly thereafter, he said, Microsoft employees apparently began uploading new confidential files to the public section of the FTP server.

"It looked like Microsoft had a policy about what files could be uploaded, but that some employees weren't following it," said Marx.

After a short stint offline Tuesday morning, the FTP server's incoming directory appeared to be back online later in the day with proper access permissions. The outgoing directory, which contained patches and other support information, was still inaccessible, however.

The incident follows the posting last month of dozens of Microsoft internal documents, including e-mails and reports labeled "Microsoft Internal Distribution," on a website operated by a security researcher in Turkey.

In an e-mail interview, Tamer Sahin said he was able to access Microsoft's internal network at the beginning of this year using "known vulnerabilities" in Microsoft's software. In a message at his site, Sahin said he hacked Microsoft and posted documents he retrieved during his trespass because of his "fanaticism to Unix."

A Microsoft representative said the information Sahin obtained was outdated, but declined to comment further, citing the company's policy of not discussing intrusion claims. ********************************** Federal Computer Week Homeland Security Bill's secrecy provisions stick BY William Matthews Nov. 19, 2002

Last-minute efforts by Senate Democrats to strip objectionable secrecy provisions from the homeland security bill apparently failed Nov. 18.

Language added to the bill by the House of Representatives would block the disclosure of information about technology vulnerabilities through the Freedom of Information Act. Attempts to remove the language seemed certain to fail even as the Democrats wrestled to remove other provisions they dislike.

Sen Patrick Leahy (D-Vt.) called the House language "the most severe weakening of the Freedom of Information Act in its 36-year history." He said it "would hurt and not help our national security, and along the way it would frustrate enforcement of the laws that protect the public's health and safety."

The FOIA exemptions were slipped into the bill by the House last week and are broader and more punitive than exemptions agreed to earlier by the Senate.

Leahy and others warned that the House version of the bill (H.R. 5710) could turn government agencies into the allies of private firms that want to withhold information about critical infrastructure vulnerabilities.

Keeping the vulnerabilities secret would reduce the incentive to fix them, Leahy said.

The House language would impose harsh punishments, including jail time, for government employees who disclose exempted critical infrastructure information.

The American Civil Liberties Union raised objections after the homeland security bill passed the House Nov. 14.

Government officials could face fines or jail time for disclosing information about poorly protected computer networks, poorly guarded nuclear sites or contaminated blood supplies, said Laura Murphy, director of the ACLU's Washington, D.C., legislative office.

"We're unhappy about it," said Steven Aftergood, director of the Federation of American Scientists' Project on Government Secrecy.

The House's FOIA exemptions would apply to "information as opposed to records," he said. Exempting "information" from disclosure puts much more material off limits to the public than exempting "records." And the exemptions apply to all federal agencies, not just the Homeland Security Department, Aftergood said.

The House FOIA exemption "reflects a philosophy that vulnerabilities should always be concealed" and ignores the American tradition that "publicity is often indispensable for garnering political momentum and budgetary resources to correct problems," he said.

However, the Homeland Security bill contained two surprising provisions that won praise from the ACLU.

The bill drops support for uniform, high-tech driver's licenses, and it removes support for Operation TIPS, a Justice Department plan to recruit workers such as truck drivers, postal workers and cable TV installers to report suspicious activity they see while on the job.

The ACLU opposes biometric driver's licenses backed by interconnected databases, and last summer the civil rights group denounced Operation TIPS as an effort to create "a network of government-sanctioned peeping Toms." **************************** Federal Computer Week Interior remains unplugged BY Megan Lisagor Nov. 18, 2002

About 6 percent of the Interior Department's computer systems remain disconnected from the Internet, 11 months after a federal judge ordered a departmentwide shutdown citing security concerns, according to a Nov. 1 Interior report.

Most of the systems support the Bureau of Indian Affairs and the Office of the Special Trustee, agencies that rely on information technology to fulfill the department's trust fund duties.

"The relative security and integrity of DOI's computer systems is gradually improving," Interior officials said in their 11th status report to the court, one in a series of updates required by U.S. District Judge Royce Lamberth.

The reporting period, July 1 through Sept. 30, saw little increase in Internet connectivity a fact attributed to procurement and reconfiguration needs.

The department has awarded several contracts in recent months to vendors, including IBM Corp. and Zantaz Inc., aimed at bolstering information security. WorldCom Inc., meanwhile, has finished the technical design for TrustNet, a new secure network for Indian trust data. Testing and approval are awaiting fiscal 2003 funding.

"I think the fundamental problem over there is that things have been poorly managed for so long, the political risks are enormous...and no one's willing to guarantee the problems are behind them," said Warren Suss, president of Suss Consulting Inc.

Interior is embroiled in a class-action lawsuit filed by American Indians who are seeking an accurate accounting of money the government owes them for leasing American Indian-owned land and reform of the trust system. *************************** Government Computer News Library of Congress stacks bar codes three deep By Vandana Sinha

The Library of Congress yesterday opened its first off-site storage facility in two decades at Fort Meade, Md.

The first 1,000 rare books were shelved in the 8,500-square-foot warehousethe first of what will become a 13-building campus spanning 100 acres. It will house rarely requested books and periodicals, freeing space for the growing collection on Capitol Hill.

"It's long been something we've needed," said James H. Billington, librarian of Congress.

To preserve the materials, the air in the $4.7 million storage facility is kept at 50 degrees Fahrenheit and 30 percent humidity. Library officials estimated the 30-foot-high shelves would reach their 1.2-million-unit capacity in about two and a half years.

Each book is sized on a template to determine the box that should house it. Then bar codes are attached to the box and the book. When a box reaches the warehouse dock, employees there use portable bar code devices to scan it and link it to another bar code on the shelf that will hold it along with arrival date and shipping information. The triple-level bar code data gets its own storage facilitya server-side database called the Library Archival System, which is accessible to remote users via Telnet.

Generation Fifth Applications Inc. of Kennebunk, Maine, provided the archival software as well as a data-harvesting program that uploads bar-code data from the portable scanners at the dock. ******************************* Government Computer News Cooper: Homeland Security Department will move fast By Wilson Dizard III

The administration anticipates that the planned Homeland Security Department will quickly establish an infrastructure once Congress approves the authorizing legislation.

The department's first task during its initial 90 days will be to set up a headquarters facility to support the secretary of Homeland Security Steve Cooper, CIO of the Homeland Security Office. The building likely will house about 2,000 staff members and support networking with other parts of the department, Cooper said.

After establishing core operations, the new department will assess projects under way within its member agencies and "see if there are things we want to continue and things we want to stop," Cooper said yesterday at the Northern Virginia Technology Council's Symposium with Public-Sector CIOs.

Cooper elaborated on the White House plan to develop "a network of networks" [see story at www.gcn.com/21_33/news/20493-1.html].

"The idea is we would take what already exists and tie it together," Cooper said. "We recognize that the funding has to come from the federal environment."

Cooper told the audience that first the homeland security team must draft standards for this backbone network, and "there are legacy applications out there that need to be connected" as well. ******************************** Government Executive Bush aide envisions streamlined review of security products By Bara Vaida, National Journal's Technology Daily

Companies with homeland security products to offer the government will have one place to shop their wares with the expected establishment of the proposed Homeland Security Department in the next few months, a top White House aide said on Monday.

Mark Holman, deputy assistant to the president for homeland security, said the department would have a secretary of management and procurement who could make quick decisions about new homeland security products, a task that the White House Office of Homeland Security cannot achieve because it is not a procurement agency.

"Thank you for your patience," Holman told a crowd gathered at a homeland security financing briefing hosted by Equity International. "The Office of Homeland Security in the White House is a policymaking group and ... the 125-member staff has talked to hundreds of companies over the past year and we've done the best we could. ... Now there will be one place to go, one department."

The amount of money that will be made available to purchase products, however, remains unclear. Holman said that at least $500 million is to be allocated to a new Homeland Security Advanced Research Projects Agency and that a "starting point" for the size of the department is about $40 billion.

Scott Lilly, minority director of the House Appropriations Committee, however, said he is unsure that the White House is asking Congress for enough money to properly fund a comprehensive homeland security strategy. For example, Congress allocated $3.5 billion to help emergency responders in the states, but a dispute with the White House resulted in only $500 million being allocated. Lilly said President Bush has not requested the rest of that money for fiscal 2003.

"I'm concerned we aren't doing very well" in the fight against terrorism because of the funding levels on homeland security, Lilly said at the conference.

Bill Hoagland, staff director of the Senate Budget Committee, also expressed concern about the current level of funding for emergency responders, and he said not enough money has been spent on efforts to prevent bioterrorism.

Hoagland cautioned, however, that the nation's resources are not infinite and that even without potential spending on war with Iraq and a prescription-drug benefit, and without the lost revenue from tax cuts in a possible economic stimulus package, the budget is headed for a deficit of $180 billion to $200 billion in fiscal 2003, up from $160 billion in fiscal 2002.

"With the return of deficits and looming budget pressures with the aging population, we are going to have to be clear about how we define homeland security and what we will give up to fund it," Hoagland said.

He said the chief financial officer of the Homeland Security Department would have "one of the hardest jobs ever" in managing the department's costs because its mission will go beyond homeland security to areas like immigration services. He estimated that the department would be funded at about $37 billion in fiscal 2003. ******************************* Nov. 7, 2002, 3:08PM Chip glitch hands victory to wrong candidate Associated Press

ABILENE - A Scurry County election error reversed the outcomes
in two commissioner races.

A defective computer chip in the county's optical scanner misread ballots Tuesday night and incorrectly tallied a landslide victory for Republicans. Democrats actually won by wide margins.

The problem was discovered when poll workers became suspicious of the margins of the vote, Scurry County Clerk Joan Bunch said.

A new computer chip was flown to Snyder from Dallas, she said. By Wednesday morning, the votes had been counted twice by hand and once again by scanner with the replacement chip.

Republican Robbie Floyd, 69, who lost to Democrat Jerry House, seemed agape even hours after learning of his defeat Wednesday.

"It was hard to believe that that type of mistake had happened," he said.

Incumbent Democrat Chloanne Lindsey said she had conceded the election to Republican Keith Hackfeld when she received a phone call at 3:45 a.m. notifying her of the discrepancy. Later Wednesday morning, he called to congratulate her.

"I felt bad for my opponent," Lindsey said. "I knew how it felt to lose."

This is one of several articles that can be found at Vote Watch
http://www.votewatch.us/election_2002_findings.htm
****************************
Government Executive
November 15, 2002
Justice officials defend data mining as anti-terror tool
By Drew Clark, National Journal's Technology Daily

Two top Justice Department officials Friday defended the need for government agencies to aggregate large amounts of personal information in computer databases for both law enforcement and national security purposes.

Speaking on two separate panels about privacy and civil liberties at the Federalist Society, Assistant Attorney Generals Viet Dinh and Michael Chertoff both said information is a key weapon in combating terrorism.

Chertoff, head of the criminal division and a key drafter of last year's major anti-terrorism law, said in a Friday morning panel that critics of Bush administration's civil liberties record are overstating their case.

Chertoff specifically defended data-mining by the government, comparing it the sort of information that Amazon.com aggregates about an individual user's book preferences. "It is hard to say that my privacy has been significantly invaded because the government, in protecting me, can use the same technologies as people who want to market to me."

Under guidelines implemented by Attorney General John Ashcroft in June, FBI agents may use commercial-sector databases. Some privacy advocates are also worried about a $500 million authorization for the proposed Homeland Security Department to engage in such data mining. That provision appears in the House-passed bill.

Speaking on the same panel, American Civil Liberties Union President Nadine Strossen called data mining the "power to snoop on every act of every American." Chertoff replied that data analysis had "obvious utility" in detecting "certain types of money flows" in terrorist financing.

Dinh, head of Justice's Office of Legal Policy, addressed a related subject at a Thursday afternoon panel. Both criminal prosecutors and counter-terrorism officials need to have access to similar information, he said.

He followed George Terwilliger, deputy attorney general to the former President Bush, who said Justice should avoid the temptation to turn the FBI into a domestic surveillance agency. At the same time, he said, "It is abundantly clear now, that there is a widespread recognition on the part of citizens that we are going to win this war against terrorism with knowledge, with information."

"We need to recognize the clear difference between criminal investigations and domestic efforts to combat terrorism," said Terwillinger. "As a matter of organization, over time, we need to break away from the FBI national security into a different agency acting under express authority for a more limited purpose" that focuses specifically on counterterrorism.

"It will be better to protect against foreign enemies and better for the health and welfare of individual rights in the country in the long term," he said.

Dinh strongly disputed that analysis. The previous legal regime prohibited law enforcement agencies from engaging in domestic surveillance, establishing a sharp barrier within the FBI between counterterrorism and criminal prosecutors.

"Sept. 11 showed us the significance of that mistake and its peril," he said. "Terrorism is a matter of national security, but it is also a matter of criminal investigation" and both sources of authority needed to be available to the same government officials.

The ability to do this is the reason for Justice's first-time-ever appeal of a decision of the Foreign Intelligence Surveillance Court, Dinh said. **************************** Government Executive November 14, 2002 Security adviser presses for new intelligence analysis agency By Molly M. Peterson, National Journal's Technology Daily

The president should create a new, stand-alone agency to serve as an "all-source fusion and analysis center" for intelligence related to potential terrorist attacks, the chairman of an influential counterterrorism commission told a House Armed Services subcommittee on Thursday.

"There are misgivings with the idea of a new agency, but frankly, our commission doesn't seem to see any other alternative," James Gilmore, chairman of the Advisory Panel to Assess Domestic Response Capabilities for Terrorism Involving Weapons of Mass Destruction, told lawmakers during a hearing on the panel's fourth annual report to the president and Congress.

The formal report is due next month, but members of the panel, commonly known as the Gilmore Commission, decided to release certain recommendations in advance, to help "inform the current debate" as policymakers implement legislation to create a Homeland Security Department.

Gilmore said a separate office to analyze intelligence would help overcome the information "segregation" that has hampered the ability of the FBI, the CIA and other agencies to work together to identify terrorist threats. "This organization will be ... more directed and focused on the potential for gathering information with respect to international terrorist organizations operating within the United States," Gilmore said.

The commission said the new National CounterTerrorism Center should be an independent agency, appointed by the president with Senate consent. The panel said the agency's status should be similar to that of the Federal Emergency Management Agency, the Environmental Protection Agency and the General Services Administration.

The agency should operate separately from the FBI, CIA and Homeland Security Department, according to the commission. But it recommended the permanent transfer of some FBI and CIA counterterrorism analysts to the office, along with representatives from the department.

Noting that the FBI's primary mission is domestic law enforcement and that the CIA's main focus is foreign intelligence, Gilmore said the fusion center would be better suited than either of those agencies to collect, combine and analyze information on domestic threats posed by international terrorist groups.

"The challenge is less of technology than of culture," Gilmore said. "The culture of these organizations must be addressed. Leadership must be applied to change those cultures to make them interact and work together more appropriately."

But Gilmore emphasized that the new office should comply with the same intelligence and surveillance laws, and civil-liberties protections, as the FBI and CIA. "The goal here is not to simply violate people's rights but to have proper information sharing and properly gathered intelligence," Gilmore said.

But Republican Robert Simmons of Connecticut, a former CIA operations officer, worried that establishing a new intelligence agency might further complicate the process of identifying terrorist threats. "I wonder if, by creating a third organization that has a limited collection function ... you're not actually just creating another bureaucracy under the same constraints that will buy us nothing more than an additional level of bureaucratic problems," Simmons said. *************************** Computerworld Homeland security bill includes stiff hacker penalties By TODD R. WEISS NOVEMBER 19, 2002

As the U.S. Senate prepares to take action on the proposed Homeland Security bill later today or tomorrow, potential computer terrorists might want to pay close attention. Inside House Bill 5710, known as the Homeland Security Act of 2002, is a provision that calls for punishment of up to life in prison for electronic hackers who are found guilty of causing death to others through their actions.

And hackers convicted of causing injuries to others could face prison terms up to 20 years under cybercrime provisions, which are in Section 225 of a bill known as the Cyber Security Enhancement Act of 2002.

The Enhancement Act was added to the homeland security bill on Sept. 19 as an amendment after being passed by the House in July, said Brad Bennett, communications director for Rep. Lamar Smith, (R-Texas), who introduced the act. The bills were combined because they have similar goals for homeland security, he said.

"This is important because this bill promotes cooperation between law enforcement and the private sector" in fighting cyberterrorism, Bennett said. "It will send a clear signal that those who engage in cybercrime activities will be punished.

"Crime is still crime, whether it occurs on the street or on the Internet," he said.

Critics, though, wonder why the punishments outlined in the act are tougher for hackers than for street criminals who commit assault or murder.

"It's more severe than [punishments for] crimes committed with a knife or gun," said Chris Hoofnagle, legislative counsel for the Electronic Privacy Information Center, a nonprofit public interest research center in Washington. Hoofnagle said he's not sure why a crime committed with a computer should require a more severe sentence.

That's not the only problem with the enhancement act's language from a civil liberties point of view, he said.

The measure would also allow Internet service providers to "hand over content of their customers' communications without consent based on a good-faith belief that there is an emergency," Hoofnagle said. And it allows the emergency installation of Internet traffic analysis wiretaps when there's an attack on a protected computer system, he said.

"There are other sections of the bill that are heavily weighted in favor of law enforcement and against accountability," Hoofnagle said.

Despite those issues, momentum is building for passage of HB 5710 by tomorrow, he said.

"At this point, this is not likely to be a sticking point," Hoofnagle said.

Joe Tasker, general counsel and vice president for governmental affairs at the Information Technology Association of America, a trade group in Arlington, Va., disagrees with such criticism, arguing that the enhancement act is reasonable.

"If you use a computer to kill people, it's just as serious as if you use a gun," Tasker said. "I don't see anything here that's out of line with any other federal law." ****************************** Computerworld Liberty Alliance updates Net identity spec By John Fontana, Network World NOVEMBER 19, 2002

The Liberty Alliance Project today updated its specification for creating a standard for network identity and for the first time solicited public comment on the document, signaling the consortium's intention to act more like a traditional standards body. The group released Version 1.1 of the spec, which corrects a security flaw and clarifies ambiguities in the text of the draft. The 130-member group in July released the first draft, which details how to create a universal user identity to be used for authentication as a user moves from Web site to Web site (see story). The effort is similar to Microsoft's Passport single sign-on consumer service, which the software vendor is trying to adapt for corporate use.

In Version 1.1 of the Liberty specification, the group fixed a flaw in the Liberty-enabled Client/Proxy Profile that would allow hackers to interject themselves into the middle of the exchange of identity credentials between a Web site and an end user with a mobile device. The vulnerability to so-called man-in-the-middle attacks was discovered in October by researchers from both Sun Microsystems Inc. and IBM and quickly corrected. The fix is now part of the formal specification.

The fix "took a couple of weeks to turn," said Michael Barrett, president of the Liberty Alliance. "We didn't push as hard as we would have if we had actual users. But this enabled us to prove our rapid response mechanism."

That's important to corporations because, if they adopt products that support the Liberty Alliance specification, they will demand a process that guarantees quick patches to the technology.

The Alliance also added a few enhancements that allow both users and the entities that accept their identity credentials to periodically change the credentials, a process that's similar to changing a user's password at set intervals to preserve its integrity.

Barrett said the enhancements were made to bring the specification more in line with corporations that have set policies on managing identity credentials.

In addition to making changes to the specification itself, the Alliance for the first time opened the document to the general public for review. Version 1.0 was open only to comments by members of the Alliance.

"We are trying to make the Alliance as open as possible while respecting the rights of our members," Barrett says.

The members, who include both user companies and vendors, pay a fee to participate in the group, which has been coy about whether it may at some point turn its work over to a recognized standards body or continue to work as a independent organization. But by opening the specification for public review, the Alliance seems to be signaling that it will continue to do its own work.

In October, Barrett told Network World, "For all intents and purposes, the Liberty Alliance is a de facto standards organization."

Barrett said the group doesn't have any specific expectations on the public review period, which ends Dec. 6, but he did say, "We will read and consider all significant responses and weed out the wacko stuff."

In the first half of next year, the Alliance plans to publish Version 2.0 of its specification, which will focus on wiring together islands of Liberty Alliance supporters to create a mesh of trust. Version 2 also provides a mechanism for data to be moved between partners and a permission framework to allow consumers to manage that data exchange. ******************************** Washington Post Dyson Seeks to Amplify the Public's Voice in Internet Policy By David McGuire Wednesday, November 20, 2002; 11:01 AM

Esther Dyson wants the public to stay involved in Internet policy, even as the organization that she helped create to manage the Internet prepares to dispense with a key element of public participation.

The Internet Corporation for Assigned Names and Numbers (ICANN), the nonprofit organization created in 1998 to manage the Internet's underlying structure, is expected next month to formally abandon its policy of allowing the public to elect several members of its board of directors.

Dyson, who served as ICANN's founding chairman, is supporting the ICANN reorganization by helping to build a worldwide constituency of concerned Internet users to serve as the public's voice within ICANN.

"I did believe that it was a good idea to have a globally elected executive board, (but) you can't have a global democracy without a globally informed electorate," Dyson said.

In order to have a meaningful voice in policy decisions, the public must become more involved, working from within ICANN rather than having elected board members vote on policies a few times a year, Dyson said.

"What you really need (in order) to have effective end-user representation is to have them in the bowels (of the organization) rather than on the board," Dyson said.

Dyson's efforts to drum up grassroots participation in ICANN come amidst a rancorous debate over what role Internet users should play in its deliberations.

ICANN's reform plan would create an At-Large Advisory Council (ALAC) to serve in lieu of direct public representatives on the ICANN board. Members would be chosen by regional coalitions of Internet users and would advise the ICANN board on matters important to users. ALAC members also would select a portion of the committee that would handpick future ICANN directors.

Before ALAC can become an effective voice for the public, Internet users around the world must create local and regional organizations in each of the world's five regions (which ICANN defines as North America, South America, Europe, Asia/Pacific and Africa).

Dyson is helping to coordinate those regional efforts, and said the future of public participation in Internet management is in the hands of the public. "I don't think it's going to be quick or easy. It very much depends on the ability of people to show up," she said. "A lot needs to happen that cannot be guaranteed by structure," she said.

If Internet users take up ICANN's challenge, the advisory council could become a powerful voice for users within ICANN, Dyson said.

Rob Courtney, a policy analyst for the Center for Democracy and Technology (CDT), agreed that if users manage to organize themselves into large, sustainable groups, they could exert pressure on ICANN.

"It will be an organization that's ignored at the peril of the board," Courtney said.

It is unclear, however, whether Internet users can organize themselves with little financial backing and limited guidance, Courtney said. "I think it's got a shot, but I don't think anyone would tell you, 'We're done, the at-large issue is solved.'"

Some observers said that even if ICANN manages to drum up grassroots participation, its new model gives too little power to the users affected by ICANN decisions.

"I think the current proposal is a faint and pale shadow of the kind of public participation representation that ICANN was intended to have. I'm skeptical that the ALAC will provide a meaningful opportunity for public representation in ICANN," said Don Simon, the acting president of Common Cause, another group that takes an interest in ICANN.

Under ICANN's original charter, nine of the organization's 19 voting directors were supposed to represent Internet users "at large."

"I'm skeptical that the ALAC will get off the ground as conceived, but even as it does ... it doesn't solve the problem," Simon said.

Karl Auerbach, one of the five ICANN directors elected by the public in 2000, also criticized the ALAC proposal, saying ICANN has a poor track record of taking advice, even from its own internal supporting organizations.

"ICANN will not listen to it. ICANN doesn't even listen to its own (internal policy groups). ICANN has this hubris in which it asserts that it knows more about your interests than you do," Auerbach said. ***************************** Washington Post Agencies Fail Cyber Test Report Notes 'Significant Weaknesses' in Computer Security By Christopher Lee Wednesday, November 20, 2002; Page A23

The federal government earned a failing grade yesterday for its agencies' poor record of protecting vital computer systems from fraud, misuse and cyber-terrorism.

The House Government Reform subcommittee on government efficiency flunked 14 of the 24 largest departments and agencies, whose computer security efforts were reviewed by the General Accounting Office and found wanting. Another seven agencies earned a D and two were given Cs. Only one, the Social Security Administration, got a B-minus, the highest grade awarded to one of the major agencies.

"The overall government grade is an F, the same as last year," said Rep. Stephen Horn (R-Calif.), the panel's chairman. "While 11 of the 24 agencies have shown some improvement, overall progress is slow. . . . [T]he federal government's systems and assets remain vulnerable."

Investigators from the GAO, the congressional watchdog group, found "significant weaknesses" in each of the 24 agencies. Many of the failures involved inadequate access controls, leaving sensitive information systems and data vulnerable to tampering by disgruntled workers or attack by thieves or terrorists.

The weak spots could, for instance, lead to the loss or theft of federal payments and collections. Information, such as Social Security and medical records, could be inappropriately released or copied for criminal purposes. Thieves might be able to obtain tax records and other personal information to establish credit and rack up debt under someone else's name.

Protection of computer systems is important if the government is to keep functioning during terrorist attacks or other interruptions, investigators said.

In general, "poor information security is a widespread federal problem with potentially devastating consequences," the GAO found, echoing its earlier studies.

But the report's author, Robert F. Dacey, director of information security issues at the GAO, noted that reports of vulnerabilities do not necessarily mean that computer security is actually getting worse.

"They are more likely to indicate that information security weaknesses are becoming more fully understood -- an important step toward addressing the overall problem," Dacey wrote. "Nevertheless, the results leave no doubt that serious, pervasive weaknesses persist."

Among agencies with the worst grades were the departments of Justice, State, Defense and Transportation.

Kenneth M. Mead, the inspector general at the Department of Transportation, told the House panel that the agency had improved from last year, when it also received a failing grade. But DOT still must improve controls over access to sensitive systems by the "more than 100,000" agency employees, contractors, grantees and industry associations who are authorized to pass through the agency's protective firewall and enter its computer networks, Mead said.

"DOT is making progress," Mead said. "However, based on our recent results, more work needs to be done and management attention should be focused on identifying computer vulnerabilities that need immediate fixing."

At the Social Security Administration, which improved from a C-plus last year to a B-minus this year, employees must notify officials when a computer virus or intrusion is suspected. And information security is routinely discussed at executive meetings, said James B. Lockhart, the agency's deputy commissioner.

"We know we cannot rest on past practice, but must be vigilant in every way we can," he said. ***************************** New York Times F.C.C. Seen Tweaking Universal Service Contributions By REUTERS November 20, 2002

WASHINGTON (Reuters) - The Federal Communications Commission will soon move to rebalance the amount of money telephone companies pay to provide Internet access to schools and libraries, as well as subsidizing phone service for rural areas and low-income families, a commissioner said on Tuesday.

Telephone carriers like AT&T Corp. (T.N) have complained their contributions into the $5.5 billion Universal Service Fund were based on a percentage of their long-distance revenues from the previous six month period, which have been dwindling, and have pushed for a per-connection or per-phone number fee.

Another complaint was that others were underpaying, like wireless carriers who are winning long-distance customers with promises of buckets of minutes for any-distance calls but pay into the fund up to 15 percent of revenue, which the industry admits is below the actual revenue from long-distance calls.

And local telephone companies are quickly entering the long-distance market, but their past long-distance sales have been slim so their contributions to the fund have been small.

The FCC was poised last month to approve shifting to a line connection assessment, but last minute concerns about what connections counted -- including for high-speed Internet access -- stymied the effort.

In the meantime, the FCC will likely opt for changing the formula of who pays what into the fund and look further into whether a fee for each connection or phone number would work, said FCC Commissioner Kevin Martin.

``I think there were a lot of questions about some of the proposals on the connection-based side,'' he told reporters. ``I think the commission should move forward to ... reforming the revenue-based assessment and continue to seek comment on some of the longer-term issues.''

SOME BILLS MAY GO UP, SOME MAY GO DOWN

The FCC's options include, among others, changing the timeframe on which payments are based or requiring payments to be based on exact long-distance telephone revenue recorded.

Those who have a traditional long-distance carrier could see their bill go down a bit while those who use a mobile telephone or get long-distance service from a dominant local telephone company like BellSouth Corp. (BLS.N) may see their bills rise slightly.

``This will shift some of the fees from the long-distance bills to wireless and the Bells,'' said Legg Mason analyst David Kaut, referring to the four big regional local telephone companies entering the long-distance market.

The FCC requires carriers like AT&T and WorldCom Inc.'s (WCOEQ.PK) MCI unit to contribute 7.28 percent of their revenue to the fund and the companies typically pass on the cost to consumers.

AT&T, WorldCom and Sprint Corp. (FON.N) have said they must charge higher fees, 11 percent, 9.9 percent and 9.6 percent respectively, because revenue is declining but their contributions are calculated on past revenue which was higher. WorldCom plans to up their fee to 10.5 percent in January.

Wireless carriers, who offer buckets of minutes that can be used to make local or long-distance calls, contribute up to 15 percent of revenue but their industry trade group told the FCC that the ceiling could go up to 20-28 percent based on its review of long-distance calls on services.

The FCC could act within weeks on the short-term measures, people familiar with the situation said. ******************************** New York Times November 19, 2002 The New Buzzword for Airport Security By JOE SHARKEY

Get ready to hear a lot more about "biometrics," the buzzword for electronic verification of identity through biological characteristics of the iris, face or fingerprint.

Biometrics will be the cornerstone of the proposed trusted-traveler (also known as the registered traveler) program long proposed by the airline industry and now supported by federal security officials, who had long resisted the idea. There's also widespread support among business travelers, who resent the secondary gate-area screenings and friskings that will be greatly reduced for those registered under a trusted-traveler program.

In the recent Corporate Air Travel Survey by the International Air Transport Association, which represents the world's airlines, 81 percent of business travelers said they supported use of advanced biometric technology at airport security points.

American Express Adds Loyalty Points

The loyalty-points lottery continues apace. American Express said yesterday that clients buying airline tickets through its RezPort online travel service for small businesses would get triple Membership Rewards points for the first three months of paid enrollment.

Fewer Laptops Make the Flight

Because valuable possessions often pile up haphazardly at airport security checkpoints, some business travelers have been leaving their laptops at home, industry experts have noticed this year. The 2002 National Business Travel Monitor by Yankelovich Partners notes a statistical drop in laptop-toting that it defines as significant, based on personal interviews with 2,500 business travelers.

Last year, 40 percent of respondents said they carried laptops on business trips. This year, it's 36 percent. On the other hand, 77 percent now carry cellphones, compared with 68 percent last year. And beepers are losing ground, down to 19 percent this year from 26 percent in 2001.

A Dog in the Cockpit to Help the Pilot

We are indebted to Ken Kaye, aviation writer for The Sun-Sentinel of Fort Lauderdale, Fla., for the following report on a joke making the rounds in the aircraft industry. It addresses new in-flight technology and its importance to the growth of air traffic capacity.

"In the airline cockpit of the future, only two crew members will be needed: a pilot and a dog," the joke goes. "The pilot's job will be to assure passengers everything is under control. The dog's job will be to bite the pilot if he touches anything." ******************************** Information Week The Push For Privacy Nov. 18, 2002 Health-care companies rush to build new processes to comply with HIPAA By Marianne Kolbasuk McGee

The April deadline for compliance with the Health Insurance Portability and Accountability Act's privacy regulations is only five months away. While the privacy regulations are less technology-oriented than HIPAA's requirements for electronic transactions and security, those rules will require doctors, hospitals, and other providers to build new processes as part of their technology infrastructures that will let them continue sharing patients' medical information with other caregivers while protecting their privacy. http://www.informationweek.com/story/IWK20021114S0011 **************************** Reuters Federal Court Overturns Ruling on Police Web Searches November 18, 2002

LOS ANGELES (Reuters) - A federal appeals court on Monday overturned a lower-court ruling requiring police officers to be physically present when executing a search warrant at an Internet service provider.

The 8th Circuit Court of Appeals in St. Louis overturned a district court ruling in a Minnesota case regarding a search warrant faxed to Yahoo Inc.'s (NasdaqNM:YHOO - news) Santa Clara, California offices in a child pornography investigation.

The defendant in the Minnesota case had argued his rights under the Fourth Amendment to the U.S. Constitution regarding unreasonable search and seizure had been violated because the search for items listed in the warrant had been conducted by a civilian Yahoo employee.

The Minnesota district court in that case ruled law enforcement officers should be present at all such searches.

Attorney Jonathan Band, a partner at Morrison and Foerster in Washington who represented Yahoo and others in the case, said the appellate court found "the Fourth Amendment does not establish a hard-and-fast physical presence requirement."

Yahoo and others had argued in papers filed with the 8th Circuit earlier this year that the ruling could fill their office with police officers executing warrants.

The group had argued that a dozen or more law enforcement officers could be on their premises at any given time enforcing warrants if the lower-court ruling were allowed to stand. **************************** Sydney Morning Herald Police turn ATM scam into an ATM sting By Les Kennedy November 20 2002

For the first time police have enlisted the aid of every major bank to set a computer trap to track down a gang of ATM fraudsters.

It happened after they learnt two weeks ago that $500,000 was stolen using a pinhole camera and a data collecting device secured to ATM machines to "skim" customer key cards in Sydney and Melbourne.

NSW Fraud Squad Police set up the trap when detectives, looking at the bank records of those affected, found one customer had used a foreign bank card in all four Sydney machines simply to get an account balance.

But since there was no Sydney address listed, police turned to every big bank to set the computer trap.

Last Friday and Saturday, in a first for computer crime law enforcement in Australia, the ATM network in NSW went "live" in an attempt to see if the suspect card holder would use the card.

The trap led police to Sydney's Grace Hotel.

In Central Local Court yesterday, unemployed Malaysian national Kok Meng Ng, 28, appeared charged with possession of $2705 and a further $32,050 found in a safe in the Grace Hotel room he occupied on Saturday.

Police alleged the money was suspected of being stolen and that a further $180,000 was transferred back to Malaysia before three other unnamed alleged gang members left Australia.

Before yesterday's case, Ng's wife, who was not charged over the scam, was detained by Immigration officials on the steps of the courthouse and taken to the Villawood detention centre to await deportation to Malaysia after having her tourist visa revoked under section 192 of the Migration Act.

Unable to find two "Australian citizens" to secure his $110,000 bail, Ng was remanded in custody to reappear in court on December 16. ****************************** Sydney Morning Herald Blogging comes of age in US online politics San Francisco November 20 2002

Every day around 35,000 people log on to read an unassuming law professor's pithy remarks on US politics or to mull Washington's plans for war on Iraq.

While that number hardly rivals the number of readers that publications such as The New York Times and Newsweek command, Glenn Reynolds' service stands out - it is entirely independent of the powerful American media machine.

The Tennessee-based academic's running daily commentary appears on his Internet weblog, the hottest new medium of US journalism to which readers are turning to discuss hot-button issues in American society.

Web logs, or "blogs" as they are popularly known, first surfaced a few years ago as online diaries that could be easily updated by amateurs and that carried links to other websites favoured by the blog's owner.

But over the past year Reynolds, and scores of other mini press barons, have turned blogs into a potent and critical source of news, commentary and debate that is starting to rival mainstream media.

Blog barons say the news sources act as a critical independent balance to the major US television networks and newspapers, some of which give their news a political spin.

And as a possible war with Iraq looms, Weblog traffic statistics indicate a rapidly growing readership for news on US elections, the war on terrorism and other headline topics.

San Francisco weblog observer Rebecca Blood calls the phenomenon a "vox populi", that allows anyone to take part in the daily process of news production and analysis on the personal Internet sites.

Reynolds's recent topics have included stories on this month's US elections, terrorism in Indonesia, a debate on American gun culture and the more down-to-earth subjects of sex and music.

Unlike the traditional news media, Reynolds attaches his own brief comments to each story as well as those emailed in by his readers.

He says the more interactive nature of a blog allows him to concentrate on topics that especially interest his audience and to insert hyperlinks to other sources of online information.

"It invites readers to follow the links and to decide for themselves," Reynolds said. "That promotes a degree of accountability that traditional (newspaper and television) opinion columns sometimes lack."

Journalist Mickey Kaus, a pioneer of political Web logging, sees the medium as an intermediary between the public and the mainstream media.

Kaus's and other similar commentary-laden services serve as a "gadfly" to the mainstream press, pointing out errors, biases and inconsistencies in major publications, he said.

But weblogs still garner only a fraction of the audience of the traditional media. Few get more than 10,000 readers a day, while Kaus's is estimated to be less than 30,000.

Despite that fact, the mainstream media is hijacking the concept, with top companies such as the Wall Street Journal and MSNBC television starting their own Web logs in order to avoid losing their readership to independents.

More academic recognition came when the Graduate School of Journalism at the University of California, Berkeley launched a course on weblogs last year.

And while blogs have not yet found a commercial model to make them viable, they are getting the attention of decision-makers.

Kaus and other bloggers say that in addition to the feedback they receive from officials, their Web log programs detect readers entering their sites from the White House, Congress and other government offices.

But as the influence of blogs grows, some pundits are complaining that the medium is fast splitting into political right and left factions that shelter people who want their own beliefs confirmed by others.

"People no longer want to hear, they want to talk to people who agree with them," said pioneer blogger Blood, who recently published The Weblog Handbook. **************************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx

Prev by Date: ACM TechNews - Wednesday, November 20, 2002
Next by Date: Clips November 21, 2002
Previous by thread: ACM TechNews - Wednesday, November 20, 2002
Next by thread: Clips November 21, 2002
Index(es):
- Date
- Thread