[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips February 13, 2004

Clips February 13, 2004

ARTICLES

Touchscreen ballots don't have to be recounted, official claims
Senators Break With Activists on Computer Hacking Case
Website for Canadian Drugs Urged
Google Bans Environmental Group's Ads
FTC, international coalition crack down on misleading Web sites
Federal patch service to stop
DHS to pare state security requests
*******************************
USA Today
Posted 2/12/2004 8:32 PM     Updated 2/12/2004 10:16 PM
Touchscreen ballots don't have to be recounted, official claims
By Brendan Farrington, Associated Press
http://www.usatoday.com/tech/news/computersecurity/2004-02-12-florida-counts-good-enough_x.htm

TALLAHASSEE, Fla  .The Department of State has notified elections supervisors that touchscreen ballots don't have to be included during manual recounts because there is no question about how voters intended to vote.

While touchscreen ballot images can be printed, there is no need and elections supervisors aren't authorized to do so, Division of Elections Director Ed Kast wrote in a letter to Pasco County Supervisor of Elections Kurt Browning.

Florida law requires a manual recount of overvotes where too many candidates were chosen, and undervotes where no candidate was chosen in elections where the margin of victory is one-quarter of one percent of the vote.

But because the law states that the purpose of a recount is to determine whether there was a "clear indication on the ballot that the voter has made a definite choice," there is no need to review touchscreen ballots, Ed Kast, director of the Division of Elections.

It is impossible to vote for too many candidates on a touchscreen ballot, and Kast said a "review of undervotes cannot result in a determination of voter intent as required by" Florida law.

Browning asked for the opinion after a Broward County Republican Ellyn Bogdanoff won a seat in the state House by 12 votes, a margin that triggered an automatic recount.

He said the election raised the question of whether paper images needed to be produced for the 134 undervotes in that race. He also said he supports Kast's opinion.

"There are no ballots to count, there are no ballots to recount," Browning said.

The opinion was issued the day after a Palm Beach County judge threw out a lawsuit filed by Democratic U.S. Rep. Robert Wexler that sought to require electronic voting machines produce a paper record of ballots cast. Democratic U.S. Sen. Bob Graham has filed legislation that would require a paper record of touchscreen ballots.

And the Florida Democratic Party called for paper records for electronic ballots during their convention last November. (Related story: More e-voting systems to be used this fall)

Secretary of State Glenda Hood said there are no certified methods of printing records of touchscreen votes, but she stressed that the machines are reliable and accurate and can't be tampered.

"We're working very hard to educate the voters, to build the comfort level and to get rid of some of the myths out there," Hood said. "I think these things are raised for political purposes and distractions. Any effort to undermine that public confidence is a tactic that is wrong and I believe it weakens our democracy by causing voters to doubt if their vote has been counted."

Hood said she would not object to paper records being created if a machine were developed, tested and was able to pass the state certification process, but she said it's highly unlikely that would happen before the November presidential election.

"Technology is going to continue to develop and if we can find ways to improve Florida's elections and process with new equipment, then we're going to do that," she said.
*******************************
Washington Post
Judiciary GOP Supports Probe
Senators Break With Activists on Computer Hacking Case
By Helen Dewar
Friday, February 13, 2004; Page A05
http://www.washingtonpost.com/wp-dyn/articles/A37707-2004Feb12.html

Breaking ranks with conservative activists, several Senate Judiciary Committee Republicans joined Democrats yesterday in supporting an investigation into the infiltration of Democratic files on judicial nominations by GOP committee staffers.

Despite some expectations that the normally quarrelsome committee's first public discussion of the investigation could set off political fireworks, the session was unusually harmonious, marked by bipartisan expressions of outrage over computer snooping.

"Conservatives who offer justification for this based on politics have missed the boat," said Sen. Lindsey O. Graham (R-S.C.). "As a conservative, it runs against my philosophy of what the law is all about."

The investigation, conducted by Senate Sergeant-at-Arms William H. Pickle, should proceed "wherever it goes, and let the chips fall where they may," said Sen. Jon Kyl (R-Ariz.). "No senator can permit unethical behavior."

"I don't want my confidential files looked at by anyone else," said Sen. John Cornyn (R-Tex.).

From 2001 to 2003, committee sources said, two Republican committee staffers exploited a computer flaw to access thousands of Democratic strategy memos and leaked their contents to sympathetic publications. Both staffers have since left their congressional jobs.

In a joint statement, Judiciary Committee Chairman Orrin G. Hatch (R-Utah) and Sen. Patrick J. Leahy (Vt.), the ranking Democrat, said: "While it is premature to judge whether any crime has been committed, it is clear that unethical conduct has occurred." Hatch said he had personally expressed regrets to Democratic senators and to staffers whose files were improperly accessed.

Others, including Cornyn, suggested a further investigation by law enforcement authorities.

Although not all Republicans spoke up, it appeared that Hatch had strong bipartisan support on the panel for pursuing the probe, despite criticism from some conservatives for his role in triggering the investigation.

Hatch told reporters after the meeting that his computer files also had been accessed but declined to say who was responsible. He repeated an earlier statement, which infuriated some conservatives, that he was "mortified that this improper, unethical and simply unacceptable breach of confidential files occurred on my watch."

Some conservative advocacy groups say any investigation should focus on the contents of the Democratic memos -- which they describe as proof of Democrats' collusion with liberal interest groups on judicial nominations -- instead of dwelling on GOP staffers accessing the files.

While some Republican senators have said more attention should be focused on the Democratic memos, none mentioned this issue yesterday. But they did suggest that partisan hostilities on the committee may have encouraged young staffers to cut corners. "We are part of the problem because an atmosphere of politics has crept into our deliberations, especially on judges," Kyl said.

Democrats thanked Hatch, welcomed comments from other Republicans and continued to speak of the computer snooping as a major scandal. Sen. Edward M. Kennedy (D-Mass.) compared it to Watergate. "In those days, break-ins required physical presence, burglar's tools, lookouts and getaway cars. Today, theft may only require a computer and the skills to use it," he said. But, he added, "a break-in is still a break-in."
*******************************
Washington Post
Mystery E-Mail Causes Uproar In GOP Primary
By Lori Montgomery and Christian Davenport
Thursday, February 12, 2004; Page B01
http://www.washingtonpost.com/wp-dyn/articles/A34587-2004Feb11.html

A Maryland state senator yesterday accused U.S. Rep. Wayne T. Gilchrest's reelection campaign of appropriating his name to open a phony e-mail account and to spread allegations of sexual harassment against Gilchrest's opponent in the March 2 Republican primary.

Sen. Andrew P. Harris (R-Baltimore County) said he sent letters yesterday to the FBI and the U.S. House ethics committee calling for an investigation into an e-mail that bears Harris's name but contains information suggesting that it was composed on a computer in a congressional district office.

The e-mail accuses Gilchrest's challenger, state Sen. Richard F. Colburn (R-Dorchester), of having "a long history of sexual harassment of interns in the Maryland General Assembly" -- allegations that Colburn has denied. The e-mail was received last week at Colburn's campaign headquarters, where it was opened by his wife, Alma, according to Colburn aides.

"I would not be surprised, when all is said and done, that someone connected with the congressman and his campaign is behind this," said Harris, one of three Republican lawmakers in Annapolis who have endorsed Colburn's long-shot bid to unseat Gilchrest, who is seeking his eighth term in Congress.

"Someone in that campaign is worried," Harris said. "But this time, they've stepped over the line."

Gilchrest called the allegations "absurd, patently absurd."

"I don't have time for petty, immature, elementary school games and tactics," Gilchrest said in a telephone interview. "We're so far ahead, in a hard-and-fast race like this, it would be ridiculous. There would be no motivation for us to do that."

Gilchrest's chief of staff, Tony Caligiuri, said he is familiar with the allegations against Colburn and has looked at e-mails detailing the allegations with staff members in Gilchrest's congressional and campaign offices. But Caligiuri denied that anyone associated with Gilchrest might have concocted a fake address and sent the e-mail to Colburn.

"We're not disseminating this information to the press or to voters," Caligiuri said. "We cannot verify any of this kind of stuff."

Sending a political e-mail from a congressional computer could violate federal laws against the use of government property for political purposes. It also could violate House ethics rules that prohibit the use of congressional resources for campaign work. And using someone else's name to create a fake e-mail account could violate a new federal law that bars e-mailers from disguising their identities.

In less than three weeks, Republican voters will head to the polls in the 1st Congressional District, which was redrawn two years ago to cover parts of Anne Arundel and Baltimore counties, as well as the Eastern Shore. In an increasingly nasty campaign, Colburn, a conservative who has served more than 20 years in Annapolis, is challenging Gilchrest, a moderate. Maryland Republican Party officials are supporting the incumbent.

In the latest campaign finance reports, Gilchrest had $186,000 in the bank, while Colburn's campaign was running a deficit of $27,000. Colburn said yesterday that he now has $10,000 in his campaign treasury.

In an interview yesterday in his Senate office, Colburn denied sexually harassing legislative interns and said he will continue the campaign. "I certainly realize that 95 percent of incumbent congressmen are reelected," Colburn said. "But no matter what threats are made, we're going to stay the course. And on March 2, the voters are going to have a choice between a conservative Republican and a liberal Republican."

In a written statement, Colburn alleged an attempt by "Congressman Gilchrest and his staff to illegally use taxpayer resources to falsely appropriate the name of a member of the Maryland State Senate and attach it to emails designed to threaten my family and damage my reputation."

The e-mail at issue was sent Feb. 2 to Colburn's account from "Andrew Harris," whose e-mail address appears as "mdpoliticalnews@xxxxxxxxxx" The subject line reads: "from today's wire," and what follows appears in the form of a news story.

"Colburn Plagued by Repeated Charges of Sexual Harassment," says the headline. "MD Colleges, Senate Intern Office Have Prohibition Against Intern Placements."

In interviews, college officials and Senate President Thomas V. Mike Miller Jr. (D-Calvert) have said there are no prohibitions on interns serving in Colburn's office.

Greg Dukes, a registered nurse who works as a volunteer for the Colburn campaign, said Colburn's wife opened the e-mail on the morning of Feb. 3. She immediately called Colburn at his desk on the Senate floor.

Harris told Colburn that he hadn't written the missive, and Dukes, a computer enthusiast, began probing the e-mail's "header," which contains information about its origins, including an Internet address. Using that information, Dukes said, he traced the e-mail to a computer network within the U.S. House.

A technician who manages the congressional computer system confirmed that the address matches a router on Capitol Hill that handles communications with congressional district offices. The technician, who declined to give his name, said it would be impossible to trace the e-mail further.

Even if it were possible, computer security experts said, the trace would offer no guarantee that the e-mail originated in a congressional office. Internet addresses are easy to fake, they said, noting that computer worms and viruses steal such information on a daily basis.

"As an attacker, all I have to do is determine what the Capitol Hill addresses are and modify the header so it appears to have come from Capitol Hill," said Adam Powers, a senior security engineer with Lancope Inc., a network security company based in Atlanta. "Concretely tracking an e-mail back to a specific sender is nearly impossible."
*******************************
Los Angeles Times
Website for Canadian Drugs Urged
An Assembly bill would establish a state Internet site to compare prices and link Californians to pharmacies certified as legitimate and safe.
By Nancy Vogel
February 13, 2004
http://www.latimes.com/technology/la-me-drugs13feb13,1,2926123.story?coll=la-headlines-technology

SACRAMENTO  Californians could go to a state-sponsored website to shop for cheaper prescription drugs from Canada under a bill introduced Thursday in the state Assembly.

The bill is one of several recently drafted by Democratic lawmakers to check the upward spiral of prescription drug costs, both for sick Californians and for taxpayers who pay billions of dollars to buy drugs for poor people, prisoners and retirees.

"Obviously we're hearing from constituents," said Assemblyman Dario Frommer (D-Los Feliz). "They're upset, they want some relief. We're hearing from employers. They're concerned about their healthcare premiums, which have gone up at twice the rate of inflation. And now we're hearing it in terms of budget writing, when we look at what costs we need to get our arms around and control."

In a Capitol news conference, Frommer and four other lawmakers unveiled a package of seven bills, the most controversial of which is likely to be AB 1957. That bill would require the state Board of Pharmacy to create a website that compares prices between American and Canadian pharmacies. The website also would link consumers to Canadian pharmacies that the board has certified as legitimate and safe.

Federal law prohibits individual Americans from importing prescription drugs from other countries, but the U.S. Food and Drug Administration has yet to prosecute anyone for ignoring the ban. Experts estimate that more than 1 million Americans have purchased Canadian drugs, either in person, over the Internet or through the mail.

Prescription drugs in Canada generally cost less  sometimes as much as 70% less  because the government there controls prices, experts say. The imbalance has prompted a growing number of American cities and states to urge the federal government to either give them waivers to import drugs or set up a program to screen and sanction Canadian drugs for sale in the U.S.

Frommer said his bill would not violate federal law.

"We have the power under current state law to certify mail-order pharmacies through our Board of Pharmacy," he said.

"The FDA hasn't prosecuted anybody, but people are doing it," said Frommer. "We want to make sure they're getting those drugs safely."

FDA officials warn that although Canadian drug standards are probably not much different from those in the U.S., some drug makers in other countries such as Romania and Pakistan funnel their wares through Canada without regard to those safety standards.

Frommer also is sponsoring a bill, AB 1958, that would allow state agencies, businesses and health maintenance organizations to pool their drug purchases.

Large purchases should give the state better leverage to negotiate prices, he said.

Other bills introduced Thursday include AB 1959 by Assemblywoman Judy Chu (D-Monterey Park), which would allow certain lawmakers, under an oath of secrecy, to review the prescription drug contracts signed by state agencies.

A federal report last year found that California had failed to take advantage of $1.34 billion in rebates from drug manufacturers.

Last year, as lawmakers struggled to close a $35-billion budget gap, Chu said, they could rely only on the promises of state department heads that they were getting the best deals on prescription drug prices.

"The departments always claim that disclosure of the contracts would jeopardize proprietary information," she said.
*******************************
Associated Press
Google Bans Environmental Group's Ads
Thu Feb 12, 9:19 PM ET
http://story.news.yahoo.com/news?tmpl=story&ncid=1212&e=7&u=/ap/20040213/ap_on_hi_te/google_ban&sid=95573501
By MICHAEL LIEDTKE, AP Business Writer

SAN FRANCISCO - Online search engine leader Google has banned the ads of an environmental group protesting a major cruise line's sewage treatment methods, casting a spotlight on the policies  and power  of the popular Web site's lucrative marketing program.

Oceana, a 2 1/2-year-old nonprofit group, said Google dropped the text-based ads displayed in shaded boxes along the right side of its Web page because they were critical of Royal Caribbean Cruise Lines.

Washington D.C.-based Oceana believes Royal Caribbean pollutes the oceans by improperly treating the sewage on its ships. It hoped to publicize its complaints by paying to have its ads appear when terms like "cruise vacation" and "cruise ship" were entered into Google's search engine.

The ad, which said "Help us protect the world's oceans," appeared for two days last week before Google pulled it from its page.

When Oceana challenged the ban, Mountain View, Calif.-based Google responded with an e-mail advising the group that it doesn't accept ads with "language that advocates against Royal Caribbean."

Oceana's ad didn't mention Royal Caribbean directly, but the link directed Google visitors to a Web page critical of the Miami-based cruise line.

The decision stunned Oceana because it reeked of censorship and favoritism, said Andrew Sharpless, the group's chief executive.

"We were surprised because the answer they gave certainly raises the question whether they got a phone call from Royal Caribbean," Sharpless said Thursday. "We can't prove that, but it certainly smells that way."

Both Google and Royal Caribbean denied there was any pressure applied to remove the Oceana ad.

Google's policy prohibits ads criticizing other groups or companies, said spokeswoman Cindy McCaffrey. "We do reserve the right to exercise editorial discretion when it comes to the advertising we accept on our site," she said.

Google's ad policies don't affect the noncommercial results that the search engine delivers using a closely guarded formula.

Oceana's ad probably would be accepted by Yahoo!, which operates a similar online marketing program through its Overture subsidiary. Overture accepts critical ads, as long as they aren't obscene or libelous, said company spokeswoman Jennifer Stephens. "We see it as a freedom of speech issue," she said.

The ads have become a big moneymaker for Google, providing the company with hundreds of millions of dollars to expand its operations and technology.

As a privately held company, Google doesn't disclose its financial results, but its revenue last year is believed to have ranged between $700 million and $1 billion. The company is expected to go public later this year.

Google's ad rates have been steadily rising as advertisers have discovered the value of having their Web links prominently displayed under search terms related to their businesses.


The marketing program, which Google calls "AdWords," also has caused headaches for the company.

American Blind and Wallpaper Factory recently filed a trademark infringement lawsuit against Google because the search engine allows rival merchants to display their ads alongside the terms "American wallpaper" and "American blind."
*******************************
USA Today
Software bug blamed for blackout-alarm failure
By Anick Jesdanun, Associated Press
http://www.usatoday.com/tech/news/computersecurity/2004-02-12-blackout-bug_x.htm
Posted 2/12/2004 7:56 PM     Updated 2/12/2004 8:08 PM

NEW YORK  A programming error has been identified as the cause of alarm failures that might have contributed to the scope of last summer's Northeast blackout, industry officials said Thursday.

Ralph DiNicola, spokesman for FirstEnergy, said the utility has since applied fixes developed by the system's vendor, General Electric, and has accelerated plans to replace GE's XA/21 with a system from French nuclear engineers Areva SA.

A U.S.-Canadian task force investigating the blackout said in November that FirstEnergy employees failed to take steps that could have isolated utility failures because its data-monitoring and alarm computers weren't working.

Without a functioning emergency management system or the knowledge that it had failed, the company's system operators "remained unaware that their electrical system condition was beginning to degrade," the report said.

At the time, task force members said it remained unclear whether the software malfunctioned or if FirstEnergy's computers had difficulty running it that day.

DiNicola said Thursday that the company, working with GE and energy consultants from Kema, had pinned the trouble on a software glitch by late October and completed its fix by Nov. 19, coincidentally the same day the task force issued its report.

GE Energy spokesman Dennis Murphy said the company distributed a warning and a fix to its more than 100 other customers the following day.

DiNicola said FirstEnergy had informed the task force at the time; the company went public with it this week in a report on the Web site SecurityFocus. On Tuesday, the industry-sponsored North American Electricity Reliability Council alluded to troubles with FirstEnergy's XA/21 system.

The discovery of the programming error took "weeks of going through millions of lines of data," DiNicola said.

The failures occurred when multiple systems trying to access the same information at once got the equivalent of busy signals, he said. The software should have given one system precedent.

With the software not functioning properly at that point, data that should have been deleted were instead retained, slowing performance, he said. Similar troubles affected the backup systems.

Joseph Bucciero, senior vice president for transmission services at Kema, said the public should not lose confidence in utilities.

"There are a lot of systems out there and they are running for many years already, and this is the first time a problem like this has arisen," he said.

Bucciero said the software bug surfaced because of the number of unusual events occurring simultaneously  by that time, three FirstEnergy power lines had already short-circuited.

The GE system at FirstEnergy was a 1996 model, DiNicola said. The newer Esca system from Areva will be installed at two locations, Akron, Ohio, and Reading, Pa., for redundancy, he said.
*******************************
Computerworld
http://www.computerworld.com/securitytopics/security/cybercrime/story/0,10801,90162,00.html
FTC, international coalition crack down on misleading Web sites
The sweep is being coordinated by the Australian Competition and Consumer Commission
Story by Linda Rosencrance

FEBRUARY 12, 2004 ( COMPUTERWORLD ) - The Federal Trade Commission and more than two dozen consumer protection agencies around the world are participating in a three-day sweep to identify and crack down on Web sites that mislead consumers.
The International Internet Sweep, which began Tuesday, is being coordinated by the Australian Competition and Consumer Commission (ACCC).

The sweep is focusing on what the agencies call ?too-good-to-be-true? Web sites that prey on consumers by offering them bogus get-rich-quick schemes, work-at-home schemes, and free offers that are anything but.

?The lure of quick, easy money and opportunities to work from home entice consumers into such schemes,? the ACCC said in a statement.

Common pitfalls include hidden start-up fees, added costs and grossly exaggerated earning potential, according to the ACCC. Consumers often lose thousands of dollars to such schemes, the agency said.

?The ACCC received an increasing number of complaints and inquiries about Internet scams throughout the year of 2003,? said ACCC Chairman Graeme Samuel in the statement. ?The internet is prime territory for scammers around the globe who seek to take advantage of international boundaries to avoid detection. Scammers are increasingly using the Internet to try and make a fast dollar and take advantage of vulnerable consumers.?

FTC spokesman Pablo Zylberglait said the sweep is part of an ongoing effort by members of the International Consumer Protection and Enforcement Network (ICPEN), a network of consumer protection agencies from 31 countries.

?Cross border cooperation is essential to combat these types of scams,? the ACCC said. ?Enforcement agencies are increasingly working together to combat Internet fraud, where scammers exploit the international nature of the Internet.?

After the Internet sweep, the ICPEN will turn over whatever information it has gathered about suspect Web sites to the affected countries. It will be up to officials in those countries to decide what, if anything, to do with the information. Zylberglait said a country could decide to take legal action against a site's owner, or just warn the owner about possible violations. In addition, a country could just decide to alert the public about any suspect Web sites.

Zylberglait said the agencies will likely release a statement about the outcome of the sweep after an ICPEN meeting at the end of March.
*******************************
Federal Computer Week
Federal patch service to stop
BY Florence Olsen
Feb. 11, 2004 
http://www.fcw.com/fcw/articles/2004/0209/web-patch-02-11-04.asp

After a year spent helping federal agencies patch their insecure operating systems, government officials say they plan to leave that role to others.

This week, DHS officials said that the department will get out of the business of distributing security patches because the private sector is better at it than the federal government. Lawrence Hale, deputy director of the United States Computer Emergency Response Team, could not say exactly when the department would stop offering a service called Patch Authentication and Dissemination Capability (PADC). But he suggested that agencies would soon have to find commercial alternatives to the government's free service. Forty-seven federal agencies now use it.

When the federal government began planning the patch distribution service more than three years ago, Hale said that the idea of offering patch management assistance was ahead of its time. But by the time the government had awarded a contract to a company that could provide the service, other commercial alternatives had surpassed the limited offering that the government had contracted.

Many companies now sell patch management as part of an integrated configuration management service that includes vulnerability scanning, patch installation and asset management. The PADC service is for patch installation only. Agencies that use the free service buy the other services separately if they want them, but at prices that are often higher than those of the integrated commercial packages, Hale said.

General Dynamics Corp. and its Veridian Corp. subsidiary provide the government's patch management service under a $10 million contract.
*******************************
Government Computer News
DHS to pare state security requests
By Wilson P. Dizard III
http://www.gcn.com/vol1_no1/daily-updates/24935-1.html

The Homeland Security Department likely won't grant states all the money requested in security plans they recently submitted.

In testimony before the House Select Committee on Homeland Security, DHS secretary Tom Ridge today said the state plans amount largely to "wish lists" for the funding states seek from the department.

?We need to work with state and local governments to develop a standard list of facilities the loss of which would cause massive destruction of human life or economic loss,? Ridge said. ?We need to pare down the wish lists."

State and local governments likely will use much of the funding they receive from DHS to purchase systems and electronic equipment to prepare for, cope with and recover from terrorist attacks and natural disasters.

The administration's fiscal 2005 DHS budget request includes $3.6 billion for first-responder terrorism preparedness grants.

DHS plans to double funding for the Urban Area Security Initiative to $1.45 billion. That program targets funds especially to large citiesa plan that appeared to irk representatives from rural areas and smaller cities.

Grant allocation methods and the speed of grant distributions concerned several lawmakers, who criticized delays in the process. Ridge said DHS is working to develop a standard way for delivering funds to states, to speed the process.

Rep. Peter A. DeFazio (D-Ore.) said the top concern of first responders he has talked to is the lack of interoperable communications equipment. "I was concerned that funding for that was zeroed out" in the administration's fiscal 2005 budget proposal, he said.

Ridge said DHS would let state and local agencies use grant funds for interoperable communications gear "not only this year but in future years," adding that the release of an interoperability standard is "imminent."
*******************************