Clips October 20, 2003

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips October 20,
2003

ARTICLES

Electronic Voting: What You Need To Know 
Romania emerges as new world nexus of cybercrime
Google ordered to pay fine in French trademark case
Finns Ready Law for Tracking Young Cellphone Users
Personnel System in Final Stage 
Teen computer whiz cleared in Houston hacking
Australia, Korea forge spam pact
Web access app gets Common Criteria certification 
Commerce IT reorganization put on back burner 
Officials debate rule on liability for anti-terrorism tools
*******************************
t r u t h o u t | Interview 
Electronic Voting: What You Need To Know 
By William Rivers Pitt 
Monday 20 October 2003 

     Author's Note | In July of 2003, I sat down for
an extended, free-wheeling interview in Denver with three of the smartest
people I have ever met. Rebecca Mercuri, Barbara Simons, and David Dill
have been at the forefront of the debate surrounding the rise of
electronic touch-screen voting machines in our national elections.
Sufficed to say, they are three computer scientists/engineers who are as
well versed on these matters as anyone you will ever meet. Scroll quickly
to the bottom of this interview before reading to view their CVs.

     If you are completely new to this, the issue in
brief: In the aftermath of the 2000 election, Congress passed the Help
America Vote Act. After much wrangling, it appears the powers that be
have settled upon electronic touch-screen voting machines as the
solution. There are, however, a number of serious concerns about the
viability of these machines that have been raised. The matter strikes to
the heart of our democracy. If the votes are not counted properly, our
democracy is broken forever. More data on this is linked below, after the
CVs. 

     Key: 'WP' is me; 'RM' is Rebecca Mercuri; 'DD'
is David Dill; 'BS' is Barbara Simons. These three scientists deserve
great thanks for making this complicated and important issue so clear.

For the Interview Q&A, see:
http://www.truthout.org/docs_03/102003A.shtml
*******************************
USA Today
Romania emerges as new world nexus of cybercrime
By William J. Kole, The Associated Press
10/18/2003

BUCHAREST, Romania  It was nearly 70 degrees below zero outside, but
the e-mail on a computer at the South Pole Research Center sent a
different kind of chill through the scientists inside. 
"I've hacked into the server. Pay me off or I'll sell the station's
data to another country and tell the world how vulnerable you are,"
the message warned. 

Proving it was no hoax, the message included scientific data showing the
extortionist had roamed freely around the server, which controlled the 50
researchers' life-support systems. 

The FBI traced the e-mail to an Internet cafe in Bucharest and helped
Romanian police arrest two locals  the latest evidence that
computer-savvy Romanians are fast emerging as a bold menace in the
shadowy world of cybercrime. 

"It's one of the leading places for this kind of activity,"
said Gabrielle Burger, who runs the FBI's office in Bucharest and is
working with Romanian authorities to arrest suspects "and avoid the
Sept. 11 of cybercrime." 

Law enforcement documents obtained by The Associated Press portray a
loosely organized but increasingly aggressive network of young Romanians
conspiring with accomplices in Europe and the United States to steal
millions of dollars each year from consumers and companies. 

Their specialties: defrauding consumers through bogus Internet purchases,
extorting cash from companies after hacking into their systems, and
designing and releasing computer-crippling worms and viruses. 

Alarmed authorities say the South Pole case underscores the global impact
of this new breed of cyber-outlaw. 

"Frustrated with the employment possibilities offered in Romania,
some of the world's most talented computer students are exploiting their
talents online," the U.S.-based Internet Fraud Complaint Center
(www.ifccfbi.gov),
run by the FBI and the National White Collar Crime Center, says in a new
report. 

Computer crime flourished in Romania because the country lacked a
cybercrime law until earlier this year, when it enacted what may be the
world's harshest. The new law punishes convicts with up to 15 years in
prison  more than twice the maximum for rape. 

Varujan Pambuccian, a lawmaker and former programmer, helped draft the
new law after Romania's government realized the nation, which is racing
to join the European Union by 2007, was getting a bad online reputation.

"We want a good name for our country," he said. "I'm very
angry that Romania is so well-known for ugly things  for street
dogs, street children and hackers." Pambuccian said there was a
noticeable decline in criminal activity in the first three months since
the law took effect. 

More than 60 Romanians have been arrested in recent joint operations
involving the FBI, Secret Service, Scotland Yard, the U.S. Postal
Inspection Service and numerous European police agencies. 

They include the two suspects implicated in the South Pole extortion
attempt last May. Both are awaiting trial. Another Romanian pair was
arrested on suspicion of extorting cash from Integrity Media of Mobile,
Ala., after information on 30,000 credit card accounts was stolen in
March. 

Police say several hackers have been convicted, though in lower-profile
cases. 

Although the Russians are better known for online extortion, Romanians
have become major players in the scam, a specialty also favored by
criminals from Bulgaria, Poland and Slovenia. 

Information technology is a Romanian forte dating to the former regime,
when the late dictator Nicolae Ceausescu saw computers as a way to
advance communist ideology. Software piracy took firm hold during the
Soviet era, when Romanians too poor to buy licensed software simply
copied it. 

Today, Romanians get their first computer lessons in nursery school.
Universities have top-notch IT programs whose graduates are heavily
recruited by Western companies. Microsoft Corp. recently acquired GeCAD,
a leading Bucharest data-security firm. 

But all that know-how has spawned a dark side: Internet vampires who prey
on victims half a world away. 

The classic scam: Offer high-end electronics or other goods for sale or
auction, take the order, confirm the "shipment"  and
simply vanish the moment the consumer has wired payment. 

The Internet Fraud Complaint Center said it gets hundreds of complaints
daily from defrauded Americans. Many cases trace to Romania, where
criminals use Internet cafes to elude capture and avoid leaving a digital
trail to their home PCs. 

Some have developed Web pages that mimic legitimate sites such as eBay,
diverting them into the cyberspace equivalent of a back alley. Buyers
think they're dealing with eBay, but their money ends up in criminal
hands and the goods are never shipped. 

The most brazen hack into protected corporate databases, where they copy
proprietary information and demand cash on threats of publishing the
findings on the open Internet. 

This past summer, authorities aided by FBI experts arrested six young
Romanians in the Transylvania town of Sibiu after they successfully
extorted $50,000 from several leading American corporations, which were
not identified. 

Virgil Spiridon, chief inspector of Romania's national police and head of
a newly launched computer crime task force, said authorities have
intercepted online traffic, tracked Internet headers and addresses,
searched suspects' homes and seized hard drives. 

But Mihai Radu of Bucharest-based BitDefender, a data security company,
says criminals are smarter than local authorities. 

Romanian police asked BitDefender to help track down a 24-year-old
university student suspected of creating and releasing a version of the
crippling MSBlaster worm in August. The suspect, Dan Ciobanu, has not
been arrested but remains under investigation. 

"The Romanian police aren't qualified," Radu said as young
analysts in jeans, T-shirts and sneakers disassembled strings of code to
detect possible viruses. "They don't have the tools, the skills, the
software." 

Pointing up the criminals' knack for staying one step ahead of the law,
FBI documents note that because consumers are reluctant to do business
with Romanians, some scammers have found accomplices in other countries.
Others pass themselves off as coming from elsewhere. 

When police caught on that criminals were getting paid through Western
Union transactions, they switched to direct bank-to-bank transfers, which
are trickier to trace. Lately, they've set up bogus PayPal-style escrow
accounts. 

In an astonishing show of bravado, some cybercriminals dare even to toy
with those tracking them. 

Radu recalls logging on to his PC at home, only to watch in horror as the
cursor moved independently around the screen and the CD-ROM tray slid in
and out as though possessed by a poltergeist. 

"I was hacked," he said. "There's a fight between the dark
side and the light side." 

Gesturing toward BitDefender's football field-sized room of programmers,
he added cryptically: "They can do anything. If they weren't working
for us, who knows what they'd be up to."
*******************************
USA Today
Google ordered to pay fine in French trademark case
By Christopher Noble, Reuters
10/18/2003

PARIS  A French court has ruled against Internet search powerhouse
Google in an intellectual property rights case that could have far
reaching technological and financial implications for Web search firms,
who process tens of millions of queries a day.
The civil court in Nanterre, near Paris, fined privately held Google
75,000 euros for allowing advertisers to link text Internet
advertisements to trademarked search terms and gave the company 30 days
to stop the practice, common at Internet search services.

The ruling, handed down earlier this week, is believed to be the first in
which the owner of a trademarked term successfully sued an Internet
search service over the practice of allowing advertisers to use protected
terms in text ads.

If it was upheld on appeal and validated in other countries the decision
could force the search services to pre-screen search terms for trademarks
before letting advertisers use them.

It was not the first time the French legal system has taken aim at the
Internet. In November 2000, a French judge ordered Internet giant Yahoo
to bar people in France from accessing sites selling Nazi memorabilia in
a case that sparked a trans-Atlantic legal spat. 

Timothy Koogle, the company's one-time chief executive, was acquitted
earlier this year of charges that he condoned war crimes by selling the
items on Yahoo sites.

In the trademark case, the owner of the name "Bourse des vols"
(Market for Flights), an Internet travel agent, wanted Google to stop
allowing competitors to include "Bourse des vols" as a term
that would generate an advertisement and link to their own site that
Internet searchers could click on.

Google had refused, arguing its French arm was not responsible, that the
term bourse des vols was not protected by a valid trademark and that the
issue was technological and could not be resolved.

But the court found for the plaintiff on all three issues, said Fabrice
Dariot, who owns the trademark to "Bourse des Vols" and sued
Google. Dariot said that while the fine was small, the decision could be
important.

"It was as though the Internet and the real world were two different
worlds, but this ruling shows that there is only one world," he said
in an interview. "It shows that the Internet will have to respect
intellectual property rights."

The result of the decision would be that any time the term "Bourse
des Vols" was typed in, only ads for that specific site could be
posted with the search results, Dariot said.

Mountain View, California-based Google said it would appeal the decision
and declined further comment.

But because the decision was made on an enforceable basis, Google will
have to make the changes while the appeal is underway or face fines of up
to 1,500 euros for each infraction, Dariot said. 
*******************************
Reuters
Finns Ready Law for Tracking Young Cellphone Users
Fri Oct 17, 8:49 AM ET

HELSINKI (Reuters) - Finland has proposed a new law that would let
parents track the movements of their young children via mobile phone,
even without their consent, in a move that could set an EU benchmark in
privacy and handset use. 

   

The proposal is part of new law on privacy in electronic communications
and could still be changed in parliament hearings, although the Nordic
country's coalition government accepted it unanimously this week.


Parliament will likely start discussing the proposal early in November,
but state officials and politicians said it was too early to estimate
when the law could be passed. 


"Roughly similar legislation will be a reality in the European Union
(news - web sites) area in the near future," said Juhapekka Ristola,
an official at the transport and communications ministry. 


He said other countries may follow the example of Finland, home to the
world's largest mobile phone maker Nokia (news - web sites), because the
proposal is based on the EU's directive on privacy and electronic
communications. 


According to the draft, individuals aged 15 or older could only be
tracked after giving their consent, but for children under 15 such
consent could also be given by their parents or guardians. 


In emergency situations people can still be tracked without their consent
regardless of their age. 


Finland's top two mobile operators, TeliaSonera and Elisa, currently
offer positioning services which locate the phone user based on the
mobile base station he or she is nearest to. 


TeliaSonera says the positioning works from between 100 meters (yards) in
congested areas to 20 km (12 miles) in less populated areas. 


Finland is a world leader in mobile technology, and last February topped
the World Economic Forum (news - web sites)'s list as the most tech-savvy
country in the world.
*******************************
Washington Post
Personnel System in Final Stage 
Panel to Review Options for Homeland Security Workers 
By Christopher Lee
Monday, October 20, 2003; Page A21 

One of the government's most important construction projects will hit a
crucial phase this week, yet not a shovel of dirt will be turned over.

Starting today, officials from the Bush administration and federal
employee labor unions will enter the final stages of building a new
personnel system for 180,000 employees at the new Department of Homeland
Security. The 18-member senior review committee will spend three days at
the Almas Temple downtown going over the 52 personnel system options that
a federal working group spent more than six months developing.

The panel will produce a summary report -- but not specific
recommendations for a new personnel system -- to Tom Ridge, the homeland
security secretary, and Kay Coles James, the director of the Office of
Personnel Management. The committee's power is limited. Although Congress
required the administration to consult with employee groups in crafting a
new personnel system, Ridge and James have the final say. 

Ridge and James are expected to come up with a proposed plan in December,
which will then undergo 60 days of legal review and public comment before
becoming final early next year.

"This process is a model for how management and labor can work
together with mutual respect even though there may be real policy
differences," James said in a statement this month.

John Gage, president of the American Federation of Government Employees
and a member of the review panel, said he hopes Ridge and James consider
the union's input, but the fact remains that unions have no power to
shape the final outcome.

"We have to be big boys and face reality on that," Gage told
reporters Friday. "I think it puts a lot of pressure on [Ridge].
He's going to be pulled in a number of different directions on this. . .
. He's going to have to make some tough decisions."

The process is important because the new system will help define the
operation of a vast department formed less than a year ago through the
consolidation of 22 agencies to better protect the nation against
terrorism. More than that, however, the final product could provide a
template for the administration to use in pursuing sweeping personnel
reforms across the government, participants said.

"Whatever Ridge and James ultimately do, I think, will be looked at
by all other agencies," said Colleen M. Kelley, president of the
National Treasury Employees Union and a member of the review panel.
"It's just a matter of time before they are all standing in line
saying, 'We want the ability to either do exactly what DHS does, or at
least to have the opportunity to make some more changes.' 
"

Tasia Scolinos, a DHS spokeswoman, said Ridge and James want to hear from
many voices before making a final decision.

"They want all concerns, all pros and cons, on the table," she
said. 

Although some might consider crafting a personnel system a mundane task,
the creation of the department was delayed for months last year because
of a bitter fight in Congress over work rules at the new agency.
President Bush and Republican lawmakers argued that existing civil
service laws would tie managers' hands in their efforts to build an
effective department. Democrats said erasing long-standing protections
against unfair treatment of civil servants would not enhance national
security.

In the end, Bush prevailed and Congress granted the administration
freedom to rewrite civil service rules in the areas of pay, performance
appraisals, job classifications, labor-management relations, discipline
and employee appeals.

Administration officials have said they are intent on creating a system
that ties pay to performance rather than longevity, that more quickly
resolves employee grievances and appeals, and that limits collective
bargaining rights. Union leaders say agencies, including DHS, don't have
the expertise or money to implement pay for performance properly. And
they say workers won't want to stay in a department without an
independent appeals process and collective bargaining rights to protect
them from unfair treatment and cronyism. "Morale is not good in
Homeland Security," Gage said. "People are very concerned and
maybe a little demoralized about what's going on."
*******************************
USA Today
Teen computer whiz cleared in Houston hacking
10/17/2003

LONDON (AP)  A teenage computer expert was acquitted Friday of
hacking a system that provides navigational data for the port of Houston.
A jury at Southwark Crown Court in London accepted 19-year-old Aaron
Caffrey's contention that unidentified vandals had installed an attack
script on his computer, which he then unknowingly set into motion.

Prosecutors had said Caffrey intentionally launched an electronic assault
on a woman he met in an Internet chat room because he believed she had
insulted his girlfriend. They alleged that in carrying out that attack,
Caffrey inadvertently paralyzed the Houston system by bombarding it with
thousands of electronic messages. 

The port's Internet site was forced out of service temporarily, making it
difficult to obtain information about ships' whereabouts. 

Caffrey, who belongs to a group called Allied Haxor Elite, acknowledged
hacking into computers in the past but only with the permission of the
machines' owners, whom he said wanted to test their security systems.

He insisted he had nothing to do with the September 2001 attack in
Houston, testifying during a two-week trial that he knew nothing about it
until police came to arrest him in January 2002. 

The officers confiscated his computer. He was charged and brought to
trial after computer experts failed to find so-called "Trojan
horse" software that would have indicated someone had hijacked
Caffrey's computer. 

He testified that the program might have been designed to self-destruct,
leaving no trace of its presence. 

"This ordeal has been a dark cloud hanging over him for the last two
years," Caffrey's lawyer, Iain Ross, said after the verdict.
"He had always insisted he was not guilty and that he was a victim
of a criminal act rather than being a criminal himself."
*******************************
USA Today
Scottsdale company pioneers Amber Alert Web site
10/18/2003

MESA, Ariz. (AP)  A Scottsdale-based company could begin operating a
free Web portal that disseminates Amber Alerts nationwide by the end of
next year. 
The site would allow states to share information instantly and could be
used to alert the country in case of an abduction or disaster. 

E2C, which stands for Engaging and Empowering Citizenship, has the Web
portal partially up in Arizona, said company founder and CEO Chris
Warner. By the end of this year, Arizona and Washington will be online,
Warner said. 

"So, by the end of the next year, there's a very good chance we are
going to have all 50 states working, fully functional," he said.

The system lets computers send out alerts, allowing a first responder to
upload information with the help of the Arizona Department of Public
Safety, Warner said. 

"Then, in one push of the button, it goes out to any concerned
party," he said. 

All 50 states have signed on to join the program. 

The National Alliance of State Broadcasters Associations voted
unanimously to support the portal and the Department of Homeland Security
is also looking at it, said Art Brooks, chairman of the Amber Alert
Oversight Committee in Arizona. 

The Web portal, which uses software that cost between $1 to $2 million to
develop, is partially funded by donations from corporate sponsors, Warner
said. 

Amber Alerts are used by law enforcement to spread information about
abductions and suspects. The system, which Arizona started using this
fall, distributes details on abductions to radio and television stations,
and to electronic message signs on state highways.
*******************************
Australian IT
Australia, Korea forge spam pact
Kate Mackenzie
OCTOBER 20, 2003  
 
AUSTRALIA and Korea have signed a memorandum of understanding on spam,
pledging to work together to reduce junk emails in both
countries.

The Australian Communications Authority, the National Office for the
Information Economy, and the Korean Information Security Agency formally
signed the agreement today in Melbourne. 
Acting ACA chairman Bob Horton said the agencies would share information
and work closely together, with the aim of reducing the volume of spam
both originating in, and being sent to, Australia and South Korea.

"The ACA is looking forward to working closely with KISA and NOIE to
develop cooperative mechanisms to combat the rapidly growing spam
problem," Dr Horton said. 

Anti-spam software vendor MessageLabs estimates 3.5 per cent of spam
originates from South Korea. The United States was responsible for 58.4
per cent, according to the company's research. 

*******************************
Federal Computer Week
Performance flogs Tampa facial tech
Viability of facial-recognition systems left in question, privacy issues
linger
BY Dibya Sarkar 
Oct. 20, 2003

Although facial-recognition technology often raises privacy concerns,
Tampa, Fla., officials' recent decision to jettison an experiment using
surveillance cameras to electronically probe city streets for criminals
had to do with performance, not privacy.

Tampa officials had planned to use cameras to match criminals' faces
against a large criminal database. Their decision to drop the technology
casts doubt on its future in the public arena, leaving Virginia Beach,
Va., as the only U.S. municipality still using it.

Joseph Atick, president and chief executive officer of Identix Inc.,
which provided the software to both cities, said facial-recognition
technology is not jeopardized. The company, however, will no longer
market the software for that particular function.

Facial-recognition technology "has never been in a better position
than it is right now," he said. "We are pursuing surveillance
at security checkpoints, at border control areas. They think it is
important for us to do the check to make sure people aren't on a watch
list. But wide-area surveillance in the street is not an application we
are pursuing."

Tampa, which scrapped the program in August, had been testing the
technology for a couple of years in an 11-block section of the city. The
pilot program sought to integrate the facial-recognition software with
its 37 surveillance cameras, which still remain in place. During that
period, however, the city did not have "one alert, one
identification nor made one arrest as a result of the software,"
said Capt. Bob Guidara, the police department's spokesman.

"With a database of over 24,000 local wanted and missing persons,
and not one alert, we're perplexed as to why that was the fact especially
when this entertainment district was frequented on Thursday, Friday and
Saturday nights with crowds of 10,000 to 20,000" people, he said.

"We concluded that the software, at least in this environment or
application, did not really serve any true benefit to us," Guidara
said. "And rather than instill a false sense of security both with
our officers and the public, we felt it was better to eliminate that
application."

Atick suggested that Tampa's newly elected mayor, Pam Iorio, might have
decided to discontinue the program given the privacy concerns that the
system sparked.

Privacy groups, including the American Civil Liberties Union, have
complained. Such technology, they have said, is unproven and its usage
smacks of Big Brother tactics despite police department assurances that
data collected on innocent pedestrians would not be stored but would be
discarded immediately. Privacy groups said deploying more patrol officers
would be more effective.

Guidara said the timing was coincidental. The contract with Identix that
provided the city with free usage of the facial-recognition software was
up for renewal. After an assessment with the police chief and
consultation with the mayor, they decided against renewing it.

***

Virginia Beach system continues 

Tampa, Fla., officials have abandoned facial-recognition technology, but
Virginia Beach, Va. officials have no plans to take down their system,
said Lt. Dennis Santos, supervisor of the city's facial- recognition
system.

Virginia Beach's system, which cost $200,000 in federal and city funds,
has been operating since September 2002. It surveys a beachfront area.
During summers, the city's normal population of 500,000 swells to 4
million. Although it has 13 surveillance cameras, the department linked
the software to only three. The software scans against a database of
about 600 records, which include local felony warrants, lost and runaway
children and older individuals, and the FBI's 10 most wanted list and
terrorist wanted list, Santos said. However, because of military call-ups
of several officers, finding workers to man the system during the summer
has been difficult. Normally, the system operates from 10 a.m. to
midnight, he said. In the past year, Santos said the system has issued
two alerts. One suspect did not turn out to be a match after officers
interviewed him. In the second case, officers were unable to find the
individual after being alerted by the system's operator of a very good
match. Interviews are consensual and police officers first inform the
individuals that they were chosen because they were matched by the city's
facial-recognition system. Local law enforcement agencies and other
groups across the country and in Canada have expressed interest in the
system. Santos said eventually the city's database would expand, but
never reach Tampa's large size.
*******************************
Government Computer News
Web access app gets Common Criteria certification 
By Patricia Daukantas 

IBM Corp. today announced that its Tivoli Access Manager software, an
application that controls access to online information, has received
international Common Criteria security certification. 

The software was certified under Evaluation Assurance Level 3, said Chris
O?Connor, IBM?s director for corporate security. The EAL3 certification
requires that the application?s security functions have been methodically
tested and checked. 

For the Common Criteria test, Tivoli Access Manager 4.1 was tested on
four operating systems: IBM AIX 5.2, Sun Solaris 8, Microsoft Windows
2000 Advanced Server with Service Pack 3 and Suse Linux Enterprise Server
8. 

Atsec Information Security GmbH of Germany performed the testing, which
was then certified with the German Federal Office for Information
Security, O?Connor said. The United States is one of the nations that
recognizes Common Criteria certification. 

The evaluation of the Tivoli application is part of a broader IBM
strategy to gain EAL3 certification for apps that agencies can use for
e-government projects, O?Connor said. Several other IBM products,
including its WebSphere Application Server, are currently being evaluated
through the Common Criteria program.
*******************************
Government Computer News
10/20/03 
Commerce IT reorganization put on back burner 
By Wilson P. Dizard III 

An administration plan to consolidate three Commerce Department
technology agencies has been delayed because of the press of legislative
business in Congress, a department spokeswoman said. 

?It has been sent to Capitol Hill, but it has not been introduced,? said
Connie Correll, spokeswoman for the department?s Technology
Administration. ?I think we are just waiting for the appropriations
process to die down because there are so many other things going on right
now.? 

In July, Commerce secretary Don Evans sent the 21st Century Innovation
Act to Vice President Dick Cheney, who is president of the Senate, with a
request to introduce it. But neither Cheney nor any other lawmaker has
sponsored the bill. 

The proposal, which Evans first announced in February [see story], calls
for merging the Technology Administration, the National
Telecommunications and Information Administration and the electronic
commerce functions of the International Trade Administration [see story].
The new agency would be called the Technology and Telecommunications
Administration. 

Legislative aides on the House Energy and Commerce Committee and Senate
Commerce Committee said they were not familiar with the proposal.

Commerce?s Correll said the proposal is a ?must-do piece of legislation
for the technology sector,? but conceded that ?it doesn?t rise to the
level of reforming Medicare or fighting the war on terrorism.? 

Mike Zaneis, director of technology policy for the U.S. Chamber of
Commerce, said his organization generally favors proposals to streamline
government but added that his organization would want to see the details
of any proposal before endorsing it.
*******************************

Government Executive
October 17, 2003 
Officials debate rule on liability for anti-terrorism tools
By Greta Wodele, National Journal's Technology Daily 



Lawmakers and industry officials on Friday expressed concern about the
Homeland Security Department's plan to implement a law designed to limit
the liability that companies might face for their counter-terrorism
technologies. 


"By passing the [law], Congress acted quickly to resolve uncertainty
over liability concerns so that the full power of American technology
could be unleashed in the war on terrorism," Virginia Republican Tom
Davis, chairman of the House Government Reform Committee, said during an
oversight hearing on the Support Anti-Terrorism by Fostering Effective
Technologies (SAFETY) Act. "[The department] must be careful that
its implementing regulations and processes are not so complicated that
they defeat the very purpose of the SAFETY Act." 


He said "bureaucratic delays" have resulted in "private
firms waiting to submit applications until they have seen some finality
in the application process and implementing regulations."

Homeland Security said it would begin taking applications in September
but began the process on Thursday after issuing an interim rule late last
week, Davis said. The law, which was enacted in January, provides limited
liability protection for companies if their products or services fail to
prevent terrorist attacks. 


Parney Albright, a Homeland Security assistant secretary, said the delay
was due to a review of public comments from more than 40 companies and
associations. Albright also said the regulatory process typically takes
18 months, but Homeland Security "compressed" it to seven. The
department plans to issue a final rule in about 90 days, he said.


Harris Miller, president of the Information Technology Association of
America (ITAA), testified that changes to the applications process are
necessary. The application, he said, would take companies an average of
1,000 hours to complete. 


"We are concerned that the ... information requirements are so
massive as to ignore the real-world business issues surrounding
deployment of anti-terrorism technologies and urge the department to
rethink the scope of information being required," he said. 


The department, however, estimated that it would take 108 
hours.

When asked by lawmakers if the process would prove burdensome and delay
the use of anti-terrorism technologies, Albright argued that the
requested data meets criteria established not by the department but by
the law. Albright also said if the department believes it needs
"statutory relief" in the future, it would work with Congress
to make necessary changes. 


Miller, along with the Professional Services Council and the Chamber of
Commerce, also called the request for detailed financial data
"unnecessary," arguing that it would deter companies from
applying for liability limits and negate the purpose of the law.


"The information submitted to the [department] will necessarily
contain very sensitive confidential and proprietary ...
information," said John Clerici, a lawyer representing the chamber.
"Without assurances of confidentiality, the need to supply this
information alone will likely deter sellers." 

Industry officials also cited "significant hurdles" that need
to be addressed before finalizing the rule, including prioritizing
applications and clarifying protections for proprietary information.


Davis agreed, saying, "The interim rule is not where we need to
be." 
*******************************