ACM WASHINGTON UPDATE Vol. 8.5 (May 28, 2004)
CONTENTS
[1] Pentagon Advisory Committee Issues Report on TIA
[2] Investigation Finds Widespread Government Data Mining
[3] Developments at State Level to Impact Use of Evoting Systems
[4] British Computer Society Raises Concerns Regarding UK Identity Card Proposal
[5] High-End-Computing Revitalization Task Force (HECRTF) Issues Report
[6] David Padgham Joins ACM Policy Office Staff
[1] PENTAGON ADVISORY COMMITTEE ISSUES REPORT ON TIA
On May 18th, the Department of Defense's Technology and Privacy Advisory Committee (TAPAC), which was created in response to the controversy over the Total Information Awareness (TIA) program, issued its final report. Among the report's findings was the conclusion that the TIA program was a "flawed effort to achieve worthwhile ends" and that TIA represented only one of a range of government data mining projects. The committee states that data mining, while being a useful tool in the fight against terrorism, raises significant privacy issues when the personal data of U.S. citizens is involved.
Prior to Congress terminating the TIA program in 2003, USACM recommended rigorous independent review of the technical feasibility and practical reality of the project. While recognizing that research and development in data mining and privacy enhancing technologies are needed, USACM raised concerns with the security, privacy, economic, and personal risks associated with a vast database surveillance system such as TIA.
To review the USACM letter to Congress on TIA, see http://www.acm.org/usacm/Letters/tia_final.html.
TAPAC's final report is available from http://www.sainc.com/tapac/finalReport.htm.
[2] INVESTIGATION FINDS WIDESPREAD GOVERNMENT DATA MINING
The Government Accounting Office (GAO), the investigative arm of the U.S. Congress, has issued a report detailing the results of its survey of federal agencies regarding the use and development of data mining technologies. Despite excluding most classified projects and getting no response from the Central Intelligence Agency and the National Security Agency, the GAO investigation nevertheless turned up 199 data mining projects in 52 federal agencies. The report goes on to state that 120 of the 199 projects collect and analyze significant amounts of personal information (e.g., names, e-mail addresses, Social Security numbers, driver's license numbers, etc.), while 54 of the projects make use of information from the private sector (e.g., credit reports, records of credit card transactions, etc.).
The largest government user of data mining proved to be the Department of Defense, followed by the Department of Education. The justifications for using data mining included such things as improving service or performance; detecting fraud, waste, and abuse; and analyzing scientific and research information. The report concludes that data mining "government and private databases containing personal information creates a range of privacy concerns."
The full text of the GAO report is available at http://www.gao.gov/new.items/d04548.pdf, while a one-page summary can be found at http://www.gao.gov/highlights/d04548high.pdf.
Also, as mentioned above, see USACM's letter regarding the Total Information Awareness (TIA) program, which is available at http://www.acm.org/usacm/Letters/tia_final.html.
[3] DEVELOPMENTS AT STATE LEVEL TO IMPACT USE OF EVOTING SYSTEMS
With just over five months to go until the November elections, confusion and concerns about evoting systems are on the rise.
With the recent decision by the California Secretary of State to decertify certain evoting machines because of their risks and vulnerabilities and the increased scrutiny being directed toward the use of other machines and technologies, several voting precincts in the state are working to implement changes or are challenging the decision. Other states, including Maryland, are considering legislation to require paper-based verification of votes from evoting systems. Meanwhile, many local elections officials complain that managing paper-based verification systems is too difficult and that retrofitted printers are unreliable and likely to cause other problems on election day.
At the federal level, a bipartisan group of members from the U.S. House of Representatives has asked the General Accounting Office to investigate the security and dependability of a number of evoting technologies, such as direct recording electronic (DRE) machines and optical scan machines. No deadline was set for the report, but one official with the House Government Reform Committee said that it could be "available in a matter of months."
Because of the vulnerabilities and risks that have been identified by experts who have studied the issue, USACM continues to recommend that a voter-verified audit trail be one of the essential requirements for deployment of new voting systems. For more information about USACM's evoting activities, see http://www.acm.org/usacm/Issues/EVoting.htm.
To review Wired Magazine's compilation of evoting articles, see http://www.wired.com/news/evote.
[4] BRITISH COMPUTER SOCIETY RAISES CONCERNS REGARDING UK IDENTITY CARD PROPOSAL
The British Computer Society (BCS) has offered evidence to a House of Commons committee on a draft bill regarding a national identity card system (Legislation on Identity Cards: A Consultation [Cm 6178]). Chief among the BCS's concerns is their sense that there does not seem to be a firm statement regarding what the system is meant to achieve. BCS also voiced concerns over how the disabled or those "otherwise incapable of handling the complexities of an identity card" might be affected by the system, which includes the requirement that citizens must provide biometric information upon request.
The BCS press release and statement can be found at http://www.bcs.org/BCS/News/PressReleases/2004/May/IdentityCards.htm.
Also, see USACM congressional testimony by University of Maryland professor Ben Shneiderman on the subject of national identification systems at http://www.acm.org/usacm/National.htm.
[5] HIGH-END-COMPUTING REVITALIZATION TASK FORCE (HECRTF) ISSUES REPORT
The White House Office of Science and Technology Policy's High-End Computing Revitalization Task Force (HECRTF)--chartered under the National Science and Technology Council (NSTC) to develop a plan for undertaking and sustaining a robust Federal high-end computing program to maintain U.S. leadership in science and technology--recently released its "Federal Plan for High-End Computing" report. Among its major conclusions is that "action to revitalize high-end computing in the U.S. is needed now." The report goes on to discuss several steps toward that goal, including such things as research and development application areas and user requirements, identifying gaps in accessibility of federal agencies to high-end computing capabilities, a more effective approach to the procurement of high-end computing technology, and the establishment of an Interagency Program Office to manage and integrate the technology.
The full HECRTF report is available at http://www.hpcc.gov/pubs/2004_hecrtf/20040510_hecrtf.pdf.
Testimony from a recent House Science Committee hearing on high-end computing can be found at http://www.house.gov/science/hearings/full04/index.htm.
[6] DAVID PADGHAM JOINS ACM POLICY OFFICE STAFF
David Padgham has joined the staff of the Association for Computing Machinery (ACM) Office of Public Policy in Washington, DC. David came from the National Academies' Computer Science and Telecommunications Board (CSTB). At CSTB, he worked as a research associate and was involved with numerous projects and reports, including the studies which produced Trust in Cyberspace; Funding a Revolution; Broadband: Bringing Home the Bits; LC21: A Digital Strategy for the Library of Congress; and The Internet's Coming of Age. More recently, David was providing research support to CSTB's "Privacy in the Information Age" and "Digital Archiving and the National Archives and Records Administration" projects, as well as helping to organize a workshop looking into radio frequency identification (RFID) technologies and related technical and policy issues. In the ACM Office of Public Policy, David will fill the role of ACM Public Policy Coordinator formerly held by Lillie Coney. As of March, Lillie joined the staff of the Electronic Privacy Information Center as a Senior Policy Analyst.
For earlier editions of the ACM Washington Update, see: http://www.acm.org/usacm/update/. To subscribe to the ACM WASHINGTON UPDATE send an e-mail to listserv@acm.org with "subscribe WASHINGTON-UPDATE" (no quotes) in the body of the message. Should you wish to stop receiving ACM Washington Update or have questions, comments, or suggestions regarding public policy issues or USACM activities, please contact the ACM Public Policy Office located in Washington, DC, by e-mail at usacm_dc@acm.org or calling 202-659-9711.