Clips October 28, 2003

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips October 28,
2003

ARTICLES

Diebold issues threat to publishers of leaked documents
Bush to Sign Electronic Banking Bill
HHS Web Guidelines Created With Designers, Users in Mind 
Denmark urged to support open source
Big Companies Add to Spam
Official calls for sensible tech use
Defense will test tactical satellite apps 
NIH to detail biomedical computing agenda 
Night and day, Richmond citizens tap services via Web 
RFID users differ on standards
Cerf: ICANN finally working on 'substantive issues'

*******************************
USA Today
Diebold issues threat to publishers of leaked documents
By Rachel Konrad, Associated Press
Posted 10/27/2003 5:33 PM     Updated 10/28/2003 9:01
AM

SAN JOSE, Calif.  One of the nation's largest electronic voting
machine suppliers is threatening to sue activists for publishing leaked
company documents that they claim raise serious security questions.

But despite legal threats from Diebold, some activists are refusing to
remove the documents from Web sites. 

Diebold sent "cease and desist" letters after the documents and
internal e-mails, allegedly stolen by a hacker, were distributed on the
Internet. Recipients of the letters included computer programmers,
students at Swarthmore College and at least one Internet provider.

Most of the 13,000 pages of documents are little more than banal employee
e-mails, routine software manuals and old voter record files. But several
items appear to raise security concerns. 

Diebold refused to discuss the documents' contents. Company spokesman
Mike Jacobsen said the fact that the company sent the cease-and-desist
letters does not mean the documents are authentic  or give credence
to advocates who claim lax Diebold security could allow hackers to rig
machines. 

"We're cautioning anyone from drawing wrong or incomplete
conclusions about any of those documents or files purporting to be
authentic," Jacobsen said. 

But the activists say the mere fact that Diebold was hacked shows that
the company's technology cannot be trusted. 

"These legal threats are an acknowledgment of the horrific security
risks of electronic voting," said Sacramento-based programmer Jim
March, who received a cease and desist order last month but continues to
publish the documents on his personal Web site. 

In one series of e-mails, a senior engineer dismisses concern from a
lower-level programmer who questions why the company lacked certification
for a customized operating system used in touch-screen voting machines.

The Federal Election Commission requires voting software to be certified
by an independent research lab. 

In another e-mail, a Diebold executive scolded programmers for leaving
software files on an Internet site without password protection. 

"This potentially gives the software away to whomever wants
it," the manager wrote in the e-mail. 

March contends the public has a right to know about Diebold security
problems. 

"The cease-and-desist orders are like a drug dealer saying, 'Hey,
cop, give me back my crack.' It's an incredible tactical blunder,"
he said. 

The documents began appearing online in August, six months after a hacker
broke into the North Canton, Ohio-based company's servers using an
employee's ID number, Jacobsen said. The hacker copied company
announcements, software bulletins and internal e-mails dating back to
January 1999, Jacobsen said. 

In August, someone e-mailed the data to electronic-voting activists, many
of whom published stories on their Web logs and personal sites. A
freelance journalist at Wired News, Brian McWilliams, also received data
and wrote about it in an online story. 

The data was further distributed in digital form around the Internet and
it is not known how many copies exist. 

Wendy Seltzer, an attorney for the Electronic Frontier Foundation, said
she has been contacted by about a dozen groups that received
cease-and-desist letters. Among them is Online Policy Group, a nonprofit
ISP that hosts the San Francisco Bay Area Independent Media Center, which
published links to the data. 

Seltzer encouraged them to defy the Diebold cease-and-desist letters.

"There is a strong fair-use defense," Seltzer said.
"People are using these documents to talk about the very mechanism
of democracy  how the votes are counted. It's at the heart of what
the First Amendment protects."
*******************************
Associated Press
Bush to Sign Electronic Banking Bill 
Tue Oct 28, 8:14 AM ET

WASHINGTON - A bill awaiting President Bush (news - web sites)'s
signature would allow banks to clear checks electronically, potentially
slashing paperwork. 

Under the legislation, banks will be able to approve digital images of
checks rather than physically transport them between financial
institutions. 

The bill changes the current requirement that banks have specific
agreements with other institutions to electronically process checks.
Banks, customers and businesses that still want paper checks could
request a substitute check, which has the same legal status as a regular
one, to confirm the electronic transfer. 

Bush was signing the legislation Tuesday in a White House ceremony.

With tens of billions of checks processed annually, the current system is
prone to delays when air transportation halts. The Sept. 11, 2001,
attacks lent urgency to electronic check legislation, as banks had to
resort to slower ground transportation when planes were grounded.

There was no official word on whether Bush will sign a much more
sensitive bill that awaits him  legislation outlawing a type of
abortion, generally carried out in the second or third trimester, in
which a fetus is partially delivered before being killed. The House
approved the legislation this month, and Bush has urged Congress to get
it to his desk, but has not signaled when he will sign it. 

Also Tuesday, Bush was meeting privately with Romanian President Ion
Iliescu. 

Later, he was hosting a third annual meal with Muslim leaders and
ambassadors from Muslim countries. 

During the monthlong Ramadan, the faithful abstain from all food, drink,
smoking and other pleasures during daylight. Bush was hosting the
iftar  the traditional breaking of the daylong fast  in the
White House on Tuesday evening. 
*******************************
Washington Post
HHS Web Guidelines Created With Designers, Users in Mind 
By Stephen Barr
Tuesday, October 28, 2003; Page B02 

Ever gotten lost searching for information on an Internet site?
Frustrated by Web sites that time-out before you complete your
transaction? Don't know how to download or use a PDF file?

Sanjay Koyani and his colleagues at the Health and Human Services
Department are trying to provide Web operators with help that also helps
the user. After two years of research -- including observations of people
at computers trying to find information -- HHS has published 187
guidelines for effective Web design and organization of
material.

The goal, Koyani said, is to help government, academic, commercial and
other groups create Web sites that are based on user research and not
personal opinions. "This information didn't exist to begin
with," he said. "We looked at guidelines inside and outside the
government. . . . Nothing was in agreement or backed up by research. . .
. The commercial and internal [government] guides were all over the
place."

The HHS guidelines come at a time when the government is struggling to
make sense of vast amounts of data, growing demands from the public for
answers to questions and increasing pressure to hold down its overhead
costs.

Recent estimates show that there are more than 22,000 Web sites across
the government, providing more than 35 million Web pages. More than 60
percent of Internet users in the United States go to a federal Internet
site each year.

The "Research-Based Web Design & Usability Guidelines" were
developed by the National Cancer Institute to help the agency's managers
find better ways to present cancer information to patients and families.
The project expanded when Koyani and others realized that peer-reviewed
guidelines would be valuable to other parts of HHS and the
government.

The guidelines cover such issues as accessibility, home page design, site
navigation, writing, graphics and content organization. Each guideline
comes with a score indicating the "strength of evidence" behind
the recommendation and a score for "relative importance" to
help Web-site developers make judgments about competing
priorities.

Koyani's job title -- senior usability engineer -- reflects the
importance of existing and emerging technologies in the federal
workplace. In the past, agency managers turned in their content to Web
designers and asked them to post it as soon as possible. Now, Koyani
said, "We also try to shift back to the user -- what are their
needs, what are their limitations."

In revamping the HHS home page, officials spent months looking at data on
what people sought on the department's Web site and what the public asked
in e-mails, letters and telephone calls, Bill Hall, a department
spokesman, said.

The public comes to HHS for information about diseases, the Medicare
program, child care and the Head Start program, and instructions on how
to apply for grants, Hall said. The site has about 1 million visitors a
month.

As part of the research, HHS found that visitors often confound
expectations. For example, more searches are for "HIPAA" (the
1996 Health Insurance Portability and Accountability Act) than any other
term, even though HHS thought it had addressed the topic by creating a
health and medical privacy link on its home page.

Without its Web site, HHS probably would be overwhelmed with
customer-service demands. When the HIPAA privacy rules went into effect,
HHS got a half-million hits on its questions-and-answers page, all on
privacy issues.

The HHS guidelines, Koyani said, should pay off for agencies that need to
post information quickly. "We've listed all the guidelines in rank
of importance," he said. "You can look at those and focus on
what is important."

The guidelines are posted at 
usability.gov/pdfs/guidelines.html.

Aetna on Federal Diary Live 


Trying to sort out your options in the Federal Employees Health Benefit
Program? Tom Bernatavitz, vice president for Aetna's federal government
business, will take questions and comments at noon tomorrow on Federal
Diary Live at
www.washingtonpost.com/online.
Please join us then.

Stephen Barr's e-mail address is 

barrs@xxxxxxxxxxxxx 
*******************************
CNET News.com
Denmark urged to support open source
Last modified: October 27, 2003, 11:23 AM PST
By Matthew Broersma 

Open-source software represents a serious alternative to proprietary
products and should be used as a tool to open up software markets to more
competition, according to a Danish report. 

The report, which stirred up controversy when it was published in Denmark
earlier this month, was released in English last week by the Danish Board
of Technology, an independent body the Danish Parliament established to
advise the government on technology. 

While a number of governments in Europe and elsewhere are eyeing
open-source software as a way to cut costs and stimulate local software
development, the Danish study goes a step further, arguing that public
sector support for open source and open standards may be necessary for
there to be any real competition in the software market. 

"Open-source software represents a serious technical and economic
alternative to proprietary software--even where there are proprietary
industry standards," the report said. Open-source software licenses
allow anyone to modify and redistribute the source code of applications,
meaning that no one organization controls the software's development.

The study recommended that governments take an active role in promoting
standardized file formats and alternatives to dominant proprietary
applications to help break a "de facto monopoly." 

"The ordinary market conditions for standard software will tend
towards a very small number of suppliers or a monopoly," the Board
of Technology stated in the report. "It will only be possible to
achieve competition in such a situation by taking political decisions
that assist new market participants in entering the market."

The board was particularly critical of closed, proprietary standards such
as Microsoft's Word format, arguing that they go against the principles
of e-government by requiring citizens to use particular software and
reinforcing monopolies. 

"A strategy for e-government should not be based on a closed,
proprietary standard in a key technology," the report said.
"There is no genuine competition at present in the desktop (office
software) area, largely due to the fact that Microsoft formats also
represent de facto standards for electronic document exchange."

The board recommended that the Danish government take an active role in
promoting an open, XML (Extensible Markup Language)-based alternative for
file formats, either by switching to the OpenOffice.org XML format or by
launching a European project to develop a new format. 

Uphill battle
However, the report recognized that establishing a new or alternative
format could be an uphill battle, given that Microsoft Office cannot read
OpenOffice documents or other formats. The board recommended that Denmark
begin a series of trials to test the feasibility of introducing
open-source software such as OpenOffice. 

Open source could also help make public sector software procurement more
cost-effective by introducing real competition, the report said.
"Proprietary systems entail a strong tie to a single supplier, and
in reality this precludes competition," it argued. "User-owned
systems are more expensive in actual development, but provide an
opportunity for greater competition in continued development, and are
therefore cheaper in the long run." 

A coordinated plan for using open source could also give governments a
stronger hand when the time comes to renegotiate contracts with
Microsoft, the study said. 

The Danish Board of Technology urged the government to take action,
dismissing the lukewarm approach of other European countries: "It
is...not sufficient for us in Denmark to follow Britain and Germany, for
example, in merely recommending that open source should be 'considered.'
A more active decision must be taken in those areas where there is a de
facto monopoly." 

ZDNet UK's Matthew Broersma reported from London.

To see the Report:
http://www.tekno.dk/subpage.php3?article=969&survey=14&language=uk&front=1
*******************************
New York Times
October 28, 2003
Big Companies Add to Spam
By SAUL HANSELL

Ever wonder how a certain company sending unsolicited e-mail messages got
your address?

Michael Rathbun, the director of policy enforcement at Allegiance
Telecom, an Internet service provider in Dallas, says he thinks he has
much of the answer.

Some five years ago, Mr. Rathbun bought a Palm hand-held organizer and,
in registering it on Palm's Web site, gave the company an e-mail address
he never used for anything else. Initially his in-box received only
offers for products related to the organizer, but eventually he started
getting advertising from some well-known companies like Bank of America,
SBC Communications and Sprint. Lately, that one address alone has been
receiving dozens of e-mails a month offering everything from travel clubs
to acne remedies.

"This is not stuff," Mr. Rathbun said, "that I should be
getting from them."

The problem of spam or unwanted commercial e-mail is usually attributed
to outlaws and hucksters  peddlers of pornography, get-rich-quick
schemes and pills of dubious merit  who use hackers to send their
fraudulent messages in ways that cannot be traced.

But the torrent of spam that is flowing into people's electronic
mailboxes comes not only from the sewers but also from the office towers
of the biggest and most well-known corporations.

Established companies insist they send e-mail only to people who have
voluntarily agreed to receive marketing offers. A spokeswoman for Palm
says it does not know how Mr. Rathbun's e-mail address got into the hands
of spammers and says it has never sold its customer list. 

But often companies rent e-mail lists from a cottage industry that has
emerged to lure Internet users, through a variety of schemes, into
signing up for e-mail marketing.

At best, if you have ever entered a contest to win a prize, subscribed to
an online newsletter or simply purchased a product on the Web, you may
well have also agreed, as many such fine-print contracts put it, "to
receive valuable offers from our marketing partners."

This practice falls under the rubric of what is called opt-in marketing,
or getting permission to send advertising messages.

But many e-mail executives admit that these same list companies also add
to their databases by buying, trading  sometimes even stealing 
names.

"Everyone is looking for a quick buck now, and people are claiming
to sell opt-in data who don't have it," said Pesach Lattin, who runs
Adspyre, a New York e-mail marketing firm.

Moreover, some companies have allowed the e-mail addresses of their own
customers, either deliberately or inadvertently, to fall into the hands
of list peddlers who in turn sell them to e-mail marketers of all
stripes. Sometimes, the lists are stolen from corporate owners by
employees or vendors looking to make a quick profit. But in many cases,
the big companies are deliberately buying and selling access to names,
relying on privacy policies  often hard to find on their sites 
that they say permit such actions.

"White-collar spam" is how Nick Usborne, a newsletter writer
and Internet marketing consultant, refers to this phenomenon.

"When a responsible company," Mr. Usborne said, "gets
someone to sign up for a newsletter and says, now that we have their
e-mail address let's make more money off it and send them e-mail they
didn't ask for, that's white-collar spam."

The antispam bill passed unanimously by the Senate last week imposes
tough penalties on people involved in the lowest forms of spam but it
does not deal with the central questions Mr. Usborne and others raise
about white-collar spam. It does nothing, for example, to establish rules
defining an appropriate list of names that a purveyor of a legitimate
product can use to send an offer by e-mail. Nor does it regulate the
transfer of names between companies.

The law would require that every e-mail message offer recipients a method
to remove themselves from an advertiser's mailing list. But with the way
that names are traded today, this method would do little to reduce the
amount of e-mail people receive, industry executives say.

"People don't realize that once you sign up for a contest or free
stuff on the Web and you forget to uncheck a box, these people will pass
your name to a hundred other people,'` said Paul Nute, a partner of Soho
Digital, a New York advertising agency that represents e-mail marketers.
"You've just raised your hand and said, `Send me the diet pill
offers.' And there is no way to get them all to stop."

A new state law scheduled to take effect in California on Jan. 1 tries to
take a stricter approach: it requires that commercial e-mail to or from
anyone in the state be sent only to people who specifically request
information from the advertiser. Many in the e-mail industry read the law
as curbing many of the more common ways that names are gathered and used,
but the exact limits will be left up to the courts to define.

Moreover, if the federal bill passed by the Senate is enacted it would
void most state spam laws, including California's. Although the Senate
bill also authorizes the Federal Trade Commission to create a do-not-spam
list modeled after the wildly popular do-not-call list that is already
starting to curb unwanted telemarketing calls, F.T.C. officials said
that, unlike telemarketing, it would be extremely difficult to determine
the difference between solicited and unsolicited e-mail. That is in part
because so many companies go beyond their own customers to rely on opt-in
list collectors.

Not surprisingly, companies that are active users of conventional mail
solicitations have gravitated to e-mail, which can be far cheaper, to
push certain products. These include Morgan Stanley's Discover Card,
Altria's Gevalia Coffee, Schering-Plough's Claritin, and The New York
Times, which uses opt-in e-mail lists to sell subscriptions.

One such list maker is Xuppa.com, a 38-person firm working from a cramped
office in Midtown Manhattan across Seventh Avenue from Macy's department
store. It has gathered half a billion e-mail addresses since it started
four years ago, but most of those are no longer valid. The 65 million
names left on its lists, Lance Laifer, Xuppa's chief executive, says,
have given permission to receive marketing messages.

Visitors to Xuppa.com are encouraged to enter its $1 million sweepstakes.
To do so they must enter not only their e-mail address but postal address
and telephone number as well. Entering the contest gives Xuppa permission
to market to users. On the same Web page, some 75 other offers from
advertisers are displayed, each adjacent to a check box  some
already checked by default. When Xuppa users enter the contest, their
personal information is passed to any advertiser whose offer is
checked.

"There are a lot of people who would rather register and give their
e-mail addresses than pay for services," Mr. Laifer said.

This process of putting many offers on one page where users enter
information is called co-registration, and it has become one of the main
ways that names are gathered online.

Some such sites make it hard for users to see all the lists they are
joining. AmericanGiveAways.com, a site run by Synergy6, allows users to
register to earn free gifts. "By signing up with us," a notice
at the bottom of the page reads, "you are also agreeing to receive
great offers, special coupons and promotions from our partner
sites."

Dozens of partners are listed on separate links, yet once a single button
is clicked each of the advertisers can claim  with some degree of
truth  that the user agreed to receive marketing messages.

Such sites stretch users' consent beyond any recognition, argues Seth
Godin, a former Yahoo executive, who coined the term "permission
marketing" to define the practice of sending e-mail marketing to
people who ask for it.

"The people who are talking about permission marketing are almost
entirely doing it wrong," Mr. Godin said. "Greed and avarice
drove people to wreck the system."

The trade in e-mail names is not limited to the back alleys of the
Internet. Big traditional mailing list companies  like Equifax and
Experian  have been buying e-mail addresses, often from these
contest sites, and linking them with their vast stores of other
information about people. They use this so marketers can send e-mail to
people with, say, a certain disease, or who own a specific car, and so
on.

The chain of permission can be stretched even further. Some names come
from customer lists of Internet companies that collapsed as the dot-com
bubble burst. For example, MatchLogic, a Colorado marketing company that
gathered 13 million names was acquired by Excite@Home, a high-speed
Internet service controlled by AT&T.

MatchLogic had a clear privacy policy that said it would not transfer
those names to any third party without permission. But when Excite@Home
was liquidated in bankruptcy in 2001, its mailing list was purchased by a
group of marketing firms led by RHC Direct of Salt Lake City. Some of
those companies in turn sold the list to others. Robert Caldwell, RHC's
president, says he believes it is also being traded by former MatchLogic
employees.

"Names get flipped and flipped and flipped until everyone's name is
everywhere," Mr. Caldwell said.

Nothing is wrong with that, he contended, because the people who
originally provided their e-mail addresses agreed to receive marketing
messages.

"As much as people talk about privacy," he said, "they
will give it up for the chance to win a Lexus."

Mr. Rathbun, who also has an e-mail address exclusively used to enter a
MatchLogic contest, says it has received thousands of pieces of spam,
some from big companies.

Bankruptcy courts have generally allowed the sale of lists from failed
companies like MatchLogic. But those transfers were against Excite@Home's
stated privacy policy, said Christopher Kelly, Excite@Home's former chief
privacy officer, now a lawyer with Baker & McKenzie. He said he would
advise any client not to send e-mail to that list "as there is
insufficient proof of the permission of the information."

Officials at many of the big companies marketing by e-mail admit that the
list companies are not always honest about the sources of their names.
But they say there is no way to test the quality of a list other than to
send e-mail to its addresses and find out how many complaints
result.

"There are some irresponsible companies that are bringing a bad name
to those of us trying to be responsible,'` said Rajive Johri, executive
vice president for marketing for J. P. Morgan Chase's credit card unit,
an active user of opt-in e-mail.

"We do a lot of due diligence on the vendors we utilize," Mr.
Johri said. "At the same time, can I feel 100 percent sure that
there are no abuses? No."
*******************************
Federal Computer Week
Official calls for sensible tech use
BY Dibya Sarkar 
Oct. 27, 2003

PHILADELPHIA -- If you watch National Football League games on
television, you might notice a virtual yellow line overlaid on the field
to help viewers locate the first down marker. It's an elementary version
of what's called "augmented reality," one of several emerging
technologies that a New York police official says will change law
enforcement and society in the not-so-distant future. 

Developing technologies -- such as reality augmentation, nanotechnology,
artificial intelligence, biometrics, radio frequency identification tags,
autonomous unmanned aerial vehicles, ranging in size from an airplane to
a gnat, and wireless technologies -- will be important to combat emerging
terrorist and criminal threats, said Capt. Thomas Cowper of the New York
State Police. For instance, it's not inconceivable that augmented reality
-- taking digital information and overlaying it on a real image -- could
be combined with facial recognition software so that can scan faces and,
in real time, find out who's wanted, said Cowper, speaking recently at
the annual conference of the International Association of Chiefs of
Police.

But as technology advances at an exponential rate, police and homeland
security officials must deal with it sensibly, otherwise it will
adversely affect privacy and security, he said. The problem isn't
technology itself, but how it's implemented, Cowper said. Unless law
enforcement deals with new technology in an educated and responsible way,
it will have a hard time, Cowper said.

For example, the Tampa Police Department's use of facial recognition
software to scan for criminals among ticket holders attending the Super
Bowl two years ago was roundly criticized. In another high-profile issue,
the Defense Department scrapped its Terrorism Information Awareness (TIA)
program that employed data mining, collaborative software, analytical
tools and decision support aids so officials could gather and analyze
information about terrorists.

Although privacy protection was a major component of the program, many
outsiders characterized TIA as an aberration cooked up to circumvent
privacy, Cowper said. "TIA was nothing more than the inevitable
result of technological progress yet we rejected that technology for law
enforcement and homeland security use," said Cowper. 

Meanwhile, several similar federal programs -- such as the CIA's
Terrorist Threat Integration Center and the Transportation Security
Administration's Computer Assisted Passenger Prescreening System --
employ the same components, yet no one has raised a furor over them, he
said. 

The American public will accept technology, just as they have in the
past, Cowper said. The question, he said, is whether law enforcement can
use emerging technologies to simultaneously provide homeland security and
protect constitutional freedoms.
*******************************
Government Computer News
10/28/03 
Defense will test tactical satellite apps 
By Dawn S. Onley 

The Defense Department plans to launch an experimental satellite early
next year from the inaugural flight of the Falcon rocket to support
battlefield information needs. 

TacSat-1 will be designed, built and launched at a cost of roughly $15
million, said retired Vice Adm. Arthur Cebrowski, director of force
transformation, in a background paper released today by the Office of
Force Transformation. 

It is the first of a series of tactical satellites that DOD plans to
launch over the next several years. 

Cebrowski said the experiment ?seeks to blaze a new concept and
developmental path for tactical micro-satellite exploration.? 

The tactical satellite will support: 


Machine-to-machine collaboration between air and space units 


Dissemination of data through DOD?s Secret IP Router Network 


Capability to identify and capture information from items on the
battlefield emitting measurable electronic signals. 


Thermal imaging technology via an onboard infrared camera. 

The Navy and Air Force will lead the test. The Navy Research Lab is
building the satellite. The Air Force?s Space and Missile Center is
overseeing the booster, and its 30th Space Wing will provide the launch
facility and services.
*******************************
Government Computer News
10/27/03 
NIH to detail biomedical computing agenda 
By Mary Mosquera 

The National Institutes of Health next week will begin laying the
groundwork for a decade-long effort to build a national biomedical
computing infrastructure. 

NIH will launch the effort with Digital Biology Week, an event running
from Nov. through Nov. to 7 at the agency?s campus in Bethesda, Md.

The Health and Human Services Department agency will discuss plans for
the NIH National Centers for Biomedical Computing. NIH has posted
information about the new agency online see
http://www.nigms.nih.gov/biocomputing/ncbc.html.

NIH plans to spend $14 million to $17 million next year on three or four
new centers to begin projects for the biomedical computing
infrastructure. The centers and infrastructure are part of the Roadmap
for Medical Research, through which NIH wants to speed research
discoveries. 

The National Institute of Standards and Technology and the National
Science Foundation are also participating in the project. NIST and NSF
will focus on biomedical research standards and information processing in
biological organisms for the emerging field of systems biology. 

Click here to link to information about Digital Biology Week.
http://www.nigms.nih.gov/news/releases/digital_biology_week.html
*******************************
Government Computer News
10/27/03 
Night and day, Richmond citizens tap services via Web 
By Trudy Walsh 

The Richmond, Va., Web portal lets citizens make requests for city
services around the clock. 

Users can send in their requests to the Citizens? Requests System, at
www.richmondgov.com,
for tree trimming, pothole filling and other city services. 

The first iteration of the system dates back to 1994, when it was a CICS
transaction system that allowed transactions via telephone, said Jerry
Myers, project leader of Richmond?s community services team. Since then,
the system has gone through several updates, with the most recent version
launched this summer. 

The current portal features a user account system called
MyRichmondgov.com, which was modeled partly on My.Yahoo.com from Yahoo
Inc. of Santa Clara, Calif. This is a place where Web visitors can
personalize their accounts, said Jamie Fox, project leader for the city?s
Web team. 

The site uses DB2 on a mainframe back end, Fox said. User account
information is stored in a Microsoft SQL Server database. The portal uses
Secure Sockets Layer encryption for transactions that contain personal
identifying information, such as user names and passwords. 

When a citizen submits a request, the system assigns it to the
appropriate department with a tracking number. Each department assigns
the item an estimated completion date. 

?It?s like when you buy something on the Internet,? said Kirk Baumbach,
acting systems and programming manager for the IT Department. ?You get a
little auto-confirmation e-mail back with a tracking number.? 

The site also uses some error-checking filters that the IT Department
built in-house, Fox said. 

One application verifies user addresses against an address database for
the area, Myers said. If somebody types in an incorrect address, the
system will prompt the user with the right address, asking ?Do you mean
this one?? 

The site also has a geographic information system that maps requests
digitally. The GIS feature came in handy during and after Hurricane
Isabel, Fox said. 

The department tracked damage after Isabel by plotting green dots on a
GIS map, Fox said. ?Practically the whole city turned green,? he said.

The system averages about 1,200 requests a month, Myers said. But from
Sept. 18, the day Isabel hit, through to Oct. 20, the site received more
than 3,170 requests, Myers said. 

The portal also has a dirty word filter, which filters out profanity in
four languages, Fox said. The site also includes security features to
deflect denial-of-service attacks. Both of these applications were
developed in-house by Nick de Lioncourt, a systems developer who wrote
the applications in Microsoft VBScript and Structured Query Language.

Fox said he reported a pothole on his street through the portal a few
weeks ago. Two days after he sent in his request, the hole was fixed.
This wasn?t preferential treatment for city employees, Fox said. ?It
didn?t know where I worked,? he said.
*******************************
Computerworld
RFID users differ on standards
The Pentagon insists on ISO specs, while corporate users back the EPC
plan 

Story by Bob Brewin 

OCTOBER 27, 2003 ( COMPUTERWORLD ) - The U.S. Department of Defense wants
to leverage radio frequency identification technology that's being
developed for use in commercial supply chains. But a Pentagon official
last week said the RFID tags used by the military must conform to
upcoming specifications from the International Standards Organization.
In contrast, Wal-Mart Stores Inc. and other corporate users have said
they plan to adopt an electronic product code standard that's being
devised by EPCglobal Inc. 

Some suppliers and analysts voiced concerns that the use of different
standards could result in higher costs for companies that have to meet
mandates from both Wal-Mart and the DOD to start putting RFID tags on
shipping pallets and cases by January 2005. 

Larry Kellam, director of supply network innovation at Procter &
Gamble Co., said there would be "a significant cost impact" if
the DOD and corporate users don't agree on a common standard. IT expenses
would likely increase, as would inventory and product-handling costs, he
said. 

Kellam added that different standards would also make it harder to meet a
goal of reducing the cost of RFID tags to as low as five cents each, the
level Wal-Mart wants to see. "Tag costs would still never get as low
as with a single, global standard," he said. P&G is among the
top 100 suppliers of both Wal-Mart and the DOD. 

The Pentagon this month said that all of its 23,000-plus suppliers will
be required to use passive RFID tags to help military officials identify
and track more than 45 million line items (see story). That followed a
similar edict issued by Bentonville, Ark.-based Wal-Mart to its top 100
suppliers in June. 

The military would like to support the EPC standard, said Maurice
Stewart, deputy chief of the DOD's Automatic Identification Technology
office. But the Pentagon has "embraced ISO standards, because that
is the way we do business," Stewart said. He added that many of the
DOD's suppliers have already adopted draft versions of the ISO 18000 RFID
standards and that those specifications should provide trading partners
with plug-and-play capabilities. 

EPCglobal is a joint venture between Uniform Code Council Inc. in
Lawrenceville, N.J., and EAN International in Brussels. Bernie Hogan,
chief technology officer at the UCC, said he has a hard time
understanding why the Pentagon is "so hung up" on the
differences between the two standards this early in the RFID adoption
process. 

Hogan said the standards will likely converge over time, with the ISO
18000 specifications being incorporated into the EPC ones. He added that
the UCC is heavily involved in the development of ISO 18000. 

EPCglobal last month released the specifications for an RFID-based EPC
network and supporting technology. The EPC standard is much narrower in
scope than the ISO's and doesn't take into account the use of different
frequency ranges, which the military requires, said Steve Halliday, an
analyst at consultancy High Tech Aid in Gibsonia, Pa. 

Halliday, who expects a final version of the ISO standard to be released
in a matter of months, said that failing to find common ground on the
issue would have "disastrous" consequences for the DOD's
suppliers and corporate supply chains.
*******************************
Computerworld
Cerf: ICANN finally working on 'substantive issues'
He called this week's meeting a 'turning point' for the organization

Story by Scarlet Pruitt

OCTOBER 27, 2003 ( IDG NEWS SERVICE ) - The Internet Corporation for
Assigned Names and Numbers (ICANN) meeting in Carthage, Tunisia, this
week will be getting down to brass tacks for the first time on how the
Internet works, according to ICANN Chairman Vinton Cerf. 
Speaking during a conference call from Carthage today, Cerf said that the
group has been bogged down in organizational issues and is just now able
to deal with "substantive issues" such as how to expand the
Internet and shore up its security. "This is a big turning point for
me and for ICANN," he said. 

The Marina Del Rey, Calif.-based organization oversees matters relating
to the Internet address system and has been undergoing an overhaul after
coming under criticism for being overly bureaucratic and ineffective.

With some key organizational issues, such as a putting into place a
framework for greater public input, now dealt with, "ICANN 3.0"
is now looking to address the technical future of the Internet. The group
will be discussing how to expand the Internet address system to include
different country-specific, top-level domains with greater language
support, as well as plans for moving from Internet Protocol 4 (IPv4) to
IPv6, Cerf said. 

The move from IPv4, which was introduced in 1978, to IPv6 is critical in
order to support the growing number of devices requiring specific IP
addresses, according to Cerf. There are expected to be millions of new
devices, including personal digital assistants, mobile phones and home
appliances. 

"We've quickly discovered that there will be more than one or two
devices [requiring IP addresses] per person," he said. 

Cerf also said that, given how central the Domain Name System is to
applications working on top of it, ICANN needs to focus on how to improve
its security. 

While in Tunisia, ICANN also plans workshops on the Whois name-lookup
database and a board meeting Oct. 31 to "put some final
touches" on new top-level domains, Cerf said. While the group isn't
set to specifically discuss the row over VeriSign Inc.'s Site Finder
service, it does expect comments on the matter from its Security and
Stability Advisory Committee in coming weeks, ICANN President Paul Twomey
said during the call. 

Earlier this month, ICANN asked Mountain View, Calif.-based VeriSign to
shut down the Site Finder service, which was designed to redirect users
who mistyped a domain name to a legitimate Web site, amid complaints that
the company was steering users to properties it owns (see story
http://www.computerworld.com/developmenttopics/websitemgmt/story/0,10801,86117,00.html).
The security committee is currently accepting input on the matter and
will decide in a few weeks if it needs more information or can make a
decision, Twomey said. 

Speaking of the controversial service, Twomey said it proved that
"innovation is not in and of itself a good thing" when it
destabilizes the system. 

ICANN's meeting in Carthage will continue through Oct. 31
*******************************