[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips February 12, 2003
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;
- Subject: Clips February 12, 2003
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Wed, 12 Feb 2003 13:39:31 -0500
Clips February 12, 2003
NIMA?s ruling on unions will affect some IT workers
Federal Check Processing Centers Close
Police Speeding Up Plans to Pinpoint Cellphone Calls
Nintendo announces huge seizure of pirated games in China
CSFB Says Data Tied to Lawsuit Were Lost
But we don't like spam Junk e-mail detested, polls find
Spam Offers: Some Legit, Most Not
Senators want CRS info online
Shuttle probe board will exploit IT tools, investigator says
Social Security IG team plans upgrade of forensics app
Military?s newest weapon: instant messaging
U.S. ?cyber army? stands ready for war
ABA refuses to endorse UCITA
Amendment to curb Pentagon database dragnet advances
*******************************
NIMA?s ruling on unions will affect some IT workers
By Dawn S. Onley
The National Imagery and Mapping Agency has taken away the collective bargaining rights of about 1,000 cartographers, digital imaging and data management specialists, and security guards whose work directly affects national security.
NIMA?s director, retired Air Force Lt. Gen. James Clapper, stripped the employees of their collective bargaining rights Jan. 28 and noted that he has the legal authority to abolish bargaining units when the agency?s jobs affect national security.
A NIMA official said the legislation that established NIMA ?permitted continuation of limited collective bargaining. Congress stated in the legislative history that it was a 'one-time solution to a unique situation.' ''
The work of the agency has matured since its creation in 1996, the official said. ?Events such as those that occurred on Sept. 11, 2001, have significantly intensified the need for more integrated intelligence gathering,? he said. ?NIMA has now fully realized new changes to employees? duties emanating from the combining of mapping, imagery intelligence, signals intelligence and measurement and signatures intelligence.?
The official said Clapper?s decision was consistent with recent decisions of the Federal Labor Relations Authority, which has denied collective-bargaining rights to employees who have access to classified information and facilities.
The head of the American Federation of Government Employees said Clapper?s decision ?falls in line with President Bush?s antiunion policy.?
?Like other Bush administration officials, Clapper also invokes the terrorist attacks of Sept. 11, 2001, to cloak this union-busting with a respectable cover,? said Bobby L. Harnage, president of AFGE.
NIMA was established on Oct. 1, 1996, by merging the former Defense Mapping Agency and several other Defense Department and intelligence groups.
*******************************
Los Angeles Times
Silicon Valley Hopes to Gain More U.S. Contracts
The E-Government initiative chief says there is a plan to increase high-tech spending.
By Joseph Menn
Times Staff Writer
February 12 2003
The head of a new effort to streamline federal government procurement came to Silicon Valley on Tuesday with encouraging news and the promise of an open checkbook.
Mark Forman, leader of the newly created office of E-Government, told a room of hopeful high-tech executives that the Bush administration plans to boost spending on information technology hardware, software and services to $58.3 billion in the fiscal year that starts this fall, up 17% from $49.8 billion in fiscal year 2002.
With increased demand for homeland security technology and other high-tech gear, the money is already flowing, Forman said.
"I've seen $200-million contracts [signed], competitively, in two months or less," he told executives at a Santa Clara meeting sponsored by the American Electronics Assn.
The E-Government initiative, which was created in December, also includes simplifying the technology procurement process, streamlining the sprawling network of 22,000 federal Web sites and making the government more responsive to its citizens. Those changes will give Silicon Valley firms more chances to win federal money than before, said Forman, who currently serves as associate director of the Office of Management and Budget.
He also met with executives at Sun Microsystems Inc. and Cisco Systems Inc. as part of a regional swing to drum up interest in doing business with the U.S.
Many don't need much persuading. Hundreds turned out to meet Forman on his stops.
"This administration is really focused on making a business case for things, on getting a return on investment. That's great for us," said Borland Software Corp. Chief Executive Dale Fuller.
Revenue from selling programming tools to public agencies has grown substantially in the last few years and accounts for about 10% of Borland's revenue, Fuller said.
He and other Silicon Valley executives said the procurement process is already faster, less subject to political interference and more imaginative than in recent years.
Forman said the government would continue to improve by consolidating purchases by various agencies for hardware and software used in human resources, financial services and account management. He said the effort could save the government as much as 20%.
*******************************
News.com
German registrar bans Web site
By Declan McCullagh
Staff Writer, CNET News.com
February 11, 2003, 5:54 PM PT
update A domain name registrar in Germany has deleted the registration for a gruesome U.S.-based online photo gallery that featured stomach-wrenching images from autopsies and medical procedures.
Computer Service Langenbach, which operates the Joker.com registrar in Dusseldorf, Germany, yanked the Ogrish.com domain name from its database this week in response to a request from a German prosecutor, said the hosting service and the owner of the site Tuesday.
"I've never heard of a case where a registrar can disable a domain over content," said Ted Hickman, who runs Virginia-based ProHosters.com. "I certainly won't be registering any domains at Joker.com...We'll host anything that's legal in the U.S. It's not our job to determine whether content is acceptable to others."
In an e-mail message to CNET News.com on Wednesday, Joker.com said the domain name was deleted because of a Jan. 26 order from Staatsanwaltschaft Dusseldorf, the public prosecutor's office. The alleged offense was "gewaltverherrlichung, and could be translated as glamorizing brutal force," the company said.
This is another case of the global Internet running up against national laws, which in Germany can be unusually restrictive. In October 2001, the Dusseldorf government ordered local Internet providers to block access to four U.S. Web sites, including shock site Rotten.com.
In October 2000, the Chicago Board of Elections won a court order shutting down VoteAuction.com, a Web site in Austria that claimed to allow Americans to trade their votes in the presidential elections that year. It soon popped up under the new name Vote-auction.com.
"The German government has shut Ogrish.com--one of the biggest shock Internet sites around--down through Joker.com," Dan Klinker, the founder of Sterling, Va.-based grish.com, said in an e-mail message on Tuesday. "Ogrish.com is currently being hosted on Ogrish.prohosters.com."
In hopes of finding a more free-speech-friendly locale, Klinker said he has tried to transfer the domain away from Joker.com to a U.S. registrar but the transfer has not taken place yet.
Chuck Gomes, a vice president at VeriSign, which runs the dot-com registry, said he was not familiar with the Ogrish.com dispute but the transfer could be in the middle of the standard five-day process. If Joker.com refused to comply with the transfer request, Gomes said, "We would only take (such) a step if there was some violation of the terms of the agreement that we have with the registrar. We wouldn't unilaterally take it away from them."
"Joker.com's dealings with its customers are basically governed by the usual rules that govern business dealings," said a spokeswoman for the Internet Corporation for Assigned Names and Numbers, which licenses registrars including Joker.com. "So it can permit or deny the transfer between registrants, if that's permitted by its contract and the applicable law."
Ogrish.com became briefly infamous in May 2002 when it posted the 4-minute video of reporter Daniel Pearl being brutally murdered. ProHosters.com deleted the video after legal threats from the FBI, then restored it after the American Civil Liberties Union came to its aid.
*******************************
Associated Press
Federal Check Processing Centers Close
Wed Feb 12, 5:22 AM ET
PEORIA, Ill. - A growing trend toward electronic payment will shutter five Federal Reserve (news - web sites) check-processing centers.
The shutdowns will be completed by the end of next year in Peoria, Milwaukee, Indianapolis, Charleston, W.Va., and Columbia, S.C., the Federal Reserve said. Eight other Federal Reserve offices will remain open but will no longer process checks.
The moves will eliminate about 400 jobs.
"Nationwide, consumers and businesses have made a significant shift in how they make payments, substituting electronic payments for checks," Catherine Minehan, president of the Fed's regional bank in Boston, said in a statement.
The number of checks written has declined from a peak of nearly 50 billion in 1995 to roughly 40 billion in 2002, the Federal Reserve reported. In contrast, electronic payments nearly doubled between 1995 and 2000, to nearly 29 billion.
*******************************
New York Times
February 12, 2003
Police Speeding Up Plans to Pinpoint Cellphone Calls
By KEVIN FLYNN
New York City police officials announced yesterday that they had accelerated their plan to create a tracking system that would be able to pinpoint the location of emergency calls from cellphones.
The city had been scheduled to install such a system at the end of 2005, but the officials said at a City Council hearing that they hope to put a similar one in place within a year.
The need for it was underscored last month when four Bronx teenagers disappeared into the waters of Long Island Sound after making one last 12-second call to 911 from a cellphone they had on a small boat.
Operators have said the call was too short and inaudible for them to get a sense of where it was coming from. Officials have said that with the new technology being discussed, they might have pinpointed it to an exact longitude and latitude.
As it turned out, no rescue units were ever dispatched that night in the Bronx because a 911 supervisor mishandled the call, according to police officials. The incident has led to several weeks of questions about the adequacy of 911 procedures, training and technology, a process that included the hearing yesterday by the Council's Public Safety Committee.
The state of Rhode Island, the city of Houston and three upstate New York counties already have 911 systems that can track emergency calls from cellphones. Several public officials have questioned why New York City is lagging behind, especially since more than $200 million has been collected in 911 surcharges from state cellphone users since 1991.
Councilman Peter F. Vallone Jr., the chairman of the committee, said yesterday that the surcharge fees had been inappropriately spent on the routine costs of the state police instead of on 911 improvements, as intended. State officials have disputed that contention.
Other officials have said that New York City should have pushed harder for 911 improvements without waiting for state support.
The system the city is considering would be able to trace a call to within at least 328 yards, the officials said. Mapping software for such a system is being tested this week at the 911 operations center in Brooklyn, the officials said. If all goes well, said Deputy Chief John Gilmartin, the commander for police technology and systems development, wireless carriers would be told in several months that the city is ready for the improved service.
"The carriers then are required to begin transmitting location information within six months," he said.
Under the current system, installed late last year, the city can trace emergency calls from cellphones, officials said, but only to the cell tower that received the call, which can be several miles away from the actual caller.
In the Bronx incident, even if the location of the teenagers had been tracked quickly, police officials have said the rescue crews were probably too far away to have arrived in time because the water was so cold. The boys' bodies have not been found.
Nonetheless, Mr. Vallone said the city's 911 response capabilities should be more robust considering the amount of surcharges that have been collected from cellphone users. He has sponsored a bill that calls on the state to give the city the entire $1.20 monthly surcharge it charges cellphone users. Only a small portion now goes to the city under the reimbursement formula in effect.
State officials have defended their use of the 911 fees, saying they have been spent just as envisioned by the legislation that created the surcharge in 1991: to cover the cost of having the state police respond to the increased volume of emergency calls because of the widespread use of cellphones. The state comptroller's office has disputed that view, saying the Legislature's true intention was to bolster 911 services.
Mr. Vallone said he supported the comptroller's view and was upset that no representatives of state government had accepted the committee's invitation to address these issues at the hearing.
"We are outraged again by the fact that the state is not here," he told the audience in the Council's City Hall hearing room.
Secretary of State Randy A. Daniels, who is chairman of a new board intended to promote improvements to the 911 system, submitted written testimony but said he could not attend because of a scheduling conflict.
*******************************
Mercury News
Nintendo announces huge seizure of pirated games in China
BEIJING (AP) - Authorities who raided factories in southern China in search of counterfeit Nintendo video games last month found games, packaging and components totaling some 300,000 items, including new titles released just weeks earlier, the company said Wednesday.
The announcement highlighted China's enduring status as a major counterfeiter, despite periodic highly publicized crackdowns on pirate producers of goods ranging from music and videos to designer clothes and software.
China is the main source of counterfeit Nintendo games, a trade that cost the company US$649 million in lost sales last year, said Jodi Daugherty, antipiracy director for the Japanese game-maker's American arm.
``It's our top priority right now. The products are being assembled (in China) and then distributed worldwide, so we're anxious to stop it at the source,'' Daugherty said from Redmond, Washington, where Nintendo of America Inc. is based.
The seizures in January were equal to nearly one-third of the 1 million counterfeit Nintendo games and other items impounded last year in a total of 135 raids, Daugherty said.
The raids were carried out by Chinese commercial officials, rather than police, based on information from Nintendo's own investigators, Daugherty said. She said no criminal penalties have been imposed, but fines imposed on Nintendo counterfeiters last year totaled US$80,000.
The January seizures and most raids last year took place in Guangdong province, which borders Hong Kong and is a center of China's thriving counterfeit industry.
Such product piracy has been a key complaint by China's trading partners, including the United States.
Nintendo says it has filed formal complaints with Washington that China -- as well as Hong Kong, Mexico and Paraguay -- is failing to protect its copyrights adequately.
Such enforcement is required by China's membership in the World Trade Organization, a global rules-making body that it joined in 2001 with promises to crack down on piracy and fake products.
It has made a practice of publicly destroying masses of fake goods, especially CDs and DVDs, though critics say it still has a long way to go. The International Intellectual Property Alliance, a trade group, estimates China's piracy of entertainment and computer goods cost businesses US$979 million in lost sales in 2000.
Nintendo's experience illustrates the ordeals that even the most technically sophisticated companies face in trying to combat determined counterfeiters.
Nintendo encodes its game software and makes key components itself under tight security instead of entrusting work to outside contractors, Daugherty said.
Nevertheless, she said, Chinese counterfeiters are equipped with technology that lets them decode the software and burn it into their own computer chips.
Products seized in January included some of the newest Nintendo games -- ``Pokemon Ruby'' and ``Pokemon Sapphire'' -- that had been released only weeks earlier in Japan, Daugherty said.
``Those were our hottest titles,'' she said, ``and there they were, all counterfeited.''
*******************************
Los Angeles Times
CSFB Says Data Tied to Lawsuit Were Lost
Investment bank tells judge in IPO case that it mistakenly taped over some electronic files.
By Walter Hamilton
February 12 2003
NEW YORK -- Credit Suisse First Boston notified a federal judge Tuesday that it mistakenly taped over about 75 electronic files that the investment banking firm was required to keep as part of a massive class-action suit over Wall Street's handling of initial public stock offerings.
In a four-page letter sent to Judge Shira A. Scheindlin, CSFB's outside law firm wrote that the brokerage had an "inadvertent loss of data" from recycling "operational backup tapes." The letter, a copy of which was obtained by The Times, acknowledged that taping over the data violated the judge's December 2002 document-preservation order.
The "isolated incident" occurred because an employee in the firm's computer department thought that "every substantive document" on the tape was stored elsewhere, the firm said.
CSFB "apologizes to the court," the letter said.
A CSFB spokeswoman declined to comment late Tuesday.
The disclosure comes as authorities are investigating whether Frank Quattrone, who ran the firm's high-tech investment banking practice through the late-'90s bull market, may have sought to obstruct probes into his handling of IPOs.
CSFB suspended Quattrone last week after learning that he may have known that government investigations were underway when he advised employees in an e-mail in 2000 to get rid of certain files. Quattrone has denied any wrongdoing.
The letter Tuesday said the latest incident did not involve any tapes generated by the firm's Palo Alto office, where Quattrone was based.
The incident also did not involve the loss of any e-mail messages. That is key because incriminating e-mails at several brokerages have been central to the government's investigation of wrongdoing on Wall Street.
The only documents that appear to have been lost were those that were stored solely on the tapes and were not saved as hard copies, e-mailed to anyone or kept in CSFB's primary document retention system, according to the letter.
In all, the 75 tapes that were erased were a tiny fraction of the more than 100,000 such backup files CSFB says it has retained.
"We think that it is unlikely that this incident will ultimately affect the quality of information available for discovery in this litigation because there was such a limited amount of data inadvertently lost and there are multiple other potential sources of relevant information," wrote Robert McCaw, a lawyer at Wilmer Cutler & Pickering who represents CSFB.
Nevertheless, Melvyn Weiss, a lead attorney involved in the IPO lawsuit, said late Tuesday that the tapes could have contained valuable information.
"All you need is one good document to blow the whole thing wide open," he said. The class-action suit alleges that CSFB and other major Wall Street firms rigged the IPO market during the late 1990s.
Some of the information on the tapes may be recoverable, but it could be several weeks before it is known if that is possible.
The incident occurred when CSFB's computer department sought to "cut costs" by implementing a "new schedule for recycling backup tapes," the letter said. The system was in effect for about three weeks when CSFB's legal department learned on Feb. 5 that "substantive data" may have been taped over.
*******************************
San Francisco Chronicle
But we don't like spam Junk e-mail detested, polls find
As federal regulators and the newly convened 108th Congress weigh the possibility of new curbs on unsolicited commercial e-mail, a pair of opinion polls scheduled for release today shows overwhelming support for anti-spam legislation.
Nearly 9 out of 10 Americans who use e-mail at work support legislation that would require warning labels on sexually explicit or pornographic spam and establish criminal penalties for spam that contains misleading information about the identity of the sender, according to a national survey carried out by Public Opinion Strategies, a well-known polling firm with headquarters in Alexandria, Va.
Of the 488 respondents, 73 percent said they "strongly favor" such a bill, while only 8 percent said they were opposed. Most of those surveyed said they believe legislation should be coupled with technological measures to filter spam.
While it remains to be seen whether the new Congress, preoccupied with war, taxes and the budget, will even give serious consideration to the issue, the poll results could give the idea a boost.
"American businesses are ready for Congress to act against spam," said Bill McInturff, partner and co-founder of the polling company, in a statement released by the survey's sponsor, SurfControl, a developer of anti-spam software. "The research clearly shows American workers want spam off their desktops and out of their lives."
McInturff handled the polling for Sen. John McCain's 2000 presidential campaign, and now works for the Republican Governors Association and the National Republican Senatorial Committee, among other clients. The New York Times has called Public Opinion Strategies "the leading Republican polling company."
Information-technology managers apparently feel even more strongly about the issue. In a follow-up study, Scotts Valley's SurfControl posed the same questions to 16,785 IT professionals who subscribe to its security newsletter. Of the 1,065 respondents, 95 percent supported new legislation.
A Harris Poll released last month reported almost equally strong support for an outright ban on spam. In a survey of 2,221 adult Internet users conducted in November and December, 74 percent said they favor "making mass spamming illegal," and only 12 percent were opposed.
The sentiment was shared across demographic lines, with support for the idea coming from 70 to 80 percent regardless of age, income level, gender, race or political affiliation, according to an analysis by Harris pollster Humphrey Taylor.
The Harris survey also reported that 80 percent of respondents consider spam "very annoying," which Taylor called "a huge increase" from the 49 percent who responded the same way 2 1/2 years ago. In the new poll another 16 percent said they find spam "somewhat annoying."
By contrast, the percentage of respondents who said they are very annoyed by "how long it takes to find the Web sites you need" has fallen from 20 percent to 10 percent since 2000.
Several anti-spam bills were introduced in the previous Congress. One -- the Can Spam Act, sponsored by Sen. Conrad Burns (R-Mont.) and Sen. Ron Wyden (D-Ore.) -- passed the Senate Commerce Committee last year, but it was not taken up on the floor.
Such proposals have traditionally faced strong opposition from many commercial interests, including the politically powerful Direct Marketing Association. Last fall, however, the organization changed direction and announced that it would support legislation directed against certain spam- related abuses, such as falsified headers.
"Our hope is that there will be some kind of bill, if not within this calendar year, then by the end of the 108th Congress," said Louis Mastria, the DMA's director of public and international affairs.
So far, however, no spam legislation has been introduced in the new Congress. Spokeswomen for Burns and Wyden said they expect to reintroduce their bill at some point, but the timing has not been determined.
The contents of the bill and any possible alternatives are also up in the air. Last year's Burns-Wyden bill was gradually watered down in committee, to the point that anti-spam activists who had originally supported it eventually opposed it.
One of their complaints was that the bill gave legal sanction to the "opt- out" approach, which allows companies to send unsolicited mail and puts the burden on users to object. By contrast, the European Union last year adopted a directive based on the "opt-in" approach, which allows companies to send e- mail pitches only to users who have signed up to receive them or with whom the company has a prior business relationship.
According to Ray Everett-Church, a spokesman for the Coalition Against Unsolicited Commercial E-Mail, the leading draft legislation currently circulating on Capitol Hill also enshrines the opt-out approach.
In addition, it would require an "ADV." tag at the beginning of the subject line of commercial spam. Similar requirements, intended to make it easier for users to set up software filters for their in-boxes, are already on the books in two dozen states, including California, and Everett-Church said they "have proven wholly ineffective in reducing spam."
Last week the Federal Trade Commission announced plans for a three-day forum to explore the effects of spam. The Spam Forum will be held in Washington April 30 to May 2.
E-mail Henry Norr at hnorr@xxxxxxxxxxxxxxx
*******************************
Wired News
Spam Offers: Some Legit, Most Not
The human gene pool should be incapable of producing enough idiots to financially support the vast number of spammers whose scat litters so many inboxes.
So how do spammers make any money when no one with even half a clue admits to doing business with them? Are there legions of poverty-stricken spammers out there who are slowly starving to death?
Unfortunately, no.
A significant number of spammers apparently aren't at all interested in whether anyone buys their wares. Instead, they feed off other spammers in a bizarre cannibalistic pyramid scheme.
Turns out, most spammers make money selling e-mail addresses to other spammers, who then sell those same addresses to others. It's like the legendary snake eating its own tail.
Wired News tested the nature of the spam spin cycle by replying with a request for more information to a randomly selected sample of 75 recent junk messages, using a dozen free e-mail accounts from six different services.
Finding No. 1: Replying to spam will always result in more spam. In fact, 56 percent of the spammers in the Wired News test never replied to requests for more information on their product or service. Instead, the customer's e-mail address was passed along -- presumably sold -- to other spammers, roughly half of whom also did not reply to requests for product information, but again just passed along the address to other spammers.
Seventeen percent of the replies to requests for more information gave rise to what appeared to be "legitimate" offers: people with a real product to sell who were actually interested in selling it.
Most of them were unaware that the recipient hadn't requested their sales pitch. Whoever sold them the e-mail addresses had assured them the recipients wanted the information. A few did not understand what spamming was, or that it was considered to be a less-than-legitimate business practice.
Sixteen percent of the spam messages turned out to be blatant scams.
One spamster offering "100 Hours Free International Phone Calls" provided a phone card useable only after paying an $87 membership fee to activate "phone club privileges."
Responding to assorted "Make Money at Home" offers netted three multi-page Word documents. One looked like it had been copied off an ancient dot matrix printout and contained a list of "hot prospect" e-mail addresses, along with a price list for software products the customer would need in her new career as a kitchen-table entrepreneur (read: spammer).
Ten bucks bought an explanation of how to offer "teasing" products to collect the e-mail and postal addresses of "qualified buyers" to resell to cut-rate mortgage brokers and car dealerships.
For $12, budding Net moguls receive an 11-page treatise on how to sell products on eBay (information primarily culled from the auction site's own help files).
Several "10,000 Qualified Leads!!!" offers, which promised to "solidify your sales contact database," all required users to send in their own contact databases to participate in the program. In return, participants would receive copies of other people's databases, for a fee of $35 to $50 a month.
Replying to an enticing offer to "Find Out Anything About Anyone" for $10 netted a smeary printout of postal addresses, some URLs of publicly available databases and directions on how to search the Internet.
Then there was the $30 bottle of "Siagra," crammed with enough herbal stimulants to keep anyone up for days -- the entire person who ingests it, not just his penis. And a rather terrifying, $18 contraption fitted with a vacuum cleaner set on reverse suction meant to be hooked up to a private part of the user's anatomy. And a $12 cream that smelled and looked suspiciously like Crisco but solemnly promised to regrow "many strong head hairs."
Eleven percent of the requests for additional information bounced back with a message that the spammer's account had been closed due to complaints to the ISP.
Only the spam offers for pornography consistently delivered exactly the sort of materials they promised.
But wait! There's more!
After visiting roughly half the porn sites advertised through unsolicited e-mail, the test computer was littered nasty pop-up ad-producing spyware, and the inbox was crammed with XXX-rated spam that would singe the retinas of all but the most jaded viewer.
*******************************
Federal Computer Week
Senators want CRS info online
BY Sara Michael
Feb. 11, 2003
Sens. John McCain (R-Ariz.) and Patrick Leahy (D-Vt.) today announced their plan to reintroduce legislation to make Congressional Research Service documents available to the public online.
CRS, a branch of the Library of Congress, produces policy briefs, reports and studies that are available on the CRS Web site and CRS' Legislative Information Service Web site. The sites presently are accessible only by members of Congress and legislative support agencies.
"Public records would actually become public," Leahy said.
Taxpayers contributed more than $81 million in fiscal 2002 to fund the CRS, but they don't have ready access to the reports. To obtain copies, a person must go through private companies and pay nearly $30 per report, McCain said.
The public "deserves the most prompt and easy access to that information," McCain said.
A version of the bill was introduced during the last Congress, but didn't make it to the floor. Leahy said the bill will be the same when it is reintroduced, but they "just needed to keep talking about it" to gain support.
The Project on Government Oversight (POGO) echoed the desire to make CRS products public in a report released this week. The report found that CRS blocks public access with an elaborate firewall, which redirects inquiries to the Library of Congress' public Thomas site (thomas.loc.gov).
The Thomas site, however, does not contain up-to-the-minute legislative information, floor and committee schedules and links to CRS reports and issue briefs, the report said.
The report said that CRS officials have argued that making the products available to the public could result in members of Congress losing protection against being sued for statements made on the House or Senate floors. CRS officials also have said that the service runs the risk of copyright infringement or high costs, but POGO discounts such concerns.
"Making certain types of CRS products and its Web sites widely available to the public would provide citizens with the type of high-quality information necessary to actively and knowledgeably participate in public debate about current issues," the project's report said.
Danielle Brian, the project's executive director, said there was an outdated belief that the public shouldn't access certain legislative records.
"Information is power, and it's inexcusable in the Internet Age for this valuable information to be inaccessible to the taxpayer," she said.
*******************************
Government Computer News
Shuttle probe board will exploit IT tools, investigator says
By Wilson P. Dizard III
The Columbia Accident Investigation Board has created a subgroup to handle technical and engineering analyses related to the shuttle disaster.
Hal Gehman, the board?s chairman, said yesterday at a briefing that he had reviewed the investigation plan of the Challenger accident carried out by the Rogers Commission "and overlaid IT on it" for the Columbia review.
The board plans to build a library of data generated during the investigation, Gehman said, describing the role IT will play in the crash probe.
"We will use sophisticated methods of correlating and cross-checking data," he said. He noted that the large number of scientists and engineers working on the project adds to the need to manage data smartly.
"We are going to use IT systems to help brainstorm and make decisions," Gehman said, adding that the type of automated decision-assistance tools the board will use were not available to the Rogers Commission.
The board also plans to create a Web site where individuals can submit information directly to it.
The accident board is overseeing the NASA investigation and has authority to issue task orders to any part of the agency, Gehman said.
One task NASA has begun for the board is creation of a 3-D stereoscopic image of the shuttle as it flew over California, New Mexico, Arizona and Texas. Gehman said that images submitted by the public had been helpful in creating that imagery mosaic.
Separately, a piece of shuttle debris that officials earlier had thought could be one of the shuttle's five general purpose computersused to help navigate the crafthad been subjected to further analysis by NASA?s Mishap Review Team and found to be a radar control system.
(Related story from Feb. 11: Shuttle probe board includes IT in its plan )
*******************************
Government Computer News
Social Security IG team plans upgrade of forensics app
By Dipka Bhambhani
When Guidance Software Inc. releases a new version of its EnCase Forensic software later this month, the Social Security Administration?s Office of the Inspector General will be one of the early upgraders.
Social Security?s IG team decided it had to upgrade because of the agency?s burgeoning caseload, said Sue Hermitage, a computer forensics special agent in the IG Office. She said Social Security number fraud cases have exploded, from 11,000 in 1998 to 73,000 last year.
Version 4 of the Pasadena, Calif., company?s software will handle searches using foreign keywords and speed up searches, company officials said.
With Version 3, users can conduct searches only in English, although they can export foreign-language files using the application.
To speed up the app, the company has revised the search algorithm so that the new version can seek many words simultaneously when users do multiple-word searches. Version 3 makes repeated passes over a file for each word of a search.
?For example, a 20-term keyword search conducted on a 1G drive with EnCase Version 3 took over 13 minutes. The same search run with EnCase Version 4 took only two minutes,? according to a product white paper.
Besides typical criminal activities, Guidance Software officials expect the new version will help its government users investigate files created by terrorists, said John Patzakis, the company?s president and chief legal officer.
The upgrade will cost $395 for government users of Version 3.0, which cost $1, 995. The company reports having 2,000 government users of EnCase Forensic.
SSA began using the app two years ago, Hermitage said. A recent incident convinced her that the upgrade would be worthwhile. When reviewing files on a confiscated PC, she discovered that they were all written in Korean.
Luckily, another SSA employee who could speak Korean was able to read through and search the files manually, Hermitage said. ?When I looked at it, I thought, uh oh, it?s encrypted,? Hermitage said, before determining the text was Korean.
The computer forensics done by the IG Office at SSA will likely get more emphasis in the future. In his fiscal 2004 budget proposal, President Bush this month called for an 8.4 percent increase to $90 million for the IG Office to ?aggressively pursue? antifraud efforts.
Next year, SSA plans to create a Social Security Number Misuse Response Team that will identify and investigate abuse of Social Security numbers and provide assistance to SSA, Congress, the public and other law enforcement agencies.
*******************************
Government Computer News
Military?s newest weapon: instant messaging
By Susan M. Menke
While offline aboard ships or planes, Navy Medical Corps physician Eric Rasmussen continues working in his Groove Workspace collaboration groups. When he?s back online in Kuwait or at Central Command in Florida, his 45 coworkers know via instant messages, and any file changes he has made are securely updated.
?I collect files, images and thoughts in various tools and have a discussion area where I put it all together,? Rasmussen said in an e-mail message from the U.S. Embassy in Kuwait. There he publishes a daily assessment of Middle Eastern media and advises Central Command on protection of noncombatants in potential conflicts.
Workspace is compatible with standard software such as Microsoft Office, Windows XP, SharePoint Team Services, Outlook, Messenger and Project. ?We have designed, with a number of international agencies and experts, a set of tools for humanitarian support,? Rasmussen said.
The tools, developed with help from Robert Kirkpatrick at Workspace?s vendor, Groove Networks Inc. of Beverly, Mass., integrate with Workspace to handle incident alerts, casualty reporting, evacuation requests, refugee registration and screening, map annotation and other data.
Each collaborator ?can read the reference materials on how another does business,? which reduces surprises and redundancy, Rasmussen said.
He said he prefers Workspace to e-mail in some circumstances, because he works across time zones on sensitive medical topics. The technology, Rasmussen said, ?is transparent enough to stay out of the way, and there is a historical record of the pathway.?
Also, he said, the Workspace information is encrypted and distributed ?in case something happens. I work in austere environmentswarships and refugee campsso my laptop is always at risk.?
As both a physician and a Navy officer, Rasmussen said, ?my perspective is a bit skewed, but technology like Groove is now capable of far better than we manage. Unfettered communication is a critical component of the education required of a democracy.?
He added, ?My opinions are not necessarily shared by the Navy or the Defense Department. I?m pretty darn sure they?d point that out.?
*******************************
Government Executive
February 11, 2003
Funding delays stall expansion of online identification
By Maureen Sirhal, National Journal's Technology Daily
A federal initiative designed to verify the identity of citizens doing business with the government over the Internet is facing funding delays, according to Bush administration officials.
The e-authentication project, one of President Bush's 24 initiatives to put more government services online, seeks to allow individuals to garner identification credentials to sign and transmit documents and transact other business online with government agencies. The General Services Administration (GSA) and White House Office of Management and Budget (OMB) are spearheading the project.
But Adrian Fish, GSA's deputy project manager, said at an E-Gov conference on Tuesday that officials might miss a target for launching the gateway because of funding issues. "Our milestone had been September of this year. ... I don't think we're going to make it now," she said.
For now, the e-authentication portal is working on an interim basis under a deal with the technology research firm Mitretek, Fish said, and funding woes have forced the agency to delay its bid to expand the portal. "What we have now is an interim gateway that does work," she said. "It can continue to do business, but it's not really where we want to be."
Still, Fish said GSA is making progress and is working with e-authentication providers to create a "credential consortium" that eventually will certify the firms to offer digital certificates and other third-party credentials for verification at the gateway. GSA also is working with industry communities to see if they can leverage private-sector efforts to issue digital certificates and other Web-based verification credentials, he said.
"We have just joined the Liberty Alliance and are using that body to drive to an open standard" for the software in verification products, Fish said. The alliance is a private-sector group of firms trying to craft a standard for authenticating people's IDs online.
Despite the delays with the government's e-authentication initiative, she said GSA is "getting a lot of interest" from various agencies about becoming part of it.
Officials with other e-government projects, such as the e-grant program, are working with GSA and the e-authentication team to become eligible to issue authentication credentials for citizens applying for federal grants online.
*******************************
Government Executive
February 10, 2003
U.S. ?cyber army? stands ready for war
By Shane Harris
sharris@xxxxxxxxxxx
President Bush has ordered the government to create formal guidelines for fighting a cyber war, The Washington Post reported Friday. In cyber combat, the military would attack its opponents with bytes instead of bombs, using electronic weapons to disrupt or destroy an enemy?s communications, power supplies and other critical infrastructures.
If the president decides to wage this breed of war in Iraq, or any other nation, the mission will fall to the United States? cyber army, a staff of about 150 computer scientists and cyber analysts assigned to the Defense Department?s Joint Task Force-Computer Network Operations.
The JTF-CNO is encamped at a Defense complex outside Washington, the same facility that houses the National Communications System, the government?s emergency communications apparatus.
The cyber army has two missions. The first is guarding Defense?s computer networks from attack, whether by domestic or foreign adversaries. Established only five years ago, the small force has earned its stripes repelling computer nemeses like the recent Slammer worm and hacks by Web site-defacing cyber vandals, many of them teenagers who are most active when they?re home on winter and summer vacations.
Two administrations have shrouded the task force?s second missioncyber offensein secrecy. The White House wouldn?t confirm the report of the new guidelines, but a spokesman acknowledged what is widely known among cyber experts: For years, the military has developed and maintained the ability to electronically battle its opponents.
Has the cyber army ever gone to battle? ?I cannot say,? Walter ?Dusty? Rhoads, the deputy commander and chief of staff of JTF-CNO, said in a recent interview.
Rhoads, an ex-fighter pilot who in 1995 became the founding commander of the Air Force?s first information warfare squadron, a predecessor of the current task force, also won?t reveal the weapons or the methods the cyber army could use. But officials and cyber war experts have said that the same arsenal of worms, viruses and hacking techniques employed by those who attack the government are almost certainly the same ones the government would use to attack its enemies. And Rhoads acknowledged that only people with a formal understanding of how computer attacks can occur, and how computer networks are vulnerable, have the skills to be members of the cyber army.
To conduct its defensive operations, the cyber army relies on intelligence analysis, some produced in-house and some from government and private sector sources, to assess countries? capabilities to attack U.S. systems. That information would also be a key to understanding how to defeat an enemy. That, Rhoades said, is the cyber army?s sole offensive mission.
The art of cyber war breaks into three categories: denial, disruption and exploitation, said Tom McDermott, the former head of information security for the National Security Agency. Any nation employing cyber offense would likely target an adversary?s critical communications or energy systems, shutting them down or cutting off access to them. Also, valuable information contained in enemy systems, such as military intelligence, could be captured, and false information could be spread through information networks to confuse the adversary.
To wage a cyber war effectively, a country needs a computer infrastructure and a computer-educated population from which to draw its soldiers, McDermott said. Iraq has those components, and some cyber analysts believe the Iraqi government maintains a computer attack squad.
As in traditional war, a cyber army might have to use both defensive and attack strategies. Rhoads said there are some classified policies and procedures in place now for conducting offensive operations, but he wouldn?t describe them. The White House reportedly ordered the drafting of cyber war guidelines last summer.
Cyber army soldiers possess many of the same skills as their adversaries. They hold advanced degrees in computer science, often have been trained as intelligence analysts and are fluent in network engineering, science and exploitation. They may have gleaned these skills in the classroom or on the job, in the private or public sector. The cyber army consists of about one-third each military, civilian and contractor personnel.
Rhoads said he and his colleagues attend hacker conferences to make the military?s presence known among the attendees, but also to drum up support for the government. The largest annual hacker gathering, Def Con, holds an annual ?Meet the Feds? panel. Defense officials have spoken at the convention to encourage the most talented attendees to help educate government personnel about cyber attack and defense. They?ve been both welcomed and greeted with contempt by those present.
Rhoads emphasized the government?s policy is not to hire so-called ?black hat? hackers, or those who use their skills illegally. Nevertheless, the soldiers in the cyber army, like hackers, have the skills and capabilities to wound their adversaries, and Rhoads said the Defense Department employs many individuals with the talents needed to be a cyber warrior.
Reflecting the subtle and perhaps arbitrary difference between black hat hackers and their ?white hat? counterparts, McDermott said, there is an ?extensive body of experts who have not crossed that line [of illegal hacking] who serve their government.?
Numerous cyber analysts and hackersregardless of their affiliationsay the likelihood is slim that any government could cause massive damage through electronic means on the scale associated with traditional combat. Cyber offense may, at best, be an accompaniment to common military operations that helps weaken an enemy?s resolve or defenses.
But McDermott cautioned the government not to assume the most powerful weapons in the cyber arsenal have already been exposed. A war might be the most opportune time to reveal new methods and weapons.
?Why would you expect an adversary to lay their cards on the table until it counts?? McDermott said.
*******************************
Computerworld
ABA refuses to endorse UCITA
By PATRICK THIBODEAU
FEBRUARY 12, 2003
WASHINGTON -- The backers of the controversial UCITA software licensing law plan to push ahead this year with their efforts to win more state adoptions, despite a decision by the American Bar Association (ABA) not to endorse the proposed law.
The ABA's governing body on Monday withdrew the Uniform Computer Information Transaction Act (UCITA) from consideration after it was clear the measure didn't have enough support among members to win the backing of the bar association.
The move, taken by the ABA at its midyear meeting in Seattle, has no direct impact on UCITA and the push for state-by-state adoption. But it gives the law's opponents political ammunition to use in states where UCITA is introduced.
UCITA's drafters, the National Conference of Commissioners on Uniform State Laws (NCCUSL), said today that they intend to pursue adoption in states that have shown an interest in it: Arizona, Colorado, Delaware, Oklahoma, and Wisconsin, as well as the District of Columbia.
So far this year, UCITA has been introduced in only one legislature, the U.S. Virgin Islands.
"I don't think a 'no' vote by the ABA will hurt us in the legislatures -- ABA approval isn't something we point to when we are pushing an act," said Katie Robinson, an official at the Chicago-based NCCUSL.
The NCCUSL, which drafts model laws for state-by-state adoption, is used to fighting controversy and routinely seeks ABA approval for its proposed laws. Indeed, it won the backing of other uniform laws, unrelated to UCITA, from the ABA at its Seattle meeting.
But members of a broad coalition of consumer, library and corporate end users that have fought the law -- Americans for Fair Electronic Commerce Transactions -- say the ABA's action will hurt UCITA. They believe it will help convince state lawmakers ultimately to reject it.
Bruce Barnes, a senior-level IT consultant in Dublin, Ohio, who has been among those opposed to UCITA, believes the measure is doomed.
"Pushing it forward in anything close to its current form is like dragging a dead whale back to sea," said Barnes.
UCITA is intended to set uniform terms and conditions for software sales and electronic transactions. The measure is supported by vendors and trade groups, but opponents contend it gives vendors too much power. Proponents last year made a number of changes to the law in an effort to broaden backing (see story).
To become a uniform, national law, UCITA must be adopted most states. Introduced in 1999, it was quickly adopted by Virginia and Maryland. But opponents mobilized after those actions, and it has not been adopted anywhere else.
*******************************
USA Today
Amendment to curb Pentagon database dragnet advances
WASHINGTON (Reuters) Congress moved a step closer to reining in a Pentagon computer dragnet Tuesday as an amendment holding up funds for the program was tucked into the final version of a bill, the provision's author said.
Last week, the Pentagon sought to head off congressional action against its fledgling Total Information Awareness project, which would scour databases for terrorist threats, by setting up two advisory committees to assuage concerns about the program's impact on privacy.
But Sen. Ron Wyden said he was assured by congressional leaders that his amendment suspending funding for the program had been included in a massive government spending bill by House and Senate negotiators, with minor modifications.
The spending package, meant to tie up the loose ends of last year's unfinished federal budget, is expected to go to the floor of both chambers by the end of this week.
"It looks to me like the Congress is getting the message loud and clear from the public, and that message is stop the trifling with the civil liberties of law-abiding Americans," Wyden, an Oregon Democrat, told Reuters in a telephone interview.
"We've been told by the leadership that it is now expected to be in the final bill," he said of his amendment.
The Pentagon says the aim of the Total Information Awareness computer project, which it revealed last year, is to seek patterns in transactions like credit card bills and travel records to stop terrorist plots.
But last month the Senate unanimously passed the amendment by Wyden and co-sponsor Republican Sen. Charles Grassley of Iowa after critics from across the political spectrum said they were worried about government snooping on ordinary citizens.
Accountability
The amendment would ban funding for the research project, which is under the direction of former national security adviser John Poindexter, unless the administration within 90 days explains it in a report to Congress including its impact on civil liberties.
The original proposal had required a report within 60 days, but the House and Senate negotiators decided to give the Bush administration a little more time, Wyden said.
The final version of the amendment also bars any deployment of the technology against citizens in the United States without congressional approval, Wyden said.
The change would allow it to be deployed against non-U.S. citizens living in the United States, Wyden said.
"What this has been all about is whether you were going to give the government a blank check to snoop on law-abiding Americans on U.S. soil," Wyden said.
"Now we are saying you can't do that without congressional authorization. And you can't even go forward with the research without detailing what it is to be about, and the whole exercise has got to be part of a vigorous oversight regime," he said.
President Bush's budget for the fiscal year starting Oct. 1 calls for the TIA project to get $20 million, Pentagon officials said last week. They said it gets $10 million in the current year's budget.
*******************************