The State Department wasn't the only agency that launched a group blog this week. The Federal Citizen Information Center (FCIC), part of the General Services Administration's Office of Citizen Services, went online this week with GovGab. (The FCIC, according to its Web site, "provides the answers to questions about the federal government and everyday consumer issues whether citizens write, call or log on.”)

“The purpose of our blog is to highlight government services and information that many people may not know about and show them how to use it in their everyday lives," according to an email Government Executive received about the blog. GovGab’s five bloggers so far have written about online apartment hunting resources, international travel tips, lost luggage, free online photo services, and saving energy.

Another new blog comes from Department of Homeland Security Secretary Michael Chertoff, who started blogging Sept. 12. In the first entry of his blog Leadership Journal, Chertoff wrote, "I’ve started this journal to open a dialogue with the American people about our nation’s security."

In that blog post, titled "Is 9/11 Fading?," Chertoff also writes, "I know these family members [of passengers killed on the planes used in the terrorist attacks] and responders will never forget what happened to our country six years ago. I am concerned, however, that for some Americans, the reality of 9/11 is fading."

Right off the bat, Chertoff seems to have met his goal to open a dialogue with Americans. That first post had received 33 comments by this afternoon. The comments ranged from avid support ("The fact that there has not been another terrorist attack on America since 9-11 speaks well of you and your department. Thank you," an anonymous commenter wrote) to sharp criticism ("[E]verytime an illegal alien escapes across our border and assaults our children ,we Americans are reminded about 9/11 and the terrorism your dept , does not protect us from. We live in fear," wrote jorge, and "Why do you think people are finding it harder and harder to believe anything you say?" wrote durandel.).

In another blog post, Chertoff takes on a New York Times editorial criticizing DHS for a poor organizational policy for FEMA. Chertoff’s latest post is about privacy. ("We view privacy as a fundamental human right and that’s why preserving it is an integral part of our mission.") The only commenter as of this afternoon links to a sharp critique of Chertoff's post.

So far, most comments in the Leadership Journal blog reflect an American public fearful, frustrated and skeptical about DHS' ability to fight terrorism. How Chertoff and DHS use this feedback (understanding that most people who comment are motivated by negative emotions, not positive ones) will determine how successful the Leadership Journal blog is. That goes for State's DipNote and the less controversial Gov Gab.

Think security on government networks is inferior to the security found on corporate networks? Well, you may want to consider this article posted by InformationWeek, in which convicted hacker Robert Moore talks about how easy it was to hack into 15 telecommunications companies and hundreds of businesses. The 23-year-old hacker was able to get into the systems through well known security holes. Most of the holes could have been plugged with available patches or by following basic security practices taught in any information security introductory course.

Hacking into these business systems was “so easy, a cave man can do it,” Moore said. Moore found that 70 percent of all corporations he scanned had a known security vulnerability that would allow him into a network. Moore was looking for ways into networks to steal voice over IP services.

The No. 1 security hole Moore found? Companies using default passwords. A quote from the interview:

“I'd say 85% of them were misconfigured routers. They had the default passwords on them,” said Moore. “You would not believe the number of routers that had 'admin' or 'Cisco0' as passwords on them. We could get full access to a Cisco box with enabled access so you can do whatever you want to the box. We also targeted Mera, a Web-based switch. It turns any computer basically into a switch so you could do the calls through it. We found the default password for it. We would take that and I'd write a scanner for Mera boxes and we'd run the password against it to try to log in, and basically we could get in almost every time. Then we'd have all sorts of information, basically the whole database, right at our fingertips.

Not managing known security holes is among the top security mistakes organizations make. Government Executive magazine recently published a series of articles on the subject: here, here and here.

As if the Census Bureau didn't have enough risks to manage for the upcoming 2010 decennial census, now the bureau has to worry about not being able to conduct its dress rehearsal. In a New York Times editorial yesterday, the paper laid out the consequences of a stop-gap bill to fund the operations of the federal government through November. That means no funding for the Census Bureau's decennial dress rehearsals, which are critical for testing business processes and, most important, new handheld computers it plans to use to help count the population. Already, the handhelds present numerous risks to the bureau, according to a Government Executive magazine article published this summer, and not being able to test them only exacerbates the problem.

So much so, that the stop-gap funding measure "would virtually guarantee a flawed census," the Times concludes. "Especially imperiled by a funding delay is a contract for the hand-held computers that the bureau intends to use for the first time in 2010," the Times points out.

This post was updated at 2:09 pm, Thursday, Sept. 27.

Update: The State Department now has made it clear on its Web site how to access its diplomatic group blog, Dipnote. Look for this link in the middle of the page:

This post was updated at 12:43 pm, Wednesday, Sept. 26.

Update: It looks like the State Department did launch its Dipnote blog yesterday, as promised, with the hope that "Dipnote will provide you with a window into the work of the people responsible for our foreign policy, and will give you a chance to be active participants in a community focused on some of the great issues of our world today." The site is already attracting comments, with 18 comments posted so far. Entries include one from Tara Rigler, a civil servant working as the Deputy Press Attaché at U.S. Embassy in New Delhi, India, on what it's like "to live overseas for the U.S. Department of State." Another post from Kristen Silverberg, assistant secretary for International Organization Affairs, who writes about the U.S. agenda at the United Nations.

The public has commented on most of the blog posts. "Brianna in Wisconsin" wrote in response to Dipnote's question of the week ("What should determine who should be allowed to possess nuclear technology and who should not?"), "If one country is able to posses nuclear weapons I feel another country should be able to, to. Fair is fair we don't govern the world and we should stop acting like we do."

And Joe wrote in response to the blog's introduction, "We'll see if this is gonna be another partisan hack job."

Now, if State could just make it easier to find Dipnote.

The original post follows:

As reported by the Associated Press, the State Department intended to launch yesterday a group blog written by "senior [State Department] players in Washington and abroad." Called "Dipnote," the blog, according to the AP, aims to give an insiders view into the diplomatic process and a way for Americans to comment on foreign policy. State intended for the first blog items to be written on "the annual [United Nations] meeting in New York City and the role that the department's diplomatic security agents play in protecting the foreign dignitaries that swarm Manhattan for the event," according to the AP.

But Dipnote does not appear on the State Department Web site, and a search does not return any results. Blogging Lesson One: For those who blog, finding time in a busy day to write frequent posts is the first challenge. We're sure it was a long day for the security agents.

The following item was posted by Government Executive Senior Correspondent Katherine McIntire Peters.

The country’s schizophrenic approach to immigration was on full display this week. On Tuesday, Homeland Security’s Citizenship and Immigration Services (USCIS) bureau rolled out an enhanced version of its E-Verify program, an electronic screening tool aimed at identifying illegal workers during the hiring process. Employers participate in the program voluntarily, at least in most states. The day before the rollout, the Justice Department filed suit against the state of Illinois for passing a law that essentially blocks employers from enrolling in the program.

The Illinois law puts Homeland Security in the impossible position of enforcing a federal law that has been invalidated by the state. As Emilio Gonzalez, director of USCIS, observed during a briefing with reporters, “You either want us to enforce the law or you don’t.” Presumably that depends on whom you ask.

Information security managers in government, corporations and universities are about as frustrated as they can get in trying to find ways to tighten network security and protect privacy. (Just last month, as posted in Tech Insider, a well respected cybersecurity expert from Georgia Tech figuratively threw up his hands, saying securing the Internet against cybercrime isn’t going to happen.)

But the gloomy outlook hasn’t stopped security experts from trying new approaches. The University of Toronto this year launched the Identity, Privacy and Security Initiative (IPSI), which includes two related interdisciplinary masters level programs: a Masters of Professional Engineering and a Masters of Information Studies with concentration in security, reports InterGovWorld.com.

The program’s chair, Dimitrios Hatzinakos, says security managers have not been trained in programs that combine identity, privacy and security technology, processes and management. “Most of them are self-trained after they joined companies, but they have never been trained to have a holistic understanding of security,” according to the article.

Ontario's Information and Privacy Commissioner, Ann Cavoukian, said:

The IPSI program will not only educate future generations on how to build privacy into technology, but it will also hopefully develop a culture of privacy, a way of thinking that is committed to better information management and the protection of privacy. Even the most advanced technologies and the most rigorous privacy policies will not be wholly effective if organizations do not accept the protection of privacy as part of their institutional culture.

Changing culture. Not sure if a masters degree is the tool that can make that happen.

So, you think you can sing like Jordin Sparks or Taylor Hicks? (If you’ve forgotten already, those are the two latest winners of American Idol.) Now’s your chance to prove it. Force3, a government information technology contractor that designs and builds computer networks for military medical facilities worldwide, has been running a singing contest since Sept. 1 for federal government workers. The company invites federal workers on its IT Idol Web page to video their singing performances and email them to ITidol@force3.com. Force3 says it will upload the performance on YouTube and invite America to pick a winner. Force3 will announce a winner each Monday beginning Sept. 10. “The only rules,” according to Force3’s Web site, “are you must work for a federal agency and you must be wearing clothes.” The winner’s prize: a week of free pizza.

But maybe pizza isn’t enough of an enticement. So far, no videos have been posted and no winners have been announced, as far as Tech Insider can tell. There’s still time, however. The contest runs until Oct. 1.

News that a special agent with the Commerce Department's Office of Export Enforcement was indicted yesterday by a federal grand jury for accessing a government database to track the travels of a former girlfriend raises the question: Just how often do federal employees misuse government computers? For sure, the case of Benjamin Robinson, a 40-year-old special agent for Commerce who had been with the department for 10 years is rather extreme. He accessed the database 163 times, lied to his supervisors and threatened his former girlfriend's life. It’s not the only one. Another extreme case of improper use of a government computer was posted in Tech Insider here. (I urge you to read the comments that accompany the item to get a complete picture.)

Discussing the former case with a source who has spent nearly 30 years working and consulting on federal IT projects here in Washington, D.C., tells me that this is just the tip of the iceberg. Of course, we hear about the more egregious, yet infrequent, abuses. But this source says less serious misuse, such as accessing private information for purely prurient interests and using powerful government applications for personal use is, if not common, widespread. In an upcoming "Managing Technology" column in Government Executive Magazine, a long-time General Services Administration employee says that the GSA has a well-publicized policy of monitoring Internet and network use, but it is widely known among employees that the logs are rarely scanned, leaving no check against misuse. I'll post a link to this story when it is published.

What's your experience at your agency or contractor's office of employees improperly using or accessing government databases or applications? Is it widespread? Let us know by clicking the comment link below.

News that a government agency or corporation exposed private information such as Social Security numbers is rather common these days. The public routinely asks, "Why can't organizations take more care in securing my personal information?"

One reason may be that agencies use personal information such as the Social Security number as part of their everyday work in processing information, making it difficult to not expose personal information. For example, the Department of Veterans Affairs recently installed software that scans each outgoing email for Social Security numbers. Under the VA's security policy, servers will block from being sent emails that contain Social Security numbers. In one month, 7,000 emails that the software determined could possibly contain a Social Security number were blocked, according to Robert Howard, assistant secretary of information and technology at the VA, who testified today before the Senate Committee on Veterans' Affairs.

That may seem like a lot. But looking at it another way, it's surprising that only 7,000 emails were blocked (which, of course, most likely includes some false positives.) According to the VA's Web site, the VA has 244,032 employees. If each employee sends on average, say, 100 emails a month (that's about five emails a day), that would mean less than 0.03 percent of all VA emails contained a Social Security number. And that doesn't include emails that VA contractors sent. However, Howard did not tell the committee if all VA emails are scanned, which if not, would increase the percentage of emails containing a Social Security number.

Nevertheless, for those who have their personal information exposed because it was emailed out of an organization's firewall, no solace can be had knowing it was highly unlikely.

Want to know what a knowledgeable private-sector chief information officer for a large health system thinks about the task that faces the departments of Defense and Veterans Affairs in trying to share electronic health records? The following is what John Glaser, vice president and CIO for Partners Healthcare in Boston, had to say about it. (Glaser was testifying at today's hearing of the Senate Committee on Veterans' Affairs. Sen. Daniel Akaka, D-Hawaii, the committee's chairman, asked Glaser what the private sector experience was with sharing electronic health records, or EHRs, at the scale of what the VA and Defense are trying to do.)

"A common EHR? That's interesting to me," he said. "That's a codeword for, 'You got to be kidding me.'"

Glaser then said a common EHR can be created, but it has to be closely managed by properly assigning resources and people's time.

The University of Michigan and ForeSee Results released its latest quarterly American Customer Satisfaction Index for federal Web sites today, and the overall score for federal Web sites has remained fairly level. The third-quarter 2007 score for the 91 government Web sites measured dropped 0.5 percent to 73.3, a score that hasn’t changed that much for the past two years.

What’s interesting, however, is that the sites that dominate the top 10 are sites operated by the Social Security Administration, such as the Internet Social Security Benefits Application site and the Help with Medicare Prescription Drug Plan Costs site, and several operated by the National Institutes of Health, including the National Library of Medicine’s MedlinePlus and the site operated by the National Institute of Diabetes and Digestive and Kidney Diseases.

In fact, out of the 19 federal Web sites that score 80 or higher in the satisfaction index, 13 (or two-thirds) relate to health or retirement (namely Social Security).

The University of Michigan and ForeSee Results, which calculates the index, reports in the press release announcing the scores that the sites that do well have four characteristics in common: “total commitment to meeting the public’s diverse needs; recognition by management of the web’s strategic value; using ‘voice of the citizen’ data as an improvement tool; and focus on the mission of citizen service.”

But could something else be at work here? The National Institutes of Health and the Social Security Administration manage programs that are extremely popular with the public, as any member of Congress can tell you. Could some of that popularity spill over to their Web sites? Also, health and money (retirement) are top of mind issues with the public. Could that interest influence the scores, too?

But then how do you explain the CIA’s recruitment site receiving such a high mark – an 81? Well, one could argue that defending the nation against terrorism and other threats is a health and a top-of-mind issue.

The Defense Department inspector general released a report last week that shows despite releasing over the past year a grand total of 36 investigations and reports on Defense’s managerial shortcomings in information assurance weaknesses, Defense still has real problems with information security basics.

Investigations conducted between Aug. 1, 2006, and July 31, 2007, by the Defense IG, the Army Audit Agency, the Air Force Audit Agency and the Naval Audit Service repeatedly found problems with system access control, safeguarding of privacy information, poor security policy and procedures, training and education, according to the latest IG report, which is a bibliography of sorts of all the other info sec reports.

A total of 15 reports over the past year identified problems with system access control, the Defense IG said, including allowing unauthorized users to gain access to protected health information covered by the Privacy Act and “For Official Use Only” information.

Ten reports over the past year covered Privacy Act violations, and it seems that the message not to throw documents containing protected privacy information into the trash still needs reinforcement.

The audit agencies also identified weaknesses with security policies and procedures in 33 reports and poor security training, awareness and education in eight reports.

“Without adequate security program management and security polices and procedures in place, DoD cannot provide and maintain appropriate security for managing, protecting and distributing information,” according to the Defense IG.

Add this stark view to threats posed by Chinese zombie computers and it looks like Defense really needs to work on network defense.

After some big information security scares – stolen laptops, lost hard drives and reports of hackers gaining access to networks – government agencies responded over the past year by beefing up their security practices, according to a worldwide security survey released last week. The Global State of Information Security survey, conducted by CIO and CSO magazines and PriceWaterhouseCoopers, found government security managers worldwide had added more security staff and processes to their business practices. But governments as a whole still lag the financial industry, which leads all others in putting in place security strategies and technologies.

Among the highlights from the security survey:

-- The percentage of government organizations employing a chief security officer increased from 56 percent in 2006 to 72 percent in 2007. (86 percent of financial industry organizations employ a CSO.)

-- Percentage of government agencies that had an overall security strategy: 42 percent in 2006 vs. 60 percent in 2007. (71 percent in the financial industry.)

-- Continuity or disaster recovery plan in place: unchanged from 2006 to 2007 at 55 percent. (Financial industry: 71 percent.)

-- According to the survey, 38 percent of government organizations said they had standards and policies in place for mobile and handheld devices, and only 60 percent said they encrypted the data in transmission to and from the devices. Less than half – 44 percent – encrypt data at rest and only 39 percent encrypt data on laptops.

Overall, security in government agencies is improving, say PWC security experts, but it is slow. Very slow, they say.

Sun Microsystems Federal Inc., which has been the subject of a congressional inquiry into possible contracting abuses, plans to cancel its General Services Administration Multi-Award Schedule Contract by Oct. 12, according to an email sent by a public relations firm handling Sun Microsystems Federal.

According to the statement released by 463 Communications in Washington, D.C.:

We can confirm that Sun has notified the U.S. General Services Administration (GSA) that it is canceling its current GSA Multi-Award Schedule Contract effective October 12, 2007. We took this step reluctantly, as we have always valued our relationship with GSA and its team of committed professionals. Sun and GSA have enjoyed a successful relationship as partners for a number of years during which Sun has provided government agencies with some of the industry's most innovative, energy-efficient, open source and secure computing systems.

Sun remains honored to be a federal contractor and, like other companies in our industry who do not have a GSA multi-award schedule, we look forward to continuing to serve our government customers.

Asked if the inquiry by Sen. Charles Grassley, R-Iowa, who has asked for documentation on how much Sun has charged the government for its products, was the reason for Sun's decision to cancel its GSA schedule, a spokesman initially said, "Yes, it is in relation," but added that he would provide a further statement later.

According to a Government Executive article on the subject:

The review involves a contract extension awarded to Sun in September by GSA. The contract has faced scrutiny partly because House Oversight and Government Affairs Committee Chairman Henry Waxman, D-Calif., called GSA Administrator Lurita Doan to testify about her alleged meddling during the business dealings.

At a March hearing, GSA Inspector General Brian Miller stated that Doan and her top staff intervened in negotiations with Sun, going against the judgment of three career contract officers and choosing a higher-priced offer from Sun.

An article posted yesterday by New Scientist (full article requires a subscription) appears to have serious implications for those who use encryption to secure information, which means everything that underpins online banking, e-commerce – and what secures most government information. Two researchers – one in Australia and another in China – have come one step closer to building a “laser-beam quantum computer” capable of breaking common encryption, according to the article abstract.

The article requires more than a passing knowledge of computer science and mathematical theory, as well as the ability to understand Shor’s algorithm, which involves prime number factorizing. New Scientist does provide an explanation of Shor’s algorithm.

But it doesn’t take a mathematician or physicist to understand the implications; most IT managers should get it. From the New Scientist: “Both groups have built rudimentary laser-based quantum computers that can implement Shor's algorithm - a mathematical routine capable of defeating today's most common encryption.”

If you can shed light onto this development, Tech Insider invites you to click the comment link below and share your thoughts and opinions.

Hat tip: Slashdot

Yesterday, Lurita Doan, head of the General Services Administration, announced an ambitious plan to have half of the agency's eligible workforce teleworking by 2010. Yes, the ambitious part may be convincing more GSA employees to telework. (Only 10 percent of those eligible do so now.) The ambitious part also may be overcoming managers’ fear that employees will goof off and be less productive (although many studies indicate employees are more productive).

The most ambitious part of the effort may very well be the hazard involved – the risk of information security. Near the end of the Government Executive article on Doan’s announcement was this paragraph:

Later, Joseph Hungate, the chief financial officer and former chief information officer for the Treasury Department's inspector general for tax administration, told the audience that the top risk with telework is not "some technology" but "someone." In other words, the greatest danger is staff not following security policy.

Many news organizations last month reported on the fact that security wasn’t a big concern among federal security managers, according to a study. The Telework Exchange, an advocacy group that sponsored the telework symposium, released a study in August that concluded that “94 percent of federal chief information security officers [CISOs] do not consider official telework programs a security threat.” (The study was funded by computer manufacturer and federal supplier HP.)

Still, CIOs like Hungate and CISOs are reluctant to embrace telework because few agencies (and corporations, for that matter) invest in the technology, including information security hardware and processes, needed to make telework digitally safe. In a blog item on telework posted in July for CSO Magazine, Dan Lohrmann, citing the GSA report with the title “Telework Technology Cost Study,” writes:

One big take-away from this study is that to save money with telework, we require “real” initial investment. This may seem obvious, but I’ve lost count of the number of times that business areas have pushed for telework programs with a $0 budget.

Basically, they wanted employees to use home PCs. That was it. No laptops, no home network checks for security, nothing.

Of course I just said no – and tried to explain the risks and the laws we need to enforce. But again, that makes security the Party Poopers. Not good. We generally end up with the same slower approach that the feds have used, because no one wants to make big upfront investments.

All this still leaves the fear that employees inadvertently will leave sensitive information exposed while teleworking. As has been posted in Tech Insider before, creating effective security policies and then providing the necessary training on those policies is seriously lacking in agencies and, as Hungate points out, likely is holding back many government managers from embracing telework more.

For those supporting telework, the wait to see more agencies embracing it may be a long one. In its annual Global Information Security Survey, released just this week, CIO Magazine reports that 61 percent of public-sector organizations do not require employees to complete training on the organization's privacy policies and practices.

That’s more than 50 percent, as in 50 percent of eligible employees teleworking by 2010.

The Air Force Space Command’s Space and Missile Systems Center has hit another speed bump in the development of the next-generation Global Positioning System satellites. But to find out, you need to start the day reading, and then deciphering, obscure contract notices on the GSA’s Federal Business Opportunities Web site.

Last week the Space and Missile Systems Center announced it intended to award sole source contracts to Boeing and Lockheed Martin, which are competing for the multi-billion GPS III contract, for something called “GPS Phase A Sub System Risk Reduction.”

Buried in that contract notice is the speed bump: a line that says that the GPS III Key Decision Point-B has been delayed from August until December. If you want to know what that means, it’s easy to find out if you happen to have, hanging around the office, a copy of chapter 39, Title 10 of the U.S Code, section 2366a.

That code says, in quite plain English, that any major Defense Department project cannot proceed unless higher-ups in the Pentagon determine that the program is affordable, that its technology has been demonstrated in a relevant environment and the program demonstrates a “high likelihood” of accomplishing its intended mission.

In the case of GPS III, this includes a constellation of higher powered satellites that have jam-resistant capabilities for military users and new civilian signals to support civilian users, such as the FAA, which plans to base its new air traffic control system on GPS.

The Space and Missile Systems Center sugar-coated this delay by saying that the Risk Reduction contracts awarded to Boeing and Lockheed will provide them with additional time for system design work, including mature space system design and navigation payload subsystem design.

But time is running out if the Air Force wants to design and build GPS III satellites to replace those satellites on-orbit within six years. The Government Accountability Office reported this April that among if the first GPS III satellite is not launched by 2013 “constellation sustainment will be at risk.”

The Risk Reduction contract notice from the Space and Missile Systems Center indicates that it may be difficult to meet a 2013 launch date. It asked Boeing and Lockheed to provide it with life cycle cost estimates “consistent with a high confidence, low-risk capability insertion program plan for a FY 2014 launch availability” and additional cost estimates for an accelerated launch availability before FY 2014.

Anyone want to bet the first GPS III bird will be launched in 2013?

You typically don’t associate the Space and Naval Warfare System Command with armored vehicles, but it turns out the command’s Space and Naval Systems Center in Charleston, S.C., plays a key role (page 46) in the final assembly of vehicles designed to protect troops in Iraq against Improvised Explosive Devices.

SPAWAR installs all the command control gear for the Mine Resistant Ambush Protected (MRAP) vehicles at the Charleston facility, according to Steve Davis, a command spokesman. Davis declined for security reasons to provide me with any details on C2 equipment used in the current generation of MRAP vehicles.

But, the statement of work included in the solicitation (from the Marine Corps Systems Command) for the next generation of MRAP vehicles reveals that each of the new MRAP IIs could be stuffed with enough comm gear to take care of an infantry battalion.

The statement of work says each vehicle could be equipped with a wide range of communications gear including multiple radio and satellite systems. The satellite systems eyed for use in the MRAP II include the Movement Tracking System from Comtech Mobile Datacom, which supports two-way text messaging and the ROVER III receiver from L3 Communications, designed to receive battlefield video feeds from manned and unmanned aircraft.

Terrestrial radio systems planned for the MRAP II include workhorse, VHF Single Channel Ground Airborne Radio Systems manufactured by ITT and other companies, the multi-band (including UHF satcom) AN-VRC 103 from Harris, and the AN-VRC 104, an HF radio widely used by the Marines.

Other C2 gear planned for installation in MRAP IIs include the secure Defense Advanced GPS Receiver (from Rockwell Collins) and the satellite-based Blue Force Tracking System from General Dynamics.

The once-a-Marine radio operator in me can hardly wait to test drive a new MRAP II stuffed with all these goodies.

Bids for the MRAP II are due Oct. 1, and, according to the Marines, potential bidders include vehicle manufacturers such as AM General and Oshkosh Truck, as well integrators such as Lockheed Martin Systems Integration Group and BAE Systems.

French government officials say they are now the fourth victim of cyberattacks originating from China, saying the attacks are similar to those reported by other countries. In the past three weeks, government officials in Germany, the United States and the United Kingdom have claimed that cyberattacks on government systems have originated from China. Chinese officials have denied they are behind the attacks. French officials were careful not to implicate the Chinese government as the source of the attacks.

What was once thought to be theoretically possible is no longer. The Justice Department has arrested a Seattle man charging him with using peer-to-peer software to snoop through personal computers to commit identity theft, according to an Associated Press article. Gregory Thomas Kopiloff used the peer-to-peer software LimeWire to steal personal financial information stored on individuals' computers. The Justice Department said it is the first case in which someone used peer-to-peer software to commit identity theft.

LimeWire allows users who have downloaded the software the ability to primarily share music but it can also be used to share any file on the computer. Many users are not aware of the risk that LimeWire and other peer-to-peer applications present. In a hearing this summer, Rep. Henry Waxman, D-Calif., grilled Lime Group CEO Mark Gorton about how the peer-to-peer software, which had been downloaded onto government computers, put sensitive government information at risk of theft. Here’s a related Tech Insider post on the subject.

According to the AP, Kopiloff used LimeWire to steal identities this way:

When other users might search on LimeWire for "Madonna," Kopiloff would search for "federal tax return," or for student financial aid forms or other financial information, [assistant U.S. attorney Kathryn] Warma said. And instead of getting access to a few hundred files containing "Like a Virgin" or "Papa Don't Preach," he would get a few hundred files containing tax returns.

He would vet his victims before opening accounts in their name, ensuring they earned at least $150,000 a year and had good credit, Warma said.

In what may prove to be prescient, Rep. Darrell Issa, R-Calif., during the summer congressional hearing on peer-to-peer software, warned Gorton about lawsuits if LimeWire is proved to be used to steal identities. According to a ZDNet article:

Rep. Darrell Issa, R-Calif., warned Gorton that LimeWire's practices may open the company up to serious legal liability.

“Would it surprise you if you have a string of lawsuits for inherent defect in your product if people like Charlie Mueller of Missouri finds out he's lost his IRS filings and feels he's been damaged?” Issa asked.

Gorton repeatedly defended his company's practices and said he wasn't aware of the extent to which national security information was being accessed through his network.

LimeWire strives to make its product easier to understand and is working on a new version even more tailored to the “neophyte” user, Gorton said. The software incorporates a number of warnings intended to stave off inadvertent file sharing, he added. For instance, pop-up messages appear when users attempt to share folders, such as the all-encompassing “My Documents” folder and the root directory, which are considered likely to contain sensitive information.

“A lot of the information that gets out there now is because people accidentally share directories that they wouldn't mean to share clearly," Gorton said. "Those warnings are not enough, at least in a handful of cases.”

This may be one of those cases.

First the Chinese government was accused of hacking into German government networks. Then they were accused of infiltrating Pentagon systems. Now government officials in the United Kingdom say they have found evidence of Chinese cybersnooping in its networks.

While the Chinese government denies they are behind the hack attempts, media reports indicate governments are alarmed about the attacks. But most cybersecurity experts who closely follow international cybersecurity issues acknowledge that these kinds of cyberattacks aren't really new. In fact, one expert in Washington, D.C., known for his careful use of language when it comes to describing the threat of state-sponsored cyberattacks, told me a year ago that almost anything worth stealing in commercial and government networks (with the exception of top-secret, classified information) has already been stolen. It's too late to close the barn door because the cows have already escaped.

Yes, the cyberattacks are more "flagrant and brazen," according to a security expert quoted in an Associated Press article. But the expert says such attacks have been going on for more than four years.

The difference now, the AP reports, is that the political stakes have been raised. What will the response be?

At first blush, a law the California Senate passed seems a bit paranoid. Last week the California Senate passed by a 28-9 vote a bill to ban the implantation of a Radio Frequency Identification (RFID) tag in anyone who objects to the practice, according to an article posted by InformationWeek. The bill's sponsor, Sen. Joe Simitian, D-Palo Alto, calls the forced implantation of RFID tags into humans as "the ultimate invasion of privacy." Wisconsin and, oddly, North Dakota (which isn't known for leading the nation in technology-related legislation) also have passed similar laws.

It's difficult to imagine any individual, company or government agency forcing someone to be tagged. But then again, in 2004 the Food and Drug Administration approved the VeriChip RFID tag, which could be used for human implantation so that clinicians could obtain an individual's medical history if that person is unconscious. Mexico's attorney general and 18 staff members have the implanted chips, and a total of about 2,000 individuals have, presumably, agreed to be implanted, according to the article. The military is considering using the chip, and the military is known for insisting on certain requirements that infringe on the privacy of troops.

But forcing employees to have the chip implanted? That seems unlikely, until you consider CityWatcher.com, a Cincinnati video surveillance company. (Note: I could not access any Web site with that address.) However, the company is cited in several articles (vnunet.com, dailytech.com, WorldNetDaily, and the Associated Press) as having injected RFID chips into two employees who work in the company's secure data center. (WorldNetDaily also reported in 2005 that Tommy Thompson, former secretary of the U.S. Department of Health and Human Services, pledged to have a subcutaneous RFID chip injected into his arm to prove it was safe. Thompson served on the board of directors of Applied Digital Solutions, maker of the VeriChip.)

Even though the Citywatcher employees agreed to the implantation (and Thompson did end up having a chip implanted), it seems less far fetched that workers could be coerced into having a chip implanted as a requirement for employment.

For decades, studies of income levels have shown that the more education you have, the more money you earn. Now, add computer literacy to that relationship, according to a study conducted by the Centre for the Economics of Education in London. "The authors found the rate of return on computer use is between 3 percent and 10 percent, with the actual percentage dependent on 'unobserved differences and individual unobserved ability,'" according to an article posted by ComputerWeekly.com.

Those workers who have mastered word processing, email and programming tend to earn more than those who haven't, according to the study. Also, workers who completed more tasks that required a computer tended to earn more money. I guess the future looks bright for the just-graduated college students, most of whom have easily mastered those skills, as well as many other ones. Wonder how much knowing how to text message is worth.