Hill Tech Happenings, Week of February 28

March 2

Meeting

The Information Security and Privacy Advisory Board will hold one of its periodic meetings.
8:30 a.m., Homewood Suites by Hilton, 1475 Massachusetts Avenue, N.W., Washington, D.C. (continues through March 4, meeting should be webcast)

March 3

Information Security and Privacy Advisory Board meeting continues (see March 2)
8:30 a.m., 1475 Massachusetts Avenue, N.W.

March 4

Information Security and Privacy Advisory Board meeting concludes (see March 2)
8:30 a.m., 1475 Massachusetts Avenue, N.W.

USACM Comments on Federal Trade Commission Online Privacy Report

On February 18th, USACM submitted comments in response to the Federal Trade Commission’s (FTC) preliminary staff report concerning online privacy. Titled “Protecting Consumer Privacy in an Era of Rapid Change,” the report outlines a proposed privacy framework involving the following general principles:

  • Companies should integrate privacy into their regular business operations (a Privacy by Design approach)
  • Consumer choice needs to be presented in a more streamlined fashion than current practice
  • Companies should increase the transparency all of their data practices, including those in the parts of their business that don?t engage with consumers directly.
  • The FTC also sought comment on the development and use of a Do Not Track policy comparable to the Do Not Call list to reduce telemarketing calls.

    As the focus of the report shares significant overlap with the online privacy report from the Internet Policy Task Force at the Department of Commerce, there is also a fair amount of overlap between USACM’s comments to the FTC and its comments to the Department of Commerce. USACM comments to the FTC discuss the need for a dataflow-based lexicon and enhanced privacy risk models, as did our comments to the Department of Commerce.

    These comments did spend some time outlining how to approach a possible Do Not Track system. Recognizing that a Do Not Track option is an effort to move beyond standard opt-in and opt-out choices, USACM encouraged the FTC to define Do Not Track in a way that was technology neutral. It is also important to have a Do Not Track system that allows for a variety of consumer choices. There must be some options between track everything and track nothing so that consumers can really craft a personalized Internet experience that reflects their preferences.

    The comments submitted are just a part of the entire process the FTC is going through to develop new guidance for improving consumer privacy online. A final report, or even proposed regulations, are several months away.

    USACM Joins Statement of Concern Over Expansion of Intercept Law

    Today the Center for Democracy and Technology released a statement it developed to respond to possible changes to the Communications Assistance for Law Enforcement Act (CALEA). USACM is one of the organizations that signed on to the statement.

    The statement was developed due to press reports that there are efforts within the executive branch to expand the law, which requires companies to modify their electronic telecommunications equipment to facilitate wiretaps for law enforcement and other purposes. Originially passed in 1994, CALEA has been expanded to address changes in technology. However, as the statement indicates,

    “Clearly, lawful electronic surveillance plays an important role in enabling government agencies to fulfill their obligations to stop crime and to protect national security. These goals, however, must be reconciled with other important societal values, including cybersecurity, privacy, free speech, innovation and commerce.”

    The statement goes on to address significant concerns that need to be covered for future changes to laws that deal with electronic communications. It is important to preserve trust in communications systems. This can be achieved by safeguarding cybersecurity, not compromising encryption, protecting privacy and promoting accountability. If these steps (which are given more detail in the statement) are taken, the nation can support innovation and competitiveness interests while preserving lawful interests in electronic surveillance.

    Again, there is no specific proposal to change CALEA at the present time. But there is enough of a concern about making sure electronic communications remain secure and productive that a statement like the one CDT issued makes sense.

    ACM Washington Update Vol. 15.1 (February 16 2011)

    CONTENTS

    [1] Newsletter Highlights
    [2] USACM Comments on Proposed Web Accessibility Guidance
    [3] USACM Responds to Department of Commerce Online Privacy Report
    [4] Computers Freedom And Privacy Conference 2011
    [5] NITRD Program Asked for Input on K-12 Computer Science Education
    [6] President Signs COMPETES Act Reauthorization
    [7] About USACM

    [An archive of all previous editions of Washington Update is available at
    http://www.acm.org/usacm/update/]


    [1] NEWSLETTER HIGHLIGHTS

    There are more details on each item below, as well as on our weblog at:
    http://www.acm.org/usacm/weblog:

    * USACM submitted comments to the Department of Justice on how to help make websites compliant with the Americans with Disabilities Act.

    * USACM responds to the Internet Policy Task Force online privacy report by recommending implementation of Fair Information Practice Principles (FIPPs) as well as additional tools for modeling privacy risks.

    * The 2011 Computers, Freedom and Privacy Conference will be June 14th through 16 in Washington, D.C. This year’s conference theme is “The Future is Now.”

    * The federal Networking and Information Technology Research and Development program sought input on some key questions about K-12 CS education.

    * President Obama signed into law the reauthorization of the America COMPETES Act, which supports continued increases in federal support for physical sciences research.


    [2] USACM COMMENTS ON PROPOSED WEB ACCESSIBILITY GUIDANCE

    The Department of Justice requested comments on some proposed regulations it is working on for website compliance with the Americans with Disabilities Act (ADA). USACM recently submitted comments which included the following recommendations on how to encourage websites covered by the ADA to be compliant.

    * Promote Awareness – The public does not have a full understanding of the Americans with Disabilities Act and how it already applies to the Web or how improving accessibility can often be an inexpensive process. Educational resources aimed at improving awareness of the ADA, how it might apply to particular Web sites, and how Web site developers and operators might improve accessibility can reduce resistance and increase compliance.

    * Encourage Tool and Software Development – The department should encourage tool and software development to make it easier for developers and content providers to design accessible Web page and Web services.

    * Adopt the Section 508 Standards – Section 508 standards are currently required for government Web sites. It will be easier for Web developers and builders to work with a uniform standard rather than one set for federal Web sites and another for non-federal sites that must be ADA-compliant. For that reason we recommend adopting the Section 508 standards over the WCAG 2.0 standards

    * Voluntary Certification – We recommend that the Department establish a voluntary certification program for Web sites to demonstrate to visitors that the site is compliant with accessibility standards. This would complement the awareness promotion we recommend.

    * Lead by Example – Besides ensuring its own compliance with the ADA, federal government leadership in making its own Web sites compliant will help uncover useful tools and best practices that developers and builders can use in non-governmental Web sites.

    * Seek Clarity About Compliance – While the ADA already applies to the Web, there exists no guidance about what must comply, how to comply, and who is responsible for what parts of the compliance process, including auditing.

    * Encourage Compliance, Not Removal – Depending on how standards are set, implemented and supported, some Web sites may find it easier to remove content rather than comply with the law. Recognizing that the ADA already has undue burden provisions, the Department should still make sure that people understand the standards and how they can be achieved with reasonable means.

    This is the first step in what is likely a long-term process for the Department to draft rules, consult with groups affected by these rules, and finalize those rules.

    The full response can be read online at:
    http://usacm.acm.org/PDF/USACM_Response_to_DOJ_ANPRM.pdf


    [3] USACM RESPONDS TO DEPARTMENT OF COMMERECE ONLINE PRIVACY REPORT

    In December the Internet Policy Task Force (a Commerce Department group drawing on expertise from the Patent and Trademark Office, the International Trade Administration, the National Institute of Standards and Technology, and the National Telecommunications and Information Administration) released a report on commercial data privacy. This followed the release earlier that month of a Federal Trade Commission report about online privacy.

    USACM submitted comments on the report. A major theme of the comments was that Fair Information Practice Principles (FIPPs) are good (and should be broadly implemented), but they are insufficient in themselves for ensuring data privacy in an age of rapidly shifting practices and technological capabilities. USACM strongly encourages the use of three additional items to help strengthen online privacy protection.

    A dataflow-based lexicon – The lexicon would help define flows of personal information and provide meaningful references terms. This will assist in managing the variety of different purposes for which information could be used online and be adaptable to reflect changing technologies.

    Enhanced privacy risk models – FIPPs do not adequate address norms and harms, which means that practices that are otherwise compliant with FIPPs could be contrary to what a reasonable person would expect or cause harms. An enhanced privacy risk model would address context and harms, as well as be able to adapt for changes in technology and how those changes affect currently held assumptions about privacy.

    Privacy Impact Assessments (PIA) – A practice followed by some government agencies when implementing particular policies, PIAs can help spread the use of enhanced privacy risk models and FIPPs.

    With both the Department of Commerce and the Federal Trade Commission spending significant time over online privacy, it is possible that the executive branch may take significant action in this area. In turn, this could motivate Congress to go further in developing online privacy legislation than it has in the past.

    The full comments can be read online at:
    http://usacm.acm.org/PDF/Commerce_Department_Online_Privacy_Comments_USACM.pdf


    [4] COMPUTERS FREEDOM AND PRIVACY CONFERENCE 2011

    The Computers, Freedom and Privacy Conference (CFP) will take place this year June 14 through the 16th in Washington D.C. ACM is one of the conference sponsors.

    This year’s theme is “The Future is Now. The CFP, the 21st, will take place at the Georgetown University Law Center. The conference, as the name suggests, tackles issues involving the intersections of computing, privacy, and related freedoms. More information will be available soon.

    The conference organizers have released their call for submissions. The early bird deadline is March 15, and the final deadline is April 1.

    Find out more at the conference website:
    http://www.cfp.org/2011/wiki/index.php/Main_Page


    [5] NITRD PROGRAM ASKED FOR INPUT ON K-12 COMPUTER SCIENCE EDUCAITION

    The federal government asks for advice about education fairly regularly. But it isn’t often that it asks specifically what is needed to advance K-12 computer science education. So it was a pleasant surprise when one federal program asked some key questions about K-12 CS education. Members of our community had the opportunity to speak up about what they think is needed for a stronger K-12 CS education.

    Prompted by a report from the Presidents top science advisors, The Networking and Information Technology Research and Development Program (NITRD) asked three sets of big and open-ended questions:

    * What CS concepts are important to effective elementary, secondary, and post-secondary curricula? Among these concepts, which are commonly found in curricula today? Which are missing?

    * What do teachers need (including preparation and training, tools, and resources) to be able to deliver CS education effectively?

    * What factors are important in promoting student interest in CS?

    Comments had to be submitted by January 31.


    [6] PRESIDENT SIGNS COMPETES ACT REAUTHORIZATION

    President Obama signed into law the reauthorization of the America COMPETES Act. The bill continues (among other things) the increasing funding trend for the National Institute of Standards and Technology, the National Science Foundation, and the Office of Science at the Department of Energy started with the American Competitiveness Initiative introduced by President Bush. USACM and ACM’s Education Policy Committee co-authored a letter in support of the bill back in May of 2010, specifically focusing on the parts of the legislation that support science, technology, engineering and mathematics (STEM) education.

    Besides extended support for STEM education and increased federal funding for physical science research, the COMPETES reauthorization applies to the Advanced Research Projects Agency – Energy, and gives federal agencies and departments the authority to conduct prize competitions, which is part of President Obama’s Strategy for American Innovation. The funding allowed in the bill will have to be appropriated by Congress, so the fight for the continued budget support is far from over.


    BACK ISSUES

    For earlier editions of the ACM Washington Update, see:

    http://www.acm.org/usacm/update/

    SUBSCRIBE/UNSUBSCRIBE

    To subscribe to ACM’s Washington Update newsletter, send an e-mail to
    listserv@acm.org with “subscribe WASHINGTON-UPDATE “First Name” “Last Name”
    (no quotes) in the body of the message.

    To unsubscribe, simply include the “SIGNOFF WASHINGTON-UPDATE” command in an
    email to listserv@acm.org.

    As an alternative, enter your email address at http://optout.acm.org/listserv_index.cfm?ln=washington-update and we’ll remove you.

    If in the future you’d like to re-subscribe, please enter your address at

    http://signup.acm.org/listserv_index.cfm?ln=washington-update

    Hill Tech Happenings, Week of February 14

    This week the President released his Fiscal Year 2012 budget request. As a result, there will be several events, many of them today, where federal agencies discuss their portion of the request. Congressional hearings on this request will follow over the next few weeks.

    February 15

    Hearing:

    The Committee on House Administration will hold a hearing on military and overseas voting in the 2010 election.
    10:30 a.m., 1310 Longworth Building

    The Intellectual Property, Competition and the Internet Subcommittee of the House Judiciary Committee will hold a hearing on Internet competition
    1:30 p.m., 2141 Rayburn Building

    February 16

    Hearing:

    The Senate Judiciary Committee will hold a hearing on websites dedicated to stealing intellectual property.
    10 a.m., 226 Dirksen Building

    February 17

    Hearing:

    The Crime, Terrorism and Homeland Security Subcommittee of the House Judiciary Committee will hold a hearing on lawful surveillance and new technologies.
    10 a.m., 2141 Rayburn Building

    DC ACM Chapter Co-Hosts Discussion on Digital Government

    On February 17th, the D.C. Chapter of the Association for Computing Machinery and the New America Foundation will co-host a panel discussion, “The Open Government Directive: A Year Later.” The Open Government Directive was established by the Obama Administration in order to encourage the disclosure of more federal information online in a usable and accessible fashion for the public. It’s part of a larger Open Government Initiative that includes the development of websites like Data.gov. The event is scheduled to run from 5:30 to 7 p.m. at the New American Foundation offices in Washington.

    Participants in the discussion are:

    Panelists
    Tom Lee
    Sunlight Foundation

    Andrew McLaughlin
    Previous White House Deputy Chief Technology Officer

    Elana Berkowitz (invited)
    Open Technology Initiative Fellow
    New America Foundation

    Moderator
    Tom Glaisyer
    New America Foundation

    Part of what they hope to address in the discussion are some important issues related to the massive release of data associated with the Initiative. These issues include:

    • How are companies and organizations using this new government data?
    • What challenges are there in aggregating the various data sources?
    • What are the policies/barriers to the use of third-party tools to enhance the usefulness of this new information? And is this new openness helping provide citizens with better access and higher-quality information?

    For more information and to register, visit the event’s webpage. Any video taken of the event should be available at that page after the event takes place.

    Policy Highlights from Communications of the ACM – November 2010 (Vol. 53, No. 11)

    Below is a list of items with policy relevance from the November issue of Communications of the ACM. As always, much of the material in CACM is premium content, and free content one month may slip behind a pay wall the next. You need to be a member of ACM or a subscriber to CACM to access premium content online.

    ACM Member News, by Jack Rosenberger
    Chris Stephenson, Executive Director of the Computer Science Teachers Association and member of the ACM Education Policy Committee, is interviewed about K-12 computer science education in the U.S.

    News: Technology
    Security in the Cloud by Gary Anthes
    The author outlines security challenges involved with cloud computing (including a lack of clear regulatory or legal guidance) and what researchers are doing to address them.

    News: Society
    Career Opportunities by Leah Hoffman
    Computer science graduates face a reasonably strong labor market, and Hoffman discusses what else is bringing students back to the field.

    News: Emerging Technology
    Wide Open Spaces by Neil Savage
    A brief outline of the possibilities for the recent Federal Communications Commission decision to open frequencies in the broadcast spectrum.

    Viewpoints: Legally Speaking
    Why Do Software Startups Patent (or Not)? by Pamela Samuelson
    Samuelson discusses a recent article that analyzes the 2008 Berkeley Patent Survey.

    Viewpoints: Privacy and Security
    Why Isn’t Cyberspace More Secure? by Joel F. Brenner
    Brenner discusses the perpetual trend of federal cyberspace reviews that yield little progress, and what federal actions could be taken to improve Internet security.

    Contributed Articles
    Regulating the Information Gatekeepers by Patrick Vogel and Michael Barrett
    The authors examine whether or not search-engine ranking should be regulated, at least in part to counter inappropriate search engine optimization and other targeted manipulation of search engine rankings.

    Review Articles
    Using Complexity to Protect Elections by Piotr Faliszewski, Edith Hemaspaandra, and Lane A. Hemaspaandra
    The authors outline an approach to protecting elections where the election is made computationally prohibitive to prohibitive.

    USACM Responds to Department of Commerce Online Privacy Report

    Last month the Internet Policy Task Force (a Commerce Department group drawing on expertise from the Patent and Trademark Office, the International Trade Administration, the National Institute of Standards and Technology, and the National Telecommunications and Information Administration) released a report on commercial data privacy. This complemented the release in the same month of a Federal Trade Commission report about online privacy.

    Responding to the report, and to some of the specific questions the Task Force wants answers for, USACM submitted comments. A major theme of our comments is that Fair Information Practice Principles (FIPPs) are good (and should be broadly implemented), but they are insufficient in themselves for ensuring data privacy in an age of rapidly shifting practices and technological capabilities. We strongly encourage the use of three additional items to help strengthen online privacy protection.

    A dataflow-based lexicon – The lexicon would help define flows of personal information and provide meaningful references terms. This will assist in managing the variety of different purposes for which information could be used online and be adaptable to reflect changing technologies.

    Enhanced privacy risk models – FIPPs do not adequate address norms and harms, which means that practices that are otherwise compliant with FIPPs could be contrary to what a ‘reasonable’ person would expect or cause harms. An enhanced privacy risk model would address context and harms, as well as be able to adapt for changes in technology and how those changes affect currently held assumptions about privacy.

    Privacy Impact Assessments (PIA) – A practice followed by some government agencies, such impact assessments can help spread the use of enhanced privacy risk models.

    Privacy and security doesn’t have to be an either/or proposition. By following practices like those suggested in USACM’s comment, both privacy and security can be attained.

    Read our press release as well as our full comments online.

    Save the Date – Computers, Freedom and Privacy Conference 2011

    The Computers, Freedom and Privacy Conference (CFP) will take place this year June 14 through the 16th in Washington D.C. ACM is one of the conference sponsors.

    This year’s theme is “The Future is Now.” The CFP, the 21st, will take place at the Georgetown University Law Center. The conference, as the name suggests, tackles issues involving the intersections of computing, privacy, and related freedoms. More information should be available soon at the conference website –http://www.cfp.org/2011/wiki/index.php/Main_Page

    ADDED – February 7 – the conference organizers have released their call for submissions. The early bird deadline is March 15, and the final deadline is April 1.