ACM Washington Update, Volume 10.10 (November 6, 2006)

By David Bruggeman
November 6, 2006


[1] Newsletter Highlights
[2] Election Day to Test Electronic Voting Systems
[3] National Academies Look to the Future of Computing
[4] Engineering Offshoring Examined by National Academy of Engineering
[5] Data Security Problems Continue to Plague the Government
[6] About USACM

[An archive of all previous editions of Washington Update is available at]


With Congress busy campaigning, this month’s newsletter focuses on activities away from Capitol Hill. Below are highlights of the top stories. There is more detail on each below, as well as on our weblog at

* Election Day approaches, providing another opportunity to examine the challenges of electronic voting systems.

* To commemorate the 20th anniversary of the National Academies’ Computer Science and Telecommunications Board, several computer science notables gathered to discuss the future of computing.

* The National Academy of Engineering hosted a workshop on outsourcing as it applies to the engineering profession.

* Legislation moves forward that would require electronic health records for federal workers.


Election Day in the United States – November 7 – is tomorrow and about one third of the public will be using new voting equipment for the first time. Issues with electronic voting, whether it’s the voting machines, the voter registration databases, or other problems with the process, continue to crop up in the press. This has led to some concern on the part of members of the Election Assistance Commission (EAC), which met October 26th in Washington, D.C. While the EAC, and representatives of voting system manufacturers and testing labs testifying at the meeting, implied the concerns over having votes stolen or other problems with the systems are overblown, those concerns are real and aren’t likely to disappear any time soon. In fact, a voting machine vendor appearing on Good Morning America last month seemed unable to convince Diane Sawyer that the machines would be completely secure or reliable. Many organizations and individuals will be paying close attention to this election, for a number of reasons. As the relevant laws vary from state to state, the Center for Internet and Society at Stanford Law School has a good resource of election laws. Please consult this guide for election day rules, and your local election jurisdiction for rules about absentee voting, voter ID requirements, election observing, and provisional voting. You can find it at:

The primary reason for the EAC meeting was to hear testimony about the proposed Voting System Testing and Certification Program. The EAC, with cooperation from the National Institute of Standards and Technology (NIST), is taking over certification of voting systems from the National Association of State Election Directors. The Draft Manual for this program was released earlier this month, and the public comment period was open until Tuesday, October 31st. The meeting was taped, and could be watched on C-SPAN, or online at the EAC website ( The final plan, incorporating public comment, will be voted on at the next EAC meeting, to be held December 7. The Draft Plan can be reviewed here:

The EAC heard testimony from their staff, NIST personnel, representatives from voting system manufacturers and testing labs, state election personnel, a voting system inspector and voting advocacy organizations. While most of the people who testified thought the manual was a good start, they had their concerns. The EAC and NIST staff were generally positive. The testing labs and voting system manufacturers were concerned about having to conduct too many tests and did not want to be, in their words, overburdened by the testing regime. State officials requested clarification regarding the status of voting systems during suspended certifications and other procedures – generally seeking more stringent requirements than in the current manual, and notice to the states when there are problems with certifications. The voting inspector and voting advocacy groups were stronger in their arguments for additional transparency and greater public observation of the process – that the system was too deferential to the manufacturers and not deferential enough to the voters.

Links to available witness testimony, as well as the webcast of the meeting, can be found at:

Earlier this year, USACM called on policymakers to strengthen the testing and certification process by making voting standards performance-based and releasing the test results of e-voting machines to the public. USACM’s letter can be found at:


On October 17th several noted computer scientists gave their thoughts and perspectives on the future of computing. Hosted by the National Academies’ Computer Science and Telecommunications Board (CSTB) – in recognition of their 20th anniversary – the gathering covered a full range of topics, sprinkled with a little bit of history. The following luminaries of the field offered their perspective on the field:

* Anita Jones, Lawrence R. Quarles Professor of Engineering and Applied Science, University of Virginia
* Irving Wladawsky-Berger, Vice President, Technical Strategy and Innovation, IBM
* Bob Brodersen, Professor, Electrical Engineering and Computer Science, University of California, Berkeley
* William A. Wulf, President, National Academy of Engineering
* Jon Kleinberg, Professor of Computer Science, Cornell University
* Shree Nayar, TC Chang Chaired Professor of Computer Science, Columbia University
* Prabhakar Raghavan, Head of Yahoo! Research
* Richard Karp, University Professor, Department of Electrical Engineering and Computer Sciences, University of California, Berkeley
* Rick Rashid, Senior Vice President, Research, Microsoft Corporation
* Dana Cuff, Professor, Urban Planning, University of California, Los Angeles
* Mark Hansen, Associate Professor, Statistics, University of California, Los Angeles
* Jerry Kang, Professor, Law, University of California, Los Angeles
* Eric Schmidt, CEO, Google

This article will hit some of the highlights, but you can read a more detailed analysis on the USACM weblog. It’s in two parts, and can be found at:

The main theme of the presentations was what the computing field may look like in 2016. Some of the presentations covered developments in various areas of computing, while others looked at how the policies that influence research in computing may influence the computing landscape of 2016. Some of these presentations were quite technical, and many were very speculative. However, some things seem to be perennial. The following two recommendations –

* A nationwide computer networking will enhance national competitiveness and benefit society.
* Investing in people to do research in grand challenges is essential if the United States is to continue to lead the world in technology.

– should be familiar to any following the competitiveness legislation. These recommendations come from a 1988 CSTB report.

Some emergent themes from the symposium:

* Mission agencies like the Department of Defense need to be investing in basic research in computing and must be evaluated on the performance of that research.
* Research teams (whether at universities or in private industry) will need to draw on a broader mix of skills such business, social sciences, and engineering in addition to computing.
* As the amount of information generated by computers and the internet increases, how that information is processed becomes more and more important.
* Advances in computing and processing will allow for people to collect a large amount of personal information, and to grab information from the past that wasn’t previously accessible.
* Leading edge computing activity will increasingly take place in disciplines outside of computing.
* Architecture is reverting from client/server to the network computer model where many applications are held on servers, with implications in many different areas.

The meeting agenda is available (hopefully additional items will be added to this page) at:


On October 24th and 25th, The National Academy of Engineering (NAE) hosted a workshop on the offshoring of engineering intended to help develop or collect data on the phenomenon as part of an NAE study. The workshop’s web page (including links to the agenda and the portions of the workshop that were webcast) is accessible here:

The workshop covered offshoring in many different areas of engineering, including semiconductors, software, and network systems. There were also panels for discussing implications for engineering education and the profession of engineering. A major challenge for the event was to try and change the discussion over offshoring from one focused on the dangers to one focused on the opportunities offshoring presents.

For the computing related presentations, some points came up that reflect the findings of the ACM Globalization report, which you can read here:

* While offshoring activity continues to increase in quantity and scope, it is still focused primarily on the low level labor in these fields, in part due to the deficiencies of the higher education systems in other countries (though that gap is closing).
* Existing information on the offshoring problem is not terribly useful. There are often gaps in the types of data collected or a substantial lag in the data that is reported.
* Students have continuing doubts about jobs in engineering.

A recurring recommendation was for changes to motivate more students to major in engineering — usually some combination of revised curriculum and instituting grand challenges. Another recurring thought concerned the job turbulence found in some subdisciplines, especially among older engineers. Some part of the appropriate response to this would involve retraining, which would extend to additional continuing education programs – a casualty of some cost cutting at larger companies. And finally, as projects and work continue to move offshore, management of those projects becomes even more important.

Papers and other materials from this workshop should be available from the project website, linked to above.


With reported data breaches in the Department of Veterans Affairs, the Department of Agriculture and elsewhere, it is clear that this is a widespread problem within the federal government as well as the private sector. To get a better handle of the scope of the government’s problem, Rep. Tom Davis (R-VA) asked for summaries of data breaches in federal agencies over the last three years. Not all agencies have responded, but Davis noted in late September that the Department of Commerce could not account for more than 1100 laptop computers, including some with census information. The House Government Reform Committee (which Davis chairs) has released a Staff Report on the data breach information they have received. Perhaps as troublesome as the number of events is the extent to which agencies may be unaware of what they’ve lost. The report can be found at:

The Office of Management and Budget is working on the problem, issuing data breach notification guidance in an effort toward greater transparency and consistency in data security. The guidance is available here:

Rep. Davis also introduced legislation to deal with this issue. This legislation, HR 6163, the Federal Agency Data Breach Protection Act, tightens the requirements of the Federal Information Security Management Act (FISMA) for federal agencies. Introduced in June, the legislation was recently incorporated into another act focused on data security at the Veterans’ Administration (HR 5835, the Veterans Identity and Credit Security Act). This legislation has passed the House and is now in the Senate. If the legislation in its current form does not get attention in the post-election session, Davis has indicated he would pursue the data breach legislation separately. How much legislation will be passed in the November session remains to be seen.

While any security problem is bad, the impact of many of these data breaches on privacy is also troublesome. For agencies that maintain large databases of personally identifiable information, data breaches raise the possibility of identity theft and other violations of privacy. As many ISPs and other groups are looking toward retaining information for longer periods of time, maintaining the security and privacy of these records becomes more important. For these and many other reasons, USACM noted security as one of the principles behind the privacy recommendations we released this summer, which you can find at:


USACM is the U.S. Public Policy Committee of the Association for Computing Machinery (ACM). ACM is an educational and scientific society uniting the world’s computing educators, researchers and professionals to inspire dialogue, share resources and address the field’s challenges. ACM strengthens the profession’s collective voice through strong leadership, promotion of the highest standards, and recognition of technical excellence. ACM supports the professional growth of its members by providing opportunities for life-long learning, career development, and professional networking.

For more information about USACM and ACM, see:


For earlier editions of the ACM Washington Update, see


To subscribe to ACM’s Washington Update newsletter, send an e-mail to with “subscribe WASHINGTON-UPDATE “First Name” “Last Name” (no quotes) in the body of the message.

To unsubscribe, simply include the “SIGNOFF WASHINGTON-UPDATE” command in an email to