[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips February 6, 2004

To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;, BDean@xxxxxxx;, mguitonxlt@xxxxxxxxxxx, sairy@xxxxxxxxx;
Subject: Clips February 6, 2004
From: Lillie Coney <lillie.coney@xxxxxxx>
Date: Fri, 06 Feb 2004 13:24:48 -0500

Clips February 6, 2004

ARTICLES

Frist Staffer Quits Over Judiciary Probe
Pentagon scraps plan for online voting in 2004 elections
Online Voting Clicks in Michigan
Online Voting Canceled for Americans Overseas
Web Voting Program Scrapped
Justice Dept. Wants Hold On 'Net Phone Rules
Microsoft wards off voice-data lawsuit
Pentagon drops Internet voting plans for military personnel
US outsourcing backlash growing
TTIC: We help threat assessment
Homeland security authorization committee may be created
Pentagon cancels Internet voting test

*******************************
Washington Post
Frist Staffer Quits Over Judiciary Probe
By Helen Dewar
Friday, February 6, 2004; Page A05
http://www.washingtonpost.com/ac2/wp-dyn/A17164-2004Feb5?language=printer

The counsel on judicial nominations for Senate Majority Leader Bill Frist (R-Tenn.) has resigned in response to a probe of how Republican staff members gained access to Democratic computer files on President Bush's most controversial choices for the federal judiciary.

Aides to Frist said the resignation of Manuel Miranda, who has been on leave pending outcome of the inquiry, was accepted last week and takes effect today.

Miranda's resignation comes in the midst of an investigation by the Senate sergeant-at-arms, with help from the Secret Service and forensic experts, into whether GOP staffers improperly or perhaps illegally tapped into Democratic strategy memos on a computer server shared by Judiciary Committee members of both parties. The activity continued for months, and reports of the memos' contents appeared in the Wall Street Journal and the Washington Times.

Miranda was on the committee's GOP staff until he joined Frist's staff last February as the top aide on judicial nominations. Miranda's computer was one of several seized or examined as part of the investigation.

The probe was launched after Sens. Edward M. Kennedy (D-Mass.) and Richard J. Durbin (D-Ill.) complained that lifting materials from their computer files amounted to theft. Committee Chairman Orrin G. Hatch (R-Utah) joined in their request for an investigation.

Hatch made a preliminary inquiry of his own, placed a junior-level committee aide on leave (he subsequently quit and returned to school) and described himself as "mortified that this improper, unethical and simply unacceptable breach of confidential files may have occurred on my watch."

Some conservative advocacy groups have criticized Hatch and denied any impropriety on the part of Miranda and other GOP aides. They said scrutiny should focus instead on contents of the Democratic files.

Miranda did not return phone calls to his Washington home, but he told the Knoxville News Sentinel in a story posted yesterday on its Web site that he left Frist's office "so as not to distract the majority leader from pursuing the needed legislative agenda for the American people." He said he had done nothing wrong and expects to be cleared.
*******************************
Government Executive
February 5, 2004
Pentagon scraps plan for online voting in 2004 elections
http://www.govexec.com/dailyfed/0204/020504d2.htm
By David McGlinchey
dmcglinchey@xxxxxxxxxxx

The Pentagon has canceled plans to allow military personnel to vote online in the November 2004 presidential elections, a Defense Department spokeswoman said Thursday.

Defense officials still expect to eventually use an online voting system, according to the spokeswoman. The program was being put in place to allow military personnel and some civilians stationed overseas to vote.

"We've decided not use it in the November election. It was done in view of the inability to ensure the legitimacy of votes that would be cast using this program," the spokeswoman said. "The deputy secretary [Paul Wolfowitz] said he would reconsider his decision in the future, but only if the integrity of the election results can be ensured."

A group of four computer scientists criticized the Secure Electronic Registration and Voting Experiment in a Jan. 20 report. The scientists were invited by the Pentagon to critique the program, and they alleged that the SERVE system has numerous "security problems that leave it vulnerable to a variety of well-known cyberattacks."

The program was expected to serve only about 100,000 voters, according to the scientists' report.

Barbara Simons, former president of the Association for Computing Machinery and one of the report's authors, said that the Pentagon made the correct move.

"I applaud the DOD for making the right decision," Simons said. "We share their desire to make sure that our servicemen and women have an opportunity to vote and have their votes counted."

The Pentagon spokeswoman said that she could not comment on whether the report led directly to the cancellation decision.

According to the spokeswoman, the Pentagon is not focused completely on the SERVE program. Defense officials are currently investigating other technology that would allow military personnel overseas to securely cast their votes online, the spokeswoman said.

Simons said she is willing to lend her expertise to evaluate future Pentagon online voting systems.
*******************************
Washington Post
Online Voting Clicks in Michigan
Internet Ballots Part of Caucuses
By Robert E. Pierre and Dan Keating
Friday, February 6, 2004; Page A12
http://www.washingtonpost.com/wp-dyn/articles/A17123-2004Feb5.html

LANSING, Mich. -- David Brumbaugh has a "Dean for President" poster in his dormitory window and has already cast his vote in Saturday's Democratic caucuses.

He didn't have to drive home, which is four hours away. He just signed on to his computer and it was done.

"Convenience is what got me to vote in the caucus," said Brumbaugh, 22, a Michigan State University senior.

Convenience is why the caucuses may be best remembered as a milestone in online voting.

Anyone who requested to vote absentee received a paper ballot that could be mailed in; that ballot included directions and passwords to vote on the Internet. As of last Saturday's deadline, 123,000 people had requested the mail-or-Internet ballots, a huge leap for caucuses that had 20,000 voters four years ago.

This year's Democratic caucuses were moved up from March to February and feature a more hotly contested race than the one that took place in 2000. Nevertheless, Mark Brewer, the state party's executive chairman, said online options can improve participation, particularly among young voters, whom parties have tried hard to attract.

"We're holding the most accessible election ever in the United States -- five weeks of voting by mail and five weeks of voting by Internet," Brewer said. "Plus you can vote in person Saturday. We're taking the election to the voters."

Each campaign has tried to use Internet voting to its advantage.

The campaign of retired Army Gen. Wesley K. Clark got pledges from 2,000 supporters to send at least 25 e-mails to others about how to vote online. The campaign of Sen. John F. Kerry (Mass.) -- who polls indicate is leading handily in Michigan -- included information about Internet voting in mailings, on its Web site and in fliers but did not do much beyond sending out e-mails to people who said they would prefer to receive information over the Internet.

Howard Dean's campaign went all out, with staff going door to door with laptops registering people to receive an Internet ballot. The Service Employees International Union, which endorsed Dean, sent members to nursing homes, schools and workplaces of its members to get them to request ballots, signing up 6,500 registered voters. In addition, there were "dorm storms" to sign up students who wanted to vote on campus.

"The weather has been so bad here lately that a lot of students would not have voted if we could not vote by the Internet," said Farhan Bhatti, who is leading the effort to target young voters for Dean. "We had people voting here before votes were cast in Iowa [Jan. 19]."

The Internet option was initially challenged by Joel L. Ferguson, a member of the Democratic National Committee Black Caucus, who argued that it put poor people at a disadvantage, disproportionately harming blacks and Hispanics. All candidates except Dean and Clark sided with Ferguson, but the Democratic National Committee decided to allow the online voting.

Barbara Simons, a retired computer researcher with International Business Machines Corp., testified to the DNC about security concerns. She is also part of a group of computer experts that called on the Pentagon to scrap its pilot Internet voting program for military and civilian voters overseas -- which the Pentagon did yesterday.

Simons said computer viruses could be written to infect machines, intercept votes and change them without a trace.

"Internet voting is fundamentally insecure," she said. "If people deduce that Internet voting is safe and a cool thing to do, then we're in trouble."

Brewer said Michigan is using state-of-the art security, many parts of which he would not discuss. The vote tally includes a check to make sure no one voted more than once.

Brewer compared the risks to those of paper absentee ballots: "People have decided over the course of time that accessibility and convenience of voting is worth taking that risk -- not that you let your guard down."

He said research will be done on the demographics of Internet voters, but it won't be released until sometime after Saturday's caucuses.
*******************************
New York Times
February 6, 2004
Online Voting Canceled for Americans Overseas
By JOHN SCHWARTZ
http://www.nytimes.com/2004/02/06/politics/campaign/06VOTE.html

Citing security concerns, the Department of Defense yesterday canceled plans to use an electronic voting system that would have allowed Americans overseas to cast votes over the Internet in this year's elections.

The system, the Secure Electronic Registration and Voting Experiment, or Serve, was developed with financing from the Defense Department.

The decision was announced in a memorandum from Deputy Defense Secretary Paul D. Wolfowitz to David S. C. Chu, under secretary of defense for personnel and readiness.

Paraphrasing the memorandum, a Department of Defense spokeswoman said: "The department has decided not to use Serve in the November 2004 elections. We made this decision in view of the inability to ensure legitimacy of votes, thereby bringing into doubt the integrity of the election results."

The memorandum says efforts will continue to find ways to cast ballots electronically for Americans overseas and to use Serve for testing and development.

The Defense Department move is a significant setback for proponents of various electronic voting initiatives. Efforts to move the nation beyond the problems with paper ballots and hanging chads in the 2000 presidential election include the increased use of touch-screen voting systems and experiments like Saturday's Democratic caucuses in Michigan, which will allow Internet voting.

But those initiatives come at a time of increased public distrust of high-tech voting. Critics of touchscreen voting machines, for example, argue that the technology creates a "black box" that allows no independent verification of votes unless a validation tool like a paper receipt system is used.

Serve was to be put into use in a few weeks by the Federal Voting Assistance Program, part of the Defense Department. Seven states initially signed up to participate, and up to 100,000 people were expected to use the system this year. The project, if successful, could have ultimately been expanded to serve a population of six million members of the military and their dependents, as well as other civilian voters overseas.

The decision to cancel the project, which was developed under a $22 million contract by Accenture, the consulting and technology services company, was announced two weeks after members of a panel of scientists who were asked by the government to assess the project's security recommended that it be canceled because any system based on off-the-shelf personal computers and run over today's Internet was inherently insecure.

Aviel D. Rubin, an author of that report and technical director of the Information Security Institute at Johns Hopkins University, said, "While we appreciate their efforts to allow this segment of the population to have more accessible voting, we applaud their decision to cancel this project because of the security concerns."

Barbara Simons, a technology consultant and co-author of the report, said the project was a noble idea that could not be carried out securely using today's technology. "Unfortunately, we will not be able to use the Internet for such a system unless and until voters' PC's and the Internet itself are made secure," she said.

The Internet voting report said the Serve system had "fundamental security problems that leave it vulnerable to a variety of well-known cyberattacks, any one of which could be catastrophic."

The case for voting over the Internet seems logical to Americans who have come to entrust their computers and the Internet with their purchases, their personal information and even their love lives. But casting a vote online is different from buying a book or a pair of hedge clippers, the report said.

The Trojan horses, viruses and hacking attacks that have become a frustrating part of daily life, and which allow crimes like online snooping and identity theft, could allow hackers to disrupt or even alter the course of elections, the report concluded. A major American election would be an irresistible target for hackers, and the ability of computers to automate tasks means that many attacks could be carried out on a large scale, the report added.

Such attacks "could have a devastating effect on public confidence in elections," according to the report, and so "The best course to take is not to field the Serve system at all."

When the security report came out last month, the Defense Department initially tried to play down the severity of the criticism. "The Department of Defense stands by the Serve program," the spokesman, Glenn Flood, said. "We feel it's right on, at this point, and we're going to use it."

The report was initially dismissed by both the Pentagon and Accenture as a "minority report" because it was written by only 4 of the 10 experts who reviewed the system. Mr. Rubin noted that the four authors were the only ones who attended the two three-day briefings on the system. There is no majority report because the other experts did not write their views. But some other members of the panel said they disagreed with the conclusion.

The news apparently caught officials at Accenture by surprise. When asked about the cancellation yesterday afternoon via instant messaging, a spokesman for Accenture said that the program "has not been canceled" and then wrote, "this is news to me."

The spokesman later provided a statement from Meg T. McLaughlin, president of Accenture eDemocracy Services, which said that the decision to continue testing the Serve system will allow Accenture and the Federal Voting Assistance Program "to study Internet voting in ways that would not have been possible if the votes were being cast in an actual election."

"This is now an opportunity to demonstrate that the Internet is viable, valuable and secure enough to use for filing absentee ballots," Ms. McLaughlin said. "We are confident that sending absentee ballots via the Internet is just as secure and reliable as sending them by mail."
*******************************
Los Angeles Times
Web Voting Program Scrapped
From Reuters
http://www.latimes.com/technology/la-na-internet6feb06,1,5815812,print.story?coll=la-headlines-technology
February 6, 2004

WASHINGTON The Pentagon said Thursday that it had scrapped its program to allow troops and other Americans overseas to vote through the Internet because the system was so vulnerable to computer hackers that it could cast doubt on the integrity of election results.

The Pentagon heeded the advice of cyber-security experts who urged in a Jan. 21 report that the program be abandoned because it was impossible to create a voting system with current personal computers and the Internet that would stop hackers or terrorists from tampering with election results.

The $22-million Secure Electronic Registration and Voting Experiment, or SERVE, program was supposed to allow 100,000 U.S. troops and civilians overseas to cast votes through the Internet during this presidential election year.

Deputy Defense Secretary Paul D. Wolfowitz wrote a memo Jan. 30 saying the Pentagon "will not be using the SERVE Internet voting project in view of the inability to assure legitimacy of votes that would be cast using the system, which thereby brings into doubt the integrity of election results," said a defense official, speaking on condition of anonymity. Officials previously defended the system, saying security had been enhanced.
*******************************
Washington Post
Justice Dept. Wants Hold On 'Net Phone Rules
By Jonathan D. Salant
The Associated Press
Thursday, February 5, 2004; 6:04 PM
http://www.washingtonpost.com/wp-dyn/articles/A16764-2004Feb5.html

The Justice Department has asked federal regulators to delay setting rules for carrying phone calls over Internet connections until they address how those conversations can be monitored.

FBI Deputy General Counsel Patrick W. Kelley made the request in a letter to the Federal Communications Commission.

"We look forward to working with the FCC on this matter of paramount importance to the law enforcement and national security interests of the United States," Kelley wrote on behalf of the FBI, Drug Enforcement Administration and Justice Department.

FCC spokesman Richard Diamond declined to comment on the letter.

The FCC is looking at how to regulate "Voice over Internet Protocol," or VOIP. The technology allows users to transmit calls through high-speed Internet connections, known as broadband.

In some cases, a conventional phone, plugged into a special jack, is used to dial in. Other VOIP systems allow users to bypass the conventional telephone network entirely.

Law enforcement officials are concerned the new technology won't allow them to listen to calls the way they can now wiretap conventional phones. A 1994 law requires phone companies building digital networks to include surveillance capabilities, but there are no similar standards for VOIP technology.

Before they can place a tap on a phone, law enforcement agents must first obtain a court order. Some privacy advocates say they are concerned that VOIP wiretaps may also pick up e-mail and other data sent over the same Internet connection.

The FBI letter was sent to the FCC last week. The five-member commission is scheduled to discuss VOIP at its meeting next Thursday.

A small Long Island VOIP company and industry giant AT&T have pressed the FCC to issue the rules. As their businesses grow, they want to know whether they will be subject to the same regulations and fees as conventional phone service.

Jeff Pulver, chief executive officer of Melville, N.Y.-based Free World Dialup, said he already has met with the FBI and offered to work with law enforcement.

"The FBI is trying to get a handle on this new form of communications," Pulver said. "There's a lot of opportunity to learn and to work together, which is going to happen."

Among the issues before the FCC are whether customers who make phone calls over the Internet should have to pay the same fees as conventional callers for 911 emergency services and delivery of telephone service to poor and rural areas, schools and libraries.

In a speech last month, Chairman Michael Powell said law enforcement's views must be taken into account in any commission rules, even as he warned against over-regulating the nascent technology.

"Regulation can smother the risk-taking oxygen young entrepreneurs need to survive," he said. "It can weigh down innovation with forms and filings and drain capital by adding significantly to the cost of service. And the cost of government compliance is higher and you get less competitive prices for consumers.

"Yes, there will be issues as Internet voice becomes more widely adopted. You will need to assure the legitimate concerns of public safety and law enforcement are addressed."
*******************************
CNET News.com
Microsoft wards off voice-data lawsuit
Last modified: February 5, 2004, 10:09 AM PST
By Declan McCullagh

Microsoft has successfully fended off a lawsuit over a set of controversial voice digitization patents, in a case that could have roiled the computer and Internet telephony industries if the patents had been upheld as valid.

The U.S. Court of Appeals for the Federal Circuit said in a 2-1 ruling on Tuesday that Multi-Tech Systems' patents were not violated and "we conclude that the district court did not err" in its earlier ruling that sided with Microsoft.

In February 2000, Multi-Tech Systems, a Mounds View, Minn.-based company that sells modems, routers and Voice over Internet Protocol (VoIP) gateways, began to file a flurry of patent lawsuits. At first, it targeted Compaq Computer, Dell and Gateway; and then, a week later, it filed suit against 10 Internet telephony companies, including Net2Phone and Vocaltec Communications. At the time, Multi-Tech's attorney told CNET News.com that "there are probably a hundred computer companies out there, and we didn't want to sue 100 companies, but the rest of the industry will be hearing from us."

Software patents have become an increasingly divisive issue in the technology community, with Microsoft becoming a target of patent infringement suits. Last August, Eolas Technologies won a $521 million lawsuit against the software maker after a federal judge found Internet Explorer ran afoul of its patents.

Multi-Tech claimed that four of its patents broadly cover the use of computers to transfer data, voice or video, in packet form through dial-up modems or high-speed connections to the Internet, including VoIP conversations. The linchpin patent, numbered 5,452,289 and granted in 1995, says that "a personal communications system is described which includes components of software and hardware operating in conjunction with a personal computer."

A review of court decisions since February 2000 indicates that Multi-Tech has not prevailed in a single patent case it filed since that date, though it did settle some out of court.

In its ruling this week, the appeals court did not conclude that Multi-Tech's patents were entirely invalid or unenforceable. Rather, the ruling written by Judge Alan Lourie was narrow and focused on whether the patents covered Internet traffic and whether Microsoft had violated them. In addition, it cleared Internet phone service provider Net2Phone, also a party to the case, of patent infringement.

Multi-Tech lost both of its arguments against Microsoft. The communications gear maker had claimed the patents covered Internet voice communications, but the appeals court said "an examination of the...patent's prosecution history confirms that Multi-Tech viewed its inventions as being limited to communications over a telephone line." The appeals court also concluded that because the definitions of terms in the patents like "multiplexing" and "digitizing" favored Microsoft, it would uphold a district court's ruling from October 2002.

A dissent by Judge Randall Rader, however, said that Multi-Tech's patents do "not foreclose use of the Internet."

"This court today asserts that the language in the specification regarding 'over' and 'through' a telephone line somehow requires the claims to cover only those communication networks where nothing but a telephone line lies between the two end sites," Rader wrote. "To my eyes, that leap in logic is akin to Evel Knievel jumping the Snake River Gorge on a motorcycle. Like Mr. Knievel, this court's conclusion falls short."

Paul Kraska, a spokesman for Multi-Tech, said "we don't have a comment right now." Microsoft did not immediately respond to a request for comment.

This is not the first time that Multi-Tech has been enmeshed in a hotly contested patent suit. In the early 1990s, Multi-Tech filed a lawsuit claiming that a Hayes Microcomputer Products' patent over escape characters used in modems was invalid and unenforceable.

Since it launched its lawsuits in February 2000, Multi-Tech has announced that it has been granted a patent for remotely upgrading the firmware of modems. As of last summer, the company claimed to have been issued 61 patents.

Multi-Tech's latest legal tussle started in February 2000, when Net2Phone was one of the firms Multi-Tech accused of patent infringement. Apparently worried about whether it might run afoul of those patents as well, Microsoft sued Multi-Tech in a procedural move that it intended would lead a court to clarify the situation. Multi-Tech responded by accusing Microsoft of patent infringement.
*******************************
Computerworld
Pentagon drops Internet voting plans for military personnel
It cited security concerns for the move but plans to keep studying the idea
Story by Todd R. Weiss
http://www.computerworld.com/securitytopics/security/story/0,10801,89902,00.html

FEBRUARY 05, 2004 ( COMPUTERWORLD ) - The U.S. Department of Defense has decided, for now at least, to drop its efforts to give overseas U.S. military personnel voting access over the Internet, because of concerns about the security of the system.

In a Jan. 30 memo to David Chu, the undersecretary of Defense for personnel and readiness, Deputy Secretary of Defense Paul Wolfowitz wrote that "in view of the inability to ensure legitimacy of votes that would be cast in the SERVE Internet voting project, thereby bringing into doubt the integrity of the election, I hereby direct you to take immediate steps to ensure that no voters use the system to register or vote via the Internet."

The memo was released today by a Defense Department spokesman who was asked about the status of the controversial voting program, which is called SERVE (Secure Electronic Registration and Voting Experiment).

Wolfowitz said in the memo that "efforts will continue to demonstrate the technical ability to cast ballots over the Internet," using knowledge and experience gained so far. He wrote that he would reconsider his decision in the future "if it can be shown that the integrity of the election results can be assured."

The Wolfowitz memo came nine days after a 34-page report, "A Security Analysis of the Secure Electronic Registration and Voting Experiment" (download PDF), was sent by a group of technology experts to the Federal Voting Assistance Program, criticizing the idea as it was envisioned (see story).

The group of about a dozen computer experts was asked by the Defense Department to review the idea of Internet voting, which was proposed after the 2000 presidential elections to make it easier for members of the military and other U.S. citizens to cast ballots when they're overseas. The Federal Voting Assistance Program was assembled by the Pentagon to build an Internet voting system.

One of the writers of the report, Barbara Simons, a past president of the Association of Computing Machinery and a technology policy expert, said today that she's pleased with Wolfowitz's decision.

"I think that the DOD will be making the right decision in canceling this current effort to hold Internet voting," Simons said. "We share their concern that all the votes in the military arrive on time and be counted. We're certainly prepared to work with them on trying to devise a method that would allow that to happen without jeopardizing their security."

The problem, she said, and the basis for the criticisms in the group's report last month, is that computer security still isn't foolproof enough to ensure that fraud and online criminal acts won't affect U.S. elections.

"We're moving ahead too quickly," Simons said. "It's possible in the foreseeable future that it will be safe to vote on the Internet, but it may never be."

One difficulty with the system is that, unlike with paper ballots and voting machines, there's no audit trail for online votes, so there's no way to be certain about how votes are counted, Simons said. "Our great fear is that there will be a major move to Internet voting, which I personally feel is a threat to our democracy," she said. "The bottom line is we could have our president selected by [hackers in] Iran" through data manipulation and fraud. "We basically feel they are trying to solve an impossible problem."

Even as the military is still looking for a solution to the security problem, online voting is set to take place this week for the first time in the Michigan Democratic caucuses, Simons said.

That's worrisome, she said, because "this is a much, much harder problem than trying to do commerce over the Internet."

One scenario for fraud could involve an e-mail sent to online voters just before an election, Simons said. Using official-looking logos copied from legitimate Web sites, the e-mail could warn voters to ensure the safety of their votes by downloading an attached "special virus protection program." Instead, this "special" program would unleash a virus or worm onto the user's PC that could alter or control their vote and affect the accuracy of the election, she said.

SERVE "isn't an experiment, because the votes will count," Simons said. "If the election is as close in 2004 as it was in 2000, these votes could make a difference."

Simons said she and the others on the review panel are sympathetic to the problems of overseas military personnel who have had trouble voting in the past, but she added that more research needs to be done on alternatives. "The point we're making is it doesn't do them any favors if you give them an insecure system to vote on," she said.

Polli Brunelli, program director of the Federal Voting Assistance Program, wasn't available for comment today, according to a Defense Department spokeswoman.

Fifty counties in seven states -- Arkansas, Florida, Hawaii, North Carolina, South Carolina, Utah and Washington -- were interested in participating in the SERVE program. More than 6 million voters would have been eligible to participate under the program, including uniformed personnel in the U.S. Army, Navy, Air Force, Marine Corps and Coast Guard and their dependents, as well as members of the Merchant Marine, the commissioned corps of the Public Health Service and the National Oceanic and Atmospheric Administration, and overseas citizens.
*******************************
Washington Post
http://www.washingtonpost.com/wp-dyn/articles/A17147-2004Feb5.html
Pentagon Calls Off Voting by Internet
By Dan Keating
Washington Post Staff Writer
Friday, February 6, 2004; Page A12

The Pentagon has canceled plans to collect votes over the Internet from military personnel and civilians abroad for this fall's presidential election because of security concerns.

The $22 million pilot project was intended to be used by about 100,000 voters from 50 counties in seven states. State election officials said they were told late Wednesday that it would not be used to count votes included in election results.

Computer-security specialists released a report last week saying the Internet and personal computers are so inherently vulnerable that the entire election could be undermined. That report was followed by requests from the overseas wings of both the Republican and Democratic parties not to be used as "guinea pigs" in a system where their votes might not be secure.

Overseas voters will be able to cast Internet ballots as part of a test intended to learn more about online voting. But to cast an actual vote in the presidential election, they will have to fill out and return the traditional paper absentee ballots.

The greatest security concern is the personal computer of the individual voter, said Paul W. Craft, an election official from Florida, one of the participating states. A virus or other hidden program in a voter's computer could monitor keystrokes and intercept -- or change -- votes. "They decided they could not mitigate that risk sufficiently for the 2004 election. We would not have used it unless they addressed that risk," he said.

The other states in the experiment are South Carolina, North Carolina, Utah, Arkansas, Washington and Hawaii. Craft said he supports continuing the experiment. Sticking to an arbitrary deadline can lead to unnecessary risks, he said, but taking time to fully develop the system could pay off in the long run.

Florida's 2000 election debacle led to calls for upgrading voting technology and improving collection of ballots from overseas voters. Internet voting has grown as an attractive choice, because it is easy and does not require purchasing expensive voting equipment.

R. Michael Alvarez, a California Institute of Technology political scientist who has a $1.8 million grant to monitor the project, wants to see the Pentagon's experiment continue.

"As a scientist trying to study it, I hope it will be used in ways that allow us to test it, with demonstration voting or mock voting or whatever, to get a closer look at the claims that have been raised about security," said Alvarez, who is co-director of the CalTech-MIT Voting Technology Project.

This year's experiment will make possible a more thorough technology test, said James McAvoy, spokesman for Accenture eDemocracy Services, the consultant developing the system. If there is no risk of election results being affected, the experiment can include a team of hackers trying to attack it, he said. The developers can then find out whether their security measures are sufficient.

"The demonstration is a way for us to prove that the Internet is viable, valuable and secure enough to use for casting absentee ballots," he said.

The security specialists who criticized the project were invited to participate in Alvarez's review.

"It's all the credit to them for inviting us onto the security panel when they anticipated we would say negative things about it, and then taking our advice that seriously. It's really incredible," said Avi Rubin, an associate professor of computer science and the technical director of the Information Security Institute at Johns Hopkins University.

No spokesman from the Federal Voting Assistance Program, which is based in the Pentagon, was available for comment yesterday afternoon.
*******************************
Australian IT
US outsourcing backlash growing
FEBRUARY 03, 2004
http://australianit.news.com.au/articles/0,7204,8544300^16681^^nbv^,00.html

EXECUTIVES from Silicon Valley to Wall Street are adamant that shifting white-collar jobs from the US to developing countries is good business, but a backlash is brewing.

Indiana's state government cancelled a $US15 million ($19.45 million) contract with an Indian consulting firm in November and eight states voted on bills last year that would ban the use of taxpayer money on contracts with foreign workers.
Although none of those measures passed, the states and several others are expected to consider similar bills this year.

Democratic presidential candidate John Kerry says he would require overseas call centres to disclose their locations and although he wouldn't ban outsourcing, he would provide tax credits to companies that maintain US factories and "close every single loophole that gives companies incentives to move jobs abroad."

Outsourcing critics say Americans have been complacent about losing technology jobs to overseas workers since the trend began in the late 1990s but with elections in both the US and India, they believe 2004 could be a turning point.

"Politicians can't outsource the vote," says Scott Kirwin, who founded the Wilmington, Delaware-based lobby group Information Technology Professionals Association of America, which compiles data from almost 100 anti-outsourcing websites.

Kirwin, who launched ITPAA after a large investment bank asked him to train the Indian worker who then replaced him, says only broad consumer revolt will reverse the trend.

"In the 1980s, many people boycotted companies that did business with the apartheid regime in South Africa," Kirwin says.

"Many of those same people have more money today and don't like doing business with companies from countries that work against us politically, like France, or economically, like India and China. Consumer activism is an important part of putting the brakes on the outsourcing movement."

After his software development job was terminated in 2002, Florida's Mike Emmons decided to run for Congress on an anti-outsourcing agenda.

His meagre campaign funds come mostly from unemployed programmers who visit his website, OutsourceCongress.org. He is trying to get on the ballot for the Democratic primary this summer.

Emmons says: "This is hitting medical transcribers, financial analysts, radiologists, everyone. If you work at a desk, beware -- foreigners are coming after your job."

Fear of a backlash was a big issue at a recent technology summit at Hyderabad, India.

Indiana's failed contract with Tata Consultancy Services, and customer complaints that prompted Dell to reroute some helpdesk calls from India to Idaho in November, worry Indians, who have received billions of dollars in outsourcing contracts. "This is a matter of concern for all of us," India's info tech minister Arun Shourie said at the summit.

Business experts say India needn't worry -- Indiana and Dell are high-profile exceptions to what has become the rule of outsourcing.

In a research report last year, Gartner predicted that at least one in 10 technology jobs in the US would move overseas by the end of 2004, and Forrester Research predicts at least 3.3 million white-collar jobs and $US136 billion in wages will shift from the US to low-cost countries by 2015.

"The idea of a backlash makes for great press, and it makes for great rhetoric in an election year," Forrester's vice-president of research John McCarthy says.

"But the reality is that every day there's a new customer with new cost savings from this. The economics are hugely compelling, and it's not going away."

Connecticut, Florida, Indiana, Maryland, Michigan, New Jersey, New York and North Carolina all had anti-outsourcing bills introduced last year, but none passed, according to the National Conference of State Legislatures.

"This is the classic policy dilemma for legislators," NCSL research analyst Justin Marks says.

"You've got a $US200 billion deficit for states, and they can save a lot of money by outsourcing. But the economy has lost a ton of jobs, and legislators are saying, 'I don't want to see more jobs in my district go away'."

Indiana Governor Joe Kernan says he would like to see "preference" for companies from his state in government contracts.

But executives from Dell, Intel, IBM, Hewlett-Packard and other companies have urged the Bush administration to maintain its hands-off approach and not regulate outsourcing.

*******************************
Federal Computer Week
TTIC: We help threat assessment
BY Dibya Sarkar
Feb. 5, 2004

The Terrorist Threat Integration Center's (TTIC) director says the organization has helped federal officials determine the nation's most recent threat level.

"Last December 2003, for instance, TTIC, in close coordination with our partner entities, published a holiday threat assessment that facilitated multiagency discussions resulting in a decision to elevate the national threat level to orange," John Brennan testified before the House Select Committee on Homeland Security, which held a hearing Feb. 4 on improving the color-coded threat warning system and TTIC's analysis role.

Formed last May, the center coordinates threat assessments with partner agencies, including the FBI, CIA, Defense, Homeland Security and State departments, all of which provide analysts to the center. Although TTIC is housed at CIA headquarters, it receives funding from all agencies.

Brennan said TTIC officials twice daily discuss assessments via secure video teleconferences and other regular discussions. Fourteen government networks allow for near real-time information sharing, which helps support the threat advisory system, he said. But integrating information systems and metadata standards remains a challenge, Brennan said.

Adm. James Loy, DHS' deputy secretary, said that down the road, TTIC will find value in other kinds of data to help analyze the threat. For example, he said much more can be done with proprietary private-sector data that can be mixed into the center's "cauldron." "The mix is the product that is of greater value," he added.

The center also has a classified Web site called TTIC Online, which is the primary channel for sharing information across intelligence, law enforcement and homeland security communities, Brennan said.

"This Web site currently has over 2,500 users throughout the federal government, and it is being updated to support collaboration and information sharing at varying levels, from top secret to sensitive-but-unclassified," he said in his testimony. "The Web site is also being updated to enable users to search across disparate [U.S. government]-maintained data sets and to enable account holders from multiple federal departments and agencies to post relevant information for collective access."

TTIC, DHS and the FBI are working to ensure that state and local officials receive relevant information as well. He said all stakeholders are working to implement "write to release" and other business processes to increase the number of sanitized and unclassified products for rapid distribution.

In response to a question about whether TTIC should be relocated within DHS, Brennan said the center should remain as a collaborative entity and not under the jurisdiction of one. "My view is we should not reside in any one agency," he said, adding it has satisfying and strong relationships with all the contributing agencies.
*******************************
Federal Computer Week
Homeland security authorization committee may be created
BY Dibya Sarkar
Feb. 5, 2004

The chances of creating a permanent House authorization committee with oversight over homeland security for the next session are very good, according to a vocal congressional proponent.

"We're laying the foundation so the new rules for the new Congress will carve out a separate, independent, full-authorization committee for homeland security," said Rep. Curt Weldon (R-Pa.), speaking with reporters after giving a keynote speech at a homeland security budget briefing sponsored by Equity International Inc. House Speaker Dennis Hastert (R-Ill.) "has given his verbal support for that, and I can tell you the rank-and-file members believe it should be a standing permanent committee with full oversight of the authorization," he continued.

The House Select Committee on Homeland Security coordinates, but doesn't authorize, anything related to the issue, Weldon said. If Congress created a permanent Homeland Security Committee, then it would have jurisdiction over certain issues now controlled by other standing committees.

"Now are they going to be some battles along the way? Yeah. Because that means full committee chairs will have to give up jurisdiction," he added. "I don't have a problem with that. I'm on the Armed Services and the Science Committee. I don't want to take away from those committees, but there needs to be an oversight of homeland security from one group of members to focus all their energy on that effort."

He said some committee chairs will go along with it, but he declined to identify them. Weldon said they've held hearings in the Rules Committee and its chairman, Rep. David Dreier (R-Calif.), has been cooperative. Rep. Christopher Cox (R-Calif.), who heads the Select Committee, has also voiced support for a permanent version, Weldon said.

"If we want to be sincere in our homeland security efforts, then we have to bite the bullet and do the right thing," he said.

Democrats also generally support the idea, including Rep. Jim Turner (D-Texas), the ranking member of the House Select committee, who previously has supported establishing a permanent committee. The committee has a September deadline to report to the Rules Committee on whether or not it should be permanent.

During his address and afterwards, the Pennsylvania congressman, a strong advocate for first responders who often talks about his experience as a volunteer firefighter in his hometown, said the nation's top priorities are better intelligence, better communications interoperability among first responders and better technology transfer of military technologies to suit first responders' needs.

Progress has been made on all three issues, but more needs to be done, he said. In the technology transfer issue, he's sponsored the Homeland Security Technology Improvement Act of 2003 (H.R. 3644) that would create a $50 million fund and a national technology transfer center where there would be an ongoing dialogue between the first responder community and the military about needs and developed products.

"We spend $38 to $40 billion a year on R&D in the military," he said. "That money is paid for by the taxpayers. The military says we're doing [technology transfer]. They're not doing it. It's a haphazard effort that was largely decided by earmarks put in by individual members of Congress for their districts."
*******************************
MSNBC Online
Pentagon cancels Internet voting test
Too many concerns about ballot security, official says
Updated: 10:27 p.m. ET Feb. 05, 2004
http://msnbc.msn.com/id/4184803/

Citing security concerns, the Pentagon has canceled Internet voting that would have involved as many as 100,000 military and overseas citizens from seven states in November, a Defense Department official said Thursday.

The announcement comes two weeks after four outside security experts urged the program?s cancellation in a scathing report. They said hackers or terrorists could penetrate the system and change votes or gather information about users. At the time, the Pentagon said it felt confident enough to proceed.

But Deputy Defense Secretary Paul Wolfowitz has since decided to scrap the system because Pentagon officials were not certain they could ?assure the legitimacy of votes that would be cast,? said a Pentagon official who spoke on condition of anonymity.

The official said alternative voting systems will now be considered, possibly using the Internet as well. The official could not say when, if ever, such a system would be ready.

Debate will continue
Accenture eDemocracy Services, the vendor that built the system, issued a statement indicating testing will continue.

?This is now an opportunity to demonstrate that the Internet is viable, valuable and secure enough to use for filing absentee ballots,? said Meg McLaughlin, the Accenture unit?s president. ?We are confident that sending absentee ballots via the Internet is just as secure and reliable as sending them by mail.?

The skeptics were elated.

?We certainly share their desire to make sure that our military people have the opportunity to vote in the national election, but it?s always been our contention that we?re not doing them any favor by providing them an insecure system on which to vote,? said Barbara Simons, one of four co-authors of the critical Pentagon voting report and a former president of the Association for Computing Machinery.

Aimed at aiding overseas citizens
The $22 million Secure Electronic Registration and Voting Experiment, or SERVE, was designed to help overseas citizens vote in U.S. elections. Nearly one in three overseas soldiers registered to vote in the 2000 presidential election didn?t receive ballots in time.

In a smaller Internet voting trial conducted that same year by the Pentagon?s Federal Voting Assistance Program, 84 citizens submitted online ballots to Florida, South Carolina, Texas and Utah.

This year?s $22 million trial, also overseen by the Pentagon agency, was to have covered 50 counties in Arkansas, Florida, Hawaii, North Carolina, South Carolina, Utah and Washington. It would have been open to nonmilitary Americans abroad and military personnel stationed at U.S. and foreign bases. Any Internet-connected computer running Windows operating systems, including at a cybercafe, could have been used for voting.

The system was to be ready for the general elections and possibly later primary states, though it had not been certified in time for use in Tuesday?s South Carolina primary.

About 6 million U.S. voters live overseas, most of them members of the military or their relatives.

Risks tallied
The report from Simons and three other experts on a 10-member Pentagon peer-review panel said Internet voting could not be made secure at least using today?s technology primarily because the Internet and personal computers are inherently vulnerable to hackers and viruses.

The experts specified these central risks, among others:

There is no way to verify that the vote recorded inside the system is the same as the one cast by the voter.
It might be possible for hackers to determine how a particular individual voted, ?an obvious privacy risk.?
The system may be vulnerable to attacks from many quarters, some undetectable. Stealth programs as trojan horses that harvest data are sometimes installed on public computer terminals.
Doug Lewis, executive director of the Houston-based Election Center research group, said the Pentagon decision will likely set back Internet voting. Many states had been awaiting the results of the trial before committing to widespread online voting.

Michigan Democrats already have begun online voting leading up to Saturday?s caucuses, which are run by the party and are thus not subject to election certification requirements.
© 2004 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
*******************************

Prev by Date: USSN Link 006-04 (February 6, 2004)
Next by Date: TechNews Alert, Friday, Feb. 6, 2004
Previous by thread: USSN Link 006-04 (February 6, 2004)
Next by thread: TechNews Alert, Friday, Feb. 6, 2004
Index(es):
- Date
- Thread