[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips January 6, 2003

Clips January 6, 2003

ARTICLES

Justice O'Connor Reinstates California Ruling In Favor of Former Purdue U. Student
Battle over copyrights brewing
INS proposes passenger matching
Homeland Security Challenge: Make 22 Agencies Work as One
Feds back off proposed disaster recovery regs for Wall Street
Experts See Vulnerability as Outsiders Code Software
Judge Grants Reprieve to Madster
Phone Calling Over Internet Is Attracting More Interest
Council advises architecture security
NIH adds single sign-on to its one-stop portal
National cybersecurity plan omits industry mandates

*************************
Chronicle of Higher Education
Justice O'Connor Reinstates California Ruling In Favor of Former Purdue U. Student
By VINCENT KIERNAN

A U.S. Supreme Court justice on Friday reinstated a lower-court decision that held that a California trade association could not sue an individual in California courts over materials he had posted on the Web while he was a college student in Indiana.

Justice Sandra Day O'Connor made the decision eight days after she temporarily suspended the lower-court ruling, by the California Supreme Court, while she considered whether the DVD Copy Control Association would likely win the case on an appeal to the U.S. Supreme Court (The Chronicle, January 2).

As is usual in such decisions, Justice O'Connor did not issue an opinion explaining her ruling. But to continue her suspension of the California decision, she would have had to find both that the full court probably would have overturned it and that the DVD industry would have suffered irreparable harm without the stay.

The original lawsuit, filed in the Superior Court of California in Santa Clara County, named as defendants Matthew Pavlovich, a former engineering student at Purdue University, and several dozen others. The suit accused them of harming the movie, computer, and electronic industries in California, in violation of copyright and trade-secret laws, because Web sites operated by the defendants had posted or linked to a decryption code for deciphering the content-scrambling system used on DVD's. The encryption system is designed to limit the copying of DVD's.

The California Supreme Court ruled in November that Mr. Pavlovich was immune from the suit because he did not live in California and had not sought to harm California businesses.

The U.S. Court of Appeals for the Fifth Circuit cited the California decision in another ruling, issued December 31, dismissing a defamation suit over an article about the terrorist bombing of Pan Am Flight 103 that had been posted on a Web site operated by Columbia University's journalism school.

The article -- written by Hart G.W. Lidov, an assistant professor of pathology and neurology at Harvard Medical School -- accused Oliver (Buck) Revell, a former associate director of the FBI, of covering up advance notice of the bombing. Mr. Revell, who lives in Texas, sued Columbia and Mr. Lidov, who lives in Massachusetts, in a federal court in Texas. (The full text of the decision in that case, Revell v. Lidov, is available online. It can be viewed using Adobe Acrobat Reader, available free.)

In the California case, Mr. Pavlovich's backers include the Student Press Law Center, which defends students' free-speech rights. Officials of the organization argued that if the DVD association won the case, students would be reluctant to publish on the Internet because they could be sued by companies or organizations in distant states.

Under U.S. Supreme Court rules, the DVD association could request a stay from another justice, or the association could appeal the California ruling to the U.S. Supreme Court without a stay's having been granted.

The DVD association also could sue Mr. Pavlovich in Texas, where he now lives. Allonn E. Levy, Mr. Pavlovich's lawyer, said that Mr. Pavlovich would welcome such a suit. "He doesn't feel that he's done anything wrong," said Mr. Levy. Robert G. Sugarman, a lawyer for the DVD association, could not be immediately reached for comment.
*********************************
Boston Globe
Battle over copyrights brewing
Digital products up for lawmaker debate
By Hiawatha Bray, Globe Staff, 1/6/2003

Congress convenes this week, and if a war and a feeble economy weren't enough to keep the lawmakers busy, there'll also be a host of technology issues. There will be efforts to expand privacy protections for Internet users and crack down on unsolicited e-mail messages, the dreaded ''spam.''

But according to tech-industry watchers, the copyright wars between producers and consumers of digital entertainment products could provoke the most intense legislative action.

''There's a real clash shaping up,'' said Fred Von Lohmann, senior intellectual property counsel for the Electronic Frontier Foundation, an Internet civil liberties group.

One flash point will be the Digital Millennium Copyright Act, a law designed to prevent unauthorized copying of digital products. Producers of digital software, music, and movies want the law to stand as it is.

''We think that the balance struck by Congress in that law is right,'' said Robert Holleyman, president of the Business Software Alliance. ''We think it's premature to amend that law.''

But some lawmakers and consumer groups want to relax the law. They say it's legal for consumers to make copies of their music and video disks for personal use, and they want the digital copyright act to explicitly recognize that.

''I've introduced a bill that would give digital consumers the freedom to bypass that technology, as long as they're doing so for a lawful purpose,'' said US. Representative Rick Boucher, a Virginia Democrat.

Meanwhile, a controversial bill proposed last year by US Senator Ernest Hollings, Democrat of South Carolina, continues to reshape the terms of the debate, even though the legislation went nowhere. The Hollings bill would have required all makers of personal computers and other digital equipment to build features into their products to prevent unauthorized copying of software, music, or videos.

The legislation galvanized ferocious opposition from the nation's powerful computer and consumer electronics industries. But it also drove them to the bargaining table.

''Right now, we're sitting down with the computer people,'' said Jack Valenti, president of the Motion Picture Association of America, ''trying together in good faith negotiations'' to find a compromise.

However amicable the discussions, they're only happening because the electronics companies fear that legislation similar to the Hollings bill could someday become law.

''That's the big ax on the table for the entertainment industry,'' said Von Lohmann.

Computer industry leaders may be talking to the digital content producers, but they're still adamantly opposed to a law that would tell them how to design their products.

''We don't believe a technology mandate is the answer,'' said Jennifer Greeson, spokeswoman for the Computer Systems Policy Project, an organization of CEOs of the nation's biggest computer companies.

But Valenti said that he wants the negotiations to result in a federal law that would impose anti-copying standards on all future digital devices. Unless a compromise can be struck, the Hollings bill, or something like it, could emerge once more.

Another hot-button issue for digital entertainment producers is digital TV broadcasting. Movie makers are afraid consumers will be able to make perfect digital copies of their films, so they want to embed a ''broadcast flag'' - a sort of digital watermark that will prevent unauthorized copying. Once again, this will only work if every digital TV, VCR, or DVD recorder had built-in hardware to detect the broadcast flag and prevent copying of the flagged materials. The Federal Communications Commission is considering such a mandate, and Congress will also consider broadcast flag legislation.

Meanwhile, Boucher said he plans to introduce privacy legislation that would require online businesses to tell customers what they will do with any personal information the customer provides. He also wants to enact anti-spam legislation that would outlaw the practice of putting fake return address and message routing information in commercial e-mail messages. Requiring accurate address and routing information will make it easier for Internet providers to filter out spam messages.

Congress could also find itself tackling the thorny question of whether to levy sales taxes on Internet merchants. Last month, 31 states and Washington, D.C., agreed to ask for permission to start charging such taxes, once a federally mandated moratorium ends next November.

Hiawatha Bray can be reached at bray@xxxxxxxxxx
*******************************
Federal Computer Week
INS proposes passenger matching
BY Judi Hasson
Jan. 6, 2003

The Immigration and Naturalization Service proposed a new rule Jan. 3 requiring airlines and shippers to electronically submit a list of passengers arriving in and departing from the United States.

The proposed INS rule would require all passengers arriving or departing, as well as crew members, to provide the following information: name; date of birth; citizenship; sex; passport number and country of issuance; country of residence; U.S. visa number and other details of its issuance; address while in the United States; and, when it applies, alien registration number.

The information will be compared against different databases seeking to match the names of those on law enforcement watch lists or other data alert network.

The rule proposes to implement Section 402 of the Enhanced Border Security and Visa Entry Reform Act of 2002, which required the new procedure to tighten border security in the wake of Sept. 11, 2001, terrorist attacks.

Although most airlines already have been providing manifests of incoming passengers, it is the first time airlines and vessels will be required to electronically submit a list of passengers within 15 minutes of leaving the United States, according to David O'Connor, regional director of the International Air Transport Association in Washington, D.C.

Another new provision requires manifests to list information about crew members and others getting rides, such as airline employees catching a free flight if a seat is available, he said.

It also is requiring private companies as well as governments to convert their electronic systems to United Nations Electronic Data Interchange for Administration, Commerce and Transport, an international standard for data formats.

The rule is likely to cost the government about $124 million and the private sector $42 million, according to the notice published in the Federal Register.
********************************
Washington Post
Homeland Security Challenge: Make 22 Agencies Work as One
By Renae Merle
Washington Post Staff Writer
Monday, January 6, 2003; Page E01

The transition office for the new Homeland Security Department has the spare feel of Internet start-up soon to be abandoned. The walls are bare, save one on which employees keep count of the days until Jan. 24, when the agency will transform from concept to reality. The offices and rooms are sparsely furnished.

In one of the glass offices, Steven I. Cooper, special assistant to the president on information technology's place in homeland security, contemplated the new department with cautious optimism.

"Candidly, we're moving, I think, somewhat effectively and probably a little slower than all of us would prefer," Cooper said. "That's not because we're doing anything incorrect. It's because this is all new. This is a learning experience. There is no handbook that you can go to, there is no OMB circular, there is no Department of Homeland Security handbook that you can look up in the Library of Congress to say 'Hey, here is how you do this.' "

Cooper, 52, is to be named chief information officer of the new department this month, sources involved in the transition said. The position will give him a key role in deciding how information technology will be used against terrorists. It is a role that bears watching for the dozens of government technology contractors in the Washington area, from Lockheed Martin Corp. on down, that hope for a multibillion-dollar bonanza.

The industry considers Cooper to be a champion of information technology, industry executives said. "This provides the opportunity for the case study of how to do it right," said James A. Kane, president and chief executive of consulting group Federal Sources Inc.

One of the challenges in creating a department from a hodgepodge of 22 federal agencies and 170,000 employees is the information technology headache.

"It is not enough to shuffle redundant or overlapping programs under the new bureaucracy," Michael Scardaville, a policy analyst at the Heritage Foundation, wrote in a recent report. The department "should develop and deploy an information technology infrastructure that links and fuses intelligence and law enforcement terrorism databases."

Federal agencies have a spotty record in launching big information technology projects. The Justice Department's inspector general recently chastised the FBI for its $458 million Trilogy project, a program to upgrade the agency's computer system. Trilogy probably will exceed its budget and be finished late, in 2004, the inspector general's report said.

The Homeland Security Department plans to adopt the best practices from industry, other agencies and academia to avoid such problems, Cooper said. For example, Hewlett-Packard Co.'s "adopt and go" strategy, which emphasizes fast execution once a decision is made, will be a guiding principle, he said.

The agency must merge more than two dozen payroll and human resource programs into a single operation but will not needlessly study every option for months before deciding what to do, Cooper said. "The reason that we have a Department of Homeland Security is to beef up new strategic capabilities and new operational abilities day one," he said. "We only get there if we don't spend time over analyzing every option."

Cooper, an Alexandria native, reached the Office of Homeland Security after nearly 30 years in the industry. After serving in the Navy, Cooper studied chemistry and zoology at Ohio Wesleyan University in Delaware, Ohio. His first post-college job, though, was as a programming analyst at government contractor CACI International Inc.

Cooper later was chief information officer for Corning Inc. He held a similar position at Eli Lilly Co. He said his experience with large acquisitions at both companies will help him integrate 22 agencies into the Homeland Security Department. "I think there are some things that both of those companies did well and there were some mistakes," he said.

After Sept. 11, 2001, Cooper said, he contacted the White House to offer ideas on how information technology could be used to address the problem with "stovepipes" -- disparate federal agencies whose systems cannot communicate with one another. After several visits, director Tom Ridge asked him to join the Office of Homeland Security, Cooper said.

Representative of the agency's challenge will be monitoring the thousands of freighters that enter U.S. ports daily. The task now is handled by several agencies, including the Coast Guard, the Immigration and Naturalization Service and the Customs Service. That scattered approach is not always efficient or effective, Cooper said. Under the new department, the agencies will be controlled by a border and transportation security directorate, combining resources and capabilities, he said.

The department wants a "smart border" program in which cargo ships heading for U.S. ports would electronically file information detailing the contents of cargo containers, crew members' names and nationalities and what stops the ships are scheduled to make before reaching the United States. "What we would really like to do is push that border out so that the border theoretically begins when the ship is being loaded," Cooper said.

But, Cooper admitted, it may be a lengthy process. "I think parts of it could probably be done fairly quickly, meaning within months instead of years," he said. "To fully put together something like that across the world is obviously going to take a longer period of time."

In the short term that will not translate into the gold rush in information technology contracting that many in the industry have expected. There will be priorities, including border and transportation security technology, such as equipment that identifies radioactivity and software that identifies non-obvious trends in databases or protects computer infrastructure from hackers.

Some programs may be delayed or canceled to accommodate those priorities, Cooper said. "We will begin to see some small increase in new programs and new capabilities, but it will not be new, large amounts of money coming to the budget," he said. "It will be a reallocation."
*******************************
Computerworld
Feds back off proposed disaster recovery regs for Wall Street
By LUCAS MEARIAN
JANUARY 03, 2003

Federal regulators have reportedly dropped a proposed plan to require Wall Street firms to move their disaster recovery data centers 200 to 300 miles away from primary data centers, according to an announcement by a U.S. senator today.
In letter to U.S. Sen. Charles Schumer, (D-N.Y.), the heads of the Federal Reserve System, the U.S. Office of the Comptroller of the Currency (OCC) and the U.S. Securities and Exchange Commission (SEC) said they will now work individually with companies to develop contingency plans that will help keep backup sites in New York.

"At a time when New York is scrambling to keep businesses downtown in the wake of 9/11, it would have been disastrous to force the mainstays of New York's financial industry to move out of the city," Schumer said in a statement.

Schumer, a member of the Senate Banking Committee, which has oversight over federal financial agencies, based his analysis of regulators' plans on a Dec. 23 letter from the board of governors of the Federal Reserve System, the SEC and the OCC. That letter said, in part:

"Some of the public accounts, including commentary on prospective job migration, have not accurately described the draft white paper. The draft white paper does not recommend as a sound practice that firms move out of center-city locations. Nor does it set specific minimum distance requirements for back-up operations or mandate the size of the staff at such operations," the letter said.

"As we go forward ... we also intend to work on a case-by-case basis with those firms that the agencies deem critical to the U.S. financial markets as they develop contingency plans to respond to new post-Sept. 11 risk issues," the letter added.

Federal regulators released an interagency white paper earlier this year, titled "Sound Practices to Strengthen the Resilience of the U.S. Financial System," which was criticized by financial services firms as not being able to "accommodate the unique complexity of individual firms."

The Banking Information Technology Secretariat (BITS), a Washington-based organization made up by the 100 largest financial services firms in the U.S., wrote a comment letter in October to regulators that opposed several parts of the plan.

"The regulators are trying to do the right thing, but let's do it in a way where we don't impose excessively high costs or implement something that is technologically not possible to do," said John Carlson, senior director of BITS.

Fibre Channel, which is the common network protocol between data centers, currently has a distance limitation of about 70 miles.

Carlson said BITS continues to work with regulators on identifying vulnerabilities of the financial services industry, including what investments could strengthen disaster recovery sites, testing of companies' business continuity plans and what role the government may play in providing economic incentives or aid for the telecommunications industry.
*****************************
New York Times
January 6, 2003
Experts See Vulnerability as Outsiders Code Software
By JOHN SCHWARTZ

As American companies increasingly move their software development tasks out of their own offices to computer programming companies here and abroad, new concerns are being raised about the security risks involved.

Some of these concerns over the practice, known as outsourcing, are being raised by people with an obvious self-interest for example, programmers who have seen their livelihoods shift to less expensive operations overseas. And the companies providing outsourcing services argue that they take all necessary precautions to limit risk. But the question of whether the booming business in exporting high-tech jobs is heightening the risk of theft, sabotage or cyberterrorism from rogue programmers has been raised in discussions at the White House, before Congress and in boardrooms.

"I can't cite any examples of this happening but what that means is we haven't found any," said James Lewis, director of the technology program at the Center for Strategic and International Studies in Washington. "It's clearly a temptation for people, and it's a concern," he said.

While operations in some countries, like the United States, Britain and India, are considered generally safe for such software outsourcing, nervousness is beginning to grow at companies and in the government about the possibility of abuse by hackers, organized crime agents and cyberterrorists in nations like Pakistan, the Philippines and Russia.

To Mr. Lewis, the potential for problems in the software design process goes beyond the earlier trend of running back-office operations and call centers in other countries.

"The banks have done a fairly good job of insulating themselves," he said, keeping their call centers overseas from being able to engage in unwanted activity. But letting outsiders work on the software that runs businesses and financial institutions could be opening up a world of trouble, he said. "You're going to have code that will be written in countries like India and China," he explained, "and no one's going to know what's in it."

David McCurdy, a former congressman and executive director of the Internet Security Alliance, an industry group, said that although he considered himself a "free trader" with a strong belief in the benefits of global commerce, he believed that the risk from offshore outsourcing was "the most serious of the industry-based issues that this country faces."

The issue has been discussed quietly at the highest levels of government, said Howard Schmidt, vice chairman of the president's critical infrastructure protection board. At the White House, he said, "this has come up as part of a broader discussion of how do we get trust and reliability" in computer systems.

He said, however, that the issue was outsourcing itself, not simply the overseas kind, and cited spies like Aldrich H. Ames and Robert Hanssen as examples of how Americans could do just as much damage to the nation from within as outsiders could. "Irrespective of where it's done, we need to make sure that our code is clean and protected across the board," he said.

It is easy to see why companies find the economics of outsourcing compelling; cost savings can be 25 to 40 percent. Forrester Research of Cambridge, Mass., predicted in a recent report that the acceleration in outsourcing would result in 3.3 million American jobs' moving offshore by 2015, an exodus reminiscent of the tide of American blue-collar jobs that moved to East Asia in the 1980's. Forrester estimates that 70 percent of these jobs will move to India, 20 percent to the Philippines and 10 percent to China.

Patrick P. Gelsinger, the chief technology officer of Intel, said the cost of one engineer in the United States would pay for the services of three Indians, four Chinese or five Russians. But he said he was not concerned about the potential for mischief within his own company's overseas software development. The software is reviewed, he said, to avoid surprises.

"Is it possible?" he said. "Sure, it's possible. Is it a unique risk there? No, it isn't."

Offshore outsourcing got its trial run in preparations for the Year 2000 changeover, when government and industry had to check every line of software for glitches that could make computer networks and even building security systems shut down at 12 a.m. on Jan. 1, 2000.

Much of that work was done overseas, and although industry experts warned that foreign programmers might commit crimes or lay the groundwork for terrorism, no evidence of sabotage occurred, said Jay Ehrenreich, senior manager for cybercrime prevention and response at PricewaterhouseCoopers, the consulting firm. After that experience, he said, many companies felt comfortable sending software work overseas, and now such bespoke programming is done around the world.

Programmers say the confidence is not justified.

"Anyone tells you that `offshoring' computer systems does not put the infrastructure at risk is lying," said Ken O'Neil, a programmer who lives on Long Island. He and other programmers talk of "sleeper bugs" that could be set to go off at a later date, or back doors that would let intruders in to shuttle money around, steal fractions of a penny from millions of transactions or shut down the system entirely. They warn of risks from political instability, organized crime and terror cells, and even from governments that might demand the ability to spy.

Such talk could be dismissed as the grumblings of disgruntled white-collar workers who have seen their high-paying jobs move elsewhere. "Nobody is going to cry for people who make $75,000 or $100,000 a year," said Marc Alan Fink, who lost his programming job more than a year ago.

In fact, some of the newly expressed concern is part of a long-running and acrimonious fight by programmers to hold on to their jobs in the face of relaxed immigration standards for technical workers and increased outsourcing. They attack the rise in special visas for immigrant engineers, known as H1-B visas, and the trend toward sending jobs overseas.

The companies that provide software outsourcing services say that they take rigorous precautions to ensure that their employees are trustworthy and their code is secure.

Arup Gupta, president of Tata Consultancy Services, an Indian company that is part of a conglomerate, said he had gotten worried calls from clients after the recent F.B.I. raid on Ptech, a software company in Quincy, Mass. The agents were looking for connections between the company and Yasin al-Qadi, a Saudi Arabian financier suspected of financing terrorism, but early speculation in news reports focused on questions about whether the company, which provides software used by many government agencies, including the F.B.I., was secure.

Mr. Gupta assured his clients that his company used exacting background checks and multiple reviews of company-written software based on industry standards. "With all these in place, we can guarantee, basically, that the code we deliver will be bug-free and will perform to specifications and will not have holes in it," he said.

He said he could speak for only his own company, but he added that since the Sept. 11 attacks, security fears and economic troubles had shrunk his industry and brought about the consolidation of the major Indian software houses. "The top five or six companies, you can be assured that they are conforming to these standards," he said. "The others, you cannot be sure but maybe they are."

United States technology services companies are also expanding their overseas outsourcing offerings. Electronic Data Systems provides outsourcing services in 93 "solution centers" that it has opened around the world since 1990. Paul D. Clark, the chief information security and privacy executive for the company, said E.D.S. understood that the threat of sabotage in outsourcing is real. He said, "To say that it isn't is to deny the realities." That is why the company adheres to security and testing standards wherever code is written, he said, adding, "whether it's India or Indiana, it doesn't make any difference."

The company is careful about what code it releases to which countries, said Dan Zadorozny, president of application services for EDS Solutions Consulting; some federal government work, he said, is done only in the United States and Britain, and "we're not going to move that anywhere." But E.D.S. insists that its standards are high enough that its outsourcing sites offer "a more secure environment than you can provide yourself."

Some programmers, however, argue that reviews are less thorough than companies say. "If code runs, I assure you, nobody ever looks at it," said one, who said conducting a line-by-line review would be like having an electrician tear into walls to check wiring even though the lights were working. "It never gets done in practice."

Mr. Ehrenreich, the crime consultant, said that it was up to companies to demand that kind of security, even if it cost more. He recalled a case in which he was asked to investigate the possibility of illegal activity on an Indian outsourcing contract and discovered that it was nothing more than run-of-the-mill overbilling fraud.

What struck him, however, was that the company had no idea how big the problem was. He said far-worse crimes could have been committed without anyone's knowing. "The risk was there that more could have been done," he said. "They clearly did not have the controls in place to mitigate it, control it."

"You can outsource the work," he said, "but you can't outsource the risk."
**********************************
Los Angeles Times
Judge Grants Reprieve to Madster
By Jon Healey
January 6 2003

A federal judge in Albany, N.Y., has granted a temporary reprieve to Madster, an online file-sharing system being sued for copyright infringement by the entertainment industry.

The major record companies, music publishers and Hollywood studios accuse Madster, formerly known as Aimster, of enabling wide-scale piracy.

While that case is pending in federal court in Chicago, a federal court in New York is handling a bankruptcy petition filed by Troy, N.Y.-based Madster's creator, John Deep.

On Dec. 2, U.S. District Judge Marvin E. Aspen in Chicago ordered Deep to stop all copyright infringements by Madster while the lawsuit was pending. But U.S. District Judge Lawrence E. Kahn in Albany suspended Aspen's order Friday, citing the potential damage to Madster's creditors. He also scheduled a hearing for Thursday on the issue.

The latest order allows Deep to distribute Madster's software again. But Deep said in an interview that he wouldn't take any action before Thursday's hearing.
*****************************
New York Times
January 6, 2003
Phone Calling Over Internet Is Attracting More Interest
By SIMON ROMER

Phone calls over the Internet may finally be catching on.

When the technique was first used in the mid-1990's, Internet telephone conversations were hailed as a way to make long-distance calls without paying toll charges. The most zealous advocates predicted that the conventional public telephone network would quickly become obsolete. That has yet to happen, of course.

Despite the money-saving potential, sending voice telephone calls over the Internet remains largely a niche service for technophiles and for people seeking cheaper international communications like users of prepaid phone cards, who may not even realize that their discount calls are bypassing the regular phone network. Yet the technology is showing signs of gradually expanding to a broader audience, a step that could eventually mean wide-reaching changes in the telecommunications industry, if early experiments by individuals and businesses are any indication.

Terence Chan, an employee at a Seattle technology company, for example, uses a service called Free World Dialup to talk to his family in Hong Kong. Free World allows Mr. Chan and his relatives to use equipment that looks and sounds like regular telephones but enables users to call one another and pay no fees beyond the rates for their fast Internet connections.

"I was interested in Internet calling as a technological novelty," Mr. Chan said, "but what really got me into it was the fact that it is free."

Among business users, meanwhile, Japanese companies appear to be leading a migration to Internet calling. Organizations like Shinsei Bank and Tokyo Gas have begun using it for internal communications and some external calls. A recent survey by the Mitsubishi Research Institute showed that more than 40 percent of Japanese companies planned to begin using Internet calling in the next few years.

Internet calling currently accounts for more than 10 percent of international calling traffic, with about 18 billion minutes worldwide, up from 9.9 billion minutes at the end of 2001, according to the research firm Telegeography.

"We expect a steady transition to Internet calling so that by 2010, nearly all calls will go over the Internet," said Tom Evslin, chief executive of ITXC, a company in Princeton, N.J., that is a leading carrier of Internet calls.

To be sure, few people in the telecommunications industry expect an overnight transition. Instead, analysts and industry executives foresee a gradual transition over several years, similar to the way people switched from black-and-white to color television.

A big factor is the billions of dollars that large local and long-distance carriers have invested in conventional network equipment. These companies, which still transmit the overwhelming majority of phone calls, will be reluctant to mothball their systems anytime soon.

Still, numerous companies on the margins and even closer to the center of the telecommunications industry are seeking to take business away from the dominant carriers by offering cheaper Internet-based services.

One of them is Mr. Chan's provider, Free World, a company based in Melville, N.Y. Free World gives its users five-digit telephone numbers that enable them to communicate using special Internet phones made by Cisco Systems, for which Free World users pay less than $300. If the company can reach its target of 50,000 users by September, it plans to start charging for add-on services like voice mail and conference calling.

Advances in technology and the use of faster network connections have alleviated many of the problems that plagued early forms of Internet calling, like noticeable delays between the time someone spoke a word and the time the person receiving the call heard it. The sound quality is now comparable to that of calls placed via the public telephone network.

These improvements have benefited companies that transmit international calls over the Internet, providing the service to other companies that sell prepaid calling cards to the public. The callers and the people they call, who use regular telephones, typically cannot tell that the Internet is carrying all but the first and last few miles of their calls; the signals are routed through Internet gateways.

The big difference between calls that travel over the Internet and those that use the regular telephone network is the underlying routing technology. Although the public phone network has become highly computerized in recent decades, it is still in many ways the equivalent of stringing two cans together to allow sounds to travel from one point to another: each conversation requires a single dedicated circuit. The modern phone network's complexity lies in the way any two "cans" are able to be temporarily strung together by software that routes calls through a carefully designed system of thousands of switching locations.
The Internet, on the other hand, uses a crazy-quilt network to send and receive information, whether it is in the form of voice calls, e-mail messages or video conferences.

In each case, sounds, text messages or images are digitally broken into tiny bits of information and disseminated over the network, using any number of routes before all the packets of bits are reassembled at the other end of the line.

Many network engineers say that if telephone networks were built from scratch today, they would almost certainly be Internet-based.

The Net is believed to be more efficient compared with the dedicated circuits of conventional phone networks.

Executives at some of the largest telecommunications communications companies are planning to make Internet calling part of their business as they seek efficient ways to route some calling. But they expect the technology to catch on at a much slower pace.

"We have a very reliable telephone system that has worked well for many decades," said Eric Rabe, a spokesman for Verizon Communications, the nation's largest local telephone company. "We see an eventual movement away from the traditional system, but right now it's mainly early-adopter types."

As more calls are made through a mix of Internet and conventional methods, pricing is likely to become an issue. Calls over the conventional network especially long-distance calls have generally been priced on a per-minute basis, while billing for Internet connections is more typically a flat monthly fee. Either system could be changed, although the Bell companies and other giant carriers have an interest in maintaining the pricing for the conventional network.

In addition, governments in several developing countries, including Panama, Kenya and South Africa, have sought to limit the use of Internet calling out of concern that national carriers in those countries were losing revenue to Internet-based systems. In those countries and elsewhere, regulators could require that Internet calls be billed by the minute or taxed.

Within this country, a potentially major force in Internet telephony could be the cable television industry. Large cable companies are already providing telephone service, with about 2.1 million local voice customers as of June 2002, according to the National Cable and Telecommunications Association. Though it is still a relatively new business, that number is expected to grow as cable companies bundle local phone services with their offerings of fast Internet service and digital cable television.

Other companies, mainly start-ups that have managed to survive the industry's recent turbulence, have their own strategies. One such firm is Vonage, a company in Edison, N.J., that offers flat-rate calling services over high-speed Internet connections.

Vonage customers can use a regular touch-tone telephone for a service plan that charges $40 a month for unlimited local and long-distance calling in the United States. Vonage subscribers use an adapter that lets them connect their phones to their high-speed Internet modems. Users also have access to low-cost international calling plans.

Despite the attention on consumer-focused services like Vonage's, some analysts say the real growth behind Internet calling will come from business customers. But in this country, that will require the continued growth of high-speed, or broadband, Internet services.

Tom Nolle, the president of the CIMI Corporation, a technology consulting firm in Voorhees, N.J., says broadband penetration needs to climb to about 20 percent of the population from the current level of 10 percent for Internet calling to begin to make sense to a large number of businesses.

Once that happens, companies can start to use Internet calling to communicate between their own offices and customers and suppliers. Such a trend, of course, would raise the competitive pressure on large local phone companies like Verizon and SBC Communications, which so far have felt minimal impact from Internet telephony.

Another source of pressure on the phone companies could be the growing popularity of the form of wireless Internet access known as Wi-Fi. Several start-up companies mean to provide Internet calling services via Wi-Fi networks, using hand-held or laptop computers equipped with microphones and earpieces.

"There's no reason why companies can't use P.D.A.'s to give employees in the field a way to access their corporate telephone systems," said Raju Gulabani, the chief executive of TeleSym, a company based in Bellevue, Wash., that makes software for wireless Internet calling on hand-held personal digital assistants, or P.D.A.'s. Intel's communications fund is an investor in TeleSym.

As with any emerging technology, it is unlikely that all the new approaches to Internet telephony will take hold. But one thing is clear: Internet phone calls have emerged as one of the most creatively vibrant parts of the battered telecommunications industry.

"There's been very little innovation in 125 years of the public telephone network," said Jeff Pulver, founder of Free World Dialup. "Anything that can be done to wrest influence from the large companies that have such control over the way we talk to each other is a step in the right direction."
*******************************
Federal Computer Week
Council advises architecture security
BY Megan Lisagor
Jan. 3, 2003

In this season of resolutions, the CIO Council has reminded agencies to secure their enterprise architecture software tools and the sensitive information those tools collect.

Enterprise architecture software aligns information technology investments within and across agencies, providing up-to-date inventories of systems. Experts have called the tools critical to the success of e-government.

"The detailed information they and associated databases contain regarding agency assets and processesÖshould be considered mission critical," officials from the council wrote in a Jan. 2 letter to chief information and security officers. "These applications must be appropriately secured to protect against the harm resulting from the loss, misuse or unauthorized access to or modification of information."

The council advised agencies to discuss plans to secure the software as part of their next quarterly updates to the Office of Management and Budget. They should do so, officials noted, in compliance with the Federal Information Security Management Act. FISMA, passed as part of the E-Government Act last month, updates the Government Information Security Reform Act of 2000, which expired Nov. 29, 2002. GISRA combined many federal security policies into one law.
*******************************
Government Computer News
01/06/03

Name recognition company helps FBI in search of illegal visitors

By William Jackson
GCN Staff

Language Analysis Systems Inc., a producer of multicultural name recognition software, has given the FBI information about the names of five individuals suspected of entering the country illegally about three weeks ago.

The FBI published an alert Dec. 29, saying it was seeking five individuals with Pakistani names believed to have crossed the border from Canada around Dec. 24. LAS, of Herndon, Va., provided the FBI with a list of variations of the names on Dec. 30, and published the most common variations on its Web site today.

It is common for names transliterated from foreign scripts such as Arabic to have several valid spellings in the Roman alphabet, complicating the task of tracking and identifying people who enter this country.

LAS has worked as a consultant for 18 years with the federal law enforcement, intelligence and border control communities developing proper name analysis applications. It received permission to commercialize the software in 2001 and released its Name Reference Library, which uses a database of 1 billion names to provide variations of and information about proper names.

Chief executive officer John Hermansen said about 75 percent of the company's sales are to government, but private sector sales to companies such as banks and airlines are growing.

The FBI is searching for Abid Noraiz Ali, Adil Pervez, Akbar Jamal, Iftikhar Khozmai Ali and Mustafa Khan Owasi. LAS posted a list of more than 70 alternate spellings to the names on its Web site at las-inc.com/fbialert. The company calls the alternatives "highly plausible" variations of the names originally provided in the FBI alert.

Organizations that can demonstrate a need can get the full list of name variations from LAS by e-mailing a request to fbialertrequest@xxxxxxxxxxx and including name, organization, title, address, phone number and the purpose of the request.
*****************************
Government Computer News
01/03/03
NIH adds single sign-on to its one-stop portal
By Vandana Sinha

Early next month, employees who log on to the National Institutes of Health's my.nih.gov data portal will need only one password to open protected applications. NIH's Center for Information Technology announced this month that it is erecting a security gateway, called Enterprise Authentication, which will later extend to the Integrated Time and Attendance System and the NIH Business System modules for travel, general ledger and budget functions.

Once those applications are connected, likely by spring, the authentication umbrella will be unfurled over other NIH Business System modules, the nVision data warehouse and the NIH Enterprise Directory. The umbrella system is built on SiteMinder network access software from Netegrity Inc. of Waltham, Mass.

The crossover of so many applications, however, requires administrators to revert any personalizations that employees have made to their portal pages back to a uniform default profile. If employees want to preserve their personal changes to My Pageswhich display up to 150 items such as weather, airport delays, biotechnology news and virus warningsthey must send their user names and domains by Jan. 14 to portaladmin@xxxxxxxx

The portal, which has been running since June 2001, combines the agency's internal data, documents and processes with external research news and links. Employees can plug into shared Communities sites about specific topics and consult a Document Directory of all NIH resources.
************************
Government Executive
January 6, 2003
National cybersecurity plan omits industry mandates
By Bara Vaida and William New , National Journal's Technology Daily

The latest version of the national cybersecurity plan expected to be presented to President Bush within the next month encourages the private sector to do more to protect the Internet but without mandates on industry, which had been proposed in the initial draft released publicly last September.


Internet service providers (ISPs) will not be required to build a centralized system to enable broad monitoring of the Internet; rather, they will be encouraged to develop a national network operations center (NOC) that could complement a federal cybersecurity response team that is to be developed in the Homeland Security Department, according to a copy of the plan obtained by National Journal's Technology Daily.

"In substance, the latest draft isn't all that different from September," said one high-tech industry source who viewed the latest version. "Stylistically, it's much different in that it is much better written, simpler and more straightforward. If you ticked off the items in this draft compared to the other, however, there aren't that many differences."


The administration has been gathering comments on the first draft and has addressed issues raised in those comments, including suggestions that the plan more clearly state that it does not seek to regulate the private sector.


Late last month, The New York Times reported that the Bush administration was planning to propose requiring that ISPs build a central monitoring system of the Internet, raising fears that the strategy had become more regulatory. However, the version that has been circulating within the high-tech sector since December says only that private-sector organizations focused on cybersecurity "should consider the benefits of creating an entity or center with a synoptic view of the health of cyberspace on a 24 by 7 basis."


The creation of such an operations center will continue to face resistance from companies that have made a business by monitoring cyberspace for specific clients, a high-tech lobbyist said. Richard Clarke, the special adviser to Bush on cybersecurity and chief architect of the strategy, "just hasn't made a good enough case that a NOC is necessary ... when it is already being done in the private sector," the lobbyist said.

The strategy states that "federal regulation will not be used as a primary means of securing cyberspace" but also emphasizes that the federal government cannot protect the Internet alone.


On the international front, the draft still makes a strong pitch for global cooperation but adds that the United States "reserves the right to respond in an appropriate manner, including through cyberwarfare." It also stresses stronger U.S. counterintelligence efforts in cyberspace, improvements in attributing cyberattacks to their sources, and better interagency coordination.


Other points emphasized in the latest version include:


A Cyber Warning and Information Network to allow government officials and the private sector to discuss cyber threats.

Tests to determine the impact cyberattacks would have on processes in various agencies.


A program to manage the information flow and to protect the information on threats to critical infrastructures that companies voluntarily submit.


A public-private task force to recommend the implementation of the new Internet protocol, IPv6 in the United States.

Annual priorities for cyber-security research and development and periodic reviews of emerging cyber-security technologies.

An information and analysis center for universities and colleges because they have among the most powerful computing systems in the nation.

A task force of public and private-sector officials to identify ways that information technology providers, other organizations and the government can reduce the burden on home users and small businesses in securing their computer systems.
*****************************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx