[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips September 3, 2003



Clips September 3, 2003

ARTICLES

Court: ISP subpoenas a 'grave' matter 
DOD reveals biometrics plan 
Federal agencies? banking system moves online 
Exit Polls From '02 Election to Be Released 
NIST gets a permanent CIO 
Finns Rush to Register Internet Domains
A Campus Fad That's Being Copied: Internet Plagiarism
Study: In a crisis, interoperability is paramount 
Evans to replace Forman at OMB 
DHS expands information sharing 
GAO: Federal, local agencies do not effectively share terrorism intelligence 
FutureWatch: Using computers to outthink terrorists
Users turn to automated patch management tools
Nuclear plants warned of computer threat
FTC: Millions hit by ID theft 

*******************************
CNET News.com
Court: ISP subpoenas a 'grave' matter 
By Declan McCullagh 
Staff Writer, CNET News.com
September 2, 2003, 5:11 PM PT


In a decision that buttresses electronic privacy rights, a federal appeals court has ruled that attorneys violate the law when they try to subpoena e-mail messages to which they are not entitled. 
The 9th U.S. Circuit Court of Appeals said last week that a lawyer was acting unreasonably when sending a subpoena to an Internet service provider, NetGate, that sought "all copies of e-mails sent or received by anyone" at a company called Integrated Capital Associates--the opposing party in the litigation. 

"The subpoena power is a substantial delegation of authority to private parties, and those who invoke it have a grave responsibility to ensure it is not abused," Judge Alex Kozinski wrote on behalf of a unanimous three-judge panel. The panel ruled that the attorney had violated two federal laws: the Stored Communications Act and the Computer Fraud and Abuse Act. 


This case is unrelated to the ongoing controversy before the U.S. Court of Appeals for the District of Columbia Circuit, in which Verizon Communications is fighting the recording industry's use of the Digital Millennium Copyright Act's turbocharged subpoena process to unmask alleged peer-to-peer pirates. In the 9th Circuit case, the subpoenas invoked the Federal Rules of Civil Procedure, not U.S. copyright law. 

But the 9th Circuit Court's blunt warning to attorneys not to abuse subpoenas might serve as word of caution to the Recording Industry Association of America, legal experts said, especially because the same appeals court may eventually hear a case in which Pacific Bell Internet Services (also known as SBC Communications) claims that the RIAA has abused the DMCA subpoena process. 

The ruling should also give pause to companies that file so-called "John Doe" lawsuits to unmask online critics, said Paul Levy, an attorney at the nonprofit group Public Citizen who has specialized in Internet anonymity cases. 

"It could provide a federal cause of action for someone whose identity was released where there is no notice process, where there's no process whatsoever, and the (Internet service provider) complies rather than giving notice," Levy said. "It's another way that the Does (the defendants) have to get back at the person drafting the subpoena who comes at them without justification." 

In the case that led to last week's ruling, the attorney obtained 339 e-mail messages--including personal communications and mail that had no relevance to the lawsuit--from the ISP, NetGate. The trial judge fined the attorney $9,000 in sanctions but did not agree that the lawyer's overly broad subpoena had violated federal privacy laws. 

The appeals court disagreed. The Stored Communications Act "reflects Congress' judgment that users have a legitimate interest in the confidentiality of communications in electronic storage at a communications facility," the three-judge panel concluded. "Just as trespass protects those who rent space from a commercial storage facility to hold sensitive documents, the Act protects users whose electronic communications are in electronic storage with an ISP or other electronic communications facility." 
*******************************
Government Computer News
09/02/03 
DOD reveals biometrics plan 
By Dawn S. Onley 

By 2010, the Defense Department will use biometrics in its classified and unclassified systems to improve physical and cyber security, according to a memorandum released last week by DOD?s Biometrics Management Office. 

DOD might require that military, civilian and contractor personnel provide biometric identifiers, such fingerprints and iris scans, to enter buildings or gain access to data. 

?This is an important step toward establishing a single biometric system across the DOD enterprise,? said Linda Dean, director of the BMO. 

?The technologies have the potential to provide deep and multilayered protection, especially in combination with traditional security tools and methods like firewalls, smart cards and public-key infrastructure,? she said. 

And standardization is ?the only way to ensure that the components are interoperable, the systems are integrated and the processes are consistent,? Dean added. 

The Aug. 25 memo, signed by deputy secretary of Defense Paul Wolfowitz, urges BMO to develop a scalable biometrics component of the Global Information Grid, the department?s worldwide information infrastructure. It also called for development of standards, interoperability tools, testing frameworks, and product validations to help Defense agencies use biometric technology. 

Wolfowitz said the provisions of the memo would be incorporated into a biometrics technologies directive and implementation instructions.
*******************************
09/02/03 
Federal agencies? banking system moves online 
By Mary Mosquera 

The Treasury Department?s new Internet-based cash management system, CashLink II, went into operation today for deposit reporting and bank management information. 

The financial data system from Treasury?s Financial Management Service collects and manages government funds and provides deposit information to federal agencies. 

This latest version of CashLink connects agencies, financial institutions, Federal Reserve banks and Treasury fund managers through an electronic network. 

The system receives deposit information, initiates fund transfers and tallies daily deposits made through various collection mechanisms, such as Treasury?s general account, Lockbox, Pay.gov, credit cards and paper checks, into Treasury?s account at the Federal Reserve Bank. 

CashLink II lets agencies verify deposits online, conduct automated clearinghouse and Fedwire transfers and voucher adjustments to reconcile accounts, FMS said. Previously, these tasks required phone calls, faxes and letters. 

Agencies doing business with Treasury through CashLink II need Internet access and the Work Package II software, which replaces the Cash-Link Agency Access system, FMS said. 

Federal agencies, financial institutions, Federal Reserve banks and FMS began enrollment and data set-up in July. 

Early next year, users will have access to an automated bank management information reporting interface and new deposit reporting data fields. 

CashLink II is designed to better monitor the government?s cash position, giving officials information on how much cash the government has on hand at the beginning of each day. It also updates management software used to track the services and costs reported by financial institutions. 

The system makes it easier for Treasury to reconcile agency accounts and verify collateral.
*******************************
Washington Post
Exit Polls From '02 Election to Be Released 
By Richard Morin and Claudia Deane
Tuesday, September 2, 2003; 4:54 PM 


The missing-in-action 2002 national exit poll data has been given to the Roper Center for Public Opinion Research for public release after a panel of academic experts reviewed the survey and concluded the results were reliable.

"We have the data for the national exit poll" and will be releasing it later this month, said Richard Rockwell, executive director of the Roper Center. The center, which is affiliated with the University of Connecticut, is the country's leading archive of survey data collected by academic, media and commercial polling organizations, including The Washington Post.

The 2002 exit poll data also was provided last week to another academic archive, the Inter-university Consortium for Political and Social Research at the University of Michigan.

The decision by the media partners to release the data has not ended controversy over the troubled 2002 exit poll. ABC News and Fox News will not be identified as sources of the data when it is publicly offered by the center. In meetings with the other consortium members, both organizations had expressed concern over the accuracy of the results and questioned the value of releasing the survey data 10 months after Election Day, other consortium members said.

"Each of the news organizations involved made independent judgments. The fact that most agreed to release it to a university shows that there is some level of comfort with it. Other news organizations did not join that effort. What you can interpret from that, speaking only for ABC News, is that it's not our plan to report off that information," said Jeffrey Schneider, vice president for media relations at ABC News.

VNS was composed of CBS, CNN, NBC and the Associated Press, together with ABC and Fox. The consortium conducted the exit poll on Election Day last year. But the survey findings were never made public after a massive computer collapse on election night prevented VNS from tabulating the results -- a failure that led directly to the demise of VNS.

Despite the Election Day meltdown, the 2002 results have been eagerly sought by journalists and academics seeking to resolve unanswered questions about the election, including the impact of public worries about terrorism and Iraq on the vote.

To resolve doubts about the accuracy of the results, the former VNS partners directed a panel of academics to review the 2002 data. The panel consisted of Michael Delli Carpini, Dean of the Annenberg School at the University of Pennsylvania; Michael Hagen, a Rutgers University professor; Peter Miller, associate dean of the School of Communication at Northwestern University and editor of Public Opinion Quarterly; and Colm O'Muircheartaigh, vice president for statistics and methodology at the National Opinion Research Center at the University of Chicago. 

"The 2002 data is of comparable utility and quality to past VNS exit polls, and we recommend that it be released for public use," the panel recently advised the news organizations.

Along with the results, the former VNS partners sent the Roper Center a written introduction to the data and statement of methodology that will be provided with the data. "While the 2002 data were not processed on election night because of problems with the intake capability of the computer system, there were no reports of problems with the questionnaire itself, the sample of precincts, the number of refusals, or any other part of the actual process of selecting voters and having them answer the exit poll questionnaire," the statement reads.

The introduction goes on to note that the data was provided by CBS, CNN, NBC and the Associated Press.

Lois Timms-Ferrara, associate director of the Roper Center, said the data should be publicly available "in a week or two. . . . We want our archivist to look it over and make sure there is nothing problematic about it." The data will be sold by the center -- "I hope for less than $100," Timms-Ferrara said -- and made available to paid subscribers to the center's online archive.

The data was e-mailed last week to the center and ICPSR by Kathy Frankovic, director of surveys for CBS News. It consists of a computer file containing more that 17,000 individual interviews with voters conducted by VNS on election day.

For the Roper Center, the data represented an unexpected but welcomed surprise.

"I was thrilled," Timms-Ferrara said. "I though those data were lost forever. My reaction was, wow, it's not even my birthday."

Disloyal Loyalists 

Those unruly partisans, it's no wonder that the national parties have to spend so much money to keep them in line. 

Only one in three self-described strong partisans on each side say they "always vote" for their own party, according to a recent Washington Post poll.

Overall, about one in five Americans describes him or herself as a "strong Republican" (no Arnold jokes please) and the same percentage say they are a "strong Democrat."

But ask them about fealty in the voting booth, and only 32 percent of loyal GOP-ers report an unsullied Republican voting record, and only 38 percent of loyal Democrats. It's a "what have you done for me lately" electorate, folks.

Up to this point, the parties are at parity when it comes to loyalty. Then the Democrats lose it.

While six in ten faithful Republicans go on to say they "mostly vote Republican," only four in ten faithful Democrats give the parallel response. 

But where the data taketh away, the data also giveth. Though there aren't as many strong partisans as party chairmen might desire, there are more weak partisans than pollsters often indicate.

Roughly a third of the nation describes themselves as political independents, according to the Post poll. But when asked, the majority of these respondents, report leaning toward one party or the other. 

In the Post poll, about four in ten independents leaned toward the Democrats and about three in ten toward the Republicans. 

Among those who leaned Democrat, half say they mostly or always vote Democratic, four in ten say they split their votes in half, and only 4 percent report consistently voting for the GOP. The pattern is roughly similar for the comparably sized group who say they lean toward the Republicans. 

This puts these independent leaners in striking distance of those who claim a party attachment, but say it's weak.

The Post poll was conducted among 1,003 randomly selected adults nationwide, who were interviewed by telephone Aug. 7-11. The margin of sampling error for overall results was plus or minus 3 percentage points, and ranged from 7 to 9 percentage points for subgroups.

Staff writer Richard Morin is on the board of directors of the Roper Center for Public Opinion Research. 
*******************************
Government Computer News
09/02/03 
NIST gets a permanent CIO 
By Wilson P. Dizard III 

National Institute of Standards and Technology director Arden Bement Jr. named Cita Furlani the CIO of the Commerce Department agency. 

Furlani has been acting CIO of NIST since November 2002. 

Previously, Susan Zevin, the acting director of the Information Technology Laboratory, performed the CIO functions. 

Before being named acting CIO, Furlani served on detail from NIST as the director of the National Coordination Office for Information Technology Research and Development, which reports to the White House via the Office of Science and Technology Policy and the National Science and Technology Council. She has held several other technology management positions at NIST. 

Furlani holds a master?s degree in electronics and computer engineering from George Mason University and a bachelor?s in physics and mathematics from Texas Christian University. 

(Click for NIST news release http://cio.nist.gov/NIST_CIO_Furlani_Named_CIO.htm)
*******************************
Mercury News
Posted on Mon, Sep. 01, 2003   
Finns Rush to Register Internet Domains
Associated Press


 
HELSINKI, Finland - Finnish communications authorities were swamped with domain name applications for ".fi" suffixed Internet names, with more than 17,000 requests sent within hours after a change in legislation Monday allowed for more lax Internet addresses in the country.

During the first six minutes after the government communications office opened, it had received 4,000 new requests.

Previously, domain names have only been issued that exactly correspond to the name of a business, organization or trademark. Not even acronyms of these have been allowed in the .fi domain.

Under the new legislation, Finnish domain names can be almost arbitrary, as long as they fulfill "requirements of decency."

Before Monday, 42,000 names were registered under the old rules. With the change, the number jumped up by a third during the first day, according to the Finnish Communications Regulatory Authority that oversees Internet names.

The new law still requires that the applicant be a company or an organization registered in Finland. Also, domain name squatting - the hoarding of domain names that sound attractive with the purpose of making a profit - is forbidden.

Registration of a Finnish domain name costs euro50 (US$55) and is valid for three years.

__

On the Net:

Finnish Communications Regulatory Authority: http://www.ficora.fi
*******************************
New York Times
September 3, 2003
A Campus Fad That's Being Copied: Internet Plagiarism
By SARA RIMER
A study conducted on 23 college campuses has found that Internet plagiarism is rising among students.

Thirty-eight percent of the undergraduate students surveyed said that in the last year they had engaged in one or more instances of "cut-and-paste" plagiarism involving the Internet, paraphrasing or copying anywhere from a few sentences to a full paragraph from the Web without citing the source. Almost half the students said they considered such behavior trivial or not cheating at all.

Only 10 percent of students had acknowledged such cheating in a similar, but much smaller survey three years ago.

This year's study, organized by Donald L. McCabe, a management professor at Rutgers University, surveyed more than 18,000 students, 2,600 faculty members and 650 teaching assistants at large public universities and small private colleges nationwide. No Ivy League schools were included.

"There are a lot of students who are growing up with the Internet who are convinced that anything you find on the Internet is public knowledge and doesn't need to be cited," Professor McCabe said.

The survey solicited students' comments about cheating, and one student wrote, "If professors cannot detect a paper from an Internet source, that is a flaw in the grader or professor."

Another student wrote: "One time I downloaded a program off the Internet for my class. I hated the class and it was mandatory so I didn't care about learning it, just passing it."

Forty percent of students acknowledged plagiarizing written sources in the last year. As with the Internet cheating, about half the students considered this sort of plagiarism trivial.

Twenty percent of the faculty members said they use their computers, such as the turnitin.com site, to help detect student plagiarism.

Twenty-two percent of undergraduates acknowledged cheating in a "serious" way in the past year  copying from another student on a test, using unauthorized notes or helping someone else to cheat on a test.

"When I work with high school students, what I hear is, `Everyone cheats, it's not all that important,' " Professor McCabe said. "They say: `It's just to get into college. When I get into college, I won't do it.' But then you survey college students, and you hear the same thing."

The undergraduates say they need to cheat because of the intense competition to get into graduate school, and land the top jobs, Professor McCabe said. "It never stops," he said.

One of the students from the survey wrote: "This isn't a college problem. It's a problem of the entire country!"

Professor McCabe said: "Students will say they're just mimicking what goes on in society with business leaders, politicians. I don't know whether they're making excuses for what they've already done, or whether they're saying, `It's O.K. if I do this because of what's going on.' " 

Many of the colleges involved in the survey have begun trying to fight cheating by educating both faculty members and students on academic integrity and revising school policies.

Princeton University was not involved in the survey, but it is among the schools that have been taking steps to make sure students know that it is wrong to use material from the Internet without citing the source.

"We need to pay more attention as students join our communities to explaining why this is such a core value  being honest in your academic work and why if you cheat that is a very big deal to us," said Kathleen Deignan, Princeton's dean of undergraduate students.

There has not been any noticeable increase in cheating at Princeton, Ms. Deignan said, with 18 to 25 cases reported a year. Administrators have noticed, however, that sometimes students and parents do not understand why it is wrong to "borrow" sections of text for a paper without providing attribution, Ms. Deignan added.

Princeton students are also concerned, and they have organized a campus assembly on integrity for Sept. 21.

"We live in a world where a lot of this is negotiable," Ms. Deignan said. "Academic institutions need to say, `This is not negotiable.' " 
*******************************
Government Computer News
09/03/03 
Study: In a crisis, interoperability is paramount 
By Patricia Daukantas 

The Homeland Security Department should focus its IT architecture efforts on interoperability rather than technology, according to an industry trade group. 

The homeland security task force of the Government Electronics and IT Association studied last year?s investigation of the Washington-area sniper attacks for potential lessons in IT deployment during a crisis. 

The GEIA task force found ?a well-defined and executed relationship between the available information technology tools and law enforcement officers? in the sniper case. This was in large part because Montgomery County, Md., police shared its stockpile of wireless telephones with other agencies. (Click for Nov. 4, 2002, GCN story) 

Other lessons learned include ?rapid access to a working integrated technology infrastructure? and the inclusion of IT and logistics in planned disaster drills, the study said. 

The report also called for establishing a ?virtual command post model? for secure interagency communications. 

GEIA?s homeland security task force included representatives of Computer Sciences Corp., Northrop Grumman Corp., Booz Allen Hamilton Inc. of McLean, Va., Verizon Federal Markets and several other companies. The task force also examined news reports and interviewed seven Montgomery County law enforcement officials. 

GEIA will present the task force report to DHS
*******************************
Government Computer News
09/03/03 
Evans to replace Forman at OMB 
By Thomas R. Temin and Jason Miller 

CAMBRIDGE, Md. - Energy Department CIO Karen Evans will replace Mark Forman as the head of federal IT, an Office of Management and Budget official said today. 

Evans will take over as OMB?s associate administrator for IT and e-government next month, said Clay Johnson, OMB?s deputy director for management, at the IRMCO conference in Cambridge, Md. 

Johnson said OMB interviewed ?a couple? of people for the position, but ?Karen became our focus from the beginning because she was so highly regarded.? 

Evans, who spent 19 months as the Energy CIO, will take over the government?s top IT post as 25 Quicksilver e-government initiatives are nearing completion, and the next wave of projects are in the planning stages. 

In addition to guiding the e-government projects, Evans? priorities will include maintaining the discipline agencies have adopted in the IT planning and budgeting process. 

?No one is better equipped to get that done than she is,? Johnson said. 

At Energy, Evans oversaw a push for employing project managers on major programs. ?Everyone agrees that we need to be good stewards of the public?s money, so that we are achieving the outcomes of these projects in support of each agency or department mission,? Evans said in an interview this spring with PostNewsweek Tech Media. 

Before joining the department, she was director of the IRM division in the Justice Department?s Office of Justice Programs. She also was assistant director for information services at Justice headquarters, responsible for Internet resources. 

Evans is the vice chairwoman of the Federal CIO Council, the principal forum for agency CIOs to develop recommendations for federal IT management policy, procedures and standards. 

She has a bachelor's degree in chemistry and an MBA from West Virginia University. 

Forman, who joined OMB as the first head of federal IT and e-government efforts in June 2000, resigned his post last month to join an IT start-up in California. 

The associate administrator post is a presidential appointment but does not require Senate approval, Johnson said.


(Click for Evans' biography http://cio.doe.gov/Leadership/Evans_bio.html) 

(Posted 9:04 a.m., updated 9:53 a.m.)
*******************************
Government Computer News
09/02/03 
DHS expands information sharing 
By Wilson P. Dizard III 

The Homeland Security Department today unveiled a program that will increase its terrorist information sharing with state and local authorities, as part of a series of steps to reorganize security functions. 

During a speech this afternoon in Washington, department secretary Tom Ridge described the Strategic Communications Resources, or Secure, initiative. 

The project eventually will let state and local authorities funnel terrorist information to federal agencies, Ridge said. 

Under the initiative, DHS is establishing secure videoconferencing links with emergency operations centers in all 50 states, as well as two territories and the District of Columbia. 

All state governors now have secure phones and can receive secure communications, DHS said, without elaborating on the means used for the communications. 

The department is coordinating security clearances for five other officials in each of the states and two territories, DHS said. 

?At some point in time, we expect them to be sending information back to the federal level that we can use? in the Terrorist Threat Integration Center, Ridge said. 

In his presentation, Ridge emphasized that the Homeland Security Threat Advisory Systemthe color-coded ranking of terrorism risk that has come under fire for vaguenesshas additional capabilities that have not been used yet. 

He said the system was designed for regional warnings, ?but frankly, we?ve never received specific, credible information that would enable us to use the system in that way. 

?Nevertheless, as the system works now, it continues to offer a vitally important means of communicating information with our state and local partners,? Ridge said. 

He added that the current state of Code Yellow alert represents a much more secure level of protection against terrorist threats than it did a year ago because of various antiterrorism steps taken since last year. 

In addition to those activities, Ridge today announced several other organizational changes, which in turn will shift the department?s IT posture: 


The Federal Air Marshals Unit and Explosives Unit of the Transportation Security Administration will transfer to the Bureau of Immigration and Customs Enforcement, also within the Directorate of Border and Transportation Security. 
The One Face at the Border initiative will consolidate the functions of immigration, customs and agricultural inspections via a cross-training program so border inspectors will carry out all three functions at once. 
The department soon will send a plan to Congress to consolidate its grant programs via a single, online, paperless process for accessing information needed by states and local governments applying for grants, and for receiving first responders? guidance. 

The One Face at the Border initiative will begin this fall as an initial class of Customs and Border Protection Officer trainees begins preparing to enforce customs, agricultural, immigration and antiterrorism laws and regulations at the border. In addition, the department will use Counter-Terrorism Response inspectors, who will act in roving teams to conduct follow up examinations of suspicious passengers, DHS said.
*******************************
Government Executive
September 2, 2003 
GAO: Federal, local agencies do not effectively share terrorism intelligence 
By David McGlinchey, Global Security Newswire 

Almost two years after terrorists attacked the World Trade Center and the Pentagon, a broad spectrum of U.S. security officials said that information on terrorist threats is still not being shared effectively, according to a General Accounting Office survey.


?No level of government perceived the process as effective, particularly when sharing information with federal agencies. Information on threats, methods and techniques of terrorists is not routinely shared; and the information that is shared is not perceived as timely, accurate or relevant,? the report says.


The survey reveals that officials at all levels were dissatisfied with the amount of intelligence they are receiving. Almost every city surveyed said that they needed information on the movement of known terrorists, but only 15 percent of respondents said that they received this intelligence.


A congressional report issued in July criticized intelligence efforts prior to the Sept. 11 terrorist attacks, including interagency cooperation and information sharing. The Homeland Security Department has also been criticized for its color-coded terrorism alert program. Local officials have said that the alert system does not provide any detailed information to organize effective antiterrorist measures.


The GAO said, however, that the department is working on several initiatives to enhance information sharing. In a July response to the GAO, a senior homeland security official agreed that keeping state and local agencies informed is a ?priority.?


?Not surprisingly, however, after just five months in operation, the department is still formulating internal and external interfaces and protocols on many aspects of the complex issue of information sharing,? wrote Homeland Security Deputy Secretary Gordon England.


According to England, federal officials are in the process of ?providing secure telephones to the governors and security clearances to the homeland security advisors in every state.?


In the absence of an effective, national information system, some states and agencies are developing their own ad hoc solutions, according to the report. California, for example, has established its own statewide antiterrorist information center to disseminate intelligence to local authorities.
*******************************
Computerworld
FutureWatch: Using computers to outthink terrorists
Can software algorithms predict a terrorist's next move before he makes it? 

Future Watch by Dan Verton 

SEPTEMBER 01, 2003 ( COMPUTERWORLD ) - Some of the technology shown in last year's blockbuster movie Minority Report may soon be a reality and a centerpiece of the intelligence community's war on terrorism. In the futuristic thriller, Tom Cruise played the head of a police unit that uses psychic technology to arrest and convict murderers before they commit their crimes. 
Research into new intelligence technology is taking place as part of a $54 million program known as Genoa II, a follow-on to the Genoa I program, which focused on intelligence analysis. 

In Genoa II, the Defense Advanced Research Projects Agency (DARPA) is studying potential IT that may not only enable new levels of collaboration among teams of intelligence analysts, policy-makers and covert operators, but could also make it possible for humans and computers to "think together" in real time to "anticipate and preempt terrorist threats," according to official program documents. 

"While Genoa I focused on tools for people to use as they collaborate with other people, in Genoa II, we also are interested in collaboration between people and machines," said Tom Armour, Genoa II program manager at DARPA, speaking at last year's DARPATech 2002 conference in Anaheim, Calif. "We imagine software agents working with humans ... and having different sorts of software agents also collaborating among themselves." 

Genoa II may be shelved because of its central role in the controversial Terrorism Information Awareness program, but private-sector researchers say many significant advances are still possible and are, in fact, already happening. 

For example, private-sector researchers are studying cognitive amplifiers that can enable software to model current situations and predict "plausible futures." Researchers are also on the verge of creating practical applications to support cognitive machine intelligence, associative memory, biologically inspired algorithms and Bayesian inference networks, which are based on a branch of mathematical probability theory that says uncertainty about the world and outcomes of interest can be modeled by combining common sense with evidence observed in the real world. 

The goal of all of this research is to find a way to make computers do the one thing they aren't very good at: mimicking the human brain's ability to reduce complexity. Computers are good at doing things like playing chess but are incapable of "seeing" and deciphering a word within an image. Biologically inspired algorithms -- the mathematical underpinnings of cognitive machine intelligence -- could change that. 

"One way to make computers more intelligent and lifelike is to look at living systems and imitate them," says Melanie Mitchell, an associate professor at Oregon Health & Science University's School of Science & Engineering in Portland and author of a book on genetic algorithms. "People have already done that with the brain through neural networks, which were inspired by the way the human brain works." 

"In the brain, you have a huge number of simple elements -- neurons -- that are either on or off and are working in parallel. And in ways that are still fairly mysterious, that seems to collectively produce very sophisticated learning," says Mitchell. 

But there are other examples of astounding possibilities, all of which have potential applications in the war on terrorism. For example, Mitchell points to ongoing studies in genetic algorithms that are inspired by evolution -- a computer program that evolves a solution to a problem rather requiring a person to try to engineer one. Likewise, researchers are beginning to produce security applications that mimic the human immune system, she says. 

Hurtling Forward 

Despite formidable technological challenges, there have been successes that could become real products and applications in the next 12 to 24 months. One of those successes has been in the development of inference networks. 

"Some of the core algorithms we are working with have been around for centuries," says Ron Kolb, director of technology at San Francisco-based Autonomy Inc., a firm that makes advanced pattern-recognition and knowledge management software. "It's just now that we're finding the practical applications for them." 

For example, Autonomy uses a proprietary blend of Bayesian statistics and Claude Shannon's Information Theory, which says it's possible to separate critical elements of information from large streams of audio data, to produce algorithms that are making computers smarter and able to learn. 

"We're able to produce an algorithm that says here are the patterns that exist, here are the important patterns that exist, here are the patterns that contextually surround the data, and as new data enters the stream, we're able to build associative relationships to learn more as more data is digested by the system," says Kolb. 

The computers of tomorrow will also know when two or more intelligence analysts are interested in or working on the same problem and will automatically link those analysts and their data, he says. 

In fact, many automotive and aerospace manufacturers have used rudimentary pieces of this type of capability and have saved millions of dollars by leveraging developmental expertise across functional areas, says Kolb. Likewise, such computers could be able to spot a person leaving a suspicious bag at an airport and automatically alert security. "We're no longer looking for information, information is looking for us," Kolb says. 

But Grant Evans, CEO of A4Vision Inc. in Cupertino, Calif., and an expert in cognitive machine intelligence and biologically inspired algorithms, says he thinks he has an idea of where it's all leading. "The algorithms today, particularly biometric algorithms, are very intuitive, meaning the more you use them, the more they learn," says Evans. "Now we're integrating cognitive machine intelligence in the form of video with avatars [3-D digital renderings of real people] that can see and track you. That's the computer of the future." 
*******************************
Computerworld
Users turn to automated patch management tools
Blaster and other worms highlight the need for protection 
Story by Jaikumar Vijayan 

SEPTEMBER 01, 2003 ( COMPUTERWORLD ) - Hoping to better protect themselves against escalating security threats such as the W32.Blaster worm, user companies are taking a fresh look at automated patch management technologies. 
These products, which are available from a growing number of vendors, help users look for new patches, scan their networks for vulnerable systems and automatically distribute the appropriate patches when required. But they don't lessen the need for companies to thoroughly test patches before deploying them on their networks, users said.

In the wake of its experience dealing with Blaster, Baker Hill Corp., a Carmel, Ind.-based application service provider, has deployed automated patch management technology from Ecora Software Inc. in Portsmouth, N.H.

For about $5 per system per year, Ecora's software alerts Baker Hill of new patches, scans its networks for systems that need them and automatically distributes them, said Eric Beasley, senior network manager at Baker Hill. The technology lets the company schedule patch deployment for specific groups of systems and enables it to quickly roll back patches that don't work.

"Till now, we felt we didn't have the business case to say we want to spend money on a patch management system," Beasley said. But threats such as Blaster have highlighted the need for companies to "patch very aggressively," he said.

Vendors offering patch management products include Shavlik Technologies LLC in Roseville, Minn., St. Bernard Software Inc. in San Diego and PatchLink Corp. in Scottsdale, Ariz. Some vendors, such as Ecora and Configuresoft Inc. in Woodland Park, Colo., offer patch management functions as a component of their configuration management software. And Microsoft Corp. offers a similar function with its Software Update Services.

Driving the need for such tools is the simple fact that manual processes aren't sufficient to enable companies to stay current with patches, said Anthony DeVoto, Windows NT administrator at Volvo Finance North America in Montvale, N.J.

There is a need for tools that help companies "more readily identify patches that are applicable to their specific operating environments," said Carl Cammarata, chief information security officer at AAA Michigan in Dearborn.

With the dramatic increase in the number of vulnerabilities being reported, it has become important for companies to have tools that can automatically deploy only the patches that matter, users said.

According to the CERT Coordination Center in Pittsburgh, more than 4,000 software vulnerabilities were reported in 2002, compared with 2,400 in 2001. Just under 2,000 were reported through July of this year.

"Patch management seems to have found itself a full-time position within IT security departments," DeVoto said.

Volvo is a user of St. Bernard's patch management software and was able to deploy the patches for Blaster in a matter of hours, DeVoto said. Despite the automatic distribution that's enabled by St. Bernard, no patching is done without testing the software first, DeVoto added.

The fact that patches still need to be tested before they can be deployed has Bruce Azuma, corporate director of information technologies at Broadview, Ill.-based Wilbert Inc., considering outsourcing the company's patch management functions. "Patching is an area ... we have a lot of issues with at this time," he said. 

*******************************
USA Today
Nuclear plants warned of computer threat
Posted 9/3/2003 2:46 PM

WASHINGTON (AP)  Government regulators are warning nuclear plant operators about computer failures caused by Internet infections, disclosing disruptions of two important internal systems in January at a shut-down nuclear power plant in Ohio. 
The Nuclear Regulatory Commission said safety never was compromised at the Davis-Besse nuclear power plant. The NRC said it was issuing a formal information notice this week to remind operators about the threats to their computer networks from Internet infections. 

The government confirmed that two important systems at Davis-Besse were knocked offline for several hours, a safety parameter display system and the plant process computer. 

The NRC said the plant operator, FirstEnergy Nuclear, determined that a contractor had established an unprotected computer connection to its corporate network that allowed the so-called "Slammer" worm to spread internally. The utility also failed to install a corrective software patch from Microsoft Corp. 

FirstEnergy Nuclear said that, in response, it was documenting all external connections to its computer network, installing additional protective software and instructing employees to be more diligent about patches. 

The NRC said it requires all plant safety systems to be isolated from other parts of a company's computer network or be connected in limited ways that prevent disruptions from affecting them. 

The attacking infection, alternately dubbed "Slammer" or "Sapphire," was never traced. It sought vulnerable computers to infect using a known flaw in popular database software from Microsoft Corp. called "SQL Server 2000." 

The attacking software scanned for victim computers so randomly and aggressively that it saturated many of the Internet largest data pipelines, slowing e-mail and Web surfing globally. 

Disruptions shook popular perceptions that vital national services, including banking operations and 911 centers, were largely immune to such attacks. It interfered with computers at the nation's largest residential mortgage firm and briefly prevented many customers of Bank of America Corp., one of the largest U.S. banks, and some large Canadian banks from withdrawing money from automatic teller machines. 
*******************************
MSNBC
FTC: Millions hit by ID theft 
Survey finds problem much worse than previously believed 
By Bob Sullivan
 
Sept. 3  Nearly 10 million consumers have been victimized by some form of identity theft in the past year, the Federal Trade Commission said Wednesday. In the first government-backed study of its kind, the FTC found identity theft is much more common than previously believed. Victims lost $5 billion because of the crime last year, FTC officials said, and businesses have lost close to $50 billion dealing with the problem.
       AFTER A NATIONWIDE SURVEY of 4,000 adults conducted in March and April , the FTC concluded that 27 million adults had been victimized by some form of ID theft in the past five years. Victims spend between 30 and 60 hours cleaning up the problem after they?ve been hit, the report said. 
       The report suggests earlier government statistics on identity theft victims were severely underestimated. Congress? General Accounting Office had estimated about 750,000 ID theft victims annually; the Federal Trade Commission said in January that about 200,000 consumers reported that they were victims of identity theft.
       FTC Bureau of Consumer Protection director Howard Beales said he was surprised at the number of victims found by the survey.
       ?It was considerably higher than we expected. ... We knew we had a problem with identity theft before this report, but we didn?t know the contours,? he said. ?It?s important to know the scale of the problem we?re dealing with.?
       But this is not the first survey to suggest millions of Americans have been victimized by identity theft. Earlier this year, consulting firm Gartner Inc. published a study claiming 7 million people had been hit by identity theft last year. And last month, Privacy & American Business published a study which arrived at the same number. 
       Avivah Litan, who authored the Gartner study, welcomed the FTC report that confirmed her findings.
       ?That?s great. I hope someone wakes up,? she said. ?There really is nobody looking after the consumers. The banks and financial institutions have no incentive to go after it. I don?t think the numbers look big enough on a balance sheet to for them to spend millions of dollars on a solution.?
?INVISIBLE STRIKE?
       One reason ID theft estimates range so widely: Many victims don?t report the crime. The FTC survey showed that 38 percent of victims ?never told anyone,? Beales said.
      ?There was good news to be found in the FTC survey, Beales said. Two thirds of victims faced no out-of-pocket expenses. Victims are discovering the crime quicker too, thanks to increased attention on the problem: One-third of victims discovered the problem within a week, Beales said.
       ?Consumers are learning to look for signs of trouble,? he said.
       And while incidences of ID theft are still growing, the rate of growth has slowed in the past year, Beales said. And most of that growth is in simple account takeovers, such as credit card fraud, which is easier to fix than full-blown identity theft. 
       But the crime still has severe consequences, and is still shrouded in mystery for most consumers, Beales said.
       ?Identity theft starts out as an invisible strike,? Beales said. ?Half the victims had no idea how the thief got their information.?
*******************************