ACM Washington Update, Vol. 10.7 (August 4, 2006)

CONTENTS

[1] Newsletter Highlights
[2] Electronic Voting Receives Attention on Numerous Fronts
[3] Administration and Congress Take Actions to Protect Privacy
[4] ACM President Interviewed for CNET
[5] Pieces of American Competitiveness Initiative Slowly Move Forward
[6] Scientists Find Congress’ Access to Scientific Advice Lacking
[7] About USACM


[1] NEWSLETTER HIGHLIGHTS

Below are highlights of the top stories for July. There is more detail on each below, as well as on our weblog at http://www.acm.org/usacm/weblog:

* Electronic voting issues continue to draw attention from numerous organizations and policymakers with several new developments, including a Congressional hearing and two new reports. USACM submitted testimony on the hearing which noted gaps in voting equipment testing and certification, and made recommendations for addressing these problems.

* CNET did a Q&A with New ACM President Stu Feldman on a variety of subjects including offshoring and IT education.

* Policymakers addressed data security and privacy issues with a flurry of new proposals including tightening of federal IT security standards, restricting social security information, and addressing cyber security problems at the Department of Veterans Affairs.

* A key Senate Committee passes one of the many bills trying to address U.S. competitiveness issues, which have dominated media reports over the past year and resulted in a Presidential proposal.

* The House Science Committee held a hearing addressing the need for science and technology advice to Congress, including the perpetual quest to reinstate the Office of Technology Assessment.


[2] ELECTRONIC VOTING ISSUES RECEIVES ATTENTION ON NUMEROUS FRONTS

A Congressional hearing and two new reports renewed attention on the security, reliability and usability of e-voting systems this month. USACM also provided comments to policymakers on e-voting issues this month.

Congressional Action — Congress tackled the question of whether new federal standards will improve e-voting technology. The short answer seemed to be that the standards, while a good first step, were far short of what we need to ensure accurate, secure, reliable and usable e-voting machines. We will have to wait until the next update (likely several years away) of the standards to see anything more than marginal improvements. The Congressional hearing also looked at the testing process for voting machines. Under HAVA the EAC is taking over the certification and decertification process for voting machines from an association of state election officials. This change is new and in many respects still being developed.

USACM voiced concerns about the current standards and testing and certification process in testimony for the Committee’s record. USACM made several recommendations to strengthen the testing and certification process:

* Create a formal feedback process that will ensure that lessons learned from independent testing and Election Day incidents are translated into best practices and future standards.
* Make the testing process more transparent by making the testing scope, methodologies and results available to the public.
* Ensure that the guidance for usability and security standards provides performance-based requirements and is clear so as to minimize the variance of human interface designs from jurisdiction to jurisdiction.
* Create a mechanism for interim updates to the standards to reflect emerging threats, such as newly discovered security defects or attacks.
* Require voter verified paper trails and audits to mitigate the risk associated with software and hardware flaws.

USACM’s testimony is available at:

http://www.acm.org/usacm/PDF/USACMEVotingHearingStatement.pdf

More information on the hearing, including links to witness testimony, is available at:

http://www.acm.org/usacm/weblog/index.php?p=399

Brennan Center Report — In late June the Brennan Center for Justice released a released a report finding significant security and reliability vulnerabilities in each major voting system. The report found proper countermeasures could reduce these vulnerabilities; however, few jurisdictions have taken such steps. It was written by a task force of government, academic and private sector experts and reviewed extensively by the National Institute of Standards and Technology and can be found at:

http://brennancenter.org/programs/dem_vr_hava_votingsystems.html

National Academies Report — The Academies released a short report discussing emerging problems with e-voting systems and making recommendations for the upcoming election.

According to the Election Assistance Commission, an estimated one-third of voters will be using different equipment in 2006 than 2004. The academies’ report stated that some jurisdictions, possibly many, are not prepared to use this new equipment for the November election. Several factors are contributing to this (although not uniformly across jurisdictions):

* State and localities either not meeting or rushing to meet deadlines for new equipment mandated by the Help America Vote Act
* New state requirements on e-voting systems, such as Voter Verified Paper Trails
* On going security threats, such as those outlined a recent report released by Blackboxvoting.org
* Poor vendor performance
* Training poll workers on how the new equipment works
* Educating first-time voters about using the machines

The report made a several recommendations in light of many jurisdictions using this new technology:

* Jurisdictions should have backup mechanisms and procedures in place for e-voting systems.
* Jurisdictions should band together in their interactions with vendors.
* Election Officials should get information from each other about vendor problems, contracts, backup procedures and legal and regulatory options.
* Jurisdictions should conduct parallel testing on Election Day.

The report can be found at:

http://www.nap.edu/catalog/11704.html


[3] ADMINISTRATION AND CONGRESS TAKE ACTIONS TO PROTECT PRIVACY

Several recent actions by the government demonstrate the increasing importance of protecting individual data from identity theft. First, the Administration moved to tighten data security procedures throughout the government. Second, the a House of Representatives Commerce Committee passed legislation to restrict the sale of Social Security numbers. Third, the House Veterans Affairs Committee passed legislation to respond to the security breach that compromised personal information for over 20 million veterans.

New government-wide guidance — Government Computer News reported that the Office of Management and Budget has tightened requirements for federal agencies to report data breaches. Responding to recently reported data breaches, the OMB guidance reinforces much of current federal law in this area, but the added pressure will hopefully encourage greater compliance. Legislation recently proposed by Representative Tom Davis (R-Virginia) would further define the responsibility of both OMB and agency CIOs with respect to the reporting of data breaches and enforcement of data breach policies.

The memo is available as a PDF file at:

http://www.whitehouse.gov/omb/memoranda/fy2006/m06-19.pdf

You can read the full article online at:

http://www.gcn.com/print/25_21/41426-1.html

Protecting Social Security Numbers — The House Energy and Commerce Committee has approved legislation (H.R. 1078, The Social Security Number Protection Act of 2005) criminalizing the sale of Social Security Numbers and empowering the FTC to regulate the practice. The bill needs to be reviewed by the another congressional committee (House Ways and Means) before going to the House floor.

Cybersecurity Legislation — The House Veterans Affairs Committee, responding to the May 2006 theft of a laptop containing information on over 26 million veterans and active duty personnel, approved legislation improving and reorganizing cybersecurity activities in the Department of Veterans’ Affairs. This follows a series of hearings the committee has held over the last 2 months – USACM Chair Eugene Spafford testified at one of these hearings.

The legislation provides for credit remediation and related services for veterans whose information was compromised as a result of the data theft. It also establishes an undersecretary of information services, who would have the responsibilities of the chief information officer (CIO). Three new deputy undersecretaries for security, operations and management, and policy and planning would report to the new undersecretary. Finally, recognizing the need for trained computer security professionals (as Dr. Spafford emphasized during his testimony), the bill creates up to five scholarships per year for students pursuing doctoral degrees in information security, computer engineering or electrical engineering. These students would work at the VA two years for every year of scholarship support.

You can read the legislation at:

http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=109_cong_bills&docid=f:h5835ih.txt.pdf

As more and more data breaches make the news, we can expect that additional data breach legislation will be considered.


[4] ACM PRESIDENT INTERVIEWED FOR CNET

CNET news has an interview with ACM’s new President, Stuart Feldman, on topics ranging from IT education and jobs to the globalization of the IT software industry. He specifically mentions ACM’s recent globalization report and that it shows there is strong demand in the IT industry for skilled employees. Dr. Feldman was recently elected President of ACM and started his two year term on July 1, 2006. The President of ACM is a standing member of the Executive Committee of USACM. He is also Vice President of computer science research at IBM. You can read the interview at:

http://news.com.com/The+tech+industrys+newest+power+player/2008-1022_3-6093527.html?tag=st.num


[5] PIECES OF AMERICAN COMPETITIVENESS INITIATIVE SLOWLY MOVE FORWARD

The American Competitiveness Initiative, proposed by the President during his 2006 State of the Union Address, has been embraced by Congress on several different legislative fronts. Earlier this year, in separate actions the House Science Committee and the Senate Energy Committee passed legislation largely focused on education programs, while the House and Senate Appropriations Committees focused on legislation to fund the President’s initiative. In July the Senate Commerce Committee passed another piece of the President’s proposal, the American Innovation and Competitiveness Act (S2802). The legislation would authorize increased funding for the National Science Foundation and the National Institute for Standards and Technology, with a focus on grants and programs aimed at national competitiveness, including studies by the Office of Science and Technology Policy and the National Academies. The legislation would also close the Technology Administration in the Department of Commerce.

It still isn’t clear how these disparate efforts will be woven together. What is critical is that the appropriation bills, which provide actual funding these agencies, embrace and fully fund the President’s initiative. So far actions by the House and Senate Appropriations Committees have been positive, but final approval for these bills isn’t likely until after the November elections.

Legislation related to the American Competitiveness Initiative includes:

S2197, the PACE-Energy Act, which was reported to the Senate in April. It focuses on supporting basic research programs at the Department of Energy, and DoE efforts to support math and science education. The bill would also establish an Advanced Research Projects Agency for energy, or ARPA-E.

S2198 focuses on education, with new scholarships for students studying math and science, new research grants and promoting AP math and science courses. The Health, Education, Labor and Pensions Committee held a hearing on this in March.

The Senate has also considered the House Appropriations Bill, HR 5672, as described below.

House bills parallel Senate efforts, with a greater emphasis on supporting cutting-edge or otherwise risky research:

HR5356, the Research for Competitiveness Act would authorize the National Science Foundation and the DoE’s Office of Science to provide early career researchers grants for innovative research programs, integrate research and education, among other provisions.

HR5357, the Early Career Research Act and The Research For Competitiveness Act, focused on similar items as 5356, with a focus on the NSF and several parts of the DoE.

HR5358, Science and Math Education for Competitiveness, would authorize programs supporting science, mathematics, engineering and technology education at the NSF and the DoE Office of Science.

HR5356 and HR5358 were reported to the full House in late June. The House Science Committee marked up 5357 earlier in June, merging it into HR5356.

HR 5427, the Fiscal Year 2007 Energy and Water Development Appropriations Act (covering scientific research in the Department of Energy), was approved by the House in May and reported to the Senate in June.

HR 5672, the Fiscal Year 2007 Commerce-Justice-Science Appropriations bill (covering funding for NSF and NIST), was approved by the House at the end of June. It was considered by the Senate Appropriations Committee and reported to the Senate in July.


[6] SCIENTISTS FIND CONGRESS’ ACCESS TO SCIENTIFIC ADVICE LACKING

On July 19 the House Science Committee held a hearing exploring Congress’ need for scientific and technical advice.

Eleven years ago, Congress closed the Office of Technology Assessment (OTA). This office was created in 1972 to aid Congress “in the identification and consideration of existing and probable impacts of technological application.” The scientific community opposed the closure of OTA and it remains a sore spot. Many believe that Congress would make better policy decisions if this resource still existed. While Congress does not face an information shortage, the witnesses argued it needed independent advice that was more closely aligned with Congress’ needs, and that this need couldn’t be fulfilled by the various outside groups. None felt that reconstituting OTA was the correct solution, rather that a new advisory body should have scientific staff and produce more timely reports with better integration with congressional committees to suit Congress’ policy objectives.

Considering that USACM’s mission is to provide objective technical advice on computing issues, the hearing provided useful insight and some frustration as to how we approach informing Congress. There is a need for Congress to receive better scientific and technical advice. There is also a need for Congress to take this advice into account. Finally, there is a need to recognize the limitations of scientific advice from those involved in giving it. The first need can be fulfilled by experts providing input through societies and other groups such as ACM, and a body within Congress solely dedicated to technical analysis. However, even with the best scientific evidence, decisions in Congress are made on a political, not scientific, basis. The witnesses did not explore in depth the use of independent scientific analysis, rather arguing that it is needed. The question of Congress’ use of information is certainly one that should be asked if an OTA-like entity was reconstituted.

It seems clear that many in the scientific community believe there are significant gaps in the science and technical advice Congress receives. Certainly professional scientific societies and organizations such as ACM can fill part of this role, but these efforts will never been seen as truly independent. The question is whether Congress believes there are gaps and what they might do about it. While many Members at today’s hearing clearly supported the idea of a new OTA-like entity, the evidence shows that Congress, as a whole, doesn’t support this change right now. Since OTA was eliminated, there have been many efforts, ideas and proposals to address the issue. So far Congress has only adopted a limited pilot program.

Information about the hearing (witness statements and a webcast) can be found here:

http://www.house.gov/science/hearings/full06/July%2025/index.htm


[7] ABOUT USACM

USACM is the U.S. Public Policy Committee of the Association for Computing Machinery (ACM). ACM is an educational and scientific society uniting the world’s computing educators, researchers and professionals to inspire dialogue, share resources and address the field’s challenges. ACM strengthens the profession’s collective voice through strong leadership, promotion of the highest standards, and recognition of technical excellence. ACM supports the professional growth of its members by providing opportunities for life-long learning, career development, and professional networking.

For more information about USACM and ACM, see:

http://www.acm.org/usacm/about.html


BACK ISSUES

For earlier editions of the ACM Washington Update, see

http://www.acm.org/usacm/update/

SUBSCRIBE/UNSUBSCRIBE

To subscribe to ACM’s Washington Update newsletter, send an e-mail to listserv@acm.org with “subscribe WASHINGTON-UPDATE “First Name” “Last Name” (no quotes) in the body of the message.

To unsubscribe, simply include the “SIGNOFF WASHINGTON-UPDATE” command in an email to listserv@acm.org.

This entry was posted in ACM/USACM News. Bookmark the permalink. Comments are closed, but you can leave a trackback: Trackback URL.