Hill Tech Happenings, Week of September 25

September 26
Hearing:
The Subcommittee on 21st Century Competitiveness of the House Education and the Workforce Committee will hold a hearing on “The Internet and the College Campus: How the Entertainment Industry and Higher Education are Working to Combat Illegal Piracy.”
10 a.m., 2175 Rayburn Building

Update
September 27
Markup:
The House Judiciary Committee is holding a markup on pending legislation, including H.R. 6052, the Copyright Modernization Act of 2006.
Yes, this is the third time this bill is scheduled for markup. It has been scheduled and pulled twice before. It may be pulled again, or this could be the time it goes through. With the House planning to recess by the end of the week, action seems more likely this time.

Update – 9/27
Well, in an unusual move, Rep. Smith, chair of the subcommittee handling the bill, pulled it during the markup today. It hasn’t died, it will return, but not until the next Congress.

September 28
Hearing:
The Senate Armed Services Committee is holding a hearing on military voting and the Federal Voting Assistance Progam
9:30 a.m., 222 Russell Building

The Committee on House Administration will hold a hearing on Electronic Voting Machines: Verification, Security, and Paper Trails. Barbara Simon and Edward Felten, both members of USACM, are scheduled to testify.
10 a.m., 1310 Longworth Building

Update – September 29
Markup:
The Senate Judiciary Committee will hold a markup, which is scheduled to include S2644, the PERFORM Act of 2006 and S3818, the Patent Reform Act of 2006”
TBA, 226 Dirksen Building

More about Hill Tech Happenings.

ACM Security Experts Urge Paper Trails For Electronic Voting

Today the Committee on House Administration held a hearing titled “Electronic Voting Machines: Verification, Security, and Paper Trails.” Two USACM members testified. Barbara Simons and Ed Felten. Their testimony can be found here and here, respectively. Below is a press release on the hearing.

Association for Computing Machinery
Advancing Computing as a Science & Profession


Contacts: Virginia Gold
(212) 626-0505
vgold@acm.org
Cameron Wilson
Association for Computing Machinery
(202) 659-9712

Simons, Felton Stress Security, Reliability and Backup Procedures to Ensure Public’s Trust

Washington, DC, September 28, 2006 — Barbara Simons, an electronic voting expert and past president of ACM, the Association for Computing Machinery, testified today that “providing a voter verified paper trail is a significant step toward mitigating the risks and ensuring the public’s trust in the nation’s election process.” At a Congressional hearing reviewing security for e-voting machines, Simons cited a range of defenses against multiple security risks, including the kinds of human error that have recently plagued primary elections in several parts of the country.

Also testifying at today’s hearing was Edward W. Felten, Professor of Computer Science and Public Affairs at Princeton University, and a member of ACM’s U.S. Public Policy Committee. Two weeks ago, his research team released a detailed analysis of the security of one of the most widely used e-voting machines. The hearing was held by the U.S. House of Representatives Committee on House Administration.

“Computerized voting has a lot of advantages, but all computerized voting systems currently available carry risks,” Dr. Simons said. Pointing to ACM’s 2004 statement on e-voting, she cited poor design, inferior software engineering, limited audit capabilities, and lack of rigorous testing among the risks.

She hailed the role of technology in easing the looming threat. “Technology, if engineered and tested carefully, and if deployed with safeguards against failure, can reduce error rates, provide more accessibility, increase accountability, and strengthen our voting system,” she said.

Dr. Simons recommended that the widely-used machines known as Direct Recording Electronic (DRE) devices produce a voter verified paper audit trail (VVPAT) or voter verified paper ballot (VVPB). “These procedures are not merely to eliminate fraud,” she said, “but rather to increase the safety of voting systems and to allow for routine election audits.” She also cited the need for routine random manual audits, and mandatory manual recounts as well as policies and procedures that guarantee the integrity of the paper and the quality of the printers used for printed paper trails.

Dr. Felten said his research revealed specific vulnerabilities as well as broader systemic problems with the voting machine he studied. “Because they are computers, e-voting machines are susceptible to familiar computer problems such as crashes, bugs, mysterious malfunctions, data tampering, and even computer viruses,” he said.

Noting that these challenges are not insurmountable, Dr. Felten made a number of recommendations to address these serious threats to the voting process. He reinforced Dr. Simons’ call for voter-verified paper audit trails, and called for:

  • Extra care in securing voting machines throughout the election process
  • Improved certification for software updates to e-voting machines
  • Increased use of independent security experts from the technology community

“Voting technologies must help to build trust [in the electoral system]. Today’s e-voting infrastructure is not up to the task, but tomorrow’s can be,” Dr. Felten said.

Both witnesses indicated the need for further research to improve the voting system. They called for the technical community and the election community to work together to develop computerized voting and electronic registration systems that deserve the public’s trust.

Dr. Simons co-chaired ACM’s study of statewide databases of registered voters. http://www.acm.org/usacm/VRD/ which examined accuracy, privacy, usability, security, and reliability issues. She founded ACM’s US Public Policy committee (USACM) in 1993, and served for many years as its chair or co-chair. She was a member of the National Workshop on Internet Voting, and is retired from IBM, where she was a Research Staff Member at the IBM Almaden Research Center.

Dr. Felten is Director of the Center for Information Technology Policy at Princeton University. He serves on the Executive Committee of ACM’s US Public Policy Committee (USACM). He has advised the U.S. Departments of Justice, Defense, and Homeland Security, and the Federal Trade Commission on security-related issues. In 2003, Scientific American magazine named him to its list of fifty global leaders in science and technology.

ABOUT ACM
ACM, the Association for Computing Machinery http://www.acm.org, is an educational and scientific society uniting the world’s computing educators, researchers and professionals to inspire dialogue, share resources and address the field’s challenges. ACM strengthens the profession’s collective voice through strong leadership, promotion of the highest standards, and recognition of technical excellence. ACM supports the professional growth of its members by providing opportunities for life-long learning, career development, and professional networking.

# # #

“New” Competitiveness Legislation Introduced in the Senate

In the ongoing saga of the American Competitiveness Initiative (see our previous weblog posts on the subject) a “new” piece of legislation has been introduced in Congress. On Tuesday Senator Frist (R-TN), along with Senator Reid (D-NV) introduced the National Competitiveness Investment Act (S3936 – currently unavailable online). This is in effect a consolidation of the pre-existing Senate legislation from 2006 (the PACE-Energy Act, the American Innovation and Competitiveness Act, and the PACE-Education Act).

While S3936 is not a carbon copy of the previous legislation, most of their provisions survive in this bill. Previous legislation covered the following:
Continue reading ““New” Competitiveness Legislation Introduced in the Senate”

"New" Competitiveness Legislation Introduced in the Senate

In the ongoing saga of the American Competitiveness Initiative (see our previous weblog posts on the subject) a “new” piece of legislation has been introduced in Congress. On Tuesday Senator Frist (R-TN), along with Senator Reid (D-NV) introduced the National Competitiveness Investment Act (S3936 – currently unavailable online). This is in effect a consolidation of the pre-existing Senate legislation from 2006 (the PACE-Energy Act, the American Innovation and Competitiveness Act, and the PACE-Education Act).

While S3936 is not a carbon copy of the previous legislation, most of their provisions survive in this bill. Previous legislation covered the following:
Continue reading “"New" Competitiveness Legislation Introduced in the Senate”

USACM Members to Provide Expert Congressional Testimony on E-Voting Security and Paper Trails

This Thursday at 10:00 the Committee on House Administration will hold a hearing on security, verification and paper trail issues related to e-voting machines. Two USACM-EC members have been invited to testify — Barbara Simons, past president of ACM, and Ed Felten, professor of Computer Science at Princeton University. The hearing will be webcast.
Continue reading “USACM Members to Provide Expert Congressional Testimony on E-Voting Security and Paper Trails”

Hill Tech Happenings, Week of September 18

September 19
Hearing:
The Senate Commerce, Science and Transportation Committee will hold a hearing on online child pornography.
2:30 p.m., 253 Russell Building

September 20
Hearing:
The Trade, Tourism and Economic Development Subcommittee of the Senate Commerce, Science and Transportation Committee will hold a hearing on Internet Governance: The Future of ICANN.
10 a.m., 253 Russell Building

Markup:
The House Judiciary Committee will hold a markup, which is scheduled to include HR 5825, the “Electronic Surveillance Modernization Act,” and HR 6052, the “Copyright Modernization Act of 2006.”
10 a.m., 2141 Rayburn Building

Note: These bills were scheduled for markup last week, and pulled at the last minute.

Update: They were pulled from markup this week as well. Whenever they are scheduled for markup, we’ll note that in this space.

September 21
Hearing:
The Subcommittee on Oversight and Investigations of the House Energy and Commerce Committee will hold a hearing on “Deleting Commercial Child Pornography Sites From the Internet: The U.S. Financial Industry’s Efforts to Combat This Problem”
10 a.m., 2123 Rayburn Building

Update
The Subcommittees on Commerce, Trade, and Consumer Protection and Telecommunications and the Internet of the House Energy and Commerce Committee will hold a joint hearing on “ICANN Internet Governance: Is It Working?”
2 p.m., 2123 Rayburn Building

September 22
Event:
The AEI-Brookings Election Reform Project is holding an event, “The 2006 Elections: Are We Ready?” Pre-registration required.
8:30 a.m., American Enterprise Institute, 1150 17th Avenue N.W., Washington, D.C.

More about Hill Tech Happenings.

New Health IT Legislation

On Wednesday, September 13, the Federal Workforce and Agency Organization subcomittee of the House Government Reform Committee approved a bill to spur the development of electronic health records for federal employees. The legislation, The Federal Family Health Information Technology Act (HR 4859), would establish the health records through the Federal Employees Health Benefits Program. This would happen by requiring insurance carriers that contract with the program to provide complete electronic health records within five years. This parallels other legislation that addresses electronic medical records in the private sector (including HR 4157, the Health Technology Promotion Act). USACM joined several other groups in raising concerns when that legislation was introduced earlier in this Congress (it is currently awaiting a conference committee).

It is hoped that with this legislation electronic health records will become more widespread more quickly, with the federal employee initiative stimulating transfer into the private sector. The measure also addresses individuals’ access to their own records. Under the legislation people can request a portable copy of their health records in a digital format.

Major concerns over the legislation, as with other health IT bills, have to do with privacy. USACM’s privacy policy is quite applicable here, because the information in health records is very personal and sensitive. It requires a very careful engineering of the system, and equally careful consideration about the storage, security, retention and reliability of the information. There are additional concerns about costs being passed on to employees and about successful implementation within the five year timeframe. Finally, the legislation does not speak to a particular standard for health records, and without such a standard, there could easily be interoperability issues as people move to different locations and/or change health plans.

E-Voting Machines Vulnerable to Viruses

Professor Ed Felten at Princeton University (also a member of USACM’s Executive Committee) and two associates (Ari Feldman and Alex Halderman) released a new study today confirming the security vulnerabilities found with a popular model of Diebold direct recording electronic (DRE) voting machines by many previous studies and exposing new, potentially more serious ones. Professor Felten says that this analysis is the first fully independent security review of both the machine’s hardware and software. The study confirms and demonstrates previous findings that someone with technical knowledge and physical access to a machine can insert malicious code that can switch votes, deny service, effectively hide from detection and overwrite security logs.

Among the new findings is that the machine is vulnerable to a virus that can spread its malicious code from machine to machine. Each machine has a memory card that is used both to record votes and update the system. Normally this card is behind a locked door on the machine, which, the paper argues, can be easily picked. A new card can be inserted carrying the malicious code and a viruses that installs itself on the machine. When a new memory card is inserted in that machine by a pollworker or a technical to either count votes or update the machine, the card will become infected. If that card is used in another machine, which is often the practice, the virus will spread.

This is significant because election officials have argued wide-spread fraud requires both technical knowledge and access to each machine. This new research shows that a virus can spread from machine to machine after access to only one machine.

So what is the take away from all this? Professor Felten argues:

“Despite these problems, we believe that it is possible, at reasonable cost, to build a DRE-based voting system—including hardware, software, and election procedures—that is suitably secure and reliable. Such a system would require not only a voting machine designed with more care and attention to security, but also an array of safeguards, including a well-designed voter-verifiable paper audit trail system, random audits and forensic analyses, and truly independent security review.”

ACM and USACM have consistently pointed out (1,2) that we need better engineered and tested system. Reports of security vulnerabilities are on systems that have already been certified as meeting federal voting system standards. Clearly we need to strengthen both the standards and testing process. Beyond that, a voter-verified paper audit trails will provide a safeguard against the security and reliability issues that are inherent in any computer system.

Hill Tech Happenings, Week of September 11

September 12

Hearing:
The Senate Commerce, Science and Transportation Committee holds a confirmation hearing on the nomination of Kevin Martin for chairman, Federal Communications Commission, and John Kneuer to be administrator, National Technical Information Administration.
10 a.m., 253 Russell

September 13

Update
Markup:
The House Judiciary Committee will markup several pieces of legislation, including H.R. 5825, the “Electronic Surveillance Modernization Act” and H.R. 6052, the “Copyright Modernization Act of 2006.”
10 a.m., 2141 Rayburn

Another Update – both of these pieces of legislation were pulled from the markup.

Hearings:
The Telecommunications and the Internet Subcommittee of the House Energy and Commerce Committee will hold a hearing on “Cybersecurity: Protecting America’s Critical Infrastructure, Economy and Consumers.”
10 a.m., 2123 Rayburn

The Federal Workforce and Agency Organization Subcommittee of the House Government Reform Committee will be marking up the Federal Family Health Information Technology Act, HR 4859.
2 p.m., 2203 Rayburn

The Economic Security, Infrastructure Protection and Cybersecurity Subcommittee of the House Homeland Security Committee is holding a hearing on “The Future of Cyber and Telecommunications Security at the Department of Homeland Security.”
3 p.m., 2212 Rayburn

More about Hill Tech Happenings.

Offshoring Implications: Innovate to Succeed

I was planning to post part two of the Fall tech agenda next, but the U.S. General Accounting Office released a good report last week studying offshoring in the semiconductor and software industries. Actually this is the third report on this subject in the past few weeks. (We blogged about the Department of Commerce’s report here, and the National Bureau of Economic Research released one that we haven’t reviewed yet.) The more we read these reports, the more we are struck by the similarities that they have with ACM’s report on offshoring released earlier this year. (The ACM report focused just on software.)

The GAO report was written at the behest of several members of Congress, so it has a distinctly US perspective. These reports cover so much ground it is often hard to do them justice in blog posts, but here are some of the top-level highlights of the GAO report:
Continue reading “Offshoring Implications: Innovate to Succeed”