[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips March 6, 2003

To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;
Subject: Clips March 6, 2003
From: Lillie Coney <lillie.coney@xxxxxxx>
Date: Thu, 06 Mar 2003 11:37:44 -0500

Clips March 6, 2003

ARTILCES

Privacy Activist Takes on Delta
Congress sets up cybersecurity panel
ACLU Defends Net Chat Room Anonymity
Europe Hacker Laws Could Make Protest a Crime
FBI describes IT improvement
Study: Many companies lack disaster, continuity plans
Laptops Win Over the Skeptics, Even in Maine
Key agencies join digital ID alliance
ISPs raided in MP3 probe
Norwegian Court Approves DVD Hack Retrial
Cyber Corps seeks to place security professionals
Adopt-a-Soldier Web Site Gains Popularity
Online Newspaper Shakes Up Korean Politics
Wealthy users dominate internet
Electronic archiving enforcement lacking
Florida a model for homeland
Administration officials weigh six new e-gov initiatives

*******************************
Privacy Activist Takes on Delta
:00 AM Mar. 05, 2003 PT

NEW YORK -- Hell, no, Bill won't go. And he doesn't want anyone else to go either, if their travel plans involve Delta Airlines.

Bill Scannell, organizer of the successful Boycott Adobe campaign launched when Russian programmer Dmitry Sklyarov was arrested in the summer of 2001, is now calling for a boycott on Delta.

At issue is Delta's test run this month of CAPPS II, the Computer Assisted Passenger Prescreening System. CAPPS II would require background checks on all airline passengers when they book a ticket, including checking credit reports, banking and criminal records.

Passengers would then be assigned a threat level -- red, yellow or green -- which would help authorities determine if they should be subjected to increased security checks at the airport or refused boarding.

Advocates of CAPPS II insist the system will identify terrorists while allowing law-abiding citizens to avoid the airport security shakedown. But privacy advocates like Scannell believe CAPPS II is highly intrusive and ineffective in identifying terrorists.

Delta will be trying out CAPPS II at three as-yet undisclosed airports during the month of March. It's a first step prior to potentially deploying CAPPS II screening throughout the country over the next year.

Scannell hopes that people will join in his boycott to send a message to the airline industry and the government that CAPPS II is not acceptable.

"Delta was first in line to sign up for fascism," Scannell said. "CAPPS II treats all Americans who want to board a plane as if they were thugs. It's a horribly misguided attempt to make flying safer. It's ridiculous and horrible, and it has to stop."

Scannell first heard that Delta would be testing the CAPPS II program last Friday. He immediately registered BoycottDelta.org and worked all weekend to get the site up.

It went live late on Monday, and Scannell sent information about it to several security and privacy mailing lists. He said the site received about 25 e-mails an hour on Tuesday, all but one in complete support of the boycott.

Scannell argues that CAPPS II is ineffective in spotting would-be terrorists, as the system can easily be defeated by watching to see what sort of passengers it targets for special attention.

"CAPPS II threatens our liberty, but its security benefits are far from clear," said Barry Steinhardt, director of the ACLU's Technology and Liberty Program. "It will leave security screeners at sea in an ocean of private data; some of that data will be fraudulent, and much of it just plain wrong."

Scannell also raises the issue of ruined credit ratings as a side effect of CAPPS II screening.

"Every time a credit report is run on you, it hurts your credit rating," Scannell said. "Frequent fliers will not only have a nice thick Delta dossier, but a damaged credit history to boot."

Privacy activists are also concerned that CAPPS II will target less-affluent people, those with bad credit ratings or no credit history at all.

"This system threatens to create a permanent blacklisted underclass of Americans who cannot travel freely,'' said Katie Corrigan, a lawyer for the American Civil Liberties Union. "Anyone could get caught up in this system, with no way to get out."

According to a January Federal Register notice containing some details of the program, CAPPS II will store information about those deemed a yellow- or red-level threat for up to 50 years.

Information from files about those individuals could also be shared with other government agencies at the federal, state and local levels, as well as with intelligence agencies such as the CIA and with foreign governments and international agencies -- all of which could use those designations for many purposes, including employment decisions and the granting of government benefits, according to the ACLU.

Undersecretary of Transportation for Security James M. Loy said in a statement that CAPPS II will respect citizens' privacy.

"CAPPS II is being designed to serve our national security without sacrificing individual privacy," he said. "Concerns about privacy are understandable. As we address such concerns, we believe that the public will come to have a higher comfort level in air travel."

Some airport security chiefs welcome the CAPPS II system, saying it will streamline the airport check-in security process.

Reactions from passengers at New York's LaGuardia airport were mixed on CAPPS II screening. Some said that they are in favor of it.

"How can you stand here in New York City and question any attempt to make travel safer?" said Herman Velldor, a New York resident waiting to board a Delta flight. "Shame on you -- the airlines and the government only want to make sure 9/11 never happens again."

"Whatever works, hon," said Beth Ehlers from North Carolina. "I'm willing to give up a little privacy so that we're never attacked again. Besides I have nothing to hide."

Others said they didn't believe CAPPS II would be useful in identifying terrorists and were uncomfortable with the idea of such intensive checks every time they booked an airplane reservation.

"We were once told that we needed to present photo ID for our own safety, which most of us knew was nonsense from a security standpoint and which everyone now knows was nonsense," said Keith Beasley, a New York resident. "We now know terrorists can get (a) photo ID. So how difficult would it be for terrorists to use operatives with the proper CAPPS credentials? This CAPPS thing smells of snoopy government, not real security."

"Explain to me again how this information will be used to spot terrorists?" said David Walker, a New Jersey resident. "I figure it'll work only if you have really dumb terrorists who haven't realized they need local operatives to carry out their murdering plans."

Delta senior marketing vice president Vicki Escarra did not immediately respond to requests for comment on the boycott.

Scannell made his living as a journalist covering foreign politics, and became interested in privacy issues when he returned to the United States a decade ago. He now works as a media representative for a Silicon Valley software company.

He was involved with Sealand, a data haven located on an island seven miles off the coast of Britain, where servers could be used by those wishing to store and transmit electronic files free of government legislation.
*******************************
CNEWS.net
Congress sets up cybersecurity panel
By Declan McCullagh
March 4, 2003, 4:42 PM PT

WASHINGTON--In a sign of the federal government's heightened interest in securing the Internet, the U.S. Congress on Tuesday established its first panel devoted to cybersecurity.
In its kickoff meeting, the new House Homeland Security Committee voted to create five subcommittees that will focus on border security, emergency preparedness, counterterrorism, and internal committee rules. The fifth will oversee the federal government's "cybersecurity, science, and research and development" efforts relating to homeland security.

Chairman Chris Cox, R-Calif., said the committee's organization "will ensure that protecting Americans is the No. 1 priority of the federal government. Each member should be proud to take his or her experience and expertise and apply them to this vital mission."

A description distributed by Cox's office said the cybersecurity subcommittee will be in charge of the "protection of government and private networks and computer systems from domestic and foreign attack (and) prevention of injury to civilian populations and physical infrastructure caused by cyberattack."

The Senate does not have a parallel effort, though its subcommittee on technology, terrorism and government information shares similar duties.

Tuesday's vote comes after Congress approved a Cyber Security Research and Development Act in November 2002 that would give universities about $900 million during the next five years to create security centers, recruit graduate students, and pay for research.

The new Department of Homeland Security, which officially came into being on Mar. 1, consolidated the federal government's computer security efforts. On Monday, its Directorate of Information Analysis and Infrastructure Protection worked with technology companies to coordinate responses to a vulnerability in the Sendmail mail server software.
*******************************
Associated Press
ACLU Defends Net Chat Room Anonymity
Wed Mar 5, 4:42 AM ET
By CHARLES SHEEHAN, Associated Press Writer

PITTSBURGH - Messages about public figures in Internet chat rooms are akin to anonymous pamphlets like Thomas Paine's "Common Sense" and their authors should have the same right to keep their identities secret, advocates told Pennsylvania's highest court.

The American Civil Liberties Union (news - web sites) and a number of Internet companies have lined up to protect the identity of a person who alleged in a political online chat room that a state court judge behaved unethically.

The groups argue the Internet is the equivalent of the anonymous sheets patriots once nailed to trees and courthouse doors to criticize the English monarchy before America declared independence. Paine's influential pamphlet, "Common Sense," came out in January 1776.

Attorneys for Superior Court Judge Jane Ore Melvin say the chat-room message, insinuating she illegally lobbied then-Gov. Tom Ridge to appoint a friend to a vacant spot on the Allegheny County bench, was defamatory.

Her defamation lawsuit is pending while her lawyers try to get America Online to disclose the identity of the author. The appeal argued before the state Supreme Court on Monday was from an appeals court ruling that said the author must be identified.

There was no indication when a ruling will come from the Supreme Court.

Lower courts in four other states New Jersey, Washington, California, Virginia have ruled that extreme caution should be used when deciding whether to reveal the identity of Internet users. Similar suits are pending in numerous states, according to the ACLU.

One of Melvin's attorneys, Robert Lampl, argued that although the Internet is a new mode of communication, it should not free individuals to slander public officials.

But Ann Beeson, associate legal director for the ACLU, told the high court that forcing service providers to divulge the identity of chat-room users, who often use pseudonyms, would create a chilling environment and inhibit frank discussion, especially about the government.

"We are not saying that there should be complete immunity from suit whenever someone says something anonymous on the Internet," Beeson said. "We are only arguing that, especially when it's a public official that is criticized that public official has to show that she actually suffered some harm from the statement before she can proceed to unmask the speaker."

Under the Pennsylvania Constitution, the bar for proving harm to a public official is considerably higher than for others.

Experts say it will be difficult for the judge, who was recently endorsed by the state Republican Party to fill a vacancy on the Supreme Court, to prove she suffered harm.

"When you have speech about a public official, it's going to get the highest level of First Amendment protection and in this case in particular," said Robert Richards, a professor of communications and law at Penn State University.

"Courts that have dealt with this issue recently have recognized the Internet as one of the broadest vehicles of speech yet and that it deserves a high degree of protection."

Beeson said political dissenters in the 21st century have the same fears of reprisal, and the same need to remain anonymous, as the pamphleteers of the pre-Revolutionary era.

"Just like the founders of this country did and they did it for a very good reason," Beeson said. "They wanted to be able to criticize the government and not suffer retaliation."

Asked by Justice J. Michael Eakin what harm Melvin had suffered, her attorney replied that she was "humiliated, embarrassed. People shun her."

"Public officials have to withstand criticism, sometimes brutal," Lampl said. "What they don't have to withstand is falsehood."
*******************************
New York Times
March 5, 2003
Europe Hacker Laws Could Make Protest a Crime
By PAUL MELLER

BRUSSELS, March 4 The justice ministers of the European Union have agreed on laws intended to deter computer hacking and the spreading of computer viruses. But legal experts say the new measures could pose problems because the language could also outlaw people who organize protests online, as happened recently, en masse, with protests against a war in Iraq.

The agreement, reached last week, obliges all 15 member states to adopt a new criminal offense: illegal access to, and illegal interference with an information system. It calls on national courts to impose jail terms of at least two years in serious cases.

Critics from the legal profession say the agreement makes no legal distinction between an online protester and terrorists, hackers and spreaders of computer viruses that the new laws are intended to trap.

Last Wednesday, protesters against a possible war against Iraq barraged the White House and Senate offices with tens of thousands of messages by phone, fax and e-mail, as part of what was billed as the first-ever "virtual protest march."

Under the new agreement, if European Union citizens undertook a similar electronic bombardment of the e-mail, fax and phone lines of the British prime minister, Tony Blair, they might be liable for prosecution, said Leon de Costa, chief executive of Judicium, a legal consultancy based in London. The new code "criminalizes behavior which, until now, has been seen as lawful civil disobedience," Mr. de Costa said.

Ulrich Sieber, a professor of law at Munich University, urged lawmakers to amend the code to add a specific reference to the right to free expression as outlined in the European Union's Charter of Fundamental Human Rights.

Marco Cappato, a European Parliament deputy from Italy, said he failed to persuade the ministers to insert wording that differentiates between the online equivalent of trespassing and someone breaking and entering. The role of the European Parliament is consultative, so it cannot force changes to the law.

A European Union diplomat involved in the drafting of the measures agreed that protection mechanisms in the code are soft and said that amendments could still be made.
*******************************
Federal Computer Week
FBI describes IT improvement
BY Sara Michael
March 4, 2003

The FBI has been working hard to upgrade its outdated and highly criticized information technology systems, and still has much to do, FBI Director Robert Mueller told lawmakers today.

"Over the years, we have failed to develop a sufficient capacity to collect, store, search, retrieve, analyze and share information," Mueller testified at a Senate Judiciary Committee hearing about the war against terrorism. "The FBI has embarked on a comprehensive overhaul and revitalization of our information technology infrastructure."

Mueller said the bureau has made progress during the past 18 months and has laid the groundwork for the years ahead.

Among the FBI's IT initiatives is the $458 million Trilogy modernization program, which was designed as a three-year project to upgrade the bureau's infrastructure. The project has seen several cost overruns and has been criticized as being poorly managed.

However, in his written testimony, Mueller called Trilogy "the first step in the right direction" for the agency's modernization, noting that the infrastructure enhancements needed to support the system, such as workstations and network upgrades, are in place. He said officials expect that the full upgrade, including encryption devices and servers, will be completed by the end of this year.

Mueller, echoed by Homeland Security Department Secretary Tom Ridge and Justice Department Attorney General John Ashcroft, told lawmakers that sharing information among agencies is an important part of the war on terrorism.

The USA Patriot Act enacted in October 2001 allowed for more sharing among law enforcement and intelligence officials. It also allowed officials to implement new guidelines for the Foreign Intelligence Surveillance Act (FISA), a law passed in 1978 requiring officials to demonstrate probable cause before conducting electronic surveillance for intelligence purposes. Reforms have been made since then to ensure proper management of the systems, including a FISA unit under the FBI. "This unit is developing and implementing an automated FISA management system, and it oversees the expeditious distribution of FISA court orders and warrants to the appropriate field offices, telecommunication carriers, Internet service providers and other specified persons," Mueller said.

Ashcroft said the United States was winning the war on terrorism in part due to sharing vital counterterrorism information.

"The Central Intelligence Agency and the Federal Bureau of Investigation have set new standards for cooperation and coordination," he said. "The FBI's domestic intelligence operations are substantially strengthened by the CIA's information sharing, intelligence analysis and operation coordination."
*******************************
Computerworld
Study: Many companies lack disaster, continuity plans
By DAN VERTON
MARCH 04, 2003

A U.S.-led war in Iraq that could spawn new terrorist attacks in the U.S. could be less than two weeks away, but that hasn?t prompted many companies in the U.S. to invest adequately in disaster recovery, according to a new study released today by Dataquest Inc.
The study, ?Investment Decisions: Preparing for Organizational Disasters,? warns that unless companies invest immediately in disaster preparedness planning, as many as one in three could lose critical data or operational capability if a disaster occurred.

IT managers from 205 end-user companies representing eight vertical industries in the U.S., including government, aren?t investing appropriately in disaster plans because they don?t have the money to reach their required readiness levels, said Tony Adams, principal analyst in Dataquest's IT services group. "Budget constraints are forcing an average of 40% of respondents to rely on a best guess to determine potential risk rather than obtaining formal assessments, which would be too costly," he said.

"More prioritized investments must be made to ensure that businesses can quickly regain productivity after a calamity," said Adams. "Preparation is key, and without adequate investment for protection of critical systems, the repercussions of disasters will be lengthier and more costly."

Still, 53% of the respondents have implemented crisis management plans, and another 30% that do not yet have plans are considering developing them, according to the Dataquest study. The remaining 17% said they aren?t developing crisis management plans.

?Organizations may have researched and prepared a disaster recovery plan, but the data show that only a fraction have involved themselves in contingency planning for external events that might impact their capability to perform their business operations,? the study concludes.

?It could be merely that clarity about the aim and function of crisis management is needed,? according to the study. ?It could also be explained in terms of the IT systems not being deemed mission-critical in importance.? Just over a third of those surveyed by Dataquest, or 34%, indicated that crisis management preparedness is being studied for possible increased funding.

Fully 57% of the organizations surveyed said either that they didn?t know how often they evaluate contingency preparedness or that they do so in less than half of all new IT initiatives they undertake, according to the Dataquest study. Just 10% said they evaluate every new initiative for business continuity.

Rob Clyde, vice president and chief technology officer at Symantec Corp., agreed that funding issues continue to hamper the creation of contingency plans at many businesses. However, even companies that have disaster and contingency plans in place are probably not prepared for the multiple events that could occur in wartime or during a terrorism attack, said Clyde.

?A confluence of multiple incidents, [such as] major blended threats and worm attacks, coupled with physical attacks or disasters, would break the back of most organizations? incident response and disaster recovery capabilities,? said Clyde. As a result, advance preparation is key. In addition to focusing on technology and processes, ?it is useful to run a worst-case scenario during the test and identify missing capabilities and try to put together an appropriate mitigation [plan],? he said.

Although the Dataquest study focused on the responses and plans of IT managers, John Keast, chief operating officer at SEEC Inc., a Pittsburgh firm that develops software for the insurance and financial industries, said that while a company?s CIO designs and implements the plan and likely orchestrates its execution during a disaster, the ultimate responsibility for focusing the appropriate resources on disaster recovery and continuity planning rests with the CEO, chief operating officer and the board of directors.

?Losing data that affects business operations is avoidable and unacceptable,? said Keast. ?So CEOs and COOs must make it their priority.? Otherwise, ?the markets will punish any company who drops the ball.?
*******************************
New York Times
March 5, 2003
Laptops Win Over the Skeptics, Even in Maine
By SARAH MAHONEY

REEPORT, Me., March 4 Attendance is up. Detentions are down. Just six months after Maine began a controversial program to provide laptop computers to every seventh grader in the state, educators are impressed by how quickly students and teachers have adapted to laptop technology.

In a language arts class at Freeport Middle School, for example, muted howls could be heard recently as students researched projects related to Arctic stories, including "The Call of the Wild" by Jack London. Following Internet tracks created by their teacher, Janice Murphy, some students, inspired by the story, were researching wolves.

"Look," said Doug Hoover, 13, double-clicking on a wolf site. "Here's a picture of the sound waves the wolf makes when it howls."

Here and at the 239 middle schools around the state, students, teachers and parents say they are finding unexpected benefits.

No one seems more surprised by the early success of the program than Angus King, the state's former governor. When he announced the plan in the summer of 2000, motivated by a $50 million budget surplus and a pressing need to attract new business to Maine, Mr. King was stunned by the vehemence of objections.

The statewide effort, the first of its kind in the nation, "was more controversial than abortion, gay rights or even clear cutting," Mr. King said. "People hated it. They thought it was extravagant; they thought the kids wouldn't take care of the computers."

An early opponent was Chellie Pingree, then the State Senate majority leader and soon to be the president of Common Cause, a government watchdog group based in Washington. "It was about the allocation of resources," Ms. Pingree said. "We were struggling with construction issues: schools needed to be built; there were leaky roofs and not enough books."

Though she now sees the program as a success, others still say it is misguided.

"The state was flush at the time the laptop program was inaugurated, when it should have been providing for the rainy day that we're living with today," said Sumner Lipton, a lawyer in Augusta and a former state legislator. "There's a certain degree of irony in giving all the seventh graders laptops in a day when we're talking about cutting state employees back to four-day work weeks."

Before the program began, legislators trimmed its cost and scope. Envisioned as a $50 million effort that would let seventh graders take the computers with them through graduation, the plan was limited to seventh and eighth graders.

Laptops will follow their users to eighth grade next year, while seventh graders will get new iBooks, for a total of 33,000. When students leave the eighth grade, they will turn them in.

The cost of the four-year program is $37.5 million, which includes leasing the laptops, installing wireless ports throughout schools so students are always connected to the Internet and training teachers. It translates to about $300 per user a year, said Tony Sprague, project manager of the laptop program, the Maine Learning Technology Initiative.

To bolster the program, Mr. King sought support from beyond the state government. The author Stephen King (who is not related to Angus King) toured the Freeport school and offered to teach an online writing course. The Bill and Melinda Gates Foundation donated $1 million for more teacher training. The technology giant EDS pledged $400 million in software for Maine schools, the biggest gift the state has ever received.

Educators say that problems have been minimal, with little breakage, theft or loss. The rewards, teachers say, have been impressive.

"These laptops are changing the way learning happens and the way teaching happens," said Chris Toy, principal of Freeport Middle School. Such a transformation, Mr. Toy said, can happen only when each student has a computer. "We don't have a pencil lab or put eight pencils in the middle of the room and have kids take turns using them, Computers are tools, and when every child in every school has one, it levels the playing field."

Though an estimated 90 percent of the homes in Freeport, near Portland, have computers, the laptops go home with the students at night. "We needed to make sure that level playing field is extended to the home," Mr. Toy said. "Now, no one's computer is better or faster."

That sense of equality is felt keenly in the state's poor and remote schools. At the tiny elementary school in Pembroke, about 240 miles northeast of Portland in Washington County in the Down East region, children and teachers seem to be using the laptops as effectively as those in more affluent areas, the principal, Paula Smith, said. Washington County is the state's poorest, and Ms. Smith estimated that perhaps 35 percent of her students had a computer at home.

As at other schools, she said, seventh graders seem more focused and less mischievous. Last year, Ms. Smith said she handed out about 30 detentions to Pembroke's seventh and eighth graders. This year, there have been two.

Parents also welcome the program.

"When the plan was announced, a lot of people thought the money should have been put into buildings," said Alison Bennie, the mother of a seventh grader in Topsham, next to Brunswick near Portland. "My husband and I both work at Bowdoin College, and we see the rate of students bringing their own computers to campus. It's virtually 100 percent. So the sooner kids learn the language, the more adept they will be at computers in high school and beyond."

Ms. Bennie's point is critical. By some measures, Maine's public schools are considered quite good: the National Center for Education Statistics ranks Maine as having one of the highest high school graduation rates in the country. But when it comes to students going on to college, Maine ranks low in the region. And in term of Ph.D.s earned in the state, Maine ranks dead last among states and Puerto Rico, according to a recent report from the National Science Foundation.

Improved college attendance five years from now would be a measure of the program's success, but for now, educators are collecting all the information they can and are awaiting year-end test scores. In other parts of the country, smaller programs have had a significant effect: In Henrico County, Va., where 24,000 students in grades 6 through 12, have laptops, test scores have risen and dropout rates have fallen.

But many Maine educators worry less about how success will be measured than about what will happen when they tell ninth graders in 2004 to surrender their iBooks.

"Because I see their skills building, the biggest concern is what will happen when they enter high school and lose their laptops," said Diane Parent, the principal of the middle school in Caribou, more than 300 miles northeast of Portland in remote Aroostock County.

Teachers are crossing their fingers that schools will be able to secure funds to ensure that laptops stay with students through high school, as they do in Henrico County, Va.
*******************************
Federal Computer Week
Key agencies join digital ID alliance
BY Rutrell Yasin
March 5, 2003

Two leading federal agencies have joined an alliance of organizations working to address digital identity challenges.

The General Services Administration and the Defense Department's Defense Manpower Data Center have joined the Liberty Alliance Project, a consortium of more than 160 organizations and companies developing standards for electronically managing identity information.

Liberty Alliance specifications could play a key role in helping government organizations authenticate the identity of individuals and organizations that want to conduct business with government agencies via the Internet.

GSA is responsible for the development and implementation of a common infrastructure for authentication services across the federal government, so it is significant that the agency has signed on as a Liberty Alliance member.

Whether GSA's membership will help advance the government's e-Authentication services remains to be seen, said Steve Timchak, GSA's program manager for e-Authentication, which is one of the 24 e-government initiatives in the President's Management Agenda.

However, GSA officials want to play a key role in the alliance. "We want to influence future releases of specifications" by providing policy and technical expertise, he said.

GSA joined the alliance because "industry and government have the same concerns addressing identity management," Timchak said. These mutual concerns include issues such as single sign-on where an individual logs on to a network once and has access to multiple services he or she is authorized to use, as well as the management of user credentials across multiple systems.

The Defense Manpower Data Center joined the Liberty Alliance because it is involved in several projects in which there is a need for secure digital identity, according to agency officials. The center collects and maintains critical information for DOD, including automated power, personnel, training and financial databases.

By joining the Liberty Alliance Project, the center and GSA will work with corporations such as American Express Co., America Online Inc., General Motors Corp., Hewlett-Packard Co., MasterCard International Inc., RSA Security Inc. and Sun Microsystems Inc. to develop specifications for a federated network identity model.

"A federated network identity model will enable every business or user to manage their own data and ensure that the use of critical personal information is managed and distributed by the appropriate parties, rather than a central authority," a report on the Liberty Alliance Project Web site states.

The alliance released Version 1.0 of its federated network identity specifications in July 2002. Future specifications are expected during the first half of 2003.
*******************************
Australian IT
ISPs raided in MP3 probe
Simon Hayes
MARCH 06, 2003

FEDERAL police have executed search warrants on Telstra and internet company Eftel in one of Australia's largest investigations into alleged music piracy, which could be worth up to $60 million.

Warrants were also executed at several other un-named internet service providers, with more warrants possible as the investigation continues.
It's understood the police were seeking information about the identities of particular subscribers, as well as music files that may have been stored by them on servers.

According to sources, the wholesale value of the allegedly pirated music may be as high as $60 million - making it one of Australia's largest copyright infringement investigations.

A police spokeswoman confirmed that officers, accompanied by computer forensics experts, visited a Telstra facility in Melbourne and Eftel's Perth offices, as part of ongoing investigations.

Search warrants were also executed at several other ISPs, which she declined to name.

She said the execution of these warrants was part of "related investigations".

The Australian understands that the investigations are at an early stage, and that more ISPs may yet be searched.

Simon Ehrenfeld, the chief executive of Eftel parent company Datafast Telecommunications, said the company had co-operated with police, and had provided information relating to a subscriber. The ISP had also closed the subscriber's website.

"We are a large ISP, and we get police in frequently with warrants asking for information relating to the activities of particular subscribers," he said.

A Telstra spokesman confirmed a police search had been undertaken, but said "these things happen all the time".Eftel has about 50,000 subscribers. Telstra has about 1.4 million.

The investigation comes as the music industry lines up against alleged pirates at some of Australia's top universities.

In an unrelated matter, music labels Sony, EMI and Universal have taken the University of Sydney, the University of Tasmania and the University of Melbourne to the Federal Court in an effort to secure information about alleged piracy.

The three universities have agreed to preserve possible evidence, but they're expected to fight any attempt to get them to hand this over when the case resumes later this month.

Overseas, the recording industry is suing Australian-run file-sharing network Kazaa, which allows users to swap music files stored on their personal computers.
*******************************
Associated Press
Norwegian Court Approves DVD Hack Retrial
Wed Mar 5, 2:19 PM ET
By WILL STOICHEVSKI, Associated Press Writer

OSLO, Norway - A Norwegian court has approved prosecutors' appeal of a teenager's acquittal on charges that he created and circulated online a program that cracks the security codes on DVDs.

An appeals court in Oslo granted the appeal but scheduled no trial date, Erik Moestue of Norway's economic crimes unit said Wednesday.

Jon Lech Johansen, 19, was acquitted of violating Norway's data break-in laws Jan. 7. The Oslo District Court said Johansen could not be convicted of breaking into DVD films he legally owned, or of providing a tool others might use to copy films illegally.

Johansen's lawyer, Halvor Manshaus, said the lower court decision was "very thorough" and "applied the law 100-percent correctly."

Prosecutors, however, said an appeal was necessary because the case was the first of its kind in the nation and a key test in determining how far existing laws protect copyright holders.

Johansen, who works as a computer programmer, was 15 when he developed the program, DeCSS (news - web sites), to watch movies on a Linux (news - web sites)-based computer that lacked DVD-viewing software. He also posted it on the Internet.

The program is just one of many that can break the film industry's Content Scrambling System, which prevents illegal copying and blocks the use of legitimate copies on unauthorized equipment.

Prosecutors filed charges against Johansen last year after a complaint from the Motion Picture Association of America and the DVD Copy Control Association, the group that licenses CSS.

*******************************
Government Computer News
03/05/03
Cyber Corps seeks to place security professionals
By Wilson P. Dizard III

ORLANDO, Fla.The Cyber Corps, a federal program to intensively train students in systems security and related engineering and science disciplines, now has dozens of qualified students ready for government placements following graduation in the spring.

Sujeet Shenoi, a professor at Tulsa University who has helped educate the students, spoke today at the Information Processing Interagency Conference here.

Each student in the program has received a full scholarship and stipend for two years of intensive graduate or undergraduate study in information assurance science and technology. The students also have worked in government internships during the summers between their academic years.

According to Shenoi, the National Security Agency's red team of crack cybersecurity analysts already has hired two program graduates and several other students are headed to the code-breaking agency.

However, the students also work with civilian federal agencies and state and local government cyber security teams. Under the terms of their agreement to join the Cyber Corps, the students are obliged to work for government agencies for two years after graduation.

Agencies can bring the students in at various pay grades, Shenoi said, because they range in age and experience from 19-year-old prodigies to experienced veterans of agencies such as NASA.

The program is seeking to place 39 information assurance specialists who will graduate between May and September. In addition, the program has more than 100 students who are looking for internships in cybersecurity fields stating in May 2003 for the summer months. Cyber Corps graduates frequently hold certifications from the Pentagon's Committee for National Security Systems Certifications in various computer security disciplines.

The corps now has a total of 133 students and its leaders are seeking 300 students annually to be educated at about 20 universities.
*******************************
Associated Press
Adopt-a-Soldier Web Site Gains Popularity
Thu Mar 6, 4:54 AM ET
By ELLIOTT MINOR, Associated Press Writer

FORT BENNING, Ga. - Pamela Bates worried about getting depressed after her husband shipped out to Kuwait for the possible war with Iraq (news - web sites).

Her solution was a project that keeps her busy 16 hours a day and lifts the spirits of thousands of soldiers living in tent cities in the Kuwaiti desert.

Her Adopt-A-Soldier Web site Hugs to Kuwait was originally intended to serve only members of her husband's unit, the First Battalion of the 10th Artillery Regiment from Fort Benning. But the overwhelming response from soldiers, military families and other supporters led her to expand it to all branches of the military and even to a British unit.

"I don't have a guarantee that my husband will return," she said. "I pray for his safety and I have to support those who watch his back everyday."

Bates launched the Web site on Jan. 4, two days before her husband, Sgt. Daniel Bates, boarded a plane for the Middle East. He is an artilleryman in the Army's 3rd Infantry Division, which would likely take the lead in an invasion of Iraq.

So far Bates has arranged the adoption of more than 9,800 troops, and 18,000 people from every state and 11 countries have applied. She and a group of volunteers screen the applicants and then link them with troops who agree to be adopted.

Mitch Dunn, a disabled Vietnam veteran, and his wife, Sandy, of Fort Dodge, Iowa, have adopted two sailors aboard the USS Constellation, an aircraft carrier in the Persian Gulf region, and three soldiers from Sgt. Bates' battalion.

"Every letter I write, I say, 'I hope the good Lord brings you home safely,'" said Dunn, who was wounded in Vietnam while serving aboard a Navy river patrol boat. "You know those kids have to be scared. If you're not scared, there's something wrong with you.

"It really means a lot to get support from people back home," he said.

Sandy Dunn has become one of the four assistant managers who help with Hugs to Kuwait, which has also linked churches, civic groups, scout troops and veterans' organizations with the troops who soon may face combat.

"I was determined that I was going to do something for the guys in his unit," said Bates. "It never was supposed to get this big."

Her Web site also offers chat rooms that provide support for military spouses, tips on what to include in care packages for soldiers and soldiers' pictures from the desert.

It has a link to another group, Operation Military Pride, which works to boost the moral of troops based overseas through cards, letters and care packages. Operation Military Pride plans a Washington rally on Armed Forces Day, May 17, to show support for the military.

"We've created a community, and it's been a godsend for me," said Bates, who has two teenagers. "I don't sit around feeling sorry for myself. As a spouse, you can get the blahs when your husband is deployed. You don't want to get out of bed."

She runs the Web site from a laptop while seated on a sofa in the living room of her home in a military housing development. She receives more than 100 e-mails a day and her coffee table is piled high with printouts. She also gets a flood of regular mail from people who want to apply, or to offer their thanks and support.

"When I get down in the dumps, I read the letters that people send to me thanking me for setting up the program, and it always picks me back up," she said. "I support my husband 100 percent and what the military does, 150 percent. I have to be strong for him and for my kids."

Bates, who had little experience with Web sites, built the site on her own.

"We're home. We feel safe and comfortable with our families and friends," Bates said. "They don't have that. What they are doing is what they have been ordered to do, what they took an oath to do. If we can make one soldier smile, then we're happy."
*******************************
New York Times
March 6, 2003
Online Newspaper Shakes Up Korean Politics
By HOWARD W. FRENCH

SEOUL, South Korea For years, people will be debating what made this country go from conservative to liberal, from gerontocracy to youth culture and from staunchly pro-American to a deeply ambivalent ally all seemingly overnight.

For most here, the change is symbolized by the election in December of Roh Moo Hyun, a reformist lawyer with a disarmingly unfussy style who at 56 is youthful by South Korean political standards. But for many observers, the most important agent of change has been the Internet.

By some measures, South Korea is the most wired country in the world, with broadband connections in nearly 70 percent of households. In the last year, as the elections were approaching, more and more people were getting their information and political analysis from spunky news services on the Internet instead of from the country's overwhelmingly conservative newspapers.

Most influential by far has been a feisty three-year-old startup with the unusual name of OhmyNews. Around election time the free online news service was registering 20 million page views per day.

Although things have cooled down a bit, even these days the service averages about 14 million visits daily, in a country of only about 40 million people.

The online newspaper, which began with only four employees, started as a glimmer in the eye of Oh Yeon Ho, now 38, a lifelong journalistic rabble rouser who wrote for underground progressive magazines during the long years of dictatorship here.

Its name, OhmyNews, a play on the expression "Oh my God!" which entered the Korean language by way of a comedian who popularized it around the time the online service was founded in 2000.

Although the staff has grown to 41, from the beginning the electronic newspaper's unusual concept has been to rely mostly on contributions from ordinary readers all over the country, who send dispatches about everything from local happenings and personal musings to national politics.

Only 20 percent of the paper each day is written by staff journalists. So far, a computer check shows, there have been more than 10,000 other bylines.

The newspaper deals with questions of objectivity and accuracy by grading articles according to their content. Those that are presented as straight news are fact-checked by editors. Writers are paid small amounts, which vary according to how the stories are ranked, using forestry terminology, from "kindling" to "rare species."

"My goal was to say farewell to 20th-century Korean journalism, with the concept that every citizen is a reporter," said Mr. Oh, a wiry, intense man whose mobile phone never stops ringing and who insists his name has no connection with the newspaper's.

"The professional news culture has eroded our journalism," he said, "and I have always wanted to revitalize it. Since I had no money, I decided to use the Internet, which has made this guerrilla strategy possible."

The kind of immediacy this brand of journalism can bring to a story was brought home again in late January by the dispatches of a firefighter from the central city of Taegu, who sent gripping accounts of the subway arson disaster there, which killed nearly 200 people.

More pertinent to the impact OhmyNews has had on the country's political culture were reports the service ran last summer after two schoolgirls were crushed to death by a United States Army armored vehicle on patrol.

OhmyNews's reports of the incident were widely seen as forcing the hand of the mainstream media to pay attention to a story that conservative tradition here suggests they might have been inclined to ignore.

The rest is, as they say, history: a series of demonstrations against the Army presence here snowballed in the fall and winter, becoming a huge national movement that many see as having propelled the candidacy of Mr. Roh.

The new president was, until then, a relative unknown and third in a field of three major candidates. If no one else caught on to this link, Mr. Roh appears to have. After his election, he granted OhmyNews the first interview he gave to any Korean news organization.

For Mr. Oh, the story of the American military accident had echoes of one of his first big scoops, a story he wrote as a little-known freelance journalist in 1994 on the No Gun Ri incident, a reported massacre of South Korean refugees by United States military forces who opened fire on them at a railroad trestle in the summer of 1950, during the Korean War.

The South Korean press made almost no mention of his reports after he broke the story, but five years later The Associated Press wrote about the incident, winning a Pulitzer Prize for its subsequent investigation with American Army veterans.

"Once the American media picked up the story, our mainstream newspapers wrote about No Gun Ri as if it was a fresh incident," Mr. Oh said. "This made me realize that we have a real imbalance in our media, 80 percent conservative and 20 percent liberal, and it needed to be corrected. My goal is 50-50."

After he broke the No Gun Ri story, Mr. Oh went away to school in the United States, earning a master's degree at the conservative, explicitly Christian Regent University in Virginia Beach, Va., whose president is the evangelist pastor Pat Robertson. It might have seemed like an unlikely choice, but Mr. Oh said it was deliberate.

"Pat Robertson and I are very different in temperament and ideology, but we are very similar in strategy," said Mr. Oh, who became what he calls a serious Christian during his stay in the United States. "They are very right-wing and wanted to overthrow what they saw as a liberal media establishment. I wanted to overthrow a right-wing media establishment, and I learned a lot from them."

Although OhmyNews pays its staff less than reporters earn at the top South Korean newspapers, morale appears to very high. "Wherever I go, people ask me, `What about the pay?' " said Son Byung Kwan, 31, a reporter who helped break the story about the American soldiers' accident. "I took a 30 percent pay cut to work here, but things couldn't be better. My company is so famous that I have become well known, and best of all, my stories have real impact."
*******************************
BBC Online
Wealthy users dominate internet

Three times as many well-off families are going online for the first time as those with low incomes, a new report has revealed.
The charity Citizens Online also found more than six times as many homes were online in some parts of the country than in others.

Wokingham in Berkshire was the UK's best connected town, with almost six in 10 households online.

In Blaenau Gwent, South Wales, fewer than one in ten homes had access to the internet.

'Internet divide'

John Fisher, head of Citizens Online, said: "This research now makes it possible to focus efforts on those areas that need the most help to bridge the internet divide."

The lowest internet uptake was in Wales at 29%, while the region with the most homes connected was south-east England with 45%.

Citizens Online is launching a joint project with BT to increase internet access in disadvantaged communities.

A pilot scheme will first run in St Stephen in Brannel, Cornwall, with a second in Audley and Bignall End in Newcastle-under-Lyme.
*******************************
Federal Computer Week
Electronic archiving enforcement lacking
BY Diane Frank
March 4, 2003

Although the National Archives and Records Administration and the Library of Congress are striving to develop guidance about electronic archiving, no common practices and policies are being enforced within government, experts said last week.

One of the most pervasive concerns in the archiving world is that a lack of tools and standards has already caused millions of electronic records and historical documents to be lost through technical obsolescence.

New standards such as PDF-Archive and JPEG 2000, as well as efforts to use Extensible Markup Language and other existing standards, should be able to help in coming years, said Stephen Levenson, records policy officer for the Administrative Office of the U.S. Courts. He was speaking at a Feb. 26 forum sponsored by Adobe Systems Inc.

But the lack of true governmentwide guidance and enforcement power for how agencies should implement those and other standards "has been a concern," Catherine Teti, managing director for knowledge services at the General Accounting Office, said at the forum.

NARA issued draft guidance in the past year defining a new records management and archiving approach, but the agency must also take a more active role in making sure that all agencies adopt it, Rick Barry, an electronic records consultant, told the National Academies' Committee on Digital Archiving and NARA on Feb. 27.

NARA officials may not have the skills or power to fully enforce the guidance, Barry said. He suggested that officials there look at necessary legislative changes or, to address short-term needs, work with the White House to develop an executive order.

However, working through existing power -- such as the budget development process at the Office of Management and Budget -- may be the fastest and most effective way to ensure that agencies make electronic records part of their daily and long-term management processes, said one federal official who asked not to be named.
*******************************
Federal Computer Week
Florida a model for homeland
BY Judi Hasson
March 5, 2003

ORLANDO, Fla. Florida has become a national model for how law enforcement and first responders should organize their efforts to protect the homeland, officials said March 4.
Since the Sept. 11, 2001, terrorist attacks, Florida has created a series of task forces in various regions to oversee threat prevention and response. State officials have worked with industry representatives to develop antiterrorism measures, and they have used technology to create networks with federal, state and local agencies. Florida also has created a statewide epidemiology network.
With a dozen theme parks, other major tourist attractions and 1,350 miles of coastline, Florida faces a major challenge daily in trying to protect its citizens from terrorism, said Steve Lauer, domestic security chief for Florida's Department of Law Enforcement.
"We strongly believe that the homeland will be secured," said Lauer, a former Marine who was in Beirut, Lebanon, in 1983 when the Marine Corps barracks were bombed, killing more than 200 Americans.
Lauer said Florida is one of 13 states participating an effort involving the Justice and the Homeland Security departments to disseminate information via a Web-based database. The system enables police to access warnings and alerts from the federal government.
But Florida also has plans to minimize any attacks, respond with the right people and equipment, recover quickly, especially information technology systems, and make sure first responders are properly trained and equipped to do their jobs.
He said Florida also is working with the private sector because 80 percent of the state's infrastructure is privately owned.
"It cannot be done by the public sector alone," Lauer told the Information Processing Interagency Conference meeting, the annual conference of the Government Information Technology Executive Council.
*******************************
Federal Computer Week
Homeland preps for vendor pitches
BY Judi Hasson
March 4, 2003

ORLANDO, Fla. -- The Homeland Security Department intends to issue requests for information in about six weeks to seek ideas from the private sector about technology systems, and it also will launch a vendor Web site to keep track of thousands of unsolicited suggestions.

Jim Flyzik, former senior adviser for information technology at the Office of Homeland Security, outlined some of the steps the new department intends to take. He spoke in place of Steve Cooper, the department's chief information officer, who could not attend the annual Information Processing Interagency Conference as scheduled. IPIC is the annual conference of the Government Information Technology Executive Council.

Flyzik said the department is "looking for new ideas and approaches to go forward." He also said the department will look at existing contracting vehicles, such as the one operated by the Transportation Security Administration.

Another Homeland Security official said the department also intends to launch a Web site that will collect and organize vendor ideas. The site is expected to be operational in about a month.

Speaking at the three-day gathering, Flyzik said there is an urgency to create the best system possible as fast as possible. Al Qaeda's "intent is to kill us for our way of living and to do it in large numbers," Flyzik said. "It is our job to figure out ways to make sure that never happens."
*******************************
Government Computer News
GSA, DOD sign on to Liberty Alliance

By Joab Jackson
Post Newsweek Tech Media

The Department of Defense and the General Services Administration have joined Liberty Alliance, a network identity standards organization.

The consortium - whose members include EDS, Lockheed Martin Corp., Sun Microsystems, MasterCard Inc. and VeriSign - hopes the government?s involvement will help set the standard for large-scale digital authentication and identity management.

?Identity management is becoming ... more relevant as an increasing number of transactions and relationships move online,? said Michael Barrett, president of the Liberty Alliance Management Board.

While identity solutions exist in the marketplace, the alliance is creating a common language, or specifications, that will allow the solutions to work in a similar way, paving the way for government bodies to simplify electronic services to a large numbers of citizens, workers and businesses, said Simon Nicholson, head of the business and marketing expert group for the alliance.

The GSA is looking at alliance specifications as a way to implement authentication services across the Internet as part of its eAuthentication initiative, one of the 25 e-government projects. This initiative will develop a way to verify the identities of citizens and businesses doing business with the government online.

The Defense Department?s Defense Manpower Data Center is looking at the specifications for help in maintaining its automated power, personnel, training and financial databases.

The first work the alliance has taken on is a single sign-on capability. Using a common specifications for single sign-on and identity management, an individual who signs on to a trusted network would not have to sign on a second time if he uses other services elsewhere, Nicholson said.

For example, a sailor logs onto the Navy-Marine Corps Intranet and if the intranet uses the Liberty specifications, the sailor will be allowed to check medical records being held by another Liberty-compliant branch of the service without logging in again.

The signing of the two agencies also represents a major victory for the Liberty Alliance, started in July, 2002, as Microsoft Corp., Redmond, Wash., is rolling out its own identity management service, called Passport.

?We recognized that no one supplier could set the standards and that identity, security and privacy are all key to seeking what we want to offer on the Web. So participation by the GSA and DoD is further evidence that we?re agreeing that we all need to work with each other,? Nicholson said.
*******************************
Government Executive
March 5, 2003
Administration officials weigh six new e-gov initiatives
By Maureen Sirhal, National Journal's Technology Daily

ORLANDO, Fla.A council of budget officials within the Bush administration is weighing whether to roll out six e-government projects in areas that cut across several departments and agencies.

The President's Management Council, comprised primarily of chief operating officers and budget executives at federal agencies, is studying six areas to determine whether they merit funding, Cameron Findlay, deputy secretary of the Labor Department, told people at the Information Processing Interagency Conference here.

Those projects cover data and statistics, human resources, business-management systems, health monitoring, criminal investigations, and monetary benefits. They were chosen as the Office of Management and Budget began assembling the fiscal 2004 budget, Findlay said.

OMB observed similarities in agency requests, he said. For example, the Justice Department asked to fund a system to enhance criminal investigation, and the Environmental Protection Agency sought financing for a similar system.

"These are not yet e-government initiatives. ... They are areas we want to investigate" to determine whether they should be, he said. "What money is available and who should manage [the projects] are still very much up in the air."

The comments came as Findlay, who chairs the management council's e-government committee, explained the budgeting approach that OMB is now taking toward technology and e-government projects. As part of its budget proposal, OMB stressed to other federal organizations that the government cannot keep funding duplicative initiatives.

But Findlay said administration officials are contemplating building teams of agency and OMB representatives around the six areas to evaluate whether they can receive funding to move forward. "The idea is to form teams that will include OMB as well as representatives from those agencies to perform the evaluation," he said.

Findlay also offered advice to federal IT workers and managers on ways to navigate the budgeting system, and on ensuring that they can get the resources they need to meet e-government goals and speedy agency reform.

"When you begin think about a new IT project, you should think, 'Are there other agencies already doing this and can we piggyback?'" with them, he said. OMB will not approve funding requests unless you ask those sorts of questions, he added.
*******************************

Prev by Date: ACM TechNews - Wednesday, March 5, 2003
Next by Date: Clips March 7, 2003
Previous by thread: ACM TechNews - Wednesday, March 5, 2003
Next by thread: Clips March 7, 2003
Index(es):
- Date
- Thread