Our next post in this series on Technology Policy in 2008 focuses on two connected issues - Identity Theft and Data Security. Data breaches continue, as a recent theft of a hard drive at Georgetown University demonstrates. According to PrivacyRights.org, since January 2005 there have been over 218 million records exposed. To date a corresponding increase in identity theft has not happened. How long data hosts will continue to dodge this bullet is unclear.

Identity theft and data security are important issues for any large database, or any document that relies on large databases. As the Department of Homeland Security attempts to roll out REAL ID, they will claim such a gold standard identity document will reduce identity theft. As indicated in our comments on REAL ID, and the post we did on this subject two weeks ago, we disagree. REAL ID, besides lacking sufficient security, stands to shift identity theft from credit related information to drivers license/identification card information. The benefits of having a compromised ‘reliable’ identity document are significant.
(more…)

Peter Harsha at the Computing Research Association has a good analysis of the impact that Congress’ flat funding of the physical science agencies will have this year. His analysis (excerpted below) includes the National Science Foundation and the Department of Energy’s Office of Science. We thought that we add the impacts to the National Institute for Standards and Technology (the third of the three agencies that are part of the American Competitiveness Initiative).
(more…)

Continuing our weekly posts reviewing key technology policy issues facing Congress, this week we tackle the so-called “innovation agenda.” This agenda has been defined by a loose collection of business, academic groups and professional/scientific societies (both ACM and CRA work on these issues) interested in improving the innovation ecosystem. The agenda is organized around four policy areas:

• funding for basic research in the physical sciences
• funding and expansion of science, technology, engineering and mathematics (STEM) education programs
• some form of immigration reform for highly-skilled workers (H1Bs or visas for non-resident students when they graduate with technical degrees), and
• extending the R&D tax credit.

(Note that not all the groups support all issues of the agenda. For example, neither ACM nor USACM has a position on immigration reform or R&D tax credits, so this post is only going to focus on the first two areas.)
(more…)

This morning the Associated Press reported that a high-profile study the Motion Picture Association of America issued in 2005 is significantly flawed. Specifically, the study said that 44 percent of the industry’s domestic losses came from students’ illegal downloading at universities. Today MPAA says that due to “human error” that figure is more like 15 percent. Some are even arguing that it is more like three percent because of further flaws with the study.

That’s quite a difference and calls into question the credibility of the entire report. The report also found that the studios lost $6.1 billion to piracy in 2005. Is that figure correct? Unfortunately, we aren’t quite sure because the authors never released the full study including the methodology.

One might point out that quibbling over the numbers isn’t a big deal because the figure didn’t go from 44 percent to zero. Setting aside whether the new data are accurate, errors like this are a big deal because they misinform the critical policy debates that often surround studies like this. In fact, this report helped drive recent Congressional proposals to either require universities to install technology filters or strong-arm them to do so.
(more…)

The release last Friday of the final rule for REAL ID did not mark the end of the road for this issue, but the end of the beginning. In this second of our series of posts taking a high-level look at various technology policy issues, we focus on REAL ID, and how it stands a good chance of being involved in other aspects of technology policy in the coming months. There will probably be legislative efforts to either increase funding for the program or to repeal it outright, and we will cover those bills as they happen. Read our earlier posts to understand the details of the REAL ID final rules, and the implications of those rules.

What is not in those rules - at least explicitly - is how the Department of Homeland Security will encourage the use of REAL ID without formally requiring it. (more…)

Today, several ACM groups, including USACM, released a statement on measures that should be taken to increase web accessibility. You can read the press release and statement online.

The statement is a joint statement of USACM; the ACM Special Interest Groups on Accessibility (SIGACCESS), Hypertext, Hypermedia and the Web (SIGWEB), and Computer-Human Interaction (SIGCHI); and the Computer Science Teachers Association (CSTA).

The online statement also has links to resources on web accessibility. Text of the statement follows:
(more…)

Update January 17 - USACM issued a press release on the final rules, which is available online.

As mentioned in the previous post, the Department of Homeland Security (DHS) released its final rules for the REAL ID program on Friday, January 11. Last May USACM submitted comments on the proposed rules released in March 2007, and while some of the comments we submitted have resulted in changes to the rules, the program is still fundamentally flawed. Any improvements to the security of driver’s licenses are - contrary to DHS opinion - outweighed by the risks to privacy and security of people’s personal information. Most of the changes in the final rule address operational concerns and do not go far enough to ensure that this program can be effectively implemented.

The final rule (cut into two parts for no particular reason) can be read online, along with the press release announcing the final rules.

The changes most reported in the press deal with a new schedule for issuing the REAL ID. States were obligated to start issuing REAL ID-compliant licenses and identification cards (which I’ll refer to as REAL IDs) in May of this year. States can apply for exemptions to delay implementation. Under the new schedule, those born in 1964 or later must receive REAL IDs by 2014, and those born earlier than 1964 will have until 2017. The phased implementation is intended to ease the burden on state license bureaus, and the cutoff was determined by an analysis of document fraud at the Transportation Security Administration (TSA). Apparently most of those committing this fraud are 50 years or younger. Whether such age analysis will ever be applied to the TSA watch lists is unclear.
(more…)

At a press conference earlier today, the Department of Homeland Security released the final rule on REAL ID. The press release summarizes the proposed changes - at least those addressing the deadlines for implementation.

The Department released preliminary rules on REAL ID in March of 2007, and in May USACM submitted lengthy comments objecting to various provisions of the proposed rules, as did 21,000 other parties. We have not had a chance yet to read the final rule closely, but expect to make a more detailed post on the subject soon. If the initial press is any indication, most of the changes appear to focus on the implementation of REAL ID, and not the significant privacy and security concerns raised by USACM and others.

We are starting a series of weekly posts taking a high-level look at some of the hot tech policy issues in Congress for 2008. The first is an area that we’ve already covered extensively – electronic voting reform.

Last year three big stories dominated e-voting issues: 1) controversy over how e-voting machines preformed during the 2006 election in Florida’s 13th Congressional District, 2) Representative Holt’s legislative proposal to reform e-voting, and 3) newly proposed Federal standards for voting equipment. All three issues will spill over into this year.
(more…)

This past Sunday’s New York Times Magazine has a great piece on the dynamics of electronic voting issues in the United States. The article gets a number of things right and is well worth a read.

First, it discusses the relatively recent trend of local election officials asking much tougher questions about the reliability, security and accuracy of electronic voting equipment. Just after the Help America Vote Act of 2002 passed, local elections officials bought complex new voting technology, but had little to no IT support staff. Vendors became the IT support. When something went wrong, election officials were often in an awkward position of trying to answer questions from the public by turning to the vendors that sold the machines. While vendors still serve as de-facto IT staff, election officials are now asking much harder questions about e-voting. During the last half of 2007 California had outside experts conduct a top-to-bottom review of voting machines, Ohio revamped its election procedures in troubled Cuyahoga County, and Colorado decertified several e-voting systems after a review.

Second, it puts the appropriate focus on technology failing in unexpected ways versus hacking. While computer scientists are often concerned about both, hacking threats always seems to get the headlines. These can be explained away with more security procedures, but often it is difficult to diagnose bugs that cause failures. Here is a good example from the story:

Lastly, it is an extensively researched piece and is balanced. It doesn’t come off as stridently opposed to using computing-based solutions in elections, nor does it pretend that there are no serious problems with current e-voting systems. Too often we hear the extremes – advocates that don’t want any technology in elections or vendors that pretend anyone who raises questions about e-voting technology is a luddite.

The only quibble about the piece is that it implies that testing of voting equipment is more rigorous than it really is. While the testing has improved of late, current standards still do not call for the type of open-ended vulnerability testing that reveals many security and reliabilty flaws.

If you are new to e-voting issues, want a good overview of what has happened for the past few years, or a student looking to write a paper on e-voting, this article is a wonderful place to start.

CONTENTS

[1] Newsletter Highlights
[2] ACM Launches Education Policy Committee
[3] Research Funding a Casualty of Appropriations Meltdown
[4] NSF Education Directorate Seeking Computer Science Expertise
[5] About USACM

[An archive of all previous editions of Washington Update is available at
http://www.acm.org/usacm/update/]

(more…)

The National Science Foundation’s Education and Human Resources Directorate is looking for a new program director to serve as the point person on computer science education issues. The position is located within the Division of Undergraduate information and the description/duties are below:

You can find the job posting on USA jobs here. Applications are being accepted through Feb. 20, 2008.

EHR is responsible for managing most of NSF’s STEM education programs. This division serves an important role in shaping research on undergrad education, but also manages an important joint k-12/undergrad program called the Math Science Partnership program.

STEM education keeps growing as a national issue and EHR’s importance in this debate is likely to grow as well. Recently ACM launched a new Education Policy Committee to ensure that CS has a place in this debate. It would be great to see NSF hire a top-notch CS person for this position.