Clips February 9, 2004

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips February 9,
2004

ARTICLES

Voting Machines On Trial In Fairfax 
Thorny Issues Await F.C.C. on Internet Phones
Online Search Engines Help Lift Cover of Privacy 
Ky. House OKs bill to put officials on same wave length
Linking Lawmakers, Scientific Knowledge 
DHS launches trio of IT security groups 
High-tech twist for election
Michigan voters try an online ballot box

*******************************
Washington Post
Voting Machines On Trial In Fairfax 
Ill-Fated Fall Vote Prompts Scrutiny 
By David Cho
Monday, February 9, 2004; Page B01 
http://www.washingtonpost.com/wp-dyn/articles/A23930-2004Feb8.html

The Democratic
presidential nomination is not the only issue on the line in tomorrow's
primary in Virginia. Local and state lawmakers say they will be watching
closely how Fairfax County's touch-screen voting system performs after
its disastrous debut in the November elections.

Another bad showing could halt the move toward adopting touch-screen
machines elsewhere in Virginia and broaden the support for several bills
related to election machines in the General Assembly, said state Sen. Ken
Cuccinelli (R-Fairfax). He estimated that more than a dozen jurisdictions
across the state are considering whether to buy voting computers similar
to the ones Fairfax purchased for $3.5 million last year.

Gerald E. Connolly (D), chairman of the Fairfax County Board of
Supervisors, said the primary could make or break the voting machines'
future.

"Obviously if there are major malfunctions in this election, I think
the board will insist on a whole host of measures and an independent
audit of this technology and its vendor," said Connolly, who was
elected chairman in November. "But I'm hopeful that's not going to
be the case. I'm an optimist by nature. It's my fervent hope that the
glitches that occurred . . . last year will not occur on February
10th."

County election officials and the machines' designers, from Advanced
Voting Solutions of Frisco, Tex., promised before the November elections
that the computers would simplify voting and produce near-instantaneous
results. Instead, some vote tallies weren't known until 21 hours after
the polls closed because of a software problem, and scores of voters
complained of long lines and machines that crashed. 

The Fairfax GOP filed a lawsuit on Election Day charging that election
officials broke state law when they took 10 computers out of their
precincts and brought them to the government center for repairs while the
polls were open. The case was dismissed in late December after the county
Electoral Board promised not to do that again.

The problems sparked several bills in the General Assembly related to
voting machines that are scheduled for votes in the coming days. One
measure would make it illegal to remove any machine from a polling place
without a Republican and a Democratic observer present. Another would
study whether voters should be provided with a printed confirmation of
their ballots. A third would retool the way the state certifies
touch-screen voting machines.

Touch-screen voting machines have been controversial in Maryland, too,
where the state has agreed to spend $55.6 million on them, even though
legislators have said they are concerned about their security.

The pressure to pull off a problem-free primary in Fairfax rests squarely
on the staff of the Electoral Board.

"The performance of these machines on Tuesday is very important to
everyone who's concerned about elections running properly," said
state Sen. Jeannemarie A. Devolites (R-Fairfax). "If there are
problems, then that will show that the local elections board has not
resolved the problems with the machines that they indicated that they did
resolve."

Election officials said they have conducted numerous tests to make sure
things go well tomorrow.

"We are certainly prepared," said Margaret K. Luca, secretary
of the Electoral Board. "We did everything we could possibly think
of" to get ready, she said.

Last month, Luca told county supervisors that there had been more
problems in November than her staff reported initially: 116 of the
county's 223 precincts had a touch-screen computer that needed to be
rebooted or had a software glitch. An additional 38 experienced power or
printing problems. Ten machines broke down completely.

At the time, election workers had a few people to call when the computers
crashed. Tomorrow, they will be able to call a room full of technicians
with 10 phone lines. The county also will send technology experts on the
road. The "rovers" will carry touch-screen machines to replace
any that malfunction.

One of the biggest problems in November was a delay in getting vote
totals. According to Luca, the problem arose because the software that
counted votes could not communicate with each machine. Adjustments were
made, and in December election officials took machines to 100 precincts
and ran a mock election. Four precincts had problems transmitting vote
tallies, which Luca attributed to "human error." Last month,
the staff held another mock election with 50 precincts, and that went
even more smoothly, Luca said. If any precincts have trouble transmitting
vote totals electronically tomorrow, poll workers will be able to call
the county registrar directly after the polls close. The number of phone
lines in that office has been doubled to 32 to ensure that workers won't
get a busy signal, she said.

Several software and hardware fixes were made and paid for by the
machine's vendor, Luca said. One change has made the screen less
sensitive to touch, which officials said they hope would cut out the
kinds of inadvertent glitches that frustrated some voters in November. In
addition, a warning will appear on the screen telling voters to
"press lightly." The county will be showing off some of the
changes publicly today during the Board of Supervisors meeting.

The machines will display a ballot for the primary that is far simpler
than the one that voters faced in November, and turnout is expected to be
far lighter, Luca said, so the day should go smoothly.

But even if the computers do well, they will be tested again in the fall
when more than twice as many voters are expected at the polls for the
presidential election.

"I see this as a trial run for the presidential election in
November," Connolly said. "We can't have any major glitches.
It's got to run smoothly so people can exercise their right to
vote."
*******************************
New York Times
February 9, 2004
Thorny Issues Await F.C.C. on Internet Phones
By STEPHEN LABATON
http://www.nytimes.com/2004/02/09/technology/09rules.html

WASHINGTON,
Feb. 8 - The effort to write the rules for Internet telephone service
begins this week, and whether it succeeds may ultimately come down to a
matter of money.

On Thursday, the Federal Communications Commission is set to consider
approving a notice of proposed rulemaking, the first step in a lengthy
process of writing regulations for Internet-based phone services. The
commission is also set to issue a final decision on a petition by one of
the new Internet phone companies, Pulver.com, which has asked the
commission to rule that it does not need to pay interconnection access
fees to phone companies for any calls made and received between computers
through Internet connections. 

Experts say that a ruling in Pulver's favor will not have a major effect
immediately on the nascent industry because there are so few Internet
phone users. But one analyst, Blair Levin of Legg Mason, said that a
favorable ruling for Pulver could have a significant effect if a company
with a huge consumer base, like Microsoft, were to begin offering
computer-to-computer voice services. 

The commission scheduled this week's proceedings after the Justice
Department reversed its earlier position that anything less than
stringent regulations would pose legal and technical obstacles to the
ability of law enforcement agencies to do wiretapping for criminal and
terrorism investigations. 

Entrepreneurs and optimists, along with companies like AT&T and
Verizon Communications, say that Internet-based telephony could
revolutionize the telecommunications industry. The new technology allows
calls to be placed or received through the Internet. Voice transmissions
are broken down, transmitted in data packets through multiple paths and
reassembled on the receiving end, much like e-mail. Users are supposed to
find the service indistinguishable from traditional phone connections.

Although even the most optimistic projections predict that only about a
million consumers - a small fraction of the overall phone market - may
make use of the service by the end of this year, industry executives hope
that Internet phones will ultimately become as common as e-mail and will
significantly displace traditional wired phone connections in much the
same way that cellphones have.

But that cannot happen before Washington decides how the technology ought
to be regulated. And the potential obstacles are myriad, because although
Internet phone service represents a technological convergence of
communications and computers, the regulatory world remains neatly
divided: different rules apply to phones, cable, wireless services and
data transmission.

The commission proceedings, which will take many months to complete and
may outlast the term of the agency's chairman, Michael K. Powell, present
a thicket of policy questions. For one thing, if Internet calls are less
regulated, traditional phone companies may migrate to the new technology
to get relief from telephone regulations that they maintain are overly
burdensome.

For Mr. Powell, the proceedings are also significant because he has come
through a year of bruising political fights within the agency, on Capitol
Hill and in the courts.

Last year he lost a pivotal fight at the agency over telephone access
fees, and his decision last summer to loosen the rules governing the size
and reach of the nation's largest media companies came under heavy
assault in Congress. A federal appeals court in Philadelphia has
temporarily blocked those rules. On Wednesday, a three-judge panel will
hear oral arguments in what could be the most significant F.C.C. case in
years. 

Mr. Powell is seen as generally supporting a deregulatory approach to
Internet phone technology. Some of his critics say that if the
commission's notice of proposed rulemaking this Thursday is simply a list
of questions to be debated - rather than a detailed statement of the
agency's position - it will suggest that Mr. Powell is having trouble
marshalling a majority of commissioners to carry out a deregulatory
vision.

"If Powell really wants to be a hero, because he's had a tough time
in the last 12 months, he'd line up three votes and put something
substantive out rather than simply a mishmash," said Reed E. Hundt,
who served as chairman of the commission during the Clinton
administration.

Industry executives and analysts say that the biggest issue facing the
agency involves the fees that Internet phone companies will have to pay
to local phone carriers for connecting their customers' calls to Internet
telephone customers.

The interconnection and access charges in the telephone industry have
long been the cause of bitter fighting between local and long-distance
carriers, and the new technology raises a host of complex and arcane
issues that will ultimately play a huge role in the profitability of the
new services.

In recent months, lawyers representing both the large and small phone
companies have been meeting and negotiating in an effort to come up with
a new access fee system. The project, if successful, could relieve the
commission of the burden of coming up with a fee system on its
own.

"Once you solve the intercarrier compensation issues, everything
else is relatively easy," said Mr. Levin, who was a senior official
at the commission before he became a regulatory analyst at Legg Mason.
Jeffrey A. Citron, chief executive of Vonage, one of the larger Internet
phone companies, agreed.

"The problem is how do you get from one system to another?" he
said. "The real problem is intercarrier compensation. Everyone can
agree no matter who you are that the intercarrier compensation scheme is
broken."

The regional Bell operating companies, which have received the bulk of
access fee payments from originating and ending phone calls, have also
begun to recognize the need to change the fee structure, particularly as
those companies gain a bigger share of the long-distance market.

"Industry access revenue is declining," said Tom Tauke, a
senior lobbyist for Verizon, which is also interested in getting a share
of that new market. 

"It's not dissimilar from what happened during the development of
wireless," Mr. Tauke said. "People said at that time, 'Why
would you want to do it and cut into your business?' We're happy we did
it." 

The access fee question is not the only important issue before the
commission. The commission will have to decide how to apply a host of
other regulations to Internet phone services, like fees to support 911
emergency services and rules ensuring that phone service is universally
available. 

The proceedings were nearly stalled by objections from federal law
enforcement agencies which have complained to the commission that any
attempt to deregulate the service could pose legal and technical
obstacles to their ability to monitor phone conversations in criminal
investigations. 

Under heavy political and industry pressure, the Justice Department,
which had complained earlier that it was having problems monitoring
Internet-based voice calls, abruptly reversed course last week. It
rejected the position of the Federal Bureau of Investigation, which had
insisted that law enforcement issues had to take priority over other
regulatory questions involving broadband access to the Internet.

In a series of letters and discussions over the last few months, the law
enforcement agencies insisted that the commission first resolve the
issues surrounding the wiretapping of Internet phone calls. 

Last month, John G. Malcolm, a deputy assistant attorney general who has
played a lead role for the Justice Department on the new technology, said
that as a result of legal uncertainties created by the commission,
prosecutors had encountered obstacles in executing surveillance
orders.

And on Jan. 28, Patrick W. Kelley, a deputy general counsel at the
F.B.I., asked the commission to resolve the law enforcement issues before
considering other new rules and petitions from some Internet phone
companies seeking regulatory relief.

But on Feb. 4, Mr. Malcolm sent a letter to the commission that both
contradicted Mr. Kelley and reversed the direction of the Justice
Department.

"I consider it regrettable that articles appeared last week that
were prompted by Pat Kelley's letter," Mr. Malcolm wrote, referring
to newspaper articles on the controversy. "While it would obviously
be our preference that the F.C.C. decide these issues prior to
considering other broadband proceedings, we recognize that this is not
practical, and have no desire to prevent the F.C.C. from doing its
work."
*******************************
Washington Post
Online Search Engines Help Lift Cover of Privacy 
By Yuki Noguchi
Washington Post Staff Writer
Monday, February 9, 2004; Page A01 
http://www.washingtonpost.com/wp-dyn/articles/A24053-2004Feb8.html

Sitting at his
laptop, Chris O'Ferrell types a few words into the Google search engine
and up pops a link to what appears to be a military document listing
suspected Taliban and al Qaeda members, date of birth, place of birth,
passport numbers and national identification numbers.

Another search yields a spreadsheet of names and credit card
numbers.

"All search engines will get you this," O'Ferrell said,
pointing to files of spoils he has found on the Internet: Medical
records, bank account numbers, students' grades, and the docking
locations of 804 U.S. Navy ships, submarines and destroyers.

And it is all legal, using the world's most powerful Internet search
engine.

Cybersecurity experts say an increasing number of private or putatively
secret documents are online in out-of-the-way corners of computers all
over the globe, leaving the government, individuals, and companies
vulnerable to security breaches. At some Web sites and various message
groups, techno-hobbyists are even offering instructions on how to find
sensitive documents using a relatively simple search. Though it does not
technically trespass, the practice is sometimes called "Google
hacking."

"There's a whole subculture that's doing this," said O'Ferrell,
a long-time hacking expert and chief technology officer of Herndon-based
security consultancy Netsec Inc.

In the decade they have been around, search engines like Google have
become more powerful. At the same time, the Web has become a richer
source of information as more businesses and government agencies rely on
the Internet to transmit and share information. All of it is stored on
computers called servers, each one linked to the Internet.

For a variety of reasons -- improperly configured servers, holes in
security systems, human error -- a wide assortment of material not
intended to be viewed by the public is, in fact, publicly available. Once
Google or another search engine finds it, it is nearly impossible to draw
back into secrecy.

That is giving rise to more activity from "Googledorks," who
troll the Internet for confidential goods, security engineers
said.

"As far as the number of sites affected by this, it's in the tens of
thousands," said Johnny Long, 32, a researcher and developer for
Computer Sciences Corp. and veteran hacker who maintains a Web site that
he says keeps him connected to the hacker community. He spoke about
Google hacking at the Def Con hacker convention in Las Vegas last summer,
which has led to more awareness of vulnerabilities, he said.

Google gets singled out for these searches because of its
effectiveness.

"The reason Google's good is that they give you more information and
they give you more tools to search," O'Ferrell said.

Its powerful computer "crawls" over every Web page on the
Internet at least every couple weeks, which means surfing every public
server on the globe, grabbing every page, and every link attached to
every page. Those results are then catalogued using complex mathematical
systems.

The most basic way to keep Google from reaching information in a Web
server, security experts said, is to set up a digital gatekeeper in the
form of an instruction sheet for the search-engine's crawler. That file,
which is called robots.txt, defines what is open to the crawler and what
is not. But if the robots.txt file is not properly configured , or is
left off inadvertently, a hole is opened where Google gets in. And
because Google's crawlers are legal, no alarms will go off.

"The scariest thing is that this could be happening to the
government and they may never know it was happening," Long said.
"If there's a chink in the armor, [the hackers] will find
it."

Google and other search-engine officials said they are sensitive to the
problem, but are not in a position to control it.

With a vast system of more than 10,000 computer systems constantly
collecting new information on more than 3 billion Web sites, the company
cannot and does not want to police or censor what goes on the Web, said
Craig Silverstein, Google's chief technology officer.

"I think Web masters have to be careful," he said. "The
basic problem is that with 3 billion [Web sites], there's a lot of
information out there." It offers a tool on its own Web site,
"Webmaster guidelines," on how to remove Web sites from
Google's system, including Google's vast store of cached pages that may
no longer be available online, Silverstein said.

For hacking experts, Google-hacking has a kind of populist allure: any
one with Internet access can do it if they know the right way to
search.

"It's the easiest point-and-click hacking -- it's fun, it's new,
quirky, and yet you can achieve powerful results," said Edward
Skoudis, a security consultant for INS Inc., which helps government and
business clients monitor what is visible from the Web. "This concept
of using a search engine for hacking has been around for a while, but
it's taken off in the last few months," probably because of a
new-found enthusiasm in the underground hacking community, he
said.

Search strings including "xls," or "cc," or
"ssn" often brings up spread sheets, credit card numbers, and
Social Security numbers linked to a customer list. Adding the word
"total" in searches often pulls up financial spreadsheets
totaling dollar figures. A hacker with enough time and experience
recognizing sensitive content can find an alarming amount of supposedly
private information.

"On a [client's] bank site, I found an Excel spread sheet with
10,000 Social Security and credit card numbers," said Skoudis, of
one of his successful treasure hunts.

The bank's Web server had been properly configured to keep such documents
private, but someone had mistakenly put the information on the wrong side
of the fence, he said. "Google found the open door and crawled
in."

Skoudis confronted the "red-faced executives" with his
findings, he said, and was told: "Just fix it, damn
it."

Google and other search-engine operators are unable to gauge how
frequently private documents are accessed using their sites, or how many
are removed for security reasons.

"The challenge is that as the search-engine tool evolved, people got
more lax about what they put on a publicly available Web server,"
said Tom Wilde, vice president and general manager of Terra Lycos's 19
search engines. "It would be impossible to monitor" the tens of
millions of searches that take place every day, Wilde said, adding that
he has never been notified of a security breach on his sites.

Government officials said they were familiar with Google hacking, and
were working with government agencies and businesses to secure sensitive
documents on Web servers.

"It's an issue we're aware of and tracking," said Amit Yoran,
director of the cybersecurity division of the Homeland Security
Department. By law, each agency is responsible for its own security, and
although hacking or security breaches are reported to Homeland Security,
the cybersecurity division does not monitor the content of the Web, he
said.

It is unclear who is at fault when someone digs up a confidential
document.

"I don't know what law's been violated just for searching" on a
publicly available search engine, said Paul Bresson, a spokesman for the
FBI, noting the bureau has not yet taken actions against individuals who
have found secure documents by using search engines. "If they use it
for some sinister purpose, that's another issue."

The availability of private information contributes to rising incidence
of identity theft, which for the last four years has been the No. 1
consumer problem for the Federal Trade Commission. Last year the FTC
received nearly 215,000 complaints about identity theft, up from about
152,000 in 2002.

Since 2001, the FTC has settled cases with Eli Lilly & Co., Microsoft
Corp. and clothing maker Guess Inc. for not taking "reasonable"
measures to keep medical or financial information secure, said Jessica
Rich, assistant director of the commission's bureau of consumer
protection. Letting customer information reside on an unsecure server can
open up a business to such liability.

"There are unique vulnerabilities because of databases that are
accessible through the Web," Rich said, adding that the FTC
anticipates bringing more security-related cases in the future.

Once confidential pages are found, it is not easy to get them back under
wraps.

Even after a document has been pulled off of a Web server, as was the
case when MTV removed from its Web site a pre-Super Bowl press release
promising "shocking moments" at the halftime show, documents
often remain cached, or stored, in other search engines' computers so
they can still be accessed.

"Once it is placed online, it's very hard to get the digital horse
back in the electronic barn," said Marc Rotenberg, executive
director of the Electronic Privacy Information Center. "It's close
to impossible to get it back."
*******************************
Washington Times
More judiciary memos await
By Charles Hurt
http://www.washtimes.com/national/20040209-120246-8721r.htm

 
Republicans have "perhaps thousands" of internal Democratic
judiciary memos like the 14 that caused a stir on Capitol Hill last fall,
says a Republican staffer who resigned after an investigation into how
the documents were obtained. 

    "Only a small amount of [documents downloaded
from Democratic computer servers] have been made public," said
Manuel Miranda, former judicial-nominations counsel to Senate Majority
Leader Bill Frist of Tennessee. "The ones made public are the least
indicting of the ones." 

    Mr. Miranda resigned from his position last week after
a two-month investigation by the Senate sergeant-at-arms into how the
documents were obtained by Republican staffers and, ultimately, excerpted
in The Washington Times and Wall Street Journal. 

    Mr. Miranda wrote a farewell statement explaining his
actions. By resigning, he said he hopes the focus will shift from the
manner in which the documents were obtained to their content. 

    The 14 memos made public, written by staffers for Sen.
Edward M. Kennedy of Massachusetts and Sen. Richard J. Durbin of
Illinois, reveal a coziness between many Democrats on the Senate
Judiciary Committee and liberal special-interest groups. 

    Several Democratic Judiciary Committee staffers
declined to comment on the matter until a report on the investigation by
the sergeant-at-arms is released in coming weeks. 

    The memo generating much of the consternation was
written to Mr. Kennedy urging him  at the behest of an attorney for
the National Association for the Advancement of Colored People  to
stall a nominee to the 6th U.S. Circuit Court of Appeals until that panel
had ruled on a landmark affirmative-action case. 

    Although the Democratic staffers noted the impropriety
of such calculations, they recommended the judge's nomination be stalled
anyway. Indeed, Tennessee Judge Julia S. Gibbons wasn't confirmed until
after the court ruled 5-4 to uphold the University of Michigan Law
School's affirmative-action program. 

    Ethics complaints have been filed against Mr. Kennedy,
Mr. Durbin and Elaine Jones, the attorney for the NAACP. Ms. Jones was a
named party in the affirmative-action case when she lobbied Mr. Kennedy's
office for intervention. 

    In his farewell letter, Mr. Miranda described publicly
for the first time how he first came to see the Democratic memos as a
staffer for Senate Judiciary Committee Chairman Orrin G. Hatch, Utah
Republican, who was his boss prior to Mr. Frist. 

    "[A] young colleague brought to my attention that
he could access documents from the Judiciary shared-server network on our
desktops through an icon called "My Network Places," he wrote.
"No unauthorized hacking was involved." 

    The other staffer in question was placed on
administrative leave at the start of the investigation and has since
followed through on previous plans to leave. 

    The documents Mr. Miranda said he has seen
"recorded collusive, partisan considerations in the confirmation
process and much worse," he said. 

    Mr. Miranda spoke highly of Mr. Frist and Mr. Hatch,
though he takes exception with Mr. Hatch's view that he should not have
viewed the Democratic files.
*******************************
USA Today
Ky. House OKs bill to put officials on same wave length
By Bruce Schreiner, Associated Press
http://www.usatoday.com/tech/wireless/2004-02-07-ky-emergency-comm_x.htm

FRANKFORT,
Ky.  Legislation to ensure that state and local emergency workers
are  literally  on the same wavelength was passed by the
Kentucky House on Friday. 

Rep. Mike Weaver said his bill, which passed 87-0, was a potential life
saver. He cited examples, in Kentucky and beyond, of lives lost because
emergency responders were unable to communicate with each other.

Under his bill, state and local emergency agencies would have to submit
wireless communication master plans to a state oversight committee for
review. 

Local plans could not be vetoed. But the mere requirement for state
review should help guarantee that wireless systems are compatible, said
Weaver (D-Elizabethtown). 

"By communicating with each other, they can coordinate the plan that
they have to go in and save the lives," Weaver said in an interview.
"Right now we don't have that assurance." 

Any agency receiving state or federal funding for a wireless system would
be covered by the bill. 

Kentucky's House of Representatives is online at
www.lrc.state.ky.us.
The wireless communication legislation is House Bill 226. 
*******************************
Washington Post
Linking Lawmakers, Scientific Knowledge 
Grant to Fund Source for Data on Terrorism 
http://www.washingtonpost.com/wp-dyn/articles/A23882-2004Feb8.html
By Marc
Kaufman
Washington Post Staff Writer
Monday, February 9, 2004; Page A19 

Congress will get a new source for information on the science of
terrorism and national security under a $2.25 million grant from the
MacArthur Foundation.

The money will go to the American Association for the Advancement of
Science (AAAS), and is designed to make it into a link between
policymakers in need of scientific information and academics who might
have it.

"We've heard a lot about how policymakers need advice on scientific
issues related to terrorism," said Kennette M. Benedict, director of
international peace and security for the MacArthur Foundation. "This
is not so much about building capacity in this field, but in how to get
the information to policymakers in a form they can use."

The new AAAS initiative will try to fill some of the void created when
Congress abolished the Office of Technology Assessment eight years ago.
Although the new center will not have a formal status like the technology
office, Benedict said, it will try to offer similarly independent and
nonpartisan scientific information.

"Lawmakers are often looking for authoritative and trustworthy
information, and the center will connect them with it," she said.
MacArthur is also providing $4.5 million this year to 15 universities
around the world to research scientific aspects of the threats from
biological, chemical and nuclear materials.

According to Frank von Hippel, former assistant director for national
security in the White House Office of Science and Technology Policy, the
AAAS center would fill an obvious need.

"Congress used to have an in-house operation where policymakers
could task a group of technical people, and through them a whole network
of specialists, with technical problems they were having a hard time
getting a handle on," he said. "This is an effort to bridge the
gap." 

The AAAS is the world's largest general scientific society, and it serves
265 affiliated societies and academies of science. According to Alan I.
Leshner, chief executive of AAAS, the MacArthur grant will allow the
group to bring experts quickly to the capital to brief lawmakers and
their staffs on pressing scientific issues related to national security
subjects such as nuclear proliferation, cyberterrorism and bioterrorism.

Congress and the executive branch can now turn to the congressionally
chartered National Academy of Sciences for comprehensive reports on
scientific and technical subjects, but the organization is not set up to
provide information quickly. "The NAS will take on single subjects
and look at them in a thorough way," Leshner said. "Our job
will be to put together short-term analysis on a variety of subjects, and
to produce experts to explain the state of the science."

Leshner said that the new project grew to some extent out of
consultations with lawmakers, who have given it a "very warm
welcome." The organization has long experience in providing similar
scientific guidance on other subjects, he said.

The John D. and Catherine T. MacArthur Foundation is a private, nonprofit
group that has had a program of providing research on weapons of mass
destruction since 1984. But Benedict said it has expanded since 2000,
when the foundation began to fund work in the science of terrorism at
nine U.S. universities and six others in England, Russia and
China.

Von Hippel, who teaches at Princeton University's program on science and
global security, which is funded in part through a MacArthur grant, said
government funding for security is often misguided.

"Security policy is increasingly divorced from technical
reality," he said. "This results in critical problems being
ignored while funds are poured into programs that will make little
difference to our security and may even be
counterproductive."

He said that academics often don't know that they have scientific
information about security threats that policymakers need and want.
"We very much need to strengthen the relationship between the
academic and the policymaking communities when it comes to security
issues," he said.
*******************************
USA Today
Posted 2/7/2004 6:09 PM
http://www.usatoday.com/tech/news/techpolicy/2004-02-07-crime-images_x.htm
Digital
photography poses thorny issues for justice system
By Brian Bergstein, Associated Press

When Victor Reyes went on trial for murder last year, the technology that
fingered him was supposed to be a star witness.

Police in Florida had used software known as More Hits to determine that
a smudged handprint they had found on duct tape wrapped around a
body  but originally couldn't decipher  implicated Reyes in the
1996 killing. 

The judge let prosecutors introduce More Hits' digital enhancement. But
the defense called it "junk science," and had an art professor
testify that the process resembled how Adobe Photoshop can be used to
make trick-photo illustrations. 

Reyes was acquitted. 

Jurors said they based their decision mainly on the notion that the print
didn't prove Reyes was the killer  not on the legitimacy of More
Hits' method. And a Florida appeals court later ruled that More Hits'
technology  used by 215 U.S. police departments  is acceptable.

Still, some defense attorneys learned a lesson: Get more aggressive about
challenging digitally generated evidence. 

"Now whenever you hear the word enhancement, an antenna goes
up," said Hilliard Moldof, a Florida defense attorney who is
questioning digitally enhanced fingerprints in two cases. 

Or in the words of Mary DeFusco, head of training for the Philadelphia
public defender's office: "I thought digital was better, but
apparently it's not. We're definitely going to take a look at it."

As more police departments abandon chemically processed film in favor of
digital photography, the technology could be confounding for the justice
system. 

Film images are subject to darkroom tricks, but because digital pictures
are merely bits of data, manipulating them is much easier. 

And although willful evidence manipulation is rare, forensic specialists
acknowledge that a poorly trained examiner incorrectly using computer
enhancement programs can unwittingly introduce errors. 

"What you can do in a darkroom is 2% of what Photoshop is capable of
doing," said Larry Meyer, former head of photography for State Farm
Insurance Co. 

Courts have consistently allowed digital photographs and enhancement
techniques. But some observers say such methods should endure a more
thorough examination, as have technologies such as DNA analysis.

"There have been relatively few challenges to the use of digital
technology as evidence and in most of them the courts have looked at them
in a fairly superficial way," said Edwin Imwinkelried, an evidence
expert at the University of California-Davis law school. 

Concerns about the impeachability of digital photographs are one reason
many police departments have been hesitant to ditch film for crime scene
photographs and forensic analysis. 

In fact, some people who train law enforcement agencies in photography
estimate that only 25 to 30% of U.S. police departments have gone
digital  despite the huge cost benefits of no longer having to buy
film and the ease with which digital pictures can be captured and
disseminated. 

The police department in Santa Clara, Calif., bought 30 digital cameras
recently but is holding off on giving them to detectives and technicians
until the department specifies ways to lock away the original photos as
evidence "so there can be no question that anything was
changed," said Sharon Hoehn, an analyst for the department.

George Pearl, who runs a civil-case evidence service in Atlanta and is a
past president of the Evidence Photographers International Council,
sticks with film partly because he doesn't want to explain on a witness
stand if he used a computer to adjust the contrast and other settings of
a digital image. 

"Even if it was honest adjustments," Pearl said. "Juries,
they're all skeptical and they're all sitting there waiting to jump on
something that's wrong." 

Some law enforcement officials also worry about the limitations that
still plague digital photography. 

Digital pictures can't be blown up as clearly for courtroom displays as
well as film photos. Or the compression needed to store a digital file on
disk can make the image blurry or blocky, potentially obscuring key
details. 

"Digital imaging for the most part has a long way to go to meet the
quality of film," said Richard Vorder-Bruegge, an FBI forensic
expert who chaired a panel that wrote guidelines for law enforcement use
of digital imaging. 

For example, he said, a negative shot on traditional 200-speed film can
produce the equivalent of 18 megapixels of resolution. Only highly
specialized, expensive digital cameras approach that now; most that
consumers buy are less than 5 megapixels. 

Vorder-Bruegge concedes that a top-notch photographer with plenty of time
"could do an outstanding job" with a 1-megapixel camera. But
such skills are in short supply in many police departments, especially
smaller ones. 

Consequently, he believes cops should stay with film for capturing
close-up details of footprints and tire tracks. 

Many people in law enforcement believe Vorder-Bruegge's assessments are
too conservative. They say that with proper training and stringent
procedures, digital photos should not be problematic. 

For one thing, blurriness or other errors in digital imaging are nowhere
near severe enough to "fool an examiner into misidentifying a
fingerprint," said George Reis, a crime scene investigator in
Newport Beach, Calif., where police began converting to digital a decade
ago, saving more than $6,000 a month in Polaroid costs. Reis helps other
police agencies make the digital conversion through a business he runs,
Imaging Forensics. 

In Oregon State Police's forensic laboratory, which has been all digital
for about five years, original pictures of fingerprints and other
evidence are encrypted so they can't be changed, and burned onto a CD,
giving the lab the equivalent of a film negative to reference later.

Any enhancement, such as lightening or darkening elements of the
picture  something traditionally done in film darkrooms as
well  is performed on a copy of the image, not the original, said
Mike Heintzman, the lab director. 

Erik Berg, a forensic supervisor in Tacoma, Wash., and the developer of
More Hits, said digital photos can allow for even more security than
traditional means of stowing film negatives in a drawer. 

"I have the ability to lock down one or more digital files to a
point where I can ensure not only who can or cannot look at it, but for
how long, whether or not they can print it or distribute it," he
said. "I can also prove whether or not it has been tampered with
since it was created." 

Perhaps most importantly, software such as More Hits or Adobe Photoshop
now can automatically log changes made to an image, so the alterations
can be reproduced by other people. The function was not deployed during
the Reyes investigation in Florida. 

Barbara Heyer, who defended Reyes, concedes that if used properly, the
logging function can improve the acceptability of digital evidence.

"Until there's a history of (what was done and when), not only will
I attack it, it should be attacked," Heyer said. Otherwise,
"you are relying solely on the word of the person doing the work.
That's not something I would like to do when someone's facing life in
prison or death."
*******************************
Government Computer News
DHS launches trio of IT security groups 
http://www.gcn.com/vol1_no1/daily-updates/24896-1.html
By Wilson P.
Dizard III 
2/9/04

The Homeland Security Department has formed three new organizations to
strengthen federal IT defenses and coordinate responses to systems
threats. 

In an exclusive interview, DHS National Cyber Security Division director
Amit Yoran said the groups give cybersecurity officials a method for
meeting in person as well as in online collaboration environments.

So far, ?the most obvious lesson learned is there?s a great desire to
collaborate, to work together to help one another,? he said. 

Yoran outlined the roles of the three new units: 
The Government Forum of Incident Response Teams, or G-FIRST, is made up
of frontline systems chiefs. It includes officials from the 24-hour watch
center within Yoran?s division, the U.S. Computer Emergency Response
Team, the Pentagon and civilian agencies. 

The Chief Information Security Officers Forum was created ?to share
information about programs that are successful and ones that are
challenged and need assistance.? Its members are senior officials
designated to oversee each agency?s cybersecurity and make sure agencies
meet the mandates of the Federal Information Security Management.

The third unit, the Cyber Interagency Incident Management Group, includes
officials from agencies ?that have significant capabilities in
cybersecurity,? Yoran said. Mainly made up of officials from law
enforcement, national security and Defense Department agencies, the group
provides a forum for planning responses to major cybersecurity incidents,
he said. 

The goal of the third group is to assure governmentwide coordination when
attacks occur rather than having some agencies simply working on their
own responses, Yoran said. ?The intent is that when bad stuff happens
that the organizations talk to each other,? he said. 
Yoran has been in his job since September [see GCN story]. He came to DHS
from Symantec Corp. of Cupertino, Calif. He co-founded Riptech Inc., a
security company in Alexandria, Va., that Symantec acquired. 

Yoran essentially took the spot previously held by White House national
cybersecurity advisers Richard Clark and Howard Schmidt. 

His security post is within DHS? Information Assurance and Infrastructure
Protection Directorateless visible than the White House appointments held
by Clark and Schmidt. Even so, Yoran said he has ample access to senior
leaders. 

?I am at the White House once or perhaps twice a week,? he said. ?I feel
confident we have the access and support we need.? 

But Yoran cautioned, ?Zero cybersecurity incidents or outages is not a
reasonable goal?minimizing the duration and impact of incidents is.
*******************************
Baltimore Sun
High-tech twist for election
Machines: The new touch-screen voting system is making it harder for
counties to recruit election judges.
By Ryan Davis
Originally published February 9, 2004

Election judge George Ruggles had practically memorized the 69-page
manual on how to do his job. Piece of cake, he thought.

Then he saw this year's 101-page version, and it's causing him quite a
headache. More instructions. More responsibility. And new high-tech
voting machines.

"Computers," the 81-year-old Anne Arundel County resident says.
"That's not my strength. I have to really work at 
it."

It seems that every election Maryland officials have trouble recruiting
enough election judges -- the people who oversee voting precincts on
election days and assist confused voters. With the state's primary
elections less than a month away, this year is no exception -- only the
problem has grown because of a high-tech twist.

The March 2 primary will mark the first election that the entire state
has used touch-screen voting machines. Officials around the region are
trying to recruit new election judges. But they're also fighting to
retain longtime judges by convincing them that managing a precinct full
of computer voting machines won't be too challenging.

Top election officials say the hardest sell has been to senior citizens
such as Ruggles who never warmed to computers. Retirees comprise the most
reliable labor pool for elections officials -- some estimate the average
election judge age at 70 -- though they aren't the only ones reluctant to
embrace the new voting system.

"It's scaring the heck out of people," says Barbara Fisher, the
election director in Anne Arundel County. "It's a real problem all
across the state."

Fisher is seeking 140 more election judges. Baltimore County wants at
least 150. Carroll, Harford and Howard counties are searching for 10, 50
and 50, respectively.

The city of Baltimore is the only jurisdiction that will not use the
16,000 new Diebold AccuVote-TS touch-screen machines. The city has a
different electronic voting system and is scheduled to switch to Diebold
in 2006. Still, the Democrat-dominated city is facing its regular
problem. It needs more Republican election judges.

Each precinct must have an equal number of Republican and Democratic
judges. In Baltimore, Democrats outnumber Republicans 9 to 1. So the city
recruits independent and smaller party candidates to fill the Republican
slots.

It needs 30 Democrats and twice as many others, just to meet minimum
staffing, director Barbara Jackson says.

The state has made recent attempts to help election directors. They can
use 17-year-olds, who don't have school on election days, as judges. And
this is the first election that state employees will be granted
administrative leave to work as election judges, but few are signing up
for the 15-hour day, election directors say.

For their time, judges earn about $100 to $160 for a day's work,
depending on the jurisdiction and which type of judge they serve as. They
are also paid about $25 for attending a mandatory three-hour training
session.

As many as 25 work in the region's larger precincts. They keep order,
record who has voted and make sure everyone is able to vote.

Across the region, the carefully constructed training sessions are in
full swing.

In Harford County, election director Molly Neal contracted with the
county's community college to provide more personalized training. In
years past, she would train 50 people per class. This year there are 20
in each class taught by the community college, and each judge has a
voting machine.

For the most part, it has worked, Neal says.

"People are a little anxious when they go to vote because of the
importance of what they're doing," she says. "If you have a
judge who is also a little anxious, that just creates a tension for
everyone."

In Carroll County, Patricia Matsko says she is trying to let her judges
-- senior citizens, especially -- know that the voting machine shouldn't
be scary. She says it's as easy as an ATM machine, and she tries to
demonstrate that in training classes.

"When they come in the door," she says, "we escort them
over to the machine right away and ask them to vote and show them how
simple it is."

Baltimore County election director Jacqueline McDaniel says she tries to
push past judges' initial opposition to change. She says she doesn't want
to push too hard, though, and wind up with confused judges.

Fisher of Anne Arundel says she had a potential judge walk out of the
first class, saying she couldn't handle it. Others have also
quit.

On top of that, she is trying to hire nearly 200 more judges than she
used in 2002 because state law now requires there be one voting machine
for every 200 registered voters. That adds up to a lot more machines for
her 2,000 judges to supervise this year.

Ruggles, who cast his first-ever vote for Franklin D. Roosevelt by filing
an absentee ballot from New Guinea in 1944, left confused after his first
class Jan. 13. So he returned for another session.

He still has questions.

On page 56 of his manual, he has circled "UPS" and penned a
question mark. (It means uninterrupted power supply.)

On page 47, there's another question mark within the "Setting up the
voting unit" section.

But Ruggles, despite some recent middle-of-the-night panics, believes he
is nearly ready.

"It's like any computer," he says. "You need to know what
buttons to push. I know the buttons to push now."
*******************************
Baltimore Sun
Michigan voters try an online ballot box
By Julie Hirschfeld Davis
Sun National Staff
Originally published February 7, 2004
http://www.baltimoresun.com/technology/bal-te.internet07feb07,0,3396527.story?coll=bal-technology-headlines

DETROIT - For
just a moment the other day, as Barbara Barnett sat down in a local union
office, its auditorium festooned with green and white balloons, a laptop
computer became her own polling place.

With the click of a mouse, Barnett voted for the Democratic presidential
hopeful of her choosing, simply by finding an available laptop, well
before many other Michigan voters will cast ballots the traditional way
in the state caucuses today.

"They make it very easy and accessible," said Barnett, 60, a
retired state worker. "I just thought it was a good way to [vote] -
it's there, it's done, you just press that button."

With Massachusetts Sen. John Kerry all but certain to win today's
election, and his Internet-savvy rival Howard Dean no longer actively
campaigning here, the Michigan balloting might be remembered most not for
who wins, but for being the testing-ground for the first major use of
Internet voting in a presidential election.

Barnett is one of tens of thousands of Michigan voters who applied to
vote in the party caucuses through the Internet. Armed with a user name
and a password, these voters can cast ballots anywhere they choose, from
their home computer to their desk at work, anytime until the caucuses
close today at 4 p.m.

State party leaders spearheaded the experiment in online democracy as a
way to boost turnout, and they say it has been hugely
successful.

"It's been tremendous," says Mark Brewer, executive chairman of
the state Democratic Party, who hatched the Internet idea. "It has
just been another very convenient way for people to participate in the
process."

The state's Democratic governor, Jennifer Granholm, a Kerry supporter,
made a public appearance Thursday to cast her own online ballot in the
primary, which will choose 128 delegates, the most of any state so
far.

Dean, whose campaign made history by shrewdly harnessing the Internet for
grassroots organizing and fund-raising, actively pursued voters who
applied for Web ballots. Armed with lists from the state party of people
who intend to vote online, Dean's campaign contacted applicants to
encourage them to do so early - and to click on Dean.

Before the former Vermont governor abandoned the state on Thursday,
choosing to head across Lake Michigan and stage a last stand in
Wisconsin's Feb. 17 primary, his campaign nurtured hopes that Internet
voting could help deliver a substantial boost to their
candidate.

And they continue to hope that, by contacting the voters who went to
churches, union offices and libraries during January to register for
online ballots, some will still cast votes for their candidate.

"What it really does is affords us an opportunity to really weigh in
with [voters] in this process in a way that we never were able to do
before," said Al Garrett, president of Michigan's chapter of the
American Federation of State, County and Municipal Employees, which backs
Dean. It has poured resources into registering its members for online
voting and providing Internet access.

"It's not just about Dean winning Michigan," said Garrett.
"It's about delegate count as well."

The Internet voting program has drawn its share of critics. Civil rights
groups have complained that by encouraging the use of the Web for voting,
the Democrats are shutting out lower-income or less-educated people who
typically have more difficulty accessing a computer.

Some technology analysts say online voting raises the risk of security
problems, in particular someone hacking into a database and reviewing or
changing votes. Indeed, worries about security apparently led the
Pentagon to decide this week against allowing U.S. citizens who are
overseas to use an Internet system to vote this fall.

"There's nothing to assure the privacy of the final act of
voting," said Michael Cornfield, research director at the George
Washington University Institute for Politics, Democracy and the Internet.
"We're in a trial-and-error era with the Internet, and that's fine
for lots of things, but it's not fine for elections."

But none of that has stopped campaigns from taking advantage of the
option, which has revolutionized the way they conduct the
turn-out-the-vote efforts that can be especially crucial in a caucus
state.

The Kerry camp targeted places with high Internet usage - like college
campuses - and held events where people could sign up for the online
ballots. Kerry's 26-year-old daughter, Vanessa, and his 30-year-old
stepson, Chris Heinz, were hosts of college "Internet voting
parties" where people could register.

Kerry's camp also wrote to churches, offering organizers who could come
help parishioners apply for online ballots, "in order to target a
group that maybe is not as likely to vote online," said Mark
Kornblau, a spokesman.

The two major unions supporting Dean, the Service Employees International
Union and AFSCME, both deployed field workers with wireless laptops to
work sites where members could apply for online ballots.

"We wanted to encourage as many people as possible to take advantage
of it," said Bob Allison, the service union's Michigan
communications director. "Our effort was aimed at making sure
working families have their voices heard in this 
election."

Garrett said his union used laptops to sign up thousands of members
statewide for Internet voting. The union then sent staffers out with
laptop computers to allow people to vote, and set up gatherings - like
the one Barnett attended this week - where they could log on and weigh
in.

Donna Asberry, 62, a clerk at the Detroit Medical Center, took a free
moment Monday to cast her online ballot.

"I was at work," she said, "but it was during a slow time,
and I'm on the computer all day long anyway."

Unlike the government workers union, the service workers union decided
that, out of concern for members' privacy, it would be inappropriate to
set up Internet voting centers and expect members to cast online ballots
in the presence of union officials and co-workers.

Kerry's campaign, unlike Dean's, shied away from using lists of
registered Web voters to contact voters and encourage them to
vote.

Party officials said they were careful to make the voting system as
secure as possible. To be eligible for online balloting, voters had to
register in January with the state Democratic Party. The party returned a
form listing a user name and password, as well as the Web address of a
secure site where they could vote from anywhere at any time before the
end of the election.

The party listed locations where Internet voters could find free Web
access, including public libraries all over the state.

Arizona was the first state to try Internet voting in 2000, when it was
credited with shattering turnout records in a relatively predictable
contest between Bill Bradley and Al Gore, who was already well on his way
to winning the nomination.

Some Michiganders say they hope their online experiment will get more
voters involved in choosing a president.

One voter, Dan Myslakowski, used his online vote as a civics lesson,
casting it this week in front of a classroom full of government students
at Lake Orion High School who watched on an overhead projector.

"It will increase awareness and education," said Myslakowski,
52, an IT manager from Lake Orion, a Detroit suburb. "You always
want to have some new technology and some new way to do things to excite
people."

Myslakowski voted for Kerry, because, he said, he agrees with Granholm,
who has endorsed the senator, "that he is most likely the best
candidate to beat George W. Bush in November."

Keeping watch over the five laptops set up in the Detroit union
auditorium, Carolyn Clark, who was awaiting the arrival of her online
ballot log-in and password, says the new technology is the perfect way to
get more people enlisted in the cause of defeating Bush.

"I'm going to vote right away when I get it, and then I'm going to
take my laptop and go out and help some other people vote," she
said. "It's so important to put Bush out."
*******************************