ACM Washington Update, Volume 11.1, February 7, 2007
 Newsletter Highlights
 110th Congress: Congress Boosts Research Funding; ACM Joins Computing Community in Urging Action on Funding
 110th Congress: Science Committee Gets a New Look; Technology Policy a Priority
 USACM Advises Feds to Adopt Comprehensive ID Theft Prevention Measures
 Q&A with USACM Chair Spafford on E-voting
 Electronic Voting Continues to Attract Attention
 Data Mining Attracts Congressional Attention
 About USACM
[An archive of all previous editions of Washington Update is available at http://www.acm.org/usacm/update/]
 NEWSLETTER HIGHLIGHTS
Below are highlights of the top stories from January. A new Congress convened this month with a new agenda, leadership and opportunities in the technology policy arena, while at the same time dealing with a funding mess left over from the last Congress. There is more detail on each item below, as well as on our weblog at http://www.acm.org/usacm/weblog:
* Congress begins to resolve the fiscal year 2007 funding mess by boosting research funding in key agencies; ACM joins with the computing community urging Congress to follow through on proposed funding targets for research.
* The new Chairman of the House Science Committee organizes the committee and puts an emphasis on technology and innovation policies.
* Responding to a request for public comment, USACM advised the Federal Identity Theft Task Force on various proposals to remedy or reduce incidents of identity theft.
* Computerworld interviews USACM Chair Eugene Spafford regarding electronic voting.
* 2007, while not an election year, will see continued activity over electronic voting, both at the federal level and in at least one local jurisdiction.
* The 110th Congress will pay attention to data mining, as there has been one hearing and one piece of legislation introduced so far.
 110TH CONGRESS: CONGRESS BOOSTS RESEARCH FUNDING; ACM JOINS COMPUTING COMMUNITY IN URGING ACTION ON FUNDING
Last year, Congress left town without passing most of the annual appropriations bills required to fund most federal agencies. Instead it passed a stopgap measure, called a “continuing resolution” (CR) to keep federal agencies funded at 2006 levels. This meant that proposed increases for the National Science Foundation (NSF), the Department of Energy Office or Science, and the National Institute of Standards and Technology (NIST), were shelved until the final budget was determined for 2007.
In late January, the new leadership of the House of Representatives reached an agreement on funding for the rest of 2007. The final agreement boosts funding for the National Science Foundation by 6 percent, or about $335 million; for the DOE Office of Science by about $200 million, in addition to making $127 million in earmarks available for competitive research; and the core labs at NIST by $50 million. The legislation now moves to the Senate for consideration. We are expecting Senate action in early February.
Shortly before Congressional action, ACM joined with other leaders in the computing community expressing concern over the state of the 2007 budget for information technology research and development and calling on Congress to complete proposed funding increases for several key science agencies. The community’s letter urged Congress to follow through on the proposed increases.
“Preserving the proposed increases for NSF, NIST and DOE Office of Science in a limited adjustment to the FY 2007 Continuing Resolution would be a simple and necessary step to ensure U.S. competitiveness. While the payoffs of past research have been dramatic, the field of information technology remains in relative infancy. Tremendous opportunities remain — far more can happen in the next ten years than has happened in the last thirty, and it is crucial that America lead the way.”
The full text of the letter can be found at:
 110TH CONGRESS: SCIENCE COMMITTEE GETS A NEW LOOK; TECHNOLOGY POLICY A PRIORITY
While we’ve known about some of the changes in the House Science and Technology Committee (including the new name) for a while, Rep. Bart Gordon (D-TN), the new chair, finalized the changes in late January. Rep. Ralph Hall (R-TX) is the new Ranking Member.
The Science and Technology Committee will have five subcommittees during the 110th Congress — one more than the previous Congress. The new addition is the Subcommittee on Investigations and Oversight, which will be chaired by Rep. Miller (D-N.C.), and Rep. Sensenbrenner (R-WI, and former committee chairman). The other four subcommittees and Chairman and Ranking Members are as follows:
Subcommittee on Energy & Environment
Chairman Nick Lampson (D-TX)
Ranking Member Bob Inglis (R-SC)
Subcommittee on Technology & Innovation
Chairman David Wu (D-OR)
Ranking Member Phil Gingrey (R-GA)
Subcommittee on Research & Science Education
Chairman Brian Baird (D-WA)
Ranking Member Vern Ehlers (R-MI)
Subcommittee on Space & Aeronautics
Chairman Mark Udall (D-CO)
Ranking Member Ken Calvert (R-CA)
One of the interesting stories is the creation of a subcommittee dedicated to technology issues. For several Congresses, these issues were somewhat buried in another subcommittee that also dealt with environmental issues. Giving technology issues their own forum could elevate the profile of many issues of interest to USACM including voting, privacy, and digital rights issues. They are also going to have a focus on globalization and innovation issues that have dominated Washington over the past few years. Information technology and the IT industry have been key parts of this debate.
As for the Senate side, the Committee on Commerce, Science and Transportation recently met to formalize committee structure and subcommittee chair and ranking member assignments. They are as follows:
Aviation Operations, Safety, and Security
Chair John D. Rockefeller (D-WV)
Ranking Member Trent Lott (R-MS)
Science, Technology, and Innovation
Chair John F. Kerry (D-MA)
Ranking Member John Ensign (R-NV)
Interstate Commerce, Trade, and Tourism
Byron L. Dorgan (D-ND)
Ranking Member Jim DeMint (R-SC)
Space, Aeronautics, and Related Sciences
Chair Bill Nelson (D-FL)
Ranking Member Kay Bailey Hutchison (R-TX)
Oceans, Atmosphere, Fisheries, and Coast Guard
Chair Maria Cantwell (D-WA)
Ranking Member Olympia J. Snowe (R-Maine)
Surface Transportation and Merchant Marine Infrastructure, Safety, and Security
Chair Frank R. Lautenberg (D-NJ)
Ranking Member Gordon H. Smith (R-OR)
Consumer Affairs, Insurance, and Automotive Safety
Chair Mark Pryor (D-AR)
Ranking Member John E. Sununu (R-N.H.)
 USACM ADVISES FEDS TO ADOPT COMPREHENSIVE ID THEFT PREVENTION MEASURES
USACM submitted comments on the technical implications of several different proposals under consideration by the President’s Identity Theft Task Force. The Task Force is a joint effort of the Justice Department and the Federal Trade Commission. Formed by Executive Order in 2006 after a series of data breaches exposed the personal information of millions of Americans, the Task Force is considering a range of options to fight ID theft including the appropriate use of Social Security numbers, the effectiveness of a possible nationwide policy on data security and data breach notification, and the idea of identity files for victims of identity theft. The full request for comment is available online (PDF).
Referencing the Privacy Recommendations released by USACM in June of 2006, USACM’s comments noted “where identity theft is concerned, two major issues go hand in hand: computer security and privacy.” It encouraged the Task Force to follow those recommendations as it proceeded with its work, to have people approach personal data “as a steward rather than as a custodian.” The response went on to address three specific concepts mentioned in the request: data security and data breach notification procedures; the use of Social Security numbers; and national identity files.
The full text of the USACM response is available online at:
 Q&A WITH USACM CHAIR EUGENE SPAFFORD ON E-VOTING
Computerworld did a Q&A session with Eugene Spafford, USACM’s Chair and Director of Purdue’s Center for Education and Research in Information Assurance and Security (CERIAS) on the security of e-voting issues. The focus of the interview is on the recent federal action to create new “software independence” standards by the Technical Guidelines Development Committee, which is charged with drafting the federal technical standards for voting machines. We have covered these actions in detail on our blog and in previous newsletters.
Here is an excerpt from the interview:
“IDGNS: Do you think the debate on e-voting has turned a corner with the TGDC vote?
Spafford: Not yet. The reason is that the issue is still not well understood by a number of local officials. Some of us in the community perhaps have not done the best job in describing the issue. We’re worried about the security aspects, but we’re also worried about reliability. For instance, what has happened in the Florida race is probably not a security breach. It’s probably poor design or machine failure.
But we have no way of knowing what the voter intent was because there was no independent audit trail. One of the ways we can capture attention is talk about security failures. The people at local elections level, when we have raised these arguments, have taken a sort of personal umbrage. First, we’re calling into question their judgment for buying the machines in the first place, and second, we’re implying that their procedures are faulty or the people involved are dishonest. That isn’t going to enlist their support in moving to better systems. We need to convey to them that it’s in the interest of the population to have greater confidence in elections.”
The full text of the interview can be found at:
 ELECTRONIC VOTING CONTINUES TO ATTRACT ATTENTION
Electronic voting will continue to be of interest in 2007, an off year for most voting jurisdictions. In part, this is due to two main events that will unfold over the course of 2007.
First, the Election Assistance Commission (EAC) is working on two sets of voting standards. The 2005 standards have been adopted, and new voting systems will be tested to these standards starting in January. In July, the Technical Guidelines Development Committee will submit their recommendations for the 2007 Voluntary Voting Systems Standards. They are also responsible for the testing process that assures voting systems are up to the standards. This makes the recent disclosure that a testing lab (reported by the New York Times) has been temporarily barred from approving new voting machines a bit troubling. The company, Ciber Inc., is also having trouble with New York over plans for testing new voting machines for that state. The major problems were noted last summer by the Election Assistance Commission, and not disclosed at that time. As transparency is a real concern and issue for many in the effort for electronic voting reform, this lack of disclosure is perhaps as troublesome as the issues with the lab. Ciber was found to not be following its quality-control procedures and could not document that it was conducting all required tests. While the company claimed that the problems were not due to “incomplete, inaccurate, or flawed testing,” the lack of evidence parallels a major complaint about voting machines that lack an independent means of verifying votes.
Second, the election for the House seat in Florida’s 13th Congressional District is still under scrutiny. As we noted in previous newsletters, and on our blog, the contest is subject to challenge due to concerns over a high percentage of overvotes in Sarasota County, one of five counties (or parts of counties) that make up the district. Voting machine malfunction is only one theory behind this outcome, others theories include general distaste with the campaign, and ballot design issues. There have been audits, and the Committee on House Administration will review the election once the State of Florida has completed its case (this will not happen soon). Jennings, the Democratic candidate, appealed a judge’s order denying access to the source code of the voting machines at issue. The primary rationale in the judges’ order was that the evidence presented by Jennings was little more than conjecture and speculation, which did not warrant access to trade secrets – the source code. For more information on the District 13 election, consult the State of Florida’s elections website:
The state’s audit is continuing. Florida State University is coordinating a team of computer science researchers to review the software involved. Timelines are dependent on receipt of the code, but the Statement of Work is available online, along with the state’s report on the parallel testing conducted after the election. As for action in the House, as of late January the Democratic members of the Committee on House Administration have not been named, nor has the Committee formally organized. They will take action, but it will not be quickly. However, the Senate Rules Committee has scheduled a hearing for February 7 on electronic voting issues. This election will likely come up, but expect the Senate to defer to the House regarding an investigation of a House election.
 DATA MINING ATTRACTS CONGRESSIONAL ATTENTION
Two recent actions demonstrated the level of Congressional interest in privacy under the new Democratic Congress.
The Senate Judiciary Committee held a hearing in January on government data mining programs. The new chairman, Senator Patrick Leahy (D-VT), indicated that there would be a series of privacy related hearings throughout this Congress. He indicated the extent of the government’s data mining activity, noting at least 52 agencies use data-mining technologies and at least 199 data mining programs are planned or currently operating within the government.
Most of the witnesses were generally skeptical of the current state privacy protections and transparency of data mining programs. Acknowledging that these programs have their benefits, many witnesses noted their limitations, particularly when applied to terrorist cases. The opportunity to correct erroneous data, for example, is limited or non-existent (as members of Congress getting stopped at airports can attest). The witnesses were careful to distinguish between predictive, behavioral analysis kinds of data mining program compared to more traditional law enforcement measures (looking for names from patterns in the data versus putting an individual name through the data because it’s come up in an investigation). Protections and transparency in the second kind of data mining has stronger precedent in other kinds of searches.
Related to the hearing, Senators Feingold (D-WI) and Sununnu (R-NH) introduced the Federal Agency Data Mining Reporting Act, S. 236. The act would require federal agencies to report the development and use of data-analysis technologies that seek to discover predictive or anomalous patterns indicating criminal or terrorist activity. Such reports would be required 180 days after the passage of the legislation, and must be updated at least annually. This legislation has been introduced in previous Congressional sessions. Presumably it may be treated more favorably in a Democratic Congress.
 ABOUT USACM
USACM is the U.S. Public Policy Committee of the Association for Computing Machinery (ACM). ACM is an educational and scientific society uniting the world’s computing educators, researchers and professionals to inspire dialogue, share resources and address the field’s challenges. ACM strengthens the profession’s collective voice through strong leadership, promotion of the highest standards, and recognition of technical excellence. ACM supports the professional growth of its members by providing opportunities for life-long learning, career development, and professional networking.
For more information about USACM and ACM, see:
For earlier editions of the ACM Washington Update, see
To subscribe to ACM’s Washington Update newsletter, send an e-mail to firstname.lastname@example.org with “subscribe WASHINGTON-UPDATE “First Name” “Last Name” (no quotes) in the body of the message.
To unsubscribe, simply include the “SIGNOFF WASHINGTON-UPDATE” command in an email to email@example.com.