[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips May 21, 2003
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;, BDean@xxxxxxx;
- Subject: Clips May 21, 2003
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Wed, 21 May 2003 14:25:29 -0400
Clips May 21, 2003
ARTICLES
Justice Dept. Lists Use of New Power to Fight Terror
Microsoft Proposes Law on Junk E-Mail
U.S., Philippines Sign Multiple Agreements
U.S. Makes Digital Log of Iraq Prisoners
IT used in terror exercise had mixed results
$3M Award for Libel on Internet Upheld
Man Gets $534,000 Fine in Stock Case
E-rulemaking systems may live on
British Town Bans Picture Phones to Stop Pedophiles
Report: Home networking to branch out
Will a Spell-Check Check Gàidhlig?
NIST drafts rules for gauging security risks
Congress urged to watch privacy
Study finds local governments have static Web presence
Pentagon agency defends anti-terror data mining initiative
Knowledge Center: The hoax is on you!
The Pentagon's PR Play
Edwards Proposes Rural Development Plan
*******************************
New York Times
May 21, 2003
Justice Dept. Lists Use of New Power to Fight Terror
By ERIC LICHTBLAU
WASHINGTON, May 20 In the most detailed public accounting of how it had used its expanded powers to fight terrorism, the Justice Department released information today showing that federal agents had conducted hundreds of bugging and surveillance operations and visited numerous libraries and mosques using new law enforcement tools.
In one of the more striking examples of their new powers, Justice Department officials said they were now reviewing some 4,500 intelligence files in terrorist cases to determine whether criminal charges should be brought. Such a mingling of intelligence and criminal investigations was largely banned under internal Justice Department procedures that were in place before the terrorist attacks of Sept. 11, 2001.
A 60-page report to members of Congress was intended to answer concerns from lawmakers who say the department has kept them in the dark about its counterterrorism operations and has not done enough to safeguard civil liberties in its pursuit of terrorists.
The report provided dozens of pieces of previously undisclosed data on a variety of activities including the use of hundreds of secret search warrants and the fact that some 50 people had been detained without charges as material witnesses.
The department portrayed its use of its new powers as judicious and restrained, but officials are still refusing to divulge certain data publicly because they said it would compromise classified areas. Civil liberties advocates said the vagueness in these areas buttressed their concerns about how the department's powers were being used.
The numbers the department provided on several of the most hotly debated issues appeared relatively low. For instance, the department said agents from "fewer than 10" F.B.I. field offices had visited mosques as part of their investigations, a new power granted to agents last year by Attorney General John Ashcroft.
And agents have contacted about 50 libraries nationwide in the course of terrorism investigations, often at the invitation of librarians who saw something suspicious, said Viet Dinh, an assistant attorney general who briefed members of the House Judiciary Committee on the findings at a hearing today.
Librarians, concerned about the government's ability to pry into the public's reading habits, have said they believe libraries have been contacted much more frequently.
Justice Department officials maintained that the relatively small numbers in some critical intelligence areas showed that agents were using their new powers sparingly.
"We've had so much erroneous hysteria out there about our counter-terrorism authority and how it's used," said a spokeswoman for the department, Barbara Comstock. "What this demonstrates is that these tools have been very carefully targeted, and when we do use them, it's because there are valid reasons that often involve life and death."
In the 1970's, in response to public outrage over abuses by the F.B.I. and C.I.A. in monitoring legitimate political dissent, tight new restrictions were placed on federal agents.
But after the Sept. 11 attacks, the federal authorities complained that the restrictions had gone too far, and several major overhauls most notably antiterrorism legislation known as the Patriot Act and new guidelines instituted last year by Mr. Ashcroft significantly loosened those restrictions.
The report analyzed the new tools made available to the federal government under the Patriot Act, and found that the department had made widespread use of surveillance and eavesdropping tools to track suspected terrorists.
In the first year after the attacks, for instance, Mr. Ashcroft approved 113 emergency authorizations for secret foreign intelligence warrants for electronic or physical surveillance, compared with fewer than 50 in the previous 23 years.
In addition, according to the report, the Justice Department sought 248 times to delay having to notify the target of an investigation that a warrant had been executed. The department said it was never turned down by a court in its requests to delay the notification, and the delays sometimes amounted to 90 days or more.
The department said the delays were necessary to avoid endangering sources and informants, jeopardizing undercover operations, or preventing the destruction of evidence.
The department also divulged for the first time that the number of material witnesses held in terrorism investigations as of January was "fewer than 50." Officials said they could not provide the exact number for security reasons.
The department has stepped up its detentions of material witnesses as a tactic in terrorism investigations.
While some high-profile detentions have become known publicly, most have been kept secret and the federal authorities have refused to say how many people they have detained using this method.
The department's report said that about 90 percent of the material witnesses were held for 90 days or less, 80 percent were held for 60 days or less, and about half were held for 30 days or less.
The department maintained that its expanded powers had given it greater speed and flexibility in responding to terrorist threats.
In the case of the anthrax attacks in the fall of 2001, for instance, the department said a provision of the law allowing a court to issue a search warrant in another jurisdiction allowed a Washington judge to issue a warrant for Florida.
That "saved investigators from wasting valuable time on petitioning another judge in another district for that authority," the department said.
Provisions of the act were also put to use in tracing Internet communications during the investigation into the murder of the Wall Street Journal reporter Daniel Pearl, as well as in investigating kidnappings, a school bomb scare and other breaking investigations in the United States, the department said.
Lawmakers at today's hearing of a House Judiciary subcommittee said they agreed that the continuing terrorist threat required more inventive responses from law enforcement. But Republicans and Democrats alike said they shared concerns about civil liberties implications for ordinary Americans.
"As we move forward in the process of providing the strong measures that are necessary to combat terrorism, we must also keep in mind the importance of protecting civil liberties Americans hold dear," said Representative Steve Chabot, Republican of Ohio, who presided at the meeting.
The new data from the department did little to mollify some Congressional critics who accused the department of withholding information critical to an assessment of its performance on terrorism.
"I would hope that the administration would be more responsive to Congressional requests for specific, rather than general, information," said Representative Jerrold Nadler, Democrat of New York. " `We can't tell you,' or, in effect, `it's none of your business' are not adequate or acceptable answers."
*******************************
Washington Post
Microsoft Proposes Law on Junk E-Mail
By Jonathan Krim
Wednesday, May 21, 2003; Page E01
Microsoft Corp. is proposing a new legislative approach to battling junk e-mail, hoping to bridge a widening gap between various industry and consumer groups that threatens to bog down congressional efforts to eradicate spam.
Like several bills already proposed or being drafted, the software giant wants increased penalties for the fraudulent practices of many spammers who peddle diet fads, get-rich-quick schemes and pornography.
But the company is also pushing for an electronic seal-of-approval system for all e-mail marketing, to ensure that legitimate marketers meet high standards and to help consumers weed out unsavory or unwanted spam.
Under the company's plan, unsolicited commercial e-mail would have to be labeled with "ADV" -- short for advertisement, a system used in some states and proposed in a bill by Sen. Charles E. Schumer (D-N.Y.) The new wrinkle, however, is that companies could forgo the label if they join a "trusted sender" program that mandated e-mail marketing rules, such as ensuring that consumers are removed from mailing lists if they request it.
The rules would be set by industry and technology groups, administered by a third party and overseen by the Federal Trade Commission, said Ira Rubinstein, Microsoft associate general counsel.
The proposal comes at a time of heightened attention on Capitol Hill to spam. The Senate Commerce Committee is holding a hearing today on the problem, after two of its members, Sens. Conrad Burns (R-Mont.) and Ron Wyden (D-Ore.), recently joined forces to introduce legislation.
Previous attempts in Congress to regulate junk e-mail failed, but with spam now accounting for roughly 40 percent of all e-mail traffic, analysts expect some form of legislation to pass this year. Lobbyists for the technology, Internet access, marketing and retailing industries, as well as consumer groups, are working to influence the crafting of various bills.
One widely anticipated bill, to be sponsored by Reps. W.J. "Billy" Tauzin (R-La.) and F. James Sensenbrenner Jr. (R-Wis.), was scheduled to be introduced last week but was pulled back for revisions after it was criticized as being too weak by consumer groups and state prosecutors. Sources on Capitol Hill said they now expect it to be introduced later this week.
But the bill has already lost some support, including from Republicans. A spokesman for Rep. Heather A. Wilson (R-N.M.), said yesterday the congresswoman could not support the bill and will be introducing a different measure, co-sponsored by Rep. Gene Green (D-Tex.).
The rancor over the Tauzin-Sensenbrenner bill highlights the deep divisions over the best way to attack spam.
The marketing and retailing industries want legislation to focus on spammers that fraudulently disguise their origin, gather e-mail addresses by using special software to "scrape" them off of Internet Web pages, and sell unsavory products or services.
They fear overly restrictive laws will damage the ability of legitimate marketers to send advertising that might interest consumers. In addition, they want one federal law to govern spam, rather than the current patchwork of state statutes that vary in approach and strength.
And they want consumers to be prohibited from suing spammers directly, fearing nuisance suits when marketers make honest mistakes.
Anti-spam organizations and other consumer and privacy advocates argue that any unsolicited commercial e-mail, regardless of the legitimacy of the sender, is spam. At minimum, these organizations want computer users to be able to sue, states to be able to experiment with different laws, and marketers to be prevented from sending e-mail unless specifically requested by consumers.
In the middle are e-mail account providers, whose networks bear the brunt of the flood of spam and whose users are irate when spam slips through software designed to filter it out.
The three largest, Microsoft, America Online and Yahoo Inc., are trying to balance the needs of their e-mail users with their own businesses, which often rely on advertising and marketing of other services.
None carries more individual clout than Microsoft, which has one of the largest lobbying operations in Washington. Although the company participated in several sessions to help craft the Tauzin-Sensenbrenner bill, Rubinstein said the company would only throw its weight behind a bill that included the trusted-sender notion.
"Our approach is premised on shifting costs back to the senders," Rubinstein said. "It's like junk mail and telemarketing," both of which cost marketers, as opposed to e-mail advertising that is virtually cost-free.
In addition to the public seal of approval for marketers that abide by certain rules, the technology industry would develop a digital tag that would further help spam filters weed out untrustworthy mail, he said.
But initial reaction to the idea was tepid. A spokesman for AOL said the trusted-sender idea has been discussed among a coalition formed recently between Microsoft, Yahoo and AOL to fight spam, but he is not sure it makes sense to include it in legislation.
Yahoo had no specific comment on the proposal.
Marc Rotenberg, head of the Electronic Information Privacy Center, said the proposal does not address the core need of consumers, which is to be free of commercial e-mail unless they specifically request it.
Representatives of the direct-marketing industries said they have initiated trusted-sender guidelines for their members, and support the idea of a seal-of-approval system. But they said the are skeptical that any mandatory-labeling provision would be effective.
*******************************
Associated Press
U.S., Philippines Sign Multiple Agreements
Tue May 20, 7:06 PM ET
WASHINGTON - The United States and the Philippines signed agreements Tuesday to bolster Philippine law enforcement and promote collaborative exchanges in science and information technology.
Secretary of State Colin Powell (news - web sites) and Foreign Secretary Blas Ople signed the agreements during a ceremony at Blair House, near the White House.
The agreements are the first of their kind between the United States and its former colony, the State Department said.
Under the law enforcement pact, the United States will provide technical help and training and support development of the criminal justice system to make it more effective in fighting terrorism, drug trafficking and other major crimes, State Department spokesman Richard Boucher said.
Also, Ople and Andrew Natsios, administrator of the Agency for International Development, signed an agreement to finish decommissioning and reintegrating returned combatants of the Moro National Liberation Front, which signed a peace agreement in 1996 after a quarter-century of fighting.
With U.S. assistance, the government in Manila has been helping one-time fighters' transition into civilian life in the southern Philippines, Boucher said. The Philippines, a Spanish colony for more than three centuries, is overwhelmingly Roman Catholic.
The predominantly Philippine government currently is fighting two other Muslim groups in the south, the Moro Islamic Liberation Front and the smaller Abu Sayyaf, which the United States says is linked with the al-Qaida terror network.
*******************************
Associated Press
U.S. Makes Digital Log of Iraq Prisoners
Tue May 20,10:59 AM ET
By JIM KRANE, AP Technology Writer
NEW YORK - U.S. interrogators in Iraq (news - web sites) are building a digital catalog of prisoners of war and loyalists of Saddam Hussein (news - web sites)'s Baath Party, scanning and saving their fingerprints and other body characteristics in databases.
The data banks, controlled by the FBI (news - web sites), CIA (news - web sites), Department of Homeland Security and other federal agencies, are being used to investigate suspicious foreigners entering the United States, as well as to trace suspects in future terrorist attacks.
The move also reflects the U.S. government's desire to keep tabs on Iraqi fighters after releasing them when the Iraq war is declared ended.
"We do this passive collection when we go in, because these guys will scatter over time," said Thomas Barnett, a professor at the Naval War College who advises the Office of the Secretary of Defense. "When you have the opportunity to tag them, you tag them before you release them to the wild."
While officials at U.S. Central Command refused to confirm the process, developers of the technology and some U.S. officials provided The Associated Press with details.
One of the tools, the Biometrics Automated Toolset, or BAT, is cataloguing Iraqis for "several classified databases" shared among intelligence, law enforcement and border control agencies, said Lt. Col. Kathy De Bolt, deputy director of the Army Intelligence Center at Fort Huachuca, Arizona, where the BAT was developed.
The idea is to use the rugged laptop and its attached scanners to "register" Iraqi prisoners, then alert law enforcers when one tries to enter the country.
"If you were at the FBI, wouldn't you want to know if someone were a Baath official and he did some bad things, and then he puts in a visa application to come to the United States?" De Bolt said.
"Although they might not be a terrorist now, they might have some anti-American feeling," she said. "They might be a terrorist in the future."
Some doubt the value of such a database. Since the U.S. government never showed a clear link between Saddam's regime and the Sept. 11 terror attacks, a compendium of Iraqis is probably of little use in homeland security, said Vince Cannistraro, a former CIA counterterrorism chief.
"The people we were fighting were by and large conscripts. They're not a pool of future terrorist operatives," Cannistraro said.
Only the more "interesting" of the 3,500 current Iraqi prisoners down from a peak total of 7,000 will find themselves in a U.S. database of terror suspects, De Bolt said.
U.S. military and intelligence officials started building the biometric dossiers in Afghanistan (news - web sites), taking digital scans of the fingerprints, irises and voices of Taliban and al-Qaida prisoners, including those jailed at Guantanamo Bay, Cuba.
U.S. Special Forces continue to use the BAT in Afghanistan to spot-check detainees' features against those in an FBI database, De Bolt said.
Biometrics the measuring of physical human features ensure that a person, once registered, can be identified later, even if his or her identity documents or facial characteristics change. The process involves capturing and matching unique whorls on a fingerprint, vibrations of a vocal cord or patterns in an iris considered the most reliable.
Stored in a central database, the biometric files get searched for a match each time they're queried by, say, an immigration inspector at Miami International Airport or an FBI agent poring over a crime scene.
"Let's say you pick up some documents in Buffalo, New York, and you lift a few fingerprints. You can scan them through the system. Let's say they match an (Iraqi) detainee. You know who handled (the documents)," a U.S. intelligence official said, speaking on condition of anonymity. "That's already happening."
U.S. Military Police in Iraq use another biometric scanner developed by Florida-based Cross Match Technologies to capture and transmit fingerprints to the FBI's Integrated Automated Fingerprint Identification System, said Adam Rosefsky, a company executive who handles government sales.
The FBI manages the data for the military and the Department of Homeland Security, said FBI special agent John Iannarelli in Washington, D.C. If it finds a match with a terrorist suspect, the FBI notifies Central Command, Iannarelli and Rosefsky said.
Army MPs used Cross Match to vet the backgrounds of the "Free Iraqi Forces," several dozen lightly armed Iraqi exiles the Pentagon (news - web sites) organized to guide U.S. invasion forces, said Sgt. Dean Young of the 76th Military Police Battalion, Fort Bliss, Texas.
"We needed to see that we didn't have anybody embedding with us and then committing some kind of terrorist act," Young said.
Access to the catalogued Iraqis also is given to the State Department and Homeland Security border officials, officials at both agencies said.
Homeland Security's Bureau of Immigration and Customs Enforcement seeks matches of suspicious foreigners at the borders and during mandatory registration of men from 25 predominantly Muslim countries.
Such data led to the arrests of about eight terrorist suspects in recent months, a bureau official said, speaking on condition of anonymity.
For now, biometrics are little use to the State Department, which isn't equipped to gather fingerprint or iris scans from visa applicants or check them against those in databases, said Stuart Patt of the department's Bureau of Consular Affairs.
The State Department is required to have the capability by 2004, Patt said.
For the Pentagon, biometrics may be key to finding a new kind of enemy that roams across borders.
"We're increasingly fighting wars against individuals, so you have to track individuals," Barnett said. "They're not going to be wearing uniforms. They mingle."
*******************************
Government Computer News
05/20/03
IT used in terror exercise had mixed results
By Wilson P. Dizard III
The post-action analysis of emergency responders? IT readiness generated mixed results in the recent Topoff2 simulated terrorist attacks on Chicago and Seattle, officials said.
Homeland Security secretary Tom Ridge acknowledged at a House Select Homeland Security Committee hearing today that federal officials in Seattle had provided varying information about the simulated radioactive plume from the mock radiological weapon released in Seattle.
Getting a model of the radiological plume took too long, Ridge said. ?We need to identify a single source in the federal government? to provide plume modeling.
Meanwhile officials in Chicago reported problems with local communication links via cellular phone and with emergency management officials in Washington, but Illinois? Hospital Health Alert Network functioned well, according to Tom Shaffer, spokesman for Gov. Rod R. Blagojevich.
The mock biological weapon release took place on Saturday, and ?people began to show up in the hospitals on Monday,? Shaffer said. ?We were able to identify it as plague by noon Tuesday,? he said, as a result of hospital admissions tracking via HHAN.
Monitors who tracked the progress of the simulated attacks will prepare a report for analysis in the months to come, officials said.
*******************************
Law.com
$3M Award for Libel on Internet Upheld
A student's Web site raises jurisdictional issues in a state appeal
Dee McAree
The National Law Journal
05-21-2003
In its first case on Internet jurisdiction, the North Dakota Supreme Court has affirmed a $3 million libel award to a university professor who was defamed on a student's Web site.
The ruling is the latest in an area of law -- Internet jurisdiction -- that judges are grappling with across the country. Wagner v. Miskin, No. 20020200.
Article http://www.law.com/jsp/article.jsp?id=1052440764269
*******************************
Associated Press
Man Gets $534,000 Fine in Stock Case
Wed May 21,12:25 AM ET
LOS ANGELES - A judge ordered a former university student to pay regulators more than $500,000 for allegedly posting false messages about stocks on the Internet so he could profit from ensuing buying or selling sprees, federal regulators said Tuesday.
The Securities and Exchange Commission (news - web sites) contends that Refael Shaoulian, 26, sought to manipulate the price of five stocks while he was a student at University of California, Los Angeles.
Shaoulian created false online identities on university computers then posted hundreds of false messages about the stocks on Internet bulletin boards and chat rooms, the SEC said in its civil complaint.
Shaoulian gained more than $410,000 from the stock sales, and spread the funds among 21 bank and brokerage accounts he controlled with his father, Samuel Shaoulian, and brother, Rabin Shaoulian, the SEC said.
U.S. District Court Judge Consuelo B. Marshall ordered the Shaoulians to pay the government $534,408.72, including $114,297.38 in interest and a $10,000 civil penalty against Refael Shaoulian.
No number was listed for Refael Shaoulian. A phone number for a Samuel Shaoulian of Los Angeles was unlisted. A message left at the home of Rabin Shaoulian was not returned Tuesday.
*******************************
Federal Computer Week
E-rulemaking systems may live on
BY Diane Frank
May 20, 2003
NEW ORLEANS -- Almost every e-government initiative includes a plan for old systems to be shut down when new ones make them obsolete, but with e-rulemaking, some systems may be looking forward to a longer and more productive life.
Many of the electronic docket systems across government do more than just handle the rulemaking process. Often, e-docket systems will also handle all or part of an agency's records management and Paperwork Reduction Act requirements, said Oscar Morales, program manager for the e-rulemaking initiative at the Environmental Protection Agency.
It is important to examine the impact of shutting down the entire system on those extra functions, said Tad Anderson, manager for the government-to-business e-government portfolio at the Office of Management and Budget.
Therefore, initiative leaders are looking into how those extra functions could be expanded or repurposed, Morales said. If the document-management or other functions in one agency's system can be used by multiple agencies, that can only add value to what the government gets out of existing systems, he said.
The EPA-led team has already released the first phase of the e-rulemaking initiative -- the Regulations.gov portal, which enables citizens to find all proposed federal rules. The next phase is to enhance the EPA e-docket system to provide a single commenting and management system. The potential shutdowns will come in the third phase as existing systems migrate to new back-end rulemaking management tools for agency officials, Morales said.
He was speaking today at the Federation of Government Information Processing Councils' Management of Change conference.
*******************************
Government Computer News
05/20/03
Government IT security gets an advisory board
By William Jackson
GCN Staff
Thirteen senior government information security professionals have agreed to serve on an advisory board to help define certification needs for IT security professionals.
The board was created by the International Information Systems Security Certification Consortium (ISC2), which provides training and testing for the Certified Information Systems Security Professional certification. The board will advise ISC2 on certification and training needs specific to government. The board will be co-chaired by Bruce A. Brody, associate deputy assistant secretary for cyber and information security at the Veterans Affairs Department, and ISC2 director of government affairs Lynn McNulty.
?It?s all about professionalization,? Brody said. The CISSP certification is widely known in industry, ?but not that widely known in government. ISC2 is looking for a way to take what has been accomplished in industry and adapt it for the government. To do that, they need to know government?s unique needs.?
CISSP covers a general body of knowledge about IT security. ?We operate in a completely different environment, with legislation, regulatory and oversight requirements,? Brody said of government IT professionals. ISC2 is looking for advice on how to adapt its certifications to government needs, or to create new government- or agency-specific certifications.
?For the last couple of years, there has been a lot of talk about how the government needs to lead by example in cybersecurity,? said McNulty, former associate director for computer security at the National Institute of Standards and Technology. ?We think increasing the professionalism of the government IT security work force is key to leading by example. As a former fed I?m very sympathetic to what the government is trying to do.?
McNulty said the government committee is the first of what is expected to be a series of advisory boards focusing on separate sectors. The government sector came first because of the call to lead by example and because its needs ?are a little more complex? due to the amount of classified and sensitive information government systems hold.
The board?s first meeting will be June 4 in Washington and it is expected to meet at least three times a year. McNulty said there is no timetable for producing the first recommendations.
All board members are CISSP-certified. They are:
Barbara Cuffie, principal security officer, Office of Systems, Social Security Administration
Nancy DeFrancesco, IT security manager, Commerce Department
Arthur R. Friedman, National Security Agency liaison to the Defense Information Systems Agency
Joan Hash, manager of the NIST Computer Security Division?s Security, Management and Guidance Group
Kim A. Johnson, senior policy analyst, Office of Management and Budget
Louis Magnotti, information systems security director, House of Representatives
Roger Mahach, security manager, Interior Department
Jerry G. Ormaner, operational security program manager for the Justice Department?s telecommunications services staff
M.M. Pickens, senior policy analyst, DISA Office of the Chief Information Assurance Executive
John R. Rossi, computer scientist for information security and training, Federal Aviation Administration
C. Michael Smith, deputy chief of NSA?s Operation Network Evaluation Division
G.E. Woodford III, director of computer and telecommunications security in the Homeland Security Department?s Bureau of Immigration and Customs Enforcement.
(Updated 4:42 p.m. May 20, 2003)
*******************************
Federal Computer Week
Philly tries computer driving license
BY Brian Robinson
May 20, 2003
Philadelphia will be the first U.S. city to use a certification program developed in Europe to provide a pool of workers with guaranteed levels of basic computer skills.
Ten centers are opening in the city this month to provide testing for the International Computer Driving License (ICDL), and more are planned to certify what city officials hope will be thousands of potential candidates.
"It will provide a baseline on which people can build their computer skills and grow," said Carole Smith, executive director of the Philadelphia Mayor's Commission on Technology (MCOT). "It will also verify whether or not the schools and other [educational] organizations are actually giving their students the skills they need to perform basic computer tasks."
Eventually, she said, Philadelphia employers could come to require the ICDL certificate of all their job applicants.
That's already happening in many places in Europe, according to Grant Castle, president of ICDL-US (www.icdlus.com), to the point where job advertisements tell applicants not to bother coming to an interview if they don't have the certificate.
More than 3 million candidates in more than 100 countries have already been tested against the program's syllabus, Castle said.
"Studies have shown that many people who use computers take an average of two-and-a-half hours a week away from their jobs to try and work out how to use computer applications, and usually they have to pull another co-worker away from their job to do that," he said.
But 70 percent of the problems these workers run up against -- such as basic filing, word processing and spreadsheet use -- is covered by the ICDL course, Castle said.
The course includes a curriculum of seven modules that teaches these kinds of skills. If students pass four modules -- taught and tested via the Web they will earn a basic "driver's license," Smith said. If students then pass the other three, they will get a full license.
The ICDL in Philadelphia is being implemented by the newly formed Greater Philadelphia Computer Skills Collaborative, which includes MCOT, IBM Corp., the Greater Philadelphia Chamber of Commerce, the United Way of Southeastern Pennsylvania and other companies, unions and academic organizations.
Robinson is a freelance journalist based in Portland, Ore. He can be reached at hullite@xxxxxxxxxxxxxxx
*******************************
Reuters
British Town Bans Picture Phones to Stop Pedophiles
Tue May 20, 2:09 PM ET
BOLTON, England (Reuters) - A British town has banned the use of camera-equipped mobile phones in its sports centers to prevent pedophiles taking pictures of children, a spokesman said Tuesday.
Sports center users would have to hand in their picture phones at reception as part of a new policy banning all picture-taking equipment from areas such as changing rooms, toilets and showers, said Alf Atkinson, a spokesman for Bolton Council, in northern England.
"Mobile phones can be used for taking photos and there is evidence of those photos being downloaded onto World Wide Web sites," Atkinson said in a statement.
He said the move was suggested by a body that promotes best practice in leisure centers, the Institute of Sport and Recreation Management.
"The policy is being changed for child protection reasons," Atkinson added.
He said he believed Bolton was the first council in Britain to ban the use of picture phones, but visitors would still be able to take pictures in its sports centers with written permission.
*******************************
New York Times
May 21, 2003
A New Attempt to Monitor Media Content
By JIM RUTENBERG
After a television season in which two Fox reality shows included strong hints that contestants were engaging in oral sex, and profanities seemed to slip past network censors with ease, a group backed by business leaders and former government officials plans to announce an effort today to pressure the big entertainment companies to be more responsive to parents' concerns.
The new group, called Common Sense Media, is introducing a Web-based media ratings system, devised with help from the publishers of the Zagat guides, that will rank entertainment products based on language, violence, sexual content and adult themes. Eventually, the group would like to spearhead the adoption of easy-to-understand parental guidelines to television shows, movies, albums and video games, to replace a hodgepodge of systems overseen by the various industries.
Common Sense says it has an initial investment of $500,000, and its backers have pledged more. Among the financial backers of the project are Charles R. Schwab, the brokerage company executive; Philip F. Anschutz, the founder of Qwest Communications International and a major owner of movie theaters; George R. Roberts, a co-founder of the leveraged buyout firm Kohlberg Kravis Roberts & Company; and James G. Coulter, a founding partner in the Texas Pacific Group investment firm.
Two former chairmen of the Federal Communications Commission, William E. Kennard and Newton N. Minow, sit on its board, as does Millard S. Drexler, the chief executive of J. Crew. "There is a huge amount of frustration among parents, including myself, that the media are not giving parents enough information to judge what's appropriate for our kids," Mr. Kennard said.
"We envision this organization, first, to give parents a way to protect themselves, to judge what's coming into their home; second, to give them a chance to channel their frustration to people who know how to influence policy." (Mr. Kennard also sits on the board of The New York Times Company.)
Common Sense will ask users of its Web site to enroll as members for a suggested donation of $25. "We want to create a huge constituency for parents and kids in the same way that Mothers Against Drunk Driving or the AARP has done," said James P. Steyer, the founder of Common Sense and author of "The Other Parent," a book about the effects of media on children. "We can pressure the media industry itself, and the now completely dormant F.C.C., to balance the public interest."
While children's advocates applaud Common Sense's object, some say it is an unrealistic one.
Other media watchdog and activist groups have yet to achieve sustained significant influence on government media policy or the way entertainment companies market their wares. And not many parents have made use of devices, like the V-chips for television, that allow them to block content they deem objectionable.
"Their attentions are divided; they've got a whole other set of issues they have to be concerned with, though media is certainly one of them," said Kathryn C. Montgomery, a leader in the fight for television content ratings in the late 1990's and the president of the Center for Media Education, a children's advocacy group. "Whether they can be mobilized effectively around a broad set of good policy goals for the future of the media still remains a question."
To assess the level of concern among parents, Common Sense commissioned a poll from Penn, Schoen & Berland Associates, the polling firm, which last month interviewed 1,000 parents with at least one child between the ages of 2 and 17 living at home. The firm said 64 percent believed that media products in general were inappropriate for their families. It said that 81 percent expressed concern that the media in general were encouraging violent, or antisocial behavior in children. The firm said that only one out of five interviewed "fully trusted" the separate industry-controlled ratings systems for music, movies, video games and television.
"The current system doesn't work for parents, that's clear," said Mr. Steyer, who is also the founder of the Children Now advocacy group and a lecturer at Stanford University
Common Sense and its guide are not the first of their kinds. The Parents Television Council, a nonpartisan group that is now 800,000-strong and is run by L. Brent Bozell III who also runs a conservative group that seeks to flag liberal bias in the news media has a Web site (www.parentstv.org) that rates television content. And the Catholic League occasionally weighs in on what it believes to be inappropriate content.
Mr. Steyer said that he wanted to work with all the activist groups but that Common Sense's roster of supporters and advisers gives it serious influence with regulators and industry leaders.
And, he said, unlike others that focus mainly on television, movies or video games, the Common Sense site (www.CommonSenseMedia.org) will include staff-written reviews of movies, TV shows, popular music, books, Internet sites and video games. It will also include reviews submitted to the site by parents and children those would contribute to a separate consumer rankings.
In a telephone interview, Tim Zagat, co-chairman of Zagat Surveys, said he agreed to help with the project because "an awful lot of what children are exposed to and sold in this country is utter garbage."
But the approach of Common Sense is likely to run into resistance from the industries it aims to monitor.
"I don't know how you could have a single one that could apply to everybody," said Jack Valenti, the president of the Motion Picture Association of America, a group that devised the current movie rating system and participated in the creation of the television ratings system. "A video game is a hell of a lot different from `Friends' on television, and `Friends' is a lot different from movies."
Mr. Valenti, who pointed to research he had from another firm, the Opinion Research Corporation, showing parents overwhelmingly trusted the movie ratings system, also said the Common Sense Web site was vulnerable to being overtaken by "zealots."
"The chances are that people who get on that Web site every day making judgments about movies are going to be the ones who say it's vulgar, unwholesome, terrifying and the world is going to hell in a handbasket," he said.
Mr. Steyer said the Web site was designed to protect against infiltration by groups with agendas, including film or television companies.
"It will be very good for Mr. Valenti and his friends in the industry to hear what parents really feel about the current rating system and some of the products that their kids are being exposed to," Mr. Steyer said.
*******************************
CNET News.com
Report: Home networking to branch out
By Dawn Kawamoto
May 20, 2003, 12:35 PM PT
Forty-four percent of U.S. online households will have home networks in place by 2008, according to a Forrester Research report released Tuesday.
The anticipated growth is expected to come as users branch out from networking their multiple computers to connecting their networks to entertainment equipment and then, later, to household appliances, according to the report. Currently, 12 percent of U.S. online households have home networks.
"What comes after the PC network is a bridge from the PC home network to the entertainment center," said Charles Golvin, a Forrester senior analyst. "People want to play their audio stored on their PC networks on their stereos, or take a slide show of their digital photographs and show it on TV. The third stage is home automation functions using computer resources, like improving your home security system."
Creating a PC network is an attractive starting point for a number of consumers who want to share resources, such as broadband connections, printers and files. And cheap component prices have helped spur those efforts, Golvin said. Routers in a wired networking system, for example, cost roughly $40.
And in a couple years, the PC network is expected to expand to home entertainment devices in greater numbers. Wireless 802.11g, for example, will have its standards established by then and fall under mainstream technology. 802.11g will allow users to send video from their computers to their TVs. The PC network serves as a rival to set-top boxes, which want to dominate the functions of an entertainment system.
Although establishing a PC network and expanding it to entertainment devices is still a difficult task for the average consumer, those considering such a move may find solace in the relatively cheap component prices, Golvin noted.
But home appliances tied to a PC network may not be so lucky. The cost to develop a network-ready dishwasher may make its retail price prohibitive, Golvin said. However, in the next four years, greater adoption of home-automation appliances may take root.
"We can expect to see reasonable adoption by 2007," Golvin said. "There will be enough network homes by then, so there's an installed base and, as a result, a greater demand for these appliances and devices."
Forrester predicts that 37 million U.S. households will have a home network by 2008--a four-fold increase from the estimated 8.1 million for 2003.
And although phone lines and Ethernet can be found in roughly 86 percent of home networks in the United States, wireless is expected to account for the majority in the coming years, Golvin said. He noted that wireless accounts for 14 percent today.
*******************************
Wired News
Will a Spell-Check Check Gàidhlig?
02:00 AM May. 21, 2003 PT
Scottish Gaelic, one of the Western world's least spoken languages, could get a boost toward survival from Microsoft.
Speakers of the ancient tongue -- used by just 58,650 people and falling -- plan to ask Microsoft managers to include a custom spell-checker with the language in the Office suite.
The outcome of their talks could have wider implications for speakers of other minority languages, from Icelandic to Catalan, who have long campaigned for customized versions of Microsoft's ubiquitous software.
Campaigners said a Gaelic spell-checker could help reverse its slow decline.
The number of Scottish Gaelic speakers has fallen 11 percent in the last 10 years to an all time low, according to the latest U.K. census figures released in February. Most were concentrated in rural areas in the north of Scotland.
Allan Campbell, chief executive of Bord na Gàidhlig, or the Gaelic Board, in Inverness said a spell-checker would give students and other speakers the confidence to overcome centuries of dominance by Scotland's English-speaking establishment.
"One of our main problems is that there are thousands of people who speak the language but can't read or write it," said Campbell. "It wasn't encouraged in school."
Gaelic folklore is full of old stories of teachers literally beating the language out of children.
"Over the years, Gaelic speakers were taught that it wasn't really a worthy language," said Campbell. "It was just something for consenting adults in private. The idea of having a spell-checker would be a huge boost for people who feel their Gaelic is not up to scratch."
A spell-checker, he said, would give people more confidence to use the language in everything from school essays and e-mails to business and government correspondence. It would also standardize Scottish Gaelic spelling which, until recently, varied from region to region.
If Microsoft gives the go-ahead for Scottish Gaelic, supporters will have a head start on the process of actually building a spell-checker. They will be able to build on an engine that's already been developed for Irish Gaelic (a closely related language) and released by Microsoft in February.
A team from the European Language Institute, which specializes in writing dictionaries for all languages used by local governments in Europe, has already started developing a database of 65,000 Scottish Gaelic words for a trial version.
Leo McNeir, who is leading the language team, will need to build his lexicon up to 250,000 for the final version. After that, Microsoft would test it to make sure it doesn't clash with any of its software packages. If the testing period for Irish is anything to go by, that could take up to two years.
"This would be a real coming of age for Scottish Gaelic," said McNeir. "It would be a rite of passage for what is a lovely, lyrical, delicate language."
The Scottish Gaelic delegation, which plans to visit Microsoft's office in Dublin, Ireland, will include representatives of Bord na Gàidhlig and the development agency Comunn na Gàidhlig, as well as people from The University of Dublin, Trinity College and the Linguistics Institute of Ireland who worked on the Irish Gaelic spell-checker.
A Microsoft representative said he could not comment on their request ahead of the meeting.
Microsoft's Office suite currently ships in 18 languages and the company has been persuaded to support minority tongues in the past. It developed a version of Windows for Nynorsk -- Norway's second language -- in December, reportedly after Norway threatened to boycott Microsoft software in its schools. It will also "translate" Windows into Dzongkha, a language spoken in Bhutan, after a charity agreed to fund the development work.
Nicholas Ostler of the English Foundation for Endangered Languages said Scottish Gaelic is currently 1,135th in the table of about 2,000 known languages with fully developed written systems. In all, about 6,800 languages exist, most only spoken.
While Gaelic is definitely suffering, he added, it has a long way to go before it reaches the position occupied by about 50 languages that have only one surviving speaker. Among those is Eyak, spoken by Marie Smith from Prince William Sound in Alaska.
The spread of television and the Internet to even the most remote corners of the world is taking most of the blame for the decline of minority languages, said Ostler. Some linguists estimate that up to 90 percent could be gone by the end of the century.
*******************************
May 21, 2003
Mr. Richard Campanelli
Director
Office of Civil Rights
Department of Health and Human Services
Humphrey Building
200 Independence Avenue, SW
Washington, DC 20201
Dear Director Campanelli,
I am writing to express my dissappoint and concern regarding the listing of reasons several of my health care providers have listed as a basis to release my health information to a third party. One of the reasons is in the case of national security, which think is not sufficient due to a lack of requirment for court supervision and oversite of the request.
Unfortunately in the name of national security this country has conducted itself in less than a reliable manner. In the past is has been disclosed that in the name of national security the Nixon White House engaged in a number of activities designed to damage the civil liberties and civil rights of American citizens, including the break-in at the office of a pscyatrist treating a person that found to be of interest. Today under the color of national security the same tactics may be employeed to justify similarly motivated activies because no court oversite is provided for in the rules that health care providers are directed to follow.
Further, I find great fault with their not be communicated to the public that the list of items that are presented as reasons for providing information to third parties are in some cases voluntary and in others mandated by law. I believe that it would serve to inform the public if those items which are voluntary verses mandated by law are presented as such. I hope that your office will reitierate to health care professionals that they are not compelled to provide health care information unless under the direct request of a court order.
*******************************
Federal Computer Week
NIST drafts rules for gauging security risks
BY Diane Frank
May 19, 2003
The National Institute of Standards and Technology took its first step last week toward defining the minimum security measures agencies must take to protect their systems, as mandated by the Federal Information Security Management Act of 2002.
NIST's proposed Federal Information Processing Standard (FIPS) 199 provides criteria that agencies must use to categorize their information and information systems based on the security risks involved.
The key is not the categories used high-, medium- or low-risk but the criteria provided for assessing risk, security experts say. Once approved, FIPS 199 will provide a common framework for managing information security across government.
"There needs to be standardization" so that agencies are all using the same criteria for risk assessment of their systems, said Sallie McDonald, a senior official in the Homeland Security Department's Information Analysis and Infrastructure Protection Directorate.
The draft standard would require agencies to assess risk by measuring the potential impact of a security breach along three lines: the confidentiality, integrity and availability of the information.
For example, a system with patient data could be high-risk for confidentiality and integrity because the stored information must be kept private and intact, but it could be low-risk for availability because users do not need to access it every day. Other systems could fit into other combinations of the categories.
The draft standard emphasizes the potential impact of a breach, rather than the likelihood, said Ed Roback, chief of the NIST Computer Security Division.
Every system faces some level of threat and that threat changes every day, so the more prudent path to follow is to focus on assessing the potential harm to the agency and to the people whose information is stored in the system, Roback said.
"Threat changes a lot, and we also don't have a great idea of the threats that are out there," he said. "This will help [agencies] get thinking about the risk that they face and what impact it could have" on their mission and their users.
Acknowledging at the outset that threat is a constant for every system is "a smart step to take," said Alan Paller, director of research for the SANS Institute, an information security education and consulting organization. "That is what has been missing in all risk analysis at federal agencies."
Including that basic premise in a mandated standard "could have a profoundly significant impact on federal agencies," Paller said.
Comments on the draft are due by Aug. 14 and can be submitted to fips.comments@xxxxxxxxx
"We want to get a sense from the agencies whether these three levels make sense to them," Roback said. It is also important to make sure that agencies understand the subtle differences among the categories, he said.
The guidance lays a solid foundation for future work by establishing common definitions, said Marcia Wilke, manager of EDS' risk assessment group.
"Before, most agencies did use [the terms] low, medium and high, but what did they each mean by it?" she asked. "Now when someone talks about low confidentiality, everybody knows what that means."
The definitions will help standardize agencies' reports to Congress and other agencies. "It's really geared to a more high-level strategic planning, which is the first step of having a more secure organization," said Cheryl Lieberman, senior risk assessment consultant at EDS.
To fill in the details, later this year NIST will issue guidance on how different types of information such as medical, judicial and geospatial relate to the three categories and define the minimum security steps to be taken based on the categories, Roback said.
Those steps are "where the rubber hits the road," he said.
Michael Hardy contributed to this article.
***
Stepping toward security
As required by the Federal Information Security Management Act of 2002, the National Institute of Standards and Technology is developing three sets of guidelines that will help agencies determine the level of security needed for their information systems:
* The Federal Information Processing Standard 199, released last week. Outlines how to categorize systems based on the level of risk in three areas: confidentiality, integrity and availability.
* Guidelines for how different types of information such as medical or legal align with those categories.
* Minimum security measures for the information and information systems in each category.
*******************************
Federal Computer Week
Congress urged to watch privacy
BY Sara Michael
May 20, 2003
To ensure that two systems designed to identify and track terrorist activity do not infringe on civil liberties, Congress should keep a close and critical eye on them, privacy and legal experts said today.
The Transportation Security Administration's Computer Assisted Passenger Prescreening System II and the Defense Advanced Research Projects Agency's Total Information Awareness (TIA) system have been highly criticized by privacy advocates. In a second hearing before a House Government Reform subcommittee, experts told lawmakers the scope of the systems should be limited and scrutinized.
"It's not whether it will work. The real question is what if it does work," said Paul Rosenzweig, senior legal research fellow for the Center for Legal and Judicial Studies at the Heritage Foundation. "What will you be doing to examine if it is being used appropriately or inappropriately?"
Rosenzweig said Congress should have unfettered access to information about the systems, even if it needs to be in a classified environment. He said the systems should require congressional authorization and have built-in penalties for abuse and constructs for constant review.
Rosenzweig criticized Congress' Wyden amendment, referring to a Jan. 15 amendment by Sen. Ron Wyden's (D-Ore.) to the fiscal 2003 spending bill, which restricted TIA's development. "The right answer is not for Congress to adopt a blanket prohibition," Rosenzweig said today in his written testimony before the House Technology, Information Policy, Intergovernmental Relations and the Census Subcommittee. "Rather, Congress should commit to doing the hard work of digging into the details of the TIA and examining its operation against the background of existing laws and the existing terrorist threats at home and abroad."
"Some form of review is absolutely essential," Rosenzweig told lawmakers. "There is no doubt that however we construct these systems there will be errors."
One privacy advocate, however, wasn't convinced the systems would work at all, and urged Congress to assess first if they would work and at what cost to personal freedoms.
Barry Steinhardt, director of the technology and liberty program at the American Civil Liberties Union, said systems' details have changed substantially since they were introduced, but they still are "massive systems of surveillance."
"Congress has the right and duty to ask some hard questions of the [Bush] administration," he told lawmakers.
Rosenzweig noted that the changes in the systems are examples of how congressional oversight can be effective. "I see the natural product of the development of an idea...that ultimately gets refined as it's subject to public scrutiny," he said.
John Cohen, co-founder, president and chief executive officer of PSComm LLC, suggested Congress examine funding given to state and local agencies for homeland security. Rather than take a reactive position, as they were forced to do after the Sept. 11, 2001, terrorist attacks, state and local entities should invest in information-sharing tools with a focus on prevention, he said.
Cohen argued that state and local officials are on the front lines of combating terrorism and should be linked to the federal systems that collect, analyze and disseminate terrorist data. With this link comes oversight, he said.
"These efforts should include establishing aggressive oversight of law enforcement and homeland security-related activities," Cohen said in testimony. "As we expand the universe of information available to law enforcement, we also expand the potential for abuse. I am hopeful that Congress...will continue to fulfill their oversight responsibility."
*******************************
Government Computer News
05/21/03
Study finds local governments have static Web presence
By Thomas R. Temin
Most local governments have Web sites, but they are mostly passive brochure-ware with very little in the way of transactions, according to Donald F. Norris, director of the Maryland Institute for Policy and Research Analysis.
The institute, part of the University of Maryland?s Baltimore County campus, surveys local government IT officials and conducts focus groups among them.
?Often there?s a 17-year-old in the IT shop who?s maintaining the Web site,? Norris said. ?That?s an exaggeration, but not much of one.?
The bottom line is that among towns with populations greater than 10,000, only 6 percent have online financial transactions, even though 88 percent have Web sites.
Norris presented the results of his most recent study, done in 2002, at the National Conference on Digital Research in Boston. He pointed out that only 50 percent of the roughly 3,500 survey respondents said they have sufficient IT expertise to mount true electronic government efforts. Nearly half said they lacked sufficient funds. Other reasons included lack of support from elected officials, privacy and security worries, and an unwillingness to charge citizens extra for online transactions.
Norris said the people and skills issue is a big one for the IT managers in small cities.
?In focus groups, they said e-government is a net add-on? to the continuing workload of merely maintaining Web sites and other systems. Few have done enough reengineering to where automated, online systems begin to save staff time, he said.
*******************************
Government Executive
May 20, 2003
Pentagon agency defends anti-terror data mining initiative
By Shane Harris
sharris@xxxxxxxxxxx
The Defense Department Tuesday submitted a lengthy report to Congress defending its work on the Total Information Awareness project, a controversial research initiative that envisions using technology to detect terrorist attacks before they happen.
The report was required by law and addressed the concerns of lawmakers and civil liberties advocates that TIA would violate individuals? privacy if it were used to inspect personal data, particularly financial transactions and phone records. TIA would consist of a set of technologies, including electronic searching tools to ?mine? such records in the hopes of finding patterns indicating an imminent attack.
The TIA report, more than 100 pages in length, largely reiterated what Defense officials have said for months: The program is only in the research phase, and TIA isn?t intended to scour large numbers of private databases. Engineers at the Defense Advanced Research Projects Agency (DARPA), which manages the TIA project, have long said that the media and privacy groups have misinterpreted their intentions.
But in reaction to criticism, DARPA announced that TIA would no longer be known as ?Total Information Awareness.? The name ?created in some minds the impression that TIA was a system to be used for developing dossiers on U.S. citizens,? the report said. ?That is not [Defense?s] intent in pursuing this program.?
From now on, TIA will be known as Terrorism Information Awareness.
DARPA stressed repeatedly in the report that privacy protection is paramount in the TIA design. ?Safeguarding the privacy and the civil liberties of Americans is a bedrock principle,? the report said.
Senator Ron Wyden, D-Ore., introduced the legislation that required the TIA report. His spokeswoman said he was unimpressed by DARPA?s findings, and added that the report ?reinforces the concerns that made [Wyden] introduce the legislation in the first place.?
DAPRA hasn?t specified how TIA would protect Americans civil liberties and privacy, the spokeswoman said, adding that Wyden continues to be concerned that TIA proponents will ?chip away? at those protections as time goes.
As for the project's new name, Wyden's spokeswoman dismissed its significance. ?Changing the name doesn?t change the concerns,? she said.
The report made no recommendations to change laws that keep some information private, and noted that those laws may prevent TIA from ever being used in some cases.
The Fourth and Fifth Amendments to the Constitution, as well as numerous statutes, regulations and laws curtail the government?s access to personal data, the report acknowledged. However, it also noted that ?few, if any, statutes flatly prohibit government access to information? and that any analysis of the privacy implications of TIA is ?tentative and preliminary,? because the project is still largely in the research phase.
DARPA also said certain steps must be taken before any agency implements TIA. For example, TIA must be ?stress-tested? to ensure that it only returns information germane to a particular query. TIA critics have said that, in all statistical likelihood, the technology would turn up information about innocent people more often than terrorists.
The system also must have internal controls that keep a record of who accessed the system and for what purpose, and ensure ?anonymization? of data so that names connected to specific results couldn?t be seen without a search warrant. The report said the system would provide ?selective revelation? of data, meaning that those who searched for information would receive only a limited portion of it, and would have to seek permission to get more. Strict access controls would be placed on TIA users.
Any agency that sought to use TIA would have to prepare a legal case first. The Defense Department General Counsel has already directed each operational component within the department that is currently testing TIA technologies to prepare such a document, which ?analyzes the legal issues raised by the underlying program to which the TIA tools will be applied,? the report said.
The general counsel for the Central Intelligence Agency is taking similar steps to require legal reviews, and the Justice Department will also conduct such reviews if it decides to use TIA, the report said.
Meanwhile, testing of various TIA component technologies is moving ahead. A network of nine agencies besides DARPA is conducting tests on TIA using foreign intelligence data. The report said Pentagon officials were pleased with what they?d seen.
?[Defense] believes that the results of these initial experiments are very impressive and have revealed information that was not otherwise detected,? the report said. The results of the tests are classified. In some cases, agencies are also testing TIA using fictitious data.
Some tests have focused on culling through large amounts of data to pull out relevant information, thus reducing the amount analysts have to read, the report said.
Two advisory boards were established earlier this year to oversee the TIA project. One consists of Defense Department officials, and the other is made up of outside experts in the field of technology policy and civil rights laws.
*******************************
Computerworld
Knowledge Center: The hoax is on you!
E-mail hoaxes can still cost companies money
By Douglas Schweitzer
MAY 21, 2003
Among the unrelenting spam filling e-mail in-boxes are the occasional "warnings" about devastating new viruses that steal passwords or threaten to wipe all the data from our hard drives.
These warnings are specifically designed to garner attention, persuading users to forward the message to everyone for whom they have an e-mail address. Although they can sound legitimate, the majority of these messages are hoaxes and chain letters.
Although such hoaxes don't infect systems as malicious code would, they are nevertheless time-consuming and, in large organizations, costly to remove from all systems. Organizations sometimes find that they spend more time investigating and discrediting hoaxes than handling bona fide malicious code attacks. Hoax warnings are in most instances simply scare tactics started by malicious individuals and then circulated by innocent end users who further distribute the spurious warnings thinking that they are helping the Internet community.
The cost of being duped
Superficially, it would appear that the cost and risks associated with hoaxes are just incidental, certainly when you consider the cost of handling only a single hoax. The true cost, however, is significant when your tally includes all computers and systems that have been victimized in the aggregate. Actual time spent by employees just reading bogus messages adds up in man-hours -- hours for (and during) which an employee is being paid by the organization.
Douglas Schweitzer is an Internet security specialist with a focus on malicious code. He is the author of several books, including Internet Security Made Easy and Securing the Network from Malicious Code and the recently released Incident Response: Computer Forensics Toolkit.
Imagine if each of the 25,000 employees of a large company received just one hoax message and spent just one minute reading and then discarding it at an hourly pay rate of $20 per hour. The cost associated with this hypothetical hoax would be as follows:
25,000 people x 0.01667 hour x $20/hour = $8,335 per hoax
While this may not be a considerable amount of money for a large company to lose, remember that organizations generally receive many such messages. In addition, many employees cost businesses more than just $20 per hour, if you factor in benefits like health insurance.
Now go a step further and imagine the costs associated with a hoax when recipients actually accept its claims as truth and then act upon the bogus message. Hoaxes attempt to validate their warnings by instructing users to scan their PCs for viruses using the built-in Windows file-find utility. The files that the hoax alleges are malicious are actually normal operating system files that are required for the proper operation of the computer. If users follow the bogus instructions and delete those files (thinking they're ridding their PC of malicious code), they've become victims of social engineering, having been tricked into damaging their own PCs. Depending upon the extent of the damage to systems, the organization may be required to invest a substantial amount of man-hours to recover from the incident.
Recognizing false alarms
Determining whether a warning is based on fact or fiction requires some legwork. Hoax messages are cleverly worded in order to be perceived as legitimate. While it's impossible to list every hoax message in circulation around the globe, there are several traits common to all hoaxes of which you should be aware:
The message usually begins by urging recipients to forward the message (about a serious threat) to all of their family members, friends or co-workers.
The message warns users not to open incoming messages with specific wording in the subject line. Ostensibly, to do so will result in terrible damage to your computer or network. This is classic hoax terminology.
There are no links to an outside source. Prominent news services, magazine publishers and software companies inform the public quickly about problems or risks as well as hoaxes and are glad to take credit for doing so. Refer to your favorite news sources' Web sites to determine if a threat is real and has been reported by a reliable source.
The message cites or quotes a person with an important-sounding title or even a government agency as the source of the information.
One of the easiest ways to establish whether a virus warning is a hoax is to look it up at one of the Web sites that monitor these events. The following Web sites can help users determine the validity of virus warnings:
http://www.vmyths.com/
http://hoaxbusters.ciac.org/
http://www.symantec.com/avcenter/hoax.html
*******************************
Washington Post
The Pentagon's PR Play
By Cynthia L. Webb
Wednesday, May 21, 2003; 9:40 AM
At the same time the White House was raising the nation's terror alert status yesterday, Pentagon officials detailed their kinder, gentler outline for a sweeping computer surveillance system being built to defeat terrorists by tracking and analyzing huge reams of data -- from visa applications and rental car paperwork to financial and biometric information.
The Pentagon program -- formerly dubbed "Total Information Awareness" -- first came to light last year, sparking outrage from civil liberties groups concerned that the personal data of ordinary Americans would wind up being parsed and indexed by the Defense Department's supercomputers. Congressional lawmakers put a hold on the controversial program in February and told the Defense Advanced Research Project Agency, the Pentagon's research arm, that more details were needed.
In a report submitted to Congress, the Defense Department revealed one major change to the surveillance effort -- a name change. "Total" is dropped in favor of "Terrorism" to create the Terrorism Information Awareness program. DARPA conceded in a statement that the "program's previous name, 'Total Information Awareness' ... created in some minds the impression that TIA was a system to be used for developing dossiers on U.S. citizens. ... That is not DoD's intent in pursuing this program. Rather, DoD's purpose in pursuing these efforts is to protect U.S. citizens by detecting and defeating foreign terrorist threats before an attack."
While it's not even clear if the technology exists to make TIA work, the Pentagon is already dedicating serious cash to the endeavor: $9.2 million is budgeted for the program this year; $20 million next fiscal year and $24.5 million in 2005, according to The Washington Post. This isn't Ray Bradbury science fiction. The Pentagon "report outlines technologies and related programs in the surveillance system, including programs to mine data in foreign-language communications and to gauge biological threats by analyzing data from hospitals and other sources," The Washington Post reports today. "Other, more speculative systems borrow from prediction techniques used in the corporate world. ... Another, the 'Misinformation Detection' system, would analyze language and other aspects of text for false or misleading information. In 2002, the report said, some researchers demonstrated an ability to detect which companies might be the target of Securities and Exchange Commission investig!
ations
, based on public filings."
? The Washington Post: Pentagon Details New Surveillance System
? DARPA's FAQs on TIA program
? Executive summary of TIA program report to Congress (PDF)
TIA is no small endeavor. The Associated Press explained that the software system would analyze data in gargantuan amounts -- measured in petabytes (a larger cousin to terabytes). "The Pentagon wants to give U.S. agents fingertip access to records from around the world that could fill the Library of Congress more than 50 times. ... Most personal computers now come with storage space for two to 20 gigabytes of information. A petabyte is 1 million times larger than a gigabyte. Such an accumulation of data would dwarf most existing databases," the wire service said.
? The Associated Press via The Guardian: Proposed System Would Use Lots of Data
Privacy Advocates Not Satisfied
In its report, the Defense Department said it "has expressed its full commitment to planning, executing, and overseeing the TIA program in a manner that protects privacy and civil liberties. Safeguarding the privacy and the civil liberties of Americans is a bedrock principle. DoD intends to make it a central element in the Department of Defense's management and oversight of the TIA program. The Department of Defense fully complies with the laws and regulations governing intelligence activities and all other laws that protect the privacy and constitutional rights of U.S. persons."
That was little solace for people like Sen. Ron Wyden (D-Ore.), who led congressional charge to find out more about the DARPA surveillance plan. "Most people don't know that the laws that protect consumer privacy don't apply when the data gets into the government's hands," Wyden said yesterday, according to Reuters. "'Lawfully collected information' means just about everything." The new report "reinforces the concerns that made [Wyden] introduce the legislation in the first place," Wyden's spokeswoman told GovExec.com. "Changing the name doesn't change the concerns," she said. "Wyden and Sens. Patrick Leahy, D-Vt., and Russell Feingold, D-Wis., vowed to retain tight congressional control of the data-mining and analysis software being developed by the Defense Advanced Research Projects Agency," Dow Jones Newswires reported.
? GovExec.com: Pentagon Agency Defends Anti-Terror Data Mining Initiative
? Reuters: Military Says Computer Dragnet To Include Limits
? Dow Jones Newswires via The Wall Street Journal: New Anti-Terror Surveillance Changes Cosmetic, Critics Say (Subscription Required)
The American Civil Liberties Union continued to blast the program. "We find ourselves being tracked, analyzed, profiled and flagged in our daily lives," said Barry Steinhardt, director of the group's technology and liberty program, as quoted by IDG. "(We're) forced into an impossible struggle to conform to the letter of every rule or law society could impose. Our transgressions, whether they be real or imagined ... become permanent scarlet letters that follow us our whole lives."
? IDG via InfoWorld: Privacy Advocates: Congress Must Police Data Gathering
More Big Brother Programs?
Wired reported yesterday about another TIA-themed program at DARPA called Lifelog. "The embryonic LifeLog program would dump everything an individual does into a giant database: every e-mail sent or received, every picture taken, every Web page surfed, every phone call made, every TV show watched, every magazine read. All of this -- and more -- would combine with information gleaned from a variety of sources: a GPS transmitter to keep tabs on where that person went, audio-visual sensors to capture what he or she sees or says, and biomedical monitors to keep track of the individual's health," reporter Noah Shachtman wrote yesterday (Shachtman writes more on his defense-themed blog, DefenseTech. "On the surface, the project seems like the latest in a long line of DARPA's 'blue sky' research efforts, most of which never make it out of the lab. But DARPA is currently asking businesses and universities for research proposals to begin moving LifeLog forward." DARPA has called for !
contra
ctors to make solicitations for the project, according to DARPA's Web site.
? Wired News: A Spy Machine of DARPA's Dreams
The Transportation Security Administration's Computer Assisted Passenger Prescreening System II has also been under watch for sitting on a fine line between national security and privacy concerns. According to Federal Computer Week, Paul Rosenzweig, senior legal research fellow of the Center for Legal and Judicial Studies at the Heritage Foundation, "said Congress should have unfettered access to information about the systems, even if it needs to be in a classified environment. He said the systems should require congressional authorization and have built-in penalties for abuse and constructs for constant review." The news organization quoted Rosenzweig as saying of TIA and its sister programs: "It's not whether it will work. The real question is what if it does work. ... What will you be doing to examine if it is being used appropriately or inappropriately?"
? Federal Computer Week: Congress Urged To Watch Privacy
Opinionmakers Weigh In
The New York Times' Maureen Dowd writes today about a purported TIA project to use a radar-based system that can tag people based on the way they walk. Excerpt: "Call me a civil liberties prude, but I don't want John Poindexter tracking my body part contours. Or my silhouette pixels, for that matter. Not since Monty Python's Ministry of Silly Walks has a government devoted so much money and study to watching our steps. Admiral Poindexter, who supervised the strutting Oliver North during the Iran-contra machinations, is now supervising the Pentagon's attempt to create an Orwellian 'virtual, centralized grand database,' which could put a spyglass on Americans' every move, from literally the way Americans move to their virtual moves, scanning shopping, e-mail, bank deposits, vacations, medical prescriptions, academic grades and trips to the vet. (Sometimes pets are the first to go in biological warfare.)"
? The New York Times's Maureen Dowd: Walk This Way
The Denver Post writes in an editorial today that "under new technology being explored by the Pentagon, authorities someday could nab bin Laden, or other terrorists, simply by surveying his gait. That's the good news. ... The AP reports that the TIA ... is based on his theory that 'terrorists must engage in certain transactions to coordinate and conduct attacks against Americans, and these transactions form patterns that may be detectable.' To do that, the Pentagon's Defense Advanced Research Projects Agency must tap databases that record transactions like passport applications, visas, driver's licenses and airline ticket purchases. DARPA also wants to access databases that include financial, education, medical and housing records and those dealing with fingerprints, the irises of eyes, facial shapes and gait, the AP says. Together, that's the scary news. Not only do they want to watch the way we walk, they want to know where we're going, where our money is and the shape of !
our fa
ces. Most people don't even know themselves that well."
? The Denver Post: The Wide Eyes of the TIA
Filter Sounding Board: Privacy vs. Security
Filter readers, what do you think about the flap over the Pentagon's super surveillance program? Drop me a note, and I will include some selected, edited comment in an upcoming Filter.
*******************************
Washington Post
Edwards Proposes Rural Development Plan
By MIKE GLOVER
The Associated Press
Wednesday, May 21, 2003; 9:17 AM
NEVADA, Iowa - Sen. John Edwards, a Democratic presidential hopeful with his eyes fastened on next winter's Iowa party caucuses, is proposing a $1 billion effort to create special rural development zones and bolster high-speed Internet access in the countryside.
"Today in North Carolina, Iowa and across our country, in small towns and rural communities, our lifestyle and all the values it represents are under siege," Edwards said in remarks prepared for delivery Wednesday.
The North Carolinian was outlining a package of incentives aimed at rural America - a program Edwards said is a natural for him because he grew up in rural America.
"I'm from there," Edwards said in an interview with The Associated Press. "I understand this problem. I feel a natural connection."
That connection can give Edwards a boost in important early tests of strength like Iowa, but also could sell well in crucial rural and southern states that are important if Democrats are to have a chance to oust President Bush.
Edwards used the occasion not only to rap Bush, but his Democratic rivals as well.
He said that in his campaign for the Democratic nomination, he will contrast his link to rural America with Bush, whom Edwards said talks about his ties, but does very little.
"Just because you have yourself a new ranch and wear a big belt buckle doesn't make you a friend of rural America," said Edwards. "Rural America and small-town America are in trouble and George W. Bush just doesn't get it,"
He also argued that many of his Democratic rivals are weak on the issue.
"My party isn't perfect by any means," said Edwards. "Too many Democrats often act like rural America is just someplace to fly over between a fund-raiser in Manhattan and a fund-raiser in Beverly Hills."
"While the rest of America grapples with an economic downturn, recession has become a permanent way of life for much of rural America," Edwards said in prepared remarks obtained by The AP.
"And even in states like mine where the population is growing, the growth is almost always at the expense of small-town and rural communities," he said.
In his effort, Edwards would establish rural economic revitalization zones similar to the financial incentives which have been used to upgrade blighted urban areas.
"In the transition to the new economy, we must be willing to offer special help to communities caught in the switches," said Edwards. Creating the rural development zones would make businesses located in those areas eligible tax credits and other business development incentives, he said.
Edwards' program also would put in place incentives to create pools of capital earmarked for rural businesses - a five-year $1 billion effort that the senator called his REACH fund, or Rural Economic Advancement Challenge.
"It will connect businesses that might struggle alone into networks that can succeed together," he said.
"We have to pay for these efforts and we can do it by eliminating big subsidies for special corporate interests," Edwards added.
In addition, Edwards said he would bolster assistance to rural schools and health care efforts that are "basic support systems that are elements of every successful community."
Edwards was traveling to a high-tech business near Des Moines to release his program. One plank would give tax credit for investments in the use of biomass products in the production of alternative fuels, such as distilling alcohol which can be blended with gasoline to make a renewable and clean-burning fuel.
Bush visited the same facility earlier, and Edwards' aides said they selected the site to underscore their argument that the president isn't living up to his promises.
"Remember the president stood right here," said Edwards. "He came here to promote his energy policy. Then he went back to Washington and cut millions for programs like this."
Edwards' package also sets a goal of having affordable high-speed Internet access to rural America within four years. Rural areas often lose out on business opportunities because high-tech companies depend on such access, which isn't available in many rural areas.
"This is a very important tool," said Edwards.
Setting a national goal of expanding Internet access would be modeled after an effort in North Carolina.
"Today many Iowa farmers are able to stand in their field and get up-to-the-minute commodity prices using receivers attached to grain silos," said Edwards. "That is the kind of success we have to repeat over and again."
In seeking the Democratic presidential nomination, Edwards argues that he can win in rural and Southern states - like North Carolina - that Democrats must have to have a realistic shot at ousting Bush.
While it's mathematically possible to win the White House without those states, "it just doesn't happen," said spokeswoman Jennifer Palmieri.
*******************************