ACM Washington Update, Vol. 9.6 (June 30, 2005)

By David
July 1, 2005


[1] Newsletter Highlights
[2] Supreme Court Rules Against Grokster, Preserves Sony Safe Harbor
[3] Proposed Export Rules Could Stifle Innovation
[4] Powerful Senators Introduce Privacy and Security Bill
[5] USACM Urges Reconsideration of Real ID Provisions
[6] PITAC Issues Computational Science Report, Then Expires
[7] Cerf and Kahn Presented with ACM’s 2004 A.M. Turing Award
[8] Events to Watch In July
[9] About USACM

[An archive of all previous editions of Washington Update is available here.]


Below are highlights of the top stories for June; there’s more detail on each below:

* The U.S. Supreme Court ruled against Grokster in its highly anticipated MGM v. Grokster case, but USACM is reassured by the Court’s decision to leave intact the so-called “Sony standard” protecting the development of technologies with substantial non-infringing uses.

* USACM expresses concern that the Department of Commerce’s proposal to change U.S. deemed export regulations could burden research and stifle innovation.

* Two powerful Senators introduce privacy legislation focusing on six key areas of protection.

* USACM calls for a reconsideration of the Real ID Act, arguing that the Act will create a de facto national identification system that erodes privacy protections.

* PITAC issues a report on computational science research, then ceases to be.

* ACM’s annual awards banquet sees Vint Cerf and Bob Kahn presented with the prestigious Turing Award in San Francisco, Calif.


Initially the situation appeared bleak for the technology industry as the early headlines raced across the wire “Grokster Loses in Unanimous Decision.” However, now that the dust has settled a bit, the Supreme Court’s decision this week in MGM v. Grokster — a case we’ve covered extensively in this space — actually looks quite balanced. The Justices did rule 9-0 against Grokster by overturning the 9th Circuit’s summary judgment that the Sony “safe-harbor” rule protects Grokster from any liability in this case. In doing so, however, the Court upheld the heart of Sony by not trying to quantify the tipping point of when a technology’s infringing uses outweigh its non-infringing ones, thereby creating liability for the developer. To many in the technology industry, such a vague test would have been devastating.

The court did blast both Streamcast’s and Grokster’s behavior. It made numerous findings that the defendants went out of their way to encourage downloaders to share copyrighted material or be in a position to facilitate this activity. (Streamcast is the other defendant in the case.) In short, the court said bad actors, even if they are not directly infringing on copyright, cannot hide behind Sony, stating that “one who distributes a device with the object of promoting its use to infringe copyright, as shown by clear expression or other affirmative steps taken to foster infringement, is liable for the resulting acts of infringement by third parties.” But the court did seek balance in this standard: the “inducement rule, instead, premises liability on purposeful, culpable expression and conduct, and thus does nothing to compromise legitimate commerce or discourage innovation having a lawful promise.”

USACM issued a press release following the decision. In it, USACM Chair Eugene Spafford comments that the “liability standards supported by MGM would have dramatically changed the balance of power between the entertainment industry and the technology industry … If the standards supported by MGM were adopted, researchers working in computing and communications development would need to fear liability for uses of their inventions that may not yet exist.” He added that the “Court affirmed the basic USACM position that laws should apply to people and their acts, and not to the technology involved in the act.” Our full press release is available online at

Readers may recall that USACM joined an amicus brief earlier this year signed by sixty law professors in support of Grokster. USACM member and University of California Berkeley professor Pam Samuelson led the preparation of that brief — it can be found on our website at

Other worthwhile resources for discussion of the case and its ramifications include USACM member Ed Felten’s weblog and EFF’s web site (which is collecting the statements of various organizations following the Grokster decision), available online, respectively, at


USACM filed comments with the Department of Commerce expressing deep concern about its proposal to change rules that apply to foreign nationals working in the United States using sensitive equipment. The committee objected to the proposal, stating that it could place new and costly burdens on the information technology sector and universities, and exacerbate an already hostile environment for foreign-born researchers working in the U.S., while providing questionable security gains.

Under long-established federal law, the Department of Commerce regulates the export of most commercial items by what is known as the United States’ Export Administration Regulations (EAR). The rules are intended to prevent sensitive “dual-use” items — items that have both commercial and military applications — from being exported to countries and entities considered to be hostile to United States’ interests. (Purely commercial items without an obvious military use are also subject to the EAR.)

But not all exports are physical commodities, nor must they leave the country. Many are so-called “deemed” exports, which occur when controlled equipment or technology (such as manuals, software, etc.) is released to or used by a foreign national within the United States. Only equipment and technology that is both controlled and proprietary is subject to the deemed export regulations.

In a report finished last year, The Inspector General (IG) argued that the current standards for licensing were too loose and that potentially hostile foreign nationals could still get access to controlled technology. The IG proposed three changes to close these loopholes:

1. Amend the current definition of “use” technology by adding “or” to the definition of “use” by ensuring access to controlled technologies is limited to those involved in the “operation, installation (including onsite installation), maintenance (checking), repair, overhaul, and refurbishing;
2. Begin using a foreign national’s country of birth, instead of the current practice of using a foreign national’s most recent citizenship or permanent residency, as the basis for determining deemed export licenses;
3. Clarification of the supplemental questions used for understanding how the EAR is applied for the publication of government-sponsored research and the use of technology for fundamental research.

USACM commented on all three issues, but its overarching concern was that this proposal could hurt innovation. USACM’s full comments are available at

The Computing Research Association also filed comments on the proposed rule, and they have an in-depth and worthwhile analysis on their weblog at

In addition, for more background on this issue, see the Bureau of Industry and Security’s frequently asked questions document on deemed exports at


Reacting to the current troubling situation regarding data security and privacy in the U.S., two influential senators introduced legislation this week designed to better protect sensitive personal information. Senator Arlen Specter (R-PA) and Senator Patrick Leahy (D-VT) — the two most powerful members of the Senate Judiciary Committee — put forward the “Data Privacy and Security Act of 2005” on Wednesday, stating that “[i]nsecure databases have become the low-hanging fruit for hackers looking to steal identities and commit fraud …” The bill has six main goals:

* Increase criminal penalties for ID theft involving electronic data;

* Allow individuals to access and correct the personal information data brokers maintain regarding them;

* Require entities that maintain personal data to create internal policies for the protection of that data and “vet” third parties that they hire to process that data;

* Provide notice to individuals when a breach of their personal information occurs;

* Limit the buying, selling, or displaying of Social Security numbers without an individual’s consent; and

* Require the federal government to establish privacy and security rules for when it uses information from data brokers.

Links to a press release regarding the bill’s introduction and a complete copy of the bill are available on our website at

We will have more information about the bill on our weblog soon, once we’ve had a little more time to digest it. However, given the status of the bill’s two co-sponsors, this could very well be “the” data privacy and security bill that moves in the Senate this year.


The Electronic Privacy Information Center (EPIC) held a workshop recently to look into the range of policy, technical, and social issues surrounding national identification systems in light of the recently passed Real ID Act, an issue we’ve been quite active on recently. In April, USACM sent the Senate a letter outlining its concerns about the security aspects of the database provisions and its national ID implications. However, Congress ultimately left many of the concerns of USACM and the privacy community unaddressed.

In light of EPIC’s event, USACM issued a press release calling for a reconsideration of Real ID’s provisions:

“ACM’s US Public Policy Committee (USACM) added its voice to other organizations meeting in Washington today to express deep concerns over the recently passed Real ID Act, which USACM believes will create a de facto national identification system that erodes individuals’ privacy protections.

Addressing the impact on individual’s privacy protections, USACM Chair Eugene Spafford, a renowned cybersecurity expert, said, “The act’s stated goal is to reduce terrorists’ ability to travel, but it does little to actually inhibit a dedicated terrorist from securing a valid ID. At the same time, it vastly increases the risk that an average citizen’s personal data will be stolen. This is ill-conceived security strategy and one that should be reconsidered”

The full USACM press release and a full report of the EPIC event — including links to the list of panels, speakers’ bios, and more can be found at

Meanwhile, plans for a national ID card in the United Kingdom appear to be moving forward. The pending ID card bill survived a crucial first step in a House of Commons vote this week and now goes to committees for additional deliberation. The new ID cards — intended to strengthen national security and protect identity — would contain such biometric data as fingerprints and iris scans. However, critics point to the potentially exorbitant cost of the scheme and its potential privacy risks as well as to concerns about the general effectiveness of national IDs.

The Home Office web site on identity cards and a copy of the pending bill are available, respectively, at

EDRi also has more information on the UK’s ID card plans in their June 29th newsletter, which is available online at


The President’s Information Technology Advisory Council (PITAC) — which includes both USACM Chair Eugene Spafford and ACM President David Patterson — issued a report in June entitled “Computational Science: Ensuring America’s Competitiveness.” Among other things, the report calls on federal research and development agencies and universities to make coordinated, fundamental changes to their research and education structures to promote and reward collaborative approaches essential to computational science. A press release and the full report are available from

However, the larger story here is the fact that PITAC has been allowed to expire. The presidential executive order under which this most recent “iteration” of PITAC was operating officially expired at the beginning of June, and no move has been made by the administration to reauthorize the panel. Readers may recall that the panel also released a report earlier this year reviewing the federal government’s cybersecurity R&D effort, an influential report that has since spurred substantial further discussion among policymakers and researchers — there’s more on this report at

Meanwhile, Federal Computer Week has a good article related to PITAC’s history and current status at


ACM presented its 2004 A.M. Turing Award to Vint Cerf and Bob Kahn at the annual ACM Awards Banquet this month in San Francisco. The two innovators won the award for their work developing TCP/IP — the networking language of the Internet. The award is ACM’s highest and is considered by many to be the Nobel Prize of Computing.

ACM President David Patterson said the collaboration of Cerf and Kahn in defining the Internet architecture and its associated protocols represents a cornerstone of the information technology field. “Their work has enabled the many rapid and accessible applications on the Internet that we rely on today, including email, the World Wide Web, Instant Messaging, Peer-to-Peer transfers, and a wide range of collaboration and conferencing tools. These developments have helped make IT a critical component across the industrial world,” he said.

A press release with more information about Cerf, Kahn, and the Turing Award is available from the following URL:


* July 4-8: House and Senate Independence Day recess

* July 4-6: The IASTED International Conference on Education and Technology (ICET 2005), Calgary, Alberta, Canada. For more information, see

* July 11-15: Internet Corporation For Assigned Names and Numbers (ICANN) meets in Luxembourg City, Luxembourg:

* July 18: Scheduled report release by WSIS’s Working Group on Internet Governance (WGIG). See

* July 19: WGIG Workshop on Internet Governance at the National Level, Palais des Nations, Geneva, Switzerland. More information at

* July 26-27: U.S. Copyright Office is holding a public roundtable on orphan works in Washington, D.C. — more information at


USACM is the U.S. Public Policy Committee of the Association for Computing Machinery (ACM). ACM is widely recognized as the premier organization for computing professionals, delivering resources that advance the computing and IT disciplines, enable professional development, and promote policies and research that benefit society. ACM hosts the computing industry’s leading Digital Library and Guide to Computing Literature, and serves its 80,000 global members and the computing profession with journals and magazines, conferences, workshops, electronic forums, and its Career Resource Centre and Professional Development Centre. For more information about USACM and ACM, see

For earlier editions of the ACM Washington Update, see

To subscribe to ACM’s Washington Update newsletter, send an e-mail to listserv with “subscribe WASHINGTON-UPDATE ‘First Name’ ‘Last Name'” (no quotes) in the body of the message. To unsubcribe, simply include the “SIGNOFF WASHINGTON-UPDATE” command in an email to listserv

Should you have questions, comments, or suggestions regarding this newsletter, public policy issues, or USACM activities, please contact the ACM’s Washington, D.C., Office of Public Policy by email at usacm_dc or by calling 202-659-9711.