ACM Washington Update, Vol. 9.7 (July 31, 2005)

By David
August 1, 2005


[1] Newsletter Highlights
[2] Picture of Data Security/Privacy Legislation Getting Clearer
[3] The Grokster Decision: Lawyers Debate Inducement; Senators Come Down Hard on the Technology Industry
[4] Turing Award Winner Blasts Current State of Federal R&D Funding
[5] Pentagon Proposes New Restrictions on Research
[6] Congress moves to Bolster Math and Science Programs
[7] U.N. Working Group on Internet Governance Issues Report
[8] Events In August
[9] About USACM

[An archive of all previous editions of Washington Update is available here.]


Below are highlights of the top stories for July; there’s more detail on each below, as well as on our weblog at

* Data security and privacy legislation will likely include provisions for data security programs, data breach notification based on potential for harm, and preemption of similar state laws.

* Many groups, Congress included, are still working out how to proceed in the wake of the Supreme Court’s recent ruling in MGM v. Grokster — we report on two recent events.

* Vint Cerf and others have some strong words about the ramifications of declining federal R&D budgets.

* The Department of Defense follows the Department of Commerce in proposing similar restrictions on sensitive research.

* Congressional committee passes legislation aimed at increasing the number of students in university math and science programs.

* The U.N. Working Group on Internet Governance issues its report, which calls for a U.N. affiliated “global multi-stakeholder forum” for addressing Internet public policy issues.


As Congress gets serious about passing data security/privacy legislation, several competing proposals are now moving forward. While each takes a different approach on how to ensure Americans’ privacy, the most common elements of top three proposals are:

* Data security and privacy programs — Organizations will be called on to develop and maintain a formal framework for ensuring the security and privacy of the personal information that they manage. There may also be special rules for the data broker industry to follow, as well.

* Data breach notification — Organizations will be required to disclose data breaches to authorities and to affected consumers if there is reason to believe that the data breach could reasonably be expected to result in identity theft.

* Preemption of state laws — Congress is under intense pressure from business groups to use any data security/privacy legislation that it passes to establish a national standard for data breach notification and related laws.

Other things that may appear in any successful legislation include new restrictions on the use or display of Social Security numbers and provisions related to the use of strong encryption with personal information.

At present, there are three major pieces of data security/privacy legislation: S. 1408, which just last week was approved by the Commerce Committee and is on its way to the Senate floor; S. 1332, the Specter/Leahy bill that is currently pending in the Judiciary Committee; and an as-yet unintroduced bill in the House Energy and Commerce Committee. All three bills contain provisions related to the three main areas described above, although it remains to be seen at this point which bill has the best chance at success.

In any case, with Congress now beginning its August recess, we’ll have to wait until September to see what happens, when data security/privacy legislation will be but one part of a crowded Congressional agenda.

More information on each of the bills mentioned above can be found at

* S. 1408:

* S. 1332:

* Discussion Draft of the House bill:


Debate about what the recent Supreme Court ruling in the MGM v. Grokster case means continued in Washington DC with two high-profile events. As we’ve mentioned before in previous writing here and on our weblog, the Court’s ruling created an active inducement standard for determining whether or not a company is liable for consumers who use its product for copyright infringement. USACM welcomed the focus of this decision on the behavior of individuals vs. the design of technology.

For starters, the Congressional Internet Caucus held a panel discussion about the implications of the ruling. Panelists staked out their interpretation of what the Supreme Court said, and each one was clearly laying the groundwork for arguments in future litigation. The media representative argued that a product’s design was “objective criteria” about behavior of defendant. For example, whether or not the company has designed meaningful copyright protection into the product, i.e. filtering. He conceded that a case couldn’t be based solely on a product’s design, but that it “might be the most important criteria” (others being a defendant’s business model and specific conduct). In short, what he said was troubling.

The technology interests on the panel strongly opposed this interpretation by arguing that a company has to be pretty egregious about marketing its product for copyright infringement and helping its users to do so before design comes into play.

More information, including a video archive of the event is available from

Meanwhile, the Senate’s Commerce, Science & Transportation Committee held a full committee hearing last week on the topic. The committee is interested in understanding the “appropriate balance between copyright protection and communications technology innovation.”

During the question and answer session, Senators came down hard on the technology industry – ISPs and P2P software providers. At one point, Senator Stevens, whose opinion is critical here because he is the Chairman of the Committee, seemed stunned when the ISPs asserted that they couldn’t identify specific copyrighted music files flowing over their networks (presumably to filter it). Senators (including Sen. Boxer from California) were incredulous that the technology industry wasn’t doing more with technology to curb infringement and halt the spread of pornography. The technology-sector witnesses tried to make it clear what the technology could or couldn’t do and about active inducement vs. how the technology was designed, but across the board the Senators didn’t seem to care about that degree of nuance – they just wanted more done.

Chairman Stevens concluded the hearing by saying that rarely did he and Senator Boxer agree, but on this point it was clear the technology industry must do more to curb piracy, and they will be watching.

More information on the hearing, including the witness list and copies of their prepared remarks, is available on our weblog at


Internet pioneer Vinton Cerf (who, along with Robert Kahn, won ACM’s 2004 Turing Award) and Information Technology Association of America President Harris Miller join the chorus of leaders expressing concern about the federal R&D enterprise in a recent piece in the Wall Street Journal (subscription required):,,SB112243461503197115,00.html

They frame the argument very similar to those laid out by members of the joint information technology R&D coalition that the Computing Research Association (CRA) is leading (and that USACM is part of):

“America will soon find its grip on the levers of international commerce slipping as we turn our backs on a proud tradition of technology innovation. The stewards of our national destiny are busily tightening the tap on the federal R&D budget, the most important source of funding for programs that seek to answer fundamental questions of science and technology.”

They cite the declining federal R&D budgets, but also discuss a favorite topic ACM’s President Dave Patterson and CRA: the shift in DARPA’s focus from long-term, “blue sky” research to short-term, results oriented research.

“Even some federal agencies nominated for real increases in funding are shifting their priorities. Perhaps the most troubling example lies in the Pentagon’s Defense Advanced Research Projects Agency (DARPA), which over the decades has supported research leading to some of the most valuable technological developments of the past 50 years.”

The whole piece is full of really good data, particularly concerning how other countries are pouring both human and financial resources into R&D. They point out other countries are focusing these investments in the information technology realm. A fair amount of their data can be found on either on CRA’s website

or as part of the “Benchmarks of Innovation” report by the Task Force for the Future of Innovation in America (of which ACM is a member)

Their conclusion:

“A decline in the federal R&D funding makes a troubling situation worse still. Fewer articles mean fewer findings for industry to apply in new products. Fewer products mean fewer jobs, less capital for investments and, in general, less new wealth for the U.S. and its citizens.”


The U.S. Department of Defense recently proposed new restrictions on foreign researchers’ access to sensitive technology and related information. Readers may recall that USACM recently filed formal comments stating that similar proposed rules by the Department of Commerce could stifle innovation. USACM’s recent comments are available at

The Pentagon’s rule changes are smaller in scope as they would apply only to research activities carried out under government contracts. The proposal includes such things as unique badging requirements for foreign nationals and foreign persons, segregated work areas for export-controlled information and technology, and initial and periodic training on export compliance controls for those employees with access to export-controlled information and technology.

The department is accepting public comments on the proposal until September 12, 2005. For more information, including instructions for commenting and a copy of the proposed rule changes, see

In addition, the Chronicle of Higher Education (subscription required) also recently had an article about the DOD proposal


The House Education and Workforce Committee recently passed two new math and science education programs as part of the “College Access and Opportunity Act” (H.R. 609). While the greater prospects for this legislation aren’t clear, it might be the only attempt by this Congress to create new programs focused on increasing students’ interest in studying math and science.

Mathematics and Science Honors Scholarships

The first program provides federal money, matched by private sources, to pay the tuition of students getting baccalaureate or advanced degrees in “physical, life, or computer science; mathematics; and engineering.” In order to retain talent in the sciences, students that receive the scholarships must work for five years in a field related to their degree. There are a couple of other conditions, but clearly that is the most significant restriction.

Mathematics and Science Incentive Program

The second program waives up to $5,000 of the interest portion of a student’s loans. However, the degree and service requirements are different than the scholarship program. A student is eligible if they are a teacher of “science, technology, engineering or mathematics” working in a “high need” educational institution, but they don’t need to have a math or science degree. A student is also eligible if they are “a mathematics, science or engineering professional” meaning they have both a math and science degree and work in a related field. Like the scholarship program, students are required to work for five consecutive years in the field.

The caveat is that the bill authorizes a total of $41 million for all three programs (there is also a $5 million program to provide coordination grants to states for math and science programs), but it doesn’t specify how the funding would be allocated between them. Further it eliminates an entrenched scholarship program, which will make the proposal more difficult to get enacted.

More information on the bill, including a link to the full text and the math/science amendment, is available from our weblog at


The U.N. Working Group on Internet Governance (WGIG) recently issued its final report. The group was created by the Secretary-General of the United Nations following a mandate from the first phase of the World Summit on the Information Society (WSIS). The group’s report will be among the topics of discussion at the upcoming second phase of WSIS that is set for November in Tunisia. The report makes a number of recommendations and proposals aimed at, among other things, creating a global multi-stakeholder forum (linked to the U.N.) to address Internet-related public policy issues and fostering full participation in Internet governance arrangements by developing countries.

However, U.S. authorities have shown no sign that they are open to acting on the recommendations in WGIG’s report. Indeed, a recent New Scientist article at

points out how the Department of Commerce recently reiterated that the U.S. is “committed to taking no action that would have the potential to adversely impact the effective and efficient operation of the DNS and will therefore maintain its historic role in authorizing changes or modifications to the authoritative root zone file.”

For more information on the report, see the recent article at

The WGIG’s full report is available in a variety of formats at

In other internationally flavored news, the Senate Foreign Relations Committee last week approved (by voice vote) the Council of Europe Convention on Cybercrime, a treaty intended to facilitate international cooperation in investigating computer crime, much of which takes places across national borders these days. For more information on the treaty, its implications, and prospects, see the recent ZDNet article at

A copy of the full convention is available at


July 31 – August 5: 14th USENIX Security Symposium (Security’05), Baltimore, Md.

August 1 – Sept. 5: U.S. House and Senate recess

August 4: “Challenges Facing the 21st Century U.S. Workforce,” Heritage Foundation, Washington, D.C.

August 11: “Information for Terrorism Prevention: Balancing Privacy & National Security,” National Academies Committee on Law and Justice, Washington, D.C.

August 22-25: “Engaging the Private Sector: Homeland Security R&D Directions and Opportunities,” U.S. Department of Homeland Security, Science and Technology Directorate, Atlanta, Ga.


USACM is the U.S. Public Policy Committee of the Association for Computing Machinery (ACM). ACM is widely recognized as the premier organization for computing professionals, delivering resources that advance the computing and IT disciplines, enable professional development, and promote policies and research that benefit society. ACM hosts the computing industry’s leading Digital Library and Guide to Computing Literature, and serves its 80,000 global members and the computing profession with journals and magazines, conferences, workshops, electronic forums, and its Career Resource Centre and Professional Development Centre. For more information about USACM and ACM, see

For earlier editions of the ACM Washington Update, see

To subscribe to ACM’s Washington Update newsletter, send an e-mail to listserv with “subscribe WASHINGTON-UPDATE ‘First Name’ ‘Last Name'” (no quotes) in the body of the message. To unsubscribe, simply include the “SIGNOFF WASHINGTON-UPDATE” command in an email to listserv

Should you have questions, comments, or suggestions regarding this newsletter, public policy issues, or USACM activities, please contact the ACM’s Washington, D.C., Office of Public Policy by email at david .padgham[AT]acm[DOT]org or by calling 202-659-9711.