Update 4/28/05: Proving that Congress can move quickly when it needs to, CQ.com is reporting (sub. req.) that conferees on the supplemental appropriations bill are close to a deal. Earlier in the week Senator Minority Leader Harry Reid (D-NV) was quoted as saying that immigration provisions in the supplemental were likely to be included in the final bill, meaning the democrats weren’t going to fall on their sword to remove the Real ID Act from the bill.

Orginial Post 4/21/05: Today the Senate passed the supplemental appropriations bill to fund military operations in Iraq, Afghanistan, and tsunami relief. As we have been reporting, the Senate stripped the Real ID Act – which the House included in the supplemental funding bill in February – early in its process. The bill now moves to conference between the House and Senate where debate on whether to include all, some, or an amended version of the Real ID Act is assured.
(more…)

ACM recently formed a committee of experts (names and affiliations below) to provide states with guidance on implementing statewide voter-registration databases. Today the Committee outlined its efforts before the Election Assistance Commission (EAC), which is seeking input on its proposed guidance to the states regarding these databases.
(more…)

Today the House of Representatives passed the High-Performance Computing Revitalization Act. USACM and the Computing Research Association (CRA) praised the House’s action.

USACM Chair Gene Spafford commented:

The High-Performance Computing Program (also known as the Networking and Information Technology Research and Development Program – NITRD) sets up a collaborative multi-agency research, development, and deployment program focused on high-performance computing systems, software, and applications (among other things). The underlying law also established the President’s Information Technology Advisory Committee (PITAC), on which USACM has sitting members.

The legislation has three primary areas. The first rewrites the overarching goals of the program. The second makes minor changes to reporting requirements and PITAC. The third updates many participating agencies’ duties to reflect each agency’s mission. USACM sent a letter in February to House Science Committee Chairman Sherwood Boehlert (R-NY) commenting on the legislation.

The legislation now moves to the Senate for consideration.

From an article in this morning’s Washington Post:

It’s interesting how the United States has existing federal law for protecting information about customers’ video rental selections and preferences, yet has scant federal law regulating how numerous commercial entities (ranging from the neighborhood video rental store to nationwide data brokers) handle critical personal information like Social Security numbers – well, for now, anyway.

Current Election Assistance Commission (EAC) member and former EAC chairman DeForest B. Soaries Jr. recently announced his resignation from the EAC, citing, among other things, dissatisfaction with the level of support the EAC has received from the federal government:

(more…)

The New York Times recently ran an editorial pointing out how crucial California’s data breach notification law has been in bringing to light the current vulnerabilities of personal information:
(more…)

The Wall Street Journal (subscription required) has an article today that describes how many European banks have tighter security for online banking:
(more…)

Washington D.C. hosts two major voting-policy events this week. First, the Carter/Baker Commission on Federal Election Reform kicked-off its first hearing yesterday, part of a six month effort to study the 2004 elections and make recommendations to policymakers. The Commission is led by former President Jimmy Carter and former Secretary of State James Baker and is similar to a commission President Carter and President Gerald Ford formed in 2000.

The hearing focused on a number of subjects, with one panel specifically on voting technology and election administration. USACM member David Dill testified on this panel. He argued that transparency is the most important factor for ensuring our elections are fair and widely accepted by the public, and that the growing use of paperless electronic voting systems is undermining this goal. He specifically advocated ACM’s position noting it was one of those rare cases where a vast majority of computer scientists could find common ground. (ACM’s polled its members and found 95 percent supported its statement on voting). (more…)

Chairman Arlen Specter (R-PA) presided over a Senate Judiciary Committee hearing yesterday looking further into recent breaches of personal information at data brokers like ChoicePoint, LexisNexis, and Acxiom. The hearing served to deepen the sense in Washington that Congressional action to regulate data brokers and the commercial use of personal information is inevitable at this point. Indeed, Specter himself went so far as to comment that he believes that “there will be some very firm federal regulation coming out of this issue.”
(more…)

Declan McCullagh’s most recent article provides some interesting insight into the power and effectiveness of the Department of Homeland Security’s Chief Privacy Officer (CPO), Nuala O’Connor Kelly. The article seems to reinforce the notion that privacy concerns aren’t always taken as seriously within DHS as they are within other organizations that have CPOs:

McCullagh goes on to describe the trouble O’Connor Kelly had in trying to get information from DHS’s Transportation Security Administration regarding its involvement with passenger data from JetBlue, and he suggests some changes to address the situation.

USACM today sent a letter to state policymakers in Hawaii to call their attention to the e-voting statement that ACM adopted last year.

The letter seeks to offer USACM’s technical and policy input as electronic voting legislation works its way through the Hawaii legislature (something that’s currently going on in many state legislatures across the country).

The letter appears below and is also available as a PDF file.
(more…)

If you were thinking that the controversy over recent large-scale data breaches and identity theft was settling down into a nice orderly policy debate, think again:

It’s a safe bet that this will be a topic of discussion at tomorrow’s Senate Judiciary Committee hearing.

“Legislatures in more than two dozen states are considering ways to give consumers more control over personal information that is collected and sold by private firms, but many of the proposals are drawing fire from financial services companies.

Bills are on the table in 28 states responding to a series of high-profile security breaches at information brokers, banks and universities that so far this year have resulted in more than 1 million Social Security numbers, driver’s license numbers, names and addresses falling into the hands of potential identity thieves […]”

SOURCE: Washington Post

Note: The Senate Judiciary Committee is set to hold a related hearing next week: “Securing Electronic Personal Data: Striking a Balance Between Privacy and Commercial and Governmental Use.”

Congressmen Vernon Ehlers (R-MI) and Rush Holt (D-NJ) are circulating their annual letter regarding National Science Foundation (NSF) funding and are asking that their colleagues join the fight. The letter requests $6.1 billion for the agency – an increase of $627 million from last year. Remember that last year NSF’s funding was cut.

Given the budget climate this year, it will be an uphill battle to get NSF’s budget increased. Efforts such as this are critical to the fight. The letter is the first step in a process that will wrap up around October with a final appropriations bill.

I strongly recommend reading the Computing Research Association’s more detailed post about this fight.

Wednesday (April 6) saw the first meeting of the Department of Homeland Security’s new Data Privacy and Integrity Advisory Committee (the creation of which we covered earlier here). The 20-member committee will be led by the Heritage Foundation’s Paul Rosenzweig (chair) and Lisa Sotto (vice chair), a Hunton and Williams partner.

The committee heard from current and former officials from Congress, the executive branch, and state government; from within DHS itself; and from the privacy advocacy community. Among the briefers was former Virginia governor James S. Gilmore III, who commented that the committee’s focus might be better placed on limiting data collection than on managing data use. The committee also heard from representatives of (among others) EPIC, CDT, the Markle Foundation, and WiredSafety.
(more…)

Citing the increased risk of identity theft the proposed Real ID Act would create, today USACM sent a letter (HTML, PDF) to Senator Lamar Alexander (R-TN) expressing its concerns about the legislation. Last week, Senator Alexander penned an op-ed stating that while he wasn’t necessarily opposed to national IDs, the Real ID Act wasn’t the right approach. USACM’s letter points out the legislation’s significant and troubling flaws by making two main points:

• The legislation provides financial incentives for all 50 states to share their driver’s license databases; however, it has no security policies for such sharing. Considering that the overall security of the system will be determined by its weakest link, the risk of identity theft increases substantially.

• The minimum standards for identification create a de facto national identification system, but this may fall short of accomplishing its stated goal of reducing terrorist’s access to valid identification. Specifically, the letter points out that someone can bribe a clerk in any of the 50 states to get a valid license and security personnel may be less likely to assess its validity because it would meet the new standards.

The Real ID Act was sent from the House to the Senate as a rider on a must-pass funding measure. Last week, we reported that the Senate Appropriations Committee was going to strip out the rider and consider a “clean” bill. The fate of the Real ID Act is unclear. It could be added as an amendment during Senate consideration of the supplemental approprations measure, or it could be subject to conference negotiations between the House and Senate over the supplemental bill. This will continue to be a hot topic of debate in April, and we’ll keep following its progress.
(more…)

Congressional Quarterly is reporting (subscription required) that the Senate will strip the Real ID Act from the supplemental appropriations bill when it considers the legislation in committee next week. Ultimately this means that the House and Senate will battle over this provision during conference negotiations, which should happen quickly after Senate passage.
(more…)