ACM Washington Update Vol. 9.2 (February 28, 2005)
 Successful Policy Summit Focuses USACM’s Agenda
 USACM Joins Legal Scholars To Protect Innovation
 USACM Weighs in on High-Performance Computing Legislation
 ChoicePoint Privacy Breach Getting Congressional Attention
 Real ID Act Passes U.S. House of Representatives
 Congress Organizes (Mostly): IT Policy Implications
 Events to Watch In March
 About USACM
[An archive of all previous editions of Washington Update is available here.]
 SUCCESSFUL POLICY SUMMIT FOCUSES USACM’S AGENDA
This past Sunday, the executive committee of USACM held its annual meeting to discuss some of its policy priorities for the coming year. The group grappled with a diverse set of topics, from the current state of ACM to events and efforts likely to affect information technology (IT) policy and funding. Topping USACM’s agenda will be informing policymakers and the courts on balancing innovation and intellectual property (IP) protection, making e-voting systems more secure and reliable, and the impact technology can and should have on privacy issues, just to a name a few items.
During the morning session, John White, CEO of ACM, gave an upbeat report on ACM’s health and how USACM is viewed by within the organization. The majority of ACM’s membership is aware and interested in USACM activities. Dr. William Aspray, from Indiana University gave an overview on the work of ACM’s Job Migration Task Force (JMTF), which is a timely and very ambitious project to study the worldwide trends in the IT workforce. More information about the JMTF is available at http://www.acm.org/usacm/weblog/index.php?p=142.
IT Policy Agenda
The IT policy landscape in Washington is crowded this year, but the committee settled on briefings and discussion about IP protection, e-voting and privacy. The most significant decision the committee made was to support an amicus brief in the MGM vs. Grokster Supreme Court case, which argues in support of innovation. (See the next story for more details.)
Outside expert Markham Erickson, general counsel for the NetCoalition (see http://www.netcoalition.com/), discussed high-profile IP issues, including the MGM vs. Grokster case before the Supreme Court and efforts to revive legislation to protect facts that are part of databases — for more information on this, see ACM’s statement on legislative efforts to expand protection for collections of data at http://www.acm.org/usacm/Issues/dbasefinal.pdf.
Barbara Simons reported that her study on voting databases is moving forward and will be ready later this year to inform policymakers on how to protect and secure these databases. And, finally, the committee focused on recent developments surrounding privacy issues (such as the Choicepoint debacle), reconstituted the privacy subcommittee of USACM, and charged it with developing a new statement of privacy principles.
IT Research & Development (R&D) Funding
Peter Harsha, the Computing Research Association’s (CRA’s) director of government affairs, also gave his insight on the current landscape for IT R&D funding and some of the troubling long-term trends. There is a lot going on in this area, and you can follow all the recent developments through CRA’s weblog at http://www.cra.org/govaffairs/blog/.
 USACM JOINS LEGAL SCHOLARS TO PROTECT INNOVATION
USACM signed onto a Supreme Court amicus brief with sixty law professors in support of Grokster in the case of MGM vs. Grokster. MGM studios sued Grokster arguing that Grokster should be held liable for users downloading copyrighted material using their peer-to-peer software. This argument, if accepted, would overturn the landmark “Sony decision,” which created a safe harbor for companies to innovate and has been heralded as the “Magna Carta” of the information technology industry. The following is a summary of the argument:
“This case is fundamentally about technology policy, not about file sharing or copyright infringement. Each of the alternative secondary liability standards for which Petitioners and supporting amici argue would dramatically change the balance of power between the entertainment industry and the technology industry. It would do so despite the absence of a statutory basis in copyright law for this change and would disrupt settled expectations in the information technology industry.”
USACM member and University of California at Berkeley professor Pam Samuelson led the preparation of the brief. The full brief is at http://www.acm.org/usacm/grokster/amicus.pdf.
 USACM WEIGHS IN ON HIGH-PERFORMANCE COMPUTING LEGISLATION
Noting ACM’s reputation and expertise in the computing world, Representative Sherwood Boehlert, Chairman of the House Science Committee, asked USACM for comments on the High-Performance Computing Revitalization Act of 2005 (H.R. 28). Among other things, the bill requires the director of the Office of Science and Technology Policy to establish goals for federal high-performance computing research, development, networking, and other activities, and develop and maintain a research, development, and deployment road map for the provision of high-performance computing systems.
After consulting with USACM members, committee chair Eugene Spafford sent a letter to Rep. Boehlert describing the impact the High-Performance Computing Program (known as the Networking and Information Technology Research and Development Program) has had on high-end computing technology. Spafford goes on to say that H.R. 28 is both a timely and important reflection of the current environment and the policy framework needed to advance this field of science.
The letter is available online at http://www.acm.org/usacm/Letters/HPC_Boehlert.pdf, while more information about the bill can be found at http://thomas.loc.gov/cgi-bin/query/z?c109:H.R.28:.
 CHOICEPOINT PRIVACY BREACH GETTING CONGRESSIONAL ATTENTION
Recently it was revealed that ChoicePoint, one of the nation’s largest data aggregators and providers of personal consumer data, has been the victim of large scale fraud. Fraudsters, posing as (among other things) check-cashing, insurance, and debt-collection companies, were able to pass ChoicePoint’s initial customer background check and gain access to ChoicePoint’s services, eventually gaining access to the personal information (including Social Security numbers, addresses, and more) of well over 100,000 people, at least 700 of whom may already have been the victims of identity theft or other fraud.
The incident became known after ChoicePoint informed the individuals in California whose personal information was accessed during the fraud. A California law that was enacted in 2003 requires companies to disclose incidents like the compromise of ChoicePoint’s data to affected consumers. Currently, California is the only state with such a law, although the ChoicePoint case has aroused the interest of several state attorneys general and one U.S. senator has already introduced federal legislation similar to the California law. Meanwhile, one California woman has recently filed a lawsuit against ChoicePoint that seeks to gain class-action status.
In Washington, the case has put data brokerage firms and their practices under the spotlight, with several members of Congress signalling that hearings are called for in the case. Rep. Joe Barton, chairman of the House Committee on Energy and Commerce, has directed his staff to look into the matter and to “survey digital data storage practices and their current security measures.” Meanwhile, Sen. Arlen Specter, chairman of the Senate Judiciary Committee, has stated his willingness to hold a a series of hearings on privacy breaches including this one, and Sen. Charles Schumer is said to be considering legislation that would establish federal rules to regulate how companies provide or sell access to private information.
One man has already been sentenced to 16 months in prison for his part in the fraud.
For more information on the ChoicePoint case, see the Wired News article at http://www.wired.com/news/privacy/0,1848,66685,00.html, as well as a recent New York Times article at http://www.nytimes.com/2005/02/24/business/24datas.html.
 REAL ID ACT PASSES U.S. HOUSE OF REPRESENTATIVES
Earlier this month, House Judiciary Committee Chairman James Sensenbrenner’s (R-WI) immigration bill, the Real ID Act (H.R. 418), was passed by the U.S. House of Representatives. The bill is intended to disrupt terrorist travel and bolster U.S. border security and includes much of the immigration reform language that was dropped from last year’s intelligence overhaul legislation (discussed in our Dec. 2004 Update at http://www.acm.org/usacm/update/update812.html).
The act requires the Department of Homeland Security to develop federal driver’s license standards and contains details about minimum document requirements (i.e., information and features that must appear on new licenses), as well as the requirement that a foreign visitor’s temporary license must expire at the same time the visitor’s visa expires. The act also prohibits federal agencies from accepting state issued driver’s licenses or identification cards unless such documents meet the federal standards. In addition, it includes financial incentives for states to enter into an “interstate compact” for sharing driver’s license data. Finally, the bill repeals the provision in 2004’s intelligence reform legislation that had placed the responsibility for creating such federal driver’s license standards on the Secretary of Transportation.
Among privacy and civil liberties advocates, the bill has renewed worries about the development of a national identification system. Indeed, critics of the bill assert that implementing the standards and information sharing compacts would amount to a “de facto national ID card.” Supporters of the bill contend that the bill is needed to address a number of vulnerabilities in border and homeland security efforts.
The bill counted over 100 House cosponsors and passed in a 261-161 vote, with 8 Republican members crossing party lines to vote against it and 42 Democrats crossing to vote for it. It has strong support from the White House, and the Washington Post reports that a similar bill will be introduced soon in the Senate that has the support of “50 to 60” senators.
For more information on ACM’s position regarding national IDs, see http://www.acm.org/usacm/Issues/NationalID.html. Also, see the Washington Post article mentioned above at http://www.washingtonpost.com/wp-dyn/articles/A14469-2005Feb10.html.
 CONGRESS ORGANIZES (MOSTLY): IT POLICY IMPLICATIONS
By mid-February in any normal year a new Congress is completely organized. This is not a normal year as numerous changes in the Senate and organizational fights between the House of Representatives and Senate have delayed the process. Congress has finally (although not completely) organized itself enough to provide a picture of how it will deal with information technology (IT) and computing policy issues.
The major story is what changed in the Senate — arguably elevating IT policy — contrasted against the relative status quo in the House. Several key Senate chairmanships changed hands, which, in turn, led to two new IT related subcommittees. The opposite was true in the House, where key chairmen from the 108th Congress hold roughly the same power in the 109th. Below is a more detailed discussion of how these changes will impact issues relevant to USACM’s interests.
One of the biggest changes, a complete reorganization of the House and Senate Appropriations Committees, is still in limbo because of an ongoing disagreement between the House and Senate. Peter Harsha at CRA has put together a good analysis of the implications this reorganization has for IT R&D spending, available online at http://www.cra.org/govaffairs/blog/archives/000252.html.
In short, it will be a busy year. Congress will have to grapple with some high-priority pieces of legislation like the rewrite of the Telecommunications Act of 1996, which touches on many IT policy issues. It will also have to respond to external events like the inevitable fallout from the Supreme Court’ decision in MGM Studios Inc. vs. Grokster Ltd.
Innovation and Intellectual Property Balance
Two of the most important Senate committees dealing with IT policy are the Judiciary Committee and the Commerce, Science and Transportation Committee. Both have new chairmen, and both have been restructured to raise the profile of IT policy.
Senator Arlen Specter (R-Penn.) takes over the chair of the Senate Judiciary Committee. While judgeships will likely dominate the committee’s agenda, a new Intellectual Property Subcommittee chaired by former full committee chairman Orrin Hatch (R-UT) will give IP issues their own forum. Senator Leahy (D-VT) remains the Ranking Member of the Committee and will continue his work from last year on IP issues. The Committee will likely wait on almost all IP issues until the Supreme Court hands down the Grokster decision.
Senator Ted Stevens (R-AK) takes over the helm of the Commerce Committee and immediately made two important changes. First, he elevated the reform of the Telecommunications Act of 1996 to a full committee responsibility and posed 10 pretty specific questions (the questions are about halfway down the page at http://commerce.senate.gov/newsroom/printable.cfm?id=231775) that give us context for the Chairman’s thinking about telecommunications reform — note his questions about preserving technological innovation, privacy, and preventing piracy. Second, he created the Subcommittee on Technology, Innovation, and Competitiveness, which doesn’t have a specific agenda yet, but seems ripe for work on IT policy.
In contrast to the Senate, the corresponding committees in the House only had minor changes. Chairman James Sensenbrenner (R-Wisc.) and Ranking Member John Conyers (D-Mich.) continue to lead the Judiciary Committee. Chairman Joe Barton (R-TX) and Ranking Member John Dingell (D-Mich.) continue to lead the Energy and Commerce Committee. We can reasonably expect that the IP issues important to these members from last year — including database legislation — will continue to be important to them this year.
The strength and weakness of privacy issues are their ubiquity on the Hill. Because privacy is inherent in multiple policy areas it always garners attention, but with so many actors and committees all looking at the issue from different angles, it makes it almost impossible to deal with an “overarching” privacy agenda.
We have already seen evidence as last week the House passed the Real ID Act, a controversial and high profile bill with privacy and “national ID” implications, and the House Commerce Committee passed the SPY Act this week. Further external events like the recent revelation of fraud and ID theft at ChoicePoint may catalyze a legislative reaction from Congress.
The four committees and powerbrokers mentioned above (House and Senate Judiciary and Commerce Committees) will likely dominate privacy issues. For the most part, privacy issues will be embedded in their policy efforts instead of driving them. The newly created House and Senate Homeland Security Committees and the House and Senate Banking Committees will also likely wade into privacy issues at some point.
Security and Reliability Of Systems
The House Administration and Senate Rules Committee, as well as the House Science Committee, play key roles in developing voting legislation. For the most part, the organization of these committees will remain essentially the same as last Congress. The only major change is on the minority side of the House Administration Committee with newly appointed Congresswoman Juanita Millender-McDonald (D-Calif.) becoming the Ranking Member and Congresswoman Zoe Lofgren (D-Calif.), a strong technology advocate, also joining the committee. While several Members of Congress have already introduced voting related bills (more on that in another post), any wholesale reopening of the Help America Vote Act would likely be controversial and certainly an uphill battle.
One of the most interesting fights so far this Congress was over which House committee has jurisdiction over cybersecurity policy. In early January it looked as if the newly created Homeland Security Committee would preside. However, the ground quickly shifted and now at least four House committees claim jurisdiction: Energy and Commerce, Government Reform, Science, and Homeland Security. It is very difficult to see how these actors will coordinate cybersecurity policy (likely diminishing prospects for overarching legislation), but cybersecurity will nonetheless be a high-profile topic for this Congress. These committees may be spurred into action once PITAC’s cybersecurity report hits the Hill, but it is unclear who would take the lead on its recommendations.
 EVENTS TO WATCH IN MARCH
March 9: Congressional Internet Caucus RFID Exhibition & Policy Primer. For more information, see http://www.netcaucus.org/events/2005/rfid.
March 9: NIST hosts the third meeting of the Technical Guidelines Development Committee, which is developing standards for voting equipment and systems. For more information, see http://vote.nist.gov
March 29: U.S. Supreme Court hears arguments in the MGM v. Grokster case.
March 29-31: 4th Annual Government Convention on Emerging Technologies, focusing on the impact of the Intelligence Reform and Terrorism Prevention Act that became law in December 2004. More information available at http://www.ncsi.com/govcon05/index.shtml.
 ABOUT USACM
USACM is the U.S. Public Policy Committee of the Association for Computing Machinery (ACM). ACM is the premier organization for computing professionals, delivering resources that advance the computing and IT disciplines, enable professional development, and promote policies and research that benefit society. USACM serves as the focal point for ACM’s interactions with U.S. government organizations and the science and technology policy community. For more information about USACM, see http://www.acm.org/usacm/about.html.
For earlier editions of the ACM Washington Update, see: http://www.acm.org/usacm/update/.
To subscribe to ACM’s Washington Update newsletter, send an e-mail to listserv [AT] acm.org with “subscribe WASHINGTON-UPDATE ‘First Name’ ‘Last Name'” (no quotes) in the body of the message. To unsubcribe, simply include the “SIGNOFF WASHINGTON-UPDATE” command in an email to listserv [AT] acm.org.
Should you have questions, comments, or suggestions regarding this newsletter, public policy issues, or USACM activities, please contact the ACM’s Washington, D.C., Office of Public Policy by email at usacm_dc [AT] acm.org or by calling 202-659-9711.