Clips June 6, 2003

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips June 6, 2003

ARTICLES

Ashcroft Seeks More Power to Pursue Terror Suspects
CIA spies shun computers
File-sharing networks infight in sight? 
Jobs Squeeze for Indian Workers  
Collins quizzes DHS nominees about new systems 
DHS puts Callahan on leave 
Davis requests OPM to investigate feds? use of diploma mills 
Army researches messaging and disaster recovery apps for AKO 
Bush administration to unveil cybersecurity initiative 
Wired magazine story to detail Slammer Web attack
Man sentenced in Wisconsin stalking case
Democratic candidate uses Internet site to build support

*******************************
New York Times
June 6, 2003
Ashcroft Seeks More Power to Pursue Terror Suspects
By ERIC LICHTBLAU

ASHINGTON, June 5  Attorney General John Ashcroft today defended the Justice Department's detention of hundreds of illegal immigrants after the Sept. 11 terrorist attacks and urged Congress to give the authorities still greater power to pursue terrorism suspects.

Mr. Ashcroft, in five hours of testimony before the House Judiciary Committee, made his first public comments on a report from his inspector general that criticized the department's treatment of 762 illegal immigrants after Sept. 11. He said "we make no apologies" for holding suspects as long necessary to determine whether they had links to terrorism. In the end, none of the 762 suspects were charged as terrorists. 

"Al Qaeda is diminished but not destroyed," Mr. Ashcroft said. He said the nation "must be vigilant."

We must be unrelenting," he said. "We must not forget that Al Qaeda's primary terrorist target is the United States of America."

Mr. Ashcroft told lawmakers that the authorities need still greater powers to track and pursue terrorists.

The USA Patriot Act, as the sweeping antiterrorism law that grew out of the Sept. 11 attacks is known, has sparked official votes of protest from more than 100 communities around the country because of civil liberties concerns. But Mr. Ashcroft said the law does not go far enough and "has several weaknesses, which terrorists could exploit undermining our defenses."

Mr. Ashcroft, a strong proponent of capital punishment, said the penalties for some terrorism-related crimes should be toughened to include the death penalty. He also urged Congress to allow the authorities to detain terrorism suspects before trial without bond and to clarify what constitutes illegal "material support" of terrorists, the standard the Justice Department has used against terror suspects.

"We must make it crystal clear that those who train for and fight with a designated terrorist organization can be charged under the material support statutes," he said.

Mr. Ashcroft's lengthy and impassioned defense of the Justice Department's counterterrorism campaign and his push for greater authority met with strong endorsement from many, but not all, of the Republicans on the judiciary panel.

Representative F. James Sensenbrenner Jr., the Republican chairman of the panel, said that while the Justice Department had made impressive strides in fighting terrorism, he remained concerned about the potential threat to civil liberties posed by the long reach of counterterrorism efforts. 

"To my mind," Mr. Sensenbrenner said, "the purpose of the Patriot Act is to secure our liberties and not to undermine them." 

Just last month, the Senate rebuffed efforts by senior Republicans to make permanent some critical provisions of the Patriot Act that are to expire in 2005. The concerns raised by Mr. Sensenbrenner, and echoed in even stronger terms by virtually all the Democrats on the panel, signaled that Mr. Ashcroft may face a tough sell in seeking to broaden the Justice Department's authority to pursue terrorists.

"Some of us find that the collateral damage may be greater than it needs to be in the conduct of this war," said Representative Howard L. Berman, Democrat of California.

Democrats said they were particularly concerned about the report released on Monday by Glenn A. Fine, the Justice Department's inspector general. The report found "significant problems" in the way the authorities arrested and treated hundreds of illegal immigrants as part of the Sept. 11 investigation. The report found that the authorities had made little effort to distinguish real terrorist suspects from those who became ensnared by chance in the investigation. Many suspects were jailed for months, often without being formally charged or given access to lawyers, and some inmates in Brooklyn were physically and verbally abused before they were cleared of any terrorist ties, the report said.

While the report drew no conclusions about the legality of the Justice Department's actions, Representative Robert C. Scott, Democrat of Virginia, suggested that the denial of the detainees' civil rights and evidence of physical assaults by Justice Department employees might have risen to the level of criminal conduct.

The congressman asked Mr. Ashcroft whether he planned to appoint an outside counsel to investigate the accusations further, but the attorney general responded that "I have no plan at this time to employ a special counsel in this matter."

Mr. Ashcroft said the department's civil rights division had investigated 18 complaints of abuse by guards against immigrant prisoners and had found in 14 cases that there was not enough evidence to bring criminal charges. Four investigations are pending.

"We do not stand for abuse," he said.

Mr. Ashcroft said he also wished that the department could have resolved cases against many of the 762 illegal immigrants more quickly. 

"God forbid, if we ever have to do this again, we hope that we can clear people more quickly," he said. "We'd like to clear people as quickly as possible. There's no interest whatsoever that the United States of America has in holding innocent people, absolutely none. It's costly. It takes up resources that makes it difficult for us to do what we need to do with other people who are threats."

But Mr. Ashcroft stressed repeatedly that he believed the policy of detaining people for as long as it took to clear them of terrorist ties was the right one, and he said that several illegal immigrants did have terrorist connections that are still considered suspicious. One suspect was the roommate of one of the Sept. 11 hijackers, and another was found with "jihad material" and more than 30 pictures of the World Trade Center, Mr. Ashcroft said. 

Mr. Ashcroft said past data showed that people who were facing deportation and were released from custody on bond fled about 85 percent of the time, and he said he was not willing to take that risk with the suspects apprehended after the Sept. 11 attacks.

"We had had to balance the risk," Mr. Ashcroft said. And in doing so, he added, "we did not violate the law."
*******************************
BBC Online
CIA spies shun computers
 
In the movies, spies and intelligence agents are the ones with the cool gadgets and state-of-the-art equipment, but their real life counterparts are far behind. 
A recently declassified study said the CIA was five years behind the rest of the world when it came to using technology to do its job. 

It found that workers in the CIA's Directorate of Intelligence made little use of the internet, used primitive, inflexible databases to catalogue information and had none of the software tools common in the business world. 

The report said the CIA regarded computer technology as a "bogeyman" rather than an ally. 

Broken links 

Prepared by a former CIA staffer, the report provides a fascinating glimpse into the working lives of CIA analysts. 

Contrary to the Hollywood view of intelligence work, the report notes that most workers use little "gee whiz" software. 

Instead, the typical work desk has two phones and two desktop computers. 

One machine connects to classified systems and the other is used for net browsing and sending unclassified e-mail. One phone is secure and the other is not.

A switchbox lets a single keyboard, mouse and monitor serve both machines. 

Almost all the work of a CIA analyst is carried out on the classified network. 

Only with proper authorisation and equipment can staff move information from an unclassified system to those with higher classification or copy data to portable media. 

Even sending secure e-mail to cleared individuals is tricky because the CIA has no searchable directory of addresses and uses old protocols that few are familiar with. 

Security also makes it hard for CIA staff to share intelligence information. The Agency is reluctant to post information on Intelink, a classified world wide web, because it cannot control what happens to documents once they reach that system. 

It is also hard for staff to put information on the SIPRNET (Secret Internet Protocol Router Network) that links many US defence organisations as there are few of its terminals in CIA buildings. 

"The result is that Directorate of Intelligence analysts work in an information technology environment that is largely isolated from the outside world," wrote report author Bruce Berkowitz. 

Mr Berkowitz is a research fellow at the Hoover Institution at Stanford University, who started his career as a CIA officer. 

Lost data 

CIA databases do a good job of bringing together information from other Agency entities and intelligence communities and many analysts use them to keep up with their area of expertise. 

However, Mr Berkowitz noted, the search system of the main database is so "primitive" that analysts searching for information get better results calling other workers than they do by querying the computer system.

The report puts these shortcomings, and many others, down to several factors. 

The biggest restraint on better use of technology, perhaps understandably wrote Mr Berkowitz, is security. 

However, rather than work out if the advantages of using a particular technology or technique are worth its associated risks, the CIA simply prefers to avoid all risk. 

Over the years this has made analysts consider almost all technology too risky to use. Technology has become a "bogeyman" wrote Mr Berkowitz. 

Other restraints such as a lack of money, organisational inertia and the lack of links between departments further inhibit use of technology within the CIA. 

The result, wrote Mr Berkowitz, is that the CIA is years behind in its use of technology to help its staff organise information, collaborate, share important information and spot key trends. 

"Many analysts seem unaware of data that are available on the Internet and from other non-CIA sources," he wrote. 

This also means that it takes the CIA far longer than any other organisation to adapt to new circumstances, for instance in the wake of the September 11 attacks. 

According to Mr Berkowitz, it took the CIA months to set up new analyst groups to counter the new threat. 

The report, Failing to Keep Up with the Information Revolution, is published in the journal Studies in Intelligence.
*******************************
CNET News.com
File-sharing networks infight in sight? 
By Stefanie Olsen and Evan Hansen 
June 5, 2003, 5:35 PM PT

In a sign that file-sharing communities may start to turn on one another, Altnet said Thursday that rival networks may be violating its patent for digital tags, and it plans to bring to them in line. 
In a first step, the Brilliant Digital Entertainment subsidiary Altnet on Thursday licensed its TrueNames patent to its biggest partner, Sharman Networks, owner of Kazaa Media Desktop. Kazaa is one of the most popular file-sharing communities on the Net. 

Altnet acquired rights to a 1999 patent that the company says covers the technique of identifying files on peer-to-peer networks using a "hash," or digital fingerprint based on the contents of the file. The company plans to approach virtually all other peer-to-peer services to seek license rights. 


"Altnet is very focused on the infringement of the TrueNames patent and we believe that many of today's active peer-to-peer applications may be in direct violation," Altnet CEO Kevin Bermeister said in a statement. 

"We're very focused on preserving the integrity of the patent and realizing the potential it offers peer-to-peer applications and content owners." 

But the scope and enforceability of patents are notoriously difficult to evaluate barring actual court rulings on their validity. 

Nevertheless, there is a growing sentiment in technology circles that many patents granted by the U.S. Patent and Trademark Office are most likely seriously flawed. Among other things, the agency has granted patents for side-to-side swinging on a swing set and for making a peanut butter and jelly sandwich without a crust. 

Technology patents have drawn some of the harshest criticisms and have been at the heart of some of the most closely watched patent battles in years, especially so-called business method patents such as Amazon.com's one-click checkout system. Last year, the online retail giant settled claims against Barnes & Noble involving the patent. 

Patent number 5,978,791, which Altnet licensed Thursday, has been litigated at least once before, when content delivery services provider Digital Island used it in a dispute with rival Akamai. A jury rejected Digital Island's claims in December 2001, according to a statement published on Akamai's Web site. 

Earlier this month, Kazaa and Altnet jointly released a bundle of file-swapping software that includes components of a new high-security peer-to-peer network and a program that will pay users to be a part of it. The network essentially harnesses the computing resources of the tens of millions of Kazaa users to distribute authorized files such as games, songs and movies. 

The companies believe that by giving people an incentive to host and trade paid files it could create a powerful medium for distributing authorized content and could diminish file-trading networks' role as hubs of online piracy. 

But as Altnet launches its ambitious new service, parent Brilliant Digital faces financial troubles. In a federal securities document filed in late May, the company said it had "negative working capital of approximately $4,165" and that there were substantial doubts about its survival. However, the filing said Brilliant Digital expects another round of financing to boost operations soon. The company aims to augment earnings by licensing its patent. 
*******************************
Associated Press
Video Game Makers File Suit to Block Wash. Law
Thu Jun 5, 7:11 PM ET
By Reed Stevenson 

SEATTLE (Reuters) - A Washington state law that seeks to curb the sale of violent video games to minors has been challenged by the gaming industry's main trade group, which filed a lawsuit to strike down the law on Thursday. 


The Videogame Violence Bill, which is slated to go into effect from July 27, would fine retail employees in Washington $500 if they sell violent video games depicting the killing of a police officer to anyone under 17. 


But the Interactive Digital Software Association, a gaming industry trade group that include major game makers such as Sony Corp (news - web sites). (6758.T), Microsoft Corp. (Nasdaq:MSFT - news) and Nintendo (news - web sites) Co. (7974.OS) opposed the law, saying that it infringed the First Amendment free speech rights of game publishers. 


"While we share the state's objective to restrict the ability of children to purchase games that might not be appropriate for them, we passionately oppose efforts to achieve this goal by running roughshod over the constitutional rights of video game publishers, developers and retailers to make and sell games that depict images some find objectionable," said Douglas Lowenstein, IDSA's President. 


The IDSA filed a lawsuit with the U.S. District Court of Seattle, Washington, on Thursday, "challenging the constitutionality of a recently enacted Washington state statute seeking to ban the sale to minors of certain video games." 


A similar law that was passed in 2000 in St. Louis County, Missouri, was struck down this week by the U.S. Eighth Circuit Court of Appeals, which ruled that the law had violated the First Amendment, after a similar challenge by the IDSA. 


The St. Louis ordinance required children under 17 to have parental consent before they could purchase violent or sexually explicit video games or play similar games in an arcade. 


But Washington State legislator Mary Lou Dickerson, who sponsored the law, said that it would be defensible in court because of its narrow scope, which applies to games that contain violence against game characters in police uniform. 


"The lawsuit filed today against Washington's ban on sales or rentals of cop-killing games to children comes as no surprise. Certain elements of the video-game industry clearly want the right to sell any game, no matter how brutal, racist or sick, to any child, no matter how young," Dickerson said. 


"I'm confident our common-sense law will be upheld. Unlike the St. Louis ordinance recently struck down by the Eighth District Court of Appeals, our state law is narrowly focused on the compelling state interest of protecting the safety of law enforcement officers and firefighters," Dickerson said.
*******************************
Wired News
Jobs Squeeze for Indian Workers  
02:00 AM Jun. 06, 2003 PT

U.S. companies such as IBM, Intel, Hewlett-Packard, Oracle and PeopleSoft are already exploring countries with even cheaper sources of technical labor, says a report from research firm IDC. The new destinations include Romania, Russia, Hungary, the Czech Republic, the Philippines, Singapore, Thailand and Vietnam.

As a result, India, which some have blamed for the loss of American jobs, may soon lose jobs itself.

In recent years, "offshore" tech support has become a booming business in India. India's 50 or so call centers, operated primarily for American companies, pulled in about $183.9 million last year, according to the National Association of Software and Service Companies in New Delhi. 

That sum was predicted to more than double within the next four years. But American tech firms are now eagerly seeking outsourcing options in other countries.

Research firm Forrester estimates that over 3 million jobs, many from tech industries, will leave the United States by 2015. 

Forrester's research indicates that India will still be a major outsourcing contender, but will not be the only or perhaps even the primary option for outsourcing tech work in the next decade. 

Tech workers in the United States have already formed organizations to try to stop the flow of jobs to India, saying they can't compete with low salaries paid to Indian workers. 

Now they will be competing with workers from many other countries.

Hungary, Russia, Romania, and the Czech Republic have begun to obtain more outsourcing contacts from U.S. firms like IBM, Boeing and Intel. But most of the workers in these countries are more apt to be doing software testing and development than technical support, said Traci Gere, Group Vice President at IDC.

According to Gere's research, the Philippines is strong in "call centers and sweatshops" but is a challenge due to the country's political instability. 

Singapore workers want close to western level salaries. And Thailand has "limited labor quality" and a "challenging business environment." 

Vietnam may be the most likely Asian contender for India's tech support crown, as the government is "keen" to develop a reputation as a technology center, Gere reported.

That keenness is a concern to Padmajai Goenka, a 23-year-old technical support worker in Mumbai, India, who goes by the name of Pam when she's on duty troubleshooting problems for puzzled PC users in the United States who very rarely know they are speaking to someone who lives thousands of miles away. 

Goenka, who requested her company name be withheld, said that she was trained to "act American." 

"Even though there is a lot of yelling from the clients, I love this job." Goenka said. "I have been fascinated with America since I was a little girl. Now I get paid to pretend I am American -- it's wonderful."

Indian call center workers receive meticulous training before they are allowed to field tech support calls. Farhat Gupta, owner of several Bangalore call centers, said that little attention is paid to technical training, as "all the answers are always on the computer screen in front of the workers. We exist for people who do not want to use the Internet themselves to find their own answers."

Instead, instruction is centered on learning American culture, and "losing the British accents they all pick up in school," Gupta, who has an office in Jackson Heights, Queens, said.

Trainees typically watch dozens of American movies and TV shows for the first week to acclimatize themselves to U.S. slang and accents. 

Gupta said he too was concerned that outsourcing might be outsourced from India in the near future.

"It's hard to know where it will all end. Is there a country were people will work for free?"
*******************************
Associated Press
Weather Service Getting Big New Computer
By RANDOLPH E. SCHMID, Associated Press Writer 

WASHINGTON - The National Weather Service (news - web sites) is beginning to use a new computer that when fully deployed will be faster than any computer in the world today.


The first phase of the new system, already in service, is being announced at ceremonies Friday. It's a cluster of 44 IBM servers with a peak speed of 7.3 trillion calculations per second. 


By 2009 the system will be expanded to reach a potential speed of 100 trillion calculations per second, IBM said. 


The added power is expected to help forecasters who run complex programs that take measurements of weather conditions around the world and project them forward in small increments in an effort to determine what the weather will be like in hours and days. 


The results of the various outlooks form the basis for television and newspaper forecasts. They also are used in aviation, agriculture, disaster response and many other areas. 


Improvements from the new computer power are expected to include better hurricane forecasts, with that storm season just getting under way. 


This year the Weather Service will issue five-day hurricane forecasts, replacing the three-day advisories used since 1964. 


Accurate, longer-range outlooks should help increasingly populated coastal areas. They also will be helpful for those who need more than three days to move themselves and their property, such as the Navy. 


Instead of being located in a government facility, the new computer is at a specially prepared IBM facility in Gaithersburg, Md., and is linked to the Weather Service by high-speed data lines. 


The deal is expected to cost about $200 million over nine years. 


In 2000 the National Oceanic and Atmospheric Administration installed a supercomputer capable of 5 trillion calculations per second in its Forecast Systems Laboratory in Boulder, Colo. That lab studies forecasting and develops the computer models used in daily forecast work.
*******************************
Federal Computer Week
DOD to re-emphasize security
BY Dan Caterinicchia 
June 5, 2003

FORT LAUDERDALE, Fla. -- The secretary of Defense will soon issue a directive placing a renewed emphasis on operational security (OPSEC) throughout the department.

Tom Mauriello, director of the interagency OPSEC support staff, said a document has been awaiting DOD Secretary Donald Rumsfeld's signature since before Operation Iraqi Freedom began that would infuse more funding and guidance in the realm of operational security.

Mauriello's comments came during a June 4 speech at the Army Small Computer Program's IT conference. He refused to answer any follow-up questions, and would only tell FCW that there will soon be a "resurgence of emphasis" on OPSEC coming down from the Pentagon.

During a high-energy, wide-ranging 90-minute presentation, Mauriello discussed all aspects of OPSEC from the physical through the cyber realm and explained the five-part process:

* Collection of critical information, which is not difficult since 80 percent of all data is open source.

* Threat analysis.

* Vulnerability analysis.

* Risk assessment.

* Counter measures.

Everyone from the acquisition community to human resources personnel to building maintenance are involved in OPSEC, but more work is needed, he said.

"A good OPSEC program educates people in all parts of an organization to think this way," Mauriello said.

As an example, a government intelligence agency decided to outsource its building maintenance and gave all of its structural plans to 12 potential contractors. Those blueprints included detailed schematics of the buildings, the locations of electronic and electric equipment and sources, and other critical information.

Mauriello refused to name the agency, but said officials from there only called him after they realized the magnitude of the mistake they had made. "Many times [people] give information away and don't even know it."
*******************************
Government Computer News
06/06/03 
Collins quizzes DHS nominees about new systems 
By Wilson P. Dizard III 

Senate Governmental Affairs Committee chairwoman Susan Collins (R-Me.) yesterday told Homeland Security Department nominees that she is concerned about the department?s planned air traveler screening system?s potential to erode civil liberties. 

One nominee assured her that the Computer Assisted Passenger Prescreening System II would protect civil rights. 

The hearing revealed details about the department?s planned U.S. Visitor and Immigration Status Indication Technology system, which will track people crossing borders. 

The exchanges came during the nomination hearing for C. Stewart Verdery Jr. as assistant secretary for policy and planning in the Border and Transportation Security Directorate, and Michael J. Garcia as assistant secretary of the directorate?s Immigration and Customs Enforcement Bureau. 

?CAPPS II will use commercial and classified databases to determine which passengers will receive heightened scrutiny,? Collins said. ?If the databases contain faulty, incomplete or inaccurate information, the possibility is high" that the system will cause errors. She said she is ?very much aware of the pitfalls of this approach? and asked Verdery how the department would protect travelers' rights. 

Verdery said CAPPS II would carry out two separate functions: verify the identities of travelers and analyze security. ?A lot of the information [about CAPPS II] is classified,? he said, and offered to explain it to Collins in a secure setting. 

?My concern is about the federal government aggregating large databases? of information about individuals, Collins said. ?This is an area where we have to proceed with great caution.? 

Verdery replied, ?The commercial data is being accessed for a one-time checkthere is no retention of the data.? He assured Collins that the department?s privacy officer, Nuala O?Connor Kelly, would closely monitor the CAPPS II project. 

In response to a written questionnaire the committee had sent to Verdery, he wrote that CAPPS II would not access information from the FBI?s National Criminal Information Center ?because the majority of information in that database is unrelated to aviation safety or terrorism.? 

According to Verdery?s questionnaire answers, however, CAPPS II would review information from the State Department?s Tipoff database of terrorism suspects, which includes NCIC terrorism data. 

Also according to the written responses, Verdery said CAPPS II would not check credit scores or credit histories generated by commercial database vendors, which have prompted many consumer complaints about inaccuracy. The commercial databases used for identity authentication will be separated from CAPPS II?s risk assessment function by strict firewalls, Verdery wrote. 

CAPPS II may also extend to other venues, including other modes of transportation, after it is rolled out for air passenger screening, Verdery said. 

Regarding the U.S. Visit system, Collins asked Verdery what policy issues need to be considered to prevent long delays at borders. 

He replied, ?U.S. Visit is a top priority.? The program?s top official, executive director Jim Williams, formerly was IRS deputy associate commissioner for program management for business systems modernization. Williams reports to Asa Hutchinson, undersecretary for border and transportation security. 

The phased rollout plan for U.S. Visit will give the department time to put together hardware and software that will alleviate any backlogs in visitor processing, Verdery said. Department officials are drafting budget plans to present to Congress on how to pay for U.S. Visit, he said. In his questionnaire answers, Verdery noted that U.S. Visit eventually will absorb the functions of the National Security Entry-Exit System, which checks border crossings by visitors from high-risk countries, and the Student and Exchange Visitor Information System for tracking international students. 

?I am aware that [SEVIS] has been hindered by several operational flaws,? Verdery wrote. Click for GCN coverage. He pledged to review the problems and analyze how SEVIS can be integrated with the U.S. Visit system.
*******************************
Government Computer News
06/05/03 
DHS puts Callahan on leave 
By Patience Wait and Wilson P. Dizard III 
Post Newsweek Tech Media

The Homeland Security Department has placed a senior official on administrative leave while officials continue to investigate reports that she got her academic degrees from a diploma mill in Wyoming. 

?Laura Callahan has been placed on administrative leave. This is our standard practice and does not reflect that we have made any decision on this matter or serve as any indication of what our decision may be,? said Michelle Petrovich, DHS Science & Technology Directorate spokeswoman. 

The paid leave is effective immediately, she said late Thursday. 

Callahan, senior director in the office of DHS CIO Steve Cooper, has claimed on her official resume to hold bachelor?s, master?s and Ph.D. degrees from Hamilton University. But that institution, in Evanston, Wyo., is not accredited by any organization officially recognized by the Education Department, and has been labeled a diploma mill by Oregon. 

Petrovich said Thursday that department officials are still collecting facts, so it is difficult to put a time frame on when the investigation will be complete. 

?We want to be sensitive to this person as well as to the allegations that have been lodged,? she said. 

Earlier in the day, Sen. Susan Collins, R-Maine, chairwoman of the Senate Government Reform Committee, said she was very concerned about the reports of Callahan?s doubtful academic credentials. 

?I had asked for the GAO to investigate diploma mills, and I was shocked at the ease of getting [fake degrees],? Collins said. ?One of the things we have to do is get the Department of Education to crack down. I think in the case of security clearances, the investigations for presidential nominees are much more in depth and would reveal [false credentials]. The problem is those investigations that are done for people in lower-level but still sensitive positions.? 

Collins spoke after a nomination hearing for department officials at the Governmental Affairs Committee. 

A day earlier, Rep. Tom Davis (R-Va.), chairman of the House Government Reform Committee, asked the Office of Personnel Management to explain or create provisions the agency has to guard against federal employees embellishing their resumes with degrees from diploma mills. ?The ease with which these fake credentials can be obtained, and the evident lengths to which the deceit can goeven to the point of manufacturing counterfeit transcriptsis very troubling,? he said in the June 4 letter to OPM director Kay Coles James. 

Callahan and Cooper have not responded to requests for comment.
*******************************
Government Computer News
06/05/03 
Davis requests OPM to investigate feds? use of diploma mills 
By Patience Wait and Wilson P. Dizard III 
Post Newsweek Tech Media

Rep. Tom Davis (R-Va.), chairman of the House Government Reform Committee, has asked the Office of Personnel Management to explain or create provisions the agency has to guard against federal employees embellishing their resumes with degrees from diploma mills. 

?The ease with which these fake credentials can be obtained, and the evident lengths to which the deceit can goeven to the point of manufacturing counterfeit transcriptsis very troubling,? he said in the June 4 letter to OPM director Kay Coles James. 

Davis gave James a July 6 deadline to answer several questions: 


Does OPM have a strategy or guidance for agencies that ensures the acquisition of phony degrees will be discovered before an applicant gets a federal job? 


Has OPM issued any governmentwide policy requiring agencies to screen credentials of employees ?to ensure the credentials they claim are in fact from reputable institutions?? 


Does OPM or any agency keep records of how many misleading resumes have been discovered as a result of these policies? 


Does OPM or any agency ?keep an ongoing list of suspect institutions that can be used to inform employers and employees of what institutions are unacceptable under OPM policies?? 

Davis also asked James to recommend policies OPM could use to avoid hiring or promoting individuals with embellished credentials. 

Davis? request arose from questions about the academic credentials of Laura Callahan, senior director in the office of CIO Steve Cooper at the Homeland Security Department. Callahan came to HSD in April from the Labor Department, where she had been deputy CIO. 

Her official resume lists three degrees from Hamilton Universitya bachelor?s in computer science in 1993, a master?s in computer science in 1995, and a Ph.D. in computer information systems in 2000. The organization has been identified as a diploma mill by the state of Oregon, unaccredited by any agency recognized by the Education Department. 

An HSD spokeswoman said yesterday that the department is taking the question of Callahan?s credentials seriously, and the matter is being investigated. 

Davis and several other members of Congress have also ordered HSD to look into the matter.
*******************************
Government Computer News
06/05/03 
Army researches messaging and disaster recovery apps for AKO 
By Dawn S. Onley 

FORT LAUDERDALE, Fla.The Army Knowledge Online portal is integrating new applications for users, said speakers at this week?s Army Small Computer Program?s IT Conference. 

Among the new features are purchasing, messaging and collaboration applications, and disaster recovery capabilities. 

The portal will provide users access to the ASCP MarketPlace Direct e-commerce program. MarketPlace Direct lets Defense Department and civilian agencies buy IT products and services from established schedule contracts. 

Marian Keitelman, product leader of MarketPlace Direct, said the site will use Secure Sockets Layer and could employ the Army's reverse proxy program, an added security measure that protects against hacker attacks. 

Users who are logged onto AKO can access the e-commerce site directly, without having to log on again, Keitelman said. 

Some accounts on AKO will run the newest version of Microsoft Exchange Server 2003, others will continue to use Sun One Messaging Server, which AKO now uses. 

Exchange offers features that the Sun messaging system cannot match, said Col. Timothy Fong, chief technology officer for the Army Knowledge Office. Exchange Server 2003 messages have a richer text and more security features than Sun One, he said. Individual commands will decide which messaging system to use because not all users need the extra features. 

Fong also said the Army will run two pilots later this month. One will test IBM Lotus Sametime software to enhance user planning and collaboration. Its features include virtual meetings, whiteboarding, and voice and video over IP. 

The Army also will test AKO?s disaster recovery capabilities. Fong said the first data recovery operation will start later this month, although he declined to reveal where the Army would host the backup capability. 

?The objective is to have two identical sites so you don?t know where your traffic is going,? he said. 

The Army now has 1.4 million accounts on AKO. In addition to hosting Army business applications, the portal lets soldiers view pay statements, apply for changes in personnel status, find news, and chat with other users via instant messaging. 

The Army uses an instant messaging app from Bantu Inc. of Washington, as do the Navy and Air Force. Fong said the Army is researching an initiative to extend its IM capabilities to the Navy and Air Force so soldiers can chat with other service members.
*******************************
Government Executive
June 5, 2003 
Bush administration to unveil cybersecurity initiative 
By Maureen Sirhal, National Journal's Technology Daily 

The Bush administration is set to announce a cybersecurity initiative on Friday, prompting speculation by technology industry experts that officials will unveil the hierarchy of a new government office on the subject. 

Robert Liscouski, assistant secretary for infrastructure protection at the Homeland Security Department, will host a roundtable to unveil the initiative, said David Wray, a department spokesman. Word of the event touched off talk that the White House has chosen a cybersecurity director who will be placed within Homeland Security, but Wray cautioned that the event would not be a "personnel announcement." 

Sources close to the issue suggested that department officials are likely to announce the structure of the office, however. These people said Homeland Security will create a cybersecurity office within the information analysis and infrastructure protection directorate, and that the head of that office will report to either Liscouski or Frank Libutti, the directorate undersecretary. 

The White House and Homeland Security have yet to select the person to fill the job, sources said. "They are still vetting the names of who they want to be cybersecurity czar," according to one industry source.

The move is intended to allay concerns expressed by the high-tech industry and critics on Capitol Hill that the Bush administration is not prioritizing the issue of cyber security. Industry experts said that whomever assumes leadership of the office must have the appropriate authority to execute effectively recommendations outlined in the national cybersecurity strategy, which the White House released in September.

Right now, "the Internet is being attacked," one source said, adding that "the people responsible for protecting the Internet have to be people recognized in the administration and the industry as credible and effective." 

William Harrod, director of investigative response for TruSecure, an intelligence and security provider, said any role the federal government has in trying to bolster cyber security will require organizations to do it voluntarily, so a cybersecurity director has to have enough cachet within the administration to reach out to senior executives in the largest corporations and persuade them to follow the cybersecurity recommendations. 

"It is really is going to require somebody at almost a Cabinet-level position to administer a brokering between the federal government and these organizations," he said.

He argued that the director needs both authority and a specific budget, noting that cybersecurity advisers in the Bush administration historically have lacked both.

Still, other industry sources said the anticipated announcement is a positive development.

"The fact that they've agreed to build an organization around implementing the national strategy, that it's to coordinate the cyber activities of the various offices within the department and to serve as the central point of contact for industry, that's what we've been asking for," the source said. "We're glad they're doing this." 
*******************************
USA Today
Wired magazine story to detail Slammer Web attack

SEATTLE (Reuters)  Wired magazine is planning to publish the underlying code for the Slammer worm that slowed Internet traffic to a crawl in January, raising questions over whether such articles inspire future hackers or educate potential victims.

The article, which will be published in Wired's July issue due out Tuesday, details how the Slammer worm, also known as "SQL Slammer", spread rapidly through the Internet on Jan. 25, shutting down Internet service providers in South Korea, disrupting plane schedules and knocking out automatic teller machines.

The article includes the underlying software code for Slammer.

"The thing to note here is that the people who are in a position to wreak havoc on the Internet don't have to read about it on Wired," said Blaise Zerega, managing editor of the magazine, which covers a range of subjects centered around technology.

"But the people who are in a position to prevent it from happening do read Wired. Our thinking was to shine a light on the problems and issue a wake-up call," Zerega said.

Slammer caught many tech-savvy companies by surprise including Microsoft, which had already installed a critical software patch for SQL software for networked computer servers that would have averted most of the damage.

Redmond, Washington-based Microsoft, which even saw some of its own servers running SQL software infected by the Slammer worm, also came under fire although it had issued a patch for the security hole months before Slammer had hit.

Vincent Weafer, senior director of security response at computer security company Symantec, said that while detailed articles could be important in raising computer security awareness, they also needed to be handled with care.

"It's something you need to be cautious of, particularly in a broad-based magazine," Weafer said.

"You need to be aware of your audience and what you're saying to them," Weafer said.

In the article, entitled "Slammed! An inside view of the worm that crashed the Internet in 15 minutes," writer Paul Boutin details how Slammer's computer code infiltrates a software programs and replicates itself.

Slammer caused damage by duplicating itself rapidly and spreading to other vulnerable computers, clogging Internet traffic.

Experts noted that the article does not provide details on how to plant the worm, or how to erase any trace of doing so, which would be the most important step for a malicious hacker who wanted to avoid being caught.

"I think the approach to safeguarding the Internet should not be break-and-fix," said Wired's Zerega, "It should be proactive, and that's what we're doing here."
*******************************
USA Today
Man sentenced in Wisconsin stalking case

KENOSHA, Wis. (AP)  A man convicted of secretly installing a tracking device in his ex-girlfriend's car was sentenced Thursday to nine months in jail. 

Paul A. Seidler, 43, pleaded no contest in April to stalking. Prosecutors had agreed to recommend the nine-month sentence as part of a plea agreement. The judge also sentenced Seidler to five years probation. 

Former girlfriend Connie Adams testified in January that Seidler always seemed to know her location. She said he sometimes pulled alongside her car as she was driving and showed up at a restaurant where she was meeting a date. 

Adams eventually contacted police, and an officer found the tracking device under the hood of her car. 

The judge said the suspect had no criminal record but had a long history of threatening and trying to manipulate women. Seidler apologized in court but said his ex-girlfriend led him on. 
*******************************
USA Today
Democratic candidate uses Internet site to build support

DES MOINES (AP)  From Java Joe's Coffeehouse in Des Moines to the student union at Stanford University, disillusioned Democrats and political neophytes gathered to learn more about the insurgent presidential candidacy of Howard Dean. 
All thanks to a Web site called Meetup. 

In past campaigns, fresh-faced volunteers went door to door or used the phone to spread a candidate's message. Here in the 21st century, though, the Dean campaign is trying to build a deep, cheap grass-roots political organization through the Internet. 

On Wednesday night, potential Dean supporters congregated at 259 meeting sites in 231 cities. 

Stu Shulman, who teaches environmental policy at Drake University, knows little about Iowa's precinct caucuses, but he showed up at the coffeehouse and declared himself ready to learn. 

"I've worked for a cause I believed in," he said as he bounced his 14-month-old son, Liam. "I've never worked for a person before." 

Shulman and about 25 others sipped coffee and beer while trading stories and ideas about helping Dean's long-shot White House bid. 

"When you make your pitch, make it very personal," advised Thatcher Williams, a self-employed technology consultant who hosted the meeting. 

Dean campaign manager Joe Trippi said he pays Meetup $2,500 a month to comply with federal laws regulating companies that serve presidential campaigns. 

Meetup is an electronic gathering spot for people who share all kinds of interests. The second-most popular Meetup site is for witches. Pagans rank sixth, Elvis enthusiasts 10th. 

It's not unusual for upstart candidates to look for nontraditional ways of getting the word out. Conservative Pat Buchanan tapped into talk radio. Televangelist Pat Robertson used a network of churches. 

"No question, unconventional, underdog candidates need to get into the living rooms of voters every which way," said GOP consultant Greg Mueller, who worked for Buchanan. "For us, it was radio and the Internet. It helps to build an audience." 

Dean's strategy may be untried and untested, but he's got little to lose. He won't have the money of rivals such as Sens. John Kerry of Massachusetts and John Edwards of North Carolina, nor will he have the backing of traditional Democratic groups, such as labor, that Rep. Dick Gephardt of Missouri can muster. 

"It's worth a shot," said Jean Hessburg, executive director of the Iowa Democratic Party. 

But Drake University political science professor Dennis Goldford isn't sure the Internet is a powerful tool to carry the message at this point. 

"In 50 years it may be effective, maybe even in 25 years," he said. "This is the very early stage of Internet campaigning." 

For younger voters, however, the Internet is a central part of their lives. 

University of Iowa buddies Chad Aldeman and Mike Davis, both 19, say they're heading to precinct caucuses for Dean, and both spend time on Dean-related Internet sites. "It's one of the things that sets him apart from the other candidates," said Davis. 

In McLean, Va., about 35 Democrats gathered at the eCiti Cafe and Bar for a similar pitch. Dean supporters handed out campaign donation forms and took checks. 

In a meeting in Andover, Mass., Carol Gendeel, 56, a self-described "very liberal Democrat," said she's given $50 to the campaign after studying Dean's positions online. 

In a meeting at Stanford, the Silicon Valley heart of high-tech, about 75 people read campaign handouts when Carolyn Curtis brought the meeting to order. 

"The good old Internet  we're just whomping the hell out of it," Curtis said. 
*******************************