CRA Government Affairs

Heather Green has a great piece in this week’s issue of Business Week on the chilling effect of copyright legislation on research. Here’s a snippet:

Scientists like to probe the unknown and pioneer useful technologies. But in the spring of 2001, Edward W. Felten discovered that such efforts aren’t always welcome. A computer scientist at Princeton University, Felten took part in a contest sponsored by the Recording Industry Association of America to test technology for guarding music against piracy. He and his students quickly found flaws in the new antipiracy software and prepared to publish their results. But when the RIAA learned of the plan, it threatened to sue under the Digital Millennium Copyright Act (DMCA). Congress passed it back in 1998 to block hackers from breaking copy protection. And they wisely included a provision designed to let researchers such as Felten carry out their important work. Still, the RIAA deemed Felten’s line of study too sensitive.
Ultimately, faced with Felten’s countersuit, the RIAA backed off. But by that time news of the confrontation had rocked the tech community. The lesson many scientists drew was that copyright protection takes priority over research. “The legal tools that are being used to rein in bad behavior are so blunt that they block a lot of perfectly benign behavior,” Felten says. “That worries me.”
It’s a concern that reverberates broadly in tech circles at a time when Congress is considering tough new antipiracy legislation. Most people agree that the music and film industries have the right to defend themselves against illegal copying. But society needs to consider the potential impact on innovation. Many high-tech business leaders fear that new laws could hobble researchers who are trying to come up with inventions such as next-generation TV systems or even the electronic components for those inventions.

It’s a good read. Check out the whole thing. Felten has some additional commentary here, too.

Thanks to Rodney Peterson of Educause for pointing this out:

U.S. cybersecurity chief abruptly resigns, cites frustration
By TED BRIDIS, AP Technology Writer
WASHINGTON (AP) The government’s cybersecurity chief has abruptly resigned after one year with the Department of Homeland Security, confiding to industry colleagues his frustration over what he considers a lack of attention paid to computer security issues within the agency.
Amit Yoran, a former software executive from Symantec Corp., informed the White House about his plans to quit as director of the National Cyber Security Division and made his resignation effective at the end of Thursday, effectively giving a single’s day notice of his intentions to leave.
Yoran said Friday he ”felt the timing was right to pursue other opportunities.” It was unclear immediately who might succeed him even temporarily. Yoran’s deputy is Donald ”Andy” Purdy, a former senior adviser to the White House on cybersecurity issues.
Yoran has privately described frustrations in recent months to colleagues in the technology industry, according to lobbyists who recounted these conversations on condition they not be identified because the talks were personal.

We’ve been harping on DHS and the Administration for not taking cyber security — especially cyber security R&D — seriously enough, but this still comes as a surprise.
More details as we figure them out.
Update: Rodney Petersen has more at the Educause blog on the suddenness of Yoran’s departure and its implications for Higher Ed.

From the ACM [a CRA affiliate organization] press release:

New York, September 27, 2004 — Seeking to bolster the security, accessibility, and public confidence in the voting process, ACM’s elected leadership has approved a public statement on the deployment and use of computer-based electronic voting (e-voting) systems for public elections. ACM’s position is that while computer-based e-voting systems have the potential to improve the electoral process, such systems must embody careful engineering, strong safeguards, and rigorous testing in both their design and operation.
“The use of computer-based systems to improve voting is a continuing process that will demand the ongoing involvement of technical experts, usability professionals, voting rights advocates, and dedicated election officials in the U.S. and other countries, said ACM President David Patterson. “As a leading voice in computing matters, ACM looks forward to working with all stakeholders in ensuring the integrity, security, and usability of systems used in public elections.”
Experts from the computing community have identified a variety of risks and vulnerabilities in many e-voting systems stemming from poor design, inferior software engineering processes, mediocre protective measures, and insufficient comprehensive testing. As a result, ACM has recommended that e-voting systems enable voters to inspect a physical (e.g., paper) record to verify the accuracy of their vote, and to serve as an independent check on the record produced and stored by the system. In addition, those records should be made permanent, not based solely in computer memory, to allow for an accurate recount.
ACM past president Barbara Simons, a prominent figure in the computing community on e-voting issues, agrees. “It is crucial that any computerized voting system provide a voter-verified audit trail that can be checked for accuracy by the voter when the vote is cast, and cannot be altered after the vote is cast,” she said.
The ACM statement on e-voting reflects the values in its long-held Code of Ethics and Professional Conduct. The Code states that computing professionals have a responsibility to share technical knowledge and expertise with the public by encouraging understanding of computing, including the impacts of computer systems and their limitations.
Prior to approving the statement, ACM engaged its membership, bringing the issue to their attention and soliciting their feedback in an online poll to gauge their support for the statement. Of the nearly 4,600 members from around the world who shared their opinions, 95 percent indicated their agreement with the statement. ACM continues to strengthen its position, visibility, and participation in government policy formulation by educating and informing policymakers on key issues in computing and information technology

And here’s the actual recommendation:

ACM Statement on Voting Systems
Virtually all voting systems in use today (punch-cards, lever machines, hand counted paper ballots, etc.) are subject to fraud and error, including electronic voting systems, which are not without their own risks and vulnerabilities. In particular, many electronic voting systems have been evaluated by independent, generally-recognized experts and have been found to be poorly designed; developed using inferior software engineering processes; designed without (or with very limited) external audit capabilities; intended for operation without obvious protective measures; and deployed without rigorous, scientifically-designed testing.
To protect the accuracy and impartiality of the electoral process, ACM recommends that all voting systems-particularly computer-based electronic voting systems-embody careful engineering, strong safeguards, and rigorous testing in both their design and operation. In addition, voting systems should enable each voter to inspect a physical (e.g., paper) record to verify that his or her vote has been accurately cast and to serve as an independent check on the result produced and stored by the system. Making those records permanent (i.e., not based solely in computer memory) provides a means by which an accurate recount may be conducted. Ensuring the reliability, security, and verifiability of public elections is fundamental to a stable democracy. Convenience and speed of vote counting are no substitute for accuracy of results and trust in the process by the electorate.

Reuters reports that Senate backers of the INDUCE Act — including Senate Majority Leader Bill Frist and Minority Leader Tom Daschle — may attempt to attach the bill to a must-pass spending bill in an effort to secure passage for the controversial (and ill-conceived) legislation.
The Senate Judiciary Committee could take up the bill on Thursday, according to the Reuters’ report.
We’ve covered the bill here previously. The bill attempts to create a new form of secondary liability for copyright infringement that would hold technology makers and service providers liable for copyright violations by end users even if they never knew, contemplated, or intended to facilitate user infringement.
The U.S. Public Policy Committee of ACM has been keeping a close eye on the legislation and has more information.
Update: Much better coverage from Wired here.
Another Update: It now appears that the consensus within the technology community is strongly against the current version of the Induce Act. As Jason Schultz from EFF explains, the Business Software Alliance (BSA) (Microsoft, Apple, HP, IBM, Intel, etc), the Computer Systems Policy Project (Dell, HP, IBM, Intel, NCR, Motorola, etc), and the Information Technology Industry Council (Accenture, Canon, Cisco, Kodak, Oracle, Sun, etc) have all weighed in against the measure. EFF has links and analysis.
One More Update (Thursday, Sept 30, 2004): The Senate markup of the bill scheduled for today has been postponed.