Clips April 11, 2003

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips April 11, 2003

ARTICLES

Total Information Awareness Project Undergoes First Test
Report criticizes Google's porn filters
Texas counties pilot online court filing system
Army buys virus blocker
State IT budgets get crunched
Database aids Air Force recruiting 
Agencies make security improvements
Grads seek jobs in federal Cyber Corps
DHS working on personnel system 
Policy consensus seen critical to information sharing 
FBI director says tech investments are paying off 
Antispam bill reintroduced in Senate
After three years of Wi-Fi, hurdles remain
FBI Says Web Fraud Claims Surged in 2002
Computer glitch prevents final upper house seat decision [AUS]

*******************************
Technology TechWeb
Total Information Awareness Project Undergoes First Test
Thu Apr 10, 6:53 PM ET
Aaron Ricadela, InformationWeek 

Pentagon (news - web sites) researchers this month completed the first set of test data for the controversial Total Information Awareness system, a key technologist for the project says. 


Lt. Col. Doug Dyer, a program manager at the Defense Advanced Research Projects Agency (Darpa), said at an IBM-sponsored conference on data privacy in Almaden, Calif., this week that Americans must trade some privacy for security. "Three thousand people died on 9/11. When you consider the potential effect of a terrorist attack against the privacy of an entire population, there has to be some trade-off," Dyer says. 


Total Information Awareness, an experimental computer system being developed by Darpa under Vice Adm. John Poindexter, seeks to scan information about passport, visa, and work-permit applications, plus information about purchases of airline tickets, hotel rooms, over-the-counter drugs, and chemicals--both here and abroad--to discern "signature" patterns of terrorist behavior. Congressional leaders have criticized the system's potential to spy on Americans and agreed to restrict further research and development without consulting Congress. 


Signals of potential terrorist activity are likely to be weak amid a field of data "noise," Dyer says. TIA is designed to seek patterns that could indicate terrorist behavior while preserving people's anonymity, he adds. "We're testing our hypothesis on nothing but synthetic data." 


Total Information Awareness, the keystone project of Darpa's Information Awareness Office, incorporates language-translation, data-searching and pattern-recognition, and decision-support technologies, according to the project's Web site. According to Dyer, the system won't scan "irrelevant" personal information about Americans, such as medical records, but could consider records of over-the-counter drug purchases, which could indicate planning of a bioterrorist attack. 


Dyer says the initial experiment data set, completed this month, could also consider relationships between purchases of certain chemicals, whether the buyer or a family member was involved in an activity such as farming that could explain a benign reason for the purchase, and where the purchase was made.
*******************************
CNET News.com
Report criticizes Google's porn filters 
By Declan McCullagh 
April 10, 2003, 1:18 PM PT

WASHINGTON--Children using Google's SafeSearch feature, designed to filter out links to Web sites with adult content, may be shielded from far more than their parents ever intended. 
A report released this week by the Harvard Law School's Berkman Center for Internet & Society says that SafeSearch excludes many innocuous Web pages from search-result listings, including ones created by the White House, IBM, the American Library Association and clothing company Liz Claiborne. 

The omissions occur because of the way Google designed the feature, which can be enabled or disabled through a preferences page. The feature uses a proprietary algorithm that automatically analyzes the pages and makes an educated guess, without intervention by Google employees. 


That technique reduces the cost of the SafeSearch service, but it can lead to odd results. It's perhaps unlikely that many humans would have classified a BBC News report on East Timor, Mattel's site about its Scrabble game -- the URL includes the word "adults"--or the Nashville Public Library's teen health issues page as unsuitable for minors. Some articles from CNET News.com and CNET Software are also invisible to SafeSearch users. 

"If Google put some of its smart people on this task, they could do a much better job than they have so far," said Ben Edelman, the student fellow at the Berkman Center who performed the research. "They've got a lot of smart people. It would be shocking if their great engineers couldn't do better. The question is whether that's a priority for Google." 

Google admits that the thousands of innocuous sites listed by the Berkman Center's report are invisible to SafeSearch users. But the company challenged the methodology of the study, saying that some of the sites are missing because their Webmasters employ a device called the "robots.txt" file, which is designed to limit automated Web crawlers in various ways. 

Such a file might, for example, ask Web crawlers not to visit a certain area of the site because repeated visits would slow down the server considerably. Social etiquette dictates that crawlers should obey a robots.txt file. Google chooses not to include pages that use such files in SafeSearch listings because its crawler can't explore the entire site and thus, the company says, can't be expected to judge the site's content. 

Edelman said he was unaware of the robots.txt exclusion when he conducted the study, and revised his report on Thursday to include a discussion of the issue. The report was originally released Wednesday. Edelman said only 11.3 percent of the sites listed in his study are filtered because their Webmasters created robots.txt files. Those include sites from IBM, Apple Computer, the City University of New York, Groliers, and the Library of Congress. 

"It doesn't matter whether SafeSearch omits a site because the site has a robots.txt file or because SafeSearch is imperfect," Edelman said in an interview. "Either way, the site would have been relevant but disappears from results." 

Some of the thousands of nonpornographic sites without robots.txt files that are filtered include offerings from the Vermont Republican Party, the Stonewall Democrats of Austin, a U.K. government site on vocational training and the Pittsburgh Coalition Against Pornography. News sites take a hit too, with articles from Fox News, Wired News, The Baton Rouge Daily News and some Web logs affected. 

Google argues that SafeSearch is designed to err on the side of caution. David Drummond, Google's vice president for business development, said: "The design was meant to be overinclusive. The thinking was that SafeSearch was an opt-in feature. People who turn it on care a lot more about something sneaking through than they do about something getting filtered out." 

Drummond said that the list of off-limits sites is created "in an automated way" without human intervention. "It looks at keywords, it looks at certain words, the content of the page, the weighting of certain words that are likely to be found on something that's a bad site," Drummond said. An employee becomes involved when Google receives a complaint about a legitimate site that should have been visible or a pornographic one that was, Drummond added. 

Google is hardly alone in encountering problems when separating the wheat from the chaff on the Internet. In fact, filtering software is so problematic that Edelman, with Harvard professor Jonathan Zittrain, has made something of a career out of documenting overblocking and underblocking flaws in the programs. A federal appeals court relied on that research when deciding that Congress' attempt to force filters on public librarians was unconstitutional. That decision is on appeal to the U.S. Supreme Court. 

There seem to be few consistent patterns in SafeSearch's overblocking, but one that does appear is that Web pages about Edelman and other Harvard researchers who have written about filtering software's problems are blocked too. 

"It might be difficult for an AI (artificial intelligence-based) system to figure out that this is a site about regulating pornography on the Internet instead of actual pornography," Edelman said. 

Google's "SafeSearch Help" carries this disclaimer: "While no filter is 100 percent accurate, Google's filter uses advanced proprietary technology that checks keywords and phrases, URLs and Open Directory categories...Google strives to keep the filtering information as current and comprehensive as possible through continual crawling of the Web and by incorporating updates from user suggestions." 
*******************************
Federal Computer Week
Texas counties pilot online court filing system
BY Dibya Sarkar 
April 8, 2003

Two Texas counties are currently piloting a Web-based filing system for state and local courts that will be jointly developed by BearingPoint Inc. and Microsoft Inc.

The companies are offering the product as a managed service so attorneys can file any type of case document, whether criminal or civil, simple or complex, said Frank Giebutowski, Microsoft's general manager for state and local government. Because it's a managed service, courts don't have to pay major capital investments for such a system, he said.

Gary Miglicco, BearingPoint's managing director of national e-government solutions, said attorneys would register with the service and pay fees for filing cases round-the-clock. It could eliminate the use of couriers who normally file documents physically at the courts. He said filers also can track the status of their filed document, checking to see whether it's been delivered, if it's being reviewed, or if it has been accepted by the court, similar to the way UPS lets customers view the status of their packages.

The companies signed a deal with the TexasOnline Authority, the state portal's governing body, in January 2002 and began development last summer. They launched pilots in Fort Bend and Bexar counties last November and plan to expand to another four counties this summer and then nationwide.

"Use of the service by our courts can save attorneys time, reduce total filing costs, and assist courts in becoming more efficient -- this is especially critical in these challenging economic times," said Carolyn Purcell, Texas's chief information officer, in a press release. The service, called eFiling for Courts, is an open solution and can interface with any solution, said company officials. It is built on Microsoft technologies, including Windows Server 2000, BizTalk Server, SQL Server database, Internet Security and Acceleration Server, and Visual Studio .NET. The service uses LegalXML (Extensible Markup Language) standard schema and Web services standards like Simple Object Access Protocol.

The biggest challenge, said BearingPoint's Miglicco, is dealing with stakeholders.

"This is a solution with a lot of players in it," he said, referring to attorneys, judges and court clerks. Courts may also have to develop rules on electronic filing, such as what happens if a file isn't received. Officials said there is also an opportunity for revenue-sharing among courts. BearingPoint and TexasOnline share revenues generated from usage of online applications.

While it's unknown how many courts nationwide use e-filing, court officials in the past have said courts are mostly paper-based and are slow to adopt technology.
*******************************
Federal Computer Week
Army buys virus blocker
BY Dan Caterinicchia 
April 9, 2003

The Army's Chief Technology Office (CTO) is using a trio of products from Trend Micro Inc., a provider of network antivirus and Internet content security solutions, to help protect the more than 1.1 million Army Knowledge Online (AKO) users from viruses, malicious content and spam. 

The Army CTO is responsible for building, enhancing and maintaining AKO as the service's enterprise portal for universal, secure access. It is also responsible for management and oversight of several key initiatives from the Army chief information officer.

The Army CTO is using Trend Micro's InterScan VirusWall for real-time Internet gateway protection against viruses and malicious code in Simple Mail Transfer Protocol, Hypertext Transfer Protocol and FTP traffic. The company's eManager adds spam blocking, content filtering, attachment blocking and e-mail scheduling to optimize bandwidth, and its ServerProtect for EMC Corp.'s Celerra provides centralized virus scanning, pattern updates and event reporting for data storage using Celerra file servers, said David Perry, Trend Micro's global director of education.

Perry said the company uses three main steps to help the Army, and all the company's customers, throughout the lifecycle of a virus outbreak:

* Outbreak protection policy, which identifies the virus and creates and implements a policy rule, usually within six minutes, to ensure it does not spread.

* Service-level agreement, which requires Trend Micro labs to issue a pattern file of the virus within a few hours of its discovery, with penalties for any delays.

* Damage control system, an automated agent delivered to the desktop to assist with "cleanup," which eliminates, or severely decreases, the need for human intervention, thereby speeding recovery. Dan Glessner, senior director of Americas marketing, said Trend Micro's experience in the secure content management market, especially its expertise "with heterogeneous environments -- Unix, [Microsoft Corp.] Windows, Linux and other platforms," helped it secure the Army deal. In addition to the Army contract, Trend Micro is part of one of three vendor teams selected last September by the Defense Information Systems Agency to enhance the protection of everything from desktops to wireless devices as part of the DOD and Coast Guard enterprise antivirus software initiative.
*******************************
Federal Computer Week
State IT budgets get crunched
BY Dibya Sarkar 
April 9, 2003  

It will be a "steep climb" for state government managers to get funding for new information technology projects in the poor budget climate, according to a former Pennsylvania budget director.

"We've gone from one set of record-breaking situations to another set of record-breaking circumstances," said Bob Bittenbender, the state's former budget secretary. In the 1990s, states were able to invest in IT, cut taxes and build reserves, but that robust economy probably masked the deterioration of the states' fiscal picture, he said.

A majority of state governments are facing one of their worst fiscal crises in decades. Many governments are cutting spending across the board, some are calling for tax increases, others are imposing hiring freezes or laying off workers, and some are dipping into their rainy day funds. Across the country technology budgets have been cut, some officials said, and major projects have been put on hold.

The National Association of State Chief Information Officers (NASCIO) held an expert panel discussion on the matter during its midyear conference in Pittsburgh April 7.

Joe May, a member of the Virginia House of Delegates who also heads its science and technology committee, said $900 million, or 4 percent, of the state's $24 billion budget is spent on technology, according to an enterprisewide survey conducted by technology secretary George Newstrom. That showed how IT was organized in the state and what should be done to avoid duplicate costs, May said. 

He added that it also showed that the state's procurement system was not well organized and that business cases must be made for any IT project to proceed. The survey's results also got the attention of his colleagues, he said, who never thought IT was a big item in the state.

"It's one of the brighter parts of Virginia's financial landscape," he said referring to the survey and its results.

Utah's new CIO Val Oveson said the enterprise architecture trend is providing a good opportunity during budget woes. Documenting a return on investment analysis will be even more critical than in the past, he said, as well as re-establishing trust with the executive branch, which may have been turned off by past failed technology projects. 

Creative financing can help and re-engineering business processes can squeeze out some efficiency, but Bittenbender said the real problem is fixing the revenue structures -- such as the use of sales and capital gains taxes and corporate profit taxes -- and spending streams.

Raising taxes and borrowing money may fly in some areas, but it's next to impossible in Virginia, May said. Another issue mentioned about implementing convenience or user fees on online government applications, he said, would defeat the purpose of trying to promote electronic services, which are much cheaper than conducting business face-to-face with a state employee.

But he said the budget problems may make it easier to implement and even force change. "There is no other choice," May said.
*******************************
Government Computer News
04/11/03 
Database aids Air Force recruiting 
By Dawn S. Onley 

The Air Force Recruiting Service is using a customized database built by Merkle Direct Marketing Inc. of Lanham, Md., to target leads and track responses by turning to direct mail, broadcast, print and the Internet to help recruit volunteers. 

Merkle is using its proprietary Military Lead Management Knowledge Center, a database marketing system, to help the Air Force meet its recruitment goals, an Air Force official said. The company also manages lead recruitment for the Marine Corps and Army, according to company officials. 

?From the start, Merkle has been very proactive and has worked closely with us to maximize our lead recruitment efforts,? said Kerry Macaitis, an Air Force direct marketing account executive. ?We were also very impressed that Merkle delivered its comprehensive solution two weeks ahead of schedule.? 

In February, Merkle was hired as a subcontractor to GSD&M, an Austin, Texas, advertising agency, and began work on the custom database. 

Using a variety of products, including software from E.piphany Inc. of San Mateo, Calif., Microsoft Windows NT and SQL Server 2000, Merkle is targeting recruitment leads, processing responses generated from several print and broadcast sources and distributing the best leads to field recruitment offices. Afterwards, Merkle analyzes the data to identify the best types of outreach.
*******************************
Federal Computer Week
Agencies make security improvements
BY Diane Frank 
April 10, 2003

The government has made "substantial" progress in information security since last year, but the same measurements that identify improvement also highlight that there is a long way to go, testified Mark Forman, associate director for information technology and e-government at the Office of Management and Budget, at a House hearing April 8.

The final report to Congress under the Government Information Security Reform Act (GISRA) of 2000 is in its final draft and will soon be released. It includes the second year of performance metrics in many security areas, and the improvement in those areas is significant, Forman told the House Government Reform Committee's Technology, Information Policy, Intergovernmental Relations and the Census Subcommittee.

Some of those metrics are:

* In fiscal 2001, only 40 percent of federal systems had the required up-to-date security plans. In fiscal 2002, that increased to 61 percent.

* Only 27 percent of federal systems underwent security certification and accreditation in fiscal 2001, compared to 47 percent in fiscal 2002.

* The percentage of systems that had gone through risk assessments increased from 44 percent in fiscal 2001 to 64 percent in fiscal 2002.

But the numbers are still far from where they should be, Forman said. This fiscal year, OMB has already set a goal to have 80 percent of federal systems be certified and accredited. Other goals are even higher and OMB and Congress must continue to put pressure on agencies as the government transitions to the Federal Information Security Management Act of 2002, which permanently reauthorizes GISRA, he said.

"Oversight of progress has been and will continue to be very important to this," Forman said.

There are some concerns that governmentwide security management is suffering under the organizational changes made with the Homeland Security Department's creation, particularly when it comes to coordination and resources.

But agency IT officials have found that OMB's attention through the GISRA reports has raised agency executives' awareness, which has in turn significantly helped the IT officials implement necessary policy and technology changes.

In the past year, the Commerce Department managed to raise its security procedures on many of the criteria included in OMB's GISRA reporting guidance, said Tom Pyke, chief information officer at the department. 

Right now, 96 percent of Commerce's systems have gone through risk assessments, 90 percent have contingency plans in place, 92 percent have undergone certification and accreditation, and 98 percent have an up-to-date security plan, he said.

Commerce has also created a departmentwide database of needed corrective actions and has already addressed 74 percent of those issues identified for fiscal 2003, he said.
*******************************
Federal Computer Week
Now the real work begins
Grads seek jobs in federal Cyber Corps
BY Colleen O'Hara 
April 7, 2003

The largest group of federal cyberdefenders to graduate under the Scholarship for Service program so far is pounding the pavement as the class of 2003 begins its search for jobs in federal agencies.

These graduate and undergraduate students received federal money to study information assurance in exchange for a one- or two-year stint working in the federal Cyber Corps when they graduate.

About 44 students from the scholarship program will graduate this spring, ready to put their training and experience to work in government. Some have found jobs already, but some have not.

Last month, the Office of Personnel Management launched the Scholarship for Service Web site (www.sfs.opm.gov) to help match students with agency jobs, but some say it should have been launched long before this group of students started looking for jobs.

Agency officials can register on the site, receive information on how to participate in the program, search student résumés and report a "match," said Miguel Hernandez, director of OPM's San Antonio Service Center. The students, who are required to register, will also have access to information on the agencies, he said.

The site is a good first step in helping to fix what some say is a weakness in the program: a lack of knowledge among agency officials that the Scholarship for Service program even exists.

"The trouble is, word needs to get out among the people who need to hire" the students rather than among the human resources directors, said Sujeet Shenoi, a computer science professor at the University of Tulsa, Okla., who manages the Scholarship for Service program for the university. "We think the Web site will help because it will be a one-stop shop."

OPM has written to agencies to encourage them to participate and is working closely with the CIO Council and school representatives, Hernandez said. "It's a very young program," he said. "As we progress, the agencies will become more aware" of it.

The program has received high marks from students, but the job search process has been somewhat discouraging.

Preston Gillmore, who will receive in less than a month a graduate degree in computer science from Tulsa, is interviewing for the second time with a federal agency he declined to name.

Gillmore, who has numerous degrees and more than 15 years of experience in information technology, said he and his wife, Julie Evans, who is also participating in the Scholarship for Service program, are concentrating on the Washington, D.C., area "because that's where the jobs are." 

"It's a wonderful program," he said. "I just want to take the education and experience I've got and take it to an agency."

Rick Ayers, another program participant graduating from Tulsa with a graduate degree in computer science, is waiting to hear about a job with the National Institute of Standards and Technology, where he interned last summer.

"My internship at NIST [was] wonderful," he said. "We had a lot of freedom and got to use our imagination.... Hopefully, I'll be back at NIST."

Agencies should jump at the opportunity to hire the students, said Ira Hobbs, co-chairman of the CIO Council's Workforce and Human Capital for IT Committee.

"I think the Scholarship for Service program offers a unique opportunity to help the government to fill an area that is critical in our portfolio of IT jobs," he said.

***

Calling e-Scholars 

The Office of Personnel Management launched a Web site March 28 designed to give students a single place to find information on scholarships, internships, fellowships and other programs offered by the federal government.

The e-Scholar site (studentjobs.gov/e-scholar.htm) includes about $400 million worth of educational scholarships, and the list will continue to grow, said Barry Williams, a White House Fellow who developed the site for OPM. "We want to make e-Scholar a $2 billion site," he said. "We've only scratched the surface" of what is available to students.

The site lists information on domestic and international opportunities for students in high school through graduate school. It also enables students to apply online if the agency running the program supports that capability, Williams said.
*******************************
Federal Computer Week
DHS working on personnel system 
BY Colleen O'Hara 
April 2, 2003

The design process for creating the personnel system for the Homeland Security Department (DHS) began this week.

Janet Hale, undersecretary for management at the new department, said in a memo to employees that a team of representatives from DHS, the Office of Personnel Management and the major unions will help create the new human resources management system.

Also, a Web site will be set up so that all employees can e-mail the team their suggestions for the new system.

"We want this process to be very inclusive, and we will seek out and listen to DHS employees and managers, and experts both inside and outside of government," Hale said. The new personnel system must be able to attract, motivate, reward and train the best and the brightest, she said.

The team will present its options to Secretary Tom Ridge and OPM's director in the fall and implement any changes beginning in 2004.

When President Bush signed the Homeland Security Act of 2002, he introduced new management provisions that affect DHS as well as agencies governmentwide. 

The provisions for the department, which give the secretary broad power to hire, fire, pay and manage employees, are more sweeping than those offered governmentwide, which in some cases extend existing authorities.
*******************************
Government Computer News
04/10/03 
Policy consensus seen critical to information sharing 
By Wilson P. Dizard III 

Successful government information sharing projects start with agreement to commit the resources to a common goal, officials speaking at FOSE agreed today. 

By comparison, the technical side of intergovernmental and interagency information sharing projects is relatively easy, the officials said. 

Denis Gusty, program manager for the Labor Department?s Govbenefits.gov project to provide a common Web site for federal benefits programs, said department officials found resistance to sharing information. 

?If you asked them whether the project was beneficial, they said yes,? Gusty said of program managers from other agencies. ?But nobody wanted to participate. 

?We had monthly meetings and followed up with calls and e-mails,? he said. ?We succeeded but it wasn?t easywe had to get senior management and the Office of Management and Budget involved." 

Lynn Hadden, senior Web architect, public access technologies in Fairfax County, Va.?s Information Technology Department, said her agency?s project to build a common site for recreational facilities across some states and local governments had suffered due to a lack of agency policy consensus. 

?I think it is important up front to set a contract to make an official commitment to a project,? Hadden said. ?By the time our project ended, two state governments had been replacedyou need a framework because you can?t rely only on individuals.? 

Beth Richardson, application support administration in Virginia Beach, Va.?s Communications and Information Technology Department, said her government had found success in a regional law enforcement project by gathering commitments to a written contract to participate.
*******************************
Government Executive
April 10, 2003 
FBI director says tech investments are paying off 
By Drew Clark, National Journal's Technology Daily 

FBI Director Robert Mueller on Thursday highlighted the bureau's success in thwarting terrorist attacks, counterintelligence operations and confronting cyber crime in his budget presentation to the Senate Commerce, Justice and State Appropriations Subcommittee.

Mueller, who said that he personally was "focusing on long-term strategies to enhance our ability to collect, analyze and disseminate intelligence," said nearly half of the proposed FBI fiscal 2004 budgetor $250 millionsupports counter-terrorism programs.

He also touted the FBI's progress in upgrading its technology, having completed the Trilogy network on March 28, which he said was three days ahead of schedule. 

"Trilogy will change the FBI culture from paper to electronic," Mueller said. "It will replace redundant searches of stove-piped systems," enabling agents to search multiple data points, leads and suspects through a single portal. 

Last year, however, the Senate Appropriations Committee heavily criticized the program. In the committee report accompanying the fiscal 2003 budget, it noted that the FBI had overspent its Trilogy budget by $138 million. 

"This is not a surprise. The attempt to make up for 20 years of neglect in two years of frenzied spending was destined to fail," the report read. As to a $100 million reserve established by Congress, the report continued: "The FBI chose to squander this reserve. Now, when the funds are needed, none are available."

In his testimony, Mueller said the bureau had put many of the problems behind it. "The FBI has turned a corner in its history," he said. "With the support of Congress, we have been able to make dramatic and substantive changes." 

After counterterrorism and counterintelligence, Mueller said that tackling cyber crime was the bureau's third priority area.

"Unfortunately, we are seeing explosive growth in cyber crimeboth traditional crimes such as fraud and copyright infringement that have migrated online, and new crimes like computer intrusions and denial of service attacks," he said. Over the past six years, the number of such cases grew from 113 to 2,300.

The FBI's Cyber Program would "focus on identifying and neutralizing: 1) individuals or groups conducting computer intrusions and spreading malicious code; 2) intellectual property thieves; 3) Internet fraudsters; and 4) online predators that sexually exploit or endanger children," he said. 

The agency has been consolidating those operations into a new Cyber Division at its headquarters, and its total budget request for fiscal 2004 is $234 million to protect against cyber-based attacks and high-tech crimes, including 77 new agents.

The total budget request was for $4.6 billion, including program changes totaling $513 million, including 2,346 new positions, including 503 special agents. 

Those levels include funds to support 66 Joint Terrorist Task Forces, $82 million for technology upgrades, and $3 million for a new DNA testing system.
*******************************



Computerworld
Antispam bill reintroduced in Senate
By Grant Gross, IDG News Service
APRIL 11, 2003

WASHINGTON -- Two U.S. senators have reintroduced an antispam bill allowing fines of up to $10 per e-mail to senders of unsolicited e-mail who refuse to stop. 
The Controlling the Assault of Non-Solicited Pornography and Marketing Act -- CAN-SPAM for short -- would require that senders of unsolicited e-mail include return e-mail addresses where recipients can write to opt out of further mailings. If the spammer continues to send unsolicited e-mail to that person's address, he could be fined $10 per e-mail, up to $500,000. Courts finding spammers who "willingly and knowingly" violated the law could impose fines of up to $1.5 million. 

The bill also imposes a criminal penalty of up to a year in jail for spammers who include misleading header information in unsolicited commercial e-mails. 

Sens. Conrad Burns (R-Mont.) and Ron Wyden (D-Ore.) reintroduced the bill yesterday. This version of CAN-SPAM is similar to those introduced during the past two sessions of Congress. Last year, the Senate Commerce, Science and Transportation Committee unanimously approved the bill, but it failed to reach the floor for debate. 

A spokeswoman for Burns said she was unsure when a hearing on the bill would be held this year. She admitted that the bill would do little to stem the tide of spam from countries outside the U.S., but she said it would reduce the amount of unwanted e-mail from U.S. spammers. "Overseas, it's really hard to control that," she added. "But this will definitely keep the numbers down. That's the point." 

Free-speech advocates such as the Electronic Frontier Foundation (EFF) have opposed some antispam legislation because of fears that it would limit e-mail users' ability to share their ideas with others. Wendy Seltzer, a staff attorney at the EFF, said the CAN-SPAM bill sounds less aggressive than some past bills, but she still questioned whether it would allow people to communicate anonymously through e-mail. 

"That's something we want to protect as well," she said. 

Seltzer also questioned whether the bill could be enforced effectively. "It's not as if this is going to go in and break things," she said of the bill. "But it sounds an awful lot like a Band-Aid measure." 

Burns, in a statement, said an estimated 40% of e-mail in the U.S. is spam, causing a loss of more than $10 billion a year. 

"The costs are enormous for people paying long-distance charges for their Internet time," Burns said. "This is unfair to consumers, and something needs to be done." 

Wyden said the bill would continue to allow legitimate e-commerce messages. "Just as quickly as the use of e-mail has spread, its usefulness could dwindle -- buried under an avalanche of 'get rich quick,' 'lose weight fast,' and pornographic marketing pitches," Wyden said in a statement. "This bill will help to keep legitimate Internet traffic and e-commerce flowing by going after those unscrupulous individuals who use e-mail in annoying and misleading ways." 

America Online Inc. issued a statement in support of the CAN-SPAM bill, and Burns said the bill also has support from Yahoo Inc. and eBay Inc. 

"We will continue to work together with other ISPs [Internet service providers] and policymakers to ensure that spam legislation has 'real teeth' and provides the weapons needed to enable and empower AOL and other ISPs to pursue the most egregious and offensive spam violators -- those who continue their daily spam attacks using the most fraudulent and evasive methods," the AOL statement said. 
*******************************
Computerworld
After three years of Wi-Fi, hurdles remain
By Tom Krazit, IDG News Service
APRIL 10, 2003

The widespread adoption of the wireless Internet will change the way PCs, handhelds and Web sites are sold and will alter how computer users live, work and play, if the hype is to be believed. 
That hype persists amid the lack of much else to cheer about in IT these days, with vendors offering a future vision of "hot spots" everywhere so that home computer users can move unencumbered from room to room while mobile workers keep plugging away from airports, restaurants and, according to Intel Corp.'s latest marketing blitz, football stadiums and swimming pools. 

But members of the Wi-Fi Alliance acknowledge that obstacles must be cleared before wireless networking becomes part of mainstream corporations' IT budgets, or part of a consumer's monthly communications bill. The alliance is a nonprofit consortium of vendors involved in the wireless market. 

Lack of security means that wireless networks can expose sensitive corporate information to anyone with a few dollars to spend on sniffer products and who has a decent grasp of networking. Several different standards are causing confusion, and not all products work with all standards. Searching for a hot spot, or a place to connect to the Internet outside of a home or corporate network, can be frustrating. 

As of this week, the Wi-Fi Alliance has certified more than 700 products for various wireless Internet standards developed during the past three years by the Institute of Electrical and Electronics Engineers Inc. (IEEE). Among other things, the IEEE develops standards for a range of technical areas, including telecommunications, computer engineering, consumer electronics, electric power and aerospace. 

The Wi-Fi Alliance is looking to improve the security of the technology this year with the certification of products bearing a new standard, and it will undertake a marketing campaign bringing Wi-Fi access providers together under the "Wi-Fi Zone" program to raise the public's awareness of hot spots, according to Dennis Eaton, chairman of the Wi-Fi Alliance board of directors and strategic marketing manager for wireless networking products at Milpitas, Calif.-based Intersil Corp. 

Wi-Fi, short for Wireless Fidelity, used to refer just to the 802.11b standard, but the alliance now uses it to refer to the broader spectrum of wireless LAN standards, including 802.11a and the emerging 802.11g. The most commonly used 802.11b standard works on the 2.4-GHz frequency of the electromagnetic spectrum and allows users to transmit data at speeds up to 11Mbit/sec. But a vast number of wireless products, including cordless phones and garage door openers, use the 2.4-GHz frequency and can cause disruptions in service. 

The 802.11a standard works on the 5-GHz frequency, which is less cluttered and allows data transfer rates up to 54Mbit/sec. but has a shorter effective range than 802.11b. Also, 802.11a products aren't compatible with 802.11b products, and 802.11a hot spots aren't easily found. 

The IEEE is preparing the final specification for 802.11g, which combines the use of the 2.4-GHz frequency with the faster download speeds offered by 802.11a. Products are already available based on the draft standard, and any changes made during the final process between now and the middle of this year will require just a software update, according to vendors and the Wi-Fi Alliance. 

Many users and analysts aren't sure that currently available 802.11g products will be compatible across the board, because of the slight changes. There could be some problems with compatibility across multiple chip-set vendors, said Frank Ferro, a member of the board of directors of the Wi-Fi Alliance and marketing director for Agere Systems Inc. in Allentown, Pa. Also, some consumers might not realize that they need to download updated drivers in order to gain full interoperability, although the Wi-Fi Alliance will do what it can to educate the public, he said. 

Future products will likely include all of the 802.11 standards on a single wireless card or integrated wireless chip, Eaton said. Several dual-band notebooks have already been released from vendors such as Hewlett-Packard Co., Toshiba Corp. and Dell Computer Corp. 

Security concerns have held back Wi-Fi adoption in the corporate world. Hackers and security consultants have demonstrated how easy it can be to crack the current security technology, known as WEP (Wired Equivalent Privacy), that's used in most Wi-Fi connections. Using materials and software that are readily available, a hacker can wander around a city looking for unsecured WLAN access points or hot spots, also known as "drive-by Wi-Fi" or "war driving." 

In an attempt to allay the security concerns of IT managers, the Wi-Fi Alliance will announce that it has certified the first products with a new security technology known as Wi-Fi Protected Access (WPA) on April 29, Eaton said. WPA will provide a stopgap measure for wireless Internet users until a new software standard from the IEEE is ratified, he said. 

The IEEE is currently seeking comment on 802.11i, which is a software standard that seeks to improve security features such as user authentication and key encryption in the various 802.11 wireless hardware standards. 

"WPA provides a better layer of security than WEP. It thwarts all known attacks published in the public domain today and will work with products on the market today," Eaton said. 

Products certified for WPA will feature several technologies not found in WEP, including improved key management technology and TKIP (Temporal Key Integrity Protocol). When the final version of 802.11i is ratified by the IEEE later this year, it will contain a security protocol known as CCMP (Counter with Cipher Block Chaining Message Authentication Code Protocol). This will add an additional layer of security for the second version of WPA based on the completed standard, due out next year, Eaton said. 

However, WPA will provide enough of a security boost to make it worthwhile for reluctant IT managers to start installing it now instead of waiting for the completed 802.11i standard, said Isaac Ro, a senior analyst at Aberdeen Group Inc. in Boston. "WEP is easily crackable, and WPA is a good step beyond," he said. 

Users of current Wi-Fi products will be able to upgrade to WPA through software updates, according to the Wi-Fi Alliance. 

While security is probably the primary concern among IT managers considering Wi-Fi networks, Wi-Fi vendors are also looking for ways to solve a problem dogging the rollout of commercial Wi-Fi hot spots: the integration and back-end billing of thousands of worldwide hot-spot providers. 

However, Wi-Fi proponents can learn something from the way cell phone carriers have set up their back-end billing systems. One of the main hurdles to a global Wi-Fi network is related to the standardization of a billing and payment system for Wi-Fi hot spot users and the providers of those services. Cell phone carriers "have that licked," Eaton said. 

Right now, the Wi-Fi Alliance has its hands full trying to certify the hardware products, and it hasn't done much work to bring service providers together to discuss ways to handle the billing situation, Eaton said. "That's more of a business thing than a technology thing," he noted. 

A number of companies, known as aggregators, are working to bring hot-spot providers under a universal umbrella. Boingo Wireless Inc. and iPass Inc. are two of the leading companies attempting to provide cell-phone-like roaming ability to Wi-Fi users. 

Some of the ideas under consideration for Wi-Fi billing include per-day, per-hour, and unlimited monthly connection fees. Right now, users are willing to pay a bit of a premium for hot-spot access, but as pricing becomes more competitive, hot-spot owners will need a larger share of the revenues they generate for the equipment companies and hot-spot providers, said John Yunker, an analyst at Pyramid Research LLC in Cambridge, Mass., in a recent newsletter. 

Right now, the owner of a venue with a hot spot receives about 20% of the revenue generated by Wi-Fi in its area, based on revenue-sharing models, according to Yunker. The rest goes to the equipment manufacturer and the hot-spot provider, which is responsible for support and installation. "Current revenue-share models value the network far greater than the location," Yunker wrote. 

Larger venues such as airports or convention centers can make a great deal of money with only 20% of the revenue. But places like coffee shops are the key to driving Wi-Fi growth, and hot-spot providers and aggregators will need to cut them a bigger piece of the pie to encourage more venues to install hot spots, Yunker said. 

Eventually, the aggregators and providers will have to figure out ways to share networks as the number of hot spots grows beyond the ability of one company to manage, Ro said. But the capital required to set up a Wi-Fi hot spot is far less than that required for cellular operators, at about $100 for a wireless base station vs. about $1 million for a cell phone tower, he said. 

For now, the Wi-Fi Alliance plans to work with aggregators and hot-spot providers to label hot spots with a Wi-Fi Zone moniker. Any service provider that uses equipment certified by the Wi-Fi Alliance will earn the right to display the Wi-Fi Zone logo. Users will be able to visit www.wi-fizone.org to locate hot spots in their hometowns or traveling destinations, and they can download an Excel spreadsheet to look up hot spots when not online. 

The idea is to have a universally recognized logo that anyone can recognize and know that wireless Internet service is available at a location, Ro said. 
*******************************
Los Angeles Times
FBI Says Web Fraud Claims Surged in 2002
 From Associated Press
April 10, 2003

Fraud on the Internet rose sharply in 2002, with more than 48,000 complaints referred to prosecutors -- triple the number from a year earlier, according to a federal report released Wednesday.

By far the most common complaint was auction fraud, followed by non-delivery of promised merchandise, credit card fraud and fake investments, according to the report from the Internet Fraud Complaint Center, run by the FBI and the National White Collar Crime Center, based in Richmond, Va.

Reported Internet fraud losses totaled $54 million in 2002, compared with $17 million the year before. The 48,252 complaints referred for prosecution were far more than the 16,755 complaints referred in 2001.

The report provides a glimpse into common types of fraud, its perpetrators and victims.

For instance, almost 80% of known perpetrators are male and about 71% of those bringing complaints also are male.

One persistent scam described in the report is the so-called Nigerian letter, complaints for which rose from 2,600 in 2001 to 16,000 in 2002.

Victims are presented with an opportunity to receive nonexistent government money, often from the "Government of Nigeria," as long as they pay an upfront fee often characterized as a bribe to that government.

The report did not include statistics on how many complaints resulted in criminal convictions last year.
*******************************
Sydney Morning Herald
Computer glitch prevents final upper house seat decision
Sydney
April 11 2003





A computer glitch has, for the second day in a row, prevented the State Electoral Office (SEO) from declaring a winner in the battle for the last seat in the NSW upper house. 

The SEO was expected to run a program yesterday that would have distributed preferences from more than four million ballot papers in about two hours. 

A computer problem forced the program to be postponed until today. 

But reporters arriving back from the SEO say the computer has again failed to come up with the results. 

The final seat is a battle between One Nation founder Pauline Hanson and the Shooters Party. 

Ms Hanson was trailing Shooters Party candidate John Tingle by around 5,000 votes, but could make up the difference on preferences. 

Of the 21 seats up for grabs, Labor is certain to win 10, the coalition seven, the Greens two and the Christian Democrats one. 
*******************************