ACM WASHINGTON UPDATE
Association for Computing Machinery
Office of Public Policy
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
October 15, 2001 Volume 5.6
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
POLICY BRIEFS:
USACM Reflects on Tragic Events of September 11, 2001
ACM Fellows Testify Before Congress Regarding Information Security
USACM Advises Congress Regarding Anti-Terrorism Legislation
USACM Urges Congress To Oppose Government Controls On Encryption
Copy Protection Proposal of Concern to USACM
Bush Administration Creates Office for Homeland Security
President Bush Extends Council of Advisors on Science and Technology
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
INTRODUCTION
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
The Association for Computing Machinery is an international professional
society whose 80,000 members (60,000 in the U.S.) represent a critical
mass
of computer professionals in education, industry, and government. The
USACM
provides a means for promoting dialogue on technology policy issues
with
United States policy makers and the general public. The WASHINGTON
UPDATE
reports on activities which may be of interest to those in the computing
and information policy communities and will highlight USACM's involvement
in many of these issues.
To subscribe to the ACM WASHINGTON UPDATE send an e-mail to
listserv@acm.org with "subscribe WASHINGTON-UPDATE" (no quotes) in
the
body of the message. Back issues are available at: <http://www.acm.org/usacm>
For information about joining the Association for Computing Machinery,
see:
<http://www.acm.org/membership/join.html>
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
POLICY BRIEFS
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
USACM REFLECTS ON THE TRAGIC EVENTS OF SEPTEMBER 11, 2001
USACM recently sent a letter to President George W. Bush and all 535
Members of the U.S. Congress in reaction to the shocking acts of terror
perpetrated against America on September 11, 2001. While denouncing
the
attacks, USACM urged policy-makers to exercise caution in formulating
legislative and regulatory responses so as to avoid unintended consequences
that may actually serve to damage the progress of science, economic
growth,
and the overall security of our infrastructure. USACM offered
its
significant technical expertise and leadership in the areas of computing,
networking, security, cryptography, and privacy to assist policy-makers
in
their efforts to ensure the safety and security of our citizens.
To review a copy of USACM's letter to U.S. policy-makers, see the USACM
web
site at: <http://www.acm.org/usacm/congress-letter.html>
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
ACM FELLOWS TESTIFY BEFORE CONGRESS REGARDING INFORMATION
SECURITY AND INTELLECTUAL PROPERTY PROTECTION
On October 10, 2001, testimony was provided at the House Committee on
Science's hearing entitled, "Cyber Security - How Can We Protect American
Computer Networks From Attack?" by ACM Fellows Dr. William A Wulf and
Dr.
Eugene H. Spafford. As Co-Chair of USACM, Dr. Spafford stressed
the
importance of our nation developing a long-term - full spectrum - view
of
cyber security. "We cannot hope to manage our security needs without
a
sustained commitment to the conduct of research -- both basic and applied
-- and the development of new experts," he stated. Five particular
areas
of importance were listed by Dr. Spafford: support for research,
development of infrastructure, access to real-world data, personnel
shortages, and elimination of legal impediments.
Dr. Spafford also advised the 24 Members of Congress in attendance of
USACM's concerns with the Digital Millennium Copyright Act's (DMCA)
chilling effect on analysis, research, and publication. Specifically,
he
noted that the DMCA has led to faculty being threatened with lawsuits
for
publishing their security research, and some faculty (himself included)
foregoing research in security forensics because of the potential for
being
arrested or sued. Dr. Spafford explained that USACM
is further concerned
legislation that is scheduled to be introduced into the Senate, the
Security Systems Standards and Certification Act (SSSCA), may further
restrict what research is conducted in information security.
He concluded
that legislation against technology instead of against infringing behavior
could only hurt our progress in securing the infrastructure.
To review Dr. Spafford's USACM testimony, see the web site:
<http://www.acm.org/usacm/crypto/spaf.pdf>
To review the testimony of ACM Fellow Dr. Wulf, see the web site:
<http://www.house.gov/science/full/oct10/wulf.htm>
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
USACM ADVISES CONGRESS REGARDING ANTI-TERRORISM LEGISLATION
USACM recently provided comments and recommendations to the Congressional
Internet Caucus and both the House and Senate Judiciary Committees
regarding legislative proposals intended to address terrorism.
In its
communication, USACM pointed-out that overly-broad definition of
"terrorism" in the Administration's anti-terrorism proposal potentially
includes many non-violent computer crimes currently considered vandalism
or
"ordinary" criminal behavior. The legislative proposal is also
problematic
as ordinary research related behavior by scientists and technicians
could
possibly be considered to be acts supporting terrorism under certain
circumstances. Legislation that has passed both the House and
the Senate
includes the overly-broad definition.
The USACM communication regarding the anti-terrorism proposal may be
read at:
<http://www.acm.org/usacm/terrorist-memo.html>
For further information regarding how the anti-terrorism legislation
may
affect civil liberties, see the web site of the Electronic Frontier
Foundation at:
<http://www.eff.org/Privacy/Surveillance/20010926_eff_wiretap_pr.html>
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
USACM URGES CONGRESS TO OPPOSE GOVERNMENT CONTROLS ON
ENCRYPTION
In a letter to Senator Judd Gregg (R-NH) and other key lawmakers, USACM
advised that imposing weakened encryption would endanger the public
and
damage the U.S. economy. Recently, there have been renewed calls
among
some U.S. lawmakers for restrictions on the use and availability of
strong
encryption products. In particular, Senator Gregg has indicated
support
for legislation to require the establishment of a mandatory key-escrow
system to be installed in encryption products. Key-escrow systems
provide
"backdoors" for encrypted data to be used by government agencies for
law
enforcement and intelligence purposes.
Members of USACM and security experts are concerned about the imposition
of
escrow and recovery forms of encryption for several reasons: they are
difficult to get right, they are unproven in widespread use, they offer
new
weaknesses that can be exploited, and they would be prohibitively expensive
to retrofit into the infrastructure. "Key-escrow systems are inherently
less secure, more costly, and more difficult to use than similar systems
without such features," stated USACM Co-Chair Dr. Barbara Simons. "The
complexity involved in retroactively altering systems to include backdoors
is enormous. Widely-used products, such as the 128-bit browsers common
in
millions of personal computers, could be affected. This approach
is also
counter-productive since potential criminals or terrorists are unlikely
to
use a system that they know to be escrowed by law enforcement."
USACM Co-Chair Dr. Eugene Spafford added, "Strong encryption is fundamental
to the protection of our nation's critical infrastructures. Imposing
weakened forms of encryption is not in the best interests of the
government, or of the people of the United States. Furthermore,
legislation enacting controls on encryption will do little to limit
its
worldwide use except to stop U.S. companies from selling their products
to
law-abiding customers - including law enforcement, financial services,
and
critical infrastructure operators."
The letter to Senator Judd Gregg (R-NH) and other key lawmakers outlining
USACM's concerns may be found at:
<http://www.acm.org/usacm/crypto/gregg-crypto-letter.html>.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
USACM RAISES CONCERNS OVER PROPOSAL TO MANDATE COPY
PROTECTION TECHNOLOGIES
USACM recently sent a letter to members of a key Senate committee regarding
proposed legislation to require computer and electronics manufacturers
to
include digital watermark technology or other copyright-protection
technologies in the production of certain products and multi-use
devices. The legislative proposal is known as the Security Systems
Standards and Certification Act (SSSCA). USACM is concerned that
intellectual property laws like the Digital Millennium Copyright Act
and
the proposed SSSCA might well have more far-reaching and damaging effects
on computer security research, particularly as our nation attempts
to
enhance the security of our infrastructure and prevent acts of
terrorism. In addition to outlining several specific concerns
with the
proposal, USACM concluded that well-intended but misguided legislative
efforts which focus on constraining or outlawing technology instead
of
penalizing behavior can only serve to weaken our educational systems,
impede our technological dominance, and interfere with our electronic
security.
To review a copy of the USACM letter to Chairman Fritz Hollings of the
Senate Committee on Commerce, Science and Transportation, see the USACM
web
site at: <http://www.acm.org/usacm/SSSCA-letter.html>
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
BUSH ADMINISTRATION CREATES OFFICE OF HOMELAND SECURITY
In response to the events of September 11, President Bush appointed
former
Pennsylvania Governor, Tom Ridge, as the first Director of the Office
of
Homeland Security. Ridge will serve as the Assistant to the President
for
Homeland Security with the responsibility of coordinating domestic
security
efforts among 40 federal agencies along with developing clear lines
of
communication between local, state, and federal law-enforcement
agencies. As part of this effort, two new posts have been created:
President's Special Advisor for Cyber Security, to be headed by Richard
(Dick) Clarke, and the National Director and Deputy National Security
Advisor for Combatting Terrorism, to be headed by General Wayne
Downing. Both of these advisors will report directly to Ridge.
Clarke previously served the White House as the first national coordinator
for security, infrastructure protection and counter-terrorism under
President Clinton. As President Bush's Special Advisor on all
matters
related to cyber security, Clarke will head a government-wide board
that
will coordinate the protection of critical infrastructure systems at
federal agencies and in the private sector. In addition, Clarke
has
requested the assistance of telecommunications companies in building
a
government only network in hopes that it would be able to illuminate
external cyber security risks. The project is called "GOVNET",
and would
explore the possibilities of creating a reliable network.
The White House has allocated about $81 million toward the creation
of the
Office of Homeland Security. Since the mission of the Office
will be to
develop and coordinate the implementation of a comprehensive national
strategy to secure the United States from terrorist threats or attacks,
certain jurisdictional or "turf" issues will have to be resolved with
existing agencies charged with similar responsibilities, such as the
FBI-led National Infrastructure Protection Center and the Federal Emergency
Management Agency. In addition, the U.S. Congress needs to take
legislative action to provide long-term budget authority and staff
for the
new office, as well as legislatively recognize its mission and
responsibilities.
President Bush's Executive Order creating the new office may be found
at:
<http://www.whitehouse.gov/news/releases/2001/10/20011008-2.html>
For information about the "GOVNET" proposal, see the web site:
<http://www.fts.gsa.gov/govnet/govnet.doc>
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
PRESIDENT BUSH EXTENDS COUNCIL OF ADVISORS ON SCIENCE
AND TECHNOLOGY
President Bush signed an executive order extending the President's Council
of Advisors on Science and Technology (PCAST), which is charged with
the
responsibility of advising the President on matters involving science
and
technology policy. The 25 members of this advisory committee
will be
appointed by the President, with one member coming from the Federal
Government, to act as co-chair, and the other 24 positions being
nonfederal, one of which will serve as a co-chair. The
requirements for
service on the advisory committee is that all members appointed have
diverse perspectives and expertise in science, technology, and the
impact
of science and technology on the Nation.
To review the executive order extending PCAST, see the web site:
<http://www.whitehouse.gov/news/releases/2001/10/20011001-1.html>
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+