[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips January 2, 2003

Clips January 2, 2003


ARTICLES

High Court Urged to Settle DVD Dispute
Reward Offered in Huge Theft of Identity Data
Investigators probe theft of Defense medical records
M.I.T. Studies Accusations of Lies and Cover-Up
Tech Money Pours Into Political Causes
Security, Telecom Top Tech Policy Agenda for 2003
Register.com wins injunction against rival
Miss. Puts Computer in Every Classroom
New Strategy in the War on Spammers
Study: Internet Use in U.S. Homes Routine
IG: DOD contracting falls short
Controllers protest privatization
E-gov selection process found to be flawed
USC wins Spawar pact
New organization takes over .org domain registry
Distance-learning site graduates to next level
Interior gets new CTO
Lawsuit stalls PTO automation
No cyberterrorismyetsays security chief
Inspector general blames top FBI officials for technology failures
Wi-Fi spectrum battle pits antiterrorism efforts against commercial growth
FBI Arrests Student Accused of Stealing

************************************
Associated Press
High Court Urged to Settle DVD Dispute
December 31, 2002
By GINA HOLLAND, Associated Press Writer

WASHINGTON - The Supreme Court has temporarily intervened in a fight over DVD copying, and the justices could eventually use the case to decide how easy it will be for people to post software on the Internet that helps others copy movies.


More broadly, the case against a webmaster whose site offered a program to break DVD security codes could resolve how people can be sued for what they put online.


Justice Sandra Day O'Connor (news - web sites) granted a stay last week to a group that licenses DVD encryption software to the motion picture industry, giving the court time to collect more arguments. She requested filings by later this week. The group has spent three years trying to stop illegal copying.


The case puts the court in the middle of a cyberspace legal boundary fight: Where can lawsuits involving the World Wide Web be filed?


Consumers' rights are pitted against industry copyright protection, with billions of dollars at stake, said Tim Bajarin, president of Creative Strategies Inc., a Silicon Valley consulting firm.


"All of us have felt this was going to be forced up the legal chain," he said.


The DVD industry wants the Supreme Court to use its case against a former webmaster to clarify where lawsuits can be filed.


New York technology analyst Richard Doherty said companies have delayed many new products, services and forms of entertainment because of the DVD industry's problems.


"The future of digital delivery has been on hold ever since this case first came," said Doherty, head of The Envisioneering Group. "They need to know it's going to be protected, it's not going to be ripped off seven seconds after being put on the Internet."


The issue of Internet jurisdiction has come up in Australia, where that country's highest court ruled recently that a businessman could sue for defamation over an article published in the United States and posted on the Internet.

The California Supreme Court ruled in November that the former webmaster, Matthew Pavlovich, cannot be sued for trade secret infringement in California. Justices said he could be sued in his home state of Texas, or in Indiana, where he was a college student when codes that allowed people to copy DVDs were posted on his Web site in 1999.


The program was written by a teenager in Norway and is just one of many easily available programs that can break DVD security codes.


The ruling by a divided California court makes it harder for the industry to pursue people who use the Internet to share copyrighted material.


Pavlovich's attorney, Allonn Levy, said Monday that a group should not be allowed to "drag a student who's involved with a Web site into a forum that's halfway across the country." He said the case affects all people who use the Internet and businesses with sites on the Internet.


The California-based DVD Copy Control Association argued that California was the proper venue because of the movie industry's presence in that state. Lawyers for the association told the Supreme Court that the stay was needed to keep Pavlovich from reposting the decryption program on the Internet.
****************************
Los Angeles Times
Reward Offered in Huge Theft of Identity Data
Stolen computers had names, Social Security numbers of 500,000 military families. Authorities fear financial fraud.
By Tom Gorman
January 1 2003

A $100,000 reward was offered Tuesday to help solve the theft of a database containing the names and Social Security numbers of 500,000 military personnel and their dependents.

Authorities fear criminals could use the information to create false identities and then fraudulently apply for credit cards and bank loans.

The data were contained in computer equipment stolen from TriWest Healthcare Alliance, a Phoenix-based company that operates the Tricare managed-care program in 16 states for the Pentagon. Californians were not affected.

Investigators don't know the motive behind the Dec. 14 break-in, and so far there is no evidence that thieves have used the information in the computers.

Betsy Broder, an attorney for the Federal Trade Commission specializing in stolen identity issues, said the theft of personal data for half a million people may be unprecedented.

Identity theft was far and away the largest consumer fraud complaint in 2001, according to the FTC, accounting for 42% of all complaints. It can be perpetrated by the theft of computers, electronically hacking into computer systems or stealing personal documents from the trash.

In New York, authorities in November charged three men with stealing financial information on about 30,000 consumers by using pilfered corporate passwords to access data from the three major credit reporting bureaus.

Last spring, a computer hacker breached a data center containing personal information on 265,000 California state employees, but there has been no indication that the data were used.

TriWest, which posted Tuesday's reward, provides managed health care for 1.1 million members of the military, its retirees and dependents. The theft involved data on beneficiaries enrolled in the central region of its Tricare Prime program. The company has backup files to replace the stolen data, and it warned its clients not to speak to anyone seeking information about their enrollment.

The company advised clients to contact the nation's three credit reporting bureaus to place fraud alerts in their files. In such cases, the companies are required to notify clients if or when credit card applications are made in their names.

Authorities are releasing little specific information about the Dec. 14 break-in, so they can better assess the accuracy of any tips generated by the reward.

"We won't talk about exactly what was taken, nor security at the location," said Pat Schneider, chief of the criminal division of the U.S. attorney's office in Phoenix.

Although the information included the home addresses of members of the military, it cannot be used to gain access to military bases and the crime is not believed to be related to terrorism, Schneider said.

"We're focusing on the identity theft angle, because we have to be most concerned about potential victims having their identities stolen," Schneider said.

The investigation is being pursued by the FBI, Secret Service, Defense Criminal Investigative Service, Social Security Administration and local law enforcement.

The incidence of identity theft is increasing dramatically, Broder said. In 2001, the FTC consumer hotline received 86,000 complaints of such theft, and through the first six months of 2002, 70,000 complaints were received, she said.

By some estimates, as many as 700,000 people a year are victims of identity theft -- discovered when they find their bank accounts drained or large debts on unauthorized credit cards.

On average, each stolen identity results in about $17,000 in fraudulent charges, said Jay Foley, director of consumer and victim services for the Identity Theft Resource Center, a San Diego-based nonprofit organization.

"If you were to provide me with a half-million names and Social Security numbers and I opened up just one credit card per name and maxed it out at $5,000, just imagine the impact," he said.

Making this theft more potentially dangerous, he said, was that the victims were members of the military, retirees or dependents -- "people who probably don't have excessive credit."

"If the last credit account they opened was five years ago, who'd question a new application for credit? How deeply will the credit application be screened?" he said.

"There are a number of companies out there which are very slow in the screening process and who may not do a full credit check."

David J. McIntyre Jr., chief executive officer of TriWest, said Tuesday that the company is reviewing its security systems.

The FTC referred TriWest clients to the agency's Web site, www.consumer.gov/idtheft.
***********************************
Government Executive
December 31, 2002
Investigators probe theft of Defense medical records
By Amelia Gruber
agruber@xxxxxxxxxxx

Federal investigators are trying to find the thieves who stole computer equipment and medical records from a military contractor's offices in mid-December.

Several law enforcement agencies, including the Defense Criminal Investigative Service and the FBI, are involved in the search for the files, which contained such sensitive information as patients' claims history and Social Security numbers.

Investigators are still assessing the magnitude of the robbery, according to officials from Tricare and TriWest Health Care Alliance Corp., which administers the military's Tricare health plan in 16 midwestern and western states. They have not yet determined a motive for the theft. The medical records were stolen from TriWest at the Tricare Central Region health contractor's Phoenix offices on Dec. 14.

"TriWest is mobilizing all resources at our disposal to assist law enforcement in the apprehension of the person or persons responsible for this crime and to recover the stolen property," said David McIntyre Jr., the company's chief executive officer and president, in a statement.

The theft has not resulted in any disruption in services to Tricare beneficiaries, according to a Dec. 24 statement from TriWest.

After learning of the theft on Dec. 20, the Defense Department took steps to protect other records. The department required all Tricare contractors to assess their current security systems. Federal officials are working at TriWest's two corporate offices in Phoenix to find ways to prevent future break-ins.

Tricare beneficiaries seeking further information can call 888-339-9378 or send an e-mail computertheft@xxxxxxxxxxxx
****************************
New York Times
January 2, 2003
M.I.T. Studies Accusations of Lies and Cover-Up of Flaws in Antimissile System
By WILLIAM J. BROAD

CAMBRIDGE, Mass. The Massachusetts Institute of Technology is looking into accusations that its premier laboratory lied to cover up serious problems with the technology at the heart of the administration's proposed antimissile defense system.

The university was prodded to act by Theodore A. Postol, a tenured M.I.T. physicist in security studies and a prominent critic of the antimissile plan. In letters to Congress and elsewhere, Dr. Postol has said M.I.T. appeared to be hiding evidence of serious flaws in the nation's main antimissile weapon, a ground-based rocket meant to destroy incoming enemy warheads by impact. His accusations center on a 1998 study by Lincoln Laboratory, a federally financed M.I.T. research center, and have grown over the years to include the institute's provost, president and corporate chairman.

Dr. Postol became known as an antimissile critic after the Persian Gulf war in 1991, when he argued that contrary to Pentagon assertions Patriot missiles had shot down few if any Iraqi Scud missiles. His contention, at first ridiculed, in time became accepted as truth.

Officials at the institute strongly deny any wrongdoing.

"The bedrock principle for all research done at M.I.T. is scientific integrity," officials said in a statement. "Any allegation that there has been any deviation from that principle must be taken seriously, and that is what M.I.T. has done in this case."

These officials dismissed Dr. Postol's accusation that they had delayed acting on his accusations.

Dr. Postol, who first called for an investigation 20 months ago and repeated his request many times, is unsatisfied. "Potentially, this is the most serious fraud that we've seen at a great American university," he said in an interview.

His argument draws on stacks of letters, reports and interview transcripts, their details technically daunting and plentiful.

But he is hard to ignore. Even Dr. Postol's critics, who call him pushy and arrogant, tend to admire his laserlike precision. A Navy science adviser in the Reagan administration, he came to M.I.T. in 1989 as an expert on advanced weapons.

His credibility rose after the Patriot case, which began in 1991 when the Army contended that the weapon had knocked out nearly all of the Scud missiles that Iraq had fired at Israel and Saudi Arabia. After studying videotapes of the clashes, Dr. Postol said Patriots had probably made no direct hits. The Army initially strongly disagreed, but in January 2001 Secretary of Defense William S. Cohen joined the doubters. "The Patriot didn't work," he said.

Dr. Postol's current battle is a spinoff from the case of Dr. Nira Schwartz, a senior engineer in 1995 and 1996 at TRW Inc., a military contractor. Dr. Schwartz accused her employer of faking test results on a prototype antimissile sensor meant to distinguish enemy warheads from decoys. This task was the hardest part of the antimissile challenge, and doubts about success would erode the weapon's credibility.

TRW denied Dr. Schwartz's charges and in a 1998 report federal investigators said TRW was essentially truthful. This report is at the center of Dr. Postol's charges.

The report was done under the direction of the Lincoln Laboratory, and two of its five authors worked there. The other three were drawn from the Lawrence Livermore National Laboratory in California and the Aerospace Corporation, a military industry research company.

After Dr. Schwartz's accusations became public in 2000, Dr. Postol dug into the Lincoln Laboratory report. On April 26, 2001, he wrote Charles M. Vest, M.I.T.'s president, calling the report's conclusions "false and unsupported" and asking for an investigation by the institute. He repeated his request a month later and a year ago he wrote Alexander V. D'Arbeloff, chairman of the M.I.T. corporation, saying Dr. Vest had failed to investigate "a serious case of scientific fraud."

Nearly 10 months after Dr. Postol's complaint, the institute opened an inquiry into whether a formal investigation was warranted.

Robert A. Brown, M.I.T.'s provost, wrote Dr. Postol on Feb. 11 to say that since the disputed report was by "government, not M.I.T.," the university had no obligation to review its overall accuracy. He said the institute would examine only the work of the two Lincoln authors.

Dr. Postol objected, and federal investigators soon gave him new ammunition. On Feb. 28, the General Accounting Office, an investigative arm of Congress, said in two reports to Congress that TRW had exaggerated the sensor's performance, calling its contentions "highly misleading." The investigators faulted the Lincoln report for relying on data processed by TRW, instead of seeking the contractor's raw data.

The institute began its inquiry on April 12, led by Dr. Edward F. Crawley, who is in charge of of the school's department of aeronautics and astronautics.

Dr. Postol then suffered two setbacks. First, Frank Press, a former president of the National Academy of Sciences, who had been asked by the institute to look into assertions that it had not moved quickly enough, concluded on April 22 that the initiation of the fraud inquiry, "though prolonged," adhered to M.I.T. policies.

In July, Dr. Crawley weighed in with a preliminary report calling the 1998 study trustworthy. "Not only do I find no evidence of research misconduct," Dr. Crawley wrote, "but I also find no credible evidence of technical error." No investigation was warranted, he said.

Dr. Postol challenged the draft inquiry report's findings. In particular, he noted that Dr. Crawley's draft contradicted the General Accounting Office report, which the Defense Department and Lincoln Laboratory had reviewed for accuracy.

"Either there's a serious problem with the G.A.O. report, which needs to be corrected," Dr. Postol told Dr. Crawley in August, according to a meeting transcript, "or Lincoln Laboratory could be involved at the highest levels of management in covering up fraud."

On Nov. 4, Dr. Crawley reversed himself and recommended a full investigation. His revised report was given to Dr. Brown before Christmas. Dr. Crawley has not said why he changed his mind, and the institute has not said whether a full investigation will go forward. The institute refused to give Dr. Postol a copy of the final Crawley report, saying he had broken a promise to keep the draft report confidential.

On Nov. 26, the institute issued a statement saying, "It would be unfair to comment on the inquiry," and adding, "Professor Postol knows what the M.I.T. policies say about confidentiality and if he chooses to disregard them, he will have violated those policies."

Roger Sudbury, a Lincoln spokesman, said the laboratory was cooperating with the institute. He said he could make no other comments because of confidentiality restrictions.

Dr. Postol said he feared that the institute's references to confidentiality rules were preparatory to bringing action against him.

On Dec. 5, Dr. Postol began sending letters on M.I.T. letterhead to 20 members of Congress, including Senator Carl Levin, Democrat of Michigan, and Representative John M. Spratt Jr., Democrat of South Carolina, both defense experts. Recent actions by the the institute, Dr. Postol wrote, "may indicate an attempt to conceal evidence of criminal violations of federally funded research at the M.I.T. Lincoln Laboratory." He said the criminal violations were laboratory officials lying to federal investigators.

He accused the institute dragging its feet for 19 months and suggested that the university's highest officials were trying "to conceal evidence of possible criminal violations."

Dr. Postol speculated that the institute was leery of his accusations because it wanted to protect the reputation of Lincoln Laboratory, the institute's top source of federal financing. President Vest is conflicted because he sits on the White House council of science advisers and "knows that the missile defense system won't work and that his own organization has lied about its capabilities," Dr. Postol added.

Military and some institute officials have long criticized Dr. Postol's focus on the TRW case, saying it was irrelevant today. They note that TRW in December 1998 lost out to a rival company, Raytheon, in getting the contract to build the antimissile weapon.

But Dr. Postol said the TRW case opened one of the few public windows on antimissile feasibility, which is usually wrapped in tight secrecy. He cited a June 1997 flight test in which, he said, a TRW sensor and computer brain failed to differentiate a mock warhead from nine decoys.

Because of that surprise, Dr. Postol added, all the nation's recent antimissile tests have been much simpler, typically using a single decoy.

"It's absolutely relevant," he said of the TRW episode. "It goes to the heart of whether this system has any chance of working. It's more relevant now than when the case first arose."

That, he said, is because President Bush announced on Dec. 17 that the ground-based weapon would star in the nation's first antimissile system to be built in a quarter-century.

In late December, Dr. Postol left the institute for a four-month sabbatical at Stanford University. "I'll fly back in a heartbeat if something comes up," he said. "I want to see this thing resolved."
*********************************
Washington Post
Tech Money Pours Into Political Causes
By Jonathan Krim
Thursday, January 2, 2003; Page D11

Technology companies keep giving us wondrous new tools, many of which give people a chance to get more involved in democracy, from local school policies to national politics.

A number of those companies are increasing their own participation, too, but they're doing it the old-fashioned way: giving millions of dollars to political campaigns and spending hundreds of millions more for lobbying state and federal legislative and executive branches.

No longer able to view government as a pesky annoyance, as they did in the first half of the 1990s, tech companies have embraced politics with the aggressiveness they bring to their own industry.

It's instructive and fitting to use some of the tools the tech folks gave us to track what they've been up to.

For those who want to do it at home, a couple of Web sites collect and present data from the Federal Election Commission, to which campaigns must report their contributions and companies must register their lobbying activities. The FEC does a pretty nice job on its own site (www.fec.gov), but my favorite is operated by the Center for Responsive Politics, at the aptly addressed www.opensecrets.org.

The site allows you many ways to slice the information -- by donor, by recipient, by industry. It shows charts and graphs of party preferences, and much of the data goes back to the 1990 elections.

So far, the center's information covers only through mid-October, so end-of-campaign donations are yet to be accounted for. But some intriguing trends have been established.

According to the center's data, computer hardware, software and Internet companies contributed $19.4 million in the 2002 election cycle, ranking eighth among industries.

Those donations jumped from $9.8 million in 1998, the last non-presidential federal election, when the industry ranked 25th. In the presidential election year of 2000, the industry spent $40.8 million, $30.5 million more than it gave in 1996.

The totals reflect contributions from the companies, their employees and family members, and corporate political action committees. Many of the donations qualify as "soft money," going to political parties rather than individual candidates. The contributions also can be goods and services instead of cash.

Telecommunications companies, including the local and long-distance phone companies and wireless and satellite service providers, gave $22.26 million, up from $19.2 million in 1998. Those companies gave $36.4 million in the 2000 cycle.

Who are the heavyweights? In the computer and Internet sector, Microsoft Corp. has been the biggest contributor since the 1998 cycle, about when the Clinton administration's Justice Department and more than 20 states filed their antitrust suit against the company.

In 1996, the software giant gave $245,474, with 54 percent going to Democrats, and it came back in 1998 as the largest tech contributor, giving $1.36 million. Of that total, 64 percent went to Republicans.

Microsoft increased its contributions in the 2000 cycle to $4.67 million, and it gave $3 million in the 2002 period, with nearly two-thirds again going to Republicans. No other major tech corporation contributed more than $575,000 in the 2002 period.

Joining Microsoft in preferring Republicans were several other major tech firms, including Cisco Systems Inc., Intel Corp., Oracle Corp., Dell Computer Corp., Gateway Inc., Electronic Data Systems Corp. and Siebel Systems Inc. AOL Time Warner Inc. was the major exception, contributing $2.2 million in 2000 and $284,000 in the most recent period, with most going to Democrats.

The Republicans were counterbalanced in the most recent cycle by Silicon Valley entrepreneur and philanthropist Steven Kirsch, who made his fortune founding Infoseek, an Internet search engine. Now chief executive of his latest start-up, Propel Software Corp., Kirsch gave $3.36 million to Democrats in the 2002 cycle, making him the top tech-company donor.

When it comes to lobbying, Microsoft also leads the tech pack. From January 2000 to mid-2002, the company spent $16.1 million on federal lobbying, according to PoliticalMoneyLine (www.tray.com). Intel spent $12.2 million.

The major telephone carriers, amid legislative battles over Internet access policy, spent comparably.

What has all this largess achieved?

Many of the technology companies share goals, such as trade-promotion authority, increased tax depreciation of tech equipment, relaxation of tech-export controls and not requiring stock options to be accounted for as expenses. So far, the companies have been successful in these areas.

Other issues are thornier, often dividing technology companies and telecommunications providers. The entertainment industry, which contributes more than either of the other two, also is increasingly at odds with the tech industry on issues involving digital rights.

And all of these groups have a ways to go before they catch the contribution leaders for the recent election cycle: the lawyers and law firms that contributed $62.48 million.
******************************
Washington Post
Security, Telecom Top Tech Policy Agenda for 2003
Congress Will Oversee New Cybersecurity Bureaucracy, Revisit Broadband Rules
By TechNews.com Staff
Tuesday, December 31, 2002; 12:00 AM


Even before the 108th Congress convenes, lawmakers face an inbox full of tech policy items left over from previous sessions and crowded with a growing list of emerging policy items sure to draw attention on both sides of Capitol Hill.

Senators and representatives will return to Washington charged with overseeing a newly created homeland security department -- an agency designed to protect the nation's physical and digital resources. How to balance high-tech surveillance with privacy protections for ordinary citizens likely will be the hot-button tech issue of 2003.

But it's the continued weakness in the technology sector that may draw the most visible and contentious debates as lawmakers seek to reinvigorate the New Economy. Congress faces a telecom sector still wracked with disagreement over the rules that govern broadband Internet service. And then there are the perennial tech policy issues -- spam, copyright protection, Internet taxes, gambling, military and business spectrum use, hacking and network security. Congress tried hundreds of times to address these areas and is prepared to try again in 2003.

Voters gave Republicans control of both the Senate and House of Representatives in the November election, and the return to power in the Senate certainly heralds changes, but tech policy battles don't always break down along partisan lines.

Here are some of the anticipated highlights for the upcoming two years of the 108th Congress:

Homeland Security and Cybersecurity
? The Bush administration is expected to release the final version of its cybersecurity plan in late January or early February. The White House scrapped a planned September 2002 release of the strategy after the technology community complained that the administration failed to solicit or heed its input. Internet security experts also complained, saying that the private sector wanted to water down the document by making it a series of recommendations, not orders. Lawmakers are expected to offer their own takes on the plan, once it actually sees daylight.

? The Pentagon's Defense Advanced Research Projects Agency has hired retired Admiral John Poindexter to run the Total Information Awareness System (TIAS). Replete with the Masonic pyramid and omnipotent eye of the dollar bill as its logo, TIAS is intended to gather as much information as it can from databases worldwide to track down terrorists and other threats to national security. Critics, including several key members of Congress, say it is a blow against privacy rights, since the system as designed will sort through information worldwide without regard to source or subject, leaving open the possibility that personal information about ordinary citizens could wind up archived in a Pentagon computer.

? The technology industry is expected to keep the pressure on Congress to devote more dollars to information technology as a way to fight terrorism, both at the federal and state level. President Bush signed a bill in November that dedicates $900 million over five years to cybersecurity research, but security-conscious lawmakers are likely to devote more funds to that budget.

? With the adoption of a law that creates a new "homeland security" agency, there will be a reshuffling of the federal bureaucracy into a gargantuan office that will include several information technology departments, including the FBI's National Infrastructure Protection Center and the Critical Infrastructure Assurance Office. Congress will be charged with overseeing this new bureaucracy and may revisit the legislation to "fix" anything it doesn't like about how the White House organizes the new agency.

Internet Piracy and Copyright
Digital piracy and intellectual property issues will be front and center in many congressional committees next year, though it remains to be seen whether they will match the bumper crop of anti-piracy legislation that sprang up over the past two years.

? Rep. Howard Berman (D-Calif.) likely will resurrect a bill he introduced in the 107th Congress to allow the entertainment industry and other copyright owners to use technological tools to pry into people's personal computers to stop them from illegally swapping copyrighted music, movies and software online. The bill as written in the last session says that copyright owners cannot cause more than minimal damage to a file trader's software, but it already is being decried for legalizing techniques common among hackers to uphold the law.

? House Energy and Commerce Committee Chairman W. J. "Billy" Tauzin (R-La.) is expected to reintroduce legislation to speed the national transition to digital television and prevent unauthorized copying or signal theft of digital TV programs. The bill would require makers of digital televisions and DTV-ready equipment to include a digital "watermark," or code, that would prohibit Internet transmission. In the Senate, Joseph Biden (D-Del.) may reprise a bill to outlaw tampering with digital watermarks.

? Senate Commerce Committee Ranking Democrat Ernest "Fritz" Hollings (D-S.C) is expected to reintroduce an anti-piracy bill that would mandate standards for personal computers and other devices to prevent copyright theft. The legislation was strongly supported by Motion Picture Association of America chief Jack Valenti, as well as other titans of the entertainment industry, including the Walt Disney Co.

? The Supreme Court likely will decide whether Congress can repeatedly extend copyrights on literature, art, music and film. At issue is a challenge to the Sonny Bono Copyright Term Extension Act, a 1998 law that extended copyright protection by 20 years. Opponents of the law, led by Internet archivist Eric Eldred, say the law unfairly burdens scholars and publishers, and could leave creativity on the Internet in the hands of a few major entertainment and media companies, many of which have been slow to embrace the Web as a distribution medium.

Internet Taxation
Most online shoppers don't pay taxes on the goods they buy, thanks in part to a Supreme Court ruling that says that Congress can't force merchants to collect state sales taxes unless the merchants are located in the state where the customer lives. The court also said that Congress can change that rule when enough states simplify their disparate and often incompatible tax systems.

Now, 31 states and Washington, D.C., are one step closer to that goal. After passing other procedural steps -- and after the November 2003 expiration of a moratorium on Internet-specific taxes -- the states and D.C. will ask Congress to approve a mandatory, nationwide online sales tax. There is no guarantee that lawmakers will say yes, in part because only 45 of the 50 states collect sales taxes. Given Congress's repeated passage of laws to ban Internet sales taxes, members of Congress are likely to get involved in the states' sales tax initiative, including Sen. George Allen (R-Va.), a leading critic of imposing any taxes on online commerce.

Spam and Identity Theft
? Lawmakers introduced more than two-dozen bills to thwart identity thieves and to assist their victims, but none of them passed both chambers of Congress. Shortly after a high-profile ID theft scam affecting an estimated 30,000 consumers nationwide was reported in the fall, the Senate passed legislation to increase prison terms for convicted identity thieves, but it never received a hearing in the House. The Senate also passed legislation to help ID theft victims repair their credit, but the House had little time before the end of the session to review it. Several of the chief ID theft combatants are returning for the 108th Congress, including Sens. Dianne Feinstein (D-Calif.) and Maria Cantwell (D-Wash.), and Reps. Edward Markey (D-Mass.) and Adam Smith (D-Wash.).

? Congress has again avoided passing legislation to combat the growing menace of junk e-mail -- or "spam," encouraging states to take the matters into their own hands. Roughly half of the states have passed anti-spam laws. The Federal Trade Commission (FTC) can prosecute spammers who send out misleading or illegal information -- including solicitations for drugs without prescriptions, sex enhancement aids and free porn, for example -- but there is still no federal law limiting unsolicited commercial e-mail. Legislators such as Sens. Conrad Burns (R-Mont.), Joseph Lieberman (D-Conn.), Ron Wyden (D-Ore.) and Reps. Heather Wilson (R-N.M.), Robert Goodlatte (R-Va.), Zoe Lofgren (D-Calif.), Gene Green (D-Texas) and Howard Coble (R-N.C.) are expected to keep up the push for a federal law.
*********************************
Washington Post
Judiciary Panel Adds Surveillance Oversight


By Brian Krebs
washingtonpost.com Staff Writer
Monday, December 23, 2002; 7:49 AM


The Senate Judiciary Committee next year will have its hands full balancing perennial high-tech policy debates with oversight of new federal surveillance and data-gathering powers. Making that balance work will depend on whether the committee's top Republican and Democrat collaborate, Capitol Hill watchers said.

Sens. Orrin Hatch (R-Utah) and Patrick Leahy (D-Vt.) are known for their sharp ideological disagreements, but they often agree on technology issues. Tech lobbyists said that the trend may continue in the 108th Congress with topics like online piracy and intellectual property law.

A spokeswoman declined to discuss next year's committee schedule. She said that Hatch, who is reassuming the chairmanship as Republicans regain a majority in the Senate, will outline his priorities in January.

Top on the committee's oversight agenda is the USA Patriot Act, which granted the Justice Department new domestic wiretapping and electronic surveillance powers. The committee will also grapple with the long-term future of the FBI and bid for oversight authority when it comes to the new Department of Homeland Security, sources close to the committee said.

Getting information about the administration's activities is paramount on both counts, but it could test a GOP-controlled Congress's willingness to challenge an administration that often views any questioning of its policies as disloyalty, said Jim Dempsey, executive director of the Center for Democracy and Technology.

Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists, said he is worried about whether Hatch will pursue that information with the same zeal as the committee did under his Democratic predecessor.

"Even if Hatch isn't actively bad -- which, in fairness remains to be seen -- the loss of Leahy as chairman is still a major setback, particularly with an administration that is so hostile to public access," Aftergood said.

Leahy is widely regarded as one of the most vocal proponents of the Freedom of Information Act (FOIA), a law designed to provide public access to internal federal government documents.

In a speech during the Senate debate on the Homeland Security Act, Leahy assailed the White House for broadening the scope of FOIA exemptions in the bill. The exemptions were intended to prevent the disclosure of information that companies share with the government about physical and Internet-based attacks on their critical systems, something network security leaders in the private sector pushed hard to get included. But Leahy and others said the exemptions open the door for companies to avoid liability for their own negligence on cybersecurity, environmental and product safety practices.

Leahy voted for the Homeland Security bill, but promised to confront the administration on public access in 2003. Dempsey said he hopes Hatch will take up Leahy's push to convince the administration that Congress still has a crucial advisory and oversight role in battling terrorism, cyber or otherwise.

"There are two halves to this equation: Will Hatch continue to push for information on this, and secondly will the administration be any more willing to share it with him than they were with Leahy?" Dempsey said. "I think it's fair to say that the administration's commitment to secrecy has been bipartisan."

If Congress doesn't exert its oversight role, the administration would be free to maneuver in secret on programs like "Total Information Awareness," a Pentagon initiative to mine information in public and private databases worldwide for signs of terrorist activity, Aftergood said.

"We have never had technological capabilities to enable the kind of abuse that is now possible," he said. "There is a powerful technological imperative here which is geared toward increasing collection of information on everybody simply because it's possible to do so."

Identity theft is another key issue the committee will be expected to take up next year, staffers said. The topic recently took on new life in the wake of what is believed to be the largest incidence of identity theft ever detected. In November, two men with access to sensitive bank and credit-company passwords were charged with stealing and selling financial data on as many as 30,000 people.

At least five committee members co-sponsored a bill last month to increase criminal penalties for convicted identity thieves. The Senate approved the legislation, but Congress adjourned before the House could hold hearings.

The entertainment industry's quest for legislation to stamp out the growing problem of Internet piracy also is expected to be on the docket.

The recording and motion picture industries want lawmakers to tweak copyright and anti-piracy statutes to fight online theft and unauthorized copying that they claim is hurting their bottom lines.

Hatch played a major role in crafting the Digital Millennium Copyright Act (DMCA) -- a law designed to help the entertainment industry crack down on digital piracy and embrace the Internet as a distribution medium -- but has said the industry is taking too much time to make its content widely available online.

Hatch also said he hopes to hold more hearings on Internet-based entertainment, and is considering legislation to persuade entertainment companies to pick up the pace.

Leahy next year wants to reform the process that Internet radio stations use to negotiate royalty rates with the recording industry, artists and songwriters.

After a lengthy arbitration proceeding earlier this year, the Library of Congress said Webcasters should pay .07 cents per song, per listener. The royalties are retroactive to 1998, when the DMCA was passed.

When a coalition of small and religious webcasters complained that the retroactive royalties could drive them off the air, Leahy joined Sen. Jesse Helms (R-N.C.) to co-sponsor legislation that authorized the music industry's principal royalty collector, SoundExchange, to negotiate binding royalty contracts with small webcasters on behalf of all artists and record labels. The bill, which ultimately won White House approval to become law, also allowed noncommercial webcasters an extra six months to make their back payments.

Leahy said he will press the committee to address concerns about "the fairness and completeness" of the arbitration process, and to ensure that smaller religious and university-based webcasters are not excluded from future royalty rate negotiations.

Whether or not the Judiciary Committee covers much ground in the technology policy arena may depend on the outcome of seemingly unrelated ideological power struggles -- notably federal judicial nominations, an area where Leahy and Hatch rarely see eye-to-eye.

Battles over White House nominees for federal judgeships are one of the biggest obstacles to passing legislation out of the committee, because the nominations often are used as bargaining chips to leverage compromises on other important policy issues. That dynamic could be even more important next year, given President Bush's intent to fill numerous vacant judicial posts and the possibility of a Supreme Court nomination proceeding.
*********************************
News.com
Register.com wins injunction against rival
By Paul Festa
Staff Writer, CNET News.com
December 30, 2002, 12:53 PM PT

Domain name registrar Register.com won a preliminary injunction against a competitor for alleged "domain name slamming," or filching customers without their knowledge.

The case pits Register.com against the Domain Registry of America (DROA), which it accuses of misleading Register.com customers into switching their domain name registrations.

In her 47-page ruling Thursday, Judge Naomi Reice Buchwald of the U.S. District Court for the Southern District of New York called the alleged acts "Domain Registrar Slamming," a term borrowed from the techniques some long distance carriers have used to get people to unwittingly change their service.


"I'm extremely pleased," said Brett Lewis, assistant general counsel with Register.com. "We feel we have been harmed, and we want to send a message not only to Domain Registry but to others who would engage in these practices that it's not going to be profitable for them, and that we will enforce our rights."

Lewis applauded the court's comparison between the phone slamming cases and the current one.

"I think the term is apt," Lewis said. "There are comparisons that can be drawn between this and what was going on in the telecom industry. It wasn't something that we pushed on the judge, but it was something that she obviously felt was appropriate."

DROA did not return calls.

Domain name registrars have resorted to unorthodox and sometimes questionable customer acquisition techniques in the face of a highly competitive market for their services. In June, the courts intervened to prevent domain name heavyweight VeriSign from sending misleading messages to consumers.

Register.com in August sued DROA, accusing it of violating federal trademark and false advertising laws and New York state laws against unfair business practices and unfair competition.

The injunction prevents DROA from misleading consumers into thinking they are registered with the company if they are not. DROA is also enjoined from imitating Register.com's look in its marketing and promotional materials.

Register.com said it would seek about damages "in the millions" of dollars, depending on what it learns in the discovery process of the case. A trial date has not been set.

*********************************
Associated Press
Miss. Puts Computer in Every Classroom
By MATT VOLZ, Associated Press Writer

HERNANDO, Miss. - In a milestone for student achievement and state pride, Mississippi has become the first state to have an online computer in each of its public-school classrooms, a spokesman for the governor said.


The state met the goal set by Gov. Ronnie Musgrove to connect Mississippi's 32,354 public classrooms to the Internet by Dec. 31, spokesman John Sewell said Wednesday.


The accomplishment has added importance in a state that has often found itself near the low end of educational and economic rankings.


"I've never known Mississippi to lead the nation in any educational category or technological category," said Tom Pittman, publisher of The DeSoto Times in northern Mississippi. "It puts us at the forefront of something that is significant and important."


The idea to hook up all the state's public classrooms to the Internet began in 1999 as a challenge offered up by Pittman's brother, then-America Online chief executive Bob Pittman, at a meeting of the Mississippi Economic Council. Musgrove, a candidate for governor at the time, made the challenge part of his campaign.


The job required $40 million worth of equipment and training, but federal funding, private donations and programs that trained students to build computers meant the project cost the state just $6 million, according to Musgrove's office. Donations included $500,000 from Mississippi native and former Netscape chief executive Jim Barksdale.


Besides Mississippi, the state closest to filling classrooms with online computers is Delaware, according to the National Governors Association in Washington.


Now that the computers are in place, the schools will have to train teachers to use them and pay for maintenance, upgrades and connections, Sewell said. Some of the costs can be eased with federal education programs and by training students to fix computers, he added.
*******************************
New York Times
January 2, 2003
New Strategy in the War on Spammers
By IAN AUSTEN

A RESEARCHER at AT&T Labs is proposing to stop at least some spam before it starts by using e-mail addresses that expire or come with other restrictions attached in code.

"It came to me one day that spam works because there's no easy way to differentiate between what's real e-mail and what isn't," said John Ioannidis, a member of the research department at AT&T Labs in Florham Park, N.J.

Dr. Ioannidis suggests adopting something he calls "single-purpose addresses'' rather than continuing to refine software filters that try to sort the good from the bad.

Such addresses would not replace permanent e-mail addresses, which, under Dr. Ioannidis's plan, users would continue to give to those they trust and need to maintain contact with, like relatives or employers.

Instead, single-purpose addresses would be used when the senders have no continuing relationship with the other parties and fear that their e-mail addresses might be sold or given to spammers. Online purchasing or newsgroup postings are obvious examples.

Dr. Ioannidis will present a paper about his approach in February at a meeting of experts in computer network security. Under the system, users would generate single-purpose addresses with special software. The process could be relatively simple. Using an on-screen menu, the user would first select how long the address would exist. Currently, the shortest period with Dr. Ioannidis's technology is one day.

A user could also choose to have the address work only when sent from a specific domain (the part that follows the @ symbol). This would prevent an unexpired address from being used by spammers.

After those settings are made, the address software would generate a code containing the date and domain restrictions and the user's permanent e-mail address. That code, in turn, would be converted into a string of 26 characters that appear to be a jumble of numbers and letters. Together with the user's domain, the string would form the single-purpose address, which could be cut and pasted into forms like those used by online stores.

When, say, the store sends a reply indicating that a user's desired item is out of stock, software on the customer's mail server would decode the special address and then, assuming it remains valid, forward the mail to the permanent address.

Dr. Ioannidis acknowledges that even with his system, spammers could still get access to permanent e-mail addresses. A trusted relative, he said, may give someone's full e-mail address to an online greeting card service, which could then sell it to spammers. But Dr. Ioannidis hopes that if his system is widely adopted, it will pollute spam mailing lists with so many invalid addresses that the lists will become increasingly useless. The process could take decades, however, he said.

"The idea is to raise the bar to make it difficult to spam my address," Dr. Ioannidis said.

John Mozena, a co-founder and vice president of an anti-spam group, the Coalition Against Unsolicited Commercial E-mail, said that Dr. Ioannidis's technology would not likely change his organization's view that legislation remains the most effective form of anti-spam protection.

"This technology might protect some individual users from a certain amount of spam," Mr. Mozena said. "But it's adding insult to injury to also have us spend time, money and effort on tools to keep spam out of our mailboxes."

Mr. Mozena also said he found it unlikely that spammers would simply give up if e-mail lists became filled with worthless addresses. "The quality of those lists are already so miserable that it wouldn't really matter," he said.
******************************
Reuters
Study: Internet Use in U.S. Homes Routine

WASHINGTON (Reuters) - The Internet has become a staple source of information for American households about health care, government services and potential purchases, a survey to be issued on Monday finds.


About 60 percent of 2,000 people surveyed in the Pew Internet and American Life Project study said they used the Web regularly. Two-thirds of those had been online for three or more years.


At least 80 percent of the Internet users questioned in September and October said they expected to find reliable news, health care information and government services information on the Web.


Almost as many Internet users, 79 percent, said they expected to find a business with a Web site that will give them information about a product they are considering buying.


"With the passage of time, people are gaining more experience and comfort with the Internet and what it offers," report author John Horrigan said in an interview.


"People value the vast array of information online, and new search engines give them the ability to noodle along and find what they want," Horrigan said.


The "network of networks" has become integral part to the daily routines of millions of North Americans, agrees Barry Wellman, a University of Toronto professor and the co-author of the book "The Internet and Everyday Life."


"Even five years ago the Internet was seen as very special, a privileged and very unique thing," Wellman said. "Now it is routinely accepted into peoples lives, especially younger folks."


The Internet has its roots in the 1960s, when university researchers began sharing information between mainframe computers connected by a government-run network called the Advanced Research Projects Agency Network (ARPAnet).


In 1983, ARPAnet was opened up to anyone with a computer and access to a phone line, as addressing and routing of information was made simpler.

Although Internet penetration remains low in some countries, particularly where telephone access is limited, Caroline Haythornthwaite, Wellman's co-author and a University of Illinois professor, said public expectations are spurring the technology's continued expansion.


"We now expect the physical hardware to be there, in hotels, in schools," she said. "There's a certain seamlessness to it. In many ways, it is integrated into everything we do."


The Pew Research Center describes itself as an independent opinion research group that studies attitudes toward the press, politics and public policy issues and is sponsored by the Pew Charitable Trusts, charitable funds established between 1949 and 1979 by the children of Joseph N. Pew, the founder of Sun Oil Co.
******************************
Federal Computer Week
IG: DOD contracting falls short
BY Matthew French
Dec. 31, 2002

Despite all efforts, the Defense Department is still not complying with the General Services Administration's regulations regarding competition when awarding orders to small businesses, according to a report issued recently by the DOD inspector general.

An audit was initiated to determine whether contracting officials followed established procedures when awarding orders to small businesses using GSA Federal Supply Schedules (FSS) and whether those officials used appropriate market research.

The results were not positive. The IG's office reviewed 124 contract actions awarded at 16 contracting offices in 2000 and 2001, and determined that inadequate efforts were made to ensure the government paid a fair price.

"Four prior Inspector General of the Department of Defense audits identified price reasonableness and Truth in Negotiations Act problems similar to the problems in this report," the audit reads. "Accordingly, DOD needs to take an aggressive role in monitoring its contract officials."

The audit specifically cited 71 contracts, worth a total of $259 million, awarded using FSS, as being particularly inadequate. It stated that there was "inadequate or no review of contractor price lists" in 88 percent of the orders for products, 82 percent for services and 75 percent for a combination of the two. It also said 70 percent of the contracts went through with no requests for discounts, and almost half were awarded on a sole-source basis instead of seeking multiple sources.

The IG's office made 12 recommendations, of which DOD concurred or partially concurred on 11. DOD rebuffed the recommendation to develop a trend analysis of the progress made in obtaining competition and multiple sources through the market research process.

"We agree that improved market research leads to increased competition. For that reason, we agree to address market research in our policy memorandum," the statement reads. "However, there is no database that includes a metric that could be used for measuring the increase in competition solely attributable to market research. The cost of establishing such a metric would outweigh any potential benefits."
******************************
Federal Computer Week
Controllers protest privatization
BY Megan Lisagor
Dec. 23, 2002

The union that represents more than 15,000 air traffic controllers has launched a campaign to protest the potential privatization of their profession.

Off-duty controllers at airports nationwide distributed leaflets expressing their concerns to passengers Dec. 20.

The outreach effort follows the Federal Aviation Administration's decision to declare air traffic control a commercial activity, rather than an inherently governmental function.

Union officials believe the change opens the door to outsourcing controller jobs.

"Commercial activity sure sounds a lot like privatization to me," National Air Traffic Controllers Association President John Carr said, speaking at a news conference at Ronald Reagan Washington National Airport.

Under the Federal Activities Inventory Reform Act of 1998, agencies must identify all functions they consider suitable for outsourcing to the private sector. The Transportation Department's latest list, which includes the FAA's information, was released Dec. 9.

FAA officials maintain that they have no intent to privatize air traffic control, but the union is unconvinced.

Earlier this year, President Bush deleted the phrase "an inherently governmental function," describing air traffic control, from a Dec. 7, 2000, executive order. That omission raised alarms within the union ranks.

"Privatization will introduce a profit motive or other financial pressures into a system whose current imperative is safety," Carr said. "We have seen this happen in other countries that have tried [this], and we are determined to prevent it from happening here."
*******************************
Federal Computer Week
E-gov selection process found to be flawed
BY Christopher J. Dorobek
Dec. 20, 2002

During the selection of the Bush administration's 24 e-government initiatives, the Office of Management and Budget did not consider how at least half of the projects would impact the customer, a new report from the General Accounting Office said.

In the selection of the 24 initiatives, OMB used a streamlined process to select 34 projects from 350 proposals. To do that, OMB's e-government task force developed abbreviated, "mini" business cases for the 34 projects. The President's Management Council approved the final 24 initiatives in October, less than two months after the process was started.

Those "mini" plans contained "at least some of the key information" that GAO determined was necessary for OMB to select and oversee the e-government initiatives. But the report notes that OMB did not collect complete business case data.

"OMB did not have all the information needed to fully monitor progress and development of the initiatives," according to the GAO report, "Selection and Implementation of the Office of Management and Budget's 24 Initiatives."

The GAO review was conducted at the request of Sen. Joe Lieberman (D-Conn.), chairman of the Senate Governmental Affairs Committee and the author of the recently signed E-Government Act.

"It troubles me that OMB decided upon its signature e-government initiatives without considering the very factors that it has identified as essential to successful e-government," Lieberman said in a statement.

"Especially now that the E-Government Act has passed, I hope that OMB will evaluate its programs more carefully, and consult closely with Congress, to ensure that its initiatives realize e-government's true potential," he said.

GAO found that fewer than half of the initiatives business cases addressed collaboration and customer focus, "despite the importance of these topics to OMB's e-government strategy," the report says.

Furthermore, only nine of the initiatives had identified a strategy for obtaining funding.

In addition, the accuracy of the estimated costs in the funding plans were questionable, GAO determined. Since May 2002, estimated costs for 12 of the initiatives have changed significantly, by more than 30 percent.

OMB officials were not immediately available for comment.
*********************************
Federal Computer Week
USC wins Spawar pact
BY Matthew French
Dec. 26, 2002

The Space and Naval Warfare Systems Command (Spawar) last week awarded a $1.7 million contract to the University of Southern California to develop technology that will help further the Defense Advanced Research Projects Agency's Total Information Awareness (TIA) project.

The contract, which is scheduled to run through 2005, was awarded Dec. 18. It calls for the "development of information technologies to aid in detection, classification, identification and tracking of potential foreign terrorists to prevent terrorist acts."

A DARPA Broad Agency Announcement was issued in March to companies and universities to develop research that will allow the federal government and certain intelligence agencies to track and monitor information. Spawar awarded a contract to USC to develop unspecified technologies to complement the TIA project.

"The proposed research should investigate innovative approaches that enable revolutionary advances in science, technology or systems," the original proposal read.

Several TIA components are housed at the Army Intelligence and Security Command's Information Dominance Center. That partnership enables DARPA to maintain its research and development focus while working with the command on testing and evaluation and getting technology into the user's hands as quickly as possible.

"There are currently subsets of the tools and technologies being used by analysts to help us understand if they are useful or not," Robert Popp, deputy director of DARPA's Information Awareness Office, told Federal Computer Week in October.

The TIA project is funded in the fiscal 2003 budget at $10 million, and DOD is developing future funding requirements.

However, the Electronic Privacy Information Center obtained DARPA budget documents and found that although the TIA budget is $10 million, related programs that may become part of the system are funded at $240 million for fiscal 2001 through 2003.

DARPA received more than 170 proposals after issuing the broad agency announcement for the TIA system and is in the process of funding the most relevant ones.
**********************************
Government Computer News
New organization takes over .org domain registry
By William Jackson

The newly created Public Interest Registry started the year by assuming registry operations for the .org top-level Internet domain.

Registry operations had been handled by VeriSign Global Registry Services under a Commerce Department contract with VeriSign Inc. of Palo Alto, Calif. That contract expired Dec. 31. PIR is a nonprofit organization headquartered in Reston, Va., created by the Internet Society. It was one of 11 organizations that submitted bids to the Internet Corporation for Assigned Names and Numbers to manage the domain.

During a 25-day phase-in period, VeriSign will continue to handle back-end technical services. On Jan. 25 those operations will be taken over by Afilias Ltd. of Dublin, Ireland. Afilias will manage the registry of 2.4 million .org names for PIR at a data center in Horsham, Pa.

"PIR is now handling administrative operations" of the domain, said spokeswoman Julie Williams. The organization has a board of directors in place and is searching for a CEO, Williams said.

Top-level domains, such as .org, .com and .gov, are used in uniform resource locators to identify Web sites tied to specific IP addresses. The Commerce Department, which had handled IP address assignments and domain name registration through private contractors, is in the process of turning over these responsibilities to the independent ICANN.

The .org domain is reserved for nonprofit organizations. Commercial operations typically use the .com domain. Private registrars will continue to sell .org names, and registration and renewal of names will continue through registrars with no new requirements. Williams said the only change customers should notice is an improvement in service, with registration resolution times reduced from a matter of hours to several minutes.
******************************
Government Computer News
01/02/03
Distance-learning site graduates to next level
By Dawn S. Onley
GCN Staff

The Army will expand its virtual university program to more than 30,500 soldier-students at 14 installations this year.

The Army launched eArmyU in January 2001, giving soldiers free access to online courses at about a dozen colleges and universities. This year, eArmyU will be offered at 32 colleges and universities nationwide, said Lt. Col. Anthony Jimenez, eArmyU program director.

By the end of fiscal year 2005, the Army anticipates that more than 80,000 students will have taken classes through the program.

IBM Corp. built and maintains the electronic learning portal under a five-year, $453 million contract. The company hired dozens of subcontractors and set up the portal by integrating 10 software products with the Army's three legacy systems.

The portal provides registration, tutoring and technical assistance. Credits are transferable among the participating institutions. Through the program, soldiers can earn certificates as well as associate's, bachelor's and master's degrees.

Each soldier participating in the program gets a notebook PC, printer, e-mail account, Internet access, books, plus academic and technical support. Credits are transferable among the participating colleges.

The eligibility requirements mandate that a soldier has to have three years time remaining in service to qualify for the program.
**********************************
Government Computer News
Interior gets new CTO
By Wilson P. Dizard III

John Branan, formerly chief computer scientist at the Patent and Trademark Office, has become the Interior Department's new chief technology officer.

Branan worked at AnswerThink Inc. of Miami and KPMG Consulting Inc. of McLean, Va., before joining the patent office, Interior officials said.

In his job as Interior's CTO, Branan will enhance the technical expertise of Interior's CIO office, said deputy CIO Sue Rachlin. His responsibilities include assisting with technology matters throughout the department, including its shift to Microsoft Windows XP systems [Click here to read GCN's online coverage] and the department's reform of its systems for managing American Indian trust funds, she said.

Branan was not available for comment.
*******************************
Government Computer News
12/31/02
Lawsuit stalls PTO automation
By Wilson P. Dizard III

The Patent and Trademark Office has suspended its switch from paper to electronic record-keeping for patent search files because of a lawsuit filed by the National Intellectual Property Researchers Association.

In a letter sent recently to House Judiciary Committee chairman Rep. James Sensenbrenner (R-Wis.), undersecretary for intellectual property James Rogan rescinded the agency's certification that the switch to electronic systems would not affect the public negatively. He said PTO would revise its implementation plan.

"In order to permit appropriate revisions to the plan and to avoid needless, time-consuming and costly litigation. ? USPTO will resume maintenance of its paper public search collections while it revises the plan," Rogan wrote to Sensenbrenner.

In a concurrent press release, Rogan said the patent office remains committed to adopting e-commerce technology.

The nonprofit NIPRA sued PTO in August in District Court for the Eastern District of Virginia, charging that its patent databases are riddled with errors and that paper patent records still are essential to conducting proper patent searches. [To read GCN's online coverage, click here]

A patent office spokesman said the agency's plan for automation "has always been a work in progress" and that the office continues to receive advice about how to proceed from various organizations.

NIPRA vice president Robert Weir said the court had ordered PTO to develop a consent agreement to settle the lawsuit.
********************************
Government Executive
December 20, 2002
No cyberterrorismyetsays security chief
By Shane Harris
sharris@xxxxxxxxxxx

Although terrorists have yet to execute a successful Internet-based attack on the United States, criminals continue to assail private and public sector computer systems, causing millions of dollars in damage and posing a threat to national security, said Richard Clarke, the president's cybersecurity czar, at a Thursday briefing.


Clarke, a strong advocate of increased electronic security, has helped to raise the issue to national prominence, but he has also suffered criticism from skeptics that say he and the White House overstate the threat posed by cyberterrorists.


Clarke, a counterterrorism official in the Clinton administration, acknowledged that terrorist organizations such as al Qaeda haven't turned the Internet into a weapon. But he cautioned against complacency. For years, he said, counterterrorism experts never thought terrorists would launch strikes such as the Sept. 11 attacks within the United States, because they wanted to use the country to make plans and raise funds without drawing the attention of law enforcement and intelligence officials.


Private-sector computer networks are hacked ever day, Clarke noted. Since companies use the Internet to communicate and conduct electronic transactions, disruptions to their networks undermine U.S. commerce, he said.


In order to defend networks, security experts and government officials agree that companies must tell authorities when their systems have been compromised. But businesses are often reluctant to do so for fear of bad publicity. FBI director Robert Mueller has complained that unwillingness to disclose hackings prevents his agency from investigating cyber crimes.


Still, companies are sharing more about the wounds they've incurred at the hands of hackers. In the year 2000, organizations reported almost 22,000 incidences of security violations to the Computer Emergency Response Team Coordination Center, a federally funded research center at Carnegie Mellon University in Pittsburgh. In 2001, that number more than doubled to almost 53,000. By the third quarter of 2002, more than 73,000 incidences had been reported.


Nevertheless, in an October speech before technology executives in Northern Virginia, Mueller chastised businesses for only reporting a third of cyber crimes committed against them.


Clarke said the White House has no plans to impose regulations forcing companies to reveal the security of their networks. But he admonished businesses to take security matters into their own hands. "Don't wait for the government to tell you who the threat is, because the government may not know in time," he said.


Numerous federal agencies monitor threatssuch as computer viruses and wormsto private and public networks. Several of the largest organizations are now part of the Homeland Security Department. However, no single agency has a total view of all the threats moving through the Internet.


To help create a more unified picture of the state of the Internet at any given moment, Clarke has proposed building an international monitoring center. Companies and government agencies maintain such "situation rooms" to keep tabs on their own networks. But no organization or government has been able to put all those efforts in one place, and there hasn't been a major push in the United States to do so.


On the subject of cyber warfare, Clarke said the military lacks a policy doctrine that would allow it to launch electronic attacks on foreign countries. The Pentagon has the capability to conduct network warfare, and countries such as China and Iraq have reportedly been building their own cyber forces, as well.


Defense Department officials have complained that the lack of parameters on fighting in cyberspace has tied their hands. Clarke said he couldn't comment on how far along the Pentagon is defining a cyber warfare policy, but he said, "We're making progress."
********************************
Government Executive
December 20, 2002
Inspector general blames top FBI officials for technology failures
By Shane Harris
sharris@xxxxxxxxxxx



The FBI is pouring hundreds of millions of dollars into information technology projects without assurances that the money is being well spent or that projects are meeting their goals, according to a Justice Department inspector general's report.


The report criticized the FBI for failing to use management practices required by law and commonly recognized as effective to make better use of its technology assets and to make better decisions on where to invest money.


Many of these problems stem from the FBI's failure to follow "a disciplined process" of tracking technology projects, the report found. Specifically, the FBI hasn't adequately established technology investment review boards to make decisions on what to buy and to ensure that projects are meeting their goals on time.


The report singled out the FBI's Trilogy project, a $458 million effort to replace the agency's antiquated computers and data networks with modern equipment, for harsh criticism. A lack of oversight on Trilogy "contributed to missed milestones and led to uncertainties about cost, schedule and technical goals," the report concluded.


Despite $78 million in additional funding, the FBI missed a July 2002 deadline for upgrading equipment in its field offices, including installing new computers and networks, the inspector general found. FBI officials reported that this phase wouldn't be completed until March 2003.


"The management problems associated with Trilogy demonstrate the FBI's urgent need for enhanced IT investment management," the report said.


Technological shortcomings have hampered the FBI's efforts to pursue criminals and terrorists. For example, agents in different field offices investigating the Sept. 11 hijackers after the attacks couldn't exchange pictures of the suspects via e-mail. The agency's cumbersome and disjointed electronic case management system is rarely used by agents, and was blamed for the loss of thousands of documents related to the trial of Oklahoma City bomber Timothy McVeigh.


Critics of the FBI, including historians and officials who have served on committees investigating the agency's problems, have repeatedly cited senior officials' lack of interest in managing technology as a top cause of its failings.

One former FBI chief information officer told inspector general investigators that ineffective oversight by top officials had kept project managers from being held accountable for cost overruns, schedule delays and the ultimate performance of technology projects.

Senior FBI officials told the investigators that the bureau's budget process only takes into account the up-front purchase cost of information technology, and doesn't account for the cost of operating and maintaining equipment.

The Trilogy program began during the tenure of former FBI Director Louis Freeh. Current director Robert Mueller is widely regarded as more technologically savvy than Freeh, and he has said that the Trilogy project is a key fix for the bureau's troubles.

The inspector general made 30 recommendations for "specific and immediate steps the FBI should take," including ensuring that members of investment review boards receive proper training and that plans for technology projects include cost and schedule controls.

Such actions "are fundamental to any project management endeavor," the report said, not just technology projects.
*********************************
Computerworld
Wi-Fi spectrum battle pits antiterrorism efforts against commercial growth
By Bob Brewin
DECEMBER 31, 2002

The U.S. Department of Defense has played the antiterrorist and rogue-state card in its attempts to restrict the use of wireless LANs, including those already operating in the lower portion of the 5-GHz band, according to engineers and analysts.
The Pentagon is concerned about the ability of military radar to detect terrorist vehicles as well as stealth aircraft or missiles operated by foreign powers in the face of WLAN interference, the analysts added.

Portions of the 5-GHz band have already been assigned for unlicensed WLAN use in the U.S., Europe and Japan with more than 50 manufacturers making products that operate in these bands.

At a meeting Nov. 11 in Geneva of the International Telecommunications Union (ITU), the United Nations body that oversees spectrum allocations worldwide, the U.S. said it wants the 5-GHz band protected for the use of radars that can "pick out smaller and less reflective targets out of background clutter" and therefore can't afford any interference from WLANs, according to the official U.S. draft position paper submitted to the ITU and obtained by Computerworld.

John Pike, a defense analyst at GlobalSecurity.org in Washington, said the references to "small targets and background clutter" pertain to small boats or planes that terrorists could use to attack U.S. forces. He added that the Defense Department is also concerned about the ability of its radars to pick up stealth aircraft. Pike said China is capable of developing stealth technology similar to that used by the U.S. B-2 bomber, which allows the aircraft to hide its presence from most conventional radars.

Will Strauss, a former radar engineer and analyst at Forward Concepts Co. in Tempe, Ariz., said it would be a "small task" for a country such as China to develop its own stealth aircraft.

The U.S. wants to protect these radars by sharply restricting the use of Wi-Fi gear in portions of the 5-GHz band (5.150-5.350) already opened up for use in the U.S., Japan and Europe.

The U.S. position paper, submitted to the ITU at its November meeting in preparation for the ITU's World Radio Conference (WRC) in June, where the spectrum decisions will be made, endorses a global allocation for WLANs in the 5.150-5.350-GHz band as long as radars are protected by a technique known as Dynamic Frequency Selection (DFS), which shuts down WLAN transmissions when a radar signal is detected.

Bill Calder, a spokesman for Intel Corp., which plans to incorporate WLAN chips into its next-generation mobile computing technology, said that the industry views the Pentagon's DFS restrictions, which he didn't specify, as too conservative. He added the company is working to reach a compromise with the Pentagon before the June WRC meeting.

"We do not want to see that low band [5.150-5.350] unduly restricted. This is a big issue for Intel as we move toward a wireless world," where spectrum is an essential raw material, Calder said.

Rich Redelfs, president and CEO of Atheros Communications Inc., a Sunnyvale, Calif., developer of WLAN 5-GHz chip sets, views the Pentagon's position on restricting WLANs as akin "to trying to put the genie back in the bottle." Atheros already has more than 50 OEM customers for its 5-GHz chip sets, Redelfs said, making it difficult to change the rules.

Craig Mathias, an analyst at Farpoint Group in Ashland, Mass., agreed, saying that although national security is a key concern today, it "would take an extraordinary set of circumstances" for the Defense Department position to prevail, considering the growth potential of WLANs.

Clyde Ensslin, a spokesman for the National Telecommunications and Information Administration, a division of the Commerce Department, which administers all federal spectrum, said the document represents the positions of all federal agencies including the Pentagon and the Federal Communications Commission, but it is still a draft until the final U.S. position is prepared for the June WRC meeting.

Ensslin added the radar section pertains to both military and commercial radars, such as advanced systems that could be used by commercial pilots to detect small planes. Pentagon spokesmen didn't return calls for comment by deadline.
*************************************
Washington Post
FBI Arrests Student Accused of Stealing
By Ted Bridis
Associated Press Writer
Thursday, January 2, 2003; 1:48 PM

WASHINGTON The FBI arrested a Russian college student Thursday who was accused of stealing and distributing hundreds of secret documents about new anti-piracy technology from DirecTV Inc., the nation's leading satellite television company.

The student, identified as Igor Serebryany, 19, of Los Angeles, was accused of sending over the Internet hundreds of sensitive documents describing details about DirecTV's latest "access card" technology credit-card devices controlling which of the company's 11 million U.S. subscribers can view particular channels.

Investigators said the documents were sent to operators of at least three underground Web sites that specialize in hacking these devices to permit subscribers to watch programming they never paid for.

Other Web sites also described details from the documents, but it was unclear whether they actually received copies, investigators said.

Investigators do not think he sought any money in exchange for the disclosures.

The documents included details about DirecTV's latest "P4" card technology, which hackers have so far been unable to crack. A lawyer for DirecTV, Marc Zwillinger, said the papers included details about the design and architecture of the new cards but did not reveal instructions for hacking them.

"Certainly anyone with this information would have an advantage," Zwillinger said.

Serebryany obtained the documents while working part-time at a law firm in California that performed legal work for DirecTV. Serebryany attends college in Chicago but his family lives in Los Angeles.

Serebryany was charged under the Economic Espionage Act of 1996, a law so powerful that until March 2002 only the most senior Justice Department officials in Washington could authorize prosecutors to wield it. Only about 35 criminal cases have been filed under the law.

It prohibits anyone from disclosing trade secrets for economic benefit, and carries penalties in this case up to 10 years in prison and a $250,000 fine. Although investigators acknowledge that Serebryany apparently didn't profit from the disclosures, the law bars giving away secrets for anyone else's economic benefit.
******************************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx