USACM

SUMMARY OF ACM AND USACM

2001 POLICY ACTIVITIES

 

As of December 31, 2001

 

• In January, USACM joined the Electronic Privacy Information Center, Computer Professionals for Social Responsibility, and others in sending a letter to the U.S. Department of Commerce regarding the Internet Corporation for Assigned Names and Numbers (ICANN) approval of seven new generic top-level domain names (gTLDs).  The letter raised two concerns with ICANN’s action.  First, USACM and the others argued that any decision by the Department of Commerce to decide such an important matter of public policy without adherence to principles of notice and public participation embodied in the Administrative Procedure Act (U.S. law) would be wrong as a matter of principle.  Second, USACM and the others argued that the processes used by ICANN to choose this particular group of seven registry operators were inadequate.  The letter may be found at: <http://www.aclu.org/congress/l011601a.html>.

• On February 20, ACM opened a new public policy office in Washington, D.C.  The policy office works closely with USACM, ACM headquarters staff, and the research community to educate policy makers and provide a deeper understanding of computing and information technology policy issues.  In addition, the policy office informs the ACM membership of relevant policy and regulatory developments of interest to the community.  The office is located at the headquarters of the Computing Research Association, 1100 Seventeenth Street, NW, Suite 507, Washington, D.C., 20036.  Jeff Grove, former Staff Director of the House Science Committee's Subcommittee on Technology, was hired to direct the operations and activities of the office.  For more information, contact the ACM Policy Office at (202) 659-9711.  To review the ACM statement announcing the public policy office, see: <http://acm.org/announcements/grove.html>.

• USACM sent a letter in April to the House Committees on Judiciary and Commerce and the Senate Judiciary Committee advising Congress to recognize and preserve the legitimate needs of academic, professional, scientific and ordinary users of data during consideration of legislation to provide new legal protection for databases.  The USACM letter resulted in a invitation for the ACM Public Policy Office to take part in eight sessions of the House Database Protection Working Group, a group of database users and producers advising Congressional staff on the policy issues associated with database legislation.  The USACM letter may be read at: <http://www.acm.org/usacm/IP/dbase-fjs.html>.

• USACM issued a press statement in May critical of the U.S. copyright law known as the DMCA.  In the release, USACM states that the DMCA interferes with non-infringing, legitimate science and research beyond simply prohibiting copyright infringement by placing overly broad restrictions on technology and communication.  The statement was issued after a team of computer scientists - led by ACM member Edward Felten - opted to cancel the presentation of an academic paper at a workshop that could have resulted in a lawsuit under the DMCA.   The USACM press release is available at:

<http://www.acm.org/usacm/IP/DMCA-release.html>.

• In May, USACM sent a letter to the House Committee on Science making certain policy recommendations regarding voting technology and standards.  The letter was inserted into the official record of a House Committee on Science hearing.  Legislation was introduced and approved by the Science Committee that is consistent with certain USACM recommendations (H.R. 2275).  In particular, H.R. 2275 requires a panel of state and local election officials and technical experts to establish new standards to ensure the “accuracy, integrity, security and usability” of voting systems.  The legislation also requires voting products and systems to be tested and certified for conformance to the standards.  Finally, H.R. 2275 directs the government to establish a program for R&D in areas including computer and data storage security, voter privacy protection, automated voting systems, as well as human factors - including assistive technologies for persons with disabilities.  A copy of the USACM letter on voting technologies may be found at: <http://www.acm.org/usacm/voting-letter.html>. 

• The ACM Policy Office was successful in securing an invitation for USACM member Rebecca Mercuri to testify for the House Science Committee’s hearing regarding voting technology and standards held on May 22, 2001.  Dr. Mercuri’s testimony is available at:<http://www.house.gov/science/full/may22/mercuri.htm>.

• On June 14, USACM was a co-convener of a Carnegie Mellon University workshop in Washington, D.C.  Attendees included Rep. Sherwood Boehlert (R-N.Y.), Rep. Vernon Ehlers (R-Mich.), Rep. Rush Holt (D-N.J.), Rep. Amo Houghton (R-N.Y.), and Sen. Jay Rockefeller (D-W.Va.). The workshop discussed ways to provide Congress with advice on science and technology policy.  Prior to its elimination in 1995, the Office of Technology Assessment (OTA) provided technical advice to Congress for over 20 years.  During the FY2002 budget process, Congress allocated $500,000 for a pilot effort to advise Congress on science and technology through the General Accounting Office.

• In July, USACM sent a letter to the American Association of Publishers (AAP) informing them of ACM’s opposition to the anti-circumvention provisions of the Digital Millennium Copyright Act (DMCA).  As ACM is a member of AAP, the USACM letter also mentioned concerns with AAP’s public statement hailing the U.S. Department of Justice's arrest of a Russian cryptographer for allegedly violating the anti-circumvention provisions of the DMCA.  Finally, the letter urged AAP to reconsider their policy position and inquired if they share the concerns that ACM and other professional societies and research leaders have expressed regarding the DMCA's chilling effect on research and scientific freedom. A copy of the USACM letter to AAP is available at:

<http://www.acm.org/usacm/IP/AAP-letter.html>.

• In July, USACM sent a letter to Senator Feinstein (D-CA), the chair of the Senate Judiciary Committee’s Subcommittee on Technology, Terrorism, and Government Information.  In the letter, USACM informs Senator Feinstein that ACM has consistently opposed the anti-circumvention provisions of the DMCA.  In particular, USACM pointed out that the overly-broad provisions of the law impede the progress of research in cryptography and other computer security areas by criminalizing multi-use technologies rather than narrowly penalizing infringing behavior. USACM recommended that the anti-circumvention provisions of the legislation be revised to restrict only circumvention directly involved in infringement.  The USACM letter to Senator Feinstein may be found at: <http://www.acm.org/usacm/IP/dmca-feinstein-letter.html>.

• In July, USACM sent a letter to the Secretary of the U.S. Department of Commerce concerning the agency’s proposal to enter into a contract for the management and coordination of .US top-level domain names (usTLDs).   USACM is concerned the proposal is based on administrative continuity rather than on building a secure policy foundation for the future use of the usTLD.  USACM recommends the proposal be rescinded and revised after more complete consultation with the U.S. Internet community.  The ACM Policy Office, working with the ACM Internet Governance Project, met with Congressional staff to elevate the concerns.  The meetings resulted in five Members of Congress writing to the Department of Congress echoing USACM’s concerns.  A copy of the USACM letter regarding usTLDs may be found at:

<http://www.acm.org/usacm/IG/usTLD-letter.html>.

• In August, ACM and USACM sent a letter to the United States Trade Representative concerning the draft Free Trade Area of the Americas (FTAA) treaty's intellectual property provisions.  As drafted, the treaty requires nation-signatories to enact local copyright legislation that mandates strict anti-circumvention measures similar to or even expanding similar restrictions imposed in the U.S. by the Digital Millennium Copyright Act (DMCA).  ACM and USACM wrote that the anti-circumvention provisions of the draft FTAA treaty unjustly harm the freedom of computer scientists to engage in research fundamental to the progress of innovation.  A copy of the letter may be found at:

            <http://www.acm.org/usacm/IP/ftaa-rep-letter.html>.

• On August 13, ACM submitted a declaration in federal court regarding the legal
  challenge to the Digital Millennium Copyright Act (DMCA) in the Felten v. RIAA lawsuit. ACM's declaration seeks to help the court understand the practical effect of the issues at stake in this case.  "It is imperative for the court to understand that the application of any law that may limit the freedom to publish research on computer technology will impose a cost on the academic community, the process of scientific discourse, and society in general," stated Dr. John R. White, ACM's Executive Director, in the declaration. "We believe the threat of litigation under the DMCA will have a profound chilling effect on analysis, research, and publication."   A copy of ACM’s declaration may be found at: <http://www.acm.org/usacm/copyright/felten_declaration.html>.

A copy of ACM’s press statement regarding the declaration may be found at:

<http://www.acm.org/announcements/felten_press_release.pdf>.

• In August, the Co-Chairs of the USACM nominated Dr. Susan Landau for appointment to the Computer System Security and Privacy Advisory Board (CSSPAB) of the National Institute of Standards and Technology (NIST).  Dr. Landau has been a valued contributing member of ACM for many years and serves on the ACM Committee on Law and Computing Technology.  USACM believes Dr. Landau offers the CSSPAB an unique combination of communications security experience from her long and distinguished career in industry and academia, coupled with exceptional academic credentials.  In 1994, Dr. Landau served as the first author of a landmark study produced by USACM of the public policy issues related to communications security entitled: “Codes, Keys, and Conflicts: Issues in U.S. Crypto Policy.” 

• On September 20, USACM sent a letter to President George W. Bush and all 535 Members of the U.S. Congress in reaction to the shocking acts of terror perpetrated against America on September 11, 2001.  While denouncing the attacks, USACM urged policy-makers to exercise caution in formulating legislative and regulatory responses so as to avoid unintended consequences that may actually serve to damage the progress of science, economic growth, and the overall security of our infrastructure.  USACM offered its significant technical expertise and leadership in the areas of computing, networking, security, cryptography, and privacy to assist policy-makers in their efforts to ensure the safety and security of our citizens.   USACM's letter to U.S. policy-makers is posted at: <http://www.acm.org/usacm/congress-letter.html> .

• In a September letter to Members of the U.S. Senate, USACM advised Congress that imposing weakened encryption would endanger the public and damage the U.S. economy.  USACM cautioned that the imposition of escrow and recovery forms of encryption are difficult to get right, unproven in widespread use, offer new weaknesses that can be exploited, and are prohibitively expensive to retrofit into the infrastructure. Furthermore, USACM warned that enacting controls on encryption will do little to limit its worldwide use except to prevent U.S. companies from selling their products to law-abiding customers - including law enforcement, financial services, and critical infrastructure operators. The USACM encryption letter may be found at:

<http://www.acm.org/usacm/crypto/gregg-crypto-letter.html>.  

A corresponding USACM press release on encryption is available at: http://www.acm.org/usacm/crypto/gregg-crypto-press-release.html.

• In September, USACM sent a letter to members of a key Senate committee regarding proposed legislation known as the Security Systems Standards and Certification Act (SSSCA).  The proposal requires computer and electronics manufacturers to include digital watermark technology or other copyright-protection technologies in the production of certain products and multi-use devices.  USACM is concerned that intellectual property laws like the Digital Millennium Copyright Act and the proposed SSSCA might have more far-reaching and damaging effects on computer security research, particularly as our nation attempts to enhance the security of our infrastructure and prevent acts of
  terrorism.  In addition to outlining several specific concerns with the proposal, USACM concluded that well-intended but misguided legislative efforts which focus on constraining or outlawing technology instead of penalizing behavior can only serve to weaken our educational systems, impede our technological dominance, and interfere with our electronic security. The USACM letter to Chairman Fritz Hollings of the Senate Committee on Commerce, Science and Transportation regarding the SSSCA is posted at: <http://www.acm.org/usacm/SSSCA-letter.html>.

• An October 9, the ACM Policy Office expanded by adding Ms. Lillie Coney to a newly created position of public policy coordinator.  Ms. Coney most recently served as the Senior Special Assistant to Congresswoman Sheila Jackson Lee (D-TX), where she worked on a variety of science, technology and education issues and projects.  As a public policy coordinator, Ms. Coney will work with the Director of the ACM Public Policy Office to coordinate and advance the policy efforts of ACM's U.S. Public Policy Committee (USACM).  Ms. Coney can be reached at (202)659-9711.

• In October, USACM sent a letter to the Florida State Legislature during their consideration of the Uniform Computer Information Transactions Act (UCITA).  The controversial software licensing legislation has been criticized by several groups - including USACM - because it seeks to legalize shrink-wrap licenses that prohibit reverse engineering and the publication of benchmarking articles that compare the quality of commercially available software products.  Since the legislation was passed in Maryland and Virginia last year, progress has stalled as the legislation has been stopped in all other states where it has been introduced.  The USACM letter to the Florida State Legislature may be found at:

            <http://www.acm.org/usacm/UCITA_Letter.htm>.

• In October, USACM sent letters to the Chairs and Ranking Members of the Senate and House Committees on Judiciary and other Congressional leaders that negotiated the provisions of the new Anti-terrorism Law.  In its communications to Congress and meetings with staff, USACM expressed practical concerns regarding the extension of the definition of terrorism to include non-violent computer crimes and other acts seemingly unrelated to terrorism. USACM also suggested that other broad provisions of the Act could unintentionally include legitimate and ordinary behavior by scientists and technicians. Unfortunately, many of USACM's concerns were not addressed.  The USACM letter to Congressional leaders can be found at:

            <http://www.acm.org/usacm/Terrorism_Letter.htm>.

• On October 10, USACM Co-Chair Dr. Eugene H. Spafford represented USACM at the House Committee on Science's hearing entitled, "Cyber Security - How Can We Protect American Computer Networks From Attack?"  Dr. Spafford stressed the importance of our nation developing a long-term view of cyber security.  Five particular areas of importance were listed by Dr. Spafford, including: support for research, development of infrastructure, access to real-world data, personnel shortages, and elimination of legal impediments. Dr. Spafford also advised the 24 Members of Congress in attendance of USACM's concerns with the Digital Millennium Copyright Act's (DMCA) chilling effect on analysis, research, and publication.  Finally, he warned that USACM is concerned that the Security Systems Standards and Certification Act (SSSCA) may further restrict what research is conducted in information security.   He concluded that legislation against technology instead of against infringing behavior could only hurt our progress in securing the infrastructure. Dr. Spafford's USACM testimony is available at: <http://www.acm.org/usacm/crypto/spaf.pdf>.

• In October, USACM provided comments and recommendations to the Congressional Internet Caucus and both the House and Senate Judiciary Committees regarding legislative proposals intended to address terrorism.  The first USACM memo addresses the overly-broad definition of "terrorism" in the Administration's proposal that includes many non-violent computer crimes and potentially legitimate computer security research and communication activities.  The second USACM memo raises concerns regarding legislative efforts to revise government controls on strong encryption.  Finally, a third USACM memo makes certain recommendations to help secure the U.S. computing infrastructure against malicious attacks, whether from terrorists or common criminals.   The three USACM memos may be read at: http://www.acm.org/usacm/.

• On October 31, the USACM Co-Chairs sent a letter to Dr. John H. Marburger congratulating him on his Presidential appointment and Senate conformation as Director of the White House Office of Science and Technology Policy.  In addition, the letter offered USACM’s assistance as the White House considers computing and information technology policy issues.

• On November 16, 2001, Dr. Ben Shneiderman testified on behalf of USACM
  before the House Government Reform Committee's Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations, on issues associated with a national identification system. "Implementing an intricate national identification system is a challenging systems engineering matter. It requires a complex integration of social and technical systems, including humans, hardware, software, networks, and database security. Such socio-technical systems are always vulnerable to error, breakdown, sabotage and destruction by natural events or by people with malicious intentions," noted Dr. Shneiderman in his testimony.  In response to suggestions by vendors and other supporters of a national identification system that cards will effectively authenticate the identity of individuals, Dr. Shneiderman stated, "The positive identification of individuals does not equate to trustworthiness or lack of criminal intent." To view Dr. Shneiderman's USACM testimony, see: <http://www.acm.org/usacm/National.htm>.

• In December, ACM announced the formation of a new Advisory Committee on Security and Privacy (ACSP). Led by USACM members Peter Neumann and Eugene H. Spafford, the ACSP brings together a dozen leaders and innovators in the field of privacy and information assurance to serve as a powerful resource for the ACM community and the public at large. Comprising experts from research, industry, academia, and government, the diverse group represents a wide range of viewpoints. The ACSP consists of 12 distinguished members with expertise in information security and assurance, privacy, cybercrime, and allied fields. The group will coordinate with other ACM Committees, including USACM and the ACM Law Committee, to provide objective advice to the computing community, the public at large, and to policy-makers. ACSP is expected to provide statements and testimony on information security and privacy issues, as well as undertaking studies of related topics.  For more information, see the ACSP web site at: <http://www.acm.org/usacm/ACSP/homepage.htm>. 

• On December 6, the Co-Chairs of the ACSP wrote to Dr. Arden L. Bement, Jr., to congratulate him on his confirmation as Director of the National Institute of Standards and Technology (NIST).  The ACSP recognized the historic role in computer security NIST has played by conducting security research on emerging technologies, promoting security assessment techniques, providing security management guidance, and facilitating a greater awareness of the need for security.  ACSP also expressed appreciation for the transparent and thoughtful process NIST followed in working in partnership with industry and the cryptographic community to develop an Advanced Encryption Standard (AES).   ACSP concluded that the approval of AES is good for the government, the information technology industry, and the overall security of the Internet.  The ACSP letter may be read at: <http://www.acm.org/usacm/ACSP/Bement.htm>.