[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips December 6, 2002

To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, akuadc@xxxxxxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;
Subject: Clips December 6, 2002
From: Lillie Coney <lillie.coney@xxxxxxx>
Date: Fri, 06 Dec 2002 14:55:56 -0500

Clips December 6, 2002

ARTICLES

Tower Records site exposes data
Homeland Security Won't Have Diet of Raw Intelligence
Utah CIO Windley resigns
High-Speed Wireless Internet Network Is Planned
Sen. Shelby To Press Consumer Protections
Calif. Trial Told No Proof of eBook Piracy Found
Iowa governor dismisses CIO
Biometrics to imprint job site
Career Channels Federal IT job openings

*****************************
CNET
Tower Records site exposes data
By Declan McCullagh
December 5, 2002, 1:17 PM PT

A security hole on Tower Records' Web site exposed data on millions of U.S. and U.K. customers until it was closed late Wednesday. The glitch allowed anyone to peruse Tower Records' Web site to view its database of customer orders dating from 1996 through this week, including home and e-mail addresses, phone numbers and what music or video products were purchased. More than 3 million such records were exposed.

"It was a technical error, and when we discovered it we were fairly horrified and we fixed it in a matter of hours," a Tower representative said on Thursday. No credit card numbers appear to have been revealed, the company said.

Stephanie Wilbanks of Jonesboro, Ark., had her personal information exposed after she ordered a CD as a gift from Tower Records this week.

"I'm shocked and disappointed," Wilbanks said. "I will no longer do online business with Tower Records."

But another affected customer, Ivor Colwill of Haywards Heath, England, said he wasn't as concerned.

"I doubt it'll affect my shopping at Tower," Colwill said. "I honestly can't think of another site that covers so many of my musical needs in one spot or with the same quality of service. At worst, I'll telephone my orders to them."

The security leak arose out of a programming error in a script called "orderStatus.asp." When customers requested information on their order via the Tower site, the script called up the record, displaying the order number as part of the URL of the resulting page.

But the script allowed customers to type a different order number into the URL and call up a different record. In the change made Wednesday, Tower now requires customers to log in with their e-mail address and password before they can view information about their order.

The programming error, which existed for an unknown length of time, appears to have conflicted with Tower Records' posted privacy policy, which says: "Your TowerRecords.com Account information is password-protected. You and only you have access to this information...TowerRecords.com takes steps to ensure that your information is treated securely..."

Founded in 1960 in Sacramento, Calif., Tower Records operates about 200 retail stores and opened its online store in November 1996. ****************************** Washington Post Homeland Security Won't Have Diet of Raw Intelligence Rules Being Drafted to Preclude Interagency Conflict By Dan Eggen and John Mintz Friday, December 6, 2002; Page A43

With the FBI and CIA insisting on strict limits on the information they must share with the new Homeland Security Department, the Bush administration has begun to craft rules for the handling of intelligence in the hope of heading off conflict among the agencies responsible for protecting the United States from another terrorist attack.

For now, the intelligence agencies have persuaded the White House that information provided to the Homeland Security Department should be in the form of summary reports. Those summaries generally will not include raw intelligence or details on where or how the information was gathered, in order to protect sources and methods.

But defenders of the new department, which will consolidate 22 federal agencies early next year, say its analysts occasionally will need -- and receive -- access to a wider range of intelligence, including undigested classified information, to fulfill their primary mission of protecting the nation's infrastructure.

Access to information is likely to be a significant topic of debate in the formation of the new department, according to government officials and outside experts. Because the rules and procedures governing information sharing are not yet decided, officials said it is too early to tell how the debate might play out.

"The new agency succeeds or fails depending on whether it gets what it needs from the CIA and FBI," said Mary DeRosa, a senior fellow at the Center for Strategic and International Studies who specializes in homeland defense issues. "There are strong incentives for FBI and CIA not to want a new player taking away their turf. . . . People in leadership will need to pay attention to this all the time."

Administration officials already are considering, for example, whether to include homeland security representatives as members of the 56 regional Joint Terrorism Task Forces, which oversee local terror investigations. That suggestion has sparked discussion over how much access to information those representatives should be granted, and to what extent the information should be shared with others at the Homeland Security Department, sources said.

The statute that created the new agency is not specific about how the department will obtain and analyze classified information. The law signed by President Bush last month appears to give Tom Ridge, the homeland security director who has been nominated to head the new department, the power to demand access to classified intelligence held by the FBI and CIA.

"Except as otherwise directed by the president, the secretary shall have such access as the secretary considers necessary to all information, including reports . . . and unevaluated intelligence relating to threats of terrorism," the statute reads. "The secretary may obtain such material upon request."

But administration officials said that in fact Ridge's department would receive undigested intelligence only when he makes the case for it under yet undefined procedures, and that these guidelines are to be laid out generally in presidential directives that are only now being drafted. No one yet knows who will broker any conflicts between the department and other agencies, or what criteria will be used to make such decisions, officials said.

At the FBI, the summaries will be compiled by a new contingent of "reports officers," who will be responsible for culling useful information about terrorist threats from raw intelligence for use by homeland security and other outside agencies. The process will be similar to that used by the CIA. Neither agency will be folded into the new Homeland Security Department.

At the new agency, analysts will try to speed the intelligence they receive -- information, for example, that al Qaeda operatives are thought to be casing government buildings -- to the federal and local security officials who can take appropriate action.

A number of officials at the FBI, CIA and National Security Agency have deep misgivings about distributing raw intelligence too widely, especially to a new and untested department. A number of officials and staff members on Capitol Hill also fear that internal squabbling could hinder the formation of the new department, and will contribute to pre-Sept. 11, 2001, tensions between existing intelligence units that authorities have been working to defuse.

"There has been a real reluctance to provide information or access to information; it would be naive to think that reluctance won't continue," said one Senate aide involved in the homeland security legislation. "There is real friction among these agencies. A lot of people want to put Homeland Security in a little box and not share too much with them."

Senior Bush administration officials play down the likelihood of discord, saying the intelligence issues are relatively minor and can be worked out. The new department's relationship with the CIA and FBI "will be a learning process as it moves forward," but it's "an unnecessary leap" to conclude that the disagreements will be serious, one administration official said.

The debate comes at a time of uncertainty over the future of the domestic counterterrorism effort, including growing concerns among some lawmakers and administration officials over the FBI's readiness to detect and prevent another attack. Senior White House officials have begun to discuss whether the FBI should turn over its counterterrorism responsibilities to a new domestic security agency.

The debate over information sharing essentially is a continuation of arguments that began immediately after President Bush unveiled his homeland security proposal last spring. Some administration officials and lawmakers suggested at the time that the new department should have unfettered access to raw intelligence data, such as information gathered by eavesdropping satellites operated by the supersecret NSA.

Intelligence officials worked quickly to quash such talk, arguing that sharing raw data was unwieldy and risky. However, a number of the new department's component agencies -- such as the Secret Service, the Customs Service, the Coast Guard and the former Immigration and Naturalization Service -- will retain intelligence divisions that continue to gather classified data as they have for years. As a result, some officials said, the new agency will pose a bureaucratic threat to the FBI, the CIA, the NSA, the Defense Intelligence Agency and others.

As an example of what the future may hold, some officials point to a current case of interagency disagreement. The FBI and the Customs Service have been squabbling for months over Operation Green Quest, the mammoth Treasury-run task force that is investigating the funding of terror groups. Some FBI officials have pushed hard to gain control of the investigation, arguing that officials at Customs and its parent agency, the Treasury Department, do not have the counterterrorism expertise that the probe requires. Representatives from each side disparaged the other in private briefings with Congress, according to sources familiar with the meetings.

To end the dispute, administration officials have tentatively decided to leave responsibility for the Green Quest probe with Customs when that agency moves over to Homeland Security, while putting the FBI in charge of all other terrorism-related financial probes, sources said.

FBI Director Robert S. Mueller III, meanwhile, is pressing ahead with a broad reorganization aimed at transforming the bureau into a counterterrorism agency, telling employees in one of his regular memos last week that "we're being called upon to take on added responsibilities and to view our role in different ways."

In terms of sharing information with the Department of Homeland Security, Mueller has repeatedly emphasized the need to cooperate in internal memos and comments to his top staff, according to sources familiar with his views. The White House has also made clear to the FBI and other agencies that collegiality is required, and that they are committed to avoiding showdowns.

"There are going to be bumps in the road; I would be lying if I said there weren't," one U.S. intelligence official remarked. "But we are prepared to work out most of those bumps." ***************************************** Government Computer News Utah CIO Windley resigns By Trudy Walsh

Utah CIO Phillip Windley is the latest to leave in the end-of-the-year blizzard of state CIO resignations. He submitted his resignation yesterday to Gov. Michael O. Leavitt, effective Dec. 31.

In the past two weeks, CIOs from New Jersey, Iowa and Georgia stepped down.

"With recent events, I have come to realize that I have become an impediment to implementing our vision for e-government and an efficient and effective information technology infrastructure," Windley said in his resignation letter. "The conversation has increasingly become about me instead of the important work that needs to be done to benefit the citizens of Utah."

Leavitt appointed Windley CIO in March 2001. Windley had been vice president of product development and operations at the now-defunct Excite@Home of Redwood City, Calif.

As CIO and director of Utah's IT Services, Windley had come under fire in a September report, Hiring Practices of the CIO and ITS, by the Office of the Legislative Auditor General for Utah. "We believe favoritism towards former Excite@Home employees has occurred," the report stated. "While individual cases may not raise strong concerns, taken together we believe these cases display a pattern which does yield strong concerns of favoritism."

The report detailed examples of how competitive processes were apparently manipulated to hire specific individuals formerly employed by Excite@Home. It also stated that the new hires that had come from Excite@Home had higher starting salaries than other new hires. "Taken together, we believe this data supports the allegation of favoritism," the report said.

Although Windley said he has "many mixed emotions: anger, sadness, excitement and relief," his resignation was not "forced."

In a statement yesterday about Windley's resignation, Leavitt said, "The state is losing a very talented technology leader and strategist." ****************************** New York Times December 6, 2002 High-Speed Wireless Internet Network Is Planned By JOHN MARKOFF

SAN FRANCISCO, Dec. 5 The wireless technology known as WiFi, which allows users of personal and hand-held computers to connect to the Internet at high speed without cables, got a significant stamp of approval today when AT&T, I.B.M. and Intel announced a new company to create a nationwide network.

The unruly technology, which has largely been a playground for hackers, hobbyists and high-technology start-ups, is already sprouting mushroomlike in coffee shops, bookstores, airports, hotels, homes, businesses and even a few parks.

The new company, Cometa Networks, has set ambitious goals for itself: to deploy more than 20,000 wireless access points by the end of 2004, placing an cable-less high-speed Internet connection within either a five-minute walk in urban areas or a five-minute drive in suburban communities.

Executives from the technology companies and the two investment firms, Apax Partners and 3i, that joined to create the network said they would begin offering their service through cellular and wired telephone companies, D.S.L. and cable Internet service providers and other Internet retailers some time in 2003.

The service is intended to let subscribers pop open their laptops and have a seamless high-speed wireless extension of their personal or corporate Internet services initially in the 50 largest metropolitan areas without having to give credit card numbers or enter additional information, as is generally the case now. Connections would generally be at least the speed of a typical home broadband connection.

Cometa executives said that they expected the national availability of the wireless network would combine with Intel's planned inclusion of wireless Internet capability in all its mobile microprocessors next year to spur a fundamental shift in the way Americans will use the Internet.

"This is that big," said Dr. Lawrence B. Brilliant, chief executive of Cometa Networks. "It's that exciting; it's that much of a distortion in the computing field. It's a change in the way people use technology."

Until now WiFi has been viewed by many technology analysts as an upstart from-the-bottom technology that has the potential of upsetting other capital-intensive technology deployments, like the expensive next-generation data-oriented cellular networks known as 2.5G and 3G that are being established by companies like AT&T Wireless, Cingular, Nextel, T-Mobile, Sprint and Verizon.

But Cometa executives said that because they had chosen a wholesale business strategy, in which they will not sell Internet service directly to consumers or business, it is more likely that the two technologies would complement each other. In addition, users of the wireless access points would generally be stationary while connecting to the Internet.

"WiFi has very high bandwidth and short range, while 2.5 and 3G cellular are lower bandwidth services designed to support data services on the fly," said Theodore Schell, chairman of Cometa Networks and a general partner of Apax Partners. "They will have different cost equations, and there is a place for both of these technologies."

Industry analysts have said they believe that growing WiFi use could steal valuable subscribers from cellular companies that are hoping consumers will begin using their cellphones for data services like movie times, restaurant reviews and shopping deals wherever they are traveling.

The Cometa executives said they were not certain how the new network would be used but were convinced that the nation's 100 million Internet users would begin to use their portable computers in new ways once connections are widely and easily available as they travel.

The executives and industry analysts acknowledged that creating a new nationwide wireless network was something of an act of faith given the general economic and technological gloom in the telecommunications industry. It is widely believed that the industry had overbuilt and had overinvested in the Internet boom of the last decade.

The new company would not disclose its planned prices or the equity stakes of the five partners. Wireless industry analysts, however, have said WiFi hot spots can cost as much as $4,000 apiece to install in public places. If the average cost is half that, the installation of 20,000 access points would cost $40 million.

"One of the problems is that giant companies creating wireless ventures often have not had tremendous success," said Alan Reiter, publisher of Wireless Internet and Mobile Computing, an industry newsletter based in Chevy Chase, Md. He pointed to ambitious and expensive undertakings like a cellular data initiative known as C.P.D.P. in the 1980's and early 1990's and the wireless data service known as Metricom, which went bankrupt last year with $800 million of debts.

Other analysts questioned whether Cometa Networks would be able to make headway in an already crowded WiFi marketplace that has had both early failures and a host of smaller, aggressive start-ups.

"It's obvious that what is happening right now is a wireless land grab," said Andrew Seybold, editor of Outlook 4Mobility, a publishing and consulting firm based in Los Gatos, Calif. "The question is, How many places can they lock up and how quickly?"

Cometa executives insisted, however, that they were in a different position from their predecessors. The companies have a technological advantage in that they will not have to create customer equipment, relying on Intel's equipping the nation's portable computers with wireless abilities.

They said Cometa was also in a particularly strong position with respect to its competitors because it could use AT&T's existing data network, to connect the planned 20,000 wireless access points.

Leaving the relationship with individual customers to Internet service providers "is smart from a business point of view," said Richard Miller, a wireless data industry consultant at Breo Ventures in Palo Alto, Calif. At the same time, he noted, the venture will not succeed unless big corporate customers demand the service from Internet service providers.

"The demand will have to come from the enterprise to the carriers," he said.

To gain the confidence of corporate customers the new network will have to meet stringent data security standards, and Dr. Brilliant said that Cometa planned to take advantage of industry standards like virtual private networks to add security to the WiFi standard. ********************************* Washington Post Sen. Shelby To Press Consumer Protections By Kathleen Day Thursday, December 5, 2002; Page E02

The new head of the Senate Banking Committee plans to reopen the question of how best to protect the privacy of financial information when key consumer credit legislation expires next year.

In a speech today to the nonprofit Consumer Federation of America, Sen. Richard C. Shelby (R-Ala.) plans to reiterate his long-held view that consumers deserve much more privacy protection than they were given a few years ago in a law that deregulated the financial services industry, the senator's spokeswoman, Andrea Andrews, confirmed yesterday.

The difference now, many business executives say, is that Shelby will have more power to promote his view when his party becomes the majority in the Senate when the new Congress convenes in January.

Although there are no plans to revisit the deregulation act, another piece of legislation that deals with privacy -- the Fair Credit Reporting Act, which governs how the nation's three major credit agencies collect and disseminate information about consumers -- will expire at the end of next year. That will require that lawmakers revisit the privacy issue, particularly the part of the law that preempts state laws on the subject, Shelby will say in the speech.

The speech, according to sources familiar with what Shelby plans to say, will be Shelby's most detailed public statement to date of how he envisions running the committee, which has oversight of financial-services agencies, including the Securities and Exchange Commission, the Federal Reserve Board and the Department of the Treasury.

Shelby's views on privacy have put him at odds with the business community and with many fellow Republicans who favor allowing insurers, bankers and securities brokers to share financial information, such as consumer spending patterns, among themselves and with other retail industries.

Industry officials argue that they need easy access to individual financial data to better serve consumers with the products and services they want and need. Consumer groups argue that industry demands too much information, and often uses it unfairly, while at the same time fighting against giving consumers better information, such as how much interest someone pays over the life of a credit card bill by paying only the minimum balance due each month.

Shelby also will say that he will make oversight of the SEC's implementation of the Sarbanes-Oxley Act a top priority, sources said. Congress passed the bill in July in response to the accounting scandals at Enron Corp., WorldCom Inc. and other companies. To restore investor trust in the securities markets, Congress must fully implement the law's provisions, he will say. In addition, Shelby will argue that President Bush must nominate a strong SEC chairman who is independent from the White House and other political pressures.

Andrews, Shelby's spokeswoman, said the senator was not available for comment and that copies of his speech would not be available until today. **************************** Reuters Calif. Trial Told No Proof of eBook Piracy Found Wed Dec 4, 8:38

SAN JOSE, Calif. (Reuters) - Adobe Systems Inc. (NasdaqNM:ADBE - news) has not been able to find proof that anyone made illegal copies of electronic books using software that could sidestep copyright safeguards in the company's eBook software, an Adobe engineer testified on Wednesday.

The testimony came in the first criminal trial over alleged violations of the 1998 U.S. Digital Millennium Copyright Act (news - web sites), which bars people from cracking the digital locks on software.

In his second day of testimony, Thomas Diaz, a senior Adobe engineer, said Adobe could not find evidence of any illicitly copied books had been created with the help of a program from ElcomSoft of Moscow.

The company is charged with violating the DMCA by selling its Advanced eBook Processor program. ElcomSoft says the program was designed to allow people to read electronic books in flexible ways, such as transferring them from a PC to a laptop for mobile use.

In testimony in U.S. federal court, Daryl Spano, who formerly worked on Adobe's anti-piracy team, said the software company gets hundreds of tips on alleged piracy daily and could not follow up on all of them.

However, with the ElcomSoft case "it was clear that this was of great concern to Adobe and they wanted something done about it," Spano said.

He said Adobe sent ElcomSoft a cease-and-desist letter and that the company usually asks infringers to stop their actions rather than threatening them with legal action.

"I didn't want to hold anyone actionable," he said.

The case drew international attention in July 2001 when ElcomSoft programmer Dmitry Sklyarov was arrested in Las Vegas after giving a presentation on the software at a hacker conference.

After reaching a deal with prosecutors, charges against Sklyarov were dropped and he is expected to testify in the ElcomSoft trial.

Movie and recording studios, among others, say the law is necessary to stop pirating of intellectual property, which is made easy when the material is in digital format.

Opponents claim the DMCA is being used to give copyright holders greater rights in cyberspace than they have in the real world (news - Y! TV), where people can legally copy videotapes for their personal use and record music. ******************************* Federal Computer Week Iowa governor dismisses CIO BY Dibya Sarkar Dec. 4, 2002

Iowa Gov. Tom Vilsack has fired Richard Varn, the state's chief information officer for the past four years and the leader of its Information Technology Department, along with five other agency heads.

Varn said the recently reelected governor told him that technology would not be a focus during his second term. Instead, He said Vilsack would focus on economic development, education and health care.

"He can't support the things we want to do and he wants to spend his political capital on those three things," said Varn, who said leaving was a mutual decision. He said he has been frustrated watching the drastic cuts made to his department's budget and staff during the past two budget cycles as Iowa faced a massive shortfall.

"We don't share a common vision for what technology should be used for," said Varn, one of the nation's most knowledgeable government officials on a wide range of technology issues, from identity theft to health data privacy.

Varn, who will be on the state payroll until Jan. 2, said he's unsure where he'll wind up next. A former professor at the University of Northern Iowa, he said he may go back to academia, but he probably will be headed toward the private sector.

An active member of the National Association of State Chief Information Officers, Varn lent his expertise and experience in several of the group's committees and workgroups. He also has spoken at major conferences and has made several trips to Washington, D.C., to lobby and testify before a congressional subcommittee.

Varn may continue his work on technology issues with the Council of State Governments and the Harvard Policy Group.

In Iowa, Varn said he was proud of his achievements despite dwindling resources. Among the achievements he cited were:

* Helping to create the state Information Technology Department in April 2000.

* Establishing a pooled technology fund and service model for state agencies.

* Creating an enterprise quality assurance office.

* Spearheading an enterprise resource planning initiative.

One of Varn's most recent projects was to create an Identity-Security Clearinghouse that would strengthen identification documents and reduce the issuance of fraudulent ones. He said that project might continue because it is an issue that has been around for quite some time and has only recently been receiving proper attention.

In the spring of 2001, Varn, a former state Democratic lawmaker, faced opposition from the Iowa Senate. State senators questioned the direction of the information technology department, among other things. At the time, Varn also said a local tax group lobbied against his confirmation for something he did when he was a legislator. ******************************** USA Today Biometrics to imprint job site By Stephanie Armour, USA TODAY

Forget about traditional reference checking. New technology has a growing number of companies checking out their employees' fingerprints instead and raising privacy concerns in the process.

The technology is showing up at job fairs as companies turn to fingerprint technology to verify that applicants have no criminal records. Other employers use the technology as a newfangled time clock: Workers punch in and out using fingerprint scans instead of timecards.

It's also a security tool. Instead of wearing ID cards, employees enter buildings after touching a fingerprint scan. Instead of using a password, they log onto their computers with only a touch.

Supporters say biometrics technology is on its way to becoming a staple of workplace security. Already, organizations such as hospitals, banks, government agencies, schools and child-care centers use fingerprint technology.

Fueled largely by growth in the private sector, revenue in the industry is expected to grow from $600 million in 2002 to $4 billion by 2007, according to the New York-based International Biometric Group. Fingerprint technology now accounts for nearly $470 million of the revenue, making it the largest segment in the industry.

But that growth is raising first-of-a-kind privacy questions among civil libertarians who say the practice goes too far. Critics say there are not enough legal protections to prevent employers from compiling databases that could be sold to third parties or otherwise abused.

"The technology is developing at the speed of light, but laws that protect our privacy are in the Stone Age," says Barry Steinhardt, with the American Civil Liberties Union. "Over time, the databases will be used for wholly unrelated purposes. There's no law that an employer can't sell the data."

Who's using it:

The Chicago Housing Authority is using fingerprint technology to increase computer network security. Instead of typing a password, employees have a computer mouse that takes a readout of their thumbprint to allow access. The program will eventually cover more than 1,000 employees. Officials say the system will end calls to the company helpdesk from employees who've forgotten their passwords.

"We anticipate there'll be significant cost savings," says Bryan Land, assistant chief information officer.

Union Bank of California will use fingerprint technology systems as part of a pre-employment screening process. The fingerprint scanning systems are being used at each of the bank's staffing centers, and it may put the system which is compact and mobile on the road with recruiters, who could check applicants' fingerprints at job fairs and campus recruiting events. Previously, the San Francisco-based bank has taken traditional ink fingerprints and waited two to six weeks to get results. Because of the lag time, fingerprinting was done after employment had begun. Now, electronic fingerprints will have a turnaround time of about five days, allowing checks before the applicant is on the job.

"The bank is looking at losses and fraud as a whole. This is one way to reduce our risk," says Mark Schmidt, senior vice president of human resource.

Columbus Children's Hospital in Ohio is using it. In April of this year, the hospital rolled out a comprehensive program that requires more than 1,000 doctors, nurses and pharmacists accessing patient medical records and entering medicine orders by computer to scan their fingerprint first using a keyboard pad. The cost of the system was about $200,000. "We don't want anyone unauthorized to get at medical records," says David Fisher, the medical director. "It's incredibly fast. I was concerned it would be unacceptable to people, but we haven't had anybody who won't use it."

At PlentyFun, a family entertainment center in Hilo, Hawaii, fingerprint technology is used to document when employees come to work and leave, as well as when they take breaks. The company, which offers such entertainment as arcade games and pool tables, has been using it since June. Before, the company had to review timecards by hand every pay period. But the new system links directly to payroll software, saving time.

"It's great. You can't fake someone's fingerprint," says Brian Crawford, one of several owners. "People can't clock in and out for each other. There's no faking. Out of 40 employees, only one or two were concerned about privacy."

Fingerprinting in the workplace is growing because the technology has become more affordable, and more companies are giving security a high priority since the Sept. 11 terrorist attacks, experts say. Use has especially taken off among industries such as health care, pharmaceutical, government and financial service companies.

Brent Larsen, a senior developer at Count Me In, a Mount Prospect, Ill., firm that sells fingerprinting technology, says his company is seeing a 50% jump in sales each month. "The growth in the whole biometrics area is coming because it's finally at the point where companies can afford it."

Proponents say databases that store information don't save the actual fingerprints. Rather, they warehouse a mathematical representation of unique parts of the fingerprint, which they say protects users' privacy.

While critics say fingerprinting can have valuable uses, they also warn the technology can become an invasive tool to monitor workers. Many employers are interested in monitoring: Nearly 80% of companies record and review employee communications on the job, according to a survey by the American Management Association. That figure has doubled since 1997.

To help ease privacy concerns, some employers who've rolled out fingerprint technology have spoken with employees first to make sure there are no objections. Jonathan Augustine, president of AZG Research in Bowling Green, Ohio, wanted to use fingerprinting to monitor when his workers came and went. About a year ago, he brought them together and asked them what they thought.

"I said, 'Is this going to be a problem or a right-to-privacy issue?' " says Augustine, at the market research and consulting firm. "Quite frankly, I got very few people who had anything they didn't like. And there's no faking. Everybody has to come to work with their finger." ********************************* Federal Computer Week Traveler smart card poses security concerns BY Megan Lisagor Dec. 2, 2002

While garnering support from stakeholders, the Transportation Security Administration's proposed registered traveler program could create new aviation vulnerabilities, the General Accounting Office found.

The program would allow certain credentialed and pre-screened passengers to speed through security checkpoints in airports using smart cards. The goal would be to reduce long waits and better target resources to those travelers who might pose greater risks.

"GAO concluded that a registered traveler program is one possible approach for managing some of the security vulnerabilities in our nation's aviation systems," office officials wrote in highlights of the November 2002 report. "However, decisions concerning key issues are needed before developing and implementing such a program."

GAO identified a slew of issues to resolve: eligibility criteria, level of background check required, security-screening procedures, technology options, scope, cost and financing options.

The TSA felt the study offered a good overview of the potential and the challenges of the registered traveler concept, according to GAO's highlights.

The Aviation and Transportation Security Act, which created the TSA in November 2001, allows the agency to consider the program. The TSA hopes to begin testing soon. ************************** Federal Computer Week Career Channels Federal IT job openings Dec. 3, 2002

Supervisory Computer Engineer Series/Grade: GS-854-15 Location: Huntsville, Ala. Announcement #: X-SP-03-4546-ST Closing Date: Dec. 24, 2002 Contact: Department of Army, DEU, SC-CPOC Bldg. 5304, Attn DAPE-CP-SC-B-X, Redstone Arsenal, AL 35898; Michael Davis 256-876-9451

Information Technology Specialist Series/Grade: GS-2210-12 Location: Fort Huachuca, Ariz. Announcement #: 3MN030812 Closing Date: Dec. 9, 2002 Contact: Department of Army, WCPOC, Bldg. 61801 Box 12926, Ft. Huachuca, AZ 85670-2926; Donald Matson 520-533-2556

Information Technology Specialist Series/Grade: GS-2210-12 Location: Mather, Calif. Announcement #: VA-1-03-0155 Closing Date: Dec. 10, 2002 Contact: Department of Veterans Affairs, 11301 Wilshire Blvd., Bldg. 258 Rm. 128, Los Angeles, CA 90073; 310-268-4150

Supervisory Information Technology Specialist Series/Grade: GS-2210-15 Location: Washington, D.C. Announcement #: 030033316MP Closing Date: Dec. 20, 2002 Contact: General Services Admin., HR, 1800 F St. NW Rm. 1119, Washington, DC 20405; 202-208-6461

Supervisory Statistician Series/Grade: GS-1530-15 Location: Washington, D.C. Announcement #: ACF-02-088 Closing Date: Dec. 10, 2002 Contact: Health and Human Services, ACF, Pers Op, HRS/PSC, Box 5346, Rockville, MD 20848-5346; 301-443-3201

Supervisory Information Technology Specialist Series/Grade: GS-2210-15 Location: Washington, D.C. Announcement #: 02-56 Closing Date: Dec. 13, 2002 Contact: International Trade Commission, HR, 500 E St. SW, Washington, DC 20436; 202-205-2651

Information Technology Specialist Series/Grade: GS-2210-12 Location: Orlando, Fla. Announcement #: OIDEU/02-035SLJ Closing Date: Dec. 9, 2002 Contact: Department of Treasury, Customs Svc, 1300 Pennsylvania Ave. NW Rm. 2 2A, Washington, DC 20229; S. Jackson 202-927-3703

Supervisory Information Technology Specialist Series/Grade: GS-2210-13 Location: Atlanta Announcement #: HEC-02-05 Closing Date: Dec. 13, 2002 Contact: Department of Veterans Affairs, HR/05, 300 S. Jackson St. Ste. 444, Denver, CO 80209; 303-331-7885

Supervisory Computer Assistant Series/Grade: GS-335-11 Location: New Orleans Announcement #: NFC-03-004 Closing Date: Dec. 13, 2002 Contact: Department of Agriculture, OCFO, National Finance Center, 13800 Old Gentilly Road, New Orleans, LA 70129; Tamika Adams 504-255-5059

Computer Assistant Series/Grade: GS-335-5 Location: Fort Polk, La. Announcement #: X-EL-03-4548-PO Closing Date: Dec. 10, 2002 Contact: Department of Army, DEU, SC-CPOC Bldg 5304, Attn: DAPE-CP-SC-B-X, Redstone Arsenal, AL 35898; Sondra Ogle 337-531-4020

Supervisory Statistician Series/Grade: GS-1530-14 Location: Boston Announcement #: BOS-03-08 Closing Date: Dec. 16, 2002 Contact: Department of Labor, JFK Bldg., Rm. E-215, Boston, MA 02203114; Vanessa Taylor 617-565-1990

Computer Engineer Series/Grade: GS-854-13 Location: Indianhead, Md. Announcement #: 02-444AR Closing Date: Dec. 9, 2002 Contact: Department of Defense, Civ Pers Div, Attn: 02-444AR, 701 S. Courthouse Road, Arlington, VA 22204-2199; Anne Ross 703-607-4429

Computer Scientist Series/Grade: GS-1550-13 Location: Indianhead, Md. Announcement #: 02-444AR Closing Date: Dec. 9, 2002 Contact: Department of Defense, Civ Pers Div, Attn: 02-444AR, 701 S. Courthouse Road, Arlington, VA 22204-2199; Anne Ross 703-607-4429

Computer Specialist Series/Grade: GS-2210-12/13 Location: Rockville, Md. Announcement #: FDA-32014 Closing Date: Dec. 10, 2002 Contact: Health and Human Services, FDA, 5600 Fishers Lane, 7B-03, Rockville, MD 20857; Laura Taylor 301-827-4030

Computer Scientist Series/Grade: GS-1550-12 Location: Patuxent River, Md. Announcement #: DE-PAX-02-0958-NR Closing Date: Dec. 11, 2002 Contact: Department of Navy, HRSC-NE, Code 52 2/MD, 111 S. Independence Mall East, Philadelphia, PA 19106; M. Dibiase 215-408-4441

Computer Scientist Series/Grade: GS-1550-14 Location: Fort Monmouth, N.J. Announcement #: ALU300302 Closing Date: Dec. 27, 2002 Contact: Department of Army, NE Staff Div DEU, 314 Johnson St., Aberdeen PG, MD 21005-5283; 410-306-0031 *******************************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx

Prev by Date: Clips December 3, 2002
Next by Date: ACM TechNews - Monday, December 9, 2002
Previous by thread: Clips December 3, 2002
Next by thread: ACM TechNews - Monday, December 9, 2002
Index(es):
- Date
- Thread