[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips January 22, 2003



Clips January 22, 2003

ARTICLES

Net Providers Must Aid in Piracy Fight
RIAA's Rosen Sets Sights on ISPs
Senate Unanimously OKs Amber Alert Bill
More Civilians Accompanying U.S. Military
Bush seeks nearly $60 billion in new IT spending
Names of senators appear linked to supremacist group Web site
Hospital Heeds Doctors, Suspends Use of Software
U. of Colorado at Boulder Adopts Encrypting Links for E-Mail Software
Bill would set infosec standards
NCS homeland pilots progress
Balutis exits councils
FBI, Defense in talks about controversial surveillance technology
Government data mining raises privacy concerns
Anti-Piracy vs. Privacy
Identity-theft complaints double

*******************************
Associated Press
Net Providers Must Aid in Piracy Fight
January 22, 2003
By TED BRIDIS, Associated Press Writer

WASHINGTON - A federal judge's decision significantly raises the risks for computer users who illegally trade music or movies on the Internet, making it much simpler for the entertainment industry to tie a digital pirate's online activities to his real-world identity.


U.S. District Judge John D. Bates ruled Tuesday that Verizon Communications Inc. must identify an Internet subscriber suspected of illegally offering more than 600 songs from top artists. He said Verizon argued a "strained reading" of U.S. law and that its courtroom argument "makes little sense from a policy standpoint."



The Recording Industry Association of America (news - web sites), the trade group for the largest music labels, had sought the user's identity with a subpoena approved under the 1998 Digital Millennium Copyright Act (news - web sites). The law doesn't require a judge's permission for such subpoenas, a central complaint in the dispute.



The ruling means consumers using dozens of popular Internet file-sharing programs can more easily be identified and tracked by copyright owners. Even for consumers hiding behind hard-to-decipher aliases, that could result in warning letters, civil lawsuits or even criminal prosecution.



Verizon promised to appeal and said it would not immediately disclose its customer's identity. The ruling had "troubling ramifications" for future growth of the Internet, said Verizon's associate general counsel, Sarah B. Deutsch.



"The case clearly allows anyone who claims to be a copyright holder to make an allegation of copyright infringement to gain complete access to private subscriber information without protections afforded by the courts," she said.



Deutsch said Verizon planned no immediate changes to disrupt sharing of computer files among its customers.



Cary Sherman, president of the recording association, said piracy is a "serious issue for musicians, songwriters and other copyright owners, and the record companies have made great strides in addressing this problem by educating consumers and providing them with legitimate alternatives."



The judge acknowledged the case was an important test of new subpoena powers Congress granted copyright holders. He said the 1998 law permits music companies to force Internet providers to turn over the name of a suspected pirate upon subpoena from any U.S. District Court clerk's office, without a judge's order.



Critics of the procedure said judges ought to be more directly involved, given the potential privacy issues involved when a corporation is asked to reveal personal information about customers over an allegation of wrongdoing.


"This puts a huge burden on Internet service providers," said Harris Miller, head of the Washington-based Information Technology Association of America, a trade group. "It turns them into judge, jury and executioner just because someone makes an allegation about a problem."


The entertainment industry traditionally has fought illegal trading by suing companies that operated file-sharing networks. But technology has made it possible to decentralize these networks, allowing users to trade from computer to computer without a service like Napster (news - web sites)'s.



In response, the industry has increasingly worked to trace users individually, either threatening them into shutting down their collections or persuading Internet providers to pull the plug. It also has resorted to seeding networks with fake files and clogging network connections to frustrate people looking for free music.



The Computer and Communications Industry Association predicted the music industry "will be cranking up its presses pretty quickly" to send legal warnings to Internet users sharing songs and movies.



"This has the potential to really mushroom out of control, to be very burdensome," said Will Rodger, a spokesman for the computer group, whose membership includes one firm, Streamcast Networks Inc., that distributes file-sharing software.



Napster, the Web site that led the way for computer users to swap recordings for free, has been down since July 2001, when a judge found that its operations violated copyright law and ordered it to remove copyright recordings.
*******************************
Wired News
RIAA's Rosen Sets Sights on ISPs
02:00 AM Jan. 22, 2003 PT


The Recording Industry Association of America wants to go after the companies that provide you with your Internet access.

Here are some of the printable reactions since RIAA chief Hilary Rosen presented the proposal last weekend, during which she said Internet service providers would soon "be held accountable" for money the music industry has lost due to file-swapping services:

It's stupid. Unethical. Illegal. Insane.

"Blaming ISPs for giving these hardened criminals the bandwidth for perpetrating their heinous file-sharing acts is akin to blaming the highway department for creating roads that are used by dope smugglers," said security consultant Robert Ferrell. "It just doesn't make sense."

Sense or nonsense, Rosen said during her keynote address at the Midem music conference in France that ISPs should pay a fee to the music industry to compensate for those losses. ISPs could then pass the cost along to their song-swapping customers.

Such a fee-collection plan would be incredibly difficult to implement legally and technically, experts say. Even some music industry sources quietly dismissed the plan as unreasonable and unworkable.

But the RIAA scored a big win against an ISP on Tuesday, when a federal judge ruled that Verizon Communications must turn over the name of a Verizon Internet subscriber who allegedly downloaded 600 songs through file-trading network Kazaa in one day.

Verizon had refused to comply with the subpoena it received in August from the RIAA demanding the user's name.

Verizon plans to appeal the decision, according to Sarah Deutsch, vice president and associate general counsel for Verizon.

"The court's decision has troubling ramifications for consumers, service providers and the growth of the Internet," Deutsch said. "This case will have a chilling effect on private communications, such as e-mail, surfing the Internet or the sending of files between private parties."

Rosen didn't divulge any specifics of her plan. She said that collecting fees was fair because ISPs are profiting from the high demand for broadband connections and, she claims, many customers sign up for specifically so that they can easily and quickly pirate music files.

But even the unpopular-among-geeks Digital Millennium Copyright Act states that ISPs cannot be held liable for the data that passes over their network.

Political concerns would also come into play, according to Manhattan entertainment industry lawyer Edward Hayes.

"There are a lot more voters downloading music then there are music company executives," Hayes warned. "If the RIAA was my client, I'd advise them to think this one through again."

Any realistic implementation of the ISP P2P pay-for-play proposal would involve monitoring ISP customer logs for file-sharing traffic attributable to a particular customer, according to Ferrell.

"The technical and moral issues that accompany such an action are rampant," Ferrell said. "For starters, the overhead for such specific log accounting would require a considerable increase in the fees ISPs charge their customers, in effect asking non-P2P users to subsidize those who swap files."

Ferrell also pointed out that not all files traded in P2P networks violate copyrights. So each file transfer would have to be manually evaluated for legality because the first thing any moderately sentient file-swapping network would do is change the names of the files so that violations aren't immediately obvious.

Each file would have to be downloaded and checked by each ISP in order to determine whether or not it violated any copyrights.

This level of monitoring would come close to wiretapping, Hayes said, and would probably lead to lawsuits from customers who were not keen on having their downloads analyzed.

Ferrell also raised the privacy issue, albeit in a more personal fashion.

"Well, Ms. Rosen, I'll tell you what: You forward all your e-mail unedited to a public mailing list, scan and post all your private written correspondence to the same list, give us all-read access to your hard drives and post 24-7 webcams in your boudoir and bathroom, and then I'll believe you understand the invasion of privacy your shrill insistence on flushing what's left of the Constitution down the toilet entails," Ferrell suggested.

Rosen also called for more lenient licensing rules which would allow fee-based music services to offer more music to their customers in her keynote. She also advised the music industry to focus on developing technological protections instead of relying on enforcement to squash pirating practices.

Sources at the conference said that reaction to Rosen's keynote was primarily favorable, although there is a "small growing sense" that escalating enforcement action could lead to a backlash.

"It's horrible. Anything we can do that's effective will seriously annoy our customers," said one industry official, who spoke on condition of anonymity.

"I think we might need to stop fighting fire with fire and figure out something new to do, or we will end up with lots of ex-customers who swap files just out of spite."
*******************************
Associated Press
Senate Unanimously OKs Amber Alert Bill
Tue Jan 21, 6:40 PM ET
By JESSE J. HOLLAND, Associated Press Writer


WASHINGTON - The Senate unanimously urged the House on Tuesday to support its effort to create a nationwide Amber Alert system to help find missing children after watching the bill get bogged down last year.

Amber Alerts are named after Amber Hagerman, a 9-year-old girl abducted in Arlington, Texas, and later found murdered. They are bulletins distributed quickly through radio and television broadcasts and electronic highway signs about kidnapped children and their abductors.

The legislation passed by the Senate 92-0 would spend $25 million to create a national Amber network and provide matching grants to states and communities for equipment and training.

"This bill helps fill the gaps that exist in the current patchwork of Amber systems," said Sen. Kay Bailey Hutchison (news, bio, voting record), R-Texas. "It also provides much-needed resources for states and communities to build their own systems and spread vital information to surrounding jurisdictions with a single phone call. This is vital if an abducted child is taken across state lines. The first few hours are critical to a child's safe recovery, so Congress should grant law enforcement every available tool."

The Justice Department (news - web sites), which requested an additional $2.5 million in the budget year starting Oct. 31 to help train law enforcement officers on use of the Amber Alert system, says at least 33 states already have their own versions.

They are credited with the rescues of at least 34 children since 1996, the department says.

"Amber Alerts systems are critical to successful search and recovery systems because they enable law enforcement authorities to galvanize entire communities to assist in the safe recovery of child victims," said Senate Judiciary Chairman Orrin Hatch, R-Utah.


Sen. Patrick Leahy (news, bio, voting record), D-Vt., said, "Amber Alerts work, and this bill gives a green light to expand Amber Alerts nationwide. Our nation's children, parents and grandparents deserve our help to stop the disturbing trend of child abductions."



The House and the Senate passed versions of the bill last year but were unable to agree on the specifics before leaving for the year. House members tacked several other measures onto the Senate bill last year in hopes that the popular measure would carry them through.



"I hope we can pass this bill and give the House plenty of time to consider the bill and give it to the president," Hutchison said.



A similar measure is expected to be introduced in the House next week, said a spokesman for Rep. Martin Frost (news, bio, voting record), D-Texas.
*******************************
Washington Post
More Civilians Accompanying U.S. Military
Pentagon Is Giving More Duties to Contractors


By Renae Merle
Washington Post Staff Writer
Wednesday, January 22, 2003; Page A10


The two government contractors ambushed in Kuwait yesterday are part of the growing army of civilians who accompany troops into sometimes hostile territory.


In military hot spots around the world, civilians are performing duties once reserved for military personnel -- building barracks, running kitchens, maintaining tanks and jets, and even helping to plan strategy.

"The Army couldn't go to war without them," said Deborah Avant, an associate professor of political science at George Washington University.

The two Americans attacked near Camp Doha in Kuwait are employees of Tapestry Solutions Inc., a San Diego information technology firm that is helping the military install software that coordinates operations. Michael Rene Pouliot, co-founder of the firm, was killed, and David Caraway, a senior software engineer, was wounded. Caraway is listed as being in critical condition but is expected to recover, according to the company.

During the Persian Gulf War, some units had one contractor for 50 military personnel while others had one for every 25, according to research by Peter W. Singer, a fellow at the Brookings Institution. In the Balkans, there was one contractor per 10 soldiers, Singer said. The ratio of contractors to combatants could increase even more if the United States goes to war in Iraq, he said.

The Defense Department does not keep track of the number of contractors overseas but recognizes that such assignments are part of a growing trend, said spokesman Glenn Flood. The General Accounting Office reported that 10 percent of the $13.8 billion spent on Balkans operations from 1995 through March 2000 went to private companies.

In 1991, Reston-based DynCorp had 650 personnel in the Middle East supporting the Desert Shield-Desert Storm operations, according to company officials. DynCorp is among the largest companies in the sector, along with Alexandria-based MPRI Inc., which is operated by retired senior military officers, and Kellogg Brown & Root, a subsidiary of Halliburton Co.

"In modern warfare, the front line is not well defined, so knowing when contractor personnel is at risk is harder to predict," said Loren B. Thompson, chief operating officer of the Lexington Institute, an Arlington-based think tank. "The military is now so dependent on the private sector for logistics and support, I am not sure it could function without contractors."

Private-sector companies have played a part in military operations overseas for decades, but their numbers grew in the 1990s. And as the military deploys complex weapons systems faster, contractors go overseas to provide training that there wasn't time for in the United States.

"Starting after '91, you had the combination of the military being forced to downsize and this real push to privatize anything and everything," said Singer of the Brookings Institution. "The problem is that it's been fairly random."

Along with contracting out logistical or support tasks such as feeding military personnel or mowing lawns, the military has also handed over to companies some duties that straddle the line between contractor and soldier, such as maintaining tactical systems and drone aircraft, Singer said.

There are essentially no rules for how contractors should behave in a war zone, and there is no effort within the industry to create any, according to industry analysts. The contractors don't have to follow the military codes of conduct. Contractors are usually not allowed to carry weapons but could be expected to pick up arms if they are attacked, industry officials said.

Some DynCorp employees working for the Air Force in the Balkans in 2001 were implicated in trafficking in women for sex. They were also accused of consorting with underage girls and patronizing brothels.

That same year, private contractors piloting a CIA plane on a drug interdiction flight over Peru mistakenly identified a missionary plane as belonging to drug smugglers. The misidentified plane was shot down, killing an American missionary and her infant, Avant said.

A DynCorp pilot was killed last January when the Colombian military destroyed a U.S. government helicopter to keep it from falling into the hands of leftist guerrillas. In 1992, three DynCorp employees were killed when their helicopter crashed during U.S. anti-drug operations in Peru.

In addition to worrying about the behavior and safety of contractors, the military needs to worry about their reliability, said Singer. Nothing prevents a contractor who is, for example, purifying water for soldiers, or doing other critical tasks, from abandoning his station, he noted.

"A potential fear is that the contractors will say 'This is a lot dicier than I thought' and bolt," Singer said. "They may have thought they were going to Kuwait and would be safe, but they're entering a war zone."

Some of those issues are raising concern in Congress.

"If they are American citizens or hired by us, private contractors are targets for terrorists, as are U.S. government employees," Sen. Patrick J. Leahy (D-Vt.), the ranking Democrat on the Senate Appropriations subcommittee on foreign operations, said in a written statement. "But as contractors they do not always receive the same amount of protection. The higher risks they face should be troubling to everyone, and we need to continually review whether there is more we can do to protect these people."

Officials of DynCorp and Kellogg Brown & Root declined to comment on the safety precautions taken by their employees when assisting the military overseas, saying it could put them in further danger.

"No one at MPRI carries a gun. We're dependent on who we're working for," an MPRI official said.

A spokesman for Tapestry said all employees dispatched overseas undergo a week of security training at Fort Benning in Georgia.

"Tapestry Solutions will continue its overseas operations and persevere though this horrible tragedy," Mark Young, the company's vice president, said in a statement. "The safety of our employees throughout the world will continue to be paramount, and we will not be intimidated by this act of violence."
*******************************
Government Executive
January 21, 2003
Bush seeks nearly $60 billion in new IT spending
By Shane Harris
sharris@xxxxxxxxxxx


President Bush will ask Congress for $59 billion in new information technology spending when he submits his 2004 budget next month. The request is $6 billion more than last year's proposal and reflects the government's increased investments in technology to support homeland security and the war on terrorism, an administration official said this week.


The fiscal 2004 budget also focuses on computer security, automation and development of enterprise architectures. The bulk of IT spending$37 billionwould be devoted to projects directly related to agency missions. The budget would also provide more than $4.7 billion in new funding for computer security.



Mark Forman, the associate director of IT at the Office of Management and Budget, detailed the president's budget request during a speech Monday at a conference in San Diego sponsored by Oracle, one of the largest IT contractors in the federal market. Forman said some agencies are buying the same technology products rather than sharing resources. He also said few agencies had developed enterprise architectures. Forman noted these problems were endemic to agencies when he took office two years ago.



Forman noted that more than $21 billion has been budgeted for more than 750 federal IT projects on an OMB "at risk list." To get off that list, an agency must prove to OMB that its projects are not only worth funding, but that they meet administration standards in such areas as security.



Forman, the president's point man on electronic government, announced no new technology policy initiatives, and repeated his frequent call upon agencies to make more of their services available online to citizens and business. While he placed great emphasis in his speech on the potential of e-government at civilian agencies, technology analysts agree that homeland security and defense IT spending will siphon money away from those projects.



Meanwhile, Congress still hasn't passed the full fiscal 2003 budget, and technology projects across government are in a holding pattern. Upgrades to antiquated systems in many Homeland Security agencies, including the Customs Service, the Immigration and Naturalization Service and the Coast Guard, are all being held to the previous year's spending levels, which means little to no new work can begin. That's problematic for the new department's managers as they try to organize nearly two dozen agencies, as well as their IT systems, to coordinate the global war on terrorism.



Also, the government hasn't delivered $3.5 billion in grants to state and local governments to equip emergency responders with new technological equipment and training. Several governors and a range of city officials have complained that Washington expects them to pay for homeland security at a time when many of their budgets are running enormous deficits.
*******************************
USA Today
Names of senators appear linked to supremacist group Web site
January 22, 2003


COLUMBUS, Ohio (AP) The names of at least eight state senators are linked on the Internet with a white supremacist group, apparently without their knowledge or permission.

The Web site of the National Association of White People pops up when Internet users go to a Web site under one of the senators' names, giving the impression that the senators support the group.

The Web site recruits members and sells flags, jewelry, bumper stickers and clothing such as Caucasian jeans.

Internet records show that the Seattle-based Council on Political Accountability bought the rights to Web domains under the senators' names.

The eight domains reportedly are for sale on the eBay auction site, prompting several senators to say that amounts to extortion.
*******************************
Los Angeles Times
Hospital Heeds Doctors, Suspends Use of Software
Cedars-Sinai physicians entered prescriptions and other orders in it, but called it unsafe.
By Charles Ornstein
Times Staff Writer


January 22 2003

Cedars-Sinai Medical Center, the largest private hospital in the West, is suspending use of a multimillion-dollar computerized system for doctors' orders after hundreds of physicians complained that it was endangering patient safety and required too much work.

Ironically, the computer software was designed to do the opposite: Reduce medical errors, allow doctors to track orders electronically, and warn them about dangerous drug interactions and redundant laboratory work.

But, from the start of its rollout in October, the Patient Care Expert program, dubbed PCX, has been plagued with problems, many doctors said.

"The PCX system is presenting too many safety issues in the care of our patients," said cardiologist Dr. Mark Urman. "The only logical, prudent and safe thing to do is to put it on hold until it can be made better."

The uproar is a case study in what can happen as hospitals belatedly modernize record-keeping on a large scale. Years behind other industries, many hospitals are on the cusp of converting from paper to electronic ordering systems to increase efficiency and accuracy.

Interest in computerized physician-order entry software accelerated in 1999 after the influential Institute of Medicine concluded that up to 98,000 patients die annually in hospitals from avoidable medical errors. Large employers, working through a coalition called the Leapfrog Group, began pressuring hospitals to install electronic ordering systems.

A 2000 California law requires hospitals to implement formal plans, including new technologies, to eliminate or substantially reduce medication-related errors by Jan. 1, 2005.

Hospitals and experts are watching Cedars-Sinai because it has developed a customized system they may want to emulate or purchase. Most hospitals buy a commercially available product, but Cedars-Sinai decided to create its own, following the example of other major hospitals such as Brigham and Women's Hospital in Boston and Latter-Day Saints Hospital in Salt Lake City.

Several doctors said they had been told that Cedars-Sinai spent $34 million on the electronic order system, but hospital officials said that estimate was too high. They declined to provide a precise figure.

This week, Cedars-Sinai suspended the ordering system after more than 400 physicians confronted hospital administrators at a tense staff meeting Friday. The doctors voted nearly unanimously to urge the hospital to halt the system until the problems are fixed.

More than a dozen Cedars-Sinai physicians interviewed by The Times said they experienced problems ordering medication, tests and supplies using the PCX software. One patient with heart failure did not receive the pills his physician ordered until he mentioned it to a nurse. Another patient did not receive a walker until three days after it was ordered. A baby was given local anesthetic for a circumcision one day early.

Similar stories of delays and inconvenience abound, although none involved deaths or permanent injuries, doctors said.

Officials at Cedars-Sinai said they do not believe the computer order system, which covers patients in the hospital but not outpatients, posed a threat to safety. Rather, hospital leaders said, PCX was not easy enough to use and it took too long to enter orders.

"We thought it would be best for the ultimate success of the project to take a hiatus," said Cedars-Sinai President and Chief Executive Thomas M. Priselac.

The suspension of the order-entry software does not affect other computer systems at the hospital, including electronic laboratory reports, admission and discharge summaries, consultations, and medical records for patients in intensive care.

Chief of Staff Dr. Michael Shabot said the hospital does not have a timeline for when the PCX system will go back online.

The concept behind PCX and similar programs is simple: Instead of writing orders for medications, lab tests, therapy and dietary restrictions on paper, physicians put them into a computer system.

The software compares the orders to standard dosing recommendations, checks for allergies and drug interactions, and alerts physicians to alternatives or potential problems. It has been shown to reduce medication errors by 60% to 80%, and to cut the number of lost orders.

But Dr. Stephen Uman, an infectious disease expert, said that although it used to take him five seconds to write an order for the powerful antibiotic Vancomycin, it now takes him up two minutes to log on to PCX, select his patient's record, search through several screens and warnings about Vancomycin, and then justify his decision to protect against overuse of the drug. He then has to reenter his password to confirm the order.

Uman said he can have 15 to 20 patients in the hospital at any given time. "If I have to add five to 10 minutes to each patient, that adds hours to my day," he said. "That's time that I either can't read, I can't be with my family, or I can't be with my patients.

"We've been told that that's the cost of practicing at Cedars-Sinai," said Uman, a former hospital chief of staff who has organized doctors seeking changes to PCX.

Dr. Jack Coburn, a nephrologist at Cedars, said the system's complexity has caused doctors to delay writing orders or to enter them imprecisely.

"I know that we're doing things much less efficiently because it's so inefficient. It's so slow and so frustrating," he said.

Those who support PCX said it is a work in progress. "This is just two curves crossing," said Dr. Scott Karlan, a surgeon at Cedars-Sinai. "The curve reflecting discontent is going to drop steadily as the software developers make it more user-friendly."

The complexity of this change "is enormous," said Jane Metzger, research director for First Consulting Group, which evaluates computer physician-order systems. "It is not uncommon for there to be delays and midcourse corrections."

Dr. Donald Nortman, a nephrologist, said he hopes Cedars-Sinai's corrections will address physicians' concerns.

"In science and in medicine, we don't change to new treatment systems until the new system has been shown to be as good as the old system, and better in some ways," he said. "It's the overwhelming perception of people using it that this system is worse."
*******************************
Chronicle for Higher Education
U. of Colorado at Boulder Adopts Encrypting Links for E-Mail Software
By VINCENT KIERNAN


When students returned to the University of Colorado at Boulder campus this month, some discovered that their e-mail software no longer worked properly. But that should not have come as a surprise because university officials had been reminding them for months that Boulder would make a major change in its e-mail systems to tighten security.

Over the holiday break, the university changed its e-mail systems to require encrypted communications for transmitting messages between campus e-mail servers and client software used by individuals, such as Netscape Communicator and Outlook Express.

All users had to reconfigure their e-mail programs so that they could communicate with the servers. Most e-mail programs are not set to automatically use encrypted links, called Secure Sockets Layer.

Despite ample warning, some students and faculty and staff members did not reconfigure their software until the unencrypted links stopped working, on January 2.

Boulder is among a growing number of institutions that are switching to higher-security links for transmitting e-mail and other files across campus networks. The University of Washington recently made the same change, and Stanford University has already changed its practice.

Protecting Passwords

The problem with unencrypted links is that hackers can eavesdrop on them and extract e-mail passwords and other personal information sent by users to a college's server. Using such a password, a hacker could then gain access to a user's account. By contrast, encrypted links encode passwords and thus protect them from becoming known.

On January 2, Boulder also started requiring the use of encrypted links for two other popular online functions: FTP, which is used to transfer files from one computer to another; and telnet, which is used to gain remote access to one computer from another. As in the case of e-mail software, many popular programs used for FTP and telnet transmit unencrypted passwords, leaving them vulnerable to hackers.

Many of those programs also are unable to use encrypted links, so people on the Boulder campus who wanted to transfer files or to operate a computer remotely had to switch to other software that could, such as ssh, which is available free. Software for publishing Web pages also had to be reconfigured.

Reconfiguring most e-mail software is easy, requiring little more than checking the proper box on a program's configuration screen, said Daniel R. Jones, the Boulder campus's information-technology-security coordinator. "In most cases, it's a five-minute change," he said.

The hard part was getting people to make the change at all, he said. Boulder officials originally announced that the campus would switch to encrypted links on October 15. But as that date drew near, about 6,000 of the university's 29,000 computer users had not made the change, so officials postponed the shift to January.

Dennis M. Maloney, executive director of information-technology services at Boulder, said one key to getting people to switch to the encrypted links before the transition date was a computer program that automatically sent e-mail warnings to anyone who used an unencrypted link to an e-mail server or other system. The message reminded users about the forthcoming change and urged them to adjust or change their software.

"Once they made the change, they wouldn't receive any more e-mails," said Mr. Jones, who acknowledged that some people on the campus were upset at the nagging.

Since few users had to buy new software, Mr. Jones said, the principal cost for the changeover was in the 200 hours of staff time that was devoted to developing and executing a plan for communicating word of the change, including the technical information needed for people to reconfigure their software on their own.

He estimated that 89 percent of users were able to reconfigure the software by themselves, without any help from the information-technology staff. About 9 percent received help over the telephone, and about 2 percent required in-person help, he said.

Still, by the transition date, about 500 users were not using encrypted links, said Mr. Jones.

"Some people just weren't going to make the change until they had to," said Robert B. Schnabel, the university's chief information officer. "We just had to accept that that was the psychology."

"It's a pretty drastic thing to tell people that all of a sudden your e-mail isn't going to work," Mr. Schnabel said. Nevertheless, switching to encrypted links repaired a crucial security weakness, he said. "One person's insecurity is a risk to the whole organization."
*******************************
Federal Computer Week
Bill would set infosec standards
BY Diane Frank
Jan. 21, 2003


Sen. John Edwards (D-N.C.) introduced a bill Jan. 16 that is designed to better position the federal government to serve as a model in information security.

The Cyber Security Leadership Act (S. 187) would direct the National Institute of Standards and Technology to establish higher standards for federal information security. NIST would develop the standards after agencies performed comprehensive analyses of their networks and systems to discover where weaknesses lie.

These assessments have been required since 2000 under the Government Information Security Reform Act, and the requirement continues under the Federal Information Security Management Act of 2002. However, Edwards expressed concern that agencies continue to receive failing grades in security from Congress and elsewhere.

"These procedures will strengthen our government's resistance to cyberattacks and will demonstrate to the business community the tremendous value in conducting comprehensive security tests and monitoring new developments," Edwards said in a statement on the Senate floor.

The bill was referred to the Senate Governmental Affairs Committee but is not yet available online.
*******************************
Federal Computer Week
NCS homeland pilots progress
BY Dan Caterinicchia
Jan. 21, 2003


The National Communications System (NCS) is in the midst of moving to the new Homeland Security Department, but that hasn't stopped the agency from continuing programs focused on the government's communications needs for national security and emergency preparedness.

Brenton Greene, NCS' deputy manager, said the continued rollout of the Wireless Priority Service (WPS), which makes it easier for national security officials and first responders equipped with special phones to make emergency calls, is the agency's top priority despite some recent funding issues.

The WPS achieved initial operating capability last month, but its $73 million budget subsequently was cut because it was funded through the Defense Department, which is no longer responsible for homeland security initiatives, Greene said. However, the Office of Management and Budget is in the process of replacing the program's full budget and the service is still on schedule, he said.

NCS is composed of 22 agencies and was formerly co-managed by the White House and the Defense Information Systems Agency. The agency assists the president, the National Security Council and federal agencies with their telecommunications functions and coordinates the government's national security and emergency preparedness communications.

The WPS program is operating on T-Mobile USA Inc.'s national network. The goal is to also include all the other wireless providers for the Global System for Mobile Communications (GSM) service by the time the system is completed at the end of this year, Greene said.

GSM is an open, nonproprietary system with international roaming capability that is used in nearly 200 countries. Other GSM carriers include AT&T Wireless, Cingular and Nextel.

The initial carrier for the WPS service is T-Mobile, which signed a contract with the NCS through DynCorp, the agency's Government Emergency Telecommunications Service (GETS) and Wireless Priority integration contractor.

A limited WPS service has been operational in the Washington and New York metropolitan areas since May 2002. The initial nationwide capability is now available in New York City and Washington D.C., as well as in metropolitan areas surrounding Atlanta; Birmingham, Ala.; Boston; Jacksonville, Fla.; Louisville, Ky.; Memphis, Tenn.; Miami; Mobile, Ala.; Nashville, Tenn.; New Orleans; Norfolk, Va.; Philadelphia, and Richmond, Va. Additional markets will be added nationwide over the next few months, as will further enhancements to the capability, Greene said.

The contract with T-Mobile was signed Jan. 17 and is worth nearly $4.8 million, which will fund the project through July 2003, said John Graves, the GETS program director who also manages WPS, adding that additional funds will be added as services expand.

The service will continue to evolve in 2004, and Greene said he then would like to add wireless providers -- such as Sprint and Verizon Communications -- that use the Code Division Multiple Access standard so that all the major U.S. carriers are participating in the WPS program.

Elsewhere in the NCS, Greene said three other pilots that were launched late last year are making progress and are included in the NCS fiscal 2004 budget request:

* The Global Early Warning Information System (GEWIS) pilot project includes government and industry partners examining the Internet's health and topology. The pilot project examines how well critical areas of the Internet are performing worldwide and then uses that data to notify government, industry or U.S. allies of impending cyberattacks or possible disturbances. The GEWIS pilot is scheduled to have a prototype in place by "late spring" and is funded at $5 million this year, with the same amount expected next year.

* The emergency notification system pilot program uses Internet-based, wireless and other telecommunications means to notify key personnel in the Washington, D.C., area during a national disaster. A limited pilot, which is in place for a "couple hundred users," includes the contact information of key employees and would attempt to reach them by the fastest method available. The first tests were completed in October 2002. The program is funded at $5 million this year, with a similar amount expected in fiscal 2004.

* The pilot to establish a backup dial tone for key federal buildings recently began a few prototyping efforts, including focusing on free-space optics, satellite communications and voice over IP. The program's $5 million budget is expected to remain the same next year.

All three pilots have shown promise, but their futures will ultimately depend on decisions that are made as the Homeland Security Department is formed, Greene said.
*******************************
Government Computer News
01/21/03
Balutis exits councils
By Patience Wait
Post Newsweek Tech Media


After months of controversy, Alan Balutis has stepped down as the executive director of both the Industry Advisory Council and the Federation of Government Information Processing Councils. His resignation was effective Jan. 20.

Balutis' departure came after concerns were raised that he also was working as a consultant for some companies that are IAC members. Balutis originally agreed to serve as executive director with the understanding that he could also provide consulting services. But other members thought this was a conflict of interest.

Balutis and the chairmen of the two councils, IAC's Bob Woods of Affiliated Computer Services Inc. and FGIPC's John Ortego of the Agriculture Department, negotiated over the course of several weeks, trying to come to an amicable resolution, Woods said.

"We'd gone through some fairly tedious processes, but I think, in the end, what came out was fair," Woods said. Woods said the two organizations are drafting a job description for the vacant position.

"One thing we learned out of this stuff is if you don't know what you're looking for, anything will do," he said. "I'm convinced the important thing at this point is to know what you're looking for."

A search committee has been formed, Woods said, and there already are a number of prospective candidates for the position: "Let's just say the number ... is in double digits," he said.

As for qualifications, "We don't want someone who will hurt us. Sometimes it helps to state it as a negative," Woods said.

Balutis declined to answer questions.
*******************************
Government Executive
January 22, 2003
FBI, Defense in talks about controversial surveillance technology
By Shane Harris
sharris@xxxxxxxxxxx

The Defense Department has been in contact with the FBI, the Justice Department and components of the Homeland Security Department about a controversial research project that critics say could violate individual privacy and civil rights.


In response to questions from Sen. Charles Grassley, R-Iowa, Defense Inspector General Joe Schmitz reported that the Defense Advanced Research Project Agency (DARPA) has consulted with other agencies regarding its Total Information Awareness (TIA) project, a theoretical effort to look at how technology could be used to scour databases and the Internet for signs of terrorist plots. Schmitz also told Grassley that the FBI is working on a memorandum of understanding with DARPA "for possible experimentation with TIA technology in the future."



Next month, Schmitz will begin an audit of the TIA project to determine whether it is using proper controls to limit access to personal information the system might collect.



Privacy advocates and civil libertarians have strongly criticized the TIA effort. The Electronic Privacy Information Center, the most vocal critic of the program, last week won a court order gaining access to DARPA records related to the TIA project and its director, John Poindexter. The national security adviser to President Reagan, Poindexter has attracted as much controversy as the project itself. He was convicted of multiple felony counts of lying to Congress after the Iran-Contra scandal. Those convictions were later overturned.



Wayne Crews, the director of technology studies at the free-market Cato Institute in Washington, another TIA critic, said that under current privacy law, the project would be largely inoperable. While DARPA officials haven't said precisely what databases or records the TIA system might search, they have said some would be in the private sector. Companies are not required to relinquish personal information to the government without a subpoena, Crews said.



The announcement by the Defense inspector general is the latest in a series of obstacles in the TIA project's path. Last week, Sen. Russell Feingold, D-Wis., introduced legislation banning the "data mining" techniques the TIA system and other investigative technologies use. The moratorium would apply to the Defense and Homeland Security Departments. Lawmakers have also called for hearings into DARPA's work and for Poindexter to resign.



In a statement, Grassley said he was worried about the contacts between DARPA and FBI officials. He said the revelation was "a direct contradiction to earlier statements made by the Justice Department?[It] only heightens my concern about the blurring of lines between domestic law enforcement and military security efforts."



Grassley sent a letter to Attorney General John Ashcroft Tuesday, asking for a full accounting of the department's and the FBI's interactions with DARPA, adding he was concerned neither organization had been forthright about those dealings.



The Defense inspector general also reported that DARPA officials had been in contact with the Foreign Terrorist Tracking Task Force, a Justice Department group that tracks, detains, prosecutes and deports aliens who are suspected of engaging in terrorist activity. Ashcroft has called that task force one of the most important contributions to the war on terrorism.
*******************************
Computerworld
Government data mining raises privacy concerns
By DAN VERTON
JANUARY 17, 2003


Lawmakers, privacy groups and national security experts are questioning the soundness of several high-tech homeland security projects, based on serious concerns about the impact the projects could have on fundamental civil liberties.
All of the projects in question stem directly from efforts to improve domestic intelligence collection and the analysis of terrorist threats within the U.S. Several that involve the use of sophisticated data mining tools raise the potential for electronic tracking of the daily activities of law-abiding citizens.


In a letter sent to U.S. Attorney General John Ashcroft last week, Sen. Patrick Leahy (D-Vt.), the ranking Democrat on the Senate Judiciary Committee, asked the Department of Justice to explain the extent to which data mining tools are being used to fight the war on terrorism at home. Specifically, Leahy expressed concern about the mining of commercial transaction data.

"These concerns include the specter of excessive government surveillance that may intrude on important privacy interests and chill the exercise of First Amendment-protected speech and associated rights," Leahy said in the letter, which was also signed by Sens. Russell Feingold (D-Wis.) and Maria Cantwell (D-Wash.). In addition, the senators argued that while data mining errors in business may result in misdirected marketing efforts, mistakes in the use of data mining to track suspected terrorists could mean "devastating consequences for mistakenly targeted Americans."

The letter from Leahy comes amid a backdrop of growing controversy around the Pentagon's so-called Total Information Awareness (TIA) program. The Defense Advanced Research Projects Agency (DARPA) started the TIA project a year ago as part of a broader effort to research ways to use IT to uncover and preempt terrorist attacks. The project uses IT to conduct human analysis and pattern recognition from data obtained through commercial transactions such as credit card purchases and telephone calls.

"TIA is intended, according to Department of Defense officials, to generate tools for monitoring the daily personal transactions by Americans and others, including tracking the use of passports, driver's licenses, credit cards, airline tickets, and rental cars," Leahy wrote. One TIA software tool, code-named Genoa, may have already been delivered by DARPA to the Justice Department, Leahy said. As a result, Leahy has asked for a status report on all TIA software projects, including Evidence Extraction and Link Discovery, a previously unknown tool called Genisys and a program called the Translingual Information Detection, Extraction and Summarization, or TIDES.

Former Virginia Gov. James S. Gilmore III, speaking this week at a conference in Washington that was sponsored by the Heritage Foundation, expressed concerns about the potential for excessive data mining. He has also raised questions about another homeland security recommendation made to the president and Congress by a panel of experts that he leads.

Gilmore, chairman of the Advisory Panel to Assess Domestic Response Capabilities for Terrorism Involving Weapons of Mass Destruction, said on Dec. 16 that the panel's call for an independent intelligence agency to collect and analyze intelligence on domestic terrorism threats could be viewed by some Americans as the formation of a "secret police."

"We don't want to create anything like that," Gilmore said. "I, for one, would rather build upon the existing structures of the [FBI], but the commission doesn't feel that way. The commission believes that you have to have a new organization with a different culture" separate from the FBI and the CIA.

"We believe that this new agency must adhere to ... all of the restrictions that have been placed upon intelligence organizations, so that we can make sure that we are focusing on enemies here in the country and not upon regular Americans," said Gilmore. "Protecting this democracy and the individual freedoms of the American people is paramount to achieving ultimate victory in this conflict. It's the whole ballgame."
*******************************
Washington Post
Anti-Piracy vs. Privacy


By Cynthia L. Webb
washingtonpost.com Staff Writer
Wednesday, January 22, 2003; 9:49 AM


Two of the Internet's major policy debates intersected yesterday when a federal judge ruled that an Internet service provider must reveal the identity of a subscriber who allegedly traded music files illegally. The ruling throws the spotlight once again on the entertainment industry's all-out war against digital piracy, and it reminded everyone that new technologies bring new threats to personal privacy.


U.S. District Judge John Bates sided with the Recording Industry Association of America, which demanded that Verizon Communications identify a subscriber accused of swapping hundreds of songs online using the music-sharing site Kazaa.

The judge cited the 1998 Digital Millennium Copyright Act (link to PDF), which protects copyrighted music and movies, as the basis for his ruling. The act states that copyright holders can demand the identities of suspected copyright pirates. "The judge said that controversial law ... permits music companies to force Internet service providers to turn over the name of a suspected pirate upon subpoena from any U.S. District Court clerk's office, without a judge's order," The Associated Press reported. CNET's News.com's take on the ruling: "This case represents the entertainment industry's latest legal assault on peer-to-peer piracy. If its invocation of the DMCA is upheld on appeal, music industry investigators would have the power to identify hundreds or thousands of music pirates at a time without going to court first."
? The Associated Press (via The Australian IT): ISPs Drafted In DMCA Piracy Fight
? CNET's News.com: RIAA wins battle to ID Kazaa user
? Judge Bates' ruling (PDF from FindLaw)


The RIAA issued this statement: "Now that the court has ordered Verizon to live up to its obligation under the law, we look forward to contacting the account holder whose identity we were seeking so we can let them know that what they are doing is illegal." Verizon had argued that RIAA's quest for a subpoena in the case did not cover material stored on Verizon's network, such as a subscriber name, but only the material transmitted on a network. The judge didn't agree. Verizon said it will appeal the ruling, which it said "opens the door for anyone who makes a mere allegation of copyright infringement to gain complete access to private subscriber information without the due process protections afforded by the courts. This case will have a chilling effect on private communications, such as e-mail, surfing the Internet or the sending of files between private parties."

The San Francisco-based Electronic Frontier Foundation had sided with Verizon and scoffed at the ruling. "The constitutional protection of Internet users is being compromised on the say-so of record labels, without any court review whatsoever," Fred von Lohmann, a copyright attorney for the group told The San Jose Mercury News "There's no need for them to go into court and have to make a showing that their case is legitimate. And that's entirely at odds with the way we treat other forms of unlawful speech."
? The San Jose Mercury News: Verizon Ordered To Name Piracy Suspect


The Washington Post said the ruling gave "the recording industry a powerful new weapon in its efforts to crack down on what it considers digital piracy." The recording industry already helped put Napster on the chopping block and it is eyeing peer-to-peer file sharing programs such as Kazaa, Gnutella and Morpheus that millions of Internet surfers use to download and trade music online (recall that a Los Angeles federal judge just ruled a few weeks ago that record companies can go ahead and sue the Australian-based parent company of Kazaa in the United States).

"If the decision survives a promised appeal, it means that people who use such file-swapping programs could be targeted for legal action by entertainment companies. Because file sharing is popular with teenagers, their parents also could be in the cross hairs if they are the official subscribers of online services that connect their homes to the Internet," The Post said. The Los Angeles Times picked up on the "chilling effect" warning that Verizon held up in its defense: "The goal [of the music industry] is to shatter users' sense of anonymity and immunity, weakening the appeal of file-sharing services. After obtaining the identity of users through their Internet providers, RIAA could send them letters demanding that they stop infringing copyrights or risk large financial penalties and the loss of their Internet access."
? The Washington Post: Recording Firms Win Copyright Ruling
? The Los Angeles Times: Verizon Told To Identify Music File-Swapper (Registration required)


The New York Times hinted at the potential danger for file swappers now that RIAA has been handed a victory: "The record industry, which holds online piracy responsible for much of the precipitous decline in CD sales in recent years, has so far largely limited its lawsuits to companies it sees as aiding large-scale copyright infringement, like Napster and Kazaa. But lately industry officials have signaled that they are preparing to pursue some of the millions of people who infringe copyrights using the Internet."
? The New York Times: Verizon Ordered To Give Identity of Net Subscriber (Registration required)
? The San Francisco Chronicle: Ruling A Triumph For Music Industry


Putting ISPs on the Spot

The Verizon ruling comes on the heels of the Midem music conference in France, where the head of the RIAA must have had a crystal ball at her disposal. According to Reuters, RIAA chairman Hilary Rosen said that ISPs and telecoms will be asked to pay for giving customers access to free file-sharing sites. "We will hold ISPs more accountable," Rosen said. "Let's face it. They know there's a lot of demand for broadband simply because of the availability (of file-sharing)." One reaction to Rosen's logic: "Blaming ISPs for giving these hardened criminals the bandwidth for perpetrating their heinous file-sharing acts is akin to blaming the highway department for creating roads that are used by dope smugglers," security consultant Robert Ferrell told Wired.
? Reuters (via ZDNET UK): ISPs Should Pay For Music Swapping
? Wired: RIAA's Rosen Sets Sights On ISPs
? Stereophile Magazine: RIAA Vs. ISPs


Sounding Off

So what do the copyright wars mean for those that like to tinker with music, both online and offline? Dan Gillmor argues in a recent column that technology has helped transform the music world. "Technology has married music, and the result is powerful tools that give enormous flexibility to professionals and amateurs alike. In living rooms, garages and bedrooms around the world, people are discovering and rediscovering the joy of the song," he writes. He quotes Tom White, president of the MIDI Manufacturers Association, who says digital technology has "democratized the process of making music." Despite the recent rulings, such as the Supreme Court's ruling on copyright extensions, Gillmor insists that the "entertainment industry will never control creativity."
? The San Jose Mercury News's Dan Gillmor: Technology Helps Make Music More Democratic


It's obvious that the music industry will continue to attempt to control who has access to music, regardless of privacy concerns. What do you think of yesterday's ruling and of putting the onus on ISPs? Send me an e-mail, and I will publish some reader's comments in a future Filter.

DVD Piracy Case Not Over

Norwegian officials plan to appeal a recent decision that acquitted a Norwegian teenager on movie piracy charges tied to the teen's development of software to decode DVDs. "It will be unfortunate if the ruling stands," Rune Floisbonn, acting leader of the Economic Crime Unit's data department.
? Reuters (via Yahoo!): Norwegian Teenager Faces Film Piracy Appeal
? The Melbourne Age: Norwegian Government Appeals Against Verdict In DVD Case


Microsoft Tips Hat To Entertainment Industry

At the same Midi conference in France last weekend, Microsoft announced a new software toolkit that allows media companies to restrict the number of times CDs and DVDs are used on personal computers, as well as other controls. This of course is news that makes people like Universal Music Group and EMI Group very happy, as they are already using the toolkit. Software company Macrovision said it has readied its copy-protected CDs and already put them to use in Europe and Japan.
? PC World: New Microsoft Tools Copy Protect CDs and DVDs
? The San Jose Mercury News: Music Piracy Facing New Weapons


Microsoft Wants Closure

Microsoft is anxious to settle antitrust allegations with European regulators and is readying a plan to help resolve the dispute, The Wall Street Journal reports today, citing people familiar with the deal. "The content of Microsoft's proposals, which isn't known yet, will determine whether the European Commission's antitrust department will consider settling its case against the Redmond, Wash., firm," the newspaper said. Microsoft refused to comment.
? The Wall Street Journal: Microsoft Plans To Pursue A Settlement With the EU (Subscription required)
? Reuters (via Forbes.com): Microsoft To Seek Antitrust Deal With EU - Source


Meanwhile, U.S. District Judge J. Frederick Motz yesterday formally ordered Microsoft to start shipping Sun Microsystem's Java programming language with its Windows operating system, The order, however, will be on hold until an appeals court reviews the case.
? eWeek: It's Official: Microsoft Must Ship Java
? The Boston Globe: Microsoft Ordered to Install Sun's Java


Had Enough Microsoft Yet?

The software giant announced that it is acquiring Mountain View, Calif.-based PlaceWare, a Web conferencing company that competes with WebEx Communications. Terms of the deal were not disclosed. Web conferencing has became a new trend as companies have whittled out travel budgets and relied on technology more and more to connect workers and hold inter-office meetings.
? The Associated Press (via Yahoo!): Microsoft To Acquire Web Conferencing Company


In a minor Microsoft note, the company's corporate privacy officer, Richard Purcell, has resigned. The company's chief security officer, Scott Charney, will now oversee the company's Trustworthy Computing Initiative.
? ZDNet News: Microsoft's Privacy Officer Resigns
? The Olympian: Microsoft Programmers Not Getting Excited About Security


Filter is designed for hard-core techies, news junkies and technology professionals alike. Have suggestions, cool links or interesting tales to share? Send your tips and feedback to cindy.webb@xxxxxxxxxxxxxxxxxxx
*******************************
MSNBC
Identity-theft complaints double
Fast-growing crime tops government list for third-straight year
ASSOCIATED PRESS


WASHINGTON, Jan. 22 Complaints about identity theft nearly doubled in 2002 as the fast-growing crime topped the government's list of consumer frauds for a third consecutive year.

THE FEDERAL TRADE COMMISSION reports that 43 percent of roughly 380,000 complaints involved the hijacking of someone's identity information, such as credit card or Social Security number, to steal money or commit fraud.
The figures come from a government database of complaints collected from the FTC, the FBI and scores of law enforcement and consumer groups. Gripes about fraud in Internet auctions ranked No. 2 and accounted for 13 percent of complaints.
Outlining the most-frequent complaints on a nationally broadcast interview Wednesday, the FTC's Howard Beales said reports from consumers have increased with greater awareness of the problem prompted by recent high-profile identity-theft cases.
"I think identity theft is a particularly pernicious crime," said Beales, on CBS's "The Early Show."
Beales, who heads the FTC's consumer protection bureau, called identity theft "one specific fraud that we really reach out and try to gather complaints about."
Up to 700,000 people in the United States may be victimized by identity bandits each year, the Justice Department says. It costs the average victim more than $1,000 in expenses to cope with the damage to their accounts and reputations, the FTC has said.
"This is a crime that is almost solely on the shoulders of the victim to resolve," said Beth Givens, director of the Privacy Rights Clearinghouse, a San Diego-based consumer group. "They're beleaguered, they're tired, they're angry and it takes them a good deal of time to recover."
Recovery has taken about five years for Alexandra May, 40, an office equipment saleswoman from Cupertino, Calif.
May said that in 1997 a woman who looked nothing like her obtained a duplicate of her driver's license from a local department of motor vehicles office. With the license, the woman drained $4,000 from May's bank account and tarnished her records with an accident and the theft of a rental car.
"I went to rent a car a few months later and was almost arrested," May said. She said she expects this month to be issued a new license that finally severs her record from the ID thief's actions.
Privacy advocates advise consumers to protect themselves from identity theft by checking their credit reports twice a year, shredding personal documents before throwing them away and cleansing wallets of old receipts and printed Social Security numbers.
The number of identity theft complaints rose from about 86,000 in 2001 to about 162,000 last year, the FTC said. Of last year's incidents, 42 percent involved credit card fraud. Other major categories involved fraudulent bank and cell phone accounts.
The District of Columbia had the highest rate of identity theft in 2002 with 123 victims for every 100,000 people. California and Arizona followed with 91 and 88 victims per 100,000 people, respectively.
About half of all other types of fraud complaints last year had some connection to the Internet, the FTC said. They involved online transactions, Web site advertising or promotions sent as e-mail spam.
The number of complaints about identity theft shot up in 2001 after the FTC began promoting a dedicated Web site and toll-free phone number for victims.
In November, federal authorities broke up what they called the biggest identity theft case in U.S. history and charged three men with stealing credit information for 30,000 people. Prosecutors said the scheme began with passwords and records stolen from a software company.
Last spring, Attorney General John Ashcroft ordered federal prosecutors nationwide to speed up investigations and trials of people accused of stealing identities.
Sen. Dianne Feinstein, D-Calif., a longtime advocate for identity theft laws, will introduce several bills in the next few weeks seeking greater protections for Social Security numbers and stiffer penalties for identity thieves, spokesman Howard Gantman said.
*******************************