Clips September 25, 2003

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips September 25,
2003

Report Raises Electronic Vote Security Issues
Alabama banks try to solve Internet-based scam
CONSUMERS TO PAY FEE FOR RECYCLING [CA]
Alabama banks try to solve Internet-based scam
Site Warns of Online Dangers to Children
Labor hires new deputy CIO 
National 'cyber summit' planned to aid federal outreach 

*******************************
New York Times
Report Raises Electronic Vote Security Issues
By JOHN SCHWARTZ
New York Times
Published: September 25, 2003 


Electronic voting machine technology used nationwide is "at high
risk of compromise" because of software flaws that could make them
vulnerable to computer hackers and voting fraud, according to a review
released yesterday. The report also said, though, that proper safeguards
could help to mitigate the risk.

The new report, the second concerning voting machines from Diebold
Election Systems, was conducted for the state of Maryland after
researchers warned this summer that the Diebold AccuVote-TS voting
machines, more than 33,000 of which are used in 38 states, may be
vulnerable to manipulation. Maryland is adopting the machines for
elections.

Diebold executives and Maryland officials said the report vindicated
their view that the machines could be used reliably.

The new report, said Mark Radke, a Diebold executive, "really
confirms our stance that our equipment is as secure, if not more secure,
than any other electronic system in the marketplace." The company is
working to improve the security even further, he added.

In a letter yesterday, James C. DiPaula, secretary of the state's
Department of Management and Budget, recommended to Gov. Robert L.
Ehrlich Jr. that the state advance a plan which he said "will
correct specific risk factors and ensure reliability of the election
process."

The earlier study, released in July, said Diebold software contained
numerous security gaps that could be exploited to let people vote many
times or to change votes after the fact. Aviel D. Rubin, a computer
security researcher, and colleagues analyzed Diebold source codes that
had been leaked to the Internet by critics of electronic voting systems.

Yesterday's report, by the Science Applications International
Corporation, said that Mr. Rubin's conclusions about the company's
software were "technically correct," but that the researchers
"did not have a complete understanding" of Maryland's use of
the system.

In an interview yesterday, Mr. Rubin said he was mystified to see that
the state planned to use Diebold machines despite the report.

"It almost seems as though the people writing the Maryland action
plan either did not read or did not understand the S.A.I.C. report,"
he said. "What they should say is, `We're going to put these systems
on hold until they say that these things are safe to use.' "

James T. Smith, the Baltimore County executive, who has opposed the move
to electronic voting, said the new report should stop the state from
using the machines.

"For two years, Baltimore County has warned, `Iceberg ahead!' and
now independent experts have warned that it's a gigantic iceberg,"
Mr. Smith said. "Maryland should not say, `Damn the iceberg, full
speed ahead.' "
*******************************
Mercury News
Posted on Thu, Sep. 25, 2003
Davis to sign e-waste bill
CONSUMERS TO PAY FEE FOR RECYCLING OF OLD TELEVISIONS, COMPUTER
MONITORS
By Ann E. Marimow

SACRAMENTO - Gov. Gray Davis said Wednesday that he will sign landmark
legislation today to tackle the mounting problem of recycling old
computer monitors and televisions that contain toxic materials.

With his signature, California becomes the first state to create an
e-waste recycling program, after a two-year effort by Sen. Byron Sher,
D-San Jose.

``California has led the technology revolution and we will lead the way
to safely managing computers and other electronic devices at the end of
their life,'' Davis said Wednesday, according to a spokesman. ``This is a
low-cost, consumer-friendly solution to the expensive electronic product
recycling options currently available.''

Consumers will cover the cost of the program by paying a new fee of from
$6 to $10 on computer monitors and televisions that contain hazardous
materials such as lead that are banned from California
landfills.

Cities and counties throughout the state have struggled with the high
cost and limited options for safely disposing of e-waste. An estimated 6
million outdated computer monitors and televisions are gathering dust in
California homes.

The measure restricts the export of e-waste, unless the country on the
receiving end has adopted certain international environmental standards
for safe disposal.

A Mercury News report in November documented how the computer industry
relies on overseas labor to dispose of its products that often end up as
hazardous trash.

Local government officials who are overwhelmed by the cost of recycling
e-waste and some environmental groups strongly supported the measure that
is also backed by a coalition of high-technology companies.

``This is one of the most important environmental bills of the year,''
said Mark Murray, executive director of Californians Against Waste.
``This measure will provide the public with a safe, reliable and
convenient option for recycling their obsolete electronics.''

But the Computer TakeBack Campaign, a coalition of state and national
groups, said California's e-waste program should not be a model for the
nation because it falls short of the governor's call last year to hold
companies more accountable.

Davis vetoed a similar measure last year, saying the state could not
afford to create a new bureaucracy. He urged companies to play a greater
role in taking back their obsolete products.

``This isn't it,'' said Ted Smith of the Silicon Valley Toxics Coalition,
which is part of the TakeBack Campaign. ``There needs to be a producer
responsibility and we will go back next year and make this into the kind
of program we really need.''

In response to Davis' veto last year, Sher collaborated with computer
company Hewlett-Packard on a bill that would have shifted the
responsibility for recycling e-waste from local governments to tech
companies. But in the final weeks of the legislative session, discussions
broke down between HP and Sher.

The Palo Alto company, which runs its own recycling program, lobbied
vigorously against the final version of the legislation because of
concerns that it will put California companies at a competitive
disadvantage.

Under the bill, the California Integrated Waste Management Board will
collect the fee starting in July 2004, to be distributed to recyclers and
haulers that operate e-waste drop-off or pick-up sites.
*******************************
USA Today
Alabama banks try to solve Internet-based scam
September 25, 2003

BIRMINGHAM, Ala. (AP)  A new scam combining counterfeiting and
Internet fraud on auction sites is taking hundreds of thousands of
dollars from bank customers in Birmingham, a bank security chief said.
The scam originates on Internet auction sites such as eBay and includes a
"buyer" who sends the seller a stolen or fake cashier's check
for more than the item's purchase price, said Bill Burch, security chief
at AmSouth Bancorp. 
In the scam, the seller agrees to deposit the check and send the
"buyer" the difference between the purchase price and the
amount on the check. But the seller winds up owing his bank thousands of
dollars when the first check bounces and the "buyer" disappears
with the item and the money the seller sent him. 

"The danger is that these checks look real, and we are seeing a few
every week," Burch told The Birmingham News for a story Wednesday.
"The victims face a double whammy, because they lose the item they
had for sale, as well as the money they sent back." 

Because Internet auction sites now regularly offer large, expensive items
such as industrial machinery and automobiles, victims' losses often are
thousands of dollars, Burch said. 

Some people have received checks for as much as $260,000, or many times
the price of their item for sale, and returned the difference to the
bogus buyer, he said. 

A working group of security chiefs at Birmingham's four biggest banks is
trying to stop the scam, said Burch, a 30-year veteran of the U.S. Secret
Service. One method is training bank tellers and mail centers that
receive customer deposits to identify the phony checks, he said.

Some $62 million of merchandise is sold on eBay every day. 

"Unfortunately, a marketplace of that size will be the target of
some fraudulent activity," said eBay spokesman Kevin Pursglove.
*******************************
Los Angeles Times
Site Warns of Online Dangers to Children
The D.A. offers tips on how parents can track molesters and monitor
computer use. Halting youth cyber-crime is another goal.
By Anna Gorman
September 25, 2003

A 14-year-old girl began an online conversation with a Los Angeles County
man, who lured her to a meeting and then molested her. Two Pasadena
teachers seduced two female students by sending sexually explicit
e-mails. 

These real-life cases are described on a new Web site launched by the Los
Angeles County district attorney's office to prevent children from
becoming victims over the Internet. The site, which will be formally
introduced today by Dist. Atty. Steve Cooley, gives parents tips on how
to track sexual predators and how to monitor the family
computer.

The "Protecting Our Kids" site also aims to prevent teenagers
from getting in legal trouble online, explaining the types of crimes
committed: downloading copyrighted songs, creating bogus EBay accounts to
sell nonexistent merchandise and hacking into corporate servers to
destroy information. The online guide makes it clear that parents can be
held liable for their children's actions.

About 62% of teenagers say their parents know little or nothing about
their Internet use, and only 52% of parents say they moderately supervise
their child's online use, says the National Center for Missing &
Exploited Children.

"The technology has exploded so quickly that parents have so much to
keep up with," said Carol Baker, who heads the Bureau of Crime
Prevention & Youth Services for the district attorney. "The
kids, on the other hand, are right on top of the
technology."

Baker said parents need to monitor Web surfing to learn who their
children are talking to and what their children are doing. Of 45 million
children ages 10 to 17 who use the Internet nationally, one in five has
been sexually solicited, and three in five have received an e-mail or
instant message from a stranger, according to national
statistics.

Microsoft Corp. announced this week that it is shutting down online chat
services in most markets around the world and limiting chat groups in the
United States to reduce criminal solicitations of children through
Internet conversations.

The district attorney's office teamed up with PTA officials, who will
tell parents in schools throughout Los Angeles County about the new Web
site.

"We all know there is a danger of pedophiles and of people who will
use the Internet in a harmful way for our children," said Linda
Ross, vice president of community concerns for the 31st District PTA in
the San Fernando Valley. "Anything that is going to protect our kids
is a great idea."

On the Web site, Cooley offers a warning to parents: "Much like the
real world, the World Wide Web can be an inviting but dangerous place for
children. Young people with unmonitored access to the Internet are
exposed to a wide variety of risks, some of them
life-threatening."

Through the site, parents can connect to law enforcement links and can
buy software program to help monitor computer use. Beginning today, the
Web site can be accessed through the district attorney's site at
http://da.co.la.ca.us/pok/default.htm.
*******************************
Government Computer News
Labor hires new deputy CIO 
By Jason Miller 

The Labor Department earlier this month hired Tom Wiesner to be its new
deputy CIO. 

Patrick Pizzella, Labor CIO, said Wiesner?s responsibilities include all
areas of IT and e-government, with a concentration in cybersecurity. He
replaces Laura Callahan, who left in March to become the deputy CIO at
the Homeland Security Department. 

Wiesner came to Labor from the Homeland Security Department, where he
coordinated IT products and services for all airports under the
Transportation Security Administration. 

Before coming to TSA in Sept. 2002, Wiesner held various positions at the
Treasury Department, including director of the CIO?s Office of Wireless
Programs and director of the Office of IT Security. 

Wiesner graduated from the Rochester Institute of Technology with a
bachelor?s in electrical engineering. 
*******************************
Government Executive
September 16, 2003 
National 'cyber summit' planned to aid federal outreach 
By William New, National Journal's Technology Daily 

The Homeland Security Department is planning to hold a national
"cyber summit" this fall to address shortcomings in outreach
efforts to state and local governments and the private sector on
improving cybersecurity practices.

"That's where much of our work has to be done yet," Robert
Liscouski, the department's assistant secretary for infrastructure
protection, told a House subcommittee on Tuesday.

"I agree with you," Liscouski told Democratic Rep. Zoe Lofgren
of California. "I don't think we have addressed [the lack of
outreach] enough yet, either." Lofgren is the ranking Democrat on
the House Homeland Security Subcommittee on Cybersecurity, Science, and
Research and Development, which held the hearing.

The department soon will announce its efforts to expand existing
public-private outreach groups to get greater implementation of security
practices, Liscouski said. 

The summit being considered for November will bring together key industry
and government leaders to try to produce a common mechanism for reporting
computer threats and vulnerabilities. It also will aim to develop a
"vulnerability reduction initiative" that would promote more
secure software and "best practices" for protecting critical
infrastructures in coordination with the private sector and
universities.

Other goals will include developing a partnership to educate the 50
million home computer users and small businesses, and completing a
national cybersecurity roadmap, he said.

Lawmakers pressed Liscouski for details on what progress Homeland
Security's cyber division has made since it was created June 6 and on
whether the department has sufficient resources, expertise and authority
to secure cyberspace. 

Lofgren raised numerous concerns that the department is "just not
providing sufficient leadership in the cyber arena." August was the
"worst month ever" for computer viruses, despite the
responsibility of the department to reduce vulnerabilities to government
and critical-asset computers, as well as respond to cyber incidents, she
said.

Liscouski said the delay in naming Amit Yoran as the department's
cyber-security director and establishing a Homeland Security partnership
with Carnegie Mellon University's Computer Emergency Response Team (CERT)
Coordination Center has come from trying to put the "right team in
place." Under the new relationship, the center will receive more
funds and staff for its work with the department, and will expand it
focus beyond responding to computer attacks to also addressing malicious
code, he said.

Liscouski said that the department's management style is "very
direct" and that Yoran will have to answer at times to Frank
Libutti, the undersecretary for information analysis and infrastructure
protection, and Homeland Security Secretary Tom Ridge. But he insisted
that Yoran will be asked to use his expertise and judgment to make the
department's cybersecurity decisions.

Liscouski said the cyber division has a "direct nexus" into the
department's science and technology directorate, and it will work
"robustly" with the Terrorist Threat Integration Center housed
at the CIA.

The cyber division currently has adequate resources and staff, he said.
Right now, there are 65 employees, and the department is looking for
about 100 for fiscal 2004, he said.
*******************************