Timely Topics for IT Professionals
About ACM TechNews
ACM TechNews is published every week on Monday, Wednesday, and Friday.
ACM TechNews is intended as an objective news digest for busy IT Professionals. Views expressed are not necessarily those of either HP or ACM.
To send comments, please write to email@example.com.
Volume 5, Issue 481: Friday, April 11, 2003
- "Standards Group Beats Back Patent Foes"
CNet (04/10/03); Festa, Paul
The Internet Engineering Task Force's (IETF) intellectual property rights working group has concluded there is no immediate need to recharter rules allowing patented technologies in IETF standards. Rules currently on IETF books allow for reasonable and nondiscriminatory (RAND) licenses to be included in IETF standards, unlike the World Wide Web Consortium (W3C), which started out excluding such technologies. Open-source advocates successfully prevented an effort to include RAND-licensed technologies in W3C standards last year. IETF intellectual property rights working group chairman Steve Bellovin says the group did not find the consensus needed to change the rules, but expected to set up a framework for future discussion. He notes that a constant balance is needed between licensed, proprietary technology and open-source technology so that both can be included in standards according to technical merits. Bruce Perens, an open-source guru that led the W3C fight against RAND licenses, writes the IETF working group decision is misguided, because including proprietary technology in licenses does not mean a vendor has to give up other revenue opportunities. "The royalty-free terms at W3C are for implementation of the standard only, not for any other purpose--even in the same program," he argues. "That gives the patent holders lots of room to make money."
- "Senate Introduces Bill to Can Spam"
MSNBC (04/10/03); Weaver, Jane
Sens. Conrad Burns (R-Mont.) and Ron Wyden (D-Ore.) introduced a bill on Thursday that aims to reduce the amount of spam clogging Internet users' in-boxes by requiring online marketers to include valid return addresses in the messages, giving consumers the power to block unwanted solicitations. "This bill will help to keep legitimate Internet traffic and e-commerce flowing by going after those unscrupulous individuals who use email in annoying and misleading ways," Wyden declared. Industry researchers estimate that spam accounts for over 40 percent of emails sent each day, and businesses and individuals are losing more than $10 billion annually as a result. The Can-Spam bill supported by Burns and Wyden, if passed, would allow ISPs to remove spammers who violate the law from their networks, and authorize the FCC to fine such violators. AOL, eBay, Yahoo!, and other Internet companies are backing the bill, as is the Direct Marketing Association, which concluded that legitimate online marketers are being negatively impacted by the spread of spam. Yahoo! stated that it is behind the Can-Spam bill "because it provides for effective deterrents, penalties and marketing rules that would give consumers and email service providers additional protection from unsolicited commercial email." Under the bill, marketers that are asked to remove consumers' names from mass email lists would not be allowed to send them anymore unsolicited email.
- "Patriot Act Extension Considered"
Medill News Service (04/10/03); Wenzel, Elsa
Sen. Orrin Hatch (R-Utah) reportedly wants to permanently extend the Patriot Act beyond its 2005 sunset provision, a development that is opposed by civil liberty proponents and others. Privacy Rights Clearinghouse director Beth Givens says a permanent extension would negatively impact civil liberties. "There must be a sunset so that the impacts of the provisions are evaluated in terms of our constitutional rights," she insists. ACLU legislative counsel Timothy Edgar states in a press release that the sunset provision should stand so that "cooler heads" can reevaluate and revise the statute so that it supports the safety and freedom of Americans. Both privacy groups and certain legislators have been criticizing the Patriot Act itself, which expands law enforcement surveillance coverage of email, telephones, and Web site visits. Mark Corallo of the Justice Department counters that the Patriot Act has embedded safeguards that actually strengthen civil liberties. He disputes the assumption that the law allows the interception and disclosure of emails by law enforcement, claiming that the methods authorities use to track suspected terrorists' email do not reveal the messages' content, only that the messages were sent. Corallo advises that people should not believe "the inference...that there's this big eye in the sky looking at you and me and everyone else." Primary Activism executive director Deborah Pierce is concerned that Justice Department officials could disregard email headers as content, even though they may contain personal information.
- "Databases Ripe for Attacks"
eWeek (04/07/03); Vaas, Lisa
Reported online security incidents and confirmed attacks climbed 37 percent from the fourth quarter of 2002 to the first quarter of 2003, according to a report from Internet Security Systems (ISS). ISS' Pete Allor says the Slammer worm outbreak in late January played a substantial role in the report increase: Over the past three months, his group logged 160 million security events, over 2 million of which occurred in the two-day period when Slammer contagion was at its peak. Such figures indicate that hackers appear to be more focused on databases, while database administrators (DBAs) are not devoting enough attention to the installation of patches. A patch for the Microsoft SQL vulnerability that Slammer exploited was released half a year before the attack was launched, but many DBAs held off on deploying it because they wanted to test it in a production environment first. "They're very conservative in what they do to upgrade," Allor observes. He notes that companies who need to test patches thoroughly before implementation should at least boost their database defenses, and one measure involves installing a network segment that supports the ongoing testing of patches. "What you're looking to do is put the risk where you can tolerate it," Allor explains. "Each organization has to go through its own risk assessment on that: how valuable is the information, how vulnerable is a machine on this network setup, what kind of intrusion detection is in front of it, what kind of firewall protections you have in front of it."
- "After Three Years of Wi-Fi, Hurdles Still Remain"
IDG News Service (04/10/03); Krazit, Tom
Many of Wi-Fi technology's promised advantages have yet to be realized, and the nonprofit Wi-Fi Alliance acknowledges that security shortcomings, differing standards, product incompatibilities, and a lack of Wi-Fi "hot spots" need to be addressed if the technology is to be widely adopted by both mainstream companies and consumers. Dennis Eaton of the Wi-Fi Alliance says his organization plans to boost Wi-Fi security this year by certifying products for a new standard, as well as raise public awareness of hot spots through the "Wi-Fi Zone" program. Any service provider who uses Wi-Fi Alliance-certified gear will be allowed to display a Wi-Fi Zone logo at their hot spots. Eaton names April 29 as the day when the alliance will announce products certified for Wi-Fi Protected Access (WPA), which will act as a stopgap measure for Wi-Fi users until the IEEE's new 802.11i software standard is approved. Eaton says WPA is an improvement over the current Wi-Fi security technology, Wired Equivalent Privacy (WEP), and that it "thwarts all known attacks published in the public domain today and will work with products on the market today." The Wi-Fi Alliance reports that users of current Wi-Fi products will be able to transition to WPA by updating their software. The inauguration of commercial Wi-Fi hot spots is being hampered by problems with integrating scores of hot spot providers around the globe and the setup of a standardized billing and payment system for both providers and users; Eaton thinks that such problems can be addressed by using cell phone carriers as a model. Pyramid Research analyst John Yunker argues that small-venue hot spot owners who currently make only about 20 percent of Wi-Fi-generated revenue will need a bigger slice if they are to roll out more hot spots.
Click Here to View Full Article
- "Focus on Software Piracy Problem"
Wired News (04/09/03); Dean, Katie
Hollywood's battle against digital piracy may have grabbed most of the attention, but that does not make software piracy any less significant, asserts Business Software Alliance (BSA) VP of enforcement Bob Kruger. He is concerned that college students who regularly download music and other kinds of digital content without authorization will not hesitate to pirate software once they become professional employees with Web access. The BSA commissioned a recent International Data (IDC) study concluding that a 40 percent decline in software piracy would generate 1.5 million jobs and $64 billion in taxes, while injecting an additional $400 billion into the economy. Reed Cundiff of the Yankee Group notes that the Pacific Rim and China are the regions most rife with software piracy; they also offer the biggest opportunities for software growth. Cundiff theorizes that piracy could even help build the software infrastructure that would bridge the gap between international retailers and Asian suppliers. Free Software Foundation executive director Bradley Kuhn argues that BSA is exaggerating the dangers of software piracy, noting that it causes no physical damage to anyone. He adds that more attention should be devoted to the impracticality of the proprietary software model in the Internet era, and his organization promotes the idea of discarding proprietary software in favor of licensed open-source software. Kuhn believes the function of copyright in the digital age should be a topic for wider discussion, so that the needs of both copyright authors and the general good are balanced.
- "Designing New Handhelds to Improve Human-Computer Interaction"
SiliconValley.com (04/09/03); Gillmor, Dan
Professionals in the field of human-computer interaction gathered in Ft. Lauderdale, Fla., this week to discuss the latest research projects involving handheld devices. The annual ACM conference on human-computer interaction, CHI 2003, gave the world a glimpse of futuristic handhelds. University of California-Berkeley researcher Ka-Ping Yee used the conference to unveil his "peephole display," which virtually enlarged the display of a Palm device. The display acts as a small window hovering over a larger display, allowing the handheld user to view a portion of an image. Users move the handheld up-and-down or side-to-side to see other areas of an image. Researchers at the University of Maryland and Microsoft have created "DateLens," a smart calendar that offers handheld users complex scheduling features, such as zooming in so they can highlight competing events on their schedule. However, there are some questions whether there is a consumer demand for such scheduling features. A research team at Carnegie Mellon University and Maya Design are experimenting with devices based on the PocketPC and mobile phones that would add remote control capabilities for lights and other household appliances to handhelds. Meanwhile, shorthand for handhelds, the work of researchers at IBM and in Sweden, appeared to be one of the more challenging research projects because it would require handheld users to learn a new way of writing.
- "India Builds Tflops Computing Cluster"
EE Times (04/07/03); Krishnadas, K.C.
India has entered the international supercomputing arena with last week's announcement of the Param Padma, a 1-teraflop computing cluster developed by the Center for the Development of Advanced Computing (C-DAC). The cluster incorporates up to 248 1 GHz Power4 processors and an AIX operating system from IBM, and features 54 four-way symmetric multiprocessors (SMPs) and one 32-way SMP. The machine has a 500 GB aggregate memory, 4.5 TB of internal storage capacity, and a peak computing power of 1,005 gigaflops. IBM's p630 and p690 systems serve as the cluster's compute nodes. The nine-ton device, which is spread out over 1,800 square feet, will be used primarily for seismic data processing, computational chemistry, fluid dynamics, and atmospheric science projects, according to C-DAC, which developed all of the system's software. "Constraints and restrictions imposed from time to time by advanced countries have made it all the more important for India to take multipronged initiatives to build expertise and systems in high-performance computing, an area of strategic importance," C-DAC declared. Indian minister for communications and information technology Arun Shourie noted that the country's supercomputing initiative was spurred by the U.S. prohibition of supercomputer exports to India as a result of nuclear tests carried out by India and Pakistan in 1998. An industry Web site reported that the Param Padma's peak performance lags behind all but 14 of the top 100 systems ranked by November 2002.
- "A Self-Powered DNA Computer Redefines Small"
New York Times (04/10/03) P. F7; Austen, Ian
DNA computers combine the advantages of minuscule size and potentially massive storage capacity, and now researchers at Israel's Weizmann Institute of Science have tweaked that model with a device that uses data as a power source. An earlier DNA computer developed at Weizmann featured separate DNA chains with open-ended molecules that acted as input data and software, with the software DNA's open strands studded with all possible symbol and state combinations. The input DNA's open string would bond with a complementary open end of the software string with the aid of a hardware enzyme, while spacers in the resulting DNA chain would attract a second enzyme that would make another ragged cut, thus restarting the matching process. This process would continue until a specific output detector DNA molecule fit into the open-ended strand, with the final molecule representing the answer to the researchers' question. The new Weizmann DNA computer does not need to seal the input and software DNA, with power provided by a small amount of heat yielded by the input DNA after it is cut by the enzyme. "It provides both information and fuel," explains lead project researcher Dr. Ehud Shapiro, who doubts that a DNA computer will ever supplant or compete with electronics. He believes the most practical application is a pharmacological "doctor in a cell" that can be injected into cells to synthesize drug molecules based on stored medical knowledge. However, even fellow DNA computer researchers are skeptical that any practical instrument can be furnished by such a device.
(Access to this site is free; however, first-time visitors must register.)
- "Supply Chain Reaction"
CNet (04/09/03); LaMonica, Martin
Pervasive computing was first promoted as a technology that would create hyper-networks of interconnected devices, but a lack of practical applications indicated that the idea was ahead of its time. However, some companies now plan to give the concept a new lease on life by promoting industrial applications, particularly those that support the remote and instantaneous collection and interpretation of data. A small group of software and service providers are developing tools that gather data from networked devices and route it to existing enterprise systems, thus enabling businesses to closely monitor the flow of their supply chains or how well products work with customers. SupplyNet Communications sells wireless sensors to chemical manufacturers, who install them at clients' sites so they can collect real-time data to facilitate the optimization of inventory and product distribution; Beckman Coulter monitors hospital-based products via the Internet using Axeda Systems software in order to detect and address problems earlier. Experts expect the supply chain to be revolutionized by radio frequency identification (RFID) tags--tiny data storage devices that attach to virtually any product and relay critical supply information about that product to readers. Staples CIO Paul Gaffney predicts that RFID technology will help eliminate surplus inventory, while MIT's Auto-ID Center is striving to have a standard information-exchange system for RFID tags finalized by October 2003. The proliferation of networked devices will in turn fuel demand for new products and services, such as data-mining software needed to sift through the massive volumes of data collected by such devices. AMR Research predicts RFID system sales revenues will exceed $5 billion by 2005, and Harbor Research anticipates a market for related products and services surpassing $1.5 trillion by 2007.
- "The Lowdown Download Blues"
Los Angeles Times Magazine (04/06/03) P. 16; Menn, Joseph
The fall of online song-swapping service Napster, which helped fuel the current battles copyright holders are waging against technology companies and consumers, was predicated on a lack of common sense and a cohesive business plan. Shawn Fanning's ground-breaking file-swapping system created anarchy in the $40 billion music world as technology moved faster than the law, writes Joseph Menn in this excerpt from his forthcoming book, "All the Rave: The Rise and Fall of Shawn Fanning's Napster." Napster CEO Eileen Richardson did not have the foresight to do research or consult with a lawyer when the subject of copyright law was first broached; she assumed Napster's customers would merely sample the music that was offered and then buy the content they wanted, while other Napster executives believed they would be in a better bargaining position with the recording industry if they enlarged the company. The Recording Industry Association of America (RIAA) filed suit against Napster for copyright infringement in December 1999, on the grounds that "virtually all file traffic is unauthorized." In February 2000 the RIAA discovered that Napster was a greater threat than originally thought when its technology was shown to be capable of efficiently and effectively retrieving songs that weren't even available on CD yet. Hummer Winblad's decision to invest $13 million in Napster in May 2000 was a morale booster, but the deal fell apart when executives and potential investors failed to agree on a business model that satisfied everyone; an especially sore point was whether to charge Napster users. Bertelsmann came aboard as an investor, but CEO Thomas Middelhoff refused to make a direct stock investment, instead offering to make Napster a loan while it devised a new, legally sanctioned system. But the weight of industry lawsuits finally forced Napster to fold, and Silicon Valley software firm Roxio purchased Napster's system and Web site after a judge prohibited Bertelsmann from acquiring the file-swapping service's technology.
Click Here to View Full Article
(Access to this site is free; however, first-time visitors must register.)
- "Benefits of Future Displays Debated"
IDG News Service (04/09/03); Williams, Martyn
Proponents and backers of organic light-emitting diodes (OLEDs) have claimed that the technology will lead to display screens that are thinner, lighter, and more power-efficient than liquid crystal displays (LCDs), but the current crop of commercial and prototypical OLEDs have yet to fulfill the power-reduction promise. OLED screen prototypes showcased at this week's Electronic Display Expo in Tokyo demonstrate power consumption levels close to--and in a few cases surpassing--those of LCDs. A 2.1-inch panel from Seiko Epson devours about 150 mW when displaying a dynamic image, while a similarly-scaled thin film transistor LCD eats up about the same amount of power; Toshiba Matsushita Display Technology's Jun Hanari admitted that prototype 2.2-inch and 3.5-inch panels can consume up to twice as much power as current LCDs in certain instances. Although power consumption is an important issue, many OLED prototypes displayed other advantages over LCDs, including more vivid colors, greater brightness levels, and better processing of moving images. DisplaySearch analyst David Hsieh says controlling the stability of OLEDs will be key to the technology's commercialization--whereas most prototypes have a lifespan of 6,000 to 8,000 hours, many small-screen commercial applications will require displays that can last more than 10,000 hours. Displays that can be used for television screens or computer monitors will have to achieve lifetimes of 15,000 hours or more, Hsieh estimates. DisplaySearch lists five markets emerging as overall OLED market leaders in the next few years: Mobile phones, mobile phone sub-displays, camcorders, digital cameras, and personal digital assistants.
- "War on Electronic Privacy"
San Francisco Chronicle (04/10/03); Newitz, Annalee
Nearly 300 people from around the world--lawyers, activists, technology enthusiasts, and others--gathered in New York City to attend ACM's 13th annual Computers, Freedom, and Privacy (CFP) Conference, whose underlying theme was the protection of individual freedoms in today's turbulent times. In his keynote speech, computer security expert Bruce Schneier said the chief focus should be determining whether the benefits of proposed security measures outweigh the loss of personal privacy they entail, and suggested that people cautiously identify the "threat model" the proposals are supposed to shield them from. Canadian Privacy Commissioner George Radwanski, who had the distinction of being billed as North America's sole privacy commissioner, called the erosion of privacy a cornerstone of totalitarianism, and doubted that citizens' safety can truly be preserved through biometrics, national ID cards, and electronic terrorist profiles. He was especially concerned that the United States was pressuring other countries to roll back privacy rights if they wish to sustain their access to U.S. markets. Consumers Against Supermarket Privacy Invasion and Numbering founder Katherine Albrecht delivered a speech promoting her fears that radio-frequency identity (RFID) chips used to track merchandise could allow people to be identified by remote scanning, but MIT computer-science graduate student Simson Garfinkel argued that such chips can support privacy if they are properly regulated. A more lighthearted event at CFP was the Big Brother Awards, where winners such as the Total Information Awareness program and Delta Airlines were "honored" for being the most invasive projects, organizations, and people of the year.
Click Here to View Full Article
- "Tech Giants Put Chips on Security Alliance"
CNet (04/08/03); Lemos, Robert; Kanellos, Michael
Members of the Trusted Computer Platform Alliance (TCPA) declared on April 8 that they have retooled their organization and renamed it the Trusted Computing Group, which will license and commercialize security hardware and software to be embedded into all computing platforms. This represents the beginning of a widescale campaign to enhance a bevy of consumer and corporate devices with hardware-based security. The Trusted Computing Group will retain standards developed by the TCPA, but add reasonable and nondiscriminatory (RAND) licensing terms, a marketing budget, and a logo program. The group will also widen the scope of devices and applications that the technology will cover. "As we go into the broader device categories, one of the key messages of the organization is that we have this common building block that can be used in different devices," explains IBM employee and Trusted Computing Group director Jim Ward. Via Technologies' Padlock, Transmeta's next-generation Crusoe chip, Phoenix Technologies' Core Managed Environment, and Intel's LaGrande are just some of the forthcoming security technologies that the Trusted Computing Group will promote. International Data's Roger Kay observes that the governance of the Trusted Computing Group is a major step forward. Whereas TCPA decisions could have been killed by a single veto, the new alliance has a board whose decisions are based on a two-thirds majority vote, which should accelerate decision-making. The Trusted Computing Group is drawing controversy because of issues related to privacy and Hollywood studios' push to add digital rights management technology to all electronics.
- "Painted LEDs Make Screen"
Technology Research News (04/16/03); Patch, Kimberly
A Munich University research team led by Klaus Meerholz has devised a process to fabricate full-color flat-screen displays by covering a surface with light-emitting polymers and exposing them to 125-micron spots of ultraviolet light, thus generating sharply defined pixels. The technique could be used to manufacture color screens of quality comparable to current state-of-the-art flat screens, only more robust and power-efficient. Meerholz theorizes that even smaller pixels could be produced by the method, thus yielding screens with resolution superior to today's models. The process is also less complicated and potentially less costly than today's flat-screen fabrication methods. Yang Yang of the University of California at Los Angeles says the German researchers' method has long been a topic of discussion, but practical applications were always stymied by poor performance in comparison to conventional devices. He adds that Meerholz's breakthrough may clear the way for the assembly of transistors, sensors, wires, and other electronic devices via polymer patterning. California Polytechnic State University's David Braun says the method could be applied to not just full-color flat-panel displays, but also flexible displays and color image sensors. The polymer molecules used in the technique boast photoresist properties, which is why the researchers were able to pattern the pixels so precisely. Meerholz believes practical displays yielded from the process could emerge in two years.
Click Here to View Full Article
- "The Ins and Outs of IT"
Computerworld (04/07/03) Vol. 37, No. 14, P. 33; Anthes, Gary H.
Enterprise technology is shifting like the sands of the desert, says Cap Gemini Ernst & Young chief technologist John Parkinson. He says one of the most distinctive and important shifts will be toward a pervasive utility architecture, where approximately 100 firms will run their own systems and all others will purchase computing resources from them. Systems and data security is needed for this scenario, since many companies will be using just one copy of the software, buying only the capabilities they need. On the user level, role-based security will allow workers to handle more tasks efficiently while ensuring system integrity. Storage technology will progress dramatically in the next five years so that, in conjunction with peer-to-peer technology, data warehouses will become obsolete. Parkinson says LOCKSS (lots of copies keep stuff safe) strategy will ensure data is always available and backed up, while embedded analytics will be needed to support on-demand business applications. In terms of operating systems, Parkinson sees a divergence with operating systems shrinking to become simple DNA instructions guiding software agents, while other systems will grow in importance and act as service-provisioning platforms. Parkinson says existing collaboration technology is not much of an improvement on the telephone. Meanwhile, enterprise resource planning (ERP) will extend beyond the enterprise to supply chain partners in order to yield greater efficiencies for all parties.
Click Here to View Full Article
- "Continuing the Fight Against Worms"
SC Magazine (03/03) Vol. 14, No. 3, P. 22; Staniford, Stuart
The sophistication and speed of computer worms, as demonstrated by recent outbreaks such as Slammer/Sapphire, is growing, as is their potential for inflicting damage. Detailed analysis of worm behavior, both expected and established, is key to understanding worm attacks in order to develop preventative measures. Researchers at Silicon Defense, the International Computer Science Institute, and the San Diego and Berkeley campuses of the University of California note that the deceptively simple Slammer, which replicated itself twofold every 8.5 seconds when it first struck, proved that superfast worms were no longer theoretical. A study conducted by Silicon Defense President Stuart Staniford and two colleagues illustrates a diversity of rapid worm propagation methods. In one technique, hit-list scanning, the worm follows a list of potentially vulnerable systems compiled by its author prior to launch. It scans down the list after hitting the first machine, halving it and relaying one half to the recipient worm. Flash worms use a variation of this method, with the potential to contaminate susceptible Web servers within tens of seconds. So that worms do not have to attack already infected addresses, some employ permutation scanning, while topographically aware worms scan the victim computer's data or information servers to find new targets.
- "The PC Factor"
InformationWeek (04/07/03) No. 934; Greenemeier, Larry; Travis, Paul
Computer chip and PC manufacturers are investing astronomical sums in the redesign of their products' form factor and functionality. But a cool-looking device is no guarantee of marketability, especially in a climate characterized by frugal IT spending and customer skepticism. "There's got to be a real value-add and hard-dollar savings before we bring any technology into the company," explains DaimlerChrysler CTO Vince Morrotti. Intel has been a stalwart advocate of wireless computing, and has been hyping it to the tune of $300 million: President Paul Otellini believes that wireless will become a standard embedded feature of all notebooks, and his company expects to usher in the technology with the release of the wireless-enabled Centrino platform. Intel declares that wireless notebook computers have allowed its staff to save an average of 1.5 hours a day, while Dell, Gateway, IBM, and Hewlett-Packard are offering Centrino-equipped notebooks that extend battery life and improve wireless connectivity and processor performance. Meanwhile, Microsoft plans to contribute to the transition to wireless notebooks through its Windows XP desktop as well as its Tablet PC software and the introduction of a new version of its Office productivity suite. However, Drinker Biddle & Reath CIO Gerard Haubrich says security concerns are making companies cautious about embracing wireless networking. Menasha CIO Edward Wojciechowski estimates that the PC replacement cycle averages about three years, and doubts that this timeframe will shrink even with an economic turnaround.
- "Rogue IT"
CIO Insight (03/03) No. 24, P. 34; Glasser, Perry
Corporate executives are taking a dim view of "ghost IT" projects--technology ventures carried out independently by business units without the CIO knowing about it and often without company approval--in order to avoid the burden of cleaning up after them. "Given the sheer cost of technology, you just can't afford to have everybody doing their own thing anymore," observes Unisys CIO John Carrow. Factors driving rogue IT projects include IT shops funded by self-governing business units, urgent business needs in those units, cost-cutting due to economic recession, poorly defined business goals, and unresponsive central IT administration. The end result is a waste of money and time, systems that lack scalability, security holes, data that cannot be integrated because of technological incompatibility, and redundant effort. Ghost IT also runs the risk of creating a credibility gap between the CIO and the rest of the company. Many enterprises now view ghost IT as a sign of bad technology management and a lack of communication between IT and business units, and some executives are eager to blame the CIO. Ghost IT can be minimized by instituting new administration policies and tactics, and the centralization of IT spending and security policies is an excellent starting point. Key to such an initiative is strategic CIO leadership, while Gartner's Ellen Kitzis says accountability should be evenly distributed among enterprise-level executives. By studying a company's rogue IT subculture, CIOs can learn where the IT organization is failing and take remedial steps, notes Susan Weiner of Giga Information Group.