ACM Washington Update Vol. 8.8 (August 31, 2004)
CONTENTS
[1] USACM Releases FY2004 Report of Activities and Achievements
[2] Digital Copyright Policy Actions of Interest to Computing Community
[3] VoIP Subject to Wiretap Mandates
[4] Privacy: Congress Holds Hearing, ACLU Releases Surveillance Report, and More
[5] Recommendations for E-voting Call for Better Security, Testing, and Auditing
[6] United Nations Moving Forward with Working Group on Internet Governance
[1] USACM RELEASES FY2004 REPORT OF ACTIVITIES AND ACHIEVEMENTS
USACM recently prepared a report covering activities and achievements for the fiscal year beginning on July 1, 2003, and concluding on June 31, 2004. During the period, USACM's achievements included convening a workshop for election officials and technologists to discuss the risks and vulnerabilities of paperless electronic voting systems; educating policymakers and courts regarding the impacts of laws and legislation that may limit the freedom to publish and to engage in analysis and research; and working in partnership with the Computing Research Association and other key stakeholders from the computing community to highlight the crucial role federal investment in IT R&D plays in the advancement of all fields of computing and in the development of new experts. To review the USACM report, see http://www.acm.org/usacm/USACM04report.pdf.
[2] DIGITAL COPYRIGHT POLICY ACTIONS OF INTEREST TO COMPUTING COMMUNITY
On August 19th, the U.S. 9th Circuit Court of Appeals ruled that Grokster and other peer-to-peer (P2P) systems cannot be held liable for the copyright infringement of their users. The decision upholds a lower court decision that had been appealed by a group representing music and movie companies. Among other things, the ruling states that the "introduction of new technology is always disruptive to old markets, and particularly to those copyright owners whose works are sold through well-established distribution mechanisms." The ruling also suggested that "it is prudent for courts to exercise caution before restructuring liability theories for the purpose of addressing specific market abuses, despite their apparent present magnitude" and that "time and market forces often provide equilibrium in balancing interests." The full ruling is available (PDF) at http://www.ca9.uscourts.gov/ca9/newopinions.nsf/E9CE41F2E90CC8D788256EF400822372/$file/0355894.pdf?openelement or http://tinyurl.com/3zxfk. USACM has been working to educate policymakers and courts regarding the threat to innovations in digital computing of creating legal impediments that restrict the development of information technology that has non-infringing uses. USACM recently sent a letter to the U.S. Senate concerning legislation that would introduce new liabilities for information technology developers; to review the letter, see http://www.acm.org/usacm/induce_letter.pdf.
A free trade agreement between Australia and the United States moved closer to being realized in August with the Australian Senate passing the measure. The agreement has already been signed by U.S. President George Bush and Australian Prime Minister John Howard. As part of the agreement, Australia will adopt some elements of U.S. intellectual property law, including key provisions from the Digital Milennium Copyright Act (DMCA) (e.g., restrictions on the circumvention of copy protection mechanisms). For more information, see the CNET News.com article at http://news.com.com/2100-1028_3-5291283.html and the full text of the agreement itself at http://www.dfat.gov.au/trade/negotiations/us.html. In addition, see USACM's recent statement regarding the DMCA's chilling effects at http://www.acm.org/usacm/Issues/USACM_DMCA.pdf. Singapore and Morocco have also implemented bilateral trade pacts with the U.S., and they are also expected to harmonize their intellectual property laws by enacting protections for online content, including language to prohibit the circumvention of technologies protecting digital works. The U.S. Trade Representative is in negotiations with representatives of other countries in the western hemisphere to create a free trade zone that extends from Alaska to Tierra del Fuego. ACM sent a letter to U.S. Trade Representative Robert B. Zoellick expressing concerns with provisions of the proposed treaty that mandates all signing countries enact anti-circumvention measures similar to the U.S. DMCA. To review the ACM letter, see http://www.acm.org/usacm/IP/ftaa-rep-letter.html.
Finally, the nonpartisan Congressional Budget Office (CBO) released a new study on digital copyright issues in early August. It describes how, historically, "U.S. copyright law has sought to balance private incentives to engage in creative activity with the social benefits that arise from the widespread use of creative works," and discusses economic concerns that Congress should consider as it with copyright issues. The report concludes that there are primarily three options available to the Congress in its deliberations on the current copyright debate: forbearance (i.e., do nothing and allow market forces to sort things out), compulsory licensing of digital content, and revision of copyright law in favor of either copyright holders or consumers of copyrighted material. The report is available at http://www.cbo.gov/showdoc.cfm?index=5738&sequence=0. Also see the article at http://news.com.com/Congressional+economists+tackle+copyright+issues/2100-1028_3-5304486.html or http://tinyurl.com/5fw7t.
[3] VOIP SUBJECT TO WIRETAP MANDATES
The Federal Communications Commission (FCC) announced in early August its tentative conclusion that broadband providers and Internet phone services must comply with wiretapping requirements designed for the traditional phone network. The FCC approved a Notice of Proposed Rulemaking that would subject communications over the Internet to the design mandates of the Communications Assistance for Law Enforcement Act (CALEA). However, the notice will be open for public comment before any final decisions are made. For more information, see the FCC press release at http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-250547A3.pdf or http://tinyurl.com/56oe7, as well as the CNET News.com article at http://news.com.com/Feds+back+wiretap+rules+for+Internet/2100-7352_3-5296417.html or http://tinyurl.com/3va6m. In addition, more information about CALEA's requirements is available at http://www.fcc.gov/calea/.
[4] PRIVACY: CONGRESS HOLDS HEARING, ACLU RELEASES SURVEILLANCE REPORT, AND MORE
On August 20th, the House Judiciary Committee's Subcommittee on Commercial and Administrative Law and Subcommittee on the Constitution held a joint hearing on post-9/11 privacy and civil liberties and the recommendations of the 9/11 Commission and the U.S. Department of Defense's Technology and Privacy Advisory Committee (TAPAC). Witnesses included 9/11 Commission members Lee Hamilton and Slade Gorton, TAPAC member John Marsh, Jr., and Department of Homeland Security Chief Privacy Officer Nuala O'Connor Kelly. More information about the hearing is available at http://www.house.gov/judiciary/commercial.htm.
The American Civil Liberties Union released a report in August pointing toward the federal government's increasing use of private sector organizations as sources of information about Americans. In the report, entitled "The Surveillance-Industrial Complex," the ACLU claims that government is working around existing privacy law by acquiring personal information from the private sector. Government agencies are acquiring this information primarily in three ways: purchasing it, obtaining a court order for it, or simply by asking for it. The report concludes with several recommendations, including the suggestion that the Unites States create "overarching data privacy laws" to protect "at least our most sensitive data." The report is available, along with a news release, at http://www.aclu.org/Privacy/Privacy.cfm?ID=16229&c=130. Also see the Wired News article at http://www.wired.com/news/conflict/0,2100,64492,00.html.
Meanwhile, France's 1978 data protection law was recently modified to bring it into compliance with the 1995 European Union Data Protection Directive. The revised law went into effect in August. For more information, see the article from Morrison & Foerster LLP at http://www.mofo.com/news/general.cfm?concentrationID=52&ID=1300&Type=5 or http://tinyurl.com/6qc48, as well as the EU Data Directive at http://europa.eu.int/comm/internal_market/privacy/index_en.htm.
In privacy-related news, the cryptography community has been stirred by the announcment (during August's "Crypto 2004" conference) of weaknesses in common hash functions MD5 and SHA-0. However, cryptography and security expert Bruce Schneier cautions that these findings, "while mathematically significant, aren't cause for alarm." He goes on to suggest that the National Institute for Standards and Technology (NIST) initiate a "worldwide competition for a new hash function, like it did for the new encryption algorithm, Advanced Encryption Standard, to replace Data Encryption Standard." For more information, see Schneier's article in ComputerWorld at http://www.computerworld.com/securitytopics/security/story/0,10801,95343,00.html or http://tinyurl.com/5kyff, as well as the Crypto 2004 home page at http://www.iacr.org/conferences/crypto2004/.
[5] RECOMMENDATIONS FOR E-VOTING CALL FOR BETTER SECURITY, TESTING, AND AUDITING
Earlier this summer, the Leadership Conference on Civil Rights (LCCR) and the Brennan Center for Justice at NYU School of Law (BC) released a new report providing specific recommendations for elections officials planning to use electronic voting machines in the 2004 elections. Many computer scientists were involved in crafting the report, including involvement with the recommendation that election officials have a well-qualified, independent security team examine the possibilities for operation failures and malicious attacks against a voting system. The recommendations are available at http://www.brennancenter.org/programs/dem_vr_hava_votingsystems.html or http://tinyurl.com/4san7.
The Election Assistance Commission has issued a best practices toolkit for local election administrators as they plan for the first presidential election since 2000. The toolkit provides tips, reminders, and recommendations gained from the experiences of local and state election administrators, voter advocates, and academics. It also provides guidance on the management of specific voting systems, focusing on strengthening accountability, reliability, usability, and security. The toolkit is available at http://www.eac.gov/bp/index1.asp. Earlier this year, USACM offered to assist the Federal Election Assistance Commission (EAC) in developing national e-voting standards--USACM's letter to the EAC is available at http://www.acm.org/usacm/Letters/USACMTGDC.pdf.
[6] UNITED NATIONS MOVING FORWARD WITH WORKING GROUP ON INTERNET GOVERNANCE
The United Nations World Summit on the Information Society (WSIS) has announced that it will hold a meeting on the establishment of the Working Group on Internet Governance (WGIG), a group whose creation was agreed upon at the WSIS's December 2003 meeting. Among other things, the WGIG is to be involved with developing a working definition of Internet governance; identifying the public policy issues that are relevant to Internet governance; and developing a common understanding of the respective roles and responsibilities of governments, existing intergovernmental and international organisations and other forums as well as the private sector. Held in Geneva, Switzerland, on September 20-21, 2004, the meeting will be open to all governments and observers accredited to the WSIS and its preparatory process. Meeting participants will focus on the establishment of the WGIG, its structure and working methods, as well as the scope of its work. Governments and all stakeholders are being encouraged to submit written electronic contributions on the subject until September 13th to the following email address: wgig@unog.ch. For more information, see http://www.itu.int/wsis/preparatory2/wgig/index.html.
For earlier editions of the ACM Washington Update, see: http://www.acm.org/usacm/update/. To subscribe to the ACM WASHINGTON UPDATE send an e-mail to listserv@acm.org with "subscribe WASHINGTON-UPDATE" (no quotes) in the body of the message. Should you wish to stop receiving ACM Washington Update or have questions, comments, or suggestions regarding public policy issues or USACM activities, please contact the ACM Public Policy Office located in Washington, D.C., by e-mail at usacm_dc@acm.org or by calling 202-659-9711.