April Proves to be a Busy Month for ACM Policy Activities
 ACM Provides Testimony to EAC on Voter Databases
 USACM Questions Real ID Act’s Security Standards
 High-Performance Computing Legislation Passes House
 EAC Technical Committee Adopts Voting System Standards; EAC Commissioner Resigns
 Cyber Czar Legislation Takes First Step in Congress
 Legislation on the Move
 Events to Watch In May
 About USACM
[An archive of all previous editions of Washington Update is available here.]
 APRIL PROVES TO BE A BUSY MONTH FOR ACM POLICY ACTIVITIES
ACM’s public policy committee covered a lot of ground this month, commenting on issues from voting to high-end computing. Below is a short summary of the specific activities. More information on each of these items is contained in the longer pieces below, as well as being detailed on our weblog at http://www.acm.org/usacm/weblog/.
* Members of the ACM study currently looking into HAVA’s requirement for statewide voter registration databases submitted testimony outlining the group’s work for an Election Assistance Commission (EAC) hearing that was organized to seek input on its Proposed Voluntary Guidance on Implementation of Statewide Voter Registration Lists.
* USACM wrote to Senator Lamar Alexander (R-TN) and other members of Congress to express privacy concerns with the Real ID Act, which contains language that would compel states to create and link driver’s license databases, establishing what many consider a de facto national ID system.
* USACM and the Computing Research Association (CRA) issued a press release praising the U.S. House of Representatives for passing the High-Performance Computing Revitalization Act (H.R. 28).
* USACM sent a letter to state policymakers in Hawaii regarding e-voting legislation currently under consideration in the state.
 ACM PROVIDES TESTIMONY TO EAC ON VOTER DATABASES
As reported last month, ACM recently created a committee to look into design issues for statewide voter registration databases. The Help America Vote Act (HAVA), passed in 2002, mandates that by 2006 all states must have centralized databases of registered voters. The mandate raises many technical and policy issues that states and the U.S. Election Assistance Commission (EAC) are grappling with. The EAC, which oversees HAVA, recently issued proposed guidance that touches on a couple of major issues, but it does not provide much technical guidance. Accordingly, last week EAC held a public hearing, and the event provided a good opportunity for ACM to outline its efforts.
ACM’s Committee on Guidelines for Implementation of Voter Registration Databases is in its initial stages, but it will likely focus on three major issues: (1) reliability, (2) accuracy and integrity, and (3) privacy. The study will have mostly technical recommendations, but it will also focus on policy in areas where policy decisions create technical implementation issues. The Committee is planning to finish its work by Fall 2005, but it will comment in more detail on EAC’s proposed guidance by the end of May. We will, of course, post those comments to our web site when the Committee submits them to the EAC. For more information, including links to the committee’s testimony and to the EAC’s draft guidance, see http://www.acm.org/usacm/weblog/index.php?p=257.
 USACM QUESTIONS REAL ID ACT’S SECURITY STANDARDS
Citing the increased risk of identity theft the proposed Real ID Act would create, USACM sent a letter earlier this month to Senator Lamar Alexander (R-TN) and other members of Congress expressing its concerns about the legislation. Senator Alexander recently penned an op-ed in the Washington Post (see http://www.washingtonpost.com/wp-dyn/articles/A11307-2005Mar29.html), stating that while he wasn’t necessarily opposed to national IDs, the Real ID Act wasn’t the right approach. USACM’s letter points out the legislation’s significant and troubling flaws by making two main points:
* The legislation provides financial incentives for all 50 states to share their driver’s license databases; however, it has no security policies for such sharing. Considering that the overall security of the system will be determined by its weakest link, the risk of identity theft increases substantially.
* The minimum standards for identification create a de facto national identification system, but this may fall short of accomplishing its stated goal of reducing terrorist’s access to valid identification. Specifically, the letter points out that someone can bribe a clerk in any of the 50 states to get a valid license and security personnel may be less likely to assess its validity because it would meet the new standards.
As of this writing, the Real ID Act is one of several bones of contention in an ongoing conference between House and Senate legislators who are working to reconcile two versions of the must-pass emergency supplemental appropriations bill that includes funding for military operations in Iraq and Afghanistan and tsunami relief. For more detailed information or to view the full USACM letter, see http://www.acm.org/usacm/weblog/index.php?p=240. A final agreement could come this week — please check our website regularly for updates.
 HIGH-PERFORMANCE COMPUTING LEGISLATION PASSES HOUSE
Last week the House of Representatives passed the High-Performance Computing Revitalization Act (H.R. 28). USACM and the Computing Research Association (CRA) praised the House’s action, with USACM Chair Gene Spafford commenting that “IT R&D — and especially investment in basic research and infrastructure — is an investment that pays enormous dividends … It fuels innovation that will help the U.S. retain world leadership in business, develop new jobs and industries, enhance public safety and national defense, and provide means to support research to live longer, healthier lives.”
The High-Performance Computing Program (also known as the Networking and Information Technology Research and Development Program or NITRD) sets up a collaborative multi-agency research, development, and deployment program focused on high-performance computing systems, software, and applications (among other things). The underlying law also established the President’s Information Technology Advisory Committee (PITAC), on which USACM has sitting members.
The legislation has three primary areas. The first rewrites the overarching goals of the program. The second makes minor changes to reporting requirements and PITAC. The third updates many participating agencies’ duties to reflect each agency’s mission. USACM sent a letter in February to House Science Committee Chairman Sherwood Boehlert (R-NY) commenting on the legislation.
The legislation now moves to the Senate for consideration. For more information or to view the CRA/USACM press release, visit http://www.cra.org/govaffairs/blog/archives/000326.html.
 EAC TECHNICAL COMMITTEE ADOPTS VOTING SYSTEM STANDARDS; EAC COMMISSIONER RESIGNS
In other e-voting news, the EAC’s Technical Development Guidelines Committee (TGDC) met to discuss their recommendations for voluntary voting system guidelines. They planned to consider two sets of guidelines — Voluntary Voting System Guidelines (VVSG) Version One (which contains guidance intended to be used for the 2006 elections) and VVSG Version Two (which contains more long-term guidance) — but could only review, and approve Version One at the meeting.
The meeting was also not without some tension. For example, at one point there was a discussion about whether committee members should consider the ramifications of their recommendations on vendors or whether they should make recommendations based on principle, without taking into account what a given recommendation might mean for vendors considering that some may have significantly more trouble complying with a given recommendation than others.
The EAC and its various boards must now debate and reject, accept, or change the “Version One” proposal. Links to more information about the meeting and to the guidelines are available at http://www.acm.org/usacm/weblog/index.php?p=254.
Meanwhile, EAC member and former Chairman DeForest B. Soaries, Jr., announced his resignation from the EAC, citing, among other things, dissatisfaction with the level of support the EAC has received from the federal government. For more information, see the recent New York Times article at http://www.nytimes.com/2005/04/23/politics/23elect.html.
Also in April, USACM sent a letter to state policymakers in Hawaii to call their attention to the e-voting statement that ACM adopted last year and to raise a number of critical technical issues. The letter seeks to offer USACM’s technical and policy input as electronic voting legislation works its way through the Hawaii legislature (something that is currently going on in many state legislatures across the country). The letter is available at http://www.acm.org/usacm/weblog/index.php?p=245.
 CYBER CZAR LEGISLATION TAKES FIRST STEP IN CONGRESS
The House Homeland Security Committee recently approved the Department of Homeland Security’s first overhaul legislation since its creation in 2002. Among the many items in the bill are provisions intended to improve cybersecurity programs within the federal government. First, it elevates the profile of cybersecurity within the Department, creating a new Assistant Secretary for Cybersecurity. Second, it creates a grant program focused on professional development in the field. The program would be run by the National Science Foundation but funded by the Department of Homeland Security.
The real concern isn’t what is in the bill, but what isn’t — namely, real teeth for ensuring that federal government computers are secure and any real incentives for improving cybersecurity in the private sector. In fact, the bill goes out of its way to make sure that the current voluntary process for securing federal systems, overseen by the Office of Management and Budget, isn’t impacted by this new structure.
The bill has been referred to several other committees, and its prospects are unclear. See http://thomas.loc.gov/cgi-bin/query/z?c109:H.R.285: for current information and the full text of the bill, and check our website regularly for updates.
 LEGISLATION ON THE MOVE
* 2005 Emergency Supplemental Spending Bill. As of this writing, House and Senate conferees have been meeting to hammer out their differences on approximately $81 billion worth of supplemental funding for items such as — among other things — the war and reconstruction effort in Iraq tsunami aid for South Asia. The Real ID Act is attached to this legislation.
* Family Entertainment and Copyright Act (S. 167). Signed by the President last week, this law, sponsored originally by Senator Orrin Hatch (R-UT), makes it a crime to use a video recorder in a movie theater or to distribute copyrighted work before its release. It also legalizes movie-filtering technology that blocks sexually graphic and violent content and contains guidance for handling so-called “orphan” works.
 EVENTS TO WATCH IN MAY
May 1-5: U.S. Senate in recess.
May 4: The Peripheral Visionaries’ IP-Based Communications Policy Summit, Washington, D.C. — complete information available at http://www.pulver.com/policy/index.html.
May 8-11: IEEE Symposium on Security and Privacy, Oakland, Calif. For more information, see http://www.ieee-security.org/TC/SP-Index.html.
May 10: Senate Commerce, Science and Transportation Committee hearing, “Privacy Laws and Data Brokerage Services.” Full committee hearing, 2:30pm, 253 Russell Senate Office Building. For more information, see http://commerce.senate.gov/hearings/witnesslist.cfm?id=1491.
May 12: House Science Committee hearing on the state of IT R&D funding. Details are sketchy on this hearing at the moment, but check our website and CRA’s weblog http://www.cra.org/govaffairs/blog/ for updates.
 ABOUT USACM
USACM is the U.S. Public Policy Committee of the Association for Computing Machinery (ACM). ACM is widely recognized as the premier organization for computing professionals, delivering resources that advance the computing and IT disciplines, enable professional development, and promote policies and research that benefit society. ACM hosts the computing industry’s leading Digital Library and Guide to Computing Literature, and serves its 80,000 global members and the computing profession with journals and magazines, conferences, workshops, electronic forums, and its Career Resource Centre and Professional Development Centre. For more information about USACM and ACM,
For earlier editions of the ACM Washington Update, see:
To subscribe to ACM’s Washington Update newsletter, send an e-mail to email@example.com with “subscribe WASHINGTON-UPDATE ‘First Name’ ‘Last Name’” (no quotes) in the body of the message. To unsubcribe, simply include the “SIGNOFF WASHINGTON-UPDATE” command in an email to firstname.lastname@example.org.
Should you have questions, comments, or suggestions regarding this newsletter, public policy issues, or USACM activities, please contact the ACM’s Washington, D.C., Office of Public Policy by email at email@example.com or by calling 202-659-9711.