Slashdot Mirror

Tulsa, Oklahoma is offering full-time remote workers in the U.S. free office space, a subsidized furnished apartment, and $10,000 cash if you move there and stay for at least one year. The city wants to attract so-called "digital nomads," who would, presumably, start paying taxes, launch businesses, and otherwise contribute to the economy of wherever they're drawn to. Nextgov reports: Tulsa Remote is one of several revitalization projects in the region funded by the George Kaiser Family Foundation. The Tulsa-based philanthropic organization was started by George B. Kaiser, an oil and banking billionaire who has signed on to Warren Buffett and Bill and Melinda Gates' "Giving Pledge," whose wealthy signees promise to give away at least half their fortunes to charity.

The organization has budgeted for 20 new remote workers in the program's first year, says Ken Levit, GKFF's executive director. Applicants must be at least 18, eligible to work in the U.S., already working full-time for an employer based outside the boundaries of Tulsa County, and prepared to move to Tulsa within six months. Applications opened Tuesday at the website TulsaRemote.com; the city hopes to settle the first new residents within the next three months, Levit said.

Oracle has filed an official complaint with the U.S. government over plans to award the Pentagon's lucrative cloud contract to a single vendor. Rebecca Hill writes via The Register: The Joint Enterprise Defense Infrastructure (JEDI) contract, which has a massive scope, covering different levels of secrecy and classification across all branches of the military, will run for a maximum of 10 years and is worth a potential $10 billion. In spite of this pressure from vendors and the tech lobby -- as well as concerns from Congress -- the US Department of Defense (DoD) refused to budge, and launched a request for proposals (RFP) at the end of last month. Oracle is less than impressed with the Pentagon's failure to back down, and this week filed a bid protest to congressional watchdog the Government Accountability Office asking for the RFP to be amended.

In the protest, the database goliath sets out its arguments against a single vendor award -- broadly that it could damage innovation, competition, and security. Reading between the lines, it doesn't want either of Amazon or Microsoft or Google to get the whole pie to itself, and thus endanger Oracle's cosiness with Uncle Sam. Summing up its position in a statement to The Register, Oracle said that JEDI "virtually assures DoD will be locked into legacy cloud for a decade or more" at a time when cloud technology is changing at an unprecedented pace.

An anonymous reader quotes a report form Techdirt: In the immediate aftermath of an NSA contractor springing numerous leaks back in 2013, the NSA vowed this would never happen again. It has happened again and it hasn't just been documents. It's also been software exploits, which contributed to a worldwide plague of ransomware. The NSA was going to make sure no one could just walk out of work with thousands of sensitive documents. It laid out a plan to exercise greater control over access and fail safe procedures meant to keep free-spirited Snowdens in check. The NSA is the world's most powerful surveillance agency. It is also a sizable bureaucracy. Over the past half-decade, the NSA has talked tough about tighter internal controls. But talk is cheap -- at least labor-wise. Actual implementation takes dedication and commitment. The NSA just doesn't have that in it, according to a recent Inspector General's report: "The nation's cyber spy agency is suffering from substantial cyber vulnerabilities, according to a first-of-its-kind unclassified audit overview from the agency's inspector general released Wednesday. Those vulnerabilities include computer system security plans that are inaccurate or incomplete, removable media that aren't properly scanned for viruses, and an inadequate process for tracking the job duties of National Security Agency cyber defenders to ensure they're qualified for the highest-level work they do, according to the overview."

Long-time Slashdot reader Zorro quotes Nextgov: The Defense Department is funding a project that officials say could revolutionize the way companies, federal agencies and the military itself verify that people are who they say they are and it could be available in most commercial smartphones within two years. The technology, which will be embedded in smartphones' hardware, will analyze a variety of identifiers that are unique to an individual, such as the hand pressure and wrist tension when the person holds a smartphone and the person's peculiar gait while walking, said Steve Wallace, technical director at the Defense Information Systems Agency.

Organizations that use the tool can combine those identifiers to give the phone holder a "risk score," Wallace said. If the risk score is low enough, the organization can presume the person is who she says she is and grant her access to sensitive files on the phone or on a connected computer or grant her access to a secure facility. If the score's too high, she'll be locked out... Another identifier that will likely be built into the chips is a GPS tracker that will store encrypted information about a person's movements, Wallace said. The verification tool would analyze historical information about a person's locations and major, recent anomalies would raise the person's risk score.
A technical director at the agency "declined to say which smartphone and chipmakers planned to participate in the project, but said the capability will be available 'in the vast majority of mobile devices.'"

"The Pentagon is the latest government entity to join the open-source movement," writes NextGov. An anonymous reader quotes their report: The Defense Department this week launched Code.mil, a public site that will eventually showcase unclassified code written by federal employees. Citizens will be able to use that code for personal and public projects... The Defense Department's Digital Service team, whose members are recruited for short-term stints from companies including Google and Netflix, will be the first to host its code on the site once the agreement is finalized... "This is a direct avenue for the department to tap into a worldwide community of developers to collectively speed up and strengthen the software development process," a DOD post announcing the initiative said. The Pentagon also aims to find software developers and "make connections in support of DOD programs that ultimately service our national security."
Interestingly, there's no copyright protections on code written by federal employees, according to U.S. (and some international) laws, according to the site. "This can make it hard to attach an open source license to our code, and our team here at Defense Digital Service wants to find a solution. You can submit a public comment by opening a GitHub issue on this repository before we finalize the agreement at the end of March."

Through a combination of machine learning and deep learning, the Central Intelligence Agency (CIA) is using powerful supercomputers, dubbed "Siren Servers" by computer philosophy writer Jaron Lanier, to predict social unrest days before it happens. The Sociable reports: CIA Deputy Director for Digital Innovation Andrew Hallman announced that the agency has beefed-up its "anticipatory intelligence" through the use of deep learning and machine learning servers that can process an incredible amount of data. "We have, in some instances, been able to improve our forecast to the point of being able to anticipate the development of social unrest and societal instability some I think as near as three to five days out," said Hallman on Tuesday at the Federal Tech event, Fedstival. The CIA deputy director said that it was "much harder to convey confidence for the policymaker who may make an important decision from advanced analytics with deep learning algorithms." Now that the CIA claims to be able to predict social unrest days in advance, there are some interesting theoretical possibilities that can come of this. One is that the CIA's siren servers will become so efficient that they will predict all social uprising and will be able to prevent it. If they are successful in doing that, there would be no need for the CIA as their technology could predict and prevent any societal upheavals, and the agency would be obsolete. Another potential outcome would be that the CIA could use the data and not tell anyone, just like the finance sector did, and then make calculated decisions on whether or not to intervene in any socially distressing situation.

itwbennett writes: "Information security is an endeavor that is frequently described in terms of war," writes Lysa Myers. "But what would the gender balance of this industry be like if we used more terms from other disciplines?" Just 14 percent of U.S. federal government personnel in cybersecurity specialties are women, a number startlingly close to the 14.5 percent of active duty military members who are women (at least as of 2013). By comparison, women are well represented in other STEM fields: "As of 2011, women earn 60 percent of bachelor-level biology degrees. Women also earn between 40 and 50 percent of chemistry, mathematics and statistics, and Earth sciences undergraduate degrees," writes Myers. Why the difference? Myers points to a comment from someone who taught a GenCyber camp for girls: "He found that one effective way to get girls to feel passionate about security was to create an emotional connection with the subject: e.g. the shock and distress of seeing your drone hacked or your password exposed," writes Myers.

schwit1 sends word that The Department of Homeland Security plans on disposing of all the records from a 3-year-long surveillance program without letting the public have access to them. The Department of Homeland Security is poised to ditch all records from a controversial network monitoring system called "Einstein" that are at least three years old, but not for security reasons. DHS reasons the files — which include data about traffic to government websites, agency network intrusions and general vulnerabilities — have no research significance. But some security experts say, to the contrary, DHS would be deleting a treasure chest of historical threat data. And privacy experts, who wish the metadata wasn't collected at all, say destroying it could eliminate evidence that the government wide surveillance system does not perform as intended. The National Archives and Records Administration has tentatively approved the disposal plan, pending a public comment period.

schwit1 writes U.S. District Judge Tanya Chutkan said the bureau's Next Generation Identification program represents a "significant public interest" due to concerns regarding its potential impact on privacy rights and should be subject to rigorous transparency oversight. "There can be little dispute that the general public has a genuine, tangible interest in a system designed to store and manipulate significant quantities of its own biometric data, particularly given the great numbers of people from whom such data will be gathered," Chutkan wrote in an opinion.

An anonymous reader writes 'Earlier this month, at least three U.S. states reported that a hacker had broken into electronic road signs above major highways, with the hacker leaving messages for people to follow him on Twitter. The Multi-State Information Sharing an Analysis Center (MS-ISAC) produced an intelligence report blaming a Saudi Arabian hacker that the organization says likely got the idea from Watch Dogs, a new video in which game play revolves around "hacking," with a focus on hacking critical infrastructure-based electronic devices in particular. "Watch Dogs allows players to hack electronic road signs, closed-circuit television cameras (CCTVs), street lights, cell phones and other systems. On May 27, 2014, the malicious actor posted an image of the game on his Twitter feed, demonstrating his interest in the game, and the compromise of road signs occurs during game play. CIS believes it is likely that a small percentage of Watch Dogs players will experiment with compromising computers and electronic systems outside of game play, and that this activity will likely affect SSLT [state, local, tribal and territorial] government systems and Department of Transportation (DOT) systems in particular." The signs allowed telnet and were secured with weak or default passwords. The report came out on the same day that The Homeland Security Department cautioned transportation operators about a security hole in some electronic freeway billboards that could let hackers display bogus warnings to drivers.'

cold fjord writes "Nextgov reports, 'The Defense Department, owner of 470,000 BlackBerrys, is distancing itself from the struggling vendor while moving ahead with construction of a department wide app store and a system for securing all mobile devices, including the latest iPhones, iPads, and Samsung smartphones and tablets. Just two months ago, when BlackBerry announced the company would radically curtail commercial sales, Pentagon officials said their business partnership remained unaffected. ... A 2012 strategy to transition personnel from PCs to smartphones and tablets did not favor any one device maker ... "This multi-vendor, device-agnostic approach minimizes the impact of [a] single vendor to our current operations," Pentagon spokesman Lt. Col. Damien Pickart said. Implementation of the strategy centers on a "mobile device management" system to track handhelds that touch military networks so that they do not compromise military information or corrupt Defense systems.'"

cold fjord writes "A healthcare provider has sued the Internal Revenue Service and 15 of its agents, charging they wrongfully seized 60 million medical records from 10 million Americans ... [The unnamed company alleges] the agency violated the Fourth Amendment in 2011, when agents executed a search warrant for financial data on one employee – and that led to the seizure of information on 10 million, including state judges. The search warrant did not specify that the IRS could take medical information, UPI said. And information technology officials warned the IRS about the potential to violate medical privacy laws before agents executed the warrant, the complaint said." Also at Nextgov.com.

jjp9999 writes "Nextgov reports, 'The Homeland Security Department has commissioned Accenture to test technology that mines open social networks for indications of pandemics, according to the vendor.' This will kick off a year-long biosurveillance program, costing $3 million, that will log trends in public health by looking through public posts. This ties back to White House guidelines released in July that ask federal agencies to 'Consider social media as a force multiplier that can empower individuals and communities to provide early warning and global situational awareness.'"

An anonymous reader sends this excerpt from Nextgov: "Hackers, possibly from abroad, executed an attack on a Northwest rail company's computers that disrupted railway signals for two days in December, according to a government memo recapping outreach with the transportation sector during the emergency. ... While government and critical industry sectors have made strides in sharing threat intelligence, less attention has been paid to translating those analyses into usable information for the people in the trenches, who are running the subways, highways and other transit systems, some former federal officials say. The recent TSA outreach was unique in that officials told operators how the breach interrupted the railway's normal activities, said Steve Carver, a retired Federal Aviation Administration information security manager, now an aviation industry consultant, who reviewed the memo."

An anonymous reader writes "The Pentagon plans to fork over $32 million to develop 'fun to play' computer games that can refine the way weapons systems are tested to ensure they are free from software errors and security bugs, according to a Defense Department solicitation. The goal is to create puzzles that are "intuitively understandable by ordinary people" and could be solved on laptops, smartphones, tablets and consoles. The games' solutions will be collected into a database and used to improve methods for analyzing software, according to the draft request for proposals put out by the military's venture capital and research arm, the Defense Advanced Research Projects Agency."

hessian writes with this excerpt: "The FBI by mid-January will activate a nationwide facial recognition service in select states that will allow local police to identify unknown subjects in photos, bureau officials told Nextgov. The federal government is embarking on a multiyear, $1 billion overhaul of the FBI's existing fingerprint database to more quickly and accurately identify suspects, partly through applying other biometric markers, such as iris scans and voice recordings."

Slashdot regular contributor Bennett Haselton wrote in this week to say that "The proposed "Telex" anti-censorship system could technically work, but unless I'm missing something, it would more cost-effective to spend the same resources on fighting censorship using existing technologies." His essay on the subject follows.

Professor Alex Halderman published a paper in July describing a new anti-censorship system called Telex, whereby users in censored countries could request banned websites by sending an encrypted request to an SSL-enabled website (i.e., a Web address beginning with https://) outside of their country -- even if the owner of the SSL-enabled website is not participating in the scheme. Since encrypted communications usually contain some random variation, that random variation can be used to embed hidden messages, which can then be decoded by any third-party observer who intercepts the communication and knows how to decode the hidden message. The third-party observer still cannot decode the original encrypted communication between the end user and the SSL-enabled website -- SSL is designed to be unbreakable by all but the intended recipient -- but the observer can decode the "side message" that was designed to be intercepted in transit. So a Telex-enabled router, in the process of passing the communication along, would notice the hidden request for a banned website, and pass the requested content back to the original user.

By analogy, suppose Mrs. Smith wants to send a letter to a friend. Mrs. Smith knows the letter will be sealed, and supposedly unopenable by the postman. But Mrs. Smith also has many choices of colored envelopes to use, and she has agreed with the postman on a color-coded system -- red for "Meet me tonight at the Motel 6", blue for "Not tonight, he suspects something" -- that the postman can "decode" when he picks up the envelope for delivery. The choice of envelope color is the "random variation" inherent in the sending of the message, which the message sender can use to send a "side message" to anyone who passes it along and who knows the system. The postman -- who is analogous to the Telex-enabled router -- has no access to the original sealed message inside the envelope, but he understands the side message just fine. (A Telex user may have no control over what routers their messages pass through, though, so they simply have to hope that there are enough Telex-enabled routers on the Internet that one of them will pick up the message and decode it. Imagine many different amorous mail carriers in the Postal Service, and any one of them who finds the colored envelope will be happy to show up at the appointed time, if Mrs. Smith is not picky.)

The novel feature of Telex is that it would not require the cooperation of the owner of the SSL-enabled website in order to work. You could send an encrypted communication to any website -- https://www.paypal.com/ for example -- and any Telex-enabled routers along the pathway traveled by the connection, would be able to decode the embedded message hidden in the randomness of the encryption. By contrast, for a user to make use of a typical proxy website like Vtunnel, the owner of the Vtunnel website has to set up the site as a proxy; this means the supply of such sites is limited to those websites whose owners have installed proxy software, and the censors have a greater chance of finding and blocking them all. Telex, on the other hand, would continue to work as long as the user in the censored country was able to access any SSL-enabled website, as long as their request happened to pass through a Telex-enabled router.

So far, so good. But this would presumably require an investment of at least several million dollars by any major backbone provider who wanted to try it, by re-configuring their major routers to speak the Telex protocol, and then potentially hundreds of millions of dollars for a sustained long-term effort. (As Halderman says, "We like to envision this technology as a possible government-level response to government-level censorship.") So here's my question: If any backbone provider (or government entity) wanted to go to that trouble to support the cause of fighting Internet censorship, why wouldn't it be much more straightforward for them to just set up proxy websites themselves?

Professor Halderman didn't respond to my inquiry on that point. The Telex FAQ notes that censorious governments can easily block new proxy sites once they find out about them. But in many censored countries, most proxy sites are not blocked, either because the government isn't trying, or they can't keep up. In China, hardly any proxy sites are blocked at all, as the government seems to put more of their resources into suppressing local dissent directly. Meanwhile in Iran, the censors do put more resources into actually blocking proxy sites -- but because Iran is on the U.S. State Department's embargo list, Iranian censors can't buy Internet censoring software from U.S. companies, so they have to find and block the sites themselves. As a result, newly released proxy sites often stay unblocked longer in Iran than they do in other Middle Eastern countries that use U.S.-made blocking software. Meanwhile, Saudi Arabia, for whatever reason, doesn't seem to block proxy sites at all for the time being. (Saudi Arabia is a strange outlier, since most conservative Islamic countries that filter the Web, also block proxy sites as well. It's not clear why Saudi Arabia doesn't.) So if a government or a philanthropist wants to help the cause of fighting censorship, just set up some proxy sites and pay to keep them running -- and you'll be helping the residents of all of those countries right away, for starters. This is in fact what Voice of America (through their various proxy programs) and the founders of UltraSurf (a privately funded network of anti-censorship servers) have been doing all along.

Even in the case of countries like U.A.E. and Yemen that are reasonably quick at finding and blocking proxy sites (as a result of using Western-made blocking software), the most cost-effective way to help these users is probably to set up more proxy sites, hosted at different locations and with perhaps with legitimate-looking "decoy" content, so that U.S. censorware companies can't keep up. My experience has been that the more money you spend (using unique IP addresses, buying .com domains instead of cheap .info ones, and setting up lots of proxies so that each one is sent to only a subset of your target audience), the longer the proxy sites last. You can also use proxy-like services (such as Tor, Hotspot Shield and UltraSurf) to route traffic through dedicated servers, to circumvent censorship in a way that is more transparent and convenient to the end user.

In short, existing proxy sites (and proxy-like services) do the job pretty well for many censored countries, and a massive cash expenditure on setting up more proxies (equivalent to the cost of setting up the Telex system) would probably be enough to demolish all other national filtering schemes completely. The software and tools to run proxy sites have already been tried and tested; all it takes to run them is money. Telex, by contrast, would require backbone providers to alter the architecture of their systems -- which means large-scale testing, isolation of any problems that arise, and countless other potential headaches. And that's not even counting the fact that censorious countries might detect which backbone providers are using Telex, and block all traffic from their countries to any sites hosted on those networks.

So I think Telex is a brilliant technical achievement, and I'd be happy if it got deployed, but I'd be scratching my head as to why the backbone providers (or the government, or whoever sponsored the effort) decided to kill a gnat with a flamethrower. I deal in flyswatters for a living, and they get the job done.

Hugh Pickens writes "Nextgove reports that Michael Hayden, former director of both the NSA and the CIA, says the United States may seriously want to consider creating a new Internet infrastructure to reduce the threat of cyberattacks and several current federal officials, including U.S. Cyber Command chief Gen. Keith Alexander, also have floated the concept of a '.secure' network for critical services such as financial institutions, sensitive infrastructure, government contractors, and the government itself that would be walled off from the public web. Unlike .com, .xxx and other new domains now proliferating the Internet, .secure would require visitors to use certified credentials for entry and would do away with users' Fourth Amendment rights to privacy. 'I think what Keith is trying to suggest is that we need a more hardened enterprise structure for some activities and we need to go build it,' says Hayden. 'All those people who want to violate their privacy on Facebook — let them continue to play.' Clay Dillow writes that on the existing internet everyone does everything online anonymously, and while that's great for liberties, it's also dangerous when cyber criminals/foreign hackers are roaming the cyber countryside. Under the proposed .secure internet 'you may not be able to go to certain neighborhoods of the Web without showing your papers at a checkpoint — and perhaps subjecting yourself to one of those humiliating electronic pat-downs as well,' writes Dillow. 'Those who want to remain anonymous on the Web can still frolic about in the world of dot-com, but in the dot-secure realm you would have to prove you are you.'"

PatPending writes "The Patent and Trademark Office announced it has reached a two-year 'no-cost' agreement with Google to make patent and trademark data electronically available and free to the public. From the article: 'Saying it lacks the technical capacity to offer such a service, PTO said the two-year agreement with Google is a temporary solution while the agency seeks a contractor to build a database that would allow the public to access such information in electronic machine-readable bulk form.'"

Hugh Pickens writes "Bob Brewin writes on NextGov that the National Security Agency has developed a software tool that detects thumb drives or other flash media connected to a network. The NSA says the tool, called the USBDetect 3.0 Computer Network Defense Tool, provides 'network administrators and system security officials with an automated capability to detect the introduction of USB storage devices into their networks. This tool closes potential security vulnerabilities; a definite success story in the pursuit of the [Defense Department] and NSA protect information technology system strategic goals.' The tool gathers data from the registry on Microsoft Windows machines (PDF) and reports whether storage devices, such as portable music or video players, external hard drives, flash drives, jump drives, or thumb drives have been connected to the USB port. 'I have a hunch that a bunch of other agencies use the detection software,' writes Brewin."

theodp writes "Google touts its partnership with the District of Columbia government, presenting it as quite the Google Apps success story. So as part of his coverage of last week's Gmail outage, nextgov's Gautham Nagesh called the DC government, but was told they hadn't heard of any reports of outages among city employees. Nagesh wrote this off to safeguards put in place for the government by Google, but readers tipped him off to another explanation: 'Despite all the press releases trumpeting Google in DC,' an anonymous commenter wrote, 'Exchange is still the city's primary email system.' Nagesh followed up, and was surprised to learn that there is indeed no Gmail in DC government. This all seemed rather strange to Nagesh, considering how much attention former DC CTO and current Federal CIO Vivek Kundra has received for implementing Google Apps for District employees. Reporting separately, CNET's Elinor Mills was told by a DC spokeswoman that while Google Apps is available to 38,000 DC city employees, only 4,000 are actively using it. The spokeswoman added that Gmail could potentially replace Microsoft Exchange, 'but this decision has not been made yet.'"

theodp writes "Google touts its partnership with the District of Columbia government, presenting it as quite the Google Apps success story. So as part of his coverage of last week's Gmail outage, nextgov's Gautham Nagesh called the DC government, but was told they hadn't heard of any reports of outages among city employees. Nagesh wrote this off to safeguards put in place for the government by Google, but readers tipped him off to another explanation: 'Despite all the press releases trumpeting Google in DC,' an anonymous commenter wrote, 'Exchange is still the city's primary email system.' Nagesh followed up, and was surprised to learn that there is indeed no Gmail in DC government. This all seemed rather strange to Nagesh, considering how much attention former DC CTO and current Federal CIO Vivek Kundra has received for implementing Google Apps for District employees. Reporting separately, CNET's Elinor Mills was told by a DC spokeswoman that while Google Apps is available to 38,000 DC city employees, only 4,000 are actively using it. The spokeswoman added that Gmail could potentially replace Microsoft Exchange, 'but this decision has not been made yet.'"

theodp writes "Remember when Catbert informed Dilbert that the new company health plan is Google? In another case of life imitating Dilbert, combat veterans with post-traumatic stress disorder are being provided with a US Army-sponsored virtual world in Second Life (slideshow) to help deal with their condition. Developed by USC's Institute for Creative Technologies, it is hoped that the veterans-only virtual world Coming Home and its planned activities will promote conversations that can help reduce PTSD. The Avatar will see you now, Sergeant."

theodp writes "Remember when Catbert informed Dilbert that the new company health plan is Google? In another case of life imitating Dilbert, combat veterans with post-traumatic stress disorder are being provided with a US Army-sponsored virtual world in Second Life (slideshow) to help deal with their condition. Developed by USC's Institute for Creative Technologies, it is hoped that the veterans-only virtual world Coming Home and its planned activities will promote conversations that can help reduce PTSD. The Avatar will see you now, Sergeant."

fast66 writes "The White House may lift its policy barring federal Web sites from tracking users' online behavior. In place since 2000, the cookie policy issued by the Office of Management and Budget was intended to protect citizen privacy but has sparked criticism — even from White House officials — for hampering citizen outreach. On Friday, Bev Godwin, the director of online resources and interagency development at the White House's new media office, blogged on the White House Web site, 'We want to use cookies for good, not evil' — and invited the public to comment on cookies through various online channels, including the Office of Science and Technology Policy blog."

fast66 writes "The White House may lift its policy barring federal Web sites from tracking users' online behavior. In place since 2000, the cookie policy issued by the Office of Management and Budget was intended to protect citizen privacy but has sparked criticism — even from White House officials — for hampering citizen outreach. On Friday, Bev Godwin, the director of online resources and interagency development at the White House's new media office, blogged on the White House Web site, 'We want to use cookies for good, not evil' — and invited the public to comment on cookies through various online channels, including the Office of Science and Technology Policy blog."

fast66 writes "After hearing about Nokia-Siemens sale of Internet-monitoring software to Iran, US Senators Schumer and Graham want to bar them from receiving federal contracts. They planned the action after hearing about a joint venture of Nokia Corp. of Finland and Siemens AG of Germany that sold a sophisticated Internet-monitoring system to Iran in 2008. According to Nextgov.com, Schumer and Graham's bill would require the Obama administration to identify foreign companies that export sensitive technology to Iran and ban them from bidding on federal contracts, or renew expiring ones, unless they first stop exports to Iran."

theodp writes "On Tuesday, the Senate Committee on Commerce, Science, and Transportation will examine the nomination of Aneesh Chopra as the first-ever federal Chief Technology Officer. Senate sources said they were not aware of any debate surrounding his nomination. You'd think the hack-for-$10-million-ransom of Virginia's Prescription Monitoring Program might be good for a question or two. Or the wisdom of appointing a CTO who's no technologist. It might also be worth bringing up Chopra's membership in TiE-DC, a group which promises 'exclusive peer networking events' with government officials and Federal contractors, including TiE-DC sponsor Microsoft. Are there any other issues that might make the Confirmation Hearing more than a rubber-stamping?"

Several users have pointed out a recent request to technology companies from the Defense Information System Agency for ideas on how to build an e-mail defense system to catch spam. The solution would have to scan about 50 million inbound messages a day across some 700 unclassified network domains. "Defense currently scans e-mails for viruses and spam coming into systems serving the military services, commands or units. DISA wants to extend the protection to the interface between the Internet and its unclassified network, the Non-classified Internet Protocol Router Network. The agency also wants the ability to scan all outbound e-mails from the 5 million users. [...] DISA's request ties in with recommendations that the Defense Science Board issued in April that said Defense is more vulnerable to cyberattacks because of its decentralized networks and systems. The board envisioned a major role for DISA in developing the architecture for enterprise-wide systems."

An anonymous reader writes "Agencies can now engage with citizens through popular media technologies such as video-sharing service YouTube, using pre-negotiated service agreements that comply with federal terms and conditions. After nine months of negotiations, the General Services Administration signed agreements with four video-sharing and social networking sites: Flickr, Vimeo, blip.tv and YouTube. GSA also is negotiating with the social networking sites Facebook and MySpace. 'We found when we reviewed standard service agreements that they were not a good enough fit for the [requirements] of the federal government,' said Michael Ettner, GSA general counsel."

Gov IT writes with this excerpt from NextGov: "Just days after President Obama signed a law giving billions of dollars to develop electronic health records, a university technology professor submitted a paper showing that he was able to uncover tens of thousands of medical files containing names, addresses and Social Security numbers for patients seeking treatment for conditions ranging from AIDS to mental health problems. ... The basic technology that runs peer-to-peer networks inadvertently exposed the files probably without the computer user's knowledge, Johnson said. A health care worker might have loaded patient files onto a laptop, for example, and taken it home where a son or daughter could have downloaded a peer-to-peer client onto the laptop to share music."

GovTechGuy writes "The federal government is on the verge of reaching an agreement with YouTube that would allow agencies to make official use of the popular video-sharing service. A coalition of federal agencies led by the General Service Administration's Office of Citizen Services has been negotiating with Google, YouTube's parent company, since summer 2008 on new terms that would allow agencies to establish their own channels on the site. Agencies have not been [allowed] to post videos to YouTube (although many already have) because under the current terms of service, people who post content are subject to their state's libel laws. Federal agencies must adhere to federal law. On Tuesday, government officials said the negotiations were 'very close' to being completed."

DCTechCzar writes "The Obama administration plans to announce it has appointed Vivek Kundra, the District of Columbia's chief technology officer, to take the top information technology post in the federal government, according to a source. Kundra, who has deployed advanced applications to improve the performance of public services during his nearly two years as CTO for the District, will replace Karen Evans as administrator for e-government and information technology in the Office of Management and Budget. The position effectively serves as the federal government's chief information officer. The administration could announce Kundra's appointment as soon as Thursday."

Gov IT writes "On Wednesday a federal court ordered all employees working in the Bush White House to surrender media that might contain e-mails sent or received during a two and a half year period in hope of locating missing messages before President-elect Barack Obama takes over next week."

An anonymous reader writes with this excerpt from Nextgov: "The Homeland Security Department has announced plans to expand its biometric data collection program to include foreign permanent residents and refugees. Almost all noncitizens will be required to provide digital fingerprints and a photograph upon entry into the United States as of Jan. 18. A notice (PDF) in Friday's Federal Register said expansion of the US Visitor and Immigrant Status Indicator Technology Program (US VISIT) will include 'nearly all aliens,' except Canadian citizens on brief visits. Those categories include permanent residents with green cards, individuals seeking to enter on immigrant visas, and potential refugees. The US VISIT program was developed after the Sept.11, 2001 terrorist attacks to collect fingerprints from foreign visitors and run them against the FBI's terrorist watch list and other criminal databases. Another phase of the project, to develop an exit system to track foreign nationals leaving the country, has run into repeated setbacks." Reader MirrororriM points out other DHS news that they're thinking about monitoring blogs for information on terrorists.

GovIT Geek writes to tell us that, despite known security issues, the IRS has decided to roll out two new applications for tax processing systems. "The [IRS inspector general] concluded in a September annual audit that security weaknesses in the agency's updated tax processing systems could enable malicious intruders to gain unauthorized access to taxpayer information and prevent the IRS from recovering applications during an emergency. The Customer Account Data Engine is a tax processing tool being deployed in phases to replace the existing repositories of taxpayer information, while the Account Management Services systems aim to provide employees with faster and better access to taxpayer account data."

GovIT Geek writes "The FBI's newly appointed chief of cyber security warned today that 'a couple dozen' countries are eager to hack US government, corporate, and military networks. While he refused to provide country-specific details, FBI Cyber Division Chief Shawn Henry told reporters at a roundtable that cooperation with foreign law enforcement is one of the Bureau's highest priorities and added the United States has had incredible success fostering overseas partnerships."

GovTechGuy writes "Top Air Force leadership has decided to pursue forming a Cyber Command to defend Defense Department networks and to launch cyberattacks against foes, after putting the project on hold in August."

GovIT Geek writes to tell us that third-party websites will no longer be off limits for members of the US House, provided that they use it for "official purposes" and not personal, commercial, or campaign purposes. "The rules are seen by House Administration Chairman Robert Brady as a compromise between several proposals under consideration in recent months and are closely aligned with those circulated by the Senate Rules Committee last week. [...] 'These new guidelines are a step in the right direction for a Congress that has been behind the technological curve for too long,' Boehner said. 'By encouraging the use of emerging and established new media tools, Congress is sending the message that we want to speak to citizens, and receive feedback, in the most open and accessible manner possible.'"

AFCyber writes "The Air Force on Monday suspended all efforts related to development of a program to become the dominant service in cyberspace, according to knowledgeable sources. Top Air Force officials put a halt to all activities related to the establishment of the Cyber Command, a provisional unit that is currently part of the 8th Air Force at Barksdale Air Force Base in Louisiana, sources told Nextgov. An internal Air Force e-mail obtained by Nextgov said, 'Transfers of manpower and resources, including activation and re-assignment of units, shall be halted.' Establishment of the Cyber Command will be delayed until new senior Air Force leaders, including Chief of Staff Norton Schwartz, sworn in today, have time to make a final decision on the scope and mission of the command."

suitablegirl writes "As we have discussed, Customs and Border Patrol is allowed to seize and download data from laptops or electronic devices of Americans returning from abroad. At a Senate hearing tomorrow, privacy advocates and industry groups will urge the lawmakers to take action to protect the data and privacy of Americans not guilty of anything besides wanting to go home."

fast66 writes "Nextgov reports that a new court order allows the Department of the Interior to connect to the Internet, six years after the federal agency was ordered to disconnect. District Judge James Robertson wrote in his ruling, 'I find that the consent order is of no further use and must be vacated.' 'The ... disconnected offices and bureaus may be connected.' He added that his ruling was based not on evidence but 'on a legal conclusion that it is not my role to weigh IT security risks.'"

fast66 writes "Nextgov reports that a new court order allows the Department of the Interior to connect to the Internet, six years after the federal agency was ordered to disconnect. District Judge James Robertson wrote in his ruling, 'I find that the consent order is of no further use and must be vacated.' 'The ... disconnected offices and bureaus may be connected.' He added that his ruling was based not on evidence but 'on a legal conclusion that it is not my role to weigh IT security risks.'"

GovTechGuy writes "The Census Bureau will tell a House panel today that it will drop plans to use handheld computers to help count Americans for the 2010 census, increasing the cost for the decennial census by as much as $3 billion, according to testimony the Commerce Department secretary plans to give this afternoon."

GovTechGuy writes "The Census Bureau will tell a House panel today that it will drop plans to use handheld computers to help count Americans for the 2010 census, increasing the cost for the decennial census by as much as $3 billion, according to testimony the Commerce Department secretary plans to give this afternoon."

theodp writes "IBM has been temporarily banned from receiving future contracts with federal agencies, the Environmental Protection Agency confirmed on Monday. The suspension went into effect last Thursday due to 'concerns raised about potential activities involving an EPA procurement,' the agency said in an e-mailed statement. Under a reciprocal agreement among federal agencies, when one issues a ban, the others follow it. The EPA said it will not comment further on the matter. An IBM spokesman said he had no immediate comment. 'You don't see this very often, particularly for large companies,' commented a stunned industry analyst, mentioning a bankrupt MCI as a notable exception. IBM earned an estimated $1.5 billion in revenue from federal prime contracts in fiscal 2007."