ACM
ACM Opposes Expanding
Legal Protections For Scientific Data
US Enacts New Federal
Spam Law
Senate Expected to Approve
Legislation Targeting Peer-to-Peer Security Risks
New Voting
Legislation Introduced to Require Paper Audit Trails
Computer Scientists
Expose Problems with Internet Voting
NIST Releases New
Security Level Guidance
Department of
Homeland Security Introduces Cyberalerts
OECD Recommends Shift
in Focus of Government R&D Efforts
ACM Members Invited
to Join USACM
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
ACM Opposes Expanding
Legal Protections For Scientific Data
ACM’s governing body has approved a policy statement that opposes the expansion of US legal protections that govern the access and use of data collections. The action came after the issue was presented to the ACM membership. Nearly 5,000 ACM members participated in an online member opinion poll, and more than ninety percent agreed with ACM’s policy statement.
ACM’s policy statement is particularly relevant at this time
since the US Congress is considering legislation that expands legal protections
for collections of data in a manner that could create perpetual ownership
rights in a wide variety of scientific data and factual information. Recognizing that collection, dissemination
and use of such data has been fundamental to the advancement of knowledge,
technology and culture, the ACM statement cautions that new protections would
impose an unwarranted cost on the process of scientific discourse. While ACM is a publisher and maintains an
online digital library, the ACM statement concludes that current
This important policy issue was brought to the attention of
ACM leadership by USACM. USACM has been
working with other scientific societies, public interest groups, and
representatives of information technology companies to educate policymakers and
the public regarding the importance of maintaining the longstanding
To review the USACM web page that chronicles activities related to database protection, see:
http://www.acm.org/usacm/Issues/Database.html
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
US Enacts New Federal
Spam Law
President Bush recently signed into law the nation’s first Federal anti-spam legislation. Known as the “Controlling the Assault of Non-Solicited Pornography and Marketing Act” (CAN-SPAM Act), this new law requires commercial e-mail to include an accurate address of the advertiser and to provide consumers with a way to “opt-out” of future messages. Violators of consumer requests are subject to civil penalties.
The law specifically targets e-mail containing pornographic material by requiring that the subject line contain a yet to be developed Federal Trade Commission (FTC) designated label. Violation of the label requirement may result in federal criminal prosecution under which senders are subject to fines or imprisonment. However, the legislation does contain a reporting requirement that directs the FTC to notify Congress within 18 months regarding the feasibility of requiring an advertisement label in the subject line of all unsolicited commercial e-mail.
One of the more controversial features of the new law is an FTC mandated do-not-spam registry, which is required to be implemented by June of this year. Supporters of the new law view it as an important first step towards addressing the problem of Spam while others believe that the law is counterproductive since it preempts existing and future state level Spam laws.
To review USACM’s Spam/UCE policy statement, see:
http://www.acm.org/usacm/PDF/SPAM.pdf
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Senate Expected to
Approve Legislation Targeting Peer-to-Peer Security Risks
The Senate is expected to approve H.R. 3159, the Government Network Security Act of 2003, which was passed by the House of Representatives last year. The legislation would give Federal agencies six months to develop and implement plans that reduce the security risks caused by peer-to-peer file sharing across Federal networks. The bill also directs the General Accounting Offices to assess the effectives of the peer-to-peer network security plans presented by agencies.
Prior to the recess the Senate Governmental Affairs Committee approved H.R. 3159 without changes to the House sponsored version of the legislation. If the Senate and House both approve the same legislation, it goes directly to the President for his signature into law. H.R. 3159 was introduced by Rep. Tom Davis (R-VA), Chairman, and Rep. Henry Waxman (D-CA), Ranking Member of the House Committee on Government Reform.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
New Voting
Legislation Introduced to Require Paper Audit Trails
Recently, Senator Graham of
Congress recently appropriated $1.5 billion to fund the HAVA
law as part of the Fiscal Year 2004 spending bill now awaiting President Bush’s
signature. The funds support grants to
states to purchase voting technology.
Unfortunately, the bill included no funding for the National Institute
of Standards and Technology’s (NIST) HAVA responsibilities. Under the HAVA law, NIST is responsible for
developing voluntary standards for e-voting technology that would address
security concerns.
To ensure the integrity and reliability of our nation's election process, USACM recommends a strong focus on information assurance in each phase of the election process that employs information technology. Standards and criteria are needed to improved accuracy, integrity, security, and usability of voting systems. Continued R&D in areas including computer and data storage security, voter privacy protection, vote authentication, automated voting systems, as well as human machine interaction factors - including assistive technologies for persons with disabilities - is necessary. Since computers are inherently subject to programming error, equipment malfunction, and malicious tampering, USACM continues to recommend that a voter-verified audit trail be one of the essential requirements for deployment of new voting systems.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Computer Scientists
Expose Problems with Internet Voting
A report authored by computer scientists who participated in a security review of the Department of Defense’s online voting project “Secure Electronic Registration and Voting Experiment” (SERVE) was recently made public.
SERVE is conducting a live Internet voting experiment in 50 counties located in seven states during this Presidential Election year. The experiment will offer voter registration and voting via the Internet to U.S. military personnel and citizens living abroad who have access to a computer equipped with Windows 95, 98, ME, 2000, NT or XP software. Although SERVE is an experiment, all participants’ votes will be counted in both the primary and general elections.
The report recommends that the SERVE project be terminated because of the serious security risk posed by any Internet based voting system. The security flaws exist due to the underlying Internet architecture, which the report states would have to be redesigned prior to implementing a remote voting system. USACM Co-Chair Barbara Simons is a report participant.
Due to security concerns, Republican and Democratic party organizations representing citizens living abroad have signed a joint letter voicing their opposition to SERVE’s use to facilitate voting in the presidential election. They are joined in their opposition by other groups who represent citizens living abroad.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
NIST Releases New
Security Level Guidance
The National Institute of Standards and Technology recently released a draft of "Special Publication 800-60: Guide for Mapping Types of Information and Information Systems to Security Categories" which serves as a component for the guidance and standards required under the Federal Information Security Management Act (FISMA) of 2002.
NIST's security categories are based on draft Federal Information Processing Standard (FIPS) 199, which the division released in September of last year. Under the new guidance, agencies must assign impact levels without considering potential security controls and countermeasures.
NIST also released a draft of Special Publication 800-63, which supports the Office of Management and Budget guidelines by defining four levels of authentication assurance for Federal IT systems. NIST will accept comments on the proposed recommendations until March 15 at eauth-comments@nist.gov.
NIST Officials plan to hold a government-only workshop for
feedback on the draft
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Department of
Homeland Security Introduces Cyberalerts
The Department of Homeland Security (DHS) announced a new Internet Federal alert system designed to protect computer users from Internet based computer attacks. The Federal alert system would eventually provide alerts to computer users through a variety of private and subscription-based services. Initially DHS will provide alerts by e-mail to anyone who registers for the service. The free alerts will be electronically signed to assure users of their authenticity. The program appears to be directed at increasing awareness among less sophisticated computer users regarding security updates and emerging cyber threats.
To register to receive the alerts, see:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
OECD Recommends Shift
in Focus of Government R&D Efforts
The Organization for Economic Cooperation and Development (OECD) Committee for Scientific and Technological Policy (CSTP) held a Ministerial Level meeting to discuss issues in government funded research and development. The OECD committee recommended that government funded research and development needs to be more innovative, socially responsible, and attractive to young researchers.
OECD analysis has found that increases in government research and development in recent years were concentrated mostly in universities, while investments in national laboratories and other non-university research institutions have declined. As governments continue to fund research and development activities, the OECD committee concludes that there needs to be a sustained commitment to involve business and civil society more closely in setting research priorities and to link research funds to identified priority areas. OECD also recommends that governments should allow their research grantees greater autonomy for developing curricula, managing human resources and negotiating research and licensing agreements. OECD concludes that such efforts by governments will help to attract younger students into science and technology related careers.
To review a summary of the OECD’s CSTP meeting that discussed changes to government R&D efforts, see: http://www.oecd.org/cstp2004min
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
ACM Members Invited
to Join USACM
USACM was launched ten years ago to assist policymakers and
the public in developing a deeper understanding of computing and information
technology issues. USACM tracks US public policy initiatives that impact the
professional and career concerns of ACM members, and provides expertise on
these issues to policymakers in
As a result of its work over the ten-year span of its
existence, USACM has built a reputation for credibility, reliability and
objectivity among the technology policy community in Washington as well as the
media that follow these issues. The committee is co-chaired by Eugene Spafford
of Purdue's Center for Education and Research in Information Assurance and
Security, and Barbara Simons, former ACM president and professor of Computer Science
at
USACM continues to be an effective voice for the computing community in the development of laws and regulations affecting both the information technology profession and the practitioners, educators and professionals who populate this community. ACM members interested in public policy issues can participate in policy discussions and contribute to the development of USACM's policy initiatives as a USACM member by sending an email to usacm_dc@acm.org.
ACM members interested in following USACM's work more closely can be included in a separate read-only USACM-info list. This list sends a low volume of email, including relevant USACM announcements, press releases, and other policy items of interest, but recipients are not considered USACM members. USACM leaders moderate both the member list and the read-only list.
For more information about the activities of USACM, see the web page:
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
For earlier editions of the ACM Washington Update, see:
http://www.acm.org/usacm/update/. To subscribe to the ACM WASHINGTON UPDATE
send an e-mail to listserv@acm.org with "subscribe WASHINGTON-UPDATE"
(no quotes) in the body of the message.
Should you wish to stop receiving ACM Washington Update or have
questions, comments, or suggestions regarding public policy issues or USACM
activities, please contact the ACM Public Policy Office located in