ACM logo ACM motto image
Home | News & Activities | Weblog | About | Contact Us | Join ACM
USACM
is the U.S. Public Policy Council of the Association for Computing Machinery (ACM) ... (more)
 
Policy Resources
USACM News & Activities
Newsletter: Washington Update
Tech Policy Weblog
Policy Reports
-Globalization and Offshoring of Software
-Voter Registration Databases
Issue Areas
Copyright/IP
-DMCA
-DRM
-P2P
E-voting and Standards
Internet Governance
Open Government
Privacy
-Encryption
-National ID Systems
-Spam/UCE
Research and Development
-Access to Scientific Information
-Database Protection
-Reverse Engineering
-UCITA
Security
Web Accessibility
 
Search
USACM Policy Resources
ACM Portal

 
Archives
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
April 2004
February 2004
January 2004
June 2003
May 2003
February 2003
January 2003
December 2002
November 2002
August 2002
September 2001
August 2001
July 2001
May 2001
Older
2003
2002
2001
Misc. older News & Activities
 
RSS
RSS Link
 
About
About USACM
-USACM Members
-Policy Office FAQ
-Policy Office Staff
-Annual Reports
About ACM
-ACM Press Room
-Join ACM
 
Contact Us
ACM Public Policy Office
1100 17th Street, NW
Suite 507
Washington, DC 20036-4632
Tel: 202.659.9711
Fax: 202.667.1066

 


June 6, 2006

ACM Washington Update, Vol. 10.5 (June 6, 2006)

CONTENTS

[1] Newsletter Highlights
[2] Commerce Department Shelves “Deemed Export” Proposal
[3] Computer Scientists Find Significant New Security Vulnerabilities In E-voting Machines
[4] VA Department Loses Personal Information On 26.5 Million Vets
[5] NSA Building Massive Database Of Domestic Calls
[6] Innovation Bills on the Move in the Senate, House Not Far Behind
[7] About USACM

[An archive of all previous editions of Washington Update is available here.]

[1] NEWSLETTER HIGHLIGHTS

Below are highlights of the top stories for June; there is more detail on each below, as well as on our weblog at http://www.acm.org/usacm:

* The Department of Commerce dropped its proposal for increased restrictions on foreign researchers working in the United States in favor of an advisory committee that will review the issue.

* A new report reveals several security holes in Diebold e-voting machines, which could allow someone to alter code, compromise voting tallies and then hide evidence that a machine was compromised.

* The National Security Administration is building a massive database of calling records (but not the content of the calls) acquired from the major bell companies for pattern analysis.

* The Department of Veterans Affairs revealed that one of its laptops with personal information on 26.5 million veterans was stolen from the home of an employee.

* The Senate Commerce Committee passed legislation intended to bolster U.S. Competitiveness that focuses on authorizing new grant programs for several science agencies.

[2] Commerce Department Shelves “Deemed Export” Proposal

Last year, the Department of Commerce proposed broad new restrictions on U.S.-based foreign researchers’ access to potentially sensitive technology. USACM filed comments arguing that the new restrictions were overly burdensome, unclear and further exacerbated an already hostile atmosphere for foreign researchers working in the United States. In a win for openness, the Department is backing off their proposal in favor of a 12-member commission to review the issue.

Here is a quote from U.S. Undersecretary of Commerce for Industry and Security, David MacCormick:

“I came to the conclusion it was a much sounder approach to actually think about the overarching policy and revisit basic assumptions and revisit objectives,” said McCormick.

The Commerce Department issued its notice to create the advisory committee, which can be found at:

http://a257.g.akamaitech.net/7/257/2422/01jan20061800/edocket.access.gpo.gov/2006/E6-7778.htm

The Department is proposing that the committee be balanced, consisting of experts from industry, academia, and other experts in the field to ensure a full discussion of all aspects of deemed exports and knowledge transfer from the corporate, academic, and national security perspectives. The deadline for nominations and recruitment is July 21, 2006 and potential members must have a secret clearance.

[3] COMPUTER SCIENTISTS FIND SIGNIFICANT NEW SECURITY VULNERABILITIES IN E-VOTING MACHINES

A new report by Harri Hursti for blackboxvoting.org outlines several new serious security flaws in Diebold voting machines. While many of the specifics of the attacks have been redacted, the vulnerabilities allow an attacker with physical access to Diebold TS6 and TSx touch-pad voting machines to insert malicious software through a machine’s hardware port, cover up its presence, and ensure the malicious code remains persistent even after legitimate updates to the system. The ease with which this security hole can be exploited has shocked computer scientists.

The report can be found at:

http://www.blackboxvoting.org/BBVtsxstudy.pdf

In response to the report, Diebold stated that it purposely put the backdoor into the system so it could easily update a machine’s software. David Bear, a spokesman for Diebold Election Systems, argued, “For there to be a problem here, you’re basically assuming a premise where you have some evil and nefarious election officials who would sneak in and introduce a piece of software. I don’t believe these evil elections people exist.”

ACM issued a statement in 2004 calling for voting systems to have a physical (e.g., paper) record to verify that an individual’s vote has been accurately cast. That statement also called for all voting systems to “embody careful engineering, strong safeguards, and rigorous testing in both their design and operation.”

[4] VA DEPARTMENT LOSES PERSONAL INFORMATION ON 26.5 MILLION VETS

Many privacy advocates dubbed 2005 “The Year of Data Breach.” Perhaps the term should be amended to “the years” or even “decade” with yet another announcement of a massive loss of data. This time a Department of Veterans Affairs (VA) employee took a laptop home, which was then stolen, that had personal information (including social security numbers) on 26.5 million veterans. The department revealed that the data was not encrypted, but that it was in a format that was not readily usable.

From the VA website:

“The Department of Veterans Affairs (VA) has recently learned that an employee, a data analyst, took home electronic data from the VA, which he was not authorized to do. This behavior was in violation of our policies. This data contained identifying information including names, social security numbers, and dates of birth for up to 26.5 million veterans and some spouses, as well as some disability ratings. Importantly, the affected data did not include any of VA’s electronic health records nor any financial information. The employee’s home was burglarized and this data was stolen. The employee has been placed on administrative leave pending the outcome of an investigation.”

Following the disclosure that this information was lost, it came to light there was a delay of seven days before anyone in the Department was notified that the laptop was lost. The loss was discovered during a staff meeting when someone made an off-handed remark about the theft. In the wake of the media attention and Congressional hearings on the subject, the Department announced it will create a new position to provide information security advice directly to the Secretary of Veterans Affairs.

[5] NSA BUILDING MASSIVE DATABASE OF DOMESTIC CALLS

Late last year the New York Times broke the story that since 2002 the NSA was conducting warrantless surveillance on communications between international locations and the United States. This created an intense controversy because before this program, the NSA monitored only international communications unless authorized by a special court. According to the USA today story, NSA has built the largest database ever of purely domestic calls. While it isn’t recording the content of each call, the logs of where the call originated and where it went (and possibly other information) are being used for data mining and pattern analysis.

From the article:

“In defending the previously disclosed program, [President] Bush insisted that the NSA was focused exclusively on international calls. “In other words,” Bush explained, “one end of the communication must be outside the United States.”

As a result, domestic call records – those of calls that originate and terminate within U.S. borders – were believed to be private.

Sources, however, say that is not the case. With access to records of billions of domestic calls, the NSA has gained a secret window into the communications habits of millions of Americans. Customers’ names, street addresses and other personal information are not being handed over as part of NSA’s domestic program, the sources said. But the phone numbers the NSA collects can easily be cross-checked with other databases to obtain that information.”

The article also describes part of the program’s operation that makes it clear the NSA is using this for pattern analysis:

“The government is collecting ‘external’ data on domestic phone calls but is not intercepting ‘internals,’ a term for the actual content of the communication, according to a U.S. intelligence official familiar with the program. This kind of data collection from phone companies is not uncommon; it’s been done before, though never on this large a scale, the official said. The data are used for ’social network analysis,’ the official said, meaning to study how terrorist networks contact each other and how they are tied together.”

[6] INNOVATION BILLS ON THE MOVE IN THE SENATE, HOUSE NOT FAR BEHIND

When President Bush announced his American Competitiveness Initiative (which boosts research funding for the physical sciences and creates new math and science education programs) during the State of the Union, several members of Congress had already expressed interest in moving legislation to bolster national innovation and competitiveness. Part of the conflict in Congress is that no one committee oversees “innovation” or “competitiveness” and several committees staked out different legislative turf. Some of these parts are now making their way through the committee process.

The first package was approved in April by the Senate Energy and Natural Resources Committee. This legislation focuses on authorizing new funding and creating new programs in three different areas:

1) research grants by the Department of Energy (DOE) Office of Science
2) new education programs ranging from graduate fellowships for students to earn energy-related Ph.Ds, to internships at DOE labs
3) new workforce programs, including grants for “distinguished scientists” and early career research grants for outstanding candidates

The second package was approved in late May by the Senate Commerce Committee. This legislation focuses on increasing the authorized funding at several science agencies including two key ones – the National Science Foundation and the National Institute of Standards and Technology. Lastly, this week the House Science Committee will consider a set of bills focused on strengthening math and science education programs at the National Science Foundation and the Department of Energy.

At some point these different bills will need to be stitched together in each chamber. It isn’t clear when that will happen in the Senate, but in the House look for innovation bills to be taken up before the end of June.

[7] ABOUT USACM

USACM is the U.S. Public Policy Committee of the Association for Computing Machinery (ACM). ACM is an educational and scientific society uniting the world’s computing educators, researchers and professionals to inspire dialogue, share resources and address the field’s challenges. ACM strengthens the profession’s collective voice through strong leadership, promotion of the highest standards, and recognition of technical excellence. ACM supports the professional growth of its members by providing opportunities for life-long learning, career development, and professional networking.

For more information about USACM and ACM, see:

http://www.acm.org/usacm/about.html

BACK ISSUES

For earlier editions of the ACM Washington Update, see

http://www.acm.org/usacm/update/

SUBSCRIBE/UNSUBSCRIBE

To subscribe to ACM’s Washington Update newsletter, send an e-mail to listserv@acm.org with “subscribe WASHINGTON-UPDATE ‘First Name’ ‘Last Name’” (no quotes) in the body of the message.

To unsubscribe, simply include the “SIGNOFF WASHINGTON-UPDATE” command in an email to listserv@acm.org.

Cameron posted this at 2:25 pm ET | Filed in ACM/USACM News, Newsletter | Permanent Link |



Trackbacks

The URI to TrackBack this entry is: http://usacm.acm.org/usacm/weblog/wp-trackback.php/380

None at this time.

 
November 2009
S M T W T F S
« Oct    
1234567
891011121314
15161718192021
22232425262728
2930  
 
Weblog Categories
Access to Information
Accessibility
ACM/USACM News
Analysis
Biometrics
DMCA
DRM
E-Goverment
E-voting
Education and Workforce
Encryption
Events
Funding
Healthcare
Hill Tech Happenings
Homeland security
Intellectual Property
International
Internet Governance
Letters
Miscellaneous
National IDs
Newsletter
Opinion
P2P
People
Polls
Privacy
Research
RFID
Sci/Tech Policy (General)
Security
Spam
Standards
State & Local
Surveillance
Telecommunications
Testimony
VoIP
 
Tech Policy Links
ACM Tech News
American Library Association (ALA)
-ALA Office Intellectual Freedom
Center for Democracy and Technology
Computer Science Teachers Association (CSTA)
Computing Research Association (CRA)
-CRA's Policy Weblog
Electronic Frontier Foundation (EFF)
-Deep Links: EFF's Weblog
Electronic Privacy Information Center (EPIC)
Freedom To Tinker
The National Academies
-CSTB
Nothing is as simple ... (Jim Horning's blog)
PolicyBeta (Digital Policy blog for the Center for Democracy & Technology)
Public Knowledge
Schneier on Security
THOMAS
ACM Privacy Policy | ACM Code of Ethics

Questions? Comments?
Email us