[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips January 28, 2003
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, akuadc@xxxxxxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;
- Subject: Clips January 28, 2003
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Tue, 28 Jan 2003 11:44:01 -0500
Clips January 28, 2003
ARTICLES
FBI's Computer Upgrade Develops Its Own Glitches
Schumer Heads Democrats' Security Panel
Transportation Security Unit Moves to Improve Service
States' Role Still a Question in Telecom Reform
File-Sharing Service Says Studios, Labels Misuse Copyrights
Some Super Bowl advertisers fumble online
Workforce changes find congressional support
Policy would secure users, transactions
Security basics
XML panel to help law enforcement
California installs wireless surveillance
Lawmakers seek to restore e-gov fund
Ins and outs of biometrics
Users uneasy about claim to Web patent
The battle for cyberspace
U.S. agencies get help with security patches
Senators offer bill to fight ID theft
Breaking down the .Net barriers
*******************************
Los Angeles Times
FBI's Computer Upgrade Develops Its Own Glitches
A project given urgency by the war on terrorism is plagued by delays and cost overruns.
By Richard B. Schmitt
Times Staff Writer
January 28 2003
WASHINGTON -- Even before Sept. 11, it was on the FBI's most-wanted list a computer upgrade to replace the creaky, largely paper-driven information system that the bureau had relied on for decades.
Then, amid concern that primitive technology might have prevented agents from sharing leads that could have led them to some of the terrorists who participated in the attacks, the FBI agreed to jump-start the computer project, known as Trilogy, and Congress poured in additional millions.
Today, one of the largest and most crucial technology projects in bureau history has developed its own glitches, and its price tag is rising sharply. Members of Congress are grumbling about having to kick in extra money to keep the project on track. In a report issued last month, Justice Department Inspector General Glenn A. Fine described the upgrade as a case study in how not to manage an information revolution.
The FBI recently concluded that the project's estimated $458-million cost is expected to increase by 30%, a source familiar with the proposal said. FBI officials say the increase is needed to ensure system security and to enhance records management and information sharing, among other goals.
Congress last week signaled that it is in no mood to throw money at FBI technology. In adopting its spending bill on Thursday, the Senate eliminated about $100 million in funding that the FBI expected for related high-tech projects this year. Among those in danger of being shelved or delayed: digital storage of millions of documents related to counter-terrorism investigations, data-mining tools and a cyber-crime SWAT team.
'A Large Disaster'
Some skeptical lawmakers, citing the FBI's history of technology cost overruns and delays, see history repeating itself in the bureau's big computer upgrade.
"Unfortunately, Trilogy has become a large disaster," Sen. Judd Gregg (R-N.H.), chairman of the Senate Appropriations Committee that oversees the FBI budget, said during a recent debate on homeland security spending. "FBI software and hardware contracts for Trilogy have essentially become gold-plated. The cost is soaring. The schedule is out of control."
Historically, high tech has been a decidedly low priority at the bureau. Over the years, money budgeted for computer upgrades has been used to put more cops on the beat.
Some of the computer projects the FBI oversaw haven't exactly been models of efficiency: Systems for fingerprinting and criminal background checks cost more and took much longer than anyone expected.
Yet, computer glitches continued to factor into some of the bureau's higher-profile missteps, including documents that allegedly had been withheld from lawyers for Oklahoma City bomber Timothy J. McVeigh. In another incident, FBI turncoat Robert Philip Hanssen used the bureau's computer system to find out whether his fellow agents knew that he was passing secrets to the Russians.
Although she declined to discuss specifics, an FBI spokeswoman said that "improving technology is extremely important and a vital mission of the new FBI."
Indeed, thousands of new desktop computers already have been brought into many FBI offices across the country even if they lack all the critical software they need.
In a recent letter to the inspector general, FBI Chief Information Officer Darwin John said the bureau is well on its way to fixing many of the high-tech management problems the watchdog identified.
The two companies managing the overhaul for the bureau DynCorp of Reston, Va., and Science Applications International Corp. of San Diego referred questions to the FBI.
Limits on Speed
At the least, the Trilogy experience shows the limits of trying to mobilize quickly in the war against terrorism. Despite earlier assurances to Congress, the FBI has discovered that there are limits to how fast the project can be deployed without risking security. Technical problems and personnel shortages have caused further delays.
The idea seemed simple enough: Develop basic computer networks and enable field agents to share information about investigations with each other and perhaps other law enforcement personnel. Down the road was the possibility of arming the bureau with high-tech tools to help anticipate and intercept acts of terrorism or other crimes.
But for the FBI, which has relied on systems that one computer publication compared to having all the speed of the Pony Express, that was a big change.
For years, agents have been unable to perform anything more than basic word searches of computer texts. Before the upgrade was launched, roughly half of the bureau's computers were more than 8 years old; the communications gear linking them was so old that replacement parts were no longer made. Databases grew up unable to connect to each other.
Trilogy was conceived as a way to change the culture and help refashion the bureau from a shoe-leather crime-tracker into a high-tech domestic-intelligence sleuth that rooted out threats of terrorism. FBI Director Robert S. Mueller III has made improved technology one of the bureau's top 10 priorities.
The system start-up has suffered from poor planning and the fact that existing structures were in far worse shape than anticipated, according to the inspector general's report released last month and other sources.
Delivery of hundreds of desktop computers was held up because some field offices lacked sufficient fiber-optic cable to replace ancient and crumbling lines. A plan to make an automated case-support system available via the Internet was scrapped because it was considered unworkable.
Existing FBI databases were so old that project managers could not find documentation showing how they were configured. That forced the bureau to engage in a process of reverse engineering to determine the systems' structure and components.
The inspector general also takes the FBI to task for missing a self-imposed July 2002 deadline for installing hardware and other gear systemwide, even after getting extra money from Congress. Installation is now set to be completed by March 31.
The final phase of crucial user-application software will not be finished before its original June 2004 target date, the inspector general's report states. Funding problems could push the date back further. "Some FBI officials say the [user application] portion of Trilogy is at significant risk of not being completed on schedule or within budget," it adds.
"The Trilogy project provides an example of how the nonimplementation of fundamental [information technology] investment management practices can put a project at risk of not delivering what was promised, within cost and schedule requirements," the report concludes.
Although the FBI has made some recent headway, including the hiring in March of a new Trilogy project manager who has emphasized more structured oversight, management woes persist, the report states.
Funding Cut Planned
Overall, the FBI is set to receive a total budget of $3.9 billion, down from $4.2 billion a year earlier. The White House has been pressing for cuts because it is predicting gaping government-wide deficits over the next two years, even without the cost of a war with Iraq. White House officials last week indicated that they may beef up homeland defense spending in the fiscal 2004 budget to be sent to Congress on Feb. 3.
Some Democrats are concerned about the reduced funding and see the possibility of serious backsliding in the terrorism war.
"The FBI continues to operate with a 20th century computer system as terrorists are engaging in 21st century cyber-warfare," Sen. Charles E. Schumer (D-N.Y.) complained in a letter to FBI Director Mueller this month. "I simply cannot believe this indiscriminate slashing of your budget will help you reform the FBI and protect America from those who would do us harm."
Agents say they have begun to see some improvement in basic computer features, and that it would be shortsighted to slash spending at this point.
"We definitely have better hardware out here, and we have some basic things that we have been screaming about for a while," such as scanning technology, said Nancy Savage, an agent in Eugene, Ore., who is president of the FBI Agents Assn. "I think your working street agent has not seen a huge change, but rightfully, they had to go in and fix the infrastructure first."
*******************************
Associated Press
Schumer Heads Democrats' Security Panel
Mon Jan 27, 6:09 PM ET
By DEVLIN BARRETT, Associated Press Writer
WASHINGTON - New York Sen. Charles Schumer (news, bio, voting record) will head the Homeland Security Task Force, a watchdog group organized by Senate Democrats to keep tabs on anti-terror efforts at home.
The group's scrutiny will cover the new Homeland Security Department as well as other agencies with anti-terror functions, such as the FBI (news - web sites) and the Customs Service, Schumer said Monday.
"Homeland security has been a passion of mine since the first attack on the World Trade Center in 1993," Schumer said.
Though the task force will comprise only Democrats, Schumer insisted it will function as a nonpolitical reality check on security, "to see where we're doing well as a nation in homeland security and where we're not."
Panel members will "not just take partisan shots for their own sake," Schumer said.
Schumer praised the administration's success in bolstering airline and airport security since the Sept. 11, 2001, hijacking attacks and the effort to incapacitate the Taliban militia and al-Qaida fighters in Afghanistan (news - web sites).
He criticized the White House's overall response in the 16 months since the attacks, however, as "not close to enough to make us secure at home." He portrayed the administration's approach to the many problems as schizophrenic.
The senator said he would highlight what he called a lack of resources for border security and security at nuclear plants like Indian Point, N.Y., just north of Manhattan.
As part of his new role, Schumer will speak on domestic defense issues before and after President Bush (news - web sites)'s State of the Union address Tuesday night.
*******************************
Washington Post
Transportation Security Unit Moves to Improve Service
By Sara Kehaulani Goo
Tuesday, January 28, 2003; Page A05
Transportation Security Administration chief James M. Loy yesterday appointed an ombudsman and announced several other management changes, in a move signaling the agency's focus on sharpening customer service and improving relations with its newly created workforce.
Loy, who served as commander of the Coast Guard before taking over the TSA last summer, appointed Vice Adm. John E. Shkor as chief operating officer and associate administrator for the TSA. Shkor served under Loy as the Atlantic area commander of the Coast Guard and retired in 2001.
Shkor inherits the chief operating officer position that Loy held briefly before he replaced John W. Magaw as undersecretary of transportation for security. Magaw, former head of the Secret Service, abruptly resigned in July 2002 after airports, airlines and lawmakers complained that the TSA was becoming an agency focused too much on law enforcement.
Since taking over the agency, Loy has pledged to mold TSA into an agency that cares as much about passenger convenience in getting through security as improving security itself.
Yesterday, Loy also appointed Kimberly Hubbard Walton as the agency's ombudsman, a position the Transportation Department promised to fill a year ago but has kept vacant.
Walton, who formerly served as chief administrative officer of human resources at the Patent and Trademark Office, will take on the large task of listening to complaints from passengers and a workforce of 56,000 security screeners at airports.
Loy also named the former associate undersecretary for training and quality performance, Gale Rossides, as TSA chief support systems officer. Carol DiBattiste, a former partner at Holland & Knight LLC, was named chief of staff and Cory de Groot Whitehead, a former assistant administrator at the Small Business Administration, was appointed acting associate administrator for training and quality performance.
*******************************
Government Computer News
01/27/03
Homeland Security acts to shield its data
By Wilson P. Dizard III
If you work at or for the Homeland Security Department, you?re under strict rules to keep data under wraps. The department today issued three regulations that take effect immediately to prevent release of information it deems sensitive.
The department issued the interim final rules without the normal comment period because, as the documents signed by secretary Tom Ridge said, typical notice and comment procedures were ?impracticable, unnecessary and contrary to the public interest.?
The first regulation, dealing with classified national security information, sets up the department?s rules for designating information as top secret, secret and confidential. It generally is similar to other agencies? classification rules, according to a notice in The Federal Register.
The second regulation sets procedures for disclosure of official information in connection with legal proceedings. It applies to current and former department employees and to contractors.
The essence of the second regulation is that employees and contractors must resist attempts by courts to obtain information unless the courts have gained the approval of the department?s general counsel. If a court were to demand that a particular item be supplied without approval of the department, the regulation requires employees and contractors to decline the request until a Justice or Homeland Security attorney can appear in court.
The third regulation defines the department?s powers under the Freedom of Information Act. The Homeland Security Act of 2002 greatly increased the department?s authority to withhold information that formerly was available under FOIA.
The department?s disclosure policies have raised concerns on Capitol Hill. Sen. Carl Levin (D-Mich.) warned during Ridge?s nomination hearing that the broadened FOIA exemptions in the Homeland Security Act could allow corporate wrongdoers to shield evidence of their crimes simply by submitting it to the department.
Marc Rotenberg, executive director of the Electronic Privacy Information Center, said, ?It?s one more example of how the creation of the Homeland Security Department extended the government?s secrecy. ? Oversight and accountability is critical to the government, and restricting it is shortsighted.?
*******************************
Associated Press
States' Role Still a Question in Telecom Reform
Mon Jan 27, 6:30 PM ET
By Andy Sullivan
WASHINGTON (Reuters) - U.S. regulators considering a sweeping reform of telephone competition rules could be stymied by state efforts to preserve a role overseeing their local markets, several sources close to the negotiations said on Monday.
Under court order, the Federal Communications Commission (news - web sites) is considering whether to scale back rules that require local-phone giants to lease their equipment to rivals at discounted rates.
But commissioners are closely divided over whether state regulators should be allowed a strong oversight role, a question that could determine the ultimate impact of any FCC (news - web sites) decision.
Independent telephone companies say they need to use the networks of incumbent "Baby Bells" like Qwest Communications International Inc.(NYSE:Q - news) to reach customers, while the Bells say they are losing money on the arrangement.
In a 400-page plan sent to commissioners last week, FCC Chairman Michael Powell proposed lifting the network-sharing requirements once certain benchmarks had been reached, sources said. Those benchmarks could be the competitors' share of the market, or the number of network switches they use in a given area.
Independent companies would be able to use the telephone lines running from customers' homes or businesses to network offices, but would be required to buy their own equipment to complete the calls.
The Bells would not have to share access to the most advanced features of any new high-speed networks they build, the sources said.
State regulators argue that they should be the ones to determine when a market is sufficiently competitive to lift regulations.
A large state role could blunt the impact of any deregulatory move by the FCC, as states currently set wholesale and retail rates and oversee competition on a local level. Verizon Communications (NYSE:VZ - news) and other Bells want the freedom to set wholesale rates on their own.
FCC commissioners remain closely divided on any state role, with Powell and Republican appointee Kathleen Abernathy looking to limit their impact, while Democrats Michael Copps and Jonathan Adelstein believe they should retain a large role, sources say.
That leaves Republican appointee Kevin Martin, who sources say has not made up his mind. State commissioners who met with Martin to share their concerns on Monday said he did not indicate which way he might vote when the commission decides the matter on Feb. 13.
"He still is asking a lot of questions," said Connie Hughes, a New Jersey utilities commissioner who pointed out that two-thirds of the state's 600,000 independent-telephone customers received service thanks to the current network-sharing rules.
FCC spokesman Michael Balmoris declined comment, saying the agency does not make statements about pending proceedings.
The proposed revisions have inspired an intense lobbying blitz in Washington and drawn in citizens from across the country.
Last week, California homemaker Heidi Neal met with several commissioners and senior staff members to share her concern that the current rules are forcing Bells to lay off employees. Neal became involved in the issue when her husband was laid off by SBC Communications Inc (NYSE:SBC - news). last October, and says she is convinced that local-phone competition rules are to blame because they discourage new investment.
"If you wanted to add a new room onto your house, you wouldn't do it if you knew someone else was going to live in it," Neal said.
*******************************
Los Angeles Times
File-Sharing Service Says Studios, Labels Misuse Copyrights
Kazaa owner seeks an injunction to block the companies from enforcing their claims.
By Jon Healey
January 28 2003
Dramatically raising the stakes in the battle over online piracy, the company behind the world's most popular file-sharing service accused the major record labels and Hollywood studios of misusing copyrights and attempting to monopolize the market for digital music and movies.
The move by Sharman Networks, which distributes the Kazaa software, came less than two weeks after U.S. District Judge Stephen V. Wilson in Los Angeles confirmed that the labels and studios could sue Sharman in the United States. Sharman, which is based in the South Pacific tax haven of Vanuatu, had asked Wilson to throw out the copyright infringement claims for lack of jurisdiction.
Every file-sharing service sued for piracy has tried to defend itself by claiming the major entertainment companies abuse their copyrights and violate antitrust laws, and none has yet succeeded. Sharman has gone a step further, asking Wilson to bar the labels and studios from enforcing copyrights on all music and movies until the alleged misuse has ended and its effects have dissipated.
The injunction would shield Sharman from damages and protect anyone who pirated the labels' and studios' works.
A spokesman for the Recording Industry Assn. of America scoffed at Sharman's claims, saying they were "akin to an arsonist burning down his home and then seeking sympathy for being homeless." And Marta Grutka, a spokeswoman for the Motion Picture Assn. of America, said, "It's just a tactic to avoid further focus being put on their ongoing pirate activity."
Legal experts say copyright misuse is a relatively new and unsettled area of law, and claims are hard to prove. A key question is whether the privately held Sharman can afford the high costs of gathering the evidence needed to make its case.
"Mounting a full-fledged copyright-misuse defense is an incredibly expensive undertaking because it requires an enormous amount of discovery from an opponent that's extremely reluctant to hand over any" of the documents needed, said Fred von Lohmann, an attorney for the Electronic Frontier Foundation, which is helping defend the Morpheus file-sharing network against the labels and studios.
"Whether or not the lawsuits against peer-to-peer technologies are motivated by anti-competitive motivations rather than purely copyright ones, while that's an incredibly important question, I'm not at all sure that it will ever get addressed in court ... in any thorough fashion," he said.
Last year a federal judge allowed Napster Inc., a pioneering file-sharing service being sued for aiding piracy, to gather evidence about copyright misuse at the major labels and music publishers. The RIAA said the allegation of misuse was "without merit," and the inquiry ended when Napster went belly up and was liquidated.
Sharman's claims are included in a response filed Monday to the lawsuit that the labels and studios brought against it last year. The filing not only argues that Sharman isn't liable for piracy by users of the Kazaa network, but also tries to force the labels and studios to defend their approaches to the Internet.
Much of Sharman's counterclaim, though, is based on the labels' and studios' dealings with another company: Altnet, a subsidiary of Los Angeles-based Brilliant Digital Entertainment. Altnet set up a secure distribution network within Kazaa that encourages users to download authorized, copy-protected versions of music, video, games and other software.
The filing asserts that Sharman founder Nicola Hemming, a businesswoman in Australia, learned of Altnet's plans before she launched Sharman in January 2002 and bought the Kazaa software and Web site from Netherlands-based Kazaa BV. Altnet wasn't incorporated until February, with Brilliant owning 51% and the founders of Kazaa BV owning the rest, according to a Brilliant securities filing.
Hemming's original plan, the filing says, was to distribute authorized and copy-protected artistic works on Kazaa, using Altnet's technology. Although Altnet struck deals with selected independent music outlets and other copyright holders, it had no success with the major labels and studios.
Copyright owners aren't compelled to grant licenses to distribute their works. What makes the labels' and studios' behavior unlawful, Sharman attorney Roderick G. Dorman argued, is that they got together and decided not to license Altnet.
"There's been a concerted refusal to deal with Altnet and with Sharman," he said. "We think that's an antitrust violation, and we think we can prove that."
In addition, Sharman argues in its counterclaim that the labels and studios provided music and movies to the online ventures that they owned while they refused to do business with Altnet and Sharman. That refusal constitutes copyright misuse, Dorman said, because it prevented Altnet from combating piracy by offering legitimate copies of the entertainment companies' works to Kazaa users.
*******************************
CNET.com
Some Super Bowl advertisers fumble online
By Stefanie Olsen
January 27, 2003, 4:17 PM PT
The Web sites of Super Bowl TV advertisers largely held up for visiting Internet surfers during and after the championship game Sunday, but a handful of them choked under high-traffic pressures, according to a study.
Casualties of a Super Bowl rush online included the Web sites for automaker Cadillac, Philip Morris, and Universal Pictures' upcoming film remake of "The Hulk," which all aired commercials during the 37th annual football competition, according to software company Keynote Systems. Accessibility to Philip Morris' site dropped when the company changed its site to reflect its new name, Altria.
People trying to access the promotional film site for "The Hulk" during the game had to wait for more than 50 seconds for pages to load on a high-speed Internet connection. Before the game, it had taken 4 to 5 seconds for pages to load.
"The problem was exacerbated for dial-up users," said Mathew Parks, director of product marketing for Keynote, which tested the roughly 17 Web sites of those advertising during the Super Bowl from networks around the world.
He attributed the site problems to poor communication between marketing and information technology departments within these companies in planning for stepped-up traffic from TV audiences. In addition, companies are failing to adequately test their server capacities for high volumes of traffic resulting from TV advertising campaigns.
"One side of the house isn't talking to the other side of the house," he said.
Still, many companies fielded the additional interest from Web surfers just fine. The sites for Sony, Sony Pictures, Levi Strauss, McDonalds and FedEx were fully availability throughout the game, according to Keynote.
Technology and mainstream advertisers alike tapped the Web as a marketing tool this year. While many featured Web addresses in TV commercials, others built online sweepstakes and "making of" videos around their commercials.
*******************************
Federal Computer Week
Workforce changes find congressional support
BY Colleen O'Hara
Jan. 27, 2003
Civil service reform has found a high-profile champion in Congress: Rep. Tom Davis.
The powerful Virginia Republican said changes to how the federal workforce is managed and paid are among the top priorities for the House Government Reform Committee, which he now chairs.
"We need a new structure," Davis said, adding that the government needs to change how it recruits, retains, rewards and fires employees. "We need to revamp [the civil service] significantly" to make it more efficient. Workers should be paid what they are worth, and people who do a good job should be rewarded, he said.
Davis' agenda reflects recommendations laid out in the National Commission on the Public Service's report released Jan. 7 as well as workforce reforms championed by Sen. George Voinovich (R-Ohio).
"It's clear we can't take the existing structure into the 21st century," Davis said Jan. 22 at an event sponsored by the Partnership for Public Service. There must be more emphasis on recruiting and retaining the best people, including reducing the time it takes an agency to hire someone, he said.
Davis said he likes the idea of creating two tracks for members of the Senior Executive Service: one for managers and one for technical experts. "They have two different skill sets," he said. "Both are important and we should allow for both."
He also said SES salary caps should be raised and uncoupled from congressional salaries. Otherwise, "it will lead to an exodus when it comes time for these folks to retire," he said.
Reforms won't be easy. Carl DeMaio, president of the Performance Institute, said he supports the idea of pay-for-performance; however, efforts to create a similar program to reward outstanding SES performers have fallen short.
"There's no will at the senior agency leadership level to hold senior executives accountable for results and use the SES system to reward outstanding performance," DeMaio said. Too many in SES are receiving bonuses, and for the same amount. "I'm nervous that if we can't get it done for the senior executives, how in the world can we get it done for the rank-and-file federal employees?"
Davis said he wants to get feedback from stakeholders and make sure his Senate counterparts are on board before he pursues his workforce agenda.
However, the American Federation of Government Employees (AFGE) said it opposes any plan to get rid of the current pay system in exchange for a pay-for-performance or pay-banding system.
"The arguments in favor of scrapping the federal pay system are so weak, vague and political that any sustained or serious examination of this issue would condemn the [Bush] administration's plan to failure," Bobby Harnage, national president of AFGE, said in a statement. The plan is part of a larger strategy to "dismantle the civil service" that includes outsourcing jobs to the private sector. n
***
The Davis Plan
Among the changes Rep. Tom Davis (R-Va.) plans to promote are pay-for-performance, a revamped Senior Executive Service, reorganization authority for the president similar to Fast Track trade authority and closer ties between an agency's performance and workforce planning.
*******************************
Federal Computer Week
Policy would secure users, transactions
BY Diane Frank
Jan. 27, 2003
The federal CIO Council this month approved a proposal to create a single policy that all agencies would use to authenticate electronic messages, documents and users themselves.
With the growth of e-government, "there is renewed interest from our upper-level management" in authentication, said Judy Spencer, chairwoman of the Federal Public-Key Infrastructure Steering Committee. "We have to develop this common policy framework that reaches across these different areas, and then below that, we need to give agencies the component pieces" to fit into their applications and infrastructure.
Authentication is the process of verifying the identity of a sender of an electronic message or transaction.
The new policy will include the work on the certificate policy established by the PKI Steering Committee, the draft authentication policy that the Smart Card Project Managers Group is developing and the authentication levels that the General Services Administration is working on in its e-Authentication e-government initiative, Spencer said.
The single policy should make it easier for agencies to incorporate e-authentication into their systems, said Alan Paller, director of research for the SANS Institute, a security education and research organization. "It's a good thing because one of the two extreme costs of certificates is the development of a common policy," he said. "Having [the Office of Management and Budget] and others creating one [policy] eliminates a lot of the upfront cost."
The single policy, said Marty Wagner, associate administrator for GSA's Office of Governmentwide Policy, "will save agencies time and effort in implementing e-government."
*******************************
Federal Computer Week
Security basics
BY Carl Peckinpaugh
Jan. 27, 2003
During the past several years, federal agencies have spent immense amounts of time and money trying to make their computer systems safe and secure from unauthorized use or intentional damage. These efforts are laudable, and much progress has been made to protect the national information technology infrastructure from malefactors of various sorts.
There is, however, one significant area in which substantially more progress is needed: encouraging government contractors to establish and maintain meaningful computer security procedures.
For little or no cost, much could be accomplished.
At the federal level, basic computer security policy starts with Office and Management and Budget Circular A-130. The document lays out a minimum set of security controls for all federally owned and controlled IT systems. It also requires agencies to provide mandatory periodic training in computer security awareness and accepted computer security practices to all federal employees who are involved in the management, use or operation of federal systems.
Notably, A-130 explicitly extends this training requirement to contractor employees who work with government-owned or supervised computer systems. However, neither the policy nor any other regulation or guideline imposes or even recommends such a training procedure for contractor-owned and controlled computer systems.
This lack of concern for contractor-owned computer systems could be viewed as a significant lapse in light of the critical importance that many contractors play in national defense and other national priorities.
In mid-1998, the Defense Department mandated that Defense contracts in which the work is performed outside the continental United States require the contractor to provide their employees with anti-terrorism and force protection awareness information commensurate with what DOD provides to its own military and civilian employees and their families. This was a good idea. It just didn't go far enough.
As we have seen since that rule was adopted, anti- terrorism awareness programs need to include people working in the United States as well as those working abroad. Furthermore, it would seem to make more sense to address physical security in a more comprehensive awareness training program, to include access to computers, offices, file rooms, etc., instead of limiting such training to anti-terrorism concerns. Such physical security considerations are the starting point for any computer security program.
Government contracts should include a provision encouraging contractors to implement physical security awareness training programs modeled on a government standard. That would go a long way to protect information and staff, including the government and its contractors.
Furthermore, the benefits of such a program in loss-avoidance could pay for its cost, especially if the government takes the lead in developing an appropriate model.
*******************************
Federal Computer Week
Congress faces full year
IT not a top priority, but tech issues are still pervasive
BY Judi Hasson
Jan. 27, 2003
With a cash-strapped budget and another possible war on the horizon, Congress faces big challenges this year in molding information technology policies from homeland security to procurement reform.
Two new committee chairmen will dominate IT issues, and a new panel will scrutinize the creation of the Homeland Security Department, which will be located initially in Washington, D.C. Money will be tight, and lawmakers' attention could be diverted by global crises.
"IT won't be at the top of the priority list because we have such a long laundry list," said Norman Ornstein, congressional scholar at the American Enterprise Institute. "War and other defense expenses are going way up, [and] a prescription drug benefit for seniors and the budget" are other top priorities.
Money will be the big IT issue, but so will a range of policy debates, including the ban on Internet taxation expiring in the fall, trade policy, digital copyright, telecom reforms and privacy, not to mention integrating government systems.
"Congress passed the Homeland Security Department, but everyone pretended it was a costless exercise," said Harris Miller, president of the Information Technology Association of America. Integrating "22 agencies and federal, state and local systems will cost money."
Rep. Christopher Cox (R-Calif.), new chairman of the House Select Committee on Homeland Security, will oversee the building of the department. He will be a major voice on whether plans to integrate those federal agencies will work.
Following the Sept. 11, 2001, terrorist attacks, "our most important job is protecting American citizens," Cox said. "I will work to make our government more effective in the fight against terrorism. I will ensure that it is done efficiently and that Congress and the federal government work together toward this common goal."
Congress already plans to adjust the Homeland Security Act. Those changes include more money for first responders to develop better communications networks and interoperability with nearby communities and the federal government. Lawmakers also want better border security, using technology to do it and tougher regulations for both importing and exporting cargo.
But the devil is always in the details, and battle lines already are drawn over policy and politics.
"Congress has a full IT agenda this year," said David Nadler, Washington lawyer and IT expert. "I expect to see significant budget battles as the [White House] moves to bolster homeland security and national defense. Similarly, Congress will be asked to appropriate substantial dollars to implement the new E-Government Act, and agencies will also seek added funding as outsourcing expands under the new A-76 rules."
Rep. Tom Davis (R-Va.) now leads the House Government Reform Committee, where he has promised a new agenda for procurement reform (see story, Page 68). Sen. Susan Collins (R-Maine) is the new chairwoman of the Senate Governmental Affairs Committee; she has vowed to make privacy a top concern.
With President Bush proposing a $59 billion IT budget in fiscal 2004 a 12 percent increase over fiscal 2003 Congress will have plenty of opportunity to buy badly needed computer systems throughout the government.
"It will be a robust year for IT," said Larry Allen, executive vice president of the Coalition for Government Procurement.
But much of the congressional attention will be directed to issues that directly affect homeland security including privacy and mining information about Americans from an array of databases. Not wasting any time, senators took the first steps last week to stop a controversial Pentagon project that would gather information on Americans to search for potential terrorists.
Total Information Awareness (TIA) is a computer system the Pentagon is developing that can collect massive amounts of personal information from around the world and analyze data on everyday transactions. Former Navy Adm. John Poindexter, a controversial figure from the Reagan administration's Iran-contra scandal, is directing the program that members of both political parties want to halt.
Sens. Russ Feingold (D-Wis.), Ron Wyden (D-Oregon) and John Corzine (D-N.J.), speaking at a press conference earlier this month, said the project is untested and cannot be trusted not to violate Americans' rights. Corzine called it "Orwellian" and said it is illegal to snoop on innocent Americans. They introduced legislation on Jan. 16 to put a moratorium on TIA until Congress investigates it.
Wyden and Sen. Charles Grassley (R-Iowa) also introduced legislation to stop federal money from flowing to TIA except for foreign intelligence purposes. The bill would also prohibit the gathering of data on American citizens.
Although it may be a controversial year for technology, it will also be a good one, many experts predict.
"I think you have a very tech- friendly Congress and an administration, particularly within the Office of Management and Budget, that understands technology," said Douglas Sabo, director of government relations for Network Associates Technology Inc., a network security company.
***
The Congressional agenda
The 108th Congress will deal with many issues, including the following:
* Homeland security Lawmakers will tinker with the Homeland Security Act, toughening standards and finding more money for programs to protect U.S. citizens.
* Money President Bush is proposing a $59 billion information technology budget for fiscal 2004, but it will take months to get money bills through Congress. Lawmakers are still trying to finish the fiscal 2003 budget, which includes $52 billion for IT.
* Privacy Lawmakers will try to protect Americans from being spied on by the government. First up is a proposed moratorium on the Total Information Awareness project, which would gather information, such as credit card transactions and motor vehicle records, from databases.
* Oversight Congress will oversee the Homeland Security Department's development, the E-Government Act of 2002 and the Federal Information Security Management Act, which requires agencies to use information-security best practices.
* Procurement and civil service reform Rep. Tom Davis (R-Va.), new chairman of the House Government Reform Committee, will examine how the government buys services and products. He also wants to revamp the Senior Executive Service.
*******************************
Federal Computer Week
DOD preps guidance
BY Dan Caterinicchia
Jan. 27, 2003
Forthcoming Pentagon instructions will shed light on how Defense Department organizations are expected to ensure that information is adequately protected on DOD systems.
The document is the second part of an effort to establish a formal information assurance (IA) policy to protect DOD information stored on systems departmentwide from unauthorized users.
The Pentagon issued a directive last October that provided a basic framework for protecting information. DOD Directive 8500.1, which took effect Oct. 24, 2002, asks the services to identify IA requirements and include them in the design, acquisition, installation, operation, upgrade and replacement of all DOD information systems.
DOD 8500.2 will provide detailed instructions on how to carry out that policy and how it will be enforced.
Last week, the instructions were delivered to John Stenbit, DOD chief information officer and assistant secretary of Defense for command, control communications and intelligence (ASD/C3I), said Donald Jones, a member of the ASD/C3I IA directorate. "With a little bit of luck, 8500.2 will be signed sometime this week," he said.
Directive 8500.1 calls for all DOD components to follow the "defense-in-depth" approach to information security, which relies on proper operational procedures and technologies such as encryption and firewalls to provide layered protection to all computers and networks.
The guidance also addresses supporting IA infrastructures that provide capabilities such as public-key management and incident detection and response, according to a DOD spokesperson.
"The guidance was developed largely in response to changing security needs brought about by DOD's growing dependence on interconnected information systems, particularly desktop computer networks, and increased concern about the protection of unclassified but sensitive information," the spokesperson said.
Jones said Directive 8500.1 lays out the policies, and the instructions in 8500.2 will detail how to "enforce and implement those policies." He added that the DOD community has been receptive to the new IA directive and feedback has been positive, but everyone is anxiously awaiting the instructions.
"The big issue has been to get the instructions out," Jones said. "They can't implement the policies in 8500.1 until they get 8500.2...but that requires careful coordination" on many levels.
Defense Secretary Donald Rumsfeld issued a memo earlier this month with the subject "Web Site OPSEC [operations security] discrepancies," stating that DOD needs to do a better job reviewing and removing data from public Web sites that adversaries could use to attack the United States.
The 8500.2 instructions also include guidance on establishing detailed controls on the availability and integrity of DOD Web sites that post information that can be publicly released, Jones said.
*******************************
Federal Computer Week
XML panel to help law enforcement
BY Sara Michael
Jan. 27, 2003
A global standards consortium has created a technical committee to develop Extensible Markup Language standards to help law enforcement agencies find and share evidence on suspected criminal and terrorist activity.
The Organization for the Advancement of Structured Information Standards (OASIS) announced Jan. 23 that the LegalXML Lawful Intercept (LI-XML) technical committee was formed to help meet agencies' information-sharing needs.
XML enables agencies to tag data, facilitating information exchange among applications and systems. The committee will work on ways XML can help smooth the process of obtaining lawful intercepts and ensuring security and authenticity.
Law enforcement agencies must go to several entities to obtain lawful intercepts while investigating suspected criminal or terrorist activity. The process is "slow, costly and inexplicably old-fashioned," said Tony Rutkowski, chairman of the OASIS LI-XML technical committee.
"Believe it or not, today, it's all done on paper," he said. "It's all done in ways built on some implicit trust."
Agencies can either get intercepts for phone calls such as when and to whom a call was placed, or intercepts for the actual information contained in the call. Court orders, subpoenas and records are typically faxed or mailed, making them hard to track and authenticity hard to ensure, Rutkowski said.
The committee is developing XML standards to structure the information to facilitate speed and trust between parties. The standards will also significantly lower operation costs, Rutkowski said.
Nearly 500 federal, state and local law enforcement agencies in the United States with intercept abilities will be able to use the standards. On the federal level, several dozen agencies such as the FBI, Secret Service and the Drug Enforcement Administration will benefit from the uniform schema, as will larger city police departments on the state level.
*******************************
Federal Computer Week
California installs wireless surveillance
BY Dibya Sarkar
Jan. 21, 2003
The announcement last month that the California Department of Transportation (Caltrans) is putting wireless technology on several San Francisco bridges and tunnels for video surveillance may be just the beginning of a nationwide trend for such security measures.
In partnership with several contractors, Caltrans is installing a multimillion-dollar state-of-the-art wireless electronic surveillance system to enhance security. The system, called the Bay Area Security Enhancement, is operational and in the final phases of commissioning.
The secure system will enable state public safety agencies to monitor bridges and tunnels for potential security problems using cameras manufactured by San Jose, Calif.-based RVision LLC.
The system is more flexible and functional than previous systems, said Dave Brown, a division manager with Royal Electric Co. Inc., one of the contractors working on the system.
For Sunnyvale, Calif.-based Proxim Inc., which supplied the wireless technology, security and surveillance has become a more prominent segment of its market since the September 2001 terrorist attacks, said Jeff Orr, product marketing manager for the company's wide-area network division.
Until the Caltrans installation, most wireless applications were used on government and military bases for perimeter surveillance.
"At this point a lot of applications have been military applications," he said. "In terms of the state-funded level, Caltrans has been pretty early."
In regard to the advantages of wireless technology, Orr said that the cost is lower than laying down new fiber and the amount of time to deploy the system is shorter. In addition, wireless transmission speeds are much higher -- 20 megabits/sec to 60 megabits/sec as opposed to 1.4 megabits/sec for a T1 line, he added.
Also, wireless equipment is purchased outright, whereas telecommunications companies charge a fee for use of their fiber lines, he said.
Wireless also permits flexibility in moving the technology from one location to another rather than rewiring a system. That could be done in a matter of hours instead of weeks or months, he said.
*******************************
Government Computer News
01/28/03
Lawmakers seek to restore e-gov fund
By Jason Miller
Lawmakers are making a last minute push to restore $40 million to the E-Government Fund and fulfill the administration?s request of $45 million.
Sens. Joseph Lieberman (D-Conn.) and Conrad Burns (R-Mont.) yesterday sent a letter to the Senate Appropriations Committee and Rep. Tom Davis (R-Va.) later today will send a letter to the House Appropriations Committee asking for the money to be reinstated.
?The $40 million is simply too important to let fall by the wayside,? said David Marin, Davis? spokesman. ?If we?re serious about bringing the government into the 21st century, we need to put our money where our mouth is.?
The Senate slashed the money last week when putting the finishing touches on the omnibus fiscal 2003 appropriations bill. The House never funded the president?s request, instead allocating $5 million for 2003the same as it had for 2002.
Congress authorized the $45 million fund in the E-Government Act of 2002, which became law last month.
?One of the most frequently cited impediments to e-government progress is the lack of funding mechanisms for interagency projects in information technology,? Lieberman and Burns noted. ?The E-Government Fund provides a central funding pool to support collaboratively developed electronic-government initiatives.?
The senators also pointed out that although the fund is only a small fraction of the total spending for e-government projects, it symbolizes crucial seed money.
The funding is critical to the Office of Management and Budget?s 25 e-government initiatives because it will help projects move quickly, the lawmakers said. Last year, OMB allocated between $740,000 and $2 million to three projects.
*******************************
USA Today
Ins and outs of biometrics
By Jon Swartz, USA TODAY
SAN FRANCISCO Biometrics technology that identifies people by fingerprints, eyes and other physical characteristics is seeing its first wave of commercial use after languishing for more than a decade.
A few airports and government agencies, such as the FBI, have dabbled with biometrics to identify employees. But in recent months, a wave of new users, from schools to banks, have adopted the technology. The goal: tighten security, reduce security costs and meet stricter laws imposed after the 2001 terrorist attacks.
Concerns are also rising that such technology will impinge on privacy and give employers information they shouldn't have. In a recent report, the American Civil Liberties Union warned unfettered use of biometrics and other tracking technologies will lead to increased government and business scrutiny of citizens.
"Employees are at the mercy of employers," says Barry Steinhardt, who co-wrote the report. "This type of tech is growing at the speed of light with no legal limits."
Privacy advocates fear that, eventually, broad use of fingerprinting and other biometric technologies will impede a citizen's ability to move anonymously.
"The cumulative effect is staggering," says the ACLU's Jay Stanley. "Whoever controls the database will know when you use a fingerprint scanner at the office, your apartment, retail stores and mass transit. It's tantamount to being followed with a video camera."
Technology spreads
Despite the concerns, biometrics is growing in use at:
Banks. Security and operational efficiency prompted ING Direct to jettison ink and paper for digital fingerprints of employees in October. CEO Arkadi Kuhlmann says the new setup is faster, and fingerprints are cleaner.
"Nine-eleven heightened our awareness about safety," Kuhlmann says of ING, which has digitally printed all of its 600 employees. "It would be great to avoid any perception of an invasion of privacy, but these days you cannot wholly rely on someone's driver's license or Social Security number."
Other banks, especially in New York, could follow. A New York state law passed last year requires fingerprints and background checks of anyone with regular access to a securities exchange. Before 9/11, only brokers and traders had to be fingerprinted and approved by the FBI.
Shipping. The Liberian International Ship & Corporate Registry, the second-largest shipping registry, which oversees 1,800 ships, is shifting from paper IDs, which law enforcement authorities fear could be forged by terrorists to slip into the USA. When completed this year, the digital fingerprints of some 50,000 sailors will be registered. LISCR's vessels made about 7,000 visits to U.S. ports in 2001.
Hospitals. The Children's Hospital of Columbus, Ohio, the Family Health Centers of San Diego, and the William W. Backus Hospital of Norwich, Conn., now employ fingerprint-scanning devices from Identix to identify doctors.
Schools. Students at Johnson & Wales University in Denver no longer need keys or cards to enter three dorms and several academic buildings. They just need hands. A metal plate with a tiny, overhead camera measures 90 points on a hand including finger length and knuckle width in a matter of seconds before unlocking doors.
The school, which began using the system in October, is also considering it for library book checkouts. "Even twins can't fool the system," says J.D. Sawyer, director of operations. "You can lose keys. But you can't lose your hands."
Apartment complexes. A proposed biometric fingerprint system at Manhattan Plaza, one of New York's largest complexes, with nearly 1,700 apartments, has sparked protests among tenants and privacy advocates.
"It jeopardizes the privacy of tenants and could be a convenient way to crack down on illegal sublets," says Donna Lieberman, executive director of the New York Civil Liberties Union, which received complaints from several Plaza residents. More than 60% of 1,200 Plaza residents who responded to a poll oppose the plan.
"It feels like Big Brother has come to live here," says Susan Johann, a freelance photographer who has lived at the rent-controlled complex for 25 years. She says management is "using 9/11 as an excuse" to gain too much information about residents. "We already have photo IDs and cameras everywhere."
Landlords insist the new system is just an anti-crime measure. "We've had card-key ID since 1977," says Bruce Harrison, Plaza managing agent. "We're just considering an upgrade."
Cost, error-rate troubling
Companies aren't just preoccupied with safety. Many, including Krispy Kreme and Sun-Maid, use hand-geometry technology to verify when workers clock in and out. "A worker's hand is their badge," says Bill Spence, marketing director of IR Recognition Systems.
And the Chicago Housing Authority late last year started using fingerprint scanning to improve computer security. The CHA scrapped user names and passwords to save on tech costs plus, too many people left yellow sticky notes with passwords on their PCs, officials say.
Despite increased use of biometrics, there are other doubts besides privacy.
Fingerprint technology is pricey and has a 1% to 3% error rate, critics charge. They also claim criminals can fake fingerprints made from wax molds.
Iris scan technology, less widely used so far, claims to be the most accurate biometric technology. No two irises are the same.
Shares of Identix, a leading public biometrics company, closed Friday at $4.03, down from a 52-week high of $10.76.
*******************************
San Francisco Gate
Users uneasy about claim to Web patent
SBC says it owns rights to Internet navigation technique
When British Telecom claimed in 2000 that it had patented the Web's ubiquitous hyperlink, the Internet erupted in a fit of protest that lasted until the company lost its test infringement case against Prodigy Communications last summer.
That has not stopped Prodigy's parent company, SBC Communications, from asserting a patent claim on a Web navigation technique that is nearly as widely used. According to letters that SBC mailed last week, the company believes that any Web site with a menu that remains on the screen while a user clicks through the site may owe it royalties.
Web developers have responded by checking off examples of how the technology may have been used before SBC applied for its patent in 1996. Several said the technique, in which frames are used to define areas of the screen that stay frozen while the user looks through other pages, was introduced with the Netscape 2.0 browser in 1995.
"We've designed hundreds of sites like this," said David VanderVeer, chief executive of WebCreators Inc., whose client Museum Tours received one of the letters from SBC. "This would affect hundreds of thousands of sites."
The SBC effort is one of several in recent years by companies seeking to enforce patents on software operations so popular that computer industry veterans argue that they do not comply with the Patent and Trademark Office's requirement that an invention be nonobvious to get a patent.
Divine Inc., for instance, recently claimed patent rights to shopping-cart technology used by thousands of e-commerce sites.
Jason Hellery, an SBC spokesman, said the company had mailed 30 letters so far, outlining licensing terms of $527 to $16.6 million per year, depending on the annual revenue of the licensee. The initiative is the first by a division that SBC formed last year to mine the company's portfolio of several hundred patents.
"Active protection of patent rights is a common practice among patent- holders worldwide," SBC said in a statement.
Some economists argue that expensive and time-consuming legal disputes over licensing, as well as fear of inviting a lawsuit, may be hindering innovation rather than promoting it.
"If you get a lot of letters from attorneys flying around, the risk is that no one has enough certainty of the freedom to invent without getting such a letter," said David Mowery, a UC Berkeley economist who is investigating trends in software patenting for the National Academy of Sciences. "One risk is (that) the overall progress of technical advance starts to slow down."
*******************************
Guardian (UK)
The battle for cyberspace
Steve Bowbrick on the epic struggle between media owners and file sharers
Tuesday January 28, 2003
The public domain is in the news again. Net-heads and cyber-libertarians are worried that the public domain is being eroded and enclosed, while media owners fear a ravenous, technology-enhanced public domain will eat their businesses. Who's right?
The public domain is a tricky concept to define. We can be sure that every community in history has had a public domain of some kind - a shared resource such as grazing land, communal housing, ideas.
We also know that it's not a stable concept, that it shrinks and expands, century by century, place by place. In some periods the public realm is rich and productive (Florence in the Renaissance), in others thin and troubled (Soviet Russia).
A good public domain has a signature we recognise. It is open, forgiving of experiment, balanced as to ownership and exploitation of ideas, innovative.
We're seeing a wave of technical and social change as well as the arrival of cheap, networked computers. Some think that we're at an "inflection point", that we could either wind up with an immeasurably richer public sphere or that it could wither and collapse. The fact that everyone is thinking about the public domain now is instructive. We only notice it when it's changing.
The war of the file sharers and the media owners is a great drama, a conflict on an epic scale. Books will be written, movies will be made. But it's not the first time public and private have clashed.
Attacks on the public domain usually come from ruling classes and economic elites: enclosers, industrialists, colonists. Defence is organised from below: Diggers and Levellers, squatters and trespassers.
But for such a contested concept, the public domain is remarkably robust. Centuries after capital was first employed to organise and exploit natural resources, our world has demonstrably not been reduced to a homogenous field of ownership and exploitation. It remains an uneven mixture of public and private - and there's a great deal of traffic between the two.
In the world of ideas, new technology persistently upsets our understanding of what's public and what's private. Printing with movable type, photography, audio and video cassettes, genomics, open source software, CCTV and now file sharing: all alter the context because they permit us to move value - social, cultural, economic - from one realm to the other.
Sometimes a technology can work to enclose or shrink the public domain. The patenting of organisms and genes, for instance, redefines a historically public category of knowledge as property, exploitable and tradable like other assets.
To environmental campaigners and to the developing world, terminator genes and patented seed stock promise to remove vital tools and know-how from the public domain all together - condemning farmers and communities to indefinite servitude to western agribusiness.
But it's not a one-way street. To the media firms, Napster, Kazaa and their successors promise the final dissolution of their ownership rights in digital media.
They see the file sharers (the industry's own "axis of evil") moving their entire asset base into a hugely expanded public domain.
Consider this dizzying fact: it's certain that every track from every major label's current catalogue is now online for free download somewhere. File sharing is the public domain's most vigorous counter-strike yet, a snatch operation of extraordinary effectiveness.
The net says: "We, the networked people, hereby redefine your expensively-cultivated asset-base as a public good. Furthermore, we jointly and severally rescind any contract we might once have had with you to pay for this stuff. It's ours now. Sorry, guys!"
Should we be surprised that the record labels and their trade bodies fight back? And fight back as if this were their last fight? No, we shouldn't.
So is this really the end for the media owners? Has their principle asset - the bank of content, talent and potential in which they have invested so much - now been effectively written down to zero? Have the file sharers done for the entire media industry?
Predictably, and perhaps boringly if you were looking for the big story, the answer is no.
The media firms will adapt to the new distribution realities and stretch to accommodate entirely new models for rights exploitation. These new models, including legalised file sharing, will sit quite comfortably alongside classically packaged and distributed content - just as the racks of vinyl sit weirdly alongside the CDs in your local Mega Media Outlet.
Remember, audio cassettes and video tapes went from an industry-threatening pirate's charter to a profitable part of the value chain within five years of their introduction.
No one should underestimate the magnitude of the challenge faced by the big media owners. But they have precedent, money and influence on their side.
*******************************
Info World
U.S. agencies get help with security patches
Program provides one-stop shop for software fixes
By Grant Gross
January 24, 2003
WASHINGTON -- U.S. government agencies gained a new tool for fighting computer vulnerabilities this week with the launch of a new service that helps them find the security patches they need.
http://www.infoworld.com/article/03/01/24/030124hnuspatches_1.html
*******************************
MSNBC
Senators offer bill to fight ID theft
Legislation seeks to limit access to Social Security numbers
WASHINGTON, Jan. 27 Legislation to help protect Americans from identity theft was put forward by a bipartisan group of senators on Monday, in an effort to prevent what the government says was the number-one consumer complaint last year.
IDENTITY THEFT some of the most common practices are maxing out credit cards and running up bills in someone else?s name is the largest white-collar crime in America today, Sen. Dianne Feinstein, a California Democrat, said in a statement announcing the bill.
She said the legislation offered by herself, Democrat Patrick Leahy of Vermont and Republican Judd Gregg of New Hampshire would make it harder for identity thieves to obtain Social Security numbers that are then used to get access to private credit information.
?The Federal Trade Commission last week announced that the number of identity theft complaints has doubled to 160,000 in just the past year. We need to take action to stem the tide,? Feinstein said.
Social Security numbers are assigned to working Americans to track their contributions to the federal retirement benefit program, but are also widely used for identity purposes.
The legislation seeks to get these numbers out of the public domain. It would prohibit the sale or display of the numbers to the general public, and remove them from government checks and drivers? licenses.
It would also require Social Security numbers to be taken off public records published on the Internet.
?An enormous amount of information is tied to a person?s Social Security number,? Gregg said in the statement.
?If that number falls into the hands of the wrong people, a person?s identity can be stolen right along with the money in their bank account. This legislation protects the right to privacy and protects against identity fraud.?
A similar bill was approved by the Senate Judiciary Committee last year but never came up for a vote in the Finance Committee, which also had jurisdiction, and did not reach the Senate floor.
The FTC said last week that 43 percent of the 380,000 complaints logged by the agency and other consumer-protection organizations last year had to do with identity theft.
*******************************
MSNBC
Breaking down the .Net barriers
Volunteer effort could oblige Microsoft to work with Linux
BOSTON, Jan. 27 A lot of people are watching Miguel de Icaza, a bubbly young Mexican programming whiz behind an unusual project he named ?Mono,? Spanish for monkey. Icaza?s company, Ximian, has already produced software called Evolution that gives users of the free, open-source Linux operating system e-mail and calendar tools comparable to those that run on Microsoft?s Windows operating system. But Icaza?s latest extracurricular work could have a greater impact. With the Mono project, he and about 130 other volunteer programmers are trying to break down the walls between Linux and Microsoft?s new ?.NET? software development platform.
?I DON?T THINK it?s ever going to wipe out Microsoft,? he said in a recent interview. ?But it?s going to be a fairer universe.?
If successful, Mono will allow .NET programmers to write software not just for Windows computers and gadgets but also for those running Linux and other variants of the Unix operating system.
It also will simplify the process, allowing developers to use multiple programming languages to write applications that work in many different software environments.
Mono?s impact will ultimately depend on who ends up controlling it. Microsoft could adopt Mono as a kind of super standard of its own. Or Mono could end up in the hands of a rival like IBM that could use it to undermine Microsoft?s power.
(MSNBC is a Microsoft - NBC joint venture.)
?If it does work, certainly it would transform the dynamic,? said Rob Enderle, a research fellow at Giga Information Group. ?It becomes a de facto standard, potentially more powerful than .NET. But without a major backer like Microsoft, it could have a hard time reaching that potential.?
Why is the Linux-.Net bridge so important?
Microsoft hopes to make .NET (pronounced ?dot Net) the lingua franca of the next generation of computer programs, helping information flow seamlessly from servers to desktop and wireless devices of all kinds.
But in an acknowledgment that Windows is unlikely to obliterate Linux especially on new handheld devices and appliances where Linux is gaining traction Microsoft appears to have decided that customers will demand that .NET communicate with Linux.
- That could be a big breakthrough for Linux, whose supporters must persuade skeptics that adopting Linux won?t isolate their technologies from Microsoft?s universe.
While there have been a number of high-profile ?defections? to Linux, whose basic code is free, many have held back for fear they?re backing the wrong horse. Forrester Research has reported that just 10 percent of 3,500 top companies have implemented Linux for any tasks at all.
?In their mind, .NET is unstoppable,? Enderle said. ?Betting against .NET, particularly if you?re a large business, looks like a fool?s bet.?
Mono, however, could change that equation. It already appears to be factoring into the decisions of sophisticated users.
?(Mono) is of great interest to us,? said Colin Hope-Murray, the chief technology officer of the global infrastructure organization at Unilever, which announced its switch at last week?s LinuxWorld conference.
BRINGING LINUX TO THE DESKTOP
Linux backers also have been heartened by an explosion in Linux software.
Most notable are programs like Ximian?s Evolution and its Red Carpet software administration products, which have been downloaded an estimated 1.5 million times.
Also generating excitement is Linux distributor SuSE?s newly introduced desktop suite that lets users run Microsoft Office without Windows.
Icaza is a pathfinder in the world of bringing Linux to the desktop.
He was working as a computer lab technician at the National University in Mexico City when Ximian was founded in 1999. It was in that year that Massachusetts Institute of Technology awarded him ?innovator of the year.? He moved to the United States in 2000, where he?s been a prominent open-source supporter.
In his office, Icaza lunges for a pen and starts sketching diagrams on the wall, which doubles as a dry-erase board, to illustrate Mono?s progress so far. ?We?ve been 18 months on this thing, and we?ve built an amazing amount of tools,? he said.
Still, many, including Icaza, caution against over-hype, in part because .NET is not yet the dominant force Microsoft hopes it will become.
?Right now the attitude in the Linux community is kind of a ?hmmm, that?s interesting, show me more,? said Don Marti, editor in chief of Linux Journal.
Part of the skepticism comes from fear Microsoft will co-opt the technology. Icaza acknowledges some think he?s sold out.
But he denies Microsoft is funding the project, and says there is no ?official? relationship.
Microsoft?s ?help? has been limited to posting some code to a standards board and an occasional response from a Microsoft engineer on Internet message boards.
Microsoft declined to make a spokesman available but issued a statement saying it supports open standards.
Icaza?s real motivations, he insists, are selfish. Mono would be great for Ximian, and he?s got 130 volunteers doing work his company couldn?t do on its own.
Because its software is free and Ximian?s revenues come from services and support, the company doesn?t have much money for development.
*******************************
From owner-technews@xxxxxxxxxxxxxxxxx Wed Jan 29 14:14:44 2003
Received: from sark.cc.gatech.edu (sark.cc.gatech.edu [130.207.7.23])
by cleon.cc.gatech.edu (8.11.6/8.11.6) with ESMTP id h0TJEiK27625;
Wed, 29 Jan 2003 14:14:44 -0500 (EST)
Received: from postel.acm.org (postel.acm.org [199.222.69.7])
by sark.cc.gatech.edu (8.11.6/8.11.6) with ESMTP id h0TJEfX23453;
Wed, 29 Jan 2003 14:14:41 -0500 (EST)
Received: from postel (postel.acm.org [199.222.69.7])
by postel.acm.org (8.9.3/8.9.3) with ESMTP id OAA32482;
Wed, 29 Jan 2003 14:02:25 -0500
Received: from LISTSERV2.ACM.ORG by LISTSERV2.ACM.ORG (LISTSERV-TCP/IP release
1.8d) with spool id 0035 for TECHNEWS@xxxxxxxxxxxxxxxxx; Wed, 29 Jan
2003 13:39:35 -0500
Approved-By: technews@xxxxxxxxxx
Received: from hq.acm.org (hq.acm.org [199.222.69.30]) by postel.acm.org
(8.9.3/8.9.3) with ESMTP id NAA25544 for
<technews@xxxxxxxxxxxxxxxxx>; Wed, 29 Jan 2003 13:17:44 -0500
Received: by hq.acm.org with Internet Mail Service (5.5.2656.59) id <C9F2W2SK>;
Wed, 29 Jan 2003 13:29:58 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: text/plain; charset="iso-8859-1"
Message-ID: <8DFA8DABC2E6FA438EDCFD26881380A5D379A5@xxxxxxxxxx>
Date: Wed, 29 Jan 2003 13:29:51 -0500
Sender: ACM TechNews Early Alert Service <TECHNEWS@xxxxxxxxxxxxxxxxx>
From: technews <technews@xxxxxxxxxx>
Subject: ACM TechNews - Wednesday, January 29, 2003
To: TECHNEWS@xxxxxxxxxxxxxxxxx
Content-Length: 9903
Status: O
X-Status:
X-Keywords:
X-UID: 391
Dear ACM TechNews Subscriber:
Welcome to the January 29, 2003 edition of ACM TechNews,
providing timely information for IT professionals three times a
week. For instructions on how to unsubscribe from this
service, please see below.
ACM's MemberNet is now online. For the latest on ACM
activities, member benefits, and industry issues,
visit http://www.acm.org/membernet
Remember to check out our hot new online essay and opinion
magazine, Ubiquity, at http://www.acm.org/ubiquity
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ACM TechNews
Volume 5, Number 451
Date: January 29, 2003
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - -
Site Sponsored by Hewlett Packard Company ( <http://www.hp.com> )
HP is the premier source for computing services,
products and solutions. Responding to customers' requirements
for quality and reliability at aggressive prices, HP offers
performance-packed products and comprehensive services.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - -
Top Stories for Wednesday, January 29, 2003:
http://www.acm.org/technews/current/homepage.html
"Internet Attack Shows Vulnerability of System"
"Users Uneasy On SBC Claim To Patent On Web Tool"
"Internet Worm Unearths New Holes"
"H-1B Visa Awards Drop in '02"
"Companies Test Prototype Wireless-Sensor Nets"
"FBI's Computer Upgrade Develops Its Own Glitches"
"More Trouble Ahead for Moore's Law?"
"PSINet Europe Study Reveals Massive Vulnerabilities"
"What Next for the Internet?"
"Bell Labs to Collaborate on Flexible Displays"
"File-Sharing Service Says Studios, Labels Misuse Copyrights"
"Developers Turn to Linux, Stunt Microsoft Growth"
"Out of This World: NASA Tests Mobile IP in Space"
"Software Innovator David Gelernter Says the Desktop is Obsolete"
"Viruses Get Smarter"
"Simply Secure Communications"
"Hidden Pitfalls"
"Digital Dilemmas"
"Information System's Roles and Responsibilities: Towards a
Conceptual Model"
"Internet Attack Shows Vulnerability of System"
The Slammer worm, whose attack over the weekend represented the
most serious online assault in 18 months, demonstrates the
Internet is still highly vulnerable. The worm infected
defenseless machines, reproduced itself, and sent out large ...
http://www.acm.org/technews/articles/2003-5/0129w.html#item1
"Users Uneasy On SBC Claim To Patent On Web Tool"
SBC Communications sent out letters last week claiming it
holds the patent on a widely used Web navigation method; it
asserts that any Web site that has a menu that stays on the
screen while a user looks through other pages may have to pay ...
http://www.acm.org/technews/articles/2003-5/0129w.html#item2
"Internet Worm Unearths New Holes"
This past weekend's outbreak of the Sapphire worm demonstrates
that the increasing linkage of computer systems to the Internet
is creating unexpected vulnerabilities. The worm, which
proliferated with remarkable efficiency using a well-known flaw ...
http://www.acm.org/technews/articles/2003-5/0129w.html#item3
"H-1B Visa Awards Drop in '02"
The total number of approved H-1B visas in 2002 was 79,100,
compared to 163,000 visas the year before. Bob Cohen of the
Information Technology Association of America says this drop-off
clearly proves that the market "is self-regulating-that ...
http://www.acm.org/technews/articles/2003-5/0129w.html#item4
"Companies Test Prototype Wireless-Sensor Nets"
Four years after it was proposed by the Defense Advanced Research
Projects Agency (DARPA), the wireless-sensor network concept has
reached the prototype phase and is being tested by over 100
groups worldwide, according to David Culler of the University of ...
http://www.acm.org/technews/articles/2003-5/0129w.html#item5
"FBI's Computer Upgrade Develops Its Own Glitches"
The Trilogy project, an attempt to upgrade the FBI's antiquated
computer systems, has run into trouble since it was launched with
the blessing of Congress. A source close to the matter says the
project's original projected budget of $458 million will increase ...
http://www.acm.org/technews/articles/2003-5/0129w.html#item6
"More Trouble Ahead for Moore's Law?"
Technical complications arising from smaller chip sizes may
short-circuit Moore's Law, according to electrical engineering
professor Laszlo Kish, who teaches at Texas A&M University. He
says thermal noise and a lower noise-tolerance threshold work ...
http://www.acm.org/technews/articles/2003-5/0129w.html#item7
"PSINet Europe Study Reveals Massive Vulnerabilities"
Company networks and servers run the risk of being attacked
randomly by hackers from the very day their Internet connections
are established, while companies have not deployed the
appropriate safeguards to shield their IT assets, according to a ...
http://www.acm.org/technews/articles/2003-5/0129w.html#item8
"What Next for the Internet?"
The evolution of the Internet will be marked by diversity, and by
developments that will serve business users and consumers alike,
or offer advantages to one sector while negatively impacting the
online experience of the other. Some 200 U.S. universities and ...
http://www.acm.org/technews/articles/2003-5/0129w.html#item9
"Bell Labs to Collaborate on Flexible Displays"
Bell Labs will team up with DuPont and Sarnoff to develop thin
and flexible displays that use organic light-emitting diodes, in
a project funded through the National Institute of Standards and
Technology's Advanced Technology Program. Bell Labs researchers ...
http://www.acm.org/technews/articles/2003-5/0129w.html#item10
"File-Sharing Service Says Studios, Labels Misuse Copyrights"
Less than two weeks after U.S. District Judge Stephen V. Wilson
ruled that American music labels can sue Sharman Networks,
distributor of the software used by the popular Kazaa
file-sharing service, for copyright infringement, Sharman has ...
http://www.acm.org/technews/articles/2003-5/0129w.html#item11
"Developers Turn to Linux, Stunt Microsoft Growth"
Last year, a number of large IT vendors lined up behind Linux,
which analysts say portends tough times for Microsoft in the
enterprise-level of business. LinuxWorld 2002 featured large
showings from the likes of IBM, Hewlett-Packard, Dell, Sun ...
http://www.acm.org/technews/articles/2003-5/0129w.html#item12
"Out of This World: NASA Tests Mobile IP in Space"
NASA is using the space shuttle Columbia's orbital mission
between Jan. 16 and Feb. 1 to test a mobile Internet protocol in
space, notes Operating Missions as a Node on the Internet (OMNI)
program leader Jim Rash. The shuttle's onboard Linux-based ...
http://www.acm.org/technews/articles/2003-5/0129w.html#item13
"Software Innovator David Gelernter Says the Desktop Is Obsolete"
Yale University computer scientist and veteran developer David
Gelernter says he is now focusing on creating tools that make it
easier for users to find "stuff" on their computers and otherwise
improve the end user's computer experience. Gelernter says the ...
http://www.acm.org/technews/articles/2003-5/0129w.html#item14
"Viruses Get Smarter"
Security experts warn that computer viruses are becoming more
subtle and sophisticated, as well as more numerous. Polymorphic
programs are one emerging threat, an example being megaworms,
which target multiple vulnerabilities and can propagate using ...
http://www.acm.org/technews/articles/2003-5/0129w.html#item15
"Simply Secure Communications"
Virtual private networks (VPNs) can be clumsy and arduous to set
up and use, especially for IT managers; in response, vendors are
offering alternative access tools based on Secure Sockets Layer
(SSL) technology such as "instant virtual networks." Deployment ...
http://www.acm.org/technews/articles/2003-5/0129w.html#item16
"Hidden Pitfalls"
Companies that rushed to implement packaged enterprise
applications in an effort to avoid expensive internal system
development are feeling the pinch of hidden costs. There are
five outlined layers of potential hidden costs for packaged apps ...
http://www.acm.org/technews/articles/2003-5/0129w.html#item17
"Digital Dilemmas"
In the same way previous technological breakthroughs such as the
railroad and automobile produced economic bubbles and then rapid
societal change, we can expect computer and Internet technologies
to vastly change our world in the coming years. Economist legal ...
http://www.acm.org/technews/articles/2003-5/0129w.html#item18
"Information System's Roles and Responsibilities: Towards a
Conceptual Model"
The information system development (ISD) process could benefit
from a conceptual model that outlines the relationship between
the concepts of information systems' (IS) roles and
responsibilities. The definition of IS relevant to the model is ...
http://www.acm.org/technews/articles/2003-5/0129w.html#item19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-- To review Monday's issue, please visit
http://www.acm.org/technews/articles/2003-5/0127m.html
-- To visit the TechNews home page, point your browser to:
http://www.acm.org/technews/
-- To unsubscribe from the ACM TechNews Early Alert Service:
Please send a separate email to listserv@xxxxxxxxxxxxxxxxx
with the line
signoff technews
in the body of your message.
-- Please note that replying directly to this message does not
automatically unsubscribe you from the TechNews list.
-- To submit feedback about ACM TechNews, contact:
technews@xxxxxxxxxx
-- ACM may have a different email address on file for you,
so if you're unable to "unsubscribe" yourself, please direct
your request to: technews-request@xxxxxxx
We will remove your name from the TechNews list on
your behalf.
-- For help with technical problems, including problems with
leaving the list, please write to: technews-request@xxxxxxx
----
ACM TechNews is sponsored by Hewlett Packard Company.