SMO: Government Links





<ILAYER src="http://www.securitymanagement.com/security-bin/adspro/files/ads.pl?campaign=2&refresh=10&type=iframe&color=FFFFFF" height="60" width="468" visibility="show" z-index="10"></ILAYER>

Government Documents

For new news alert feature. Check out our sample E-Letter.

GAO Reports

A new report from the Government Accountability Office (GAO) says the Emergency Management Assistance Compact (EMAC) can further build administrative capacity to support its network and develop and formalize procedures for its members responding to a disaster.
It's not that hard to acquire the materials needed to produce a "dirty bomb," the Government Accountability Office (GAO) reported in a congressional hearing yesterday.
Six DHS background screening programs are examined by the GAO and found to be duplicative of one another, resulting in widespread redundancies and other inefficiencies.
See what the GAO has to say about the Immigration and Customs Enforcement (ICE) effort to modernize its information technology infrastructure. The GAO’s overriding critique: “[T]he program has not fully achieved many performance goals that it set out to accomplish over the past year
The U.S. Transportation Security Administration and Customs and Border Protection have tried to secure inbound air cargo, says the GAO, but their efforts need to be strengthened.
Six DHS background screening programs are examined by the GAO and found to be duplicative of one another, resulting in widespread redundancies and other inefficiencies.
A new report from the Government Accountability Office discusses U.S. efforts to forestall the onset of avian and pandemic influenza and identify at risk countries, although challenges have emerged.

The report explains the U.S. have identified at risk countries for assistance, but there is no way to compare countries at risk to assess which countries are most at risk.

U.S. Agency for International Development (USAID) assesses countries by environmental risk - "considering factors such as disease presence and the likelihood of transmission from nearby countries, but factors such as limited understanding of the role of poultry trade or wild birds constrain the reliability of the conclusions." By USAID assessments, East Asian countries are most at risk of an influenza pandemic. To determine country preparedness, USAID, along with partners such as the State Department and the United Nations, has distributed questionnaires worldwide, but the report notes these "efforts do not provide a basis for making comprehensive global comparisons."

The Homeland Security Council has also singled out countries that warrant the most extensive assistance, yet it admits these designations are made from limited information. The council groups countries into four categories:

At-risk countries: Unaffected countries with insufficient medical, public health, or veterinary capacity to prevent, detect, or contain influenza with pandemic potential.

High-risk countries: At-risk countries located in proximity to affected countries, or in which a wildlife case of influenza with pandemic potential has been detected.

Affected countries: At-risk countries experiencing widespread and recurring or isolated cases in humans or domestic animals of influenza with human pandemic potential.

Priority countries: High-risk or affected countries meriting special attention because of the severity of their outbreaks, their strategic importance, their regional role, or foreign policy priorities.
Based on these categories, the council identified 19 U.S. priority countries, including Egypt, Afghanistan, Indonesia, and many countries in Southeast Asia. These countries will receive the greatest attention from the U.S.'s international pandemic preparedness efforts.

The GAO also singles out the U.S. for its role in improving global preparedness for avian and influenza preparedness. Of the $1.4 billion given by international donors, the U.S. has contributed $377 million or 27 percent of all funds.

New report: by GAO
A government report examining how well schools prepare for emergencies finds that most have multihazard plans but "an estimated 56 percent of all school districts have not employed any procedures in their plans for continuing student education in the event of an extended school closure, such as might occur during a pandemic, and many do not include procedures for special needs students. Fewer than half of districts with emergency plans involve community partners when developing and updating these plans. Finally, school districts are generally not training with first responders or community partners on how to implement their school district emergency plans." Read the full Government Accountability Report.
First responder communications in four states and 11 localities were reviewed by the GAO to assess how well homeland security grant money is being spent.
GAO released a critical report on Deepwater in March while Sen. Maria Cantwell (D-WA) has held hearings in February and April in which USCG admirals have been skewered.
The title of the latest GAO report says it all: "Much Work Remains to Improve Communications Interoperability." The study, issued April 2, 2007, looks at how effectively state and local governments have spent $2.15 billion in homeland security grant funding aimed at improving the interoperability of first-responder communications in an emergency. The agency examined four states and 11 localities. One problem: States have purchased fewer, more expensive radios that were supposed to be interoperable because they met so-called Project 25 standards, but because the standards vendors were trying to meet were ambiguous and because there was no compliance testing, the radios may not actually communicate, concludes the GAO.
7 The number, in millions of dollars, recovered from funds originally paid out in potentially improper or fraudulent payments by the federal government for Hurricanes Katrina and Rita. That’s out of $290 million in improper payments identified by the Federal Emergency Management Agency and $1 billion in improper payments estimated by the Government Accountability Office (GAO). @ Learn the details at SM Online.
Millions of visitors are screened for terrorism links through government watch lists. A report from the Government Accountability Office examines the effectiveness of the screening process and notes that many people are misidentified as terrorists because they have names similar to those on watch lists.
Measuring and predicting losses that might occur from unconventional weapons is rife with difficulties, as this GAO report discusses.
The GAO gives recommendations to the Defense Department on how to improve the response to an attack on mail facilities.
Privacy issues that arise when companies outsource services involving clients’ personal health information are examined in this GAO report.
Efforts to reduce piracy and counterfeiting of goods are reviewed in this GAO report.
Efforts to reduce piracy and counterfeiting of goods are reviewed in this GAO report.
GAO reports that DHS should DHS should address key challenges before implementing the TWIC program.
Although Italy and the United States have close counterterrorism ties, U.S. agencies weren’t able to formally assess Italy’s operational security plans due to lack of access to sensitive information. They improvised by using “established relationships with their Italian counterparts to develop a working knowledge of Italy’s plans and capabilities for providing security,” according to a GAO report. @ Read the report at SM Online.
Specific measures aimed at preventing data breaches are delineated in this GAO report.
The GAO has issued a report on privacy laws and data brokers, finding that brokers are not required by law to safeguard data they have collected.
There are so many threats in Iraq that it’s hard to know where to start: foreign jihadists, Shiite radicals, Baath party loyalists, and garden-variety criminals, to name a few. Add one unexpected threat to that list: private security providers. The U.S. Government Accountability Office has warned that the lack of criminal-background data on prospective private security personnel puts U.S. military forces and Iraqi civilians at risk. The threat is mainly from Iraqi and third-country personnel, testified William Solis, GAO’s director of defense capabilities and management, before the House Committee on Government Reform’s Subcommittee on National Security, Emerging Threats, and International Relations. @ The testimony is at SM Online.
Not long after a data breach involving the Department of Veterans Affairs, David M. Walker, Comptroller General of the United States and head of the Government Accountability Office, gave testimony to a House committee on steps that can be taken to reduce the likelihood of personal data being stolen. The first is to conduct a privacy-impact assessment before deploying new systems; Walker noted that agencies do not always do this. He also recommended limiting the collection of personal information, and limiting the time that such information is retained. @ Privacy: Preventing and Responding to Improper Disclosures of Personal Information is available at SM Online.
Why aren’t more airports opting out of using federal screeners? Read about the issue in a report from the Government Accountability Office.
A GAO report recommends learning lessons from rail security practices implemented in Europe.
The Transportation Security Administration (TSA) has issued a proposed rule relating to the Transportation Worker Identification Credential (TWIC). Under this program all people who have unescorted access to secure areas of ports and vessels will be required to carry the TWIC card. As set out in the rule, TSA would collect names, personal information, fingerprints, and photos on all applicants for the card. TSA would also perform background checks including those for criminal history, terrorist activity, immigration status, and outstanding warrants. The TWIC will be a smart card and will include a biometric feature. According to the proposed rule, more than 750,000 people will be required to obtain the card. The TSA expects that workers will have to pay approximately $139 to obtain the TWIC card. The card will be valid for five years. @ To read the entire proposed rule, visit Security Management Online.
Suggestions for improving the US-VISIT program, such as better assessment of security risks, are offered in this report.
The Chemical Facility Anti-Terrorism Act of 2005 calls for security to be increased to protect against terrorist attacks at chemical facilities.
Chemical plant security continues to be found wanting. Problems are being examined in congressional hearings and by the GAO.
The Department of Homeland Security’s (DHS’s) American Shield Initiative (ASI)—a program of sensors, cameras, and databases that monitor U.S. land borders—lacks “key management capabilities” and has failed to define “key acquisition management processes,” such as those for tracking and overseeing contractors, says a report from the Government Accountability Office (GAO). The auditors note that DHS has not fully staffed the ASI program office and has only defined roles and responsibilities for 3 of 47 positions.
Risk assessments and protective measures for ports of entry and other critical infrastructure must be revised, says a report by the GAO.
North Korea and Iran present probably the biggest threat of rogue nations gaining nuclear weapons. Other countries pose a danger as well, but a main watchdog over nuclear weapons, the International Atomic Energy Agency (IAEA), is hampered in its ability to ensure that nations are not developing clandestine weapons programs. @ The GAO report, including recommendations for future action, is at SM Online.
Insurers and financiers have mastered the skill of risk management, which entails anticipating future events, deciding which of those expected risks the organization will bear, and allocating resources to mitigate the rest. @ SM Online has the report.
While the international body charged with containing the spread of nuclear bomb technology has made progress, it still faces many challenges, according to a government study.
GAO report looks at trends in attacks on Colombian pipelines.
CIOs should develop IT plans to support their companies’ overall business objectives.
According to the GAO report the government needs to strengthen the security of domestic air cargo.
Report by the Government Accountability Office(GAO), notes that the TSA still has not set timelines for the completion of risk assessments for passenger rail systems or the establishment of a methodology for analyzing and characterizing identified risks.
The Government Accounting Office (GAO) has also looked at progress at the Department of State, the Department of Homeland Security, and other agencies in strengthening the visa process. Among the improvements, the GAO says, consular officers at eight posts, including those of interest to antiterrorism efforts, now “regard security as their top priority.” @ The full report can be found at SM Online .
The rise of Islamic extremism is examined in a new GAO report. Thereport evaluates what U.S. government agencies are doing to identify, monitor, and counter support and funding for the global propagation of Islamic extremism. It also takes a look at what the government and other entities have reported regarding support and funding for the global propagation of Islamic extremism. Also addressed are the efforts taken by the Saudi government to counter Islamic extremism within the borders of its country.” @ Get the full report via SM Online.
The actions TSA has taken to develop guidance and standards for flight and cabin crew security training and to measure the effectiveness of such mandatory training are reviewed in a GAO report. The study also details the efforts TSA has taken to develop a voluntary self-defense training program.The GAO found several weaknesses in the training, including a lack of recurrent training and the lack of a realistic training environment. “TSA has also not yet established performance measures for the program or established a time frame for evaluating the program’s effectiveness,” the report says. @ A link to the full report can be found at SM online
The Department of Defense (DoD) is using radio frequency ID (RFID) tags throughout its supply-chain operations; by January 2007, all DoD commodities will have these tags. The Government Accountability Office (GAO) reports that the Pentagon has identified many of the challenges it needs to resolve before this can happen but notes that “it has not yet developed a comprehensive strategic management approach” to guide, monitor, and assess implementation. @ Read the full GAO report at SM Online.
To enhance coordination with private security personnel in Iraq, the Pentagon opened the Reconstruction Operations Center last year. Its goal was to share intelligence and coordinate military actions with private security contractors. The center has improved coordination between the military and the private sector, but some problems remain, according to the GAO.
Federal agencies are data mining personal information for a variety of purposes, from detecting fraud and abuse in government programs to finding evidence of criminal activities. Five data-mining efforts examined by the Government Accountability Office (GAO) took many of the necessary steps required by related laws and regulations, such as notifying the general public that personal information was being collected. However, the GAOnoted that not all these efforts complied with related laws and guidance, such as completing privacy assessments or notifying individuals that information was being collected.
GAO report that predated Katrina is nonetheless right on point in looking at the dangers of a federal response effort that focuses too heavily on terrorism. The report, DHS’ Efforts to Enhance First Responders’ All-Hazards Capabilities Continue to Evolve, analyzed the effectiveness of an all-hazards approach to emergency response and found that in some cases state preparedness officials and first responders were frustrated by DHS’s emphasis on grant funding related to terrorism.
The GAO recently released a report addressing the rise of Islamic extremism around the world.
In wake of Katrina GAO details unheeded recommendations.
Accused by the Government Accountability Office (GAO) of not being able to ensure that its oversight of contractors under foreign ownership, control, or influence is adequate, the Department of Defense has responded by blasting the GAO for a “lack of understanding" of national policy on contractor access to classified data.@. The report and comments are on SM Online
If you've been to the Lincoln Memorial recently, you've noticed that the epic grandeur of the edifice is aesthetically tainted by the presence of Jersey barriers lining the circular roadway that surrounds the memorial. Or maybe you recall the temporary security fencing that blighted the view of the Washington Monument. Such measures were erected hastily after 9-11 while planners worked on designs for longer-term solutions that balance security with aesthetics. But some permanent security landscaping has been unveiled at the Washington Monument and similar upgrades are at various stages of completion at other venues along the Mall. @ Read the report.
Many core components of the Department of Homeland Security (DHS) have weak information-security practices and controls in areas such as risk assessment, security testing and evaluation, and remedial action plans, according to a Government Accountability Office report. The report concluded that DHS’s “ability to protect its information and information systems will be limited” until these weaknesses are corrected.@ SM Online has the report.
The Department of Homeland Security (DHS) has “a lot of work ahead” before it fully addresses its cybersecurity-related responsibilities, according to a recent report to Congress by the Government Accountability Office (GAO).
The GAO reports on how to strengthen the Department of Homeland Security's management of the Visa Security Program to improve border security.
Government agencies are not taking the proper procedures to ensure that wireless networks are secure, leaving their networks susceptible to attack. That is the alarming conclusion of a Government Accountability Office(GAO) study of security controls at 24 agencies and assessments of wireless security at six federal agencies in the nation’s capital. Information Security: Federal Agencies Need to Improve Controls over Wireless Networks is on SM Online.
GAO identified about 400 different products designed to adulterate urine samples, not to mention many other products sold to “dilute, cleanse, or substitute urine specimens submitted to testers by drug users.” Read the testimony at SM Online.
The GAO has released a study of problems with restricted airspace violations and how to improve security.
A congressional hearing andGAO report examine problems with passport fraud. One finding: 69-percent of the passport fraud cases detected last year were accomplished with the use of fraudulent birth certificates and other false identification. Link to the testimony.
Shouting “fire” in a crowded theater is a no-no, but what’s worse is not having adequate fire protection in that same crowded theater. The U.S. Government Accountability Office (GAO) has found that Washington D.C.’s Kennedy Center does not appear to comply with some fire-safety requirements. Auditors found, for instance, that there was no program for managing the storage of scenery, props, and other combustible materials.GAO testimony on the topic is at SM Online.
In any tabletop exercise involving multiple authorities and jurisdictions, it’s virtually certain that some of the lessons learned involve the need for better coordination, clear lines of authority, and improved information sharing. And so it has been with Coast Guard exercises on portsecurity, says the Government Accountability Office (GAO). According to GAO auditors, 59 percent of the 82 exercises studied raised communica tion issues,including problems with interoperable radio communications, failure to share information with other agencies, and difficulties in accessing necessary classified information. Almost as many exercises were plagued with resource problems, including poor facilities or equipment. Forty-one percent of theexercises raised concerns about the participants’ ability to coordinate a command and control system, for example. Part of the problem, acknowledges theGAO, is that the National Response Plan, launched in January, wasn’t in place during the exercises. That plan supercedes all existing federal interagencyemergency response plans. SM Online takes you to the report.
Improving strategic planning, developing an information technology management structure, and enforcing financial spending and oversight are just several key management challenges facing the Department of Homeland Security, according to a GAOreport.
With so many "stovepipes" in the federal government, it is hard to smoke out the overall effects of efforts at reducing and securing materials in the former Soviet Union and beyond. The Departments of Defense (DoD), Energy (DOE), State, Commerce, and Homeland Security all have a piece of the action. Most programs come from DoD and DOE and, although their threat-reduction and nonproliferation plans are similar, they have "not always been well coordinated," according to a report by the Government Accountability Office (GAO). For example, both departments have programs to improve border security. But officials from each department told GAO auditors that "agencies' roles are not defined, information sharing is infrequent, and there are no procedures to resolve differences among agencies." Previous attempts to integrate some DoD and DOE programs have, however, succeeded, the auditors noted. The report is on SM Online.
Federal agencies are not consistently implementing the basics of information security, such as performing periodic risk assessments, developing and maintaining up-to-date security plans, creating and testing contingency plans, and evaluating and monitoring the effectiveness of security controls, according to a report from the Government Accountability Office (GAO). @Link to Protecting the Federal Government's Information Systems and the Nation's Critical Infrastructures .
In a recent report, the Government Accountability Office (GAO) reviewed the Coast Guard's progress in conducting threat assessments on the nation's most valuable ports. The GAO found that the assessment efforts already conducted were often duplicated by the ports themselves when applying for homeland security grants. Also, many assessments proved more expensive and less useful than anticipated. To help address these problems, notes the report, the Coast Guard implemented a geographic information system (GIS), a computer mapping system that has many information layers so that information can be easily updated and retrieved. However, though the system holds promise, the GAO voiced concern that not enough planning has been done to ensure that the system works consistently and at a reasonable cost. The Coast Guard responded positively to the report and agreed to take the recommended steps to define the functional requirements of the GIS system and to develop a plan for long-term implementation. @ The full report is available at SM Online.
We deliver for you," the U.S. Postal Service likes to say in its ads. Delivery of physical security for its facilities hasn't been as regular, however. GAO site visits to 13 "core facilities revealed a number of security problems," including unaccounted-for keys, deactivated alarms, unlocked gates, unsecured stamps, and employees without ID badges. On the positive side, the USPS has specified security requirements for core facilities and has made gains in carrying these out. @ SM Online has the GAO report on the audit
GAO auditors came up with a set of best practices that regional governmental bodies can adopt. They include making sure to have representation from diverse jurisdictions and stakeholders, developing strategic plans with quantifiable goals, and finding out how to take advantage of federal grants.
GAO examined progress made by the financial markets in improving disaster preparedness. Improvements included greater protection of networks from hackers, geographically removed backup facilities, creation of a private network for routing data between broker-dealers and various markets, and the issuance of business continuity guidelines.
Diploma mills.Yes, there really is a company operating on the Internet as Degrees-R-Us, and GAO auditors purchased bogus degrees from a fictitious university from the company, according to Robert J. Cramer, who testified before the House Subcommittee on 21st Century Competitiveness, Committee on Education and the Workforce. The GAO also set up its own diploma mill and was able to obtain certification from the Department of Education to enroll in the Federal Family Education Loan Program. Finally, GAO auditors determined that some senior-level federal employees have obtained degrees from diploma mills, though specific numbers couldn't be determined.
Intelligence reform. Because significant changes in large organizations can take at least five to seven years, Congress might want to address the transformation of the intelligence community by lengthening the terms of directors, testified the GAO's J. Christopher Mihm before the Subcommittee on Oversight of Government Management, the Federal Workforce, and the District of Columbia, of the Committee on Governmental Affairs. He also spoke about how the FBI has been matching special agents and analysts with critical skills to address its top priorities, a model that the intelligence community might want to follow.
Nuclear security. While the Nuclear Regulatory Commission (NRC) has bolstered security at nuclear plants since 9-11, the GAO cannot yet say whether each plant "has taken reasonable and appropriate steps to address the new design-basis threat," which establishes the maximum terrorist threat that a facility must defend against. Security plans reviewed by GAO lacked "important site-specific information," including where responding guards were to be stationed. Moreover, the GAOnoted that the NRC isn't sharing with plants lessons learned from inspections at those plants.
Fed Ex likes to say that it runs the tightest ship in the shipping business. It's the Coast Guard's mandate to run the tightest ship in the ship business, however, and to that end it is developing an automatic identification system (AIS) to monitor ships traveling to and through U.S. waters. A GAO review shows various challenges, such as whether local port authorities are willing to pay for some of the cost of the infrastructure needed to make it work.
Two new reports look into changing responsibilities of federal law enforcement. One explores the transfer of the Federal Protective Service (FPS) to the Department of Homeland Security, noting that although FPS's mission has expanded, it does not have a transformation strategy to address this expanding mission. A second report analyzes the FBI's transformation to increase its focus on homeland security. Have the FBI's efforts to combat drug, white-collar, and violent crime suffered as a result? The results are mixed, say GAO auditors.
The GAO Reports. Information sharing. Although the Department of Homeland Security (DHS) has taken actions to implement the public-private partnership called for by federal critical infrastructure protection policy, "it has not yet developed a plan that describes how it would carry out its information-sharing responsibilities and relationships." GAO auditors recommend that DHS describe the roles and responsibilities of DHS, information sharing and analysis centers (ISACs), and other stakeholders. The GAO also recommends that the DHS create policies and procedures for sharing information provided by ISACs amongst its departments.
Border security. In June 2003, the GAO recommended that the visa revocation process needed to be upgraded. But a GAO review of visas revoked in late 2003 shows that the process is still inefficient. For example, in at least three of 35 cases reviewed by auditors, it took the State Department six months or more to revoke visas after being advised to do so. Despite various improvements this year, weaknesses remain. The GAO suggests that State and DHS better coordinate with one another and establish performance standards, such as specific time frames, for completing each step in the process.
First responders. No one is really sure how interoperable public safety wireless communications systems are with one another. The DHS intends to do a survey on the topic, with results available by next year. In the meantime, the GAO suggests that the federal government develop national requirements and a national architecture for such systems, create nationwide databases, and provide financial and technical support to states and localities to help them make their systems interoperable. For their part, states should establish bodies to develop interoperability improvement plans. (Relatedly, see "Tech Talk" on page 46 for an item on a first responders interoperability survey.)
Fire safety. Nursing home fires in Hartford, Connecticut, and Nashville, Tennessee, last year killed 31 residents. As old facilities grandfathered from federal fire-safety standards on new facilities, neither had sprinkler systems. The GAO has called for the federal government to work with the National Fire Protection Association to strengthen fire-safety standards and to improve oversight of nursing home fire safety, such as by reviewing exemptions granted to facilities without sprinklers.
The Student and Exchange Visitor Information System (SEVIS), which was criticized when it was started by the Department of Homeland Security (DHS) in July 2002, is now showing signs of improvement, according to the GAO.
The GAO report notes that the TSA still does not require criminal record checks or security awareness training for all airport employees as required by law. Similarly, the TSA has not required airport vendors to develop security programs. And while programs have been launched to investigate perimeter security and biometrics technology, implementation and funding plans remain nebulous.
A newreport from the Government Accountability Office (GAO)--formerly the General Accounting Office--concludes that the Coast Guard's plan to review all vessel security plans has faced numerous challenges and should be updated. As of the beginning of June, the report notes, the Coast Guard had reviewed only half of the 6,400 vessel plans submitted by the July 1 deadline set out in federal law.
The GAO studied the Federal Aviation Administration's enforcement efforts related to safety violations and found that because the FAA has not evaluated the effect of its enforcement actions, it cannot be sure whether those actions had any deterrent effect.
Two new GAO reports discuss border security and homeland security. The first is "Border Security: Additional Actions Needed to Eliminate Weaknesses in the Visa Revocation Process." The second is "Homeland Security: Communication Protocols and Risk Communication Principles Can Assist in Refining the Advisory System."
The level of preparedness for an attack against the U.S. nuclear infrastructure continues to be hotly debated among congressmen. In its latest query to the GAO,the House Subcommittee on National Security, Emerging Threats, and International Relations of the Committee on Government Reform asked about the Department of Energy's (DOE's) continuing response to the September 11 attacks. While stepped-up security has increased deterrence at nuclear sites, say GAO auditors, "it has been expensive and has resulted in fatigue, retention problems, and less training for most sites' protective forces."
Security is only as strong as the weakest link in the chain, so even organizations with the most well-thought-out security programs can be jeopardized if their partners' security practices are lax. This is true of the Department of Defense as well its Defense Security Service, which monitors the information-security programs of more than 11,000 contractors, "cannot identify systemic vulnerabilities and make corrective changes to reduce the risk of information compromise" from contractors. The GAO report, which includes Haave's response, is at SM Online
In a recent report on cargo security, the General Accounting Office (GAO) noted that while U.S. Customs and Border Protection (CBP) has taken steps to increase the security of cargo containers, it has failed to address the potential tampering of such containers. It has also failed to analyze various forms of cargo to assess specific risk factors.
The GAO has issued reports on FBI efforts to address counterterrorism demands with limited personnel and on the Department of Homeland Security's method for tracking persons who overstay their allotted time in the U.S. organizations to obtain information about federal grant programs and funding available for first responders and terrorism-preparedness programs.
The GAO has testified to Congress regarding the airport screener program and the performance of public (federally employed) and private contract staff. The report notes, among other findings, that the Transportation Security Administration did not give private contractors much latitude to implement innovations.In addition, the Department of Homeland Security has released its report on how private airport screeners have performed, which was conducted by BearingPoint. Among the findings, the DHS says, is that "There is no evidence that any of the five privately screened airports performed below the average level of federalized airports. The report concludes there is credible data that in some areas, Kansas City private screeners performed above the average level of their federal counterparts." DHS's release further notes that "Costs for the five privately screened airports were not significantly different from the estimated cost of a federal screening operation at the same airport." With regard to performance, however, the agency says, "Performance was mixed in the larger airports and inconclusive at smaller ones. Generally, at the larger airports passengers had less confidence in the private security process, but their average wait time was slightly shorter. For the smaller airports, there was not enough data available to support any conclusion."
Is the Homeland Security Advisory System working? Although users initially expressed concerns, more recently they have expressed satisfaction. For example, most federal agencies surveyed by the GAO said that the guidance and information they received was timely and helpful. But they also would have benefited from threat information specific to regions, sectors, sites, or events, they said.
Some of the vulnerable areas cited in the aforementioned report, including border and cargo security, have been the subject of recent scrutiny by the U.S. General Accounting Office (GAO). GAO auditors, for instance, recently checked on the status of the US-VISIT (United States Visitor and Immigrant Status Indicator Technology) program, finding that it is "inherently risky, both because of the type of program it is and because of the way it is being managed." Specifically, US-VISIT is inherently risky because it is responsible for a critical, multifaceted mission; has a large and complex scope; must meet a demanding implementation schedule; and entails enormous cost. Risks relating to management include initial reliance on integrating existing systems that have problems. In testimony on cargo inspection, the GAO's Richard M. Stana noted that the Department of HHomeland Security's U.S. Customs and Border Protection (CBP) fails to incorporate key elements of a risk management framework in its approach to risks posed by oceangoing cargo containers. CBP, Stana told the Subcommittee on Oversight and Investigations, House Committee on Energy and Commerce, hasn't determined the level of risk for cargo or the responses necessary to mitigate that risk. Moreover, CBP hasn't subjected its method of selecting and inspecting cargo containers to external peer review or testing, he said.
Many companies continually review and retool the policies and procedures they will implement as the national alert level rises, often relying on internal assessments or benchmarking with other firms to establish these measures. To aid public first responders in pegging fire and emergency-service preparedness to homeland security alert levels, the Federal Emergency Management Agency has issued a list of recommended measures for each level, which can also be adopted by private businesses. For example, an "elevated" alert level (yellow) would call for contacting law enforcement at least weekly to exchange and disseminate threat and intelligence information. A "high" condition (orange) would increase this contact to daily, while "severe" (red) would call for more frequent communication if necessary. The red level would also call for shutting down nonessential networks and computer systems and having businesses prepare to support short-term housing for employees and families. For each level beyond a baseline set of preparatory actions, measures are divided into one of four categories: information/planning, facility security, personnel, and operations. SM Online links you to the guide.
In January 2004, Congress passed legislation to restrict aerial-advertising aircraft--small aircraft that tow advertising banners--over stadiums during certain sporting events. In considering the consequences if the legislation were ever repealed, the House Appropriations Committee's Subcommittee on Homeland Security requested that the General Accounting Office (GAO) investigate how the Federal Aviation Administration and the Transportation Security Administration could mitigate the threat of such aircraft.
The U.S. Department of Agriculture's (USDA's) computer networks have "pervasive information security control weaknesses" that put sensitive information--including "information relating to the privacy of U.S. citizens, payroll and financial transactions, proprietary information, agricultural production and marketing estimates, and mission critical data"--at risk of undetected disclosure, modification, or loss. That's according to a General Accounting Office review of the agency's cybersecurity program. The USDA regularly receives an "F" in the annual Federal Computer Security Report Card. @ Information Security: Further Efforts Needed to Address Serious Weaknesses at USDA is available through SM Online.
The GAO has testified to Congress regarding the airport screener program and the performance of public (federally employed) and private contract staff. The report notes, among other findings, that the Transportation Security Administration did not give private contractors much latitude to implement innovations.In addition, the Department of Homeland Security has released its report on how private airport screeners have performed, which was conducted by BearingPoint. Among the findings, the DHS says, is that "There is no evidence that any of the five privately screened airports performed below the average level of federalized airports. The report concludes there is credible data that in some areas, Kansas City private screeners performed above the average level of their federal counterparts." DHS's release further notes that "Costs for the five privately screened airports were not significantly different from the estimated cost of a federal screening operation at the same airport." With regard to performance, however, the agency says, "Performance was mixed in the larger airports and inconclusive at smaller ones. Generally, at the larger airports passengers had less confidence in the private security process, but their average wait time was slightly shorter. For the smaller airports, there was not enough data available to support any conclusion."
The GAO testified before a House subcommittee on maritime cargo inspection security challenges.
Randolph C. Hite, director, information technology architecture and systems issues, testified before the House Judiciary Committee's Subcommittee on Immigration, Border Security, and Claims, regarding Homeland Security: Risks Facing Key Border and Transportation Security Program Need to Be Addressed.
One of the figures most frequently cited to demonstrate the uphill battle that the United States faces against terrrorists is that only 1 or 2 percent of all imported cargo is inspected by the Department of Homeland Security's U.S. Customs and Border Protection (CBP). In an effort to improve security, the agency has been using a method called automatic targeting, in which certain cargo is selected based on a perceived level of risk. While the targeting system is helping in the fight against terrorism, it lacks key elements of a risk-management framework and is inconsistent with certain risk-modeling practices, according to Richard M. Stana, director of homeland security and justice for the U.S. General Accounting Office (GAO), who testified before the House Energy and Commerce Committee's Subcommittee on Oversight and Investigations.
The GAO has issued a report in the form of a letter to the House Appropriations Committee (Feb 20) regarding how the FBI and DHS's U.S. Immigration and Customs Enforcement (ICE) division are coordinating investigations into money laundering and related financial crimes that might also have ties to terrorism financing. GAO generally concludes that progress is being made.
The GAO has written a report to Congress titled "Homeland Security Advisory System: Preliminary Observations Regarding Threat Level Increases from Yellow to Orange."
The U.S. Department of Agriculture (USDA) has "significant, pervasive information security control weaknesses" brought on by the lack of a fully implemented IT security management program, according to a report from the U.S. General Accounting Office.<
The GAO has issued a report looking at the potential security risks that might arise from aerial advertising, should the existing restrictions on its use be removed. brought under the leadership of TFI."
HHS Secretary Tommy G. Thompson announced (March 11) a major public awareness effort to combat human trafficking and help its victims, including a toll-free hotline
A GAO report on airport screeners finds continued "weaknesses and vulnerabilities in the screening system." Among the problems sited were staff shortages and a lack of high-speed connectivity at some airports, which made it difficult to carry out training programs. With regard to the screening of checked baggage, the GAO says that TSA continues to face "operational and funding challenges."
The Department of Homeland Security has issued a "Myth v. Fact" sheet to address concerns about the proposed CAPPS II (passenger screening system). For example it says: "Myth: Once I buy a plane ticket, CAPPS II will seek out information about my life (travel patterns, purchases, living habits). FACT: CAPPS II will not use data mining techniques to profile and track citizens." And Senator Patrick Leahy (D-VT) issues a statement about a recent GAO report on CAPPS II.
GAO says states report progress in bioterrorism readiness but also site roadblocks. Few states have developed statewide or regional response plans.
A congressional report on CAPPS II, a controversial new computer screening system designed to identify potential terrorists among airline passengers, ""slams the planning," and says "it has failed a series of tests set by lawmakers," reports UPI. See the news coverage and the full GAO report.
The General Accounting Office has issued a report on the federal government's national strategies to fight terrorism since 9-11.
Biometric technologies can play an important role in helping government and private industry secure critical systems, but implementation of the technology is not without challenges, from government concerns such as border security to commercial uses including access control, according to congressional testimony from the General Accounting Office. The testimony also addresses how to weigh the costs and benefits of using biometrics and the effects of the technology on privacy and convenience. The testimony of Keith A. Rhodes, Information Security: Challenges in Using Biometrics
The Nuclear Regulatory Commission (NRC) is addressing the risk of terrorists striking nuclear power plants. Even so, the U.S. General Accounting Office recently identified three holes in its security posture.
In a recent study, the General Accounting Office (GAO) found that the amount of radioactive material stored in stainless steel or other metal and used for medical, industrial, or research purposes in the United States cannot be determined because the licenses issued for the storage devices are not tracked.
A report from the GAO looks at how the Air Marshal program is working. The report notes that the Federal Air Marshal Service has gone from a single office with a budget of about $4.4 million in fiscal year 2001 to 21 offices and a budget of $545 million in fiscal year 2003. It has been criticized in the media for problems with training and retention. The GAO notes that the agency has lost about 10 percent of its work force, and the GAO suggests that data be collected in future to determine why air marshals quit. It also suggests that the service collect information on actual hours worked versus hours scheduled to see whether marshals are being overworked. GAO further notes that "changes will be needed to resolve differences in the pay systems and compensation of air marshals, immigration agents, and customs agents."
The government's scrutiny of transportation security has the U.S. General Accounting Office (GAO) pumping out documents on maritime security, aviation security,airport passenger screening, and US-VISIT (United States Visitor and Immigrant Status Indicator Technology), a border and transportation security program.
In most quarters, "A penny saved is a penny earned" is just another bromide. But it's taken in its literal sense by security forces at the U.S. Mint, where nickel and dime theft grows into big losses: tens of thousands of dollars in coins have been stolen by employees in the last several years.Read the report.
The GAO has issued two new reports, one on improvements needed in money laundering prevention efforts and another on "Combating Terrorism: Improvements Needed in European Command's Antiterrorism Approach for In-Transit Forces at Seaports." (the terrorism report is not online.)
The Coast Guard has issued six final rules today on maritime security. The rules cover issues such as facility security, vessel security plans, and automatic identification systems, area rules, general provisions, outer continental shelf facility security.
Even two years after 9-11, the U.S. nuclear security and safeguards program still needs help, according to the General Accounting Office (GAO). Reviewing the security posture of four nuclear weapons production sites and three national laboratories that design nuclear weapons, the GAO found weaknesses in four areas.
Bad news continues to flow out of government and industry groups assessing the U.S. public health system's readiness for a terrorist attack. Both reports (Ready or Not:(1) Findings and Recommendations of the APHL Chemical Terrorism Project, and Hospital Preparedness: (2) Most Urban Hospitals Have Emergency Plans but Lack Certain Capacities for Bioterrorism Response)
Another GAO report examines the use of CCTV in Washington, D.C., to fight terrorism and considers the attendant privacy concerns of civil liberties advocates.
A report recently issued by the General Accounting Office (GAO) explores the roles of the Department of Transportation (DOT) and the Transportation Security Administration (TSA) in protecting the nation's transportation system.
The GAO has issued a report examining the problems with programs proposed by the Department of Homeland Security to increase border and transportation security, such as the US-VISIT program. The report also suggests how the program's can be improved.
Even two years after 9-11, the U.S. nuclear security and safeguards program still needs help, according to the General Accounting Office (GAO). Reviewing the security posture of four nuclear weapons production sites and three national laboratories that design nuclear weapons, the GAO found weaknesses in four areas.
Another GAO report examines the use of CCTV in Washington, D.C., to fight terrorism and considers the attendant privacy concerns of civil liberties advocates.
A report recently issued by the General Accounting Office (GAO) explores the roles of the Department of Transportation (DOT) and the Transportation Security Administration (TSA) in protecting the nation's transportation system.
The GAO told a congressional committee that progress in airport security has been made but that remaining challenges include such issues as the need to develop a comprehensive risk management approach. Other challenges concern how to obtain funds and control costs and the need to develop a results-oriented culture.
Agencies have made progress in implementing provisions of the Maritime Transportation Security Act, but problems remain, says a new GAO report. For example, it says, only a limited number of ports have vessel identification technology in place and concerns remain about approval of security plans for foreign vessels.
The GAO has recently testified before Congress on the challenges of implementing smart card technology and on the challenges of using biometrics for information ecurity. Both reports are online.
The GAO has recently testified before Congress on the challenges of implementing smart card technology and on the challenges of using biometrics for information security. Both reports are online.
In a review of 240 visa revocations by the General Accounting Office (GAO), auditors found that the Immigration and Naturalization Service and the FBI were still not always receiving notice of State Department revocations, and names were not consistently posted to the agencies' watch list of suspected terrorists. Worse yet, 30 people whose visas were revoked on terrorism grounds may still be in the United States.
Despite some progress in improving information security controls in the past several years, ongoing computer control weaknesses at the Internal Revenue Service (IRS) "threaten the confidentiality, integrity, and availability of sensitive systems and taxpayer data," according to a recent report by the General Accounting Office (GAO) prepared for a House subcommittee.
In the past two years, the FBI has had to reallocate its resources to better address terrorist threats. Word from the General Accounting Office (GAO) is that the FBI is making "good progress" but lacks adequate staff for analytical and technical assistance.
A recent reportby the General Accounting Office (GAO) discusses the state of rail security and notes that while private rail companies have been working to implement safety measures since 9-11, the Department of Homeland security has yet to develop a rail security plan for the country.
The House Select Committee on Homeland Security Subcommittee on Border and Infrastructure heard from Robert C. Bonner, commissioner of the Bureau of Customs and Border Protection (BCBP) and Richard M. Stanna, GAO director of homeland security and justice issues. Stanna noted that in FY2002, inspectors at over 300 ports of entry inspected nearly 450 million travelers, while the Border Patrol agents apprehended nearly 960,000 persons attempting to enter the United States illegally. He then discussed challenges faced by BCBP both with respect to cargo inspection and illegal entry of persons at borders. Bonner discussed smart border initiatives using technology and other issues.
U.S. General Accounting Office is recommending that the Department of Health and Human Services develop "specific benchmarks that define adequate preparedness for a bioterrorist attack."
Inspectors from the U.S. General Accounting Office (GAO) recently set out to determine the extent to which federal statutes regulate the security that food processors must have in place at their facilities.
About 700 U.S. chemical facilities could each potentially threaten at least 100,000 people in its surrounding area, and 3,000 facilities could each potentially threaten 10,000 people, according to the General Accounting Office (GAO).
Turns out that even as the United States clamps down on its borders, it's still pretty easy to get into the country with a little confidence and bogus paperwork, according to Robert J. Cramer, managing director of the Office of Special Investigations (OSI), General Accounting Office.
For months, experts have been warning about the difficulty of merging 22 agencies with vastly different missions, bureaucracies, and cultures into a cohesive Department of Homeland Security (DHS). Now as the various mergers begin to occur, Congress is holding hearings on some of the specific concerns that will have to be addressed. Recent testimony by the GAO's JayEtta Z. Hecker, director of physical infrastructure, details six of the challenges faced by the Coast Guard as it merges into the DHS: strategic planning, communication and partnership building, performance management, human capital strategy, information management and technology, and acquisition management.
The National Institute of Justice has released a two-CD-ROM set called Conflict Resolution for School Personnel: An Interactive School Safety Training Tool. The CDs contain tutorials and interactive scenarios on anger, threats, weapons attacks, suicide, and weapons on campus.
Did 9-11 prompt companies to alter their employee computer-use policies? From the small sample of firms studied by the U.S. General Accounting Office (GAO), the answer is most probably no. Examining the practices of 14 Fortune 1000 companies, researchers found that none had changed their computer-use policies due to September 11 and its aftermath. But awareness was heightened. The report found "a growing concern about electronic intrusion into their computer systems from outside trespassers or viruses." And companies "increased their vigilance by strengthening their surveillance of incoming electronic transmissions."
The Washington Post reports that "In a report to the House Judiciary Committee, the General Accounting Office said the Justice Department failed to monitor important IT projects at the Immigration and Naturalization Service (INS)," which has implications for tracking of suspected terrorists.
"In a report to the House Judiciary Committee, the General Accounting Office said the Justice Department failed to monitor important IT projects at the Immigration and Naturalization Service (INS)," which has implications for tracking of suspected terrorists.
The General Accounting Office (GAO) has sent a letter to Congress detailing challenges that face the nation in its drive toward greater homeland security. Among the issues: How to overcome "turf" issues that arise when information needs to be shared, legal and regulatory barriers to information sharing, and technological measures that can be used to protect shared databases.
Due to their often-multijurisdictional nature, intentional openness, and tight budgets, mass transit agencies pose a particularly difficult security challenge. Nevertheless, many transit agencies increased security significantly after 9-11. In testimony before Congress, Peter Guerrero, director of physical infrastructure issues for the U.S. General Accounting Office (GAO), recently described some of these enhancements. For example, Guerrero told a Senate subcommittee that deals with transportation issues that many transit agencies have looked anew at their vulnerabilities, boosted training on emergency preparedness, conducted multiple emergency drills, and fast-tracked projects initiated before September 11.
The U.S. General Accounting Office (GAO) recently explored whether money launderers were using illicit funds already placed in bank accounts to pay off credit card bills.
The fraudulent document of choice for aliens trying to enter the United States is the border crossing card; more than 30,000 of these cards were confiscated at U.S. borders in 2001. The next most common documents were alien registration cards (26,259), nonimmigrant visas (21,127), and U.S. passports and citizenship documents (18,925).Read the GAO report on this data and other report.
Homeland security concerns have the U.S. government furiously looking for new security technologies. Yet there is concern that, because of intellectual property issues, the U.S. government may be having trouble getting commercial vendors to enter into contracts.Read the GAO report. >
Estimated costs for irradiating mail throughout the United States range from about $880 million to $4.2 billion over a ten-year period, according to areport prepared by the U.S. General Accounting Office.
Estimated costs for irradiating mail throughout the United States range from about $880 million to $4.2 billion over a ten-year period, according to areport prepared by the U.S. General Accounting Office.
The Department of Agriculture, the Food and Drug Administration, and the Department of Transportation are among those federal agencies that have been singled out by the media and Congress as having important roles to play in helping the nation defend against bioterrorism. So why have those agencies been excluded in policy development and planning? That's just another example of the federal government's fragmented approach to countering terrorism, testified Paul L. Posner, managing director of federal budget and strategic issues for the U.S. General Accounting Office (GAO). Other GAO officials concurred.
Despite the frenzied effort to shore up federal facility security after the September 11 attacks and the anthrax scare, serious problems remain, as evidenced by the ability of government investigators to enter four federal buildings in Atlanta recently using bogus law enforcement IDs. Keith A. Rhodes, chief technologist for the General Accounting Office (GAO), told the panel that iris scanning fits the bill, noting that "it's the least invasive to the individual." He pointed out that scanners could capture the iris without requiring users to wait long or stand too close to the camera. And the time and distance requirements are being improved as camera technology evolves.Despite these advances, other witnesses noted that, just as in the private sector, biometrics has only carved out a small niche in federal building security. John N. Jester, chief of the Defense Protective Service, says that iris scanning and hand geometry are used only at specific sensitive offices. Nor are biometric systems being requested at government sites more often, Moravec told the subcommittee. Instead, countermeasures have included explosive detection systems, under-vehicle inspections, air-intake sensors, bomb dogs, and biological/chemical detection equipment. Moravec also told SM that current government building assessments are looking closely at preventing toxins in the air supply.
Federal law enforcement agencies generally don't specifically track identity theft cases, and identity theft is often wrapped in crimes such as credit card fraud. Pulling together the data that does exist, Richard M. Stana, director of Justice Issues for the U.S. General Accounting Office (GAO), recently testified before Congress that various measures support the perception that identity theft is becoming more common.A related issue, identity fraud, is the focus of a new paper by LexisNexis. (The difference between identity fraud and identity theft, the paper says, is that identity theft involves assuming an existing person's identity, usually to commit financial crimes. Identity fraud covers any criminal use of false identifiers.) >
Recent testimony by Richard J. Hillman, a GAO official, before the House Committee on Financial Services, Subcommittee on Oversight and Investigations warned that insurance companies can't eliminate terrorism insurance fast enough.
The Department of Agriculture, the Food and Drug Administration, and the Department of Transportation are among those federal agencies that have been singled out by the media and Congress as having important roles to play in helping the nation defend against bioterrorism. So why have those agencies been excluded in policy development and planning? That's just another example of the federal government's fragmented approach to countering terrorism, testified Paul L. Posner, managing director of federal budget and strategic issues for the U.S. General Accounting Office (GAO). Other GAO officials concurred.
Recent testimony by Richard J. Hillman, a GAO official, before the House Committee on Financial Services, Subcommittee on Oversight and Investigations warned that insurance companies can't eliminate terrorism insurance fast enough.
Nancy Kingsbury, managing director of GAO's Applied Research and Methods,testified before the Subcommittee on National Security, Veterans' Affairs, and International Relations, House Committee on Government Reform that the Department of Defense had not "systematicallyxamined the current distribution of medical personnel across specialties with respect to adequacy for chemical and biological defense."
Richard M. Stana, director of Justice Issues for the U.S. General Accounting Office (GAO), recently testified before Congress that various measures support the perception that identity theft is becoming more common.A related issue, identity fraud, is the focus of a new paper by LexisNexis. (The difference between identity fraud and identity theft, the paper says, is that identity theft involves assuming an existing person's identity, usually to commit financial crimes. Identity fraud covers any criminal use of false identifiers.)
Thomas J. McCool, managing director, financial markets and community investment, described for the Senate Committee on Banking, Housing, and Urban Affairs some features of insurance programs that cover catastrophic or terrorist events.
For security experts, risk management is a well-known term comprising threat assessment, vulnerability analysis, and a criticality review. But a surprisingly large number of private and public organizations in the United States fail to assess risk and take appropriate measures using this method. In recent testimony before the Subcommittee on National Security, Veterans Affairs, and International Relations, House Committee on Government Reform, an official with the General Accounting Office (GAO) detailed this approach and urged the nation to adopt it. >
Although fires in federal office buildings result in about 90 injuries and $130 million in property damage per year, the U.S. Fire Administration does not collect data on the number or causes of these incidents.
At least 34 federal agencies have significant roles in fighting international crime, from obvious players such as the Secret Service and the FBI to lesser known entities such as the Office of Foreign Assets Control and the Bureau for International Narcotics and Law Enforcement Affairs. Inevitable jurisdictional overlaps mean that these agencies must closely coordinate with one another.(pdf)
Janet Heinrich,director, health care--public health issues for GAO, recently testified before the Subcommittee on Government Efficiency, Financial Management, and Intergovernmental Relations, House Committee on Government Reform that many federal agencies have beenengaged in research and preparedness activities. Striking the same chord recently intestimony before the Senate Committee on Health, Education, Labor, and Pensions were several public health and bioterrorism experts. Mohammad N.Akhter, executive director of the American Public Health Association, noted that only 25 states have Epidemic Intelligence Service Officers, known as "disease detectives," supplied by the Centers for Disease Control and Prevention. Michael T.Osterholm, the director of the Center for Infectious Disease Research and Policy atthe University of Minnesota, presented the results of a workgroup that proposed funding amounts for specific initiatives. Donald Henderson, director of the Johns Hopkins Center for Civilian Biodefense Studies,targeted areas for immediate improvement, such as communications between public health agencies and the availability of a national pharmaceutical stockpile. Finally, at another hearing, a GAO expert warned that the food safety system is unlikely to detect and quickly respond to the contamination of food with biological agents.(pdf)
In the grim aftermath of the September 11 attacks, the U.S.General Accounting Office (GAO) has reiterated its longtime suggestion that the United States boost its defense of terrorist attacks. Read the testimony and the GAO report.(pdf).
GAO report by Homeland Security on "Challenges and Strategies in Addressing Short- and Long-Term National Needs." (pdf).
General Accounting Office (GAO) (pdf) has discovered that cardholders have been using Pentagon money to buy personal items. This fraud, waste, and abuse resulted from weak internal controls, flawed or nonexistent policies and procedures, and disregard of actual policies and procedures. For example, no policy effectively limited the issuance of cards, so more than one-third of employees at one Navy facility had de facto procurement power, the GAO found. In another audit, the GAO cited internal control weaknesses at the U.S. Department of Education that have led to improper payments,including those resulting from fraud and abuse.
Using fake driver's licenses, undercover auditors from the General Accounting Office were recently able to buy various guns and ammunition from dealers in five states--Arizona, Montana, New Mexico, Virginia, and West Virginia.Read the report.
Vulnerabilities in, and Alternatives For, Preboard Screening Security Operations, by Gerald L. Dillingham, director, physical infrastructure issues, before the Senate Committee on Government Affairs and the Subcommittee on Oversight of Government Management, Restructuring, and the District of Columbia.Read the GAO report.
In one report, the GAO told the House Subcommittee on National Security, that while progress has been made since the last audit in 1999, agencies can do more to ensure the availability of pharmaceutical and medical supplies used to treat victims in the event of biological and chemical attacks. In a second report, the GAO told congressional requesters that the Federal Emergency Management Agency has put to use the lessons learned from the Oklahoma City bombing, such as establishing enough emergency response teams to treat mass casualties. A third report
Three years after the National Infrastructure Protection Center (NIPC) was created, it is "often not able to provide timely information on changes in threat conditions or warnings of imminent attacks," according to a report that the GeneralAccounting Office (GAO) presented to Congress recently.
A recent General Accounting Office (GAO) report notes that during the 2000 tax filing season, the IRS "did not adequately secure access to its electronic filing systems or to the electronically transmitted tax return data those systems contained," exposing this information to compromise by both insiders and outsiders.
A recent report by the General Accounting Office (GAO), "Information Security: Challenges to Improving DoD'sIncident Response Capabilities," indicates that the Department of Defense has a long way to go in addressing the information security challenges it faces.
he U.S. government is making strides toward establishing a public-key infrastructure (PKI) by promoting its use in individual departments and "laying the groundwork for the future development of a broader governmentwide PKI," according toa recent report from the General Accounting Office (GAO).
Department of Health and Human Services issued a long-awaited regulation addressing privacy of medical data. Examining this regulation, the GAO has concluded that while it gives patients some control of how physicians, health plans, and hospitals use their private data, these same entities "will face a complex set of privacyrequirements that are not well understood at this time."
To shore up operational systems security, the GAO recommends, in part,assessing all operational air traffic control systems and addressing any weaknesses, and completing overall security guidance documents.
GAO testimony,lawmakers accused FAA officials at the hearing of not taking the agency's security vulnerabilities seriously. Willemssen criticized the FAA for such errors as not implementing its security awareness policy, failing to report lapses in physical security, and having poor intrusion detection systems.
GAO issues report on airport screener personnel performance problem.
GAO report recommendedthat researchers traveling on behalf of the Department of Energy (DOE) receive morecomprehensive security training and that trip requests be more carefully reviewed bysenior officials.
U.S. General Accounting Office (GAO) has identified computer security weaknesses at many government agencies, including the Environmental Protection Agency, the Department of Defense, NASA, the Department of State, and the Department of Veterans Affairs.
GAO report on DOD information security.
GAO discuss various aspects of the United States' preparedness for terrorism. Testimony before the HouseSubcommittee on National Security, Veterans Affairs, and International Relations, Committee on Government Reform points to lack of internal controls to manage medicalstockpiles that would be used to treat civilians in a chemical or biological attack. More GAO testimony,before the House Subcommittee on Oversight, Inves tigations, and Emergency Management,Committee on Transportation and Infrastructure, delves into various issues in managing counterterrorist programs. The authors of a GAO report also question whether counterterrorism strategies are being properly coordinated.
GAO Testimony before the Senate environmental committee's nuclear safety subcommittee is based on May 1997 report about preventing problems at nuclear power plants.
GAO official Carol R. Schuster, who testified before the House Subcommittee on National Security, Veterans Affairs, and International Relations, a part of the Committee on Government Reform, all 530 of these people received top secret clearance even though "investigators had not always verified such basic information as residency, citizenship, or employment." Read the full report.
GAO report that EPA could do a better job on providing senstive business information.
GAO Testimony before the Senate environmental committee's nuclear safety subcommittee is based on May 1997 report about preventing problems at nuclear power plants.
In 1998, why were black women nine times more likely than white women who were U.S. citizens to be x-rayed after being frisked or patted down in U.S. airports by Customs agents? Read the GAO report.
U.S. General Accounting Office (GAO) has identified computer security weaknesses at many government agencies, including the Environmental Protection Agency, the Department of Defense, NASA, the Department of State, and the Department of Veterans Affairs.
The GAO(pdf version, text version) has also testified about security issues at the Department of Energy's recently formed National Nuclear Security Administration (NNSA), created on March 1, 2000,to remedy weak oversight of contractors and poor accountability for program management.Jones also testified(pdf version, text version) before the Subcommittee on Energy and Power and the Subcommittee on Oversight and Investigations, House Committee on Commerce, about the NNSA's security programs to protect against theft, sabotage, terrorism, and other risks to national security.
The threat of weapons of mass destruction is omnipresent throughout Russia and the other newly independent states, especially since Russia is apparently unable to fund its share of U.S. programs designed to reduce these threats.Readthe GAO report.
The GAO's assessment of State's overseas emergency security program.
The threat of weapons of mass destruction is omnipresent throughout Russia and the other newly independent states, especially since Russia is apparently unable to fund its share of U.S. programs designed to reduce these threats.Read the GAO report.
The GAO has shown that, through the Internet, hackers can feast on EPA data.
New GAO report looks at progress towards securing embassies.
The Drug Enforcement Administration (DEA) suffers similar problems, according to another GAO report.
GAO auditors found deficiencies in U.S. Department of Education's user identification and password management, physical security of computer facilities, access control for sensitive computer resources, documentation of its information technology architecture, and disaster recovery plans.
U.S. General Accounting Office (GAO) issued a report assailing the Department of Defense for its porous defense of information and computer systems.
Money laundering. GAO has the full report and related testimony.
Department of Veterans Affairs, which had taken several steps to improve systems security after a critical GAO report was published in September 1998. While also flawed, the computer systems of the Federal Reserve Banks at least did not have vulnerabilities that posed significant risks .
GAO report, "Information Security Risk Assessments: Practices of Leading Organizations."
GAO issued a report assailing the Department of Defense for its porous defense of information and computer systems.
Testimony by a GAO official before the House Committee on Banking and Financial Services' Subcommittee on Domestic and International Monetary Policy.
The ARC claims that the theft problem is minor and on the decline, amounting to a fraction of the airlines' gross revenues. Travel agency representatives contend that the problem is severe and has had a devastating economic effect. Turns out they both could be right, according to a recent report by the U.S. General Accounting Office (GAO).
GAO report calls ATOS promising, but asserts that the FAA is still hamstrung by a lack of clear guidance, staff turnover, inadequate technical training and experience among inspectors, and other problems.
GAO report discusses the growing narcotics threat from Colombia.
GAO report of information security at DOD
GAO report that Russia has failed to supply its share of the costs for the nuclear storage facility.
GAO report that veterans of the Gulf War have been complaining about unexplained illnesses, which some attribute to anthrax vaccines.
GAO report on whether HHS had done its homework on combatting terrorism.
GAO testimony before the subcommittee on Enhancing Federal Oversight of Electronic Banking.
More GAO reports and GAO publication on "Year 2000Computing Crisis" can be read online.
GAO report on Y2k and the electric industry.
GAO report on Y2k and the water industry.
GAO report on Y2k and vetarans' benefits and healthcare services.
GAO report on Y2k and biomedical equipment
GAO report on Y2k emergency funds
GAO report on Y2k and Global Positioning System
GAO report online on FAA and Y2k readiness
GAO Report on Internet fraud
GAO Report on the technology that detects and measures the presence of specific materials in explosives and drugs.
GAO Report on Medical records privacy .
GAO Report on testimony to the Senate Committee on Health, Education, Labor and Pensions.
GAO Report on Department of Energy's efforts to reduce nuclear risks.
GAO Report on the FBI resources devoted to fighting terrorism more than doubled, jumping from an estimated $256 million in 1995 to about $581 million in 1998.
GAO Report that the Information Security Oversight Office has not conducted security inspections of EOP activities.
GAO Report on Federal Reserve Banks: Areas for Improvement in Computer Controls.
GAO Report on Combating Terrorism.
GAO Report Terrorism.
GAO Report Economic Espionage
GAO Report Drug Trafficking: Responsibilities for Developing Narcotics Detection Technologies .
GAO Report Terrorism and Drug Trafficking: Responsibilities for Developing Explosives and Narcotics Detection Technologies .
GAO Report Fingerprint-Based Background Checks: Implementation of the National Child Protection Act of 1993 .
GAO Report Drug Control: Long-Standing Problems Hinder U.S. International Efforts
GAO Report Health Care Fraud .
GAO Report Aviation Security .
GAO Report Information Security: Computer Attacks at Department of Defense .
GAO Report Money Laundering .
GAO Report Private and Public Prisons:Studies Comparing Operational Costs and/or Quality of Service.
University of Florida Response to GAO Report on Private and Public Prisons
GAO Report Drug Control: Counternarcotics Efforts in Mexico .
GAO Report Counterfeit U.S. Currency Abroad:Observations on Counterfeiting and U.S. Deterrence Efforts
GAO Report U.S. Treasury: Observations on Plans to Study Genuine and Counterfeit U.S. Money Abroad.
GAO Report Aviation Safety: FAA Has Begun Efforts to Make Data More Publicly.
GAO Report Substance Abuse and Violence Prevention: Multiple Youth Programs Raise Questions of Efficiency and Effectiveness .
GAO Report Aviation Security (includes Exhibits).
GAO Report Information Management and Technology.
GAO Report Nuclear Nonproliferation and Safety: Uncertainties About the Implementation of U.S.-Russian Plutonium Disposition Efforts .
GAO Report Nuclear Power Safety:Industry Concerns With Federal Whistleblower Protection System.
GAO Report Violent Crime: Federal Law Enforcement Assistance in Fighting Los Angeles Gang Violence .
GAO Report DOE Security: Information onForeign Visitors to the Weapons Laboratories.

OSHA Reports

Don’t know what to do if pandemic influenza hits the U.S.? Then read the Occupational Safety and Health Administration’s pandemic influenza preparedness and response guidelines for the healthcare field.
The FDA’s Food Facilities Registration Database is intended to help the government share warnings of food-borne illnesses, but errors in the contact information were found in a recent test. See the study results online.
A bill (H.R. 3165) introduced by Rep. Al Green (D-TX) would hold companies criminally liable for the deaths of contract employees that result from willful violations of safety standards set out by the Occupational Safety and Health Administration. H.R. 3165 has 12 cosponsors and has been referred to the House Education and the Workforce Committee.
Several bills that would give employers more latitude in disputes with the Occupational Safety and Health Administration (OSHA) have been merged into one measure (H.R. 739). This bill has been passed by the House of Representatives and is currently pending in the Senate Health, Education, Labor, and Pensions Committee.The legislation would allow employees more time to contest safety violations. Currently, employers have 15 days to contest safety violations. The bill would allow employees to exceed that 15-day time limit if the failure to contest results is from “mistake, inadvertence, surprise, or excusable neglect.”H.R. 739 would also allow employers with 100 or fewer employees and a net worth of $7 million or less to collect attorney’s fees ifthey prevail in a dispute with OSHA.
The National Institute for Occupational Safety and Health has released a DVD on preventing work-related homicides. Among other material, it contains a training program and OSHA guidelines. @ To download it or request a free hard copy go to SM Online.
The Occupational Safety and Health Administration (OSHA) has issued two ergonomics guidelines, one for the retail grocery industry and the other for poultry processing plants.
One bill (H.R. 2728) introduced by Rep. Charlie Norwood (R-GA) would allow businesses extra time to reply to OSHA citations. Under current law, businesses have 15 days to respond. However, H.R. 2728 would allow OSHA to grant exceptions to this deadline in cases where the employer failed to comply due to "mistake, inadvertence, surprise, or excusable neglect." Another bill (H.R. 2731) also introduced by Norwood would allow small businesses--those with fewer than 100 employees and a net worth of less than $7 million--to seek reimbursement of attorney's fees if they successfully contest an OSHA citation. Such fees could be collected from the government even if the citation was "substantially justified."
Small businesses often struggle with understanding them. Now they can get free on-site health and safety consultations from state governments. Participant companies' names are kept anonymous. In addition, any unsafe conditions found during a consultation will not automatically be reported. The program may even exempt businesses from general scheduled OSHA inspections for one year. @ Go to SM Online to learn more about this free service.
Two bills (S. 1272 and H.R. 1583), introduced by Sen. Jon Corzine (D-NJ) and Rep. Charlie Norwood (R-GA) respectively, would affect company compliance with Occupational Safety and Health Administration (OSHA) rules.
The Occupational Safety and Health Administration will publish in the May 28, 2003 Federal Register an interim final rule establishing procedures for the handling of whistleblower complaints under the Corporate and Criminal Fraud Accountability Act of 2002, also known as the Sarbanes-Oxley Act. OSHA is seeking comments from interested members of the public. Persons wishing to comment on the interim final rule should submit written comments no later than July 28, 2003.
OSHA has issued its five-year plan for making the workplace safer, including reducing injuries and improving workplace emergency response capabilities.
OSHA has developed an Evacuation Planning Matrix to help employers develop their own plans for reacting to a potential chemical, radiological, nuclear, or biological terrorist attack. The agency notes that it is not a compliance tool. "Rather, this document covers the general aspects of emergency planning and includes broad questions to help employers review their existing plan in light of an indoor or outdoor terrorist release," explains the introduction.
The Occupational Safety and Health Administration (OSHA) has sent letters to 14,000 work sites with higher than average injury and illness rates.
The Occupational Safety and Health Administration (OSHA) has released guidelines for companies that must comply with the agency's new bloodborne pathogens rule, which took effect last month.
The Occupational Safety and Health Administration (OSHA) has issued a final rule on its ergonomics program.
A fact sheet from the Occupational Safety and Health Administration, lists ten
OSHA publishes proposed ergonomics standard.
The U.S. Occupational Safety and Health Administration (OSHA) recently stated that employers are not responsible for the work area and equipment of white collar employees who work at home.
Department of Justice's healthcare fraud report for FY 1998
The Occupational Safety and Health Administration (OSHA) has released a directive on how employers can minimize the health risks presented by bloodborne pathogens present on contaminated needles or other sharp objects.
OSHA revises bloodborne pathogens compliance directive.
OSHA Report Violence in the Workplace.
OSHA Report Workplace Violence Prevention Programs for Night Retail Establishments .
OSHA Report Preventing Workplace Violence for Health Care and Social Service Workers

Testimony Before Congress

The Senate Judiciary Committee recently held a hearing to examine the privacy and civil liberties concerns surrounding the driver’s license requirements mandated under the REAL ID Act. Witnesses also evaluated two new bills—S. 717 and H.R. 1117—that would repeal REAL ID and require a new set of standards for driver’s licenses. You can read the full testimony here.
The bill (S. 378) would increase courthouse security has been approved by the Senate. The House of Representatives has not announced whether it will take action on the bill, which would also require that the U.S. Marshals Service offer ongoing security advice to the judiciary.
The bill (H.R. 493) would prohibit discrimination based on genetic information has been approved by the House of Representatives. The Senate has agreed to consider the measure and has also released a report on the proposed legislation.
The bill (S. 236) introduced by Sen. Russ Feingold (D-WI) would monitor government use of data mining has been approved by the Senate Judiciary Committee.
The bill (H.R. 1413), introduced by Rep. Nita Lowey (D-NY), would establish an airport security pilot program has been approved by the House Homeland Security Committee’s Subcommittee on Transportation Security and Infrastructure Protection.
Two bills (S. 430 and H.R. 718) introduced by Sen. Christopher Bond (R-MO) and Rep. Tom Davis (R-VA) would require the military to identify gaps between federal and state capabilities to respond to emergencies that have been created by the deployment of National Guard troops to Iraq and Afghanistan. The bill would also make the Chief of the National Guard Bureau a member of the Joint Chiefs of Staff.
A bill (S. 4) designed to implement the final recommendations of the 9-11 Commission has been approved by the Senate and has been received by the House of Representatives. [A companion bill (H.R. 1) has been approved by the House and is now pending in the Senate Homeland Security and Governmental Affairs Committee.]
A bill (H.R. 1680) that would regulate the sale and purchase of ammonium nitrate has been approved by the House Homeland Security Committee’s Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology. Ammonium nitrate is a critical ingredient used in making explosives.
A bill (H.R. 1401) that would enhance security requirements for public transit systems has been approved by the House of Representatives and has been referred to the Senate Commerce, Science, and Transportation Committee.
A bill (S. 544) introduced by Sen. Pat Roberts (R-KS) would provide tax credits for retailers who sell agricultural products to implement security provisions.
Mayors, governors, and civil libertarians gave Congress an earful about the REAL ID Act, saying that it is costly, impractical, and will put private data at risk. They are pushing for a revised law.
A bill (S. 378) to increase courthouse security has been approved by the Senate Judiciary Committee. The bill would require that the U.S. Marshals Service offer ongoing security advice to the judiciary.
A bill (S. 509), introduced by Sen. Daniel K. Inouye (D-HI), that would require screening of cargo on passenger airplanes has been approved by the Committee on Commerce, Science, and Transportation. The Senate has agreed to consider the bill
A bill (S. 358) introduced by Sen. Olympia Snowe (R-WA) would prohibit discrimination based on genetic information has been approved by the Senate Health, Education, Labor, and Pensions Committee
Apparently,jihadists have a new slogan reminiscent of the age old cliche, "The pen is mightier than the sword." Theirs is a bit more tech savvy though: “Keyboard equals Kalashnikov.”

This tidbit came yesterday (May 3) at the Senate Committee on Homeland Security and Government Affairs hearing on Islamic extremist radicalization and recruiting via the Internet.

Another disturbing piece of information came from Lieutenant Colonel Joseph H. Felter, director of the Combating Terrorism Center at West Point. In what he labeled turning "consumers" of jihadist propaganda into "producers of terrorism," one jihadist Web site held a web design contest for their Web site. What did the winner get? To fire a rocket from the comfort of home with a mouse click.

Committee Chairman Sen. Joe Lieberman (I-CT) said it was ironic "that the internet – invented by the Department of Defense as a way to ensure undisrupted communications in the event of an enemy attack – is now being used to recruit and train the terrorists who plot such lethal attacks against American and other western targets."

The witnesses each elucidated strategies to counter jihadist radicalization and recruitment online. None more so than Frank J. Cilluffo, director of Homeland Security Policy Institute at George Washington University, who in partnership with The University of Virginia’s Critical Incident Analysis Group, released a report as part of the hearings: "NETworked Radicalization: A Counter-Strategy."
A bipartisan amendment to prevent domestic eavesdropping passed the House on Friday (May 11) as part of the Intelligence Reauthorization Bill.

The amendment, sponsored by Representatives Adam Schiff (D-CA) and Jeff Flake (R-AZ), reaffirmed that law enforcement must follow the Foreign Intelligence Surveillance Act (FISA) when electronically gathering information domestically to protect national security. FISA ensures there is judicial approval and oversight when conducting electronic surveillance such as wiretapping. Under FISA, law enforcement must seek a warrant before, or up to 72 hours after, the beginning of surveillance from the Foreign Intelligence Surveillance Court (FISC).

The passage of the amendment is a setback for the Bush Administration, which is seeking to expand its ability to set up warrantless surveillance on whomever it deems to be a threat to national security.
A bill (H.R. 592), introduced by Rep. Bill Pascrell (D-NJ), would require colleges and universities that receive federal funds to provide an annual fire-safety report to all current students and employees, and to any applicant upon request. The report would contain specific information about the fire-safety practices and standards of that institution.
Sen. Frank Lautenberg D-NJ) has introduced legislation aiming to bar terrorism suspects from acquiring firearms. The bill, (S. 1237), would empower the attorney general to restrict gun sales to people suspected of terrorism activities. Those denied firearms can appeal the decision to the attorney general. The Department of Justice has endorsed the bill but says under certain circumstances, terrorism suspects will be allowed to make the purchase if tipping them off could hamper intelligence gathering and drive suspects underground. Some critics fear the law is a fundamental violation of due process and a continued assault on 2nd Amendment rights.
A bill (H.R. 599) that would streamline the certification process under the SAFETY Act, which provides legal immunity for the use of certified products, has been approved by the House of Representatives and is currently under consideration in the Senate Homeland Security and Governmental Affairs Committee.
A bill (S. 276) introduced by Sen. Dianne Feinstein (D-CA) is designed to curb document fraud by making it illegal for anyone to produce, issue, or transfer more than ten legitimate passports without permission from the government. Forging, counterfeiting, or altering passports and making ten or more false applications for passports would be punishable by up to 20 years in prison.
Sen. Frank Lautenberg (D-NJ) has introduced legislation aiming to bar terrorism suspects from acquiring firearms. The bill, (S. 1237), would empower the attorney general to restrict gun sales to people suspected of terrorism activities. Those denied firearms can appeal the decision to the attorney general. The Department of Justice has endorsed the bill but says under certain circumstances, terrorism suspects will be allowed to make the purchase if tipping them off could hamper intelligence gathering and drive suspects underground. Some critics fear the law is a fundamental violation of due process and a continued assault on 2nd Amendment rights.
April 24 the Senate Committee on Homeland Security and Government Affairs had its first hearing on campus security since the Virginia Tech massacre last week. Appearing before the committee was Steven Healy, Princeton's director of security, president of the International Association of Campus Law Enforcement Administrators, and a member of ASIS's Educational Institutions Council. During his testimony, Healy remarked "We must balance the openness that is the hallmark of the American system of higher education with the need to protect students, faculty, staff, and visitors." He ensured the American people that "vigorous efforts are underway to develop and implement best practices in campus public safety."
You can find the rest of the statements and testimonies here.
The House Education and Labor Committee’s Subcommittee on Health, Employment, Labor, and Pensions held a hearing on H.R. 493, a bill that would outlaw genetic discrimination. The bill would prohibit health insurance providers from denying coverage or charging higher premiums based on a genetic predisposition to develop a disease.
A bill (S. 184) introduced by Sen. Daniel Inouye (D-HI) would increase security requirements for freight and passenger rail systems has been approved by the Senate Commerce, Science, and Transportation Committee. The measure is now pending in the Senate.
A bill (H.R. 143) introduced by Rep. Gene Green (D-TX) would allow the government to provide direct assistance to the private sector in an emergency. The measure would allow disaster aid to private companies that operate critical energy infrastructure, including refineries. Federal assistance could include recovery of equipment, access to water, power, or other raw materials, and transportation and housing for critical employees.
A bill (H.R. 257) introduced by Rep. Sheila Jackson-Lee (D-TX) would require that all hospitals that receive reimbursements under Medicare implement security procedures to reduce infant abduction. These security measures would include procedures for identifying all infants that would help hospitals know when an infant was missing.
A bill (S. 201) introduced by Sen. Hillary Rodham Clinton (D-NY) would establish grants of $1.9 million to provide medical and mental health monitoring, tracking, and treatment to individuals whose health has been directly impacted as a result of the 9-11 attacks. The grants would cover firefighters, police officers, paramedics, volunteers, residents, students, and any other individual whose health deteriorated as a result of the attacks.
A panel has issued to the Senate Armed Services Committee the second of three reports on the state of the national guard. It finds the guard stretched thin given the multiple missions it is being asked to fill and ill-equipped to respond to the next disaster.
The House Energy and Commerce Committee’s Subcommittee on Oversight and Investigations held a hearing on the safety of the U.S. drug supply.
The Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF) is expanding its involvement in helping the military in Iraq in dealing with Improvised Explosive Devices (IEDs)
Thirty-six U.S. Senators have now signed a letter to President Bush objecting to a provision in S. 4, the 9/11 Commission Recommendations bill, which would call for mandatory collective bargaining for airport security workers.
The Federal Trade Commission has issued its report to Congress on the first five years of theChildren’s Online Privacy Protection Act (COPPA). If says that it has been effective but cites concerns about the lack of age-verification technology and the fact that children are migrating to general sites (not specifically for children), such as social-networking sites.
The House Appropriations Committee’s Subcommitee on Homeland Security held a hearing on the status of the U.S. VISIT program, a system that recording information on the movements of all noncitizens into and out of the United States.
Hawaii’s high court has ruled that a company wrongfully fired an employee based solely on his prior criminal record. The court said that the conviction must have a relationship to the job.
Maine’s high court has ruled that a company did not discriminate against a security guard when it refused to allow him to carry a firearm. The company decided not to arm the guard after several psychological evaluations. Reports on the evaluations noted that the guard was aggressive and short-tempered.
An Illinois appeals court has ruled that a patient whose private information was revealed at a tavern by a hospital employee can sue that hospital for invasion of privacy. The privacy obligation applied at all times and in all places.
The Department of the Treasury, along with several other agencies, has issued a proposed rule that will require financial institutions and creditors to establish a program to reduce identity theft. Under the proposed rule, financial institutions and creditors must develop policies and procedures to prevent identity theft from occurring. The program, according to the proposed rule, must be appropriate to the size and complexity of the company and must take into account the nature and scope of its activities. Those companies falling under the regulation would have to identify red flags that are relevant to detecting possible identity theft; verify the identity of people opening accounts; mitigate the risk of identity theft commensurate with the degree of risk posed; and devise training programs for employees. @ To read the entire proposed rule, visit SM Online.
The Nuclear Regulatory Commission (NRC) has issued a proposed rule requiring that nuclear facilities conduct risk assessments, implement training exercises, and enhance security programs. Under the proposed rule, nuclear facilities would be required to conduct risk assessments to ensure that plant activities are consistent with safety and security. Nuclear facilities would also be required to conduct scenario training exercises with security personnel. @ The full text of the rule is available at SM Online.
Airport security. The Transportation Security Administration (TSA) has pushed back two deadlines for conducting background checks on workers who handle air cargo. The original deadline to screen all such workers was December 1, 2006. However, the deadline has now been extended to March 15, 2007 for the staff of U.S. aircraft operators and foreign air carriers. An even later deadline—June 15, 2007—has been set for employees of indirect air carriers. These are companies that contract with air carriers to perform a security-related service such as storing cargo or moving it from a warehouse to the airport. @ To read the regulation establishing these new deadlines, visit SM Online.
The Nuclear Regulatory Commission (NRC) has issued a final rule requiring that those who have access to nuclear safeguards information—defined as sensitive, unclassified, security-related data—be fingerprinted and undergo an FBI criminal records check. Under the rule, those who have completed a background check within the past five years or who have an active security clearance need not be rescreened at this time. The fingerprinting requirement is required under the Energy Policy Act of 2005, and is effective immediately. The NRC is currently working on a more comprehensive rule addressing the other issues set out in the act. The upcoming rule will address issues such as security precautions to preserve the integrity of safeguard information and how often employees must be rescreened. @ Full text of the rule is at SM Onilne.
Soon after convening in January, the House of Representatives approved H.R. 1, a bill that would implement the recommendations of the 9/11 Commission that were not enacted in the prior Congress. While the 9/11 Commission had much support, concerns about the costs and practical challenges of implementing all of its recommendations remain. For that reason, this bill is not expected to sail as expeditiously to passage in the Senate.
The House Energy & Commerce Committee's Subcommittee on Oversight and Investigations held a hearing yesterday on information security practices at Los Alamos National Laboratory.
The House Education and Labor Committee's Subcommittee on Health, Employment, Labor, and Pensions held a hearing yesterday to discuss protecting workers from genetic discrimination.
Transportation Security Issues. Two Senate hearings being held today will focus on transportation security issues. The first, held by the Senate Banking, Housing, and Urban Affairs Committee will deal with transit security issues. The second, which will address federal efforts to enhance rail and surface transportation security, will be held by the Senate Commerce, Science, and Transportation Committee.
The Department of Homeland Security (DHS) has announced that it will require those municipalities that have grants from the department to have interoperable communications systems implemented by the end of 2007. All state agencies must have such systems by the end of 2008. The department plans to work with municipalities to define interoperability issues and determine the appropriate funding level for implementing the communications systems. @ The DHS announcement is available via Security Management Online.
A woman sued a casino operator for false arrest and false imprisonment after she was ejected for picking up a dropped slot-machine token. A U.S. district court upheld the awarding of large punitive damages because the security staff’s conduct was deemed egregious.
A medical testing company was sued by a former employee for religious discrimination, because it wanted him to work Saturday, his Sabbath. The court ruled in the company’s favor, finding no religious discrimination.
A male assistant manager at a truck stop filed charges of sexual harassment when the company responded to his complaint by forcing him to move to another location 120 miles away; the courts ruled that it constituted an adverse action.
Background Checks.Continuing with a trend that began several years ago, many states are requiring that criminal background checks be conducted on individuals in certain jobs, such as in childcare or healthcare settings.
Most frequently, states passed laws requiring background checks on those who care for children. For example, in Hawaii, employees, prospective employees, and volunteers who work with youth must undergo criminal records checks before they can begin work. Similarly, Tennessee passed a law requiring background checks on childcare workers as well as contractors who provide transportation services to childcare companies.
A new Utah law opens up juvenile criminal records in certain cases. It would require background checks—although no fingerprinting—for anyone age 12 through 17 who resides in a home in which foster children are to be placed. A Maryland law requires that private schools conduct background checks on anyone having contact with students, and it prohibits such schools from hiring anyone with a background of sexual assault or violence. Virginia approved a bill requiring the same for public school contract employees.
Virginia lawmakers also approved a provision requiring that any company or organization that provides care to children, the elderly, or the disabled perform criminal background checks on all employees and volunteers. A Georgia law requires the same measures but specifies that youth sports organizations and other groups that sponsor youth activities must conduct the checks.
In Michigan, lawmakers approved a bill that would require adult foster-care facilities to perform background checks on its employees and require the same from its contractors. Those applicants who have been convicted of certain felonies, including those involving cruelty, criminal sexual conduct, abuse, neglect, or misuse of prescription drugs, may not be hired. A similar Michigan law requires the same of organizations providing care for the mentally retarded.
A Hawaii law requires background checks on employees of companies that provide adult nursing care, services for the mentally retarded, hospitals, rural health centers, and rehabilitation agencies. These companies must also conduct checks on all volunteers, service providers, and others who might be in contact with patients.
Virginia has passed a law requiring all companies that employ workers who must enter the homes of customers to conduct background checks on these employees. New York has passed a law requiring that flight schools administer criminal background checks on all applicants. Under the law, applicants must be cleared by the state criminal justice division before they may begin training.
In Virginia, shipyard facilities must screen employers and contractors.
Alaskan lawmakers approved a bill requiring background checks for explosives handlers. In West Virginia, a new law requires background screening of homeland security and emergency service personnel. A new law in Utah requires screening of those who provide ground transportation to airports.

Computer Security. Numerous states have created laws that require companies to notify consumers in the event of an electronic security breach. The laws include exceptions when the notification would be extremely costly, though the figures differ by state. In Vermont, the amount is $5,000, while in Washington state it is $250,000. And, the laws do not require disclosure if misuse of the data is unlikely to occur. In addition to Vermont and Washington, such laws were passed in Arizona, Hawaii, Indiana, Minnesota,New Hampshire, North Dakota, and Texas.
Three states created the specific crime of phishing in their legislative sessions. (In phishing, scammers send e-mails falsely claiming to be a legitimate enterprise in an attempt to obtain private information from the user.) An Oklahoma law makes phishing illegal and allows Internet service providers (ISPs) to bring civil actions. ISPs may recover actual damages or up to $100,000 for each violation. A Rhode Island law provides that consumers can sue for damages of up to $500 per violation and ISPs can recover actual damages or up to $5,000 in damages. A new Connecticut law allows anyone harmed by phishing to sue the sender for actual damages or $25,000, whichever is greater.
Rhode Island has addressed another aspect of computer crime, amending an existing law that made it a crime to seize a computer, software, or information with the intent to deprive the owner of possession of those items. The new law no longer requires the element of intent for the act to be a crime, thus increasing the scope of the law.
A Kansas law makes it a felony for anyone without authorization to knowingly possess or use a scanning device to access, read, obtain, memorize, or store information encoded on a credit or debit card.
Defibrillators.Two states, New Jersey and Michigan, approved almost identical laws requiring that health clubs purchase and install automated external defibrillators. The measures also require that at least one person be on duty at all times who is trained to use the device. The laws provide for fines of $500 to $1,000 for those health clubs that fail to comply.

Employment.A new law in Washington prohibits discrimination based on sexual orientation. Under the new law, an employer may not refuse to hire someone because of sexual orientation or make any hiring inquiry about it. A company also may not discharge someone or discriminate in compensation based on sexual orientation. The new designation allows employees who feel that they have been discriminated against to sue their employers for back pay, reinstatement, and emotional distress.
In West Virginia , a new law provides employers with immunity in disclosing information about former employees. Immunity is waived, however, in cases where the former employer gave information that was knowingly false, disclosed with reckless disregard for the truth, deliberately misleading, or malicious.
A New Jersey law will protect employees from intimidation over religious and political matters. The law makes it illegal for employers to require that workers attend meetings or participate in communication about political or religious issues. The law is intended to combat the practice of holding mandatory meetings to discuss religion or express support for a political candidate or point of view. The law also protects employees from retaliation if they raise concerns about an activity that might violate the law.
Employers may continue to hold captive-audience meetings to express their views on unions. Also, religious and political groups are exempted under the law so long as the meetings or communication pertains to the regular work of the organization. Under the law, violators are liable for civil fines of up to $1,000 for a first offense and up to $5,000 for subsequent offenses. Employees can get restraining orders against violating companies as well as reinstatement, lost wages, and punitive damages.
A new law in South Carolina requires employers who terminate employees for failing drug tests to prove that they followed certain procedures before these employees can be disqualified from receiving unemployment benefits. Employees may not receive benefits if they fail or refuse to provide a specimen or provide a specimen that has been tampered with.

If a drug test is positive, employers must prove that the sample was collected and labeled by an authorized individual, such as a licensed healthcare provider. The test must have been performed by a certified laboratory, and the initial positive test must have been confirmed using a nationally accepted method.
Homeland Security. A new Missouri law requires that the state set up a vaccination program for first responders who will be deployed to disaster areas as a result of bioterrorism. Participation in the program is voluntary except for those first responders identified by their employers as personnel who cannot safely perform their emergency duties without the vaccinations. A new Michigan law requires the state to establish and maintain a pandemic flu contingency plan. A Wyoming measure creates a task force to study biosecurity issues.
Some states have created new crimes related to terrorism. For example, in Illinois, lawmakers defined endangering the food or water supply as acts of terrorism, while a Pennsylvania law makes tampering with or destroying crops a crime of ecoterrorism.
Other states addressed communications systems for first responders. For example, a new California law requires that state officials provide an annual report to lawmakers on the state’s interoperable public-safety communications network. Prior law required that such a system be established using federally specified frequencies to ensure that first responders could communicate during an emergency. The report required under this new law will serve as a strategic plan and will include timelines for completion. A Nevada law requires that the state set standards for interoperable communications systems with an emphasis on public safety radio systems.
A new Oklahoma law requires that cities and towns throughout the state develop evacuation plans. The plans must include instructions on how to evacuate all citizens in the case of a disaster and must be reviewed annually. The evacuation plans will include risk assessments, training of personnel, and annual exercises. Each town will be required to maintain an office of emergency management, which will be responsible for communications, warnings, and damage assessments. Town citizens will be given a copy of the plan.
Identity theft.In numerous states, lawmakers have addressed identity theft. In most cases, they are amending earlier laws, refining the state’s role in curbing identity theft, or enhancing criminal penalties for those convicted of committing such crimes.
Security freeze. Many states are allowing victims of identity theft to place a security freeze, also called a credit freeze, on their financial records so that no more damage can be done by identity thieves while the victim is sorting out the problem. For example, in New Jersey, a new law allows consumers to request a security freeze. This prohibits consumer reporting agencies from releasing any information about the consumer without express written permission. The agency may, however, report to third parties—such as someone applying for credit in the victim’s name—that a security freeze is in place. Similar laws were approved in Florida,Hawaii, and South Dakota.
A New Hampshire law requires that consumer reporting agencies allow victims of identity theft to place a security freeze free of charge. However, it allows any resident, even if they have not been a victim of theft, to place a security freeze on his or her information for a fee of no more than $10. A similar law was passed in Vermont.
A new North Carolina law allows victims of identity theft to put a freeze on their credit with national credit bureaus, making it impossible for criminals to apply for credit in their names. Another provision of the new law controls how Social Security numbers are collected and distributed by business and government agencies in the state.
Penalties. Several states have increased identity theft penalties for those who victimize the elderly or people with disabilities. For example, in Nevada, the crime of identity theft is a category C felony and is punishable by a minimum of one year in prison. If the crime is committed against a disabled person or anyone older than 60 years of age, it is considered a category A felony and merits a minimum of three years in prison. Similar measures have been passed in Louisiana, Ohio, and in the state of Washington.
Passports. Lawmakers in Delaware,Maryland, Iowa ,Nevada, and Ohio established what they call “identity theft passports.” The passports, which are approved by law enforcement and issued by the state government, document the identity theft perpetrated against a victim. The victim may then use the passport to prevent arrest for an offense committed by another person or to aid creditors in clearing a victim’s financial records.
Security provisions. A new law in Rhode Island contains provisions for placing a security freeze on a consumer account. The law also requires that any business that owns or licenses computerized, unencrypted information on customers implement and maintain reasonable security measures. These measures should be sufficient to protect the personal information from unauthorized access, destruction, use, modification, or disclosure.
A new Minnesota law provides for computer security, in addition to setting up an identity theft passport and establishing provisions for victims to put a security freeze on their accounts. The law makes it illegal to sell, obtain, disclose, or receive an individual’s telephone records without the permission of the individual. It also establishes security standards for telecom companies and requires that those companies report any data breaches.
In addition to prohibiting the sale or disclosure of an individual’s Social Security number (SSN), the law prohibits businesses from using an SSN as a person’s identifier within that business. Exceptions are provided in situations where an SSN is required, such as to access tax information or obtain a credit report.
Another part of the law would reverse the state’s data privacy policy. Currently, information is available to the public unless specifically prohibited from disclosure by law. Under the new proposal, the opposite would be true—all information would be kept private unless specifically designated, by law, to be released to the public.
Information Brokers.Several states passed laws to make it illegal for information brokers to obtain information by pretending to be the consumer or someone else with legal access to the data—a practice known as pretexting. Laws in Florida, Georgia, Oklahoma, and Maryland would make pretexting to obtain telephone records illegal. A new statute in Utah would make pretexting illegal pertaining to any sensitive personal-identifying information.
Physical Security. A new law passed in Virginia requires that landlords install new locks or security devices on apartments rented by tenants who have a restraining order against a cotenant. The tenant must present a copy of the restraining order to the landlord. The landlord must then install a new lock or other security devices on the exterior doors of the unit at the landlord’s cost or allow the tenant to install such devices at his or her cost. The new device may not cause permanent damage to any part of the building, and the landlord must be given duplicate keys or instructions on how to use the new security devices. Under the new law, the landlord may not provide keys or information to the person named on the restraining order.
A new Florida law requires that all alarm monitoring companies attempt to contact property owners on two different numbers before calling for police assistance. The law, designed to help reduce the number of false alarms, is the first state law of its kind in the country, though numerous municipalities have already enacted similar provisions.
School Safety. Several states have addressed school safety by requiring schools to adopt antibullying statutes. A new law in Alaska requires that all schools enact policies that prohibit bullying, harassment, and intimidation. A similar law was approved in South Carolina. In Illinois, a new law requires that school districts instruct students on bullying prevention in all grades.
Other states are enacting or modifying plans to protect students during an emergency. For example, in Virginia, lawmakers have required that schools develop a medical emergency response plan as part of the existing crisis and emergency management plan. An Ohio law requires private schools to develop school safety plans and conduct emergency drills.
Surveillance. new Wyoming law makes it a felony to intentionally and surreptitiously record images of people in an enclosed area where they have an expectation of privacy such as a bathroom, shower, or dressing room. Under the law, those who wish to record dressing rooms for security purposes, for example, must clearly post their intentions or get the consent of the person being viewed.

A similar law approved in Maryland sets out the places in which consumers can expect privacy, including offices, businesses, stores, recreational facilities, restaurants, hotels, theaters, schools, banks, and daycare facilities. The Maryland bill further provides exceptions for covert surveillance conducted expressly to prevent crime
The House of Representatives has passed a bill that would implement some of the remaining recommendations of the 9/11 Commission. The measure passed the house 299 to 128.
The Pandemic and All-Hazards Preparedness Act (S. 3678) has passed both houses of Congress and awaits the President's signature. It moves responsibility for medical emergency response from DHS to HHS. See FCW coverage

New York Times reports that the President is expected to approve a bill (H.R. 4709) that will make it illegal to use false staements to obtain confidential phone records from a telecommunications carrier or IP service provider. The bill also prohibits accessing customer accounts through the Internet or other computer-related activities.
The President has signed a new law (P.L. 109-374)that will make it illegal for anyone to conspire or attempt to damage or interfere with the operations of an animal enterprise. It is already illegal to damage or destroy property. Under the new law, an animal enterprise is defined as a group that uses or sells animals or animal products for profit or educational purposes.
A South Carolina court has ruled that an employer could not be held liable for failure to conduct a background check on an employee who later stole from a company client.
A club owner may be held liable for failing to protect two patrons who were attacked outside as they left the premises.
A port security bill (H.R. 4954) was signed into law by President Bush becoming P.L. 109-347. The law requires that the Department of Homeland Security (DHS) develop and implement a strategic plan to enhance maritime security. The measure also requires that DHS develop and implement a plan to improve existing programs that identify high-risk containers moving through the international supply chain. The law further requires that states submit to the federal government biographic information on current and future employees who have access to secured areas of seaports. DHS will compare this information to data on terrorist watch lists. In addition, under the new law, DHS must establish minimum standards and verification procedures for securing containers in transit, including international standards for containers moving through the global supply chain. DHS must submit a plan to Congress for deployment of radiation detection equipment at all U.S. ports.
Reacting to the disaster at the Sago Mines in West Virginia, lawmakers passed a bill (S. 2803) designed to improve mine safety and protect the health of mine workers. It became P.L. 109-236. The law requires that mine operators adopt and maintain an accident response plan for when miners are trapped. Under the law, the plan must include redundant local communications systems, emergency air supplies, escapeways, emergency training, and wireless communications systems to allow contact between trapped miners and officials on the surface. To encourage new technology, the bill provides grants for those developing new mine safety equipment. The law also establishes an interagency working group to share technology, research, and developments in mine safety and emergency response.
The Terrorism Risk Insurance Act of 2002 (TRIA), which authorized a government program that kept business insurance for terrorist attacks affordable, would have expired in 2005. It was extended for three more years by this Congress, becoming the Terrorism Risk Insurance Act of 2005 (P.L. 190-144). This version of TRIA keeps the program in place through 2008 while a commission develops a transitional system to take its place. Without the TRIA, proponents of the bill argued, terrorism insurance would have become unaffordable for most businesses.
A bill (S. 306) introduced by Senator Olympia Snowe (R-ME) that would prohibit genetic discrimination by employers and insurance providers was approved by the Senate but was not taken up by the House of Representatives. The bill would have made it illegal for health insurance providers or group health plans to use genetic information as a factor in providing service or establishing premiums. The measure would also have prohibited a health insurance provider from requesting or requiring that an individual—or his or her family member—undergo a genetic test. Similarly, S. 306 would have make it illegal for an employer to segregate or classify employees on the basis of genetic information, deprive them of employment opportunities, or otherwise adversely affect them. Under the bill, employees would be prohibited from requesting, requiring, or purchasing an employee’s genetic information. The measure did make exceptions in certain instances, such as when information is required to comply with the Family and Medical Leave Act or when it is necessary for genetic monitoring of the biological effects of toxic substances in the workplace.
A bill (S. 378) introduced by Sen. Joseph Biden (D-DE) that would have created several new seaport security crimes was approved by the Senate Judiciary Committee but was never brought before the full Senate. The bill would have made it a crime to enter a secure area of a seaport under false pretenses, forcibly interfere with an authorized law enforcement action, provide false information during a boarding, or willfully disable a passenger vehicle. The measure would also have created the crime of knowingly and intentionally placing a device aboard a vessel that is likely to damage or destroy the vessel; discharge or release any substance that would endanger human welfare or the marine environment; or transport any explosive, biological, chemical, or nuclear material to be used to commit terrorism. Under S. 378, it would have been illegal to knowingly transport a terrorist or terror suspect aboard a vessel or willfully cause destruction of a vessel or maritime facility. The bill would also have increased penalties for stowaways on vessels or aircraft.
A bill (H.R. 744) that would have prohibited the use of spyware passed the House of Representatives but stalled after being referred to the Senate Judiciary Committee. The bill would have prohibited intentionally copying a program onto a computer to commit a crime or to obtain or transmit personal information with the intent to defraud or injure another person or to cause damage to another’s computer. The bill would have provided exemptions for investigations by a law enforcement agency or a U.S. intelligence agency. The bill did not include an exemption for private security investigations.
Though it received much attention from lawmakers, a bill (S. 494) that would have protected federal employees who disclosed information about government wrongdoing stalled. It was approved by the Senate Homeland Security and Government Affairs Committee but was never considered by the full Senate. The bill would have prevented reprisals against government workers who publicly released information regarding waste, abuse, or gross mismanagement in the federal government. Such abuses in relation to secret national defense information could have been disclosed to a member of Congress.
The issue of first-responder preparedness received a great deal of attention from lawmakers after Hurricane Katrina, and a bill (H.R. 1544) that would have changed the way that first-responder funds were allocated to state and local governments was approved by the House of Representatives, but was not taken up by the Senate. The bill would have required that the government dole out first-responder funds based on risk. This differed from the current funding scheme which follows an equal-distribution approach, with all jurisdictions receiving funding even if those funds are not needed. The bill was designed to provide more funding for metropolitan areas that face greater risks of terrorist attack and less for rural areas.
A bill (H.R. 739) that would have allowed employers more latitude in disputes with the Occupational Safety and Health Administration (OSHA) was approved by the House of Representatives but was never taken up by the Senate Health, Education, Labor, and Pensions Committee. The legislation would have allowed employees more time to contest safety violations. Currently, employers have 15 days to contest safety violations. The bill would allow employees to exceed that 15-day time limit if the failure to contest results from “mistake, inadvertence, surprise, or excusable neglect.” H.R. 739 would also have allowed employers with 100 or fewer employees and a net worth of $7 million or less to collect attorney’s fees if they prevailed in a dispute with OSHA.
A bill (H.R. 4127) that would have required that companies protect the personal information of customers was approved by the House Energy and Commerce Committee, the House Judiciary Committee, and the House Financial Services Committee. However, the bill was not brought before the House of Representatives.H.R. 4127 would have required that any company that holds or transmits individuals’ personal information establish security to protect that information. The bill would also have required that information brokers set up reasonable procedures to verify the accuracy of information they collect, assemble, or maintain. H.R. 4127 would have prohibited information brokers from obtaining or attempting to obtain personal information through false pretenses. The bill defined false pretenses as making false statements or representations or providing counterfeit, lost, stolen, or fraudulently obtained documents.
A bill (H.R. 4157) to improve the coordination and protection of health information was approved by the House of Representatives but failed to come before the Senate for a vote. Under the measure, the Secretary of Health and Human Services would have developed a strategic plan to coordinate information regarding the implementation of standards for transmitting, coding, and protecting consumer health information.
A port security bill (H.R. 4954) has been approved by both the House of Representatives and the Senate and signed into law by President Bush.
The law requires that the Department of Homeland Security (DHS) develop and implement a strategic plan to enhance maritime security. The measure also requires that DHS develop and implement a plan to improve existing programs that identify high-risk containers moving through the international supply chain.
H.R. 4954 requires that states submit to the federal government biographic information on current and future employees who have access to secured areas of seaports. The DHS will compare this information to data on terrorist watch lists.
The measure also requires that DHS establish minimum standards and verification procedures for securing containers in transit, including international standards for containers moving through the global supply chain. DHS would also submit a plan to Congress for deployment of radiation detection equipment at all U.S. ports.
A bill (H.R. 5351) introduced by Rep. David Reichert (R-WA) would establish a Directorate of Emergency Management within the Department of Homeland Security (DHS). The bill has been approved by the House Homeland Security Committee. However, it is still under consideration in the House Transportation and Infrastructure Committee and the House Energy and Commerce Committee.
The bill would also require that the secretary of the DHS update, revise, or replace emergency preparedness information for state local, and tribal governments around the country. The bill would require that DHS establish an advisory council on emergency responders, an education program on homeland security, an equipment program, an integrated national public alert and warning system, and a Gulf Coast long-term recovery office.
A bill (H.R. 5351) introduced by Rep. David Reichert (R-WA) would establish a Directorate of Emergency Management within the Department of Homeland Security (DHS). The bill has been approved by the House Homeland Security Committee. However, it is still under consideration in the House Transportation and Infrastructure Committee and the House Energy and Commerce Committee.
The bill would also require that the secretary of the DHS update, revise, or replace emergency preparedness information for state local, and tribal governments around the country. The bill would require that DHS establish an advisory council on emergency responders, an education program on homeland security, an equipment program, an integrated national public alert and warning system, and a Gulf Coast long-term recovery office.
A bill (S. 2803) designed to improve mine safety and protect the health of mine workers has been approved by both houses of Congress and is awaiting the President’s signature. The bill would require mine operators to adopt and maintain an accident response plan for when miners are trapped. Under the bill, the plan would include redundant local communications systems, emergency air supplies, escapeways, emergency training, and wireless communication systems to allow contact between trapped miners and officials on the surface. To encourage new technology, the bill would provide grants for those developing new mine safety equipment. S. 2803 would also establish an interagency working group to share technology, research, and developments in mine safety and emergency response.
Two cargo security bills (S. 2459 and H.R. 4954) are pending in Congress. The two are companion bills. Lawmakers are expected to merge the two into a single bill. S. 2459, the GreenLane Maritime Cargo Security Act, has been approved by the Senate Homeland Security and Governmental Affairs Committee and has been taken up by the Senate. The bill would establish a program to certify all supply chain participants to increase security. The bill would also set minimum security standards for all cargo containers entering the United States and create a joint operations center to coordinate maritime commerce at a federal level. H.R. 4954, also referred to as the Security and Accountability for Every Port Act, or the SAFE Port Act, has been approved by the House and has now been taken up by the Senate. The bill would establish security standards for cargo containers and require nuclear and radiological detection screening at all U.S. seaports. The bill would also provide an extra $400 million annually in port security grants.
A bill (H.R. 4127) that would require that companies protect the personal information of customers has been approved by the House Energy and Commerce Committee, the House Judiciary Committee, and the House Financial Services Committee. The bill has now been taken up by the full House. H.R. 4127 would require that any company that holds or transmits individuals’ personal information establish security to protect that information. The bill would also require that information brokers set up reasonable procedures to verify the accuracy of information they collect, assemble, or maintain. H.R. 4127 prohibits information brokers from obtaining or attempting to obtain personal information through false pretenses. The bill defines false pretenses as making false statements or representations or providing counterfeit, lost, stolen, or fraudulently obtained documents.
A bill (S. 2668) introduced by Sen. David Vitter (R-LA) would require that companies incorporate RFID tagging technology, tamper-indicating technologies, and security packaging into all prescription drugs. These technologies would be used only to authenticate the integrity of the drugs and would not be used to transmit any identifying information about healthcare practitioners, consumers, or advertisers. S. 2668 has no cosponsors and has been referred to the Senate Health, Education, Labor, and Pensions Committee.
A port security bill (H.R. 4954) has been approved by the House of Representatives. The Senate has placed the measure on its calendar, meaning that it will consider the bill. The bill, which will cost $7.4 billion, was approved by the House of Representatives with most of its original provisions intact. One contentious amendment that would have required that all cargo bound for the United States be screened before leaving foreign ports was voted down by lawmakers. If approved, the bill would require that the Department of Homeland Security (DHS) develop and implement a strategic plan to enhance maritime security. The measure would also require that DHS develop and implement a plan to improve existing programs that identify high-risk containers moving through the international supply chain. H.R. 4954 would require that states submit to the federal government biographic information on current and future employees who have access to secured areas of seaports. DHS would compare this information to data contained in terrorist watch lists. The measure would additionally require that DHS establish minimum standards and verification procedures for securing containers in transit, including international standards for containers moving through the global supply chain. DHS would also submit a plan to Congress for deployment of radiation detection equipment at all U.S. ports.
A bill (formerly H.R. 32) that would prohibit trafficking in labels or similar packaging, with knowledge that a counterfeit mark has been applied to them, has been signed into law (P.L. 109-181).Under the new law, the definition of “counterfeit mark” includes any mark on a label or packaging that is substantially indistinguishable from a trademarked design, and that is likely to mislead consumers. Any article that bears a counterfeit mark will be subject to forfeiture.
A bill (S. 2631) introduced by Sen. Charles Schumer (D-NY) would prohibit the production, transfer, possession, and use of false travel documents. The bill has no cosponsors and has been referred to the Senate Judiciary Committee.
A bill (H.R. 4439) that would overhaul the Transportation Security Administration (TSA) to increase aviation security has been approved by the House Homeland Security Committee’s Subcommittee on Economic Security, Infrastructure Protection, and Cybersecurity. The bill must now be taken up by the full committee to proceed. The bill would require that the TSA reorganize to focus resources on areas that are at greatest risk of terrorist attack and would mandate that the TSA create a program to instantaneously prescreen all international passengers traveling to the United States. The bill would also allow state and local governments to compete with federal contractors to provide airport security. Under the bill, the TSA would be required to create new training standards to help those who check documents to recognize fraudulent identification. Under the measure, the government would create an independent agency within the TSA to focus on airline passenger and baggage screening.
A bill (H.R. 4765) introduced by Rep. Anthony D. Weiner (D-NY) would require the government to designate an area at high risk for a terrorist attack as a high-threat helicopter-flight area. The government would screen all passengers and property transported from a high-threat flight area to a standard passenger helicopter. The screening would be equivalent to that provided for passengers and property carried aboard a domestic passenger aircraft. The bill would also require that the government develop a plan to conduct the screening, including acquiring equipment and hiring and training personnel. H.R. 4765 has no cosponsors and has been referred to the House Homeland Security Committee and the House Transportation and Infrastructure Committee.
A port security bill (H.R. 4954) has been approved by the House of Representatives. The Senate has placed the measure on its calendar, meaning that it will consider the bill. The bill, which will cost $7.4 billion, was approved by the House of Representatives with most of its original provisions intact. One contentious amendment that would have required that all cargo bound for the United States be screened before leaving foreign ports was voted down by lawmakers. If approved, the bill would require that the Department of Homeland Security (DHS) develop and implement a strategic plan to enhance maritime security. The measure would also require that DHS develop and implement a plan to improve existing programs that identify high-risk containers moving through the international supply chain. H.R. 4954 would require that states submit to the federal government biographic information on current and future employees who have access to secured areas of seaports. DHS would compare this information to data contained in terrorist watch lists. The measure would additionally require that DHS establish minimum standards and verification procedures for securing containers in transit, including international standards for containers moving through the global supply chain. DHS would also submit a plan to Congress for deployment of radiation detection equipment at all U.S. ports.
A bill (formerly H.R. 32) that would prohibit trafficking in labels or similar packaging, with knowledge that a counterfeit mark has been applied to them, has been signed into law (P.L. 109-181). Under the new law, the definition of “counterfeit mark” includes any mark on a label or packaging that is substantially indistinguishable from a trademarked design, and that is likely to mislead consumers. Any article that bears a counterfeit mark will be subject to forfeiture.
A bill (S. 2631) introduced by Sen. Charles Schumer (D-NY) would prohibit the production, transfer, possession, and use of false travel documents. The bill has no cosponsors and has been referred to the Senate Judiciary Committee.
A bill (H.R. 4439) that would overhaul the Transportation Security Administration (TSA) to increase aviation security has been approved by the House Homeland Security Committee’s Subcommittee on Economic Security, Infrastructure Protection, and Cybersecurity. The bill must now be taken up by the full committee to proceed. The bill would require that the TSA reorganize to focus resources on areas that are at greatest risk of terrorist attack and would mandate that the TSA create a program to instantaneously prescreen all international passengers traveling to the United States. The bill would also allow state and local governments to compete with federal contractors to provide airport security. Under the bill, the TSA would be required to create new training standards to help those who check documents to recognize fraudulent identification. Under the measure, the government would create an independent agency within the TSA to focus on airline passenger and baggage screening.
A bill (H.R. 4765) introduced by Rep. Anthony D. Weiner (D-NY) would require the government to designate an area at high risk for a terrorist attack as a high-threat helicopter-flight area. The government would screen all passengers and property transported from a high-threat flight area to a standard passenger helicopter. The screening would be equivalent to that provided for passengers and property carried aboard a domestic passenger aircraft. The bill would also require that the government develop a plan to conduct the screening, including acquiring equipment and hiring and training personnel. H.R. 4765 has no cosponsors and has been referred to the House Homeland Security Committee and the House Transportation and Infrastructure Committee.
A port security bill (H.R. 4954) introduced by Rep. Daniel Lungren (R-CA) has been approved by the House Homeland Security Committee’s Subcommittee on Economic Security, Infrastructure Protection, and Cybersecurity
The Texas Supreme Court has ruled that a grocery store cannot be held liable for malicious prosecution of a patron because the employees who accused the patron of theft were acting honestly.
A California court has ruled that a contract security guard company can be held liable for failing to fulfill its contract.
A federal appeals court has ruled that, under the ADA, an employee need only request accommodation to trigger an employer’s obligation to provide appropriate accommodation.
A bill (S. 2389) introduced by Sen. George Allen (R-VA) that would make it illegal to solicit, acquire, or sell another person’s confidential telephone records without that person’s consent has been approved by the Senate Commerce, Science, and Transportation Committee.
A similar provision (S. 2178) has been approved by the Senate Judiciary Committee. S. 2178 would prohibit obtaining confidential phone records by fraud or any other unauthorized means from a telecommunications carrier or IP-enabled service provider. Under the measure, the sale of such records by anyone would be punishable by up to five years in prison. The penalty doubles for repeat violations within a 12-month period and for violations involving more than $100,000 or more than 50 customers. Law enforcement activities are exempt.
A bill (H.R. 4899) introduced by Rep. Jerrold Nadler (D-NY) would require that all cargo containers bound for the United States be scanned using the best-available technology—including radiation and density scanning—before they are loaded onto a ship. These scans would then be reviewed by U.S. security personnel before the container is loaded. Once scanned, the containers would be sealed with a device that would indicate whether the container has been tampered with in transit. Under the bill, this device would have to have the capability to notify officials if a breach has occurred before the container enters a U.S. port.
A bill (H.R. 3170) introduced by Rep. Steve King (R-IA) would establish an electronic livestock-identification system capable of tracing all U.S. livestock from the time animals are moved from their original premises to the time of slaughter. (Under the bill, livestock is defined as cattle, swine, sheep, goats, and poultry.) All records would be available within 48 hours of an animal’s relocation. The system would also track all relevant livestock information including identification number, species, and date of birth. The tracking system would be maintained in a centralized livestock data system.
A bill (H.R. 4877) introduced by Rep. Heather Wilson (R-NM) would require that the Attorney General conduct a study on how private entities and state and local governments store explosive material that has been shipped via interstate commerce. After completing the study, the government would establish regulations for minimum security standards required for the safe and secure storage of such materials. Violation of the regulations would be punishable by a fine of $500 per pound of explosives.
A bill (H.R. 4353) introduced by Rep. Christopher Shays (R-CT) would require that all passengers flying on aircraft that is also carrying uninspected cargo be notified by DHS. The passengers would be told that the aircraft’s cargo has not been screened for explosives or other hazardous materials.
An appeals court rules that an airline employee subjected to a mock arrest as a workplace prank may not sue the airline.
An employee may not claim harassment against her employer, because the company took action to respond to her complaints, rules the Third Circuit Court of Appeals.
Several bills that would prohibit the sale of telephone records to third parties have been approved by congressional committees. Though the bills vary slightly in detail, they all would impose stiff penalties on violators. The Senate Judiciary Committee has approved S. 2178, which would prohibit obtaining confidential phone records by fraud or any other unauthorized means from a telecommunications carrier or IP-enabled service provider. Under the measure, the sale of such records by anyone is punishable by up to five years in prison. The penalty doubles for repeat violations within a 12-month period, and for violations involving more than $100,000 or more than 50 customers. Law enforcement activities are exempt under the bill.Two related bills (H.R. 4709 and H.R. 4714) have been approved by the House Judiciary Committee.
A bill (H.R. 32) that would prohibit trafficking in labels or similar packaging, with knowledge that a counterfeit mark has been applied to them, has been approved by both the House of Representatives and the Senate. It has been sent to President Bush for his approval.Under the bill, the definition of “counterfeit mark” includes any mark on a label or packaging that is substantially indistinguishable from a trademarked design, and that is likely to mislead consumers. Under H.R. 32, any article that bears a counterfeit mark will be subject to forfeiture.
A bill (S. 2032) that would require the U.S. Department of Transportation (DOT) to submit all public transit security assessments to the Homeland Security Department (DHS) has been approved by the Senate Banking, Housing, and Urban Affairs Committee. The Senate has agreed to consider the measure. Under the bill, DHS would review the assessments and use them as the basis for allocating funds for security assistance grants. After receiving the first assessments, DHS would be required to update them, conduct new ones for all public transportation agencies considered to be at greatest risk of a terrorist attack, and use them to develop public transportation security guidelines and design a security improvement strategy.Under the bill, each public transportation agency that receives a grant must identify a security improvements coordinator and develop a comprehensive plan for operating and maintaining the equipment purchased with grant money.S. 2032 would also establish grants for public or private entities to conduct research into technologies and methods to reduce and deter terrorist threats or mitigate damages resulting from terrorist attacks against public transit systems.
The Patriot Act reauthorization bill was signed into law (P.L. 109-177) by President Bush one day before 16 key provisions were set to expire. The new law makes permanent 14 of the 16 provisions of the original Patriot Act, which was passed by Congress several months after the 9-11 terrorist attacks.
A bill (H.R. 4244) introduced by Rep. Darlene Hooley (D-OR) would establish grants for regional task forces designed to investigate and prosecute identity theft and other economic crimes. The task forces would comprise federal, state, and local law enforcement agencies.
A bill (H.R. 4238) introduced by Rep. Michael McCaul (R-TX) would build on the President’s border security initiative by requiring aliens to post bond to be released from mandatory detention centers and by using more federal facilities as detention centers..
A bill (H.R. 4460) introduced by Rep. Vito Fossella (R-NY) would establish a grant program for campuses to install professional fire alarm detection systems or other fire detection and prevention technologies.
A bill (H.R. 4422) introduced by Rep. Christopher Shays (R-CT) would require each state to submit a written report on state agencies that store or keep explosive materials. The report, which would be submitted to the Attorney General at regular intervals, would also note which materials had been transported in interstate or foreign commerce.
A bill (H.R. 4373) introduced by Rep. Edward Markey (D-MA) would require that the Homeland Security Department establish a system to inspect all cargo transported on passenger aircraft operated by a domestic or foreign air carrier.
A bill (S. 2043) introduced by Sen. Richard Durbin (D-IL) would provide grants for state and local governments to conduct disaster management drills such as mass evacuation exercises for urban and suburban areas.
The House Homeland Security Committee has approved a bill (H.R. 3197) that would regulate the purchase of ammonium nitrate. The provision must now be taken up by the House of Representatives.
The bill is designed to keep the substance, which can be used to make bombs, out of the hands of terrorists. It would require that those who handle ammonium nitrate register with the Department of Homeland Security (DHS) and provide the department with records of sale or distribution including the names, addresses, phone numbers, and registration numbers of buyers. The DHS could inspect businesses that might handle ammonium nitrate, without a warrant, during regular business hours.
A bill (S. 2052) introduced by Sen. Pat Roberts (R-KS) would provide a security-related tax credit for businesses that sell agricultural chemicals or manufacture, formulate, or distribute certain pesticides. The tax credit would be for 30 percent of the costs for protecting those chemicals and would expire in 2010.S. 2052 has three cosponsors and has been referred to the Senate Finance Committee.
A new appellate case strengthens the trend of preemptively suing to break a noncompete agreement. William Manuel worked for an Ohio company. He resigned, promising not to work for a competitor, but he had already accepted such a job in Georgia. He then filed a preemptive lawsuit in Georgia, which has laws more favorable to employees in such cases. The Georgia court ruled that the noncompete agreement was unenforceable. A federal appeals court ruled that the Georgia court's decision would stand because the first lawsuit filed in such a case establishes the venue. (Manuel v. Convergys Corporation, U.S. Court of Appeals for the Eleventh Circuit, No. 04-16032, 2005)
The Senate Commerce, Science, and Transportation Committee held hearings on a proposed transportation security bill (S. 1052) that would require the Homeland Security Department to establish a task force to conduct a vulnerability and risk assessment of freight and passenger rail transportation systems. Based on that assessment, the department would then be required to develop specific recommendations for improving rail security. At the hearing, witnesses discussed the efforts that government agencies had thus far made to improve rail security. Joseph Boardman, administrator for the Federal Railroad Administration, noted that the agency is in the process of developing regulations to secure railroad transport of toxic inhalation hazards. The regulations will ultimately require railroads to improve security plans, identify shipments, provide for temporary storage, ensure tank car integrity, and develop communications and tracking systems. During the question and answer portion of the hearing, funding was the foremost issue. Committee Chairman Ted Stevens (R-AK), asked why rail passengers were not paying for a portion of the security upgrades through increased fares.Those testifying at the hearing, including Cathleen Berrick, director of homeland security issues for the Government Accountability Office, said that necessary security upgrades must first be identified and the costs tallied before considering who should pay the tab. @ Visit Security Management Online to read testimony .
A bill (H.R. 1646) introduced by Rep. Jane Harman (D-CA) would dedicate certain radio frequencies for use by first responders and public service agencies. The Federal Communications Commission would have to dedicate some existing frequencies and assign new frequencies for this use by January 1, 2007.
Several bills that address identity theft are pending in the Senate. One bill (S. 1326), introduced by Sen. Jeff Sessions (R-AL), would require any person or agency that stores or controls sensitive personal information to protect that data from unauthorized access, destruction, use, modification, or disclosure. Another identity theft bill (S. 1408) is also pending in the Senate. S. 1408, which would set national standards requiring businesses to report data security breaches to customers, has been approved by the Senate Commerce, Science, and Transportation Committee. To advance, it must be taken up by the full Senate. A third bill (S. 1789), introduced by Sen. Arlen Specter (R-PA), would enhance penalties for those who use computers to commit identity theft crimes. It would also provide law enforcement officials with more money to investigate and prosecute identity theft.
Asked to give their opinions about mass transit security, witnesses from the Department of Homeland Security (DHS), consultants, and transit operators for the United States and the United Kingdom gathered to testify before the Senate Homeland Security and Governmental Affairs Committee. @ Visit Security Management Online to read the hearing testimony of Senator Susan Collins,Senator Joe Lieberman, DHS Assistant Secretary, Edmund Hawley, Chief Operating Office, of London Underground Michael Brown, Chief Metro Transit Police Department, Polly Hansen, President , New Age Security Solutions Rafi Ron.
Two Senate bills have been introduced to addresscommunication issues that arose in the wake of Hurricane Katrina. One bill (S. 1554), introduced by Sen. Susan Collins (R-ME),would establish a grant program to improve overall communications equipment for first responders. Collins, who is chairman of the Senate Homeland Security and Government Affairs Committee, said that “This bill takes an important step toward improving emergency communications nationwide so no community experiences the communications failure we saw in parts of the Gulf Coast in the wake of Hurricane Katrina.” The bill has one cosponsor—ranking minority member on the committee Sen. Joseph Lieberman (D-CT)—and has been referred to the Senate Homeland Security and Governmental Affairs Committee. Another bill (S. 1762), introduced by Sen. Barbara Boxer (D-CA), would also establish a grant program. However, it would be designed to establish an interoperable communications system for first responders.
A bill (H.R. 3165) introduced by Rep. Al Green (D-TX) would hold companies criminally liable for the deaths of contract employees that result from willful violations of safety standards set out by the Occupational Safety and Health Administration. H.R. 3165 has 12 cosponsors and has been referred to the House Education and the Workforce Committee.
The Department of Homeland Security appropriations bill, signed into law (P.L. 109-90) by President Bush inOctober, contains $940 million for border security initiatives, including 1,500new border patrol agents and expanded detention capacity. bill (S. 1256) introduced by Sen. Joseph Biden(D-DE) would require the Department of Homeland Security to issue regulations for the rail shipment and storage of extremely hazardous materials by railroads.
Several bills that would give employers more latitude in dsputes with the Occupational Safety and Health Administration (OSHA) have been merged into one measure (H.R. 739). This bill has been passed by the House of Representatives and is currently pending in the Senate Health, Education,Labor, and Pensions Committee.The legislation would allow employees more time to contest safety violations. Currently, employers have 15 days to contest safety violations. The bill would allow employees to exceed that 15-day time limit if the failure to contest results is from “mistake, inadvertence, surprise, or excusable neglect.”H.R. 739 would also allow employers with 100 or fewer employees and a net worth of $7 million or less to collect attorney’s fees if they prevail in a dispute with OSHA.
A bill (S. 1408) that would set national standards requiring businesses to report data security breaches to its customers has been approved by the Senate Commerce, Science,and Transportation Committee. tracking system for all radiation sources in the United States.
A bill (H.R. 1544) that would change the manner by which first-responder funds are allocated to state and local governments has been approved by the House of Representatives and is now pending in the Senate Homeland Security and Governmental Affairs Committee.
A bill (H.R. 2649) introduced by Rep. Edward Markey (D-MA) would amend federal transportation law to increase security measures in various sectors of the aviation industry.
A bill (H.R. 2688)introduced by Rep. Nita Lowey (D-NY) would require the physical screening of all people, goods, property, vehicles, and equipment before they are allowed into the secure area of an airport. The bill would take effect 120 days after it is enacted. Until the measure took effect, the bill would require that thegovernment conduct random screenings and inspections of such articles. Under the measure, the TSA would be reqired to report to Congress on ongoing efforts and projected timelines for developing screening standards for airport personnel, assessing available technologies for securing airport perimeters, and developing and implementing a standardized approach for conducting airport vulnerability assessments. H.R. 2688 has eight cosponsors and has been referred to the House Homeland Security Committee’s Subcommittee on Economic Security,Infrastructure Security, and Cybersecurity.patriot act.
Before adjourning for the August recess, the House and Senate approved different bills renewing the Patriot Act. The House measure (H.R. 3199) would make permanent most of the expiring law enforcement provisions, ad it would extend for ten years two controversial items—seizure of personal records, such as those held by libraries, and roving wiretaps. The Senate version of the bill (S. 1266) would also make permanent most of the provisions but would extend the two controversial provisions for only four years. In addition, the Senate legislation, which is preferred by civil rights advocates, would allow people to challenge warrants issued by secret courts and would require that those targeted be notified within seven days unless a judge grants an extension. When Congress returns in September, a House and Senate conference committee will try to draw up a compromise bill that resolves the differences.
At a recent hearing on identity theft, data brokers argued that only limited measures were needed to protect consumers from identity theft, while consumer advocates and identity theft victims disagreed and laid out steps Congress should take. Representatives from companies such as ChoicePoint, Acxiom Corporation, and LexisNexis shared their stories of data breaches and the theft of information from their computer systems. However, each organization claimed that it had taken steps to tighten security and that limited governmentintervention was needed.Jennifer Barrett, chief privacy officer for Acxiom, said that while “appropriately tailored” legislation could benefit companies in protecting consumer information, “even the best security systems imaginable and the strongest laws possible can nonetheless be circumvented by inventive criminals intent on committing fraud.”According to Barrett, Acxiom supports federal legislation requiring that companies notify consumers in the event of a security breach in cases where the consumer is at risk of identity theft or fraud. (More than 30 states have enacted such laws or are currently considering them.) This is the design of a bill (S. 751) introduced by Sen. Dianne Feinstein (D-CA). The bill would require this notification with exceptions for law enforcement investigations or matters of national security. However, Marc Rotenberg, president and executive director of the Electronic Privacy Information Center, a consumer advocacy group, told the committee that S. 751 doesn’t go far enough. He told lawmakers that anotherbill, (S. 798) introduced by Sen. Charles Schumer (D-NY), would better address the issue. Schumer’s bill would require the Federal Trade Commission(FTC) to establish rules for information brokers and for the protection of theinformation they gather. The rules would cover data accuracy, confidentiality,user authentication, and detection of unauthorized use. The bill would alsogive consumers the opportunity to review their information held by data brokers. It also requires that the FTC set up enforcement measures to punish companies that do not comply with the rules. Read the testimony
Lawmakers and witnesses recently discussed port security issues at a hearing before the Senate Commerce, Science, and Transportation Committee. The key issue raised at the hearing was grant funding for the various federal programs enacted after 9-11. @ Read the testimony of witnesses and lawmakers at Security Management Online.
A bill (H.R. 744)that would prohibit the use of spyware has been approved by the House and is now pending in the Senate Judiciary Committee.
Two amendments to the 2006 appropriations bill for the Department of Homeland Security (H.R. 2360)would mandate new cargo security measures. The first amendment would require that all air cargo be inspected before being loaded onto passenger airplanes. This provision would take effect in 2008. The second amendment to the bill, which would take effect immediately after the bill is enacted, would require that passengers be notified that unscreened cargo is being loaded onto their flight. H.R. 2360 has been approved by the House and is now awaiting action in the Senate.
A bill (H.R. 2011) introduced by Rep. David Price (D-NC) sets out requirements for private security personnel who perform under federal contracts. Specifically, the law would require that the government issue regulations setting minimum standards.The standards would address who could be hired as a private security officer, minimum training
A bill (H.R. 285)that would establish a national cybersecurity response team to analyze threat information and provide early warning of attacks on the cybersecurity infrastructure has been approved by the House Homeland Security Committee’s Subcommittee on Economic Security, Infrastructure Protection, and Cybersecurity. The bill must now be considered by the full committee.
A bill (S. 494)that would protect federal employees who disclose information about government wrongdoing has been approved by the Senate Homeland Security and Government Affairs Committee.
A bill (S. 500) introduced by Sen. Bill Nelson (D-FL) would regulate information brokers and would allow individuals to bring civil lawsuits against companies that fail to protect consumer data. A companion bill (H.R. 1080) has been introduced in theHouse by Rep. Edward Markey (D-MA). The House version has 13 cosponsors and has been referred to the House Energy Committee’s Subcommittee on Commerce, Trade,and Consumer Protection.
A bill (H.R. 1544) that would change the waythat first-responder funds are allocated to state and local governments has been approved by the House Homeland Security Committee and must now be taken up by the full House of Representatives.
The House Judiciary Committee has held several hearings on the expanded police powers included in the Patriot Act, which will be expiring at the end of this year. The first (S. 318), introduced by Sen. Russell Feingold (D-WI), would amend and make permanent the expiring computer trespass provision of the Patriot Act. Another bill (S. 737), introduced by Sen. Larry Craig (R-ID), would limit the use of the surveillance powers more so than is the case currently in the Patriot Act.
A bill (H.R. 785) introduced by Rep. Cliff Stearns (R-FL) would require that the government coordinate cargo-theft-tracking efforts.
A bill (S. 378) introduced by Sen. Joseph Biden (D-DE) that would create several new seaport security crimes has been approved by the Senate Judiciary Committee and has been accepted for consideration in the Senate.
A bill (S. 306)introduced by Sen. Olympia Snowe (R-ME) that would prohibit genetic discrimination by employers and insurance providers has been approved by the Senate.
A bill (S. 308) introduced by Rep. Frank Lautenberg (D-NJ)would require that homeland security grants be given out only based on assessments of risk, threat, and vulnerability.
Introduced by Sen.Russell Feingold (D-WI), a new bill (S. 317) would protect the privacy ofindividuals by limiting government access to the records of libraries and booksellers.
A bill (H.R. 285) introduced by Rep. Mac Thornberry (R-TX) would establish a national cybersecurity response team that could analyze threat information and provide early warning of attacks on the cybersecurity infrastructure. The team would also be tasked with providing information and assistance to restore the infrastructure after an attack.
A bill (H.R. 283) introduced by Rep. Linda Sanchez (D-CA) would amend existing law to allow grant funds to be used specifically for bullying and gang prevention programs in schools and communities. Currently, the law allows grants for "violence prevention." H.R. 283 would expand this language to read "violence, bullying, and gang prevention" programs.
A bill (H.R. 252) introduced by Rep. Sheila Jackson-Lee (D-TX) would require all hospitals that are reimbursed under Medicare to follow security regulations set out by the government regarding infant abduction. The Health and Human Services Department (HHS) would be required to promulgate interim regulations within 12 months of the bill's passage. The security procedures would be designed to reduce the likelihood of infant abduction and infant switching.
If you're planning to roll out a large-scale IT project, you might want to pay heed to some lessons learned from the FBI's troubled Virtual Case File (VCF) software project. @ The testimony before Congress by Fine, Mueller, andPunaro, and the IG's report onTrilogy, are at SM Online.
CIA Director Porter Goss testifiedto the Senate Armed Services Committee regarding worldwide threats to national security.
Many of the broad homeland security and intelligence issues before Congress this term will be addressed by the Senate Homeland Security and Governmental Affairs Committee, chaired again by Sen. Susan Collins (R-ME). In announcing the committee's agenda, Collins stressed overseeing and improving the Department of Homeland Security and monitoring the outcome of new intelligence legislation. The committee also plans to investigate sources of terrorism financing. In addition, Senate Majority Leader Bill Frist (R-TN) announced that antiterrorism legislation (S. 3) introduced by Sen. Judd Gregg (R-NH) will be a priority. S. 3 would increase penalties for attacks against rail systems, passenger vessels, and mass transit. The bill also includes provisions designed to aid vaccine production and protect drug companies from liability related to vaccine programs.
James F. Sensenbrenner (R-WI), chairman of the House Judiciary Committee, as announced his plans to reintroduce border-security legislation that was cut from last year's intelligence bill. The legislation will require increased security standards for issuing drivers' licenses and updating immigration provisions to keep terrorists out of the United States.
Sen. Dianne Feinstein (D-CA) has announced plans to reintroduce identity theft legislation. Feinstein, who serves on the Judiciary Committee, introduced similar legislation in the previous Congress which was approved by the Senate but was not taken up by the House.The legislation would prohibit the sale or display of Social Security numbers to the general public, set national standards for database security, and establish guidelines for companies that send customer information overseas for processing.
Rep. Mary Bono (R-CA) has reintroduced a bill that would require that consumers receive "a clear and conspicuous notice" prior to software being loaded onto their computers. H.R. 29,titled the Securely Protect Yourself Against Cyber Trespass Act (SPY Act), is cosponsored by lawmakers from both sides of the aisle. It was first introduced in 2004 and passed the House in October. However, the bill was not passed by the Senate before the end of the 108th Congress. The SPY Act is meant to protect consumers from spyware, programs that are surreptitiously loaded onto a computer that are able to track and gather the consumer's data, including which sites were visited or even sensitive information such as credit card numbers. The Federal Trade Commission would be responsible for enforcing the SPY Act and would be authorized to fine offenders as much as $3 million per violation.
A provision in a law approved by Congress in the months after September 11 requires that flight schools take steps to increase security awareness and report suspicious behavior to the government. A recent final rule issued by the Transportation Security Administration (TSA) clarifies these requirements. Under the rule, flight schools may not provide training to aliens without the prior approval of the TSA. To obtain approval, the school must submit information about the candidate, along with the candidate's fingerprints and a processing fee. The school must then wait 30 days after the TSA has received the information before the training may begin. @ The rule is available via Security Management Online.
The intelligence reform bill (S. 2845), which enacts the major recommendations of the 9-11 Commission, has been passed by Congress. The new law creates a director of national intelligence to oversee all U.S. intelligence efforts and a national counterterrorism center. The law also provides additional funding for border control needs, such as more personnel and detention centers. It includes a measure to allow employers to request criminal background checks on security employees and also establishes a national clearinghouse to process such background checks. The bill was stripped of some measures, including a provision that would have denied illegal immigrants driver's licenses, before it gained approval, but it does address standards for driver's licenses. Also, language was added to the bill to protect the chain of command to allow the Pentagon to issue timely instructions to troops during wartime.
The Congressional Budget Office has issued a report examining the role of the private sector in responding to the threat of a terrorist attack in the United States.
Washington Post reports that the Senate passes the intelligence bill. The bill calls for major changes to the intelligence community, it would give the new director authority to coordinate the activities of CIA and other intelligence agencies.
A temporary final rule issued by the U.S. Coast Guard reclassifies certain chemicals as dangerous cargo. The rule also sets out two options for vessels to submit electronic notices of arrival--a provision required under federal law. The rule took effect on September 17 and is valid through March 20, 2006. Meanwhile, the Coast Guard is accepting comments for a final rule to be issued in the future. Comments must be received by November 16, 2004. For more details visit SM Online.
Under a new proposed rule issued by the Federal Communications Commission (FCC), Internet phone calls--voice over Internet protocol, or VoIP--would be subject to federal laws governing wiretaps. This means that VoIP providers would have to equip their devices to allow law enforcement to intercept calls in cases where a court order is issued for surveillance.
The Federal Deposit Insurance Corporation (FDIC) has announced its auditing procedures for ensuring that banks and other financial institutions are in compliance with security measures established under the U.S. Patriot Act. The measures, designed to fight money laundering, focus on a customer identification program through which bank officials verify the identity of customers.
The House of Representatives has approved a Senate bill (S. 15) authorizing the government's Project Bioshield, and President Bush has signed the legislation into law (P.L. 108-276).
A bill (H.R. 4265) introduced by Rep. Mark Green (R-WI) would grant immunity from litigation to companies that donate equipment to charities. Under the law, companies could not be held liable for any death or injury arising from use of the donated equipment. Exceptions are made for injuries or death resulting from gross negligence or the intentional misconduct of the donating .
A bill (H.R. 4313) introduced by Rep. Jerrold Nadler (D-NY) would authorize $75 million in grants to be allocated to public schools to establish programs to stop harassment based on an individual's actual or perceived race, color, national origin, ethnicity, religion, disability, sexual orientation, gender, family composition, or economic circumstances.
Lawmakers on the Senate Banking, Housing, and Urban Affairs Committee have approved a bill (S. 2453) that would award grants to public transit agencies, including metro, rail, and bus services, to improve security. The bill must now be considered by the full Senate.
A bill (S. 2635) introduced by Sen. Susan Collins (R-ME) would establish a federal grant program totaling $25 million to identify and develop new homeland security equipment, capabilities, technologies, and services. The money could also be used to further develop existing capabilities and conduct research into other options. For-profit businesses, academic institutions, and nonprofits would all be eligible to receive the grants. The bill would also require that the government conduct an assessment of federal, state, and local governments as well as first responders on all levels to establish their information, equipment, and technology needs.
A bill (S. 2275) that would require the government to give security assistance to high-risk nonprofit organizations has been approved by the Senate Governmental Affairs Committee. The bill must now be taken up by the full Senate.
The House Judiciary Committee has approved a bill (S. 1301) that would make it illegal to surreptitiously videotape or photograph people in certain situations. Under the provision, which applies only in federal jurisdictions such as military bases, recording anyone naked or in a state of undress without that person's consent in situations where privacy can reasonably be expected would be illegal. The bill must now be approved by the full House of Representatives before it can be presented to the president for his approval.
A bill (S. 2295) introduced by Sen. John McCain (R-AZ) that would establish a program for using advanced technology to meet border protection needs has been approved by the Senate Commerce, Science, and Transportation Committee. It must now be taken up by the full House of Representatives to move forward.
A bill (S. 1053) that would make it illegal to discriminate against someone on the basis of genetic information has been approved by the Senate and has been referred to the House Committee on Education and the Workforce. However, the committee is unlikely to consider the bill because of the backlog of funding and appropriations measures that must be considered by the committee before year's end.
A bipartisan group of Senators led by Sen. Joseph Lieberman (D-CT) and Sen. John McCain (R-AZ) has introduced legislation implementing the recommendations of the 9-11 Commission. The bill, unnamed at press time, essentially puts the 9-11 report recommendations into legislative language with one exception--the head of intelligence would not be in the White House, a change the commission concurred with based on concerns about the future politicization of intelligence.
In a recent hearing held before the House Transportation and Infrastructure Committee's Subcommittee on Highways, Transit, and Pipelines, witnesses detailed the security measures taken since 9-11 and urged lawmakers to approve additional funding for new security plans.
A bill (H.R. 2971) that would restrict the sale and public display of Social Security numbers by both private sector and government entities has been approved by the House Ways and Means Committee.
A bill (H.R. 1731) designed to increase criminal penalties for identity theft has been signed into law (P.L. 108-275) by the president.
A bill (H.R. 218) that would exempt off-duty and retired law enforcement personnel from compliance with concealed-weapons laws has been approved by both houses of Congress.
A bill (H.R. 3266) that would authorize the Department of Homeland Security to make grants to first responders to purchase or upgrade equipment and conduct training exercises has been approved by the House Transportation and Infrastructure Committee and the House Energy and Commerce Committee.
A bill (H.R. 1678) that would make it a federal crime to fool people into believing that an act of terrorism has taken place has been approved by the House Judiciary Committee. The bill would also require those convicted under the measure to reimburse law enforcement for any costs of investigating the hoax.
The Coast Guard authorization bill (H.R. 2443) has been approved by the House of Representatives and has been approved in a different form by the Senate. In a conference committee, which is designed to hash out differences in the two versions, lawmakers rejected a controversial provision that would have required Coast Guard representatives to review the security plans of all foreign vessels entering U.S. waters. (Under current law, the Coast Guard is required to review the security plans of domestic vessels.) At a hearing before the bill was passed, Coast Guard Commandant Thomas H. Collins contended that the agency does not have the money or personnel to complete the task, which would have required reviewing plans for more than 10,000 foreign vessels.
A bill (H.R. 4022) introduced by Rep. Robert Andrews (D-NJ) would allow the owners of private security companies (contract service providers) to access the FBI's criminal database through the National Crime Information Center.
Three bills that would enhance seaport and cargo security are currently under review by lawmakers. One bill (S. 2297) introduced by Sen. Kay Bailey Hutchison (R-TX) would require that the Department of Homeland Security develop a strategic plan for integrating security for all modes of transportation through which intermodal shipping containers arrive, depart, or move in interstate commerce. The bill would also mandate that the portion of shipping containers physically inspected increase to no less than 50 percent by 2007. The measure has one cosponsor and has been referred to the Senate Commerce, Science, and Transportation Committee. A related bill (H.R. 3455) introduced by Rep. Loretta Sanchez (D-CA) would require that the Coast Guard establish standards and verification procedures for securing maritime containers. These would include standards for cargo seals and procedures to verify such seals when cargo containers are unloaded. H.R. 3455 has 13 cosponsors and has been referred to the House Transportation and Infrastructure Committee and the House Ways and Means Committee. Another seaport bill (S. 2240) introduced by Sen. Barbara Boxer (D-CA) would authorize the Department of Homeland Security to call for funding of $800 million for grants to seaports. Such grants would be given to enhance security or increase the efficiency of the seaport without hampering security efforts. S. 2240 has no cosponsors and has been referred to the Senate Commerce, Science, and Transportation Committee.
Several bills currently under consideration in Congress are aimed at enhancing aviation security programs. One bill (H.R. 3959) introduced by Rep. Frank LoBiondo (R-NJ) would authorize the Homeland Security Department to provide air marshal training to law enforcement personnel from foreign countries. The bill has no cosponsors and has been referred to the House Transportation and Infrastructure Committee. Companion bills (H.R. 4126 and S. 2268) introduced by Rep. Joe Wilson (R-SC) and Sen. Jim Bunning (R-NY), respectively, would alter the federal flight deck officer program--allowing pilots to carry firearms on commercial flights. The measure would add mental health standards and firearms training to the list of eligibility requirements. The bill would also prohibit the disclosure of information relating to a pilot's participation in the program and provide an appeal process for pilots who have been determined ineligible for the program.
Two identical bills (H.R. 4212 and S. 2310) introduced by Rep. Adam Schiff (D-CA) and Sen. Dianne Feinstein (D-CA), respectively, would establish a task force on nuclear material removal within the Department of Energy.
The House Select Committee on Homeland Security's Subcommittee on Infrastructure and Border Security and Subcommittee on Cybersecurity, Science, Research, and Development held a joint hearing to discuss the relationship between the Department of Homeland Security (DHS) and various private groups responsible for critical infrastructure. Witnesses at the hearing noted that information sharing plans are ongoing but are still in need of refinement. Complete witness testimony is available at SM Online.
At a hearing held by the House Transportation and Infrastructure Committee's Subcommittee on Aviation, lawmakers heard testimony regarding the pilot program established by the government to evaluate private airport screening programs.
The House Judiciary Committee's Subcommittee on Courts, the Internet, and Intellectual Property has approved H.R. 4077, introduced by Rep. Lamar Smith (R-TX). The bill would authorize a $15 million campaign to educate the public about the legal issues involved in duplicating copyrighted content. The bill would also lower the legal standards that prosecutors must meet to prove that computer users have violated copyright laws.
A bill (H.R. 1678) introduced by Sen. Lamar Smith (R-TX) that would make it a federal crime to fool people into believing that an act of terrorism had taken place has been approved by the House Judiciary Committee's Subcommittee on Crime, Terrorism, and Homeland Security. The bill would also require anyone convicted under the measure to reimburse law enforcement for any costs of investigating the hoax.
Two identical bills (H.R. 4008 and S. 1608), introduced by Rep. Christopher Shays (R-CT) and Sen. Jeff Sessions (R-AL), respectively, would increase the penalties for terrorism against mass transit systems. Anyone guilty of the crime could be imprisoned for up to 20 years. For aggravated offenses--which would include any that involve high-level radioactive materials or those that result in the death of a person--the punishment could range from a prison term of not less than 30 years to the death penalty.
A bill (S. 153) that would establish the crime of aggravated identity theft has been approved by the Senate and has been referred to the House Judiciary Committee's Subcommittee on Crime, Terrorism, and Homeland Security.
A bill (H.R. 3754) has been approved by the House Judiciary Committee's Subcommittee on Courts, the Internet, and Intellectual Property. H.R. 3754 has been forwarded to the House Judiciary Committee. The bill would make it illegal to knowingly provide material and misleading false contact information in making, maintaining, or renewing registration of an Internet site domain name The bill would also add seven years to the felony conviction sentence for such a crime.
Department of Homeland Security Secretary Tom Ridge testified in New York before the 9/11 Commission regarding first responder issues. He told the commission that DHS would create "a new Office of Interoperability and Compatibility, which we will officially launch in the near future. This office will focus not just on interoperable communications, but also on the gear and equipment that will be used by multiple jurisdictions, firefighters and police officers from different neighborhoods, as they join together to respond to a major event. In addition, this Office has initiated a program aimed at providing communications interoperability at disaster sites in the near term. And we expect multiple cities to achieve this goal sometime this fall." He also addressed intelligence collection, cargo inspection, and other issues. Read the full testimony online.
The GAO has issued reports on FBI efforts to address counterterrorism demands with limited personnel and on the Department of Homeland Security's method for tracking persons who overstay their allotted time in the U.S.
The Department of Homeland Security's IT efforts are plagued with inefficiencies and problems, from an "organizationally weak" CIO office and the reliance on outdated technical systems to the need to outsource some benefits and payroll functions to other agencies. Those charges are leveled by Democrats on the House of Representatives' Homeland Security Committee in a recent report, America at Risk: Closing the Security Gap. @ The report is available at SM Online.
The U.S. Supreme Court has ruled that an individual whose Social Security number was released to the public by the government cannot collect damages because he cannot prove that the disclosure caused him actual harm. In the case, a miner making a claim of black lung disease to the Department of Labor found that some of the information on official agency documents, which included the claimant's Social Security number, was revealed to the public. The miner sued the department, claiming that he was entitled to $1,000 damages from the government under the Privacy Act of 1974. The Supreme Court has ruled that because the disclosure did not cause the miner actual harm, he may not recover damages. (Doe v. Chao, United States Supreme Court, No. 02-1377, 2004)
Sen. Barbara Boxer (D-CA) has introduced a bill (S. 2171) that would require the federal government to establish a toll-free hotline that could be used by local government and nonprofit organizations to obtain information about federal grant programs and funding available for first responders and terrorism-preparedness programs.
A bill (S. 2216) introduced by Sen. Ernest Hollings (D-SC) would require the Homeland Security Department to conduct risk assessments of rail security threats and then recommend additional measures to increase safety. The recommendations would consider infrastructure, facilities, terminals, tunnels, bridges, and any other high-risk areas. The bill would include funding of $515 million.
A bill (H.R. 3534) introduced by Rep. Thomas Tancredo (R-CO) would suspend the visa waiver program until the Department of Homeland Security (DHS) fully implements an automated entry-exit system and the use of biometric machine readers and passports.
Introduced by Rep. Lamar Smith (R-TX), a bill (H.R. 3754) would make it illegal to knowingly provide material and misleading or false contact information in making, maintaining, or renewing registration of an Internet site domain name. The bill would also add seven years to the felony conviction of such a crime.
A Senate bill (S. 2060) introduced by Sen. Harry M. Reid (D-NV) would allow local law enforcement officers to carry weapons onto commercial aircraft. The officers would have to be full-time municipal, county, or state law enforcement officers. The officers would not have to be on duty to carry a weapon.
A bill (H.R. 2939) introduced by Rep. Randy Forbes (R-VA) would amend federal law to enhance the prevention and prosecution of crimes committed using weapons of mass destruction. The bill would make illegal any threat, attempt, or conspiracy to use weapons of mass destruction within the United States on any property, including property owned, leased, or used by a foreign government. penalties for certain crimes carried out at ports. Under the bill, it would be illegal to damage or destroy a vessel or maritime facility. Enhanced penalties would apply if the vessel carried high-level radioactive waste or spent nuclear fuel.
Introduced by Sen. Edward Kennedy (D-MA), a Senate bill (H.R. 1705) would prohibit an employer from refusing to hire or to discharge an individual based on that individual's sexual orientation. The bill would also prohibit discrimination in compensation, terms, conditions, or privileges of employment because of sexual orientation.
A bill (H.R. 3788) introduced by Rep. Loretta Sanchez (D-CA) would require the Coast Guard to develop and implement a secure, long-range automated vehicle tracking system. The system would be used to reroute vessels and maritime cargo in case of an emergency.
The House Transportation and Infrastructure Committee's Subcommittee on Aviation recently held a hearing on airport screening and checkpoint issues. Several government and industry representatives testified.
TSA representative Stephen J. McHale testified that all screeners must meet annual recertification standards and pass numerous tests. To further increase screener skill, a new plan is underway to send inert bomb sets and weapons training kits to every airport in the nation so that screeners can be tested using these items, noted McHale.
Representing the Airports Council International-North America, David Z. Plavin testified that the TSA's priorities have led to screening problems.
According to Randall Walker, aviation director of Clark County, Nevada, the Las Vegas McCarran airport was operating well under federal guidelines immediately after 9-11.
Angela Gittens, aviation director at Miami-Dade International Airport, was critical of government actions. She noted that Congress had issued a December 2002 deadline for installation of an explosive detection system (EDS) at each airport. But, said Gittens, Miami has yet to receive one, "even though we are the nation's third busiest international gateway and have the highest number of foreign visitors of any airport in the nation." Read the testimony.
The Sentencing Commission recently approved the guideline changes for violations of the CAN-SPAM Act and sent them on to Congress for approval. The felony offense includes "a sentence enhancement of approximately 25 percent if a defendant improperly obtains e-mail addresses" to send spam, and an additional 25 percent sentence increase if spam is used for mass marketing. Other sentencing increases are based on the amount of loss and number of victims. @ More on the new sentencing guidelines and a transcript of the Sentencing Commission's public hearings are at SM Online.
A review of applicants for security officer jobs in Illinois this past January shows FBI criminal history checks eliminated four times more applicants than did a state police check for crimes committed in Illinois. State checks elsewhere are likely equally deficient, testified ASIS Security Guidelines Commission Co-Chair Don Walker, CPP, in urging Congress to pass S.1743, the "Private Security Officer Employment Authorization Act of 2003." Supporting Walker's position were officials from the FBI, Westchester County (New York) District Attorney's Office, and the National Workrights Institute. Read the testimonies online. (Jeanine Ferris Piriro, Michael Kirkpatrick, Lewis Maltby )
At a hearing of the Senate Judiciary Committee's Subcommittee on Terrorism, Technology, and Homeland Security, lawmakers questioned the Bush administration's progress in protecting seaports. Administration witnesses noted that the administration has made progress and that many seaport security programs are paid for by private industry. Rear Admiral Larry Hereth, director of port security for the U.S. Coast Guard, briefed the committee on Area Maritime Security Committees. Sen. Patrick Leahy (D-VT), in his remarks before the subcommittee, said that seaport security initiatives are inadequate due to underfunding of critical programs such as the Container Security Initiative, designed to prevent the use of seagoing cargo containers for terrorist activities.In his testimony, Robert Jacksta, executive director of the United States Customs and Border Patrol, told lawmakers that some mandates have already been implemented. Gary Bald, acting assistant director of the FBI, told the committee that state and local agencies as well as port authorities have pooled their resources to meet threats.
Rep. Edward Markey (D-MA) has introduced a bill (H.R. 3798) that would require the government to establish a system for screening or inspecting all cargo that is transported in passenger aircraft. The screening would have to meet the same standards applied to passenger screening efforts. The bill would also require the government to issue regulations to improve access to secured areas of airports.
A bill (H.R. 3456) introduced by Rep. Chris Bell (D-TX) would establish criminal penalties for certain crimes carried out at ports. Under the bill, it would be illegal to damage or destroy a vessel or maritime facility. Enhanced penalties would apply if the vessel carried high-level radioactive waste or spent nuclear fuel.
A bill (H.R. 3787) introduced by Rep. Collin Peterson (D-MN) would establish an electronic livestock identification system to improve the government's response to an outbreak of disease. The bill is similar to a Senate bill (S. 2008) introduced by Sen. Arlen Specter (R-PA).
The House Select Committee on Homeland Security Subcommittee on Infrastructure Protection held a hearing April 21 on public/private partnerships and information sharing. Chairman Christopher Cox noted that "The hearing emphasized the need for DHS to develop an implementation plan to conduct risk assessments for cyber and physical components with the private sector, as well as coordinate with state and local officials." Cox also noted that a GAO progress report on the issue will be out in a few weeks. Robert Liscouski, assistant secretary for Infrastructure Protection in the Department of Homeland Security, was among those who testified.
George Newstrom testimony
Dave McCurdy testimony
Diane VanDe Hei testimony
Dacey testimony
Department of Homeland Security Secretary Tom Ridge testified before the House Judiciary Committee about extending the deadlines of two sections of the Enhanced Border Security and Visa Entry Reform Act of 2002.
The Judiciary Committee's Subcommittee on Crime, Terrorism, and Homeland Security, and the Select Committee on Homeland Security's Subcommittee on Intelligence and Counterterrorism held a joint hearing on the consolidation of terrorist watchlists at the new Terrorist Screening Center. Among those testifying was TSC Director Donna A. Bucella, who told Congress, "Since December 1, 2003, when the TSC came into operation, State Department assignees and their staff at the TSC have reviewed over 54,000 security advisory opinions, which are cables from U.S. Embassies and Consulates around the globe, to determine if the visa applicants described in these cables were "true hits" with records contained in the database. Eighty of those "hits" resulted in true matches. As an example in December, a member of a terrorist organization applied for a visa at a U.S. consulate overseas. Consular officials denied the visa based on the TSC's review of the information and confirmation that the individual was a "true hit," i.e. matched the record at the TSC. The same process applied to a senior member of a proscribed terrorist organization based overseas. His visa was also denied." With regard to domestic cooperation with law enforcement, Bucella explained the TSC's work: "In one case, local police arrested a suspected terrorist associate on a state criminal violation. After TSC assisted in the positive identities match, the CT Watch, contacted the FBI case agent, who immediately went to the local detention facility to talk with the individual. During that interview, the individual agreed to cooperate with the FBI." Bucella went on to explain that "In addition to serving local law enforcement, the TSC receives a high volume of calls from Customs and Border Protection (CBP) inspectors who are stationed on the Nation's borders. A typical CBP call involves incoming passengers on international flights. A CBP inspector will query a list of names and may receive several possible suspected terrorist hits from IBIS and NCIC. The CBP inspector will go through their National Targeting Center (NTC), where the record will be analyzed, then passed to TSC. Our process is the same as it would be for a law enforcement call, that is, to examine the underlying record which often contains all source sensitive and highly classified information on a 24/7 basis, and determine whether the individual is identical to the person in the Terrorist Screening Center Database. The TSC then appropriately passes any derogatory information on the subject, and CBP makes a determination on whether the individual will be allowed into the United States."
Cox statement
Bartoldus statement
McMahon statement
The Department of Homeland SecuritySecretary Tom Ridge announced March 23 a pilot project to screen passengers and baggage at a U.S. train station and Congress held hearings on rail security and port security. In addition, he said that the DHS will develop a rapid- deployment mass-transit K-9 program to assist state, local, and transit authorities in the event of a special explosive threat situation. Senator Maria Cantwell (D-WA) called on the Department of Homeland Security to establish a rail passenger protocol with Canada, which is similar to the rail freight protocol established in 2003.
A bill (H.R. 3261) introduced by Rep. Howard Coble (R-NC) would allow database owners to sue those who make the owners' proprietary database information commercially available without permission.
A bill (S. 1402) introduced by Sen. John McCain (R-AZ) that would increase railroad safety and security has been approved by the Senate and has been referred to the House Transportation and Infrastructure's Subcommittee on Railroads.
Two bills (S. 333 and H.R. 2490), introduced by Sen. John Breaux (D-LA) and Rep. Rahm Emanuel (D-IL), respectively, would establish an Office of Elder Justice in the Department of Health and Human Services (HHS).
A bill (H.R. 3692) introduced by Rep. Linda Sanchez (D-CA) would amend existing laws to include grants to help schools prevent bullying.
Rep. Robert Scott (D-VA) has introduced a bill (H.R. 3693) that would give the Department of Justice additional funding authorization to investigate and prosecute identity theft and related credit card fraud. The bill would allot an additional $100 million to the agency.

A bill (S. 1986) introduced by Sen. Hillary Rodham Clinton (D-NY) would require increased security for voting systems to prevent voter fraud.

A bill (H.R. 3703) introduced by Rep. Carolyn Maloney (D-NY) would hold certain employers liable for gender-related acts of violence that occur on the employer's property if the violence occurs because of the employer's negligence.

A seaport security bill (H.R. 3712) introduced by Rep. Juanita Millender-McDonald (D-CA) would provide additional grants to fund port security projects.

Sen. Arlen Specter (R-PA) has introduced a bill (S. 2008) that would establish a livestock tracking system to improve the government's response to disease in the food chain.

A bill designed to limit the amount of unsolicited e-mail sent via the Internet has been signed into law (P.L. 108-187). The act defines unsolicited e-mail as any message with the primary purpose of commercial advertisement or promotion of a commercial product or service.

The Coast Guard authorization bill(H.R. 2443) that has been approved by the House of Representatives and has been referred to the Senate Committee on Commerce, Science, and Transportation includes a controversial provision. H.R. 2443 would require that Coast Guard representatives review the security plans of all foreign vessels entering U.S. waters.

A bill (H.R. 2122) that would make biocontainment laboratories and other specialized research facilities available to the government in case of a bioterrorism emergency has been approved by the House of Representatives and has now been taken up by the Senate.

A bill(S. 731) that would make it illegal to tamper with document authentication features in an effort to commit fraud has been included in P.L. 108-21, the Prosecutorial Remedies and Other Tools to End the Exploitation of Children Today (PROTECT) Act of 2003.

A bill (S. 1043) that would require the Homeland Security Department to conduct threat assessments on all nuclear power plants and facilities has been approved by the Senate Environment and Public Works Committee.

A bill (H.R. 3159) that would enhance computer security at government facilities has been approved by the House of Representatives and the Senate Governmental Affairs Committee and has been placed on the Senate calendar for a vote.

A cargo security amendment added to the Department of Homeland Security appropriations bill, now P.L. 108-90, requires the Secretary of Homeland Security to research, develop, and procure certified systems to inspect and screen air cargo on passenger aircraft at the earliest date possible.

A bill (H.R. 3036) that would increase the penalties for obstruction of justice and utterance of false statements in terrorism cases has been approved by the House Judiciary Committee.

The House of Representatives and the Senate have both approved the appropriations bill (H.R. 2555) for the Department of Homeland Security.

A bill (S. 1566) introduced by Sen. Jon Corzine (D-NJ) would give businesses tax incentives to install automatic fire sprinkler systems.

A bill (S. 1552) introduced by Sen. Lisa Murkowski (R-AK) would revoke some of the law enforcement powers bestowed under the USA Patriot Act. Under S. 1552, law enforcement agencies would be required to obtain court orders to conduct electronic surveillance.

An appellate court has ruled that a company cannot block access to otherwise public information contained in its copyrighted computer program. In dismissing the copyright claim, the court ruled that there were at least four legitimate ways to obtain the information in question through public sources, making the copyright claim invalid. (Assessment Technologies of WI, LLC v. WIREdata, Inc., United States Court of Appeals for the Seventh Circuit, No. 03-2061, 2003)

The Senate passed, by a vote of 95-2, the National Consumer Credit Reporting System Improvement Act of 2003, S. 1753. According to a release from Sen. Mike Enzi (R-WY), "The bill would amend the Fair Credit Reporting Act of 1970 to help prevent identity theft, improve financial education and literacy, limit the sharing of businesses, and improve the accuracy of consumer reports resulting in greater access to and use of those reports for consumers." The House passed H.R. 2622, its version. Both houses must now meet to work out a compromise.

Three bills under consideration in Congress would influence the investigation and prosecution of terrorism offenses.H.R. 3016, introduced by Rep. Melissa Hart (R-PA), would facilitate the prosecution of any person or organization financing terrorism. Another bill (H.R. 3036), introduced by Rep. Mark Green (R-WI), would increase the penalties for obstruction of justice and utterance of false statements in terrorism cases.The third bill (H.R. 2942), introduced by Rep. Darlene Hooley (D-OR), would establish a national clearinghouse for incidents of environmental terrorism.

Four bills currently under consideration by legislators seek to improve security aboard transportation systems.S. 1587, introduced by Sen. Joseph Biden (D-DE), would make it a criminal act to willfully use a weapon, explosive, chemical weapon, or nuclear or radioactive material with the intent to cause injury to anyone while on board a passenger vessel. Another bill (S. 1608), introduced by Sen. Jeff Sessions (R-AL), would increase the penalties for terrorism against mass transit systems. A bill (S. 1598) introduced by Olympia Snowe (R-ME) would require the government to conduct a study to determine whether passenger rail security programs that are carried out in foreign countries would be feasible in the United States.S. 1599, also introduced by Sen. Snowe, would require a study into whether a full screening system--of passengers, bags, and cargo--would be effective on the Amtrak system.

The House of Representatives and the Senate have both approved the appropriations bill (H.R. 2555) for the Department of Homeland Security.

Two bills (S. 1272 and H.R. 1583), introduced by Sen. Jon Corzine (D-NJ) and Rep. Charlie Norwood (R-GA) respectively, would affect company compliance with Occupational Safety and Health Administration (OSHA) rules.

A bill (S. 929) that would provide federal grants to improve security at over-the-road bus operations has been approved by the Senate and has now been taken up by the House of Representatives.

A bill (S. 1458) introduced by Sen. Bill Nelson (D-FL) would expand the protections under the Gramm-Leach-Bliley Act to protect any nonpublic health information including demographic data and tissue samples. This information would be protected in any form.

A bill (S. 1441) introduced by Sen. Joseph Biden (D-DE) would increase penalties for those who perpetrate hoaxes that suggest that a terrorist attack is taking place or will take place.

A bill (S. 1400) introduced by Sen. Olympia Snowe (R-ME) would establish an integrated coastal observation system with several goals, including fighting terrorism and monitoring storm activity. The system would also collect data on the marine environment and ocean life.

A bill (S. 1507) introduced by Sen. Russell Feingold (D-WI) would amend the PATRIOT Act by limiting the power of the government to access library, bookseller, and other personal records of individuals for counterintelligence purposes.

Two identical bills (S. 1385 and H.R. 2683), introduced by Sen. Jon Corzine (D-NJ) and Rep. Bill Pascrell (D-NJ) respectively, would require that colleges and universities disclose the fire-safety measures implemented for campus buildings.

A bill (S. 1350) introduced by Sen. Dianne Feinstein (D-CA) would require that companies victimized by an electronic security breach notify customers that their information may have been compromised.

Rep. Peter DeFazio (D-OR) has introduced a bill (H.R. 2570) that would require the federal government to reimburse state and local governments for expenses incurred because of code orange or code red terrorism alerts.

The House has voted to add a cargo security amendment to the Department of Homeland Security appropriations bill (H.R. 2555). The amendment would only provide federal funding for cargo security plans that include screening measures.

A bill (H.R. 2463) introduced by Rep. Jim Saxton (R-NJ) would require that government contractors working on any job for more than three days conduct background investigations on employees.

A bill (H.R. 2929) introduced by Rep. Mary Bono (R-CA) would require companies to get permission from consumers before using spyware.

Under a new bill (H.R. 2899) introduced by Rep. Jim Kolbe (R-AZ), the U.S. government would establish two new visa categories for immigrants entering the country.

A bill (S. 1350) introduced by Sen. Dianne Feinstein (D-CA) would require that companies victimized by an electronic security breach notify customers that their information may have been compromised.

A bill (H.R. 2463) introduced by Rep. Jim Saxton (R-NJ) would require that government contractors working on any job for more than three days conduct background investigations on employees.

A bill (H.R. 2929) introduced by Rep. Mary Bono (R-CA) would require companies to get permission from consumers before using spyware.

Under a new bill (H.R. 2899) introduced by Rep. Jim Kolbe (R-AZ), the U.S. government would establish two new visa categories for immigrants entering the country.

A bill (S.B.590) that would have required banks, insurance companies, and other financial institutions to get customer permission before sharing that patron's information has been rejected in committee. Currently, privacy is protected by an opt-out system in which information can be shared unless a customer says it may not.

A bill (H.B. 1190) under consideration by Minnesota lawmakers would require that specific security measures be implemented by owners of convenience stores.

A bill (H.R. 2122) introduced by Rep. Billy Tauzin (R-LA) has been approved by the House Committee on Energy and Commerce and the House Armed Services Committee. It is now pending in the House Select Committee on Homeland Security.

(S. 165) has been approved by the Senate and has been taken up by the House Transportation and Infrastructure Committee.Another bill (H.R. 2455), introduced by Rep. Edward Markey (D-MA), would require that the Department 0f Homeland Security develop a system to screen all cargo carried by aircraft.

Sen. James Jeffords (I-VT) has introduced a bill (S. 779) that sets aside grant money to help offset the costs of conducting vulnerability assessments and devising emergency response plans at water treatment plants.

A bill (S. 929) introduced by Sen. John McCain (R-AZ) that would provide federal grants to improve security at over-the-road bus operations has been approved by the Senate Commerce, Science, and Transportation Committee.

Two bills (S. 957 and H.R. 1889), introduced by Sen. Barbara Boxer (D-CA) and Rep. Nita Lowey (D-NY), respectively, would require that aircraft cabin crew members be certified and trained on security and safety procedures.

Two bills (S. 1053 and H.R. 1910), introduced by Sen. Olympia Snowe (R-ME) and Rep. Louise McIntosh Slaughter (D-NY), respectively, would make it illegal to discriminate against someone on the basis of genetic information.

A bill (H.R. 781) introduced by Rep. Judy Biggert (R-IL) would exempt attorneys from the privacy provisions of the Gramm-Leach-Bliley Act. The bill would exclude attorneys from the law's requirement related to the disclosure of nonpublic personal information pertaining to clients.

The U.S. Supreme Court has ruled that public libraries that receive federal funds must install Internet filters to protect underage users from pornographic Web sites. In the case, the American Library Association (ALA) sued the government, claiming that the filters are unreliable and can deny users the right to view legitimate nonpornographic sites. The law, argued the ALA, would violate free speech rights. The Court disagreed, finding that the inconvenience of filters did not rise to a violation of constitutional rights and that the government had the right to prescribe how its funds would be used. Libraries that do not receive federal funds need not use filters.(U.S. v. American Library Association, Inc., U.S. Supreme Court, No. 02-361, 2003)

In a recent decision, the U.S. Court of Appeals for the Fourth Circuit ruled that the Health Insurance Portability and Accountability Act (HIPAA) is constitutional and provides fair notice and minimal guidelines to covered entities. (South Carolina Medical Association et al v. Tommy G. Thompson, U.S. Court of Appeals for the Fourth Circuit, No. 02-2001, 2003)

Three leading Senators have introduced a bill aimed at overhauling the Intelligence Community to prevent another successful terrorist attack like the tragedy of September 11, 2001. According to their press release, "The 9-11 Memorial Intelligence Reform Act," sponsored by Senators Bob Graham, John D. Rockefeller and Dianne Feinstein, embodies the recommendations of the House-Senate Joint Inquiry into the events surrounding September 11...including reorganization of the management of the Intelligence Community, new accountability standards for employees, a top-to-bottom review of classification standards, and creation of a National Terrorist Watch-List Center."

The Department of Homeland Security as issued a CAPPS II Privacy Act Notice (CAPPS stands for "Computer Assisted Passenger Screening System.) The notice states that in response to comments to the proposal from an earlier notice limited developmental technical testing will occur with test data, including personal information on U.S. persons available from commercial databases, including those within and affiliated with the travel industry; and that concerns raised will continue to be considered during the testing and evaluation periods.

A report released by the U.S. Department of Defense addresses concerns over its information-gathering activities and the privacy and civil liberties of U.S. citizens. Read the Pentagon's report as well as the CDT's analysis .

A recent report by the General Accounting Office (GAO) discusses the state of rail security and notes that while private rail companies have been working to implement safety measures since 9-11, the Department of Homeland security has yet to develop a rail security plan for the country.

The Occupational Safety and Health Administration (OSHA) has issued an interim rule establishing procedures for protecting whistleblowers under the Corporate and Criminal Fraud Accountability Act of 2002--also known as the Sarbanes-Oxley Act.

A bill (S. 1088) introduced by Sen. Barbara Boxer (D-CA) would increase penalties for identification fraud in connection with a terrorist act. The measure would make a prison sentence mandatory for anyone convicted of the crime.

A bill (H.R. 1709) introduced by Rep. Edward Markey (D-MA) would reinstate some of the privacy measures removed from the Health Insurance Portability and Accountability Act (HIPAA).

A bill (S. 620) introduced by Sen. John Edwards (D-NC) would provide federal grants to install sprinklers or other fire suppression or prevention technologies in college and university dorms.

A bill (H.R. 1157) introduced by Rep. Bernard Sanders (I-VT) would exempt libraries and bookstores from disclosing data about its patrons in foreign intelligence investigations.

A bill (H.R. 1259) introduced by Rep. Jerry Weller (R-IL) would amend the Internal Revenue Code to allow businesses to take tax deductions for the purchase and installation of security devices. The bill would make such deductions a permanent part of the tax code.

A bill (H.R. 1544) introduced by Rep. Jerrold Nadler (D-NY) would require banks and credit unions to provide lighting and a surveillance camera at ATMs.

The House Transportation and Infrastructure Subcommittee on Coast Guard and Maritime Transportation held a hearing June 3 on port security. The subcommittee was looking into how provisions in the Maritime Transportation Security Act (MTSA) and international security requirements of the International Maritime Organization (IMO) will be met. For example, the Coast Guard has identified 55 militarily and economically strategic U.S. ports that are scheduled to have both initial and comprehensive vulnerability assessments completed by the first quarter of fiscal year 2005. The subcommittee notes that the Coast Guard plans to publish a temporary interim rule by July 1, 2003 and a final rule by November 2003. Congressmen also questioned reports that the Bush administration planned to take some funds authorized for port security and allocate them to airport security, if approved by Congress. Testimony from Admiral Thomas H. Collins, commandant of the Coast Guard, and other witnesses is online.

The House Homeland Security Appropriations Subcommittee held a hearing June 3 on problems with background checks of airport screeners hired by the Transportation Security Administration

Concern about a chemical, biological, or nuclear weapon has refocused U.S. national security policy and raised fears among many people who never before felt threatened by terrorism. But the U.S. Defense Advanced Research Projects Agency (DARPA) and other government bodies are furiously working behind the scenes to prevent, prepare for, limit, and respond to such attacks. DARPA Director Dr. Tony Tether recently testified before the House Armed Service Committee's Subcommittee on Unconventional Threats and Capabilities.Tether also described exciting developments in pathogen sensors, such as one that can detect any type of pathogen by measuring and weighing nucleic acid sequences. The testimony, which outlines other DARPA initiatives as well, can be found on Security Management Online, along with testimony presented before the same subcommittee by Dr. Dale Klein, assistant to the Secretary of Defense for nuclear and chemical and biological defense programs .

Two subcommittees of the House Financial Services Committee held a hearing on information security recently to discuss the problem of cybertheft, which, according to the full committee chair Rep. Michael G. Oxley (R-OH), is costing American businesses over $400 million annually.

The Senate Committee on Government Affairs held a hearing on cargo container security.

The Homeland Security Committee's Subcommittee on Emergency Preparedness and Response held a joint hearing with the Energy and Commerce Subcommittee on Health titled "Furthering Public Health Security: Project BioShield."

Homeland Security Department Secretary Tom Ridge testified before the House Select Committee on Homeland Security May 20. Ridge discussed the DHS's many initiatives and pilot programs.

The U.S. Health and Human Services Administration (HHS), in conjunction with the Centers for Disease Control and Prevention, has issued regulations governing security procedures for those laboratories that handle certain toxins or pathogens. These 42 substances, known as select agents, are defined by the HHS.

The Washington Post reports that "In a report to the House Judiciary Committee, the General Accounting Office said the Justice Department failed to monitor important IT projects at the Immigration and Naturalization Service (INS)," which has implications for tracking of suspected terrorists.

The Pentagon's Total Information Awareness (TIA) data-mining technology research project, which has been widely criticized in the press for its potential to be misused, was discussed in a State Department briefing November 20. Read the transcript excerpt and media report.

The fourth annual report has been issued by a commission headed by Former Virginia governor James S. Gilmore III. The Washington Post reports that it "recommends that the government dedicate the FBI to law enforcement, and create an independent intelligence fusion agency that would coordinate information about potential attacks and report to President Bush." The report "echoes the joint congressional intelligence committee investigating the Sept. 11, 2001, attacks," writes the Post.

The U.S. Congress Select Committee on Intelligence heard from the FBI and the CIA concerning the threat level from terrorism (Feb. 11). CIA Director George Tenet said that the current intelligence about an impending terrorist attack is "the most specific we have seen" and he called for raising the threat level (which the government has done) to "buy us more time to operate against these individuals" so that the U.S. would have time to try to apprehend the plotters before they could achieve their goals. He also said that 3,000 al Qaeda detainees has risen to 3000 from 1,000 a year ago.

A new law (P.L. 107-295) will establish a port security task force to increase security at seaports. The task force will include representatives from government and the private sector.

A new law (P.L. 107-297) requires that insurance companies offer terrorism insurance as prescribed under Treasury Department guidelines.

A federal appeals court has ruled that a company's blanket rule of refusing to rehire employees that had been fired or who quit to avoid being fired could violate the Americans with Disabilities Act (ADA) if the employee in question had been terminated because of a drug addiction. The court ruled that Hernandez could pursue his case and that the burden of proof shifted to Hughes to prove it had a nondiscriminatory reason for not rehiring Hernandez. (Hernandez v. Hughes Missile Systems Company, U.S. Court of Appeals for the Ninth Circuit, No. 01-15512, 2002)

The Texas Supreme Court has ruled that a store owner cannot be held liable for false imprisonment if it did not knowingly provide false information to the district attorney and did not direct that a certain person be arrested. (Wal-Mart v. Rodriguez, Supreme Court of Texas, No. 01-0643, 2002).

The Illinois Supreme Court has found that, to claim workers' compensation for job-related stress, a person need not show that the stress was greater than that experienced by coworkers. Instead, the claimant must prove that the stress was greater than that experienced by the general public.(Baggett v. The Industrial Commission, Illinois Supreme Court, No. 90385, 2002).

The most critical new law (P.L. 107-296) establishes the Department of Homeland Security, which will encompass almost two dozen existing agencies, such as the Secret Service, the Immigration and Naturalization Service, and the Bureau of Alcohol, Tobacco and Firearms. The new department will also take over key security and inspection duties from other agencies, such as the Health and Human Services Department, the Customs Service, and the Department of Agriculture.

The Washington Post reports that the California State Supreme Court has issued a key ruling regarding Internet jurisdiction in a case involving a resident of Texas who posted code that would permit the copying of DVD movies, which led to the filing of a lawsuit in California by an association of the affected companies. The court ruled that California did not have jurisdiction.

BNA's Internet Law News reports that "The Supreme Court of Georgia has reversed a lower court decision that dismissed a libel claim arising from Internet postings." Read the court decision.

C/Net news.com reports that "a three-judge panel from the Ninth Circuit Court of Appeals said on Friday that police did not violate federal wiretap laws" when spying on an anti-government group called the Montana Freemen. The case was said to be the first decision dealing with fax interception.

The Electronic Privacy Information Center (EPIC) reports that the Eighth Circuit held oral arguments in a case (United States v. Bach), which will address how the Fourth Amendment protects stored e-mail and other files held by Internet Service Providers (ISPs). The issue raised is whether a police officer's presence is required during service of a search warrant on an ISP, says EPIC, which filed an amicus brief. For more information on the case, see EPIC's Bach Page.

The Electronic Privacy Information Center (EPIC) reports that a new law in California requires state agencies and businesses that own databases to disclose security breaches involving certain personal information. EPIC writes that "Senate Bill 1386, sponsored by Senator Steve Peace (D-El Cajon), creates a notice requirement where there has been an unauthorized acquisition of an individual's name along with a Social Security Number, a driver's license number, or an account number and corresponding access code. "

Draft regulations released by the Federal Aviation Administration (FAA) that would require drug and alcohol testing of workers involved in aircraft maintenance have drawn criticism from airlines and contractors. The regulations would require that all contractors who perform "safety-sensitive" aircraft maintenance "at any tier" would be required to undergo preemployment drug and alcohol screening. Employers would need to verify a negative drug test before allowing an employee to start work. The most frequent comment, however, was that the proposed program would be too costly and would not improve aviation safety. For example, Mike Thompson of Pacific Propeller, Inc., noted that the rule did not include the basis for the policy change, nor did it identify any accidents,incidents, or defects resulting from drug or alcohol abuse by employees of maintenance providers. Absent this clarification, Thompson argued, the significant cost for the industry could not be justified.read the proposed rule and public comments.

The U.S. Environmental Protection Agency has announced that it will withdraw plans to develop security regulations for the chemical industry under the Clean Air Act. However, a new amendment (S.A. 4608) to the homeland security bill (H.R. 5005), introduced by Sen. James Inhofe (R-OK), could bring the responsibility for such security regulations under the proposed office of homeland security.

Before adjourning Congress passed several counterterrorism measures, including Homeland Security Act bill, terrorism, insurance legislation, Maritime antiterrorism bill, and a bill funding Cybersecurity Enhancement Act, Any proposals not passed or incorporated into other bills will expire at the end of the congressional session later this month.

A bill (H.R. 4687) that would establish a federal investigative team to assess building performance in the aftermath of a building failure has been signed into law (P.L. 107-231).

In a recent Illinois appellate case, the court ruled that an employee who was fired for reporting the criminal conduct of his supervisor is protected under state law even though the crime in question was not work-related.(Vorpagel v. Maxell Corporation of America, Appellate Court of Illinois, Second District, No. 2-01-0729, 2002)

The Rhode Island Supreme Court has ruled that owners of a restaurant violated the state's whistleblowers' protection act when it fired an employee for reporting health violations to state officials. The employee contacted the state's department of health after he noticed a foul-smelling liquid backing up into the restaurant's kitchens from the drains. The next day, the employee was accused of taking home a work schedule in violation of restaurant policy and was fired. (Adams v. Uno Restaurants, Inc., Rhode Island Supreme Court, No. 2000-266, 2002)

The House of Representatives has approved a bill (H.R. 5169) that would provide grants to wastewater treatment plants to improve security.

A bill (S. 2908) introduced by Sen. Russell Feingold (D-WI) would direct the secretary of defense to establish a civil support team in each state.

A bill (S. 2846) introduced by Sen. John Edwards (D-NC) would establish a commission to evaluate investigative and surveillance technologies to determine whether these tools violate personal privacy rights.

A bill (H.R. 5300) introduced by Rep. Frank Pallone (D-NJ) would require that the Environmental Protection Agency (EPA) determine which chemicals or combinations of chemicals pose a threat to the public if released.

A bill (H.R. 5170) introduced by Rep. Robert Andrews (D-NJ) would require all home healthcare agencies that participate in Medicare to conduct criminal background checks.

A bill (S. 2767) introduced by Sen. Daniel K. Akaka (D-HI) would direct the secretary of agriculture to develop farm and ranch biosecurity guidelines and devise a pilot program of biosecurity grants and loans to assist those in the agriculture industry in complying with the guidelines.

Two identical bills (H.R. 5135 and S. 2735), introduced by Rep. Kay Granger (R-TX) and Sen. John Ensign (R-NV), respectively, would require airport operators to notify the Transportation Security Administration (TSA) if they are not able to make modifications to airport terminal buildings that would accommodate explosives detection machines. Along with the notice, airport officials must develop a plan to modify the buildings and set up a date for the work to be completed. Another bill (S. 2949), introduced by Sen. Ernest Hollings (D-SC), that would grant waivers to as many as 40 airports has been approved by the Senate Commerce, Science, and Transportation Committee.

BNA's Internet Law News reports on a case heard in California that again raises the issue of jurisdiction for lawsuits involving the Internet. "The case -- Pavlovich v. Superior Court, County of Santa Clara, S100809 -- is being closely watched because of the continuing uncertainty about state jurisdiction over the Internet," writes Law.com .

The Illinois Supreme Court has ruled that a franchisor is not liable for the security practices of an individual franchisee.(Minyard Food Stores, Inc., v. Goodman, Supreme Court of Texas, No. 01-0734, 2002) .

The House of Representatives and the Senate have approved and the president has signed into law a bill (P.L. 107-204) that increases penalties for corporate fraud and imposes greater oversight on accounting firms. The law is an amalgam of two bills--H.R. 3763 and S. 2673.

A bill (S. 2686) introduced by Sen. Charles Grassley (R-IA) would provide whistleblower protection to certain airport employees.

A bill (S. 2656) introduced by Sen. Olympia Snowe (R-ME) would require the Secretary of Transportation to develop and implement a security plan for cargo entering the United States or being transported within the United States.

The Senate Special Committee on Aging held a public hearing on identity theft and on Senate Bill 2541, which would lengthen prison sentences for this crime.

A bill (S.B. 712) introduced in the Missouri Assembly has been signed into law. The new law amends several state statutes to strengthen antiterrorism programs.

The U.S. Supreme Court has refused to hear a case in which Trans Union, a credit reporting agency, objected to a Federal Trade Commission (FTC) regulation that made it illegal to sell marketing lists compiled from consumer information the agency had collected. Trans Union claimed that the FTC regulation violated the company's right to free speech. The U.S. Court of Appeals for the District of Columbia decision against Trans Union now stands. (Trans Union LLC v. Federal Trade Commission, U.S. Supreme Court, No. 01-1080, 2002).

A federal appeals court has ruled that a disabled worker asking for a job transfer to accommodate his disability under the Americans with Disabilities Act (ADA) need not watch for job openings and file applications for relevant posts. The ADA-related request creates a separate process, ruled the court, and failure to enter into it can leave the company out of compliance. (Shapiro v. Township of Lakewood, U.S. Court of Appeals for the Third Circuit, No. 01-3212, 2002)

The Senate Special Committee on Aging held a public hearing on identity theft and on Senate Bill 2541, which would lengthen prison sentences for this crime.

The California Supreme Court has ruled that the County of Los Angeles cannot be held liable for inadequate security resulting from the shooting death of a litigant by her husband. (Zelig v. County of Los Angeles, California Court of Appeal, No. B112568, 2002)

The U.S. Supreme Court has ruled that employers may refuse to hire an individual because his or her health or safety may be endangered due to a disability.(Chevron USA, Inc., v. Echazabal, U.S. Supreme Court, No. 00-1406, 2002)

A federal appellate court has ruled that a group of marketing questions cannot be considered a trade secret because a mere combination of publicly available elements does not automatically constitute a trade secret.(Strategic Directions Group, Inc., v. Bristol-Myers Squibb Co., U.S. Court of Appeals for the Eighth Circuit, No. 00-3802, 2002)

The U.S. Department of Transportation (DOT) has issued a final rule requiring all foreign aircraft serving the United States to have temporary locking devices for cockpit doors by this month. New flight deck doors, with permanent locking devices, must be in place by April 2003.

The Environmental Protection Agency (EPA) has announced the first round of grants to help large drinking water facilities assess security vulnerabilities. The $53 million in grants will be awarded to large utilities--defined as those that serve more than 100,000 people. The funds must first be used to develop a vulnerability assessment to understand how a facility can be damaged by a terrorist attack. Then, funds may be used to develop emergency operations plans and enhance security.

A bill (H.R. 3482) that would increase penalties for cybercrime--with punishment levels culminating in a possible life sentence for a crime where the perpetrator attempts to cause death or bodily injury--has been approved by the House Judiciary Committee.

A bill (H.R. 4635) that would require the Department of Transportation (DOT) to establish a program to arm commercial airline pilots has been approved by the full House of Representatives.

A bill (S. 1742) that would establish a company's duty in responding to identity theft has been approved by the Senate Judiciary Committee.

A bill (S. 1956) that would restrict permits for the purchase of explosives has been approved by the Senate Judiciary Committee.

A bill (S. 2037) designed to help the federal government and localities respond to acts of terrorism has been approved by the Senate Commerce, Science, and Transportation Committee.

Two bills (H.R. 2621 and S. 1233), introduced by Rep. Melissa A. Hart (R-PA) and Sen. Herb Kohl (D-WI), respectively, would make it illegal to put communications, handbills, notices, or advertising in or on a consumer product prior to its sale without the consent of the manufacturer, distributor, or retailer. Violators could face fines and up to one year in prison.

A bill (S. 1995) introduced by Sen. Olympia Snowe (R-ME) would make it illegal for employers and insurance companies to discriminate against someone because of his or her genetic information.

A bill (H.R. 4650) introduced by Rep. Joel Hefley (R-CO) would require that any person employed as a security screener at an airport be issued a biometric security ID.

A Senate bill (S. 1284) that would prohibit employment discrimination on the basis of sexual orientation has been approved by the Senate Health, Education, Labor, and Pensions Committee.

A bill (H.R. 3983) designed to improve port and maritime security has been approved by the House Transportation and Infrastructure Committee. For industry response to the bill, see "News and Trends," May 2002.

A bill (H.R. 3892) has been approved by the House Science Committee.

A bill (S. 1750) that would require background record checks for operators of commercial vehicles transporting hazardous materials has been approved by the Senate Committee on Commerce, Science, and Transportation.

Two bills (S. 2201 and H.R. 4678), introduced by Sen. Ernest Hollings (D-SC) and Rep. Cliff Stearns (R-FL), respectively, would regulate the use of personal information on the Internet. Each bill has taken a different approach to handling consumer privacy.

A bill (S. 2077) introduced by Sen. Susan Collins (R-ME) would set aside grants to help states improve public safety programs and better respond to terrorist threats.

A bill (S. 2089) introduced by Sen. Robert Torricelli (D-NJ) would require that anyone who transports, ships, or receives explosive materials be licensed by the federal government.

A bill (S. 2077) introduced by Sen. Susan Collins (R-ME) would set aside grants to help states improve public safety programs and better respond to terrorist threats.

A bill (S. 2238) introduced by Sen. Carl Levin (D-MI) would allow employers of contract and proprietary security officers to obtain a criminal FBI background check for any applicant for a security officer position.

A bill (S. 1214) designed to increase security at U.S. seaports has been approved by the Senate and is awaiting consideration in the House of Representatives.

As part of an economic stimulus package (P.L. 107-147) signed into law in March, companies can take an increased tax deduction on security and alarm equipment.

Two bills (S. 2037 and S. 2061), introduced by Sen. Ron Wyden (D-OR) and Sen. Christopher Bond (R-MO), respectively, are designed to help the federal government and localities respond to acts of terrorism.

bill (H.R. 3382) introduced by Rep. Edward Markey (D-MA) would require the Nuclear Regulatory Commission (NRC) to establish a nuclear security force to ensure that sensitive nuclear facilities are not compromised by design flaws.

Sen. Patrick Leahy (D-VT) has introduced a bill (S. 2010) that would establish criminal penalties for anyone who knowingly alters or destroys documents that are relevant to any federal investigation or lawsuit in an attempt to obstruct that investigation. Such actions would be punishable by up to five years in prison.

A transportation bill (S. 1991) introduced by Sen. Fritz Hollings (D-SC) would authorize funds to improve rail security and would require additional studies on how to make rail travel safer.

Oregon lawmakers have approved a law (formerly H.B. 2385) that expands the state's racketeering laws to include crimes against the logging industry, agricultural research facilities, and animal research labs.

A bill (H.B. 14) pending in the Alabama Legislature would require security officers and contract security companies to be licensed.

Bonni G. Tischler, assistant commissioner at the office of field operations for the U.S. Customs Service, outlined key points of the Container Security Initiative that involve international components. Charles Upchurch, president and CEO of SGS Global Trade Solutions, Inc., cautioned that extending security's reach overseas would be expensive, take a long time to implement due to negotiation of bilateral agreements, and possibly hinder trade by requiring changes to current trade processes.Kim Petersen, the executive director of the Maritime Security Council, testified that a program similar to the Federal Aviation Administration's foreign airport security assessment program should be developed to identify ports that fail to meet minimum security standards as established by the United Nations' International Maritime OrganizationIn his testimony, Rob Quartel, chairman and CEO of FreightDesk Technologies, Inc., called for starting the security process even earlier and in the virtual domain--"with the shipper and his customer, at both the physical and transactional start of an order."

At a recent hearing sponsored by the Senate Judiciary Committee, witnesses discussed the new challenges facing those who protect U.S. ports. "Subsequent to the attacks of September 11, the maritime industry's focus has changed from mitigation of criminal activities to the prevention of terrorism," testified Kim E. Petersen, executive director of the Maritime Security Council. "This has had the effect of directing resources at a new and more complex threat, while at the same time providing viable safeguards against criminal concerns, such as container theft, drug smuggling, and conspiracies to bring in illegal aliens," he said.

At a recent hearing held by the Senate Commerce Committee, physicians, manufacturers, researchers, and government officials discussed ways to improve the nation's response to bioterrorism. According to Georges Benjamin, MD, the Health and Mental Hygiene Secretary for the state of Maryland, the Anthrax outbreak proved that information systems need to be improved. "Very few physicians or medical practitioners in the Eastern United States had ever seen Anthrax," testified Benjamin. "The clinical symptoms of other potential bioterrorist threat agents such as smallpox...are also unknown to many of today's practicing physicians."

A bill (H.R. 1259) introduced by Rep. Constance Morella (R-MD) that would allow the National Institute of Standards and Technology (NIST) to aid government agencies in improving computer security has been approved by the House of Representatives.

Another bill (H.R. 3394), introduced by Rep. Sherwood Boehlert (R-NY), would establish grant programs for long-term, multi-disciplinary computer and network security research.

H.R. 3400, introduced by Rep. Nick Smith (R-MI), would increase funding to several agencies to be used in computer security research.

A bill (H.R. 3316) introduced by Rep. Brian Baird (D-WA) would establish a research program through NIST to study the security of networked computer systems.

A bill (S. 1746) introduced by Sen. Harry M. Reid (D-NV) would establish a security force under the Nuclear Regulatory Commission.

A bill (H.R. 3378) introduced by Rep. Stephen Horn (R-CA) would establish a Commission on Homeland Security to study federal efforts to prevent domestic terrorism.

A bill (S. 1742) introduced by Sen. Maria Cantwell (D-WA) would establish a company's duty in responding to identity theft.

One bill (H.R. 3269) introduced by Rep. Diane Watson (D-CA) would require that states develop disaster management plans that include provisions for responding to bioterrorism.

S. 1706, introduced by Sen. Tom Harkin (D-IA), would require that the government compile and maintain a list of all biological agents and toxins that could pose a threat to public health and safety.

Designed to thwart agricultural bioterrorism, a bill (H.R. 3293) introduced by Rep. Frank Lucas (R-OK) would allot money for biosecurity upgrades at the Department of Agriculture and other related facilities.

A bill (H.R. 3367) introduced by Rep. Jim Saxton (R-NJ) would require that contractors working at military facilities and installations undergo extensive background screening.

The House of Representatives has approved a bill (H.R. 3004) introduced by Rep. Michael Oxley (R-OH) designed to prevent money laundering.

Two identical bills (H.R. 2970 and S. 1581), introduced by Rep. Jerry Weller (R-IL) and Sen. Frank Murkowski (R-AK), respectively, would provide tax deductions to businesses that purchase certain security devices.

Four bills designed to combat and prepare for bioterrorism have been introduced in the Senate. S. 1486, introduced by Sen. John Edwards (D-NC), would set aside money to develop federal and state bioterrorism prevention and response plans.Another bill (S. 1508), introduced by Sen. Jon Corzine (D-NJ), would require all states to develop public health disaster management plans for responding to biological or chemical attacks. S. 1546, introduced by Sen.Pat Roberts (R-KS), would set aside more than $101 million for research centers and universities to conduct studies on preventing bioterrorism and agroterrorism. Another bill (S. 1563), introduced by Sen. Kay Bailey Hutchison (R-TX), would require the Secretary of Agriculture to expand research programs to protect the U.S. food supply.

S. 1456, a bill introduced by Sen. Robert Bennett (R-UT), is designed to facilitate information-sharing on threats to the nation's critical infrastructure.

A bill (S. 1528) introduced by Sen. John McCain (R-AZ) would require that the Secretary of Transportation work with the railroad industry and public safety officials to develop a security assessment of the nation's rail transportation system.

In addition to the comprehensive aviation security bill (PL 107-71) signed into law by President Bush, several more bills have been introduced to enhance security at airports. The four bills offer several different approaches from increasing research on security technology to increasing security training for airport personnel.One bill (H.R. 3110) introduced by Rep. James Oberstar (D-MN) would establish a special transportation security administration under the Transportation Department.Another bill (H.R. 3029), introduced by Rep. Jay Inslee (D-WA), would require that all passengers and any property carried onto an aircraft be screened by an employee or agent of the air carrier before the airplane is loaded.H.R. 3064, introduced by Rep. Joe Baca (D-CA), would require that the Federal Aviation Administration (FAA) implement several specific aviation security measures. In another bill (H.R. 3101), introduced by Rep. Jim Matheson (D-UT), the National Institute of Standards and Technology would be required to develop standards for effective aviation security technologies.

A bill (S. 1399) introduced by Sen. Dianne Feinstein (D- CA) would require credit card companies, consumer reporting agencies, and businesses to take additional steps to prevent identity theft.

A bill (S. 1407) introduced by Sen. Pete Domenici (R-NM) would require the executive branch, under the auspices of the National Infrastructure Protection and Continuity Board, to analyze and propose security measures for critical infrastructure protection.

Two bills (S. 1253 and H.R. 2778), introduced by Sen. Charles Schumer (D-NY) and Rep. Carolyn McCarthy (D-NY), respectively, would require that gun sellers and the government destroy all records relating to the purchase of a firearm 90 days after the sale.

Sen. Pete Domenici (R-NM) has introduced a bill (S. 1276) that would require the Secretary of Energy to devise a counterintelligence polygraph program.

A bill (S. 149) that would relax export controls on encryption has been approved by the Senate and will now be considered by the House.

A bill (H.R. 2752) introduced by Rep. Mike Ferguson (R-NJ) would establish specific criminal penalties for fraud relating to unauthorized access to information on the Web sites of elementary and secondary schools and colleges and universities.

A bill (H.R. 1007) that would make it illegal for those who have been convicted of violent crimes to purchase, use, or possess body armor has been approved by the House Judiciary Committee.

Two bills (H.R. 2720 and H.R. 2730), introduced by Rep. Edward Markey (D-MA) and Rep. Pete Sessions (R-TX) respectively, would amend the privacy provisions of the Gramm-Leach-Bliley Act--the financial services law approved in the last congressional session--but one bill would strengthen privacy rights, while the other would preserve the status quo.

Ban antiterrorism bill (S. 1510) has passed the Senate. It gives the government greater power in investigating and prosecuting terrorists.H.R. 2975,(pdf) the House's version, also provides all of these powers, requested by President Bush.

The Senate has passed an aviation security bill (S. 1447) introduced by Sen. Fritz Hollings (D-SC). S. 1447 would federalize the security screening process at airports (a contentious issue), add federal sky marshals, call for more crew training, and require additional security procedures such as securing cockpit doors. Another bill (S. 1429), introduced by Sen. John Edwards (R-NC), is still under consideration. It would require airports to review and implement technology designed to detect potential chemical and biological weapons.

Two bills (H.R. 2692 and S. 1284), introduced by Rep. Christopher Shays (R-CT) and Sen. Edward Kennedy (D-MA) respectively, would prohibit employment discrimination on the basis of sexual orientation.

A bill (H.R. 2583) introduced by Rep. Darlene Hooley (D-OR) would establish a national clearinghouse for incidents of environmental terrorism.

A bill (H.R. 2435) introduced by Rep. Tom Davis (R-VA) would protect any information on cybersecurity presented to the federal government for purposes of evaluating the nation's critical infrastructure.

Rep. Christopher Shays (R-CT) has introduced a bill (H.R. 2451) that would require recreational camps to report medical incidents and cases of alleged sexual abuse to the Health and Human Services Department (HHS). Under the bill, camps must also keep a separate medical log and record each injury.

A bill (H.R. 2560) introduced by Rep. John Shimkus (R-IL) would establish an information clearinghouse to process data on placing defibrillators in schools.

In a comprehensive juvenile justice bill (S. 1165), sponsor Sen. Joseph Biden (D-DE) has included a provision aimed at reducing gang violence.

A bill (H.B. 19) currently pending before the Alaskan legislature would create civil liability for anyone who observes, photographs, or records another without consent.

A bill (H.R. 2036) introduced by Rep. Clay Shaw (R-FL) would restrict government use of Social Security numbers (SSNs) for identification purposes.

A bill (H.R. 1812) introduced by Rep. Robert Menendez would offer grants to school districts to implement safety and security programs.

Rep. Stephanie Tubbs Jones (D-OH) has introduced a bill (H.R. 2145) designed to decrease fire emergencies at colleges and universities.

Rep. George Nethercutt (R-WA) has introduced a bill (H.R. 2060) designed to prevent terrorist attacks on companies that use plant or animal material for research or commercial purposes--called animal and plant enterprises in the legislation.

The Secretary of Commerce and the Federal Trade Commission have submitted a report to Congress on the Electronic Signatures in Global and National E-Commerce Act ("E-Sign") that went into effect a year ago.

A bill (H.R. 1215) introduced by Rep. James Greenwood (R-PA) would require that healthcare facilities and insurance companies allow individuals to view their own records.

A bill (S. 803) introduced by Sen. Joseph Lieberman (D-CT) would establish the post of chief information officer within the Office of Management and Budget.

Two bills (H.R. 1764 and S. 842), introduced by Rep. Ted Strickland (D-OH) and Sen. Russell Feingold (D-WI), respectively, would require that all prisoners be held in government-owned-and-operated facilities. Private ownership management of prisons would be prohibited under the bill.

Experts recently testified before the House Committee on Energy and Commerce's Subcommittee on Oversight and Investigations, many of the pills sold are counterfeit and dangerous.Read the testimony.

A bill (H.R. 72) introduced by Rep. Shelia Jackson-Lee (D-TX) would require that all hospitals reimbursed under Medicare implement security procedures to reduce infant abduction and baby switching.

The Federal Deposit Insurance Corporation (FDIC) has issued new guidelines designed to help financial institutions prevent identity theft.

Two bills (H.R. 1478 and S. 848), introduced by Rep. Gerald Kleczka (D-WI) and Sen. Dianne Feinstein (D-CA), respectively, would limit the commercial use of Social Security numbers.

A bill (S. 890) introduced by Sen. John McCain (R-AZ) would require gun owners to conduct criminal background checks on all firearms transactions at gun shows.

A bill (H.R. 1869) introduced by Rep. Martin Frost (D-TX) would require an employer to notify the parent or guardian of an employee who is under the age of 18 or handicapped if any of the employee's coworkers have a criminal record or have been convicted of a crime of violence.

Two bills (H.R. 1007 and S. 166), introduced by Rep. Bart Stupak (D-MI) and Sen. Dianne Feinstein (D-CA), respectively, would make it illegal for those who have been convicted of violent crimes to purchase, use, or possess body armor.

Two bills (S. 324 and S. 450), introduced by Sen. Richard Shelby (R-AL) and Sen. Bill Nelson (D-FL), respectively, would expand the privacy rights set out in the Gramm-Leach-Bliley Act, which instituted privacy standards for financial institutions and their affiliates.

A bill (S. 451) introduced by Sen. Bill Nelson (D-FL) would make it illegal to sell or purchase a Social Security number.

A bill (S. 442) introduced by Sen. Ben Nighthorse Campbell (R-CO) would exempt current and former law enforcement officers from state laws prohibiting the carrying of concealed weapons.

A bill (H.R. 1216) introduced by Rep. Joe Baca (D-CA) would establish a $50 million grant fund to help schools develop comprehensive safety plans. Schools could use the money to assess school crime and identify safety strategies.

A bill (H.R. 696) introduced by Rep. Charles Rangel (D-NY) would allow nonviolent offenders to have their criminal records expunged.

A bill (S. 399) introduced by Sen. John Edwards (D-NC) would require the Comptroller General to document and report to Congress the number of college and university housing facilities and dormitories that do not have sprinkler systems or other forms of built-in fire protection mechanisms.

The House Energy and Commerce Committee's Subcommittee on Telecommunications and the Internet has approved a bill (H.R. 718) to regulate unsolicited e-mail, known as spam.

President Bush has signed a law (P.L. 107-5) revoking the recent ergonomics rule issued by the Occupational Safety and Health Administration (OSHA).

The Montana Supreme Court upheld a jury verdict awarding $1.5 million in a negligent security case involving a retail employee who was attacked by a customer.(Onstad v. Payless ShoeSource, Montana Supreme Court, No. 99-462, 2000)

An appellate court has ruled that a company properly fired an employee who stole company property and then lied about the theft, even though that employee was simultaneously organizing a union. (6 West Limited Corporation v. National Labor Relations Board, U.S. Court of Appeals for the Seventh Circuit, No. 00-1329, 2001)

Privacy: One bill (S. 30), introduced by Sen. Paul Sarbanes (D-MD), would require that financial institutions get a customer's approval before disclosing information about personal spending habits to an affiliate. Another bill (H.R. 347), introduced by Rep. Gene Green (D-TX), would require the Federal trade Commission (FTC) to issue regulations to protect the privacy of personal information collected via the Internet. A bill (S. 197) designed to keep Web site operators from surreptitiously tracking the actions of anyone visiting their sites has been introduced by Sen. John Edwards (D-NC).A bill (H.R. 583) introduced by Rep. Asa Hutchinson (R-AR) would establish a commission to study privacy and recommend legislation to Congress. Another privacy bill (S. 290), introduced by Sen. Christopher Dodd (D-CT), would prohibit schools and companies from collecting commercial data from students without parental approval.

Employment: A bill (S. 201) introduced by Sen. John W. Warner (R-VA) would hold federal agencies accountable for violations of discrimination and whistleblower laws.

Hate crimes: A bill (H.R. 284) introduced by Rep. Carolyn Maloney (D-NY) would hold employers liable for an employee who commits a crime of violence motivated by gender on company property.

Terrorism: A bill (H.R. 525) introduced by Rep. Wayne Gilchrest (R-MD) would establish the President's Council on Domestic Terrorism Preparedness.

School safety: A bill (H.R. 466) introduced by Rep. Patsy Mink (D-HI) would provide grants to schools to hire and train resource officers.

Discrimination: Two identical bills (S. 318 and H.R. 602), introduced by Sen. Thomas Daschle (D-SD) and Rep. Louise Slaughter (D-NY) respectively, would make it illegal for employers to discriminate against a potential or current employee on the basis of genetic information.

E-Mail:A bill (H.R. 95) introduced by Rep. Gene Green (D-TX) would prohibit the transmission of unsolicited e-mail.

Discrimination: (Aviles v. Cornell Forge Company, U.S. Court of Appeals for the Seventh Circuit, No. 99-4003, 2001)

Defamation: (Meloff v. New York Life Insurance Company, United States Court of Appeals for the Second Circuit, No. 99-9033, 2001)

E-Mail (Gina Tiberino v. Spokane County, Washington Court of Appeals, Division III, No. 18830-2-III, 2000) .

Two bills designed to protect the privacy of Social Security numbers have been introduced. Intended as a way to combat identity theft, one bill (H.R. 220), introduced by Rep. Ron Paul (R-TX), would prohibit federal, state, or local governments from requiring or requesting that an individual disclose his or her Social Security number. Another measure (H.R. 91), introduced by Rep. Rodney Frelinghuysen (R-NJ), would make it illegal for an Internet service provider to disclose an individual's Social Security number to a third party without that individual's prior written consent. H.R. 91 has no cosponsors and has been referred to the House Energy and Commerce Committee. Two other bills would protect the privacy of information online. H.R. 237, introduced by Rep. Anna Eshoo (D-CA), would make it illegal for a commercial Web site operator to collect personal information from consumers unless that operator provides an opportunity for consumers to limit its use and disclosure. Another bill (H.R. 89), introduced by Rep. Rodney Frelinghuysen (R-NJ), would make it illegal to collect or use the personal information of consumers unless the collecting entity has procedures in place to protect the confidentiality, security, and integrity of such information.

In a recent decision, a Missouri appeals court ruled that a contract security service could not be held liable for the criminal actions of its employee. The court determined that the employee's pattern of misbehavior did not allow the employer to clearly predict the possibility of future misdeeds. (ConAgra Inc. v. Tyson Foods, Inc., Supreme Court of Arkansas, No. 00-446, 2000)

An appellate court ruled that, because an employee was subject to a lengthy campaign of sexual harassment, she can collect $400,000 in compensatory damages as well as damages for intentional infliction of emotional distress (the amount to be determined by a trial court). (Sharon B. Pollard v. E.I. DuPont de Nemours Company, United States Court of Appeals for the Sixth Circuit, No. 98-6317, 2000)

A Washington state court has ruled that a city drug-testing program that involves random preemployment screening for approximately half of the city's employees is unlawful.(Kirk Robinson, et al., v. City of Seattle, Washington Court of Appeals, Division One, No. 45511-7-I, 2000)

According to a recent decision, a franchiser cannot be held liable for the negligent security of a franchisee unless the franchiser exercises considerable control over the franchisee's security procedures. (Wu v. Dunkin' Donuts, United States District Court for the Eastern District of New York, No. 98-CV-3020, 2000).

An appeals court has ruled that employers can be held liable for job discrimination in cases where job applicants apply for positions solely to determine whether employers are discriminating against minorities. (Kyles v. J.K. Guardian Security Services, Inc., United States Court of Appeals for the Seventh Circuit, No. 98-3652, 2000) .

In a case recently decided by the Illinois Court of Appeals, the court ruled that an employer could not be held liable for the unwarranted arrest of an employee charged with theft of company property. (Carey v. K-Way, Inc., Illinois Court of Appeals, No. 1-99-2461, 2000)

The Pennsylvania Supreme Court recently ruled that a woman who suffered psychological injuries after witnessing an attack on a coworker is not eligible for workers' compensation benefits.(Kmart Corporation v. Workers' Compensation Appeal Board, Pennsylvania Supreme Court, No. J-199-1999, 2000)

Witnesses gathered last week to testify before the House Banking and Financial Services Committee on the limitations placed on employers under the Fair Credit Reporting Act (FCRA).

Defense Official testifies before House Subcommittee on the agency's efforts to help Colombia fight drug cartels.

Congress looks into the need to regulate "spam" e-mailings.

According to testimony before the House Subcommittee on Criminal Justice, Drug Policy, and Human Resources, Committee on Government Reform, DoD's efforts in Central and South America and the Caribbean have "significantly declined"

Lawmakers considered the security policies of the new National Nuclear Security Administration at a recent hearing.

Testimony on aviation before Congress.

Director of FBI,Louis J. Freeh testifies on cybercrime before the Senate Committee.

FBI testifies before Congress on its efforts to fight cyber crime through the National Infrastructure Protection Center.

An article in the FBI Law Enforcement Bulletin argue that a crime prevention survey is key to identifying crime "hot spots," crime "templates," and criminal mind-sets.
Witness testify on asset for future before a Senate subcommittee. Click here to read the testimony.

Testimony on chinese espionage by DOE Ex-Arms Chief Victor Reis.

Testimony on Flight TWA

Testimony CIA Testimony on Economic Espionage

Testimony Security Threats to the United States

Testimony Economic Espionage (Richard J. Hefferman, CPP)

National Institute of Justice Newsletters

The National Institute of Allergy and Infectious Diseases (NIAID), part of the National Institutes of Health (NIH), today announced it is awarding $23 million per year for seven years to establish six Centers of Excellence for Influenza Research and Surveillance.
Schools are not doing enough to protect students from sex crimes or to ensure that they are accurately reported when they occur. Read the report.
Police departments used to track neighborhood crime byplacing pushpins at crime locations on a wall map. Now crime tracking hasbecome far more sophisticated. Today, law enforcement analysts around the country depictcrime “hot spots” through specialized tools. They are able to calculate trendsand graphically depict them via color-gradient dots, standard-deviationellipses, spatial autocorrelation techniques, and isolines. Collectively, thesetechniques are referred to simply as crime mapping. A report by the National Institute of Justiceescorts readers through a progressively more complex approach to mapping andanalysis.@The NIJ's mapping Crime: Understanding hot spots can be reached via SM Online.
In a test of new magnetometer technology that can better detect small objects such as razor blades, the National Institute of Justice (NIJ) found that the technology helped cut the number of razor-blade slashings at a Bronx, New York, high school in half while reducing the level of false or nuisance alarms by 30 percent. In another initiative, the NIJ tested iris scanning at three New Jersey schools to see whether the technology could help ensure that persons picking up students after school were authorized to do so. The application showed promise. No false positives or other misidentifications occurred during 9,400 iris scannings at the schools. The system “made accurate identifications and unlocked the door 78 percent of the time,” according to the report. Among the failures that occurred, most were due to the brightness of sunny days or improper alignment with the scanner. These are just two examples of security and law enforcement programs trumpeted by NIJ in its latest (2004) annual report.
Emergency responders can now refer to a new Justice Department CD-ROM database to evaluate and buy chem/bio detection, protective, and communications equipment. @ To get a copy of the CD (NCJ 197978), go to SM Online or call the National Criminal Justice Reference Service at 800/851-3420.
An estimated 58,200 children were abducted by nonfamily members during a last year, with nearly half of the children suffering sexual assault by the perpetrator, according to a study by the U.S. Justice Department's Office of Juvenile Justice and Delinquency Prevention (OJJDP).
NIJ-funded report on pepper spray released this year reported that OC does not impair breathing or pulmonary function (see "News and Trends," March 2002).
A new guide released by the National Institute of Justice reviews biological agents for first responders and discusses various detection-system technologies and equipment. An Introduction to Biological Agent Detection Equipment for Emergency First Responders is on SM Online. Volume I and Volume II.(pdf).
The Justice Department's National Institute of Justice has issued a new guide for first responders. It discusses issues related to biological agent detection equipment.
The National Institute of Justice (NIJ) has released annual reports analyzing the use of methamphetamine, cocaine, marijuana, and opiates.
National Institute of Justice (NIJ) guide detailing how to select and use video surveillance equipment.
The NIJ recently looked into the findings of two studies on acoustic sensing systems, which identify an area from which a gun was fired by triangulating on it.
A report on Bomb Detection (pages 1-23, pages 24-116) by the National Institute of Justice (NIJ) evaluates technologies in terms of cost, portability, throughput, and other factors.
A recent NIJ report on Sentencing.
Guns, drugs, prisons and cybercrime addressed in latest Department of Justice budget request. The National Institute of Justice has released evaluations of the program in Hartford, Las Vegas,Akron,Salt Lake City, Seattle, Shreveport,Louisiana, and Manatee and Sarasota counties (Florida).
National Institute of Justice recently gauged the effects of social disorder and physical deterioration on the trends in crime.
NIJ report discusses methamphetamine use in five western cities.
The National Institute of Justice (NIJ) recently examined the effectiveness of a program in Oakland, California, that imposes civil penalties on parties, such as property owners or managers, for not taking steps to reduce criminal or nuisance behavior under their purview.
National Institute of Justice (NIJ) report states in terms of technologies available to them, law enforcement agencies are not as well equipped as the terrorists they may face.
NIJ Research on Reducing Crime and Drug Dealing by Improving Place Management
NIJ survey on High School Youths, Weapons, and Violence
NIJ Study Gang Activity Report
NIJ Journal Communities:Mobilizing Against Crime
NIJ Newsletter Civil Rights and Criminal Justice: Primer on Sexual Harassment
NIJ Newsletter Violence Among Middle School and High School Students: Analysis and Implications for Prevention
NIJ Newsletter Visibility and Vigilance: Metro's Situational Approach to Preventing Subway Crime
NIJ Newsletter Community Policing Strategies
NIJ Newsletter Evaluation of Violence Prevention Programs in Middle Schools
NIJ Newsletter Hair Analysis As a Drug Detector
NIJ Newsletter Reducing Violent Crimes and Intentional Injuries
NIJ Report Preventing Crime: What Works, What Doesn't, What's Promising
NIJ Report Automated DNA Typing: Method of the Future
NIJ Report Automated Mapping(ICAM)
NIJ Report Estimating the National Scope of Gang Crime from Law Enforcement Data
NIJ Report Smokeless Powder Residue Analysis by Capillary Electrophoresis
NIJ Report Work in American Prisons
NIJ Report Drug Use Forecasting
NIJ Report Crime Prevention through Environmental Design in Parking Facilities
NIJ Report Crime Prevention through Environmental Design and Community Policy
NIJ Report Street Gang Migration: How Big a Threat?
NIJ Report Automated DNA Typing: Method of the Future

Aviation Safety (Also see GAO above)

The bill (H.R. 1413), introduced by Rep. Nita Lowey (D-NY), would establish an airport security pilot program has been approved by the House Homeland Security Committee’s Subcommittee on Transportation Security and Infrastructure Protection.
Read a critical intra-agency review of the Department of Homeland Security handling of suspicious passengers on board a flight in 2004, which has been called a terrorist “dry run” by the media.
A bill (S. 509), introduced by Sen. Daniel K. Inouye (D-HI), that would require screening of cargo on passenger airplanes has been approved by the Committee on Commerce, Science, and Transportation. The Senate has agreed to consider the bill
The Department of Homeland Security has issued its final interim rules for the Chemical Facility Antiterrorism Standards. The rules establishes risk-based performance standards for certain chemical facilities at a high risk of terrorism. It requires high risk chemical facilities to prepare Security Vulnerability Assessments (SVAs) to identify vulnerabilities and then develop and implement Site Security Plans (SSPs) to strengthen security. Some covered facilities will have the option of submitting Alternative Security Programs (asps) rather than SVAs and SSPs. Noncompliance could result in fines and temporary closure until compliance is confirmed. Read the press release.(April 2007)
Following a scandal at computer giant Hewlett-Packard in which investigators used false pretenses to gain access to board members' and journalists' personal phone records, the Federal Communications Commission has issued an order requiring more stringent safeguards to protect consumer data. New requirements include password verifcation for record access, customer notice of account changes and disclosures, and annual FCC certification of security regimes. Individual contracts between providers and business clients can, however, waive the requirements. "In addition, the FCC has issued a further notice of proposed rulemaking to seek comments as to whether its CPNI rules should be expanded, especially in the context of mobile communication devices."
GovSec.com reports (April 4, 2007) that the House Homeland Security Committee has sent a letter to Homeland Security Secretary Michael Chertoff asking him to lay out a strategic plan by next Monday for the US-VISIT foreigner tracking system, describing implementation timelines, costs, and technology to be used to determine when foreigners leave the country or overstay their visits.
The Transportation Security Administration (TSA) will test AS&E's Privacy Enhanced SmartCheck(TM) System at Sky Harbor International Airport in Phoenix, Arizona. The system, which uses backscatter technology, shows the outline of a person to reveal items they may be trying to hide under clothing. www.tsa.gov (for more on backscatter technology)
Emergency response coordinators in the Transporation Security Administration are not receiving training in continuity of operations, despite the existence of free courses, according to a report from the Office of the Inspector General at the Department of Homeland Security.
Why aren’t more airports opting out of using federal screeners? Read about the issue in a report from the Government Accountability Office.
The Department of Homeland Security has issued a rule proposing a pre-departure Advance Passenger Information System (APIS) requirement. "This requirement will allow DHS to collect passenger information for flights and cruises bound for the United States prior to their departure from foreign ports," according to the DHS release. There will be a thirty day comment period after the July 13 publication of the notice of proposed rulemaking.
Why aren’t more airports opting out of using federal screeners? Read about the issue in a report from the Government Accountability Office.
The Department of Homeland Security’s (DHS’s) American Shield Initiative (ASI)—a program of sensors, cameras, and databases that monitor U.S. land borders—lacks “key management capabilities” and has failed to define “key acquisition management processes,” such as those for tracking and overseeing contractors, says a report from the Government Accountability Office (GAO). The auditors note that DHS has not fully staffed the ASI program office and has only defined roles and responsibilities for 3 of 47 positions.
A bill (H.R. 4373) introduced by Rep. Edward Markey (D-MA) would require that the Homeland Security Department establish a system to inspect all cargo transported on passenger aircraft operated by a domestic or foreign air carrier.
Find out what’s being done to address security risks that pertain to noncommercial flights, such as corporate jets and crop dusters.
According to the GAO report ;the government needs to strengthen the security of domestic air cargo.
A bill (H.R. 2688 )introduced by Rep. Nita Lowey (D-NY) would require the physical screening of all people, goods, property, vehicles, and equipment before they are allowed into the secure area of an airport. The bill would take effect 120 days after it is enacted. Until the measure took effect, the bill would require that the government conduct random screenings and inspections of such articles. Under the measure, the TSA would be required to report to Congress on ongoing efforts and projected timelines for developing screening standards for airport personnel, assessing available technologies for securing airport perimeters, and developing and implementing a standardized approach for conducting airport vulnerability assessments. H.R. 2688 has eight cosponsors and has been referred to the House Homeland Security Committee’s Subcommittee on Economic Security,Infrastructure Security, and Cybersecurity.patriot act.
After testing portals in 14 airports, the Transportation Security Administration is now expanding the explosives detection trace portal program to ten more airports beginning in July.
Visa Waiver Program (VWP) countries will be required to produce passports with digital photographs by October 26, 2005, the Department of Homeland Security has announced. An October 26, 2006 deadline will apply for the integrated circuit chip, or e-passport, capable of storing the biographic information from the data page, a digitized photograph, and other biometric information in travel documents.
Govexec.com reports that "The Homeland Security Department would like to give private aviation-screening companies limited liability protection if screeners fail to prevent a terrorist attack."
The Transportation Security Administration (TSA) has issued guidelines for airports to use in deciding whether to retain federal screeners or return to the use of private screening companies. Under laws passed after September 11, as of November 19, 2004, airports may start applying for the right to use contract security services.
Up to half a million shoulder-fired rocket systems, also known as man-portable air defense systems or MANPADS, exist in the world today, according to the U.S. Congressional Research Service (CRS). In the last quarter century, they have been used to shoot down an estimated 24 civilian airliners, resulting in 500 deaths. How should commercial aircraft be defended against this threat? A CRS paper says that the answer likely depends on a threat assessment. "For example, if threat assessments indicate that large widebody airplanes are most at risk," the authors write, "Congress may consider whether initially equipping these airplanes [with missile countermeasures] would more effectively deter the threat of missile attacks." Another approach might be equipping only aircraft that fly in high-risk areas overseas. Both the CRS paper and a RAND discussion of the issue agree that a multilayered approach to MANPADS is necessary. According to RAND, laser jammers, can defeat relatively unsophisticated MANPADS. But ground-based high-energy lasers, which could destroy more sophisticated MANPADS, won't be available for a few years. Moreover, the ten-year life-cycle costs for equipping all 6,800 commercial U.S. aircraft with laser jammers are estimated to be $40 billion. It's too early to tell whether that's a good investment, say the RAND authors. A decision should be deferred while developmental efforts are accelerated, they say. SM Online has both reports.
The GAO report notes that the TSA still does not require criminal record checks or security awareness training for all airport employees as required by law. Similarly, the TSA has not required airport vendors to develop security programs. And while programs have been launched to investigate perimeter security and biometrics technology, implementation and funding plans remain nebulous.
Several bills currently under consideration in Congress are aimed at enhancing aviation security programs. One bill (H.R. 3959) introduced by Rep. Frank LoBiondo (R-NJ) would authorize the Homeland Security Department to provide air marshal training to law enforcement personnel from foreign countries. The bill has no cosponsors and has been referred to the House Transportation and Infrastructure Committee. Companion bills (H.R. 4126 and S. 2268) introduced by Rep. Joe Wilson (R-SC) and Sen. Jim Bunning (R-NY), respectively, would alter the federal flight deck officer program--allowing pilots to carry firearms on commercial flights. The measure would add mental health standards and firearms training to the list of eligibility requirements. The bill would also prohibit the disclosure of information relating to a pilot's participation in the program and provide an appeal process for pilots who have been determined ineligible for the program.
The House Transportation and Infrastructure Committee's Subcommittee on Aviation held a hearing to discuss whether general aviation, which includes corporate and private aircraft, will be allowed to operate out of Ronald Reagan Washington National Airport. Most of the witnesses represented industry groups and were in favor of returning general aviation to the airport immediately.
Elizabeth A. Haskins, president of Signature Flight Support, testified that business aviation is more secure and less threatening than commercial aircraft.
James K. Coyne, president of the National Air Transportation Association, testified that general aircraft operations are willing to undertake security measures such as prescreening passengers, isolating cockpits, and having a law enforcement officer on board.
Representing the Transportation Security Administration (TSA),David M. Stone testified that TSA is currently working on a security plan. But until these plans are finalized, testified Stone, general aviation will continue to be prohibited at Reagan National because such aircraft are "an attractive potential avenue for terrorists."
The House Transportation and Infrastructure Committee's Subcommittee on Aviation recently held a hearing on airport screening and checkpoint issues. Several government and industry representatives testified.
TSA representative Stephen J. McHale testified that all screeners must meet annual recertification standards and pass numerous tests. To further increase screener skill, a new plan is underway to send inert bomb sets and weapons training kits to every airport in the nation so that screeners can be tested using these items, noted McHale.
Representing the Airports Council International-North America, David Z. Plavin testified that the TSA's priorities have led to screening problems.
According to Randall Walker, aviation director of Clark County, Nevada, the Las Vegas McCarran airport was operating well under federal guidelines immediately after 9-11.
Angela Gittens, aviation director at Miami-Dade International Airport, was critical of government actions. She noted that Congress had issued a December 2002 deadline for installation of an explosive detection system (EDS) at each airport. But, said Gittens, Miami has yet to receive one, "even though we are the nation's third busiest international gateway and have the highest number of foreign visitors of any airport in the nation." Read the testimony.
In January 2004, Congress passed legislation to restrict aerial-advertising aircraft--small aircraft that tow advertising banners--over stadiums during certain sporting events. In considering the consequences if the legislation were ever repealed, the House Appropriations Committee's Subcommittee on Homeland Security requested that the General Accounting Office (GAO) investigate how the Federal Aviation Administration and the Transportation Security Administration could mitigate the threat of such aircraft.
Rep. Edward Markey (D-MA) has introduced a bill (H.R. 3798) that would require the government to establish a system for screening or inspecting all cargo that is transported in passenger aircraft. The screening would have to meet the same standards applied to passenger screening efforts. The bill would also require the government to issue regulations to improve access to secured areas of airports.
A GAO report on airport screeners finds continued "weaknesses and vulnerabilities in the screening system." Among the problems sited were staff shortages and a lack of high-speed connectivity at some airports, which made it difficult to carry out training programs. With regard to the screening of checked baggage, the GAO says that TSA continues to face "operational and funding challenges."
A congressional report on CAPPS II, a controversial new computer screening system designed to identify potential terrorists among airline passengers, ""slams the planning," and says "it has failed a series of tests set by lawmakers," reports UPI. See the news coverage and the full GAO report.
A GAO report on airport screeners finds continued "weaknesses and vulnerabilities in the screening system." Among the problems sited were staff shortages and a lack of high-speed connectivity at some airports, which made it difficult to carry out training programs. With regard to the screening of checked baggage, the GAO says that TSA continues to face "operational and funding challenges."
A report from the GAO looks at how the Air Marshal program is working. The report notes that the Federal Air Marshal Service has gone from a single office with a budget of about $4.4 million in fiscal year 2001 to 21 offices and a budget of $545 million in fiscal year 2003. It has been criticized in the media for problems with training and retention. The GAO notes that the agency has lost about 10 percent of its work force, and the GAO suggests that data be collected in future to determine why air marshals quit. It also suggests that the service collect information on actual hours worked versus hours scheduled to see whether marshals are being overworked. GAO further notes that "changes will be needed to resolve differences in the pay systems and compensation of air marshals, immigration agents, and customs agents."
The Department of Homeland Security has issued a new privacy notice in conjunction with the second phase of its Computer Assisted Passenger Prescreening System (CAPPS II). The new notice addresses concerns raised by the public during the comment period for the original notice.
The Department of Homeland Security has issued a CAPPS II Privacy Act Notice (CAPPS stands for "Computer Assisted Passenger Screening System.) The notice states that in response to comments to the proposal from an earlier notice limited developmental technical testing will occur with test data, including personal information on U.S. persons available from commercial databases, including those within and affiliated with the travel industry; and that concerns raised will continue to be considered during the testing and evaluation periods.
An article in the FBI Law Enforcement Bulletin, by Robert Raffel, senior director for public safety at the Orlando International Airport, addresses the most likely WMD threat to strike civil aviation: biological weapons.
Last year, both houses of Congress voted to allow pilots of passenger and cargo planes to carry arms in the cockpit. Cargo pilots were stripped of that ability before the law was passed. The wisdom of that move is still a battleground today, with industry officials coming down on either side of the issue during testimony before the Subcommittee on Aviation, House Committee on Transportation and Infrastructure. On the opposite side of the issue was Stephen A. Alterman, president of the Cargo Airline Association. Also testifying was Stephen J. McHale, deputy administrator of the Transportation Security Administration, was discussed the first crop of passenger pilots to be authorized to carry arms on board.
The Transportation Security Administration (TSA) has proposed a new security screening system for airports and airlines.
David Collenette, Canada Transport Minister, has announced two new government initiatives aimed at increasing security at Canadian airports. The plan includes enhanced access control for restricted areas and the screening of non passengers entering restricted areas.
Anew bill, Aviation Legislation Bill 2002, introduced in the Australian Parliament is designed to protect sensitive aviation security information.
By now, all U.S. airports were originally expected to have machines in place to screen all checked baggage for explosives. A RAND Corporation white paper points out six reasons that didn't happen; among those are that the government underestimated the number of explosive detection systems needed to screen bags at any given airport, and it did not perform simulations of passenger and bag movement at specific airports.In addition, RAND terrorism expert Bruce Hoffman recently discussed lessons from 9-11 with the U.S. Joint September 11, 2001, Inquiry Staff of the House and Senate Select Committees on Intelligence.
The Federal Aviation Administration (FAA) has issued a final rule requiring all pilots to carry a photo ID when flying and to present that ID, upon request, to officials of relevant government agencies and law enforcement fficers.
Two identical bills (H.R. 5135 and S. 2735), introduced by Rep. Kay Granger (R-TX) and Sen. John Ensign (R-NV), respectively, would require airport operators to notify the Transportation Security Administration (TSA) if they are not able to make modifications to airport terminal buildings that would accommodate explosives detection machines. Along with the notice, airport officials must develop a plan to modify the buildings and set up a date for the work to be completed. Another bill (S. 2949), introduced by Sen. Ernest Hollings (D-SC), that would grant waivers to as many as 40 airports has been approved by the Senate Commerce, Science, and Transportation Committee.
Draft regulations released by the Federal Aviation Administration (FAA) that would require drug and alcohol testing of workers involved in aircraft maintenance have drawn criticism from airlines and contractors. The regulations would require that all contractors who perform "safety-sensitive" aircraft maintenance "at any tier" would be required to undergo preemployment drug and alcohol screening. Employers would need to verify a negative drug test before allowing an employee to start work. The most frequent comment, however, was that the proposed program would be too costly and would not improve aviation safety. For example, Mike Thompson of Pacific Propeller, Inc., noted that the rule did not include the basis for the policy change, nor did it identify any accidents, incidents, or defects resulting from drug or alcohol abuse by employees of maintenance providers. Absent this clarification, Thompson argued, the significant cost for the industry could not be justified.read theproposed rule and public comments.
The Washington Post reports that the Senate Commerce, Science and Transportation Committee "passed a bill yesterday that would exempt 40 airports, including many of the nation's largest hubs, from an end-of-the-year deadline to screen all passenger luggage with explosives-detection machines." It would also allow persons who are not U.S. citizens to be hired for screening positions.
The Washington Post is running a series on progress in improving airport security, including a look at the profiling system. And several other news media have looked at flaws in airport checkpoints. Plus the Boston Globe looks at the ethics of how the reporters tried to get the story.
A bill (S. 2686) introduced by Sen. Charles Grassley (R-IA) would provide whistleblower protection to certain airport employees.
The U.S. Department of Transportation (DOT) has issued a final rule requiring all foreign aircraft serving the United States to have temporary locking devices for cockpit doors by this month. New flight deck doors, with permanent locking devices, must be in place by April 2003.
A bill (H.R. 4635) that would require the Department of Transportation (DOT) to establish a program to arm commercial airline pilots has been approved by the full House of Representatives.
The U.S. Department of Transportation (DOT) has issued a final rule requiring all foreign aircraft serving the United States to have temporary locking devices for cockpit doors by this month. New flight deck doors, with permanent locking devices, must be in place by April 2003.
Could it be that the next Mohamed Atta is already a trusted employee at one of the 103 civilian U.S. nuclear reactors? That's a definite possibility, according to a report by Representative Edward J. Markey (D-MA) that summarizes correspondence between him and the Nuclear Regulatory Commission after 9-11.
Much of the blame for aviation security inadequacies has fallen on a system that implicitly promotes the use of low-paid screeners at metal detection and x-ray portals at airports. Screeners at San Francisco International Airport used to be in that category, but they now make considerably more than the national average, and their skills have improved commensurately, explain the authors of a report called LivingWages and Airport Security.
In addition to the comprehensive aviation security bill (PL 107-71) signed into law by President Bush, several more bills have been introduced to enhance security at airports. The four bills offer several different approaches from increasing research on security technology to increasing security training for airport personnel. One bill (H.R. 3110) introduced by Rep. James Oberstar (D-MN) would establish a special transportation security administration under the Transportation Department. Another bill (H.R. 3029),introduced by Rep. Jay Inslee (D-WA), would require that all passengers and any property carried onto an aircraft be screened by an employee or agent of the air carrier before the airplane is loaded. H.R. 3064,introduced by Rep. Joe Baca (D-CA), would require that the Federal Aviation Administration( FAA) implement several specific aviation security measures. In another bill (H.R. 3101),introduced by Rep. Jim Matheson (D-UT), the National Institute of Standards and Technology would be required to develop standards for effective aviation security technologies.
Even after September 11, only a fraction of U.S. plane passengers have their checked luggage hand searched. Critics contend that extending screening to all checked baggage would cause interminable delays, but the experience of Geneva (Switzerland) International Airport (GIA) offers some hope for across-the-board screening. GIA's passenger division chief, Jean-Luc Portier, recently described how the airport has implemented such a system while maintaining efficient passenger service. Read the full story.
Vulnerabilities in, and Alternatives For, Preboard Screening Security Operations, by Gerald L. Dillingham, director, physical infrastructure issues, before the Senate Committee on Government Affairs and the Subcommittee on Oversight of Government Management, Restructuring, and the District of Columbia. Read the GAO report.
Congress Set to Consider Far-Reaching Terrorism Proposal. Congressional committees will hold hearings on Monday and Tuesday to consider broad legislation proposed by the Department of Justice that would, among other things, substantially expand government surveillance powers, including use of the controversial Carnivore Internet monitoring system. EPIC has prepared a detailed analysis of provisions in the proposed Anti-Terrorism Act of 2001 (PDF) that would affect communications and information privacy. EPIC urges Congress to carefully assess the need for new surveillance powers and to draw any possible changes narrowly to protect privacy and constitutional rights. In editorials, newspapers and magazines across the country have also endorsed that approach.
House Committee on Commerce, Science, and Transportation on aviation security.
A recent issue of the ICAO Journal, the publication of the International Civil Aviation Organization, contains several articles of interest to aviation security professionals. One article discusses explosives detection technology tools, such as gas chromatography-ion mobility spectrometry, which the author calls "one of the most sophisticated and effective trace detection technologies commercially available today." New technologies are also explored, including laser technology for the "touchless" detection of explosive residues.
GAO report on Y2k and Global Positioning System.
The Federal Aviation Administration has proposed a rule to improve the performance of screeners at airport security checkpoints.
In a recent report, the inspector general of the Federal Aviation Administration criticized U.S. airport security for its poor control procedures, also read the FAA's response.
GAO report online on FAA and Y2k readiness.
Air Security International updates on the current Hot Spots.
Report Aviation Safety and Security Commission Recommendations .
Report White House Commission on Aviation Safety and Security Final Report to President Clinton
FAA Press Release FAA Purchases Aviation Security Equipment .
FAA Press Release More information on FAA Aviation Security Equipment Purchases
President Clinton's July 25, 1996 statement on Air Safety.
White House Air Travel Security briefing transcript of July 25, 1998

Miscellaneous

The recommendations are in from the President’s Task Force on Identity Theft: the strategic plan advises four broad policy changes including that federal agencies reduce the unnecessary use of Social Security numbers.
Terrorism incidents and fatalities, as reported from the State Department for 2006, have risen dramatically worldwide from 2005. Deaths in Iraq and Afghanistan are among those driving the trend.
The government has developed guidelines and a set of best practices for RFID use in federal agencies and private corporations. The best practices are intended to reduce the privacy and security risks associated with RFID.
Check out the latest statistics on criminal offenses on college and university campuses from the FBI.
A bipartisan amendment to prevent domestic eavesdropping passed the House on Friday (May 11) as part of the Intelligence Reauthorization Bill.

The amendment, sponsored by Representatives Adam Schiff (D-CA) and Jeff Flake (R-AZ), reaffirmed that law enforcement must follow the Foreign Intelligence Surveillance Act (FISA) when electronically gathering information domestically to protect national security. FISA ensures there is judicial approval and oversight when conducting electronic surveillance such as wiretapping. Under FISA, law enforcement must seek a warrant before, or up to 72 hours after, the beginning of surveillance from the Foreign Intelligence Surveillance Court (FISC).

The passage of the amendment is a setback for the Bush Administration, which is seeking to expand its ability to set up warrantless surveillance on whomever it deems to be a threat to national security.
For the second time in two years, someone has stolen the personal data of government employees right from under the government's nose.

This time it was at the Transportation Security Administration (TSA) where a computer hard drive was stolen which contained the Social Security numbers, bank data, and payroll information of approximately 100,000 employees who worked for TSA from January 2002 to August 2005.

So far there is no evidence the stolen data has been misused. The FBI and Secret Service are investigating the matter and TSA is offering a free year of credit monitoring to affected employees. For more information, go to TSA's Web site, which has a special Web page devoted to the incident and what to do if you've been affected.

Last year, a laptop with the personal information of 26.5 million military personnel was stolen from the home of a Veterans Affairs Department employee. The laptop was recovered and the FBI said none of the data was copied.
Apparently jihadists have a new slogan reminiscent of the age old cliche, "The pen is mightier than the sword." Theirs is a bit more tech savvy though: “Keyboard equals Kalashnikov.”

This tidbit came yesterday (May 3) at the Senate Committee on Homeland Security and Government Affairs hearing on Islamic extremist radicalization and recruiting via the Internet.

Another disturbing piece of information came from Lieutenant Colonel Joseph H. Felter, director of the Combating Terrorism Center at West Point. In what he labeled turning "consumers" of jihadist propaganda into "producers of terrorism," one jihadist Web site held a web design contest for their Web site. What did the winner get? To fire a rocket from the comfort of home with a mouse click.

Committee Chairman Sen. Joe Lieberman (I-CT) said it was ironic "that the internet – invented by the Department of Defense as a way to ensure undisrupted communications in the event of an enemy attack – is now being used to recruit and train the terrorists who plot such lethal attacks against American and other western targets."

The witnesses each elucidated strategies to counter jihadist radicalization and recruitment online. None more so than Frank J. Cilluffo, director of Homeland Security Policy Institute at George Washington University, who in partnership with The University of Virginia’s Critical Incident Analysis Group, released a report as part of the hearings: "NETworked Radicalization: A Counter-Strategy."
In the aftermath of 9/11, the New York City Fire Department (FDNY) took broadsides from the 2002 McKinsey Report for its response to the World Trade Center. While the report lauded the FDNY for its heroism, it criticized its emergency response for widespread communications limitations, poor inter-agency coordination and resource management, and its inability to track its own men and victims treated by EMS and taken to hospitals.

Nearly five years after the McKinsey report the FDNY has responded with its "Terrorism and Disaster Preparedness Strategy." The 34-page document focuses strongly on four core areas: organizational adaptability, response capability, prevention and protection, and coordination and collaboration, many of which were found wanting by McKinsey.

The FDNY strategy's ambition: to be able to respond to the worst disasters nature or terrorists can throw at New York City and ensure another 9/11 never happens again.

(April 26), Sen. Barbara A. Mikulski (D-MD) - chairman of the Subcommittee on Commerce, Justice, Science and Related Agencies Appropriations - criticized the FBI's budget 2008 budget proposed by the President at the subcommittee's hearing. Sen. Mikulski said the FBI needs more resources if it is to carry out its ever expanding mission to protect the United States from crime and terrorism. (Watch the hearing here.) Since 9/11, 40 percent of the FBI's budget and 2,000 FBI agents have been shifted from violent crime to counterterrorism. As an example of the FBI's increasing responsibilities regarding terrorism, Sen. Mikulski highlighted the President's decision to transfer the Render Safe mission from the Defense Department to the FBI. "This means the FBI is now responsible for dismantling a nuclear device in the United States," she said. Yet, as the FBI has concentrated its efforts and resources on counterterrorism, recent statistics on violent crime show it has risen despite the doubling of the FBI's budget since 2001. "Given all of these important roles and responsibilities, we must ensure that the FBI has the resources it needs," she concluded. "The lives of 300 million Americans depend on it." FBI Director Robert Mueller testified as well today, discussing the FBI's budget priorities for 2008.
Read the proposed rule on what states must do to meet the new driver’s license requirements of the REAL ID Act of 2005. The rule is out for comment until May 8th.
A new 80-page guideis intended to give governors an overview of their homeland security roles and responsibilities. Topics covered include communications interoperability and mutual-aid agreements.
The FDA’s Food Facilities Registration Database is intended to help the government share warnings of food-borne illnesses, but errors in the contact information were found in a recent test. See the study results online.
A new report details how states are using federal money to improve criminal history records. For example, Georgia, Hawaii, and Maine are using the grants to improve the transmission of case information to their central criminal-record repositories.
A woman sued a casino operator for false arrest and false imprisonment after she was ejected for picking up a dropped slot-machine token. A U.S. district court upheld the awarding of large punitive damages because the security staff’s conduct was deemed egregious.
A medical testing company was sued by a former employee for religious discrimination, because it wanted him to work Saturday, his Sabbath. The court ruled in the company’s favor, finding no religious discrimination.
Louis Cioffi worked as a part-time social studies teacher and athletic director for the Averill Park Central School District from 1981 to 1999. In June 1999, the school district promoted Cioffi to full-time athletic director. In his new position, Cioffi supervised Kevin Earl, the district’s football coach. Over the three years Cioffi supervised Earl, he consistently complained about Earl’s teaching methods. In early 2001, a parent complained about disturbing events that occurred in the boys football locker room, including the hazing and sexual assault of younger players by older students. The school district took steps to address the situation, including changing the policy of supervision in the locker room. However, the school failed to relate the hazing incidents to the other parents of the students who had been assaulted. The court noted that sexual assaults in a high school and the possible cover-up by school administrators are certainly within the scope of public interest. Further, while the school board planned to eliminate Cioffi’s position before his press conference, the official decision was not made until after the press conference, making the retaliation claim valid. (Cioffi v. Averill Park Central School District, U.S. Court of Appeals for the Second Circuit, No. 04-5593-cv, 2006)
Contingency and computer-security emergency-response plans must be kept in a state of readiness. Three key components of readiness are tests that ensure that the plan will work as described; training that informs personnel of their roles and responsibilities vis-a-vis the plan; and exercises that simulate an emergency to test the plan’s viability. The National Institute of Standards and Technology has created an in-depth guide to tests, training, and exercise programs as they relate to IT plans. The guide includes checklists as well as detailed sample objectives and scenarios. @ Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities is at SM Online.
A male assistant manager at a truck stop filed charges of sexual harassment when the company responded to his complaint by forcing him to move to another location 120 miles away; the courts ruled that it constituted an adverse action.
The Department of Homeland Security (DHS) has issued its fiscal year 2007 grant guidance (PDF, 10 pages - 102 KB) and application kits for five grant programs that will total roughly $1.7 billion in funding for state and local counterterrorism efforts. Secretary Chertoff said that the department has changed how funds will be allocated to address criticisms leveled at it last year. The communities facing the highest risk will receive the majority of the funds (55%). In addition, rather than rejecting grant applications outright, the department will tell applicants how they can address problems and resubmit the request. Government Security News analyst Jacob Goodwin takes issue with the DHS claim that this represents a big policy shift. He points out that the six high-risk urban areas that will be getting 55% this year got 53.9% in FY2006-- "Not much of a bump up," in his words. Read the DHS Press Release. (01/05/07)and Goodwin's remarks (01/08/07).
DHS report addresses the effectiveness of U.S. Immigration Custom and Enforcement policies and procedures to track the location of detainees.
DHS issues credentialing rule to secure access to U.S. ports. The Department of Homeland Security (DHS) on 01/03/07, announced the issuance of the final rule for the Transportation Worker Identification Credential (TWIC) program, which enhances port security by checking the backgrounds of workers before they are granted unescorted access to secure areas of vessels and maritime facilities. The rule was posted publicly on Transportation Security Administration’s (TSA) Website January 1, 2007, and has been delivered to the Federal Register for posting in the coming days. The rule lays out the enrollment process, disqualifying crimes, usage procedures, fees, and other requirements for workers, port owners, and operators. These guidelines allow the industry, government and public to prepare for the implementation of this important security program. The TSA and the U.S. Coast Guard held four public meetings around the nation and received more than 1,900 comments regarding the initial draft of this federal rule. Comments were filed by workers, port facility owners and operators, small businesses and others who would be affected by the new program. The rule is expected to impact more than 750,000 port employees, longshoreman, mariners, truckers and others who require unescorted access to secure areas of ports and vessels.
Read the Transportation Worker Identification Credential (TWIC) Implementation in the Maritime Sector final rule. (1Mb, pdf)
Click here for more information on port security available on the U.S. Coast Guard’s Homeport site.
DHS made available for public review a comprehensive set of proposed regulations that will improve security at high-risk chemical facilities nationwide. The proposed regulations are expected to be published in the Federal Register next week as an Advanced Notice of Rulemaking and will be available for public comment until February 7, 2007
The House of Representatives has passed a bill that would implement some of the remaining recommendations of the 9/11 Commission. The measure passed the house 299 to 128.
.When the Washington, D.C.-area snipers were still at large, investigators told the public that the assailant was probably driving a white box truck or van. All over the region, police and drivers cast a wary eye at these vehicles, while the snipers’ actual vehicle, a dark blue Chevrolet Caprice, went disregarded. This is an example of a “cognitive bias”; it delayed the capture of the snipers and often leads to false arrests or wrong accusations. Other such biases include spurious cause and effect. In one series of rapes on the south side of a city, for example, police hypothesized that the offender stalked his victims from a local superstore, where all of his victims had shopped. It turned out that almost everyone from the south side shopped there, and that there was no connection between the store and the crimes. In an article in the FBI Law Enforcement Bulletin, D. Kim Rossmo, a former detective and a criminal justice professor of criminal justice at Texas State University in San Marcos, discusses various cognitive biases that lead investigators astray and offers strategies to combat them.@ Find it at SM Online.
A new guide from the National Institute of Standards and Technology explains the key threats to, and recommends guidance for, securing industrial control systems.
A joint effort by the Bureau of Justice Statistics and the National Center for Education Statistics, presents the report Indicators of School Crime and Safety, 2006 which examines crime occurring in school as well as on the way to and from school. It also provides the most current detailed statistical information on the nature of crime in schools, school environments, and responses to violence and crime at school. Data are drawn from several federally funded collections including the National Crime Victimization Survey, Youth Risk Behavior Survey, School Survey on Crime and Safety, and School and Staffing Survey."
An FBI Law Enforcement Bulletin piece discusses various cognitive biases that lead investigators astray, and offers strategies to combat them
The Justice Department’s Bureau of Justice Assistance bulletin outlines a ten-step threat management process
Find out how buildings could be strengthened against hurricanes in a NIST report that recommends enforcing strict building standards for hurricane-prone regions.
The FBI gives tips for how governmental agencies and organizations can avoid a check fraud scam that targets expired checks.
Recommendations on how local and federal officials can improve police response in identity-theft cases are in a new report.
Detonators, rocket motors, and bulk explosive powders were among at least 410 items that Sandia National Laboratories could not account for when audited by the U.S. Department of Energy’s Office of Inspector General. Auditors found other problems with explosives handling and processing at both Sandia and Los Alamos National Laboratories, but Lawrence Livermore National Laboratory was hailed for its “robust program” for explosives handling and processing.@ The audit report can be reached via “Beyond Print” at SM Online.
After a spate of well-publicized thefts of government laptops earlier this year, Clay Johnson III, deputy director for management with the Office of Management and Budget, sent a memorandum to department heads urging them to take action to safeguard information properly. Johnson’s memo, which includes a security checklist created by the National Institute for Standards and Technology, recommended four actions: use encryption when carrying agency data; use two-factor authentication provided by a device that is separate from the computer (such as a USB token); ensure that users reauthenticate after 30 minutes of inactivity; and verify that all sensitive data is purged within 90 days if no longer required. “Most departments and agencies have these measures already in place,” Johnson says in the memo, though the many recent losses of unsecured laptops suggest that having the measures in place and actually ensuring that workers use them are two separate issues. Johnson says that his department will “work with the Inspectors General community to review these items as well as the checklist to ensure [that] we are properly safeguarding the information the American taxpayer has entrusted to us.”
An interview with Tim Manning, director, New Mexico Office of Homeland Security.
The U.S. Supreme Court has adopted new rules of civil procedure for courts to follow for electronic discovery.
DOE audit reports that two out of three defense labs are not maintaining controls over nonnuclear explosives.
A comprehensive guide from NIST tells how to set up an information security program.
New EEOC guidelines clarify how rules against discrimination in employment on the bases of race and color apply to everyday situations.
The FDA has announced new steps to strengthen existing protections against the growing problem of counterfeit drugs.
A federal appeals court has ruled that an employee violated federal law when he destroyed information on his employer’s laptop.
An appellate court has ruled that singling out an employee and monitoring his work is not harassment unless the monitoring results in an adverse employment action.
This report released by COPS provides a framework for understanding student gatherings, specifically the problem of student party riots.
NIST has issued a series of drafts on security issues related to the Internet. http://csrc.nist.gov/publications/drafts/Draft-SP800-45A.pdf
http://csrc.nist.gov/publications/drafts/Draft-SP800-94.pdf
http://csrc.nist.gov/publications/drafts/Draft-SP800-95.pdf
The Department of Homeland Security's Office of the Inspector General has issued the findings of an audit of the National Urban Search and Rescue Response System. Currently there are 28 task forces in 19 states (8 are in California). The audit was of seven of the teams. Among the problems found, "Six of the seven task forces fell below 50 percent of US&R System standards for operational readiness established by FEMA." The report finds that the system needs more oversight from FEMA.
Read the entire interview of Matthew R. Bettenhausen, director, California Office of Homeland Security.
The The House has passed H.R.5852, the 21 st Century Emergency Communications Act of 2006, which requires the Department of Homeland Security to strengthen its efforts to improve emergency communications.
The brief, State Strategies for Using IT for an All-Hazards Approach to Homeland Security provides governors recommendations for using information technology (IT) to strengthen homeland security strategies in their states.
The amount of rain and wind delivered by Katrina and Rita last year was nothing compared to the criticism that poured down on the federal government, Louisiana, and New Orleans for shoddy hurricane preparation and response. In the aftermath, Congress asked the Departments of Transportation and Homeland Security to review federal and state evacuation plans for catastrophic hurricanes. The two agencies have just issued a nearly 200- page report on evacuation plan assessment and jurisdictional roles in evacuation. @ Read it now by going to SM Online.
The U.S. Department of Homeland Security has awarded Advanced Spectroscopic Portal (ASP) program contracts totaling $1.157 billion to enhance the detection of radiological and nuclear materials at the nation’s points of entry.
The U.S. Department of Agriculture is sending four veterinary specialists to Rome to assist the United Nations' Food and Agriculture Organization (FAO) in launching a new crisis management center that will enhance worldwide response to animal disease.
The brief, State Strategies for Using IT for an All-Hazards Approach to Homeland Security provides governors recommendations for using information technology (IT) to strengthen homeland security strategies in their states.
The Department of Homeland Security has issued a rule proposing a pre-departure Advance Passenger Information System (APIS) requirement. "This requirement will allow DHS to collect passenger information for flights and cruises bound for the United States prior to their departure from foreign ports," according to the DHS release. There will be a thirty day comment period after the July 13 publication of the notice of proposed rulemaking.
DHS Inspector General Richard L. Skinner has found U.S. efforts to develop a National Asset Database of "critical infrastructures and key assets" to be flawed. The database is intended to support the development an "informed" national-risk profile. But DHS "has a substantial amount of work ahead to determine the ultimate disposition of the NADB’s contents and each asset’s importance to the country," the Inspector General writes.Among items listed as key infrastructure or critical assets are: Bean Fest Nix’s Check Cashing Amer. Society of Young Musicians Trees of Mystery Groundhog Zoo Sweetwater Flea Market High Stakes Bingo
The U.S. Department of Homeland Security has announced nearly $400 million in FY 2006 grants for infrastructure protection. "The infrastructure grants will be divided among seven programs that constitute major critical infrastructure sectors ranging from transportation modes to the nation’s ports," according to the agency's Web site press release. For example, more than $136 million will go via the Transit Security Grant Program to the owners and operators of the nation’s critical transit infrastructure including rail, intracity bus and ferry systems.
A report released by the Department of Justice criticizes the FBI’s efforts to protect the nation’s ports and recommends written threat assessments.
This NIST guide will help organizations in implementing a media sanitization program.
The Federal Communications Commission has issued a proposed rule requiring companies to take additional steps to protect consumer privacy.
The State Department has released reports on the narcotics trade and money laundering. Volume I and Volume II.
The National Academies has prepared, in cooperation with the DHS, fact sheets on four types of terrorist attacks.1,2,3 and 4
The FBI has issued an interim final rule setting out how employers can request criminal background checks on private security officers.
A government report on money laundering notes the rise in popularity of online currency services as a conduit for illicit funds.
Identity Theft Can Be Fun. The Federal Trade Commission now offers an amusing online quiz about the basics of identity theft, spyware, phishing, and other scams. It also teaches users how to obtain a free credit report, use sufficient passwords, report identity theft, and otherwise protect themselves from identity thieves. @ The site, onguard online, also provides links for sending information on scams and attacks to government authorities. get there via SM Online.
Insurers and financiers have mastered the skill of risk management, which entails anticipating future events, deciding which of those expected risks the organization will bear, and allocating resources to mitigate the rest. @ SM Online has the report.
North Korea and Iran present probably the biggest threat of rogue nations gaining nuclear weapons. Other countries pose a danger as well, but a main watchdog over nuclear weapons, the International Atomic Energy Agency (IAEA), is hampered in its ability to ensure that nations are not developing clandestine weapons programs. @ The GAO report, including recommendations for future action, is at SM Online.
Now that cell phones have morphed into miniature computers, they contain more information than ever before. In addition to phone numbers and a record of calls made and received, phones can now contain e-mail or text messages, photos, and a host of other data that could be of value when investigating a crime. Just as conducting a forensic investigation of a computer requires a special set of skills, particularized skills are needed when investigating a cell phone, Pocket PC, RIM, or Palm OS device. An in-depth explanation of the challenges facing investigators, and an analysis of data pulled off many of these devices, is available from the National Institute of Standards and Technology (NIST) in a paper called Cell Phone Forensic Tools: An Overview and Analysis. Though the paper is aimed at investigators who already have some of the skills needed to do computer forensic investigations, it includes much information that will be of value to anyone who is interested in how cellular devices work and how they should be properly seized and analyzed. The report closes with a detailed glossary that explains common terms and acronyms related to cell phones. @ The NIST report is available via SM Online.
The ethics involved in science and technology spending at the Department of Homeland Security must improve, says a new report by the Government Accountability Office (GAO). According to the report, a potential conflict of interest may arise, given that many of the various portfolio managers charged with managing the different Science and Technology (S&T) portfolios were former experts from national laboratories. National laboratories received a portion of the S&T funds. @ Read the full report .
Now that cell phones have morphed into miniature computers, they contain more information than ever before. In addition to phone numbers and a record of calls made and received, phones can now contain e-mail or text messages, photos, and a host of other data that could be of value when investigating a crime. Just as conducting a forensic investigation of a computer requires a special set of skills, particularized skills are needed when investigating a cell phone, Pocket PC, RIM, or Palm OS device. An in-depth explanation of the challenges facing investigators, and an analysis of data pulled off many of these devices, is available from the National Institute of Standards and Technology (NIST) in a paper called Cell Phone Forensic Tools: An Overview and Analysis. Though the paper is aimed at investigators who already have some of the skills needed to do computer forensic investigations, it includes much information that will be of value to anyone who is interested in how cellular devices work and how they should be properly seized and analyzed. The report closes with a detailed glossary that explains common terms and acronyms related to cell phones. @ The NIST report is available via SM Online.
The FTC has released Effectiveness and Enforcement of the CAN-SPAM Act, which concludes that the law has been effective in slowing down spam.
Schools are not doing enough to protect students from sex crimes or to ensure that they are accurately reported when they occur. Read the report.
This report examines the bio/chem threat to airports and makes recommendations on how to assess and counter the threat.
Department of Homeland Security (DHS) Secretary Michael Chertoff announced January 30th the implementation of Expedited Removal (ER) along the entire U.S.-Canadian border and all U.S. coastal areas, as part of the Secure Border Initiative.
A new survey by the National Center for Education Statistics reports an increase in locked doors, security guards, and visitor sign-in procedures.
A government training video shows emergency responders and hospital ER staff how to decontaminate children exposed to dangerous chemicals.
The Department of Homeland Security's (DHS) US-VISIT program has completed installation of biometric entry capabilities at 104 land border ports, as mandated by Congress.
The Treasury Department issued interim guidance to assist the insurance industry in meeting new requirements for the Terrorism Risk Insurance Program.
DHS has taken huge strides toward better protecting its networks, says the agency’s inspector general.
A Department of Energy internal report finds that the agency has failed to protect critical nuclear assets.
When it comes to street gangs, “network analysis” has nothing to do with identifying risks in computer systems but rather with analyzing the pattern of social relationships among gangs and individual members. In an innovative program, the North Jersey Gang Task Force has been using network analysis to combat the gang problem in Newark. Partnering with Rutgers University, which has provided free access to graduate students and researchers, the task force has been documenting relationships among gang members, such as which ones hang out together and which have been incarcerated together. Among other things, the analysis has revealed differing levels of “embeddedness” on the part of specific gang members, indicating that different tactics for intervention are necessary for particular gang members. “Cut points”—people who are the only connection among people or groups—have been identified as potentially ideal targets for disrupting gangs.@ Learn more about the program in a report published by the U.S. Department of Justice’s Office of COPS. it is available at SM Online.
President Bush outlines strategy for victory in Iraq.
The 9/11 Commission—formally known as the National Commission on Terrorist Attacks Upon the United States—disbanded in August 2004, but its ten commissioners didn’t simply move on. Instead, they created an organization, called the 9/11 Public Discourse Project, to foster public education on terrorism. They are also gauging the progress made on the commission’s 41 recommendations, which they note as being largely disappointing. Assessing the status of 28 recommendations on emergency preparedness and response, transportation security, border security, the intelligence community, civil liberties, and reform, the committee identified five showing “unsatisfactory progress,” one showing “insufficient progress,” 13 showing “minimal progress,” and nine showing “some progress.” Faring worst were the progress on assessing national critical infrastructure risks, creating a national strategy for transportation security, improving airline passenger prescreening (see related item in this column, page 24), declassifying the intelligence budget, and collaborating with other countries on borders and document security “The U.S. is not moving to include fingerprints in passports and therefore is not taking a leadership role in passport security,” the report says. Other problems identified by the project include an insufficient radio system for first responders, slow adoption by first responders of the incident Command System, and a homeland-security-grant process still largely dictated by politics rather than risk. The best results were generally achieved in the border security arena. “Some progress” has been made in improving terrorist travel intelligence, creating and implementing a biometric entry-exit screening system (US-VISIT), and standardizing secure identifications (via the REAL ID Act,which established standards for state-issued IDs). @ The first tworeports of the discourse project are on SM Online. (Report 1, Report 2)
You just have to recall the pre-Hurricane Rita traffic jams around Houston to get a sense of how important the highway system is todisaster management. With that in mind, the Transportation Research Board of the National Academies has issued a guide to managing incidents on U.S. highways.nbsp;“Guide for Emergency Transportation Operations” is volume 6 of the Transportation Research Board’s series of reports called Surface Transportation Security. Other volumes address how transportation agencies can manage sensitive information, educate themselves on terrorism-related risk management of highway infrastructure, incorporate security into the transportation planning process, share information, and respond to threats.@ Find them at SM Online.
When the Zotob worm appeared only days after Microsoft released a patch that would have prevented infection, 700 Department of Transportation (DOT) computers were infected after a contractor connected a laptop to the DOT’s network against the department’s policy. This incident, which is recounted in a report on the department’s IT security by the DOT’s Inspector General (IG), is just one indication that some federal IT professionals are having trouble in meeting the challenges of locking down networks.
Here’s another. The IG notes that “about half of all Federal Railroad Administration computers are not subject to routine vulnerability checks because they are being used by employees who telecommute (or travel around the country) for the majority of the year.” As is made clear by the Zotob example, these laptops, “if infected with hostile software, could become conduits for spreading problems to the rest of the networks.” @ The IG’s full report is available at SM Online.
NIST has issued the final reports of the federal buildings and the fire investigations of WTC.
According to the FBI's announcement, theagency "joined the U.S. Postal Inspection Service, the online job search company Monster Worldwide, and other partners in launching a new website—LooksTooGoodToBeTrue.com—to educate the public about Internet schemes and to provide a central place for consumers to file complaints."
At a November 1,2005, congressional hearing on counterfeit drugs, an FDA spokesperson discussed the scale of the problem. "While the rate of counterfeiting in the U.S. is difficult to estimate, on a global scale, counterfeiting is a widespread problem and affects both developing and developed countries. The World Health Organization (WHO) has reported that up to 25 percent of medicines consumed in poor countries are counterfeit or substandard. It has been reported that up to 50 percent of drugs for sale in some countries are counterfeit. Counterfeit drugs are most prevalent in developing countries," said Randall W. Lutter, Ph.D., Acting Associate Commissioner for Policy and Planning Food and Drug Administration. Read the full testimony.
According to the FBI's announcement, the agency "joined the U.S. Postal Inspection Service, the online job search company Monster Worldwide, and other partners in launching a new website—LooksTooGoodToBeTrue.com—to educate the public about Internet schemes and to provide a central place for consumers to file complaints."
In an article in the FBI Law Enforcement Bulletin, Special Agent Brian Parsi Boetig explains how, in employing those methods, interrogators can use “criminological theories of deviance” to help gain confessions. For example, the “rational choice” theory posits that people do what’s in their self-interest. @ Read the article.
The Equal Employment Opportunity Commission (EEOC) has issued guidelines for employers on dealing with cancer as a disability. As withother illnesses, cancer is considered a disability under the Americans with Disabilities Act (ADA) when the disease limits a person’s major life activities. As an example, the guidelines note that an employee undergoing radiation treatment who becomes nauseated and too tired to cook, shop, or do household chores is covered under the ADA because the cancer substantially limits the employee’s ability to care for himself.
The National Institute of Standards and Technology (NIST) has launched the Iris Challenge Evaluation (ICE) to gauge the state of this type of biometric technology. Find out more about ICE .
The National Institute of Standards and Technology (NIST) has released a half-dozen draft reports on issues such as patch and vulnerability management, preventing and handling malware incidents, and applying forensic techniqes to computer and network data analysis. NIST has also released three final report; two cover mobile devices and one gives a security configuration checklist for IT products. @ The NIST reports are available from SM Online.
The U.S. Sentencing Commission has voted to adopt new sentencing guidelines for the crime of aggravated identity theft, defined as using a stolen identity to commit other crimes. The new provisions, mandated by the Identity Theft Penalty Enhancement Act of 2004, create a minimum sentence of two years in prison for aggravated identity theft and a minimum of five years in prison for aggravated identity theft with the intent to commit an act of terrorism.
The Federal Trade Commission (FTC) is working with dozens of organizations around the world to put pressure on Internet service providers (ISPs) to take voluntary steps, such as quarantining infected computers to try to reduce the onslaught of spam sent through so-called “spam zombies,” computers that have been hijacked to send spam. More on the FTC’s Operation Spam Zombies is at SM Online.
Homeowners must also be prepared for terrorist incidents, says the Department of Homeland Security and the Homeowners Alliance. The two groups jointly released an emergency preparedness guide that encourages storing extra food and water, developing a communications network, and educating families on biological and chemical threats. View the guide at Security Management Online.
The Senate Commerce Committee leaders have introduced The Identity Theft Protection Act. "The bill sets national standards for notifying consumers of data breaches, requires businesses to improve their safeguards for sensitive consumer information, gives consumers the right to freeze their credit reports to thwart identity theft, and limits the solicitation of Social Security numbers," according to the committee's press release.
The government announced on June 30 another "far-reaching and aggressive international enforcement action against criminal organizations involved in the illegal online distribution of copyrighted material," according to a release from the Justice Department. "Beginning yesterday morning, the FBI and law enforcement from 10 other countries conducted over 90 searches worldwide as part of 'Operation Site Down,' designed to disrupt and dismantle many of the leading criminal organizations that illegally distribute and trade in copyrighted software, movies, music, and games on the Internet," says the DOJ release.
Sandia National Labsreports that "The DOE Office of Security and Safety Performance Assurance (SSA) is exploring the potential to use directed energy weapons technology sponsored by the Department of Defense (DoD), named Active Denial Technology (ADT), to help protect DOE nuclear assets." Thereports notes that "To help solve the many technical issues associated with this challenge, Sandia has partnered with Raytheon and the Air Force Research Laboratory (AFRL), because both organizations have significant experience with earlier ADS system developments.
The Senate Commerce Committee leaders have introducedThe Identity Theft Protection Act. "The bill sets national standards for notifying consumers of data breaches, requires businesses to improve their safeguards for sensitive consumer information, gives consumers the right to freeze their credit reports to thwart identity theft, and limits the solicitation of Social Security numbers," according to the committee's press release.
EPA has announced an agreement with the Israeli Ministry of National Infrastructures "to work together to improve water supply system security in the United States and Israel. Joint projects could include work on contamination warning systems, conducting field testing of sensor technologies, water supply risk assessment and management, and emergency response."
The Nuclear Regulatory Commission hasannounced that it is "considering amending its regulations to implement a national tracking system for certain radioactive materials used for academic, medical and industrial purposes."
GovExec.com reports that "The House this week passed the first intelligence authorization bill since the U.S. intelligence community was restructured, approving an estimated $42 billion for public and covert activities in 2006
Each year, federal agencies receive “grades” on a computer security report card, issued by the House Government Reform Committee. It’s based largely on each agency’s compliance with the Federal Information Security Management Act (FISMA). Now, for the first time,the CISOs of those agencies have their chance to grade FISMA. In a survey from Telos Corporation, 60 percent of respondents found FISMA reporting helpful in understanding the state of their department’s IT security, and respondents gave the report card itself a “C” grade.@ The executive summary of Grading the Graders: Examining the True Impact of FISMA is at SM Online.
Put aside the question of whether polygraphs are reliable or should be admissible in a court of law, urges William J. Warner, who serves in the FBI’s Polygraph Unit. In an article in the FBI Law Enforcement Bulletin, Warner contends that the tool should be used and appreciated for its utilitarian performance. Even if polygraph results are never used in court, testing frequently leads to confessions or the revelation of solid case information that may not have emerged otherwise. @ Read the article at SM Online.
A new FBI report on financial crime trends finds that in healthcare, more frauds involve medical professionals harming patients in furtherance of their schemes. For example, frauds now involve unnecessary surgeries, weakened cancer drugs, and bogus lab tests. The report, Financial Crimes Report to the Public, also examines crime trends in corporations, mortgages, identity theft, insurance, telemarketing, and asset forfeiture/money laundering.
Water utilities were ordered by Congress to conduct vulnerability assessments after 9-11. The results of those assessments have awakened many utilities to the need for water-contamination warning systems, but a series of challenges lie ahead, including which technology to choose, which contaminants to monitor, where to place sensors, and how to analyze monitoring data. @ Contamination Warning Systems for Water: An Approach for Providing Actionable Information to Decision-Makers is available via a link at SM Online.
Like banks, U.S. money-services businesses are required to implement anti-money-laundering measures, such as reporting suspicious activity and currency transactions. Money-services businesses range from hotels that exchange currency, to check-cashing storefronts, to Fortune 500 companies. The Financial Crimes Enforcement Network (FinCEN),along with various other federal agencies, recently issued two sets of guidance. The first reminds money-services businesses of their obligations under the Bank Secrecy Act and notifies them of the type of information they may be expected to produce to banks with which they have a relationship. The secondsets forth minimum steps that banks should take when their customers are money-services businesses.
The Department of Homeland Security announced that the nation's busiest seaports -- Los Angeles/Long Beach, California -- will have complete Radiation Portal Monitor (RPM) coverage by year's end.
Read the Q&A between Homeland Security Secretary Chertoff and members of the House Government Reform Committee, touching.
The National Institute of Standards and Technology (NIST) issued its draft report from its three-year building and fire safety investigation of the World Trade Center (WTC) disaster following the terrorist attacks of Sept. 11, 2001. The draft has been released for a six-weekpublic comment period.
Department of Homeland Security Announces $91.3 Million in Buffer Zone Protection Program Grants.
The Commerce Department has announced that the "National Institute of Standards and Technology (NIST) today (Feb. 28) released its final version of recommended security controls for federal information systems. The new guideline will be the basis for a proposal to be made later this year by NIST for a Federal Information Processing Standard (FIPS) that will become mandatory for federal agencies in December 2005."
Reuters reports that U.S. Attorney General Alberto Gonzales urged Congress to renew the Patriot Act anti-terrorism law.Links to Patriot Act testimony.
Computerworld reports that the latest federal computer security report card released by the House Government Reform Committee gives D+ grade to many federal agencies.
Wired.com reports that "The powerful House Commerce Committee on Wednesday made anti-spyware legislation a top priority, with members hoping to vote it out of committee in the next two to three weeks."
Saxby Chambliss (R-GA) has announced that he will again push "legislation to make the eight military intelligence organizations report directly to a four-star general at the Pentagon, who then would report to the Director of National Intelligence."
GovExec.com reports that "Through congressional reorganization, the Senate Homeland Security and Governmental Affairs Committee now has direct oversight of more than 60 programs, offices or agencies within the Homeland Security Department, according to a study released by the committee Monday [Jan10]."
The U.S. Department of Homeland Security’s Information Analysis and Infrastructure Protection (IAIP) Directorate today announced the development of the first online Vulnerability Self-Assessment Tool (VSAT) for stadiums with large seating capacity. According to the DHS press release, "While the current tool is designed for the more than 400 large capacity stadiums that seat over 30,000 people, it will be expanded for use by owners and operators of arenas, convention centers, and performing arts centers in 2005."
Senator Pete Domenici (R-NM) announced that New Mexico State University "has been awarded $539,577 from the Department of Homeland Security (DHS) and will partner with Hamilton Sundstrand Corp in California and Sionex Corp in Massachusetts" to develop detection systems for use against biological and chemical agents.
Govexec.com reports that "The newly permanent House Homeland Security Committee is likely to win the first turf battle over cybersecurity issues in the 109th Congress."
Congresswoman Mary Bono (R-CA) announces the reintroduction of her bill to protect computer users against internet privacy invasion. "H.R. 29, the Securely Protect Yourself Against Cyber Trespass Act (SPY ACT) passed overwhelmingly in the U.S. House of Representatives in October 2004, but was not passed by the U.S. Senate in time to become law before the end of the 108th Congress. The SPY ACT is co-sponsored by Chairman Joe Barton (R-TX), Congressmen Edolphus Towns (D-NY), as well as many others," says the release on her Web site.
MSNBC reports on a new domestic security concern: watch-lighters
Federal Computer Week discusses the technology aspects of the just-passed intelligence reform bill.
Esecurityplanet.com reports on a call for the Bush Administration to focus more on cybersecurity.
CNet News.com has an article about provisions tucked into the House Intelligence Reform bill.
The FTC has announced that "Following a public comment period, the Federal Trade Commission has issued final summaries of identity theft and general consumer rights and revised furnisher and user notices under the Fair Credit Reporting Act (FCRA) and the Fair and Accurate Credit Transactions Act of 2003 (FACTA). Consumer reporting companies are required to notify consumers of their rights under FACTA and steps they can take to protect themselves against identity theft and difficulties resulting from identity theft
House Select Committee on Homeland Security Chairman Christopher Cox (R-CA) has issued a press release commenting on a new report from the American Enterprise Institute (AEI). The report stresses the need for threat-based first responder funding. Cox says that "Many of the report’s recommendations are incorporated in the Cox-Turner Faster and Smarter Funding for First Responders Act, which passed the House as part of the 9-11 reform bill."
Surely you’ve heard of the University of Berkeley, Hamilton University, St. Regis University, and the American University of London. Or have you? In fact, these schools are suspected “diploma mills”—colleges and universities offering worthless degrees that require no work. They use familiar sounding names intended to make prospective employers mistake them for real institutions, such as the University of California at Berkeley, Hamilton College, Regis University, and the American University in London. The problem came to the fore when it was found that many government workers, including staff in the Department of Homeland Security, had these phony credentials, prompting Congress to hold a series of hearings. To help rid higher education of this scourge, the Department of Education has put online a searchable database of accredited schools. By entering a school name into the database, a user can determine whether that school is accredited by an organization recognized by the federal government.
College students are many things, but cautious isn’t usually one of them. And when the emotional tinder swirling in young adults mixes with physical tinder, such as paper and cheap furniture, in population-dense dorms, the combination can be highly combustible. That may be one of the reasons why about 1,300 fires occur in U.S. college and university dormitories every year. Unfortunately, in most dorm fires, no automatic sprinkler system is there to douse the flames. As part of a U.S. Fire Administration initiative to improve fire safety in college housing, the National Institute of Standards andTechnology (NIST) conducted fire experiments in abandoned dorm rooms in Arkansas. Link to NISTvia SM Online to get the free DVD .
The Department of Homeland Security has released its Interim National Preparedness Goal, which “establishes readiness priorities, targets, and metrics.” For more information go to SM Online
In 601 pages of exposition, the Commission on Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction laid bare the serious problems in the U.S. intelligence community. The commission’s report is packed with recommendations on topics such as management, collection, analysis, covert action, and counterinelligence. Read the report.
Last month, DHS conducted TOPOFF, the third in a series of homeland preparedness exercises. It involved 27 federal agencies, 200 other governmental and private sector groups, and 10,000 participants. The U.K.and Canada conducted related exercises on their home turf, while 13 other nations observed the U.S. activities, which occurred in Connecticut and New Jersey. The exercise will be used to improve response plans nationwide.
How well has the FBI aligned itself with post 9-11 priorities? The National Academy of Public Administration (NAPA) says that the FBI “is making substantial progress in transforming itself into a strong domestic intelligence agency and has the will and many of the competencies required to accomplish it.” But the report makes 37 recommendations for change. Read the report
A new rule proposed by the Nuclear Regulatory Commission (NRC) would expand the categories of information considered by the agency to be sensitive. Such data would be added to a special category of sensitive unclassified information, termed safeguards information (SGI), that would be protected from unauthorized disclosure.Current SGI includes data on power reactors,research and test reactors, and spent-fuel storage installations. Under the new rule, information such as engineering or safety analyses, emergency planning procedures, or scenario training materials relating to facility protection would be considered SGI. Also protected would be information concerning the tactics and capabilities required to defend against attempted radiological sabotage or theft of nuclear material. @ To read the full text, visit Security Management Online.
One card that works across the government as an ID and for access is a step closer to reality. In accordance with Homeland Security Presidential Directive (HSPD) 12, the National Institute of Standards and Technology (NIST) has released a standard specifying the architecture and technical requirements for a common identification standard for federal employees and contractors, such as a smart card with embedded biometric data. The first part of the standard gives minimum requirements for a personal identity verification (PIV) system that meets the control and security objectives of HSPD 12, while the second part provides the technical requirements, such as card elements and system interfaces, to support the control and security objectives as well as to maintain interoperability. PIV-I mandates, for example, that a detailed background investigation be completed before ID credentials are issued. It also requires that the applicant appear in person at least once during the process and that he or she present two forms of identification in original form. The Federal Information Processing Standard 201, Personal Identity Verification of Federal Employees and Contractors, is available at SM Online.
t's government IT security grade time again, and as always, the news is not good. Seven agencies received a grade of F, including two-Commerce and Veterans Affairs-that respectively had a C- and a C in 2003. But there were improvements. The Agency for International Development received an A+, and the Department of Justice jumped from an F to a B-. @ The scorecard is available through SM Online.
The report urges Congress to consider defense in depth, including safeguarding foreign nuclear material, mitigating the economic impact of an attack, and wisely allocating funds among ports and other high-value targets. Water infrastructure. The vast U.S. water infrastructure consists of 77,000 dams and reservoirs; thousands of miles of pipes, waterlines, aqueducts, and sewer lines; 168,000 public drinking-water facilities; and 16,000 public wastewater treatment plants. Receiving scant attention so far, according to the CRS, have been wastewater treatment facilities. Destruction of chemical vessels at treatment plants could release toxic agents into the air, for example. Despite the threat, there are no federal standards or industry best practices for water infrastructure security, the CRS notes. In December, however, industry groups developed three security documents that cover the design of online contaminant-monitoring systems as well as physical security improvements for drinking water, wastewater, and storm water systems. Water facilities also recently formed a Water Sector Coordinating Committee to work with federal officials.
Are companies wising up about premises liability, or are more meritless claims being filed? Either way, plaintiffs are winning a smaller percentage of suits. In 1992, plaintiffs won in 44.4 percent of cases in which they reached a jury trial in state court in one of the 75 largest U.S. counties. By 2001, the latest year for which data is available, that number had dropped to 41.5 percent. Median damage awards for prevailing plaintiffs also dropped. @ A Bureau of Justice Statistics bulletin, available on SM Online, has details.
On the authority of a 2000 law that amends the Atomic Energy Act of 1954, the Department of Energy (DOE) has issued regulations that will allow the department to impose civil penalties on contractors for breaches of information security. The final rule also gives DOE the power to withhold portions of a contractor's fee for poor information-security performance. The rule, which took effect at the end of February, will allow DOE to fine contractors up to $100,000 for each violation. The rule also allows DOE to insert a clause in its contracts that allows the agency to reduce the amount paid to a contractor if the contractor or an employee of the contractor violates rules relating to the safeguarding or security of sensitive information. @ To read the entire rule, visit Security Management Online.
If you're planning to roll out a large-scale IT project, you might want to pay heed to some lessons learned from the FBI's troubled Virtual Case File (VCF) software project. @ The testimony before Congress by Fine, Mueller, and Punaro, and the IG's report onTrilogy, are at SM Online.
The U.S. Department of Justice has a division devoted to cybercrime issues. The Computer Crime and Intellectual Property Section (CCIPS), in the Criminal Division of the department, provides manuals on searching, seizing, and preserving computer evidence. The site also details policies, cases, guidance, and laws related to hacking and intellectual-property crime, and provides information on teaching cyberethics to children. @ CCIPS is this month's A Site to See. Link to it via SM Online.
Local law enforcement agencies can address cybercrime more effectively by looking for help from local schools and businesses, according to an article in the FBI Law Enforcement Bulletin by Chief Tony Aeilts, who heads the California State University Police Department in San Luis Obispo, California. @ Link to "Defending Against Cybercrime and Terrorism: A New Role for Universities" at SM Online. A paper from the National Institute of Standards and Technology (NIST) defines technical acquisition and formatting requirements of biometric credentials for Homeland Security Presidential Directive 12, which calls for identity credentials that are interoperable between agencies. @ Link to NIST Special Publication 800-76, Biometric Data Specification for Personal Identity Verification, at SM Online.
The Internal Revenue Service (IRS) has submitted to the Department of the Treasury and the Office of Management and Budget (OMB) "inaccurate and misleading" information about the state of its information-security programs, according to a report prepared by an assistant inspector general for audit with the Department of the Treasury, who undertook a review of the IRS's process for monitoring its program- and system-level security weaknesses. @ Go to SM Online for more on the report.
Federal agencies are not consistently implementing the basics of information security, such as performing periodic risk assessments, developing and maintaining up-to-date security plans, creating and testing contingency plans, and evaluating and monitoring the effectiveness of security controls, according to a report from the Government Accountability Office (GAO). @ Protecting the Federal Government's Information Systems and the Nation's Critical Infrastructures is at www.securitymanagement.com.
Does the free market work when it comes to private-sector homeland security? That's the question put on the table in a new report by the Congressional Budget Office (CBO). The report does not answer the question but lays out the reasons why business might not at first provide adequate security and the ways in which the government might induce better behavior. For example, it notes that businesses only have the incentive to secure their own assets, not to protect society at large. "If the disparity between private costs and social costs is significant, the result is that private firms have insufficient incentive to meet social objectives," the paper says. Closing the gap between private and social interests may require tweaking national policies, according to the report, which discusses three broad strategies.One policy would establish new rules or incentives to force industry to face the full costs of possible losses.A second would use programs to "socialize the costs of security" by having the government and taxpayers implement or finance security measures for businesses. A third set of programs would educate the private sector with information on the risk of attacks, potential losses, and opportunities to mitigate losses. Consider an attack on a chemical-production facility that released toxins into the community. Programs that forced the company to bear the full cost of damage to the community might include imposing penalties for not meeting requirements.f the government were to bear the cost, a program might include rewarding industry for protecting vulnerable facilities or making them less dangerous by adopting safer production processes. The third approach might include warning residents of the dangers of an attack or informing the plant of ways to reduce vulnerabilities.The paper discusses potential policy initiatives for four private-sector industries: nuclear power, chemicals and hazardous materials, electricity, and food and agriculture. @ SM Online has it.
Forget the Mayberry stereotype. The latest data show that the percentage of students at rural schools that reported being bullied in 2003 (10 percent) was greater than at urban and suburban schools (seven percent each). And that difference has doubled since 1999, according to the 2004 edition of Indicators of School Crime and Safety, a publication of the National Center for Education Statistics and the Bureau of Justice Statistics.
A December 2003 report by Trust for America's Health showed that the nation's public health system was insufficiently prepared for bioterrorism. The prognosis isn't much better more than a year later. A follow-up report concludes that "states across the country are still struggling to meet basic preparedness requirements and have inadequate resources to juggle the competing health priorities they face." Ranking states on ten "key indicators to assess the states' public health emergency preparedness capabilities," the report found Florida and North Carolina to be in the best of health, notching nine of the ten indicators. At the other extreme were Massachusetts and Alaska, which achieved the sickly score of three. Twenty states fell in the middle with a score of six, while another 19 garnered scores of 5 or 7.The ranking was based on indicators such as state spending of federal funds, level of state public-health budgets, bioterror capabilities of state labs, and surveillance and tracking capacity. For example, only five state public-health labs report the ability to adequately respond to a chemical terror threat, while two-thirds of states don't electronically track disease outbreak information using national standards, making early warning difficult. SM Online has the full 72-page report, as well as an executive summary.
os Alamos National Laboratory has rolled out the Journal of Physical Security, a scholarly, peer-reviewed publication that publishes articles which "use the scientific method or other rigorous approaches to understanding, modeling, developing, testing, or evaluating any aspect of physical security." The inaugural issue offers five papers. Electronic subscriptions are free. SM Online has more information on subscribing.
he New York high court has ruled that an employer who has provided adequate safety devices cannot be sued by an employee who failed to make use of these devices.(Cahill v. The Triborough Bridge and Tunnel Authority, New York Court of Appeals, No. 174, 2004)
The Equal Employment Opportunity Commission (EEOC), in conjunction with the Food and Drug Administration (FDA), has issued guidelines for employers in the food service industry. The guidelines discuss the basic rights of employees in this job sector and offer examples for business owners in how they should handle disabled employees.
A recent report from the Subcommittee on Cybersecurity, Science, and Research & Development of the U.S. House of Representatives Select Committee on Homeland Security has proposed six recommendations for consideration by the Department of Homeland Security. These include the creation of an Assistant Secretary of Homeland Security in the department; and the development of a program and budget that will help the nation reach the goals of the National Strategy to Secure Cyberspace. @ Cybersecurity for the Homeland is available at SM Online.
With identity theft costing Americans billions of dollars each year, financial institutions are under pressure to make account information more secure. The Federal Deposit Insurance Corporation (FDIC) has issued a study of ID theft and account hijacking in which it outlines technological tools and other recommendations designed to mitigate this threat. @ Putting an End to Account-Hijacking Identity Theft .
EPA inspector general report looks at security of computer system known as SCADA that remotely controls water supplies
The Department of Homeland Security has awarded $9 million in grants to 12 information technology projects under the Information Technology and Evaluation Program (ITEP), which aims to improve information-sharing capabilities. The projects, selected from 113 proposals, include an Arizona program to enhance wireless security for first responders, a port security communications network in Rhode Island, and an XML-based facial imaging system for use by law enforcement and other first responders in North Carolina. @ Learn more about ITEP by visiting SM Online.
Protecting intellectual property rights may sound like arcana of interest to corporate attorneys rather than to law enforcement agents. After all, tracking down the sellers of fake watches or designer purses appears to pale in comparison to catching a murderer. A new report from the Department of Justice proves otherwise. By pointing to tangible consequences of intellectual property theft that go far beyond loss of profits, the study illustrates that finding those who violate intellectual property rights might just be a life or death situation.
A large IT project that ran into problems offers lessons for others who might want to embark on a similar journey. The project was called the Citizen and Law Enforcement Analysis and Reporting (CLEAR) system developed by the Chicago Police Department (CPD) and Oracle Corporation. The full report, Policing Smarter Through IT: Lessons in Enterprise Implementation, (Presentation 1, Presentation 2) is available through the U.S. Department of Justice's Office of Community Oriented Policing Services via SM Online.
The National Institute of Standards and Technology (NIST) has released a suite of updated software tools designed to evaluate the quality of fingerprint scans. NIST Fingerprint Image Software--Version 2 helps users ensure that fingerprints collected from criminal suspects, employees, visa applicants, and others are clear and distinct enough to be matched against fingerprints on file. Find out how to get a copy at SM Online.<
A June 2002 opinion by the Supreme Court granted public schools more leeway to test students for drugs randomly. How to do it appropriately was left to the schools. To aid the effort, the White House's Office of National Drug Control Policy (ONDCP) has finally released a guidance document to school administrators.
The DHS and the Department of Justice should fund research and training on law enforcement and private security cooperation. That's one of the recommendations from a national summit on security-police partnerships that was organized by the International Association of Chiefs of Police (IACP) and funded by the Justice Department's Office of Community Oriented Policing Services. A summary of the summit's recommendations has been published in a document that can be found on SM Online.
Exactly one year after 9-11, ABC News reported that a steel pipe containing a 15-pound cylinder of depleted uranium arrived from Istanbul, Turkey, in the United States, undetected by U.S. Customs and Border Protection (CBP). On the second anniversary of 9-11, ABC News reported that the same cylinder again eluded the CBP, this time arriving from Jakarta, Indonesia. The Inspector General of the Department of Homeland Security (DHS) was asked to investigate. The Inspector General found that CBP officials followed protocols and procedures that were "not adequate to detect the depleted uranium." An unclassified, abbreviated version of the report can be found on SM Online.
In the book Sign of Four, Sherlock Holmes tells Watson how to find the truth: Eliminate the impossible, and whatever remains, however improbable, must be the truth. Detectives have found a more direct way, according to an article by Susan H. Adams and John P. Jarvis, respectively a former FBI special agent and an FBI research specialist, in an article in the FBI Law Enforcement Bulletin. SM Online has the article.
Congressional leaders have finished work on the Homeland Security budget for 2005. The law sets budget priorities and conditions for border protection, maritime security, aviation security, and emergency preparedness programs.
The Homeland Security Department has announced that "The Transportation Security Administration (TSA), in consultation with the U.S. Coast Guard, will begin testing advanced explosives detection technology today as part of the Secure Automobile Inspection Lanes (SAIL) test project. The program will conduct explosives screening on automobiles boarding the Cape May-Lewes Ferry in Cape May, N.J."
When a cow with bovine spongiform encephalopathy (BSE) was identified in a Washington state slaughterhouse last December, it drew attention to how the U.S. Department of Agriculture (USDA) surveils cattle for the disease. At the time, the program aimed to test only 12,500 animals per year. After the discovery, the goal became to test more than 200,000 animals in a twelve- to eighteen-month period. The inspector general of the USDA has recently called into question whether even this expanded program will be sufficient. In an audit, the inspector general identified some of its limitations. For example, participation in the program is voluntary, so animal testing is not truly random. And while the USDA's Animal and Plant Health Inspection Service (APHIS) has the authority to collect samples from animals, it only exercises it at federally inspected slaughterhouses. In addition, APHIS's sampling plan may be flawed because it assumes that BSE is only a problem in the high-risk cattle populations (visibly sick cows); "other studies show that healthy-looking animals may also have BSE," the audit report states. Read the report and its recommendations on SM Online.
Much of the fear of "dirty bombs" is a fear of the unknown. Security managers who wish to educate employees can turn to a fact sheet from the National Academies and the Department of Homeland Security. It explains what dirty bombs are and are not, what they do, what danger they present, and how people can protect themselves. @ To download the sheet, go to SM Online.
After a ten-year plunge, the average national rate of U.S. property crime leveled off in 2003. Property-crime rates nudged higher from 2002 to 2003 in households in the northeast, south, and midwest. The rate declined slightly in the west, but that region maintains by far the highest rate of property crime. @ More data is available from the Bureau of Justice Statistics' ;Crime Victimization 2003.
An interim rule issued by the Department of Homeland Security proposes an expansion of the US-VISIT program-an automated system that records the arrival and departure of aliens, verifies aliens' identities, and authenticates aliens' travel documents through comparison of biometric identifiers-to the 50 most highly trafficked land border ports of entry in the United States. These land borders will be integrated into the US-VISIT program as they are identified by the department, with all 50 ports of entry to be identified no later than December 31, 2004. The rule also further defines the population of aliens who are required to provide biometric identifiers and other identifying information under the US-VISIT program.
president Bush has issued several executive orders to address some of the concerns about the intelligence community raised by the 9-11 Commission.
One order would establish a National Counterterrorism Center, although unlike the NCTC proposed by the 9-11 Commission, this one would be under the direction of the head of the CIA, who is also the Director of Central Intelligence (DCI), rather than the reverse. A second and related order strengthens the authority of the DCI.
http://www.whitehouse.gov/news/releases/2004/08/20040827-5.html
http://www.whitehouse.gov/news/releases/2004/08/20040827-6.html
One order established the President's Board on Safeguarding Americans' Civil Liberties (Board). The Board shall be part of the Department of Justice
http://www.whitehouse.gov/news/releases/2004/08/20040827-3.html
One order would establish requirements for information sharing among agencies regarding terrorism intelligence.
http://www.whitehouse.gov/news/releases/2004/08/20040827-4.html
A fact sheet summarizes the above four orders.
http://www.whitehouse.gov/news/releases/2004/08/20040827-13.html>
Another presidential directive addresses terrorist screening procedures (it gives agencies 75 days to submit proposals for how screening would be done, where it would be used, how mistakes could be corrected, and other issues).
http://www.whitehouse.gov/news/releases/2004/08/20040827-7.html
Another directive gives the Secretary of Commerce six months to promulgate a common identification standard for federal employees and contractors.
http://www.whitehouse.gov/news/releases/2004/08/20040827-8.html
The House Transportation Committee will be holding twohearings today to discuss the results of the September 11 Commission. This morning, the Aviation Subcommittee will meet to discuss issues such as intelligence, immigration, and border control. This afternoon, the Coast Guard and Maritime Transportation Subcommittee will hold a hearing on possible solutions to maritime security challenges. The issues to be discussed include biometric screening, intelligence dissemination, and counterterrorism strategies.
Sen. Pat Roberts (R-KS) chair of the Senate Intelligence Committee has announced the introduction of the"9-11 National Security Protection Act." Based on the recommendations of the 9-11 Commission report, the bill would create a National Intelligence Director position with complete authority over intelligence budgets and personnel. It would also move some human intelligence from the U.S. Defense Department and the CIA to an independent agency under this new National Intelligence Director. Democrats have criticized the bill, saying that any plan proposed by a single group is a step in the wrong direction and that a bill fashioned by both parties would be more appropriate. Roberts has responded that the "bill proposes a path to implement the important ideas recommended by the 9/11 Commission." Read theNY Times, andWashington Post
Congress is holding multiple hearings on the 9/11 Commission Report and on related issues concerning how to the government's intelligence community should be reformed. Among the most contentious issues is whether some control of budget, collection, or analysis of intelligence now handled by the Department of Defense should be given to a new National Intelligence Director. That issue was the focus of House Armed Services Committee hearings.
US Senate Committee on Governmental Affairs
US Permanent Select Committee on Intelligence (Announces hearing),
US Permanent Select Committee on Intelligence
US House Service Armed Committee Responding to recommendations from the 9/11 Commission President Bush yesterday (Aug 2) announced, "I'm asking Congress to create the position of a National Intelligence Director. That person -- the person in that office will be appointed by the President with the advice and consent of the Senate, and will serve at the pleasure of the President. The National Intelligence Director will serve as the President's principal intelligence advisor and will oversee and coordinate the foreign and domestic activities of the intelligence committee. Under this reorganization, the CIA will be managed by a separate Director. The National Intelligence Director will assume the broader responsibility of leading the intelligence community across our government."
The 9/11 Commission has issued its final report in which they begin by saying that the 9/11 attacks "were a shock, but they should not have come as a surprise." Link to theExecutive Summary or the full 585 page report.
The State Department has issued arevised report on global terrorism, showing the numbers sharply up, not down, as originally reported.
Appearing at a busy U.S. Port, Homeland Security Secretary Tom Ridgediscussed the progress being made in port security initiatives.
GovExec.comreports that "The Transportation Security Administration published guidelines Wednesday (June 23) for airports to use in deciding whether they want to return to using private passenger and baggage screeners for the first time since the Sept. 11 terrorist attacks."
The Department of Homeland Security< has announced (June 23) that it has launched in partnership with local private sector and the Federal Bureau of Investigation, "the first Homeland Security Information Network-Critical Infrastructure (HSIN-CI) Pilot Program in Dallas, Texas with locally operated pilot programs in Seattle, Indianapolis and Atlanta to follow."
DHS has announced that the Task Force on State and Local Homeland Security Funding through the Homeland Security Advisory Council, "delivered their report with findings and recommendations for expediting the flow of homeland security funds to ensure that our nation’s emergency managers, first responders and law enforcement officials get the federal funds they need, as soon as possible to protect their communities." Read the press release for a summary of findings and read the fullreport.
Senator Pete Domenici (R-NM) discusses The Homeland Security Information Technology Evaluation Program(ITEP), a joint project between the Homeland Security Department's chief information officer and Office of Domestic Preparedness. Its goal is to break down obstacles faced by law enforcement agencies trying to share vital information.
The Food and Drug Administration has announced the final rule establishing procedures for administrative detention of food under the authority of the Public Health Security and Bioterrorism Preparedness and Response Act of 2002 (Bioterrorism Act). This new authority applies to food for which the agency has credible evidence or information that it presents a threat of serious adverse health consequences or death to humans or animals.
Thee Department of Health and Human Services has announced awards of $498 million to states to improve hospitals' ability to respond to bioterror attacks and other disasters. Part of the money is going directly to four major metropolitan areas: New York City, Chicago, Washington, D.C., and Los Angeles.
The Department of Homeland Security (DHS) has issued Security Directives (SD) requiring protective measures to be implemented by passenger rail operators. They take effect May 23. "The measures instruct commuter, transit and inter-city passenger rail systems to comply with requirements that range from removing or replacing station trash cans to utilizing canine explosives detection teams," according to the DHS announcement.
The Department of Transportation (DOT) hasissued an interim final rule designed to protect the confidentiality of maritime security issues. The rule would protect sensitive security information submitted to the Coast Guard in vessel security plans. The DOT is requesting comments by July 19, 2004.
Attorney General John Ashcroft announced the launch of the National Criminal Intelligence Sharing Plan (NCISP), an initiative designed to link federal, state, and local law enforcement agencies so that they can share intelligence information to prevent terrorism and crime.
Secretary of Energy Spencer Abraham announced a set of sweeping new initiatives today to improve security across the Energy Department’s nationwide network of laboratories and defense facilities, particularly those housing weapons-grade nuclear material. The agency's press release reports that "The Secretary unveiled initiatives to expand the capabilities of DOE security personnel, including possibly federalizing some security units currently managed by contractors; consolidate sensitive nuclear material into fewer locations; enhance protections of classified computer information; upgrade security systems at key facilities; and make managers more receptive to security concerns."
Congressman Ike Skelton (D-MO), the Ranking Democrat on the House Armed Services Committee, received aresponse from the Pentagon concerning his request for information on private security contractors operating in Iraq. A GAO report is forthcoming.Letter to Rumsfield.
The Treasury Department has announced "a request for comments regarding the requirement of the Terrorism Risk Insurance Act (TRIA) of 2002 that the Secretary of the Treasury determine whether to extend the “make available” requirements of the Act into the third year of the program (i.e., through December 31, 2005). The Secretary of the Treasury is required to make this determination by September 1, 2004. Comments will be accepted for 30 days from when the notice is published in the Federal Register. The "make available" requirements essentially require that terrorism coverage be offered.
The U.S. Department of Homeland Security's Science and Technology Directorate announced "the release of the first comprehensive Statement of Requirements (SoR) document outlining future technology requirements for public safety wireless communications and interoperability," according to agency press release.
The United States is vulnerable to nuclear, biological, chemical, and radiological attacks. Pathways to the country via land, sea, and air are insecure. Critical infrastructures have few defenses. While this assessment seems to have been made in the weeks following 9-11, it is actually the current conclusion of the Democratic members of the House Select Committee on Homeland Security. A new report by these members documents gaps in intelligence, nuclear material protection, biodefense, and critical infrastructure protection, among others. Read America at Risk: Closing the Security Gap.
A review of applicants for security officer jobs in Illinois this past January shows FBI criminal history checks eliminated four times more applicants than did a state police check for crimes committed in Illinois. State checks elsewhere are likely equally deficient, testified ASIS Security Guidelines Commission Co-Chair Don Walker, CPP, in urging Congress to pass S.1743, the "Private Security Officer Employment Authorization Act of 2003."Supporting Walker's position were officials from the FBI, Westchester County (New York) District Attorney's Office, and the National Workrights Institute. Read the testimonies online. (Jeanine Ferris Piriro, Michael Kirkpatrick, Lewis Maltby )
Before 9-11, security information for water utilities was hard to come by; now that data is pouring from a wellspring of sources, including the Environmental Protection Agency (EPA), the American Water Works Association (AWWA), and the federally established Water Information Sharing and Analysis Center (W-ISAC). The value of these sources, however, runs hot and cold. Read the survey.
Think your job is a pressure cooker now? A recent bulletin from the Department of Homeland Security (DHS) suggests that your job--or at least one focus of it--may be a pressure cooker in the most literal sense. The bulletin warns homeland security officials that terrorists have been taught to create improvised explosive devices by packing TNT into pressure cookers, with at least four confirmed cases in which these cooking appliances have been used for these purposes. @ The bulletin, which is on SM Online, lays out protective measures, such as not transmitting radio signals within 50 feet of suspect pressure cookers.
Anyone who has taken beginner's Spanish knows the dangers of translating English expressions literally by, for example, saying "nada mucho" for "nothing much." It sounds the same, but the Spanish phrase actually has an unrelated meaning ("swims a lot"). As the United States becomes increasingly Spanish speaking, security and law enforcement personnel need to understand and communicate in that language. The National Institute of Justice eases the process with a new CD-ROM that guides viewers through English translations, phonetic spellings, and pronunciation in settings such as interviews and crime scenes. @ Order the CD via SM Online.
The U.S. Department of Transportation (DOT) has issued a study on the efficacy of electronic cargo seals. Called e-seals, these devices contain information about the container and its contents. The DOT study( Part I,Part II )
The U.S. Department of Transportation (DOT) has issued a final rule requiring that pipeline operators that convey hazardous liquids file an annual security report with the agency. The DOT will use the information to produce a national pipeline inventory, identify safety problems, and target pipeline inspections.
The Nuclear Regulatory Commission (NRC) has announced that it will shortly propose rules on specific security measures to be taken at those facilities that manufacture, transfer, sell, or possess radioactive materials. However, the NRC has issued a statement that the rules will not be released to the public due to national security concerns. Comments from affected facilities will also be safeguarded.
One persistent concern about policing is that officers are so burdened with paperwork and ancillary tasks that too much of their time is diverted from fighting crime. But some police forces are turning to the private sector for help: The real trend in the future will be contracting out the functions of public police that do not involve crimes or emergencies," writes Al Youngs, who heads the community resources division of the Lakewood, Colorado Police Department, in an article in the FBI Law Enforcement Bulletin.
In the week after the U.S. financial markets opened after the 9-11 attacks, the Dow Jones Industrial Average plummeted more than 1,500 points--or by almost 16 percent--and the already decimated NASDAQ dropped from 1800 to 1400. The strike showed how much disruption and panic terrorists could wreak to the heart of the U.S. financial system. Fearing a disruption to either of the two commercial banks that settle all trades and facilitate financing for all the major participants in the U.S. government securities market, the Federal Reserve Board formed a private-sector Working Group on Government Securities Clearance and Settlement to mitigate the risks of interruption. The working group has issued a report containing nine recommendations, all of which the Fed has endorsed.
In cop shows on television, investigators in an impromptu standoff with a suspect on a busy street invariably get the suspect to crack through the use of bravado. But that tactic is more likely to contaminate the fact-finding process in a real case, explains FBI Special Agent Vincent A. Sandoval in an article in the FBI Law Enforcement Bulletin. "Contamination occurs when investigators impede or negatively influence the interview process, thereby causing the subject to provide inaccurate information," Sandoval writes. In the cop show example, interviewing a subject on a busy city street with multiple onlookers is problematic, in part because the interviewers may misinterpret a reaction to a distraction as a reaction to a question. In addition, Sandoval writes, use of multiple interviewers often inhibits candid answers. While working in pairs can be effective, this technique must be thought through first. Also, detectives' use of aggressive behavior and an abrasive vocal tone often puts suspects on the defensive, Sandoval writes. He lays out a "funnel" model for interrogations that starts with open-ended questions, followed by specific closed questions.
TheTSA announces a partnership with Florida to implement ID system to improve port security in Florida.
One of the figures most frequently cited to demonstrate the uphill battle that the United States faces against terrorists is that only 1 or 2 percent of all imported cargo is inspected by the Department of Homeland Security's U.S. Customs and Border Protection (CBP). In an effort to improve security, the agency has been using a method called automatic targeting, in which certain cargo is selected based on a perceived level of risk. While the targeting system is helping in the fight against terrorism, it lacks key elements of a risk-management framework and is inconsistent with certain risk-modeling practices, according to Richard M. Stana, director of homeland security and justice for the U.S. General Accounting Office (GAO), who testified before the House Energy and Commerce Committee's Subcommittee on Oversight and Investigations.
"Get thee to a nunnery," Hamlet urged Ophelia, trying to shelter her from the world's troubles. Today, he might tell her, "Get thee to a university." According to the latest numbers from theU.S. Bureau of Justice Statistics, from 1995 to 2000, nonstudents were victims of about one-third more serious violent crimes--rape, robbery, and aggravated assault--than were their college student counterparts.
A cover story published by Security Management a year ago reported on various vulnerabilities to U.S. livestock, including concentrated farming practices, susceptibility to disease, inadequate security and surveillance, passive disease reporting, and insufficient veterinarian training. Those same factors and others loom just as large today, according to a report recentlyprepared by RAND's Peter Chalk for the Office of the Secretary of Defense. Chalk's report, Hitting America's Soft Underbelly: The Potential Threat of Deliberate Biological Attacks Against the U.S. Agricultural and Food Industry, also proposes new solutions in the form of several short- and medium-term policy recommendations.
The Department of Justice has announced that "Recoveries in suits and investigations of fraud against the United States for the fiscal year ending September 30, 2003, tallied a record $2.1 billion, the Justice Department announced today. This is a 75 percent increase over the prior year's recoveries ($1.1 billion) and brings total recoveries to over $12 billion since Congress substantially strengthened the civil False Claims Act in 1986."
The Federal Energy Regulatory Commission, Coast Guard and Department of Transportation today announced aninteragency agreement to provide for the comprehensive and coordinated review of land and marine safety and security issues at the nation’s liquefied natural gas (LNG) import terminals," reports a FERC press release.
The State Departmentreports that "United States and Liberia signed an agreement on Wednesday, February 11, on ship boarding in support of the Proliferation Security Initiative, a Presidential initiative announced last May. The boarding agreement provides authority on a bilateral basis to board sea vessels suspected of carrying illicit shipments of weapons of mass destruction, their delivery systems, or related materials. This is a tangible example of nonproliferation cooperation, which President Bush advocated in his speech yesterday at National Defense University. Liberia has the world’s second largest ship registry."
The Treasury Department announced today (Feb 20) that it had added the names of leaders and key figures of the Colombian narco-terrorist organizations, the Revolutionary Armed Forces of Colombia (Fuerzas Armadas Revolucionarias de Colombia, “FARC”) and the United Self-Defense Forces of Colombia (Autodefensas Unidas de Colombia, “AUC”)to the list of “Tier II” persons designated under the Foreign Narcotics Kingpin Designation Act (Kingpin Act). These persons are subject to the economic sanctions imposed against foreign drug cartels under the Kingpin Act.
Drinking-water utilities can now quench their thirst for security knowledge with a surge of new materials that can be used in planning for and responding to contamination threats. The U.S. Environmental Protection Agency (EPA) recently issued a "Response Protocol Toolbox" containing six "modules" that address planning a response to contamination threats and incidents before they occur. The six modules are guides to: water utility planning, contamination threat management, site characterization and sampling, analysis, public health response, and remediation and recovery.
Labor Dept. Guidance on Drug-Free Workplace
This month domestic and foreign food facilities must begin to comply with provisions of a new law aimed at preventing a terrorist attack on the food supply. Read the final rules, as well as FDA fact sheets .
One of the western world's biggest strengths is the robust, swift flow of goods, allowing just-in-time business operations. That strength is also a weakness--terrorists can move materials just as quickly as legitimate shippers. For this reason, and to address a host of other nonsecurity-related issues, the Transportation Research Board of the National Academies (TRB) has proposed that the U.S. Department of Transportation establish a national freight data network.
By 2005, all federal computer systems not designated as national security systems will have to comply with the National Institute of Standards and Technology's (NIST's) Special Publication 800-53, Recommended Security Controls for Federal Information Systems. It's likely that private-sector organizations will refer to these initial public comment, with written responses due by January 31, 2004.
To many laypeople, gangs embody the principle of "senseless violence." But according to a former Baltimore City Police Department detective, it is often gang members' aversion to senseless violence that helps police bring gangs to justice. Burns describes his experiences in a bulletin published by the Department of Justice's Bureau of Justice Assistance.
Violent crime and property crime are continuing their retreat. According to Bureau of Justice Statistics data, the 23 million victimizations reported in 2002 are the lowest since Justice began its National Crime Victimization Survey in 1973 (that year saw 44 million victimizations).
The Department of Homeland Security (DHS) has closed the comment period on regulations that would implement the Support Anti-Terrorism by Fostering Effective Technologies Act of 2002, also known as the SAFETY Act.
Of the 50 comments received by the DHS, several expressed concerns over the lack of a definition of the term "act of terrorism" in the regulations. Without a specific definition, many commenters interpreted an act of terrorism as the "design or intent to cause mass destruction, injury, or other loss to citizens." This could exclude smaller attacks such as car bombs, noted Marc Sands, vice president of Qualcomm Incorporated in San Diego.
This definition excludes products that are designed to prevent terrorist attacks, says Marjorie Powell, senior assistant general counsel for the Pharmaceutical Research and Manufacturers of America.
Several comments addressed the protection of intellectual property and trade secrets. For example, Bob Karl of Willis Global Aviation noted that the regulation does not explore the various laws that govern the disclosure of information given to the government.
Other commenters expressed concern that the proposed regulations do not define sellers broadly enough. As noted by Karen Hendon of SBC Affiliates in San Antonio, this language may leave others in the supply chain unprotected.
After reviewing the comments, the DHS may issue an interim final rule and seek additional input.
A proposed rule issued by U.S. Customs and Border Protection (CBP) would require that companies shipping goods into the United States give advance notice to the government.
Several government agencies--The Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision--have issued a joint proposed rule.
The idea of government agencies collecting vast amounts of information from citizens and sharing it with other government agencies has become a controversial one; witness the hue and cry about the Defense Advanced Research Projects Agency's (DARPA's) Terrorism Information Awareness Program, which proposed to mine intelligence and consumer data in a quest to prevent terrorism. Despite the controversies, states are taking steps to ensure that criminal-justice information is shared quickly and accurately among all those with a need to know. Read the report Concept for Operations for Integrated Justice Information Sharing
he National Institute for Standards and Technology (NIST) has issued guidance on developing performance measurements, called metrics, for information security controls and techniques.
Crime against public and private school students has dropped, according to a new report by the Justice Department's Bureau of Justice Statistics (BJS) and the Department of Education's National Center for Education Statistics (NCES). "Between 1995 and 2001, the percentage of students who reported being victims of crime at school decreased from 10 percent to 6 percent," the report states.
Nonverbal cues can be as telling as verbal statements during interviews. But studies have shown that "suspicious" nonverbal behavior is often completely innocent. Special Agent Joe Navarro, a member of the FBI's Behavioral Analysis Program of the National Security Division, has posited "an alternative paradigm for detecting deception based on four critical domains: comfort/discomfort, emphasis, synchrony, and perception management."
The Department of Homeland Security released an interim rule on port security, and the House Transportation and Infrastructure Committee's Subcommittee on Coast Guard and Maritime Transportation held a hearing on the rule to hear from industry regarding any business concerns. The final rule is expected to be issued by the end of October. Read all about the witness testimony.
U.S. Customs and Border Protection, an agency of the Department of Homeland Security, has published proposed regulations to obtain advance information concerning shipments of goods to the United States.
The Department of Homeland Security has submitted regulations that would implement the SAFETY Act to the Federal Register for public comment. The SAFETY Act is designed to encourage the development and rapid deployment of life-saving anti-terrorism technologies by providing manufacturers or sellers with limited liability.
Prostitution seems to prosper in even the harshest, least likely environments. The U.S. Department of Justice chronicles this and other community problem-solving partnerships, several involving school districts, in a new report.
The U.S. Department of Justice chronicles this and other community problem-solving partnerships, several involving school districts, in a new report.
A final rule implemented by the Research and Special Programs Administration (RSPA), part of the Department of Transportation, would require that shippers of hazardous materials develop security plans and security awareness training programs for employees.
In response to a congressional request, the Justice Department has released a report detailing its use of the surveillance powers granted in the USA Patriot Act of 2001. The report answers specific questions posed by lawmakers, including the use of law enforcement information in intelligence investigations, the rise in requests for emergency wiretaps, and the security of FBI information.
The U.S. Food and Drug Administration (FDA) has announced the publication of two proposed rules regarding food safety. The first rule would require that food companies keep records so that the FDA can track foods to their source in emergency situations--such as the release of contaminated food in a terrorist plot. The second rule identifies and delineates the FDA's new authority to isolate and stop shipment of any article of food that poses a threat of serious health consequences or death. The quarantine must be based on credible evidence.
The Department of Homeland Security has issued a CAPPS II Privacy Act Notice (CAPPS stands for "Computer Assisted Passenger Screening System.) The notice states that in response to comments to the proposal from an earlier notice limited developmental technical testing will occur with test data, including personal information on U.S. persons available from commercial databases, including those within and affiliated with the travel industry; and that concerns raised will continue to be considered during the testing and evaluation periods.
In 2002, both houses of Congress voted to allow pilots of passenger and cargo planes to carry arms in the cockpit. Cargo pilots were stripped of that ability before the law was passed. The wisdom of that move is still a battleground today, with industry officials coming down on either side of the issue during testimony before the Subcommittee on Aviation, House Committee on Transportation and Infrastructure.On the opposite side of the issue was Stephen A. Alterman, president of the Cargo Airline Association. Also testifying was Stephen J. McHale, deputy administrator of the Transportation Security Administration, was discussed the first crop of passenger pilots to be authorized to carry arms on board.
C/Net News.com also reports that "Representatives of the FBI's Electronic Surveillance Technology Section in Chantilly, Va., have met at least twice in the past three weeks with senior officials of theFederal Communications Commission to lobby for proposed new Internet eavesdropping rules."
By the end of this year, U.S. hazardous materials employers must develop and implement a security plan and train employees in security awareness. A good place for them to begin their efforts is a free CD-ROM security awareness training module made available by the Department of Transportation's Office of Hazmat Safety. @ Order it through SM Online. Also available is an online brochure that details DOT security guidelines and recommendations for enhancing hazmat transportation security.
In response to criticisms about the uses of the powers granted by the Patriot Act, the Justice Department has issued a one-page clarification, pointing out that the power to collect business records is limited, requires a court supoena, and is not aimed at U.S. citizens or garden-variety crimes.CNN.com reports that "The American Civil Liberties Union Wednesday filed the first lawsuit against the Patriot Act, the anti-terrorism law passed after the attacks of September 11, 2001." The article explains that "The lawsuit claims one section of the law authorizing searches of records, including those of businesses, libraries and bookstores, is unconstitutional."
The Washington Post reports findings from the 800-plus-page 9-11 report, which "is the result of months of hearings conducted last year and includes material from some of the 13 closed-door sessions with intelligence officials, as well as a synthesis of information generated in nine public meetings." It also notes that "portions of the report, including a section on the role of foreign governments, have been excised." Read the report.
The Department of Homeland Security has submitted regulations implemented the SAFETY Act to the Federal Register for 30-day public comment period. The SAFETY Act is designed to encourage the development and rapid deployment of life-saving anti-terrorism technologies by providing manufacturers or sellers with limited liability risks.
The Department of Homeland Security has released and interim rule on port security. Mandated by the Maritime Transportation Security Act of 2002, the rule addresses issues such as threat and security assessments, vessel security plans, and training for maritime security professionals. The interim rule will be available for comment until July 30 and a final rule will be issued by October 25.
The Council on Foreign Relations has issued a report critical of homeland security, specifically with regard to the funding of first responders. "Nearly two years after 9/11, the United States is drastically underfunding local emergency responders and remains dangerously unprepared to handle a catastrophic attack on American soil, particularly one involving chemical, biological, radiological, nuclear, or high-impact conventional weapons. If the nation does not take immediate steps to better identify and address the urgent needs of emergency responders, the next terrorist incident could be even more devastating than 9/1l," says the CFR, an independent think-tank. See the full report and media stories., an AP news report.
On July 24, the House Committee on Financial Services has approved H.R. 2622, the Fair and Accurate Credit Transactions Act. The bill would provide consumers with the tools they need to fight identity theft and to ensure the accuracy of their credit reports. Included in the legislation are provisions that would give consumers the right to one free credit report per year and access to their credit scores. The bill also includes provisions that would establish new fraud identification tools and help consumers limit prescreened offers of credit and insurance. It further provides significant new protections of consumers' medical information.
The Securities and Exchange Commission has adopted rules directing the national securities exchanges and national securities associations to prohibit the listing of any security of a company that is not in compliance with the audit committee requirements established by the Sarbanes-Oxley Act of 2002.
The USA Patriot Act and the Enhanced Border Security and Visa Entry Reform Act call for the National Institute of Standards and Technology (NIST) and other agencies to develop and certify technology standards for visa control systems. As part of that effort, NIST has developed and completed tests used for setting accuracy standards and certifying proposed fingerprint and facial biometric technologies (iris recognition technology was considered a promising candidate for future testing).
Faced with a high rate of thefts from cars from parking facilities in uptown Charlotte, North Carolina, the Charlotte-Mecklenburg Police Department implemented a long-term experiment in "problem-oriented policing" by looking at the issue in a comprehensive, in-depth manner rather than simply dealing with individual cases as they occurred. Several promising strategies were identified for reducing thefts from cars in uptown Charlotte's parking lots. Before any of these measures could be put into effect, however, thefts from cars in lots began to drop significantly. "The most likely explanation for the fall is that lots began to attract more attention from police and security patrols,"reads a report on the project written for the Justice Department's Community Oriented Policing Services.
The State Department's Student and Exchange Visitor Information System (SEVIS), used to track foreign students, has shown several "bugs," according to Princeton University President Shirley M. Tilghman. Among the problems are the frequent patches needed for the software and rising personnel costs associated with using the system. @ Tilghman's testimony before the House Committee on Science, along with testimony by the president of the American Council on Educationand testimony by the State Department's deputy assistant secretary for visa services.
The National Institute of Standards and Technology's (NIST's) investigation into the World Trade Center disaster has now been underway for more than six months, and headway is being made, according to preliminary assessments made available by the group. The NIST team has received access to technical data, including information developed for litigation purposes, that was not available to previous assessment teams.
Abortion, gun control, capital punishment, and affirmative action have long been hot-button political issues, sure to arouse strong feelings at their very mention. National identification is quickly joining that list, as the federal government considers a way to document every person living in the United States. A report by the National Electronic Commerce Coordinating Council (NECCC; an alliance of state government organizations, such as the National Association of State Chief Information Officers, that promotes electronic commerce) discusses some of the options and the political, economic, and social consequences of each.
FCW.com reports that "The White House released the final version of its National Strategy to Secure Cyberspace today, focusing on five priority areas and recommendations -- including the creation of a single national cyberspace security response system."
A quick-reference guide on dealing with radiation exposure has been prepared for public safety personnel by the National Law Enforcement Technology and Corrections Technology Center in cooperation with the Law Enforcement Technology Support Center at the U.S. Department of Energy's Savannah River Technology Center. Text version.
HHS Secretary Tommy G. Thompson today announced the adoption of final security standards for protecting individually identifiable health information when it is maintained or transmitted electronically. The complete text of both final rules will be available at the CMS website . The full text of the Addenda to the transaction modifications rule. More information about HIPAA standards is available at http://www.cms.hhs.gov/hipaa and http://www.aspe.hhs.gov/admnsimp/. A fact sheet summarizing the administrative simplification standards required by HIPAA.
The Federal Trade Commission (FTC) has unveiled a comprehensive Web site to help businesses and consumers alike stay safe online and avoid nuisances such as spam.
The first, "Guide to Selecting Information Technology Security Products," begins by explaining who's who in the IT department and what each member's responsibilities are. The second NIST report, "Guide to Information Technology Security Services," strives to clarify the complexities involved with selecting, implementing, and managing IT security services for an organization.
Emergency management operations centers rely on software to manage crisis information and coordinate response by public safety agencies. Evaluating commercial emergency management software can be a tricky task, however. With that in mind, the National Institute of Justice (NIJ) recently published a report comparing features of 10 such products.
One of the most crucial decisions facing school administrators concerns whether and how to respond to bomb threats. A school that routinely evacuates may seriously disrupt class time and trigger threats by students seeking a day off. Disregarding the credible threat, however, could be devastating. So how can schools distinguish between the hoax and the credible threat? An article in the FBI Law Enforcement Bulletin points to four factors: credibility, evidence of commitment, ability, and motive.
The "Pentagon Area Common Information Technology Wireless Security Policy" covers confidentiality, integrity, authentication, nonrepudiation, and availability.
The Federal Emergency Management Agency (FEMA) has rolled out a new Web site designed to assist first responders when disasters strike.
Draft regulations released by the Federal Aviation Administration (FAA) that would require drug and alcohol testing of workers involved in aircraft maintenance have drawn criticism from airlines and contractors. The regulations would require that all contractors who perform "safety-sensitive" aircraft maintenance "at any tier" would be required to undergo preemployment drug and alcohol screening. Employers would need to verify a negative drug test before allowing an employee to start work. The most frequent comment, however, was that the proposed program would be too costly and would not improve aviation safety. For example, Mike Thompson of Pacific Propeller, Inc., noted that the rule did not include the basis for the policy change, nor did it identify any accidents, incidents, or defects resulting from drug or alcohol abuse by employees of maintenance providers. Absent this clarification, Thompson argued, the significant cost for the industry could not be justified.read the proposed rule and public comments.
The U.S. Environmental Protection Agency has announced that it will withdraw plans to develop security regulations for the chemical industry under the Clean Air Act. However, a new amendment (S.A. 4608) to the homeland security bill (H.R. 5005), introduced by Sen. James Inhofe (R-OK), could bring the responsibility for such security regulations under the proposed office of homeland security.
Total U.S. spending for homeland security in fiscal year 2003 is expected to top $100 billion. A study commissioned by the Technology & Homeland Security Summit outlines the opportunities for vendors to target security systems sales to various government agencies. For instance, local governments are seeking secure interjurisdictional communications platforms. @ Get the study via SM Online.
This past June, the U.S. Supreme Court ruled on a case that effectively expanded the scope of permissible student drug testing from athletes to all students participating in competitive extracurricular activities. Since public schools' authority to test for drugs is now much broader than ever, there is a greater need for clarity on the issue. Thus the recent release of a report by the Office of National Drug Control Policy (ONDCP) called What You Need to Know About Drug Testing in Schools.
The Pentagon's Total Information Awareness (TIA) data-mining technology research project, which has been widely criticized in the press for its potential to be misused, was discussed in a State Department briefing November 20. Read the transcript excerpt and media report.
The White House has issued today (Sept. 18) a draft of The National Strategy to Secure Cyberspace, which is open for comment until November 18, 2002. Dick Clarke, the President's Assistant for Cybersecurity, has said that ASIS International will be asked to help in putting those meetings together. ASIS was also involved with the earlier series of meetings. The document notes that eight more town hall meetings will also be held around the country to solicit input. The draft strategy expresses a reference for voluntary cooperation of individiuals and private industry, rather than for cybersecurity standards set as mandates through legislation or regulation. It refers to six tools: awareness, training and education, partnerships with private enterprise, federal leadership, and crisis management (early warning and information sharing).The plan suggests that large companies may want to form a corporate security council consisting of the chief operating officer, the chief information security officer, the chief security officer, the chief risk officer, the chief privacy officer, and the chief official responsible for physical security. The plan is now available for comments and review .The House Committee on Transportation and Infrastructure held a congressional oversight hearing on Sept 5 that will focus on the security of procedures employed by all 50 states in issuing driver’s licenses, and new efforts undertaken by states since September 11th to curtail criminal acquisition of licenses.
The House of Representatives and the Senate have approved and the president has signed into law a bill (P.L. 107-204) that increases penalties for corporate fraud and imposes greater oversight on accounting firms. The law is an amalgam of two bills--H.R. 3763 and S. 2673.
The Health and Human Services Department has issued a final rule addressing the privacy rights of persons with regard to their medical records. The rule concerns the handling of medical records and other personal health information maintained by certain health care providers, hospitals, health plans, health insurers and health care clearinghouses. Under the rule, patients must give specific authorization before entities covered could use or disclose protected information in most nonroutine circumstances, such as releasing information to an employer or for use in marketing activities. Improvements to the final rule, which takes effect in April 2003, strengthen the marketing language to make clear that covered entities cannot use business associate agreements to circumvent the rule's marketing prohibition.
The Gramm-Leach-Bliley Act (GLB), which regulates the privacy of customer records maintained by financial institutions, also contains a different set of information security requirements, referred to as "financial institution safeguards." A new paper by Recourse Technologies, which provides threat management solutions to online businesses, provides a thumbnail view of the required information security measures.
This month, the White House Office of Cyberspace Security will release the first draft of the national strategy for cybersecurity.
In this FBI Law Enforcement Bulletin article, Bulzomi notes that investigations against U.S. citizens abroad by U.S. and foreign authorities may be "joint ventures," requiring foreign officials to comply with American legal standards.
Eleven federal courts have decided to allow access to criminal case files over the Internet as part of a pilot program by the Judicial Conference of the United States, which makes policy for the federal court system. The conference is expected to review the pilot program next month. More information about PACER and the list of participating courts.
Several DVDs and videos on cybersecurity topics are now available through the Department of Defense's Information Assurance Support Environment. The training products, which include titles such as "CyberProtect," a video-game-like network efense exercise, are unclassified and available at no cost. Although prepared primarily for military and government audiences, approved educational institutions and private organizations can receive most of the products.
What types of criminals are most likely to be repeat offenders? According to a study on recidivism by the U.S. Bureau of Justice Statistics (BJS), 79 percent of car thieves released from state prisons in 1994 were rearrested within three years, followed by those possessing or selling stolen goods (77 percent). Other crimes with high rates of recidivism were larceny (75 percent) and burglary (74 percent). Those with the lowest rearrest rates had been previously incarcerated for homicide and sexual assault (41 percent each).
Guide from the Department of Justice discusses the main types of graffiti--such as gang-related, ideological, and "artistic tagger"--as well as their features and the motives underlying them.
The Federal Trade Commission (FTC) has issued a final rule that sets standards for the technical and physical security standards that financial institutions must enact to protect customer information. The standards take effect May 2003.
Among the common vulnerabilities identified during the world's collective security reassessment after 9-11 are air ducts and heating, ventilating, and air conditioning (HVAC) systems. Chemical, biological, or radiological agents introduced into such a system could wipe out a building's population. To bring businesses up to speed on the threat, the National Institute for Occupational Safety and Health, of the U.S. Department of Health and Human Services, has issued recommendations on physical security, ventilation, maintenance, and other measures.
In six months, the use of metal detectors at a Detroit hospital prevented the entry of 33 handguns, 1,324 knives, and 97 mace-type sprays. ID badges and color-coded passes used at a New York hospital resulted in a 65 percent reduction of reported violent crimes over 18 months. These reportscome from an overview of violence in hospitals prepared by the National Institute of Occupational Safety and Health.
The Department of Justice's Office of the Inspector General has released a report calling for the department (DOJ) and private contractors to develop contingency plans to deal with a long-term disruption of service.
Much of what ultimately determines the success of a security officer is how he or she deals with conflict, especially how he or she chooses to pursue and apprehend a criminal suspect. Although directed toward law enforcement officers, an article in a recent issue of the FBI Law Enforcement Bulletin written by two FBI behavioral scientists and an FBI criminal justice instructor offers advice on this topic that can be applied to the private security officer.
Background checking isn't the only domain where criminal history records and terrorism intersect. Criminal justice repositories must consider the possibility that a terrorist attack could wipe out all their data. The Justice Department's National Criminal History Improvement Program (NCHIP)recently surveyed the states to determine whether and in what form they kept backups of this data.
Fifth and sixth graders were much more likely to join and remain in a gang when marijuana was readily available in their neighborhood, according to a study of Seattle youth conducted by the University of Washington for the Department of Justice.
Two new publications from the National Institute of Standards and Technology (NIST) have been released. The first, "Underlying Technical Models for Information Technology Security," is a description of the technical foundations that provide a base for secure IT. The second, "Guideline on Network Security Testing," describes a methodology for using network-based tools that can expose system vulnerabilities.
An article written by a captain in the Lo