ACM Washington Update, Vol. 13.4 (May 6, 2009)

By David Bruggeman
May 7, 2009


[1] Newsletter Highlights
[2] Proposed Legislation Would Expand Federal Reach Into Cybersecurity
[3] White House Cybersecurity Review Complete
[4] U.S. Government’s Chief Technology Officer Announced
[5] Federal Trade Commission Proposes Electronic Health Records Breach Rules
[6] President Obama Addresses The National Academies On His Policy Goals For Science
[7] President Obama Announces Key Advisors on Science and Technology
[8] About USACM

[An archive of all previous editions of Washington Update is available at]


In April many, but not all, of the notable Washington events surrounded appointments in Obama Administration. There are more details on each item below, as well as on our weblog at

* Senator Jay Rockefeller (D-WV), Chairman of the Senate Commerce, Science and Transportation Committee, introduced a bill that would substantially increase the role of the federal government in cybersecurity issues.

* The White House completed a 60-day review on cybersecurity, which is expected to be made public soon.

* The Obama Administration appointed Aneesh Chopra, Virginia’s Secretary of Technology as Chief Technology Officer, a new federal position.

* The FTC proposed a rule about notification to consumers in light of a security breach involving electronic health information.

* President Obama addressed the National Academies committing to several specific goals for science, technology and education, including that domestic research and development funding should be 3 percent of total Gross Domestic Product.

* President Obama announced the new membership of his President’s Council of Advisors on Science and Technology (PCAST).


At the beginning of April, Senator Rockefeller (D-WV) introduced a bill (S.773) that would increase the role of the federal government in cybersecurity. Requirements of the bill include:

* the National Institute of Standards and Technology (NIST) will develop national cybersecurity standards,

* require the licensing and certification of cybersecurity professionals in a fashion similar to other major professions,

* the National Telecommunications and Information Administration (NTIA) will develop a secure internet addressing system,

* increased federal support of cybersecurity research, and

* the development of a periodic review of national cybersecurity similar to the Quadrennial Defense Review.

With the completion of Obama Administration’s 60-day cybersecurity review (the public release of this review is pending, see next story), the Administration’s interests may prompt revisions in the bill. Some provisions of the bill as currently written will significantly increase the control the U.S. government will have over the internet, which has raised some concerns.

The full text of the bill can be read at THOMAS


Melissa Hathaway, Acting White House Cyberspace Director, recently completed a 60-day review of U.S. cybersecurity policy. The review was requested by the Obama Administration in recognition of the challenges and opportunities America faces in the global digital infrastructure. The announcement for the review in February as well as the recent resignation of the director of the Homeland Security Department’s National Cybersecurity Center raised concerns and various speculations about the management of cyberspace policy. One speculation was that the National Security Agency was expanding its authority in this area. The NSA Director downplayed those reports, noting that the agency has cybersecurity responsibility for the U.S. military. Civilian cybersecurity responsibility is currently with a division of the Department of Homeland Security.

It appears that the review will recommend giving the White House more responsibilities. Ms. Hathaway noted at the RSA computer security conference that the review, “provides…recommendations for a White House organizational structure that can effectively addresses cyberspace-related issues.” Following Presidential review the report will be made public.

More can be read on Melissa Hathaway’s remarks at:


On April 18th, Aneesh Chopra was appointed by the Obama Administration to the newly created position of Chief Technology Officer (CTO). The responsibility of the CTO is to ensure that our government and all its agencies have the right technological infrastructure, policies, and services for promoting technological innovation. As Chief Technology Officer, Mr. Chopra will serve as both an Assistant to the President and as Associate Director for Technology at the Office of Science and Technology Policy (OSTP). Aneesh Chopra formerly held the position of Virginia’s Secretary of Technology where he led Virginia’s strategy to leverage technology, promote innovation, and foster economic development using technology.

The Chief Technology Officer position is a new job, created by the Obama Administration, with an eye toward leveraging technology in the service of policy objectives. The CTO will work closely with the Chief Information Officer and Chief Performance Officer in the exercise of this objective. Mr. Chopra will start immediately as the CTO, but requires Senate confirmation for his OSTP position.


On April 16 the Federal Trade Commission (FTC) called for a rule requiring entities to inform consumers and the FTC if the security of electronic health information has been breached. By breached they mean any unauthorized access to personal health records. The entities covered under the proposed rule include vendors of personal health records (PHRs), PHR-related entities, and third party service providers. The proposed rule clearly defines time restrictions and guidelines for the notification process.

Parts of the Recovery and Reinvestment Act of 2009 (the stimulus legislation) prompted this proposed rule. The legislation requires the FTC to prepare a report (in conjunction with the Department of Health and Human Services) on potential privacy, security, and breach notification requirements for vendors of health information and related entities. The rule would probably be in place only until this report sets guidelines about breach notification requirements.

Currently the FTC is seeking feedback from the public on the proposed rule. Comments are due on June 1. For more information read:

USACM strongly supports notice provisions as part of an effective privacy policy, which are included in our privacy recommendations:


On April 27th, President Obama spoke before the National Academies during the National Academy of Science’s Annual meeting. This was only the fourth time an acting President has addressed the Academy’s annual meeting since it was chartered in 1863. President Obama included several policy goals in his address, including:

* The U.S. will devote more than 3 percent of GDP to research and development.

* Doubling the budgets for the National Science Foundation, the National Institute of Standards and Technology, and the Department of Energy’s Office of Science.

* Tripling the number of graduate research fellowships at the National Science Foundation.

* Making the research and experimentation tax credit starting with the Administration’s FY 2010 budget.

* The Advanced Research Projects Agency for Energy (ARPA-E), will be funded in the FY 2010 budget. The agency will try to replicate the high-risk, high-reward model of DARPA in the Defense Department.

* The establishment of challenge grants to encourage states to increase improvements in their STEM education.

* To regain the highest proportion of college graduates in the world by 2020.

You can find the full text of the speech here:


On the same day as the National Academy of Sciences annual meeting, President Obama announced the full membership of his President’s Council of Advisors on Science and Technology (PCAST). The role of PCAST is to advise the President and Vice President and create policy that works for the American people in the many areas where understanding of science, technology, and innovation is key to strengthening our economy. PCAST is part of the Executive Office of the President and is administered by the Office of Science and Technology Policy. It includes the nation’s leading scientists and engineers, some of whom have previous government experience. Three members have computing experience: Craig Mundie (Chief Research and Strategy Officer at Microsoft), William Press (Professor of Computer Science at the University of Texas), and Eric Schmidt (Chief Executive Officer of Google).

A full list of all the members and their backgrounds can be found at:


USACM is the U.S. Public Policy Committee of the Association for Computing Machinery (ACM). With over 88,000 members, ACM is the world’s largest educational and scientific computing society, uniting educators, researchers and professionals to inspire dialogue, share resources and address the field’s challenges. ACM strengthens the computing profession’s collective voice through strong leadership, promotion of the highest standards, and recognition of technical excellence. ACM supports the professional growth of its members by providing opportunities for life-long learning, career development, and professional networking.

USACM acts as the focal point for ACM’s interaction with the U.S. Congress and government organizations. It seeks to educate and assist policy-makers on legislative and regulatory matters of concern to the computing community.

For more information about USACM and ACM, see:


For earlier editions of the ACM Washington Update, see:


To subscribe to ACM’s Washington Update newsletter, send an e-mail to with “subscribe WASHINGTON-UPDATE “First Name” “Last Name”
(no quotes) in the body of the message.

To unsubscribe, simply include the “SIGNOFF WASHINGTON-UPDATE” command in an
email to

As an alternative, enter your email address at and we’ll remove you.

If in the future you’d like to re-subscribe, please enter your address at