An intelligence reform bill that enacts major recommendations of the 9-11 Commission was approved by Congress.

The GAO reports that security at nuclear facilities has improved but vulnerability to terror attacks may remain.

Some types of cylindrical locks, including those used to safeguard laptop computers, can be compromised with nothing more than a ballpoint pen.

A dissertation published by the RAND Corporation assesses the risk of chemical terrorism in Los Angeles and discusses how emergency responders should plan for such an event. It also considers "low-cost options in equipment, training, organization, and doctrine that could improve the response to a chemical terrorist event." @ Link to the dissertation or abstract via SM Online.

GAO auditors came up with a set of best practices that regional governmental bodies can adopt. They include making sure to have representation from diverse jurisdictions and stakeholders, developing strategic plans with quantifiable goals, and finding out how to take advantage of federal grants.

GAO examined progress made by the financial markets in improving disaster preparedness. Improvements included greater protection of networks from hackers, geographically removed backup facilities, creation of a private network for routing data between broker-dealers and various markets, and the issuance of business continuity guidelines.

Special collections in libraries can range from 20th-century business records to illuminated incunabula--books published before 1501. Due to staffing and financial limitations, these collections don't always get the special security attention they need, according to a survey of research libraries conducted by the Association of Research Libraries (ARL). The kit, known as SPEC Kit 284, is available from the ARL for $45 plus shipping and handling by calling 301/362-8196 or e-mailing pubs@arl.org. An executive summary is on SM Online.

Can you guess which of the following groups, offices, and councils are part of the Department of Homeland Security (DHS)? The Homeland Security Council. The Office of the Coordinator for Counterterrorism. The Chemical Emergency Preparedness and Prevention Office. The Terrorist Threat Integration Center. The Homeland Security Advisory Council. The answer is the Homeland Security Advisory Council, but don't feel too bad if you were wrong (the others, respectively, are under the White House, the State Department, the Environmental Protection Agency, and the Central Intelligence Agency). The creation of the DHS centralized many functions related to terrorism and homeland security, but others remain in separate departments. Security professionals who would like to understand these various functions and how they fit together may want to get the Homeland Security Deskbook, a looseleaf volume by the attorneys at Venable LLP that explains the organization of homeland security functions both within and outside the DHS. Link to the bookseller.

The United States is known for its scientific expertise and ingenuity. When it comes time to blending these with public policy, however, the science often takes a backseat. A report by the Henry L. Stimson Center, a think tank, proposes methods for incorporating expertise in science, technology, and health into the formation of national biological security policy. @ You can find the report, as well as an executive summary, through SM Online.

From 1968 through November 15, 2004, international terrorists most frequently targeted private citizens, businesses, and property. Of the 19,383 total incidents of terrorism around the world in that period, 3,192 hit private citizens and property. Business targets were a close second, with 3,065 incidents. Among targets hit, transportation was victimized 821 times, utilities 554 times, and airports and airlines 798 times. After al Qaeda, the most lethal group during these years was Hezbollah, causing more than 800 deaths. These statistics come from the Terrorism Knowledge Base of the National Memorial Institute for the Prevention of Terrorism, a nonprofit organization funded by the U.S. Department of Homeland Security with the mission of preventing or minimizing terrorist attacks on U.S. soil. Among other things, the Knowledge Base is a repository of incidents arranged by type, perpetrator, date, location, and other factors. It also contains overviews of terrorist groups, legal cases involving terrorism, information resources, and other valuable materials for terrorism researchers. Users can create graphs of incidents by group, incident, and other factors, and they can search terrorist organizations by ideology, such as antiglobalization, environmental, and right-wing reactionary. Link to the database via SM Online.

In the book Sign of Four, Sherlock Holmes tells Watson how to find the truth: Eliminate the impossible, and whatever remains, however improbable, must be the truth. Detectives have found a more direct way, according to an article by Susan H. Adams and John P. Jarvis, respectively a former FBI special agent and an FBI research specialist, in an article in the FBI Law Enforcement Bulletin. SM Online has the article.

Exactly one year after 9-11, ABC News reported that a steel pipe containing a 15-pound cylinder of depleted uranium arrived from Istanbul, Turkey, in the United States, undetected by U.S. Customs and Border Protection (CBP). On the second anniversary of 9-11, ABC News reported that the same cylinder again eluded the CBP, this time arriving from Jakarta, Indonesia. The Inspector General of the Department of Homeland Security (DHS) was asked to investigate. The Inspector General found that CBP officials followed protocols and procedures that were "not adequate to detect the depleted uranium." An unclassified, abbreviated version of the report can be found on SM Online.

The DHS and the Department of Justice should fund research and training on law enforcement and private security cooperation. That's one of the recommendations from a national summit on security-police partnerships that was organized by the International Association of Chiefs of Police (IACP) and funded by the Justice Department's Office of Community Oriented Policing Services. A summary of the summit's recommendations has been published in a document that can be found on SM Online.

A June 2002 opinion by the Supreme Court granted public schools more leeway to test students for drugs randomly. How to do it appropriately was left to the schools. To aid the effort, the White House's Office of National Drug Control Policy (ONDCP) has finally released a guidance document to school administrators.

(Mae Belle Lane v. St. Joseph's Regional Medical Center, Indiana Court of Appeals, No. 71A05-0310-CV-525, 2004)

(Hasty v. Trans Atlas Boats, Inc., U.S. Court of Appeals for the Fifth Circuit, No. 03-30884, 2004)

The intelligence reform bill (S. 2845), which enacts the major recommendations of the 9-11 Commission, has been passed by Congress. The new law creates a director of national intelligence to oversee all U.S. intelligence efforts and a national counterterrorism center. The law also provides additional funding for border control needs, such as more personnel and detention centers. It includes a measure to allow employers to request criminal background checks on security employees and also establishes a national clearinghouse to process such background checks. The bill was stripped of some measures, including a provision that would have denied illegal immigrants driver's licenses, before it gained approval, but it does address standards for driver's licenses. Also, language was added to the bill to protect the chain of command to allow the Pentagon to issue timely instructions to troops during wartime. @ Read the conference report online.

In an expansion of the state's program to require fingerprinting for government agencies, a new Arizona law (formerly H.B. 2073) requires that child protective service (CPS) workers obtain fingerprint clearance cards.

Another new Arizona law (formerly H.B. 2116) prohibits a person or business from using more than five numbers that are reasonably identifiable as part of a Social Security number on any card that is required for the person to receive goods or services or on any materials that are mailed to an individual. The law is an expansion of a law approved in a former legislative session that prohibits the use of a person's Social Security number as an identifier for any commercial business.

A new law (formerly S.B. 338) enacted in Louisiana will require that certain information produced by the state's Department of Environmental Quality be restricted from distribution or dissemination via the Internet.

Another new Louisiana law (formerly S.B. 140) will require that background checks be completed for anyone seeking employment with agencies that care for the infirm, such as nursing facilities, healthcare centers for the mentally retarded, adult residential-care facilities, and adult day-care centers.

A new Wisconsin law (formerly S.B. 8) allows state utility authorities to withhold access to their security plans if they determine that the subject of the plan is so vital to the state that its incapacitation or destruction would have a debilitating effect on the state's physical or economic security, or on public health, safety, or welfare.

A California appeals court has ruled that online auction site eBay cannot be held liable for defamatory comments that one user made against another. However, the court did note that eBay could be held liable in such a case if it knew or had reason to know that the information being disseminated on its site was defamatory. (Grace v. eBay, California Court of Appeal, No. B168765, 2004)

A federal appeals court has ruled that file-sharing software, such as Grokster, does not infringe on the copyright of entertainment providers. In its ruling, the court noted that new technology always disrupts established markets but that "time and market forces" often balance the interests of the various players. MGM has appealed to the U.S. Supreme Court, which has agreed to hear the case. (MGM et al v. Grokster, U.S. Court of Appeals for the Ninth Circuit, No. 03-55894, 2004)

The National Institute of Standards and Technology (NIST) has released a suite of updated software tools designed to evaluate the quality of fingerprint scans. NIST Fingerprint Image Software--Version 2 helps users ensure that fingerprints collected from criminal suspects, employees, visa applicants, and others are clear and distinct enough to be matched against fingerprints on file. Find out how to get a copy at SM Online.

A large IT project that ran into problems offers lessons for others who might want to embark on a similar journey. The project was called the Citizen and Law Enforcement Analysis and Reporting (CLEAR) system developed by the Chicago Police Department (CPD) and Oracle Corporation. The full report, Policing Smarter Through IT: Lessons in Enterprise Implementation, (Presentation 1, Presentation 2) is available through the U.S. Department of Justice's Office of Community Oriented Policing Services via SM Online.

You get a brand-new e-mail address, and within a few days--if not hours--you're already getting spammed. How did the spammers find out your address so quickly? How can you protect yourself in the future? And if you're on a spamming list, are there ways to get off? These questions and more are addressed on a Web page authored by software programmer Uri Raz. A Site to See, "How do spammers harvest e-mail addresses?"

Protecting intellectual property rights may sound like arcana of interest to corporate attorneys rather than to law enforcement agents. After all, tracking down the sellers of fake watches or designer purses appears to pale in comparison to catching a murderer. A new report from the Department of Justice proves otherwise. By pointing to tangible consequences of intellectual property theft that go far beyond loss of profits, the study illustrates that finding those who violate intellectual property rights might just be a life or death situation.

Hackers steal customer information and then demand money in return for not disclosing the compromise. How common is this scenario? A recent study shows that 17 of 100 companies surveyed have been so threatened, and many of those threats came from insiders. Almost a quarter of respondents said they would contact their legal department if so threatened, yet 59 percent were unsure whether their legal counsels were qualified to give advice (another 12 percent said they definitely were not). @ The Carnegie Mellon study, Enumerating and Reducing the Threat of Transnational Cyber Extortion against Small and Medium Size Organizations .

Home computers are used to store personal information, such as health records, and to perform sensitive transactions, such as banking. But the security of these computers is weak at best, a new study shows. Almost two-thirds of the 329 users polled have been infected by a virus, and another 18 percent didn't know whether they had been; half the users weren't sure whether they currently were infected. Eighty percent admitted having spyware installed, with an average of 93 components on each computer (the most spyware components found during a scan was 1,059). And 63 percent don't use a firewall. @ More from the America Online and National Cyber Security Alliance Online Safety Study .

The Department of Homeland Security has awarded $9 million in grants to 12 information technology projects under the Information Technology and Evaluation Program (ITEP), which aims to improve information-sharing capabilities. The projects, selected from 113 proposals, include an Arizona program to enhance wireless security for first responders, a port security communications network in Rhode Island, and an XML-based facial imaging system for use by law enforcement and other first responders in North Carolina. @ Learn more about ITEP by visiting SM Online.