ACM Washington Update, Vol. 12.11 (December 4, 2008)

By David Bruggeman
December 4, 2008


[1] Newsletter Highlights
[2] George Mason University E-Mail System Compromised
[3] Electronic Voting Machines Produce Some Problems, But No Meltdown
[4] Computers, Freedom and Privacy Conference Wants Your Proposals
[5] USACM Chair Concerned About Information Security Curricula
[6] Final E-Verify Rule Issued for Federal Contractors
[7] About USACM

[An archive of all previous editions of Washington Update is available at]


In this edition of the newsletter, we reflect on the mechanics of the election, along with other issues of concern in Washington and across the country. There are more details on each item below, as well as on our weblog at

* In an apparent attempt to suppress student turnout in the election, the George Mason University e-mail system was compromised when a fraudulent email was sent purporting to be from the university’s provost.

* While there were some problems with electronic voting machines in precincts across the country, there were no catastrophes in this past election.

* The Computers, Freedom and Privacy (CFP) Conference is looking for proposals for its June 2009 conference.

* USACM Chair Eugene Spafford raises concerns about information security education in a recent article for CSO Magazine. Among other issues addressed is the shift away from needed skills in higher education curricula.

* A final rule was announced requiring contractors and subcontractors to use the E-Verify system to electronically verify employment eligibility. The rule fails to address the concerns USACM has about the system.


Early on Election Day morning (1:16 AM), George Mason University’s e-mail system sent a message to students under the Provost’s name stating that the Election Day had been moved to November 5. At 8:08 AM the Provost’s office sent out a message noting the false message and reminding students that November 4 was Election Day. It is unclear how many students received this fake message or acted on the false information.

Based on a very preliminary analysis by some of USACM’s members, it appears that the original e-mail was forged. E-mails can be forged if the SMTP (Simple Mail Transfer Protocol) mail server does not require adequate authentication. See CERT’s website on e-mail forging for more information.

Obviously this is a very serious issue that likely violates several federal and state laws. The Electronic Privacy Information Center just released a report on deceptive electronic campaign practices. This incident seems to fit squarely into the issues raised by that report, which can be read at:


While some federal races are still involved in recounts, and others have runoff elections this week, the 2008 election was notable for its lack of a dispute over election machines that may affect the election outcomes. USACM members and ACM staff were observing activity throughout the country and noted the problems and issues with electronic voting in several media articles and interviews. We outlined these issues in a press release, which can be read online at:

Some of the press coverage of USACM and the election can be found in the ACM Press Room. Enter the pressroom at:

In addition, look at the articles between November 4 and November 7. These articles include comments from USACM Chair Eugene Spafford, and USACM members Alec Yasinsac and Barbara Simons.


The Computers, Freedom and Privacy (CFP) Conference recently issued a call for proposals for its 19th conference, slated for June 1-4, 2009 in the Washington, D.C. area. Proposals are due December 19, 2008. The full CFP call is available at:

The conference organizers intend to take advantage of the new administration and conference location to shape their agenda. The conference web page, available at:

provides a more complete description of what’s in store.


USACM Chair Eugene Spafford recently made predictions about the information security curriculum in American higher education for CSO Magazine. His comments can be read online at:

According to Spafford, information security is like most areas of information technology where there is often more demand than students available. In the areas of cyber forensics and information, the curriculum has shifted away from some of the lower-level (machine-specific) skills that are needed in those specialties. This can pose a challenge for some employers seeking students with the right combination of skills. Unfortunately, these skills are not well integrated into existing computer science curricula and existing courses are not universally available. Read more about Dr. Spafford’s thoughts on information security curricula and other predictions made in this CSO magazine series, online.


Under a final rule published November 14, certain federal contractors and subcontractors will be required to use e-Verify, an electronic employment verification system, starting early next year. The regulation applies to certain contractors and subcontractors of the Defense Department, the National Aeronautics and Space Administration and the General Services Administration. It will take effect January 15. The text of the rule is available at:

The major changes, since the initial rule was announced in June, are new deadlines and altered thresholds in determining how relevant federal contracts must address the program. Any contracts worth $100,000 or more must use e-Verify (increased from $3,000). Many deadlines in the initial rule have been extended. For instance, contractors enrolling for the first time will have 90 days instead of 30 to start using the system.

While the changes will make the program less onerous for many, particularly small businesses, there are still many issues with a large database such as the ones E-Verify will use. USACM has provided testimony on this issue, and our concerns have not changed. E-Verify will be a continued concern going into the new year and administration, and we will continue to watch developments.


USACM is the U.S. Public Policy Committee of the Association for Computing Machinery (ACM). With over 88,000 members, ACM is the world’s largest educational and scientific computing society, uniting educators, researchers and professionals to inspire dialogue, share resources and address the field’s challenges. ACM strengthens the computing profession’s collective voice through strong leadership, promotion of the highest standards, and recognition of technical excellence. ACM supports the professional growth of its members by providing opportunities for life-long learning, career development, and professional networking.

USACM acts as the focal point for ACM’s interaction with the U.S. Congress and government organizations. It seeks to educate and assist policy-makers on legislative and regulatory matters of concern to the computing community.

For more information about USACM and ACM, see:


For earlier editions of the ACM Washington Update, see:


To subscribe to ACM’s Washington Update newsletter, send an e-mail to with “subscribe WASHINGTON-UPDATE “First Name” “Last Name”
(no quotes) in the body of the message.

To unsubscribe, simply include the “SIGNOFF WASHINGTON-UPDATE” command in an
email to

As an alternative, enter your email address at and we’ll remove you.

If in the future you’d like to re-subscribe, please enter your address at