[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips January 24, 2003

To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, akuadc@xxxxxxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;
Subject: Clips January 24, 2003
From: Lillie Coney <lillie.coney@xxxxxxx>
Date: Fri, 24 Jan 2003 11:20:13 -0500

ARTICLES

Senate limits Pentagon 'snooping' plan
Homeland Security Dept. Faces a Funding Gap for Years
Churning Out Votes, Senate Clears Spending Package
Lawmakers to Urge FCC to Delay Phone Changes
EU Seen Letting Microsoft Off the Hook on Passport
U.S. Weighs Air Security Upgrades
Network Solutions Spills E-Mail Addresses [Privacy]
Source code was copied, lawsuit says
Net warfare is 'not just tech'
E-rulemaking ready for launch
Systems integration gauge crafted
DOD buys high-speed ATM interface
CDC system taking next step
Defense R&D chief explains focus
Homemade GPS jammers raise concerns
FBI investigating theft of data on international students by hacker
Personal Data Is Pirated From Russian Phone Files

*******************************
News.com
Senate limits Pentagon 'snooping' plan
By Declan McCullagh
Staff Writer, CNET News.com
January 23, 2003, 5:07 PM PT

WASHINGTON--The U.S. Senate on Thursday voted unanimously to slap restrictions on a controversial Pentagon data-mining program that critics say would amount to a domestic spying apparatus.
By unanimous consent, the Senate inserted a moratorium on the program into a massive spending bill, which is expected to receive a final vote late Thursday or Friday.

The vote represents an unusual triumph of privacy concerns over the Bush administration's arguments that the Pentagon's Total Information Awareness (TIA) program would be useful for national security. If fully implemented, TIA would link databases from sources such as credit card companies, medical insurers and motor vehicle agencies in hopes of snaring terrorists.

Final passage of the moratorium is not certain, however. Because the House of Representatives' version of the omnibus appropriations bill does not include any limits on TIA, a conference committee will have the final say.

"There's the potential for some minor changes," a representative for Sen. Ron Wyden, D-Ore., the amendment's author, said Thursday.

Wyden's proposal prevailed over a more modest plan championed by Sen. Chuck Grassley, R-Iowa. Grassley's proposed amendment said only that TIA must not be used for "domestic intelligence or law enforcement purposes."

On the other hand, the Wyden amendment--co-sponsored by Democrats including Dianne Feinstein of California and Patrick Leahy of Vermont--bans TIA after two months unless Congress receives a detailed report or President George W. Bush decides that a halt would "endanger the national security of the United States."

Thereafter, if the Defense Department or any other executive branch agency wishes to release TIA to be used on American citizens, it must seek "specific authorization" from Congress. Exceptions are "lawful" military activities conducted overseas, or intelligence operations that target non-Americans inside or outside the United States.

Wyden said in a statement that "as originally proposed, the Total Information Awareness program is the most far-reaching government surveillance plan in history. The Senate has now said that this program will not be allowed to grow without tough congressional oversight and accountability, and that there will be checks on the government's ability to snoop on law-abiding Americans."

Privacy worries about the Pentagon system, funded by the Defense Advanced Research Projects Agency (DARPA), came to a head this week after the FBI indicated it wanted to use TIA domestically against U.S. citizens. In a letter to Grassley, Defense Department Inspector General Joseph Schmitz said the FBI is considering "possible experimentation with TIA technology in the future."

Sen. Russ Feingold, D-Wisc., said after the vote that he would continue to pursue a standalone bill that would also place restrictions on TIA.

In a statement posted last month on the TIA Web site, the Defense Department defended the project as privacy neutral.

"The DoD recognizes American citizens' concerns about privacy invasions," the statement said. "To ensure the TIA project will not violate the privacy of American citizens, the department has safeguards in place. In addition, (we) will research and develop technologies to protect the system from internal abuses and external threats. The goal is to achieve a quantum leap in privacy technology to ensure data is protected and used only for lawful purposes."

The TIA project became public in early 2002 when Bush chose Adm. John Poindexter, who was embroiled in the Iran-Contra scandal, to run DARPA's Information Awareness Office. But criticism of the project from privacy advocates and newspaper editorial pages has spiked in the last two months, with politicians becoming increasingly interested in TIA's details after the 108th Congress convened this month.

Groups like the U.S. Association for Computing Machinery, the professional association for computer scientists, had urged Congress to place limits on TIA. In a letter to the Senate on Thursday, ACM warned: "Because of serious security, privacy, economic and personal risks associated with the development of a vast database surveillance system, we recommend a rigorous, independent review of these aspects of TIA."
*******************************
Washington Post
Homeland Security Dept. Faces a Funding Gap for Years
By John Mintz and Christopher Lee
Friday, January 24, 2003; Page A10

The Department of Homeland Security that formally opens its doors today inherits responsibility for a federal government effort that has made little progress in addressing some of the most urgent security vulnerabilities facing American society, terrorism and defense specialists said.

From equipping firefighters with protective suits to constructing big-city emergency operations centers to providing U.S. ports with adequate security fences, the street-level demands of protecting U.S. citizens and infrastructure desperately require federal attention, local officials said.

The main problem is money; a politically divided Congress has failed for 11 months to fund some of President Bush's top domestic defense priorities. Budget experts said that federal deficits, as well as the pressing financial needs of U.S. military and domestic programs, will keep money for homeland security tight for years.

"If you ask, is the government spending money to keep pace with the threats, then the answer is no," said Stephen Flynn, who heads the Council on Foreign Relations' research on homeland defense. "When it comes to moving resources, this just doesn't feel like Pearl Harbor. . . . We're in a war, for God's sake, and we're a rich country."

The debate over homeland security spending is being played out on Capitol Hill, with Democrats and a few Republicans pressing for more funds and the Bush administration holding the line on spending. But even if the advocates of greater spending prevailed, the anti-terrorism effort would still be billions of dollars short each year of the amount many security experts say is needed to harden the United States against attacks.

Sixteen months after the Sept. 11, 2001, attacks, former Pennsylvania governor Tom Ridge, who will be sworn in as secretary of the new department today, is widely lauded for drawing up a detailed plan for the massive new agency. As Bush's top homeland security adviser, Ridge also has helped lead the government's efforts to improve intelligence sharing, make air travel safer and guard against biological attack, experts said. On Wednesday, for example, he announced a new program to use air-quality monitoring sites to detect possible germ warfare attacks.

Initially, the new department -- which consolidates 22 bureaucracies and a newly revised total of 190,000 employees -- will exist in name only. After Ridge is sworn in by Vice President Cheney, only a few hundred employees will be assigned to work for the new agency. Most of the 22 component agencies will merge into the new operation March 1, with a few arriving as late as September. In time, Homeland Security will be the third-largest Cabinet department.

When Ridge opens the agency's doors, one of his least enviable tasks will be to secure the funding needed to protect a nearly endless list of potential targets.

Mitchell E. Daniels Jr., director of the White House's Office of Management and Budget, said the fiscal 2004 budget that Bush will unveil early next month will include "substantial" increases in homeland defense spending beyond the $38 billion proposed for this year.

"That's going to happen year-on-year, I'm sure, for the indefinite future," Daniels told reporters at a recent news conference. "We will spend what it takes."

At times, administration officials noted, events beyond Ridge's control conspired to block distribution of urgently needed domestic security funds. Last February, Bush proposed spending $3.5 billion to assist "first responders" -- fire, police and emergency medical personnel -- who will be the first to arrive at the site of terrorist attacks. But Congress has not appropriated the money, and local officials say their communities are dangerously unprepared.

In Yuma County, Ariz., home to two U.S. military bases, Sheriff Ralph E. Ogden said the most pressing need is a multimillion-dollar radio system that would allow federal, state and local officials to communicate in an emergency.

"We probably have 50 police or law enforcement agencies within 60 miles of where I'm sitting right now, and very few of us can talk to each other," Ogden said.

J.R. Thomas, director of emergency management for Franklin County, Ohio, which includes Columbus, said federal funds are needed to buy 1,500 respirators for police officers and radiation detectors that will allow firefighters to determine whether they are responding to a "dirty bomb" or some other radioactive emission. Local officials also need federal advice on buying such high-tech equipment, he said, recalling the county's recent purchase of a device to detect biological agents.

"It just wasn't any good," Thomas said. "We don't have the expertise to be able to tell one piece of detection equipment from another. We're relying either on salespeople or word of mouth from other jurisdictions."

In Salt Lake City, emergency manager Michael Stever said the city's biggest need is a state-of-the-art emergency communications operations center that could survive an attack. "Right now, we use regular old conference rooms where we add telephones," he said.

The first round of federal money to build emergency operations centers yielded $50,000 for Utah, Stever said. "We didn't see a dime," he said.

Only 3 percent of local health departments surveyed by the National Association of County and City Health Officials last month said they were "fully prepared" for a bioterrorism emergency.

U.S. port authorities say their operations are also woefully underfunded. Last month, the Coast Guard released a study on the security requirements of every major U.S. port, concluding that they need $1 billion in the first year and $500 million annually for the next nine years. The nation's ports have received $318 million in federal counterterrorism funds since Sept. 11, 2001.

Huge gantry cranes and warehouses at U.S. ports are typically guarded by minimally trained private security squads, and the public often can mingle with stevedores. Many ports, such as the ones in Los Angeles and Long Beach, are interspersed with yacht clubs, condo complexes, seafood restaurants, fishing harbors and the like. Last year, the port of Los Angeles applied for $53 million in federal security funds but received $1.5 million, which it had to split with Long Beach.

Experts say a major terrorist strike at the Los Angeles-Long Beach port complex could be more economically catastrophic than an attack on almost any other target in the country. But the Coast Guard inadequately patrols its waters, critics said. Most Coast Guard ships in the region are assigned to the waters off San Diego, where the Navy has a huge presence. Security experts say it is likely a much less tempting target for al Qaeda.

Security experts say the government needs to play a larger role in drawing up security standards and funding upgrades in protection at some of the nation's private industrial operations, such as trucking firms, natural gas pipelines, electrical grids, water systems and nuclear and chemical plants.

U.S. officials have warned against expecting such money anytime soon. When asked at his Senate confirmation hearing last week about the possibility of helping to finance Amtrak's security budget, Ridge replied that with the exception of aviation, "we need to look to the private sector to absorb the cost for their security."

The funding gap is sure to become an election issue. Several Democratic presidential candidates, including Sen. Joe Lieberman (Conn.), have criticized what they call the administration's penny-pinching on domestic security. They point to several instances when Bush vetoed or threatened to veto billions of dollars in extra funds that had bipartisan support in Congress. Yet, White House officials say spending more isn't necessarily spending wisely.

"The solution is not just to plus up the dollars for everything without looking at what's really needed," an administration official said of the aborted congressional budget increases. "They can't just throw billions at a problem."

But a report released this week by the Brookings Institution said that given the nation's many unaddressed domestic security needs, the homeland security budget this year should have been as much as $10 billion higher than the $38 billion Bush proposed.

"The primary focus of Washington policymakers in 2002, creation of a department of homeland security . . . will not in and of itself make Americans safer," Brookings stated. "To the contrary, the complexity of merging so many disparate agencies threatens to distract from other more urgent security efforts."
*******************************
New York Times
January 24, 2003
Churning Out Votes, Senate Clears Spending Package
By SHERYL GAY STOLBERG

WASHINGTON, Jan. 23 After more than a week of partisan wrangling, the Senate approved a $390.5 billion spending measure tonight that covers dozens of federal agencies and hundreds of programs, including medical research, early childhood education and the Border Patrol.

The 69-to-29 vote came after a hectic day in which the usually deliberative Senate resembled nothing so much as an assembly line, churning out debate and votes. With lawmakers from each party seeking to use the bill as a vehicle to carry their favorite initiatives into law, debate was sometimes as brief as two minutes. Votes were stacked back to back throughout the day and into the night.

Republicans hailed the measure's passage as an important legislative victory for their new majority leader, Bill Frist of Tennessee, who insisted that the Senate give up its traditional January recess to complete work on the measure.

With a mandate from President Bush to keep spending down, Dr. Frist persuaded his fellow Republicans to cast a series of votes against Democratic efforts to increase spending for domestic security, health care and education, votes that could prove unpopular with voters.

"We have stuck to our guns in keeping within the parameters that the president set forth for us," Senator Rick Santorum, Republican of Pennsylvania, told reporters this afternoon, in anticipation of the bill's passage. "I'd like to say congratulations to our leader for holding a tough group of folks together."

Democrats argue that the bill gives short shrift to a variety of domestic programs, like security and food safety inspection. Throughout the debate, they sought to contrast Republicans' insistence on spending limits with their support for President Bush's proposed $670 billion tax cut.

"This is really going to shortchange children and people who need health care," said Senator Byron L. Dorgan, Democrat of North Dakota and a member of the Appropriations Committee, who said he nonetheless voted for the bill. "It's disappointing, but we live to fight another day."

The bill approved tonight, more than 1,000 pages long, is actually 11 spending measures rolled into one. It finishes business left over from last year, when the Senate approved spending measures for the Pentagon only, leaving the bulk of its appropriations work for 2003 unfinished.

Tonight's vote does not mean that the task is complete. Now that the Senate has passed the bill, a final version must be negotiated with the House of Representatives. House Republicans are likely to demand the removal of provisions inserted by the Senate that drive the overall cost of the measure above the $389.5 billion Mr. Bush has requested.

In the frenetic race to complete work on the bill, the Senate agreed to a number of pet projects championed by individual senators.

Senator Robert C. Byrd, Democrat of West Virginia, successfully inserted a measure providing more than $150,000 for the office of Senate president pro tem emeritus, a ceremonial job he now holds. Senate Republicans pushed Mr. Byrd, an elder statesman of the Senate, out of his elegant suite on the first floor of the Capitol, but have agreed to build him a new office.

Senators John B. Breaux and Mary L. Landrieu, Democrats of Louisiana, inserted a provision providing $3 million to help the oyster industry in their state. Senator Barbara Boxer, Democrat of California, won language preventing federal employees from earning more than the president a reaction to the recent decision by the audit board that oversees the Securities and Exchange Commission to pay its members annual salaries of $452,000, $52,000 more than President Bush receives.

All three of those measures were accepted unanimously and by voice vote, without debate. But the Senate also defeated some more contentious proposals, among them increasing Medicaid reimbursement to doctors, blocking the Indonesian military from training in the United States and derailing construction of a hydraulic pump in Yazoo County, Miss.

The Medicaid reimbursement measure, offered by Senator Hillary Rodham Clinton, Democrat of New York, would have cost $4 billion But senators refused, 56 to 41, to allow it to go to a vote.

The Indonesian military amendment, sponsored by Senator Russell D. Feingold, Democrat of Wisconsin, also lost, 61 to 36. The Yazoo hydraulic pump amendment, sponsored by Senator John McCain, Republican of Arizona, went down 68 to 29.

"There are three kinds of senators," an irritated Mr. McCain said after the vote. "There are Republican senators, Democratic senators and appropriators, and the appropriators always vote in a bloc."
*******************************
Los Angeles Times
Lawmakers to Urge FCC to Delay Phone Changes
By James S. Granelli and Alex Pham
Times Staff Writers
January 24 2003

Believing that local phone service competition is at risk, 20 members of the House are expected to urge the Federal Communications Commission today to hold up a major regulatory review until Congress can consider the effect of pending proposals.

The 20, including several top leaders in both parties, say in a letter to be delivered to the agency today that they are increasingly concerned that FCC ideas for changing the rules could raise rates and cause "great harm to hundreds of small businesses and millions of American consumers." The Times obtained a copy of the letter Thursday.

Changes that affect rates would undermine the intent of Congress in passing the Telecommunications Act of 1996, which was designed to spur competition, says the letter signed by Reps. John Conyers Jr. (D-Mich.), Thomas M. Davis (R-Va.) and others. Californians who signed the letter were Reps. Henry A. Waxman (D-Los Angeles), Jane Harman (D-Venice), Zoe Lofgren (D-San Jose), Anna G. Eshoo (D-Atherton) and Lois Capps (D-Santa Barbara).

Changing the rules, which allow competitors of SBC Communications Inc. and the other three regional Bell companies to lease Bell equipment at deeply discounted wholesale prices, could force competitors to cut services or quit altogether, the representatives said.

"If competitors are no longer available, consumers will have no choice but to take service from the Bell companies, which will have no incentive to offer lower rates," the letter said.

The letter comes a week after the five FCC commissioners testified at a congressional hearing on their triennial review of the competition rules established under the 1996 law. It is aimed particularly at FCC Chairman Michael K. Powell, who has questioned the need for such rules.

"We spent a lot of time setting up tests to make sure that as deregulation proceeded, there would be competition," Lofgren said Thursday. "It looks from what Powell has said that he is going to some lengths to dismantle those efforts."

The letter asks for a written response by Jan. 31 to explain how the agency plans to address the representatives' concerns.
*******************************
Reuters
EU Seen Letting Microsoft Off the Hook on Passport
Thu Jan 23,12:53 PM ET
By Lisa Jucca

BRUSSELS (Reuters) - The EU's privacy watchdogs are expected to say next week that Microsoft's .NET Passport system broadly complies with EU data protection rules and only minor changes are needed, EU sources said on Thursday.

In a dramatic climbdown from harsh criticism voiced in July, EU national privacy controllers are expected to adopt a recommendation by experts from their Internet Task-Force that says previous concerns were exaggerated.

"This (Passport) is not a system the controllers see with horror," a source close to the issue told Reuters.

"The system can be operated within the EU data protection rules provided some adjustments are made."

National data controllers are charged with monitoring compliance with the EU's tough rules on personal data privacy.

Launched in 1999, .NET Passport aims to simplify e-commerce by allowing consumers to store passwords, credit-card numbers and other personal information in one location. It has already registered over 100 million users.

To register, users have to provide personal data -- email addresses, usernames, passwords and, in some cases, phone numbers. Microsoft says users supply data on a voluntary basis.

Microsoft has repeatedly said it was fully in line with EU rules and stood ready to cooperate with EU authorities.

FUTURE GUIDELINES

The source said the document had similar recommendations with regard to the on-line authentication system developed by Liberty Alliance, which represents 70 companies including Sun Microsystem and Hewlett-Packard.

These views are expressed in a draft opinion to the European Commission (news - web sites) that EU national data controllers are set to adopt at a meeting on January 28-29.

If adopted, the recommendations could be used as a guideline for companies wishing to commercialize similar on-line systems in the future.

"It's very possible the document will be adopted," a second EU source said.

In July, data controllers said they wanted to examine more closely whether .NET Passport users were fully aware that some of their data would sometimes be transferred to a party other than Microsoft, possibly located in a third country.

Under EU data privacy rules, customers' personal data can only be used by a firm or passed on to others with the prior consent of the individual.

The inquiry was triggered by complaints by privacy associations. While the Commission has authority to help member states interpret EU law, any legal action can only be launched by the individual member states.
*******************************
Washington Post
U.S. Weighs Air Security Upgrades
Bomb-Detection Fixes Could Cost $200 Million
By Sara Kehaulani Goo
Friday, January 24, 2003; Page E01

Conceding that their airport bomb-sniffing machines have failed to work as well as hoped, two companies are asking the federal government to spend millions on new technology that would correct the defects.

InVision Technologies Inc. and L-3 Communications Holdings Inc. are working furiously to develop by next year technology that would enable 1,100 explosives-detection machines to scan checked luggage for bombs with improved accuracy. The additional component would cost $100,000 to $200,000 per machine, adding up to $200 million to the $1.1 billion the government has already spent on the machines, which cost $1 million apiece.

The Transportation Security Administration, the agency in charge of airport security, said it was willing to consider new technology but has not committed to any further purchases.

Chief executives of the firms acknowledged that the performance of their minivan-size machines needed to improve. In a report to Congress in May, the TSA said the scanning devices typically produce false alarms 30 percent of the time, requiring security screeners to open suspect bags and search them by hand. Since then, the agency has worked to improve performance; it now says that in a pilot project false alarms have been reduced to 15 percent. The TSA will not, however, divulge its current figure for the entire nation.

"We are improving the operating performance" in tests with the new technology that cut the false-alarm rate in half, said Sergio Magistri, president and chief executive of InVision, which is based in Newark, Calif. "I think the customer wants better and better operational performance and especially wants to see the alarm rate going down. . . . Down the line, in the middle of next year or end of next year, the number of bags that will need to be opened will go down automatically."

The existing machines use a CAT-scan technology that identifies explosives by their densities. The new quadrupole resonance technology will provide an additional eye; it uses pulses of radio waves to detect the molecular makeup of certain explosives.

The two competitors are working separately to develop the technology. InVision is already testing a prototype at one West Coast airport and is mounting a massive lobbying campaign in Congress to sell different versions of the products to the TSA. The technology can't detect all kinds of explosives, so it doesn't meet the agency's standards for use alone in airports.

"There are certain classes of explosives it detects very, very well," said Lowell J. Burnett, president of Quantum Magnetics Inc., a subsidiary of InVision that is developing the quadrupole resonance technology. "What you do is combine the two detection systems and it plays to strengths of each one of them. The combined system performs better than either one of the systems alone."

InVision and L-3 said they plan to lobby Congress to buy more of their existing machines, because the upgraded machines won't be ready until next year. L-3 said it is also developing a separate X-ray technology that would serve a similar backup purpose.

Frank C. Lanza, chief executive of New York-based L-3, said the devices could save the TSA a lot of money because the agency would need fewer baggage screeners to inspect bags that falsely set off alarms.

The TSA has hired 22,000 baggage screeners over the past several months. Agency spokesman Brian Doyle declined to comment on the alarm rates but said far more bags are now scanned for explosives than before the September 2001 terrorist attacks. "We want the machines to work as best as they possibly can," Doyle said.

Security experts, lawmakers and officials have criticized the government's use of the enormous machines that were installed in airports last year, saying they are too expensive and that the false alarms contribute to inefficiency.

Kenneth M. Mead, the Transportation Department's inspector general, said yesterday that the machines are one of his highest concerns about airport security. "DOT knew they needed to do something about the alarm rates," he said, and he encouraged the TSA to invest more money in research and development of other technologies. "It's still an issue."

InVision and L-3 have seen their sales and profits multiply since Congress mandated new requirements for airport security after the terrorist attacks. The two firms are the only ones certified to sell bomb-scanning machines for use in U.S. airports.
*******************************
Washington Post
Network Solutions Spills E-Mail Addresses
Company to Apologize; Customers Fear Spam
By David McGuire
Friday, January 24, 2003; Page E05

Herndon-based Internet domain registrar Network Solutions Inc. said it will apologize to tens of thousands of customers whose e-mail addresses the company inadvertently released yesterday.

"A few thousand" Network Solutions customers received e-mail messages that contained more than 85,000 e-mail addresses of other Network Solutions customers, said spokesman Patrick Burns of VeriSign Inc., the parent company of Network Solutions.

"We made a mistake, and we'll apologize to our customers," Burns said.

Some customers whose names were included in the mailing said they feared a deluge of unsolicited commercial e-mail as a result of the gaffe.

"An apology is one thing, but that doesn't stop the spam from coming. I expect to be inundated with spam because of it," said Steve Smith, who works for a defense contractor in the Washington area and who found his name on the list.

The list was sent to Network Solutions customers who purchased ".org" addresses through the company; it included customers whose addresses begin with the letters R through Z. Network Solutions had intended to send the recipients a message about how a recent transition in .org management would affect their accounts.

Internet addresses that end in .org are usually assigned to nonprofit organizations, unlike the more popular ".com" addresses, which go to profit-seeking businesses.

Not all the people whose addresses were included in the e-mail received the message, which was prepared by Network Solutions staffers, Burns said.

Stephen Keating, executive director of the Denver-based Privacy Foundation, was on the list but did not receive the message.

"These are akin to environmental spills on the Internet," Keating said, adding that it was not the first time e-mail addresses have been accidentally released. "It's a spammer's delight to get that list."

But Keating downplayed the impact of the e-mail, saying the addresses are public to begin with.

Keating said he receives about 120 spam messages a day at his e-mail address, which he includes in the contact information for the domain names he manages.

All domain-name contact information is available through the "Whois" databases maintained by the Internet's various address sellers. Internet users can enter a domain name at one of the Web sites that feature the databases and find the contact information for the owner of the address.

Most Whois databases require people to look up names one at a time, but spammers still regularly search them for targets, said John Mozena, co-founder of the Coalition Against Unsolicited Commercial Email.

SpamCop founder Julian Haight said spammers probably will snatch up the list that Network Solutions sent since it's a record of thousands of potential advertising targets.

But Haight said domain-name owners sign on for spam the moment they give their contact information.

"Any e-mail address you give to Network Solutions is going to get spam, and that part of things really isn't their fault," he said.
*******************************
San Francisco Gate
Source code was copied, lawsuit says
Cisco sues Chinese competitor

Lashing out at a major new competitor, Cisco Systems filed suit late Wednesday against Huawei Technologies of China, claiming the firm copied Cisco technology.

The suit brings to a head a simmering competition between the two companies,

both of which make Internet gear. Huawei's low prices have been seen as a threat to Cisco, while its Chinese home base gave it prominence in an Asian networking market coveted by the San Jose firm.

The lawsuit demonstrates how seriously Cisco takes Huawei's challenge, said Chris Crespi, a managing director at Banc of America Securities.

In the past, Huawei had a reputation for producing cheaper, less- powerful equipment than its American rival. By claiming that Huawei has copied portions of Cisco's software and routing codes, the suit suggests that Huawei's products may be of higher quality than many thought, Crespi said.

"This is a wake-up call that the technology's pretty good over there," said Crespi, who does not own stock in either company. "It's a seminal event. . . . This is going to be watched very closely."

Crespi said Banc of America either has done business with both firms or was trying to do so.

Cisco filed the suit in Texas, home of Huawei's American subsidiaries, Huawei America and FutureWei Technologies. Both subsidiaries are also named in the suit.

Cisco accuses Huawei of copying portions of Cisco's Internet operating system source code, as well as the company's technical documentation. In addition, Cisco claims that Huawei has infringed on five Cisco patents dealing with routing protocols, which help move packets of information through a network.

"Cisco's technological leadership is the result of significant investment in research and development, and it is Cisco's responsibility to protect its intellectual property," said Mark Chandler, Cisco vice president and general counsel, in a prepared release. "Cisco does not take any legal action lightly. However, Huawei has unlawfully copied Cisco's intellectual property and refused Cisco's numerous attempts to resolve these issues."

Representatives of Huawei and FutureWei could not be reached for comment Thursday.

Huawei is one of several companies trying to break Cisco's dominance of the networking world by offering lower-priced products. In response, Cisco Chief Executive Officer John Chambers has been touting not just his company's hardware, but its software, stability and the technical support it can offer customers.

"If someone can match that at a lower price, they'll be a threat. But so far, no one's been able to do that," said said analyst Chris Sessing at Crowell, Weedon & Co. He does not own Cisco or Huawei shares, and his company does not do investment banking.

"The software, the traffic engineering, the bells and whistles really set one company apart from the others," he said.

Pursuing Huawei in court may pose its own problems for Cisco. There is a chance that attacking such a large Chinese company -- with $3.1 billion in sales for 2001 -- may irritate others in China's business community and government, Crespi said. And that market is important for Cisco's future growth.

"That is a huge risk," he said. "Does this upset the folks in China?"

E-mail David R. Baker at dbaker@xxxxxxxxxxxxxxxx
*******************************
Federal Computer Week
Net warfare is 'not just tech'
BY Dan Caterinicchia
Jan. 23, 2003

If you think network-centric warfare is just about technology, one member of the Joint Staff has a message for you: "You are wrong."

Network-centric warfare seeks to make data available as quickly as possible to those who need it across the organization or on the battlefield, and "it's not just technology," said Army Lt. Gen. Joseph Kellogg Jr., director of command, control, communications and computer systems for the Joint Staff.

Speaking today at a network centric warfare conference in Arlington, Va., Kellogg said network-centric warfare is composed of three equal parts: technology, organization and culture. "Unless there is harmony in all three, you won't have success," he said.

The Defense Department must be organized for speed in a network-centric environment, and that requires a single commander, or champion, of the cause, Kellogg said. Joint Forces Command, which leads the development of joint service concepts and experimentation, is the place where that is happening and its commander, Navy Adm. Edmund Giambastiani Jr., is pushing the issue, Kellogg said.

On the cultural side, DOD needs to take risks but must make sure failures occur only in a test environment and not on the battlefield, where lives could be lost, he said.

Technology is the enabler in the equation, but it must be easy to use and interoperable, or commanders cannot and will not rely on it, Kellogg said, adding a message for industry on that point: "If the stuff is not interoperable, it ain't gonna be bought. It's that simple."

The ongoing war on terrorism and possible war in Iraq have illustrated some great military successes in the realm of network-centric warfare but also brought many shortcomings to light.

For example, Kellogg said that U.S. military commanders in Afghanistan and Kuwait are using collaboration tools to communicate with their troops and do battle planning, which is good. The problem is that the collaboration tools being used in the different countries are not interoperable, and that means the true vision of network-centric warfare is not being realized, he said.

To help bring the three necessary components together, DOD is using its ongoing joint task force structure as a launching point. The goal is for Giambaistiani to establish standing Joint Forces headquarters in the field for regional combatant commanders by 2005, Kellogg said. The first test organziations with network-centric warfare capabilities will start in 2004.

Standardizing the headquarters, training and technologies that work together will benefit DOD's combat units, and that all relates to joint command and control, for which Joint Forces Command recently received greater oversight, Kellogg said.

"With network-centric warfare, we're starting small with the joint task forces, keep it simple, and we'll go from there," Kellogg said.
*******************************
Federal Computer Week
E-rulemaking ready for launch
BY Megan Lisagor
Jan. 22, 2003

The Environmental Protection Agency plans to launch a Web site Jan. 23 that will make it easier for the public to comment on proposed rules and regulations.

The EPA took charge of the Online Rulemaking Management project one of 24 cross-agency e-government initiatives highlighted by the Bush administration from the Transportation Department last year. The agency is enhancing its own e-rulemaking system, which uses a solution from Documentum Inc.

E-rulemaking will enable citizens to search for agency rules from any PC and post remarks online. It also will lay the groundwork for standardizing the process governmentwide.

Nearly 100 agencies publish rules and regulations in the Federal Register, but only about 12 have electronic dockets, an EPA official said.

E-rulemaking will migrate those current systems and add other agencies. It will be accessible from the federal Web portal FirstGov.
*******************************
Federal Computer Week
Systems integration gauge crafted
BY Dibya Sarkar
Jan. 23, 2003

With the Justice Department's help, an applied research center in New York state is developing a capability assessment tool so that justice organizations can gauge how far along they are in their information integration projects.

A kit is still about six months away from being tested in a pilot project, said Anthony Cresswell, deputy director with the University at Albany's Center for Technology in Government (CTG), which last year received $503,000 in federal funding.

"It's a big activity right now and there's a lot going on," he said, referring to integration projects. "Our view is that there's an enormous amount of stuff to be done and there's a lot of areas that haven't progressed very far."

A first draft of the assessment tool was presented in November 2002 to a workshop of justice professionals, he said. And after it is field-tested, the tool would likely be reviewed in another workshop before it's ready by the end of this year.

Whether it will be a paper-based or electronic tool hasn't been determined yet, but it would be used to judge a project's readiness or capability, Cresswell said. It could contain instructions, guidelines, procedures and background readings, among other things, to gather and interpret data. It would be somewhat based on accreditation procedures performed on higher education institutions, prisons and police departments, he added.

"Those judgments would be a way of saying what's the state of information integration in any community and where should the investments be made to improve integration," he said.

Cresswell said that a self-assessment approach would work best because it would help those involved in the integration project find its strengths and weaknesses. They would be able to determine whether their plan is feasible in light of the completed assessment, provide information to mobilize resources or make a business case to lawmakers for more resources.

CTG's efforts are related to similar efforts being undertaken by the National Governors Association, which is supporting state-level strategic planning activities in this area, said Cresswell. The National Association of State Chief Information Officers, he added, is developing a related performance measure component.

The research group began working with the U.S. Justice Department four years ago when it developed a guide to help the justice community law enforcement, courts, corrections, parole and probation build a business case for information integration projects to garner support from policymakers.

In addition to the current project, the research group also recently received a $1.2 million National Science Foundation grant to study information integration in government, specifically in the environmental protection area that will be complementary to the current Justice Department project, Cresswell said.
*******************************
Federal Computer Week
DOD buys high-speed ATM interface
BY Dan Caterinicchia
Jan. 21, 2003

The Defense Department recently became the first customer for Marconi Corp.'s new 10 gigabits/sec Asynchronous Transfer Mode (ATM) port card, a high-speed interface for the company's multiservice switch router.

The new ATM interface enables DOD network operators to move information securely at high speeds, using advanced encryption technologies.

The tool also provides operators with options for managing growth in legacy frame relay and ATM services, as well as for high-bandwidth applications, including high-definition video, distributed computing and network storage, according to a spokesman for the London-based company.

The U.S. Naval Research Lab validated the 10 gigabits/sec ATM interface last year and DOD's purchase was finalized last month, a Marconi spokesman said. He added that DOD would not allow the deal's terms to be disclosed, but he said that the interfaces should be installed by the end of this month.

The 10 gigabits/sec ATM interface combined with Marconi's BXR-48000 broadband switch router enable operators to offer new services that manage huge volumes of data traffic, such as virtual private networks, video on demand, real-time financial transactions and recordkeeping, and networked security applications, said Joe Pajer, executive vice president of Marconi's broadband routing and switching group.
*******************************
Federal Computer Week
CDC system taking next step
BY Sara Michael
Jan. 22, 2003

The Centers for Disease Control and Prevention (CDC) has awarded Computer Sciences Corp. (CSC) a $25 million contract to continue the development and support of the National Electronic Disease Surveillance System (NEDSS).

The contract is a continuation of the work CSC started under a $16 million contract awarded in October 2000.

The contract, announced Jan. 21, was awarded through the General Services Administration's Applications 'N' Support for Widely Diverse End-User Requirements (Answer) contract, and includes one base year and one option year.

CSC will continue to support the full software development for the NEDSS base system and support CDC's plans to deploy the system to 20 state and community sites. CSC will enhance and add requirements for the system, including building on program area modules, which provide a means of gathering information on diseases.

"It's just sort of the next step," CSC program manager Dave Levitt said of the contract.

NEDSS is part of a public health information network that will link and integrate public health activities at all government levels while meeting confidentiality and security requirements.

About 70 CSC software and development specialists, mostly based in Atlanta, will provide support for the CDC. Louisville, Ky.-based Emergint Inc., a small business developing clinical information systems for medical and public health research, will assist CSC.
*******************************
Federal Computer Week
Defense R&D chief explains focus
BY Dan Caterinicchia
Jan. 22, 2003

The Defense Department's ongoing transformation has caused its research and development community to refocus its efforts on taking an integrated approach to technology and moving those tools quickly to warfighters, according to DOD's director of research and engineering.

Technology adviser Ronald Sega said many R&D initiatives have changed since Sept. 11, 2001 -- a day that Sega was in the Pentagon when the hijacked airplane struck it. Sega is the chief technical adviser to both the Defense Secretary and the undersecretary of Defense for acquisition, logistics and technology, for scientific and technical matters, basic and applied research, and advanced technology development.

Speaking today at a media briefing hosted by Defense Week magazine, Sega said DOD established a task force eight days after the terrorist attacks to help get needed technologies -- including weapons systems, explosive-detection tools and enhanced communications programs -- deployed faster.

The Combating Terrorism Technology Task Force (CTTTF) was formed Sept. 19, 2001, and includes representatives from all the military services, the Joint Staff, other DOD and federal agencies, industry, and academia.

The task force's objective is to rapidly identify, prioritize, integrate and deliver DOD technologies to help fight the war on terrorism. The CTTTF successfully accelerated three technologies -- out of about 200 possibilities -- into production within three months of the group's creation, Sega said.

Now, the CTTTF is targeting communications-related areas, including interoperable systems among the different levels of government and more effective communications with the United States' coalition partners, Sega said.

"We're pushing industry and academia to see if the technologies are ready for the field," he said, adding that the "push and pull" among the government and its partners is the best way to get new, useful tools in warfighters' hands. Industry has proven to be better for meeting DOD's near-term needs, but government and academia are better at long-term planning and engineering, he added.

When asked how the quick turnaround time the CTTTF demands is affecting DOD's acquisition processes, Sega said tools that are required in small numbers are not a problem, but the large requests are a "challenge." He added that DOD's Advanced Concept Technology Demonstration programs are helping bridge the funding gap so that technologies can be quickly produced and fielded.

Sega said that pocket "phrase-a-lators" are an example of a DOD program that was successfully accelerated to help fight the global war on terrorism. The devices can translate basic phrases in foreign languages and are being used in Afghanistan and elsewhere in the world

Sega, who also oversees the Defense Advanced Research Projects Agency, the Army Research Office, the Air Force Office of Scientific Research, and the Office of Naval Research, said that DOD has organized its R&D efforts under three initiatives: the National Aerospace Initiative (NAI), energy and power technologies, and surveillance and knowledge systems.

The technology framework of the NAI is broken down into three areas:

* High-speed hypersonics, which include enhanced guidance, navigation and weapons systems. Hypersonics enable air travel and weapons that are several times faster than current technology can provide.

* Space access, which is devoted to vehicles used for space travel and is being done in collaboration with NASA.

* Space technologies, including communications and intelligence, surveillance and reconnaissance systems.

The energy and power technologies initiative is focused on enabling an "electric force" in power generation, energy storage, and power management and control, at sea, on land and in the air, Sega said. The surveillance and knowledge systems work includes sensors, information assurance, knowledge management and cyberwarfare, he said.

The three initiatives "should not be viewed in stovepipes" because they are tied together and focused on creating a departmentwide impact, Sega said.

He would not discuss DOD's R&D budget requests for fiscal 2004 in detail, but did say that he has been "battling" to keep basic research programs funded as more and more dollars are focused on operational capabilities related to the war on terrorism and a possible conflict in Iraq.
*******************************
Computerworld
Homemade GPS jammers raise concerns
By Bob Brewin
JANUARY 17, 2003

Government officials and communications experts are assessing the public safety and security implications of a newly posted online article that provides directions for making cheap devices that can jam Global Positioning System (GPS) signals.
Information in the article that appears in the current issue of the online hacker magazine Phrack potentially puts at risk GPS devices used for commercial navigation and military operations, authorities said.

The Phrack article provides a detailed guide to building a low-cost, portable GPS jammer out of components that can be easily obtained from electronics supply houses. According to the article, the "onslaught of cheap GPS-based navigation (or hidden tracking devices) has made it necessary for the average citizen to take up the fine art of electronic warfare." Electronics and GPS experts who read the article this week called it technically competent and said amateurs with a certain amount of technical skill could build a GPS jammer from the plans.

Although the article said the jammer is designed to work only against civil-use GPS signals broadcast on the frequency of 1575.42 MHz and not the military frequency of 1227.6 MHz, James Hasik, an Atlanta-based consultant and author of the book The Precision Revolution: GPS and the Future of Aerial Warfare, disagreed.

Hasik said that while the Phrack jammer is targeted at civil GPS signals, known as the C/A code, it could also threaten military systems, since "almost all military GPS receivers must first acquire the C/A signal" before locking onto the military signal, known as the P(Y) code.

Hasik said that GPS receivers are especially vulnerable to jamming because of low signal strength after traveling through space from GPS satellites orbiting 12,000 miles above the earth.

The U.S. Department of Defense, which faces the possibility of having its GPS-guided weapons come up against Russian-made GPS jammers in Iraq, has antijamming technology at its disposal. Still, Defense officials viewed the Phrack article with concern.

Air Force Lt. Col. Ken. McClellan, a Pentagon spokesman, said the implications of homemade jammers described in the article are "somewhat serious" because the use of such jammers "could disrupt commercial operations."

McClellan said GPS experts at the Pentagon do not "at the moment" view homemade jammers as a hazard to flight safety for commercial aircraft or ship operations, "but rather a nuisance."

The Federal Aviation Administration is developing a nationwide GPS-based precision landing system. And the Coast Guard operates a GPS-based maritime navigation system on both coasts, the Great Lakes, inland waterways and Hawaii. Bill Mosley, a spokesman for the Department of Transportation, the parent agency of the FAA and the Coast Guard, said his department is well aware of the threat posed by GPS jammers.

The DOT's John A. Volpe Transportation Systems Center, in Cambridge, Mass., prepared a report in August 2001 that said, "Some jamming devices/techniques are available on the Internet and proliferation will continue, because a single device that could disrupt military and civil operations worldwide would be attractive to malicious governments and groups."

As a result of that study, Mosley said, Transportation Secretary Norman Mineta last March ordered an "action plan" to protect civilian GPS signals and users by, among other things, "the transfer of appropriate antijam technology from the military to civil use." Mosley was unable say whether that technology transfer has occurred.

Richard Langley, a GPS expert and professor of geodesy at the University of New Brunswick in Fredericton, New Brunswick, called the implications of home-brew GPS jammers "scary." But he expressed doubt that the Phrack jammer would be very effective against aircraft when used from the ground. However, Langley noted that if a terrorist used the jammer from on board an aircraft, it would extend the range and "hence the effectiveness of the jammer."

James Miller, program manager for GPS at United Air Lines Inc., said the loss of a GPS signal in a commercial aircraft wouldn't "cause a catastrophic event," because airliners operate with multiple navigation systems. But loss of a GPS signal by general aviation aircraft flying solely on GPS could be "quite challenging," he said.

Warren Morningstar, a spokesman for the Aircraft Owners and Pilots Association in Frederick, Md., said general aviation pilots don't use GPS as their sole navigation source and called the potential of jamming a "nuisance" rather than a safety hazard.

"You need to take it seriously anytime there is publicity about things that could disrupt the critical infrastructure," said Mike Swiek, executive director of the U.S. GPS Industry Council in Washington. But, Swiek said, "there is no need for panic. All the GPS systems are monitored for any type of interference." Swiek noted that while "any garden-variety radio engineer" has the knowledge to build a GPS jammer, there have been few reports of any attacks against GPS systems.

Gabe Neville, a spokesman for Rep. Joseph Pitts, (R-Penn.), co-chairman of the House Electronic Warfare Working Group, said news of the Phrack story about jamming indicates that GPS jamming technology is "easily available" and that the Pentagon needs to beef up its electronic warfare research and development budget. But Neville said he doubts a homemade jammer could cause as much damage or disruption as systems acquired and operated by foreign governments.
******************************
USA Today
FBI investigating theft of data on international students by hacker
January 24, 2003

LAWRENCE, Kan. (AP) University of Kansas officials said Thursday they believe the "hole" that allowed a computer hacker to download personal information about 1,450 of the school's international students has been patched.

"While no one can guarantee the absolute security of electronic data, I am confident that we have closed the temporary 'hole' in our system, which occurred while we were enhancing our computer security," said Robert Hemenway, the university's chancellor.

The students' information was collected by the school as part of new homeland security measures. The university alerted the Immigration and Naturalization Service and FBI officials, and said it was told the INS was notifying U.S. ports of entry.

"Our goal is to determine the motivation of the hacker, and whether the file was targeted for a specific reason," said Jeff Lanza, a spokesman in the FBI's Kansas City, Mo., office.

Lanza said two computer experts were working on campus to track down the hacker. "We're taking this very seriously," Lanza said.

The breach discovered about noon Wednesday raised concerns someone might use the information to enter the United States illegally. The university sent an e-mail to international students Wednesday night to notify them of the situation and inform them how to protect themselves from identity theft and fraud.

The university also posted similar information on its Web site.

"Oh my God," Cindy Yeo, a junior from Singapore, said when told of the data theft. "Here we are giving up everything because of all this terrorist stuff, and suddenly somebody has access to all of my personal information?

"They raised school fees to put in the program, and this is what we get for it?" Yeo said. "Having all our information given out?"

"What if they use that information for a terrorist attack?" said Wilson Yeung, a junior from Hong Kong. "That would be so bad. I'd be in trouble."

The files were stored on a computer in the Academic Computing Center. They were test files for the Student and Exchange Visitor Information System, which will allow universities to transmit information on international students to the INS beginning in August.

The files included such information as Social Security, passport and university identification numbers, cities and countries of origin, and programs students were taking.

Kansas had 1,677 international students enrolled in the fall, but enrollment figures for the spring semester were not yet available. University officials said that because the file was a test, it was possible a few student histories included might be those of non-international students.

Marilu Goodyear, the university's vice provost for information services, said the hacker used the university computer five times between Jan. 6 and Friday, when the files were downloaded. In the previous incidents, the hacker used the computer to distribute copyrighted movies and pornography, she said.

She described the problem as a "hole" in the computer's security system that could allow a "medium-expert hacker" to break into the computer. She attributed the problem to Microsoft Windows, not the information transfer software.

"The server was secure when it was installed," Goodyear said. "We were installing a security upgrade to the system when a hole we had fixed reverted to its original state.

"We regret this," she said. "We're very sorry the hacker chose us. We're sorry this is an element of their life they have to deal with."

Yeung said he discovered this week that someone made about $700 in online purchases from his debit card beginning Jan. 18, the day after the hacker downloaded the file.

Goodyear said card numbers weren't available in the database, so it's unclear whether the incidents were related.
*******************************
New York Times
January 23, 2003
Personal Data Is Pirated From Russian Phone Files
By SABRINA TAVERNISE

MOSCOW, Jan. 22 It is a prime nightmare of the digital age: all of your personal information credit card numbers, home address, Social Security number stolen and passed around, or perhaps even posted on the Internet for anyone to see.

Hundreds of thousands, perhaps millions, of customers of Mobile Telesystems, a Russian mobile phone company, have been discovering firsthand how that feels. The company acknowledged on Tuesday that it had suffered a huge security breach that led to pirated CD's, purportedly containing its entire database of five million customers, appearing on the streets of Moscow.

"We discovered it a few weeks ago," said Yeva Prokofiyeva, a spokeswoman for the company, which is known as MTS. "It's hard to determine where the leak came from. The measures to protect the database are very strict."

The breach may not have occurred at the company. Mobile phone operators and Internet services are required by law to hand over information about their customers to the police and to government agencies like the Federal Security Service, the successor to the K.G.B. There is widespread speculation that a low-paid employee at an agency presumably someone without an MTS phone may have sold the data.

"All operators have to give the power structures information," Ms. Prokofiyeva said. "The leak could have come from inside the company or outside. But it's very difficult to imagine that it came from inside."

A spokesman for the Federal Security Service said the agency knew nothing of the matter. A police spokeswoman declined to comment.

The incident was a reminder of one risk of doing business in Russia, where data piracy is rampant and just about any information can be bought, often quite cheaply. Another large mobile phone operator, Vimpelcom, had a similar problem in 1998; then, too, state security services were suspected, though nothing was proved.

In a national survey last fall, large numbers of Russians complained that personal information about them had been trafficked illegally. Often it turns up in the hands of hawkers at the Mitinsky market in Moscow, where a vast array of recorded music, movies, computer software and other goods of dubious provenance can be bought for pennies.

It was not clear today how much information about MTS customers had gotten loose. Ms. Prokofiyeva could not say whether the pirated CD's actually held the company's whole roster, or whether credit card data was included. MTS has begun offering new personal identification numbers, to customers to head off abuse of their mobile phone numbers. As for the other data and how it came to be leaked, Ms. Prokofiyeva said, "so far, we're investigating."
*******************************

Prev by Date: ACM TechNews - Wednesday, January 22, 2003
Next by Date: ACM TechNews; Friday, January 24, 2003
Previous by thread: ACM TechNews - Wednesday, January 22, 2003
Next by thread: ACM TechNews; Friday, January 24, 2003
Index(es):
- Date
- Thread