cypherpunks-legacy
Threads by month
- ----- 2024 -----
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1998 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1997 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1996 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1995 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1994 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1993 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1992 -----
- December
- November
- October
- September
July 2018
- 1371 participants
- 9656 discussions
8-CALL FOR REVIEWERS: Draft NRC report on "Tools and Strategies for Protecting Kids from Pornography and Their Applicability to Other Inappropriate Internet Content."
by Herb Lin 06 Jul '18
by Herb Lin 06 Jul '18
06 Jul '18
CALL FOR REVIEWERS - PLEASE POST WIDELY
The National Research Council seeks reviewers for a draft report on its project
on "Tools and Strategies for Protecting Kids from Pornography and Their
Applicability to Other Inappropriate Internet Content." More information on
this project, including a list of committee members, can be found at <
http://www.itasnrc.org>.
Purpose of review
Every report of the National Research Council must be reviewed by a diverse
group of experts other than its authors before it may be released outside the
institution. This independent, rigorous review is a hallmark that
distinguishes
the NRC from many other organizations offering scientific and technical advice
on issues of national importance. The purpose of such review is to assist the
authors in making their report as accurate and effective as possible, and to
enhance the clarity, cogency, and credibility of the final document.
Responsibilities of reviewers
Reviewers are asked to consider whether in their judgment the evidence and
arguments presented are sound and the report is fully responsive to the study
charge, not whether they concur with the findings. Reviewers provide written
comments on any and all aspects of the draft report, and the authoring
committee
is expected to consider all review comments and to provide written responses to
those comments, either modifying the report accordingly or explaining why the
report was not modified. The committee's responses are themselves evaluated by
the National Research Council for adequacy and completeness. Note that NRC
reports have a history of changing significantly between draft and final
versions as the result of reviewer comments.
Qualifications of reviewers
Reviewers of NRC reports are selected on the basis of personal expertise in a
field or fields relevant to the subject matter of the report; a dedication to
drawing conclusions based on the analysis of data and information; sufficiently
seniority in their fields to warrant broad respect for their intellect,
fairness, and stature. Names of reviewers are made public at the time of the
report's final publication, but during the review process they are anonymous to
the committee and staff.
Confidentiality of report
Because NRC reports change as the result of review, reviewers must be
willing to
keep the draft report absolutely confidential and otherwise abide by the NRC's
guidelines for reviewing of reports.
Procedure for submitting names
Please forward nominations for reviewers (self-nominations acceptable) to
itas(a)nas.edu. The "subject" line of the e-mail should say "reviewer
nomination." Submitted nominations should include contact information,
biographies (including relevant published works, public statements, and current
or former positions of relevance), and indications of relevant expertise
and the
perspective on the subject that the nominee will bring. Note that while
the NRC
seeks nominations from a wide variety of sources, it reserves the exclusive
right to determine reviewers of its reports.
Deadline for Nominations
While nominations may be submitted at any time, nominations without the
information described above, or received after September 15, 2001, may not be
fully considered.
More information is available from the Web site of this project at <
http://www.itasnrc.org> or from
Herb Lin (Study Director), at 202-334-2605.
-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------
----- End forwarded message -----
1
0
06 Jul '18
Background from Politech archives:
"Net-sex NRC panel asks for testimony, will hold regional mtgs"
http://www.politechbot.com/p-01852.html
"Patricia Nell Warren's comments to NAS porn panel"
http://www.politechbot.com/p-01615.html
"National Academy of Sciences panel hears about porn & kids"
http://www.politechbot.com/p-01571.html
"Free speech advocates fret about NAS Net-porn commission"
http://www.politechbot.com/p-01567.html
********
1
0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ev'nin folks, time for our status update
* Index
1) 0.4.2.4 & 0.4.2.5
2) 0.5 strategy
3) naming
4) eepsite roundup
5) ???
1) 0.4.2.4 & 0.4.2.5
With last week's 0.4.2.4 release, we saw the deployment of some new
load balancing algorithms to throttle tunnel participation based on
actual bandwidth usage, along side peer profiling updates to select
peers better through a wider sample of data. This has done pretty
well at both choking tunnel participation when necessary and finding
good peers when possible.
Another major update in that release was a change to how we verify
time synchronization - rather than just checking the time sync once
during connection establishment, peers now periodically send
messages to each other with their current time, and if the time
received is too far skewed, the connection is dropped. This has
helped kick a few routers who were skewing off the net until they
recovered (which is good), and the vast majority of peers have been
quite close to 'correct' (you can see the clock skew on the
/oldconsole.jsp page)
With that, the network has been performing pretty well, but we were
still seeing the occational bulk disconnect. After some debugging
we tracked down an unintentional and wholely unnecessary DNS lookup
that occurred whenever a router sent a message to a peer who has a
hostname specified. This not only wasted time, but it wasted time
within the jobqueue - essentially injecting a whole lot of lag for
no reason. With that lookup removed, the router handled much
better under heavily congested situations, but we were still seeing
those occational bulk disconnects. After digging around in the
stats and logging, we came up with a plausible theory that explains
why those disconnects have been occurring - blaming them almost
entirely on those DNS lookups. To test that theory (and to deploy
some other goodies), we pushed out the 0.4.2.5 release this
afternoon.
We'll see how it goes.
* 2) 0.5 strategy
As the roadmap [1] says, the next planned release is 0.5, including
a revised tunnel pool and encryption/id technique. Avoiding a
big explanation (see [2], [3], [4], and a tiny bit of [5]), we will
do this in two stages - first revamp the tunnel pooling and
push that out as an interim release, debugging what is necessary,
then revamp the encryption/id stuff, pushing that out as 0.5. Oh,
and of course, once the algorithms for the pooling and encryption
updates are in pretty good shape, they'll be posted up here and on
the website for review.
Along the way though, there will probably be small bugfix releases
unrelated to the 0.5 stuff, but I don't have any specifically
planned.
[1] http://www.i2p.net/roadmap
[2] http://www.i2p.net/todo#tunnelId
[3] http://www.i2p.net/todo#ordering
[4] http://www.i2p.net/todo#tunnelLength
[5] http://www.i2p.net/todo#batching
* 3) naming
Yikes, now that I think about it, I really don't want to talk
about naming yet - just download Ragnarok's latest addressbook
app (2.0.1) from http://ragnarok.i2p/, check out susi's web
based manager at http://susi.i2p/susidns/manager, and dig
through the stats at http://orion.i2p/ and
http://susi.i2p/susisworld.html
* 4) eepsite roundup
There have been some notable developments on various eepsites worth
mentioning:
= http://frosk.i2p/ - I2PContent doc updates
= http://orion.i2p/ - new form to submit your keys to
= http://piespy.i2p/ - neat graphs of the irc channels
= http://forum.fr.i2p/ - french language forum
= http://pastebin.i2p/ - stop flooding the channels!
Of course, there have also been updates to other sites as well,
plus some other new sites - check orion.i2p and sort the list by
'last updated' to review (or just go to 'em all ;)
5) ???
I know there's lots more going on, so please, swing on by the
meeting in a few minutes and we can chat 'bout stuff.
=jr
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFByItjGnFL2th344YRAmmOAKD+HxEAK+dqseq8ZCO5pjvW4EKImQCgkfwX
1KM+uQo7D6BjHAA99DwVyS0=
=/T/b
-----END PGP SIGNATURE-----
_______________________________________________
i2p mailing list
i2p(a)i2p.net
http://i2p.dnsalias.net/mailman/listinfo/i2p
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
1
0
"After Being Cut From Norway, The Pirate Bay Returns From North Korea" or is it just BGP Tricks
by Bacon Zombie 06 Jul '18
by Bacon Zombie 06 Jul '18
06 Jul '18
The Pirate Bay have released a press release that they are now hosted
out of North Korea:
"The Pirate Bay has been hunted in many countries around the world.
....This is truly an ironic situation. We have been fighting for a
free world, and our opponents are mostly huge corporations from the
United States of America, a place where freedom and freedom of speech
is said to be held high......
...We believe that being offered our virtual asylum in Korea is a
first step of this country's changing view of access to
information......."
http://falkvinge.net/2013/03/04/after-being-cut-from-norway-the-pirate-bay-…
https://thepiratebay.se/blog/229
But there is a lot of debate on Reddit that they are not really in
North Korea and just doing some BGP trickery:
"Anyone can hijack an AS number and not cause any issues for the real
user b In this case The Pirate Bay set up a Sat dish in Phenom Penh,
Cambodia b Intelsat gives them a BGP session there.
The peer net for BGP handoff is 175.45.177.217/30, .216 is Intelsats
side and .217 is The Pirate Baybs.
One can use ANY IP they wish for these handoffs, internal, their own,
b hijackedb b In this case The Pirate Bay b hijackedb 2 IPs from the
North Korean network which does not matter for them as this is only
acessible from their side, not from the internet.
TBP then injected AS131279 as peer in the upstream table b so it does
not look like this:
AS22351 b AS51040
But instead:
AS22351 b AS131279 b AS51040
This is possible because either Intelsat does not filter BGP
announcements (unlikely) or TBP wrote a fake LOA for this AS (likely).
Now as we traceroute the TBP IP we see the /30 subnet used for the
handoff in Phenom Penh, which is why TPB says it is in North Korea b
The ICMP (ping) reply from the IP makes it seem legit but does
actually come from and entirely different network (aka the real
Star-KP network).
(Theres some more but i spare you that as it is pretty technological b
for example that AS131279 does not hand over AS51040 routes to
AS4737)."
http://www.reddit.com/r/technology/comments/19nb00/after_being_cut_from_nor…
Anybody have an input on this and able to confirm or deny the claims
of BGP Hijacking?
--
BaconZombie
LOAD "*",8,1
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
06 Jul '18
Hey guys,
I appreciate the importance and depth of this discussion. But I also
wish to underscore that most of the people who are at risk are not
using any tools whether they be CrytoCat, PGP, GChat or others for the
simple reason that they either cannot figure them out, or don't have
time to figure them out, or both. And I am talking about people at risk
in many different nations.
No doubt the functional security of tools is an indispensable,
essential concern. Ignoring any vulnerabilities is dangerous, indeed.
But the usability of the same tools and making them accessible to
non-technologists is just as big a concern, in my view. I know you guys
think that many such users including Western journalists are simply
lazy. But many, if not most of the available tools are simply not
intuitive, or not as much as most technologists who already know how to
use them seem to think.
How many people on this list have spent time asking non-technologists
and other users who have tried, but have since given up even trying to
use tools like PGP? Or have examined how new users interact with such
tools? I have a great deal of respect for this community. But to be
honest it seems to me that neither the technologists nor the donors
have spent much time asking such questions.
If a novice user make a mistake in PGP, for example, it's over. Options
are not intuitive if you don't already know them. And if you hit the
wrong button, you can end up at a deadend with no guidance how to get
back on track. Trust me. I know. And I am not trashing PGP. I know well
and fully appreciate it's value and I have used it and continue to use
it hostile environments. And I also know that users and only users can
make crucial choices during use for their own security. I get that,
too. But most digital security tools still do not do a good job of
laying out, let alone explaining the options. And I say that with
respect for the value of the tools and options themselves.
Cryptocat is one of the most user-friendly tools out there, and I think
Nadim deserves credit for the effort. Of course, the vulnerabilities
must be fixed before anyone should use it in a hostile environment.
Although the level of vulnerability might also depend on the nature of
the threat in any particular environment. But I also think we need to
spend as much time making tools accessible as we do making them secure
if we are going to reach the people who really need them. And right now
few if any of these tools are having the reach that we all agree is
needed. And that is an issue largely of usability.
I think with more constructive collaboration we would achieve both. We
need to. Thanks.
Best, Frank
Frank Smyth
Executive Director
Global Journalist Security
[1]frank(a)journalistsecurity.net
Tel. + 1 202 244 0717
Cell + 1 202 352 1736
Twitter: @JournoSecurity
Website: [2]www.journalistsecurity.net
[3]PGP Public Key
Please consider our Earth before printing this email.
Confidentiality Notice: This email and any files transmitted with it
are confidential. If you have received this email in error, please
notify the sender and delete this message and any copies. If you are
not the intended recipient, you are notified that disclosing, copying,
distributing or taking any action in reliance on the contents of this
information is strictly prohibited.
-------- Original Message --------
Subject: Re: [liberationtech] What I've learned from Cryptocat
From: Moxie Marlinspike <[4]moxie(a)thoughtcrime.org>
Date: Mon, August 06, 2012 10:29 pm
To: [5]liberationtech(a)lists.stanford.edu
On 08/06/2012 06:59 PM, Eleanor Saitta wrote:
> Except that with your harm mitigation, you push many potential users
> back to plaintext, where they are guaranteed to be owned. What
> percentage of potential cryptocat users would the plugin version have
to
> stop from using the tool for you to accept that there was a place for
> the non-plugin version?
Let's stop using the word "plaintext," because my understanding is that
none of the chat services we're speaking of transmit data in the clear.
As I see it, there are currently three possible vectors for attack with
"existing" web-based chat services:
1) SSL interception.
2) Server compromise.
3) Server operator.
The technology in CryptoCat v1 does not address any of these three
vectors, and all of them remain possible. My position is that it's
actually more susceptible to attack via #1 and #2 than existing
web-based chat solutions. I believe your position is that it improves
on vector #3 by virtue of being not-Facebook. (I'm curious how you
measure #3 in comparison to GChat.)
If we postulate that CryptoCat does improve vector #3 by virtue of
being
not-Facebook, it isn't a result of the technology, but simply that
we've
agreed Nadim has a better monitoring/interception track record than
Facebook. If that's something you think is valuable, it actually seems
like it'd potentially be better served by having someone like the EFF
or
Riseup host a web-based and SSL-protected chat service, without brining
any additional cryptography confusion into the mix. A trust project,
not a cryptography project.
Unfortunately for me, I'd rather depend on cryptography than people.
But I believe that CryptoCat is actually well positioned to drive
changes in the ecosystem that will allow them to really improve on
those
three vectors in time. I think it's difficult to experiment in public
with security tools, however, and that it's a sage decision to make a
secure solution available (CryptoCat v2) and work on reducing friction
while maintaining security from there.
- moxie
--
[6]http://www.thoughtcrime.org
_______________________________________________
liberationtech mailing list
[7]liberationtech(a)lists.stanford.edu
Should you need to change your subscription options, please go to:
[8]https://mailman.stanford.edu/mailman/listinfo/liberationtech
If you would like to receive a daily digest, click "yes" (once you
click above) next to "would you like to receive list mail batched in a
daily digest?"
You will need the user name and password you receive from the list
moderator in monthly reminders. You may ask for a reminder here:
[9]https://mailman.stanford.edu/mailman/listinfo/liberationtech
Should you need immediate assistance, please contact the list
moderator.
Please don't forget to follow us on
[10]http://twitter.com/#!/Liberationtech
References
1. mailto:frank@journalistsecurity.net
2. http://www.journalistsecurity.net/
3. http://www.journalistsecurity.net/franks-pgp-public-key
4. mailto:moxie@thoughtcrime.org
5. mailto:liberationtech@lists.stanford.edu
6. http://www.thoughtcrime.org/
7. mailto:liberationtech@lists.stanford.edu
8. https://mailman.stanford.edu/mailman/listinfo/liberationtech
9. https://mailman.stanford.edu/mailman/listinfo/liberationtech
10. http://twitter.com/#!/Liberationtech
_______________________________________________
liberationtech mailing list
liberationtech(a)lists.stanford.edu
Should you need to change your subscription options, please go to:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Should you need immediate assistance, please contact the list moderator.
Please don't forget to follow us on http://twitter.com/#!/Liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
*** September Project Update ***
After a busy summer season of meetings and project development, a number of
FSTC projects are poised to launch, as well as a strong pipeline in
development. Our Standing Committees (SCOMs), especially those in Business
Continuity, Security, and Check Imaging and Truncation, continue to broaden
their participation, and build upon a foundation of dialog and action that
leads to FSTC projects. In the past few weeks, we issued two new calls for
participation: e-Authentication Proof-of-Concept, and Business Continuity
Compliance and Status Reporting. See http://fstc.org/projects/new.cfm .
In addition, we have recently completed projects in Image Quality and
Usability Assurance Phase I, Technology Recovery Best Practices, and
Survivability of Check Security Features. Details on these recent projects
can be found at: http://fstc.org/projects/past.cfm .
FSTC provides an action-oriented, collaborative forum for our members to
address shared business opportunities and challenges through technology
projects and knowledge-sharing. We view our projects as our core activity,
and one of the key benefits of FSTC membership is eligibility to participate
in these projects. In our efforts to keep our members and friends
up-to-date on the latest developments in these active and developing
initiatives, we provide our colleagues this periodic project update As
always, please contact me or Zach Tumin, FSTC Executive Director, for more
information. Or visit our website at http://fstc.org.
Active Projects:
1. Counter-Phishing Phase I
Projects in Formation:
1. e-Authentication: Business and Technology Proof-of-Concept (call for
participation issued 9/8)
2. Business Continuity: Compliance and Status Reporting (call for
participation issued 9/8)
Projects in Development:
1. Image Quality and Usability Assurance Phase II
2. Survivability of Check Security Features Phase II
3. Treasury Services Integration: Data Exchange and Customer Connectivity
through Web Services
4. Transformation to Open Mission Critical Systems
5. Minimum Essential Finance (MEF)
______________
ACTIVE PROJECTS:
1. Counter-Phishing Phase I (launched July 2004, expected to complete in
December)
http://fstc.org/projects/counter-phishing-phase-1/
FSTC has launched a phased initiative to address the problem of phishing and
related threats in financial services, as it affects the relationship
between customer and firm. In collaboration with other industry groups,
FSTC will focus on defining the unique technical and operating requirements
of financial institutions (FIs) for counter-phishing measures; investigating
counter-phishing technical solutions, proving and piloting solution sets
enabled by technology to determine their fit against FI criteria and
requirements; and clarifying the infrastructure fit, requirements, and
impact of these technologies when deployed in concert with customer
education, enforcement, and other industry initiatives. The benefits to
participants are: industry-vetted due diligence and scaling of the current
problem and its future evolution; insight into peer institution strategies
and assessments; and definition of an industry response that may be best
undertaken with collaboration between key industry segments.
12 financial institutions and over 15 technology companies are participating
in the 5-month first phase. This project originates from the Security SCOM:
co-chaired by Mike McCormick of Wells Fargo, and Mike Versace of NEC.
Please contact FSTC Managing Executive Gene Neyer for more information
(gene.neyer(a)fstc.org) (http://fstc.org/advisory/security.cfm)
______________
PROJECTS IN FORMATION:
1. e-Authentication: Business and Technology Proof-of-Concept (call for
participation issued 9/8/04)
http://fstc.org/projects/new.cfm#eauth
This 5-month project will assess the viability of the potential business
opportunity that exists for financial institutions to leverage their online
customer relationships and provide an authentication service to government
agencies, and to integrate these services into financial institutions'
online applications. FSTC, jointly with the GSA's E-Authentication
Initiative Project Management Office (EAI PMO), propose to launch a
three-track project to ascertain the business model, legal framework, and
technical viability of using institutions' identity credentials to permit
consumers and businesses to access secure online government applications.
The GSA is funding the business track of the initiative. There is no cost to
financial institutions, and a $5,000 fee for associate and advisory members.
In addition, a resource commitment is required for all participants, as
outlined in the prospectus. Participation commitments are requested by Sept
24th, and the target kickoff is the week of October 4th.
______________
2. Business Continuity: Compliance and Status Reporting (call for
participation issued 9/8/04)
http://fstc.org/projects/new.cfm#compliance
The FSTC Business Continuity Standing Committee proposes an initiative to
assist the financial industry in coming to a common understanding on the
meaning of continuity regulation, prioritization of compliance related
activities, and creating efficiencies in documenting regulatory compliance
status. To establish a clear understanding of the regulatory environment, a
list of continuity related guidance will be pulled together along with the
name of the agency responsible. Each regulation will be reviewed and a
clearly worded summary of the continuity requirements will be developed.
Where possible the regulatory agencies will be contacted for clarification
on specific points. Common themes and requirements will be documented and
prioritized.
>From the continuity regulation summary, a questionnaire will be developed
which will allow a FI to provide or collect continuity compliance status.
The project will focus on providing straight forward interpretations of what
is needed for an FI to comply with current regulations.
This project is sponsored by the Business Continuity SCOM, co-chaired by Tom
Hirsch of US Bank, and Damian Walch of IBM. Please contact FSTC Managing
Executive Charles Wallen for more information (charles.wallen(a)fstc.org)
______________
PROJECTS IN DEVELOPMENT:
1. Image Quality and Usability Assurance: Phase II (proposal being
finalized)
http://fstc.org/projects/new.cfm#iqa2
In Phase I, more than 20 companies, representing 2/3 of US check volume,
most major vendors, and key industry associations, undertook a 90-day effort
to assess the impact of poor quality check images, and defined 16 technical
metrics and 4 usability levels that can be used to measure image quality and
usability in a standard and interoperable way. The findings of the Phase I
project team justified further development, to test these metrics in a
real-world scenario, on millions of images, to determine the quantitative
thresholds for the 16 metrics that will define a minimum baseline "standard"
for acceptable quality images for the industry.
The business objectives are to maximize efficiencies, cost savings, and
ensure strong adoption of image exchange. The project will undertake a
robust, "real-world" analysis and test to provide actionable specifications
and direction to the industry to allow financial institutions, technology
vendors, standards organizations, and other key partners to collectively
implement baseline image quality and usability through industry
collaboration under the FSTC umbrella.
This project originates from the Check Truncation SIG
(http://fstc.org/advisory/check-truncation.cfm) co-chaired by Katrina
Brown, Wells Fargo; Glen Ulrich, US Bank; and Ian Goodall, NCR. A call for
participation is expected during the month of September.
______________
2. Survivability of Check Security Features Phase II
As a follow-on to the recently completed Phase I
(http://fstc.org/projects/csf/) this initiative will seek to develop
interoperability specifications for automated security feature verification
engines. As a growing number of vendors offer security features targeted at
surviving the imaging process, institutions face a growing number of
proprietary verification engines that must be installed and configured to
validate these features during processing. The objective of this initiative
is to make is less expensive and easier to manage the implementation of
these security feature verification products.
This project originates from the Check Truncation SIG
(http://fstc.org/advisory/check-truncation.cfm) More information on this
project will be published in the next month or so.
______________
3. Treasury Services Integration: Data Exchange and Customer Connectivity
through Web Services (on hold)
http://fstc.org/projects/new.cfm#tsi
As a potential Phase II following the previous Web Services for Corporate
Cash Management effort, a core group of FSTC institutions and technology
companies have defined key business objectives and deliverables for a
discovery phase, and subsequent pilot-level project utilizing Web Services
in the Treasury Services / Cash Management area. The project, as it
currently stands, will seek to further develop the Phase I set of web
services and associated definitions to create new and open-standards-based
connectivity options between banks, and between banks and their customers.
The business goals are to enable standards-based "plug-and-play" integration
capabilities between institutions and customer platforms, whether ERP,
Treasury Work Station (TWS), or desktop.
A core group of financial institutions and technology companies has
committed to launching this initiative in the second half of 2004. This
project is considered on-hold until later this year.
______________
4. Transformation to Open Mission Critical Systems
The transformation of systems from higher cost or proprietary delivery to
open systems is one of the most hotly debated and discussed topics in
financial services IT. While there is great promise in the flexibility and
efficiencies gained, there is also risk and cost. An FSTC project will soon
form up to determine answers to such key questions as, "Are those
transformations viable?" and "What are the costs and processes by which a
successful transformation program will be run?" The vision of this
initiative is to bring together financial institutions to investigate the
needs, processes, best practices, technology issues, risk factors,
organizational issues and lessons-learned for transformation projects which
move core business processes from legacy IT assets to open systems. We will
provide additional details shortly. If you are interested in joining an
interest group around this topic, please contact us.
______________
5. Minimum Essential Finance (MEF)
In its early stages, FSTC and its members are in dialog with numerous
government and industry organizations to explore interest in an initiative
to identify the minimum essential elements of our financial system, and to
develop a plan and process to ensure that it remains operational in the
event of a disruption to normal operations. A workshop is currently being
planned for this fall for multiple public and private sector organizations
to develop this concept further. If you are interested in joining this
dialog, please contact Zach Tumin at zachary.tumin(a)fstc.org .
______________
##
----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://ls.fstc.org/subscriber>
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
1
0
*** September Project Update ***
After a busy summer season of meetings and project development, a number of
FSTC projects are poised to launch, as well as a strong pipeline in
development. Our Standing Committees (SCOMs), especially those in Business
Continuity, Security, and Check Imaging and Truncation, continue to broaden
their participation, and build upon a foundation of dialog and action that
leads to FSTC projects. In the past few weeks, we issued two new calls for
participation: e-Authentication Proof-of-Concept, and Business Continuity
Compliance and Status Reporting. See http://fstc.org/projects/new.cfm .
In addition, we have recently completed projects in Image Quality and
Usability Assurance Phase I, Technology Recovery Best Practices, and
Survivability of Check Security Features. Details on these recent projects
can be found at: http://fstc.org/projects/past.cfm .
FSTC provides an action-oriented, collaborative forum for our members to
address shared business opportunities and challenges through technology
projects and knowledge-sharing. We view our projects as our core activity,
and one of the key benefits of FSTC membership is eligibility to participate
in these projects. In our efforts to keep our members and friends
up-to-date on the latest developments in these active and developing
initiatives, we provide our colleagues this periodic project update As
always, please contact me or Zach Tumin, FSTC Executive Director, for more
information. Or visit our website at http://fstc.org.
Active Projects:
1. Counter-Phishing Phase I
Projects in Formation:
1. e-Authentication: Business and Technology Proof-of-Concept (call for
participation issued 9/8)
2. Business Continuity: Compliance and Status Reporting (call for
participation issued 9/8)
Projects in Development:
1. Image Quality and Usability Assurance Phase II
2. Survivability of Check Security Features Phase II
3. Treasury Services Integration: Data Exchange and Customer Connectivity
through Web Services
4. Transformation to Open Mission Critical Systems
5. Minimum Essential Finance (MEF)
______________
ACTIVE PROJECTS:
1. Counter-Phishing Phase I (launched July 2004, expected to complete in
December)
http://fstc.org/projects/counter-phishing-phase-1/
FSTC has launched a phased initiative to address the problem of phishing and
related threats in financial services, as it affects the relationship
between customer and firm. In collaboration with other industry groups,
FSTC will focus on defining the unique technical and operating requirements
of financial institutions (FIs) for counter-phishing measures; investigating
counter-phishing technical solutions, proving and piloting solution sets
enabled by technology to determine their fit against FI criteria and
requirements; and clarifying the infrastructure fit, requirements, and
impact of these technologies when deployed in concert with customer
education, enforcement, and other industry initiatives. The benefits to
participants are: industry-vetted due diligence and scaling of the current
problem and its future evolution; insight into peer institution strategies
and assessments; and definition of an industry response that may be best
undertaken with collaboration between key industry segments.
12 financial institutions and over 15 technology companies are participating
in the 5-month first phase. This project originates from the Security SCOM:
co-chaired by Mike McCormick of Wells Fargo, and Mike Versace of NEC.
Please contact FSTC Managing Executive Gene Neyer for more information
(gene.neyer(a)fstc.org) (http://fstc.org/advisory/security.cfm)
______________
PROJECTS IN FORMATION:
1. e-Authentication: Business and Technology Proof-of-Concept (call for
participation issued 9/8/04)
http://fstc.org/projects/new.cfm#eauth
This 5-month project will assess the viability of the potential business
opportunity that exists for financial institutions to leverage their online
customer relationships and provide an authentication service to government
agencies, and to integrate these services into financial institutions'
online applications. FSTC, jointly with the GSA's E-Authentication
Initiative Project Management Office (EAI PMO), propose to launch a
three-track project to ascertain the business model, legal framework, and
technical viability of using institutions' identity credentials to permit
consumers and businesses to access secure online government applications.
The GSA is funding the business track of the initiative. There is no cost to
financial institutions, and a $5,000 fee for associate and advisory members.
In addition, a resource commitment is required for all participants, as
outlined in the prospectus. Participation commitments are requested by Sept
24th, and the target kickoff is the week of October 4th.
______________
2. Business Continuity: Compliance and Status Reporting (call for
participation issued 9/8/04)
http://fstc.org/projects/new.cfm#compliance
The FSTC Business Continuity Standing Committee proposes an initiative to
assist the financial industry in coming to a common understanding on the
meaning of continuity regulation, prioritization of compliance related
activities, and creating efficiencies in documenting regulatory compliance
status. To establish a clear understanding of the regulatory environment, a
list of continuity related guidance will be pulled together along with the
name of the agency responsible. Each regulation will be reviewed and a
clearly worded summary of the continuity requirements will be developed.
Where possible the regulatory agencies will be contacted for clarification
on specific points. Common themes and requirements will be documented and
prioritized.
>From the continuity regulation summary, a questionnaire will be developed
which will allow a FI to provide or collect continuity compliance status.
The project will focus on providing straight forward interpretations of what
is needed for an FI to comply with current regulations.
This project is sponsored by the Business Continuity SCOM, co-chaired by Tom
Hirsch of US Bank, and Damian Walch of IBM. Please contact FSTC Managing
Executive Charles Wallen for more information (charles.wallen(a)fstc.org)
______________
PROJECTS IN DEVELOPMENT:
1. Image Quality and Usability Assurance: Phase II (proposal being
finalized)
http://fstc.org/projects/new.cfm#iqa2
In Phase I, more than 20 companies, representing 2/3 of US check volume,
most major vendors, and key industry associations, undertook a 90-day effort
to assess the impact of poor quality check images, and defined 16 technical
metrics and 4 usability levels that can be used to measure image quality and
usability in a standard and interoperable way. The findings of the Phase I
project team justified further development, to test these metrics in a
real-world scenario, on millions of images, to determine the quantitative
thresholds for the 16 metrics that will define a minimum baseline "standard"
for acceptable quality images for the industry.
The business objectives are to maximize efficiencies, cost savings, and
ensure strong adoption of image exchange. The project will undertake a
robust, "real-world" analysis and test to provide actionable specifications
and direction to the industry to allow financial institutions, technology
vendors, standards organizations, and other key partners to collectively
implement baseline image quality and usability through industry
collaboration under the FSTC umbrella.
This project originates from the Check Truncation SIG
(http://fstc.org/advisory/check-truncation.cfm) co-chaired by Katrina
Brown, Wells Fargo; Glen Ulrich, US Bank; and Ian Goodall, NCR. A call for
participation is expected during the month of September.
______________
2. Survivability of Check Security Features Phase II
As a follow-on to the recently completed Phase I
(http://fstc.org/projects/csf/) this initiative will seek to develop
interoperability specifications for automated security feature verification
engines. As a growing number of vendors offer security features targeted at
surviving the imaging process, institutions face a growing number of
proprietary verification engines that must be installed and configured to
validate these features during processing. The objective of this initiative
is to make is less expensive and easier to manage the implementation of
these security feature verification products.
This project originates from the Check Truncation SIG
(http://fstc.org/advisory/check-truncation.cfm) More information on this
project will be published in the next month or so.
______________
3. Treasury Services Integration: Data Exchange and Customer Connectivity
through Web Services (on hold)
http://fstc.org/projects/new.cfm#tsi
As a potential Phase II following the previous Web Services for Corporate
Cash Management effort, a core group of FSTC institutions and technology
companies have defined key business objectives and deliverables for a
discovery phase, and subsequent pilot-level project utilizing Web Services
in the Treasury Services / Cash Management area. The project, as it
currently stands, will seek to further develop the Phase I set of web
services and associated definitions to create new and open-standards-based
connectivity options between banks, and between banks and their customers.
The business goals are to enable standards-based "plug-and-play" integration
capabilities between institutions and customer platforms, whether ERP,
Treasury Work Station (TWS), or desktop.
A core group of financial institutions and technology companies has
committed to launching this initiative in the second half of 2004. This
project is considered on-hold until later this year.
______________
4. Transformation to Open Mission Critical Systems
The transformation of systems from higher cost or proprietary delivery to
open systems is one of the most hotly debated and discussed topics in
financial services IT. While there is great promise in the flexibility and
efficiencies gained, there is also risk and cost. An FSTC project will soon
form up to determine answers to such key questions as, "Are those
transformations viable?" and "What are the costs and processes by which a
successful transformation program will be run?" The vision of this
initiative is to bring together financial institutions to investigate the
needs, processes, best practices, technology issues, risk factors,
organizational issues and lessons-learned for transformation projects which
move core business processes from legacy IT assets to open systems. We will
provide additional details shortly. If you are interested in joining an
interest group around this topic, please contact us.
______________
5. Minimum Essential Finance (MEF)
In its early stages, FSTC and its members are in dialog with numerous
government and industry organizations to explore interest in an initiative
to identify the minimum essential elements of our financial system, and to
develop a plan and process to ensure that it remains operational in the
event of a disruption to normal operations. A workshop is currently being
planned for this fall for multiple public and private sector organizations
to develop this concept further. If you are interested in joining this
dialog, please contact Zach Tumin at zachary.tumin(a)fstc.org .
______________
##
----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://ls.fstc.org/subscriber>
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
1
0
*** September Project Update ***
After a busy summer season of meetings and project development, a number of
FSTC projects are poised to launch, as well as a strong pipeline in
development. Our Standing Committees (SCOMs), especially those in Business
Continuity, Security, and Check Imaging and Truncation, continue to broaden
their participation, and build upon a foundation of dialog and action that
leads to FSTC projects. In the past few weeks, we issued two new calls for
participation: e-Authentication Proof-of-Concept, and Business Continuity
Compliance and Status Reporting. See http://fstc.org/projects/new.cfm .
In addition, we have recently completed projects in Image Quality and
Usability Assurance Phase I, Technology Recovery Best Practices, and
Survivability of Check Security Features. Details on these recent projects
can be found at: http://fstc.org/projects/past.cfm .
FSTC provides an action-oriented, collaborative forum for our members to
address shared business opportunities and challenges through technology
projects and knowledge-sharing. We view our projects as our core activity,
and one of the key benefits of FSTC membership is eligibility to participate
in these projects. In our efforts to keep our members and friends
up-to-date on the latest developments in these active and developing
initiatives, we provide our colleagues this periodic project update As
always, please contact me or Zach Tumin, FSTC Executive Director, for more
information. Or visit our website at http://fstc.org.
Active Projects:
1. Counter-Phishing Phase I
Projects in Formation:
1. e-Authentication: Business and Technology Proof-of-Concept (call for
participation issued 9/8)
2. Business Continuity: Compliance and Status Reporting (call for
participation issued 9/8)
Projects in Development:
1. Image Quality and Usability Assurance Phase II
2. Survivability of Check Security Features Phase II
3. Treasury Services Integration: Data Exchange and Customer Connectivity
through Web Services
4. Transformation to Open Mission Critical Systems
5. Minimum Essential Finance (MEF)
______________
ACTIVE PROJECTS:
1. Counter-Phishing Phase I (launched July 2004, expected to complete in
December)
http://fstc.org/projects/counter-phishing-phase-1/
FSTC has launched a phased initiative to address the problem of phishing and
related threats in financial services, as it affects the relationship
between customer and firm. In collaboration with other industry groups,
FSTC will focus on defining the unique technical and operating requirements
of financial institutions (FIs) for counter-phishing measures; investigating
counter-phishing technical solutions, proving and piloting solution sets
enabled by technology to determine their fit against FI criteria and
requirements; and clarifying the infrastructure fit, requirements, and
impact of these technologies when deployed in concert with customer
education, enforcement, and other industry initiatives. The benefits to
participants are: industry-vetted due diligence and scaling of the current
problem and its future evolution; insight into peer institution strategies
and assessments; and definition of an industry response that may be best
undertaken with collaboration between key industry segments.
12 financial institutions and over 15 technology companies are participating
in the 5-month first phase. This project originates from the Security SCOM:
co-chaired by Mike McCormick of Wells Fargo, and Mike Versace of NEC.
Please contact FSTC Managing Executive Gene Neyer for more information
(gene.neyer(a)fstc.org) (http://fstc.org/advisory/security.cfm)
______________
PROJECTS IN FORMATION:
1. e-Authentication: Business and Technology Proof-of-Concept (call for
participation issued 9/8/04)
http://fstc.org/projects/new.cfm#eauth
This 5-month project will assess the viability of the potential business
opportunity that exists for financial institutions to leverage their online
customer relationships and provide an authentication service to government
agencies, and to integrate these services into financial institutions'
online applications. FSTC, jointly with the GSA's E-Authentication
Initiative Project Management Office (EAI PMO), propose to launch a
three-track project to ascertain the business model, legal framework, and
technical viability of using institutions' identity credentials to permit
consumers and businesses to access secure online government applications.
The GSA is funding the business track of the initiative. There is no cost to
financial institutions, and a $5,000 fee for associate and advisory members.
In addition, a resource commitment is required for all participants, as
outlined in the prospectus. Participation commitments are requested by Sept
24th, and the target kickoff is the week of October 4th.
______________
2. Business Continuity: Compliance and Status Reporting (call for
participation issued 9/8/04)
http://fstc.org/projects/new.cfm#compliance
The FSTC Business Continuity Standing Committee proposes an initiative to
assist the financial industry in coming to a common understanding on the
meaning of continuity regulation, prioritization of compliance related
activities, and creating efficiencies in documenting regulatory compliance
status. To establish a clear understanding of the regulatory environment, a
list of continuity related guidance will be pulled together along with the
name of the agency responsible. Each regulation will be reviewed and a
clearly worded summary of the continuity requirements will be developed.
Where possible the regulatory agencies will be contacted for clarification
on specific points. Common themes and requirements will be documented and
prioritized.
>From the continuity regulation summary, a questionnaire will be developed
which will allow a FI to provide or collect continuity compliance status.
The project will focus on providing straight forward interpretations of what
is needed for an FI to comply with current regulations.
This project is sponsored by the Business Continuity SCOM, co-chaired by Tom
Hirsch of US Bank, and Damian Walch of IBM. Please contact FSTC Managing
Executive Charles Wallen for more information (charles.wallen(a)fstc.org)
______________
PROJECTS IN DEVELOPMENT:
1. Image Quality and Usability Assurance: Phase II (proposal being
finalized)
http://fstc.org/projects/new.cfm#iqa2
In Phase I, more than 20 companies, representing 2/3 of US check volume,
most major vendors, and key industry associations, undertook a 90-day effort
to assess the impact of poor quality check images, and defined 16 technical
metrics and 4 usability levels that can be used to measure image quality and
usability in a standard and interoperable way. The findings of the Phase I
project team justified further development, to test these metrics in a
real-world scenario, on millions of images, to determine the quantitative
thresholds for the 16 metrics that will define a minimum baseline "standard"
for acceptable quality images for the industry.
The business objectives are to maximize efficiencies, cost savings, and
ensure strong adoption of image exchange. The project will undertake a
robust, "real-world" analysis and test to provide actionable specifications
and direction to the industry to allow financial institutions, technology
vendors, standards organizations, and other key partners to collectively
implement baseline image quality and usability through industry
collaboration under the FSTC umbrella.
This project originates from the Check Truncation SIG
(http://fstc.org/advisory/check-truncation.cfm) co-chaired by Katrina
Brown, Wells Fargo; Glen Ulrich, US Bank; and Ian Goodall, NCR. A call for
participation is expected during the month of September.
______________
2. Survivability of Check Security Features Phase II
As a follow-on to the recently completed Phase I
(http://fstc.org/projects/csf/) this initiative will seek to develop
interoperability specifications for automated security feature verification
engines. As a growing number of vendors offer security features targeted at
surviving the imaging process, institutions face a growing number of
proprietary verification engines that must be installed and configured to
validate these features during processing. The objective of this initiative
is to make is less expensive and easier to manage the implementation of
these security feature verification products.
This project originates from the Check Truncation SIG
(http://fstc.org/advisory/check-truncation.cfm) More information on this
project will be published in the next month or so.
______________
3. Treasury Services Integration: Data Exchange and Customer Connectivity
through Web Services (on hold)
http://fstc.org/projects/new.cfm#tsi
As a potential Phase II following the previous Web Services for Corporate
Cash Management effort, a core group of FSTC institutions and technology
companies have defined key business objectives and deliverables for a
discovery phase, and subsequent pilot-level project utilizing Web Services
in the Treasury Services / Cash Management area. The project, as it
currently stands, will seek to further develop the Phase I set of web
services and associated definitions to create new and open-standards-based
connectivity options between banks, and between banks and their customers.
The business goals are to enable standards-based "plug-and-play" integration
capabilities between institutions and customer platforms, whether ERP,
Treasury Work Station (TWS), or desktop.
A core group of financial institutions and technology companies has
committed to launching this initiative in the second half of 2004. This
project is considered on-hold until later this year.
______________
4. Transformation to Open Mission Critical Systems
The transformation of systems from higher cost or proprietary delivery to
open systems is one of the most hotly debated and discussed topics in
financial services IT. While there is great promise in the flexibility and
efficiencies gained, there is also risk and cost. An FSTC project will soon
form up to determine answers to such key questions as, "Are those
transformations viable?" and "What are the costs and processes by which a
successful transformation program will be run?" The vision of this
initiative is to bring together financial institutions to investigate the
needs, processes, best practices, technology issues, risk factors,
organizational issues and lessons-learned for transformation projects which
move core business processes from legacy IT assets to open systems. We will
provide additional details shortly. If you are interested in joining an
interest group around this topic, please contact us.
______________
5. Minimum Essential Finance (MEF)
In its early stages, FSTC and its members are in dialog with numerous
government and industry organizations to explore interest in an initiative
to identify the minimum essential elements of our financial system, and to
develop a plan and process to ensure that it remains operational in the
event of a disruption to normal operations. A workshop is currently being
planned for this fall for multiple public and private sector organizations
to develop this concept further. If you are interested in joining this
dialog, please contact Zach Tumin at zachary.tumin(a)fstc.org .
______________
##
----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://ls.fstc.org/subscriber>
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
1
0
*** September Project Update ***
After a busy summer season of meetings and project development, a number of
FSTC projects are poised to launch, as well as a strong pipeline in
development. Our Standing Committees (SCOMs), especially those in Business
Continuity, Security, and Check Imaging and Truncation, continue to broaden
their participation, and build upon a foundation of dialog and action that
leads to FSTC projects. In the past few weeks, we issued two new calls for
participation: e-Authentication Proof-of-Concept, and Business Continuity
Compliance and Status Reporting. See http://fstc.org/projects/new.cfm .
In addition, we have recently completed projects in Image Quality and
Usability Assurance Phase I, Technology Recovery Best Practices, and
Survivability of Check Security Features. Details on these recent projects
can be found at: http://fstc.org/projects/past.cfm .
FSTC provides an action-oriented, collaborative forum for our members to
address shared business opportunities and challenges through technology
projects and knowledge-sharing. We view our projects as our core activity,
and one of the key benefits of FSTC membership is eligibility to participate
in these projects. In our efforts to keep our members and friends
up-to-date on the latest developments in these active and developing
initiatives, we provide our colleagues this periodic project update As
always, please contact me or Zach Tumin, FSTC Executive Director, for more
information. Or visit our website at http://fstc.org.
Active Projects:
1. Counter-Phishing Phase I
Projects in Formation:
1. e-Authentication: Business and Technology Proof-of-Concept (call for
participation issued 9/8)
2. Business Continuity: Compliance and Status Reporting (call for
participation issued 9/8)
Projects in Development:
1. Image Quality and Usability Assurance Phase II
2. Survivability of Check Security Features Phase II
3. Treasury Services Integration: Data Exchange and Customer Connectivity
through Web Services
4. Transformation to Open Mission Critical Systems
5. Minimum Essential Finance (MEF)
______________
ACTIVE PROJECTS:
1. Counter-Phishing Phase I (launched July 2004, expected to complete in
December)
http://fstc.org/projects/counter-phishing-phase-1/
FSTC has launched a phased initiative to address the problem of phishing and
related threats in financial services, as it affects the relationship
between customer and firm. In collaboration with other industry groups,
FSTC will focus on defining the unique technical and operating requirements
of financial institutions (FIs) for counter-phishing measures; investigating
counter-phishing technical solutions, proving and piloting solution sets
enabled by technology to determine their fit against FI criteria and
requirements; and clarifying the infrastructure fit, requirements, and
impact of these technologies when deployed in concert with customer
education, enforcement, and other industry initiatives. The benefits to
participants are: industry-vetted due diligence and scaling of the current
problem and its future evolution; insight into peer institution strategies
and assessments; and definition of an industry response that may be best
undertaken with collaboration between key industry segments.
12 financial institutions and over 15 technology companies are participating
in the 5-month first phase. This project originates from the Security SCOM:
co-chaired by Mike McCormick of Wells Fargo, and Mike Versace of NEC.
Please contact FSTC Managing Executive Gene Neyer for more information
(gene.neyer(a)fstc.org) (http://fstc.org/advisory/security.cfm)
______________
PROJECTS IN FORMATION:
1. e-Authentication: Business and Technology Proof-of-Concept (call for
participation issued 9/8/04)
http://fstc.org/projects/new.cfm#eauth
This 5-month project will assess the viability of the potential business
opportunity that exists for financial institutions to leverage their online
customer relationships and provide an authentication service to government
agencies, and to integrate these services into financial institutions'
online applications. FSTC, jointly with the GSA's E-Authentication
Initiative Project Management Office (EAI PMO), propose to launch a
three-track project to ascertain the business model, legal framework, and
technical viability of using institutions' identity credentials to permit
consumers and businesses to access secure online government applications.
The GSA is funding the business track of the initiative. There is no cost to
financial institutions, and a $5,000 fee for associate and advisory members.
In addition, a resource commitment is required for all participants, as
outlined in the prospectus. Participation commitments are requested by Sept
24th, and the target kickoff is the week of October 4th.
______________
2. Business Continuity: Compliance and Status Reporting (call for
participation issued 9/8/04)
http://fstc.org/projects/new.cfm#compliance
The FSTC Business Continuity Standing Committee proposes an initiative to
assist the financial industry in coming to a common understanding on the
meaning of continuity regulation, prioritization of compliance related
activities, and creating efficiencies in documenting regulatory compliance
status. To establish a clear understanding of the regulatory environment, a
list of continuity related guidance will be pulled together along with the
name of the agency responsible. Each regulation will be reviewed and a
clearly worded summary of the continuity requirements will be developed.
Where possible the regulatory agencies will be contacted for clarification
on specific points. Common themes and requirements will be documented and
prioritized.
>From the continuity regulation summary, a questionnaire will be developed
which will allow a FI to provide or collect continuity compliance status.
The project will focus on providing straight forward interpretations of what
is needed for an FI to comply with current regulations.
This project is sponsored by the Business Continuity SCOM, co-chaired by Tom
Hirsch of US Bank, and Damian Walch of IBM. Please contact FSTC Managing
Executive Charles Wallen for more information (charles.wallen(a)fstc.org)
______________
PROJECTS IN DEVELOPMENT:
1. Image Quality and Usability Assurance: Phase II (proposal being
finalized)
http://fstc.org/projects/new.cfm#iqa2
In Phase I, more than 20 companies, representing 2/3 of US check volume,
most major vendors, and key industry associations, undertook a 90-day effort
to assess the impact of poor quality check images, and defined 16 technical
metrics and 4 usability levels that can be used to measure image quality and
usability in a standard and interoperable way. The findings of the Phase I
project team justified further development, to test these metrics in a
real-world scenario, on millions of images, to determine the quantitative
thresholds for the 16 metrics that will define a minimum baseline "standard"
for acceptable quality images for the industry.
The business objectives are to maximize efficiencies, cost savings, and
ensure strong adoption of image exchange. The project will undertake a
robust, "real-world" analysis and test to provide actionable specifications
and direction to the industry to allow financial institutions, technology
vendors, standards organizations, and other key partners to collectively
implement baseline image quality and usability through industry
collaboration under the FSTC umbrella.
This project originates from the Check Truncation SIG
(http://fstc.org/advisory/check-truncation.cfm) co-chaired by Katrina
Brown, Wells Fargo; Glen Ulrich, US Bank; and Ian Goodall, NCR. A call for
participation is expected during the month of September.
______________
2. Survivability of Check Security Features Phase II
As a follow-on to the recently completed Phase I
(http://fstc.org/projects/csf/) this initiative will seek to develop
interoperability specifications for automated security feature verification
engines. As a growing number of vendors offer security features targeted at
surviving the imaging process, institutions face a growing number of
proprietary verification engines that must be installed and configured to
validate these features during processing. The objective of this initiative
is to make is less expensive and easier to manage the implementation of
these security feature verification products.
This project originates from the Check Truncation SIG
(http://fstc.org/advisory/check-truncation.cfm) More information on this
project will be published in the next month or so.
______________
3. Treasury Services Integration: Data Exchange and Customer Connectivity
through Web Services (on hold)
http://fstc.org/projects/new.cfm#tsi
As a potential Phase II following the previous Web Services for Corporate
Cash Management effort, a core group of FSTC institutions and technology
companies have defined key business objectives and deliverables for a
discovery phase, and subsequent pilot-level project utilizing Web Services
in the Treasury Services / Cash Management area. The project, as it
currently stands, will seek to further develop the Phase I set of web
services and associated definitions to create new and open-standards-based
connectivity options between banks, and between banks and their customers.
The business goals are to enable standards-based "plug-and-play" integration
capabilities between institutions and customer platforms, whether ERP,
Treasury Work Station (TWS), or desktop.
A core group of financial institutions and technology companies has
committed to launching this initiative in the second half of 2004. This
project is considered on-hold until later this year.
______________
4. Transformation to Open Mission Critical Systems
The transformation of systems from higher cost or proprietary delivery to
open systems is one of the most hotly debated and discussed topics in
financial services IT. While there is great promise in the flexibility and
efficiencies gained, there is also risk and cost. An FSTC project will soon
form up to determine answers to such key questions as, "Are those
transformations viable?" and "What are the costs and processes by which a
successful transformation program will be run?" The vision of this
initiative is to bring together financial institutions to investigate the
needs, processes, best practices, technology issues, risk factors,
organizational issues and lessons-learned for transformation projects which
move core business processes from legacy IT assets to open systems. We will
provide additional details shortly. If you are interested in joining an
interest group around this topic, please contact us.
______________
5. Minimum Essential Finance (MEF)
In its early stages, FSTC and its members are in dialog with numerous
government and industry organizations to explore interest in an initiative
to identify the minimum essential elements of our financial system, and to
develop a plan and process to ensure that it remains operational in the
event of a disruption to normal operations. A workshop is currently being
planned for this fall for multiple public and private sector organizations
to develop this concept further. If you are interested in joining this
dialog, please contact Zach Tumin at zachary.tumin(a)fstc.org .
______________
##
----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://ls.fstc.org/subscriber>
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
1
0
*** September Project Update ***
After a busy summer season of meetings and project development, a number of
FSTC projects are poised to launch, as well as a strong pipeline in
development. Our Standing Committees (SCOMs), especially those in Business
Continuity, Security, and Check Imaging and Truncation, continue to broaden
their participation, and build upon a foundation of dialog and action that
leads to FSTC projects. In the past few weeks, we issued two new calls for
participation: e-Authentication Proof-of-Concept, and Business Continuity
Compliance and Status Reporting. See http://fstc.org/projects/new.cfm .
In addition, we have recently completed projects in Image Quality and
Usability Assurance Phase I, Technology Recovery Best Practices, and
Survivability of Check Security Features. Details on these recent projects
can be found at: http://fstc.org/projects/past.cfm .
FSTC provides an action-oriented, collaborative forum for our members to
address shared business opportunities and challenges through technology
projects and knowledge-sharing. We view our projects as our core activity,
and one of the key benefits of FSTC membership is eligibility to participate
in these projects. In our efforts to keep our members and friends
up-to-date on the latest developments in these active and developing
initiatives, we provide our colleagues this periodic project update As
always, please contact me or Zach Tumin, FSTC Executive Director, for more
information. Or visit our website at http://fstc.org.
Active Projects:
1. Counter-Phishing Phase I
Projects in Formation:
1. e-Authentication: Business and Technology Proof-of-Concept (call for
participation issued 9/8)
2. Business Continuity: Compliance and Status Reporting (call for
participation issued 9/8)
Projects in Development:
1. Image Quality and Usability Assurance Phase II
2. Survivability of Check Security Features Phase II
3. Treasury Services Integration: Data Exchange and Customer Connectivity
through Web Services
4. Transformation to Open Mission Critical Systems
5. Minimum Essential Finance (MEF)
______________
ACTIVE PROJECTS:
1. Counter-Phishing Phase I (launched July 2004, expected to complete in
December)
http://fstc.org/projects/counter-phishing-phase-1/
FSTC has launched a phased initiative to address the problem of phishing and
related threats in financial services, as it affects the relationship
between customer and firm. In collaboration with other industry groups,
FSTC will focus on defining the unique technical and operating requirements
of financial institutions (FIs) for counter-phishing measures; investigating
counter-phishing technical solutions, proving and piloting solution sets
enabled by technology to determine their fit against FI criteria and
requirements; and clarifying the infrastructure fit, requirements, and
impact of these technologies when deployed in concert with customer
education, enforcement, and other industry initiatives. The benefits to
participants are: industry-vetted due diligence and scaling of the current
problem and its future evolution; insight into peer institution strategies
and assessments; and definition of an industry response that may be best
undertaken with collaboration between key industry segments.
12 financial institutions and over 15 technology companies are participating
in the 5-month first phase. This project originates from the Security SCOM:
co-chaired by Mike McCormick of Wells Fargo, and Mike Versace of NEC.
Please contact FSTC Managing Executive Gene Neyer for more information
(gene.neyer(a)fstc.org) (http://fstc.org/advisory/security.cfm)
______________
PROJECTS IN FORMATION:
1. e-Authentication: Business and Technology Proof-of-Concept (call for
participation issued 9/8/04)
http://fstc.org/projects/new.cfm#eauth
This 5-month project will assess the viability of the potential business
opportunity that exists for financial institutions to leverage their online
customer relationships and provide an authentication service to government
agencies, and to integrate these services into financial institutions'
online applications. FSTC, jointly with the GSA's E-Authentication
Initiative Project Management Office (EAI PMO), propose to launch a
three-track project to ascertain the business model, legal framework, and
technical viability of using institutions' identity credentials to permit
consumers and businesses to access secure online government applications.
The GSA is funding the business track of the initiative. There is no cost to
financial institutions, and a $5,000 fee for associate and advisory members.
In addition, a resource commitment is required for all participants, as
outlined in the prospectus. Participation commitments are requested by Sept
24th, and the target kickoff is the week of October 4th.
______________
2. Business Continuity: Compliance and Status Reporting (call for
participation issued 9/8/04)
http://fstc.org/projects/new.cfm#compliance
The FSTC Business Continuity Standing Committee proposes an initiative to
assist the financial industry in coming to a common understanding on the
meaning of continuity regulation, prioritization of compliance related
activities, and creating efficiencies in documenting regulatory compliance
status. To establish a clear understanding of the regulatory environment, a
list of continuity related guidance will be pulled together along with the
name of the agency responsible. Each regulation will be reviewed and a
clearly worded summary of the continuity requirements will be developed.
Where possible the regulatory agencies will be contacted for clarification
on specific points. Common themes and requirements will be documented and
prioritized.
>From the continuity regulation summary, a questionnaire will be developed
which will allow a FI to provide or collect continuity compliance status.
The project will focus on providing straight forward interpretations of what
is needed for an FI to comply with current regulations.
This project is sponsored by the Business Continuity SCOM, co-chaired by Tom
Hirsch of US Bank, and Damian Walch of IBM. Please contact FSTC Managing
Executive Charles Wallen for more information (charles.wallen(a)fstc.org)
______________
PROJECTS IN DEVELOPMENT:
1. Image Quality and Usability Assurance: Phase II (proposal being
finalized)
http://fstc.org/projects/new.cfm#iqa2
In Phase I, more than 20 companies, representing 2/3 of US check volume,
most major vendors, and key industry associations, undertook a 90-day effort
to assess the impact of poor quality check images, and defined 16 technical
metrics and 4 usability levels that can be used to measure image quality and
usability in a standard and interoperable way. The findings of the Phase I
project team justified further development, to test these metrics in a
real-world scenario, on millions of images, to determine the quantitative
thresholds for the 16 metrics that will define a minimum baseline "standard"
for acceptable quality images for the industry.
The business objectives are to maximize efficiencies, cost savings, and
ensure strong adoption of image exchange. The project will undertake a
robust, "real-world" analysis and test to provide actionable specifications
and direction to the industry to allow financial institutions, technology
vendors, standards organizations, and other key partners to collectively
implement baseline image quality and usability through industry
collaboration under the FSTC umbrella.
This project originates from the Check Truncation SIG
(http://fstc.org/advisory/check-truncation.cfm) co-chaired by Katrina
Brown, Wells Fargo; Glen Ulrich, US Bank; and Ian Goodall, NCR. A call for
participation is expected during the month of September.
______________
2. Survivability of Check Security Features Phase II
As a follow-on to the recently completed Phase I
(http://fstc.org/projects/csf/) this initiative will seek to develop
interoperability specifications for automated security feature verification
engines. As a growing number of vendors offer security features targeted at
surviving the imaging process, institutions face a growing number of
proprietary verification engines that must be installed and configured to
validate these features during processing. The objective of this initiative
is to make is less expensive and easier to manage the implementation of
these security feature verification products.
This project originates from the Check Truncation SIG
(http://fstc.org/advisory/check-truncation.cfm) More information on this
project will be published in the next month or so.
______________
3. Treasury Services Integration: Data Exchange and Customer Connectivity
through Web Services (on hold)
http://fstc.org/projects/new.cfm#tsi
As a potential Phase II following the previous Web Services for Corporate
Cash Management effort, a core group of FSTC institutions and technology
companies have defined key business objectives and deliverables for a
discovery phase, and subsequent pilot-level project utilizing Web Services
in the Treasury Services / Cash Management area. The project, as it
currently stands, will seek to further develop the Phase I set of web
services and associated definitions to create new and open-standards-based
connectivity options between banks, and between banks and their customers.
The business goals are to enable standards-based "plug-and-play" integration
capabilities between institutions and customer platforms, whether ERP,
Treasury Work Station (TWS), or desktop.
A core group of financial institutions and technology companies has
committed to launching this initiative in the second half of 2004. This
project is considered on-hold until later this year.
______________
4. Transformation to Open Mission Critical Systems
The transformation of systems from higher cost or proprietary delivery to
open systems is one of the most hotly debated and discussed topics in
financial services IT. While there is great promise in the flexibility and
efficiencies gained, there is also risk and cost. An FSTC project will soon
form up to determine answers to such key questions as, "Are those
transformations viable?" and "What are the costs and processes by which a
successful transformation program will be run?" The vision of this
initiative is to bring together financial institutions to investigate the
needs, processes, best practices, technology issues, risk factors,
organizational issues and lessons-learned for transformation projects which
move core business processes from legacy IT assets to open systems. We will
provide additional details shortly. If you are interested in joining an
interest group around this topic, please contact us.
______________
5. Minimum Essential Finance (MEF)
In its early stages, FSTC and its members are in dialog with numerous
government and industry organizations to explore interest in an initiative
to identify the minimum essential elements of our financial system, and to
develop a plan and process to ensure that it remains operational in the
event of a disruption to normal operations. A workshop is currently being
planned for this fall for multiple public and private sector organizations
to develop this concept further. If you are interested in joining this
dialog, please contact Zach Tumin at zachary.tumin(a)fstc.org .
______________
##
----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://ls.fstc.org/subscriber>
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
1
0