House Fully Funds President’s Science Initiative

Earlier this week the House of Representatives passed legislation to fully fund the President’s American Competitiveness Initiative. CRA’s blog has all the details.

With passage of the bill the House is on record supporting an 8 percent increase for the National Science Foundation, and a 14 percent increase to the National Institute of Standards and Technology’s core research programs. Also earlier this year the House passed legislation to increase funding for the Department of Energy’s Office of Science. The increased funding for these agencies fufills the research part of the President’s initiative.

House Fully Funds President's Science Initiative

Earlier this week the House of Representatives passed legislation to fully fund the President’s American Competitiveness Initiative. CRA’s blog has all the details.

With passage of the bill the House is on record supporting an 8 percent increase for the National Science Foundation, and a 14 percent increase to the National Institute of Standards and Technology’s core research programs. Also earlier this year the House passed legislation to increase funding for the Department of Energy’s Office of Science. The increased funding for these agencies fufills the research part of the President’s initiative.

House Hearing on Audio and Video Flags

Yesterday the Telecommunications and the Internet subcommittee of the House Energy and Commerce Committee held a hearing – “The Audio and Video Flags: Can Content Protection and Technological Innovation Coexist?” There were two panels of witnesses:

Panel One
Mr. Mitch Bainwol, Chairman and Chief Executive Officer, Recording Industry Association of America
Mr. Andrew W. Levin, Executive Vice President and Chief Legal Officer, Clear Channel Communications
On Behalf of: National Association of Broadcasters
Mr. Stewart Harris, Songwriter
On Behalf of: Songwriters Guild of America
Ms. Ruth A. Ziegler, Deputy General Counsel, Sirius Satellite Radio Inc.

Panel Two
Mr. Fritz Attaway, Executive Vice President and Special Policy Advisor, Motion Picture Association of America
Mr. Gary Shapiro, President and Chief Executive Officer, Consumer Electronics Association
Ms. Gigi Sohn, President, Public Knowledge

The first panel was focused on the audio flag, and the second panel dealt primarily with the video and broadcast flags. However, all three flags were discussed in both panels.
Continue reading “House Hearing on Audio and Video Flags”

Blogging from Snowbird : The Image of Computing

I’m at the Computing Research Association’s (CRA) biannual biennal Snowbird conference that brings together the leaders of the computer science (CS) community. Yesterday’s opening session was a great overview of funding issues by Ed Lazowska. If you’ve been reading CRA’s blog for the past year, you’ve heard most of his talk. His main point was that CS can’t circle the wagons and shoot inwards, rather it must make the case as to why it is a high-profile science. This morning’s session was about the image of computing with Rick Rashid, head of Microsoft Research, talking about how we need to get the romance of computing back.

He started with a humorous video that Bill Gates used in 1994 showing the incredible optimism stemming from the digital “superhighway” and the so-called “convergence” of telecommunications, computing and media forces. This optimism translated into a spike in interest in majoring in CS. He contrasted this against the boundless pessimism we saw in 2002 with the media drumbeat about the end of the field. This, of course, manifested itself as a sharp drop in interest in majoring in CS. (Here is a graph representing both the spike and the drop off in interest.) He outlined three factors that are driving the declining image of computing:

  • CS careers are seen as unattractive by young people (they are geeky)
  • CS careers are seen as not financial rewarding (losing jobs to offshoring)
  • CS is seen as gender biased against women and minorities

Before discussing how each one of these can be addressed, he asked the question — why should we care? For Microsoft, it is very parochial view. They are already having problems finding talent. Declining enrollments and graduation rates, coupled with their growing needs, will exacerbate this problem. He laid out the mid- and long-term impacts — CS education programs will shutter and US-based IT companies will increasingly looking toward global talent to fill their needs. He argued that the pipeline for undergraduates is already drained and it will soon be for graduate students.

He then talked about the different facts to rebut clearly wrong perceptions. On the financial side, he presented detailed slides of open positions and salary data from Dice IT job website showing the strength of the job market. (Hopefully the slides will be up on the web soon so I can link to the data). Further, that hiring at Microsoft and its competitors is up by 30 percent. (ACM’s offshoring and globalization study does a good job refuting the “there aren’t going to be anymore IT jobs in America” argument.)

He argued that we are turning the corner in some respects because a Money Magazine report recently ranked software engineering as the best job in America. He also talked about some of the activity underway to address the image problem: The computing societies coming together to hire a permanent person housed within the National Center for Women & Information Technology to coordinate the various efforts of these groups. Companies, like Microsoft, are placing new empahsis on using computing to solve social problems.

While these were positive steps to address specific issues, he argued the overarching goal should be to get the romance of computing back. He talked about restoring a sense of wonder and projecting the boundless opportunities of computing. This implies a much more emotional connection to computing than a rational one (i.e., I can have high paying job). He also pointed out some “sense of wonder” technologies (I’m listing only a few he mentioned):

  • using any surface as a computing interface
  • human scale storage, where all one’s actions and conversations can be recorded
  • terra scale applications such as mapping the sky and giving multiple attributes to each object

Finally he argued with a relatively short a 50-year history as a field, we are just getting started and can’t predict where the next “sense of wonder” opportunities might come from, but we still have to publicize them. Further, the community has to continue to do outreach on the value of computing to the press and high-school guidance counselors.

During the Q&A two interesting questions were asked, both of which had to do with “bait and switch” issues. The first questioner asked what if you promote the romance of the field, but the actual exposure in college is boring, geeky, and homogeneous? Rick responded by citing the George Tech “threads” program and the need to connect teaching fundamental with real-world applications. The second questioner asked is there a bait and switch when entering the job market, that is will they get stuck with a boring, geeky job at Microsoft. Rick explained that Microsoft is a large company with many diverse opportunities, only a fraction of which are hard core programing, with much more focused on problem solving. Interestingly the questioner (from Georgia Tech) countered that the vast majority of his students don’t realize this.

Hill Tech Happenings, Week of June 26

June 26

Markup:

House Rules Committee will consider floor debate rules for bills including the Commerce-Justice-Science spending bill.
5:00 p.m., H-313, Capitol

Event:

Representative Tom Davis (R-VA) will speak at the opening of the first IPv6 (Internet Protocol version 6) training center in the United States.
10:00 a.m., Command Information, America’s IPv6 Training Center, 13655 Dulles Technology Dr., Suite 190, Herndon, Va.

June 27

Markup:

Senate Commerce, Science and Transportation Committee continues the markup started on June 22 of S. 2686, the Communications, Consumers’ Choice, and Broadband Deployment Act of 2006.
10:00 a.m., 214 Hart Building

Hearing:

“The Audio and Video Flags: Can Content Protection and Technological Innovation Coexist?”

House Energy and Commerce Committee, Subcommittee on Telecommunications and the Internet
2:00 p.m., 2322 Rayburn

More about Hill Tech Happenings.

USACM Chair, Eugene Spafford, Calls for More Accountability at the VA

Testifying before Congress about the recent databreach at the Veterans Affairs (VA) Department, Eugene Spafford (Spaf) argued that this breach was a policy problem rather than technology one. (His full testimony can be found here.) Noting that government, industry and academia all have systemic problems with how accountability is built into information security policies, two problems commonly emerge:

“1. There is no centralized point of authority to ensure that rules, procedures and good practices are instituted and observed. There are good people at the VA who understand what needs to be done, and many of them try to do the right thing. However, there is no centralized position that has all three components necessary to effectively manage information security: resources, accountability, and authority. There should be a CIO or CISO (Chief Information Security Officer) who has adequate funding and trained personnel to carry out a comprehensive security plan. That office (and management above it) also must be held accountable for failures to satisfy necessary standards and success- fully pass audits. Last of all, that same office must have authority to make changes, shut down systems (if necessary), and terminate employees for cause. Accountability without authority means the position is simply a focus for blame when failures occur; authority without resources means that only limited organizational problems can be fixed; and resources without accountability may simply lead to fraud, waste and abuse.

2. An employee or contractor makes an arbitrary decision to violate security policies so as to make his job easier. This is done without understanding why the policy is structured as it is, and without understanding the potential consequences of the violation — until it is too late, if even then. Unfortunately, we see this happening all the time, and it is usually the case that — even if detected — no sanctions are imposed so long as the work gets done and nothing untoward appears to happen. This builds a climate of contempt for the policies, and the mistaken belief that end-users are capable of making policy decisions involving enterprise security. If something untoward does happen, often the guilty parties are scolded, but nothing further occurs: an attitude of “failures are commonplace” overrides any thought of holding guilty parties fully accountable.”

This point was clearly heard by the members of the committee. Several members, including the Chairman, expressed support for a “comprehensive” fix to the security policies, not just reactive solutions, such as credit monitoring.

As an aside, Spaf gave all the members of the committee PITAC report’s Cyber Security: A Crisis of Prioritization as part of his testimony. The report made quite a splash, especially with the Chairman. At the beginning of the hearing, he was waving it around, calling it insightful, and encouraging all the members to read it.

USACM Releases Privacy Policy Recommendations

With security breaches revealing millions of personal records, new surveillance programs being adopted by law enforcement, calls for data to be retained longer by Internet Service Providers, the role of privacy and technology is very much on the minds of policymakers. The most common refrain from advocates is for Congress to enact a comprehensive privacy framework instead of addressing privacy issues on an ad hoc basis as it typically does. Below are USACM’s recommendations a comprehensive framework addressing the collection, storage and use of personal information.

USACM Policy Recommendations on Privacy
June 2006

BACKGROUND

Current computing technologies enable the collection, exchange, analysis, and use of personal information on a scale unprecedented in the history of civilization. These technologies, which are widely used by many types of organizations, allow for massive storage, aggregation, analysis, and dissemination of data. Advanced capabilities for surveillance and data matching/mining are being applied to everything from product marketing to national security.

Despite the intended benefits of using these technologies, there are also significant concerns about their potential for negative impact on personal privacy. Well-publicized instances of personal data exposures and misuse have demonstrated some of the challenges in the adequate protection of privacy. Personal data — including copies of video, audio, and other surveillance — needs to be collected, stored, and managed appropriately throughout every stage of its use by all involved parties. Protecting privacy, however, requires more than simply ensuring effective information security.

The U.S. Public Policy Committee of the Association for Computing Machinery (USACM) advocates a proactive approach to privacy policy by both government and private sector organizations. We urge public and private policy makers to embrace the following recommendations when developing systems that make use of personal information. These recommendations should also be central to any development of any legislation, regulations, international agreements, and internal policies that govern how personal information is stored and managed. Striking a balance between individual privacy rights and valid government and commercial needs is a complex task for technologists and policy makers, but one of vital importance. For this reason, USACM has developed the following recommendations on this important issue.

RECOMMENDATIONS

MINIMIZATION
1. Collect and use only the personal information that is strictly required for the purposes stated in the privacy policy.
2. Store information for only as long as it is needed for the stated purposes.
3. If the information is collected for statistical purposes, delete the personal information after the statistics have been calculated and verified.
4. Implement systematic mechanisms to evaluate, reduce, and destroy unneeded and stale personal information on a regular basis, rather than retaining it indefinitely.
5. Before deployment of new activities and technologies that might impact personal privacy, carefully evaluate them for their necessity, effectiveness, and proportionality: the least privacy-invasive alternatives should always be sought.

CONSENT
6. Unless legally exempt, require each individual’s explicit, informed consent to collect or share his or her personal information (opt-in); or clearly provide a readily-accessible mechanism for individuals to cause prompt cessation of the sharing of their personal information, including when appropriate, the deletion of that information (opt-out). (NB: The advantages and disadvantages of these two approaches will depend on the particular application and relevant regulations.)
7. Whether opt-in or opt-out, require informed consent by the individual before using personal information for any purposes not stated in the privacy policy that was in force at the time of collection of that information.

OPENNESS
8. Whenever any personal information is collected, explicitly state the precise purpose for the collection and all the ways that the information might be used, including any plans to share it with other parties.
9. Be explicit about the default usage of information: whether it will only be used by explicit request (opt-in), or if it will be used until a request is made to discontinue that use (opt-out).
10. Explicitly state how long this information will be stored and used, consistent with the “Minimization” principle.
11. Make these privacy policy statements clear, concise, and conspicuous to those responsible for deciding whether and how to provide the data.
12. Avoid arbitrary, frequent, or undisclosed modification of these policy statements.
13. Communicate these policies to individuals whose data is being collected, unless legally exempted from doing so.

ACCESS
14. Establish and support an individual’s right to inspect and make corrections to her or his stored personal information, unless legally exempted from doing so.
15. Provide mechanisms to allow individuals to determine with which parties their information has been shared, and for what purposes, unless legally exempted from doing so.
16. Provide clear, accessible details about how to contact someone appropriate to obtain additional information or to resolve problems relating to stored personal information.

ACCURACY
17. Ensure that personal information is sufficiently accurate and up-to-date for the intended purposes.
18. Ensure that all corrections are propagated in a timely manner to all parties that have received or supplied the inaccurate data.

SECURITY
19. Use appropriate physical, administrative, and technical measures to maintain all personal information securely and protect it against unauthorized and inappropriate access or modification.
20. Apply security measures to all potential storage and transmission of the data, including all electronic (portable storage, laptops, backup media), and physical (printouts, microfiche) copies.

ACCOUNTABILITY
21. Promote accountability for how personal information is collected, maintained, and shared.
22. Enforce adherence to privacy policies through such methods as audit logs, internal reviews, independent audits, and sanctions for policy violations.
23. Maintain provenance — information regarding the sources and history of personal data — for at least as long as the data itself is stored.
24. Ensure that the parties most able to mitigate potential privacy risks and privacy violation incidents are trained, authorized, equipped, and motivated to do so.

USACM does not accept the view that individual privacy must typically be sacrificed to achieve effective implementation of systems, nor do we accept that cost reduction is always a sufficient reason to reduce privacy protections. Computing options are available today for meeting many private sector and government needs while fully embracing the recommendations described above. These include the use of de-identified data, aggregated data, limited datasets, and narrowly defined and fully audited queries and searches. New technologies are being investigated and developed that can further protect privacy. USACM can assist policy-makers in identifying experts and applicable technologies.

For more information about USACM, please contact the ACM Office of Public Policy at (202) 659-9711 or see .

Flagging the Senate Telecommunications Bill

Senator Ted Stevens (R-AK), Chairman of the Senate Commerce Committee has unveiled his proposal for reforming the Telecommunications Act of 1996. (He plans to take the bill up in committee on Thursday of this week.) The bill tackles a broad range of issues including universal service, video franchising, wireless networks, digital television and more. This post focuses on one particularly troublesome provision in the bill dealing with video/audio flags.
Continue reading “Flagging the Senate Telecommunications Bill”

Blue Collar Computing

The name refers to a program at the Ohio Supercomputer Center that seeks to connect industries that lack the time or resources with high-performance computing (HPC) software, technology and expertise. They seek to lower barriers to entry for firms and industries that can benefit from HPC.

This program has inspired Senator Mike DeWine (R-Ohio) to introduce legislation this past week to encourage similar efforts nationwide. The Blue Collar Computing and Business Assistance Act of 2006, co-sponsored with Senator Herb Kohl (D-Wisconsin), is aimed toward small businesses and manufacturers that could benefit from HPC by encouraging transfer of HPC knowledge, software and technology to these firms. Both Sens. DeWine and Kohl have worked toward maintaining and expanded manufacturing competitiveness programs like the Manufacturing Extension Program, and this legislation should be viewed as a high-tech version of those efforts.

The proposed legislation would establish, through the Department of Commerce, up to five Advanced Multidisciplinary Computing Software Centers at non-profits, consortia of non-profits, or partnerships between private and non-profit entities. Selection criteria for these centers would include (but not be limited to) the ability of the applicants to partner with academic institutions and small businesses, the ability to educate workers on the applicability of HPC to their fields, and the ability to access and utilize HPC software, networks and technology. Grants under the program would not exceed $5 million per fiscal year per center.

The legislation has just been introduced, and as noted in this week’s Hill Tech Happenings, Sen. DeWine held a briefing on it today. USACM will monitor the legislation as it proceeds.

Hill Tech Happenings, Week of June 19

June 19

Briefing:

Sen. Mike Dewine (R-Ohio), has introduced the Blue Collar Computing and Assistance Act of 2006, and will discuss the legislation. The briefing also details recent advances in high performance computing in the State of Ohio’s Blue Collar Computing Program.

12:30 p.m.
B-354 Rayburn Building

June 20

Hearing:

Oversight Hearing on Veterans Benefit Administration (VBA) data security
House Veterans’ Affairs Committee, Subcommittee on Disability Assistance and Memorial Affairs
10:00 a.m., 334 Cannon Building

June 21

Hearing:

“The Analog Hole: Can Congress Protect Copyright and Promote Innovation?”
Senate Judiciary Committee
9:30 a.m., 226 Dirksen Building

Hearing:

“Internet Data Brokers and Pretexting: Who Has Access to Your Private Records?”
House Energy and Commerce Committee, Subcommittee on Oversight and Investigations
10:00 a.m., 2322 Rayburn Building

June 22

Update

Markup:

Communications Reform Bill

Senate Science, Commerce and Transportation Committee
2:00 p.m., 216 Hart Building
Note: You can review the bill online.

Hearing:

Oversight Hearing on the legal implications of the VA data theft
House Veterans Affairs Committee
10:30 a.m., 334 Cannon Building
Note – USACM Chair Eugene Spafford is one of the witnesses scheduled to testify.

Hearing:

“Internet Data Brokers and Pretexting: Who Has Access to Your Private Records?”
House Energy and Commerce Committee, Subcommittee on Oversight and Investigations
2:00 p.m., 2322 Rayburn Building
Note – continuation of the hearing from June 21.

More about Hill Tech Happenings.