[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips July 11, 2003

Clips July 11, 2003

ARTICLES

Warner Sets Tax Sights On Internet, Businesses 
House Votes to Allow Overhaul of Overtime 
Rule provides liability protection for anti-terror technologies 
Hackers Hijack PC's for Sex Sites
Groups Campaign Against India on Internet 
DHS hires SAIC for architecture work 
DOD, allies will train under common architecture 
DHS official to leave for private sector 
Liberty Alliance offers advice on external ID federation
Antispam hearing: Dueling House bills debated
RIAA Legal Campaign Knows No Borders 

*******************************
Washington Post
Warner Sets Tax Sights On Internet, Businesses 
Va. Working Poor Would Get Relief 
By R.H. Melton
Friday, July 11, 2003; Page A01 

RICHMOND, July 10 -- Gov. Mark R. Warner (D) urged Republican lawmakers today to consider imposing broad taxes on Internet retail sales and higher taxes on corporations, while easing the tax burden on the working poor, as part of a landmark overhaul of the Virginia tax code.

"If there were ever a time that we need to put aside partisanship and . . . the normal things that divide us, now is that time," Warner told a new tax-rewriting commission made up largely of GOP legislators.

Warner's cordial but occasionally tense session with legislators at his Executive Mansion residence produced pledges of bipartisan cooperation on tax reform, a complex issue that has eluded solutions for decades and that has taken on new urgency in an era of record state budget shortfalls and escalating needs in education and transportation funding.

The meeting also set the stage for another confrontation between Warner, who is still seeking a legacy at the midpoint of his term, and a disciplined Republican legislative majority more inclined toward tax cuts than tax increases. The commission of seven Republicans and three Democrats will present tax code changes to the 2004 General Assembly, as will Warner, who plans to wait until after the Nov. 4 legislative elections to disclose the details of his plan.

Warner called on General Assembly leaders to ensure a tax system that the Democrat said should be fairer, simpler and more modern than the current "patchwork quilt of antiquated revenue sources and too many loopholes."

Warner encouraged the assembly to consider extending the sales tax to services and to give counties and cities new tools -- perhaps revenue-sharing or new taxing powers -- that could ease local governments' reliance on property taxes for funds.

"The system is not fair when citizens pay tax on purchases in stores but not on purchases through catalogues or over the Internet," Warner said in a position paper distributed to tax commission members. Virginia taxes a limited number of Internet products originating in the state and is one of several states lobbying for a standardized Internet sales tax policy. Congress must decide whether to continue a national moratorium on taxing Internet services. 

On individual income taxes, the single most important source of money for the state treasury, Warner said the current system "places unfair burdens" on many low-income Virginians. Warner said disparities include heads of households who make about $35,000 a year and are taxed at the top rate of 5.75 percent -- and who in some cases pay more in taxes than someone who earns $100,000 or more.

House of Delegates Speaker William J. Howell (R-Stafford), who did not attend the meeting but is crucial to passage of any comprehensive revision, disputed Warner's income tax analysis, saying the top 10 percent of Virginia filers -- those reporting $100,000 or more in income -- pay 52 percent of all state income taxes, while poor people pay a vastly smaller share.

"I don't think we put a disproportionate burden on the lower income," Howell said. "If anything, it's a low-tax state."

Warner did not say whether he favored increasing the income tax rate on wealthy Virginians to recapture the revenue the state would lose by granting relief to low-income Virginians, though commission members from both parties agreed that relief would almost certainly require adjusting tax brackets and rates.

On corporate taxes, Warner said too many big businesses were legally shielding their sales and profits.

"The result is that individual taxpayers carry too much of the tax burden and other businesses are put at a competitive disadvantage," Warner said.

The statewide Chamber of Commerce, a politically muscular group that supports some of Warner's general ideas on taxes, quickly served notice that it would fight any assault on Virginia's corporate community.

"This is the first time we've heard this governor say that Virginia's corporations are undertaxed," said chamber vice president Stephen D. Haner. "I hope he keeps in mind they have one very effective and legal strategy for avoiding higher state taxes: They can move and take their jobs with them."

Seated around the mansion's 15-foot mahogany dining table, Warner and several tax commission members pledged cooperation in what both sides conceded would be an arduous undertaking in any year, let alone one in which all 140 assembly seats are on the Nov. 4 ballot.

The new tax code commission, which includes Warner's finance secretary and tax commissioner, is the latest of several panels that have studied the system in recent years but produced no sweeping recommendations.

The last legislative panel recommended the repeal of the estate tax, which was approved by the 2003 legislative session but vetoed by Warner, who promised to support it as part of a tax code overhaul.

Del. Leo C. Wardrup Jr. (Virginia Beach), a House Republican leader and member of the commission, said Warner should disclose the details of his tax proposals well before the 2004 legislative session.

"We need your thoughts," Wardrup told the governor. "Otherwise, we're wandering in the dark."

Warner said he was outlining broad principles for a tax restructuring that will have winners and losers but also overall fairness.

"There will be, in any tax reform plan, some folks who pay higher taxes, some folks who pay lower taxes," Warner said. 

John L. Knapp, a University of Virginia economist who has advised several governors of both parties, faulted Warner for not building an expansive case for tax reform. 

"It don't think it's real thorough-going," Knapp said of Warner's outline. "This idea that you start with a clean slate and end up with a beautiful, logical tax system just isn't democracy."
*******************************
Washington Post
House Votes to Allow Overhaul of Overtime 
Labor Department's Redefinition of Rules Would Help Many Lower-Income Workers 
By Juliet Eilperin
Friday, July 11, 2003; Page A02 

The House narrowly voted yesterday to let the Bush administration overhaul 50-year-old rules governing workplace overtime, a move that would help low-income workers but penalize many middle- and upper-income employees.

The 213 to 210 vote killed a Democratic-led effort to prevent the Labor Department from redefining who qualifies for overtime pay. The department has proposed changing the salary levels and other factors that determine which employees must be paid a higher wage when they work more than a normal workday or workweek.

Employers and House GOP leaders back the changes, saying they would bring 1.3 million poorer Americans into the overtime system while making it clearer which better-off workers are exempt. Union officials and most Democrats, however, say the rules would exempt millions of Americans from earning time-and-a-half when they work extra hours.

Yesterday's vote, which came as the House considered a massive labor, education and health spending bill, represented a serious test of the president's labor policy. It sparked an intense lobbying battle between unions and employers, as well as a White House veto threat.

Under the proposed rules, workers earning up to $22,100 a year would be eligible for overtime pay if they were not already collecting it. The current cap, established in 1975, is $8,060. Most of those earning $65,000 or more, by contrast, would no longer be eligible.

The new regulations would also give employers greater flexibility in reassigning middle-income workers to managerial and supervisory roles, thereby depriving them of overtime rights. As many as 8 million employees might lose overtime pay under the change, according to the Economic Policy Institute.

Democrats sought to block the administration's overtime rules, offering an amendment that would incorporate the 1.3 million low-income workers into the system while suspending the rest of the policy. As GOP leaders, White House lobbyists, trade associations and unions jockeyed for votes, lawmakers debated whether to prevent the administration from rewriting rules that had been in place for decades.

Rep. Ralph Regula (R-Ohio), who chairs the Appropriations subcommittee on labor, health and human services and education, said the proposal would "elevate a million people into an opportunity to earn extra money." But Rep. George Miller (D-Calif.) said the new regulations would take "millions of dollars of hard-earned cash out of Americans' pockets. Overtime is not a luxury. It is a necessity for many of our American families."

Unlike many House votes, several moderate Republicans sided with Democrats on the labor issues. New York GOP Reps. Peter T. King and Jack Quinn, for example, backed Miller's amendment.

But Speaker J. Dennis Hastert (R-Ill.) managed to keep several others in line. He lobbied Rep. Don Young (R-Alaska) for several minutes as time ran out; Young eventually voted with the GOP leaders.

Now that the administration's opponents have lost in the House, they appear unlikely to prevail in the Senate, where Sen. Tom Harkin (D-Iowa) plans to offer a similar amendment to a State Department bill.

Shortly after the House finished its overtime vote, lawmakers voted 215 to 208 to approve the $138 billion bill funding education projects, medical research and health programs and job training initiatives in 2004.

Republicans said that even in an era of tight budgets, they are providing money for a range of government programs. Their bill includes $9 billion for the Education Department, $27.6 billion for the National Institutes of Health and $4.9 billion for worker training programs.

"We have funded education in a way it's never been funded before," said Rep. Michael N. Castle (R-Del.). But Democrats, who pushed unsuccessfully for greater spending by scaling back tax cuts aimed at the wealthiest Americans, said the GOP is failing to meet critical social needs.

Rep. David R. Obey (Wis.), the top Democrat on the Appropriations Committee, estimated the measure would translate into 7 million fewer meals for seniors, $200 million less for poorer Americans who rely on home heating assistance, and $2.2 billion less for educating poor children and those with special needs.
*******************************
Government Executive
July 10, 2003 
Rule provides liability protection for anti-terror technologies 
By Matthew Weinstock
mweinstock@xxxxxxxxxxx 

The Homeland Security Department Friday will publish a proposed rule designed to accelerate the development of anti-terrorism technologies. Mandated by the law that created the department, the rule will protect companies from massive lawsuits in the event such technologies fail to prevent another terrorist attack.


A copy of the rule began circulating around Washington on Thursday. In it, the department notes twin aims: to produce ?as much certainty as possible regarding the application of the liability protections,? and ?provide the department with sufficient program flexibility? to address individual cases that may arise. 


Under the rule, companies can apply to have certain products and services qualified as anti-terrorism technologies. Once given that stamp of approval by the Homeland Security Department, firms will have liability protection in the event that their technology fails before or during a terrorist attackassuming the failure was not based on negligent behavior. The liability protection extends to technologies used by federal, state or local governments, as well as the private sector. 


The legislation creating the department bars suits for punitive damages. 

Firms applying for liability protection are required to get a basic level of insurance coverage. In the draft rule, the department does not specify the amount or type of such insurance.


?The secretary does not intend to set a ?one-size-fits-all? numerical requirement regarding required insurance coverage for all technologies,? the proposal states. ?The secretary will not require insurance beyond the point at which the cost of coverage would ?unreasonably distort? the price of the technology.? 


Several sources contacted by Government Executive did not comment on the proposed rule, because they had not yet read the 54-page document. However, in interviews earlier this week many company officials said they have been waiting for months for the regulations. They were leery of bringing new products, or even existing products, to the homeland security marketplace without liability protection. 


?The problem is, we are not protected,? said Steve Carrier, vice president of business development and strategic planning at Northrop Grumman. ?It?s not only a problem at [the federal level] but in the states, too. We are being asked to bid on things and there is unlimited liability. You can?t put the company at risk. That is the bottom line. ?


The department said it plans to implement the rule as quickly as possible. For federal acquisitions, Homeland Security will begin taking applications immediately. For products developed for other levels of government, companies can submit applications after Sept. 1.


There is a 30-day comment period on the proposed rule. The department may issue an interim final rule after that and continue to refine the regulation.


One area that is bound to gain significant attention during the comment period is how the rule treats services. The legislation¾and regulation¾clearly stipulate that such items as support services are covered, in addition to products. However, the proposal is fairly ambiguous in defining ?services,? making it difficult for firms to know if they are eligible for coverage.


?Everybody is pleased that the rules have finally come out and the 30-day comment period shows that the department is committed to moving forward quickly,? said Stan Soloway, president of the Professional Services Council, an Arlington, Va.-based contractors association. ?But on the services side, they are clearly not ready to implement the rule. ?
*******************************
New York Times
July 11, 2003
Hackers Hijack PC's for Sex Sites
By JOHN SCHWARTZ

More than a thousand unsuspecting Internet users around the world have recently had their computers hijacked by hackers, who computer security experts say are using them for pornographic Web sites.

The hijacked computers, which are chosen by the hackers apparently because they have high-speed connections to the Internet, are secretly loaded with software that makes them send explicit Web pages advertising pornographic sites and offer to sign visitors up as customers.

Unless the owner of the hijacked computer is technologically sophisticated, the activity is likely to go unnoticed. The program, which only briefly downloads the pornographic material to the usurped computer, is invisible to the computer's owner. It apparently does not harm the computer or disturb its operation.

The hackers operating the ring direct traffic to each hijacked computer in their network for a few minutes at a time, quickly rotating through a large number. Some are also used to send spam e-mail messages to boost traffic to the sites.

"Here people are sort of involved in the porno business and don't even know it," said Richard M. Smith, an independent computer researcher who first noticed the problem earlier this month. Mr. Smith said he thought the ring could be traced to Russian senders of spam, or unwanted commercial e-mail.

By hiding behind a ring of machines, the senders can cloak their identity while helping to solve one of the biggest problems for purveyors of pornography and spam: getting shut down by Internet service providers who receive complaints about the raunchy material.

The web of front machines hides the identity of the true server computer so "there's no individual computer to shut down," Mr. Smith said. "We're dealing with somebody here who is very clever."

By monitoring Web traffic to the porn advertisements, Mr. Smith has counted more than a thousand machines that have been affected.

The creators of the ring, whose identities are unknown, are collecting money from the pornographic sites for signing up customers, the security experts say. Many companies play this role in Internet commerce, getting referral fees for driving customers to sites with which they have no other connection.

The ring system could also be used by the hackers to skim off the credit card numbers of the people signing up, said Joe Stewart, senior intrusion analyst with Lurhq, a computer security company based in Myrtle Beach, S.C.

The current version of the ring is not completely anonymous, since the hijacked machines download the pornographic ads from a single Web server. According to the computer investigators, that machine apparently is owned by Everyones Internet, a large independent Internet service company in Houston that also offers Web hosting services to a large number of companies. Jeff Lowenberg, the company's vice president of operations, said that he was not aware of any illegal activity on one of his company's computers but said that he would investigate.

Mr. Stewart said the ring was most likely a work in progress, and that flaws, like being tied to a single server, would be eliminated over time. 

He said the ring was troubling not just because of what it is being used for now but also because of what it might be used for next.

"This system is especially worrisome because they have an end-to-end anonymous system for spamming and running scams," he said. "It's not a far stretch to say that people who are running kiddie porn sites could say, `Hey, this is something we could use.' "

The computer ring is the latest in an evolution of attacks that allow creators of spam and illicit computer schemes to use other people's computers as accomplices. For several years, senders of spam have relied upon a vestigial element of the Internet mail infrastructure known as "open relay" to use Internet servers as conduits for their spam.

As network administrators have gradually shut down the open relay networks, spam senders have used viruses to plant similar capabilities on home and business computers.

But this appears to be the first viral infection to cause target computers to display whole Web sites, Mr. Smith, the researcher, said.

A Justice Department official said that the computer ring, as described to him, could be a violation of at least two provisions of the federal Computer Fraud and Abuse Act.

The ring has also been used to run a version of a scheme for collecting credit card information from unwary consumers that has been called the "PayPal scam," Mr. Smith said. The hijacked computers send e-mail messages that purport to come from PayPal, an online payment service owned by eBay, asking recipients to fill out a Web site form with account information.

It is unclear precisely how the program, which depends on computers hooked up to high-capacity, high-speed Internet connections, gets into people's computers. Mr. Smith said that he thought that the delivery vehicle was a variant of the "sobig" virus. But Mr. Stewart, the computer security expert at Lurhq, said he had seen no evidence that the "sobig" virus was the culprit, and is looking at other mechanisms for delivery.

Neither Mr. Smith nor Mr. Stewart has found a simple way to tell whether a computer is infected. Technically, the rogue program is a reverse proxy server, which turns a computer into a conduit for content from a server while making it appear to be that server. Mr. Smith said when word of the program gets out, antivirus companies are likely to offer quick updates to their products to find and disable the invasive software.

Computer owners can protect themselves by using firewall software or hardware, which prevent unauthorized entry and use of computers, Mr. Smith said. The rogue program does not affect the Apple Macintosh line of computers or computers running variants of the Unix operating system.

Mr. Stewart, who has written a technical paper to help antivirus companies devise defenses against the porn-hijacking network, has named the program "migmaf," for "migrant Mafia," because he thinks the program originated in the Russian high-tech underworld.

Hackers from the former Soviet Union have been linked to several schemes, including extortion attempts in which they threaten to shut down online casinos through Internet attacks unless the companies pay them off. 

Antispam activists have also accused Russian organized crime organizations of taking over home and business PC's to create networks for sending spam. "They always seem to lead back to the Russian mob," Mr. Stewart said.
*******************************
Associated Press
Groups Campaign Against India on Internet 
Fri Jul 11, 4:53 AM ET
By NUPUR BANERJEE, Associated Press Writer 

CALCUTTA, India - Democracy advocates in Myanmar are operating more and more from neighboring countries such as India, where they use the Internet to campaign against the military government. 

   

The dissidents  working mainly out of India, Bangladesh and Thailand  provide one of the few independent sources of news on Myanmar, disseminating information through Web sites or e-mail, said several pro-democracy writers at a workshop at Falta, a riverside resort 30 miles south of Calcutta. 


"Forty years of the junta have ensured the smothering of the independent media, but we try to disseminate authentic news on the country," said Soe Myint, editor of the New Delhi-based Mizzima Internet news site. 


The workshop, ending Friday, was held to train amateur reporters and chart a media policy for a democratic Myanmar, said Soe Myint. 


Soe Myint arrived in India in 1990 after admittedly hijacking a Thai Airways flight to Calcutta to protest the Myanmar military regime's rejection of the May 1990 elections won overwhelmingly by pro-democracy leader Aung Sung Suu Kyi's National League for Democracy party. Despite his confession, Soe Myint was acquitted of the hijacking charges by a Calcutta court last week. 


Internet use in Myanmar is limited. The country's three newspapers, its radio and television channels are also strictly controlled by a military-appointed press board. 


"These online independent news groups have become the window for the international community to peer inside this opaque country," said Aung Naing, editor of the Dhaka, Bangladesh-based, Network Media Group. 


Soe Myint accused the military regime of unleashing a "cyber war" on the news sites. 


"Our e-mail systems are always coming under virus attacks. The viruses keep coming and we have to depute two or three people just to keep cleaning our system," he said. 


The four India-based news organizations that participated in the workshop were Mizzima News, Narinjara News, Kaladan Press Network and Khonumthung News. 


They recently formed Burma News International, a news agency that will sell information on Myanmar to subscribers. Myanmar is also known as Burma. 


"The BNI model, if successful, will be implemented by the news groups functioning from Myanmar's eastern borders, mainly from Thailand," said Gary Rozema of the Burma Relief Center on the Thailand-Myanmar border. 


Myanmar's military government has recently come under intense international criticism for its May 30 arrest of Suu Kyi following a bloody clash between her supporters and backers of the junta. Suu Kyi, who never has been convicted of a crime, won the Nobel Peace Prize in 1991. 


The country has gone without much bilateral aid and no new aid from the World Bank (news - web sites) and the International Monetary Fund (news - web sites) since 1988 when the military brutally crushed a pro-democracy uprising. Washington banned new investment by U.S. companies in 1997.
*******************************
Government Computer News
07/11/03 
DHS hires SAIC for architecture work 
By Jason Miller 

Homeland Security Department officials are defining the data, application and technical layers of their enterprise architecture and expect by October to have a transition strategy for getting to their ?to be? state. 

Amy Wheelock, an enterprise architect in the office of the CIO, said the high-level conceptual blueprints define the department?s day-to-day mission as well as the data each program collects and the collection technology. That work will lay the foundation for a more detailed enterprise architecture, she said. 

DHS has hired a team of contractors led by Science Applications International Corp. of San Diego to put together the architecture. Wheelock said SAIC won the five-month, $1.2 million task order in May, beating out five other bidders including Booz, Allen & Hamilton Inc. of McLean, Va., IBM Corp. and three small companies. 

DHS used the General Services Administration?s Management, Organizational and Business Improvement Services schedule to establish a five-year blanket purchase agreement with SAIC for the work. 

?It?s hard to prescribe what we want two or three years out, so this lets us define the work we need to do in the short term and see what our needs are as the architecture develops,? Wheelock said. ?We want to see the products SAIC delivers and where we go from there. We do not anticipate all our architecture work coming from this one contract.? 

With SAIC?s help, officials last month finished defining the department?s business lines, such as screening passengers, verifying cargo and responding to emergencies, Wheelock said. Knowing the business lines, SAIC can dig deeper to tailor the transition plan to the target architecture. 

?A lot of enterprise architectures have detailed plans, but we don?t have time to create one at that level of detail,? she said. ?But we will have the strategic directions and consolidation principles that CIO Steve Cooper wants to follow. Some areas such as human resources or financial management lend themselves easily to consolidation, while others such as program business systems will be more complicated.? 

The target architecture, Wheelock said, will incorporate the business lines and the activities that support them. The transition plan will detail which systems should be kept, modified or turned off. 

?The work SAIC is doing is the planning for the rest of what we have to do,? Wheelock said, adding that the Office of Management and Budget and the General Accounting Office ?are looking for us to get this together. We are beginning to get concrete things in place to work from.?
*******************************
Government Computer News
07/11/03 
DOD, allies will train under common architecture 
By Dawn S. Onley 

To achieve battlefield interoperability, the Defense Department will conduct joint training exercises that link air, water and land forces in one common picturenot just ad hoc, but permanently. 

Deputy DOD secretary Paul Wolfowitz has signed a policy establishing the Joint National Training Capability, with $1.3 billion in funding from fiscal 2004 to fiscal 2009. JNTC, mandated by the 2001 Defense Planning Guidance, will be a global network linking live fire ranges to computers and simulators. Ultimately, the network will extend to coalition and allied forces. 

The common architecture will connect several Defense joint warfighting and training centers. The first test of the joint capabilities will come in January, DOD officials said yesterday at an Alexandria, Va., briefing sponsored by National Training Systems Association. 

Paul W. Mayberry, deputy undersecretary for readiness, said the department must change the way it trains because of shifts in the global security environment. 

?Times have changed, and our past methods, although successful, must change to adapt to new threats,? Mayberry said. 

The individual military services do fine training, Mayberry said, but a lack of joint training has resulted in missteps in battle, such as friendly fire incidents and poor battlefield communications. 

DOD is not looking for a single large contractor to develop the single architecture, but rather numerous small contractors that each build a piece of it, officials said.
*******************************
Government Computer News
07/11/03 

DHS databases target child porn 

By Wilson P. Dizard III 
GCN Staff

The Homeland Security Department this week announced new databases and information sharing agreements to combat exploitation of children by Internet pornographers. 

Operation Predator ?integrates the department?s authorities to target those who exploit children,? secretary Tom Ridge said in a statement. 

The department?s Bureau of Immigration and Customs Enforcement will coordinate the operations from its CyberSmuggling center in Fairfax, Va. The bureau is responsible for mobilizing IT, intelligence, investigative, and detention and removal functions. 

DHS will exchange the investigative data with the National Center for Missing and Exploited Children. Other DHS partners are the FBI, Justice Department, Postal Inspection Service and Secret Service, which will develop a National Child Victim Identification Card. 

The CyberSmuggling Center ?is hosting the nation?s only comprehensive, searchable system for identifying digital child pornography images,? the department said. It will seek to identify children in online images to help law enforcement agencies worldwide rescue the children involved. 

DHS said that the CyberSmuggling Center already has identified the children in about 300 images and has given the information to six law enforcement agencies nationwide. 

A bureau Web portal will link to all public ?Megan?s Law? Web sites, which collect information about persons convicted of crimes against children. The bureau is using the FBI?s National Crime Information Center database of about 300,000 names of registered sex offenders to check against ?all indices available to ICE,? the department said. 

The bureau also is working with state governors and foreign countries to coordinate information about aliens in this country who have been convicted of child sex crimes and are due to be deported.
*******************************
Government Computer News
07/10/03 
DHS official to leave for private sector 
By Matt McLaughlin 

Sarah Jane League will step down as a special assistant for infrastructure and information assurance with the Homeland Security Department next week to begin work with an IT company. 

League will oversee the DHS business unit of G&B Solutions Inc. of McLean, Va., beginning Tuesday, the company said in a news release. 

The move ends a 36-year career in federal service for League, who before joining DHS served as the CIO of the Defense Information Systems Agency. In her most recent post, she worked in the office of the National Communications System, within DHS? Information Analysis and Infrastructure Protection Directorate. 

League, a member of the Senior Executive Service, also worked in a variety of other IT, security and management assignments and has held prominent positions within the federal IT community, including president of the Government IT Executive Council. 

She will direct G&B?s information and infrastructure assurance services, the company said.
*******************************
Government Computer News
07/10/03 

OPM calls for more scrutiny of employees? credentials 

By Patience Wait and Wilson P. Dizard III 
PostNewsweek Tech Media

The Office of Personnel Management wants agencies to improve their reporting about the personnel and security clearance reviews. 

Agencies base personnel decisions on OPM background investigations into employees? suitability for security clearances, but agencies aren?t reporting all their actions back to OPM as required, OPM director Kay Coles James said yesterday in a memo to agency chiefs. 

James linked her action to recent reports, first published by Government Computer News and Washington Technology, of the inclusion of inflated educational credentials claimed on federal employees? resumes. GCN and Washington Technology have found dozens of federal IT and contractor employees with degrees from unaccredited schools. 

?You may recently have read about the inclusion on resumes of degrees from schools that are not properly accredited,? James said. ?Such degrees are from schools, often referred to as ?diploma mills,? that are not accredited by an appropriate authority subject to oversight by the U.S. Department of Education, and generally involve payment of a fee in exchange for a degree, without any significant academic requirements.? 

James referred agencies to an OPM manual on the topic, Guidance for Agencies Concerning Bogus Degree Claims. 

She said OPM would audit the personnel security programs of agencies that do not comply with her request to tighten up their reporting of personnel decisions. 

Federal regulations require agencies to report personnel decisions related to security clearances to OPM. But James? memo said that in fiscal 2002, agencies failed to comply for: 


80 percent of investigations for nonsensitive, low-risk positions 


52 percent of investigations for secret clearances 


45 percent of field investigations conducted for higher than secret clearances. 

James directed agency heads to review all investigations on hand and report back within 60 days on any resulting personnel decisions. 

?OPM will institute oversight audits of agency personnel security programs if adjudication decisions are not reported back as requested,? she said. 

She added: ?When employees or prospective employees list these in documents required for OPM background investigations, we notify agencies of the issue. If this occurs, the agency is responsible for taking any necessary and appropriate steps to address the issue.? 

OPM also plans to improve awareness of the issue by holding half-day seminars Aug. 12 and 13. 

Alan Ezell, a former FBI agent who conducted investigations leading to the prosecution of dozens of diploma mill operators in the 1980s, will present part of the seminar. 

Ezell said his presentation would focus on how security and human resources officials can identify diploma mill degrees and distinguish them from credentials granted by legitimate schools. 

OPM announced the seminars today. ?We saw the need to further assist agencies in the clearance process, but we wanted to give them detailed instruction on how to spot and verify education achievements during the hiring process, prior to the OPM background investigation,? James said in a statement. 

The statement cited OPM?s activities over the years in combatting the diploma mill problem. 

?It is my goal to ensure that those hired to work for the federal government are of the highest integrity,? James said. ?That is why we are focused on trying to help human resources and personnel security professionals become more effective in their screening process.?
*******************************
Computerworld
Liberty Alliance offers advice on external ID federation
The guidelines explain how companies should work together on the ID effort 
By Scarlet Pruitt, IDG News Service
JULY 10, 2003

Having already set forth the technical requirements needed to create a federated identity architecture, the Liberty Alliance Project released guidelines this week for how companies should include business partners and customers in their networks, saying it?s crucial for the advancement of Web services. 
The group released the ?Liberty Alliance Business Guidelines? document at the Burton Catalyst Conference in San Francisco on July 8, outlining how companies should ensure mutual confidence, risk management, liability assessment and compliance when considering wide-scale deployment of federated network identity. 

The guidelines come on the heels of the group's federated network-identity technical requirements, released last year, and the second set of recommendations, which is available for public review. 

The nonprofit group represents more than 170 companies and organizations working to develop and deploy open, federated network-identity standards. Members include companies such as Sun Microsystems Inc., SAP AG and American Express Co. 

The group's open standards for federated identity compete against Microsoft Corp.'s Passport service in the user authentication and identity management arena. 

The Liberty Alliance said it believes that the open standards approach will drive the future growth of Web services. Web services are expected to become a $21 billion industry by 2007, the organization said, citing figures from Framingham, Mass.-based research company IDC. 

The group claimed that extending access to customers, partners and suppliers is the next phase of Web services and advises companies to put processes in place that guard against losses due to identity fraud and leakage of information. 

What's more, it said, companies should determine what parties will bear which losses in a network environment and agree on policies and procedures for compliance with government standards and privacy policies. 

More information on the organization's recommendations and technical requirements can be found at the Liberty Alliance Project?s Web site. The group is expected to release additional guidelines later this year. 
*******************************
Computerworld
Antispam hearing: Dueling House bills debated
Antispam activists want tougher measures enacted 
By Grant Gross, IDG News Service
JULY 10, 2003

The U.S. Congress is pushing for an antispam law to be passed this year, but two current proposals drew criticism yesterday from antispam activists for not going far enough. 
In a joint hearing, two U.S. House of Representatives subcommittees debated the merits of two House proposals, the Reduction in Distribution (RID) of Spam Act of 2003 and the Anti-Spam Act of 2003, two of nine bills addressing spam that have been introduced in Congress this year. 

Supporters of the Anti-Spam Act, written by Reps. Heather Wilson (R-N.M.) and Gene Green (D-Texas), promoted it as tougher on spam than the RID Spam Act, written by Rep. Richard Burr (R-N.C.) and backed by Rep Billy Tauzin (R-La.), who is chairman of the House Energy and Commerce Committee. The RID Spam Act also was the subject of a hearing before the House Judiciary Committee's Subcommittee on Crime, Terrorism and Homeland Security Tuesday. 

But a representative of the Consumers Union pressed for tougher legislation than either bill provides, including the right of private e-mail users to file class-action lawsuits against spammers. Chris Murray, legislative counsel for the Consumers Union, has also called for Congress to pass a law forcing companies to get opt-in permission from customers before sending them commercial e-mail, but yesterday he said an opt-in provision doesn't seem politically realistic. 

Murray defended his call for class-action lawsuits, however, after Rep. Cliff Stearns (R-Fla.) suggested that most spammers would be "judgment-proof." Stearns called for civil and criminal penalties for spammers, which are included in both bills, but he questioned whether class-action lawsuits might target legitimate companies that mistakenly send out unsolicited e-mail. 

"Spam is such an enormous problem, we need to recruit the help of all sides of this, and consumers are an absolutely integral part of that," Murray responded. "I think that people would go after the money, but assuming that [companies] with the money have done some bad behavior, I don't think that's necessarily out of line." 

Paul Misener, vice president for global public policy at Amazon.com Inc., said his company wouldn't support legislation that penalizes legitimate companies that fall victim to technology or human mistakes. "Amazon.com will support particular legislation only if it recognizes that legitimate businesses occasionally make honest mistakes," he said. "Such truly honest mistakes simply are not the cause ... of consumer angst." 

Also not in either bill is a trusted e-mail sender idea being advanced by Microsoft Corp. Ira Rubinstein, Microsoft's associate general counsel, urged the two subcommittees to consider legislation that would encourage companies to sign up with e-mail standards groups that would promote ethical e-mailing techniques. One way to encourage e-mail senders to sign up would be for Congress to require an "ADV" advertisement label on all commercial e-mail sent by nonmembers of a trusted e-mail group. 

Backers of the Wilson-Green bill touted its requirement that sexually oriented commercial e-mail include an opt-out link recipients can use without having to look at adult-themed pictures, and its requirement that if a recipient opts out of receiving future e-mail from a company, in the same request he can opt out of any e-mail from business affiliates of the company as well. 

The Burr bill requires sexually oriented e-mail to include an "ADT" label but doesn't include a provision that allows recipients to opt out of e-mail from a company and all its business affiliates. Instead, recipients would have to opt out of receiving e-mail from each business partner. 

Critics of the Burr bill questioned why consumers could easily be put on an e-mail list of dozens of business affiliates but should have to opt out of each one of them separately. "To create an extra hurdle for them ... will require them to opt out repeatedly," said Paula Selis, senior counsel for the Washington state attorney general's office. "They have less control over their e-mail box." 

Backers of the Wilson-Green bill also objected to RID Spam's definition of spam as e-mail that has as its primary purpose a commercial message. They said that definition would allow spammers to send unsolicited e-mail with a commercial message buried inside of it. 

The Wilson-Green bill also prohibits bulk commercial e-mail with deceptive subject lines, something the Burr bill doesn't do. 

Burr defended the bill, saying that while it isn't perfect, it has the best chance of passing through the full House. House members are 98% of the way to creating a good bill, he said, but he also warned that legislation alone won't kill spam completely. "Don't one of us walk away from here and think we can design a trap that will eliminate all [spam]," he said. 

While the subcommittee members argued over approaches, all of them said Congress needs to pass antispam legislation. Charles "Garry" Betty, president and CEO of Internet service provider EarthLink Inc., said the amount of spam coming into his network has increased by 500% in the past 18 months and is now half of all e-mail traffic on EarthLink's networks. EarthLink has used spam-blocking techniques that catch more than 70% of spam and has filed more than 100 lawsuits against spammers to fight the influx. 

Tauzin called the two bills "remarkably similar" but pushed for the RID Spam Act, which he has co-sponsored. "If our house is our castle, our castle is under siege right now," he said of the growing amount of spam. "It's time to give Americans the chance to say no to unwanted e-mail."
*******************************
Washington Post
RIAA Legal Campaign Knows No Borders 
By Cynthia L. Webb
Friday, July 11, 2003; 9:42 AM 

Is the U.S. recording industry willing to spend whatever it takes to pursue its legal war against online music piracy? The Recording Industry Association of America certainly want us to think that as they open an overseas front in their struggle.

The RIAA, along with Sony Music Entertainment and BMG Music, filed a lawsuit this week against the Spanish-based owner of defunct music site Puretunes.com. The suit seeks $150,000 per copyrighted song used without permission by the site's owner, Sakfield Holding Co. 

Puretunes.com closed last month. When it was operating, it charged different fees for set blocks of music downloading or unlimited music downloads, BBC News Online said. While that sounds like a legitimate pay-for-play plan, the music industry's suit "contends that Sakfield lacked the right under U.S. law to copy or distribute the labels' music online without their permission. The federal court in Washington has jurisdiction, the lawsuit argues, because Sakfield sought to do business there, attracted customers and sold music there and maintained the Puretunes Web site through Washington-based Internet service provider Cogent Communications Group Inc.," The Los Angeles Times yesterday explained. 
? BBC News Online: Record Firms Sue Puretunes http://news.bbc.co.uk/2/hi/entertainment/3057715.stm

? The Los Angeles Times: Record Labels Sue Owner of Puretunes (Registration required) http://www.latimes.com/la-fi-puretunes10jul10,0,5907183.story


According to The Associated Press, Puretunes started its operation in May and "charged users for access to music files while misleading consumers into believing they were buying music from a licensed online retailer, the suit said." The AP continued: "When Puretunes launched, Sakfield claimed it had obtained licenses from Spanish trade associations representing publishers and musicians, enough to comply with Spanish copyright laws, the suit said. But the record companies assert that no such 'loophole' in Spanish law exists and that Sakfield is liable." 
? The Associated Press via The Miami Herald: Recording Industry Sues Spanish Web Site Operator http://www.miami.com/mld/miamiherald/business/6276223.htm

The RIAA, in a statement reported by CNET's News.com, said: "It's bad enough that Puretunes was selling music illegally -- it's even worse that they tried to perpetrate a fraud on the public by claiming that they were a legitimate business." 
? CNET's News.com: RIAA Sues Vanishing Spanish Music Site http://news.com.com/2100-1027_3-1024382.html

Even as the RIAA continues to escalate its legal battle against piracy, the industry got more bad news this week: The U.K.-based International Federation of Phonographic Industry (a cousin to the RIAA) reported that the pirated music marketplace is a $4.6 billion industry, with pirated copies making up two out of every five CDs or tapes sold, the BBC reported in a separate article. Here's a twist: "The IFPI said much of this money is going to support organised criminal gangs, dispelling the myth that it is a 'victimless crime.' Jay Berman, chairman of the IFPI, said: 'This is a major, major commercial activity, involving huge amounts of pirated CDs. What we have faced in the last three years is an explosion worldwide in the number of unlicensed optical disc plants.'" 
? BBC News Online: Global Illegal CD Market Swells http://news.bbc.co.uk/2/hi/entertainment/3053523.stm

And the industry's legal strategy might be backfiring altogether, according to an article in The Washington Post on Sunday. "Forget about it, dude -- even genocidal litigation can't stop file sharers," Wayne Rosso, president of file-swapping site Grokster, told the paper. "Rosso said file-trading activity among Grokster users has increased by 10 percent in the past few days. Morpheus, another file-trading program, has seen similar growth. Maybe MP3 downloaders are interpreting the recording industry's threat -- an escalation from its earlier strategy of targeting file-sharing developers -- as a sort of 'last call' announcement. Starting June 26, RIAA President Cary Sherman said in a news conference, the group would collect evidence against consumers illegally trading files of copyrighted music, with lawsuits to follow in a couple of months. Or maybe consumers figure the odds of getting busted by the RIAA's legal team are low: A recent report by research firm Yankee Group est!
imates
 that 56 million people use file-swapping software in the United States." 
? The Washington Post: File Swappers To RIAA: Download This! 
http://www.washingtonpost.com/wp-dyn/articles/A7359-2003Jul3.html
*******************************