Clips October 10, 2003

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips October 10, 2003

ARTICLES

Snoop Software Gains Power and Raises Privacy Concerns
Threat of lawsuit passes for student [DMCA]
Student Charged With Hacking Stock Account 
Parents sue school district for Wi-Fi use
Homeland Security asks industry for border security 
?vision? 
FDA sets new rules to avert bioterror 
FBI to open five computer crime labs 
FDA sets new rules to avert bioterror 
Biometrics offices get new leaders 
Nine British government agencies to test open-source software
To Russia, with Linux

*******************************
New York Times
October 10, 2003
Snoop Software Gains Power and Raises Privacy Concerns
By JOHN SCHWARTZ

Earlier this year, Rick Eaton did something unusual in the world of high technology: he made his product weaker.

Mr. Eaton is the founder of TrueActive, which makes a computer program that buyers can install on a target computer and monitor everything that the machine's user does on the PC.

Spying with software has been around for several years but Mr. Eaton decided that one new feature in his program crossed a line between monitoring and snooping.

That feature is called "silent deploy," which allows the buyer to place the program on someone else's computer secretly via e-mail, without having physical access to the machine. To Mr. Eaton, that constituted an invitation to install unethical and even illegal wiretaps. He made the change, he said, "so we could live with ourselves."

Such principles seem almost quaint in a market where the products seem to grow more powerful and intrusive all the time. Other makers of "snoopware"  as opposed to the software known as "spyware" that many businesses use to monitor the activities of Web site visitors and to send them pop-up ads  enthusiastically pitch their products' ability to be installed remotely. They typically skirt the ethical and legal issues with fig-leaf disclaimers and check-off boxes where buyers promise not to violate the law.

Privacy experts are not buying such arguments. Marc Rotenberg, who heads the Electronic Privacy Information Center in Washington, contended that selling software that can tap people's communications without their knowledge violated the Electronic Communications Privacy Act. "I don't think there's any question that they are violating the federal law," he said. The disclaimers, he said, "fail the straight-face test."

Law enforcement officials seem to agree. According to Chris Johnson, a federal prosecutor in Los Angeles, the F.B.I. recently began an investigation in California into the maker of one program, LoverSpy, that advertises heavily via junk e-mail, or spam.

LoverSpy promises to let buyers "Spy on anyone by sending them an e-mail greeting card!" Federal officials note that federal laws on wiretapping make it illegal even to advertise illegal wiretap products  and a little-noted change to the law last year expanded its scope explicitly to include advertising on the Internet.

There are more than a dozen snooping programs on the market, and their makers say they are used legally by employers to monitor workers' Internet use, by parents to follow their children's online wanderings, and by husbands and wives to catch cheating mates.

Mr. Eaton's program has even been used by the F.B.I., with approval of the courts, to capture hackers. The programs include "key loggers" that capture keystrokes, and can record what's onscreen, even turn on a computer's Webcam so that the user can sneak a peek at the target  and get the information and images back via the Internet.

"You don't have to be an F.B.I. agent or a computer genius to use this stuff," said Richard Smith, a privacy and security expert who is concerned about the rise of the products. "You just point and click." 

And so a new market has emerged: criminals are using such programs on public computer terminals at copy shops and libraries to harvest credit card numbers, computer passwords and personal financial information. A New York man, Juju Jiang, recently pleaded guilty to planting monitoring software on computers at branches of Kinko's.

In a case filed yesterday, federal prosecutors in Boston accused a 19-year-old college student, Van Dinh, of using a keystroke-logging program to capture the investment account password of a man in Westboro, Mass. Prosecutors say Mr. Dinh then used the victim's account to unload stock options that Mr. Dinh owned and that would otherwise have caused him a large loss. 

Last year the Secret Service warned colleges and universities that key-logger systems had been found on public computers in schools in Arizona, Texas, Florida and California. And earlier this year a former Boston College student, Douglas Boudreau, pleaded guilty to charges that he had installed key-loggers on machines at the school to create student ID and debit cards that allowed him to steal about $2,000 worth of goods and services.

"Anybody who routinely uses a computer that isn't their own ought to be thinking, `who's looking over my shoulder?' " said Ross Stapleton-Gray, a computer consultant who has worked for the University of California system.

Jerry Brady, the chief technical officer of Guardent, a computer security firm, said, "You can assume that most hotel and airport lounge computers have had keystroke loggers installed at one time or another," whether because of commercial snoopware or key-loggers installed by viruses and worms.

Little wonder, then, that a mini-industry has grown up to detect and defuse the programs. Software with names like TrapWare and NetCop are designed specifically to combat monitoring programs, but the most recent versions of more traditional computer security products like Norton Antivirus from Symantec and McAfee VirusScan from Network Associates have been upgraded to search for digital snoops as well. Finding snoopware is "a logical extension to what antivirus software is already doing," said Tom Powledge of Symantec.

The companies that say they make products for legitimate uses bristle at the suggestion that their products are used illegally, except in a few exceptional cases.

Doug Fowler, the president of Spectorsoft, makes three snooping programs, including eBlaster, which can be installed remotely. He said the product was used legitimately by parents whose children were away at school, and by companies with far-flung field offices. The product can be used for nefarious purposes, he admits, but he added: "A car can run somebody over. That doesn't mean you design a car to run over somebody."

He says he has no respect for the company that puts out LoverSpy and advertises its remote-spying abilities online. "Lines have to be drawn somewhere in this world," he said.

The creators and marketers of LoverSpy, who were traced through Internet registries and comments they have made in online discussions, did not respond to over a dozen phone calls and e-mail messages.

Mr. Eaton, the TrueActive founder, said that while he had worked closely with law enforcement, the decision to hamstring his program, which is called WinWhatWhere, was not based on worries about possible liability. "It was an ethical problem," he said. Mr. Eaton also noted that the feature demanded a disproportionate amount of attention from his technical support staff.

His company, he said, will "actively help anyone that thinks or has found our software illegally installed." Besides, he added, "this kind of program has a bad enough reputation without this kind of stuff."

One executive of a computer security company said that the situation was getting worse. "We're definitely seeing quite the ramp-up in the number, and the sophistication, and the malicious intent of monitoring software in recent months," said Bryson Gordon, the senior product manager for the McAfee consumer security division and the company's chief spam prevention officer.

But at least one program, he said, may not pose a real threat  of spying, at least. Mr. Gordon said that his company's security researchers, working with the Justice Department, were unable to find any actual working software that could be downloaded from the LoverSpy site after paying the fee.

He seemed less than stunned by the notion that a product advertised via spam might not be all that it was claimed to be. "You can't be all that surprised," he said.
*******************************
Princetonian Online
Threat of lawsuit passes for student
SunnComm backs down from lawsuit against a computer science grad student
Josh Brodie, Staff Writer
October 10, 2003

    SunnComm Technologies, Inc. announced yesterday morning it would sue first-year graduate student John Halderman over his recent critique of the company's new CD copy-protection method, but by the end of the day SunnComm president and CEO Peter Jacobs said he changed his mind.

    Jacobs said in an interview late last night that a successful lawsuit would do little to reverse the damage done by the paper Halderman published Monday about his research, and any suit would likely hurt the research community by making computer scientists think twice about researching copy-protection technology.

    "I don't want to be the guy that creates any kind of chilling effect on research," Jacobs said.

    SunnComm plans to make that announcement this morning.

    Halderman's paper hit SunnComm hard. Since Monday its stock value has dropped $10 million  one-third of the company's total worth.

    "I just thought about it and decided it was more important not to be one of those people. The harm's been done . . . if I can't accomplish anything [with a lawsuit] I don't want to leave a wake," he said.

    In the increasingly bitter wars between those advocating stronger anti-piracy protections and those who favor less stringent copyright enforcement, the decision against legal action represents one of a precious few instances of companies looking past their bottom line.

    "I think it's a sensible decision given the situation, given that what [Halderman] was doing was perfectly legitimate," said computer science professor Edward Felten. "[Jacobs is] to be commended for not wanting to interfere with research."

    Felten and some of his colleagues had been in a similar situation in 2001 when the Recording Industry Association of America  the same group that sued Dan Peng '05 last semester for running a campus file-sharing website  strongly urged the research group not to publish their work on another copy-protection technology.

    The RIAA said publishing the work would violate the Digital Millennium Copyright Act.

    SunnComm's press release threatened to use the same law against Halderman.

    SunnComm had also initiatially decided to sue Halderman because the company thought he had unfairly critiqued their product after misunderstanding their intent in designing it. Throughout its development, the company's software, MediaMax, was designed to be a step toward curbing casual copying rather than a silver bullet, Jacobs said.

    However, Halderman claimed the company's allegations of "incredible security" were overstated. As he pointed out, the system would not have worked on any computer where autorun  the feature in Microsoft Windows that automatically launches a program when a CD is inserted  was disabled.

    When The Daily Princetonian informed Halderman that the suit was not going to proceed, he was relieved.

    "I think that's a horrible precedent," he said. "A large amount of security research is critiques of existing security systems . . . The worst thing in the world is a false sense of security."

    Last November Halderman said he was concerned about presenting his junior paper research to an audience of scientists for fear of being sued under the DMCA. He said at the time the existence of the DMCA forced him to carefully word his research so as to avoid a lawsuit.

    Halderman plans to continue his research toward a doctorate and hopes to pursue a career in computer security afterwards.

    Even before Halderman published his paper, SunnComm had planned to release a new version of its software that addresses many of the same concerns Halderman raised.

    "I don't want to be the people my parents warned me to stay away from," said Jacobs of his decision. "It's 10 million bucks, but maybe I can make it back, and maybe [Halderman] can learn a little bit more about our technology so as not to call it brain dead."
*******************************
Washington Post
Student Charged With Hacking Stock Account 
By Carrie Johnson and Mike Musgrove
Washington Post Staff Writers
Friday, October 10, 2003; Page A01 

A college student was arrested yesterday on charges of hacking into someone else's online brokerage account and sticking him with an investment loss of more than $40,000 after the student obtained password information with surreptitiously installed software that recorded the investor's computer keystrokes.

According to federal prosecutors and the Securities and Exchange Commission, Drexel University student Van T. Dinh, 19, lured victims to a Web site with a request for help in testing software he had written that tracked stock price moves. But, officials said, the program was really a subterfuge that installed a program called the Beast, which, when downloaded onto a computer, can track every character the user types and relay them to a hacker.

Yesterday's announcement by authorities in Washington and Massachusetts -- a story that combines identity theft, computer hacking and securities fraud -- is the latest cautionary tale for consumers and investors in the electronic marketplace.

In recent years, especially as the economy boomed in the late 1990s, millions of people flocked online to buy and sell stock. There were more than 20 million online trading accounts in the United States as of Dec. 31, 2002, according to the research firm Gomez Inc.

Investigators were alerted to the situation by the Westborough, Mass., victim in July. They said they traced electronic footprints, including trading records, banking data and Internet protocol addresses, which led them to Dinh. They said that Dinh, in taking so many steps to disguise his identity, inadvertently left a detailed trail of evidence.

"The more elaborate the scheme, the easier it is to catch the bad guy," said John Reed Stark, chief of the SEC's office of Internet enforcement. The unit has brought 425 Internet-related securities cases since 1995, but most involved insider trading or falsely touting stocks, Stark said. 

"In all my years here, I've never seen a case like this," he said.

Massachusetts U.S. Attorney Michael J. Sullivan said the case should warn consumers that installing programs obtained from people they do not know is like "opening the front door of their house to a stranger."

Prosecutors charged Dinh with securities fraud, mail and wire fraud, and causing damage in connection with unauthorized access to a computer. The fraud counts carry maximum penalties of 20 years in prison, and the computer counts carry a maximum penalty of 10 years. After an initial appearance in a federal court in Philadelphia early yesterday afternoon, Dinh was released on $50,000 bond and was ordered to remain at his Phoenixville, Pa., home until another court proceeding next Wednesday. His federal public defender declined to comment yesterday, and messages left at his home were not answered.

Dinh, a first-year business administration major, lived with his parents in a house with multiple computers and a high-speed Internet connection, sources familiar with the case said.

The trouble began when Dinh paid $10 each for 9,100 "put" option contracts on shares of Cisco Systems Inc. in June 2003, according to the SEC. Each contract guaranteed Dinh the right to sell 100 shares of Cisco stock at $15 apiece, if the price fell to $15 or less by July 19, 2003. Dinh paid $91,200 for the contracts, court papers said. In essence, Dinh was betting that Cisco's stock price would fall, in what prosecutors called a "highly speculative but potentially very lucrative gamble."

By early July, Cisco's stock price was well above $15, which meant Dinh could have lost all of his $91,200 investment. On July 7, Dinh allegedly sent e-mail messages to people in an electronic forum on the Web site StockCharts.com. Using an alias, Dinh asked traders whether they maintained their own Web sites, gathering responses from people including the Massachusetts victim, who responded using a personal e-mail address.

The next day, Dinh allegedly sent another e-mail message to traders who responded to his July 7 inquiry. Using a different alias, Dinh invited the traders to take part in a "beta test" of a new stock analysis tool and provided a link to the software that people could download. In fact, investigators said, that link contained a "Trojan horse" program that enabled Dinh to obtain log-on information and the password of the victim's TD Waterhouse online account.

Such keystroke-surveillance programs, which record what characters are typed, are widely available. Many companies purchase similar programs to keep tabs on what their employees are doing online.

"We've got tons of copies of the Beast. It's a very popular underground program," said Ken Dunham, director of malicious code for iDefense Inc., a Reston-based computer security firm. "It doesn't take a rocket scientist to create and deploy a new Trojan."

The victim downloaded the "tool," but it did not work as advertised, causing his computer to lock up momentarily and making him suspicious, the SEC's Stark said.

On July 11, Dinh used the victim's electronic-trading account to place buy orders for his Cisco options, avoiding about $37,000 in losses, according to court papers. The move, and the accompanying fees, essentially wiped out the victim's account. The victim noticed and within a few days complained to the SEC, agency officials said.

Dinh allegedly used the services of Lockdown Corp., which helps subscribers hide their identities from people who receive their e-mail messages. Lockdown records reviewed by investigators showed that the electronic communications he allegedly sent bounced around the world, from the United States to Australia with stops in Ireland and Germany.

Officials said they were able to unravel the connections within a few weeks, with cooperation from TD Waterhouse, where the victim's account was based, and Cybertrader.com, which housed one of Dinh's accounts.

Dinh traveled to Washington in early August to meet with SEC lawyers, where he invoked his Fifth Amendment right against self-incrimination. But he also turned over two notebooks of information, including e-mail addresses that contained two aliases he had allegedly used to deceive unwitting stock traders, according to court papers.

"It's regrettable that an individual's personal computer was hacked and that information was stolen," TD Waterhouse said in a prepared statement. "The TD Waterhouse system was not compromised and remains safe and secure for our customers."

Computer security experts said the Dinh case reflects no deep problems with the way online banking systems are set up, but rather more mundane vulnerabilities in the habits and practices of individual users of the accounts.

"That's a tweak on this attack that hasn't been done before," Bruce Schneier, founder and chief technology officer of Counterpane Internet Security, said when told of Dinh's alleged scheme. "But if he was smart, it would've been way more devastating."

Susan M. Kuhn, a management consultant in Kensington, said that horror stories about malicious programs and viruses have made her cautious when she uses the Web.

"I just don't take any chances anymore. I'm even reluctant to visit a Web site just to download something. I certainly would never open any file that is unsolicited," she said. "It's damaged the potential of the Internet. With this level of risk out there, the initial promise of freedom on the Internet is just not there, as far as I'm concerned."

Researcher Richard S. Drezen contributed to this report
*******************************
CNET News.com
Parents sue school district for Wi-Fi use
Last modified: October 9, 2003, 2:39 PM PDT
By Richard Shim 

Parents of students who attend an Illinois school district are suing over the use of Wi-Fi technology in classrooms, alleging that exposure to the low-level radio waves may be damaging to students' health. 

The plaintiffs, including students and parents, filed their suit Sept. 26 with the circuit court of Cook County, Illinois, against the Oak Park Elementary School District 97 and several administrators in the district. The defendants received their summons Wednesday, according to a representative for the district. 

According to the complaint, the district, its board and its superintendent have implemented Wi-Fi wireless networking technology in classrooms, ignoring evidence that electromagnetic radiation from Wi-Fi networks poses health risks, particularly to growing children. 

"We've been trying to raise the issue with the school district for almost two years," said Ron Baiman, whose children are among the plaintiffs. "We aren't seeking any monetary awards; we're seeking a moratorium until use of the technology has been proven to be safe." 

The school district has determined that it is following all safety regulations and that there is no hard evidence that suggests wireless technology is dangerous, according to Gail Crantz, director of public relations for District 97. The district has been using Wi-Fi technology since 1999, as have some of the high schools in neighboring districts and some hospitals in the community. 

Use of Wi-Fi has increased dramatically as prices for wireless equipment have fallen and as the process of setting up the networks has become easier. Market research company Pyramid Research estimates the number of individuals who use Wi-Fi will grow from 12 million in 2003 to 707 million by 2008. Network operators are also expected to install more than 55,000 new hot spots in the United States over the next five years, adding to the 4,200 locations in place as of the end of 2002, according to researcher IDC. 

Radiation has been a concern with other wireless technologies, such as cellular networks, but safety issues haven't gotten to levels where consumers have stopped using devices. 

"The safety of our staff and students is our No. 1 priority," Crantz said. "There is no information to the contrary about the safety of the technology; there is a plethora of information--but nothing conclusive." 

Baiman added that he wanted the school district to send parents a notice informing them that Wi-Fi technology was being used in the schools and that if they wanted they could have their children removed from classrooms when it was used. 

"Most of it is a convenience issue, and it isn't a critical tool for educating kids," Baiman said. "There are alternatives they can use. It's just cheaper to use it." 

The technology gives the schools flexibility in terms of administrative tasks and educating students, according to Crantz. 

"Could we run a school without electricity or wireless?" Crantz asked. "Yes, but it wouldn't be the most efficient way of running a school district."
*******************************
USA Today
Missouri AG files lawsuits under new anti-spam law
Posted 10/9/2003 7:17 PM

ST. LOUIS (AP)  Missouri Attorney General Jay Nixon filed two lawsuits Thursday claiming violations of Missouri's new law aimed at curbing unsolicited commercial e-mail, the first such suits since the law became effective Aug. 28. 
The suits filed in St. Louis Circuit Court seek injunctions to prevent both defendants from further violations, as well as civil penalties of up to $5,000 for each violation. 

The so-called anti-spam law requires commercial e-mail to be labeled with the phrase "ADV:" in the first four characters of the subject line, or "ADV:ADLT" if the message contains adult material. The law also makes it illegal to send unsolicited commercial e-mail to Missourians who have asked that it not be sent to them. 

"Spam is the unwanted cyber-salesman with its foot in your e-mail door," Nixon said. "These lawsuits to enforce Missouri's new law are a way to close that door." 

One lawsuit names Phillip Nixon of Palm Beach, Fla. The suit claims Nixon (no relation to Jay Nixon) sent at least five unsolicited e-mails soliciting the sale of an architectural plan to the e-mail address nospam@xxxxxxxxx, which is maintained by the attorney general's office. 

Jay Nixon said the message was not labeled as required, and continued to be sent even after reply messages asked that they be stopped. 

"That e-mail address should have been his first clue to not send spam," Jay Nixon said. 

The second suit was against Fundetective.com of Boca Raton, Fla. Nixon said the company sent several spam messages advertising payday loans and other services. None of the e-mails were labeled as required, Nixon said. 

"Spam is the number one complaint my office receives from small businesses, where employees typically have to spend several minutes each day cleaning out their mailboxes from ads for lower mortgage rates, cheaper prescription drugs and quack health remedies," Nixon said. 

The law is far weaker than Nixon's original proposal for a state-run anti-spam list similar to the popular no-call list for telemarketers. 
*******************************
Government Executive
October 9, 2003 
Homeland Security asks industry for border security 
?vision? 
By Shane Harris 
sharris@xxxxxxxxxxx 

Homeland Security Department officials want the private sector to take the lead in developing and implementing a plan to track the 300 million foreign nationals who visit the United States each year. 

Immigration and border security laws passed in reaction to the Sept. 11 terrorist attacks require that by the end of 2005, the identities of all foreign nationals must be verified whenever they enter or leave the country. By the end of this year, all visitors must submit copies of their fingerprints to the Homeland Security Department. The prints will be logged into a database and used to identify the visitors on any return trips. 


One of the nation?s most ambitious security initiatives, US VISIT, will be designed and implemented by contractors, because Homeland Security officials are burdened with larger tasks, such as merging the department?s component agencies.


?We need your best advice, because frankly, the department is struggling to maintain its current business objectives,? Scott Hastings, the chief information officer of the department?s immigration enforcement bureau, told a gathering of technology executives in Northern Virginia Thursday. 


That advice will come in the form of bids companies will likely submit next year, after the government issues a formal request for proposals. Officials said they wanted proposals to be neutral, not favored towards particular companies or the technologies they sell, adding that the department wasn?t above using ideas in the proposals without selecting the company that crafted them. 


?We?re trying to get [your ideas] for nothing,? Hastings told the crowd. ?It really is a model for how the department will run.? 


Jim Williams, a former Internal Revenue Service procurement chief who is leading the VISIT program, characterized the plan as a cornerstone of the Bush administration?s counterterrorism strategy. Noting that two of the Sept. 11 hijackers were in the United States with expired visas, Williams said VISIT would have to be designed to find the ?needle in the haystack? that represents a potential security risk. 


According to the government, 42 million foreigners and permanent residents entered the country through airports and seaports in fiscal 2002. Nearly six times that number, about 238 million, arrived at land border crossings. 


Those land crossings present security officials, and the government?s eventual contractor, with their biggest challenge. Critics of US VISIT have said commerce could be effectively halted if vehicles bearing goods are held up because of a lengthy security check. Ultimately, US VISIT will have to process every visitor in a matter of seconds to prevent huge traffic jams at the Canadian and Mexican borders. 


Williams said he wants a prospective contractor to ?re-write? the government?s current set of immigration practices so that the flow of goods and people isn?t hindered. Contractors should also submit proposals on how to inspect visitors beyond U.S. ports of entry, Hastings said. 


Officials want to ?discover people that are of interest to us? before they enter the country, whenever possible, and will have to enlist the support of foreign governments and State Department consular offices to do so, Hastings said. 


Bidding companies would be asked to submit a ?vision? for the program, which would build on technologies and practices in place now, Williams said. However, the funds to pay for the near term work are limited. VISIT received only $330 million for the current fiscal year, and that figure includes money for administrative costs. Williams said he?s ?comfortable? with the amount proposed for fiscal 2005, but he wouldn?t reveal the figure, since the president has yet to submit the budget. 


Meanwhile, the field of competitors for the project has narrowed to three teams. Lockheed Martin Corp. is leading a group consisting of consulting firm Booz Allen Hamilton and IBM Corp. Another consulting firm, Accenture, leads a team that includes Dell Computer Corp. and military contractor Raytheon. And Computer Science Corp. rounds out the field with partners Electronic Data Systems Corp. and a division of Northrop Grumman. Bechtel Corp., which is currently the government?s main contractor for the rebuilding of post-war Iraq, is also part of the team.
*******************************
Government Computer News
10/10/03 
FDA sets new rules to avert bioterror 
By Mary Mosquera 

Starting Dec. 12, food importers must give advance online notification to the Food and Drug Administration of shipments entering U.S. borders. FDA also will require registration of all domestic and foreign food facilities to tighten security around the nation?s food supply. 

The new regulations let the agency quickly identify the processors in case of deliberate or accidental food contamination, Health and Human Services secretary Tommy Thompson said yesterday. FDA is an agency of HHS, which published the rules in today?s Federal Register. 

?We are providing critical new tools for FDA to identify potentially dangerous foods and better keep our food supply safe and secure,? Thompson said. They cover all facilities that process, pack or hold food for human or animal consumption. 

The regulations activate key provisions of the 2002 Public Health Security and Bioterrorism Preparedness and Response Act, which gave FDA new authority to protect the nation's food supply against actual or threatened terrorist acts and other food-related emergencies. 

Food importers must notify FDA of shipments two to eight hours before their shipments arrive, depending on truck, rail or air arrival, and must receive electronic confirmation before unloading. The notification times could be reduced in the future as FDA and the Customs and Border Protection Bureau better coordinate their border management activities. 

The advance notification to FDA must be submitted through Customs' existing Automated Broker Interface/Automated Commercial System. FDA will operate a new Prior Notice System Interface to receive the notifications. It expects to receive about 25,000 notices of incoming shipments each day. 

?Using the electronic data under these regulations and a sophisticated automated targeting system, CBP and FDA will be working side by side to make joint decisions about food shipments that could pose a potential threat to the United States,? Customs and Border Protection commissioner Robert Bonner said. Food facilities can register with FDA via the Internet, surface mail or fax beginning Oct. 16. The agency expects about 420,000 registrations.
*******************************
Government Computer News
10/09/03 
FBI to open five computer crime labs 
By Wilson P. Dizard III 

The FBI plans to open five new Regional Computer Forensics Laboratories by the end of 2004. The labs in Buffalo, N.Y.; Houston; Newark, N.J.; Portland, Ore.; and Salt Lake City will be added to four existing computer crime labs around the country. 

The FBI cooperates with local law enforcement agencies to create and operate the labs. Local agencies provide computer specialists to serve as examiners, while the bureau provides training, advisory and advanced forensic services, the FBI said in an announcement yesterday. 

According to a statement by FBI director Robert S. Mueller III, the labs have helped secure convictions of child pornographers, petty thieves, stalkers, murderers and white-collar criminals. The first regional lab opened in San Diego in 1999, and was followed by additional facilities in Dallas; Kansas City, Mo.; and Chicago. 

Computer crime lab workers collect digital evidence at crime scenes, examine it and testify in trials as needed. According to the Regional Computer Forensics Laboratory Web site, www.nationalrcfl.org, a typical computer crime lab consists of 12 examiners and three support workers. 

FBI personnel were not available to discuss the systems used at a computer crime lab.

Announcement http://www.nationalrcfl.org/92.shtm
Link to web page http://www.nationalrcfl.org/
*******************************
Government Computer News
Biometrics offices get new leaders 
By Dawn S. Onley 

Two military biometrics operations are undergoing leadership changes. 

John D. Woodward Jr. is the new director of the Defense Department?s Biometrics Management Office, succeeding Linda S. Dean, who retired Sept. 30. 

The Army also plans to appoint a new civil-service director for the DOD Biometrics Fusion Center in Bridgeport, W.Va., according to a Defense news release. The center tests and evaluates biometric technologies. 

?The DOD Biometrics Program has made impressive strides toward institutionalizing biometrics within key DOD communities,? said David Borland, chairman of the DOD Biometrics Senior Coordinating Group. 

Woodward was hired from RAND Corp., a public policy research organization where he worked as a senior policy analyst on national security, intelligence and technology policy issues. Before joining Rand, Woodward was an operations officer for the CIA. 

He has testified about biometrics before Congress and also wrote a book, Biometrics: Identity Assurance in the Information Age.
*******************************
Computerworld
Nine British government agencies to test open-source software
The software being evaluated includes Linux 
Story by Todd R. Weiss 

OCTOBER 09, 2003 ( COMPUTERWORLD ) - A British government agency whose mission is to help reduce the cost of government is launching a series of nine IT "proof of concept" trial projects using open-source software, including Linux. 
In an announcement yesterday, the Office of Government Commerce (OGC) said the trials will be conducted across a diverse group of government offices to see how open-source software compares with proprietary products -- and to learn where it can be used with comparable or improved performance and lower costs. 

The first nine trials will be conducted with the help of IBM, but other vendors will be invited to offer their ideas, said Martin Day, a spokesman for the OGC. The office was established in April 2000 to help U.K. government agencies get the best value for their money from vendors in everything from road building to property management and IT, he said. "IT is a great way of losing money if you get it wrong," Day said. 

For more than a year, the OGC has been working on open-source trials that would yield real-world results, he said. In July, the British government's Open Source Software Policy was announced in Parliament, which wanted a level playing field for comparisons of open-source and proprietary software based on value for money. 

The nine trials, which will take place during the next six months and could be expanded to more projects, are being coordinated by the Office of the eEnvoy, which is responsible for improving the online delivery of public services and cutting costs, as well as making all U.K. government services available electronically by 2005. 

"We're not out here to prove a point" about open-source vs. proprietary software, Day said. "We have no specific religion" about either technology, he added. "Is this about abandoning Microsoft products? No, it's not." 

Instead, the idea is to find out if public money can be saved by looking at other ways of doing government business, he said. 

Whatever the eventual findings, the OGC can't make open-source software use mandatory, Day said. The agency can only make recommendations, although the findings could hold some weight in future IT decisions. 

"Whilst it's not mandatory, if [open-source software] works, it would take a very brave department to rubber-stamp another order" for proprietary software from any vendor, he said. "We're going to want to see what these trials [show]." 

The nine departments involved in the trials are the Office of the Deputy Prime Minister; the Department for Work and Pensions; the Department for Culture, Media and Sport; the Office of the eEnvoy; the Powys County Council; the Newham Borough Council; the Orkney Council; the Central Scottish Police Authority; and the Office of Water Service. 

Adam Jollans, Linux strategy manager at IBM's software group, said the pilots could help determine practical usage for Linux and other open-source software in government agencies, as well as provide measurable comparisons of costs and performance. "This parallels what we've been doing with a lot of our commercial customers," Jollans said. 

Jonathan Eunice, an analyst at Illuminata Inc. in Nashua, N.H., said the British trials show just how far open-source software has come in the past few years. "They're considered as something that's viable compared to commercial products," he said. That wasn't the case only a few years ago, he added. 

In some areas, such as office suite applications, however, open-source software still isn't ready as a replacement for proprietary products, Eunice said. "No matter how good [open-source products] OpenOffice or StarOffice get ... the Microsoft Windows Office franchise is going to last for many years," he said. "There are cases that are very clear [for open-source use], and there are cases that are mixed."
*******************************
Computerworld
To Russia, with Linux
IBM will help create a Linux Competency Center in Russia 
Story by Todd R. Weiss 

OCTOBER 09, 2003 ( COMPUTERWORLD ) - IBM and the Russian Ministry of Communications and Computerization have agreed to put together a Linux Competency Center in Moscow to help push greater use of the open-source operating system in Russia. 
The new center, which will mimic existing IBM Linux Competency Centers in New York and other cities, will be equipped with a wide selection of IBM hardware and software so would-be users can test their applications and gain insights into how Linux could help their businesses and operations, according to IBM. 

The Moscow Technical University of Communications and Informatics will work with IBM and the Russian government by providing open-source skills and technical help at the facility. It is slated to open by the end of the year. 

The IBM hardware in the center will include IBM TotalStorage products running Linux, including eServer xSeries systems, high-powered Linux clusters and IBM software, including WebSphere, DB2, Lotus and Tivoli products. 

Adam Jollans, Linux strategy manager at IBM's software group, said the center is aimed at providing open-source information to government agencies and businesses in Russia seeking alternative ways of doing their work. 

Andrey Korotkov, a deputy minister with the Russian Ministry of Communications and Computerization, said in a statement that the center will help "create a Linux ecosystem enabling Russian hi-tech companies to expand into global markets faster. IT solutions based on Linux and open standards will open up great opportunities to businesses in Russia."
*******************************