iPhone apps run background checks on your date

In a move that is sure to make playboys everywhere nervous, Internet company PeopleFinders has created two iPhone applications that let users perform background checks on their potential dates. PeopleFinders President and COO Bryce Lane says his company collects data from "thousands of sources" across the country from "federal governments to the very smallest city governments." He says the company then uses algorithms to sort through the data and make comprehensive files that will give users a reliable picture of who the person is. Five qualities of a great iPhone app  The apps, known as "Stud or Dud?" and "Are They Really Single?", utilize data culled from countless public records to give users a more complete picture of whom they're going out with. From there, the data is placed in PeopleFinders' database and is put up for sale.

From there, the program gives you a list of potential matches to choose from. While both of the applications the company debuted today cost a mere $0.99 to download, users can only access records by either paying $9.95 per record or by paying an annual subscription fee of $24.95. In the case of "Stud or Dud?" users have the option of using simply by a person's first and last name, by their age and hometown, or by their phone number. Once the user thinks they've found their match, they can then access all of PeopleFinders' records on them and learn whether they own property, whether they have a stable address history, whether they've ever gone bankrupt, whether they're married or are in a possible relationship and whether they have a criminal background or are registered as a sex offender. Lane says that like any search engine, "Stud or Dud?" will work better the more information you put into it. Lane cautions, however, that the program cannot guarantee 100% that all of its information is accurate, especially in cases where the person you're searching for has a relatively common name.

If "Stud or Dud?" is meant to be a comprehensive background check, the "Are They Really Single?" app is more tailored to answering the specific question of whether someone is either married or potentially in a long-term relationship. Much like "Stud or Dud?" the app combs through thousands of marriage records, divorce records, common addresses and wedding dates to provide users with information about whether the person they're seeing is really single. It could surely make those with philandering lifestyles like that of Mad Men's Don Draper  more than a tad nervous. Lane says PeopleFinders decided to debut this application on the iPhone because it was the most popular consumer-focused device on the market and because the App Store had the greatest reach of any other application market. However, he says people should be aware that this information is all public and that anyone can find it if they're really determined. "We take people out if they request it but we really do acquire our data from purely public places," he says. "The population that calls us the most are usually the criminals who want to hide fact that they've murdered someone or something." If the application is successful in its iPhone incarnation, he says the company will explore bringing it to other mobile operating systems, such as BlackBerry or Palm's webOS. When asked about privacy issues PeopleFinders' two apps could raise, Lane says the company will take anyone out of its databases who requests to be deleted.

Data masking secures sensitive data in non-production environments

Last week's article covered the topic of protecting data in databases from the inside out. This week's article takes look at data masking, which another way to protect sensitive data, especially as it is being copied and used in the development and testing of applications.  Data masking is the process of de-identifying (masking) specific elements within data stores by applying one-way algorithms to the data. That is, watching every action involving data as it happens, and promptly halting improper actions.

The process ensures that sensitive data is replaced with realistic but not real data; for example, scrambling the digits in a Social Security number while preserving the data format. If you don't think this is important, consider what happened to Wal-Mart a few years ago. The one-way nature of the algorithm means there is no need to maintain keys to restore the data as you would with encryption or tokenization. 10 woeful tales of data gone missing Data masking is typically done while provisioning non-production environments so that copies of data created to support test and development processes are not exposing sensitive information. Wired.com reports that Wal-Mart was the victim of a serious security breach in 2005 and 2006 in which hackers targeted the development team in charge of the chain's point-of-sale system and siphoned source code and other sensitive data to a computer in Eastern Europe. Wal-Mart at the time produced some of its own software, and one team of programmers was tasked with coding the company's point-of-sale system for processing credit and debit card transactions. Many computers the hackers targeted belonged to company programmers.

This was the team the intruders targeted and successfully hacked. According to Gartner, more than 80%t of companies are using production sensitive data for non-production activities such as in-house development, outsourced or off-shored development, testing, quality assurance and pilot programs. Wal-Mart's situation may not be unique. The need for data masking is largely being driven by regulatory compliance requirements that mandate the protection of sensitive information and personally identifiable information (PII). For instance, the Data Protection Directive implemented in 1995 by the European Commission strictly regulates the processing of personal data within the European Union. U.S. regulations such as the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA) also call for protection of sensitive financial and personal data. Multinational corporations operating in Europe must observe this directive or face large fines if they are found in violation.

Worldwide, the Payment Card Industry Data Security Standard (PCI DSS) requires strict security for cardholder data. That means companies must address their use of cardholder data for quality assurance, testing, application development and outsourced systems - and not just for production systems. In order to achieve full PCI compliance, organizations must protect data in every system that uses credit card data. In the Wal-Mart case discussed above, the retailer failed to meet the PCI standard for data security by not securing data in the development environment. A lack of processes and technology to protect data in non-production environments can leave the company open to data theft or exposure and regulatory non-compliance.

Many large organizations are concerned about their risk posture in the development environment, especially as development is outsourced or sent offshore. Data masking is an effective way to reduce enterprise risk. And while encryption is a viable security measure for production data, encryption is too costly and has too much overhead to be used in non-production environments. Development and test environments are rarely as secure as production, and there's no reason developers should have access to sensitive data. Many database vendors offer a data masking tool as part of their solution suites.

An alternative solution is to use a vendor-neutral masking tool. These tools, however, tend to work only on databases from a specific vendor. Dataguise is one of the leading vendors in the nascent market of data masking. So, even if someone has copied data to a spreadsheet on his PC, dgdiscover can find it. The dataguise solution has two complementary modules. dgdiscover is a discovery tool that searches your environment (including endpoints) to find sensitive data in structured and unstructured repositories.

This can be a valuable time-saving tool as data tends to be copied to more places, especially as virtual environments grow and new application instances can be deployed on demand. dgdiscover also can be used to support audits and create awareness of data repositories. Dgmasker works in heterogeneous environments and eliminates the common practice of having DBAs create masking techniques and algorithms. The second dataguise module is dgmasker, a tool that automatically masks sensitive data using a one-way process that can't be reverse engineered. The tool preserves relational integrity between tables/remote databases and generates data that complies with your business rules for application comparability. Instead, dgmasker obfuscates the real data so that it cannot be recovered by anyone - insider or outsider - who gains access to the masked data.

In short, you have all the benefits of using your actual production data without using the real data. Data masking is an effective tool in an overall data security program. Each of these technologies plays an important role in securing data in production environments; however, for non-production environments, data masking is becoming a best practice for securing sensitive data. You can employ data masking in parallel with other data security controls such as access controls, encryption, monitoring and review/auditing.

Enterprise business again helps Juniper Networks blow past Q4 estimates

Enterprise network business once again helped drive Juniper Networks to better-than-expected quarterly results. Juniper also beat expectations in Q3 thanks in large part to its enterprise business. The company posted Q4 revenue and earnings well ahead of Wall Street expectations. Full year revenue and earnings were down from last year though, with profits dropping 22%. For the quarter ended Dec. 31, Juniper posted revenue of $941.5 million and earnings of $173.7 million.

Juniper Networks: A brief history Fourth quarter revenue increased 2% from the same period a year ago while earnings, on a per share basis, were flat. Analysts expected revenue of $885 million and earnings of slightly over $141 million, according to Thomson Financial. Early in the quarter, Juniper made what it said was the biggest announcement in its history, a wide-ranging vision and product splash in which the Cisco rival touted "The New Network." For the twelve months ended Dec. 31, Juniper's revenue decreased 7% on a year-over-year basis to $3.32 billion. We've come a long way from uncertainty of a year ago. Net income, excluding expenses, charges and other items, was $491.5 million, a 22% drop on an earnings per share basis from 2008's profit. "We finished 2009 on a very strong note," said CEO Kevin Johnson in a conference call on the results. "It's a good indication that the macro [economic] environment continues to improve. Visibility is good in the enterprise market and we continue to take share.

For the full year, it was up 11%. The company's service provider business nudged up 1% in the quarter but fell 14% for the year. Visibility is improving in service provider." Juniper's Enterprise business was up 5% in the quarter from a year ago. The shift for the company, traditionally a strong player in service provider infrastructure, indicates the increasing focus and reliance on enterprise sales for Juniper's success. The company's Service Layer Technologies group, which includes security products, among others, was up 11% in the quarter and up 3% for the year. Juniper's Infrastructure Products Group – mostly service provider routers – realized a 1% drop in sales for the quarter and was down 10% for the year.

Online test helps you self-diagnose H1N1 flu

Feeling sick? Face it, your doctor may not be able to squeeze you right in. Wondering if it's the H1N1 flu or just a regular old go-away-don't-come-near-me, flu?

But you may be able to figure it out using a Web-based self-assessment tool developed by researchers at Emory University in Atlanta. Have you been short of breath? The tool is now available on several national Web sites, including flu.gov , the Centers for Disease Control and Prevention (CDC), and Microsoft's H1N1 Response Center . The online test includes questions like, do you have a fever? Do you have a pain or pressure in your chest that you didn't have before? The H1N1 flu , also widely known as the swine flu, is a fairly new influenza virus that has spread around the world.

Were you feeling better and now a fever or cough is returning? The CDC reports that it first appeared in the United States this past April. With concerns about the new flu running high , health care providers expect to get slammed with a mounting wave of people rushing in to find out if they have the H1N1 virus. By June 11, the World Health Organization categorized it as a pandemic . Because its extremely contagious, hospitals and health care workers have been bracing for the H1N1 to hit hard this fall. The online test, dubbed the Strategy for Off-Site Rapid Triage, is designed to help a lot of people figure out if they need to see their doctor or go to a hospital. "This Web site is carefully designed to encourage those who are severely ill, and those at increased risk for serious illness, to contact their doctor, while reassuring large numbers of people with a mild illness that it is safe to recover at home," Arthur Kellermann, professor of emergency medicine and an associate dean at the Emory School of Medicine, said in a statement. "Hopefully, providing easy-to-understand information to the public will reduce the number of people who are needlessly exposed to H1N1 influenza in crowded clinic and ER waiting rooms, and allow America's doctors and nurses to focus their attention on those who need us most."

DoD: open source as good as proprietary software

The Department of Defense Tuesday clarified its stance on open source software saying it is equal to commercial software in almost all cases and by law should be considered by the agency when making technology purchase decisions. It was issued by David Wennergren, deputy CIO of the U.S. Department of Defense (DoD). In terms of guidance, the memo said OSS meets the definition of "commercial computer software" and that executive agencies are required to include open source when evaluating software that meets their computing needs. The memo was not a policy statement but instead a clarification and guidance on the use of open source software (OSS) within the agency. Top 10 Open Source Hall of Famers In addition, the memo lays out a list of open source positives, including broad peer-review that helps eliminate defects, modification rights that help speed changes when needed, a reduction in the reliance on proprietary vendors, a licensing model that facilitates quick provisioning, cost reduction in some cases, reduction in maintenance and ownership costs, and favorable characteristics for rapid prototyping and experimentation. "I would consider this a milestone day" said John Scott, director of open source software and open integration for Mercury Federal Systems, a technology consultancy to the U.S. government.

But it is not just about usage, it is also about helping create [OSS] by submitting changes back out to the public." Scott says he believes this is the first time guidance has been issued about sharing the government's own open source changes with the public. Scott helped draft some of the open source guidance contained in the memo, which took about 18 months to draft. "The [2003] policy study was OK to use, but this one goes a bit further in expanding on what open source is and why you would want to use it. The memo, an update to a 2003 DoD open source directive, clarified the use of sharing code saying there is a misconception within the agency that modifications must be released to the public. "In contrast, many open source licenses permit the user to modify OSS for internal use without being obligated to distribute source code to the public," the memo says. On the other hand, the DoD says code fixes and enhancements developed for the government should be released to the public, but only under certain conditions, such as the absence of export or other federal restrictions. It goes on to advise users to understand distribution requirements for open source licenses and mentions the GNU General Public License and its specific distribution rules. The memo also makes a distinction between freeware and open source software, which previously was the source of confusion and debate within the agency, Scott said.

In fact, Scott says from one-third to one-half of the software used inside the DoD is open source. The DoD already has open source running as part of classified and unclassified systems. The memo defines OSS as "software for which the human-readable source code is available for use, study, reuse, modification, enhancement, and redistribution by the users of that software." The DoD memo comes on the heels of the Obama Administration selecting Drupal to power its whitehouse.gov Web site Follow John on Twitter: twitter.com/johnfontana

Ballmer flogged, other execs over company meeting messages

Microsoft's acid-tongued covert blogger Mini-Microsoft offered up a report card on Thursday's all-company meeting at Seattle's Safeco Field, giving CEO Steve Ballmer   two zeros and accusing business division president Stephen Elop of "sucking the life out of the stadium." While Microsoft employees provided tepid tweets from the company meeting that pulled 20,000 of them into the baseball stadium and jammed AT&T's cellular network, Mini-Microsoft looked for signs that the company was tuned into the job at hand, understood the impact of thousands of layoffs over the past year, and how Microsoft might stem inefficiencies at the company. He must acknowledge it starkly. The evolution of Microsoft Windows Seven things to love, hate about Windows 7 CEO Ballmer was the first to disappoint, according to Mini-Microsoft, who hoped that the company leader would "come out front first, before any other Microsoft leadership, to speak the truth about the last year and where we are now.

We had layoffs. Ballmer got zeros on both counts. We had inefficiencies." Ballmer, however, didn't appear until the end, slapping hands with employees sitting close to the stage and tearing an iPhone out of an employee's hands and pretending to stomp on it. Elop faired even worse, drawing Mini-Microsoft's wrath for crushing the blogger's hope for short, sweet and powerful demos. "Elop. Baby. Steven.

Dynamics. What did I do to you to have that forced down my eyeballs? ... Geez. XRM. Really? Did anyone give you advice that this was a bad idea? If not, you're seriously lacking good reports willing to give you honest feedback." Mini-Microsoft had blogged before the confab on six hopes for the company meeting. If so, keep listening to them.

In the grading system each hope represented a point and when all was said and done the score was 1.75. "Hey, almost one-third realized," wrote Mini-Microsoft. The other hopes included "practical vision," which Mini-Microsoft graded out at .5, giving Craig Mundie, chief researcher and strategy officer, and Ray Ozzie, chief software architect, props for focusing on "practical aspects of product groups, research, and inbetween the technology transferring power of the labs groups."Mini-Microsoft's hope for short, sweet and powerful demos earned a .5. "Robbie Bach [president of the entertainment and devices division] did okay, but I can't say the demos blew me away," wrote Mini-Microsoft. Ballmer's zeros came from not coming out first to "set the context for the meeting in light of a pretty awful FY09 Q3 and Q4," and one for not giving a serious wrap up. The grade for Mini-Microsoft's hope on getting a good peek at new stuff came up .75. He called looks at Bing, Zune HD and new Laptop Hunter commercials "conservative." And the hope to see a new review system got a zero. And Mini-Microsoft had kind words for Dr. Qi Lu, formerly of Yahoo and now running Microsoft's online services group. "[He] might be my favorite techie right now. On the up side, Mini-Microsoft said he was surprised to hear COO Kevin Turner, who opened the meeting, admit that the company had over hired.

I was impressed with what he's brought together for Bing and what's coming and how he has focused the team and adopted some of the new technology that Satya [Nadella, senior vice president of research and development] was showing. Ever?" Who the hell thought we'd be feeling so good about our search decision engine?

Get the most for your gear-buying dollar

It's as inevitable as the turkey hangover the day after Thanksgiving: There's a hot new camera, game system or MP3 player everyone wants for the holidays, and that demand causes the price to stay high. There are a few things you can do to keep your tech budget in check-and nearly all of them involve the Internet. What's a budget-minded technophile to do?

As part of our annual Gear Guide, we've rounded up some tips to help you get the most out of your gift-buying dollar this holiday season. There are two handy categories of bargain-hunting sites you can follow: deal aggregators, which collect sales notices across the Web, and deal-a-day sites, which offer one item on sale daily, so long as supplies last. Do your research Use your RSS reader to keep on top of retailers' best tech deals. Some of the most useful deal aggregators are: Ben's Bargains : This site aggregates the Web's best tech deals and allows you to track specific products and vendors. Newegg.com : This vendor has a reliably varied inventory and dramatic price reductions.

Deal News : In addition to a dedicated tech deals section, the site also offers coupons for specific tech vendors, including the Apple store. Spoofee : This site isn't purely tech-oriented, but it does a great job compiling deals from Amazon, Buy.com, GoGamer and other tech retailers. And the deal-a-day sites you'll want to follow include: Apple DOD : This site offers lots of accessories and peripherals-in other words, great stocking stuffers. Stootsi : Its Apple category offers a wide variety of new and refurbished goods. Cowboom : It offers one tech-related deal per day, but don't rule out the rest of the site's inventory. New Day New Deal : There are a lot of entertainment-related deals here, from Wii accessories to multimedia speaker systems.

Deadly Deal : The site also offers giveaways; recently, visitors scored free iPod earphones. Finally, check out the inventory on refurbishment sites. Throw yourself on the mercy of strangers Alternately, you can try your luck with Craigslist or eBay. Start with Apple-under the Special Deals section of its online store, you'll find links to their refurbished Macs and iPods, as well as clearance items. Depending on how much demand there is for the product you want, you may be able to get your gadget for a substantial discount off the retail price. First, there's no guarantee that you'll be getting what's listed, and it can be a struggle to get your money back.

There are some things to keep in mind when dealing with individual sellers. Second, it's up to you to do due diligence. If you do go the Craigslist or eBay route, don't forget to ask about packaging and documentation. If the gadget you want comes with software (for example, a digital camera or a scanner), make sure the seller provides proof that they've got installation disks and a software license number so you've got a usable gadget. Think outside the (shrinkwrapped) box Finally, keep an eye out for gadgets that pack a bang for the buck. It's a definite best-in-class bargain.

For example, the Flip Mino HD videocamera (Get best current price) is a lightweight, versatile and comparatively inexpensive portable videocamera. Visit your favorite tech products-review site and see which items are lauded by the reviewers as a great deal. While a photo printer may seem like the perfect gift for the grandparents, that $89 bargain you snapped up at Best Buy will end up costing a lot more in the long run owing to ink cartridges. Finally, don't buy a gadget just for the sake of giving someone a toy to unwrap under the tree. In the case of photo-mad relatives, it might be more economical to give the gift of a Snapfish account. [Lisa Schmeiser is a freelancer writer who also runs the Dollars & Sense personal finance blog at SFGate.com.]

Online libel case stirs up free speech debate

An Illinois politician's attempt to unmask the identity of an e-mail poster who allegedly made disparaging remarks about her teenage son in an online forum is stirring a debate about free speech rights on the Internet. The paper had run a story describing a bitterly contested local election that Stone was running in. The case involves Lisa Stone, Trustee of the Village of Buffalo Grove, Il. According to a story in the Chicago Tribune , someone anonymously posted "deeply disturbing" comments about Stone's 15-year old son earlier this year in a local newspaper.

In response to that story an individual using the name Hipcheck15 posted comments that were critical of Stone. Those comments, in turn, evoked allegedly defamatory statements directed against Stone's son by Hipcheck15, the Tribune story said. The comments apparently prompted Stone's son to go online and post comments in defense of his mother. The paper did not say what exactly Hipcheck15 wrote, but it quoted Stone as describing the comments as being "vile" and "shocking." Stone did not immediately respond to an e-mailed request from Computerworld seeking comment for this story. In response to an order from the court, the paper turned in the IP address for Hipcheck15. Stone then obtained a similar order from the circuit court judge that asked Hipcheck15's Internet service provider, or ISP, to reveal the true identity of the person to whom the IP address was assigned to.

As part of an effort to file a defamation lawsuit against Hipcheck15, Stone approached the Cook County Circuit Court and asked it to order the newspaper to turn in the true identity of the poster, the Tribune said. According to the Tribune, the ISP late turned in the identity of Hipcheck15 to the court last month. Stone apparently has insisted that all she is trying to do is protect her son and other children from being similarly attacked online. A hearing is now scheduled for November 7 to decide whether the judge should provide Stone with Hipcheck15's true identity. She is hoping the case will serve as a deterrent against similar attacks.

Individuals who libel or defame others online, anonymously or otherwise, are just as exposed to lawsuits as they are in the physical world and cannot expect First Amendment rights to automatically protect them. "Saying you're a lousy professor is one thing. Eugene Volokh, professor of law at the University of California at Los Angeles' School of Law, said the case serves as another reminder that online anonymity does not automatically provide immunity against libel charges. But saying you molest 13-year olds is completely different," he said. Judges in other cases have shown a willingness to do just that if, in their opinion, the complaints had merit. Though one might use a pseudonym to conceal their true identity a court can force an ISP to unmask them in such cases, Volokh said. In a similar case earlier this year, a Texas circuit court judge ordered an online news aggregation site to turn over identifying information on 178 people who had anonymously posted allegedly defamatory comments about two individuals involved in a sexual assault case.

William Pieratt Demond, a partner at Connor & Demond PLLC, a law firm in Austin that is representing the couple, today said that the online site has since turned over information that has so far led to three people being identified as tied to the comments. The two individuals, who were acquitted of all charges, had claimed they had been subjected to intense and inarguably defamatory comments in the online forum. Libel lawsuits have been filed against all three, Demond told Computerworld today. Judges have to make the decision whether an online comment reflects just a personal opinion which is protected, or if it crosses the line and becomes defamatory. "Courts have said that because revealing a speaker's identity could end up deterring people from speaking up, we are going to require some showing whether there is a cause," he said. In the Stone case, it is hard to know how much merit her complaint has, Volokh said. Ed Yohnka, spokesman for the American Civil Liberties Union of Illinois, said the case was troubling. "We think anonymous speech on the Internet is really critical and needs to be protected," Yohnka said.

Yohnka warned against a growing tendency by corporations and individuals to use defamation claims as a way to get the courts to force ISPs to unmask anonymous online commentators. "Saying something is defamatory shouldn't be the trigger" for deciding when someone should be unmasked he said. It has traditionally been one way in which people have chosen to express themselves on political and social issues, he said. Corporations and public figures in particular need to show they have a prima facie case before they are allowed to seek the identity of an anonymous poster, Yohnka said.

Life after military service: Disabled vets chase federal IT contracts

Jerry Demony, a retired Army colonel, suffered back and other injuries during his tour of duty that left him more than 50% disabled. Veterans agency looks beyond EMC for multi-million storage deal Demony and cofounder Phillip Oakley, a 22-year Army veteran who retired as a Major, formed i3 Federal in 2005 to take advantage of a government set-aside program aimed at Service-Disabled Veteran-Owned businesses, dubbed SDVOs in federal contracting parlance. Today, Demony is a partner in i3 Federal, a Fairfax Station, Va., reseller that's winning millions of dollars in federal IT contracts each year because of this disability. Oakley is awaiting his own disability rating due to multiple injuries including skin cancer that he experienced during his military career. "We do $8 million to $10 million in sales a year," from an SDVO contract open to all federal agencies, Oakley says. "Other companies come to us to do deals because of our SDVO status.

Although federal agencies aren't meeting this 3% goal, they're still sending billions of dollars a year to firms with the SDVO designation. It definitely makes a difference for us." Since 2004, U.S. government agencies have had a statutory goal of sending 3% of their prime and subcontracts to SDVOs such as i3 Federal. The owners of SDVO firms have a range of disabilities, from having shrapnel in a leg to suffering from Agent Orange poisoning to having multiple artificial limbs. The federal SDVO program is big business. To qualify for SDVO set-aside contracts, firms must meet federal requirements as a small business and must be owned and controlled by one or more service-disabled veterans. In 2008, federal agencies awarded 215,806 contracts to SDVOs (across all industries, not just IT) for a total of $6.4 billion.

Not surprisingly, the two agencies that send the most business to SDVOs are the Department of Defense, which awarded $3.3 billion in SDVO set-aside contracts in 2008, and the Department of Veterans Affairs, which awarded $1.6 billion. The SDVO sales figure represents 1.5% of all federal contracting dollars, according to the Small Business Administration. "This program was amplified by the Bush Administration, which wanted to send more contracting dollars to small businesses whose owners were injured during active duty," explains Ray Bjorklund, senior vice president of FedSources a market research firm. The Defence Department's SDVO awards represent 1% of its overall contracting dollars, while VA's awards represent nearly 12%. "The VA has been quite successful at this program," Bjorklund says. "The VA has had an executive agent role to ensure that programs were in place to connect disabled veteran-owned businesses with government agencies." Many agencies purchase IT gear from SDVOs through a government-wide contract called Solutions for Enterprisewide Procurement (SEWP). SEWP has six SDVO firms, including i3 Federal, that are listed as prime contractors. "I3 Federal's sales are almost completely off the SEWP contract," Oakley says. To support SEWP, i3 Federal has grown to include 15 employees scattered around the country. I3 Federal resells equipment from Cisco, IBM, HP and others on the SEWP contract. More than 60% of i3 Federal's SEWP sales are to the VA. "The best thing that VA does is emphasize that 10% of all their printer purchases must go through the SEWP contract to SDVO firms," Oakley says. "The VA gets it.

The VA almost exclusively contracts with veteran-owned businesses." Another SVDO firm that's benefiting from set-aside contracts is Alvarez & Associates, a Washington, D.C., IT firm that was founded by Everett Alvarez Jr., a Naval aviator who spent more than eight years as a prisoner of war in Vietnam. What's the VA for but to support veterans? Alvarez & Associates is another prime contractor on SEWP. The VA recently awarded a $10 million storage deal off the SEWP contract to Alvarez & Associates, which in turn subcontracted the work to Vion and Hitachi Data Systems. Bob Bruce, vice president of federal sales with Vion, says winning the storage contract through Alvarez & Associates represents the company's first big deal with the VA. "It's a significant win for Vion," Bruce says. "We're Vietnam veteran owned. Vion is a systems integrator based in Washington, D.C., that is owned by Marine Corps veterans but doesn't qualify for SVDO status. The owners work in the company every day, and they are very proud of their service in the Marine Corps." The SVDO program is not without controversy.

Bjorklund points out that SDVO firms are entitled to bid on these federal set-aside contracts, even if most of the work passes through to the subcontractors. "For the large firms, it can be almost like a dating game where they are looking for an SDVO prime to pass their business through," Bjorklund says. "Sometimes, far more than 50% of the work is done by the subcontractors, and that is hurting the prime." Some observers complain about awards such as the VA's storage contract with Alvarez & Associates because the majority of the business goes to subcontractors such as Vion and Hitachi rather than to the winning SVDO firm. "When the big providers use SDVOs just to win the contract and do all the work themselves, the program works in some capacity but not the way it was intended to," Oakley admits.