National Academies: Jurisdictions May Not Be Ready for Election Day, Certification Process Generates Skepticism

July has seen a lot of attention focused on e-voting issues. First, the Brennan Center releases a major report on threats to e-voting systems. Then Congress holds a much-needed hearing on e-voting (USACM offered testimony). And this week the National Academies released an interesting new report discussing emerging problems with e-voting systems and making recommendations for the upcoming election.

According to the Election Assistance Commission, an estimated one-third of voters will be using different equipment in 2006 than 2004. The academies’ report stated that some jurisdictions, possibly many, are not prepared to use this new equipment for the November election. Several factors are contributing to this (although not uniformly across jurisdictions):

  • State and localities either not meeting or rushing to meet deadlines for new equipment mandated by the Help America Vote Act
  • New state requirements on e-voting systems, such as Voter Verified Paper Trails
  • On going security threats, such as those outlined in the Hursti report
  • Poor vendor performance
  • Training poll workers on how the new equipment works
  • Educating first-time voters about using the machines

Continue reading “National Academies: Jurisdictions May Not Be Ready for Election Day, Certification Process Generates Skepticism”

Voice Of America: U.S. Computer Programmers Losing Ground

Voice of America ran an article today looking at issues of education and globalization and impacts on the U.S. computer science pipeline. The article starts by pointing out America’s poor showing in ACM’s international programing contest:

“From 1977 until 1989, the winner was always a U.S. college team. And American students were among the top finishers until the late 1990s. But since then, Asian and East European students have won most of the top prizes. This year, only one American college team was among the top twelve. Last year, there were none. Some analysts say this poor showing by American computer science students should serve as a wake-up call for the U.S. government, industry and educators.”

On the education front, there are two significant issues. First, the number of science graduates in the US is low compared competitors such as India and China. Second, high school curriculum puts U.S. students at a disadvantage:

Mel Schiavelli, President of Harrisburg University of Science and Technology in Pennsylvania says, “… computer science is based on mathematics, especially algebra, and that these subjects are introduced too late in elementary schools. High school math and science courses are not as challenging in the U.S. as they are in some Asian and European curricula. Thus, entering college students who choose to major in computing, engineering or other sciences often cannot cope with the complexity of college science courses. After their first semester, many of these freshmen switch to non-science majors.”

The article also focused on the impact of globalization and outsourcing on the field:

Doug White, a computer science professor at Roger Williams University in Bristol, Rhode Island “The Internet and globalization in general allow Third World countries like India — it’s such a great example — to really improve their situation by creating a wealthy middle class. And that’s great for the world because it means salaries and income levels in those countries, where things are bad, are improving. So that’s good. The scary part is that as those jobs go away, there is going to be a situation where a lot of Americans who are trying to find careers are going to have a challenging time.”

But also pointed out that this perception can hurt the field in the long run:

Some analysts say that in recent years, many American students have shunned computer programming because they fear that job opportunities and salaries in that field will decline. Greg Gagne, Chairman of the Computer Science Department at Westminster College in Salt Lake City, Utah, says that as a result, the United States will face a shortage of computer science talent. “Several high tech leaders are concerned that with this dip in computer science enrollments, five or six years from now, there won’t be enough graduates coming out of U.S. colleges and universities with computer science degrees to fulfill demand.” Gagne says the fear of outsourcing must be dispelled because it is only a small fraction of the computer industry.

ACM released a report on the globalization and offshoring of software eariler this year that also discussed these topics.

Government Actions Supporting Data Protection

Two items showing the ongoing struggle to maintain the security of personal information.

Government Computer News reported in their July 24 issue that the Office of Management and Budget has tightened requirements for federal agencies to report data breaches. Responding to recently reported data breaches, the OMB guidance reinforces much of current federal law in this area, but the added pressure will hopefully encourage greater compliance. Legislation recently proposed by Representative Davis (R-Virginia) would further define the responsibility of both OMB and agency CIOs with respect to the reporting of data breaches and enforcement of data breach policies.

The memo (PDF), dated July 12, requires agencies to notify the U.S. Computer Emergency Readiness Team (U.S. CERT, part of the Department of Homeland Security) within an hour of discovery. This is already required under the Federal Information Security Management Act of 2002, but the OMB guidance clarifies what kinds of breaches must be reported – “all incidents involving personally identifiable information in electronic or physical form and should not distinguish between suspected and confirmed breaches.” It is hoped that this memo will also help improve responses from those agencies that have had trouble implementing FISMA.

You can read the full article online.

From The National Journal’s CongressDaily, we note that the House Energy and Commerce Committee has approved legislation (H.R. 1078, The Social Security Number Protection Act of 2005) criminalizing the sale of Social Security Numbers and empowering the FTC to regulate the practice. The bill needs to be reviewed by the Ways and Means Committee before going to the House floor.

Scientists Tell Congress It Needs Independent Scientific and Technical Advice

Today the House Science Committee held a hearing exploring Congress’ need for scientific and technical advice. (Witness lists and hearing webcast can be found here.) Eleven years ago, Congress closed the Office of Technology Assessment (OTA). This office was created in 1972 to aid Congress “in the identification and consideration of existing and probable impacts of technological application.” When it was closed, the newly-elected Republican majority sought to reduce the size of the federal government and the office’s annual $20 million budget was a clear target. The office was also justifiably criticized for not providing timely reports to Congress and for being disconnected from the true needs that Congress had regarding science and technology issues. The scientific community opposed OTAs closure and, to this day, this issue remains a sore spot. Many believe that Congress would make better policy decisions if this resource still existed.

Congress does not face an information shortage. Each day hundreds of documents are dumped on Congress, many of them dealing with technical issues. One witness said that staffers now receive about 200 e-mails daily from advocacy groups. Numerous groups provide scientific advice to Congress including think tanks, professional societies (such as ACM), the National Academies, governmental agencies, and even Congress’ own research service. None of the witnesses argued Congress needed more scientific and technical advice. They argued it needed independent advice that was more closely aligned with Congress’ needs, and that this need couldn’t be fulfilled by the various outside groups.
Continue reading “Scientists Tell Congress It Needs Independent Scientific and Technical Advice”

Hill Tech Happenings, Week of July 24

This is the last week before Congress takes their August recess. They will reconvene in September.

July 28

Hearing:

The Subcommittee on Federal Financial Management, Government Information, and International Security of the Senate Homeland Security Committee is holding a hearing on Cyber Security: Recovery and Reconstitution of Critical Networks.
9:30 a.m., 342 Dirksen Building

More about Hill Tech Happenings.

Veterans’ Affairs Data Breach Legislation

The House Veterans Affairs Committee, responding to the May 2006 theft of a laptop containing information on over 26 million veterans and active duty personnel, has approved legislation improving and reorganizing cybersecurity activities in the Department of Veterans’ Affairs. This follows a series of hearings the committee has held over the last 2 months – USACM Chair Eugene Spafford (Spaf) testified at one of these hearings.

The legislation (PDF) provides for credit remediation and related services for veterans whose information was compromised as a result of the data theft. It also establishes an undersecretary of information services, who would have the responsibilities of the chief information officer (CIO). Three new deputy undersecretaries for security, operations and management, and policy and planning would report to the new undersecretary. Finally, recognizing the need for trained computer security professionals (as Spaf emphasized during his testimony), the bill creates up to five scholarships (amended from three) per year for students pursuing doctoral degrees in information security, computer engineering or electrical engineering. These students would work at the VA two years for every year of scholarship support.

As more and more data breaches make the news, we can expect that additional data breach legislation will be considered. For instance, Rep. Davis (R-VA), chair of the House Government Reform Committee, introducted legislation this week requiring federal agencies to notify the public about data breaches involving sensitive information. The chair of the Veterans’ Affairs Committee is a co-sponsor of the bill.

Veterans' Affairs Data Breach Legislation

The House Veterans Affairs Committee, responding to the May 2006 theft of a laptop containing information on over 26 million veterans and active duty personnel, has approved legislation improving and reorganizing cybersecurity activities in the Department of Veterans’ Affairs. This follows a series of hearings the committee has held over the last 2 months – USACM Chair Eugene Spafford (Spaf) testified at one of these hearings.

The legislation (PDF) provides for credit remediation and related services for veterans whose information was compromised as a result of the data theft. It also establishes an undersecretary of information services, who would have the responsibilities of the chief information officer (CIO). Three new deputy undersecretaries for security, operations and management, and policy and planning would report to the new undersecretary. Finally, recognizing the need for trained computer security professionals (as Spaf emphasized during his testimony), the bill creates up to five scholarships (amended from three) per year for students pursuing doctoral degrees in information security, computer engineering or electrical engineering. These students would work at the VA two years for every year of scholarship support.

As more and more data breaches make the news, we can expect that additional data breach legislation will be considered. For instance, Rep. Davis (R-VA), chair of the House Government Reform Committee, introducted legislation this week requiring federal agencies to notify the public about data breaches involving sensitive information. The chair of the Veterans’ Affairs Committee is a co-sponsor of the bill.

Congress Looks into E-Voting Issues, USACM Calls on Congress and the EAC to Close Gaps in Current System

Facing a steady stream of reports about e-voting machine failures and security vulnerabilities, yesterday Congress tackled the question of whether new federal standards will improve this technology. The short answer from the witness and the Members of Congress seemed to be that the standards, while a good first step, were far short of what we need to ensure accurate, secure, reliable and usable e-voting machines. We will have to wait until the next update of the standards (likely effective in 2010) to see anything more than marginal improvements.

USACM mirrored these concerns in a letter it released to Congress in advance of the hearing; noting that even with improved standards, there are still gaps in the current testing and certification system. USACM made five recommendations to close these gaps:

  • Create a formal feedback process that will ensure that lessons learned from independent testing and Election Day incidents are translated into best practices and future standards.
  • Make the testing process more transparent by making the testing scope, methodologies and results available to the public.
  • Ensure that the guidance for usability and security standards provides performance-based requirements and is clear so as to minimize the variance of human interface designs from jurisdiction to jurisdiction.
  • Create a mechanism for interim updates to the standards to reflect emerging threats, such as newly discovered security defects or attacks.
  • Require voter verified paper trails and audits to mitigate the risk associated with software and hardware flaws.

USACM also issued a press release on the hearing, which can be found here.

Continue reading “Congress Looks into E-Voting Issues, USACM Calls on Congress and the EAC to Close Gaps in Current System”

Hill Tech Happenings, Week of July 17

A busy week for tech related issues.

July 17

Event:

The Center for American Progress is hosting The Great Debate: What is Net Neutrality? with Vint Cerf and Dave Farber.
10:30 a.m., Center for American Progress, 1333 H. Street N.W., 10th Floor, Washington, D.C.

July 18

Hearing:

Veterans’ Affairs cybersecurity legislation

House Veterans’ Affairs Committee
10:30 a.m., 334 Cannon Building

Hearing:

“ICANN [Internet Corporation for Assigned Names and Numbers] and the Whois Database: Providing Access to Protect Consumers from Phishing.”

Financial Affairs and Consumer Credit Subcommittee of the House Financial Services Committee
10:00 a.m., 2128 Rayburn Building

Update
Event:

A Transatlantic Dialogue on the Digital Economy
The Internet Caucus Advisory Committee, Transatlantic Policy Network, and European Internet Foundation host an international Internet policy discussion between Members of the European Parliament and Members of Congress.
2:00 p.m., 1300 Longworth Building

July 19

Hearing:

The Subcommittee on Technology, Innovation and Competitiveness of the Senate Commerce, Science and Transportation Committee is holding a hearing on High Performance Computing
11:00 a.m., 253 Russell Building

This hearing is scheduled 1 hour after a full commmittee markup in the same room, so it may be delayed if the markup runs long.

Hearing:

The Committee on House Administration and the House Science Committee will hold a joint hearing on “Voting Machines: Will New Standards and Guidelines Prevent Future Problems?”
2:00 p.m., 2318 Rayburn Building

July 20

Markup:

The House Veterans’ Affairs Committee will markup cybersecurity and other legislation.
10:30 a.m., 334 Cannon Building

More about Hill Tech Happenings.

Interview with ACM’s New President, Stuart Feldman

CNET news has an interview with ACM’s new President, Stuart Feldman on topics ranging from IT education and jobs to the globalization of the IT software industry. He specifically mentions ACM’s recent globalization report and that it shows there is strong demand in the IT industry for skilled employees. Here is an excerpt from the interview:

“Q: Where do you want ACM to side up on the issue of outsourcing?

Feldman: We are very careful to not comment on that issue. ACM put out a very careful report on global job migration, and basically there will be a migration of certain types of jobs. There will be an increasing number of jobs of course in countries where there weren’t a lot. There is no question about that.
The number of IT jobs in the U.S. is not shrinking and there is an incipient shortage of high skills.

This is simply a clear result of growth happening in both the obvious places–India and China–but also many other places. So this is not a shrinkage of either opportunity or of activity in the U.S., Canada or the EU; it’s a case of growth elsewhere.

Q: And the IT jobs outlook in the U.S.?

Feldman: When you take a look at the numbers, the number of IT jobs in the U.S. is not shrinking and there is an incipient shortage of high skills. All of my West Coast colleagues are complaining about how hard it is to get the people they want. ”

Dr. Feldman was recently elected President of ACM and started his two year term on July 1, 2006. The President of ACM is a standing member of the Executive Committee of USACM. He is also vice president of computer science research at IBM.