CRA Government Affairs

The House Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census planned to hold a hearing this Wednesday on “Defining Federal Information Technology Research and Development: Who? Where? What? Why? and How Much?” However, the events surrounding former President Ronald Reagan’s memorial here in DC have resulted in the hearing’s postponement. No news on a new date.
The committee had planned to hear testimony from two panels including NSF CISE Assistant Director Peter Freeman, DOE Office of Science Director Ray Orbach, NCO/IT R&D Director Dave Nelson, and CRA Government Affairs co-Chair and PITAC co-Chair Ed Lazowska.
In the process of putting together his testimony, Lazowska developed a really nice set of bullet points making the case for federal support of IT R&D. So despite the hearing postponement, I’ve decided to post them here. In the next day or so I’ll add them to the Government Affairs site proper, but for now, here they are:

Advances in information technology (IT) are changing our lives, driving our economy, and transforming the conduct of science.

America is the world leader in IT innovation because of a complex interplay of universities, industry, and the federal government.

Essentially every aspect of IT upon which we rely today – every billion-dollar sub-category of the IT industry – bears the clear stamp of federally-supported university-based research. These relatively modest investments have played an essential role in the past, and will play an essential role in the future. [see figure 1]

Don’t confuse the IT industry’s research and development (R&D) expenditures with fundamental research that’s guiding our way to the future. The vast majority of corporate R&D in IT – far more than 95% – involves the engineering of the next version of the product. This “development” is essential. But the transforming ideas – and our nation’s long-term leadership – come from research. IT companies do very little of that. It is a natural and essential role of government to support fundamental research – R&D that looks out 5, 10, or 15 years, rather than just one product cycle.

An important aspect of federally-supported university-based research is that it produces people, as well as ideas. There is a huge projected shortfall in IT workers over the next 10 years – the vast majority of the entire projected workforce shortfall in all of science and engineering is in information technology. And these are jobs that require a Bachelors-level education or greater. [see figure 2 (pdf 48kb)]

While the overall federal investment in research has been increasing over the past 30 years, the vast majority of this increase has been in the biomedical fields. Compared to that, all other fields have been flat-lined. [see figure 3]

Recent increases in federal support for IT research, while important, have fallen far short of the level recommended by PITAC in 1999. The overall level of support continues to be dangerously inadequate in the context of the importance of the field and the opportunity for further advances. [see figure 4]

While many federal agencies are engaged in supporting IT R&D, two of these agencies have played by far the dominant role in driving IT innovation over the past 50 years: NSF and DARPA. No other agencies come close.

The research community has significant concerns about the continued low level of funding for the CISE Directorate at NSF. Additionally, the research community has significant concerns about several aspects of DARPA’s programs that discourage university participation in defense-related IT research.

There are additional concerns about the Department of Homeland Security’s failure to invest in cybersecurity R&D. Of DHS’s new R&D budget of nearly $1 billion, less than 2% is being invested in cybersecurity R&D. And even this shockingly low level of investment was the result of a Congressional outcry – DHS initially proposed less than 1%. IT systems constitute the “control loop” of most other elements of our nation’s critical infrastructure (e.g., the electric power grid, the air traffic control grid, the financial grid, the telecommunications grid), and constitute a significant vulnerability.

The track record is clear: the relatively modest federal IT R&D investment pays enormous dividends: changing our lives, driving our economy, and transforming the conduct of science.

As a Gmail account holder (peter.harsha), I’ve got mixed feelings about news that the California State Senate has approved Sen. Liz Figueroa’s (D) bill placing restrictions on Google’s web-based e-mail service in order to prevent, Figueroa says, Google from “secretly oogling private e-mails.” While I’m happy on the one hand that government appears to be getting the message that privacy is an important issue — one maybe not so well understood by most consumers — I’m a bit nervous about the California legislature intervening.
I was especially nervous about Figueroa’s original bill, which would have “forbid Google from secretly scanning the actual content of e-mails for the purpose of placing targeted direct marketing ads” and required the company to “obtain the informed consent of every individual whose e-mails would be ‘oogled’.” By “every individual” Figueroa meant not only the Gmail account holder, but any person who e-mailed a Gmail account holder, or (presumably) anyone whose original e-mail message may have been forwarded by a third party to a Gmail account holder. I was primarily nervous because it seemed to me that the hurdle this restriction posed would effectively kill Gmail, and I was kind of intrigued by the service (despite Ed Felten’s objections). 🙂
Though the bill passed by the CA Senate (SB 1822) appears to have been amended heavily — gone is the outright prohibition against scanning e-mail without consent for marketing purposes, replaced with language that notes the many legitimate uses of e-mail scanning (spam filters, translation into audio for the blind, automatic sorting and forwarding, blocking image ads and web bugs, stripping HTML for handhelds) — the bill still notes that

In the context of electronic mail and instant messaging communications where electronic mail is scanned for purposes other than those [exceptions listed above], full and informed consent or notification of parties to the electronic mail communication is both appropriate and necessary.

The bill also places restrictions on how, even if granted consent, Google can make use of the e-mail scanning: it can only provide automated scanning to provide contemporaneous ads — which I believe was Google’s plan all along. But it also means Google can’t keep, for any purpose, any information or “user characteristics” it gleans from my email — even if that purpose might provide me some great benefit (I don’t know what exactly…great deals on products I’d like? pointers to information I might find useful?). Don’t get me wrong, I realize that there are plenty of nefarious things Google might be able to do with a monstrous database full of user data. But there might also be plenty of good things it could do — things I might even want them to do — in the future. This bill, it seems to me, would insure Google won’t have an opportunity to innovate at all in that area. What I worry about with this CA Senate action is the same thing I was worried about in the Total (Terrorism) Information Awareness debate and the ongoing P2P filesharing debate: the act of locking down technologies because some uses might be illegitimate can kill areas of legitimate research and innovation (or send them underground). I really worry that the legislative hammer is just too blunt an instrument to tinker with these technologies. Rather than artificially constraining the technologies because there’s a hypothetical chance they might be used for something nefarious, maybe the effort would be better focused on stopping those who are actually doing nefarious things.
Update: The San Jose Mercury News makes the same point about stifling innovation in an editorial.
Update 2: Gene Spafford sends an interesting e-mail with his perspective:

I think the best way to look at any of these issues is through the lens of the Fair Information Principles. They have been refined over the years, and enacted into the laws of countries around the world (including Canada). They also are consistent with standard ethics as practiced in a number of fields.
One of the standard ideas is that of informed consent. Information should be given only with consent, and then only after the uses of the information have been fully disclosed. Gmail doesn’t do that — if I send email to your gmail account, I have not been fully informed nor have I given consent. The California law restores that. You are correct that the law probably goes too far.
I think the TIA issue is addressed the same way. If you apply the fair information principles, then it was an unethical use of personal information.