[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips March 27, 2003

To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;
Subject: Clips March 27, 2003
From: Lillie Coney <lillie.coney@xxxxxxx>
Date: Thu, 27 Mar 2003 11:29:57 -0500

House Defeats Plan to Create Amber Alert
Taxpayers' Online Data Protected, IRS Says [Privacy]
State to Study Web Sales Tax
Consumer Groups Seek Probe of Cable Tying Prices
New York Consortium Agrees to Pay $1.4-Million in Federal Lawsuit
Government Creates Its Own Private Cyber Network
Bush order covers Internet secrets
Wireless carriers in sync on 911 tech
Business case has CAPPS at risk
Bill would close spectrum loophole
Army plans release of RFP for $700 million project
Wireless infrastructure goes unguarded
Al-Jazeera hobbled by DDOS attack
ICANN, in Rio, works on going global
E-mail From the Front
Anti-war protesters use technology to organize, evade
ID theft costs banks $1 billion a year

*******************************
New York Times
March 27, 2003
House Defeats Plan to Create Amber Alert
By CARL HULSE

WASHINGTON, March 26 The House defeated a Democratic effort today to force a vote on the creation of a national alert system to respond to child abductions. Republicans said the program should be part of an anticrime package.

On a party-line vote of 218 to 198, the Republican-controlled House rejected a parliamentary maneuver that would have allowed separate consideration of a plan to establish an Amber alert system, named for a kidnapped Texas girl.

Republican lawmakers want the notification system included in a measure that imposes new criminal penalties on kidnappers and child molesters and gives law enforcement new authority for wiretaps in cases involving sex crimes against children. That bill is expected to be considered and adopted by the House on Thursday.

Democrats said the added provisions would slow the creation of the Amber alert system, which has already been approved by the Senate, since some of the other elements are more contentious.

"I cannot understand why Republican leaders insist on blocking the simple, stand-alone Amber bill," said Representative Martin Frost, Democrat of Texas, who has been seeking House approval of the Senate bill.

Republicans said the new criminal tools would complement the kidnapping alert system. "I also agree that Amber alert needs to be passed, but I think it's just as important that there be punishment for the abduction of these children," said Representative Sue Myrick, Republican of North Carolina.

About 40 states now have the Amber alert system, which uses highway signs and the news media to encourage the public to look for abductors and their victims.

The measure would create a national coordinator for the system in the Justice Department and provide matching grants to states for operating the networks. The family of a Utah girl who was recently returned to her parents have criticized Republicans for slowing enactment of the program by insisting on the broader bill.
*******************************
Washington Post
Taxpayers' Online Data Protected, IRS Says
Filing Program Had Drawn Fire

By Albert B. Crenshaw
Washington Post Staff Writer
Thursday, March 27, 2003; Page E06

The Internal Revenue Service's free online tax-filing program provides adequate protections for taxpayers and their confidential information, the agency said yesterday.

A group of consumer organizations charged this week that some companies participating in the program are using it to market products and services to taxpayers without properly obtaining the taxpayers' consent.

The initiative is "pro consumer," the IRS and Treasury Department said in a statement responding to the consumer groups. "It is a great deal for taxpayers to be able to file online for free," the statement said, noting that 2 million taxpayers have used the service so far. The program "also provides consumers with enhanced security and privacy protections," it said.

The agreement between the government and industry "requires industry members to protect taxpayer privacy and confidentiality," the statement added. "Unauthorized use of taxpayer information is a criminal offense."

IRS officials declined to provide an executive to answer questions about the issue. The service, called Free File, is a key component in the agency's efforts to encourage online filing. Electronically filed returns are faster and more accurate and require far less of IRS workers' time to process. Widespread use would save the government money and free IRS workers to perform other work, such as pursuing tax evaders.

The consumer groups have been particularly critical of H&R Block, which does market other services to users of its Free File service, but only to those, the company says, who give it permission. Participating companies receive no compensation from the IRS, so they have a variety of motives and approaches to the program.

Besides the prohibition under federal law of preparers disclosing taxpayer information without permission, the agreement companies sign to join Free File forbids them to make the service contingent on the taxpayer's buying something.

Under those rules, some participants say cross-marketing is appropriate with proper permission. Others say they don't think so. For example, Intuit Inc., the maker of TurboTax software, promises not to use taxpayer information for anything beyond filing requirements or items the taxpayer specifically requested.

"I think it's troubling to consider that a taxpayer utilizing a free service would be subject to unsolicited marketing material. We from the get-go have completely stayed away from that," said Intuit spokesman Scott Gulbransen.

H&R Block, on the other hand, argues that cross-marketing is proper and can be helpful to taxpayers in pointing out ways to cut taxes or other costs.

Consumer groups argue that Block's site is confusing and requires taxpayers to accept a licensing agreement that appears to grant the company permission to "share information" with affiliates. A second permission page refers to "tax tips" that some taxpayers might not understand to be a marketing device, consumer groups say.

Block said even if a taxpayer gives permission, there is no obligation to buy.
*******************************
Los Angeles Times
State to Study Web Sales Tax
By Evan Halper
Times Staff Writer
March 27, 2003

SACRAMENTO -- State officials moved closer Wednesday to charging sales tax on consumer items purchased from out-of-state online and catalog companies, a requirement that could ultimately generate $1.8 billion annually for strained government coffers.

A bill that would make California part of a consortium of 36 states working on the issue breezed through a Senate committee Wednesday with bipartisan approval. And state tax regulators voted to begin limited participation with the consortium, effective immediately.

"California isn't able to collect billions of dollars that people currently owe," said Sen. Debra Bowen (D-Marina del Rey), author of SB 157, which would make California a full voting member of the Streamlined Sales Tax Project consortium.

Bowen said the current system "hurts the people who shop locally and are forced to pick up a larger share of the tab for those critical services that everyone in California relies on."

Some Republicans, however, expressed concern that collecting the taxes would hurt online and catalog sales. And they also said the consortium may be seeking solutions that would undermine some of California's laws.

U.S. Supreme Court decisions have made it impossible for states to require out-of-state companies to collect sales taxes without an act of Congress. Congress has so far failed to act out of the same concern expressed by the court: Forcing retailers to collect the taxes for thousands of state and local tax jurisdictions, each with its own set of complicated rules, would be too much of a burden.

The Streamlined Sales Tax Project is an attempt to simplify the taxing process, with every jurisdiction adopting the same rules so retailers would find it easier to collect the tax. While the tax rates could vary from place to place, details such as the way products are categorized for tax purposes would be made uniform.

States that belong to the consortium would enact legislation adopting the new tax codes, and businesses would be asked to participate voluntarily until Congress acts. Supporters of the project say that if Congress fails to act, the simplification of the tax codes would put the states on a firm footing to go back before the Supreme Court on the issue.

If the project succeeds and California ultimately changes its tax codes to conform with it, the state could begin collecting sales tax on out-of-state purchases made online and through the mail by early 2005.

While that is too late to help plug the current budget gap of as much as $35 billion over the next 16 months, it would help the state close its chronic deficit -- the $15 billion by which spending is projected to surpass revenue every year without long-term solutions.

California has resisted joining the project for three years. The Legislature voted to join in 2000, but the bill was vetoed by Gov. Gray Davis, who has since indicated that he would consider signing it.

Members of the Board of Equalization, which has broad authority to determine how the state's tax laws should be enforced, passed a resolution that for now makes California only an observer of the consortium. Three other states are part of the group as observers.

The resolution was pushed by state Controller Steve Westly, who earned millions of dollars as an executive at the online company EBay. Westly said he supports the Senate bill that would make California a full participant in the group.

"I believe California has sat on the sidelines of the [project] long enough," Westly said. "There is a national momentum, and we should not let the interests of the fifth-largest economy in the world go unrepresented."

Westly and other supporters stressed that they are not seeking a new tax, but rather to collect sales and use taxes already owed by California residents. Current law requires residents to pay those taxes even though the U.S. Supreme Court says the retailer does not have to collect them.

"It is money owed to California state and local government, and much-needed funds," Westly said. Failing to collect the money, he said, "threatens the integrity of the sales and use tax law."

While the bill received Republican support in the Senate Revenue and Taxation Committee, Republicans on the Board of Equalization opposed having California join the project.

"I think there is a flaw in their whole program," said board member Bill Leonard, who speculated that forcing retailers to collect the tax could drive some companies out of business.

Another Republican board member, Claude Parrish, warned that ultimately signing on to all of the rules adopted by the consortium could turn California's tax code upside down and undermine the authority of state lawmakers.

"This could significantly diminish the role of this constitutionally elected board," he said.

Bowen noted that participating in the group is only a first step, and that the tax code in California could be changed only through further action of the Legislature. She said the idea is to simplify the system of collecting taxes, not complicate it.

In testimony before the Senate committee, she explained that once the system is adopted, companies would be able to type the ZIP Code of a buyer into their own computers and see the sales tax owed. The cost of the software that does this and other costs associated with collecting the tax would be subsidized by the state, she said.
*******************************
Reuters Internet Report
Consumer Groups Seek Probe of Cable Tying Prices
Wed Mar 26, 7:29 PM ET
By Jeremy Pelofsky

WASHINGTON (Reuters) - U.S. consumer groups on Wednesday charged that cable companies were gouging customers who only subscribe to high-speed Internet service but not cable television, and asked antitrust enforcers to investigate.

The nation's biggest cable provider Comcast Corp. recently acquired AT&T Corp.'s cable assets and raised prices for those customers who only sign up for high-speed Internet service to Comcast's monthly going rate of $56.95, up from $42.95, about a 33 percent hike.

Customers will receive the $42.95 price for Internet service if they also sign up for cable television service, Comcast spokeswoman Sarah Eder said. Basic cable service runs about $12 but services with the most channels cost much more.

The Consumer Federation of America and Consumers Union asked the Justice Department (news - web sites) and Federal Trade Commission to investigate whether the steep discounts offered when customers purchased both services constituted anti-competitive tying or predatory pricing.

"If there were ever a candidate for an investigation of predatory pricing under the antitrust laws, this would be it," said Mark Cooper, research director for the Consumer Federation of America. "Even if the government concludes that the price is not predatory in the classic sense, it must be deeply concerned about anti-competitive tying."

Spokeswomen for the Justice Department's antitrust division and the Federal Trade Commission did not return calls seeking comment on the consumer groups' request for a probe.

'A BIG STICK'

Rob Cavender, a high school teacher in Maryland, said he gave up his DirecTV satellite television service last spring after Comcast told him that his $44.95 high-speed Internet would cost $15 more if he didn't take the television service too.

If he did subscribe to Comcast cable television, he would pay $39.95 for high-speed Internet service, a $5 discount.

"It was definitely a matter of coercion rather than a discount plan," he said, adding that he and his wife spend three to four hours a day online. "If you don't do it, they are going to hit you with a big stick, almost $200 a year."

Eder said it was standard industry practice to offer discounts and that Comcast has always given breaks to those customers who take both services. She said she could not comment on Cavender's situation.

"We believe we're being highly competitive in our service offerings," Eder said. "We disagree with that characterization" by the consumer groups.

Cable and telephone companies have fought fiercely to sign up customers for high-speed Internet service because of the significant revenue stream they can provide.

About 16.2 million people received the broadband service as of June 2002, with about 9.2 million getting it from cable operators and 5.1 million from telephone companies.

Cable operators aren't the only ones who offered cheaper rates for bundled services. Verizon Communications, the nation's biggest local telephone carrier, offers packages that include voice and Internet service at a discount.

Sen. John McCain, chairman of the Senate Commerce Committee, has complained about skyrocketing cable television prices and plans to look into that matter later this year. His spokeswoman declined to comment on whether he would also look into the high-speed Internet service element.
*******************************
Chronicle of Higher Education
New York Consortium Agrees to Pay $1.4-Million in Federal Lawsuit Alleging Fraud
By WILL POTTER

A nonprofit corporation that provides high-speed networks for colleges and research institutions in New York State has agreed to pay the federal government $1.4-million in a lawsuit that alleged it misused federal grants and income, the U.S. attorney's office in Buffalo announced on Wednesday.

The whistle-blower lawsuit, which was brought under the federal False Claims Act, accused the New York State Education and Research Network, known as Nysernet, of secretly funneling money obtained through federal grants to a for-profit corporation it created. The corporation, AppliedTheory Communications, eventually went public, and some of its executives and officers -- who also worked for Nysernet -- allegedly made millions of dollars by selling their stock in the company. The network agreed to pay the settlement, but denied any wrongdoing.

The grants, from the National Science Foundation, were intended to build a high-performance network for colleges in the state. Nysernet was created in 1986 as the first nongovernmental component of the Internet.

"It was an issue of greed," said Bonny Harbinger, a lawyer with the Washington law firm of Phillips & Cohen, which represented the whistle-blower, David Lytel. Mr. Lytel, a former president of Nysernet, was fired in 1998 for questioning the network's relationship with AppliedTheory Communications. He filed the lawsuit in 2000. Mr. Lytel was an adviser to the White House Office of Science and Technology Policy during the Clinton administration.

He accused Nysernet of rigging its bidding process so that AppliedTheory won lucrative contracts for network services. AppliedTheory had access to the proposals from other companies because its chief financial officer helped evaluate them for Nysernet.

Nysernet employees who evaluated the proposals felt they "would be threatened if they performed their jobs professionally and did not recommend AppliedTheory Communications," according to the lawsuit.

Mr. Lytel also alleged that Nysernet had violated the terms of the science foundation's grants by not disclosing its affiliation with AppliedTheory Communications.

Mr. Lytel will receive a 15- to 25-percent share of the settlement funds under the federal False Claims Act, which allows private citizens who believe that the U.S. government has been defrauded, and who have direct knowledge of the alleged illegalities, to bring a lawsuit on the government's behalf and share in any damages awarded.

Nysernet representatives said that the network denied any wrongdoing and that the settlement was made to avoid costly and lengthy litigation.

"With a small organization like ours that is not-for-profit, it became a drain on our resources," said Jim Brennan, director for external programming at Nysernet. "It became a business decision to move on and continue to serve the State of New York."

Mr. Brennan said he didn't believe Nysernet executives had personally benefited from dealings with AppliedTheory Communications.
*******************************
Fox News Online
Government Creates Its Own Private Cyber Network
March 26, 2003
By Liza Porteus

WASHINGTON The federal government's massive private computer network is trickling toward completion as bureaucrats set up operations centers for various industries to insulate themselves from any major cyber attack launched against the United States.

The Cyber Warning Information Network, based on an already-existing platform, is trying to bring together private sector businesses and groups, as well as cyber-security experts, to build portions of the network, including the Information Sharing and Analysis Centers.

But there's doubt within industry corners about whether there's enough interest at the upper echelons of the executive branch to push the project forward.

"This is still evolving," a White House source told Foxnews.com. "This is the kind of thing we're going to be expanding over the next year or so."

Five ISACs first devised in the Clinton administration and designed to let groups share data on critical infrastructure sectors currently exist in the financial, telecommunications, chemical, energy and information technology sectors. Others are in the works for water, transportation, aviation and food.

Under construction since early 2001, CWIN, a key element of President Bush's National Strategy to Secure Cyberspace, will be used as an information center where technology and government sectors can share information and keep in touch in case of a huge cyber attack.

Bush's fiscal 2003 budget request included $30 million for CWIN.

Other branches that could be included in CWIN will be the CERT Coordination Center at Carnegie Mellon University. CERT is a well-respected clearinghouse for cyber-security information for government and businesses. Various anti-virus software vendors and telecommunications providers like AT&T may also join the network.

But to date, there still lacks a quick way to share critical information, industry experts say.

So far, many private groups and businesses have been slow to provide vulnerability information to these centers out of fear that it could be made public through Freedom of Information Act laws. They also want to be exempted from antitrust laws if they provide security information to the government.

"There's always challenges with information sharing in dealing with this issue it's not an issue just of antitrust exemption or FOIA exemption," said Dave McCurdy president of the Electronics Industry Alliance and executive director of ISAlliance, which has been privy to White House meetings on CWIN.

"There's still a reluctance on the part of industry to divulge a lot of information that's developed from their proprietary enterprise," McCurdy said.

The bill authorizing the creation of the new Department of Homeland Security safeguarded industry information from these FOIA laws, but specific regulations have yet to be issued. That will help foster the government-industry relationship, technology policy experts said.

"We've supported the industry's cyberspace security strategy as one that's founded on industry and government we think that's the only right approach," said David Peyton, director of technology policy for the National Association of Manufacturers.

Of the FOIA policy, Peyton said: "We think that's the right thing we want to see the regulations come through with that."

Many say industry needs to step up to the plate when it comes to securing its own networks.

"The public part can only go so far the private part has to step up," said Tom Patterson, senior partner with Deloitte & Touche Security Services Group. "I think a lot of the rest of the companies that really make up the economy the critical infrastructure of the economy don't yet understand their role in all this."

McCurdy said he does not have specific information on when CWIN will be fully implemented.

But without Richard Clarke, former cyber-security adviser in the White House, the industry is rumbling about the lack of a strong point-person in the administration to deal with cyber-security issues, and that may slow down the implementation of CWIN, Clarke's brainchild.

Clarke resigned early last month as head of the president's Critical Infrastructure Protection Board. The CIPB coordinates government agencies on protecting critical infrastructures including computer systems. With the creation of DHS, the CIPB was eliminated and its responsibilities were moved to an information assessment and infrastructure quadrant within the new department.

Some of Clarke's presidential advisory responsibilities will be designated to someone in the White House, most likely Paul Kurtz, who currently holds a high-level critical infrastructure protection position in the White House.

On March 13, the White House announced that Bush would tap Coca-Cola executive and a former CIA official Robert Liscouski to lead cyber-security efforts as the assistant secretary of infrastructure protection at DHS. Paul Redmond, former chief of CIA counter intelligence, would be appointed assistant secretary for information analysis.

Bush said last week that he plans to nominate Frank Libutti, deputy commissioner of counter terrorism for the New York City Police Department, as undersecretary of the information analysis and infrastructure protection.

But with organization at DHS slow in coming, there's concern that something including interest in CWIN may get lost in the shuffle.

"We've vocalized to the White House that we think it's important to retain the position that Clarke held" in his presidential advisory role "and that there needs to be a senior person at the White House to do that," said Mario Correa, director of Internet and network security policy for the Business Software Alliance.

"I think the administration is serious about putting these steps in place. But because of the difficulty of getting DHS up and running, this all takes some time," Correa said.

"The White House is definitely keeping its finger on the pulse of this issue," he added.

Howard Schmidt, a former security experts at Microsoft who took over Clarke's position as chairman of the CIPB after Clarke left, would be the right person to move into a more senior position at DHS on these issues, experts say, particularly since he helped craft the national cyber-security strategy.

Homeland Security Director Tom Ridge has talked to Schmidt about assuming a role such as Ridge's own cyber-security adviser, Correa said.

"I think Ridge has extended him that offer. We want that position to be one with substance to it."
*******************************
CNET News.com
Bush order covers Internet secrets
By Declan McCullagh
Staff Writer, CNET News.com
March 26, 2003, 12:11 PM PT

President Bush has signed an executive order that explicitly gives the government the power to classify information about critical infrastructures such as the Internet.
Bush late Tuesday changed the definition of what the government may classify as confidential, secret and top-secret to include details about "infrastructures" and weapons of mass destruction. The new executive order also makes clear that information related to "defense against transnational terrorism" is classifiable.

In his executive order, which replaces a 1995 directive signed by President Bill Clinton, Bush said that information that already had been declassified and released to the public could be reclassified by a federal agency. Clinton's order said that "information may not be reclassified after it has been declassified and released to the public."

David Sobel, general counsel to the Electronic Privacy Information Center, said it was unclear why the Bush administration decided to include the term infrastructure. An existing category of scientific, technological or economic matters relating to national security might have covered information about the Internet and other critical infrastructures, Sobel said.

"It's a mystery to me why there was a feeling that the old order needed to be revised and expanded," Sobel said.

The definition of what may be properly classified typically becomes an issue when a lawsuit is filed under the Freedom of Information Act seeking to force the government to divulge documents that it claims are secret and properly classified. Bush's decision gives the U.S. Justice Department, which defends agency classification decisions in court, more leeway in fighting such lawsuits.

Clinton's 1995 order said one of the seven categories of information that could be classified was: "vulnerabilities or capabilities of systems, installations, projects or plans relating to the national security."

Under Bush's order, that definition has been expanded to: "vulnerabilities or capabilities of systems, installations, infrastructures, projects, plans or protection services relating to the national security, which includes defense against transnational terrorism."

Steven Aftergood, an analyst at the Federation of American Scientists who tracks government secrecy, says the change in definitions "creates an opening that could be exploited in the future, but in practice the previous policy would have permitted much of the same thing."
*******************************
CNET News.com
Wireless carriers in sync on 911 tech
By Ben Charny
March 26, 2003, 12:49 PM PT

Three U.S. wireless carriers are now stepping in unison with a technology strategy to meet a federal mandate requiring them to be able to locate cell phones that dial 911, newly filed federal records show.
This week T-Mobile, the last of the wireless carriers planning to use CPS's Enhanced Observed Time Difference (EOTD) software, decided to switch to another technology. AT&T Wireless switched late last year, and Cingular Wireless made the change earlier this year.

The Federal Communications Commission has required all U.S. carriers to meet a 2005 deadline giving emergency call centers the ability to locate 95 percent of all handsets dialing 9-1-1 within 50 meters (about 50 yards). The carriers also planned to sell new "Friend Finder" or other commercial services using the technology to help earn back some of the costs required to build the system.

The two-page T-Mobile filing with the Federal Communications Commission briefly lists reasons for its change, among them that the decisions by Cingular and AT&T Wireless would "draw vendor time and resources away" from the attention the CPS software needed to meet the accuracy requirements.

"This was not an easy decision," Robert A. Calaff, T-Mobile senior corporate counsel, wrote to the FCC.

"T-Mobile's decision reflects its recognition of the practical difficulties of being the only nationwide carrier (using the EOTD technology)," Calaff wrote.

The three carriers now plan to use a version of Time Difference of Arrival (TDOA), which determines a phone's position by measuring the time a call reaches "location measuring units" inside a cell phone network base station.

Carriers installing the technology need to add software into their networks only. EOTD, on the other hand, requires software in a network and in specially made handsets.

An AT&T Wireless executive speaking on condition of anonymity said EOTD wasn't accurate enough to meet the federal mandate. It could find a targeted cell phone within 100 yards, but "we were not seeing a path to 50 meters nearly as quickly," the executive said.

Other carriers, including Verizon Wireless and Sprint PCS, have chosen different methods that use a constellation of satellites.

Ashcroft said CPS will now focus on selling the Nortel Networks, Siemens and Ericsson network gear with its EOTD inside to carriers in Europe as well as Asia, where its being tested by Singapore Telecommunications (Singtel).

"Our U.S. market experience has been very valuable in the development of this technology," he said.

"The U.S. is just 5 percent of the worldwide market," said Colin Ashcroft, a spokesman for Cambridge Positioning Systems (CPS), the creator of EOTD. "There's 860 million other cell phones."
*******************************
Federal Computer Week
Business case has CAPPS at risk
BY Diane Frank
March 25, 2003

Money is far from certain for the Transportation Security Administration's proposed system to screen airline passengers, said Mark Forman, the Office of Management and Budget's associate director for information technology and e-government.

The business case for the Computer Assisted Passenger Prescreening System II is one of hundreds on OMB's "at risk" list for fiscal 2004, meaning that OMB can and will hold money for the system until the business case has met investment planning requirements, Forman said March 25.

Although TSA has not met a recent deadline for modifying the CAPPS II business case, the agency awarded a contract for its development to Lockheed Martin Corp. in February. "I have a huge spotlight on that program," Forman said.

He was testifying before the House Government Reform Committee's Technology, Information Policy, Intergovernmental Relations and the Census Subcommittee at a hearing on data-mining technologies and programs in government.

One of the main issues with the business case is that OMB is looking for a risk-based approach to screening passengers rather than another version of a watch list, Forman said. Government already has too many watch lists, and there has to be a more effective way for TSA to determine which passengers truly pose a risk, Forman said.

"We're looking for clear documentation that [TSA has] developed an approach that will improve productivity," he said. "If at the end of the day it does not lower risk, then I have to say that it is not a good investment."

Also at the hearing, a coalition of private-sector groups including the American Civil Liberties Union, the Center for Democracy and Technology, and the Electronic Privacy Information Center released a joint letter to Reps. Tom Davis (R-Va.) and Henry Waxman (D-Calif.), chairman and ranking member of the House Government Reform Committee, respectively.

In the letter, the coalition called for Congress to stop the CAPPS II system until a series of questions are answered, ensuring that it is consistent with citizens' privacy protections.
*******************************
Federal Computer Week
Bill would close spectrum loophole
BY Dibya Sarkar
March 26, 2003

Two congressional lawmakers have reintroduced a bill to ensure that TV broadcasters transfer a 24 MHz piece of spectrum to public safety officials by 2006, a move supported by first responders.

The Homeland Emergency Response Operations (HERO) Act, co-sponsored by Reps. Jane Harman (D-Calif.) and Curt Weldon (R-Pa.), was introduced March 25 and referred to the House Energy and Commerce Committee.

H.R. 1425 firmly sets a Dec. 31, 2006, deadline for the transition, closing what some say is a loophole that would allow broadcasters to continue to use the channels if digital TV wasn't received by a certain percentage of American households.

"It is disgraceful that emergency responders in the 21st century are forced to use archaic and out-of-date communication tools," Weldon said in a prepared statement. "The increasing demands on our radio frequencies over the last 15 years have put the public and our emergency response personnel in great danger."

In 1997, Congress passed a law authorizing the Federal Communications Commission to re-allocate radio spectrum from 764 MHz to 776 MHz and from 794 MHz to 806 MHz. TV broadcasters currently use that spectrum (channels 63, 64, 68 and 69), and the law called for it to be re-allocated for public safety uses.

The requirement was based on the previous year's Public Safety Wireless Advisory Committee report that public safety agencies lacked adequate radio spectrum and that would hamper emergency responses. The committee actually recommended that public safety receive an additional 97.5 MHz of radio spectrum by 2010.

Under the current legislation, TV broadcasters have until Dec. 31, 2006, to move or until 85 percent of the households in a market have access to digital TV signals, whichever is later. According to lawmakers and public safety officials, only 1 percent of households have digital TV.

But even if the spectrum was transferred immediately, law enforcement officials have said, manufacturers have not developed mobile, portable or base station radio equipment that can operate in the 700 MHz band
*******************************
Government Computer News
03/27/03
Army plans release of RFP for $700 million project
By Dawn S. Onley

The Army next month will issue a request for proposals for the IT Enterprise Solutions program, a $700 million project central to a larger initiative to consolidate disparate information systems into an integrated, enterprise system, officials said.

Olga Lawrence, assistant project manager for the Army Small Computer Program, said the RFP, scheduled for release April 7, will mesh two separate contractsenterprise hardware and enterprise mission support servicesunder one acquisition.

The Army hopes to award the performance-based, indefinite-delivery, indefinite-quantity contracts to at least five vendors this summer, Lawrence said.

The ITES buying vehicle, managed by ASCP, is part of a larger initiative called Army Enterprise Infostructure Transformation. AEIT will replace dozens of legacy systems and will become ?a single Army network, one portal,? said Kevin Carroll, the Army?s program executive officer for enterprise information systems.
*******************************
Government Computer News
03/26/03
Wireless infrastructure goes unguarded
By Patricia Daukantas and Susan M. Menke

NEWPORT, R.I.-The national wireless infrastructure ?is one of the most important and least protected parts? of U.S. communications capability, a technology strategist said today.

David Porte, an executive with technology incubator Astrolabe Innovations of Cambridge, Mass., said the World Trade Center attacks on Sept. 11, 2001, were a case in point. Porte spoke at a Newport, R.I., conference sponsored by the National High-Performance Computing and Communications Council.

The trade center towers housed hubs for multiple types of communications, he said: broadcast, land-line telecommunications and cellular phones. Yet when the towers fell, ?cell phones became the primary means of national security communications,? Porte said. ?Everyone from President Bush to FBI agents to state police to people on the street were depending on their cell phones.?

The result was widespread congestion with a ripple effect that ended in loss of many communications spokes, he said. Lack of wireless interoperability also interfered with government communication in that crisis, as it did again during the Washington sniper attacks last year.

The wireline infrastructure, although the first to go down on Sept. 11, ?was the first to recover because of built-in redundancy,? he said.

Porte urged government agencies not to forget that in a crisis, when official business can pre-empt all communications modes, urgent calls from citizens about new emergencies might not get through.

He encouraged greater density of cells and wireless hubs, saying, ?We?re going to have to decide when emergency features are important. Government and industry need to get wireless ready for emergencies. That?s only being done now on an ad-hoc basis.?
*******************************
Government Executive
March 26, 2003
Hundreds of IT projects deemed ?at risk?
By Matthew Weinstock
mweinstock@xxxxxxxxxxx

Several hundred federal information technology projects seeking funding in the fiscal 2004 budget are in jeopardy of being shut down, according to Mark Forman, head of e-government initiatives at the Office of Management and Budget.

Forman, appearing Wednesday before the House Government Reform Subcommittee on Government Efficiency and Financial Management, said that 771 projects included in the fiscal 2004 budgetwith a total cost of $20.9 billionare currently at risk and will not be allowed to move forward until agencies present OMB with a successful business case.

Several factors can put a project on the at-risk list, including not having a qualified project manager or inadequate security.

Reiterating the administration?s stance that management of IT projects must improve, Forman said agencies need to demonstrate substantial improvements before they will get the green light to move forward.

Overall, the administration?s budget calls for $59 billion in IT investments.

Additionally, many agencies are doing a poor job of developing reliable cost estimates for IT projects, according to Patricia Dalton, director of strategic issues at the General Accounting Office.
*******************************
Computerworld
Al-Jazeera hobbled by DDOS attack
By Paul Roberts, IDG News Service
MARCH 26, 2003

The Arab satellite television network Al-Jazeera suffered a second day of sustained distributed denial-of-service (DDOS) attacks against its English- and Arabic-language Web sites today.
The attacks have pushed the network, which is based in Doha, Qatar, off the Web for the time being and have forced Al-Jazeera to increase bandwidth for the sites and step up security in a desperate effort to get back online.

"All of our Web sites are down. The U.S. [Web site] is out of order, and the Europe [Web site] is under attack. We come up for five or 10 minutes, and then the attacks bring us down again," said Salah AlSeddiqi, IT manager at Al-Jazeera.

AlSeddiqi and others describe a powerful and coordinated attack on Al-Jazeera's Web sites that began on Tuesday, shortly after the network published photos of U.S. soldiers who had been taken prisoner by Iraqi forces inside Iraq. Al-Jazeera was hit with traffic in excess of 200M bit/sec. -- and up to 300M bit/sec., he said.

The network's Web sites typically receive traffic in the range of 50M bit/sec. or 60M bit/sec. With the commencement of hostilities, however, traffic to Al-Jazeera's sites had spiked to more than 150M bit/sec., AlSeddiqi said.

Joanne Tucker, managing editor of Al-Jazeera's English language Web site (which was inaccessible at midafternoon today), described the attacks as Domain Name System (DNS) flood attacks. DNS flood attacks send a high volume of Internet traffic to the name servers that are responsible for a particular Web domain, rendering those servers unresponsive.

In response to the attacks, Al-Jazeera attempted to increase its bandwidth allocation, but the attackers scaled their efforts to meet the increase, according to AlSeddiqi.

As a result of the sustained attacks, the Qatar company that managed the site told Al-Jazeera today that its U.S.-based hosting company said it could no longer continue to host the sites because of the effect of the attacks on other customer Web sites, AlSeddiqi said.

That company, DataPipe, a service of Hoboken Web Services LLC in Hoboken, N.J., said in a statement that it provided hosting services to the Qatar company that managed the Al-Jazeera site but had ended its relationship with that company. DataPipe didn't have a contract or a relationship with Al-Jazeera itself, the company said.

Al-Jazeera was told that its site would continue to be hosted only until the end of March, AlSeddiqi said.

The recent attacks and that decision by one of its Web hosting companies has IT staff at Al-Jazeera suspicious of larger forces that may be at work. "We feel it's an organization with know-how and money. They have very powerful machines to do [the attack] and someone to pay for the bandwidth," AlSeddiqi said.

Tucker expressed concerns that the attacks may be part of a coordinated effort to silence the network for coverage that has been critical of the U.S.-led war in Iraq. "It's a strategy to block access to the site to legitimate visitors. The problem is that any content or information that doesn't boost U.S. morale or unify public opinion might be perceived as a threat to the war effort," Tucker said.

A security expert familiar with Al-Jazeera's troubles said the news network appeared to be suffering both from an Internet Relay Chat (IRC) "bot" attack and from increased demand resulting from the outbreak of hostilities in Iraq and the launch of its English language site.

IRC bot attacks use IRC chat channels to send coordinated attack instructions to networks of compromised machines worldwide, according to Johannes Ullrich, chief technology officer at the Internet Storm Center at the SANS Institute in Bethesda, Md.

While the volume of traffic to Al-Jazeera's Web sites was high, a network of between 1,000 and 5,000 compromised machines could easily generate that level of traffic, Ullrich said. Such networks aren't uncommon. Some IRC bot networks contain more than 10,000 zombie machines, he said.

Casting doubt on the suggestion that the attacks had to originate from a large, well-funded source, Ullrich said the IRC bots could easily be coordinated by a single user with knowledge of the network and the right commands to issue. "There are probably plenty of people who can do something like [the Al-Jazeera DDOS attack] just for the fun of it. I just got DDOSed last night," Ullrich said.

Others familiar with such attacks say they are common and have many origins.

"We have a number of customers who come to us with concerns like [Al-Jazeera's]. Effectively, they're experiencing a virtual sit-in," said Andy Ellis, chief security architect at Akamai Technologies Inc., an e-business infrastructure provider in Cambridge, Mass.

While 200M bit/sec. is high volume for a single Web site to suffer, Ellis said that he knew of larger attacks.

In addition, it's common for DDOS attacks to be targeted at routers or DNS servers that service a number of different Web sites, according to Ullrich. Hosting companies will frequently decide to stop hosting the site that's attracting the unwanted attention in order to maintain service to its other customers, he said.

"The sad thing is that there's very little they can do. If you have 10,000 or 20,000 machines attacking you and they're constantly changing, the only thing you can do is get more bandwidth -- essentially buy your way out of the attack," Ullrich said.

Other companies, including many prominent U.S. news Web sites, opt to use private networks, such as Akamai's, which blunt the force of DDOS attacks by spreading the hosted Web site content out to thousands of host servers and then routing each request to a server close to the request source.

Akamai's network also uses load balancing to direct traffic away from servers that are experiencing high demand, as in a DDOS attack, Ellis said.

An Akamai spokesman declined to comment on whether the company had been contacted by Al-Jazeera or whether it would be willing to host Al-Jazeera's Web sites.

While it works to crawl out from under the DDOS attack, Al-Jazeera is continuing to update content on its English-language site. The network is also moving forward with the development of a fully-featured English language Web site that will include more than just war coverage, according to Tucker.

The company hopes to be back online soon, and the launch of its full English-language site is on schedule for mid-April, Tucker said.
*******************************
Computerworld
ICANN, in Rio, works on going global
By Scarlet Pruitt, IDG News Service
MARCH 26, 2003

Meeting in Rio de Janeiro this week, members of the Internet Corporation for Assigned Names and Numbers (ICANN) presented a sweeping array of views on their work on Internet-related issues.
The meeting, which runs through tomorrow, is the last for outgoing ICANN President Stuart Lynn, who has headed the organization since March 2001. Lynn officially steps down tomorrow, passing his mantle to Paul Twomey, an Australian who will become the first non-U.S. citizen to lead the oft-maligned group (see story).

ICANN, which oversees technical issues related to the Internet address system, has been criticized almost since its inception in 1998 for inefficiency. Responding to these accusations, Lynn laid out his vision for the organization's reform last year, seeking to create what he has called "ICANN 2.0" -- a more responsive and agile agency.

Speaking during a conference call today, Twomey said that his short-term priority will be making sure that the reforms that Lynn initiated take place (see story). "I think Stuart led an important and courageous initiative over the last few months ... and I will make sure we do the necessary changes," Twomey said.

Other priorities cited by the incoming president included creating top-level domains in languages other than English, improving the Whois database and consulting the Internet community about the adoption of standards. "We are entering a period where we are focused on the fact that the Net is truly global," hTwome said.

In fact, the group was set to discuss incorporating other languages into the Domain Name System later today.

Vinton Cerf, chairman of the group's board of directors, said that while the Internet is already able to handle scripts from all over the world in its content pages, work needs to be done on supporting these scripts in the address field.

ICANN is also slated to discuss the possibility of creating new top-level domains, although Lynn downplayed assertions that there is a widespread demand for them.

"I don't want you to think that it's a given that everyone believes there should be more TLDs. That's a controversial and interesting question," Lynn said, noting that there were a "considerable number of problems" the last time the group introduced new top-level domains.

Few other details on the organization's work at the Brazil meeting were given during the news conference, in part because reporters both in Rio and listening in on the phone spent much of the time peppering the members with questions about their views on the war in Iraq.

While the members tried to keep focused on the issues at hand, Cerf did speak to the possible effects the war could have on the Net. "It's an extremely resilient network," he said.
*******************************
Washington Post
E-mail From the Front
By Cynthia L. Webb
Thursday, March 27, 2003; 9:45 AM

Spouses and family members of U.S. service members once waited anxiously by the mail box for news from loved ones sent overseas to defend their country. But in 2003, it's e-mail in-boxes that are the focus for many families, as the Internet makes it possible for soldiers sent into Iraq to communicate with home almost instantly with the click of the "send" button.

The Christian Science Monitor writes today that "the widespread use of e-mail is one sign that the lives of America's military spouses are far different in this war than they've ever been." Morten Ender, a sociology professor at West Point told the newspaper: "The homefront and the warfront are being pulled together like never before."
? The Christian Science Monitor: E-Mail And TV: Lifelines For Military Spouses

Jim Nanos, a Coast Guard reservist from New Jersey, is one service member who is using e-mail to stay in constant touch with his family while he is off at war, according to the Press of Atlantic City. "It's the greatest thing. Every day I get a message from him, I know he's OK," wife Kathy Nanos told the newspaper. "At prearranged times, the Nanos family waits at their computer for their father to log on to an instant message program. Nanos, a Wildwood police officer, arrives with a flourish of a smiley face and the word 'DAD'"
? The Press of Atlantic City: E-Mail Keeps Troops Close To Home

E-mail has also helped transform the way pen-pal programs correspond with troops abroad. In Michigan, fourth graders are corresponding by e-mail with Lt. Cmdr. Bradley Jensen, an EA-6B Prowler pilot deployed on the USS Constellation. Jensen is the uncle of one student in the class, according to The Muskegon Chronicle. "Since Feb. 1, Jensen has been corresponding with the 20 students in the class, answering questions ranging from the quality of food on his ship to what it is like serving his country. ... Despite the recent outbreak of war, the e-mails have continued," the newspaper said. "I have flown two combat missions and saw a lot of anti-aircraft fire and missile firings. It is pretty impressive but sobering knowing that they are intended for our aircraft," the pilot wrote in an e-mail recently.
? The Muskegon Chronicle: Kids Get Pen-Pal Pilot's War Zone E-mails

The U.S. government has touted e-mail as the most efficient way to stay in touch with troops. Soldiers abroad have been inundated with unsolicited snail mail and care packages -- clogging the mail system and adding to security woes. According to The Washington Post, "mail volume to Kuwait is soaring, partly because of the mass mailings, the Postal Service says, up from 21,000 pounds a week in October to 720,000 pounds now. It's 'just an incredible strain on the infrastructure,' said Postal Service spokesman Mark Saunders." Retiree groups and churches have been bundling care packages for groups of soldiers, but the Department of Defense and U.S. Postal Service said this week that packages should be limited to family and loved ones.
? The Washington Post: Generosity Overwhelms Military

"The restriction affects several churches and civic groups in Fayetteville [N.C.], a patriotic community with a history of showing goodwill to deployed soldiers from Fort Bragg and airmen from Pope Air Force Base. Berean Baptist Church has been sending tapes of weekly sermons to 56 church members in the Middle East. A church ministry, Sunday school classes and individual members are also sending care packages. Church secretary Dawn Pidkaminy said she was unaware that the Defense Department is discouraging packages from churches or other organizations. She said the church would not want to hinder the war effort," according to an article in the Fayetteville (N.C.) Observer.
? The Fayetteville (N.C.) Observer: Feds: E-mail Best For Supporting Troops
? The Associated Press via The Long Beach Press Telegram: Support Overwhelms Military

The White House this week publicized special resources -- a number of them online outlets -- citizens can turn to to support the troops. The new program is called "On the Homefront." Through OperationDearAbby.net people can send e-mail to deployed troops, though the program's snail mail and related "Any Service Member" programs to send regular mail to troops have been cancelled due to security concerns. Through the government's Defend America site, people can send electronic thank you cards to the troops.

Well-wishers can also post messages on OperationDearAbby.net. "There are about 700,000 messages to date on the system and the site has been getting around 50,000 new ones each day since the start of the war, says Cmdr. Rudolph Brewington, public information officer for LifeLines. The Army and the Marine Corps have received the most posts so far," The Wall Street Journal reported. "'It's amazing the number of people who have come forward to express their support,'" Brewington told the newspaper.
? The Wall Street Journal: Web Supplants Snail Mail In Getting Messages to Troops (Subscription required)

Web sites with message boards, news feeds and e-mail to soldiers abroad have also served as a lifeline for a number of family members and military spouses. Tracy Della Vecchia, a Columbia, Mo., Web site designer, started a site -- www.marinemoms.us -- when her son got orders to head off to Kuwait, The Columbia Daily Tribune of Columbia, Mo., reported. Vecchia's site is designed for families of deployed Marines and some 6,500 people visit the site a day. "The site is a resource for parents wondering about the length of time it takes to receive mail from Marines in the Middle East or how to handle a son or daughter's finances. Perhaps more important, the site offers Della Vecchia and moms and dads around the world an outlet for the anxiety that can easily overwhelm them. The online community is especially important, Della Vecchia said, for parents who live in towns such as Columbia that don't have a strong military presence. 'Seventy-five percent of the e-mails I get say, 'I t!
ho!
ught
I was the only mom who felt like that - thanks,' 'Della Vecchia said."
? The Columbia Daily Tribune: Local Mom Of Marine Turns To Web For Comfort

Pamela Bates, a Georgia military wife. started her own Web site, "Hugs To Kuwait" to send messages to troops as part of an "adopt a soldier" campaign. But as of March 24, the site said that no more requests would be taken due to overwhelming demand. The site also has a message board to keep military family members informed and to let people post comments on current events involving the war.
*******************************
USA Today
Music association bombards colleges with anti-piracy flyers
LONDON (Reuters) The music industry said on Thursday it had begun cascading pamphlets on universities across the globe in its latest blitz against online piracy.

The International Federation of the Phonographic Industry, a global trade group representing major and independent music labels and publishers, said it had begun issuing brochures to universities in 29 countries in Europe, South America, Asia and Australia spelling out the legal and technological snares of online file-sharing networks.

"In Canada and Europe we have found institutions where users are uploading thousands of files using university computer networks," said Allen Dixon, general counsel at IFPI in London. "At times, you can't even get on the Internet in some places because P2P (file-sharing) traffic is hogging the bandwidth."

The music industry blames peer-to-peer networks for part of the decline in recorded music sales, a slump some predict will continue for years, eating further into sales.

Online file-sharing networks such as Kazaa and iMesh attract millions of consumers daily who swap all manner of music, film and software, drawing the wrath of copyright holders everywhere.

University computers tend to be connected to high-speed networks and have ample storage space, two essentials for downloading large music and movie files.

IT experts warn that such connections can greatly slow network speeds and leave vast computer networks vulnerable to viruses and other digital intrusions.

In addition to technological risks, unauthorized copying is illegal in many countries, a point the IFPI intends to make clear in its brochures. A month ago, the music industry conducted a similar anti-piracy effort targeting corporations.

The IFPI, which represents Warner Music, Universal Music, EMI, Sony Music and BMG, has vowed to fight piracy on all fronts.

In addition to education initiatives, the group has stepped up lobbying efforts and has urged music labels to develop more compelling commercial download services.

The trade body said American universities, which have been targeted by U.S. music labels for the past two years, would not be included in this round of pamphleting.
*******************************
USA Today
Anti-war protesters use technology to organize, evade
By Rachel Konrad, Associated Press

As bombs blasted Baghdad last week, dozens of cell phones in China buzzed with messages about an anti-war protest in a downtown park.

In Cairo, activists tapped out text messages to summon 5,000 demonstrators to a central square. In San Francisco, technophiles beamed live footage from protests to anti-war Web sites.

Throughout the world, technology is allowing activists to stage spontaneous rallies or broadcast their opinions about the war.

Prohibitively expensive only a few years ago, gadgets ranging from cell phones to digital video cameras simplify protests from Brussels to Manila.

Instead of relying on posters taped to telephone poles, activists have crafted sophisticated Web sites with maps, weather and traffic updates and news on police crackdowns.

Before the invasion of Iraq began, the San Francisco Bay Area Independent Media Center solicited volunteers to stage sit-ins in particular intersections. When sit-ins sparked police confrontations, the group published live video on its Web site.

Such tactics enabled the activists to shut down much of downtown San Francisco proof that new technologies have revolutionized civil disobedience, said Pam Fielding, co-author of The Net Effect: How Cyberadvocacy is Changing the Political Landscape.

On the eve of an anti-war protest in midtown Manhattan, e-mails sped across the Internet, inviting participants to stop rush hour traffic on Thursday.

In Asia and Europe, mobile phone text messages, also called short message service or SMS, are a powerful tool for activists.

The morning after the first U.S. air strikes in Baghdad, Ashraf el-Bayoumi typed text messages a familiar form of communication for him to urge anti-war activists to rally in Cairo. "We have been trying to use this technology for three years," he said.

Two days later, officials in Frankfurt, Germany, home of the U.S. military's Rhein-Main Air Base, decided after initially wavering to allow a protest. Within hours, 2,000 people converged near the base.

In Denmark, demonstrators have used cell phones while riding bicycles to reconnoiter and update each other on police movements.

Incompatibility among U.S. cellular networks has stalled text messaging technology in America. But virtual protest has taken on new twists.

Last month, 400,000 protesters used simple land-line telephones to clog the White House and U.S. Senate switchboards with incoming calls.

In San Francisco, 52-year-old Web designer John Parulis lugged more than 40 pounds of technology in his backpack the day after the war started, connecting through a wireless Internet access point at a coffee shop to beam protest footage from his digital video camera to the Web.

"People are increasingly looking to the Internet for their news," Parulis said. "There's a perception, and it's based on a lot of truth, that the mainstream media has a bias of corporate values."

Technology has even given a voice to activists in countries without a tradition of free expression.

In Qatar, where U.S. Gen. Tommy Franks directs the war in Iraq, locals have used SMS to unleash anti-American protests and a boycott of American and British products.

In Beijing, a British expatriate set up a Web-based bulletin board to organize last Friday's anti-war rally. Other expatriates spread the word via mobile phone messages.

But technology can be notoriously fallible.

On Feb. 15, cell phones jammed in downtown Stockholm after 35,000 protesters overloaded the network with multiple short messages and quick calls.

"Not a single phone worked," said Christina Hagner of Stockholm-based Network Against War. The group had to settle for walkie-talkies and word of mouth.
*******************************
MSNBC Online
ID theft costs banks $1 billion a year
Report: There?s no way to positively identify new customers
By Bob Sullivan
MSNBC

March 26 Banks lost at least $1 billion to identity thieves last year, according to a report issued Tuesday by TowerGroup Inc. While only an estimate, it is one of the first attempts to put a detailed price tag on what has been called the nation?s fastest growing crime. What?s more, the report asserts, banks have no way of telling whether new customers applying for a loan or credit card are actually who they say they are.

NEARLY 10,000 VICTIMS had home loans totaling about $300 million taken out in their name in 2002 and another 68,000 had new credit cards issued in their name, said Christine Pratt, the author of the report and a senior analyst in TowerGroup?s consumer credit practice. She extrapolated the data from an annual Federal Trade Commission report issued in January. She then computed average losses per crime to arrive at her $1 billion estimate.
?And that number is probably conservative,? she said. While the FTC received 161,000 identity theft complaints last year, the FBI estimates the actual number of victims is probably closer to 500,000 she said.
Financial institutions are a common target for identity thieves looking to turn stolen identities into cash. Criminals take out credit cards in their victims? names, file for home equity loans, buy cars on credit and even take out mortgages. According to the FTC?s 2001 report, the most recent for which data on auto loans is available, fraudulent car loans were one-fourth of all identity-theft based loans.
But the report?s most disturbing assertion might not be the dollar figures. Pratt said that currently, banks have no way to positively identify new customers.
?In an ideal world, a lender would be able to answer one two-part question: ?Is this a legitimate identity, and is this individual the right owner of it??? the report says. But when new customers come in, even if they are fingerprinted, there is no mechanism to verify their identity claims, the report asserts. If their paperwork seems complete, they get the new account.
?Poor bank tellers looking at something that looks like a driver?s license, they don?t have a prayer? against identity thieves, Pratt said.
The problem is exacerbated by intense competition in home mortgage refinancing, said Anthony Hsieh, CEO of Home Loan Center, an online lending firm. Television advertisements encourage consumers to seek out ?hassle-free? loan applications for which careful identity verification is anathema.
?The technology is improving so we can get loan approval sometimes in as little as 30 seconds,? he said. ?The issue here is not necessarily if the information is inaccurate ... but the issue is making sure the person you?re talking to is the person he or she claims to be.?
However, Hsieh said the problem is hardly epidemic among home mortgages, which represent about a third of the losses cited in Pratt?s report. Nearly $2.5 trillion in home loans were granted last year, and $300 million is a small fraction of that.
?It?s not widespread, it really isn?t,? he said. ?But when it does happen, it?s a huge deal.?
Even if a fraudulent loan is approved electronically, mortgage closings are still completed in the traditional, face-to-face way. No bank currently closes loans electronically, he said, severely limiting the potential for identity theft home loans.
Home equity loans essentially a line of credit and credit card applications are a better target for identity fraud, Pratt said. Much of her report deals with potential solutions for banks, including a variety of projects that would allow banks to ask more questions about a customer?s background before granting credit.
Still, banks keep quiet about their losses to protect their reputation, and consumers don?t often don?t face steep financial consequences from the crimes, so aggressive measures to curb identity theft probably aren?t in the offing yet.
?Nobody has taken a huge hit yet,? she said. ?And there are not a lot of easy ways to tighten up controls without putting yourself at a competitive disadvantage. Almost no one thinks the consumer is willing to give up much of anything to prevent ID theft.?
*******************************

Prev by Date: ACM TechNews - Wednesday, March 26, 2003
Next by Date: Clips March 28, 2003
Previous by thread: ACM TechNews - Wednesday, March 26, 2003
Next by thread: Clips March 28, 2003
Index(es):
- Date
- Thread