ACM Voter Registration Database Study Calls for More Details in EAC Guidance

Previously, we reported that ACM created a committee to study issues related to statewide voter registration databases and that the Election Assistance Commission (EAC) recently released its draft guidance on this topic, seeking additional comments. ACM’s committee took the opportunity to provide expert comments to the EAC.

The Help America Vote Act requires that all states have statewide voter registration databases in place by January 1, 2006. Seeking to give the states guidance on this law, the EAC released draft guidelines on how to implement statewide registration databases. ACM’s committee felt that the guidance was a good start, but that it covers only a few issues and lacks much of the technical detail that states really need:

“States will face many technical challenges in implementing these databases in a secure, accurate, and reliable manner, while protecting sensitive information and minimizing the risk of identity theft. The databases must also be easy to use and able to withstand the kinds of extreme demands to which they are likely to be subjected on Election Day. While the current guidance recognizes some of these challenges, it addresses the technical issues only at the highest level of detail. We urge the Commission to provide more technical detail on a broader set of issues as it further develops this guidance.”

Continue reading “ACM Voter Registration Database Study Calls for More Details in EAC Guidance”

ACM Washington Update, Vol. 9.5 (May 31, 2005)

CONTENTS

[1] Newsletter Highlights
[2] Congress, Media, and Research Societies Bring National Attention to IT R&D Funding, USACM Weighs in
[3] ACM Voter Registration Database Study Calls for More Details in EAC Guidance
[4] USACM Provides Testimony to House Science Committee Hearing
[5] Congress Begins Work to Fund Research Agencies
[6] Congressmen Announce “Innovation Summit”
[7] Real ID Act Becomes Law
[8] House Passes Two Spyware Bills
[9] Cybersecurity Issues Move Forward in the House
[10] Administration Announces Leadership Changes in IT R&D Agencies
[11] Events to Watch In June
[12] About USACM
Continue reading “ACM Washington Update, Vol. 9.5 (May 31, 2005)”

Spyware bills pass House

With most eyes focused (understandably) on the Senate’s judicial filibuster fight, the House of Representatives yesterday passed two pieces of spyware legislation:

H.R. 29 — Rep. Mary Bono’s (R-CA) Securely Protect Yourself Against Cyber Trespass Act (SPY Act), which would, among other things, prohibit deceptive acts or practices intended to take unsolicited control of the computer; modify its settings; collect personally identifiable information; induce the unsolicited installation of computer software; and remove or disable a security, anti-spyware, or anti-virus technology. The bill tasks the FTC with enforcement of these provisions.

H.R. 744 — Rep. Robert Goodlatte’s (R-VA) Internet Spyware Prevention Act (I-SPY Act), which would criminalize the installation of software to commit fraud, damage a computer, or alter security settings. The bill would provide courts the power to impose fines and jail time on lawbreakers. It would also authorize $10 million a year for the Department of Justice to go after those lawbreakers (however, as Cameron noted recently in a different context, authorizing and appropriating are two very different things).

Continue reading “Spyware bills pass House”

Senate Judges Controversy Hits Boiling Point

Update 5/24/05: The Senate cut a deal last night paving the way for several judge confirmations, so looks like a ceasefire is in effect. The Washington Post has a good report on it.

Original Post 5/17/05: Today’s Washington Post reports that Republican and Democrat leaders have ended efforts to find a compromise over the confirmation of judges. (For background, the President has sent several judges to the Senate for confirmation; the Republicans seek an up or down majority vote on each one, while the Democrats are filibustering their nominations, meaning it takes 60 votes before a judge would face a simple majority vote.) This has been a leading issue in D.C. for well over a year now, but this week it is clear that something will happen. Senator Frist (R-TN) has said he will likely bring a confirmation up for debate, call for a special ruling to bypass the filibuster, and then force a simple majority vote on the ruling. (There is more nuance, but this is basic gist.) This scenario has been described in the media as the so-called “nuclear option.”
Continue reading “Senate Judges Controversy Hits Boiling Point”

Little clearing in privacy/personal information issues

Federal Trade Commissioner (FTC) Orson Swindle had some strong words recently for business leaders attending a meeting on cybercrime convened by the Business Software Alliance and the Center for Strategic and International Studies (as reported in National Journal’s Tech Daily [subscription req’d]):

“Industry has been irresponsible, and someone’s got to pay,” [he said …]

Swindle said Congress’ current obsession with attacking the explosion in identity theft was misplaced.

“It’s not identity theft — it’s theft of information,” he said.

However, as pointed out in a NY Times article today, many of the activities from which current privacy concerns arise aren’t theft at all:
Continue reading “Little clearing in privacy/personal information issues”

Murky Waters Begin to Clear: House Moves Cybersecurity Issues Forward

In a previous post (recommended reading for background to this post), we outlined House Homeland Security Chairman Cox’s (R-CA) efforts to add cybersecurity provisions to the Department of Homeland Security Authorization Act. The leading idea was to give cybersecurity more political clout within the department by moving it higher up on the bureaucratic food chain. Another idea was to add research provisions to the act. What was unclear was how this effort would proceed given four different committee’s claiming responsibility over cybersecurity — normally a recipe for gridlock. In what appears to be a win for the fledging Homeland Security Committee, The House of Representatives is poised to pass the Department of Homeland Security Authorization with a new “Cybersecurity Czar” and research and development provisions.

This is apparently homeland security week in the House of Representatives as it considers both the Homeland Security Appropriations Act and the Department of Homeland Security Authorization Act. This post covers only the cybersecurity provisions in the authorization bill. Peter at CRA has a great (and distressing) analysis of what happened in the appropriations bill. (For those of you new to authorizing versus appropriation, it is a complex topic, but the really rough summary is an authorization bill authorizes activities, while the appropriation bill actually funds them.)
Continue reading “Murky Waters Begin to Clear: House Moves Cybersecurity Issues Forward”

ID Theft and Phishing Converge to Pose New Threat

News.com has a rather troubling article today about how ID theft and phishing are converging to create a new very active threat to electronic commerce. Here is the key excerpt:

According to Cyota, the phishing e-mails arrive at bank customers’ in-boxes featuring accurate account information, including the customer’s name, e-mail address and full account number. The messages are crafted to appear as if they have been sent by the banks in order to verify other account information, such as an ATM personal-identification number or a credit card CVD code, a series of digits printed on the back of most cards as an extra form of identification.

While we normally post policy-related stories and this one isn’t policy per se, it struck us as particularly troubling for couple of reasons. First, both identity theft and phishing seem to be growing threats to consumers. While Congress has held numerous hearings on the deluge of identity theft incidents since the start of the year (here is one we covered on ChoicePoint), it has yet to move any of various pieces of legislation to regulate data brokers or increase privacy protection. Further, little attention has been paid to phishing. We doubt that Congress is looking into how the issues may be converging. In fairness, Congress does move rather slowly, particularly on issues that overlap so many different committees such as this one.

Second, Congress just passed, and the President signed, the Real ID Act as part of the emergency supplemental appropriations bill. In USACM’s view, this act will significantly increase the risk of identity theft by linking each state’s drivers license databases to one another without any security mandates or clearly identifying who has access to what data.

Since Congress is generally a strong supporter of fostering electronic commerce, it would seem it should balk at things that can directly undermine this goal. This article would also seem to strengthen security expert Bruce Schneier’s arguments that new threats can undermine two-factor security strategies.

Computing research community: Boost federal funding levels for fundamental IT R&D

The House Science Committee held a hearing yesterday on computer science research. USACM and CRA, along with a number of other organizations concerned about the future of computing research, issued joint testimony for the hearing:

[F]ederal investment helps fuel the innovation that insures the U.S. remains the world leader in business, that we have the strongest possible defense, and that we continue to find ways to live longer, healthier lives. To keep the fires of innovation lit, we should continue to boost funding levels for fundamental IT R&D.

The full testimony is available (PDF, 1.6 MB) here.

CRA tracks computing research and funding issues very closely, and their Computing Research Policy Weblog has the most detailed coverage of the hearing.

Following the hearing, ACM President David Patterson made comments in an ACM press release:

He concluded that the US still has the world’s strongest capability in fundamental research in IT, and the most experience in how to leverage that capability toward economic growth. “But we run a grave risk in cutting funding for fundamental IT research,” said Patterson. “Our concern is that the total level of national investment in fundamental IT research needs to be restored to meet the needs of our economy in an increasingly competitive world.”

The full release is available below (click here for a PDF of the release).
Continue reading “Computing research community: Boost federal funding levels for fundamental IT R&D”

Computing research community: Boost federal funding levels for fundamental IT R&D

The House Science Committee held a hearing yesterday on computer science research. USACM and CRA, along with a number of other organizations concerned about the future of computing research, issued joint testimony for the hearing:

[F]ederal investment helps fuel the innovation that insures the U.S. remains the world leader in business, that we have the strongest possible defense, and that we continue to find ways to live longer, healthier lives. To keep the fires of innovation lit, we should continue to boost funding levels for fundamental IT R&D.

The full testimony is available (PDF, 1.6 MB) here.

CRA tracks computing research and funding issues very closely, and their Computing Research Policy Weblog has the most detailed coverage of the hearing.

Following the hearing, ACM President David Patterson made comments in an ACM press release:

He concluded that the US still has the world’s strongest capability in fundamental research in IT, and the most experience in how to leverage that capability toward economic growth. “But we run a grave risk in cutting funding for fundamental IT research,” said Patterson. “Our concern is that the total level of national investment in fundamental IT research needs to be restored to meet the needs of our economy in an increasingly competitive world.”

The full release is available below (click here for a PDF of the release).
Continue reading “Computing research community: Boost federal funding levels for fundamental IT R&D”

Congressmen announce “Innovation Summit”

At a Capitol Hill press conference yesterday, a group of House members announced plans to hold a national “Innovation Summit” later this year. The event was led by Rep. Frank Wolf (R-VA), along with his Congressional colleagues Rep. Vern Ehlers (R-MI), Rep. Sherwood Boehlert (R-NY), and Rep. Don Manzullo (R-IL). They were joined by former Michigan Governor John Engler from the National Association of Manufacturing; Deborah Wince-Smith from the Council on Competitiveness; John Castellani from the Business Roundtable; John Palafoutas from the American Electronics Association; and Dr. Alan Merten, President of George Mason University.

The group voiced concerns that the United States is losing its leadership in science and innovation. Rep. Wolf noted that the group’s “hope is that the conference will bring together the nation’s best and brightest to help develop a blueprint for the future of American science and innovation.”

Rep. Wolf’s press release regarding the summit is available here.

The event took place only minutes before the scheduled start of yesterday’s House Science Committee hearing on computer science research, to which we directed your attention the other day. Peter Harsha, CRA’s director of government affairs, has promised an update on how the hearing went and its likely fallout.

We will bring you more information about the Innovation Summit as it becomes available.