Microsoft's security, identity integration plan dragging

Microsoft executives say the company's ambitious plan to integrate security and identity software is progressing slower than hoped but that the foundation for the work will be set early next year. "It is fair to say that getting this done in non-trivial," says Bob Muglia, president of Microsoft's server and tools business. "It is taken us perhaps a little longer in some areas then we would like, but we are pretty excited about the progress that we are seeing." The evolution of Microsoft WindowsMuglia says Microsoft is in the final test phase with ForeFront Identity Manager 2.0, which is one foundational element of the platform. It was previously known as Identity Lifecycle Manager. "This ties together the identity management across an organization and enables the foundation for security configurations and security policies that run on top." Muglia says. Identity Manager is slated to ship early next year. In April, Microsoft detailed a long-term security strategy that will see it combine its identity management efforts with its Forefront security products built for clients, servers and the network edge.

Microsoft plans to pull together Active Directory, Forefront software, third-party products and tie it all together with the forthcoming Forefront Protection Manager console (formerly called Stirling), a centralized management panel for all the Forefront security products also slated to ship in early 2010. Analysts have called the effort an ambitious plan that will challenge Microsoft to build coherent security architecture. The company plans to integrate its security and identity products under the Forefront brand, offer software-as-a-service versions and present it all as a layered defense of access and control for its corporate infrastructure software. Microsoft officials say the identity and security message is a natural outgrowth of last year's corporate reorganization that merged two business groups - Identity/Access and Security/Access - into the Identity and Security Business Group. "We don't see ourselves as providing the only solution that an enterprise customer needs for security; we see ourselves providing a broad foundation of security services that a company can rely upon," Muglia says. "Then we can work with the rest of the industry to meet the specific needs as they might have for their given organizations on a security basis." The foundation starts with Active Directory and its ability to manage identities and credentials and to integrate with the cloud via Active Directory Federation Services and the Windows Identity Foundation (formerly Geneva) when it ships near the end of this year. On top of that is the protection layer Microsoft will add that includes, among other tools, antivirus and antimalware capabilities housed in the Forefront products. Active Directory includes policies and privileges that extend to the edge of the network and are managed by Forefront Identity Manager.

Microsoft's Forefront lineup includes Forefront Endpoint Protection 2010 (formerly Forefront Client Security), Forefront Protection 2010 for Exchange Server (formerly Forefront Security for Exchange Server), Forefront Protection 2010 for SharePoint (formerly Forefront Security for SharePoint), Forefront Online Protection for Exchange (formerly Forefront Online Security for Exchange) and Forefront Threat Management Gateway Web Security Service (successor to ISA Server 2006). The unifying piece is Forefront Protection Manager, which ensures all the tiers are integrated and combined with security assessment data from third-party products. And Microsoft has said third-party partners would develop for Protection Manager, including Brocade, Juniper Networks, Kaspersky, Tipping Point and RSA. It's a heady slate of software and services, all built or acquired by Microsoft and its partners, that needs to come together into a logical whole. Protection Manager also will tie in with System Center Management tools, including Operations Manager and Configuration Manager. In April, Scott Crawford, an analyst with Enterprise Management Associates, said, "Microsoft has taken on a substantial challenge." Follow John on Twitter: twitter.com/johnfontana

Ten signs from companies that point to an upturn

With unemployment high and an outlook that's improving but still uncertain, the best responses coming out of the big tech companies about the immediate future is tempered optimism. But some of the more interesting clues about what's ahead for tech many be in the results of companies with a more specialized market focus. IBM's recent assessment that the economy has " really stabilized " may have best summarized expectations.

Here are 10 data points about the most recent third quarter. 1. If there's one industry to watch next year, it is clean technology. For instance, SunPower Corp.'s third quarter revenue was $466 million compared with $298 million in the second quarter. The federal government stimulus package set aside billions for a sector that's already heating up. That compares to $378 million in the third quarter of 2008. Its share price may have taken a hit on a lower outlook, but the company's career page lists 60 job openings. 2. Venture capital investments are increasing. There was a decline of 3% in the overall number of deals, according to report from PricewaterhouseCoopers LLP and the National Venture Capital Association. In the third quarter there was $4.8 billion in 637 deals, a 17% increase in terms of dollars from the prior quarter, driven by clean tech investments.

The slight decline in deals, from 657 in the prior quarter, may mean a shift to longer term investments, according to the industry association. 3. Hynix Semiconductor Inc., a memory chip maker in Seoul, on Monday reported a net profit of $207 million for the third quarter after seven consecutive quarters of losses. Revenues were $2.2 billion, a new record for the Lake Forest, Calif.-based company. 5. Last week, Riverbed Technology Inc.'s third quarter revenue was $102 million, an increase of 12% from $91 million from the second quarter and an increase of 18% from $86.5 million from the same period a year ago. It was also a 26% increase over the previous quarter. 4. Hard drive maker Western Digital Corp. said last week that it had finished it most recent quarter with 44.1 million hard drive shipments compared to 39.4 million shipments in the year ago quarter. The San Francisco-based company makes WAN optimization technology, which helps improve application response times, something SaaS (software as a service) applications, in particular, need. 6. Infinera Corp. revenues for the third quarter were $83.4 million, compared to $68.9 million for the second quarter this year, a 21% increase. It makes InfiniBand and Ethernet connectivity products. 10. Intel Corp. is a good company to end this list because its outlook on chips, with third quarter revenue of $9.4 billion, was up $1.4 billion from the prior quarter, and IT spending helped set the stage for an improving outlook.

The Sunnyvale, Calif.-based company makes digital optical networking systems sold to carriers and said its results demonstrated that customers are investing again. 7. Splunk Inc., a privately held company in San Franciscisco that produces a tool for searching, analyzing and troubleshooting IT infrastructure, said its year through third quarter revenue was $26.6 million, compared to $13.1 for the same three quarters last year. 8. Apple Computer Inc. sold 3.05 million Macs during the third quarter, a 17% increase over the year-ago quarter, evidence that for consumers, some things are indispensible. 9. Mellanox Technologies, Ltd., a company based in Sunnyvale, Calif. and Yokneam, Israel, reported $32.7 million in third quarter revenue this month, a 29% increase over its second quarter revenue of $25.3 million. It sees "momentum."

Gartner raises global chip forecast on strong PC sales

Gartner raised its revenue forecast for the global chip industry on Monday due to stronger than expected demand for PCs and mobile phones, as well as government stimulus programs that have boosted demand for chips. The revised figure is an improvement over Gartner's previous forecast calling for a drop of 17.1 percent to $212 billion. The market researcher predicts global chip revenue will reach US$226 billion this year, down 11.4 percent from $255 billion last year. Gartner also raised its projection for 2010, saying chip revenue will rise 13 percent to $255 billion, matching the all-time-high from 2008. The researcher had previously forecast 10.3 percent growth next year to $233 billion.

The strong recovery in PC demand has made microprocessors and DRAM two of the strongest performers in chips 2009, Gartner said. The new forecast marks the second time Gartner has increased its global chip outlook in less than three months. "The semiconductor market's recovery is well under way, and the outlook continues to improve as semiconductor suppliers post outstanding quarterly results," Gartner analyst Bryan Lewis wrote in a report on Monday. "PCs are the single largest application driving the semiconductor rebound: PC unit growth projections dramatically improved from double-digit declines at the start of 2009 to the current low-single-digit positive outlook," he added. DRAM in particular began to be profitable in the third quarter for some companies after almost three years of losses. Despite the positive news, Lewis warned that recent industry checks indicate PC orders may be slowing earlier than expected and that 2010 may get off to a slow start.

Verizon revenue up slightly in third quarter

Verizon Communications reported revenue of US $27.3 billion for the third quarter of 2009, up 10.2 percent from a year earlier, but up only 0.6 percent if revenue from the January acquisition of competitor AllTel is taken out. Gains in the quarter were largely driven by growth in mobile customers and subscribers for Verizon's Fios fiber-based broadband and television service. Verizon's net income for the quarter was $2.9 billion, down from $3.2 billion in the third quarter of 2008. Adjusted earnings per share were $0.60, beating analyst expectations of $0.59, according to Thomson Reuters.

Verizon CEO and Chairman Ivan Seidenberg cited free cash-flow growth that is 16 percent higher in 2009 than in 2008 as a highlight of the quarter. Verizon Wireless revenue was $15.8 billion for the quarter, up 24.4 percent over last year, or 4.9 percent on a pro forma basis. Free cash flow for the quarter was $10.7 billion, up by $3.3 billion from the third quarter of 2008. "Verizon continues to generate strong cash flow, which we have used in building the foundation for sustainable, long-term share-owner value," he said in a statement. "Even through the worst of the recession, we have continued to raise our dividend and to add new customers, expand markets and grow revenues based on the power and innovation of Verizon's wireless, broadband and global networks." Verizon reported 89 million mobile customers at the end of the quarter, with 1.2 million net additions, excluding acquisitions and adjustments. Wireless data revenue grew to $4.1 billion, up 28.9 percent on a pro forma basis. The company now has 3.3 million Fios Internet customers, up 49.2 percent over a year ago, and 9.2 million broadband subscribers, including DSL (Digital Subscriber Line). Wireline revenue overall was $11.6 billion, down 4.8 percent from the third quarter of 2008. Verizon also saved money by cutting about 5,000 employee and contractor jobs, 4,000 in its wireline division, during the quarter, said John Killian, executive vice president and chief financial officer.

Verizon's wireline division added 198,000 new Fios Internet customers and 191,000 new Fios television customers. The company expects to cut another 4,000 jobs in the fourth quarter, he said. The bad U.S. economy "continues to create headwinds" for the company, but Verizon is taking steps to keep costs down, Killian added. "I'm confident that when the economy gets better, we will see improvement in our results," Killian said during a conference call.

New H-1B hiring bill takes aim at tech firms

The two lawmakers who successfully added H-1B hiring restrictions to the financial bailout bill earlier this year have introduced legislation that would bar any firm that lays off 50 or more workers from hiring guest workers. Bernie Sanders (I-Vt.) and Sen. This legislation, introduced by Sen.

Charles Grassley (R-Iowa), could potentially affect a broad swath of tech firms that have laid off large numbers of workers but continue hiring. In February, Grassley and Sanders moved to prohibit any financial services firm that received money from the Troubled Assets Relief Program (TARP) from hiring H-1B holders. The high-tech industry overall has laid off more than 345,000 workers since August 2008, according to the two senators in the unveiing of what they called the Employ America Act. "With the unemployment rate over 10%, companies that undertake mass layoffs shouldn't need to hire foreign guest workers when there are plenty of qualified Americans looking for jobs," said Grassley, in a statement yesterday. That blanket restriction on hiring wasn't adopted, but Congress did agree to automatically make any firm receiving TARP funds "H-1B dependent." A company is considered H-1B dependent if more than 15% of their workers are on the H-1B visa, but the TARP restriction applies regardless of the percent of visa holders on the payroll. With the Senate expected to receive an immigration overhaul bill early next year, the prospects for any H-1B-related legislation is uncertain and probably unlikely to pass.

Companies that are H-1B dependent must, among the things, make good faith efforts to hire U.S. workers first. Grassley and U.S. Sen. That provision is aimed at Indian outsourcing firms . The legislation also sets higher salary standards for visa workers as well as anti-fraud provisions. Dick Durbin (D-Ill) introduced the H-1B and L-1 Visa Reform Act of 2009 earlier this year (S.887) that would set a number of restrictions on H-1B use, including the so-called 50-50 provision that would prohibit any firm with more than 50 workers from having more than half workforce on H-1B or L-1 visas. Conversely, U.S. Rep.

The Sanders-Grassley bill would apply as well to companies hire workers on the H-2B visa, which is used in occupations such as construction, health care, food service, among others. Jeff Flake (R-Ariz.) has proposed legislation that would to increase the H-1B cap and that would exempt foreign graduates of U.S. Ph.D. programs from counting toward a cap on H-1B visas. The bill wasn't available online Thursday.

Trial to begin in economic espionage case involving China

A jury trial is set to begin in a somewhat rare trade-secret theft case in which federal prosecutors are trying to prove that two engineers misappropriated trade secrets from a U.S. technology company to benefit China's government. The law was passed in response to a perceived need to protect U.S. trade secrets and intellectual property from foreign government-sponsored theft. The case is being prosecuted under a rarely used provision of the Economic Espionage Act (EEA) of 1996, which deals with the theft of trade secrets for the benefit of a foreign nation. There have been only five cases so far in which individuals have been indicted under this provision in the EEA. Last June, Xiaodong Meng, 44, a software engineer born in China, became the first to be sentenced under the law.

The current case is being heard in U.S. District Court for the Northern District of California and involves Lan Lee, a U.S. citizen and Yuefei Ge, a Chinese national. Meng was sentenced to two years and ordered to pay a fine of $10,000 after he pleaded guilty to, among other things (PDF document), stealing at least six source-code products and more than 100 other software components from his employer, Quantum 3D Inc. Both individuals were arrested in June 2006 for allegedly stealing trade secrets from their employer, NetLogic Microsystems (NLM), and another company, Taiwan Semiconductor Manufacturing Company (TSMC). They are accused of then using the stolen information to establish a start-up and of having tried to get funding for it from a Chinese government initiative called the "863 program." Both men have pleaded not guilty to the charges against them. The case is significant because to win, prosecutors will need to prove that the defendants knew their alleged theft would benefit the government of China, said Todd Sullivan, partner with Womble Carlyle Sandridge & Rice, PLLC. That is different from most trade-secret theft cases, which involve prosecution under a separate provision of the EEA that criminalizes domestic espionage, he said. "The government has to prove that a foreign government, foreign instrumentality, or foreign agent was involved," in the theft in order to win a conviction, Sullivan said. Jury selection in the case began today and the trial is set to begin on Wednesday.

It is unclear what kind of evidence the government has in its possession to back-up its allegations in this case, he said. Prosecutors alleged that the pair planned on using the misappropriated software to develop and market microprocessors in China and elsewhere via a company called Sico Microsystems Inc, which Lee had established in 2002. Prosecutors say documents found on computers belonging to Lee and Ge established a link between Sico and China's 863 funding program. But based on the fact that prosecutors are pressing ahead with the trial, they appear to believe they have the evidence linking the thefts to China, he said. "I am assuming the government has e-mail communications, or telephone conversations, between these employees and agents of the Chinese government," Sullivan said. "Or maybe they have payments going from a Chinese institutions to the engineers." Court documents filed in connection with the case allege that between May 2002 and July 2003, Lee and Ge illegally downloaded and installed on their systems components of TSMC's software that NLM was using to develop microprocessor products. One of the documents found on Lee's computer was a business agreement between Sico and a Beijing-based venture capital firm in which both parties agree to tap the 863 program for funds. The 863 funding program was apparently set up by China to encourage technology development in the country, especially in areas such as communications, laser technology and military applications. Another document talked about a plan by Sico to bid on a project in China on the 863 plan, while another one was a business plan seeking close to $4 million from the 863 program.

The indictment papers, however, stop short of directly making any allegations against China, other than implying that the allegedly misappropriated trade secrets would benefit the country.

Boise State ditches Cisco DNS

Boise State University, the largest university in Idaho, has replaced its aging Cisco Network Registrar software with appliances from BlueCat Networks that it says are easier to manage and less expensive to operate for Domain Name System  and Dynamic Host Configuration Protocol services. The fiber-optic backbone network is being upgraded to 10G Ethernet in December, with 100Mbps bandwidth to the desktop. Boise State's network links more than 170 buildings spread across its 175-acre campus in downtown Boise.

The network carries data and voice traffic, and it supports 2,300 IP-based phones. But when it comes to core network infrastructure services such as DNS and DHCP, the university decided Cisco's Network Registrar was too expensive to operate. Boise State is a Cisco shop; the university uses all Cisco switches, routers, IP phones, wireless access points and wireless controllers on its network, which supports 21,000 students, faculty and staff. Case study: The Google-ization of Bechtel   Boise State isn't the only organization to discover that it could save money by switching from DNS software to DNS appliances. Boise State had the same problem.

The Nevada Department of Corrections recently bought DNS appliances from BlueCat rival Infoblox to replace DNS software from Novell that was requiring too much time from network administrators. Until this summer, the university was running an old edition of Cisco Network Registrar - Version 5.5, which was at the end of its life - on a Windows server for its DNS and DHCP services. "It was very limited as far as what was actually in the database for DNS and DHCP, and what you could see through the [graphical user interface]," says Diane Dragone, network engineer at Boise State. "There was no easy way to see what was really in the database except through command line tools." In addition, Boise State had to do custom coding in order to make this older version of Cisco Network Registrar work with all the vendor tags needed for DHCP. Boise State needed to upgrade the Cisco Network Registrar software, but that option was too expensive, Dragone says. Dragone explored several alternatives, including DNS software from Novell, Microsoft and Men & Mice. Cisco ended support for Cisco Network Registrar Version 5.5 in May 2006, and it is now selling Version 7.0 of the software. "We didn't want to pay the price for upgrading the software; it became extremely expensive," Dragone says. But eventually she zeroed in on appliances, and ended up testing devices from BlueCat and Infoblox. The retail cost of the two appliances was $26,000. "It came down to cost," Dragone says. "Plus, there were a couple things in the [interface] of the management system that I liked better, but they were very small." Dragone said installation of the Adonis 1000s was easy. "I spent a few weeks on my own learning the interfaces on the Adonis system, the GUI interface and the command-line interface, until I had a good comfort level.

Boise State bought two BlueCat Adonis 1000 appliances, which are set up to be redundant to each other. Then I did a testbed of two small buildings…to roll them onto the system for DNS and DHCP so we could test our Active Directory integration and our VoIP to make sure we had no issues," she explains. She says she can patch the appliances in the middle of the work day, rather than scheduling off-hours maintenance. Dragone said it took three weeks to migrate the entire campus network to the DNS and DHCP services from the BlueCat appliances. "We had no helpdesk calls as a result of the conversion," she says. "People didn't really know it happened." Dragone's favorite features of the Adonis system are the search capabilities and the instantaneous replication between the master and slave systems. Boise State hasn't experienced any outages or other significant problems with the BlueCat appliances. "I have no complaints whatsoever," Dragone says. "I like all the reports that you can look at.

That has really come in handy." Operating modern appliances is a lot easier than keeping aging software running, Dragone says. "There are savings headache wise," Dragone says. "I spent an entire week in December trying to figure something out that never got resolved. The other thing I really like is the tool for checking your DNS database before you deploy your configuration. There were a lot of band-aid fixes on the old system to the point where we were shuffling around where the DHCP was coming from." Cisco declined to comment for this article. Among BlueCat's higher ed customers are UC Berkeley, UCLA, the University of Michigan and the University of Calgary. Branko Miskov, director of product management at BlueCat Networks, says more universities like Boise State are migrating to appliances for DNS and DHCP services. This segment now represents more than 10% of BlueCat's sales. "We've actually had some pretty significant traction in the higher ed market…in the last 18 months," Miskov says. "They're a little more diverse in terms of the feature sets they use, whereas a lot of enterprises are pretty much uniform.

The dorms have different requirements than the university buildings, so they really use the full extent of our gear." Miskov says universities are upgrading their core network services in response to the explosion of IP devices in dorm rooms, such as computers, PDAs and gaming consoles. "Each dorm room might require three or four IP addresses, and that's not even thinking about the faculty requirements," Miskov says. "For those that are rolling out VoIP, that introduces a whole slew of new IP addresses into the mix and makes it harder to manage."

DEMOfall ’09 product spotlight: HP Skyroom

SAN DIEGO - One of the most striking enterprise products on display at this year's DEMOfall show has been HP's Skyroom videoconferencing software that combines instant messaging capabilities with high-definition video streaming. Even more interesting was the software's ability to create windows on their desktops where they can drag and drop pictures, audio files and video files that the person on the other end of the videoconference will then see on their own screen. During the product's demonstration at DEMOfall Tuesday, HP workstation global business unit vice president and general manager Jim Zafarana showed how users can simply click on names displayed on their Skyroom buddy lists to start impromptu HD videoconferences.

During the demonstration, Zafarana received a streaming trailer for the film "Monsters, Inc." after his friend dropped it into the Skyroom conference window. So when I purchase HP Skyroom, I'm not paying for any additional equipment? Slideshow: 13 hot products from DEMOfall '09 After his presentation, Zafarana sat down with Network World to discuss Skyroom's system and bandwidth requirements, its security features and its ability to integrate with existing enterprise chat protocols. I'm only paying for software? You have to meet the minimum system requirements of having a 2.3 GHz Intel Core Duo processor, and your machine has to run on Windows XP or Vista.

Yes. We're planning on having a version that runs on Windows 7 out in November. One of my colleagues in Boston, for instance, has fiber-to-the-home and he uses a VPN to hook onto the HP network and conference with us using Skyroom. We're targeting business customers and this software can really be optimized through company networks, whether it's an onsite network or a VPN with a good network connection. How fast of a data connection do you need to make Skyroom effective? If you have a one-on-one conference, then it's a 1Mbps requirement for high-quality video and you can dial down the quality to make it work at around 500Kbps.

It depends on what you're doing. If you do things such as video and picture sharing it'll take up more bandwidth. Is this designed for people who want to talk to people in other companies, or is it just for coworkers who want to collaborate? With the Monsters, Inc. video clip I shared today during the demonstration, for instance, I was probably adding 5Mbps to the requirements. At this point it only allows for intra-company conferencing.

The bits traveling over the network are encrypted at 256Kbps and they can only go through a VPN or a secure corporate network, so it's pretty secure. What are its security features? How much does Skyroom cost? Additionally, every new HP desktop workstation will ship with Skyroom as a complementary part of the entire package. The pricing model we have now is $149 per user for a license to use the software and there's no subscription fee.

How do I add "buddies" to my Skyroom videoconferencing list? If you have corporate Microsoft infrastructure with Office Communicator, for instance, it will pull your Office Communicator buddy list into Skyroom and all your colleagues on that list will show up as available for you to connect to as long as they have Skyroom installed. There are multiple ways for you to populate your buddy list. You can also use other communication software products such as Jabber Server, to leverage you buddy list into HP Skyroom. Any plans on expanding that? And finally, Skyroom currently limits that number of people who can participate in an HD videoconference to four.

Obviously we could do that in the future but we're not talking about that at this point.

Salesforce.com announces 'Chatter' social-networking app

Salesforce.com opened up its annual Dreamforce conference in San Francisco on Wednesday by previewing Salesforce Chatter, a social-networking application the vendor dubbed a "Facebook for the Enterprise." The upcoming release bundles a variety of now-familiar features, such as personal profiles, real-time feeds from contacts and applications, groups and alerts. Salesforce.com is also providing a set of APIs (application programming interfaces) for tying other applications to Chatter. It can also integrate with Google Apps, the popular Twitter microblogging service and Facebook. It will also be available on Windows Mobile devices, iPhones and Blackberries.

Chatter will be available "early next year," CEO Marc Benioff said during a keynote address. The system will employ the same underlying security and sharing model as other applications built with the company's Force.com development platform. It will be included in paid editions of Salesforce CRM and Force.com, and also available as a Chatter Edition that also includes Salesforce Content and Force.com for US$50 per user per month. But Benioff reserved the final and brightest spotlight for Chatter, calling it the company's "biggest breakthrough ever." He praised earlier-generation collaboration technologies, such as Lotus Notes and online meeting software, but said one "has to stop in awe" at "phenomenons" like Facebook and Twitter. Much of Wednesday's marathon, three-hour opening keynote was devoted to recapping various announcements from earlier this year. Meanwhile, Twitter users expressed mixed reactions to the announcement.

Moreover, social networking capabilities are a natural counterpart to CRM (customer relationship management) systems like Salesforce.com's, given the latter's emphasis on continuous communication with customers and suppliers. One termed Chatter "a bit Mickey Mouse" and another said she could picture "executives running away screaming." Others, though, were much more bullish: "Chatter is potentially huge - depends on how they open it to non-Salesforce customers." While Chatter's general premise isn't new, Salesforce.com's entry raises the competitive stakes for the many small, specialized vendors hoping to sell social networking platforms into enterprises. The announcement was also in many ways inevitable, said Ray Wang, a partner with the analyst firm Altimeter Group. "Customers have been expecting Salesforce.com to do something like this. The market is moving so fast in these areas. It's something that had to happen.

It's necessary for them to keep up." While it took a decade for e-mail to gain widespread adoption, Twitter and Facebook needed only a couple of years to get hot, Wang added. The company recently announced a joint venture with Unit 4 Agresso, FinancialForce.com, that will develop and sell on-demand financials software. Chatter is also just the latest example of Salesforce.com expanding beyond its core CRM roots. In addition, Salesforce.com's corporate performance has remained strong despite the global recession. As Salesforce.com continues to grow, a couple of possible scenarios emerge, Wang said.

In third-quarter results reportedTuesday, the vendor said revenue had increased 20 percent year-over-year to $331 million, and that it now has nearly 68,000 customers after adding 4,700 in the quarter. It could be acquired by a larger company, such as Cisco Systems, that wants to expand its presence in software, or face competition from a new on-demand CRM offering introduced by such a player, he said. But if Salesforce.com remains independent, it must decide what to build itself and what to leave to partners, he added. Meanwhile, Salesforce.com "learned a lesson" from the fate of CRM vendor Siebel, which was acquired by Oracle, by moving quickly to become a platform provider through its Force.com development platform and AppExchange marketplace, Wang said. In addition, Force.com will face competition from alternatives like Microsoft's nascent Azure cloud development platform. It recently announced a partnership with Adobe around the latter's RIA (rich Internet application) technology, which lets users create applications with off-line functionality.

It also remains to be seen how the vendor will counteract a growing trend toward hybrid deployment models involving both on-premise and on-demand software, said 451 Group analyst China Martens via e-mail. "How does Salesforce.com counter that, given it's a SaaS pure-play?" Salesforce.com may have already anticipated this need. Dreamforce will continue through Friday in San Francisco.

Apple seeks new sheriff to lock up iPhones

Just as a new hack, blacksn0w, promises to unlock iPhones with the latest Apple software from AT&T's wireless network, Apple is looking for a sheriff to lock the smartphones back up again, permanently. Apple iPhone 3GS: finally, a contender?  A job posting on Apple corporate Web site seeks a security manager for the iPhone platform to lead a team focused on secure booting and installation of the operating system, cryptographic services, partitioning and hardening its internal security domains, and risk analysis of security threats. Motorola Droid vs.

The "liberation movement" for iPhone poses special issues for enterprises that are adopting the iPhone in unprecedented numbers, despite the fact that Apple provides virtually no security or management infrastructure for the popular device. Unlocking the phone from AT&T's authorized network makes it hard to track, monitor and optimize wireless costs and could open the enterprise to legal problems. With jailbroken phones, enterprise users could load applications that might, even unintentionally, threaten corporate data or back-end Exchange servers, for example. It's not clear from the online job post whether this is a brand new position or Apple is seeking a replacement for an existing, or former, employee. The liberation movement comes to a peak this week with the release of Blacksn0w, a free program from ace iPhone hacker George Hotz, known as Geohot. Hardening the iPhone OS can address a whole range of potential issues, but almost surely involves preventing both jailbreaking – freeing the iPhone from dependence on the App Store (now at 100,000 apps) and thereby allowing users to load their own software programs – and unlocking – cutting the cord to exclusive carrier AT&T and letting the iPhone run on other GSM networks.

It offers a baseband unlock of the latest iPhone OS Version, 3.1.2 and the current standard 05.11.07 cellular modem firmware. The Dev Team post notes that users with the older 04.26 baseband firmware have been able to unlock using other programs, such as ultrasn0w and purplesn0w. "Whether or not you choose to update your baseband solely to use the new unlock is a personal choice, but so far there are no advantages to doing so (and remember you can't come back to 04.26 after you've gone to 05.11)," the post cautions. One iPhone owner is even touting the new hacking utility as a value-added feature to attract bids for his used 16GB iPhone 3GS model on eBay.  According to another hacking site, iPhone Dev Team, Hotz exploits a known crash (manipulating the AT+XEMN command) to create a heap overflow, through which Hotz was able to inject code that results in a software unlock of the iPhone's SIM on the latest versions of the OS and baseband firmware loads. Twitter feeds show that users worldwide are making use of blacksn0w. Some are reporting a range of problems after jailbreaking and unlocking their iPhones: YouTube videos, Wi-Fi, and GPS are not working. Hotz, on his blog, says he hasn't run into Wi-Fi issues himself, but promises to investigate them if someone figures out a way to replicate the problem.

Taimur Asad, at Redmondpie.com, offers resetting the phone's "Network Settings" and installing the "Push Fix" app from Cydia, a replacement packing and installer program along with a catalog of apps for jailbroken phones. "I found out that installing this app also fixes all issues caused by blacksn0w related to WiFi, Youtube apps and GPS along with Push Notifications on hacktivated iPhones," Asad writes. One unlocker, #Xaliax_19 (Luis Figueroa), told the #blackn0w tweet stream that "wifi/youtube problems are due to bad hacktivation [an un-authorized phone activation], activate with an original sim.. Earlier today, #mephisto0666 (Ralf Jelinek), tweeted this plea: "Why can I access the internet on my #blacksn0w 'd #iphone with Data Roaming DISABLED !?!?! I have tried reset settings, doesnt work. THEN unlock, and you will not get the problems." Other users are still struggling. HELP!!!" As mentioned, one enterprising iPhone owner is selling his used but nearly new 16GB 3GS model on eBay and touting Hotz's programs as features: "This phone can be unlocked and jailbroken!" But as always, it pays to read the fine print: "We will not personally unlock or [jailbreak] the iPhone, but will give you the website upon finished auction (free website)."

Customers can gain from being a vendor reference

No IT vendor's news announcement is truly complete without a couple of glowing quotes from customers; nor is any vendor conference really a success unless the company has lined up a few satisfied CIOs to talk up their strategy and products. But linking arms with a vendor can provide honest, lasting advantages, which are ever more welcome in this age of slashed IT budgets and shrunken staffs, observers say. Cynics might say such arrangements constitute a Faustian bargain on the part of IT professionals.

The key is to take care and preserve your principles. One of the most basic initial steps is agreeing to appear on a vendor's "NASCAR slide," the collage of company brands found in PowerPoint decks everywhere, said Ray Wang, a partner with the analyst firm Altimeter Group. Customer reference programs tend to operate as a continuum. A second step might see a customer provide a quote for a press release. The deepest level of engagement is participating in a vendor's case study. Users could go further by agreeing to speak with media, analysts, or potential customers who are being approached by the vendor.

Serving as a customer reference generates a variety of benefits, such as better discounts at contract renewal time or free passes to annual customer conferences, Wang said. The company does a variety of endorsements but goes to the mat "only for our closest strategic partners," Rambus said. "We have an ongoing relationship with them and we're happy to go to bat for them in the marketplace to help them get customers." Doing so "absolutely" gives Forbes better bargaining power, as well as other benefits, such as additional services and expertise or insights into the vendor's road map, he added. Plus, "you'll get wined and dined for a year," he added jokingly. "But it's not always that cynical," Wang said. "You really have to believe in the stuff to be a reference." That's the philosophy held by Mykolas Rambus, CIO of Forbes Media. For "nominally positive" vendors, Forbes may agree to a press release quote, but won't take bigger steps, such as sending executives to speak at a conference, according to Rambus. But yes, they would still ask.

And Forbes has also turned down some requests, mostly from services providers who weren't up to snuff. "It's a rare situation, only one or two instances. I think that speaks to the cluelessness, in some cases, of the vendor's leadership," he said. If the implementation you glowingly praised in a press release or onstage ends up being a complete failure, "you'll be seen as a laughingstock," Wang said. "The vendor may have gotten 20 sales [out of your endorsement], but it's all downside for you." Indeed, a high-profile instance of this occurred in the past few years. Even if you have a solid relationship with a vendor, it's wise to proceed carefully with each endorsement, particularly when it involves a new implementation, according to Wang. "I wouldn't go public until you've worked out all the kinks [in the project]," he said. Waste Management put out a press release with SAP when it decided to implement the vendor's ERP (enterprise resource planning) software. The best way to avoid such scenarios is by participating with an implementation case study.

But in 2008, the trash hauler sued SAP, alleging the project was a disaster. While this will require the most time and resources, vendors want very badly for the case study to succeed, and therefore may provide a wealth of additional consulting services and customization work to ensure that it does, Wang said. The result was "an extreme positive" for the city, as Miami received an early look at the new operating system and a wealth of technical assistance, Osteen said. The city of Miami, Florida, has worked with Microsoft on a number of case studies and recently took part in the vendor's early adopter program for Windows 7, said James Osteen Jr. assistant director in the city's information technology department. However, Miami's relationship with Microsoft doesn't give the city any direct negotiating leverage, according to Osteen. "We buy off the state of Florida's contract, so the terms are predefined for us." But overall, it's worthwhile for Miami to work with Microsoft because the vendor's technical support "gives us value back," he said. You need to make sure your integrity is intact."

That attitude is key to any endorsement, he added. "If I don't believe in the product, I'm not going to endorse it.

Privacy advocate has ally in Social Security numbers fight

A fight by the Virginia government to stop a privacy advocate from republishing Social Security numbers obtained legally from public records on government sites on her Web site is attracting the attention of some privacy heavyweights. In its brief, EPIC noted that Ostegren's advocacy work is focused on getting state and local governments around the country to stop posting unredacted public records containing Social Security numbers and other private data on their Web sites. The Electronic Privacy Information Center filed a friend of the court brief asking the U.S. Court of Appeals for the Fourth Circuit to uphold privacy advocate Betty Ostergren's First Amendment right to publish the numbers.

As part of an effort to highlight the problem, Ostergren has taken the Social Security numbers of prominent people she has found in public records and republished them on her Web site. Over the past seven years, she has chronicled dozens of cases where local and state governments have inadvertently exposed thousands of Social Security numbers and other personal data on their Web sites, making them attractive targets for identity thieves. When a person publishes lawfully obtained and truthful information, that action is "pure free speech," said John Verdi, senior counsel at the Washington-based EPIC. "It is exactly the type of speech that is protected by the First Amendment." Ostergren runs the Virginia Watchdog Web site, which she has used to highlight identity theft risks that can result from the posting of unredacted public documents, such as land and tax-lien records posted on government Web sites. As part of the campaign, Ostergren routinely posted the Social Security numbers of high-profile individuals that she obtained from county and state government Web sites. Jeb Bush, former U.S. Secretary of State Colin Powell, former U.S. House Majority Leader Tom DeLay, former Missouri Sen. The list includes former Florida Gov.

Jean Carnahan and several county clerks in Virginia. In August, Ostergren provided links to an image of a mortgage document containing the Social Security number of Iowa Secretary of State Mike Mauro. Over the years, her campaign has succeeded in forcing state and county governments to revise images of public records that were posted online or to break online links to document images containing Social Security numbers. She removed the link only after Mauro agreed to take down images of corporate documents that contained Social Security numbers from the state's Web site. Violators are subject to fines of up to $2,500 plus $1,000 in court costs for each Social Security number posted.

Largely in response to her campaign, Virginia lawmakers passed legislation in 2008 that prohibits the dissemination of any records that contain Social Security numbers, no matter how the records were obtained. Lawmakers said the law was needed to prevent even wider dissemination of the numbers obtained from public records. The Virginia chapter of the American Civil Liberites Union promptly filed a lawsuit on behalf of Ostergren challenging the constitutionality of the law. The law would have required Ostergren to remove Social Security numbers from her Web site or face punitive fines. Last August, the U.S. District Court for the Eastern District of Virginia ruled that it would be unconstitutional for the commonwealth of Virginia to force Ostergren to remove the numbers from her site.

That ruling in turn was appealed to the Fourth Circuit court by Virginia's attorney general. While the court did not say the law itself was unconstitutional, it ruled that it would be an unconstitutional application of the law in Ostergren's case. In it, the government said that the case raised the issue of "crime facilitating speech." The Social Security numbers posted by Ostergren on her Web site exposed the individuals assigned those numbers to a serious risk of identity theft, the appeal claimed. EPIC's Verdi, however, said that Ostergren was simply republishing information that was already made public by the state, and even then, only in a highly targeted manner. First Amendment rights do not protect speech that exposes public officials to the "the very real prospect of devastating criminal predation," the appeal read.

Meanwhile, Ostergren, who has temporarily removed documents containing the Social Security numbers of Virginia public figures from her Web site, plans to put the documents back up after she removes any data that might belong to the individuals' spouses or children. Any time she finds such documents, she will post them, she said. "It's amazing that I still have to be at this after seven years," she said. Speaking with Computerworld today, Ostergren said that local governments in Virginia and elsewhere are continuing to post documents containing sensitive data on their Web sites.

US lawmakers question ICANN gTLD plan

Several U.S. lawmakers urged the Internet Corporation for Assigned Names and Numbers (ICANN) to back off on a plan to offer an unlimited number of new generic top-level domains until concerns about trademark protections and other issues can be addressed. You guys made us come here today." The board at ICANN, the nonprofit organization created in 1998 to oversee the Internet's domain name system, voted in June 2008 to move toward unlimited gTLDs, in addition to the 21 gTLDs available now, including .com, .biz, and .info. Members of a subcommittee of the U.S. House of Representatives Judiciary Committee on Wednesday questioned ICANN Chief Operating Officer Doug Brent about why the organization continues to move forward with its plan to sell new generic top-level domains, or gTLDs. Judiciary Committee Chairman John Conyers, a Michigan Democrat, complained that ICANN hasn't been able to resolve complaints about its plan to sell new gTLDs to compete with .com, .org and other current TLDs. "This is a hearing we shouldn't have had to call," Conyers said. "If the parties had come together, I doubt if we'd be here this morning. Under the ICANN plan, anyone could apply for a new gTLD - some suggested have been .food, .basketball and .eco - at a cost of about US$100,000. Asked by lawmakers how soon ICANN planned to offer new gTLDs, Brent said he wasn't sure.

Critics of the TLD expansion, including Hewlett-Packard and Dell, have complained that a huge expansion of gTLDs would force trademark owners to buy multiple domains on each new gTLD, potentially costing them and their customers billions of dollars. ICANN had originally planned to offer them this year, but the latest estimate is February, and Brent said he expects that deadline to slip as ICANN works with critics to resolve issues. This week, the Coalition Against Domain Name Abuse (CADNA), an organization with 19 large-business members, called on the U.S. government to conduct a "full-scale" audit of ICANN. "ICANN has not properly vetted this decision in an objective fashion," CADNA said. "This rollout expands the size of the Internet exponentially without first performing a sound cost/benefit and security and risk analysis to determine both desirability among and risk to Internet users." At the Wednesday hearing, Conyers seemed to connect the gTLD disagreements with the end of an oversight agreement ICANN has with the U.S. Department of Commerce. A spokesman for Conyers wasn't immediately available to clarify his comment. ICANN's long-standing formal relationship with the U.S. government ends Sept. 30. "If you don't meet the 30th deadline, you're going to all be sorry that you didn't make it," Conyers said. ICANN's Brent defended the organization's decision to move forward with new gTLDs. Internet users, including the U.S. government, have long called for new TLDs, he said.

Winners of new gTLDs will have to abide by a lengthy set of rules, he said. "ICANN did not casually think this plan up," Brent added. "This will not be an unbridled expansion. In addition, the expansion of TLDs would allow Internet users who don't use the Roman alphabet to have domain names in their native languages, he noted. It is the work of many hands from a bottom-up process." Representative Bob Goodlatte, a Virginia Republican, questioned whether ICANN had enough resources to enforce strong trademark protections and other rules in the new gTLDs. He asked if ICANN saw that there were still "a lot of things that need to be worked out here." "We might question 'a lot,' but I think, absolutely we have more work to do," Brent answered. Instead, we should address these concerns." But Steve DelBianco, executive director of e-commerce trade group NetChoice, suggested the new gTLDs are little more than an effort to create new labels, when ICANN has more important issues to work on. "Every day our industry and my members create new applications, Web sites and services," he said. "Labels are just one of the ways people find these new services. Despite the continued concerns, Paul Stahura, CEO and president of domain-name registrar eNom, said the ICANN plan will lead to more competition among domain-name registries. "There is high consumer demand for many new gTLDs," he said. "There currently is little or no competition to satisfy this demand, and ... we shouldn't prohibit competition because of trademark concerns.

The label is not the creation, it's just something we stick on it." One proposed gTLD is .food, he said. "Dot-food won't create a single new restaurant," DelBianco said. "It won't create a new Web page, it won't create new restaurant reviews or online reservation sites."

NASA probe crashes into moon in hunt for water

In its search for water on the moon, NASA slammed not one, but two, spacecraft into a deep, dark crater on the lunar south pole this morning. NASA successfully nailed a target about 230,000 miles from Earth - twice. It was a precision operation.

The Lunar Crater Observation and Sensing Satellite, known as LCROSS, separated into two sections last night. Four minutes later, the rest of the space probe shot through the miles-high plume of debris kicked up by the first impact, grabbed analysis of the matter, and then it too crashed into the lunar surface. Its empty rocket hull, weighing in at more than 2 tons, was the first of the two pieces to slam into the lunar surface at 7:31 a.m. EDT today. Effectively, it was a one-two punch designed to kick up what scientists believe is water ice hiding in the bottom of a permanently dark crater. NASA said it will issue a report on its initial analysis of the probe at10 a.m. EDT today.

With NASA still hopeful to one day create a viable human outpost on the moon , it would be helpful for anyone there to find water rather than haul it up from Earth. NASA had been promising live images of the impact and resulting debris plume but the live images on NASA TV disappeared moments before impact. The orbiter is expected to send its own analysis of the debris plume back to earth later this morning. The LCROSS spacecraft, which blasted off from Cape Canaveral Air Force Station in Florida on June 18, went aloft with its companion satellite, the Lunar Reconnaissance Orbiter . As the Atlas V rocket carrying lifted off, a NASA spokesman called it "NASA's first step in a lasting return to the moon." NASA's Lunar Reconnaissance Orbiter , which has been in orbit around the moon since late June, was 50 kilometers above the moon's surface during this morning's impact. The LCROSS spacecraft heavily loaded with scientific gear. The instruments were selected to provide mission scientists with multiple views of the debris created by the hull's initial impact.

According to NASA, its payload consisted of two near-infrared spectrometers, a visible light spectrometer, two mid-infrared cameras, two near-infrared cameras, a visible camera and a visible radiometer. Before it crashed into the moon, LCROSS was transmitting data back to NASA mission control at 1.5 Mbps, NASA noted this morning.

Internet TV could boom in the next few years, study says

Internet-enabled TV sets could see wider adoption in the next few years as viewers get comfortable with the idea of running widgets on TV screens, according to a study released by Ernst & Young on Thursday. TV widgets are designed to pull selective content from the Internet to complement TV watching. Widgets - or mini-applications - are already being used in devices like mobile phones and computers to run light applications, and those applications could reach TV sets, the analyst firm said in the study.

For example, users can view weather information on TV or buy products advertised on TV from online stores. Web-connected TV shipments could total less than 500,000 in 2009, but top 6 million by 2013, E&Y said in the study, citing statistics from Parks Associates. Many consumers consider it an "appealing" idea to mesh TV with information from the Internet, according to the study. Widgets could also be the glue that brings together Internet and TV content. Many Web sites and technology companies are developing an ecosystem to bring content from the Internet and TV together.

Broadcast TV is already competing with the Web for viewership, and widgets could facilitate content searches through both mediums, giving more entertainment options to viewers. Myspace.com, for example, has developed a widget that blends TV with its social-networking offerings. Users don't need to rely on a browser to access MySpace content. TV watchers could exchange e-mail messages or browse photos on MySpace by activating a widget at the bottom of the TV screen. TVs and chips, for instance, are also being developed to build Web-enabled TVs. Sony, Samsung and LG have said select flat-panel high-definition TV models would be able to run widgets or download movies from online entertainment services like Netflix.

Intel is also working with companies like CBS and Cinemanow to bring widgets to TVs. Web-enabled TV has struggled over the past 15 years since Time Warner Cable launched the iTV service in Orlando, E&Y said. Intel last week announced the CE4100 media processor, which enables the use of Internet and multimedia applications on TVs, Intel said. Ever since, it has seen many iterations, with companies like AOL, BSkyB, RespondTV, Hewlett-Packard and Apple trying to bring the Internet to TV through devices like set-top boxes or adapters. Widgets for TV use also need to be adopted by television programming and cable operators. The success of widgets depends on applications that users will want to have on their TVs. For example, one-click access to on-demand content from online movie stores is well-suited for widgets. The operators will look to monetize widgets by developing an ad sales model around it, which could face some challenges, the study found.

Conflicting advertising could also appear on a TV screen and widget at the same time, which could affect ad sales models. For example, viewers could migrate their attention from TV shows to widgets, which could affect the ratings of a program.

Global workforce, Gen Y driving social networking adoption, users say

Microsoft users say their global workforce and the arrival of Gen Y employees are making strong demands that IT can no longer ignore for new collaboration and social networking tools. Bryant was part of a customer panel at a Microsoft event in San Francisco Tuesday to promote Windows 7, Windows Server 2008 R2 and Exchange 2010. "It is the way to attract and retain the next generation of workers who are very comfortable in that mode of collaboration and communication," she said. Where IT pros do their social networking "If you don't pull those solutions into the enterprise and embrace them they are going to happen anyway," said Diane Bryant, global CIO at Intel. Intel is taking a strong stance in embracing social networking with an environment that integrates with its deployment of Microsoft's Office suite.

Eric Craig, manager of IT for Continental Airlines, said social networking is also sweeping his organization. "It has exploded in a way we have not anticipated," he said. Bryant said the way to deal with social networking tools is to be proactive. "We have had our meetings with HR and legal to get over the hurdles," she said. The social networking tide started with some http://www.networkworld.com/news/2008/022008-virtual-call-centers.html ">1,000 reservation agents  working from home. "The unanticipated benefit of some of those social networking tools was the ability to communicate real-time chat to all these at-home workers. The theme emerging is that connectivity and collaboration will be a mainstay," said Nick Smither, CIO of Ford Motor Co. "Right now, business needs it," Smither said. "We do business in 100 markets globally and increasingly we are more dependent on people around the world to contribute to our success long term …that is a business driver." Smither said Ford also is seeing a push from users who crave the flexibility they get from access to an always-on connection. "Today's Generation Y coming out of school and entering the workforce, have an expectation around connectivity all the time, always on, whether at home, traveling or in the office," Smither said. "There is a focus on more sophisticated tools in the collaboration space to enable the flexibility to work anywhere." He did not go into detail around specific applications that Ford is making available to its users, but he did say Microsoft SharePoint Server is at the heart of virtual communities that provide collaboration tools for developers, designers and sales. Once that program became popular, there were other business units that said they wanted to work at home, too, and work at odd hours and have families and all those other things that people like." Ford is also being driven in the direction of social networking adoption. The company is building out its collaborative tool set as part of its One Ford global strategy that includes Exchange 2010 on the technology side.

During the event, Microsoft CEO Steve Ballmer acknowledged that social networking is largely a consumer phenomenon, but said companies are quickly seeing the potential. "It is not whether [adoption of social networking tools] will happen in corporations, it's when will it happen," Ballmer said. The company already processes 1.35 billion e-mails a year for its 201,000 employees. Follow John on Twitter: http://twitter.com/johnfontana

Lotus goes after Microsoft's 'ridiculous and fabricated' figures

Lotus Software GM Bob Picciano has grown tired of the "hot wind" blowing out of Redmond carrying claims that Exchange is displacing Notes and is singling out CEO Steve Ballmer and COO Kevin Turner as the main culprits spreading "ridiculous and fabricated" information. They are still utilizing capabilities from other aspects of the Lotus portfolio," said Picciano. Exchange alternatives: Front ends and back endsA look at Exchange 2010 "Microsoft is making claims in the marketplace around 4.7 million people have exchanged e-mail from Notes to Exchange and that is just a ridiculous fabricated figure," said Picciano, who took the reins at Lotus in 2008. "Every time they sell a [client access license] they count that as a competitive migration." "People need to recognize that Kevin Turner and Steve Ballmer have blown a lot of hot wind from Washington and there is not much substance or truth to what they are espousing in the marketplace," Picciano said. "They were so bold as to say there are entire countries that have migrated off of Notes and that is utterly ridiculous." Picciano says all the talk has "got me pretty worked up that they would be so bold to make such erroneous statements and not be challenged." The Lotus Software GM says many of the reference companies cited by Microsoft when it made its "4.7 million people" comment in July "are still licensing Lotus Notes technology and still utilizing e-mail and applications from Lotus. At Microsoft's annual meeting this summer for financial analysts, Turner heaped on more numbers during his presentation at the event. "We've taken out almost 13 million Lotus Notes [seats] the past three years. … Now, the thing that I would tell you is there's still 15 — we count — there's still 15 million out there." He cited SharePoint Server as the "fastest-growing, hottest product in the history of Microsoft," and pegged it as a catalyst in the fight against IBM. Picciano said the counter was last week's news that U.S. Bank was replacing Microsoft's SharePoint platform by standardizing on the Notes 8.5 client and would roll out Lotus Connections social networking tools, the Sametime real-time platform and Lotus Quickr, which is IBM's alternative to SharePoint.

He said PNC Bank and Continental Tire are joining U.S. Bank in getting rid of Microsoft's Exchange, Office and SharePoint. On Tuesday, Picciano threw out his own numbers saying a total to 15,421 companies have picked IBM over Microsoft since 2008 in the worldwide integrated collaborative environment market as defined by IDC. In addition, Picciano says customers are expanding their investment in Lotus software and he cited as examples Accenture, BASF, Chrysler, Coca-Cola, Colgate-Palmolive, Continental AG, Finishline, General Motors, GlaxoSmithKline, Gruppo Amadori, KBC Bank, Nationwide, Novartis, Phillips Electronics and PNC Bank. In January, Picciano said more than 12,000 new companies in 2008 bought their first Notes/Domino licenses. People understand what Kevin's motivation is and the prancing around in front of partners and talking about this. And he said half of the Fortune global 100 are Notes/Domino users. "It's important to put [Microsoft's claims] into perspective and call it what it is, a bunch of fabrication," Picciano said. "Kevin is feeling that he is under a bit of pressure. It's duplicitous and overshadows the real truth." Follow John on Twitter.

Lawmakers want trusted airline passenger program revived

Lawmakers called upon the Transportation Security Administration and private sector companies to quickly re-establish a nationwide registered traveler program to help frequent travelers get through airport security checkpoints faster. Both lawmakers and vendors said the TSA had not done enough to support the registered traveler program and in fact distanced itself from the effort over the past year. The calls came after the abrupt closure earlier this year of Verified identity Pass Inc. (VIP), the largest provider of registered traveler services, and the subsequent shutting of services by two other vendors that offered the same service. The TSA, meanwhile, insisted that the program did little to improve security.

At a hearing on the future of the registered traveler program Wednesday, members of a House subcommittee on Homeland Security urged the TSA and private vendors to work together to quickly restore the service. The agency said that just because members of such programs had been pre-screened didn't eliminate the need for them to go through airport security checks like everyone else. The hearing came on the same day an investment banking firm, Henry Inc., said it had signed a letter of intent to buy VIP's assets and relaunch the service by the end of the year." U.S. Rep. At the same time, private sector companies need to find a model "that can support a security benefit, but which does not rely on one," she said. Sheila Jackson Lee (D-Texas), the subcommittee chairwoman, expressed hope that the TSA would make a "good faith effort" to explore a security benefit, or an additional layer of security vetting, for the registered traveler program. Even if passengers must still go through a security screeening, these companies can still offer the convenience of getting their customers through the process quicker, such as using a separate member-only line at security checkpoints.

Since 2005, the TSA has piloted several iterations of the program with private sector companies. The registered traveler program was established under the Aviation and Transportation Security Act (ATSA). It authorizes the TSA to implement trusted passenger programs to speed up the security screening of passengers who have submitted to comprehensive background and security checks. The biggest of them was VIP, which offered a registered traveler service called "Clear" at 21 major airports. The announcement raised immediate concerns about the data that VIP had collected as part of its Clear service, including Social Security and credit card number and home address. The company, which had signed up more than 200,000 subscribers, stopped service in June saying it had run out of money. The company had also collected fingerprints, iris scans and digital images of customers' faces.

Soon after Clear stopped its service, rivals Fast Lane Option Corp . (Flo) and Vigilant Solutions also shut down their services. Many who had paid a $199 annual fee were unable to get refunds. During the hearing, U.S. Rep. Going forward, the TSA needs to take the lead in supporting the program, Thompson and others said. Bennie Thompson (D-Miss.) said it is Congress' intent that such "a quick closing of business" does not happen again. "The traveling public deserves better," Thompson said.

Much of the reason the program is in disarray is because the TSA failed to support the effort, witnesses said. Despite the mandate from Congress, the TSA has not fully implemented the use of biometrics as a primary form of identification, Fischer said, nor has it used background screening to vet those using the RT lanes as it was supposed to. While the registered traveler program at one time was expected to provide add an additional layer of security at airports, today it is little more than a convenience for travelers willing to pay for it, they said. "To date, while the private sector has invested over $250 million and upheld its side of the partnership, the TSA has not," said Fred Fischer, managing partner at Flo Corp. Though the TSA at one point collected $28 per passenger to do a so-called Security Threat Assessment (STA) of passengers who had signed up for registered traveler programs, not one applicant was ever vetted using a criminal history records check, he claimed. John Sammon, an assistant administrator at the TSA, said that based on the pilot programs and the agency's own insight, registered traveler programs do not offer any additional security.

As a result, the promised security benefits of the registered traveler program have yet to be realized, he said. He said the TSA stopped doing security threat analysis for registered traveler programs because there was little value to be gained. "The prospect of a terrorist not identified on a watch list raised questions about the viability of a registered traveler program," he said. Going forward, the TSA will work with private vendors to identify programs that will support registered travelers programs, he said. After an evaluation of the pilot programs, the TSA concluded that registered traveler programs "do not provide any additional levels of security," he said. However, from a security standpoint, such passengers will still be subject to the same security checks as other ticketed passengers, he said.

Dell agrees to buy Perot Systems for $3.9B

Dell has agreed to buy Perot Systems for around US$3.9 billion in cash, and intends to make the company its global services delivery division, the companies said Monday. It will also allow Dell, in the future, to address customer demand for next-generation services including cloud computing, said CEO Michael Dell in a conference call with analysts. The deal will allow Dell to expand its range of IT services, and potentially allow it to sell more hardware to existing Perot customers, it said. Dell is counting on its international reach to turn Perot into a global services company, Dell CFO Brian Gladden said during the call.

Around 25 percent of revenue comes from government customers, he said. Perot Systems is one of the largest services companies serving the health-care sector, from which it derives about 48 percent of its revenue, its CEO Peter Altabef said during the call. Perot is already working at increasing its international revenue: on Friday it announced a 10-year deal to outsource IT operations for Indian hospital group Max Healthcare. Over the last four quarters, Dell and Perot together had revenue of $16 billion from enterprise hardware and IT services, with $8 billion coming from enhanced services and support, Dell said. Dell's rival Hewlett-Packard expanded its own global services unit with the acquisition of EDS for $13.9 billion in May 2008. EDS was founded by H. Ross Perot, who sold the company to General Motors before going on to found Perot Systems, of which his son is now chairman. Perot's contribution to that is relatively small: In 2008, the company reported total revenue of $2.78 billion.

In after-hours trading, the stock traded at $29.70 early on Monday morning. At $30 per share, Dell's offer represented a significant premium over Friday's closing price of $17.91 for Perot Systems shares. The boards of Dell and Perot agreed to the terms of the transaction on Sunday, they said. Dell expects that overlaps between the two companies will allow it to cut Perot's costs by between 6 percent and 8 percent, Gladden said during the conference call. Dell expects to complete the deal in its November-to-January fiscal quarter.

Upon completion of the acquisition, Dell plans to make Perot Systems its services unit, and will put Altabef in charge of the unit. The services unit will fit alongside Dell's existing divisions for selling to large enterprises, government customers and small and medium-size businesses. It also expects Ross Perot Jr., chairman of the Perot Systems board, to be invited to join the Dell board of directors. Dell created the three divisions in a major reorganization of its business sales teams last December, shifting from a geographic structure to one aligned with customer types.

Will security concerns darken Google's government cloud?

When Google Inc. launches its cloud computing services for federal government agencies next year, one of its biggest challenges will be to overcome concerns related to data privacy and security in cloud environments. A FISMA certification is required for a service provider, such as Google, to sell to federal agencies. Google earlier this week said that it was planning on offering cloud services such as Google Apps to federal agencies starting in 2010. Google said it is speaking with several federal agencies about its offerings, which the company has assured will be fully compliant with the requirements of the Federal Information Security Management Act. Google announced its plans to deliver a government cloud at a cloud computing event in California.

The government cloud service will also be operated by individuals with the appropriate security clearances, and all data that is part of a government cloud service would remain in the U.S, the executive said. At the event, a company executive noted that the government services would be hosted on Google's data centers, but on systems that are compliant with government regulations. How far such assurances will go in assuaging concerns related to cloud computing service, especially in a government setting, remains unclear. But for many "the biggest concern is going to be the security and information assurance associated with a cloud service." A lot will depend on the kind of FISMA certification and accreditation that Google's cloud services receive, she said. Karen Evans, former de facto federal CIO under the Bush administration, said that using cloud services such as Google's could help federal agencies significantly reduce IT costs.

Under FISMA, federal systems are classified into three risk categories: low, medium and high. Then it's just a matter of agencies working out a service level agreement that spells out their security requirements. Each level has its own requirements, Evans said, adding that she hoped that Google will be certified and accredited at the highest risk levels. She added that agencies interested in using cloud services will probably be best served moving their external, Web facing applications first before considering more sensitive applications. Of the 312 respondents, about 51% cited security and data privacy concerns as the biggest impediment to adopting cloud services.

Meanwhile, Unisys Corp., a major provider of IT services to the government, Wednesday released the results of an online survey that looked at the issues affecting adoption of cloud computing. The next highest barrier was integration of cloud-based applications with existing systems. The results are consistent with previous Unisys surveys on the same topic and with what the company has been hearing from clients, said Sam Gross, vice president, global IT outsourcing at the company. "For us [the results] are not surprising," Gross said. "We have been surveying our customer base and doing quick polls for a long time. Concerns about the ability to bring applications back in-house ranked third. The numbers are always different, but never the ranking," Gross said. "Security continues to be the number one concern for cloud computing." Many of the concerns are related to issues such as inadvertent access to enterprise resources in a shared cloud infrastructure and accidental release of protected data.

In a report issued earlier this year the World Privacy Forum raised other privacy issues that can arise when a government agency outsources to a cloud provider. Another big concern has to do with the level of access that a cloud provider might have to an enterprise's systems and data, Gross said. "They want to know how a cloud provider can assure that an administrator within a shared cloud infrastructure cannot gain access to or view their data," Gross said. For example, a federal agency that uses a cloud service to host personal data could violate certain provisions of Privacy Act of 1974 , especially if it doesn't have provisions for protecting the data in its contract with the cloud provider. The location of a cloud provider's operations may also have a significant bearing on the privacy laws that apply to the data it hosts, the report noted. In addition, federal records management and disposal laws may limit the ability of agencies to store official records in the cloud. Such security concerns bubbled to the surface recently, when several groups protested a $7.25 million plan by the city of Los Angeles to replace its Novell GroupWise e-mail and Microsoft Office applications with Google Apps.

Though city IT officials reiterated their plans to go ahead with the project, and Google itself has vigorously defended its security controls, the incident highlighted the continuing concerns with cloud computing.

China's Alibaba expects India joint venture this year

Top Chinese e-commerce site Alibaba.com aims to announce an Indian joint venture this year as the company expands its global footprint, it said Friday. A deal in India, where Alibaba.com recently surpassed 1 million registered members, would be the latest in the site's efforts to grow abroad. "I've got a lot of confidence in India," said Jack Ma, CEO of Alibaba Group, the parent company of Alibaba.com. Alibaba.com is in talks with an Indian reseller about forming a joint venture, CEO David Wei told reporters at a briefing.

Alibaba.com is a platform for small and medium businesses to trade everything from lumber and clothes to iPods and PC components. Alibaba.com already works with Indian publishing company Infomedia 18, its likely joint venture partner, to promote its platform in the country. Its main member base is in China, but the site also has 9.5 million registered users in other countries and facilitates many cross-border trades. The site also has a joint venture in Japan and recently launched a major U.S. advertising campaign to attract more users there. Ma said Alibaba knows it needs to "do something" in Latin America as well. Ma and other top Alibaba executives visited the U.S. early this year for meetings with potential partners including Amazon.com, eBay and Google.

When asked if the company would also seek to expand in Eastern Europe, Ma said, "I will be there." Alibaba will not hold a majority stake in joint ventures it forms, instead taking a share similar to the 35 percent it has in its Japan operation. "Our global strategy means partner with local people," Ma said. "We want partners and we want partners to control their business." Users place total orders of more than US$200 million each day on the Alibaba.com international platform, Wei said. About 50 percent of those orders go to Chinese exporters, he said.

Linux driver chief calls out Microsoft over code submission

After a kick in the pants from the leader of the Linux driver project, Microsoft has resumed work on its historic driver code submission to the Linux kernel and avoided having the code pulled from the open source operating system. The submission was greeted with astonishment in July when Microsoft made the announcement, which included releasing the code under a GPLv2 license Microsoft had criticized in the past. Microsoft's submission includes 20,000 lines of code that once added to the Linux kernel will provide the hooks for any distribution of Linux to run on Windows Server 2008 and its Hyper-V hypervisor technology. Greg Kroah-Hartman, the Linux driver project lead who accepted the code from Microsoft in July, Wednesday called out Microsoft on the linux-kernel and driver-devel mailing lists saying the company was not actively developing its hv drivers.

If they do not show back up to claim this driver soon, it will be removed in the 2.6.33 [kernel] release. HV refers to Microsoft Hyper-V. He also posted the message to his blog. "Unfortunately the Microsoft developers seem to have disappeared, and no one is answering my emails. So sad...," he wrote. They are not the only company." Also new: Microsoft forms, funds open source foundation Kroah-Hartman said calling out specific projects on the mailing list is a technique he uses all the time to jump start those that are falling behind. Thursday, however, in an interview with Network World, Kroah-Hartman said Microsoft got the message. "They have responded since I posted," he said, and Microsoft is now back at work on the code they pledged to maintain. "This is a normal part of the development process. In all, Kroah-Hartman specifically mentioned 25 driver projects that were not being actively developed and faced being dropped from the main kernel release 2.6.33, which is due in March.

On top of chiding Microsoft for not keeping up with code development, Kroah-Hartman took the company to task for the state of its original code submission. "Over 200 patches make up the massive cleanup effort needed to just get this code into a semi-sane kernel coding style (someone owes me a big bottle of rum for that work!)," he wrote. He said the driver project was not a "dumping ground for dead code." However, the nearly 40 projects Kroah-Hartman detailed in his mailing list submission, including the Microsoft drivers, will all be included in the 2.6.32 main kernel release slated for December. Kroah-Hartman says there are coding style guidelines and that Microsoft's code did not match those. "That's normal and not a big deal. But the large number of patches did turn out to be quite a bit of work, he noted. It happens with a lot of companies," he said.

He said Thursday that Microsoft still has not contributed any patches around the drivers. "They say they are going to contribute, but all they have submitted is changes to update the to-do list." Kroah-Hartman says he has seen this all before and seemed to chalk it up to the ebbs and flows of the development process. The submission was greeted with astonishment in July when Microsoft made the announcement, which included releasing the code under a GPLv2 license Microsoft had criticized in the past. Microsoft's submission includes 20,000 lines of code that once added to the Linux kernel will provide the hooks for any distribution of Linux to run on Windows Server 2008 and its Hyper-V hypervisor technology. Follow John on Twitter

Microsoft fixes 19 bugs in big patch smorgasbord

Microsoft today delivered nine security updates that patched 19 vulnerabilities in several crucial components of Windows, as well as in Media Player, Outlook Express, IIS (Internet Information Server), Office and other products.

Five of the updates were pegged as "critical," the most serious ranking in Microsoft's four-step scoring system, while four were marked "important," the next rating down.

"This is certainly a hodgepodge," said Andrew Storms, director of security operations at nCircle Network Security. "There's no real pattern this month. I'd call it a smorgasbord."

Of the nine bulletins, eight patched some part of Windows or software included with the operating system, while the ninth plugged holes in a variety of programs - Office, Visual Studio, Internet Security and Acceleration Server (ISA Server) and others - that stemmed from a flaw in Office Web Components (OWC), a set of ActiveX controls that let users publish Word, Excel and PowerPoint documents on the Web, then view them within Internet Explorer (IE).

Last month, Microsoft warned users of attacks exploiting the ActiveX control that displays Excel spreadsheets in IE, but the company was unable to patch it in time to meet the July update schedule. Security experts had predicted that Microsoft would fix the flaw today.

Microsoft also patched Remote Desktop Connection Client for Mac, software that lets Mac users connect to Windows-based machines, along with Remote Desktop, a service present on both client and server versions of Windows. That software is used to access applications and data on a remote system over a network.

But the big story today, said Storms, were the patches for five vulnerabilities - two of which had been disclosed and patched previously - that Microsoft's own software inherited from a buggy code "library," dubbed ATL for Active Template Library.

Two weeks ago, Microsoft rushed a pair of emergency updates to users that plugged multiple holes in IE and Visual Studio. Those vulnerabilities were traced to ATL, which is used by Microsoft and an unknown number of third-party developers to create ActiveX controls and application components.

The ATL vulnerabilities were introduced when a Microsoft programmer added an extra "&" character to the widely-used library.

"We expected a slew of ATL patches," said Storms, "although we only got five. But I expect that we'll see more and more ATL bugs from Microsoft in the next couple of months."

Today's ATL patches included fixes for both the "public" version of the library - what Microsoft shares with third-party developers - and the "private" version it uses internally. The five-fix MS09-037 security bulletin plugs holes left by ATL in Outlook Express, a now-outdated light e-mail client once bundled with Windows; in Windows Media Player; and in two Microsoft-made ActiveX controls.

Storms also called out MS09-038, which patches two vulnerabilities in Windows' handling of the AVI media file format. "This is a classic example of a media file format bug that once you view a malicious video, you get owned," he said.

The AVI-handling flaws are ripe for worm exploitation. "All the potential is there," Storms said, but he declined to predict whether hackers would latch onto the vulnerabilities with in-the-wild exploits.

"We're going to feel the 19 [vulnerabilities] this month," Storms added. "Because of the disparate systems that need to be patched and the wide variety of software that must be tested, everyone will be feeling the pain this month."

The August updates can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.

H-1B demand may be retreating as feds increase scrutiny

WASHINGTON - For what may by the first time, the number of H-1B petitions withdrawn by applicants or rejected by U.S. authorities is exceeding the number of new petitions for the visas.

The numbers have resulted in a slight decrease over the past two months in the H-1B visa petition count on the scale of a rounding error. The drop may be little more than a short-term phenomenon, but it is inviting theories as to its cause, ranging from increased U.S. scrutiny of the H-1B petitions to the general economy.

The U.S. has received approximately 44,900 visa petitions toward its 65,000 H-1B visa cap, one of two caps, since it began accepting petitions on April 1. But the number of visa petitions reported in mid-May by the U.S. Citizenship and Immigration Service (USCIS) was 45,500 visas. There has been a net decline of 600 visa petitions from May to June.

A USCIS spokesman, in an e-mail, said the reason for the decline is that the number of denials, withdrawals of applications and revocations are "quite simply" exceeding the number of new filings. The U.S. has a second H-1B cap of 20,000 set aside for graduates from U.S. universities with advanced degrees. In raw numbers, that cap number has been reached.

In sum, the U.S. has received 65,000 H-1B petitions since April 1 for 85,000 available visas for the fiscal that begins Oct. 1. The combined cap may well be reached in the months ahead, but for now, demand has flatlined.

In the past year, the USCIS has increased the requirement for a wide range of documents to support visa applications to the point that the American Immigration Lawyers Association (AILA) says the requirement is " bordering on harassment."

The small H-1B decline reported by the USCIS may well be nothing more than a counting error, but Vic Goel, an immigration attorney in Reston Va., said it has more to do with cases being denied or withdrawn.

Goel said he has had clients withdraw pending H-1B cases because they couldn't get the large amount of material sought by authorities in time to meet government deadlines, or because the USCIS was seeking new documentation. In the later instance, USCIS officials have asked IT consulting firms to obtain letters from clients with detailed descriptions of the duties performed by H-1B workers, their salaries, hours, benefits, and the length of the assignment, among other things, which has not been a normal business practice, he said.

"Not many companies are going to give such a letter to a vendor without serious reservations, which could jeopardize the business relationship," Goel said.

In large multiyear engagements, Goel said an IT consulting firm's employees will typically work in the client's offices, but the client does not oversee that person's work, benefits and pay, which is why they may be unwilling to issue such a letter. The USCIS will often deny such cases "by concluding that the H-1B employer has not proven that a job actually exists or that it will really direct and control its own worker," he said. Denials have also been issued H-1B visa extensions on these grounds, he said.

The reason the USCIS is demanding more from clients may rest with a report last fall by USCIS investigators that looked at 246 visa cases and found that about 20% had evidence of fraud or technical violations.

Among the problems the USCIS reported were workers who weren't paid the prevailing wage or who were "benched" without pay when there was no work. That report was followed earlier this year by a U.S. Justice Department action that charged a number of companies with H-1B visa-related violations. Those violations included citing the prevailing wage of a lower-paying region but assigning the worker to perform the job in a higher wage region.

Robert Deasy, director, liaison and information for the AILA, said the economy has major role in the stalled demand for H-1Bs. "Ultimately, I think it's economy driven," he said. Deasy, however, said he's not ruling out a USCIS role in the visa decline through its aggressive actions and "extraordinarily rigorous" demands for documentation that are leading to visa denials and withdrawals.

Real ID opposition sparks revisions to national driver's license standard

Widespread opposition to a 2005 bill designed to create a national standard for driver's licenses has prompted a revised version of the bill that no longer contains its most controversial provisions.

The proposed revision is called the "Providing for Additional Security in States' Identification" Act of 2009, or Pass ID Act, and was introduced in the U.S. Senate late on Monday by Senators Daniel Akaka (D-Hawaii), George Voinovich (R-Ohio), Patrick Leahy (D-VT), Jon Tester (D-MT), Max Baucus (D-MT) and Thomas Carper (D-DE).

The bill is a revised version of the Real ID Act of 2005, which was signed into law by then President Bush but the implementation of which has almost stopped amid cost concerns and fears that it could end up becoming a de facto national ID card.

Like Real ID, the proposed Pass ID is designed to give states a set of minimum standards they are required to follow when issuing driver's licenses. These include the need for issuing agencies to ensure that all individuals applying for a license have credentials that establish their identity, age, principle residence, their U.S. citizenship or their proper legal status in the country.

Pass ID requires states to establish processes for vetting the credentials presented by individuals applying for licenses, and to periodically check the legal status of individuals who have been issued licenses but are not U.S. citizens.

The proposed bill, like Real ID, requires state driver's license agencies to store digital photos of individuals to whom driver's licenses have been issued, as well as digital copies or paper copies of all supporting documents. As with Real ID, a license that is compliant with Pass ID will be machine-readable and will eventually be required for individuals to board commercial aircraft, or federal facilities such as those associated with defense or national security.

Controversial aspects cut

Pass ID also seeks to repeal some of the most controversial aspects of the Real ID bill. For instance, the proposed bill would strictly limit the official purposes for which a Pass ID credential would be required, compared with Real ID, for which no such restrictions existed. It also eliminates the requirement that all state driver's license databases be linked to each other, and that each state allow their databases to be electronically accessible by other states.

Under Pass ID states will no longer be required to authenticate birth certificates, Social Security numbers or other credentials with the issuing authority and instead are only required to "validate" them. States will also not be charged for tapping the U.S. Department of Homeland Security's (DHS) databases to verify the immigration status of an individual as they would have been under Real ID.

In addition, Pass ID seeks to limit the kind of information that a license-issuing agency should include in the machine readable portion of the license, and the purposes for which that data can be used. States will be prohibited from including Social Security numbers in the machine readable zone of a license, whereas previously there were no such limitations. Importantly, the proposed bill also requires new privacy and security safeguards for personally identifiable data.

The changes come amid a virtual rebellion by states over the implementation of Real ID, which was signed into law in conformance with the recommendations of the 9/11 commission on terrorism. So far, more than two dozen states have passed measures either rejecting or opposing the Real ID mandate including Arizona, Arkansas, Idaho, Maine, Montana, New Hampshire, South Carolina and Washington.

Last month, Oregon lawmakers joined the rebellion, approving a bill that would prohibit agencies from spending state money to implement the requirements of the Real ID Act unless the federal government reimbursed them. The bill would also prevent the state's Department of Transportation from implementing requirements of the Real ID Act unless it can demonstrate specific security controls for protecting license data.

Such protests have stemmed from what many states say is the unreasonable cost burdens of Real ID with its increased documentation, identity verification, data storage and database linking requirements.

Privacy, data security conerns

Privacy and civil rights advocates have blasted Real ID and said that it would result in the creation of a de facto national ID card that could be used to track and snoop on individuals. They have warned that the proposal to link state driver's licenses databases together would greatly increase the potential for data compromise and data theft.

As a result of such concerns, the DHS, which is the agency in charge of implementing Real ID has been pushing back compliance deadlines. After stating earlier that individuals with standard state-issued licenses would not be able to board commercial aircraft starting May 2008, the DHS now says state licenses will be acceptable as identification by federal agencies until December 2014. Individuals age 50 or older will not have to show Real ID cards until December 2017.

Today's proposed bill has received a decidedly mixed response so far. The Center for Democracy and Technology, (CDT), which in the past has expressed concern over the privacy and civil rights implications of Real ID, today welcomed the proposed legislation.

"We think it addresses the main privacy issues we had with Real ID," said Ari Schwartz, executive director of the Washington-based think tank. The removal of the database linking provision, the proposal to limit the official purposes for which the card would be needed and the changes relating to the machine readable data are all good steps, Schwartz said.

The changes effectively counter the likelihood of the card being used for tracking people, while also meeting the 9/11 commission's recommendations, he said. The decision to revise Real ID rather than repeal it altogether as some have called for is a good step, Schwartz said. "We think this was a pragmatic approach," he said.

But Janice Kephart, director of national security policy at the Center for Immigration Studies, blasted Pass ID, saying it would do nothing to improve security. "It is in fact a dumbing down of ID verification [practices]," Kephart said. "I would call in a Pass on anything ID Act."

"It would not conform at all to the 9/11 commission standard and would help terrorists get on airplanes," she said. The proposed legislation will only introduce confusion, give states money without accountability, roll back airport security and eliminate information sharing between states, she said.

The American Civil Liberties Union (ACLU), which has been an ardent critic of Real ID, today expressed dissatisfaction with the proposed bill. It said in a statement that while Pass ID included some welcome privacy protections, the legislation "could ultimately resurrect the discredited Real ID Act and become the basis for a National ID."

The statement pointed to the widespread opposition to Real ID in many states and said the law should have been repealed rather than "fixed."