ACM Washington Update, Vol. 9.3 (March 31, 2005)

By David
March 31, 2005


[1] U.S. Supreme Court Hears Arguments in MGM v. Grokster
[2] USACM Calls for Stronger Cybersecurity in Power Plants
[3] Experts Begin Voter-Registration Database Study
[4] Momentum Turns Toward Privacy Protection
[5] Legislation on the Move
[6] Innovation Finds Another Champion
[7] Events to Watch In April
[8] About USACM

[An archive of all previous editions of Washington Update is available here.]


The U.S. Supreme Court heard oral arguments in the MGM v. Grokster case this past Tuesday, March 29th. While it is difficult to predict what direction the Justices are heading, they were, by all reports, very engaged and inquisitive, offering often cutting questions and comments:

  • Breyer: [Conceptually, there are] “some really excellent uses” [for P2P that are legal]
  • Ginsberg: “You’ve read one sentence [the ‘substantial non-infringing uses’ language from the 1984 Betamax decision] and said: ‘Aha! We have a rule!'”
  • Scalia: “How much time do you give me to show lawful uses? … I’m a new inventor, I’m going to get sued right away …”
  • Souter: “There’s never evidence [of infringement] at the time when the guy’s sitting in his garage figuring out how to invent the iPod…” and “Where is the evidence that the iPod inventor isn’t going to lose his shirt?”

As reported here last month, USACM signed onto an amicus brief with sixty law professors in support of Grokster. USACM member and University of California at Berkeley professor Pam Samuelson led the preparation of the brief, which is available at The brief argues that this case is fundamentally about technology policy, not about file sharing or copyright infringement.

Meanwhile, in the run-up to the oral arguments, there were two contrasting, particulary interesting events in Washington, D.C. The conservative Heritage Foundation held an event entitled “Government’s Role In Protecting Constitutional Rights in Intellectual Property (IP).” The keynote speakers, former Attorney General Edwin Messe and former Solicitor General Theodore Olsen, drove home their view that there is no difference between real property (land, buildings, etc.) and intellectual propoerty (IP). The very next day, the Consumer Electronics Association (CEA) held a starkly contrasting conference called “IP & Creativity: Redefining the Issue.” Gary Shaprio, the President of CEA, kicked off the event by describing persuasively all the reasons why IP is different than real property. More information about the events is available, respectively, at and Also, see our longer weblog post about these events and the controversy of what is and is not “real” property at

Whatever the actual ruling in the Grokster case — which is exptected this June or July — the “losing” side is expected immediately to take its fight to Capitol Hill and begin pressuring lawmakers for legislation to better suit its needs. A Supreme Court ruling will not be the last word.


In a letter to the Nuclear Regulatory Commission (NRC), USACM advocates for stronger cybersecurity in power plants across the nation. The
letter (available at points out the critical role of computer-controlled safety systems in today’s power plants and the importance of securing these systems.

Late last year, the NRC proposed a draft regulatory guide (available at that would establish voluntary standards for the use of computers in safety systems of nuclear power plants and asked for public comment. The draft proposal mentions that the standards are based on accepted IEEE standards; however, there is some contention (as reported by SecurityFocus at, as industry argued the proposal was overly regulatory in comments before the Commission.

USACM’s letter takes a different tack, noting that the goals of this guidance are worthy and that the NRC should look toward making the practices mandatory. For more detailed information about this issue and the letter, visit the weblog at


Former ACM President and current USACM executive committee member Barbara Simons and database expert Paula Hawthorn are co-chairing a study looking into the design issues for state-wide voter registration databases. The Help America Vote Act (HAVA), passed in 2002, mandates that by 2006 all states must have centralized databases of registered voters. However, large centralized databases, especially those not implemented with adequate security and privacy protections, can introduce new risks into the voter registration process and may provide yet another tempting target for identity thieves.

Other study group members bring expertise in databases, computer security, privacy, human factors, and civil rights; they include Steve Bellovin (Columbia Univ.), Chris Clifton (Purdue Univ.), Lillie Coney (EPIC), Bob Gellman (privacy consultant), Harry Hochheiser (National Institute for Aging), Ralph Spencer Poore (inventor/author/consultant), Arnon Rosenthal (MITRE), David Wagner (UC Berkeley), and Rebecca Wright (Stevens Inst. of Tech.).

The group expects to produce two reports: the first, a timely checklist for states to consider when purchasing new voting systems, will come fairly quickly, while the second, a longer examination including more detailed scrutiny of related security and privacy issues, should be available later this year.


One thing became crystal clear during this month’s hearings involving the leaders of information brokers ChoicePoint and LexisNexis (among others) by a House Energy and Commerce subcommittee and the Senate Banking Committee (here and here): namely, the intent of policymakers to take action toward regulating the information brokerage industry. Indeed, the question now is less about whether Congress will decide to regulate this industry and more about the nature and scope of such regulation.

On the House side, full Energy and Commerce Committee Chairman Joe Barton (R-TX) (as reported by the Washington Post) went so far as to call the routine sale of consumers’ Social Security numbers without their knowledge or persmission “just wrong,” while Banking Committee Chairman Richard Shelby (R-AL) likened the data collections managed by data brokers to a “treasure trove” of personal financial information. Other highlights from the hearings included the testimony from Federal Trade Commission (FTC) chair Deborah Platt Majoras, ChoicePoint CEO Derek Smith, LexisNexis CEO Kurt Sanford, and EPIC director (and USACM member) Marc Rotenberg.

As a result of recent revelations of unauthorized personal information disclosures, hacking, and fraud at companies like ChoicePoint, LexisNexis, and Bank of America, information brokers and others who handle sensitive personal information find themselves on the defensive like never before. It is apparent that many in the U.S. — policymakers included — were previously unaware of (1) the kinds and volume of personal information handled and sold by brokers, (2) the fact that such information is regularly bought and sold, (3) the seeming ease with which such information can be obtained, and (4) the fact that information brokers operate largely free of the kinds of government regulations that cover other arguably similar companies.

Policymakers mentioned or hinted at several policy responses. Full Energy and Commerce Committee chairman Barton alluded to legislation that might arise later this Spring once committee members have digested this hearing and assimilated other points of view. Specifically, Barton hinted at legislation that would prohibit the unauthorized sale of Social Security numbers. Meanwhile, Subcommittee on Commerce, Trade, and Consumer Protection Chairman Cliff Stearns (R-FL) has already introduced new legislation, the “Consumer Privacy Protection Act of 2005” (H.R. 1263), that contains provisions relating to giving consumers notice of data collection and use, preventing and recovering from identity theft, and assessing how international laws and regulations bear on these issues. Given Stearns’ leadership position, his bill seems to be a likely vehicle for regulating data brokers. In addition, Senator Diane Feinstein (D-CA) earlier this year introduced legislation (S. 115) that would create a federal law similar to the California law that helped bring the ChoicePoint data breaches to light.


* The Real ID Act — After passing the House of Representatives by a fairly wide and bipartisan margin (see, the Real ID Act — has been added to H.R. 1268, the Emergency Supplemental Appropriations Act for Defense, the Global War on Terror, and Tsunami Relief. H.R. 1268, which has also made it through the House, is largely seen as this year’s first “must-pass” bill. The Real ID Act language calls for, among other things, the Secretary of the Department of Homeland Security to create national driver’s license standards (which many equate with establishing a national system of identification), as well as the creation of interstate compacts between states to share the information contained in their driver’s license databases. The Senate Appropriations Committee is set to mark up the emergency supplemental bill next week (April 6), with April 29th being reported as the goal for getting the bill through the Senate. However, the Real ID provisions may face resistance in the Senate — for example, Senator Lamar Alexander recently penned an op-ed in the Washington Post (see criticizing the unfunded mandate that the Real ID Act places on states.

* High-Performance Computing Act — The House Science Committee marked up the High-Performance Computing Act earlier this month. The bill is almost the same as last year’s version, when it passed the House but died in the Senate. As reported here last month, USACM formally commented on the merits of the legislation to Science Committee Chairman Boehlert — see for more information or to view our letter to Chairman Boehlert. The act’s sponsors are more optimistic this time that they will be able to get the bill to the President’s desk during this Congress.


Rep. Rick Boucher (D-V), who has the unique distinction of being the only House member to sit on both the House Judiciary and House Energy and Commerce committee, has authored legislation to preserve researchers’ ability to innovate. His legislation, the Digital Media Consumers’ Rights Act of 2005 (H.R. 1201), amends the Digital Millennium Copyright Act (DMCA) to allow researchers to use copyrighted material for non-infringing purposes without the threat of liability they currently face. The DMCA has been widely criticized by as an unduly restrictive burden on researchers, thereby undermining innovation. USACM has called for reforms of this act in the past, see for more information.

His legislation also intends to codify the so-called “Sony Betamax” decision, which holds that developers cannot be held liable for infringement committed by their product’s users so long as the tool is capable of substantial noninfringing uses. This issue is at the heart of the current Supreme Court case MGM Inc. vs. Grokster, see for more information.

The legislation isn’t likely to move this Congress, but this is an important marker for those who believe the balance between intellectual property protection and innovation has swung too far toward protectionism in recent years. It does have a powerful cosponsor in Energy and Commerce Committee Chairman Joe Barton (R-TX).


April 6: The inaugural meeting of the Department of Homeland Security Data Privacy and Integrity Committee will be held at Washington, DC’s Mayflower Hotel. For complete information, see

April 6: U.S. Department of Commerce workshop to discuss Radio Frequency Identification (RFID). The event will engage stakeholders on the latest advances in RFID technology, including the benefits of RFID, technology development efforts, current and future applications, and privacy and security considerations. For more information, see

April 7: House Government Reform Committee hearing, “Federal Information Security Review,” 10 a.m., 2154 Rayburn House Office Building. See for more information.

April 8-9: Private Conduct/Private Places: New Media, Surveillance, Sexuality — sponsored by the University of California at Berkeley Center for New Media. For more information, see

April 10-12: RFID Journal LIVE! 2005 in Chicago — for more information, see

April 12-15: The 15th annual ACM Conference on Computers, Freedom, and Privacy (CFP2005) will be held at the Westin Hotel in Seattle. A detailed program is available at

April 20-21: National Institute of Standards and Technology (NIST) Technical Guidelines Development Committee (which is charged with making recommendations to the Election Assistance Commission on voluntary standards and guidelines related to voting machines) will hold its fourth plenary session at NIST’s main campus in Gaithersburg, Maryland. The meeting will web cast live — more information is available at


USACM is the U.S. Public Policy Committee of the Association for Computing Machinery (ACM). ACM is widely recognized as the premier organization for computing professionals, delivering resources that advance the computing and IT disciplines, enable professional development, and promote policies and research that benefit society. ACM hosts the computing industry’s leading Digital Library and Guide to Computing Literature, and serves its 80,000 global members and the computing profession with journals and magazines, conferences, workshops, electronic forums, and its Career Resource Centre and Professional Development Centre. For more information about USACM and ACM, see

For earlier editions of the ACM Washington Update, see:

To subscribe to ACM’s Washington Update newsletter, send an e-mail to with “subscribe WASHINGTON-UPDATE ‘First Name’ ‘Last Name'” (no quotes) in the body of the message. To unsubcribe, simply include the “SIGNOFF WASHINGTON-UPDATE” command in an email to

Should you have questions, comments, or suggestions regarding this newsletter, public policy issues, or USACM activities, please contact the ACM’s Washington, D.C., Office of Public Policy by email at usacm_dc AT or by calling 202-659-9711.