Category Archives: Privacy and Security

NIST Continues To Take Feedback On The Cybersecurity Framework

While cybersecurity legislation remains in a Congressional holding pattern, provisions of the 2013 Executive Order on cybersecurity for critical infrastructure have been implemented.  One of them is the Cybersecurity Framework, developed and administered by the National Institute for Standards and Technology (NIST).  The first version of the Framework was released in February of this year, [...]

Posted in Privacy and Security | Comments closed

USACM Comments On Intersection Of Big Data And Consumer Privacy

Yesterday USACM responded to a Request for Comment from the National Telecommunications and Information Administration (NTIA).  In response to a recommendation in the Administration’s Big Data report released in May, the NTIA solicited public comment on how the Consumer Privacy Bill of Rights could support big data. In its comments, USACM notes that while big [...]

Posted in Privacy and Security | Comments closed

ACM Europe Council and U.S. Public Policy Council Address Computing Issues in EU-US Free Trade Agreement

The ACM Europe Council and the ACM U.S. Public Policy Council presented a consensus position on policy issues relevant to the computing field to negotiators of a new EU-U.S. free trade agreement. ACM Europe Council Chair Fabrizio Gagliardi delivered the remarks for consideration at the sixth round of negotiations for the proposed Transatlantic Trade and [...]

Also posted in ACM/USACM News, Events, Innovation, Intellectual Property | Comments closed

Supreme Court Recognizes Technology Matters

Guest blog post written by Mark Rasch, U.S. Public Policy Council member The Supreme Court has always had to consider the impact of new technologies on both individuals’ expectations of privacy and ultimately on their rights to be free from “unreasonable” searches and seizures under the Fourth Amendment. When the telephone was invented, the court [...]

Posted in Privacy and Security | Comments closed

U.S. Supreme Court Tells Police to “Get a Warrant” for Cellphone Searches

The U.S. Supreme Court recently unanimously ruled that law enforcement need to obtain a warrant to search a cellphone seized incident to an arrest. The decision addressed two separate warrantless cellphone search cases before the Court – one involving a smartphone and one involving a flip-lid phone. In the new balancing of law enforcement needs [...]

Posted in Privacy and Security | Comments closed

FCC Chairman Offers Thoughts On Cybersecurity

In remarks at the American Enterprise Institute on June 12, Federal Communications Commission Chairman Tom Wheeler outlined how he sees the Commission addressing cybersecurity.  While perhaps not the first government entity that comes to mind when thinking about cybersecurity, the FCC is concerned with the operations of networks, and would certainly be interested in keeping [...]

Posted in Privacy and Security | Comments closed

DARPA Launches Cyber Grand Challenge

Today marks the start of the Cyber Grand Challenge, organized by the Defense Advanced Research Projects Agency (DARPA).  The New York Times has a lengthy article on the challenge, which involves over 35 teams deploying automated cybersecurity solutions.  There’s also an extensive commercial website devoted to the event.  The teams will receive a suite of [...]

Posted in Privacy and Security | Comments closed

Two Administration Big Data Reports Hint At Policy Challenges Ahead

In early May the White House and the President’s Council of Advisers on Science and Technology (PCAST) each issued reports on ‘big data’ as part of the Administration’s 90-day big data review.   John Holdren, co-chair of PCAST and the President’s science adviser, was involved with both reports.  USACM submitted comments to the Office of [...]

Posted in Privacy and Security | Comments closed

USACM Contributes To Big Data Review

As part of the Administration’s review of big data, privacy and the economy, the Office of Science and Technology Policy (OSTP) issued a Request for Information (RFI) in March.  The RFI sought comments on the public policy implications of big data, alone with some insights on the potential benefits of big data and the technology [...]

Also posted in Digital Government | Comments closed

USACM Describes The Systems Engineering Analysis It Recommends For Surveillance Programs

In comments to both the Privacy and Civil Liberties Oversight Board and the Review Group on Intelligence and Communications Technologies, USACM recommended the use of an independent systems engineering analysis to review the design and operation of complex processes and systems.  Our members spent some time further considering what should go into such an analysis, [...]

Posted in Privacy and Security | Comments closed

USACM Supports Creation of a New Public Interest Trade Advisory Committee

USACM today strongly supported the creation of a new Public Interest Trade Advisory Committee in its comments submitted to the Office of the United States Trade Representative (USTR). The Public Interest Trade Advisory Committee would serve as a new mechanism for stakeholder input on trade policy issues. USACM encourages the Advisory Committee, once established, to [...]

Also posted in ACM/USACM News, Intellectual Property, Web Accessibility | Comments closed

NIST Cloud and Mobility Forum and Workshop on March 25-27, 2014

The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) will host a free NIST Cloud and Mobility Forum and Workshop on March 25-27, at its campus in Gaithersburg, Maryland. The event will include panel discussions and presentations on future directions for the accessibility, usability, reliability, security, and privacy of mobile devices and [...]

Also posted in Events, Innovation, Web Accessibility | Comments closed

White House Seeking Input For Its Big Data Review

Following on the announcement in January that the White House would be reviewing Big Data and its influence on privacy and the economy, the Office of Science and Technology Policy (OSTP) has been seeking input from the public and other stakeholders.  The office has already co-sponsored two conferences on big data.  The first was at [...]

Posted in Privacy and Security | Comments closed

Administration Launches Big Data and Privacy Review

As part of the government response to public concerns over national security surveillance programs, the President announced in January that there would be a review of government activity related to the collection and use of ‘Big Data.’  The effort will involve several government bodies, and is led by White House Counselor John Podesta.  He will [...]

Posted in Privacy and Security | Comments closed

Reports On Surveillance Programs Vary In Engagement With Technology

In January both the Privacy and Civil Liberties Oversight Board (PCLOB) and the President’s Review Group on Intelligence and Communications Technologies (Review Group) issued their reports on intelligence surveillance programs.  USACM submitted comments to both PCLOB and the Review Group.  In its comments, USACM outlined technical issues and constraints that make effectively implementing these programs [...]

Posted in Privacy and Security | Comments closed

PCAST Releases Cybersecurity Report

Following its November meeting, the President’s Council of Advisers on Science and Technology (PCAST) released a letter report on cybersecurity.  The report follows a classified briefing PCAST gave to the President back in February. The report encourages that the federal government and the private sector avoid static procedures on cybersecurity and pursue “a set of [...]

Posted in Privacy and Security | Comments closed

Review Group on Intelligence and Communications Technologies Hears from USACM

In light of the leaks surrounding U.S. national intelligence surveillance efforts, President Obama appointed a group to review those programs to determine if they are in the best possible balance with other national interests.  This Review Group requested comments from the public on its charge: “[W]hether, in light of advancements in communications technologies, the United [...]

Also posted in ACM/USACM News | Comments closed

Cybersecurity Framework Now At Discussion Draft Stage

While cybersecurity legislation slowly inches forward in Congress, the National Institute of Standards and Technology (NIST) is moving faster in implementing its responsibilities under the recent Executive Order on cybersecurity. Last month we noted that NIST circulated a draft outline of the Cybersecurity Framework (H/T Nextgov). Now there’s a discussion draft of the actual Framework. [...]

Posted in Privacy and Security | Comments closed

Federal CIO Council Announces Re-Organization

The Federal CIO Council is the primary cross-agency group for information technology management in the government. On Friday the Council announced a major reorganization. Now led by the federal Chief Information Officer, the Council coordinates federal IT management policies, and works with the National Institute of Standards and Technology and the Office of Management and [...]

Also posted in Accessibility, Digital Government | Comments closed

The Executive Branch Works On Implementing the Cybersecurity Executive Order

Since the President issued an Executive Order on cybersecurity information sharing back in February, several groups have worked on implementing parts of that order. The Senate Commerce Committee has also gotten in on the act, recently approving a bill that would put some parts of the executive order into law. While a draft of the [...]

Posted in Privacy and Security | Comments closed

USACM Outlines Limitations Of Computing For Privacy and Civil Liberties Oversight Board

The Privacy and Civil Liberties Oversight Board (PCLOB) is an independent federal agency established based on recommendations of the 9/11 Commission. It’s responsible for reviewing executive branch actions in relation to counterterrorism activities to ensure that privacy and civil liberties concerns are part of the conversation in developing and reviewing such policies. In light of [...]

Posted in Privacy and Security | Comments closed

USACM Encourages Flexibility In Proposed Cybersecurity Framework

As part of the President’s Executive Order on Cybersecurity, the National Institute of Standards and Technology (NIST) is required to develop a Cybersecurity Framework (Framework). This Framework, per Section 7 of the Executive Order, would “include a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks.” [...]

Posted in Privacy and Security | Comments closed

Cyber Week Recap

Plenty of techies, carrying an array of digital devices and looking for power outlets, swarmed Capitol Hill last week for the so-called “cyber week” in the U.S. House of Representatives. To give you some idea of the number of tech lobbyists on scene, Wednesday’s huddle began with the announcement that one major tech company alone [...]

Also posted in Education and Workforce, Intellectual Property | Comments closed

House Intelligence Committee Tries Again With CISPA

On April 10 the House Intelligence Committee will review H.R. 624, the Cyber Intelligence Sharing and Protection Act. The Committee approved an almost identical bill last year, and USACM released a statement expressing serious concerns with the bill. While press reports indicate that several amendments will be up for consideration during tomorrow’s hearing, the text [...]

Posted in Privacy and Security | Comments closed

Do Not Track Legislation Reintroduced in Senate

On Thursday Senator Rockefeller of West Virginia introduced legislation to establish an option for people to opt out of tracking their online activity. It is S.418 and can be reviewed online. The Senator introduced a similar bill in 2011. He did not vigorously pursue the measure, in part because of efforts by several parties to [...]

Posted in Privacy and Security | Comments closed

USACM Chair Comments on Cybersecurity Executive Order

On Tuesday, as part of the State of the Union address, President Obama issued an executive order on cybersecurity. The order focuses on the cybersecurity of critical infrastructure – defined in the order as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems [...]

Posted in Privacy and Security | Comments closed

Federal Trade Commission Updates Online Privacy Rules For Pre-Teens

On Wednesday the Federal Trade Commission (FTC) announced the final updated rules for implementing the Children’s Online Privacy Protection Act (COPPA). Passed in 1998, COPPA rules had not been updated to reflect changes in technology, most notably the rise of mobile internet access and mobile applications. The final rules will take effect on July 1, [...]

Posted in Privacy and Security | Comments closed

USACM Offers Comments on Federal Cybersecurity R&D Strategy

The National Science Foundation (NSF) sought comments on the Federal Cybersecurity Research and Development Plan. The plan was released in late 2011, and NSF was interested in getting feedback from the research community on the effectiveness of the plan. Yesterday USACM submitted comments in response to this request, outlining our interests in cybersecurity research and [...]

Also posted in Innovation | Comments closed

USACM Comments on House Cybersecurity Information Sharing Bill

In late April the House considered and passed several pieces of cybersecurity legislation. At the time USACM released a statement with general recommendations for cybersecurity bills. Of the bills that passed the House, H.R. 3523, the Cyber Intelligence Sharing and Protection Act (CISPA), has attracted the most concern. The bill is currently in the Senate [...]

Posted in Privacy and Security | Comments closed

The House Will Engage With Cybersecurity Legislation This Week

While Congress has tried to pass major cybersecurity legislation for the last few years, this week marks what could be a major step forward in finally getting a bill to the President’s desk. The House leadership has scheduled four cybersecurity bills for votes on Thursday and Friday of this week. The bills up for consideration [...]

Also posted in ACM/USACM News | Comments closed

USACM Offers Recommendations On Data Privacy Codes of Conduct

Part of the Obama Administration’s proposed online privacy initiative involves consumer data privacy codes of conduct. These codes would be developed through a multi-stakeholder process, and the National Telecommunications and Information Administration (NTIA) is responsible for convening those processes. To that end, NTIA released a request for comment in early March (the deadline was extended [...]

Also posted in ACM/USACM News | Comments closed

Federal Trade Commission Pushes Forward With Online Privacy Initiative

Yesterday the Federal Trade Commission (FTC) released the final version of its report on consumer privacy online. It issued a draft report in December 2010 and received over 450 comments in response, including those filed by USACM. The final report retains the same general framework outlined in the December 2010 draft, and is broadly consistent [...]

Posted in Privacy and Security | Comments closed

USACM Comments on the Menlo Report

On Monday USACM submitted comments to the Department of Homeland Security (DHS) on the Menlo Report, which was issued in September 2011. The goal of the report was to extend ethical guidelines for research involving human subjects to computer and information security research. It based its framework on the Belmont Report for 1979, which developed [...]

Also posted in ACM/USACM News, Innovation | Comments closed

Guest Post on Cybersecurity Legislation from Chris Bronk

What follows is a guest post from Chris Bronk, Information Technology Policy Fellow at Rice University’s Baker Institute for Public Policy. He’s a new member of USACM, but the post reflects only his thoughts on the Cybersecurity Act of 2012, and not necessarily those of USACM. Digesting the New Senate Cybersecurity Legislation by Chris Bronk [...]

Posted in Privacy and Security | Comments closed

USACM Statement on SOPA and PROTECT IP

This week, as opposing views on the Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 (S. 968, the PROTECT IP Act, or PIPA) and the Stop Online Piracy Act (SOPA – H.R. 3261), come increasingly increasingly into focus—Wikipedia and other opposing organizations stage a blackout, the Motion Picture [...]

Also posted in ACM/USACM News, Intellectual Property | Comments closed

Computing Researchers Weigh in on Changes to Human Subjects Research Regulations

The Department of Heath and Human Services is planning to revise what it calls the Common Rule – the regulations overseeing federally funded research involving human subjects. These regulations were last updated in the early 1990s, so the proposed changes try to catch up with the advances in research and in computing since that time. [...]

Also posted in ACM/USACM News, Innovation | Comments closed

Growing Trust – Cybersecurity and the Internet and Information Innovation Sector

In August USACM submitted comments on the draft green paper “Cybersecurity, Innovation and the Internet Economy” issued by the Internet Policy Task Force of the Department of Commerce. This work by the Task Force is an important recognition of how cybersecurity and privacy can support each other as they help ensure that the online environment [...]

Also posted in ACM/USACM News | Comments closed

USACM Notes Concerns with Proposed SSA Online Authentication Process

Like many federal agencies, the Social Security Administration (SSA) is trying to provide more services in a time of limited resources. As part of its efforts to better serve the public, the SSA is working on an online authentication system to help ensure that the people it is interacting with online are indeed the people [...]

Posted in Privacy and Security | Comments closed

USACM Summer Recap: Comments on NSTIC Governance

Often things slow down in the summer, but that’s not been the case for USACM this year. We’ve been busy commenting on various government proposals related to computing and will post about that work over the next few days. The National Strategy for Trusted Identities in Cyberspace (NSTIC) is a government-wide effort to work with [...]

Also posted in ACM/USACM News | Comments closed

Has the Cybersecurity Logjam Broke?

Congress has been making noise about passing comprehensive cybersecurity legislation for most of the last two years, prompted in part by the Obama Administration’s cyberspace policy review in 2009. Nearly two years later, the Administration has released a legislative proposal in cybersecurity that may help push legislation further along. Depending on how you count, there [...]

Posted in Privacy and Security | Comments closed

Sony-Prompted Hearing Features Testimony from USACM Chair

Prompted by the massive data breaches of Sony’s networks, the Subcommittee on Commerce, Manufacturing and Trade of the House Energy and Commerce Committee held a hearing May 3 on data theft and its effects on consumers. One of the witnesses was USACM Chair Eugene Spafford. The committee has a webpage on the hearing, which includes [...]

Also posted in ACM/USACM News | Comments closed

USACM Chair to Testify on Data Breaches

Prompted by the recent data breaches of the PlayStation Network and the email marketing company Epsilon, the Commerce, Manufacturing and Trade Subcommittee of the House Energy and Commerce Committee will hold a hearing this Wednesday, May 4, on data breaches. They have invited USACM Chair Eugene Spafford to testify. His testimony will focus on the [...]

Also posted in ACM/USACM News, Events | Comments closed

Administration Issues National Strategy for Trusted Identities in Cyberspace

Last Friday the Obama Administration released its National Strategy for Trusted Identities in Cyberspace (NSTIC), a plan to leverage private sector tools to make it easier for some kinds of transactions to happen online. This would include both consumer and government transactions, and attempt to establish a system where identity can be confirmed online in [...]

Posted in Privacy and Security | Comments closed

USACM Vice-Chair Testifies on Challenges of Electronic Employment Verification

On April 14, Dr. Annie Ant?n, Vice Chair of USACM and Professor in the Computer Science Department of North Carolina State University, testified in front of the Social Security Subcommittee of the House Ways and Means Committee. She was one of the witnesses at a hearing on the Social Security Administration’s role in verifying employment [...]

Also posted in ACM/USACM News, Events | Comments closed

USACM Comments on Federal Trade Commission Online Privacy Report

On February 18th, USACM submitted comments in response to the Federal Trade Commission’s (FTC) preliminary staff report concerning online privacy. Titled “Protecting Consumer Privacy in an Era of Rapid Change,” the report outlines a proposed privacy framework involving the following general principles: Companies should integrate privacy into their regular business operations (a Privacy by Design [...]

Also posted in ACM/USACM News | Comments closed

USACM Joins Statement of Concern Over Expansion of Intercept Law

Today the Center for Democracy and Technology released a statement it developed to respond to possible changes to the Communications Assistance for Law Enforcement Act (CALEA). USACM is one of the organizations that signed on to the statement. The statement was developed due to press reports that there are efforts within the executive branch to [...]

Also posted in ACM/USACM News | Comments closed

USACM Responds to Department of Commerce Online Privacy Report

Last month the Internet Policy Task Force (a Commerce Department group drawing on expertise from the Patent and Trademark Office, the International Trade Administration, the National Institute of Standards and Technology, and the National Telecommunications and Information Administration) released a report on commercial data privacy. This complemented the release in the same month of a [...]

Also posted in ACM/USACM News | Comments closed

Commerce Department and Federal Trade Commission Seek Guidance on Online Privacy

In the first half of December the Federal Trade Commission (FTC) and the Commerce Department’s Internet Policy Task Force (IPTF) each issued reports focused on privacy online. In both cases the reports are meant as the next step in a process of consultation and feedback between these agencies, the public, and relevant stakeholders. As the [...]

Posted in Privacy and Security | Comments closed

White House Issues Federal IT Reform Plan

Last Thursday the national Chief Information Officer (CIO), Vivek Kundra, issued an implementation plan for reforming federal information technology. It’s a very detailed effort, and some parts of the plan will require Congressional authorization. The full plan is available online. As Mr. Kundra explains in a blog post, the plan comes as part of an [...]

Also posted in Digital Government | Comments closed

National Academies Releases Report on Cyberattack Deterrence

Coming from a call for papers and workshop held earlier this year, the Computer Science and Telecommunications Board of the National Academies has released Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy. The report focuses on the papers presented at a June workshop, and range from general technical [...]

Posted in Privacy and Security | Comments closed

USACM Comments on National Strategy for Trusted Identities in Cyberspace

In late June the White House issued a second Draft of the National Strategy for Trusted Identities in Cyberspace. They opened a public comment process only on an Ideascale online space for three weeks. As a result, USACM was only able to generate a short list of comments on the draft strategy, which it submitted [...]

Also posted in ACM/USACM News | Comments closed

Senator Lieberman and Colleagues Introduce Another Cybersecurity Bill

Cybersecurity legislation is sort of popular in this Congress. Several bills have been introduced, but there are enough cybersecurity bills working through the process that it’s unclear whether or not anything will be passed by the time this Congress ends in the fall. The latest cybersecurity legislation was introduced yesterday by Senators Lieberman, Collins and [...]

Posted in Privacy and Security | Comments closed

USACM Comments on Internet Privacy Bill Discussion Draft

Representatives Rick Boucher (D-Virginia) and Cliff Stearns (R-Florida), who are the chair and ranking member of the House Subcommittee on Communications, Technology and Internet, introduced a discussion draft of an internet privacy bill in early May. This was done to solicit comments from the public and interested stakeholders prior to officially introducing the bill. You [...]

Also posted in ACM/USACM News | Comments closed

Draft Internet Privacy Bill Released

Representative Rick Boucher, Chairman of the Subcommittee on Communications, Technology and the Internet released a discussion draft of an internet privacy bill. The bill, which was released with the Ranking Member of the subcommittee, Representative Cliff Stearns, addresses consumer information collected online by companies. A copy of the discussion draft is available via Rep. Boucher’s [...]

Posted in Privacy and Security | Comments closed

USACM and CRA Express Concerns Over Cybersecurity Legislation

Lost within all the health care legislation coverage was the release of a new draft of S.773, the Cybersecurity Act of 2010. The new draft was released a week before the Senate Commerce, Science and Transportation Committee is scheduled to hold a markup of this legislation. The bill had made some waves last summer when [...]

Also posted in ACM/USACM News | Comments closed

National Research Council Announces Prizes in Cyberdeterence Research

The Computer Science and Telecommunications Board (CSTB) of the National Research Council (NRC) has announced prizes for research in cyberdeterrence. The CSTB announced prizes for papers submitted that address at least one of the Questions of Interest described in their call for papers. The deadline for papers is July 9. However, the CSTB committee running [...]

Posted in Privacy and Security | Comments closed

House Passes Legislation on Consumer Data Security

On December 9 the House passed two bills that could affect how consumers use peer-to-peer software and how their personal information is used. We wrote about these bills when they passed the House Energy and Commerce Committee back in September. This marks the first time the Data Accountability and Trust Act, H.R. 2221, has managed [...]

Posted in Privacy and Security | Comments closed

PASS ID Moves Forward in Congress

PASS ID, S. 1261, is a bill introduced in June as an attempt to break through the impasse over REAL ID. That law, passed as part of a budget bill in 2005, was intended to tighten the security of drivers’ licenses and state-issued identification cards to combat terrorism. The USACM Issue Brief on REAL ID [...]

Posted in Privacy and Security | Comments closed

Senate Judiciary Committee Approves Data Security Bills

In a markup session yesterday, the Senate Judiciary Committee approved two bills on the protection of consumer data. S 1490, the Personal Data Privacy and Security Act of 2009, takes a number of steps to increase the penalties for identity theft and to require data brokers take additional measures to protect the information they handle. [...]

Posted in Privacy and Security | Comments closed

Data Breach and P2P Bills Pass House Committee

The House Energy and Commerce Committee marked up two bills this morning addressing concerns over the use of consumers’ personal information and the potential exposure of that data through the use of peer-to-peer (P2P) programs. The Data Accountability and Trust Act (H.R. 2221) has gone through this committee in previous years, with almost the exact [...]

Posted in Privacy and Security | Comments closed

Committee Considers Changes to Cybersecurity Research and Development

This morning the Research and Science Education Subcommittee of the House Science and Technology Committee met to mark up legislation that would amend the Cyber Security Research and Development Act. Much of the bill will simply extend authorized budget amounts for various research programs related to cybersecurity, but the bill will make some changes to [...]

Posted in Privacy and Security | Comments closed

Health Information Technology Inches Forward

While health care legislation is stalled, movement continues on increasing the use of both health information technology and electronic health records. The National Coordinator for Health IT is coordinating this effort. Created as part of the American Recovery and Reinvestment Act, two Health IT committees, one on Policy and one on Standards, have been meeting [...]

Posted in Privacy and Security | Comments closed

USACM Comments on Government Website Policy on Web Tracking Technologies

In response to a request for comment from the Office of Science and Technology Policy, today USACM submitted comments on how federal government websites should use web tracking technologies. These technologies include, but are not limited to, cookies, little bits of code that can be deposited on your computer to help the web site your [...]

Also posted in ACM/USACM News, Digital Government | Comments closed

Over 800 Reports of Health Data Breaches in California this Year

According to Wired.com’s Threat Level, the new California law requiring “organizations in California to report suspected incidents of intentional and unintentional unauthorized breaches of a patient’s personally identifiable health information to the California Department of Public Health” has prompted over 800 reports since the law went into effect January 1st of this year. Of the [...]

Posted in Privacy and Security | Comments closed

House Science and Technology Committee Starts Hearings on Cybersecurity

On June 10 the Research and Science Education subcommittee of the House Science and Technology Committee held a hearing on cybersecurity. This is the first of three planned hearings prompted by the Obama Administration’s recent cybersecurity review. On June 16 the Research and Science Education subcommittee will hold a hearing with the Technology and Innovation [...]

Posted in Privacy and Security | Comments closed

President Obama Releases Cybersecurity Review

UPDATE 6/4 – USACM issued this press release outlining its comments on the cybersecurity review. USACM Chair Eugene Spafford noted that while “the President hit many of the right notes in his remarks” the report missed “any emphasis on funding, tools or support for better law enforcement” as well as any discussion of research. ORIGINAL [...]

Posted in Privacy and Security | Comments closed

Federal Advisory Board Recommends Updates to Nation’s Privacy Policies

The Information Security and Privacy Advisory Board (ISPAB) recently released a report to the Director of the Office of Management and Budget (OMB) on the need to update the nation’s privacy policies. Since the Privacy Act of 1974, there has been little or no government-wide guidance on privacy. Individual agencies have been responsible for the [...]

Posted in Privacy and Security | Comments closed

White House Cybersecurity Review Complete; Public Announcement Expected Soon

The Obama Administration recently finished a 60-day review of federal cybersecurity efforts. Melissa Hathaway, Acting White House Cyberspace Director, indicated in public remarks (scroll down for video) at the RSA computer security conference that the report is currently with the President for his review, and should be made public soon. As might be expected during [...]

Posted in Privacy and Security | Comments closed

Federal Trade Commission Issues Proposed Breach Notification Rule

On April 16 the Federal Trade Commission issued a proposed rule requiring entities to notify consumers in the event that the security of their electronic health information is breached. The FTC is seeking public comment between now and June 1st. You can read more about the comment process by reading the Federal Register Notice or [...]

Posted in Privacy and Security | Comments closed

Broad-based Cybersecurity Bill Introduced

Senator Rockefeller (D-West Virginia) introduced last week a bill that would increase the role of the federal government in cybersecurity. S. 773 (text not yet available on THOMAS), in its present form, would mark a significant change in the government’s role in cybersecurity. Provisions of the bill include having the National Institute of Standards and [...]

Posted in Privacy and Security | Comments closed

Homeland Security Secretary Puts REAL ID on Back Burner

The new Secretary of Homeland Security, Janet Napolitano, indicated on Friday that there were many flaws and problems with the REAL ID law, which is intended to provide for more secure forms of identification. USACM submitted comments back in 2007 outlining our concerns with the program, which would not be as secure or reliable as [...]

Posted in Privacy and Security | Comments closed

Internet Privacy Bill Possible in this Congress

The Bits blog at The New York Times recently ran an interview with Representative Rick Boucher (D-VA) the new Chair of the Subcommittee on Communications, Technology and the Internet of the House Energy and Commerce Committee. While telecommunications issues will be a big concern for Rep. Boucher, it appears that Internet privacy, a concern of [...]

Posted in Privacy and Security | Comments closed

E-Verify Contractor Rule Delayed; Program Could Appear in Stimulus Package

Update – February 17 Reports indicate that there is no E-Verify participation requirement in the stimulus bill that should be signed later today. Orginial Post: February 4 The E-Verify program, a proposed national electronic employment verification system, continues to stagger toward full implementation. As we noted last fall, some federal contractors and subcontractors were supposed [...]

Posted in Privacy and Security | Comments closed

House Homeland Security Committee Looks to 2009

The majority staff of the House Homeland Security Committee hosted a workshop December 3 on “Constitutional Protections in Homeland Security.” A copy of the agenda is currently available on the Committee’s schedule page. The speakers covered a wide variety of homeland security related topics, including communications during natural disasters, data mining, information sharing, transportation, border [...]

Posted in Privacy and Security | Comments closed

USACM Chair Spafford Addresses Information Security Curricula

USACM Chair Eugene Spafford recently made predictions about information security curriculua in American higher education for CSO Magazine. You can read his comments online. According to Spafford, information security is like most areas of information technology where there is often more demand than students available. In the areas of cyber forensics and information, the curriculum [...]

Also posted in ACM/USACM News, Education and Workforce | Comments closed

Final E-Verify Rule Announced for Contractors

Under a final rule published November 14, certain federal contractors and subcontractors will be required to use e-Verify, an electronic employment verification system, starting early next year. The regulation applies to certain contractors and subcontractors of the Defense Department, the National Aeronautics and Space Administration and the General Services Administration. It will take effect January [...]

Posted in Privacy and Security | Comments closed

Social Security Numbers Widely Available

According to the Government Accountability Office (GAO), many bulk and online public records contain Social Security Numbers (SSNs), exposing many people to an increased risk of identity theft. Responding to a request from Senator Charles Schumer, the GAO prepared a report addressing the following concerns: (1) to what extent, for what reasons, and to whom [...]

Posted in Privacy and Security | Comments closed

Federal Trade Commission Chairman Speaks on Internet Privacy

William Kovacic, Chairman of the Federal Trade Commission, appeared on C-SPAN’s The Communicators recently to discuss the Internet and privacy policy. The audio podcast is available online as well as a video clip – which appears to be Mac-unfriendly. It’s a wide-ranging discussion on many internet issues with one of the two agency heads (the [...]

Posted in Privacy and Security | Comments closed

A Framework For Thinking About Surveillance

Calling on the Executive and Legislative branches of the U.S. Government to “systematically” review every counterterrorism program that deals with personal data and establish new privacy protections, the National Academies recently released a new report examining counterterrorism efforts and privacy rights. In usual academies fashion, the report is a tome. The august body convened a [...]

Posted in Privacy and Security | Comments closed

Please Participate in Privacy Survey

An important part of crafting useful privacy policies is being informed by the best research available. To that end, organizations like The Privacy Place have focused on researching privacy questions and providing that information to the public. It’s a research center, and its work is sponsored in part by North Carolina State University and the [...]

Posted in Privacy and Security | Comments closed

Pre-Election Legislating: A Mixed Bag

While most attention is focused on the economic bailout proposals debated in Congress, other legislative activity is worth noting. Congress is supposed to break later this week for a campaign-related recess. It is unclear whether a post-election legislative session will be called. It was not following the 2006 elections, which resulted in a shift in [...]

Posted in Privacy and Security | Comments closed

Bill Boosting Cybercrime Prosecution Passes House

A bill awaits Presidential signature that would strengthen prosecution and penalties for identity theft and other cybercrimes. Tucked into another bill (HR 5938) that extends Secret Service protection for former vice presidents, it should become law soon. This bill will institute federal civil and criminal penalties for various cybercrimes, including cyberextortion and conspiracy to commit [...]

Posted in Privacy and Security | Comments closed

Online Activity Tracked Without Explicit Consent

The Washington Post reports today about the House Energy and Commerce Committee’s ongoing inquiry into the online tracking activity of various internet companies. The Post reports that some internet companies have been using targeted-advertising technology without the explicit consent of consumers. More than a third of the 33 companies that received letters have indicated they [...]

Posted in Privacy and Security | Comments closed

House Approves Extension of E-Verify

Part of the ongoing debates over electronic employment verification systems is that the current basic pilot, or E-Verify program, is set to expire later this year. While there is still some disagreement over how the program might be expanded, I am aware of no one in Congress advocating for the program to be discontinued. The [...]

Posted in Privacy and Security | Comments closed

The Complications of Deep Packet Inspection

Update July 27 The Washington Post ran an article on Friday describing a case of an internet service provider conducting deep packet inspection on customers in Kansas. Notice was affected through a change in the company’s privacy policy on its website. Subscribers were offered the opportunity to opt out of the test, but some lawmakers [...]

Posted in Privacy and Security | Comments closed

USACM Issue Briefs Available

We wanted to point out two Issue Briefs available from USACM. The Issue Briefs are intended as short distillations of established USACM policy on various issues. More detailed explanations of USACM positions on these issues can be found in the relevant issue area of our website. The two new Issue Briefs are on Electronic Employment [...]

Posted in Privacy and Security | Comments closed

USACM Chair Testifies on Electronic Employment Eligibility

We mentioned this last week, but are just getting to posting about the hearing on the blog. On May 6, Eugene H. Spafford, chair of USACM, testified before the Social Security Subcommittee of the House Ways and Means Committee on electronic employment verification systems (EEVS). USACM has testified before on this issue, with Dr. Peter [...]

Also posted in ACM/USACM News | Comments closed

USACM Chair Will Testify on Electronic Employment Verification Systems

USACM Chair Dr. Eugene Spafford will testify tomorrow before the Social Security Subcommittee of the House Ways and Means Committee. His testimony is part of a hearing on Electronic Employment Verification Systems (EEVS). The hearing is scheduled to begin at 10 a.m. on May 6, in B-318 of the Rayburn House Office Building. This will [...]

Also posted in ACM/USACM News | Comments closed

Rod Beckstrom tapped to run the new National Cyber Security Center

It appears that the Administration will take its first public step toward implementing the classified Cyber Initiative President Bush issued this January. According to the Washington Post, Rod Beckström, a Silicon Valley entrepreneur, has been chosen to run the new National Cyber Security Center. Beckström is most recognized for his involvement as co-founder and chairman [...]

Posted in Privacy and Security | Comments closed

’08 Tech Policy Outlook: Electronic Employment Verification Systems

Part of the immigration battles last summer was a proposal to expand what was then called the Basic Pilot program into a nationwide system of confirming a person’s employment eligibility online. For such an Electronic Employment Verification System (EEVS) to work effectively on a nationwide basis, it would have to confirm employment documents of approximately [...]

Posted in Privacy and Security | Comments closed