In response to the dire funding situation for the National Institute of Standards and Technology (NIST)Labs program in FY 2004 and beyond, CRA and US ACM’s Public Policy Committee have joined in a letter to leaders in Congress calling for increased support in the FY 2005 appropriations process.
Among the labs most likely impacted by the cuts — cuts enacted as part of the FY 2004 Omnibus Appropriations bill passed in January — is NIST’s Computer Security Division, which has played a historic role in computer security by conducting security research on emerging technologies, promoting security assessment techniques, providing security management and guidance, and facilitating a greater awareness of the need for security.
The extended entry below has the full letter, or you can download a PDF version here (335k).
GrepLaw, run by the Berkman Center for Internet and Society at Harvard, has an interview with CRA board member Gene Spafford (“Spaf”), on what it’s like to testify before Congress, the current spate of virus and worm attacks, his favorite operating systems, and his suggested reading list for “geeky legal types who want to become involved in the prevention, investigation, or prosecution of computer-related crimes.”
As part of the American Association for the Advancement of Science (AAAS) annual review of R&D in the President’s Budget Request, CRA provides an analysis of computing research in the request. This is essentially a look at the current status of the Networking and Information Technology Research and Development initiative — the government-wide program that encompasses all federal IT R&D activities. In short, the President’s request would keep things pretty steady-state. A slight decline in overall funding — made up of slight increases at some agencies, and slight declines in other. But the overall funding requested still falls well short of the amount recommended by the President’s Information Technology Advisory Committee (PITAC) when they did their last comprehensive review of federal IT R&D funding back in 1999.
Here are the highlights from the report:
Highlights
Networking and Information Technology Research and Development (NITRD) funding would fall 0.7 percent in FY 2005 to $2.00 billion across eleven federal agencies, under the Presidents budget request.
The President’s request would increase funding for computing research at the National Science Foundation (NSF), the lead agency in the NITRD initiative, to $761 million in FY 2005, an increase of 0.9 percent.
Concerns about interagency coordination of large-scale “cyberinfrastructure” investments in FY 2005 will likely lead to greater congressional oversight of NITRD programs in 2004.
Researchers from Harvard Business School and the University of North Carolina released a study today that suggests that illegal downloading of songs via P2P networks is not having a significant effect on legitimate music sales and in many cases may help album sales. The Washington Post has the story.
A few choice paragraphs:
Songs that were heavily downloaded showed no measurable drop in sales, the researchers found after tracking sales of 680 albums over the course of 17 weeks in the second half of 2002. Matching that data with activity on the OpenNap file-sharing network, they concluded that file sharing actually increases CD sales for hot albums that sell more than 600,000 copies. For every 150 downloads of a song from those albums, sales increase by a copy, the researchers found.
“Consumption of music increases dramatically with the introduction of file sharing, but not everybody who likes to listen to music was a music customer before, so it’s very important to separate the two,” said Felix Oberholzer-Gee, an associate professor at Harvard Business School and one of the authors of the study.
Oberholzer-Gee and his colleague, University of North Carolina’s Koleman Strumpf, also said that their “most pessimistic” statistical model showed that illegal file sharing would have accounted for only 2 million fewer compact discs sales in 2002, whereas CD sales declined by 139 million units between 2000 and 2002.
“From a statistical point of view, what this means is that there is no effect between downloading and sales,” said Oberholzer-Gee.
Tech Daily (sub. req’d) reports on a Senate bill introduced yesterday by Sen. Patrick Leahy (D-VT) that would allow the Justice Department to file civil lawsuits and bring criminal charges against song-swappers using peer-to-peer networks. Complaints from content providers about the relatively few numbers of criminal prosecutions for file trading apparently led Leahy to introduce the bill (S. 2237 — should be available online shortly). Currently, the government has to prove that song traders demonstrate “willful conduct” to bring criminal charges. Leahy’s bill apparently lowers that threshold. Judiciary Chairman Orrin Hatch is a co-sponsor. RIAA and MPAA are on board:
“This legislation provides federal prosecutors with the flexibility and discretion to bring copyright-infringement cases that best correspond to the nature of the crime,” said Mitch Bainwol, CEO of the Recording Industry Association of America.
“I commend Senators Patrick Leahy and Orrin Hatch for their vision and leadership in combating the theft of America’s creative works,” said Jack Valenti, CEO of the Motion Picture Association of America.
Speaking in New Mexico today, President Bush announced his support for rolling out universal broadband service within three years. From Reuters:
“We ought to have universal, affordable access to broadband technology by the year 2007,” Bush said. “And then we ought to make sure as soon as possible thereafter consumers have plenty of choices.”
“It’s important that we stay on the cutting edge of technological change, and one way to do so is to have a bold plan for broadband,” he said. Bush did not elaborate on how he would accomplish the 2007 goal.
In addition, Bush urged that broadband access be tax free. It looks like the issue, long dormant for this White House in particular, may become a campaign issue:
Minutes after the president spoke, Democratic presidential contender John Kerry mentioned broadband as a key growth area during a campaign speech laying out his economic policy.
The scorecard for IT campaign issues so far then: IT offshoring (to protect or not to protect); Universal Broadband (how to roll it out, who should pay); maybe soon IT R&D? 🙂
Witty was the first widely propagated Internet worm to carry a destructive payload.
Witty was started in an organized manner with an order of magnitude more ground-zero hosts than any previous worm.
Witty represents the shortest known interval between vulnerability disclosure and worm release — it began to spread the day after the ISS vulnerability was publicized.
Witty spread through a host population in which every compromised host was doing something proactive to secure their computers and networks.
Witty spread through a population almost an order of magnitude smaller than that of previous worms, demonstrating the viability of worms as an automated mechanism to rapidly compromise machines on the Internet, even in niches without a software monopoly.
The conclusion is ominous:
Witty demonstrated that any minimally deployed piece of software with a remotely exploitable bug can be a vector for wide-scale compromise of host machines without any action on the part of a victim. The practical implications of this are staggering; with minimal skill, a malevolent individual could break into thousands of machines and use them for almost any purpose with little evidence of the perpetrator left on most of the compromised hosts.
And finally:
The patch model for Internet security has failed spectacularly. To remedy this, there have been a number of suggestions for ways to try to shoehorn end users into becoming security experts, including making them financially liable for the consequences of their computers being hijacked by malware or miscreants. Notwithstanding the fundamental inequities involved in encouraging people sign on to the Internet with a single click, and then requiring them to fix flaws in software marketed to them as secure with technical skills they do not possess, many users do choose to protect themselves at their own expense by purchasing antivirus and firewall software. Making this choice is the gold-standard for end user behavior — they recognize both that security is important and that they do not possess the skills necessary to effect it themselves. When users participating in the best security practice that can be reasonably expected get infected with a virulent and damaging worm, we need to reconsider the notion that end user behavior can solve or even effectively mitigate the malicious software problem and turn our attention toward both preventing software vulnerabilities in the first place and developing large-scale, robust and reliable infrastructure that can mitigate current security problems without relying on end user intervention.
Thanks to Richard Jones of the American Institute of Physics for sending around remarks Sen. Pete Domenici (R-NM), former chair of the Senate Budget Committee (now chair of the Energy and Natural Resources Committee), made on the Senate floor in support of increased funding for basic research.
“The time has come to spend money on basic research, just as we have on medical research,” Domenici said.
Read the complete remarks by following the link below.
The Boston Globe has a piece on the apparent disposition of some TIA-related (DARPA .pdf) work in the wake of Congress’ move last year to eliminate DARPA funding for the controversial program. The program, an attempt to “design a prototype network that integrates innovative information technologies for detecting and preempting foreign terrorist activities against Americans,” came under fire from a number of groups, including CRA, who saw the eventual deployment of such a system as a serious threat to American civil liberties and security. (However, CRA also argued, in a letter to the House and Senate negotiators, that while a prohibition on deploying the technology might be appropriate, prohibiting research into these areas would not be in the national interest.)
Though Congress cut funding at DARPA for TIA-related research at DARPA and eliminated the office at the agency that housed the project, language in the FY 2004 Defense Appropriations bill did allow related research to continue at unspecified intelligence agencies. The article notes that this work is apparently going forward, though parallel work DARPA had undertaken to insure there were privacy protections in any TIA-related system is apparently not.
It’s difficult to know with any certainty whether privacy-related research is actually being funded by any of the intelligence agencies (though it’s clear from the article that work that had been funded by DARPA in the area has not been continued). This lack of transparency is an unfortunate consequence of the research moratorium imposed by Congress, and one of the reasons CRA opposed it….
Please use the Category and Archive Filters below, to find older posts. Or you may also use the search bar.
CRA, USACM Urge Support for NIST Labs
/In: Funding /by Peter HarshaIn response to the dire funding situation for the National Institute of Standards and Technology (NIST) Labs program in FY 2004 and beyond, CRA and US ACM’s Public Policy Committee have joined in a letter to leaders in Congress calling for increased support in the FY 2005 appropriations process.
Among the labs most likely impacted by the cuts — cuts enacted as part of the FY 2004 Omnibus Appropriations bill passed in January — is NIST’s Computer Security Division, which has played a historic role in computer security by conducting security research on emerging technologies, promoting security assessment techniques, providing security management and guidance, and facilitating a greater awareness of the need for security.
The extended entry below has the full letter, or you can download a PDF version here (335k).
Read more →
GrepLaw Interview With Spaf
/In: People /by Peter HarshaGrepLaw, run by the Berkman Center for Internet and Society at Harvard, has an interview with CRA board member Gene Spafford (“Spaf”), on what it’s like to testify before Congress, the current spate of virus and worm attacks, his favorite operating systems, and his suggested reading list for “geeky legal types who want to become involved in the prevention, investigation, or prosecution of computer-related crimes.”
CRA Analysis of Computing Research in the FY 2005 Budget Request
/In: Funding /by Peter HarshaAs part of the American Association for the Advancement of Science (AAAS) annual review of R&D in the President’s Budget Request, CRA provides an analysis of computing research in the request. This is essentially a look at the current status of the Networking and Information Technology Research and Development initiative — the government-wide program that encompasses all federal IT R&D activities. In short, the President’s request would keep things pretty steady-state. A slight decline in overall funding — made up of slight increases at some agencies, and slight declines in other. But the overall funding requested still falls well short of the amount recommended by the President’s Information Technology Advisory Committee (PITAC) when they did their last comprehensive review of federal IT R&D funding back in 1999.
Here are the highlights from the report:
Read on to get the full scoop…
Read more →
Another Data Point in the P2P Debate
/In: Research /by Peter HarshaResearchers from Harvard Business School and the University of North Carolina released a study today that suggests that illegal downloading of songs via P2P networks is not having a significant effect on legitimate music sales and in many cases may help album sales. The Washington Post has the story.
A few choice paragraphs:
Senate Bill Would Allow DOJ to Target Filesharers
/In: Policy /by Peter HarshaTech Daily (sub. req’d) reports on a Senate bill introduced yesterday by Sen. Patrick Leahy (D-VT) that would allow the Justice Department to file civil lawsuits and bring criminal charges against song-swappers using peer-to-peer networks. Complaints from content providers about the relatively few numbers of criminal prosecutions for file trading apparently led Leahy to introduce the bill (S. 2237 — should be available online shortly). Currently, the government has to prove that song traders demonstrate “willful conduct” to bring criminal charges. Leahy’s bill apparently lowers that threshold. Judiciary Chairman Orrin Hatch is a co-sponsor. RIAA and MPAA are on board:
More info as it becomes available….
Bush Announces Broadband Policy
/In: Policy /by Peter HarshaSpeaking in New Mexico today, President Bush announced his support for rolling out universal broadband service within three years. From Reuters:
In addition, Bush urged that broadband access be tax free. It looks like the issue, long dormant for this White House in particular, may become a campaign issue:
The scorecard for IT campaign issues so far then: IT offshoring (to protect or not to protect); Universal Broadband (how to roll it out, who should pay); maybe soon IT R&D? 🙂
The Spread of the Witty Worm
/In: Research /by Peter HarshaThe folks at UCSD Computer Science and Engineering and the Cooperative Association for Internet Data Analysis (CAIDA) put their “Network Telescope” to good work in analyzing the spread of the Witty Worm. From their analysis:
The conclusion is ominous:
And finally:
Interesting stuff…
Tough Times in Industrial IT R&D
/In: Research /by Peter HarshaSpotted on Dave Farber’s Interesting People list:
Talent Link Drains AT&T Think Tank
Encouraging Words from Sen. Domenici (R-NM)
/In: Funding /by Peter HarshaThanks to Richard Jones of the American Institute of Physics for sending around remarks Sen. Pete Domenici (R-NM), former chair of the Senate Budget Committee (now chair of the Energy and Natural Resources Committee), made on the Senate floor in support of increased funding for basic research.
“The time has come to spend money on basic research, just as we have on medical research,” Domenici said.
Read the complete remarks by following the link below.
Read more →
Some TIA-related work goes on, but not privacy work?
/In: Policy /by Peter HarshaThe Boston Globe has a piece on the apparent disposition of some TIA-related (DARPA .pdf) work in the wake of Congress’ move last year to eliminate DARPA funding for the controversial program. The program, an attempt to “design a prototype network that integrates innovative information technologies for detecting and preempting foreign terrorist activities against Americans,” came under fire from a number of groups, including CRA, who saw the eventual deployment of such a system as a serious threat to American civil liberties and security. (However, CRA also argued, in a letter to the House and Senate negotiators, that while a prohibition on deploying the technology might be appropriate, prohibiting research into these areas would not be in the national interest.)
Though Congress cut funding at DARPA for TIA-related research at DARPA and eliminated the office at the agency that housed the project, language in the FY 2004 Defense Appropriations bill did allow related research to continue at unspecified intelligence agencies. The article notes that this work is apparently going forward, though parallel work DARPA had undertaken to insure there were privacy protections in any TIA-related system is apparently not.
It’s difficult to know with any certainty whether privacy-related research is actually being funded by any of the intelligence agencies (though it’s clear from the article that work that had been funded by DARPA in the area has not been continued). This lack of transparency is an unfortunate consequence of the research moratorium imposed by Congress, and one of the reasons CRA opposed it….