Clips September 9, 2003

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips September 9,
2003

California Assembly Targets Online Cigarette Sales
Vulnerability to Fraud Is a Risk to National Security, GAO Says 
Fliers to Be Rated for Risk Level 
Anti-spam Bill will be fast tracked
Air Force forms IT-buying council
Securing the homeland: One container at a time
The science of security
GSA to roll out smart cards in 2004 
Veterans Affairs CTO Perry retires 
Homeland research agency gets its first director 
Judge rejects lawsuit against pop-up ads

*******************************
Reuters
California Assembly Targets Online Cigarette Sales
Tue Sep 9, 1:26 AM ET

SAN FRANCISCO (Reuters) - The California Assembly on Monday approved two
bills aimed at helping the cash-strapped state collect more money from
Internet sales as it deals with projected billion-dollar budget
shortfalls. 


One measure would ban retailers from selling or shipping cigarettes to
California addresses unless they provide the name and address of the
buyer so the state can collect the tobacco and sales taxes. 


California law now requires retailers to either collect the state taxes
or print a notice on the shipment letting the buyers know they are
responsible for the taxes -- a situation the bill's sponsor says cost the
state $54 million a year in lost tobacco levies. 


"The issue is how California can collect the tobacco taxes state law
requires every smoker to pay, regardless of whether they buy their
cigarettes from the corner market or from a North Carolina retailer over
the Internet," Democratic Sen. Debra Bowen, the bill's sponsor, said
in a statement. 


The legislation, which lawmakers approved on a bipartisan 48-28 vote, now
moves to the state Senate and was modeled on a 2000 New York law that
with a limited exception banned mail-order tobacco sales. 


The Assembly also approved another Internet tax bill that would require
the state to join a group of some 38 states and the District of Columbia,
working to help states tax remote sellers, including those that operate
online and via mail-order. That measure also now goes to the Senate.


Members of that group known as the Streamlined Sales Tax Project were key
players in a February deal in which eight major online retailers agreed
to begin collecting taxes on behalf of about three dozen states. As part
of that deal, the vendors were granted amnesty for any prior uncollected
taxes. 


California could certainly use new revenue. Lawmakers recently closed a
$38 billion budget gap in a state forecast to have even more
billion-dollar deficits in coming years.
*******************************
Washington Post
U.S. Finds Weakness in ID Systems 
Vulnerability to Fraud Is a Risk to National Security, GAO Says 
By Jonathan Krim
Tuesday, September 9, 2003; Page E01 

State motor vehicle departments are still too vulnerable to fraudulent
applications for driver's licenses, posing an ongoing national security
threat two years after the Sept. 11, 2001, terrorist attacks, according
to a federal report scheduled to be made public today.

In a nearly year-long undercover operation, investigators for the General
Accounting Office found that in nearly half the states, motor vehicle
employees relied solely on visual inspection of documents to verify an
applicant's identity. Out-of-state driver's licenses, which can be
forged, often sufficed for identification without an electronic check
with the issuing state.

And even when clerks thought identity documents were suspicious,
according to the report, the counterfeits were not confiscated and the
applicants were not referred to law enforcement officials.

"A driver's license is the most commonly accepted document used to
identify an individual," Robert J. Cramer, managing director of the
GAO's office of special investigations, wrote in a summary of the
findings. "The weaknesses we identified during this investigation
clearly show that the application process is vulnerable to identity fraud
with serious consequences for national security."

Posing as applicants for licenses, agents visited motor vehicle
departments in the District and seven states, including Maryland and
Virginia, between July 2002 and May 2003. The agents forged documents
using tools readily available at stores and online, including copiers,
scanners, heavy paper, and official-looking stamps and seals. 

Although it sometimes took two or three tries at different offices in a
state, the agents eventually got a license in each one. They often used
fraudulently obtained licenses in one state as identification in others.
Other states visited in the operation were South Carolina, Arizona,
California, Michigan and New York.

The report was commissioned by Senate Finance Committee Chairman Charles
E. Grassley (R-Iowa), who plans to hold hearings today on the ability of
terrorists to thwart homeland security efforts using falsely obtained or
fraudulent Social Security numbers, driver's licenses and other forms of
identity theft.

Several terrorists involved with the Sept. 11 attacks had obtained
Virginia driver's licenses, in part by exploiting a provision that
allowed applicants to claim residency by using a notarized statement that
they lived in the state.

Anne Atkins, spokeswoman for the Virginia Department of Motor Vehicles,
said the loophole was closed soon after the attacks and the state has
tightened its screening processes. But she said states continue to
wrestle with the problem of different identification systems and
standards in different states.

"We're pretty indignant," she said. "Instead of
criticizing, we would prefer the [federal government] assist with
training and funding and working through the problem of how one
establishes identity."

A spokesman for the Maryland Motor Vehicle Administration said the agency
would have no comment until it sees the report, although federal
investigators briefed all of the state offices after their undercover
visits.

Regina Williams, spokeswoman for the District's Department of Motor
Vehicles, defended her agency's record.

"We go through fraudulent document training regularly," she
said, adding that her office frequently catches fraudulent
attempts.

Grassley, however, is concerned that during a time when the country is
supposed to be on heightened alert, the problems have not been
solved.

"I'm skeptical whether any state office has suddenly made issuing
driver's licenses secure enough to stop even a half-way determined
terrorist," he said. "The fact of the matter is that the GAO
used run-of-the-mill counterfeit documents to get valid driver's
licenses."

Although they had not seen the report, officials of the American
Association of Motor Vehicle Administrators praised Congress for throwing
the spotlight on what they consider a significant problem.

"We are not surprised with the findings," said Linda Lewis, the
group's president. "We've been facing the exact same situations for
years."

Lewis said states need more agreement on what documents qualify as proof
of identity, more communication and information sharing between state
computer systems, and more money to do the work.

Jay Maxwell, the group's chief information officer, said that so far,
states also have not yet seen satisfactory new identification
technologies, such as biometrics that match people by fingerprints or eye
patterns.

"This is going to take years," Lewis said.

The hearing also will feature testimony from Youssef Hmimssa, a Moroccan
man who is awaiting sentencing after pleading guilty to fraud charges and
who also has testified against terrorism suspects in the Detroit
area.

Hmimssa is expected to detail a string of identity frauds that enabled
him to come to the United States and obtain a passport, a driver's
license, credit cards and a Social Security number.
*******************************
Washington Post
Fliers to Be Rated for Risk Level 
New System Will Scrutinize Each Passenger, Assign Color Code 
By Sara Kehaulani Goo
Tuesday, September 9, 2003; Page A01 

In the most aggressive -- and, some say, invasive -- step yet to protect
air travelers, the federal government and the airlines will phase in a
computer system next year to measure the risk posed by every passenger on
every flight in the United States.

The new Transportation Security Administration system seeks to probe
deeper into each passenger's identity than is currently possible,
comparing personal information against criminal records and intelligence
information. Passengers will be assigned a color code -- green, yellow or
red -- based in part on their city of departure, destination, traveling
companions and date of ticket purchase. 

Most people will be coded green and sail through. But up to 8 percent of
passengers who board the nation's 26,000 daily flights will be coded
"yellow" and will undergo additional screening at the
checkpoint, according to people familiar with the program. An estimated 1
to 2 percent will be labeled "red" and will be prohibited from
boarding. These passengers also will face police questioning and may be
arrested.

The system "will provide protections for the flying public,"
said TSA spokesman Brian Turmail. "Not only should we keep
passengers from sitting next to a terrorist, we should keep them from
sitting next to wanted ax murderers."

The new system, called Computer Assisted Passenger Pre-screening System
II (CAPPS II), has sparked so much controversy among both liberal and
conservative groups that the TSA has struggled to get it going. Delta Air
Lines backed out of a testing program with the agency earlier this year,
and now the TSA will not reveal which airlines will participate when it
tests a prototype early next year. If all goes as planned, the TSA will
begin the new computer screening of some passengers as early as next
summer and eventually it will be used for all domestic
travelers.

"This system is going to be replete with errors," said Barry
Steinhardt, director of the American Civil Liberties Union's technology
and liberty program. "You could be falsely arrested. You could be
delayed. You could lose your ability to travel."

In the two years since the Sept. 11, 2001, terrorist hijackings, air
security has taken a high priority, and the government has spent $9
billion on improvements. Thousands of explosives-detection machines now
scan checked luggage at airports across the nation. A new force of
federal airport screeners staffs checkpoints, though next year some
airports may revert to private screeners. Cockpit doors have been
reinforced, and hundreds of airline pilots now carry guns. In addition,
the force of undercover air marshals has been expanded, and as many as
5,000 federal immigration and customs agents will be trained to bolster
the force on a temporary basis when the government perceives a heightened
threat. 

Still, many holes in security persist. Airports and aircraft still appear
easy to penetrate, illustrated last month by an accidental landing of
several boaters on the airfield at John F. Kennedy International Airport.
Air cargo remains vulnerable, as virtually none of the items stowed
alongside luggage in the aircraft hold are screened for explosives.
Government officials continue to assess how best to respond to the
possibility of a shoulder-fired missile attack at a commercial airliner,
which they maintain is a serious threat.

In the coming months, major airports in Los Angeles, Seattle, Denver and
Dallas will embark on extensive construction projects to build
explosives-detection machines into conveyor-belt systems that sort
checked luggage being loaded onto planes. (Other airports, including
Washington's, are waiting in line for hundreds of millions of dollars in
government funding.)

Clearly, the TSA says, the job of protecting the nation's skies is not
done.

"Given the dynamic nature of the threat we deal with, it would be
impossible to predict when the work would be finished" on air
security, said TSA spokesman Robert Johnson. "We don't think it will
ever end."

The government says the most significant change in security is still to
come in the form of CAPPS II. The current computer screener program was
developed by U.S. airlines in the mid-1990s in response to government and
public pressure to improve air security after terrorists blew up Pan Am
Flight 103 over Lockerbie, Scotland.

The existing system identifies certain passengers as risky based on a set
of assumptions about how terrorists travel. For instance, passengers are
flagged for additional screening if they bought a one-way airline ticket,
or if they paid with cash instead of a credit card. Passengers who
present a threat under these and other criteria are issued boarding
passes that bear a coding of "SSS" or 
"***."

But the TSA, recognizing that the system is outdated and easy to fool,
wants to replace it and put the government in the role now played by the
airlines in making security assessments.

Under the new program, the airline will send information about everyone
who books a flight to the TSA, including full name, home address, home
telephone number, date of birth and travel itinerary. If the computer
system identifies a threat, the TSA will notify federal or local law
enforcement authorities. The agency has not indicated the number or type
of personnel needed to oversee the program. 

The TSA will check each passenger in two steps. The first will match the
passenger's name and information against databases of private companies
that collect information on people for commercial reasons, such as their
shopping habits. This process will generate a numerical score that will
indicate the likelihood that the passenger is who he says he is.
Passengers will not be informed of their color code or their numerical
score. The second step matches passenger information against government
intelligence combined with local and state outstanding warrants for
violent felonies. 

Airlines like the system because they think it will reduce time
passengers spend at security checkpoints and lower the likelihood that
they will be delayed for their flights. The TSA said the program is
expected to flag fewer people than the current computer screening system.
The agency intends to test the program in several phases to ensure that
it works as promised.

"If it delivers the way it's envisioned, it's going to be a
significant, positive change," the TSA's Johnson said. "It's
going to be a lot fewer people [flagged], but we think it will be the
right people."

David A. Keene, chairman of the American Conservative Union, worries that
the computer screening program will go beyond its original goals.
"This system is not designed just to get potential terrorists,"
Keene said. "It's a law enforcement tool. The wider the net you
cast, the more people you bring in."

As the government takes a new, large role in one aspect of screening, it
is rolling back its presence in another. By late 2004, some airports are
expected to replace the federal screening force with private screeners. A
security law passed after the terrorist attacks allows airports to
"opt out" of the government's federal screening workforce in
November 2004. Many airports, frustrated with the staffing cuts and the
inability to control the number of screeners at each station, believe
they might have more control over the operations if a private company
were in charge.

"I've been in various meetings with many airport managers who are
saying, 'We don't want as much government control around,' " said
James McNeil, chief executive of McNeil Technologies Inc., which provides
security screeners at the airport in Rochester, N.Y., one of five test
airports that employ private screeners. McNeil said he has talked to 20
to 30 airports that are interested in his services. A large association
of the nation's airports estimates that many small airports will opt out
of government screeners next year because their limited flight schedules
require that screeners work flexible hours. The government will still
have a role in security because the private screening companies will
operate under contracts managed by the TSA.

If many airports, particularly large hubs that handle a major portion of
the nation's 30,000 daily flights, choose to revert to the private
screening force, some aviation industry leaders have wondered what that
will mean for the TSA.

The agency, created just months after the terrorist attacks, has already
seen some of its authority stripped. The Federal Air Marshal Service has
moved to a law enforcement division within the Department of Homeland
Security, as has the agency's explosives unit. Some of its security
directors claim they are still out of the loop on some of the agency's
latest intelligence on air security.

Johnson, the TSA spokesman, hinted that the agency's future is unclear.

"We've got a department-level organization now created for that sole
purpose [of fighting terrorism] and it only makes sense, where necessary,
to economize and coordinate," Johnson said. "There will always
be a need to provide the best aviation security possible at airports.
Whether it's under one flag or another, it really makes no
difference."
*******************************
Australian IT
Anti-spam Bill will be fast tracked
Karen Dearne
SEPTEMBER 09, 2003  
 
ANTI-SPAM legislation is being fast-forwarded by the Federal Government.
The Bill is expected before parliament within weeks.

Communications and IT Minister Richard Alston announced on July 23 that
electronic junk mail would be banned and fines imposed on local spammers.
Despite doubts about the practicality of banning spam, most of which
comes from the US, the legislation would be introduced in early October,
a spokesman for Senator Alston said yesterday. 

"The draft Bill has been ticked off by Cabinet, and consultations
with the Internet Industry Association and the Australian Direct
Marketing Association are largely completed," the spokesman said.

"There is still some fine-tuning to do, but we've received informal
indications from the Democrats and the Labor Party that they'll support
it." 

The spam ban is likely to be in place before Christmas, according to NOIE
online policy manager Lindsay Barton. 

Because of the urgency of the matter, consultations had been limited to
"Budget lock-up style half-day sessions" with invited parties,
Mr Barton told the University of NSW Cyberspace Law Centre Surveillance
and Privacy 2003 conference. 

Spamming was getting out of hand, and now accounted for more than 50 per
cent of emails sent worldwide, he said. 

"Legislation is the approach that will give people the least
immediate relief," he said. 

"Equally, it is the one that will allow us, in the long term, to get
back to the people who are spamming and tap them on the shoulder."

The proposed law will ban sending commercial emails without the
recipient's prior consent and ban the use of email harvesting or
list-generating software. 

The law will be enforced by the Australian Communications Authority under
new powers allowing it to impose civil sanctions, including financial
penalties. 

It would be about 18 months before applications that could seriously
tackle spam were developed for the global market, IIA chief executive
Peter Coroneos said. 

The importance of email in business would help the push for a solution,
although complete elimination of spam was unlikely, he said. 

The Federal Government's move to ban spam would have little direct affect
on Australia, because the volume of spam coming from servers under
Australian jurisdiction was small, Mr Coroneos said. 

Nevertheless, by enacting spam laws, Australia would have the
"credibility to go into world forums and argue that other countries
follow suit". 

The US constitution's first amendment, which guarantees free speech, was
proving a "stumbling block" in the war against spam, he said.

However, because spam was a global problem, all countries would be forced
to tackle it, he said. Even countries that were largely unregulated would
be forced to act in the long run.
*******************************
Federal Computer Week
Air Force forms IT-buying council
New group assists service's tech assessment
BY Frank Tiboni 
Sept. 8, 2003

The new Air Force Information Technology Commodity Council will help
change how the service buys and maintains hardware and software, Air
Force officials said.

In upcoming months, the service's group will study pricing, purchasing,
and supplier and technology trends so the Air Force can manage IT from
acquisition to operation  even to giveaway or destruction, officials
said.

Vendors "are radically reducing purchasing costs over and over
again, year after year," said Lt. Col. Thomas Gaylord, Air Force IT
Commodity Council deputy director, who spoke Aug. 26 at the Air Force IT
Conference in Montgomery, Ala. The service wants to do that, too, he
said.

Industry uses commodity councils to determine if it appropriately manages
goods and services. Members of the new Air Force group want to understand
what IT the Air Force owns and needs, said Larry Allen, executive vice
president of the Coalition for Government Procurement, a Washington,
D.C.-based industry group.

"The Air Force IT Commodity Council gets at [the question of,] 'Do
you have sound management of your assets?' " he said. 

The Defense Department and the services must clearly communicate where
and how they spend IT dollars, said Air Force chief information officer
John Gilligan.

This is especially true with the Air Force's proposed fiscal 2004 budget
of $6 billion, which is a 10 percent increase from fiscal 2003, Gilligan
said. The IT Commodity Council will determine where the service spends IT
money and what drives those purchases, he said.

The Air Force launched the council July 21, after five months of
planning, Gaylord said. Gilligan and Charles Williams, the service's head
of contracting, lead the new group.

The service requires standards for system architecture and IT purchasing,
Gaylord said, and the council fulfills the Air Force's needs.

"The Air Force IT Commodity Council is about how we acquire and
manage IT across the entire product life cycle  not just
acquisition," he said.

Government and industry should not acquire IT just so they can buy IT,
Allen said. They should purchase IT that easily fits into their existing
infrastructure  or with that in mind, he said.

"I look at the establishment of the Air Force IT Commodity Council
as a step to understand what IT the service uses and needs," Allen
said.

Congress wants DOD to better explain how it buys and manages information
technology, said John Stenbit, assistant secretary of Defense for
networks and information integration and CIO.

DOD will break its IT budget into two categories  warfighting and
business  beginning in 2005, Stenbit said. Congress considers IT to
be one group covering everything from spy plane radars and communications
satellites to payroll and accounting management systems.

The Air Force partitioned war-fighting and IT funding for fiscal 2004
because of Congress' perception that DOD was not spending its IT dollars
efficiently, Gilligan said. The service created a budget exhibit to
easily show where it will spend them, he said.

***

Tracking buys 

The new Air Force Information Technology Commodity Council will be based
at the Air Force's Standard Systems Group at Maxwell Air Force
Base-Gunter Annex, Ala. The new, 24-person group consists of 10 major
command representatives. Seven are from the standard systems group, six
are from the air staff and one is a functional representative. 

The group will study five topics to help the service transform its
hardware and software acquisitions.

Those topic areas are: 

Desktop/notebook PCs: How are they contracted, bought and maintained, and
how should the Air Force streamline their future purchases?

Pricing: How does the service acquire good products from reliable
companies at fair prices?

Acquisition: How does the Air Force start a consistent, servicewide
purchasing strategy?

Suppliers: Who are they? Whom does the service use? Whom should it
use?

Technology: What are the trends?

***

Who is the Air Force IT Commodity Council? 

The new, 24-person group consists of 10 major command representatives.
Seven are from the standard systems group, six are from the air staff and
one is a functional representative. 

Air Force major command leaders chose the 10 people to support the
service's functional and user requirements; standard systems group
personnel were selected for their functional, planning and technical
expertise; and the air staff and functional representatives were picked
for their communication and leadership abilities. 

The group meets periodically via face-to-face meetings, telephone
conference calls and video-conferencing. The Air Force portal also
includes a council Web site so representatives can discuss issues, post
documents and plan meetings.
*******************************
Federal Computer Week
Securing the homeland: One container at a time
Agencies face the Herculean task of ensuring that terrorists don't use
free trade as their next weapon
BY JUDI HASSON 
Sept. 8, 2003

Two years after the worst terrorist attacks against the United States,
many officials fear the next big attack could come by sea, not by
air.

That is why government officials want new ways to deal with homeland
security's biggest security gap: Six million container cargos destined
for domestic ports each year that carry everything from car parts to
Barbie dolls  and, potentially, weapons of mass
destruction.

On the second anniversary of the Sept. 11, 2001, attacks, officials are
still struggling to close the cargo loophole. The task is not easy and
the technology is not yet there.

With 90 percent of annual U.S. imports arriving by ship, it is a
Herculean task to track them and make sure terrorists do not smuggle a
weapon in a giant cargo box.

"No weapon is beyond the planning of terrorist groups, particularly
the al Qaeda network," Energy Secretary Spencer Abraham said last
month, announcing an agreement with the Dutch government to install
radioactivity detectors at Europe's largest seaport in Rotterdam,
Netherlands.

But that is only one small step in a worldwide hunt to identify high-risk
container cargos and keep them out of the United States. The Bush
administration has poured billions of dollars into airline security and
is now turning its attention to maritime security, said Transportation
Secretary Norman Mineta.

"There's no question?we didn't give [maritime security] as much
attention," Mineta said in August after touring the Port of
Savannah, Ga. "But now that aviation security is pretty well under
control, [federal agencies] are looking at port security."

The new focus comes not a moment too soon. Some intelligence experts say
terrorist groups may own as many as 15 ships. Others say terrorists could
disguise themselves as a freighter's crew and sneak into the United
States, carrying weapons to launch an attack.

To stop them, the federal government has provided $337 million in
security grants to the nation's ports and plans $105 million in
additional funds later this year. 

The money is being used for items including video cameras at ports,
enhanced computer systems and even dogs to help find contraband or
evidence that container cargos are being used for contraband. Handheld
radioactive detectors, much like those deployed in the Netherlands, also
have been bought, and inspections have been extended to trucks that
transport cargo after it reaches the United States.

But faced with developing far more sophisticated technologies that can
track containers, the government is earmarking far too little money for
the effort, critics say.

"There is a gaping hole in our national security, and it must be
fixed before enemies of the United States try to exploit our
weakness," Sen. Fritz Hollings (D-S.C.) said when he unsuccessfully
tried to increase maritime security funding.

"An airplane cannot approach the coastline of the United States of
America without us identifying it," he said, but "we cannot do
that with respect to shipping."

Sen. John Breaux (D-La.) agreed. "If I were a terrorist, I wouldn't
be targeting an airline next," he said. "I'd be targeting a
port where you could do significant damage."

The difficulty facing the United States and other countries is policing
the entire supply chain  and that means finding technologies to do
the job, said George Weise, former U.S. Customs Service commissioner and
now a vice president at Vastera Inc., a global trade solutions
company.

"Customs is looking at a needle in a haystack, and they are trying
to shrink the haystack," Weise said.

If a terrorist weapon is detonated at a U.S. port, it would wreak havoc
on global trade and the world economy in addition to any human
casualties, said Robert Bonner, commissioner of the Homeland Security
Department's Bureau of Customs and Border Protection. A 2002 Brookings
Institution study found that such an attack could cost up to $1
trillion.

"Information is one of the most important keys to our ability to
increase security without stifling legitimate trade and travel,"
Bonner said.

Good information, he added, allows authorities to target high-risk cargo
and scrutinize it. Cargo from a country known to harbor terrorists is
flagged, for example, and so are containers with suspicious
manifests.

"The separation of high risk from no risk is critical because
searching 100 percent of the cargo and people that enter the United
States would unnecessarily cripple the flow of legitimate trade and
travel to the United States," he said.

DHS has instituted strategies to tighten security. Ships bound for the
United States must provide a detailed cargo list 24 hours before loading
at the originating port, giving authorities a chance to scrutinize
databases for anything unusual.

In addition, all ships must provide 96 hours' advance notice of their
arrivals and detailed data on crew, passengers, cargo and voyage history.
The extra time enables DHS' new National Vessel Movement Center to spot
suspicious people, shipments or other anomalies using databases that
compile and compare information. 

The maritime industry supports the enhanced security measures despite an
estimated $1.25 billion price tag this year alone to upgrade security at
150 U.S. public ports.

"We think it's a very good idea to know what's coming into the port
well before it ever gets there," said Maureen Ellis, communications
director for the American Association of Port Authorities. "The
million dollar question is, 'Where's the money coming from to make these
changes?' We've gotten a bit of federal funds over the last year, but
only about 10 percent of what's going to be needed."

Companies are adopting their own stringent security systems, such as
using databases to detail their bills of lading and transmitting them to
customs officials. They may also seal containers before transit, earning
preferential treatment during shipping.

A bill of lading, which is issued by a carrier to a shipper, lists cargo
and specifies terms of delivery.

More than 20 countries have signed agreements with the United States to
institute border security procedures. They include stationing customs
agents at foreign ports and screening workers for criminal backgrounds.
The goal is to push the border as far as possible from the continental
United States.

But those are only the first steps. DHS and industry officials are
working to find an effective, low-cost way to deal with security
issues.

Imagine safe shipping lanes across the Atlantic and Pacific oceans, where
container cargo boats travel along an imaginary highway, tracked by
sensors and satellites. The satellites could detect if electronic seals
on containers are broken and the contents changed. Indeed, varied
technologies are emerging to help seal containers, including chemical
markers (see "Licking the virtual envelope," Page 22) and
sensors that signal if a seal has been broken. 

Even secret military technology is being considered to help keep out
terrorists. A device emitting an ultra-wideband digital signal 
classified until a few years ago  can be placed inside a container,
allowing a sensor to detect if security has been breached (see
"Ultra-wideband dealing in arms," below).

Since 1990, the Pentagon's Defense Advanced Research Projects Agency has
been heavily involved in developing technology for both airport baggage
checking and cargo entering U.S. ports, said director Anthony
Tether.

"The technology for doing it does exist," he said. "If we
wanted to do it, we could do it. The problem is that the technology
hasn't progressed to the point where we can do it fast enough. We bring
in 6 million containers  the real issue is, how do you pick out of
that 6 million which ones you are going to inspect
further?"

One idea developed by DARPA calls for using neutron bombardment to
pinpoint whether cargo has been shifted or anything has been added.
"It's all available, but it's not that it doesn't come at a
cost," Tether said.

It is a tough job, experts admit. The United States has more than 1,000
harbor channels, 361 ports and 3,700 terminals handling passengers and
cargo. The U.S. marine transportation system moves more than 2 billion
tons of domestic and international freight, transports 134 million
passengers by ferry and hosts more than 7 million cruise ship
passengers.

Securing ports will take a wide-ranging partnership that includes the
private sector. Major companies have already stepped up to the plate
because they want no interruption in the supply chain that would keep
their goods out of markets and cost them money.

Hewlett-Packard Co., for example, which imports and exports computers, is
working on its own systems to ensure that its cargo is secure, said Jim
Ganthier, director of HP's business development for homeland
security.

The goal is to integrate existing technologies and create new ones. The
company is testing an electronic system to make sure the bill of lading
matches a container's cargo by checking and rechecking manifests
electronically at various points along the journey.

"A lot of companies are getting together," Ganthier said.
"We are attempting to put the best and brightest minds [on the]
solutions. It is very doable. We're not very far away [from] taking
existing technologies and marrying them into end-to-end
solutions."
*******************************
Federal Computer Week
The science of security
DHS' Jane Alexander is on the trail of new technology
BY Judi Hasson 
Sept. 8, 2003

When Jane "Xan" Alexander was deputy director of the Defense
Advanced Research Projects Agency, she played a game of free association
to help scientists figure out what could be developed out of thin
air.

Suppose the rules of physics didn't apply and you could create anything
you wanted, she told her staff at a retreat. Come up with an invention
that would change the way the world works.

Out of that exercise came lots of improbable ideas, such as tapping tree
sap for fuel or putting plastic strips into a moving stream to capture
the turbulence for energy, Alexander said. But more importantly, that
exercise helped scientists develop new ways of thinking about old
problems.

Now deputy director of the new Homeland Security Advanced Research
Projects Agency (HSARPA), which will fund cutting-edge research, she is
ready to encourage out-of-the-box ideas and turn them into reality for
national security. 

But make no mistake about it, Alexander said. "No technologies are
100 percent perfect." 

Although developing technologies is difficult, her toughest issue is
establishing priorities. Should they be protecting the Internet or
physical assets? Fighting bioterrorism or dealing with hack attacks
against the nation's infrastructure? 

With a proposed fiscal 2004 budget of $800 million, HSARPA officials have
plenty of chances to experiment but no time to make mistakes as they seek
answers to the nation's security problems.

"Each region and city in the country has different
vulnerabilities," Alexander said. "They also have different
resources. In some towns, the firefighters and police can't talk to each
other. We know that. And we don't want to impose a single federal
solution."

Alexander is weighing all those issues as she hires a staff of program
managers, analysts, scientists and scholars who will each bring a
different expertise to the agency. She said she is looking for people
with a diversity of life experiences and talents because "we all
have our blind spots."

Most of the people Alexander would like to hire already have jobs; the
trick is to encourage them to try something different. So far, she's
hired six people, and she is looking for more: experts with track records
at small and large companies and experiences at places such as the
Pentagon and Energy Department. 

Alexander's work as a physicist, scientist and nurturer of new ideas
leaves her well-positioned to be the deputy director of a research agency
charged with developing technologies to fight the 21st century's threats
at home.

At a recent gathering sponsored by the Information Technology Association
of America in California, she said the biggest difference between DARPA
and HSARPA is the time frame, according to the association's president,
Harris Miller.

"With DARPA, it was almost required that money they spent had to be
for things with a long-term path," Miller said. "With HSARPA,
the mission is more immediate and on a much shorter time frame. She made
it clear she is looking for projects that pay off in six to 12
months," Miller said.

Anthony Tether, DARPA's director, said Alexander was a remarkable
colleague. Although her expertise was in physics, she became an expert on
bioterrorism for the agency long before the Sept. 11, 2001, terrorist
attacks heightened the possibility that enemies of the United States
might use biological, chemical and nuclear weapons. "It was all put
together by her, and she did an excellent job," Tether
said.

But even a brainy scientist has her weaknesses. Alexander's is
remembering what hand beats out another in poker. Tether recalled that
she always had to write down whether two pairs of eights beat one pair of
tens, and "you could see her trying to figure it 
out."

Alexander, 45, knows exactly where she is going. A second-generation
scientist, she has a great role model in her mother, Nancy Jane, a
mathematician and computer scientist who helped develop the A-bomb at Oak
Ridge National Laboratory in Tennessee.

Alexander brings to her job an illustrious academic background from the
Massachusetts Institute of Technology and Stanford University. As a Ph.D.
candidate in physics at MIT, her thesis was on superconductivity, an area
so specialized she just laughs when asked to explain it.

Alexander also has practical experience. At the Office of Naval Research,
she was executive director for science and technology. But first she was
DARPA's deputy director, responsible for managing the agency's
high-payoff, innovative research and development projects.

Although DARPA's research budget was $2.5 billion a year, she recalled,
"when I was at DARPA, we had many more good ideas than money."

She has always been focused, her friends and colleagues say. But now she
is like a laser heading straight for the target. Now her mandate is
clear: Find the ideas, develop them and make them work.

***

The Jane Alexander file 

Personal: Alexander, "Xan" for short, is 45.

Education: Ph.D. in physics from the Massachusetts Institute of
Technology; B.S. in physics from Stanford University.

Awards: Received the Arthur S. Flemming award honoring the top 10 federal
employees under age 40 in 1994. In 1998, received the Secretary of
Defense Medal for Outstanding Public Service. In 2001, received the
Defense Department's Distinguished Medal for Civilian Service.

Hobbies: Likes to travel. Has repeatedly postponed a trip to Utah because
of work. She used to read science fiction, but she has become a fan of
mysteries.
*******************************
Government Computer News
09/08/03 
GSA to roll out smart cards in 2004 
By Jason Miller 

The General Services Administration today hired BearingPoint Inc. of
McLean, Va., to provide 14,000 smart cards to agency employees by the
beginning of next year. 

GSA awarded the $1.35 million contract through the Smart Access Common ID
indefinite-delivery, indefinite-quantity contract. 

BearingPoint also will provide entrance readers and visitor
identification validation systems at selected facilities across the
country. GSA said the contract eventually will expand to include ID cards
for all GSA contractors. 

Employees will use the cards to access their building. GSA said the
cards, which meet governmentwide interoperability standards, will contain
identifying information about the employee, such as a personal ID number
and biometric fingerprint data, on a microchip, and include
anticounterfeit protection, such as holographs and microprinting.

?I am certain [that] by upgrading our access systems, we will improve the
security environment not only for the federal community, but also for
visitors to our facilities every day,? GSA administrator Stephen Perry
said. 

GSA and the Homeland Security Department collaborated to develop the new
GSA card.
*******************************
Government Computer News
09/08/03 
Veterans Affairs CTO Perry retires 
By Mary Mosquera 

Frank Perry, Veterans Affairs Department chief technology officer,
retired as of Friday, a VA spokesman said today. Perry led the
development of the One-VA enterprise architecture and spearheaded the
consolidation of functions, data and processes historically duplicated
within vertical lines of business, the spokesman said. He had held the
CTO position since December 2001. 

As the senior technical leader in the Office of Information and
Technology, Perry was responsible for integration of architecture,
engineering and development activities across all information technology
projects and initiatives, including telecommunications and cybersecurity.

Perry worked with former VA CIO John Gauss on enterprise architecture
both at the VA and in the military prior to that. Perry was former
technical director for the Navy?s Space and Naval Warfare Systems
Command, where he oversaw integration of all Navy command, control,
communications, computers, intelligence, surveillance and reconnaissance
information processing application development activities, networking
activities, and information transport activities across the command.

Perry also was a principal in three start-ups over nearly 10 years. He
received a bachelor of science degree from Pennsylvania State University
and a master?s and Ph.D. in electronic engineering from the Naval
Postgraduate School.
*******************************
Government Computer News
09/08/03 
Homeland research agency gets its first director 
By Wilson P. Dizard III 

David Bolka, a scientist, technology manager and Navy veteran, has been
named to be the first director of the Homeland Security Advanced Research
Projects Agency. 

Congress created HSARPA in the Homeland Security Act of 2002 to function
as the external research funding arm of the Homeland Security Department.

The House Homeland Security Appropriations Subcommittee boosted the
budget for the Science and Technology Directorate, which includes HSARPA,
to $900 million in preliminary action this summer, but the final budget
has not been approved. The Bush administration had requested $97 million
less for the directorate. (Click for June 23 GCN story) 

Bolka worked for Lucent Technologies as vice president of special
projects, vice president of utility solutions, director of first office
applications and radio performance, and product director of utility
billing. In the latter job, he worked in the areas of billing systems and
wireless software systems as well as hardware platforms, DHS said. He has
also worked for AT&T Corp.?s Bell Laboratories and the Naval Sea
Systems Command as a major project manager for submarine combat systems.
Bolka retired from the Navy in 1986 after a 26-year career there.

He will report to Charles McQueary, undersecretary for science and
technology at DHS. 

Bolka holds undergraduate and postgraduate degrees in marine geophysics
from the Massachusetts Institute of Technology and a doctorate in
engineering acoustics from Pennsylvania State University.
*******************************
USA Today
Judge rejects lawsuit against pop-up ads
September 8, 2003

ALEXANDRIA, Va. (AP)  Online pop-up ads do not violate trademark
laws even if they cover up or appear alongside unaffiliated Web sites,
including those of rivals, a federal judge has ruled. 
U.S. District Judge Gerald Bruce Lee also placed some of the
responsibility for those ads on computer users, saying they voluntarily
agree to them, even if they do so unwittingly. 

Lee's 19-page ruling Friday came in a lawsuit filed last year by the
U-Haul Trucking company against WhenU.com, a company blamed for some of
the pop-ups. Though Lee had dismissed the bulk of U-Haul's case in June,
he did not issue his rationale until now. 

WhenU provides users with free software like games and screen savers. The
software comes with a separate program, SaveNow, that tracks Web traffic
and matches a user's surfing habits with particular advertisers. So a
person who visits the U-Haul site could theoretically receive a pop-up ad
from competitor Ryder. 

U-Haul argued that WhenU violated its trademarks because the ads appeared
when Internet users visit U-Haul's site, potentially creating confusion.

In dismissing those claims, Lee wrote that the pop-up ads open "in a
WhenU-branded window that is separate and distinct from the window in
which the U-Haul Web site appears." 

Lee also rejected U-Haul's arguments based on copyright and other laws.

He added that users ultimately agree to such ads when they accept WhenU's
licensing agreement, though critics say few people bother to read such
agreements when they download and install free software. 

"Alas, we computer users must endure pop-up advertising along with
her ugly brother unsolicited bulk email, 'spam,' as a burden of using the
Internet," Lee wrote. 

Avi Naider, chief executive for New York-based WhenU, said he believed
Lee's ruling will set a precedent for other judges reviewing the issue.
WhenU is still a defendant in several similar lawsuits. 

"The Internet's evolution as a comparative shopping technology is
dependent on these types of technology," Naider said. 

U-Haul is considering an appeal, said company spokesman Tom Prefling.

"We believe Web site owners have the right to display their Web
sites without having their sites hidden by invasive advertisements,"
he said. 

Earlier this year, the nation's largest news publishers reached a
settlement in a lawsuit over similar ads distributed by Gator. The
settlement came after a different federal judge in Alexandria granted a
preliminary injunction ordering Gator to stop delivering pop-up ads at
the sites run by those companies. 
*******************************