[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips March 28, 2003
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;
- Subject: Clips March 28, 2003
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Fri, 28 Mar 2003 14:13:29 -0500
Clips March 28, 2003
ARTICLES
FCC Will Vote in June on Media Ownership
Hackers Put U.S. Flag on Al-Jazeera Site
Soldier Toys Today, Civilian Toys Tomorrow
Bill Would Allow Check Transfer Electronically
FDIC studies how to manage its records better
Medical system debuts in Persian Gulf
Wartime Internet Security Is 'Business as Usual'
UK sets sights on spam
New Voting Systems Assailed
UC System to Track Medical Errors
FBI chief details progress on upgrading computer systems
Creation of cybersecurity post in administration appears imminent
*******************************
Associated Press
FCC Will Vote in June on Media Ownership
Fri Mar 28, 4:27 AM ET
By DAVID HO, Associated Press Writer
WASHINGTON - Ignoring calls for more time, Federal Communications Commission (news - web sites) Chairman Michael Powell said Thursday that regulators probably will vote June 2 on a broad overhaul of rules limiting ownership of newspapers and radio and television stations.
The agency is studying whether decades-old ownership restrictions are suitable for a market altered by satellite broadcasts, cable television and the Internet. Powell repeatedly has said changes are needed.
"It simply has become more difficult to simply assert that an ownership restriction is essential to promoting diverse viewpoints where so many outlets and owners thrive," he told a communications policy group, The Media Institute.
It is widely believed the two other Republicans on the five-member commission also want to loosen regulations, an outcome sought by many large media companies.
A 1996 law requires the FCC (news - web sites) to periodically review ownership rules in light of industry changes.
Powell said that because of the growing dominance of cable and satellite TV subscription services, changes are needed to give free over-the-air television "the fighting chance it needs and deserves to respond and survive." He said over-the-air broadcasts provide a valuable public service.
The owners of the four major television networks have asked the FCC to abolish the ownership rules, saying the regulations restrict their ability to grow and stay competitive.
Addressing a rule that prevents a company from owning a broadcast station and a newspaper in the same market, Powell said such combinations may allow media companies to save money and better serve communities.
"It's hard to see how a complete ban on newspapers owning TV stations serves the public interest," he said.
Critics of efforts to overhaul the ownership rules say that weakened government restrictions will lead to more mergers and a few large companies controlling what people read, hear and watch.
"There is a growing concern about a rush to judgment here at the commission," FCC Commissioner Michael Copps, a Democrat, told reporters Thursday.
Copps has sought more public comment on the media ownership review. He held his own hearing in Seattle this month and a second is planned for Monday in Durham, N.C.
"Relatively few know this issue is out there," he said.
Three Republican senators Olympia Snowe and Susan Collins from Maine and Wayne Allard of Colorado wrote Powell last week asking that the commission announce proposed changes and hold an additional public review before voting.
"It would be inappropriate to make significant changes that could have a sweeping impact on how our society engages in public debate without having a complete public airing," the senators said.
Powell said the FCC will seek more comment if it is necessary. But, he said, "I'm not inclined to do it just for the sake of doing it."
"There are those who would just simply want to delay the proceeding because they are not supportive of change," he said.
*******************************
Associated Press
Hackers Put U.S. Flag on Al-Jazeera Site
Fri Mar 28, 4:51 AM ET
By TED BRIDIS, AP Technology Writer
WASHINGTON - Hackers wreaked electronic havoc Thursday on Internet sites operated by the Arab television network Al-Jazeera, diverting Web surfers to pornography and to a page with a U.S. flag and the message "Let Freedom Ring."
Hackers impersonating an Al-Jazeera employee tricked one of the Internet's most popular Web addressing companies, Network Solutions Inc., into making technical changes that effectively turned over temporary control of the network's Arabic and English Web sites.
The changes similar to replacing exit signs on a highway to misdirect travelers were to be fixed by midnight. But it was expected to be at least 12 hours afterward before Al-Jazeera's sites would be available worldwide, said Brian O'Shaughnessy, a spokesman for Network Solutions.
Hackers calling themselves the "Freedom Cyber Force Militia" initially hijacked Internet traffic destined for Al-Jazeera's Web site in English and redirected it to a different Web page on computers operated by Networld Connections Inc., an Internet provider in Salt Lake City. That site was shut down hours later.
The page included the message, "God bless our troops," signed by a self-described "Patriot." There was no response to e-mail sent to an address on the Web page.
Al-Jazeera's site in Arabic was sending Web surfers at one point Thursday to a pornography site.
"Certainly, it has been hacked," acknowledged Jihad Ali Ballout, a spokesman for Al-Jazeera. He described the attack as "a frontal, vicious attack on freedom of the press" and urged anyone with information to contact authorities.
Later Thursday, Al-Jazeera's site in English was redirected again to another Internet provider with the message that it was "taken over by Saimoon Bhuiyan."
"Our system notified us that an error had occurred in this update," O'Shaughnessy said. "We worked with (Al-Jazeera) and we've corrected it."
The mistake was embarrassing for Network Solutions, and for its parent company, VeriSign Inc., which sells authentication and security services in addition to operating the master records for all Web addresses ending in ".com" and ".net."
Network Solutions offers several optional layers of security for customers requesting technical changes that affect their Web sites.
"This sounds like a very low-tech attack," said David Endler of iDefense Inc., an Internet security company in Reston, Va. "It probably didn't take a lot of effort, probably a fake phone call or fax. It's amazing how often the human element comes into play with security breaches. You can have levels of authentication, but obviously one person has the ability to circumvent all that."
The Arab network's Web sites have been suffering disruptions for days, ever since showing pictures of dead and captive U.S. soldiers in Iraq (news - web sites). Al-Jazeera, based in Qatar, is an unusually independent voice in the Arab world.
*******************************
Washington Post
Soldier Toys Today, Civilian Toys Tomorrow
By Jonathan Krim
Washington Post Staff Writer
Friday, March 28, 2003; Page E01
In World War II, a little-known product called "duck tape" kept cases of ammunition dry. Soldiers also found it useful for holding together parts in jeeps, guns and even aircraft, and the tape went on to commercial fame as "duct tape," used for sealing duct seams and countless other household tasks.
In the 1991 Gulf War, widespread use of Global Positioning System devices put that satellite technology on the map and helped make GPS a household name. Devices using GPS to get a fix on location became commonplace in cars and in handheld units used by hikers and other outdoor enthusiasts.
Recent conflicts have likewise elevated the military's high-mobility multipurpose wheeled vehicle -- the HMMWV, or "Humvee" -- to a consumer status symbol under the Hummer brand name, for those who can afford the $50,000 price tag.
Now, the battlefield has again become a harsh and sometimes deadly laboratory, a proving ground for technologies that are serving one purpose today but will probably serve civilians in different ways tomorrow.
Technology experts and military historians watching the unfolding war in Iraq note that with the digital age well underway, much of the weaponry on display builds on systems used in the first Gulf War and leverages dramatic civilian advances in technology.
But they are intrigued by the expanded use of technologies such as drones, small unmanned aircraft that can crisscross large swaths of territory and provide intelligence data.
Whereas the 1991 war's technology was defined by the ability to pinpoint location, experts say this war will be known for extending the ability to remotely see, hear and gather information.
"We're seeing fuller exploitation of persistent surveillance," said Owen Cote, a defense technology expert with the Security Studies Program at the Massachusetts Institute of Technology. "We're infesting the battlefield with UAVs," or unmanned aerial vehicles.
Unmanned Predator drones are used as attack vehicles, carrying missiles that were used to kill suspected al Qaeda officials in Yemen late last year.
But for surveillance, camera-carrying UAVs can come in packages as small as six inches across and weigh about two ounces.
One such vehicle, called the Dragon Eye, is built to be taken to the battlefield in a backpack. A bungee cord serves as a kind of slingshot to launch the vehicle before its electric motor takes over. The operator directs it with a laptop computer.
A spokesman for AeroVironment Inc., a Monrovia, Calif., maker of UAVs for military and law enforcement use, said the vehicles his company makes are not available for civilian use.
Among other things, he said, they would need to conform to Federal Aviation Administration requirements, and the remote-control devices would need to use frequencies licensed by the Federal Communications Commission.
But Paul Saffo, a director of the Silicon Valley-based Institute for the Future, expects to see UAVs in wide civilian use within five years.
"Teenage nerd hobbyists will be able to buy or build UAVs that will be a little larger than a paperback book," said Saffo, whose work includes predicting how consumers might incorporate new technologies in their daily lives. "Nobody will be able to comfortably sunbathe topless in their backyards anymore."
Daryl Davidson, executive director of the Virginia-based Association for Unmanned Vehicle Systems International, said that small drones carrying still cameras are beginning to appear in advertisements in airline magazines.
"It probably won't become like the kite festival down on the Mall," Davidson said. "But the commercial opportunities are limitless."
Saffo said the devices are likely to gain wider usage for law enforcement, fighting forest fires and monitoring traffic.
"The revolution is about hanging eyes, ears and sensory networks onto other networks," he said.
Aiding the cause, said Cote, is military leadership in the use of radar and sensor technology.
"Sensors are going to be very big," said Cote, who defines a sensor as anything that creates a signal, sends it out and then collects return data.
Enhanced radar -- which can better penetrate foliage, buildings and the ground -- is helping the military find possible targets and detect dangers.
Cote envisions numerous civilian uses for improved sensors, such as in automobiles to warn a driver when another car is too close, or to improve ultrasound and other medical devices.
Chung-Chiun Liu, a professor of sensor technology and chemical engineering at Case Western Reserve University, said new sensors can provide health monitoring on patients' wrists, with data streamed continuously to a doctor or hospital.
Alex Roland, a professor of military and technology history at Duke University, speculates that advances in unmanned vehicles and sensor technology will combine to change future warfare overall, making it an even more remote-controlled endeavor than it already has become.
"More and more [combatants] will disappear from harm's way, and machines will be doing more," Roland said.
Not all new technologies are being used to inflict damage to the opposition in Iraq.
The Navy is using the first full-scale, "deployable" hospital, a mobile medical center complete with wireless networks, voice-over-Internet telephony, and electronic links to computer servers that house medical data and patient records.
"One of the features is that it's all electronic," said John Spotila, president of Chantilly-based GTSI Corp., a systems integrator that contracts with government agencies. "There are no paper forms or files."
Spotila said such systems could be used by disaster-zone emergency teams, such as the Federal Emergency Management Agency or the Red Cross.
Among the integral elements of the deployed hospital are "ruggedized" laptops and peripheral equipment, which are built to absorb shocks and withstand dirt, dust and water. These were already growing in popularity with truckers, marine operators, aviators and emergency-response organizations, as well as with the military.
But whether the bulkier, heavier and more expensive laptops will become a consumer favorite is an open question.
Not everything has the widespread appeal and staying power of duct tape.
*******************************
Reuters
Bill Would Allow Check Transfer Electronically
Thu Mar 27, 6:40 PM ET
WASHINGTON (Reuters) - U.S. lawmakers want to let banks exchange checks by electronic image, a process they say will speed up check clearing, benefit consumers and make banks more efficient.
Customers will be able to see much more quickly whether a check has cleared or been tampered with instead of having to wait for a bank statement once a month, the bill's supporters say.
Many banks processing checks must currently physically move the paper check through intermediaries before drawing on funds from another bank.
Some banks have contractual agreements with other institutions to accept check images instead of paper checks. Under legislation introduced on Thursday by Pennsylvania Republican Rep. Melissa Hart, all banks could exchange electronic check images without prior agreement.
"The current system uses the equivalent of the pony express, when technology allows for a quick and secure electronic system. This legislation will bring the check payment system into the 21st Century," House Financial Services Committee Chairman Michael Oxley, an Ohio Republican, said in a statement.
House aides said the bill has the support of bank trade associations representing a broad array of big and small banks and the Federal Reserve (news - web sites).
The House is expected to move quickly on the measure, which has support of lawmakers from both parties, a congressional aide said. The Senate is anticipated to follow suit rapidly, the aide added.
*******************************
Government Computer News
03/27/03
FDIC studies how to manage its records better
By Jason Miller
The Federal Deposit Insurance Corp. is studying how to merge two records management systems.
Rochelle Myles, chief of the Records Management unit of FDIC, today said records management experts and IT officials are analyzing what it will take to connect the systems.
Myles was one of four panelists who discussed records management at a breakfast sponsored by the Bethesda, Md., chapter of the Armed Forces and Communications and Electronics Association.
FDIC has 2.7 million cubic feet of paper records that must be stored or disposed of and the two systems that are being used do not meet all the requirements, Myles said.
FDIC is using TRIM, an automated records management system from Tower Software of Reston, Va., that tracks inactive records, and an application from Documentum Inc. of Pleasanton, Calif., which is used to track records of current FDIC projects.
?We are trying to look at both products and judge their strengths and weaknesses,? she said. ?Without an interface, users have no idea where the documents are stored and cannot search both databases at once.?
FDIC may have to pay a $450 per-seat license fee to Documentum if it consolidates the records on the company?s system, Myles said, but the agency is negotiating a lower fee. With TRIM, she said, there would be no additional charge.
Myles said she expects the study to be finished by September, after which the agency will decide whether to issue a request for proposals.
?There was some feeling that we should just go with the TRIM product, but we decided to look at all our options,? she said.
*******************************
Government Computer News
03/27/03
Medical system debuts in Persian Gulf
By Dawn S. Onley
The Army?s Medical Service Corps has sent more than 140 notebook and handheld PCs to battlefield medics in Iraq as part of its Medical Communications for Combat Casualty Care program.
MC4 systems, which consist of Panasonic CF-48 notebook PCs and Portable Data Terminal 8000 handhelds from Symbol Technologies Inc. of Holtsville, N.Y., run software that lets combat medics perform a range of tasks. Medics can enter information directly to a soldier?s medical records and track the whereabouts and symptoms of patients throughout the theater. Medical workers also can use the software to order medical supplies in bulk.
The integrated software package will link health care providers, medical diagnostic systems, and the Army?s command and control systems to provide accurate conditions of deployed medical personnel as well as injured or deceased warfighters, officials said.
Lt. Col. Claude Hines, product manager for MC4, operated by the Medical Service Corps at Fort Detrick, Md., said the system, which is a recent upgrade from the paper-based tag system used in Afghanistan and in the first Gulf War, will save time and lives.
Hines discussed MC4 at the Program Executive Office, Enterprise Information Systems Industry Day yesterday in Falls Church, Va.
?In the future, the patient will have some kind of stored digital record,? Hines said. ?In the old days, information was kept on a field medical card. They would hang the card somewhere on a solider. The problem was if it was raining, or got lost, no one knew what treatment was done.?
*******************************
Government Computer News
03/27/03
Navy labs want to help soldiers speak the language of war
By William Jackson
GCN Staff
The Office of Naval Research is supporting the development of speech translation technology that could help troops in the field communicate with foreigners and interpret text, signs and other graphics.
?I always thought that this would be mostly for use by infantry, whether it be Army or Marine Corps,? said Joel L. Davis, a scientific officer at ONR?s Division of Cognitive, Neural and Biomolecular Science and Technology.
It probably won?t be ready in time for troops in Iraq to use in the current conflict, but a suite of prototypes created by SpeechGear Inc. of Northfield, Minn., is ready to be field tested. Davis, who is overseeing the program for ONR, said the tools would be used in Army and Marine exercises in foreign countries this summer.
SpeechGear?s Compadre suite consists of three products: Interact, a bidirectional voice-to-voice speech translator; Camara, which uses a digital camera and optical character recognition software to translate images of written material; and Interprete, a hand-held dictionary device that translates words from voice or text input.
A translation engine uses context to determine the meaning of spoken words and phrases. Accuracy of two-way translation during a conversation is hard to quantify, said SpeechGear president Robert Palmquist.
?Our metric for Interprete is to accurately communicate the meaning of a sentence,? he said.
For instance, the phrase, ?How do I get to the subway?? could be translated as, ?Where is the subway? Tell me, please.? Although not a literal translation, it would be accurate. But the idiomatic phrase, ?hold the phone,? could be translated literally and miss the meaning completely. In the course of a conversation this kind of a problem can be corrected by rephrasing.
?The Interprete system works quite well with two people who want to communicate,? Palmquist said.
?If they don?t want to cooperate, there?s very little you can do,? Davis said.
The system uses a client-server architecture, but Palmquist said initial field testing probably would be on standalone devices containing both the client and server, so that communication links are not an issue.
Davis said that for real-world use in the field the distributed architecture could be more attractive because soldiers would not have to carry the computing power with them. With improved voice and data communications available in the field, a soldier could use a handheld device or a phone that would digitize and compress the voice and transmit it to the translation server. The translation would come back through a speaker. A similar process would transmit digital images and return text translations.
*******************************
Washington Post
Wartime Internet Security Is 'Business as Usual'
By Robert MacMillan
washingtonpost.com Staff Writer
Thursday, March 27, 2003; 2:52 PM
Federal officials last week warned that the Iraq war may prompt hackers to attack data systems and critical networks. But for the most part, Internet security firms aren't changing their standard procedures to accommodate the higher threat level -- because for them, vigilance is par for the course.
"It's business as usual," said Vincent Weafer, the chief virus researcher for Symantec Security Response, who said the average U.S. corporation already gets hit with about "30 major attacks" weekly. The Internet is under constant attack from a variety of online threats, with as many as 10 to 15 new viruses or other malicious code attacking online systems every day, Weafer said.
There has been an increase in online attacks and other hacker activity since the beginning of the war, but not at the level anticipated by the Homeland Security Department in an alert it issued last Tuesday.
"We have already seen a clear increase in the number of Web site defacements, but on the other hand we haven't seen very much on the virus front," said Mikel Albrecht, a virus researcher at F-Secure Corp. in Finland.
U.K.-based antivirus firm Sophos Inc. said hacker activity since the onset of the Iraq war is similar to spikes in activity tied to particularly contentious football matches, said spokeswoman Carole Thierault.
"We don't tend to change our method of working," she said. "We always want everybody to be suspicious."
F-Secure reported approximately 10,000 Web site defacements, with U.S. government sites getting hit with slogans like "Make love, not war," while a private site was pasted with the message, "Kill Saddam!"
The relative calm doesn't mean hackers aren't trying to find weaknesses in western systems. Mark Rasch, former head of the Justice Department's computer crimes unit, said that there has been more probing activity, where unknown assailants scan networks to determine whether they are secure or have open ports that can be attacked. This activity, he said, has come from Egypt, Amsterdam and other areas throughout the Middle East and Europe.
"It's the electronic equivalent of walking down the streets and checking that the doors are locked," he said. "It's usually the prelude to an attack."
U.S. government systems have not seen a significant increase in hacking or intrusion attempts, said Homeland Security Department spokesman David Wray. "We obviously see the reports of defacements that appear to be coming from pro-Islamic groups, but those are on essentially public systems," he said.
What worries the Homeland Security Department is not hackers taking down Web sites, it's organized terrorist groups like al Qaeda that have shown more than a passing interest and skill in harnessing computers to try to disable or damage communications networks and critical infrastructures like the public water supply.
Last June, The Washington Post reported that hackers, possibly from the Middle East or East Asia, had probed utility systems to study emergency telephone networks, electricity and water storage systems and nuclear power plants and gas facilities.
Bruce Schneier, co-founder of Cupertino, Calif.-based Counterpane Internet Security Inc., said cyberterrorism or an online "war" is nearly impossible.
"Politically sponsored hacking is a gross overstatement," Schneier said, noting that carrying off an attack that could disable the Internet is an unlikely scenario at best.
Rasch said that it could happen, "but it would require a tremendous amount of success, knowledge and planning. You'd have to really know what you're going after."
Symantec's Weafer said that most attacks, including one last October that brought down nine of the 13 root servers that support the Internet, cannot get around the fact that when online traffic is disrupted or blocked in one place, it tends to flow through thousands of alternate channels instead.
"If you look at the Code Reds, the Nimdas, the DDOS's against DNS servers, the Internet itself is extremely resilient," he said. "[Sometimes] you see localized attacks, and communications get slower ... but you have to allow for that."
The most widely reported hack of the past week appears to have been carried out by patriot hackers from the United States. The Qatar-based Al Jazeera television network said that hackers knocked its Arabic and English Web sites offline several times, according to Tuesday wire reports. The sites still were inaccessible at deadline today, and Reuters was reporting that an American flag had been placed on the Al Jazeera site at one point today.
*******************************
BBC Online
UK sets sights on spam
The UK Government is determined to crack down on the menace of unwanted and unsolicited e-mail.
It is proposing a fight back against the spammers with strict new rules about how personal e-mail details are used.
From October, a European Union directive will make unsolicited e-mails illegal across member states and the UK Government is planning to have its legal framework in place at the same time.
Spam accounts for as much as 40% of global e-mail traffic and is causing a headache for businesses, costing them billions in lost productivity.
More power to consumer
The government will recommend that businesses gain prior consent before sending unsolicited advertisements via e-mail.
Cookies and other tracking devices on web pages will need to be clearly indicated to allow people to choose whether they want their activities monitored online.
It also recommends websites allow individuals to decide if they wish to be included in subscriber directories.
The government plans to consult with industry on the recommendations until 12 June and the new law will be brought into force at the end of October.
Officials are well aware that the problem of spam is a huge one, unlikely to be sorted out by just by having a legal framework to fight the spammers.
Heavy fines
"This is not a single solution and it isn't going to be the end of spam," said a spokeswoman for the Department of Trade and Industry.
It will however, clarify the law for companies wishing to use e-mail for legitimate marketing and also give internet service providers, businesses and individuals more power to go after persistent spammers.
"ISPs will be backed up by the law saying spamming is illegal and the Information Commissioner will have greater power to follow up any complaint," the spokeswoman said.
Persistent spammers could face limitless fines if the case against them goes to trial, she said.
*******************************
Washington Post
New Voting Systems Assailed
Computer Experts Cite Fraud Potential
By Dan Keating
Friday, March 28, 2003; Page A12
As election officials rush to spend billions to update the country's voting machines with electronic systems, computer scientists are mounting a challenge to the new devices, saying they are less reliable and less secure from fraud than the equipment they are replacing.
Prompted by the demands of state and federal election reforms, officials in Maryland, Georgia, Florida and Texas installed the high-tech voting systems last fall. Officials in those states, and other proponents of electronic voting, said the computer scientists' concerns are far-fetched.
"These systems, because of the level of testing they go through, are the most reliable systems available," said Michael Barnes, who oversaw Georgia's statewide upgrade. "People were happy with how they operated."
In Maryland, "the system performed flawlessly in the two statewide elections last year," said Joseph Torre, the official overseeing the purchase of the state's new systems. "The public has a lot of confidence in it, and they love it."
But the scientists' campaign, which began in California's Silicon Valley in January, has gathered signatures from more than 300 experts, and the pressure has induced the industry to begin changing course.
Electronic terminals eliminate hanging chads, pencil erasure marks and the chance that a voter might accidentally select too many candidates. Under the new systems, voters touch the screen or turn a dial to make their choices and see a confirmation of those choices before casting their votes, which are tallied right in the terminal. Recounts are just a matter of retrieving the data from the computer again. The only record of the vote is what is stored there.
Critics of such systems say that they are vulnerable to tampering, to human error and to computer malfunctions -- and that they lack the most obvious protection, a separate, paper receipt that a voter can confirm after voting and that can be recounted if problems are suspected.
Officials who have worked with touch-screen systems say these concerns are unfounded and, in certain cases, somewhat paranoid.
David Dill, the Stanford University professor of computer science who launched the petition drive, said, "What people have learned repeatedly, the hard way, is that the prudent practice -- if you want to escape with your data intact -- is what other people would perceive as paranoia."
Other computer scientists, including Rebecca Mercuri of Bryn Mawr College, say that problems are so likely that they are virtually guaranteed to occur -- and already have.
Lost and Found
Mercuri, who has studied voting security for more than a decade, points to a November 2000 election in South Brunswick, N.J., in which touch-screen equipment manufactured by Sequoia Voting Systems was used.
In a race in which voters could pick two candidates from a pair of Republicans and a pair of Democrats, one machine recorded a vote pattern that was out of sync with the pattern recorded elsewhere -- no votes whatsoever for one Republican and one Democrat. Sequoia said at the time that no votes were lost -- they were just never registered. Local officials said it didn't matter whether the fault was the voters' or the machine's, the expected votes were gone.
In October, election officials in Raleigh, N.C., discovered that early voters had to try several times to record their votes on iVotronic touch screens from Election Systems and Software. Told of the problems, officials compared the number of voters to the number of votes counted and realized that 294 votes had apparently been lost.
When Georgia debuted 22,000 Diebold touch screens last fall, some people touched one candidate's name on the screen and saw another candidate's name appear as their choice. Voters who were paying attention had a chance to correct the error before finalizing their vote, but those who weren't did not.
Chris Rigall, spokesman for the secretary of state's office, said that the machines were quickly replaced, but that there was no way of knowing how many votes were incorrectly counted.
In September in Florida, Miami-Dade and Broward counties had a different kind of vote loss with ES&S touch-screen equipment: At the end of the day, precincts that reported hundreds of voters also listed virtually no votes counted. In that case, technicians were able to retrieve the votes from the machines.
"If the only way you know that it's working incorrectly is when there's four votes instead of 1,200 votes, then how do you know that if it's 1,100 votes instead of 1,200 votes? You'll never know," said Mercuri.
Because humans are imperfect and computers are complicated, said Ben Bederson, a professor of computer science at the University of Maryland, mistakes will always be made. With no backup to test, the scientists say, mistakes will go undetected.
"I'm not concerned about elections that are a mess," Dill said. "I'm concerned about elections that appear to go smoothly, and no one knows that it was all messed up inside the machine."
"We're not paranoid," said Mercuri. "They're avoiding computational realities. That's the computer science part of it. We can't avoid it any more than physical scientists can avoid gravity."
The Miami-Dade and Georgia terminals were reprogrammed right up until the eve of the fall elections. The last-minute patches don't go through sufficient review, Mercuri said, and any computer that can be reprogrammed simply by inserting an update cartridge cannot be considered secure or reliable.
Dill said hackers constantly defeat sophisticated protections for electronic transactions, bank records, credit reports and software. "Someone sufficiently unscrupulous, with an investment of $50,000, could put together a team of people who could very easily subvert all of the security mechanisms that we've heard about on these [voting] machines," he said.
People who have sold or administered electronic voting systems, however, say the scenarios of fraud or widespread, election-changing error were not of the real world.
'We'd Detect It'
Howard Cramer, vice president for sales at Sequoia, one of the nation's largest suppliers of electronic voting systems, noted that his company has been supplying the systems for a decade and a half. "Our existing approach is verifiably accurate, 100 percent," he said. "Some of the things they're saying are flat-out wrong. Some are conceivable, but outside the likelihood of possibility."
The designer of Georgia's security system, for example, said nobody could insert a secret program to steal an election when the machines are created, because no one even knows at that time who the candidates will be, and the only people with access to the machines at the last minute are local officials.
"They're talking about what they could do if they had access to the [computer program] code, if we had no procedures in place and no physical security in place," said Brit Williams, a computer scientist at Kennesaw State University. "I'm not arguing with that. But they're not going to get access to that code. Even if they did, we'd detect it."
He also said that Georgia's patch was checked before it was installed and did not affect the tallying of votes. And no one, he said, could reprogram Georgia's terminals by inserting a cartridge.
"On our machine, the port is in a locked compartment. The only person in the precinct who has a key to that locked compartment is the precinct manager. [Critics are] looking at it from a purely computer science point of view, saying the system is vulnerable, and it would be vulnerable if we let anyone walk up and stick a card into it, but that doesn't happen."
After Dill launched his campaign, officials in the Silicon Valley county of Santa Clara delayed a purchase of 5,000 touch-screen voting machines. Despite insisting that their systems are reliable and secure, the nation's leading vendors all immediately agreed to provide paper receipts, and the California secretary of state announced a task force to review the security concerns. A month ago, Santa Clara went ahead with its $20 million purchase, insisting that receipts be provided once the state approves the new equipment.
Georgia and Maryland officials said that providing paper receipts may create more problems than it solves -- that paper would have to be transported and monitored with security, and printers could jam. Cramer of Sequoia said paper is unnecessary, costly and may pose a problem for blind voters.
But if customers want receipts, he said, his company will supply them. And Williams said receipts may have a place in the system. "The advantage of a hard piece of paper -- one that a voter would hold in his hand and say, 'That is who I voted for' -- that is psychological, and there certainly is value to that. We need public confidence in our elections," he said.
Similarly, the official overseeing Maryland's program would accept paper if it were available.
"I've been doing voting systems for 15 years," Torre said. "I don't care if they give voters a piece of paper or not. If they come out with a receipt, that's fine. Maybe with the momentum out of California, we'll have receipts before too long."
*******************************
Los Angeles Times
UC System to Track Medical Errors
A new Internet-based program will help its health care facilities monitor mistakes and improve quality, officials say.
By Lisa Richardson
Times Staff Writer
March 28, 2003
The University of California announced Thursday it will launch a new Internet-based system to track medical errors at its five campus medical centers, joining other major health care providers in computerizing medical records to improve quality and efficiency.
The Internet-based system, which has been developed by the university, will allow hospitals to track trends in medication errors, adverse drug reactions, blood transfusion errors, patient falls and bed sores.
The University of California also will establish a "harm score system" for evaluating each error and comparing it with others.
Nationally, major medical systems such as that of the Department of Veterans Affairs have been leaders in systematic efforts to reduce errors using technology.
In February, Kaiser Permanente, the state's largest HMO, rolled out a $1.8-billion plan to give doctors and patients access to medical histories, test results, prescription information and other data, in part to reduce errors.
The problem of medical errors has received increasing attention after the publication of a landmark report from the Institute of Medicine in 1999 which estimated that between 48,000 to 98,000 fatal medical errors occur annually in the nation's hospitals.
Most common are medication mistakes, such as administering the wrong drug or the wrong dosage, perhaps at the wrong time.
Though other medical systems have developed error reporting systems of varying sophistication, university officials say the University of California project is the first in the nation to link academic medical centers on a systemwide basis through the Internet.
The system will not be accessible to patients.
However, patients may make suggestions and notify medical authorities if they experience or witness medical error or "near misses," said Dr. Lee Hilborne, director of the UCLA Center for Patient Safety and Quality.
"What I'm really excited about is, hopefully, we're going to be seeing more reporting" of these mishaps, Hilborne said. Hilborne is also director of a program called the Strategic Alliance for Error Reduction in California Healthcare.
The system will permit medical personnel to report errors anonymously, though they are urged to do so by name.
"What we're trying to do, particularly at UCLA, is to really reward people for coming forward," Hilborne said.
"Frankly, if punishing worked, we wouldn't see the kinds of errors we see today," he said.
"But also, we're trying to create a culture -- switching from naming, blaming and shaming to one that says, 'How did this happen? The purpose is to prevent it from happening in the future.' "
*******************************
Government Computer News
03/27/03
DOE releases software quality improvement strategy
By Vandana Sinha
GCN Staff
On a recommendation from the Defense Nuclear Facilities Safety Board, the Energy Department has issued an implementation plan to improve the quality of safety software at defense nuclear facilities.
The department?s Office of the Environment, Safety and Health is taking phased steps toward identifying and fixing weaknesses in the system, analysis and design software that runs safety-related functions, as well as in the way people use and manage that software.
The plan was created in answer to the board?s contention last September that the department?s original software Quality Assurance Improvement Plan ?has not yet produced any substantial results.? The board then offered its Recommendation 2002-1, ?Quality Assurance for Safety-Related Software.?
In November, Energy secretary Spencer Abraham said a new implementation plan would include clear assignments of employee roles and responsibilities, processes that identify safety analyses and design codes, continuous tracking of software improvements and initiatives, and a stronger infrastructure and stricter requirements for software quality.
?We?re just standing up and starting to think about how we want to do this,? said Raymond J. Hardwick, acting deputy assistant secretary for Energy?s Office of Corporate Safety Assurance, speaking at a department-sponsored software quality forum this week. ?We have a lot of work to do.?
The board, however, will be looking for results. It highlighted ?significant problems? with safety-related software systems at the BWXT Pantex Plant, Energy?s nuclear weapons assembly and disassembly facility in Amarillo, Texas, in a letter it sent on Tuesday to Linton Brooks, acting administrator of the National Nuclear Security Administration.
While the board said BWXT Pantex has begun implementing software quality assurance initiatives that have ?the potential to enhance conduct of operations,? it said those initiatives ?may be jeopardized by observed inadequacies in software engineering practices.?
The board asked for ?urgent action,? including a report from NNSA in the next month detailing how it will improve software quality assurance at Pantex.
*******************************
Government Executive
March 27, 2003
FBI chief details progress on upgrading computer systems
By Bara Vaida, National Journal's Technology Daily
FBI Director Robert Mueller told a congressional panel on Thursday that the bureau has made significant progress updating its computer systems and that one operations center soon will connect and manage all of the bureau's computers.
Mueller told the House Appropriations subcommittee with jurisdiction over the FBI that a wide-area network, by the end of the month would link the agency's 21,025 desktop computers spread throughout 622 locations. He said the Enterprise Operations Center will begin business this spring to manage data, network, hardware, software applications and security access.
"We are now focused on implementing a corporate-data warehousing capability that is key to FBI intelligence, investigative and information-sharing initiatives, as well as to our records-management system," Mueller said in testimony. "Agents will search multiple databaseslinking thousands of data points of evidence, leads and suspectsthrough a single portal."
He noted that the data-collection center, dubbed the "integrated data warehouse," will link 31 FBI databases for single-portal searches and data mining. It also will allow electronic data sharing with other agencies. Mueller noted that computer-security experts monitored every step of the creation of the bureau's data warehouse and the linking of its computer systems.
"As we have upgraded Trilogy, we have made sure that at every step we cleared it with our security" team, Mueller said, when asked by Rep. Mark Steven Kirk, R-Ill., whether the FBI is taking every precaution to prevent hackers from accessing the FBI computer system.
Mueller said the FBI is requesting $234.4 million to protect the United States against cyberattacks and high-tech crimes. He said the three priorities of the bureau's new cyberdivision are: identifying and stopping individuals or groups conducting computer intrusions and spreading malicious code on the Internet; catching intellectual property thieves and Internet frauds; and halting online predators who exploit children.
Commenting on the cyberdivision's success, Mueller said the FBI last year identified 2,554 compromised computers, resulting in 95 convictions and $186 million in restitutions. The bureau's Innocent Images National Initiative investigations resulted in 692 arrests, 648 indictments and 646 convictions, he said.
Separately, subcommittee ranking Democrat Jose Serrano of New York pressed Mueller on his actions to ensure that the agency is balancing civil liberties with the bureau's increased efforts in counterterrorism and counterintelligence. Mueller pointed to the numerous laws that check the agency's power and assured him that through training, outreach with Arab communities and other measures, the FBI is ensuring that its 25,000 agents respect individuals' civil liberties.
"I believe that [the Justice Department] and FBI are very concerned about civil rights guaranteed by the Constitution," Mueller said.
Subcommittee Chairman Frank Wolf, R-Va., suggested that the FBI do more to educate the public on the bureau's efforts to protect civil liberties.
*******************************
Government Executive
Creation of cybersecurity post in administration appears imminent
By William New, National Journal's Technology Daily
The Bush administration appears poised to announce the creation of a position designed to ensure that cybersecurity gets high-level attention, officials said on Thursday.
Homeland Security Secretary Tom Ridge currently is seeking the best candidate and the choice "will be coming sometime soon," said Sallie McDonald, a senior official in the Homeland Security Department division focused on information analysis and infrastructure protection. McDonald spoke at an event of the Information Technology Association of America (ITAA).
But it is still unclear whether the new position will be focused on cybersecurity throughout the government or as it relates to the work of Homeland Security. Officials stressed that the issue will receive attention at both levels.
"At the department level, we will have a senior-level official working oncyber security," McDonald said after the event. She said the person would report directly to Ridge.
At the same time, cybersecurity is getting more attention at the White House. Paul Kurtz, who is working on critical infrastructure protection for the White House Homeland Security Council, formerly the Office of Homeland Security, is "very interested" in cybersecurity, McDonald said.
A tech industry source said the new Homeland Security Council, as an equivalent of the National Security Council, has a policy-coordinating role for homeland security issues. He said Kurtz is to be named a senior director to the council for critical infrastructure policy and as the special assistant to the president for critical infrastructure protection.
Kurtz is assembling a team that could include cybersecurity expertise, the source noted. But industry would like to see a senior adviser for critical infrastructure protection and cybersecurity at Homeland Security, too, he said.
Howard Schmidt, the White House special adviser for cybersecurity, is one candidate who appears to have the confidence of industry and government officials. "Industry strongly supports Howard as a principal cybersecurity adviser to Secretary Ridge or the White House," a software industry source said at the event.
The administration has received pressure from industry and Congress to separate and elevate its focus on cybersecurity since it eliminated the position of White House adviser on cybersecurity held by Richard Clarke.
"Just because Dick Clarke left doesn't mean the whole thing's going down the tubes," McDonald said. Instead, after the transition at Homeland Security is complete, the administration's ability to address cybersecurity will emerge stronger. "Just give us time," she said.
"That's the kind of strong signal I'm talking about," replied panel moderator Dan Burton, vice president of government relations at Entrust and co-chairman of the ITAA information security committee.
Sen. Robert Bennett, R-Utah, expressed comfort with the administration's progress on cyber security. He added that National Security Adviser Condoleezza Rice is "eminently well-qualified," with a background in cybersecurity, to give the issue attention at her "very high level," as well as within Homeland Security.
Republican Reps. Sherwood Boehlert of New York and Tom Davis of Virginia said they support more cyber-security focus, though not necessarily by creating a departmental position.
*******************************