ACM Washington Update, Vol. 13.9 (December 7, 2009)

By David Bruggeman
December 8, 2009


[1] Newsletter Highlights
[2] Computer Science Education Week Launches
[3] Cybersecurity Receives Congressional Attention
[4] Data Security Bills Approved by Senate
[5] Google Revises Google Books’ Settlement Agreement
[6] PASS ID Legislation Moving Forward
[7] Call for Papers: ACM Computers, Freedom and Privacy (CFP) Conference
[8] About USACM

[An archive of all previous editions of Washington Update is available at]


There are more details on each item below, as well as on our weblog at

* ACM partners with major players in the computing field, launching the first-ever Computer Science Education week on the heels of Congressional designation of the week.

* With cybersecurity legislation stalled, committees continue to hold hearings on the matter.

* The Senate Judiciary Committee approved the Personal Data Privacy and Security Act of 2009 and the Data Breach Notification Act.

* Google Books has received preliminary approval on a revised settlement agreement.

* PASS ID, a proposed alternative to REAL ID, moves forward in Congress.

* The 2010 ACM Computers, Freedom and Privacy (CFP) Conference has issued its call for participation.


Supported by ACM and its partners, Computer Science Education Week (CSEdWeek), December 6-12, recognizes the critical role of computing and the need to expose more students to the opportunities computer science presents.

The central hub for CSEdWeek is its website,, which has now launched. The site houses computer science curriculum guides, data, research, posters, brochures, videos, and the opportunity to join the conversation through social media channels.

ACM invites you to tour the site at your earliest opportunity, and to help spread the word by posting the CSEdWeek logo on your organization’s website (

CSEdWeek is a joint effort led by ACM with the cooperation and deep involvement of the Computer Science Teachers Association, the Computing Research Association, the National Center for Women & Information Technology, the Anita Borg Institute, the National Science Foundation, Google, Inc., Intel, and Microsoft.


While various cybersecurity bills have circulated the halls of Congress most of this year, two Congressional subcommittees held hearings on cybersecurity issues in October. The Subcommittee on Technology and Innovation of the House Science and Technology Committee focused on cybersecurity and the National Institute of Standards and Technology. Hearing testimony from the Director of NIST’s Information Technology Lab and cybersecurity professionals at universities and in industry, the subcommittee was focused on what NIST has done in the past related to cybersecurity and how the Administration’s Cybersecurity Review would affect the agency. The witnesses generally considered NIST to be working effectively in research and standards setting in cybersecurity, but there was some concern that the proposed reorganization of the Information Technology Lab had some problems (it has since been put on hold). The subcommittee approved a bill to give NIST responsibility for international cybersecurity standards and other cybersecurity coordination responsibilities. The full House Science and Technology Committee later combined that bill with another cybersecurity bill that extends and expands support for cybersecurity research and development, including the Scholarship for Service program.

The Federal Financial Management, Government Information, Federal Services, and International Security subcommittee of the Senate Homeland Security and Government Affairs Committee held a hearing that focused on the current implementation of federal cyber security reporting. Senator Carper of Delaware, who chaired the hearing, feels that the implementation of that law, the Federal Information Security Management Act (FISMA), has been ineffective and does not adequately protect federal compute systems from intrusions. One of the witnesses was the Congressman responsible for writing FISMA, and he agreed that the bill and its implementation need improvement. One of the witnesses from the Department of State discussed a possible alternative to current reporting requirements – a continuing monitoring system that led to significant risk reduction. Independent of changes in the law, the Office of Management and Budget has changed how FISMA information is collected, and is working on developing better outcome focused metrics. The are also examining what the State Department has done to see how well it can be used at other agencies.

With the number of cybersecurity bills being considered by several different committees increasing, it is unclear exactly which bills will advance to be considered by either the House or the Senate, and when that might take place. Should this uncertainty continue, it might be the case that more definitive action in cybersecurity will happen in the executive branch rather than in Congress.


In early November, the Senate Judiciary Committee passed two bills related to Data Security: the Personal Data Privacy and Security Act of 2009, S. 1490, and the Data Breach Notification Act, S. 139. The Personal Data Privacy and Security Act of 2009 increases the penalties for identity theft and requires data brokers to better protect the information they handle. The bill also requires the Federal Trade Commission, the General Services Administration, and the U.S. Sentencing Commission make changes to their policies to reflect the standards and procedures described in this act. Further details on the bill can be found at:

The Data Breach Notification Act requires that any federal agency or business entity that uses, accesses, or collects sensitive personally identifiable information must notify the people affected by a data breach. Further details on the bill can be found at:


A class action lawsuit was initiated against the Google Books Project in 2005. The project would allow Google Books to scan books, index them, and make either snippets or the whole work available online. The project raised concerns over copyrights and orphan works, works still under copyright yet nearly impossible to find the proper rights holders. A preliminary settlement agreement was proposed in 2008 and after objections from various groups, has been revised.

The new proposed agreement will scale back the number of foreign books covered by the project, have royalties for orphan books administered by a trustee rather than a registry, and increase opportunities for potential competitors.

Parties have until January 28, 2010 to submit their objections, which will be considered at a hearing in late February. The full amended agreement can be read at:


PASS ID, S. 1261, is a bill introduced in June as an attempt to break through the impasse over implementing REAL ID. That law, passed as part of a budget bill in 2005, was intended to tighten the security of drivers’ licenses and state-issued identification cards to combat terrorism. However, several states have balked at implementing the legislation.

USACM expressed its concerns with the REAL ID legislation in an issue brief, noting that the legislation was badly designed and introduced too many risks to the security and privacy of personal information.

PASS ID attempts to address some of the security and privacy concerns from REAL ID, yet it lacks the improvements made to REAL ID through the rule-making process. Some provisions of PASS ID will improve the privacy protections and oversight of identity card information compared to REAL ID. However, other changes would increase the trend toward establishing real-time database information sharing, raising concerns that PASS ID will be a de facto national identification card (concerns that are present for REAL ID as well).

Due to implementation deadlines coming up within the next few weeks for REAL ID, there is pressure in Congress to approve PASS ID quickly. How quickly will depend on how fast the Senate finishes its work with health care reform legislation.

USACM’s comments on READ ID can be read at:


The 20th annual ACM Computers, Freedom and Privacy (CFP) Conference will be held June 15-18, 2010 in San Jose, California. This 2010 conference theme is Computers, Freedom and Privacy in the Networked Society. This past month a call for participation was released, requesting proposals for sessions and topics as well as volunteers to help with organizing and publicity. The early bird proposal deadline is December 1, 2009 and the final deadline is January 31, 2010. Proposals/topics can cover a variety of areas including: social networks, cloud computing, accessibility, and open source.

For more information on the CFP conference and to participate go to:


USACM is the U.S. Public Policy Committee of the Association for Computing Machinery (ACM). ACM, the Association for Computing Machinery, unites computing educators, researchers and professionals to inspire dialogue, share resources and address the field’s challenges. ACM strengthens the computing profession’s collective voice through strong leadership, promotion of the highest standards, and recognition of technical excellence. ACM supports the professional growth of its members by providing opportunities for life-long learning, career development, and professional networking.

USACM acts as the focal point for ACM’s interaction with the U.S. Congress and government organizations. It seeks to educate and assist policy-makers on legislative and regulatory matters of concern to the computing community.

For more information about USACM and ACM, see:


For earlier editions of the ACM Washington Update, see:


To subscribe to ACM’s Washington Update newsletter, send an e-mail to with “subscribe WASHINGTON-UPDATE “First Name” “Last Name”
(no quotes) in the body of the message.

To unsubscribe, simply include the “SIGNOFF WASHINGTON-UPDATE” command in an
email to

As an alternative, enter your email address at and we’ll remove you.

If in the future you’d like to re-subscribe, please enter your address at