Clips March 11, 2003

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips March 11, 2003

ARTICLES

Travel by Lawmakers Scrutinized 
Software Pioneer Quits Board of Groove [TIA]
Lofgren bill backs digital copying for personal use
Canada Wrestles With E-Waste Fix  
A Long Journey Toward 'Virtual' Orchestra Began Years Ago
Security alert posted for PeopleSoft 
Clique of Instant Messagers Expands Into the Workplace
Industry given say on architecture
Copyrighting competition
TSA awards passenger screening contract
Liability concerns chill industry participation
DOD puts security onus on commanders
Navy forms XML groups 


*******************************
Washington Post
Travel by Lawmakers Scrutinized 
Lobbyists Spend Big Outside D.C. 
By Juliet Eilperin
Tuesday, March 11, 2003; Page A01 


Faced with limits on how much wining and dining they can do in Washington, interest groups are spending hundreds of thousands of dollars to take lawmakers and aides on out-of-town excursions to deliver their pitches on legislation.

These trips, which frequently include dinner at elegant restaurants and visits to tourist sites, have become an integral part of lobbying for many organizations. Some watchdog groups question why lawmakers and staffers are allowed to accept what the House ethics committee describes as "among the most attractive and alluring gifts" they can receive.

"These are basically gifts to the members and staff," said Larry Noble, executive director of the Center for Responsive Politics, an independent group that monitors the role of money in politics. The trip sponsors "are caring for and feeding them, both in terms of their daily sustenance and the ideas they need to buy into."

Under rules that apply to entertaining in Washington, lawmakers and their aides may not accept gifts worth more than $50, with an annual cap of $100 from any single source.

On supposedly educational outings, however, there are no such limits on food, lodging and transportation. That's why "educational trips" in attractive locales are popular with the recording industry, pharmaceutical firms and many other groups eager for face time with legislators and their top aides.

Disclosure forms, which lawmakers must submit one month after they travel, provide some details.

Last April, for example, the National Association of Broadcasters arranged for Rep. Richard Burr (R-N.C.) to fly first-class to Las Vegas and stay in the Bellagio Hotel during its annual convention. The association covered his poolside drinks and a massage, although the congressman later reimbursed the group for his spa stay.

Burr, vice chairman of the Energy and Commerce Committee, said the trip was business-oriented. "It's extremely valuable for members to get that overall snapshot of their particular industry," Burr said, adding that lawmakers need to see the industry's technological advances for themselves. "If not, we rely on everyone to come up here and tell us how things have changed."

Some lawmakers acknowledged that they and their aides were more likely to accept a group's invitation if the destination was attractive. The American Association of Airport Executives spent nearly $90,000 to transport three House members and six aides to a conference in Kona, Hawaii, in January 2002. 

Rep. Peter A. DeFazio (D-Ore.), who sent an aide to the conference, said his aide benefited from the trip. "The sessions were substantive and timely, and sure, it was in a warm place," DeFazio said. "If they held it in Newark, a lot fewer people would go."

The policy branch of the U.S. Chamber of Commerce used an August trip to Toulouse, Paris and Brussels to make its case for why the United States should not impose tariffs on imported Airbus planes. A chamber spokeswoman said the trip was intended not to promote the interests of any single company, but to inform decision makers on how American and international policies affected all the group's members.

Dan Maffei, a House Ways and Means Committee aide who went on the trip, said the organizers were explicit about their motives. 

"Obviously, whoever the sponsor is, is going to present their particular point of view," Maffei said. "It's like lobbying. People can come see you, or you can go to their facilities."

Last year, when the House faced a critical vote on whether to proceed with plans to establish a federal nuclear-waste repository under Yucca Mountain in Nevada, the Nuclear Energy Institute -- which was actively lobbying for the project -- paid for 50 aides and three House members to tour nuclear facilities in Nevada and Europe. The House and Senate ultimately authorized the Bush administration plan for the Yucca Mountain site.

Rep. John A. Boehner (R-Ohio), who took his wife on an NEI-sponsored tour of Barcelona and Seville, said he came back even more convinced that the United States could safely keep its radioactive waste under Yucca for thousands of years. "It helps give you a broader understanding of issues I don't work on day to day," Boehner said.

Institute spokesman Steve Kerekes said the trips were intended to give staffers and lawmakers "a feel for the remoteness of that site. . . . It behooves all of us to have informed decision-making taking place."

Rep. Jim Gibbons (R-Nev.), who opposes the Yucca project, said that although the institute describes the trips as educational, "I think they're more lobbying than educational. . . . It has had a direct influence on the votes taken on the issue."

Some groups tailored their trips for a specific member's staffers. In April, for example, the Recording Industry Association of America briefed an aide to then-House Majority Whip Tom DeLay (R-Tex.) in Nashville about issues affecting the gospel and Christian music industry.

In a trip two months later, RIAA brought eight House staffers to Nashville to learn how intellectual property rights issues affect country music. According to an itinerary, the trip included musical performances each night, a reception at the Wildhorse Saloon and a tour of the Country Music Hall of Fame.

RIAA lobbyist Mitch Glazier said that to grasp the nuances of the business, staffers needed to meet the people who produce and market music. "It's just hard to make our case alone on the Hill," he said.

Last year, AOL Time Warner brought congressional aides to Atlanta to learn about the company's operations. The itinerary included a tour of Turner Field and lunch with Atlanta Braves executives, a special viewing of a broadcast of a Final Four game in the NCAA basketball tournament, a tour of CNN, a viewing of "Talk Back Live" and dinner with top executives.

Fidelity Investments brought half a dozen staffers to Boston amid a congressional debate over pension reform last year. And Fox News took 10 House staffers on a Los Angeles studio visit that included their choice of a walking tour of Rodeo Drive or tickets to a baseball game between the hometown Dodgers and the Arizona Diamondbacks. 

In all these cases, the trip sponsors said the main purpose was to brief lawmakers and aides on policy issues.

The House ethics committee does monitor these trips, and recently ruled that three House Democrats improperly accepted an all-expense-paid Caribbean fundraising cruise last year. The purpose of the trip -- to raise money for scholarships to historically black colleges -- was not at issue. Instead, Democratic Reps. Jesse L. Jackson Jr. (Ill.), Carolyn Cheeks Kilpatrick (Mich.) and Maxine Waters (Calif.) were sanctioned for staying longer than was necessary. 

The Tom Joyner Foundation fundraiser was billed as a "party with a purpose" aboard the Royal Caribbean ship Explorer of the Seas. A slew of businesses funded the trip, underwriting travel costs and individual activities, including a Budweiser Bon Voyage Party, a Bud Lite Beach Party, the Hewlett Packard Maharaja Lounge and the American Airlines Dizzy Gillespie Lounge.

The cruise included panel discussions, some of which involved Jackson, Kilpatrick and Waters. In addition to having the $2,700 cost of the cruise covered, the lawmakers received varying amounts for airfare and lodging.

The cruise lasted a week. Each lawmaker spoke on two or three panels. And that is what drew sanctions from the ethics committee. 

House rules say trips should last only as long as is "reasonably necessary to accomplish the trip's purpose." After scrutinizing the trip, the ethics panel concluded that each of the lawmakers had stayed longer than necessary. Jackson and Kilpatrick had to repay about $2,000; Waters, because she left the cruise early, had to repay $300.

All three lawmakers said they had informally consulted Rep. Howard L. Berman (Calif.), at the time the top Democrat on the ethics committee, before taking off. It was after they returned, they said, that the committee asked them to answer a lengthy questionnaire about the cruise's corporate sponsors.

Kilpatrick, who took her sister along for the cruise, said she was surprised when she learned that the committee was investigating the trip. "It wasn't like a place from where you could go home," she said, adding that she was focused on the policy aspects of the trip. "I wasn't there for the party. I wasn't there for the relaxation."

Waters questioned why the committee would penalize her and others for speaking at a public policy forum. "I think I did it right," she said, adding that a panel she was on was televised. "People heard me in my district, people heard me in Washington, D.C. I would do it again."

Jackson was irate. "I said I would not participate without his [Berman's] preliminary assurances," Jackson said. "The committee sought to charge me for the activities when I said I would not go if they told me not to go."

Berman said that account was "not accurate. You must consult with committee staff."
*******************************
New York Times
March 11, 2003
Software Pioneer Quits Board of Groove
By JOHN MARKOFF

SAN FRANCISCO, March 10  Mitchell D. Kapor, a personal computer industry software pioneer and a civil liberties activist, has resigned from the board of Groove Networks after learning that the company's software was being used by the Pentagon as part of its development of a domestic surveillance system.

Mr. Kapor would say publicly only that it was a "delicate subject" and that he had resigned to pursue his interests in open source software.

The company acknowledged the resignation last week when it announced that it had received $38 million in additional financing. 

"Mr. Kapor resigned from the board to focus 100 percent of his time on nonprofit activities," said a spokesman for Groove Networks, whose software has been used to permit intelligence analysts and law enforcement officials to share data in tests of the surveillance system, Total Information Awareness.

However, a person close to Mr. Kapor said that he was uncomfortable with the fact that Groove Networks' desktop collaboration software was a crucial component of the antiterrorist surveillance software being tested at the Defense Advanced Research Project Agency's Information Awareness Office, an office directed by Vice Adm. John M. Poindexter.

The project has generated controversy since it was started early last year by Admiral Poindexter, the former national security adviser for President Ronald Reagan, whose felony conviction as part of the Iran-contra scandal was reversed because of a Congressional grant of immunity.

The project has been trying to build a prototype computer system that would permit the scanning of hundreds or thousands of databases to look for information patterns that might alert the authorities to the activities of potential terrorists.

Civil liberties activists have argued that such a system, if deployed, could easily be misused in ways that would undercut traditional American privacy values.

"Mitch cares very much about the social impact of technology," said Shari Steele, executive director of the Electronic Frontier Foundation, a civil liberties group that was co-founded by Mr. Kapor in 1990. 

"It's the reason he founded E.F.F.," she said. 

Several privacy and security experts said that Mr. Kapor's decision was significant and was indicative of the kinds of clashes between security and privacy that could become increasingly common.

"With the dramatic change of funding availability in the high-tech sector, it's become difficult for companies to turn down the funding opportunities presented by the federal government," said Marc Rotenberg, director of the Electronic Privacy Information Center in Washington. "It does show that some people in the high-tech community, including some of the founders, are not happy with what's happening."

The debate echoes an earlier one that placed scientists at odds with advancing technologies. The war on terror is raising ever more difficult civil liberties issues.

"Computer scientists are going to have the same kinds of battles that physicists did amidst the fallout of Hiroshima and Nagasaki," said Michael Schrage, a senior adviser to the Massachusetts Institute of Technology Security Studies Program.

On Feb. 11, House and Senate negotiators agreed that the Total Information Awareness project could not be used against Americans. Congress also agreed to restrict additional research on the program without extensive consultation with Congress.

Congressional negotiators gave the Defense Department 90 days to provide a report to Congress detailing its costs, impact on privacy and civil liberties and likelihood of success against terrorists. All further research on the project would have to stop immediately if the report is not filed by the deadline. 

But President Bush can keep the research alive by certifying to Congress that a halt "would endanger the national security of the United States."
*******************************
Mercury News
Lofgren bill backs digital copying for personal use
By Dawn C. Chmielewski
March 11, 2003

Congresswoman Zoe Lofgren re-introduced a bill Monday that seeks to preserve consumers' rights to make digital copies of music, movies and books for their own use.

The bill, dubbed the Balance Act, would establish consumers' rights in the digital world. It would formalize the right to make backup copies of digital works for use on other devices -- like the car stereo or portable player -- and protect consumers who bypass technological locks to view a DVD movie on their laptops.

The bill, which died last year in committee, is admittedly a legislative long-shot, Lofgren said. But advocacy groups like the Electronic Frontier Foundation say it is nonetheless needed to counter-balance the new anti-piracy rights extended movie studios, record labels and other copyright owners under the 1998 Digital Millennium Copyright Act.

``Most people -- at least, most adults -- don't expect to get content as a freebie,'' said Lofgren, a San Jose Democrat. ``But when people pay good money to buy something and then they can't use it in the way they've become accustomed to, it makes them mad.''

Two powerful lobbying groups -- the Motion Picture Association of America and the Business Software Alliance -- say the Lofgren bill would undermine the foundation of the DMCA, created to help copyright holders combat theft at a time when technology makes it possible create an infinite number of pristine digital bootlegs.

``As drafted, this legislation essentially legalizes hacking. It puts a dagger in the heart of the Digital Millennium Copyright Act,'' said MPAA Chairman Jack Valenti in a prepared statement. ``It would deny content owners the ability to protect their works by technological means.''

The Business Software Alliance, whose members include Microsoft, Cisco Systems, IBM and Intel, said the Lofgren bill would chill technological innovation and ultimately limit consumer choice.

``Provisions of this legislation allowing the disablement of technological protection measures on copyrighted materials would provide safe harbor for pirates who could easily claim that the `intent' of their actions were legal,'' the software organization said in a prepared statement.

Pamela Samuelson, a professor at University of California-Berkeley Boalt Hall Law School, said the bill is simply a common-sense measure that extends the rights consumers enjoyed in the old, analog world to the new digital one.

Take, for example, the ability to buy a CD and transfer the songs to a compilation disc or portable player. Those rights should not be eclipsed by non-negotiable ``shrink-wrap'' licenses that set fresh curbs on consumer expectations, she said.

``If it's my own DVD disc or my own CD, why can't I make fair use of this property? I think that's one of the things Congress did intend as part of the balancing principle of the DMCA,'' Samuelson said. ``At least as interpreted by some judges, that compromise has been undermined. Her bill ends up trying to restore the balance that Congress intended.''
*******************************
Wired News
Canada Wrestles With E-Waste Fix  
By Charles Mandel
March 11, 2003

OTTAWA, Ontario -- When it comes to computers, one Canadian nonprofit group is talking rubbish. 

The nonprofit Electronics Product Stewardship Canada initiative wants to start recycling aged computers, laptops and televisions to address a growing e-waste problem. But setting up the new initiative is going to be anything but straightforward, and the proposal comes just as a group of Swedish activists trashed the hauling of refuse to recycling facilities as a waste of time. 

The EPS Canada initiative is backed by 16 multinational computer and electronics firms, including Apple Canada and Dell Canada, and seed financing of $500,000 Canadian. 

Currently, no legislation exists in Canada for recycling electronics. Most of Canada's electronic waste ends up in local landfills, while some computer hardware has been shipped to and dumped in Asia, according to EPS Canada President Dave Betts. 

But with new legislation on the way in a number of provinces, the industry has voluntarily formed the nonprofit to try to dismantle the mounting pile of electronic junk. 

Canadians got rid of an estimated 34,000 tons of information technology waste in 1999, according to an Environment Canada survey in 2000. Over the next five years, this amount is projected to double to approximately 67,000 tons. 

Betts said the United States has forecast that in the next three to four years some 500 million computers could end up as garbage. In contrast, Canada would generate about 10 percent of that, or 50 million junked computers. 

While EPS Canada has already started planning what a nationwide electronics-recycling program might look like, significant barriers stand in the group's way. 

"You know, this is Canada," said Betts. "We have 10 provinces and three territories. The responsibility for legislation rests with the provinces and they typically have their own ideas as to how things need to be done." 

Not only must EPS Canada try to work with the provinces, but also, to complicate matters, seven provincial elections will be held in the next 12 months, the outcome of which could impact any attempts to introduce new legislation. 

"It's not a cut-and-dried issue at all," Betts said. He must go back to the 16 corporations in June to persuade them that EPS Canada is moving ahead or risk having his funding slashed. 

Nor is it yet clear how the public will react to a proposed recycling fee that could add $25 to the cost of each new computer. Betts agreed that consumers likely won't be pleased about the extra cost. 

"These are additional costs to manage this properly," Betts said. "There's only one person who's going to pay, and that's the consumer. I think if you explain that properly, then people might not be happy about it, but they'll understand and accept it." 

Even as EPS Canada struggles to get its fledgling recycling efforts off the ground, five prominent Swedish environmentalists have called recycling a waste of time. 

Among the Swedes dismissing the benefits of recycling are Valfrid Paulsson, former director general of the government's environmental protection agency and Soren Norrby, the former campaign manager for Keep Sweden Tidy. Their comments, published in the Swedish newspaper Dagens Nyheter, were picked up by the U.K.'s Daily Telegraph. 

Among other things, the Swedes maintain the costs of transporting waste to recycling facilities outweigh the benefits. 

Betts said any disposal of Canadian electronic garbage would have to be both economically and environmentally efficient. He said they would not transport trash over great distances, which would burn fuel and contribute to the greenhouse gas problem. 

"The message we're going to get out to the provinces and the federal government is that the regulations you choose to bring in aren't too restrictive and too difficult to deal with, or we might be doing things that don't make any sense,'' he said. "So I think there's some of that stuff you saw from Sweden that does make sense." 

According to Betts, government heavily regulates European programs in a half-dozen countries, while the United States tends to favor voluntary programs run by industry. "We're somewhat in the middle,'' he said of Canada. "What we're looking for is an industry-led program with the help and support of government regulators." 

Nancy Doubleday, environmental studies coordinator in the Department of Geography and Environmental Studies at Ottawa's Carleton University, said she welcomed the EPS Canada proposal. 

"It's timely and something we should be doing," she said. "People are pretty well aware of the toxic components of computers." 

In 1999, for instance, PCs and monitors recycled in Canada contained 1.3 tons of lead, 2 tons of cadmium and half a ton of mercury. Betts said such hazardous ingredients became a problem when they ended up in Canadian e-waste exported to China, where women and children "were bashing away at them with hammers under very challenging conditions." 

Betts said tests on the region's lakes and rivers showed they were heavily contaminated from the toxins leaching into the water. "We have to deal with this problem," he said. "We can't simply be exporting it to the Third World where people get paid a dollar a day to manage it." 
*******************************
New York Times
March 11, 2003
A Long Journey Toward 'Virtual' Orchestra Began Years Ago
By ANTHONY TOMMASINI

"virtual" orchestra. The musicians of Local 802 who are picketing Broadway theaters right now are counting on the horror of this image to win the public's support for their strike. If Broadway producers get their way, the union argument goes, soon live ensembles of some two dozen musicians will be replaced by a couple of people sitting at electronic keyboards in the orchestra pit, communicating through headsets with a soundboard engineer at the back of the theater. Instead of the natural tones of a Broadway musical orchestra, audiences will hear the weird, disembodied sounds of synthesized instruments.

The truth is, orchestras on Broadway have been becoming virtualized for years. Electronic enhancement is used to juice up the sound of the string section and boost the punch of the brass. Missing instruments  extra woodwinds, a couple of harps, exotic percussion  are rendered through digital keyboards. The chorus onstage is often fortified by taped voices that are blasted through the sound system.

The musicians of Local 802 of the American Federation of Musicians complain that over the years they have lost control of the Broadway orchestra. It's the producers, the union says, who insist on artificial enhancement and electronic boosting of sound. The producers respond that they are simply providing the kind of booming sound that Broadway audiences have gotten used to and now expect.

Maybe so. But it would be great to see this tired assumption challenged. How often have Broadway audiences been given a chance to experience the truly natural sound of unamplified voices and orchestras? Broadway theaters were once much quieter places.

Wizened Broadway veterans remember the day when big-voiced singers like the proudly untrained Ethel Merman and debonair John Raitt, who could have been a fine Verdi baritone, lifted the words and tunes of Cole Porter and Rodgers and Hammerstein to the back rows of the top balcony without any amplification. Yet think of Fred Astaire, with that tiny voice, who in the 1920's sang Gershwin shows without any electronic assistance. Gershwin wrote with Astaire's literate, conversational style in mind and made his arrangers keep the instrumental scoring light. Audiences leaned forward and paid attention back then. 

Today sheer, bombastic volume makes most Broadway orchestras already sound quite surreal. I'll never forget the over-amplified revival of "Damn Yankees" in 1995 at the Marquis Theater, with Jerry Lewis as the Devil (Mr. Applegate). The first flourish of the orchestra during the overture was a raucous, deafening blast of brass. Why should brass instruments need amplification? And it's only gotten worse since. Just listen to the aggressively hyper, aggressively amplified orchestra for "Thoroughly Modern Millie." And scores that blend elements of pop, like Elton John's "Aida," are out of control. These days, the band playing Jonathan Larson's "Rent" would make a performance of Mahler's "Symphony of a Thousand" sound wimpy.

Still there are those occasional musical productions where musical values are given priority and amplification is reined in. The recent revival of Stephen Sondheim's "Into the Woods," with its warm and subtle scoring, or the long-running production of "Chicago," for which the orchestra manages to be feisty and brassy but not blaring. In such shows, the pleasures of having responsive musicians present come through palpably. All that would disappear with the virtual orchestra.

To hear what the brave new world of Broadway may hold: that is, to experience what could be called an actual virtual orchestra, check out the offerings of Operaworks. This scrappy New York company typically presents 8 to 12 staged productions a year, often of unusual repertory. But since 1989, to save on the enormous cost of hiring enough musicians for an opera orchestra, the company has used a computer-realized electronic substitute. In works like Strauss's "Salome," I've found the sound of the virtual orchestra thin, tremulous and phony, so much so that the virtual orchestra is virtually unreviewable. But Operaworks keeps plugging along.

Interestingly, Local 802, which also represents classical musicians, has raised no complaints about Operaworks, which until now has probably not seemed much of a threat. That may change. Mr. Casey reports that some Broadway producers have contacted Operaworks to find out more about their virtual orchestra.

Amplification, which now seems the first step toward the virtual orchestra, took root on Broadway in the early 1960's. Since then sound systems have increasingly destroyed the spatial sound relationships onstage, merging voices and orchestra into a sonic wall of sound. 

In 1992 audiences at the Booth Theater got a hint of what preamplified Broadway must have been like thanks to a highly praised revival of Frank Loesser's "Most Happy Fella." Instead of the original 35-piece orchestra, the production employed an arrangement of the score for two pianos that had been prepared under Loesser's supervision. Directed by Gerald Gutierrez and starring Spiro Malas, a strong operatic bass, in the title role, the production trusted in the musical material itself. "Thanks to the intimacy of the Booth," the Times critic Frank Rich wrote at the time, "even the deadening filter of electronic amplification is virtually eliminated as Mr. Gutierrez pitches his cast forward on a thrust stage."

In that case Local 802 gave an exemption to the Booth Theater to allow this special revival to be presented with only two musicians in the pit, which it still sometimes does. The union's wariness is understandable. It fears that in trying to reduce the minimum number of musicians who must be hired at each Broadway theater, the producers intend to take advantage of the new technologies and to decrease the role of live players.

But the musicians would have more credibility if they had taken a stand much earlier against amplification and electronic enhancement. These days the sound of a Broadway orchestra rarely seems to emanate from the pit. Instead, it blares from an encircling battery of loudspeakers and clobbers you. Will a partially virtualized orchestra sound that much different?
*******************************
News.com
Security alert posted for PeopleSoft 
By Alorie Gilbert 
Staff Writer, CNET News.com
March 10, 2003, 4:30 PM PT


A serious security flaw in business management software from PeopleSoft leaves sensitive corporate data vulnerable to hackers, a computer security service firm warned Monday. 
The flaw, known as a remote command execution vulnerability, gives outsiders the ability to install malicious computer code on PeopleSoft customers' Web servers, potentially leading to a "complete compromise" of their PeopleSoft business systems, according to Internet Security Systems (ISS), the Atlanta-based computer security company that issued the warning. 

"Compromise of PeopleSoft Web server installations may disclose critical confidential information and facilitate the compromise of PeopleSoft application and database back-end servers," stated the ISS advisory.


Pleasanton, Calif.-based PeopleSoft supplies software designed to streamline accounting, human resources, sales and manufacturing activities to more than 5,000 companies around the world. The flaw affects only certain releases of PeopleSoft version 8, which the company began shipping in 2000. Nearly 2,000 companies have installed version 8, according to PeopleSoft spokesman Steve Swasey. He declined, however, to comment on how many of those customers could be affected by the vulnerability. 

The flawed software, which is configured to run by default, affects numerous versions of a core component of its applications called PeopleSoft Tools, including versions 8.4, 8.41 and 8.10 through 8.18. Specifically, the problem pertains to a small Java program, known as a "servlet," that resides on PeopleSoft Web servers and can be used to upload files without any authentication. The purpose of the servlet, according to PeopleSoft, is to transfer business reports between servers using Internet protocols such as HTTP (hypertext transfer protocol). 

PeopleSoft released patches to correct the problem several weeks ago, Swasey said. The patches and details about the vulnerability are available on the company's private Web site for PeopleSoft customers as well as through ISS. PeopleSoft has yet to hear of any problems related to the security flaw, Swasey added. An ISS spokesman also said the flaw had not yet been exploited, as far as he knew. 

PeopleSoft touts version 8 of its applications as a major advancement of its technology because of its use of Internet protocols. PeopleSoft competitors SAP, Siebel Systems and Oracle have also released software designed to run over the Web. 
*******************************
New York Times
March 11, 2003
Clique of Instant Messagers Expands Into the Workplace
By AMY HARMON

Instant messaging, long associated with teenagers staying up late to chat online with friends, is moving into the workplace with an impact that has started to rival e-mail and the cellphone.

Less intrusive than a phone call and more immediate than e-mail, instant messaging is finding users far more quickly than e-mail did when it was first introduced, according to Forrester Research, a technology research firm in Cambridge, Mass. In the last year alone, Forrester said, the number of instant messages has grown by more than 50 percent, so that nearly one-third of American adults are now IM-ing, as it is called, with their children, clients, colleagues and each other.

"It really is instant," said Nancy Elieff, a realtor in South Pasadena, Calif., who recently began using instant messaging to stay in touch with her children in college. "You don't have to wonder if they're going to get your message, when they're going to get your message, if they're going to write you back. It's really now."

The growth is driven in part by the availability of free IM software on the Internet, as companies like Microsoft, AOL and Yahoo use it to lure customers to their other services.

In addition, the first generation to grow up with instant messaging is bringing it with them into the workplace, unable to conceive of life without it.

Partly as a result, a technology whose hallmarks have been smiley face icons, willful misspelling and an encyclopedia of acronyms (BEG = big evil grin, POS = parent over shoulder) is being hailed as a new productivity tool by grown-up operations like Wall Street investment banks and the Navy.

At the same time, some companies are seeking to clamp down on the technology, which allows employees to message several dozen friends while gazing into their computer screens. Some companies limit IM use to within the enterprise, and keep records of the typed conversations that would otherwise disappear into the ether, casting what some avid IM users see as a pall over the free-wheeling nature of the medium.

To users, IM software typically shows a "buddy list" of friends and colleagues who are online at any given moment. By clicking on a name displayed in a small box on the computer screen, the user can type a message that pops onto the recipient's screen seconds after it is sent  and get one back just as fast. Most IM conversations are one-to-one, but it is also easy to include several people. As the silent conversation unspools, each party can easily engage in unrelated activities  often including other IM conversations.

Many IM users rave about the ability to do different things at their desks while also engaging in a continuing electronic conversation. But they say it is really the notion of "presence," of being in constant peripheral contact with the cast of characters that defines one's life, that makes IM such a powerful, intimate  and potentially burdensome  form of communication.

"IM-ing takes many of the virtues of e-mail and lowers the psychological costs of communication still further," said James E. Katz, a professor of communications at Rutgers University and a co-author of "Social Consequences of Internet Use" (M.I.T. Press, 2002). "It is extremely casual and easy, but in many ways it is more demanding."

The latest in a string of technologies that conspire to demand faster responses at more hours of the day, instant messaging quickens the pace and broadens the volume of communication for many of its users. More than pagers, cellphones or e-mail, it provides the ability to broadcast an almost constant online presence, particularly with the spread of broadband Internet connections that enable users to always be connected.

In college dormitories, where such connections are prevalent, it has become common for a student to simply enter an "away" message on his IM software that indicates when he is not in front of his computer. That way, instant-message correspondents can still send messages and assume they will be read upon the recipients' return.

"When I go to bed I just put my `I'm sleeping' message on," said Nora Keomurjian, 20, a student at Rutgers who on more than one occasion has found herself forced to winnow her buddy list when it hit the 200-person limit. "When I'm at work I say, `I'm at work.' "

Others take a more whimsical approach: "My away message is presently: `I'm out on a violent rampage. I'll be back at 6,' " Joshua Elieff, a sophomore at the University of California at Santa Barbara, said in an instant message. (His mother prefers it when he is "Out slaying dragons.")

Ms. Keomurjian, an intern this semester at a chemical company that blocks the use of instant message software, said she had been distressed at being cut off from the nearly 200 people on her "buddy list" during the day. She does not believe it would hurt her job performance to exchange snippets of conversation with friends during free moments in the workday, she said. And she believes it would be helpful to be able to communicate with colleagues via instant messaging, where the inherent informality makes it easier to joke or express a degree of individuality that might not otherwise surface in a work setting.

"You say things through IM that you wouldn't dare say in face-to-face contact or even on the telephone where you can hear each other's voice," Ms. Keomurjian said. "Between colleagues I think it's great because it helps you establish a relationship where you might be too shy in person."

Unlike e-mail, which caught on widely only after corporations began training employees to use it, instant messaging is infiltrating the workplace from the bottom up, by way of employees themselves. Often people download free software to stay in touch with friends or family, and find themselves using it to communicate with work colleagues as well.

Timothy Lim, an associate at J. P. Morgan Chase, said instant messaging helped him establish better working relationships with colleagues in London. Previously, he would wait until a regularly scheduled conference call to ask questions. Now, he said, "we IM all the time."

BeLynda Lee-Jensen, a product marketing coordinator at Sharp Microelectronics, said instant-messaging software helped her negotiate sales, because she can be using IM with a colleague while on a conference call with a distributor.

"I can say via IM, `I don't believe Intel is at that cost,' or `They're not telling the truth about this,' " Ms. Lee-Jensen said. "Stuff you wouldn't want to say to this person on the telephone but what you're thinking in your head."

Ms. Lee-Jensen said she had also been using instant messaging to communicate with her husband, who has been in Japan for three weeks, rather than talk on the phone, only in part because it's cheaper: "I like it because I can type something quick and then do something else," she said. "I guess it depends how long you've been married."

Deborah Woodall, an administrative assistant in Sharp's Camas, Wash., office, said she liked IM's because they're harder to ignore. " `Oh, I didn't get that e-mail,' How many times have you heard that?" Ms. Woodall said. "There's no excuse with this."

In what has become a common pattern, after seeing how some employees were using free IM software for their jobs, Sharp's information technology department recently installed I.B.M.'s secure instant-messaging software companywide.

Already, almost one-quarter of American employees use instant messaging at work, for the most part informally, according to a recent survey by Osterman Research, compared with just 8 percent two years ago. Analysts said the medium would be growing even faster except that the major providers  AOL, Microsoft and Yahoo  do not allow their software to work with the others. As a result, many users have multiple programs running at once. Trillian, a program that links all three  along with ICQ, pioneering IM software for the Internet now owned by AOL  is an increasingly popular alternative, although it still requires users to have separate accounts on the other services.

Still, as people who already have IM software urge other friends and colleagues to get it so that they can add them to their list of contacts, its growth has spread like a virus.

"It was one of the first things I did when I got here," instant messaged Andrew Stein, 24, of his job as a technical support employee in his family's business. As Mr. Stein, of South Brunswick, N.J., answered a reporter's questions he said he was simultaneously instant messaging with a friend in England and one a few miles away about the plight of the Pittsburgh Steelers. "It's more efficient."

Employers may take a different view. Perhaps more than any other digital technology, instant messaging enables users to be in one place physically while mentally and emotionally participating in an entirely different universe. Instant messaging relationships have been known to break up marriages and spark new ones among subscribers to AOL, where the seductive technology was first introduced.

Some employers are blocking instant messaging entirely. Others are rushing to install more secure versions of instant-messaging software that in some cases limit contacts to within the company. AOL, Microsoft, I.B.M. and others are competing to provide such services, while also hoping to find fresh ways of making money from their large user bases.

David Beckman, a lawyer at Beckman & Hirsch, a firm in Burlington, Iowa, said he installed instant messaging with some trepidation because he needed to stay in contact with an employee who was working from a different location.

"I have teenagers," Mr. Beckman said. "I came at instant messaging like this was going to be horrible. But honestly, it's the most productive thing I've ever seen."

Clients, Mr. Beckman said, appreciate receiving an instant reply to a question, rather than playing phone tag, and he likes being able to see which of his partners and employees are available at any given time.

And the etiquette of instant messaging does not require the preliminary niceties that eat up time on the phone: "One thing about the telephone is the first thing you're supposed to say is "how's the wife and kids?" Mr. Beckman said.

"With instant messaging you can just say, `I want this.' "

Not everyone is so enthralled with that. Shelia McAllister-Greve, 39, said she felt more pressure to respond immediately to questions from supervisors and colleagues in her public relations job at a community college since she let it be known that she had installed an instant-message program.

"There's less time to prepare your answer," said Ms. McAllister-Greve, who has taken to using the software's blocking feature to make herself appear offline to people who would otherwise bombard her with messages. "If it were an e-mail, even if it was 10 minutes, you'd have time to find the information. But with an instant message, there's less patience."

Nor does Ms. McAllister-Greve enjoy the often disjointed cadence of instant-message conversations, where one person is often typing about a different subject as the other answers a previous question.

Whatever the downsides, the medium is proving immensely popular.

Companies like Siemens ICN are scurrying to expand on the concept of online presence with tools that will allow employees within a company to see whether someone is on the phone as well. Online business meetings are becoming common, as is the acceptance that participants will be instant messaging with each other rather than devoting their full attention to the proceedings.

And in the crowded workplaces so common at Wall Street investment banks "where you sit on top of each other so you can't have an audible conversation about something you're not supposed to, it's pretty useful," said one banker, who admitted to having recently learned that TTFN means "ta ta for now."
*******************************
Federal Computer Week
Industry given say on architecture
BY Diane Frank 
March 10, 2003

The Office of Management and Budget has asked the Industry Advisory Council (IAC) to serve as the primary venue through which vendors can provide input on the government's enterprise architecture strategy.

As part of its strategy, OMB is in the process of identifying opportunities for agencies to collaborate on various systems, rather than having each agency build its own. 

Some vendors are likely to find themselves on the losing end of such decisions, and OMB decided IAC, which has been following the strategy closely, was the best forum for soliciting industry input.

Many people in industry did not believe OMB would follow through on its so-called component-based architecture approach and the inevitable consolidation of technologies and contractors, but now "they've got to wake up and get their voices out there," said Bob Woods, IAC chairman. 

The impact of consolidation on vendors could be significant, said Olga Grkavac, an executive vice president at the Information Technology Association of America.

IAC's enterprise architecture special interest group has already been providing input to OMB by developing white papers that address different aspects of the federal enterprise architecture. 

Future input is likely to come through several new subcommittees of the CIO Council's Architecture and Infrastructure Committee, through which OMB plans to push most future policy developments on enterprise architecture.

Norm Lorentz, OMB's chief technology officer, said last month that it was important for those groups to seek input from the private sector and state and local governments.
*******************************
Federal Computer Week
Copyrighting competition
A Legal View
BY Carl Peckinpaugh 
March 10, 2003

Lexmark International Inc., a major manufacturer of computer printers, recently filed what promises to be a landmark copyright case that could have a broad impact on all business, government and individual consumers.

In order to prevent its customers from using replacement printer cartridges manufactured by other companies, Lexmark has designed printers that will not operate unless the machine confirms that a Lexmark brand cartridge is present. One printer cartridge manufacturer, however, recently designed a replacement cartridge that emulates Lexmark's cartridge and is accepted by Lexmark printers. In response, Lexmark filed suit in Kentucky federal court to prevent the other company from employing this technology and selling its product to the public.

If Lexmark prevails, it will eliminate competition for replacement cartridges for its printers and make it much easier for other companies to limit competition in different product lines as well.

Lexmark owns several copyrighted computer programs used to control certain operations in some of its printers and to monitor the operational characteristics of its toner cartridges, such as toner level. In addition, the company has included software on the cartridge chip that establishes a "secret handshake" between the printer and the toner cartridge, preventing the use of unauthorized cartridges. According to Lexmark, the defendant manufactures and sells products that replicate Lexmark's secret handshake in violation of the Digital Millennium Copyright Act of 1998.

The law was intended to address the growing use of the Internet to distribute digital sound and video recordings by making it easier for copyright holders to protect their works from unauthorized copying.

Under the act, it is illegal for anyone to circumvent a "technological measure" a copyright holder uses to protect a covered work or to manufacture, sell or distribute to others the means to do so, unless covered by one of the specific exceptions set forth in the law.

Lexmark claims that the chip in its toner cartridges is such a technological measure and that the defendant's products illegally circumvent it. For its part, the defendant argues that its products are the result of traditional reverse engineering, one of the copyright act's exceptions. 

The reverse engineering of Lexmark's secret handshake software would seem to be the exact thing that Congress was trying to authorize in this statutory exception to the copyright act. Such conduct is entirely different from the unauthorized copying of video and audio recordings the act was intended to curtail.

Moreover, the very concept of preventing consumers from using replacement components manufactured by third parties is troublesome. Consumers should be free to choose replacement parts based on quality and price. They should not be forced to buy from a single source components that are traditionally available in a competitive market.
*******************************
Federal Computer Week
TSA awards passenger screening contract
BY Megan Lisagor 
March 10, 2003

In the name of aviation safety, the Transportation Security Administration has tapped Lockheed Martin Corp. to build a controversial system that will perform background checks, combing government and commercial databases to assess the risk posed by airline passengers.

Lockheed Martin Management and Data Systems will develop the technology infrastructure for and administer the Computer Assisted Passenger Pre-Screening II program, called CAPPS II. TSA officials believe the system will help security staff focus on the few individuals who deserve closer scrutiny, rather than relying on random checks. 

The system activates as soon as a person buys a ticket. The agency will then use CAPPS II to assign a color-coded threat level to each passenger.

The existing program, managed by the airlines, provides rudimentary abilities to examine the information travelers supply, including their payment method and reservation dates. Activities such as purchasing a one-way ticket with cash are supposed to trigger a response. 

CAPPS II will take full advantage of the Internet to scan government watch lists, financial records and other personal data available online, looking for any suspicious behavior.

The agency has not released details of how such a search would be conducted, but the system will analyze names, addresses and other data to determine if a traveler could be dangerous. 

CAPPS II will focus on authenticating people's identities, being able to truly distinguish between two "Mary Smiths," for example, officials said. Under the new regimen, airlines will ask passengers for more information, such as a phone number and date of birth, to better ensure that the person who shows up for a flight is also the one whose name appears on the ticket.

"If today I buy a ticket, it usually says "Loy, J." and I am required to provide a photo ID, and I can provide that photo ID maybe from  I got it from the same guy that sold me the watch in Battery Park yesterday morning," said Adm. James Loy, undersecretary of transportation for security, speaking Jan. 22 at the U.S. Conference of Mayors. "And my concern in that regard is that it is an inadequate identification system today." 

With CAPPS II, TSA will code passengers red, yellow or green  colors that will appear on their boarding passes.

Travelers branded with red will be prevented from flying. That determination will rest on a watch list, compiled by intelligence and law enforcement authorities, of "individuals that should deserve greater scrutiny," said Transportation Department Deputy Secretary Michael Jackson, who outlined the program Feb. 26 at a media briefing. 

Passengers placed in the yellow category will face additional screening before they're allowed to board. "Green" travelers will be free to go, officials said.

"We're trying to answer a simple question: Is this individual a known and rooted member of the community?" Jackson said.

Privacy advocates argue that CAPPS II could violate civil liberties and that TSA has yet to explain what will go into labeling a passenger a threat.

"That is completely uncharted waters," said Mihir Kshirsagar, a policy analyst at the Electronic Privacy Information Center (EPIC), whose lawyers sued TSA last year for failing to fully disclose how the system will operate. "When you're trying to understand people's behaviors that immediately raises all sorts of constitutional questions."

Transportation officials maintain that privacy issues are a top concern and insist that CAPPS II will not dig up irrelevant personal details. The system also will not house a new database or maintain files on travelers, officials said.

"We're not looking to see what videotapes you rent," Jackson said, equating the system to a credit card check.

But critics have a different comparison in mind: the Defense Advanced Research Projects Agency's Total Information Awareness program (TIA), in theory, would enable national security analysts to detect, classify, track, understand and preempt terrorist attacks against the United States by drawing on surveillance and spotting patterns in public and private transactions.

In January, the Senate approved an amendment introduced by Sen. Ron Wyden (D-Ore.) blocking TIA's use unless Congress specifically authorizes it after the Bush administration submits a report about the program's effect on privacy.

Government watchdog groups expect CAPPS II to receive similar scrutiny. "Like with TIA, I don't think this kind of thing can be accomplished without legislation," said Clyde Wayne Crews Jr., director of technology policy at the Cato Institute, a libertarian, market-oriented think tank. "The private sector is not obligated to turn information over to the government. Commerce in the Information Age depends on the ability to make reasonable assurances with regards to privacy."

TSA's system has caught Wyden's attention as well. "He said before he believes TIA is just the tip of the iceberg in terms of government surveillance," said Wyden spokeswoman Carol Guthrie.

What debate will ensue remains to be seen, but the agency is moving ahead.

IBM Corp., which has been working on CAPPS II's front-end architecture, and Delta Air Lines are collaborating with TSA on the preliminary stages of a pilot project, slated for this month. Lockheed, meanwhile, received a five-year task order, worth $12.8 million, to get the system off the ground. 

A Lockheed official said the company looks forward to assisting the agency with the program, but otherwise declined to comment.

President Bush established TSA in November 2001 when he signed the Aviation and Transportation Security Act, legislation that also authorized CAPPS II. The program subsequently received $35 million for fiscal 2003  the same amount requested in the Bush administration's budget proposal for fiscal 2004. 

"We think the focus should be on finding weapons," EPIC's Kshirsagar said. "We shouldn't be leaving airport security to computer programs." n

Online protests Privacy activist Bill Scannell, the force behind the successful boycott of Adobe Systems Inc. during a digital copyright trial in 2001, has launched a new campaign. He is protesting Delta Air Lines' involvement with the Transportation Security Administration's program to build a computer system that will perform background checks and risk assessments on airline travelers. Scannell is shunning Delta and hopes others will do the same  a stance promoted on a new Web site, BoycottDelta.org. In addition to supplying information on TSA's program, the site suggests fellow protestors take actions, including divesting themselves of Delta stock, calling the airline and "wearing their support" by purchasing T-shirts and stickers online that proclaim "Boycott Delta." Delta is collaborating with the agency on a pilot project to test the system, Transportation Department officials said.
*******************************
Federal Computer Week
Liability concerns chill industry participation
BY Jennifer Jones 
March 10, 2003

No sooner did the new homeland security legislation cast aside  at least for now  concerns that sensitive information filtering through the Information Sharing and Analysis Centers could become public via the Freedom of Information Act (FOIA), than industry began fretting over a new concern: potential liability issues tied to interaction with the ISACs. 

For example, what happens if a company, public utility or state government reports a potential vulnerability that is not acted on? If consequences ensue, who is at fault? Could the ISAC participant be held liable, after making a good-faith effort to sound an industry alarm?

Liability questions such as these have waxed, as the once-prominent dialogue surrounding FOIA and data disclosure at the ISACs has waned. 

"The Department of Homeland Security legislation gave us some relief from the FOIA problem, but not any kind of relief from the liability problem," said William Marlow, a Science Applications International Corp. vice president who led the design team that established the financial services ISAC in 1999. "We've got a double-edged sword, and we've now dulled one edge. We've got to fix the other."

Indeed, the Homeland Security Act of 2002 signed last November was mum on liability questions, though the new law did issue a blanket FOIA waiver to entities submitting information to the ISACs. 

But even this FOIA relief could prove only temporary. Congressional members such as Sens. Patrick Leahy (D-Vt.) and Joe Lieberman (D-Conn.) have made it known that they are unhappy with the Bush administration's decision to "gut" FOIA and "ram through" FOIA exemptions the senators consider to be too broad, according to a statement Leahy issued in January.

Whether Leahy, Lieberman or any other lawmakers will move to undo the FOIA exemptions remains a concern in industry, despite the fact that Congress does not favor unraveling legislation that President Bush has already signed, sources said.

"When you have that kind of thing going on in the background, it gets sensitive every time you ask a [chief information officer] or [chief financial officer] to step out there and potentially take a risk," said Guy Copeland, a Computer Sciences Corp. vice president who sits on the board of directors for the information technology industry's ISAC.

While data disclosure risks may prove uncharted territory for company executives contemplating an ISAC alliance, liability risks are not. "There are always questions raised, and it gets back to whether we have undertaken all the steps we could," said Louis Leffler, manager of the electrical sector's ISAC. 

Hence, liability questions are bound to arise, regardless of whether ISAC participation amounts to a window into a company's operations. "It is something people obviously have to consider from two or three aspects," Leffler said. "For instance, you've got to do risk analyses. But at the end of the day, someone might ask, 'Do you have 24-foot-high barbed wire fences around facilities?' And though someone might ask that, it still might not have been the appropriate action to take."

Most ISAC members and potential members are in no way looking to shirk such accountability exercises. Yet still they are eager for statutes that would provide the comfort of a formal shield from liability-related litigation, many said.

In fact, the absence of such laws may prove an easy out for some companies contemplating joining an ISAC. "With corporate lawyers, the goal is often to keep something from happening," Copeland said. Therefore, liability jitters are one more reason ISAC officials have to overcome to convince prospective new members to join the centers and make the necessary investments.

However, the debate around ISACs and liability may be far from the level of maturity necessary to make possible any kind of legislative shield, noted industry watcher Lee Zeichner, president of LegalNetworks Inc. Is the government, ISAC or participating member "required to act once they are aware of something? These are thorny issues, but most have not been completely thought through," he said.
*******************************
Federal Computer Week
DOD puts security onus on commanders
BY Matthew French 
March 10, 2003

In its latest effort to improve network security, Pentagon officials are making individual commanders accountable for protecting data that passes through their systems.

The goal is to get individual commands to take information assurance seriously, Defense Department officials said. That responsibility extends to systems used by contractors as well as DOD staff. 

Individuals will be responsible for that data regardless of their security clearance levels, said Robert Lentz, information assurance director for the chief information officer's office at DOD. The plan "assigns responsibility to people within the infrastructure in terms of their information assurance roles," he said. 

"There is a designated approval authority and it forces commanders to pay attention to their own [information technology] hierarchies," Lentz said.

The new instruction, issued last month and referred to as DOD Instruction 8500.2, is designed to ensure that information awareness training and education are provided to all military and civilian personnel, specific to their responsibilities for developing, using and maintaining DOD information systems.

"The Department of Defense has a crucial responsibility to protect and defend its information and supporting information technology," the policy states. 

The guidance follows up on DOD Directive 8500.1 issued in October 2002. The earlier directive makes it departmentwide policy for security requirements to be identified and included in the design, acquisition, installation, operation, upgrade and replacement of all DOD information systems. 

The newly issued instructions offer DOD agencies guidance for implementing the October directive, said Donald Jones, an information assurance directorate staff member.

The DOD CIO and DOD's information assurance directorate will now develop certification criteria so that the commanders can demonstrate that their systems comply with the policy, he said.

"This is not just a policy to deal with confidential information, but the whole gamut: confidential, classified, sensitive and public information," Lentz said.

Army CIO Lt. Gen. Peter Cuviello said the release and approval of the information assurance instructions were "a good thing because we've never had this before." Now the challenge is to add some more specific details for the services to follow, he said. 

"Now, we're providing input back into [the Defense secretary's office] about how to take this to the next level of detail and put some meat into all the things we're responsible for doing," Cuviello said.

***

Rest assured

Defense Department Instruction 8500.2 says the defense information awareness program was based on five essential competencies, including:

* The ability to assess security needs and capabilities.

* The ability to develop a purposeful security design or configuration that adheres to a common architecture.

* The ability to implement required controls or safeguards.

* The ability to test and verify.
*******************************
Government Computer News
03/10/03 
Navy forms XML groups 
By Dawn S. Onley 
GCN Staff

The Navy has adopted a formal structure to coordinate the implementation of Extensible Markup Language with the department?s systems and applications. 

The XML Business Standards Council is one of four new groups that will make up the Department of Navy XML Governance Structure, according to a Navy press release. The other three groups will address technical standards, policy procedures and training and education issues. 

The structure, consistent with a Navy XML policy issued last December, will ?coordinate XML component usage within and across functional areas, as well as between the Navy and other DOD entities and federal agencies,? the release said. 

The department has also designated 20 ?Functional Namespace Coordinators? who will head divisions in the Navy, including personnel and logistics, for helping to develop XML vocabularies within their divisions and across the service. 

?We?re taking another important step toward realizing our vision of a formal XML governance structure that will provide both short and long-term benefits to the department as it employs this innovative technology,? said Navy Department CIO Dave Wennergren in a statement. 

?The council will play a critical role in coordinating the [Navy?s] use of XML business standards to maximize our opportunities in this important XML implementation area,? Wennergren added.
*******************************