ACM Washington Update, Vol. 9.9 (September 30, 2005)

By David
October 1, 2005


[1] Newsletter Highlights
[2] Carter-Baker Commission Report a Mixed Bag
[3] Senate Judiciary Committee: Busy and in the Spotlight
[4] Secure Flight Working Group Against Live System Testing
[5] Cybercrime on the Rise
[6] Barbara Simons Presented with Lifetime Achievement Award
[7] Calling All Techies
[8] Events in October
[9] About USACM

[An archive of all previous editions of Washington Update is available here.]


Below are highlights of the top stories for September; there’s more detail on each below:

* Carter-Baker commission on voting issues gets behind, among other things, using Real IDs as national voter IDs and voter-verifiable paper audit trails.

* Busy Senate Judiciary Committee is tackling high-profile issues like privacy/data-breach legislation, what to do following the Supreme Court’s Grokster ruling, and Supreme Court nominations.

* Frustrated working group issues its report on TSA’s Secure Flight passenger screening system, recommending against live testing; meanwhile, DHS loses its top privacy official.

* Cybercrime report paints a bleak picture, pointing to increases in such things as security flaws, spyware, bots, viruses, and phishing.

* Barbara Simons receives Distinguished Engineering Alumni Award for Lifetime Achievement from UC Berkeley.

* In the wake of hurricanes Katrina and Rita, Senators urge DHS Secretary Chertoff to implement program to create volunteer rapid response teams of technical experts.


The Federal Commission on Election Reform led by former president Jimmy Carter and former secretary of state James A. Baker III has issued its report recommending “significant changes in how Americans vote, including photo IDs for all voters, verifiable paper trails for electronic voting machines and impartial administration of elections.”

Here in ACM’s Policy Office, we see the Carter-Baker report as a decidedly double-edged sword:

  • On the one hand, we applaud the call for voter-verified paper audit trails for electronic voting machines – a crucial component for sound, trustworthy voting systems, and something ACM has officially been calling for since 2004.
  • However, on the other hand, the commission also calls for the use of Real IDs (or non-driver’s-license equivalents of the newly mandated IDs) as voter identification cards. We’ve been active recently in highlighting some major concerns with the Real ID scheme.

The commission also recommends “top-down,” centralized, state-administered voter registration lists, criticizing “bottom-up” systems (wherein counties and municipalities maintain and administer their own voter registration lists but feed information “up” to their respective states) as being incapable “of providing a complete, accurate, current, and valid voter registration list” (p. 11). These issues (and more) will also be addressed in the report of an ACM study that is working currently to provide states with useful technical guidance on the statewide voter registration lists mandated by HAVA.

The commission’s report has been met with a good deal of criticism, especially from groups that were opposed to the Real ID Act. However, more recently, Carter and Baker have issued a response to some of that criticism –- their comments appeared in the NY Times on Sept. 23 and are available at

The commission’s report is available as one large (7.6 MB) PDF file here

while the individual sections can be downloaded at


Chairman Arlen Specter’s (R-Pa.) Judiciary Committee has been a major focus of attention in recent weeks. Besides managing one Supreme Court nomination so far and preparing to manage another, the committee has been busy with a couple of other issues of great importance to the technology community:

* Privacy/data security legislation — The Judiciary Committee has in its queue currently what we see as one of three major privacy/data security bills this session. Sponsored by Committee Chair Specter and Ranking Member Leahy, the bill has been on the committee’s markup schedule a number of times in recent weeks, but the committee has not addressed the bill yet. The bill spells out a fairly complex regulatory framework for security programs (similar to Gramm-Leach-Bliley), has special rules for data brokers (including allowing consumers access to their records), requires notification regarding data breaches, new rules governing government access to and use of commercial data, and it preempts similar state laws. An article with more information on the privacy situation, as well as our comparison of the three major legislative efforts mentioned above, can be found at

* Innovation and Intellectual Property post-Grokster — The committee held a hearing entitled “Protecting Copyright and Innovation in a Post-Grokster World.” Witnesses included, among others, U.S. Register of Copyrights Mary Beth Peters, RIAA president Cary Sherman, and Consumer Electronics Association CEO Gary Shapiro. As expected, the hearing centered on the tension between protecting innovation (the major concern of the technology community) and protecting intellectual property rights (the primary concern of the content industry). An often mentioned theme of the hearing seemed to be that Congress should leave the issue alone for now and wait to see what the Ninth Circuit Court does now that the Supreme Court has kicked the ball back to them. More information about the hearing, including witness testimony, is available at


The Transportation Security Administration’s (TSA’s) Secure Flight Working Group (SFWG) issued its report this month. The group, which was “convened to meet in private with TSA officials in order to evaluate the proposed Secure Flight [airline passenger screening] system by drawing upon the privacy and security expertise of individual members,” counted among its members USACM’s own Ed Felten, Jim Dempsey from the Center for Democracy and Technology, and security expert Bruce Schneier.

The group’s report contains a number of recommendations and offers guidance to TSA on such subjects as identity matching, watch lists, passenger name records, and data retention. However, most compelling are the groups final conclusions and observations. For example, the report notes that members were not provided with adequate information about the Secure Flight program to be able to make substantive recommendations, and, further, that DHS never provided a clear statement of the program’s goals. The report also urges Congress to prohibit “live testing” of the system until DHS Secretary Chertoff provides a written statement of the system’s goals and other critical information.

The group’s full report is available at

In addition, both Ed Felten and Bruce Schneier have offered some additional thoughts on Secure Flight and the working group’s process on their weblogs, respectively, at

In other DHS-related news, the department’s first chief privacy officer, Nuala O’Connor Kelly, has announced her resignation after two years on the job. She leaves DHS to take over the lead on privacy issues at General Electric Co. For more information, see the Washington Post article at


A recent Internet security report revealed significant increases in Internet related crime, or cybercrime. The report, released by Symantec Corp., examined the first six months of 2005 and found surges in, among other things, spyware, viruses, security flaws in software, and the number of home computers that are being used without their owners’ knowledge for other purposes like distributing spam.

For the future, the report suggests that, among other things, the targets and methods of so-called “phishing” (i.e., where an attacker pretends to be a trustworthy person in email or instant messages in order to elicit valid usernames, passwords, account information, or other things from an Internet user) will continue to grow. New threats to voice over Internet Protocol (VoIP) are also expected to emerge, as VoIP adoption increases worldwide.

The full report is available (registration required) here

while a Washington Post article on the subject is available at

In other cybercrime related news, September also saw the European Commission (EC) issue its proposal for a communications traffic data retention directive aimed at combating terrorism and organized crime. The proposal recommends retaining “data related to mobile and fixed telephony for a period of one year, and internet communication data, for six months.” For more information, see the Register article at

The EC’s press release on the proposal is available at

Also of interest is an article about a recent House Science Committee hearing focusing on cybersecurity and critical infrastructure issues available from CRA’s Computing Research Policy weblog at


USACM’s Barbara Simons recently received a Distinguished Engineering Alumni Award for Lifetime Achievement from UC Berkeley. Simons currently co-chairs ACM’s study of Voter Registration Databases, which plans to issue a report later this year advising federal and state decision makers on the best practices for designing state-wide voter registration databases. She has become a major voice on the technology aspects of electronic voting and is currently writing a book on the topic. She founded ACM’s US Public Policy Committee (USACM) in 1993 and served as co-chair for nearly 10 years. She was honored with ACM’s 2001 Outstanding Contribution Award, and is a Fellow of ACM and the American Association for the Advancement of Science.

The full, official ACM release can be found at


The aftermath of hurricanes Katrina and Rita has revived an old idea that the federal government maintain lists of rapid response teams comprised of private sector technical experts to help rebuild after a disaster or terrorist attack. Called the “NET Guard,” Senator Ron Wyden (D-OR) originally proposed this idea as part of the legislation that created the Department of Homeland Security (DHS). The provision was included in the final agreement, but the department has never implemented the program. Recently, however, Senators Wyden and George Allen (R-VA) released a bipartisan letter calling on the department to implement this law, available at

It isn’t clear why DHS never implemented NET Guard. It could be a lack of funding or interest. A sticking point could also be liability. The act does not expressively shield a volunteer from liability for his or her actions. For example, if the volunteer installs a faulty network that causes harm, it isn’t clear whether or not that person could be held civilly liable. The Federal Tort Claims Act shields medical workers in such circumstances, but it isn’t clear if this protection would extend to technology workers.

Meanwhile, ACM’s President Dave Patterson issued a statement to ACM members with suggestions on what the technology community can do to help


October 6: Computer Science and Telecommunications Board (CSTB) Open Session Symposium. More information at

October 12: Deadline for submitting comments on the Pentagon’s proposed rule changes to limit foreign researchers’ access to controlled technology. For more information see

October 23-25: 16th Annual Conference of the Economic Crime Institute, focusing on data usage and rules, as well as technology and policy. Complete information at

October 31: ACM 2005 Award Nominations Deadline. More information at


USACM is the U.S. Public Policy Committee of the Association for Computing Machinery (ACM). ACM is widely recognized as the premier organization for computing professionals, delivering resources that advance the computing and IT disciplines, enable professional development, and promote policies and research that benefit society. ACM hosts the computing industry’s leading Digital Library and Guide to Computing Literature, and serves its 80,000 global members and the computing profession with journals and magazines, conferences, workshops, electronic forums, and its Career Resource Centre and Professional Development Centre. For more information about USACM and ACM, see

For earlier editions of the ACM Washington Update, see

To subscribe to ACM’s Washington Update newsletter, send an e-mail to with “subscribe WASHINGTON-UPDATE ‘First Name’ ‘Last Name'” (no quotes) in the body of the message. To unsubscribe, simply include the “SIGNOFF WASHINGTON-UPDATE” command in an email to

Should you have questions, comments, or suggestions regarding this newsletter, public policy issues, or USACM activities, please contact the ACM’s Washington, D.C., Office of Public Policy by email at david.padgham AT or by calling 202-659-9711.