[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips May 5, 2003

To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;, BDean@xxxxxxx;
Subject: Clips May 5, 2003
From: Lillie Coney <lillie.coney@xxxxxxx>
Date: Mon, 05 May 2003 15:39:54 -0400

Clips May 5, 2003

ARTICLES

Making It Harder for Prying Eyes
OMB and GSA will streamline enterprise licensing
FDA seeks data-mining tools
Survey: Low-tech pricing preferred
Eyes on the spies
OMB working on new privacy guide
Wider net cast for Amber Alerts
Health agency closes gap on verification
FCC bureau seeks to manage globally
Offshore Coding Work Raises Security Concerns
HIPAA could hamper medical research
'Smart Park' Is Keeping Watch

*******************************
Wired News
Making It Harder for Prying Eyes
02:00 AM May. 05, 2003 PT

A bill in the California state legislature would protect the anonymity of Internet users by requiring Internet service providers to send customers copies of subpoenas seeking to learn their identities.

If passed, California's Internet Communications Protection Act would become the second state law requiring that consumers be alerted when an ISP is issued a subpoena to find out an anonymous Internet user's true identity. Virginia passed a similar statute last year.

The debate over anonymous online speech has heated to a boil in recent years, with companies and individuals increasingly seeking to have ISPs and Web publishers subpoenaed to learn the names of online critics and people suspected of copyright violations. Yahoo alone expects to receive 600 civil subpoenas this year -- a 50 percent jump from 2002.

Such requests seek a variety of personal information about Internet users, including full names, Social Security numbers, home addresses and pseudonyms they've used online.

The California legislation would require ISPs to send copies of civil subpoenas to their customers by registered mail within 14 days of receiving them. If the customer decides to fight the request, he or she would have 30 days to serve both the ISP and the issuing party with written copies of the objection.

ISPs that fail to comply with the act could be sued by their customers.

"This bill would mean more privacy for regular Internet users," said Cindy Cohn, legal director of the Electronic Frontier Foundation, a digital rights advocacy group.

The EFF, which sponsored the bill, has come to the aid of several defendants whose ISPs were subpoenaed for their personal information after they posted critical remarks about companies and individuals online.

Most recently, the foundation filed a motion to quash a subpoena seeking the identity of a California man who advised members of a Yahoo message board not to invest in an Illinois company. In that case, the EFF maintains that the John Doe was exercising legal free speech and the subpoena was an attempt by the company to silence him.

"What we've seen is that people who are trying to shut other people up are filing frivolous lawsuits, issuing a subpoena to get someone's identity just to harass the person, then dismissing the lawsuit," Cohn said. "For many people just getting their names turned over is enough to scare them out of speaking."

The California bill was passed by a 12-6 margin in the Assembly's Committee on Arts, Entertainment, Sports, Tourism and Internet Media, with all the nay votes coming from the committee's Republicans.

"It's one of those Catch-22 situations," said Assemblyman Doug LaMalfa, one of the dissenting Republicans. "We want to support the right to privacy but this bill goes too far. It is fraught with opportunity for litigation."

LaMalfa said he was concerned that the consumer notification requirement would unduly burden ISPs' legal departments, a claim backed by Internet powerhouse Yahoo, which opposes the measure.

Yahoo, which has more than 200 million registered users, says that if the bill becomes law, it will cost the company at least $6 million in the first year. Yahoo argues that the onus of subpoena notification should be put on the issuing party, not on ISPs.

"The bill would create an unprecedented role for Internet companies by forcing nonparty witnesses to act as intermediaries between the parties to litigation and to bear liability for responding to compulsory legal process," wrote John Scheibel, Yahoo's vice president of public policy, in a letter to the commission.

But the author of the bill, Assemblyman Joe Simitian, said such concerns were unfounded because the measure includes a provision allowing ISPs to charge the issuing party a fee for processing the requests.

"I feel the bill balances the legitimate competing interests," Simitian said. "ISPs will be able to recover their costs and consumers' privacy online will be protected."

The bill is scheduled to be heard by the Assembly's Judiciary Committee on May 6.
*******************************
Government Computer News
05/02/03
OMB and GSA will streamline enterprise licensing
By Jason Miller

The Office of Management and Budget and the General Services Administration are preparing agency guidance and a request for industry comment that would change the way the government buys software.

The two agencies hope to drive down the cost of enterprise licensing and improve the overall terms the government gets from software vendors, said Keith Thurston, assistant deputy associate administrator in GSA?s Office of E-Government and Technology.

GSA is leading the effort through a program called SmartBuy, which aims for software managed and acquired on the right terms. SmartBuy will establish contracting vehicles from which individual agencies or the entire government can buy large numbers of software licenses. OMB announced SmartBuy in last month?s E-Government Strategy report.

The agency guidance and RFC will be out later this summer, said a government official who requested anonymity.

?The push is to aggregate requirements and put in place agreements so that the government benefits from being a large buyer,? the official said. ?The federal government often is a vendor?s largest single customer, and we ought to be getting the best price. Many times we don?t act like the largest customer because of the way we purchase goods and services.?

The Interior Department, the Navy and GSA already are buying software licenses on a agencywide scale, Thurston said.

Mary Mitchell, deputy associate administrator in the Office of E-Government and Technology, said SmartBuy initially will target specific software classes such as antivirus and network management applications. An interagency working group is developing goals, performance metrics and how SmartBuy will work, she said.

?We hope to have some experience in buying governmentwide before the end of this fiscal year,? Mitchell said.
*******************************
Government Computer News
05/02/03
FDA seeks data-mining tools
By Patricia Daukantas

The Food and Drug Administration has signed a two-year cooperative R&D agreement with Lincoln Technologies Inc. of Wellesley Hills, Mass., to develop new data-mining techniques for the agency?s Adverse Events Reporting System.

The adverse-events database already contains more than 2 million reports of patients? reactions to drugs and biologics. More than 300,000 new reports are added annually, said Paul J. Seligman, director of the Office of Pharmacoepidemiology and Statistical Science in FDA?s Center for Drug Evaluation and Research.

Biologics are therapeutic substances derived from living sources such as human blood plasma, animals and microorganisms.

?It?s basically our window into what is happening with drugs once they?re marketed in the United States,? Seligman said.

FDA investigators need the data-mining tools to spot trends in the data and to study complex drug interactions. The adverse-events system, using an Oracle Corp. database, stores ages and genders of patients but not their names or other identifying data, Seligman said.

He is one of two principal FDA investigators for the research agreement, which also involves the agency?s Center for Biologics Evaluation and Research.
*******************************
Boston Globe
Survey: Low-tech pricing preferred
Consumers weigh in as state mulls use of bar-code scanners
By Bruce Mohl, Globe Staff, 5/5/2003

State Attorney General Thomas F. Reilly wants shoppers to start using sophisticated bar-code scanners to check the prices of store products. But a new survey indicates consumers prefer the existing low-tech approach of having stores stamp individual price tags on items.

Reilly's office today holds the first of two hearings on a proposed regulation that would allow non-supermarket retailers to avoid the costly process of item pricing if they make available to shoppers bar-code scanners that can spit out price tags. Goods costing more than $200 and health and medical items would still have to be marked.

Aides to Reilly say the proposed regulation strikes a proper balance, letting shoppers stamp prices on their own items while allowing retailers to substitute technology for the expensive and labor-intensive process of stamping prices on most items in a store.

Massachusetts and Michigan are the only two states in the country that require retailers to mark individual prices on most store products. In Massachusetts, non-food retailers are covered by the attorney general's regulation while supermarkets have their own item pricing law.

Reilly has never enforced his item-pricing regulation but nevertheless gave it a strong endorsement just two years ago after a lengthy review. But after Home Depot settled a private class-action lawsuit for $3.8 million last year over item pricing, and several more suits were filed against other major retailers, the attorney general switched course.

''I think that his review proved to be a bit flawed. It didn't anticipate all the real-world applications and problems,'' said Jon Hurst, president of the Retail Association of Massachusetts. Hurst said Reilly was also spurred to modify his item-pricing regulation by the ''outrageous outpouring of demands by class-action attorneys.''

On the eve of today's hearing, a leading supporter of item pricing commissioned a survey of 270 shoppers at three retail locations in the Boston area that found consumers strongly support the existing law. The survey, conducted by Boston Field & Focus, was not designed to be representative of the state's population.

''Consumers have spoken loudly and clearly,'' said Edgar Dworsky, the editor of Consumerworld.org, who said he raised money from private donors for the survey. ''They find item pricing very valuable, they want to keep the law on the books, and they soundly reject the technological alternatives. The trouble is, no one seems to be listening.''

The survey indicated 86 percent of the 270 consumers interviewed at the Meadow Glen Mall in Medford, Faneuil Hall in Boston, and the Westgate Mall in Brockton favored retention of the existing item-pricing regulation, with 79 percent saying that checking a price tag on a product is their preferred method of determining its price.

More than two-thirds of those surveyed said they disapproved of replacing the current system with one featuring aisle bar-code scanners for checking prices or for printing out price tags. By a margin of 56 to 44 percent, they also opposed systems that would electronically display prices on store shelves.

Even when told that it might cost an extra 2 or 3 cents an item, 74 percent of those surveyed said item pricing was worth it.

While Reilly is moving to revamp his regulation covering non-supermarket retailers, proposals have also been circulating on Beacon Hill that would modify rules for all retailers by allowing them to avoid the burden of item pricing if they pay a registration fee to the state.

Reilly's hearing today begins at 10 a.m. on the 21st floor at 1 Ashburton Place. The second hearing is being held Wednesday in Springfield.

Bruce Mohl can be reached at mohl@xxxxxxxxxx
*******************************
Boston Globe
Eyes on the spies
Priceline founder Jay Walker wants to recruit a network of spotters to boost homeland security remotely -- from their own homes
By Hiawatha Bray, Globe Staff, 5/5/2003

TAMFORD, Conn. -- On Sept. 11, 2001, Americans learned how easy it was for a handful of fanatics to kill thousands of people and destroy billions of dollars worth of property. Twenty months later, it's still far too easy. The reason isn't bureaucratic bungling, or the cunning of terrorists. It's much simpler than that: Even with beefed-up security, there are just too many targets here. There are 2,800 electric power plants in the United States, 5,000 airports, 1,800 federal water reservoirs, 300,000 gas and oil production sites, and thousands of other sensitive locations. We'd need a new security force, numbering in the thousands, to have any hope of guarding every vulnerable spot from spies, intruders, or saboteurs.

Connecticut inventor and entrepreneur Jay Walker says he can recruit just such a security force over the Internet. He believes that thousands of Americans armed with home computers could form the first line of defense against terrorist attack. ''My guess,'' said Walker, ''is it's going to be the most powerful solution yet developed.''

Walker's plan is called US HomeGuard, and it's an idea that at first hearing might sound impractical, even bizarre. Its reliance on Internet technology is bound to be controversial among security experts who fear the Internet itself is vulnerable to attack, and its business logistics may prove difficult to implement. Walker says he developed HomeGuard less as a business plan than a citizen's contribution to homeland security, and he may leave the business to others.

But he has clearly caught the ear of some influential people, including Charles Boyd, the retired Air Force general who served as executive director of the Hart-Rudman National Security Commission, which warned of a massive attack on the United States eight months before Al Qaeda struck. ''I have been briefed on it, and I found the idea interesting and appealing,'' said Boyd. ''I don't know if the damn thing will work or not. But I like two things about it: I like innovative thinking . . . and I like ideas that engage and energize the citizenry.''

RELATED INFORMATION

How HomeGuard works

Walker has a way of coming up with ideas that seem extreme until someone tries them. In 1997, he decided that airlines could fill up their empty seats by letting customers bid for them over the Internet, naming their own price instead of paying the standard rate. That idea became Priceline, one of the leading Internet travel companies.

Priceline was conceived in the corridors of Stamford-based Walker Digital LLC, a firm specializing in the invention of business processes. ''We don't invent widgets,'' said Walker, ''we invent systems.'' Generally these systems involve the use of existing technologies in ways nobody else had thought of. Walker Digital earns patents on its new processes -- over 200 so far -- and either licenses the patents to other companies, or seeks to turn them into businesses.

Priceline was Walker Digital's most spectacular success, but it came to grief during the Internet bust. One reason was Walker's decision to expand his business model into other markets, such as groceries and gasoline. The customers loved the new service, called WebHouse. But unlike the airlines, grocers and fuel merchants refused to cut their prices, forcing WebHouse to pay for the discounts it offered. WebHouse burned through $363 million before shutting down in the fall of 2000, after just one year.

By year's end, Jay Walker had stepped down from the Priceline board, to focus once more on Walker Digital. By then, the value of Priceline stock had plunged from $162 to just over $1, and Walker, once a billionaire on paper, fell from business magazine listings of America's richest people.

Being an ex-billionaire is no big deal, Walker said; worse things can happen. ''What's hard is to be an ex-husband or an ex-wife, or an ex-father of a dead child, or an ex-person who used to have two legs . . . or an ex-person who used to have his memory and now has Alzheimer's. That's hard. Having more or less zeroes in some bank account isn't hard.''

Surely there are still a fair number of zeroes in the Walker bank account. His cozy office here is crammed with costly memorabilia from the space program and World War II. There's a genuine German Enigma machine used by the Nazi military to send coded messages, and a page from the navigation log of the Enola Gay, which dropped the atom bomb on Hiroshima.

Then there's US HomeGuard, an idea that has already absorbed $1 million in research and development funds, money that Walker has no intention of recouping. Indeed, he wants to sell the concept to the US government for a dollar. The government would then set the standards for implementing the plan and issue a contract with private companies to build it out. Walker said he might be involved with implementing the plan, but said that was not a priority for him.

Why so generous? Because Walker was driving through New York on Sept. 11, 2001, headed for a meeting of employees on the 21st floor of the Woolworth Building, just two miles from the World Trade Center. Walker's colleagues watched the planes slam into the buildings.

''Right after 9/11,'' said Walker, ''I pulled a team together of our very best people and I said, `Good news, we're about to take on a new problem. . . . We're going to work to see what kind of contribution we can make to national security.' '' They had no idea what to do. But they knew how to design systems for doing things, using technologies that already exist. What anti-terrorism tools could be created by such a method?

It took them 10 months to figure it out. Some concepts were dismissed out of hand. For instance, they couldn't prevent the smuggling of a nuclear weapon inside a shipping container; detection technology isn't good enough yet. In the end, the team decided they could find a way to keep unauthorized people out of sensitive places, like nuclear plants or oil refineries. ''That's a system problem,'' said Walker. ''That's not a technology problem.''

In fact, US HomeGuard relies on lots of technology. But all of it is readily available; there's no Buck Rogers gadgets here. Instead, the system would use thousands of digital cameras placed at sensitive areas. The cameras are only put in places that are supposed to be unoccupied, so there's no danger of invading someone's privacy. They'll be equipped with infrared capability, for use even at night.

The images from the cameras would be fed to computers capable of detecting whether anything in the image has moved. Pictures that show no movement are instantly discarded. That will leave only a tiny percentage of questionable images, which must be turned over to human viewers.

That's where the Internet comes in. Walker Digital had already been working on a concept called ''digital piecework'' -- an efficient way for people to do hourly clerical tasks for pay on their home computers. US HomeGuard takes advantage of this research. It would relay suspicious pictures to the home computers of ordinary people, called spotters, who'd be paid $8 to $10 an hour to review them for evidence of trespassing.

Internet security expert Elias Levy, architect of the Deep Sight threat management system created by Symantec Corp., said US HomeGuard's basic design seemed sound. But he warned that relying on the Internet to relay security information could cause problems.

''Ninety percent of the time it will work,'' Levy said. ''The other 10 percent [of the time] you may have problems.''

Levy pointed to incidents like the release of the Nimda worm, which dramatically slowed network performance worldwide. A similar worm, he said, could cripple US HomeGuard even if the security service was not the target. Levy also noted that if someone could take down the US HomeGuard control center, it would expose thousands of sites to attack and security officials would have no way of knowing which site was the real target.

Whether HomeGuard can build safeguards against such a scenario remains to be seem. As Walker envisions, it's a simple Web-based system, with three mouse-activated push buttons on the screen. If a picture shows a person or vehicle, spotters press ''yes.'' If not, they press ''no.'' There's a third choice when the spotter isn't sure.

Spotters aren't told what site they're looking at or where it's located; they don't need to know. Each picture is sent to three different watchers for greater accuracy. This also helps ensure that nobody tries to cheat the system by simply pressing buttons at random. ''False positive'' pictures of apparent intruders are also regularly sent, so the viewers are used to seeing people in the images; this prevents panic when a real intruder comes along.

If anybody clicks yes on a picture, it's instantly sent to more spotters. If one or more of these clicks yes, the picture is relayed to a central security office, which contacts the site where the camera is located, and warns of a possible intruder. In theory, the entire cycle should take about 30 seconds from the moment a trespasser appears.

With about half of American homes logged into the Internet, millions of people are potential US HomeGuard employees. They could work part time, at nights, or on weekends, without leaving their living rooms. ''It employs people part time, very productively, who may not be employable in other ways,'' said Walker. It can even spread the security workload across multiple US time zones. For instance, when it's 3 a.m. in New York, it's 9 p.m. in Hawaii -- prime time for webcam-watching.

Contractors would have to do extensive screening to make sure spotters are trustworthy and competent at their jobs, suggested Charles Kolodgy, research director for security products at the Framingham-based technology research firm IDC. ''The hardest task would be persuading people who'd buy this on the reliability of people at the other end,'' Kolodgy said.

Of course, nobody has actually tried Walker's plan, and he admits that until it's tested, ''we don't know whether it will do what we say it will do, at the cost we say it will cost.''

He's in discussions with government officials he won't name, hoping that the federal Treasury will provide the funds for a full-fledged pilot program. ''When the funding arrives, if it does, we are prepared to move very quickly,'' said Walker.

Hiawatha Bray can be reached at bray@xxxxxxxxxx
*******************************
Federal Computer Week
OMB working on new privacy guide
BY Diane Frank
May 5, 2003

The Office of Management and Budget is developing new privacy guidance that will provide agencies with more specifics about when information must be protected.

The new guidance, due out soon, is required under the E-Government Act of 2002 to help agencies comply with the more stringent privacy mandates laid out in the act.

OMB's guidance will build on existing policy and best practices, but it will be more detailed and will help agencies determine exactly when they must conduct privacy impact assessments, said Dan Chenok, branch chief for information policy and technology at OMB.

Agencies must perform an assessment before a procurement or system is designed. If the assessment shows that information is not appropriately safeguarded, then agencies must consider alternative plans. This applies to any information the government holds.

Chenok was speaking April 23 at a forum sponsored by the Council for Excellence in Government and the Center for Democracy and Technology in Washington, D.C.

The act is very specific about what the guidance must include. It highlights the information that a privacy impact assessment must consider and what a Web site privacy policy should include.

Getting information to the people who need to see it will not be easy, said Franklin Reeder, chairman of the federal Computer System Security and Privacy Advisory Board. He suggested that OMB encourage agencies to use organizations that represent a variety of citizen groups whenever possible in addition to posting notices in the Federal Register. Many citizens do not pay attention to those notices, he said.
*******************************
Federal Computer Week
Wider net cast for Amber Alerts
BY Dibya Sarkar
May 2, 2003

President Bush signed a measure into law April 30 that would establish a nationwide communications network to help recover missing or abducted children and teenagers.

The new law, called the Protect Act of 2003, strengthens and expands Amber Alert programs already established in 41 states. Amber Alerts use the Emergency Alert System (EAS) to quickly disseminate information via radio, TV, the Internet and even electronic highway billboards. Amber programs have been credited with saving the lives of 64 children.

"It is important to expand the Amber Alert systems so police and sheriffs' departments gain thousands or even millions of allies in the search for missing children," said Bush during the White House Rose Garden signing ceremony. "Every person who would think of abducting a child can know that a wide net will be cast."

According to the National Center for Missing and Exploited Children (NCMEC), the law provides $30 million from the Justice and Transportation departments to expand and enhance the 91 current local, regional, and statewide programs. The money will develop law enforcement and broadcaster training programs and improve the EAS.

Among other things, the law also imposes stiffer penalties on child sex offenders; prohibits supply or solicitation of anything purported to be child pornography, including computer-generated images; makes it a federal crime to use a misleading Internet domain name to trick adults or minors into viewing obscene material; and requires child pornographers to register in the National Sex Offender Registry.

The new law is part of a continuing fight against such crimes. Last year, America Online Inc. partnered with NCMEC to provide subscribers with alerts via e-mail, mobile phones, pagers or its instant messaging service about abductions. Another company, Fine Point Technologies Inc. also developed software to carry such alerts.

Last October, Bush directed the Justice and Transportation departments to develop training and education programs to expand Amber, coordinated through the Office of Justice Programs. Attorney General John Ashcroft also appointed an Amber Alert coordinator to oversee the nationwide effort. The new law formally establishes the position, and the coordinator is responsible to set clear and uniform voluntary standards across the country.

The Amber Alert program, created in 1996, was named after 9-year-old Amber Hagerman, who was kidnapped and murdered in Arlington, Texas. Her mother was at the signing ceremony, as was 15-year-old Elizabeth Smart who was abducted and held for nine months after being kidnapped from her bedroom in Salt Lake City.
*******************************
Federal Computer Week
Health agency closes gap on verification
Updated system lets hospitals check insurance eligibility
BY Dibya Sarkar
May 5, 2003

Not long ago, when American Indian patients walked in for care at the Albuquerque Indian Hospital, it was a chore to determine what kind of health insurance, if any, they carried.

The hospital is part of the Indian Health Service (IHS), an agency within the U.S. Department of Health and Human Services that serves about 1.6 million American Indians and Alaska Natives. The hospital used IHS' Resource and Patient Management System (RPMS), an integrated set of computer applications that performed a variety of administrative and health functions including eligibility verification.

However, RPMS was updated only monthly and eligibility usually couldn't be verified until 24 hours later, said Michael Weaver, who recently retired as the hospital's pharmacy director. Therefore, a hospital wouldn't know if a patient had insurance until after the visit.

That meant IHS units couldn't bill insurance companies or government programs for services. "We'd kind of lose them," he said, adding that the hospital sees 80 to 180 patients daily.

But for the past year or so, the hospital and several other IHS offices and facilities have been using a free, hosted Web-based verification system developed by two employees from IHS' Shiprock, N.M., unit, that offers instantaneous verification of a patient's insurance coverage.

"It's very simple," Weaver said. "You just click on the icon. Put the information in there, and it comes back and tells you if [patients are] verified or not. We could send them over to our patient benefits coordinator and have them apply for Medicaid" if they have no insurance.

Tom Duran, Shiprock's chief information officer, and Mike Pike, its information technology specialist, developed the E-Verify application in-house, and it is updated weekly as a way to beef up collections from Medicare/Medicaid and private insurance companies as Congress requires.

"We decided that it was important to determine what insurance the patient had so we could bill appropriately," Duran said. Providing adequate health services was becoming a problem in the Shiprock service unit, which serves approximately 50,000 and comprises the 52-bed Northern Navajo Medical Center, two health stations and two health clinics.

E-Verify helped double collection in the first month for Shiprock, Duran said, adding "it's done that every month thereafter." The product also helps save money.

For example, it costs about 30 to 40 cents to look up a patient's eligibility using commercial verification software, he said. With E-Verify, nearly 400,000 checks have been completed to date. If you multiply that by 35 cents per verification, it adds up to more than $140,000 saved, he said, adding that installation costs of up to $30,000 per site are also avoided.

The savings are significant, Pike and Duran said, because budgets are tightening and that could mean layoffs. By automating a facility's administrative functions, savings can be shifted to the clinical side, they said.

Based on E-Verify's success, the two are developing what they call an E-Series E for excellent system of other Web-based health administrative applications they've rolled out or are hoping to within the next year.

Currently, about 1,000 people across IHS use the E-Series system to some degree (see box).

"It sounds farfetched, but I want our hospital to be like the Starship Enterprise," Pike said, adding that the applications also can be used on wireless handheld devices without being reformatted.

Duran, a pharmacist by trade, said he envisioned the e-verification application three years ago. He added a $60,000 high-end server two years ago and InterSystems Corp.'s post-relational database called Caché. Then, he budgeted for developmental costs. The actual development of E-Verify now on its fourth version took Pike about 12 hours one day early last year. Although they couldn't tally their total developmental expenses, they said purchasing equivalent commercial software if it existed would have cost significantly more.

Although IHS has a central technology department, Duran said the Shiprock unit budgeted in-house development to speed up applications from concept to design. That was "needed to overcome what we were projecting at the time, a pretty large deficit," he said, adding that the IHS technology department reviewed the system to ensure it had robust security.

"The reason it took such a short time is because by putting development at the point of care, you can develop the software that's needed right then and right there," Duran said.

Pike said there are three elements underlying the E-Series applications. First, it runs on a Red Hat Inc. Linux operating environment because of its speed, reliability and uptime, he said. Second, he and Duran needed a database fast enough for searches. "Patients are sick so you have to get them through there as quickly as possible," Pike said. They selected Caché "because it currently is the fastest database engine available."

Third, Pike said, they needed a graphical user Web interface on top of Caché and chose InterSystems' WebLink Developer. "And the reason it had to be that way is because with IHS you have a million different platforms, a million different PCs, and we needed something that would run on everything," he said.

In developing the E-Verify application, Duran went to the insurance carriers within the IHS system, including the federal government and three states, to get eligibility information, which was put into a standard database dynamically updated each week. There are about 1.6 million such records so far, he said.

Weaver, the retired pharmacy director, said that Duran and Pike should be rewarded with a larger budget to do more applications. "They're finally moving us into the 21st century," he said.

***

E-Series applications

In addition to E-Verify, the E-Series suite of applications includes:

E-ID, a single point of authentication to verify users' credentials and give them authorized access for all or some E-Series applications.

E-Exec, to query and generate management reports.

E-Trax, help desk management.

E-Post and E-Batch, which take remittances or insurance carriers' paid claims and post them automatically to the system's billing records.

E-Code, a coding system that converts physician diagnoses into alphanumeric codes on the bill.

E-Nvision, a prototype for electronic health records.
*******************************
Government Executive
May 2, 2003
FCC bureau seeks to manage globally
By William New, National Journal

Telecommunications issues make life hard for policy makers because technology keeps changingrapidlyand because the public's needs keep growing in both number and diversity. Witness the past year's fight over the Tauzin-Dingell bill to provide high-speed Internet access. Magnify those complexities globally, and you have a typical day at the Federal Communications Commission's International Bureau.

"We have a mission in the bureau, and that is, as we say, to connect the globe for the good of consumers," said Donald Abelson, chief of the International Bureau. "We like to conceive of ourselves as the group that brings the message that the FCC is working on domestically to the world, and then we also bring the messages that we get from going to international meetings back to the FCC," he said. "So we see it as basically a two-way street."

The bureau also envisions speeding up authorizations of telecommunications facilities and services, and providing global leadership and efficient management of spectrum, he said.

The FCC, established in 1934, is an independent U.S. government agency directly responsible to Congress. It is charged with regulating interstate and international communications. The commission's jurisdiction is limited to the United States, but as a sign of the global transformation in communications, the International Bureau was created in 1994 to gather all of the FCC's increasing international activities into one place.

"The FCC is domestically focused, as well it should be," Abelson said in an interview with National Journal. But "telecom is a fluid, alive service. It does not stop at all borders."

Now, barely a decade after it was established, the bureau has defined its role as both a tough regulator and a hands-off adviser to U.S. agencies and other governments. U.S. industry sources are quick to cite the value of the FCC on international fronts, but they also wish that it would take more action to help U.S. firms.

Abelson came to the FCC in July 1999 from the Office of the U.S. Trade Representative, where he earned a reputation as a tough and effective negotiator. There, he led the U.S. delegation to the World Trade Organization negotiations on basic telecommunications services from 1994 to their conclusion in 1997; the talks were widely accepted as a trade success story. Abelson, 52, also negotiated the WTO General Agreement on Trade in Services in 1993 and other deals reaching back to 1977.

"Don is the single most effective international negotiator I've ever met," said Scott Harris, the first International Bureau chief and now a managing partner at law firm Harris, Wiltshire & Grannis. Abelson is the first career government official in the role of bureau chief, who serves at the will of the FCC commissioners. His predecessors had legal, business, congressional, and academic backgrounds, and all left government afterward; Abelson said he has no plans to do so.

Some industry representatives privately express concern about fundamental disagreements between the State Department, Commerce's National Telecommunications and Information Administration, and the FCC on international issues.

Abelson explained that Congress gave the administration the role of negotiating trade agreements through the Office of the U.S. Trade Representative, promoting exports through the Commerce Department, and representing U.S. political interests through the State Department. The FCC can advise on any of these activities and does so when asked, he said.

But at least one industry player is increasingly turning to those other agencies instead of Abelson's bureau to get things done internationally. "The bureau is doing great things, but not as many as they used to," the industry source said. "The things they do, they do well."

Industry, however, has applauded several recent actions the bureau has taken. In March, it ordered U.S. telephone carriers to suspend payments to six Philippine carriers after finding that some U.S. carriers' networks in the country were disrupted when they refused to pay rate increases. The action worked: The Philippine carriers reopened U.S. service, and within weeks the FCC bureau ordered payments to resume.

"They have demonstrated a willingness and effectiveness in weighing in with foreign governments where foreign carriers are acting anti-competitively," said Doug Schoenberger, director of government affairs at AT&T, one of the carriers affected in the Philippine case. "We think that's been critical in protecting U.S. consumers and carriers."

Stepping directly into industry relations is anathema to the FCC, which encourages industry negotiations over charges-called settlement rates-for completing calls in different countries. In 1997, the bureau established benchmark settlement rates based on three levels of economic development among other nations. Now 90 percent of telephone traffic, which is measured in minutes, is settled at or beow the benchmarks (60 percent is below), a development Abelson called "tremendous success." This year, the bureau is reviewing the benchmark policy. In its time the bureau has helped governments open their markets to competition, which sends rates down and use up.

In another well-received action, the bureau adopted a new licensing process last week to speed the delivery of satellite services to customers. The aim is to increase regulatory certainty and expedite the move to digital communications. The FCC also wants to ensure continuing U.S. leadership in the global satellite industry.

The FCC has become omnipresent at international forums involving telecommunications. For instance, FCC officials were consulted on the recently completed free-trade agreements with Chile and Singapore and are prepared to play a role in new trade negotiations, Abelson said.

"The FCC International Bureau provides a viewpoint essential for U.S. positions in multilateral and bilateral meetings," said Jason Leuck, director of international affairs at the Telecommunications Industry Association. "IB staff have worked well with industry and do an excellent job with limited resources."

The bureau's current signature role is perhaps its direct contact with regulators from other countries. "These are very detailed discussions, but they are not negotiations, they are about talking about what we do, and hearing about what they do," Abelson said. FCC officials abroad do not take the position that U.S. law is best for everyone, he said. "We're not so full of hubris that we think we got it completely right" with the Telecommunications Act of 1996, Abelson said. Rather, the United States can share with foreign regulators its seven years of experience under the act, and also learn from their experiences.

Abelson said his experts stand ready to help in Iraq, where the latest figures showed fewer than 13,000 Internet users and no cellphone carriers among the population of 24 million.

"Can you think of a place on Earth that doesn't have a cellphone carrier?" Abelson remarked. The "leadership in Iraq did not want people talking to one another, certainly did not want them talking to the rest of the world-that's Internet."

The International Bureau is split into three divisions in addition to the chief's office: telecommunications and spectrum policy; satellites; and strategic analysis and negotiations.

A top concern of the bureau is the cross-border reach of television and radio signals and coordination of spectrum space with Canada and Mexico. In addition, the bureau deals with undersea cables that reach U.S. shores, and with all incoming and outgoing international phone service. Finally, it takes the lead internationally on satellites.

International debate over accessing the spectrum necessary for wireless and satellite communications is evolving to reflect the blurring line between fixed and mobile services, Abelson said. For instance, a portable laptop computer that can receive a satellite signal is considered fixed, despite its mobility.

Spectrum issues will be among those addressed at the World Radiocommunication Conference, a triennial three-week U.N. gathering in Geneva in June. The U.S. delegation will be led by the newly named ambassador to the WRC, Janice Obuchowski of the Defense Department, but the FCC will be there to advise. In many international settings, the U.S. government pursues a policy of encouraging governments to refrain from heavy-handed regulation.

Every WRC in past years had one central issue that defined the meeting. But largely because of the growth of the Internet and of wireless technologies, this WRC is expected to have dozens of issues jostling for attention, Obuchowski said in a recent speech.

Among the more than 40 agenda items for the meeting is, for the first time, debate on whether to allocate unlicensed spectrum for wireless devices-such as the increasingly popular, high-speed WiFi-to revitalize the flagging telecom industry. The band of spectrum being considered is used for military radar. Six months of technical discussions between the Defense Department and industry resulted in a technology that will protect military communications from interference or interception. The new technology can detect when the radar is turned on and immediately switches the wireless device off the channel to avoid interference. The key has been finding the "sweet spot" that lies between being sensitive enough to protect the radar while not being so sensitive as to render the wireless devices inoperable, an industry source said.

Another, older issue likely to come up again is "prior consent," Abelson said. Some Middle Eastern governments want to be asked before television signals hit their territory; the U.S. position is that satellite transmissions should remain unfettered and that the concerned countries can simply prohibit the sale of dishes that would receive the signals.
*******************************
Computerworld
Offshore Coding Work Raises Security Concerns
Outsourcing critical software development to foreign workers puts systems at risk, users say
By DAN VERTON
MAY 05, 2003

MYRTLE BEACH, S.C. -- IT professionals are raising serious questions about the U.S. software industry's reliance on overseas software developers, arguing that the practice puts companies and the U.S. economy at risk.
A recent study by Gartner Inc. predicts that by 2004, more than 80% of U.S. companies will consider outsourcing critical IT services, including software development, to countries such as India, Pakistan, Russia and China. But some users said the trend needs to be given a sanity check in light of recent changes in the global security environment.

At last week's Techno-Security Conference here, users peppered a panel of corporate security officers with questions about the wisdom of outsourcing software development to cheap labor overseas, where there is little or no way to ascertain the security risk that workers may pose.

Of particular concern to some attendees is the work that is being sent to China. While not yet a major provider of outsourcing services, China has a significant economic espionage program that targets U.S. technology, the users noted. Also of concern are countries in Southeast Asia, particularly Malaysia and Indonesia, where terrorist networks are known to exist.

Speaking directly to Oracle Corp. Chief Security Officer Mary Ann Davidson, one audience member said that it's "ironic that the countries the software industry trusts the least with binary code are the places where source-code development is being sent."

Davidson acknowledged that Oracle, which sells its software to all of the major U.S. intelligence agencies, does outsource some of its development work to companies in India and China. However, "we give read access, not write privileges, to developers in India," she said. "And for the work done in China, it's quality control, and they do not need source-code access to do that."

Although Davidson acknowledged that there is "a national security issue" involved in moving development work overseas, she said there is also no guarantee that a worker who is a U.S. citizen won't intentionally harm source code.

The economic situation today is such that "you can't build these products without non-U.S. citizens," said Davidson. "Whether you like it or not, our national secrets are already being preserved by people who built these parts of the core infrastructure, and they're not U.S. citizens."

Assessing Risks

Tim McKnight, chief information assurance officer at Los Angeles-based Northrup Grumman Corp. and a former security officer at Cisco Systems Inc., said companies must put in place a verification and auditing process. And he said that effort will be costly.

"At Cisco, we had teams that would go overseas and verify the people that were there, monitor their access to file servers and source-code servers and do risk assessments," said McKnight. "It is very difficult to truly know who these people are. It can be done, [but] you really need buy-in from the top of the corporation."

A show of hands during the closing session of the conference indicated that the majority of attendees doubted the ability or willingness of software companies to conduct proper background investigations of foreign software coders working overseas.

That's not surprising, given that few companies in the U.S. conduct background investigations on IT personnel, said Joyce Brocaglia, CEO of Alta Associates Inc., a Flemington, N.J.-based executive search firm. "I'm surprised at how few of my clients actually do background checks on their information security professionals," she said. "At most, they require me to do a reference check."
*******************************
Computerworld
HIPAA could hamper medical research
By SHARON MACHLIS
MAY 05, 2003

New federal privacy guidelines are making it tougher for medical researchers to access large amounts of patient data -- and some researchers fear that could jeopardize studies of drug safety, medical devices and how to better predict and prevent disease.
"I think some projects are going to be much harder to do," said Dr. David Korn, a senior vice president at the Association of American Medical Colleges in Washington. Others simply won't be possible, he predicted.

The reason is HIPAA, the Health Insurance Portability and Accountability Act. Designed to give individuals more control over their personal medical information, HIPAA explicitly outlines how medical records can be given to third parties and carries stiff penalties for violations. The law's privacy provisions went into effect April 14.

"Most of what HIPAA expects is good common-sense management ... [but] it does introduce additional levels of complexity," said Stephanie Reel, CIO and vice provost for IT at Johns Hopkins University in Baltimore. "I don't think the HIPAA legislation intended to do harm to academic medicine, but it's complicated."

The stakes are high. Research projects that mine medical data have uncovered links between smoking, diet and lack of exercise and some diseases, as well as effective prevention strategies.

Major teaching hospitals like Johns Hopkins have systems in place to manage the process of making medical data available for research under HIPAA. In addition, some ongoing large-scale research efforts, such as the Framingham Heart Study in Massachusetts, rely on volunteer participants. Although such projects must comply with HIPAA, they are unlikely to be affected by a lack of access to data about additional patients.

But researchers said they're concerned about the fate of new studies that seek to examine large population samples. Such studies typically rely on data not only from teaching hospitals, but from community hospitals, medical clinics and other facilities as well.

HIPAA does provide ways for smaller hospitals to share data with medical researchers. However, information that could be matched to individual patients must be stripped out unless permissions or waivers are granted. A third option allows more limited information-stripping under special data-use agreements.

Researchers worry that the HIPAA guidelines are so cumbersome, and the penalties for violations so steep, that many community hospitals and clinics may decide it's safer and easier to say no.

HIPAA has "increased the perceived risks" for smaller institutions to cooperate with researchers, said Dr. David Savitz, chairman of the epidemiology department at the University of North Carolina at Chapel Hill's School of Public Health.

Korn said widespread use of a standard HIPAA-compliant computerized record-keeping system could solve the problem, allowing records to be quickly "de-identified" and transmitted. But in fact, many medical records aren't computerized at all. "When you're talking about paper charts, it just is a fearsome hurdle to try to make it de-identifiable," Korn said.

Preparing records for researchers will be "very burdensome" for hospitals, according to Lawrence Hughes, regulatory counsel and director of member relations at the American Hospital Association in Chicago. However, Hughes said he has yet to hear of hospitals that are now reluctant to give up information to researchers. But Korn said he has heard anecdotal reports of hospitals either refusing to turn over records or charging fees for the data.

The Association of American Medical Colleges hopes to compile a database so it can document the effect of HIPAA on research activities. "I think it's going to be a problem," he said. "I hope it won't."
*******************************
Los Angeles Times
'Smart Park' Is Keeping Watch
Surveillance cameras, infrared sensors and other high-tech gadgets help monitor facilities.
By Tina Daunt
Times Staff Writer

May 5, 2003

To civic planners in Glendale, Palmer Park has everything a recreation area needs kiddie swings, walking trails and infrared sensors concealed in the shrubbery.

If someone scales the fence after the park closes at 10 p.m., more than a dozen electronic sentries whirl into action.

One foot on the manicured lawn triggers the sprinklers, while the sensors set off alarms at the park rangers' headquarters.

The tops of the fence curve inward to prevent escape, leaving the intruder trapped and, presumably, wet.

Glendale officials have touted Palmer as a "smart park," and although the technology may be more advanced than in other parks, the idea of high-tech monitoring is catching on.

In April the Pico Rivera City Council agreed to place 33 cameras at five parks and a city building to snare taggers.

Los Angeles officials, under orders from Mayor James K. Hahn to clean up the parks, are having monitoring devices installed in some crime-plagued recreation centers.

The first cameras will be installed Wednesday at Central Recreation Center near USC.

Opinions vary about whether this is a good idea.

On a recent afternoon at Palmer Park, several patrons said they were pleased that the devices were in place.

"For me, it's OK," said Ethel Medina, when told of the electronic sentries. "It's for our safety. At night, we don't know who will try to vandalize the place."

But Mischa Kopitman, who immigrated to the United States from Russia 12 years ago, said the security equipment reminds him of his native country.

"A lot of people around the world think the United States is very progressive," he said.

"But it's a lot more conservative than anyone would expect. You think you will find freedom, but you find an amazing amount of restrictions."

Some planning experts also say the gadgetry is too intrusive, evoking the image of "Big Brother."

"Parks were the ultimate public spaces at one time," said Anastasia Loukaitou-Sideris, chairwoman of UCLA's urban planning department.

"I'm worried that, in trying to address issues of security, we are ending up with parks that may not be exactly public."

Louise Mozingo, an associate professor in UC Berkeley's department of landscape architecture and environmental planning, said the best way to ensure that parks stay safe is to make them "well-used and well-loved."

"No camera is ever going to do that," she said. "One of the things we have always prided ourselves on in this country is freedom of movement and freedom from observation. All this seems perilously close to an invasion of privacy."

A Trade-Off for Safety

Scott Reese, assistant director of Glendale's Parks, Recreation and Community Services Department, defends the use of the James Bond-type equipment, calling it a reality of urban life especially after 9/11.

"It's not just happening in parks," he said. "It's all public spaces People are willing to accept the trade-off to have the feeling of being more safe and secure."

Reese said he was recently in Europe, where surveillance cameras are being installed in a wide variety of public venues.

Officials estimate that there are more than 1 million closed-circuit cameras watching people in Britain. According to a BBC report, each person in London is viewed by more than 300 cameras on a typical day.

"9/11 changed the whole world," Reese said.

Even before the terrorist attacks, however, Glendale officials were searching for ways to make sure their city retained its reputation as one of the nation's safest.

Palmer Park, which needed renovation, became a testing ground in 1996 when the city hired a landscape architect and a security consultant with one purpose in mind to create a safe park.

Previously, the three-acre facility, in an area dominated by apartment complexes, had problems with graffiti. Occasionally, gardeners would find empty beer cans scattered about the playground.

"Once you lose control of an area, whether it is a parking lot, a park or a shopping center, it develops a reputation," Reese said.

"Once a reputation is established, it is very hard to change that reputation. Even though something may be safe, people pick up the perception it is not. We say it over and over again: Perception becomes reality."

With a budget of $1.1 million, the city's first step was to encircle the park with an 8-foot-high wrought-iron fence.

For added protection, park officials have the ability to install cigar-sized video cameras to photograph intruders presumably trapped and waiting to be arrested. (Officials say they have done this only once, in an unsuccessful attempt to catch a tagger.)

No Telltale Signs

Waist-high posts holding the infrared sensors are either amid the shrubs or in plain view, but there are no signs telling members of the public that they might be watched.

Even so, word has apparently gotten out that the park is no place to be found after dark, Reese said.

Since the renovation, there have been only a couple of incidents. Early on, someone tried to steal a barbecue grill, but couldn't muscle it over the fence. The would-be thief escaped.

Over the last few years, Reese said, officials have implemented similar, but not quite as extreme, security measures at other parks.

"We've learned a lot from this site," he said. "We may have gone a little overboard with some of the technology that we've used here We were trying to make a point."

Shortly after Palmer Park was renovated, Los Angeles parks officials cited the site. At the time, L.A. park planners shunned the use of the monitoring equipment.

Their attitudes toward electronics have since changed. Last year, Hahn said, he was alarmed by an increase in crime at city parks and wanted to improve security.

He brought in Manuel Mollinedo, who was head of the city's zoo, to tackle the problem as the new chief of the Recreation and Parks Department.

Mollinedo said last week that the city is planning to experiment with cameras at various facilities, and to have the cameras running 24 hours a day.

Mollinedo said officials also are looking at putting in fences at some parks. But he added: "I'm really not sure if that's what you want to do. Psychologically, it sends a poor message. For the most part, the majority of our parks are safe."

Deputy Mayor Matt Middlebrook said Hahn has focused primarily on putting more police officers in the parks.

"Our emphasis has been in the direction of personnel and creating the human resources," he said.

Less Costly Deterrent

Security consultant Jim Battersby, who worked with Glendale on Palmer Park, said that an increased police presence is a crucial deterrent but that electronics are less expensive.

"It's a budget thing," he said. "It's great if you have the resources to throw the manpower at it. But what do you do when you pull out the patrols? Electronics will be there long after the people have gone."

The Pico Rivera council voted unanimously April 21 to spend $31,132 to purchase 33 cameras, which also will be on 24 hours day. Another $16,140 will be allocated annually for operation and maintenance.

The equipment will be installed at Pico, Rio Hondo, Rio Vista, Rivera and Smith parks.

"The cameras will be placed in locations that are difficult to access," said Assistant City Manager Ann Negendank.

"We'll review the tapes after each incident. For us, this is a proactive approach for minimizing the damage and minimizing the cost of what we are facing in keeping our facilities graffiti-free."
*******************************

Prev by Date: ACM TechNews - Monday, May 5, 2003
Next by Date: Clips May 6, 2003
Previous by thread: ACM TechNews - Monday, May 5, 2003
Next by thread: Clips May 6, 2003
Index(es):
- Date
- Thread