washingtonpost.com  > Technology > Technology > Tech Policy E-letter

Cyber-Security Deputy Chief or Chief Deputy?

Wednesday, October 13, 2004; 10:40 AM

For a minute there Tuesday, it seemed like Homeland Security Secretary Tom Ridge had drained all controversy from the cyber-security debate. According to one of our sources, and then an Associated Press wire report, Ridge told an industry group that advises the White House that the U.S. cyber-security chief's role should be elevated to that of assistant secretary.

That, of course, is exactly what everyone in the computer security world has been wanting to hear. For too long now, the position has been relegated to one of relative unimportance. That placement has prevented other people who acted as cyber-security point man from getting the authority to insist on securing the nation's critical computer networks from outside attack. It also has turned the position into one of the least enviable in the department. Note, for example, the most recent brain-drain moment when security executive Amit Yoranquit the job this month.

_____Recent E-letters_____
President Ponies Up for Cyber-Security (washingtonpost.com, Oct 20, 2004)
There's a New Cyber-Security Chief in Town (washingtonpost.com, Oct 6, 2004)
Voting the Virtual Way (washingtonpost.com, Sep 29, 2004)

As things turn out, Ridge wasn't quite on the money, said Homeland Security spokesman Brian Roehrkasse. As The Washington Post reported, "Roehrkasse said that despite Ridge's comments, final details on the title and responsibilities of the elevated position had not been decided."

Instead of being a new assistant secretary -- on a level equivalent to the National Cyber Security Division chief's boss -- the job title will be "deputy assistant secretary," an anonymous source told The Post. Ah yes, a title that combines guts and glory...

For the time being, Andy Purdy, a longtime deputy to the deputy in the cyber-security division, will serve as interim ... deputy.

Hawking Spyware

The Federal Trade Commission has defined the apex of "online chutzpah," and its name is Sanford Wallace. The one-time "spam king" who in the 1990s pioneered the use of bulk e-mail in trying to ruin our online lives is back again. This time he, along with two companies, is facing FTC charges that he duped Internet users into buying anti-spyware programs by installing spyware on their computers without their consent.

The spyware, the FTC said in its lawsuit, would open the computer's CD-ROM tray and display a message on the monitor that read: "FINAL WARNING!! If your cd-rom drive(s) is open you DESPERATELY NEED to rid your system of spyware pop-ups IMMEDIATELY!" Consumers who responded to the message were prompted to buy programs called Spy Wiper or Spy Deleter for about $30 each.

The lawsuit, filed last week in the U.S. District Court in New Hampshire, does not say whether the anti-spyware programs really cleaned up other spyware software. Sometimes spyware pop-up ads urge people to download anti-spyware programs that in turn insert ... you guessed it, spyware, on their computers. There is also no word yet on how many victims bought into the scheme.

The House of Representatives, meanwhile, passed two bills that would punish spyware purveyors with fines and up to five years in jail. Those bills still require Senate approval and so far the Senate's leading spyware man, Conrad Burns (R-Mont.), favors legislation of his own.

Old Line State's Hard Line on E-Voting

Maryland elections officials face a lawsuit from a group of electronic voting activists who insist on their right to monitor polling places on Election Day. The group, TrueVoteMD, had an agreement with the state attorney general's office to monitor the use of touch-screen voting machines throughout Maryland. The AG's office broke the agreement after learning that the group also wanted to post volunteers outside the polls to warn voters about the dangers of the machines. The only problem? There's a law that says people can't "electioneer" and "campaign" within 100 feet of the polling place. TrueVoteMD co-founder Linda Schade insists this isn't what they're doing. Now it's up to a federal judge in Baltimore.

Robert MacMillan, washingtonpost.com Tech Policy Editor

© 2004 TechNews.com