Category Archives: Privacy and Security

USACM Comments on Federal Trade Commission Online Privacy Report

On February 18th, USACM submitted comments in response to the Federal Trade Commission’s (FTC) preliminary staff report concerning online privacy. Titled “Protecting Consumer Privacy in an Era of Rapid Change,” the report outlines a proposed privacy framework involving the following general principles: Companies should integrate privacy into their regular business operations (a Privacy by Design [...]

Also posted in ACM/USACM News | Comments closed

USACM Joins Statement of Concern Over Expansion of Intercept Law

Today the Center for Democracy and Technology released a statement it developed to respond to possible changes to the Communications Assistance for Law Enforcement Act (CALEA). USACM is one of the organizations that signed on to the statement. The statement was developed due to press reports that there are efforts within the executive branch to [...]

Also posted in ACM/USACM News | Comments closed

USACM Responds to Department of Commerce Online Privacy Report

Last month the Internet Policy Task Force (a Commerce Department group drawing on expertise from the Patent and Trademark Office, the International Trade Administration, the National Institute of Standards and Technology, and the National Telecommunications and Information Administration) released a report on commercial data privacy. This complemented the release in the same month of a [...]

Also posted in ACM/USACM News | Comments closed

Commerce Department and Federal Trade Commission Seek Guidance on Online Privacy

In the first half of December the Federal Trade Commission (FTC) and the Commerce Department’s Internet Policy Task Force (IPTF) each issued reports focused on privacy online. In both cases the reports are meant as the next step in a process of consultation and feedback between these agencies, the public, and relevant stakeholders. As the [...]

Posted in Privacy and Security | Comments closed

White House Issues Federal IT Reform Plan

Last Thursday the national Chief Information Officer (CIO), Vivek Kundra, issued an implementation plan for reforming federal information technology. It’s a very detailed effort, and some parts of the plan will require Congressional authorization. The full plan is available online. As Mr. Kundra explains in a blog post, the plan comes as part of an [...]

Also posted in Digital Government | Comments closed

National Academies Releases Report on Cyberattack Deterrence

Coming from a call for papers and workshop held earlier this year, the Computer Science and Telecommunications Board of the National Academies has released Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy. The report focuses on the papers presented at a June workshop, and range from general technical [...]

Posted in Privacy and Security | Comments closed

USACM Comments on National Strategy for Trusted Identities in Cyberspace

In late June the White House issued a second Draft of the National Strategy for Trusted Identities in Cyberspace. They opened a public comment process only on an Ideascale online space for three weeks. As a result, USACM was only able to generate a short list of comments on the draft strategy, which it submitted [...]

Also posted in ACM/USACM News | Comments closed

Senator Lieberman and Colleagues Introduce Another Cybersecurity Bill

Cybersecurity legislation is sort of popular in this Congress. Several bills have been introduced, but there are enough cybersecurity bills working through the process that it’s unclear whether or not anything will be passed by the time this Congress ends in the fall. The latest cybersecurity legislation was introduced yesterday by Senators Lieberman, Collins and [...]

Posted in Privacy and Security | Comments closed

USACM Comments on Internet Privacy Bill Discussion Draft

Representatives Rick Boucher (D-Virginia) and Cliff Stearns (R-Florida), who are the chair and ranking member of the House Subcommittee on Communications, Technology and Internet, introduced a discussion draft of an internet privacy bill in early May. This was done to solicit comments from the public and interested stakeholders prior to officially introducing the bill. You [...]

Also posted in ACM/USACM News | Comments closed

Draft Internet Privacy Bill Released

Representative Rick Boucher, Chairman of the Subcommittee on Communications, Technology and the Internet released a discussion draft of an internet privacy bill. The bill, which was released with the Ranking Member of the subcommittee, Representative Cliff Stearns, addresses consumer information collected online by companies. A copy of the discussion draft is available via Rep. Boucher’s [...]

Posted in Privacy and Security | Comments closed

USACM and CRA Express Concerns Over Cybersecurity Legislation

Lost within all the health care legislation coverage was the release of a new draft of S.773, the Cybersecurity Act of 2010. The new draft was released a week before the Senate Commerce, Science and Transportation Committee is scheduled to hold a markup of this legislation. The bill had made some waves last summer when [...]

Also posted in ACM/USACM News | Comments closed

National Research Council Announces Prizes in Cyberdeterence Research

The Computer Science and Telecommunications Board (CSTB) of the National Research Council (NRC) has announced prizes for research in cyberdeterrence. The CSTB announced prizes for papers submitted that address at least one of the Questions of Interest described in their call for papers. The deadline for papers is July 9. However, the CSTB committee running [...]

Posted in Privacy and Security | Comments closed

House Passes Legislation on Consumer Data Security

On December 9 the House passed two bills that could affect how consumers use peer-to-peer software and how their personal information is used. We wrote about these bills when they passed the House Energy and Commerce Committee back in September. This marks the first time the Data Accountability and Trust Act, H.R. 2221, has managed [...]

Posted in Privacy and Security | Comments closed

PASS ID Moves Forward in Congress

PASS ID, S. 1261, is a bill introduced in June as an attempt to break through the impasse over REAL ID. That law, passed as part of a budget bill in 2005, was intended to tighten the security of drivers’ licenses and state-issued identification cards to combat terrorism. The USACM Issue Brief on REAL ID [...]

Posted in Privacy and Security | Comments closed

Senate Judiciary Committee Approves Data Security Bills

In a markup session yesterday, the Senate Judiciary Committee approved two bills on the protection of consumer data. S 1490, the Personal Data Privacy and Security Act of 2009, takes a number of steps to increase the penalties for identity theft and to require data brokers take additional measures to protect the information they handle. [...]

Posted in Privacy and Security | Comments closed

Data Breach and P2P Bills Pass House Committee

The House Energy and Commerce Committee marked up two bills this morning addressing concerns over the use of consumers’ personal information and the potential exposure of that data through the use of peer-to-peer (P2P) programs. The Data Accountability and Trust Act (H.R. 2221) has gone through this committee in previous years, with almost the exact [...]

Posted in Privacy and Security | Comments closed

Committee Considers Changes to Cybersecurity Research and Development

This morning the Research and Science Education Subcommittee of the House Science and Technology Committee met to mark up legislation that would amend the Cyber Security Research and Development Act. Much of the bill will simply extend authorized budget amounts for various research programs related to cybersecurity, but the bill will make some changes to [...]

Posted in Privacy and Security | Comments closed

Health Information Technology Inches Forward

While health care legislation is stalled, movement continues on increasing the use of both health information technology and electronic health records. The National Coordinator for Health IT is coordinating this effort. Created as part of the American Recovery and Reinvestment Act, two Health IT committees, one on Policy and one on Standards, have been meeting [...]

Posted in Privacy and Security | Comments closed

USACM Comments on Government Website Policy on Web Tracking Technologies

In response to a request for comment from the Office of Science and Technology Policy, today USACM submitted comments on how federal government websites should use web tracking technologies. These technologies include, but are not limited to, cookies, little bits of code that can be deposited on your computer to help the web site your [...]

Also posted in ACM/USACM News, Digital Government | Comments closed

Over 800 Reports of Health Data Breaches in California this Year

According to Wired.com’s Threat Level, the new California law requiring “organizations in California to report suspected incidents of intentional and unintentional unauthorized breaches of a patient’s personally identifiable health information to the California Department of Public Health” has prompted over 800 reports since the law went into effect January 1st of this year. Of the [...]

Posted in Privacy and Security | Comments closed

House Science and Technology Committee Starts Hearings on Cybersecurity

On June 10 the Research and Science Education subcommittee of the House Science and Technology Committee held a hearing on cybersecurity. This is the first of three planned hearings prompted by the Obama Administration’s recent cybersecurity review. On June 16 the Research and Science Education subcommittee will hold a hearing with the Technology and Innovation [...]

Posted in Privacy and Security | Comments closed

President Obama Releases Cybersecurity Review

UPDATE 6/4 – USACM issued this press release outlining its comments on the cybersecurity review. USACM Chair Eugene Spafford noted that while “the President hit many of the right notes in his remarks” the report missed “any emphasis on funding, tools or support for better law enforcement” as well as any discussion of research. ORIGINAL [...]

Posted in Privacy and Security | Comments closed

Federal Advisory Board Recommends Updates to Nation’s Privacy Policies

The Information Security and Privacy Advisory Board (ISPAB) recently released a report to the Director of the Office of Management and Budget (OMB) on the need to update the nation’s privacy policies. Since the Privacy Act of 1974, there has been little or no government-wide guidance on privacy. Individual agencies have been responsible for the [...]

Posted in Privacy and Security | Comments closed

White House Cybersecurity Review Complete; Public Announcement Expected Soon

The Obama Administration recently finished a 60-day review of federal cybersecurity efforts. Melissa Hathaway, Acting White House Cyberspace Director, indicated in public remarks (scroll down for video) at the RSA computer security conference that the report is currently with the President for his review, and should be made public soon. As might be expected during [...]

Posted in Privacy and Security | Comments closed

Federal Trade Commission Issues Proposed Breach Notification Rule

On April 16 the Federal Trade Commission issued a proposed rule requiring entities to notify consumers in the event that the security of their electronic health information is breached. The FTC is seeking public comment between now and June 1st. You can read more about the comment process by reading the Federal Register Notice or [...]

Posted in Privacy and Security | Comments closed

Broad-based Cybersecurity Bill Introduced

Senator Rockefeller (D-West Virginia) introduced last week a bill that would increase the role of the federal government in cybersecurity. S. 773 (text not yet available on THOMAS), in its present form, would mark a significant change in the government’s role in cybersecurity. Provisions of the bill include having the National Institute of Standards and [...]

Posted in Privacy and Security | Comments closed

Homeland Security Secretary Puts REAL ID on Back Burner

The new Secretary of Homeland Security, Janet Napolitano, indicated on Friday that there were many flaws and problems with the REAL ID law, which is intended to provide for more secure forms of identification. USACM submitted comments back in 2007 outlining our concerns with the program, which would not be as secure or reliable as [...]

Posted in Privacy and Security | Comments closed

Internet Privacy Bill Possible in this Congress

The Bits blog at The New York Times recently ran an interview with Representative Rick Boucher (D-VA) the new Chair of the Subcommittee on Communications, Technology and the Internet of the House Energy and Commerce Committee. While telecommunications issues will be a big concern for Rep. Boucher, it appears that Internet privacy, a concern of [...]

Posted in Privacy and Security | Comments closed

E-Verify Contractor Rule Delayed; Program Could Appear in Stimulus Package

Update – February 17 Reports indicate that there is no E-Verify participation requirement in the stimulus bill that should be signed later today. Orginial Post: February 4 The E-Verify program, a proposed national electronic employment verification system, continues to stagger toward full implementation. As we noted last fall, some federal contractors and subcontractors were supposed [...]

Posted in Privacy and Security | Comments closed

House Homeland Security Committee Looks to 2009

The majority staff of the House Homeland Security Committee hosted a workshop December 3 on “Constitutional Protections in Homeland Security.” A copy of the agenda is currently available on the Committee’s schedule page. The speakers covered a wide variety of homeland security related topics, including communications during natural disasters, data mining, information sharing, transportation, border [...]

Posted in Privacy and Security | Comments closed

USACM Chair Spafford Addresses Information Security Curricula

USACM Chair Eugene Spafford recently made predictions about information security curriculua in American higher education for CSO Magazine. You can read his comments online. According to Spafford, information security is like most areas of information technology where there is often more demand than students available. In the areas of cyber forensics and information, the curriculum [...]

Also posted in ACM/USACM News, Education and Workforce | Comments closed

Final E-Verify Rule Announced for Contractors

Under a final rule published November 14, certain federal contractors and subcontractors will be required to use e-Verify, an electronic employment verification system, starting early next year. The regulation applies to certain contractors and subcontractors of the Defense Department, the National Aeronautics and Space Administration and the General Services Administration. It will take effect January [...]

Posted in Privacy and Security | Comments closed

Social Security Numbers Widely Available

According to the Government Accountability Office (GAO), many bulk and online public records contain Social Security Numbers (SSNs), exposing many people to an increased risk of identity theft. Responding to a request from Senator Charles Schumer, the GAO prepared a report addressing the following concerns: (1) to what extent, for what reasons, and to whom [...]

Posted in Privacy and Security | Comments closed

Federal Trade Commission Chairman Speaks on Internet Privacy

William Kovacic, Chairman of the Federal Trade Commission, appeared on C-SPAN’s The Communicators recently to discuss the Internet and privacy policy. The audio podcast is available online as well as a video clip – which appears to be Mac-unfriendly. It’s a wide-ranging discussion on many internet issues with one of the two agency heads (the [...]

Posted in Privacy and Security | Comments closed

A Framework For Thinking About Surveillance

Calling on the Executive and Legislative branches of the U.S. Government to “systematically” review every counterterrorism program that deals with personal data and establish new privacy protections, the National Academies recently released a new report examining counterterrorism efforts and privacy rights. In usual academies fashion, the report is a tome. The august body convened a [...]

Posted in Privacy and Security | Comments closed

Please Participate in Privacy Survey

An important part of crafting useful privacy policies is being informed by the best research available. To that end, organizations like The Privacy Place have focused on researching privacy questions and providing that information to the public. It’s a research center, and its work is sponsored in part by North Carolina State University and the [...]

Posted in Privacy and Security | Comments closed

Pre-Election Legislating: A Mixed Bag

While most attention is focused on the economic bailout proposals debated in Congress, other legislative activity is worth noting. Congress is supposed to break later this week for a campaign-related recess. It is unclear whether a post-election legislative session will be called. It was not following the 2006 elections, which resulted in a shift in [...]

Posted in Privacy and Security | Comments closed

Bill Boosting Cybercrime Prosecution Passes House

A bill awaits Presidential signature that would strengthen prosecution and penalties for identity theft and other cybercrimes. Tucked into another bill (HR 5938) that extends Secret Service protection for former vice presidents, it should become law soon. This bill will institute federal civil and criminal penalties for various cybercrimes, including cyberextortion and conspiracy to commit [...]

Posted in Privacy and Security | Comments closed

Online Activity Tracked Without Explicit Consent

The Washington Post reports today about the House Energy and Commerce Committee’s ongoing inquiry into the online tracking activity of various internet companies. The Post reports that some internet companies have been using targeted-advertising technology without the explicit consent of consumers. More than a third of the 33 companies that received letters have indicated they [...]

Posted in Privacy and Security | Comments closed

House Approves Extension of E-Verify

Part of the ongoing debates over electronic employment verification systems is that the current basic pilot, or E-Verify program, is set to expire later this year. While there is still some disagreement over how the program might be expanded, I am aware of no one in Congress advocating for the program to be discontinued. The [...]

Posted in Privacy and Security | Comments closed

The Complications of Deep Packet Inspection

Update July 27 The Washington Post ran an article on Friday describing a case of an internet service provider conducting deep packet inspection on customers in Kansas. Notice was affected through a change in the company’s privacy policy on its website. Subscribers were offered the opportunity to opt out of the test, but some lawmakers [...]

Posted in Privacy and Security | Comments closed

USACM Issue Briefs Available

We wanted to point out two Issue Briefs available from USACM. The Issue Briefs are intended as short distillations of established USACM policy on various issues. More detailed explanations of USACM positions on these issues can be found in the relevant issue area of our website. The two new Issue Briefs are on Electronic Employment [...]

Posted in Privacy and Security | Comments closed

USACM Chair Testifies on Electronic Employment Eligibility

We mentioned this last week, but are just getting to posting about the hearing on the blog. On May 6, Eugene H. Spafford, chair of USACM, testified before the Social Security Subcommittee of the House Ways and Means Committee on electronic employment verification systems (EEVS). USACM has testified before on this issue, with Dr. Peter [...]

Also posted in ACM/USACM News | Comments closed

USACM Chair Will Testify on Electronic Employment Verification Systems

USACM Chair Dr. Eugene Spafford will testify tomorrow before the Social Security Subcommittee of the House Ways and Means Committee. His testimony is part of a hearing on Electronic Employment Verification Systems (EEVS). The hearing is scheduled to begin at 10 a.m. on May 6, in B-318 of the Rayburn House Office Building. This will [...]

Also posted in ACM/USACM News | Comments closed

Rod Beckstrom tapped to run the new National Cyber Security Center

It appears that the Administration will take its first public step toward implementing the classified Cyber Initiative President Bush issued this January. According to the Washington Post, Rod Beckström, a Silicon Valley entrepreneur, has been chosen to run the new National Cyber Security Center. Beckström is most recognized for his involvement as co-founder and chairman [...]

Posted in Privacy and Security | Comments closed

’08 Tech Policy Outlook: Electronic Employment Verification Systems

Part of the immigration battles last summer was a proposal to expand what was then called the Basic Pilot program into a nationwide system of confirming a person’s employment eligibility online. For such an Electronic Employment Verification System (EEVS) to work effectively on a nationwide basis, it would have to confirm employment documents of approximately [...]

Posted in Privacy and Security | Comments closed

’08 Tech Policy Outlook: Health Privacy and Health IT

A policy goal – like privacy protections – that has been tried repeatedly over the last few years has been legislation or other efforts to encourage the adoption of health information technology. Previous attempts have stalled somewhere in the halls of Congress, and the most recent health legislation – HIPAA – the Health Insurance Portability [...]

Posted in Privacy and Security | Comments closed

Increases Proposed for Basic Research Agencies; NIST Proposes New Cyber Security Program

For the past few years we’ve been following funding for three key physical science agencies — The National Science Foundation (NSF), The Department of Energy Office of Science (DoE), and the National Institute of Standards and Technology (NIST). Last week the President released his proposed budget for fiscal year 2009, which contains some healthy increases [...]

Also posted in Innovation | Comments closed

’08 Tech Policy Outlook: Identity Theft and Data Security

Our next post in this series on Technology Policy in 2008 focuses on two connected issues – Identity Theft and Data Security. Data breaches continue, as a recent theft of a hard drive at Georgetown University demonstrates. According to PrivacyRights.org, since January 2005 there have been over 218 million records exposed. To date a corresponding [...]

Posted in Privacy and Security | Comments closed

’08 Tech Policy Outlook: REAL ID

The release last Friday of the final rule for REAL ID did not mark the end of the road for this issue, but the end of the beginning. In this second of our series of posts taking a high-level look at various technology policy issues, we focus on REAL ID, and how it stands a [...]

Posted in Privacy and Security | Comments closed

REAL ID Final Rules – The Makeup Doesn’t Hide the Pig

Update January 17 – USACM issued a press release on the final rules, which is available online. As mentioned in the previous post, the Department of Homeland Security (DHS) released its final rules for the REAL ID program on Friday, January 11. Last May USACM submitted comments on the proposed rules released in March 2007, [...]

Posted in Privacy and Security | Comments closed

DHS Releases Final Rule on REAL ID

At a press conference earlier today, the Department of Homeland Security released the final rule on REAL ID. The press release summarizes the proposed changes – at least those addressing the deadlines for implementation. The Department released preliminary rules on REAL ID in March of 2007, and in May USACM submitted lengthy comments objecting to [...]

Posted in Privacy and Security | Comments closed

House Ways and Means Committee Introduces Social Security Number Bill

Yesterday the House Ways and Means Committee introduced a bill to reduce identity theft through restricting the use of the Social Security Number (SSN). After a series of 16 hearings on the issue, including one where USACM-EC Member Annie Antón testified, the Committee cited the easy availability of the SSN and its common use as [...]

Posted in Privacy and Security | Comments closed

Spyware Bill Would Define Zombies

Senator Pryor (D-AR) introduced S 1625, the Counter Spy Act, earlier this month. The bill joins other legislation, which has already passed the House, that will try and reduce the harm of spyware. Senator Pryor is no stranger to the issue – he spoke at our April briefing on botnets and was recently appointed co-chair [...]

Posted in Privacy and Security | Comments closed

USACM-EC Member Testifies on the Privacy and Security of Social Security Numbers

On Thursday, June 21, Dr. Annie Antón, Associate Professor of Software Engineering at North Carolina State University, testified in front of the Social Security Subcommittee of the House Ways and Means Committee on protecting the privacy and security of Social Security numbers. While the subcommittee did not have a specific bill to consider at this [...]

Also posted in ACM/USACM News | Comments closed

USACM-EC Member to Testify on Social Security Numbers

Update June 21 Dr. Antón’s testimony is now available online. Original Post – June 20 On Thursday, June 21, at 10:00 a.m., Annie Antón, USACM Executive Committee Member and Associate Professor of Software Engineering at North Carolina State University, will testify to Congress on behalf of USACM regarding the pervasive use of the Social Security [...]

Also posted in ACM/USACM News | Comments closed

USACM Member Encourages Safeguards for Employment Eligibility Verification System

On Thursday, June 7, Dr. Peter G. Neumann, Principal Scientist in the Computer Science Laboratory at SRI International, testified before the Social Security Subcommittee of the House Ways and Means Committee on the proposed Employment Eligibility Verification System, or EEVS. The EEVS is part of the immigration legislation recently debated in the Senate, and apparently [...]

Also posted in ACM/USACM News | Comments closed

USACM Member to Testify on Employment Eligibility Verification System

On Thursday, June 7, at 10:00 AM, Peter Neumann, USACM Member and Principal Scientist at SRI, will testify to Congress on behalf of USACM regarding proposals to expand and make mandatory the Employment Eligibility Verification System (EEVS). The EEVS is a query-based system that allows employers to verify the work-eligibility and identity documentation that employees [...]

Also posted in ACM/USACM News | Comments closed

Spyware Legislation Approved by Committees

In the last two weeks, two different spyware bills have been approved by two different House committees. On Thursday, the House Energy and Commerce Committee approved HR 964, the Securely Protect Yourself Against Cyber Trespass Act, or the SPY Act. This committee has approved similar bills in the previous two Congresses, only to see the [...]

Posted in Privacy and Security | Comments closed

USACM Urges Revisions to REAL ID Rules

Yesterday USACM filed detailed comments on the Department of Homeland Security’s draft rules for implementing the REAL ID Act. (For background, Congress passed the controversial REAL ID Act in 2005 over the objections of many privacy, security and technology experts. See our posts (1,2) about USACM’s comments on the law.)

Also posted in ACM/USACM News | Comments closed

Data Mining and Data Breach Legislation Advance in Congress

Last week the Senate Judiciary Committee sent S236, the Federal Agency Data Mining Reporting Act of 2007 to the Senate floor by a voice vote. The bill, which we posted about earlier this year, would require the federal government to report annually on the development and use of technologies that would mine data for patterns [...]

Posted in Privacy and Security | Comments closed

What to do about Botnets?

As mentioned on our blog last week (April 25) we cosponsored a Capitol Hill briefing with Microsoft about the growing threat of botnets. (See the post for more information on what botnets are.) Senators Pryor and Bennett made opening remarks about how the Internet is increasingly integrated into society and how computer security is an [...]

Also posted in ACM/USACM News | Comments closed

Briefing: Learning about the Threats from Botnets

Next Wednesday at 12:00 p.m., ACM and Microsoft are sponsoring a briefing to educate policymakers about the growing threat of botnets. For those not familiar with the issue, ‘bots are malicious software (viruses, worms, etc.) that take over an unsecured computer and place it under the control of a hacker or ‘bot herder’. These computers [...]

Also posted in ACM/USACM News | Comments closed

Data Mining Bill Voted out of Committee

The Senate Judiciary Committee sent S236, the Federal Agency Data Mining Reporting Act of 2007 to the Senate floor by a voice vote. The bill, which we posted about earlier this year, would require the federal government to report annually on the development and use of technologies that would mine data for patterns of criminal [...]

Posted in Privacy and Security | Comments closed

A Deeper Look At E-voting Reform

For the past few Congresses Representative Rush Holt (D-NJ) has taken the lead on legislation to reform electronic voting. Each year his efforts have garnered deep support from the Democratic party, but each year the legislation stalled with no Congressional action. With the Democrats now controlling Congress, Representative Holt reintroduced his legislation — the Voter [...]

Also posted in E-voting | Comments closed

Proposed REAL ID rules released

The Department of Homeland Security released a Notice of Proposed Rulemaking about the REAL ID Act on March 1. The proposed REAL ID rules are available in the Federal Register, and subject to a 60 day comment period. The release about the notice is here: http://www.dhs.gov/xprevprot/laws/gc_1172765386179.shtm The actual notice (162 pages) can be found here: [...]

Posted in Privacy and Security | Comments closed

USACM Submits Comments to Federal Identity Theft Task Force

In response to a request for public comment from the Federal Identity Theft Task Force, USACM submitted comments on Friday on the technical implications of several different proposals under consideration. The full text of the request for comment, which includes discussion of the use of Social Security numbers, the effectiveness of a possible nationwide policy [...]

Also posted in ACM/USACM News | Comments closed

NSA Wiretapping Program Will Be Supervised

The controversial National Security Agency (NSA) wiretapping program, which the Bush Administration has asserted did not need warrants to operate, has been changed. In an article published in today’s Washington Post (registration required), the Attorney General has stated this program will be subject to judicial review through the court that administers the Foreign Intelligence Surveillance [...]

Posted in Privacy and Security | Comments closed

Data Mining Attracts Congressional Attention

Two actions in recent days demonstrated the level of Congressional interest in privacy under the new Democratic Congress. The Senate Judiciary Committee held a hearing Wednesday on government data mining programs. You can access witness statements, member statements and the hearing webcast at that link. The new chairman, Senator Leahy of Vermont, indicated that there [...]

Posted in Privacy and Security | Comments closed

The Duck Quacks, New House and Senate Chairs Are Named

Congress’ very short lame-duck session came to an end early Saturday morning wrapping up a largely unproductive 109th Congress in the technology policy space. In the waning hours, Congress did pass a few tech-related measures, but left almost all of the funding and competitiveness bills on the table — including funding for the President’s American [...]

Also posted in E-voting, Innovation | Comments closed

TGDC Reverses Course, Finishes Meeting

Update – December 12 Materials from the meeting, including the webcast and text of the resolutions considered at the meeting, are now available on the NIST website. Original post – December 5 As I suggested in yesterday’s post the Technical Guidelines Development Committee (TGDC) did revisit the software independent proposal during today’s session. It was [...]

Also posted in E-voting | Comments closed

TGDC Decides Against Software Independent Systems

As Cameron posted to the blog yesterday, the Technical Guidelines Development Committee is meeting today and tomorrow at the NIST Gaithersburg facility to discuss its advice to the Election Assistance Commission for the 2007 Voluntary Voting System Guidelines. The meeting is being webcast and will be archived for later viewing. Presentation slides should also be [...]

Also posted in E-voting | Comments closed

USACM Urges Feds to Adopt Software Independent E-voting Systems

Update: The TDGC rejected NIST’s and the security subcommittee’s recommendations for software independent systems on a 6-6 tie vote. We’ve got a story about the meeting posted here. Update 2: The TDGC reversed course and adopted a compromise resolution that embraces the software indepence concept. David posted a story about it here. Last Thursday we [...]

Also posted in ACM/USACM News, E-voting | Comments closed

Copyright Office Grants Malware Research Exemption to DMCA

We are playing a bit of catch up after the Thanksgiving holiday, so this story is not new news but we wanted to get it on the blog anyway. Last week (the afternoon before Thanksgiving Day) the Library of Congress released its final recommendations for exemptions to the anti-circumvention provisions of the Digital Millennium Copyright [...]

Also posted in Intellectual Property | Comments closed

Meet the New Boss: Outlook for Technology Policy in the Next Congress

Update 11/16/06: One of the problems of doing a laundry-list type post like this is that you miss some issues, and some nuance when trying to summarize complex policy issues. Notably missing from this list are issues such as patent reform and reviving the Office of Technology Assessment (OTA). We don’t follow patent reform very [...]

Also posted in E-voting, Education and Workforce, Innovation, Intellectual Property | Comments closed

Next Big Electronic Voting Test 11 Days Away

Election Day in the United States – November 7 – is approaching fast. Issues with electronic voting, whether it’s the voting machines, the voter registration databases, or other problems with the process, continue to crop up in the press. This has led to some concern on the part of members of the Election Assistance Commission [...]

Also posted in E-voting | Comments closed

Data Breaches Still a Problem

Update – October 16 – The House Government Reform Committee has released a Staff Report on the data breach information they have received. Perhaps as troublesome as the number of events is the extent to which agencies may be unaware of what they’ve lost. Original Post – October 12 There have been a large number [...]

Posted in Privacy and Security | Comments closed

USACM Member To Advise Government on Privacy

Last week the Department of Homeland Security appointed Annie Anton (Professor of Software Engineering at North Carolina State University and USACM-EC member) to serve on the Data Privacy and Integrity Advisory Committee. She is the second USACM member to join the panel. Dr. Lance Hoffman (George Washington University) was appointed to serve last year. The [...]

Also posted in ACM/USACM News | Comments closed

New Health IT Legislation

On Wednesday, September 13, the Federal Workforce and Agency Organization subcomittee of the House Government Reform Committee approved a bill to spur the development of electronic health records for federal employees. The legislation, The Federal Family Health Information Technology Act (HR 4859), would establish the health records through the Federal Employees Health Benefits Program. This [...]

Posted in Privacy and Security | Comments closed

Government Actions Supporting Data Protection

Two items showing the ongoing struggle to maintain the security of personal information. Government Computer News reported in their July 24 issue that the Office of Management and Budget has tightened requirements for federal agencies to report data breaches. Responding to recently reported data breaches, the OMB guidance reinforces much of current federal law in [...]

Posted in Privacy and Security | Comments closed

Veterans’ Affairs Data Breach Legislation

The House Veterans Affairs Committee, responding to the May 2006 theft of a laptop containing information on over 26 million veterans and active duty personnel, has approved legislation improving and reorganizing cybersecurity activities in the Department of Veterans’ Affairs. This follows a series of hearings the committee has held over the last 2 months – [...]

Posted in Privacy and Security | Comments closed

USACM Chair, Eugene Spafford, Calls for More Accountability at the VA

Testifying before Congress about the recent databreach at the Veterans Affairs (VA) Department, Eugene Spafford (Spaf) argued that this breach was a policy problem rather than technology one. (His full testimony can be found here.) Noting that government, industry and academia all have systemic problems with how accountability is built into information security policies, two [...]

Also posted in ACM/USACM News | Comments closed

USACM Releases Privacy Policy Recommendations

With security breaches revealing millions of personal records, new surveillance programs being adopted by law enforcement, calls for data to be retained longer by Internet Service Providers, the role of privacy and technology is very much on the minds of policymakers. The most common refrain from advocates is for Congress to enact a comprehensive privacy [...]

Also posted in ACM/USACM News | Comments closed

VA Department Loses Personal Information On 26.5 Million Vets

Many privacy advocates dubbed 2005, “The Year of Data Breach.” Perhaps the term should be amended to “the years” or even “decade” with yet another announcement of a massive loss of data. This time a Department of Veterans Affairs (VA) employee took a laptop home, which was then stolen, that had personal information (including social [...]

Posted in Privacy and Security | Comments closed

NSA Building Massive Database Of Domestic Calls, Senate Judiciary To Hold Hearings

In the wake of today’s USA Today story shedding new light on the National Security Agency’s (NSA) Terrorist Surveillance Program, CQ.com (sub. required) is reporting that the Senate Judiciary Committee will call representatives of three major telephone companies to testify before the panel.

Posted in Privacy and Security | Comments closed

USACM Calls On Congress to Protect Patients Privacy Rights

Last week, USACM joined a diverse collection of consumer, privacy, technology, and other groups calling on Congress to ensure that patient privacy rights are part of any federal health information technology legislation. Policy issues associated with health information technology usage are clearly a growing area of interest for policy makers with initatives from both President [...]

Also posted in ACM/USACM News | Comments closed

Mixed Bag Data Security Legislation Inches Forward, USACM Comments on Proposal

Today Congress took another step forward in trying to deal with the numerous data breaches that continue to make news as the House Energy and Commerce Committee unanimously passed legislation (H.R. 4127) that would force companies to shore up their security practices. We’ve covered this issue in other posts (1,2), but for background the legislation [...]

Also posted in ACM/USACM News | Comments closed

USACM Releases Major Study on Voter Registration Databases

Update 2/17/06: Declan McCullagh wrote a nice story about the study for CNET News.com. Original Post 2/16/06: Citing the danger of voter fraud and disenfranchisement from poorly implemented databases, a committee of experts commissioned by USACM released a report today making almost 100 recommendations to state and local officials charged with creating and managing statewide voter [...]

Also posted in ACM/USACM News, E-voting | Comments closed

ChoicePoint gets largest ever FTC civil penalty

ChoicePoint, the data broker at the center of the data breach controversy that erupted last year (and continues to play out even now), has received a $10 million fine from the Federal Trade Commission and, in addition, has agreed to contribute another $5 million to a fund aimed at helping those who were harmed following [...]

Posted in Privacy and Security | Comments closed

USACM urges policymakers to adopt a broader view of data security

Following last year’s numerous high-profile data breaches (which we’ve been covering closely), there are now numerous pieces of data security and privacy legislation pending in Congress — coming under the jurisdiction of numerous committees and using a range of different approaches. Indeed, the field is so crowded that it’s difficult to tell which bills have [...]

Also posted in ACM/USACM News | Comments closed