ACM Committee on Computers and Public Policy (CCPP) FY 2002 Annual Report
Annual Report of the
ACM Committee on Computers and Public Policy (CCPP)
For the Period 1 July 2001 to 30 June 2002
Submitted by Peter G. Neumann, Chairman
Date: 1 July 2002
The Chairman of the ACM Committee on Computers and Public Policy is
Peter G. Neumann. Committee Members include Peter Denning, Sy
Goodman, Jim Horning, Rob Kling, Nancy Leveson, David Parnas, Jerry
Saltzer, Barbara Simons, and Lauren Weinstein. Interactions generally
involve e-mail and telephone calls, with occasional in-person
meetings. Various constructive interchanges have occurred during the
year. I am very grateful to the committee members for their continued
There is some overlap with other ACM committees (notably USACM).
Horning, Kling, Neumann, Simons, and Weinstein (at least) are members of
The ACM Risks Forum activity involves many tens (hundreds?) of
thousands of people around the world, few of whom are contributing
to the CCPP effort through their RISKS submissions.
PURPOSE OF CCPP
CCPP seeks (1) to aid the ACM with respect to a variety of issues
relating to computers and public policy, and (2) to help make the ACM
more visible worldwide. The most visible project is the Forum on
Risks to the Public in Computers and Related Systems, established
according to Adele Goldberg's President's message in the February 1985
issue of the Communications of the ACM. This has several
manifestations, such as
* RISKS: The Newsgroup;
* RISKS: The Software Engineering Notes Highlights four times a year;
* The CACM Inside Risks monthly column; and
* RISKS: The Book (see below).
Neumann has been highly visible in those efforts, but many other CCPP
members have also been active participants. Additionally, some other
efforts have been undertaken, and CCPP members have continued to be
active in ACM advisory roles and in computer policy issues, either
directly related to CCPP or otherwise.
CCPP represents an extraordinary collection of creative thinking
ability and resources for ACM.
RELEVANT ACTIVITIES DURING THE REPORTING YEAR
Following is a list of activities involving CCPP members related to
CCPP, RISKS, and ACM. Most of the items have specific relevance to
the CCPP charter, although some of them were not done directly under
ITEMS OF IMMEDIATE RELEVANCE to CCPP
1. The on-line Forum on Risks to the Public in Computers and Related
Systems. In addition to various unofficial mirrored sites on the
Internet, the official archives are available by anonymous ftp
in the U.S. at ftp://ftp.sri.com/risks/ , and in a nicely indexed
and formatted site in the U.K., courtesy of Lindsay Marshall:
which is also accessible as
The Risks Forum continues as an institution. Its readership
continues to expand, with a steady flow of new direct subscribers
who receive RISKS directly from me (now in every country that
supports the Internet), or via USENET as comp.risks, or as a
newsgroup via BBOARD sites and redistribution centers throughout
the Internet. (We suspect there are well over 200,000 readers
Neumann contributes many hours each week, moderating RISKS,
responding to queries, engaging in individual dialogues with
readers, distilling the highlights for SIGSOFT's Software
Engineering Notes (SEN), deleting huge quantities of spamming
e-mail, and handling tons of rejected addresses, with many new
ones with each successive issue. From the feedback we receive,
RISKS appears to be one of the most widely read and most useful of
the moderated on-line digests. Despite its high profile and the
intrinsically controversial nature of some of the material, RISKS
has been a relatively noninflammatory operation; this reflects the
fact that Neumann takes his moderator's role quite seriously,
although a few things still slip by. (The advisory members of
CCPP are invoked as informal reviewers whenever a potentially
controversial contribution must be considered. In addition, each
member of the committee has typically played an important advisory
role during the year on various sensitive issues.)
2. Highlights from the on-line RISKS Forum continue to appear four
times each year in Software Engineering Notes. Neumann, the
founding editor in 1976, continues on as Associate Editor for the
RISKS section, after Will Tracz took over as Editor in 1995.
SEN's circulation is one of the larger among SIGs.
PGN's Illustrative Risks document provides a topical index for
SEN and RISKS:
as well as illustrative.pdf and illustrative.ps for print versions.
3. The "Inside Risks" series inside the back cover of each CACM
highlights particular issues with a broader perspective. CCPP
members have been very helpful in reviewing prospective columns.
Guest columns are solicited as appropriate, and proposals are always
considered. The following columns either appeared or were written
within the reporting year. This year, Lauren Weinstein authored or
coauthored 4 columns, and Jim Horning contributed one and coauthored
another with Peter Denning.
P.G. Neumann (ed). Inside Risks. Communications of the ACM (inside
back cover), which began monthly in the July 1990 issue.
Jul 01.133. Learning from Experience, Jim Horning
Aug 01.134. Risks in E-mail Security, Albert Levi and Cetin Kaya Koc
Sep 01.135. Web Cookies: Not Just a Privacy Risk, Emil Sit and Kevin Fu
Oct 01.136. The Perils of Port 80. Stephan Somogyi and Bruce Schneier
Nov 01.137. Risks of Panic, Lauren Weinstein and PGN
Dec 01.138. Risks of National Identity Cards, PGN and Lauren Weinstein
Jan 02.139. Uncommon Criteria, Rebecca Mercuri
Feb 02.140. The Homograph Attack, Evgeniy Gabrilovich and Alex Gontmakher
Mar 02.141. Risks of Linear Thinking, Peter Denning and James Horning
Apr 02.142. Digital Evidence, David WJ Stringer-Calvert
May 02.143. Risks of Inaction, Lauren Weinstein
Jun 02.144. Free Speech Online and Offline, Ross Anderson
4. Neumann's RISKS BOOK ("Computer-Related Risks", (ACM Press,
Addison-Wesley) is still chugging along in the fourth printing,
and also appeared in a Japanese translation during 1999-2000.
More recent material is on line, although it needs updating:
PRIVACY FORUM: http://www.vortex.com/privacy
5. Numerous activities of PGN are enumerated in Appendix I below.
6. Lauren Weinstein continues his moderation of the PRIVACY
Forum Digest under the aegis of CCPP.
REALITY RESET: http://www.vortex.com/reality
The PRIVACY Forum has had another productive year, with
connectivity, services, and public awareness continuing to expand.
The Privacy Forum continues to provide discussions, information,
and other services that include the many areas of privacy--which
intersect virtually every aspect of our lives. In a manner that
cuts across all socioeconomic and political boundaries, the range
of privacy issues is vast, and seemingly expanding every day.
From financial to medical, from law enforcement to encryption, the
Forum strives to provide a venue for balanced and carefully
moderated discourse on these topics. The PRIVACY Forum and
its archive are continually referenced from around the world, and
have been listed as major network resources in the links of many
private, commercial, and governmental entities globally.
Like PGN, Lauren receives numerous e-mail and telephone contacts
from all manner of media points, and continues to participate in
newspaper and magazine articles, local and network radio and
television interviews, and similar discussions on privacy topics.
He also conducts his own PRIVACY Forum Radio interviews regarding
a range of privacy-related issues, and has been a frequent
commentator on National Public Radio's ``Morning Edition''
regarding technology and society. In the past year, he has put
out numerous Reality Reset and Factsquad pieces:
THIS FILE: http://www.csl.sri.com/neumann/ccpp.html
7. Other CCPP members have also interacted with various ACM people on
ACM and CCPP-related issues, reviewed drafts, refereed papers,
etc. The others not specifically having their activities
described here were presumably too busy or too modest to report on
those activities. Other CCPP members also receive calls asking for
information, help, etc., and in many cases act as an indirection
agent by handing off these requests to other appropriate
individuals. Many requests from media personnel were fielded in
the past year.
8. CCPP members wrote papers and gave talks that bear on computers and
9. This CCPP report is accessible from the acm.org pages, via a link
to my CCPP Web page:
10. P.G. Neumann, Expert Voices: House of Cards, On Digital Security,
interviewed by Marcia Stepanik, CIO Insight Magazine, September 2001,
PLANS THROUGH 1 JULY 2002
11. Neumann will continue moderating the on-line RISKS Forum and
contributing the RISKS sections of SIGSOFT. At the pleasure of
the new ACM President, he would be happy to continue chairing CCPP.
12. Neumann will continue to coordinate/edit/write the CACM Inside
Risks, seeking some more invited pieces on topical RISKS-related
subjects written by members of CCPP and other contributors, to
encourage diversity. Various CCPP members have indicated topics
on which they might write a column. [Please consider this an open
invitation to whomever reads this report to submit something that
is relevant to RISKS.]
13. We will continue interactions between CCPP and USACM, with some
BUDGET AND FUNDING
The 2001-2002 CCPP expenditures were as usual minimal, and the budget
was adequate, with only modest amounts required for computing
resources and communications. (SRI continues to provide free disk
space for the RISKS FTP archives on ftp.sri.com; the CSL.SRI.COM
resources are partly subsidized by SRI.) We continue to provide some
support for Lauren Weinstein's on-line Privacy Forum, which has become
an extremely valuable complement to the Risks Forum. We appreciate
ACM's past support, and have been fortunate in staying under budget.
The RISKS Forum and its related efforts have thrived, although there
have been other CCPP-related activities as well. This year we have
renewed our long-term involvement in the risks of electronic voting
We note that several closely related efforts are already ongoing under
the aegis of the External Activities Board. For example, the
scientific freedom and human rights, legal, education, and USACM
committees involve issues relevant to CCPP. Consequently, we are
happy to interact with others in those related areas, without CCPP
having to be directly in the loop.
The RISKS Forum and the PRIVACY Forum span the entire gamut of CCPP
issues, and involves reaching out to many thousands of people,
throughout the world, quite a few of whom are actively contributing
participants. Certainly RISKS is heavily involved in human safety,
privacy, ethics, legal responsibility, etc., and there is no shortage
of public-policy related issues!
The Inside Risks column serves as an outlet for CCPP, not just narrowly as
highlights of the RISKS Forum. We expect to continue that approach for
selected topics in the future.
Continued support of existing and possibly new CCPP activities is
appropriate, and will be appreciated. However, we are delighted to be
a low-budget high-yield part of the ACM.
In general, we continue to broaden our scope and involvement, subject
to the limitations of personal availability. We would be delighted to
receive from ACM executive folks suggestions for new directions
relating to computers and public policy. The CCPP members represent a
valuable cross-section of ACM interests relating to public-policy
issues. I greatly appreciate all of their efforts in helping CCPP and
the ACM, even though many of those efforts are not noted here
explicitly. I believe that ACM would do well to use CCPP resources
more often as a resource for advice and review. PGN
Peter G. Neumann, Principal Scientist, Computer Science Laboratory,
SRI International EL-243, Menlo Park CA 94025-3493
Net address: Neumann@CSL.SRI.COM ;
Phone: 1-650-859-2375 FAX 1-650-859-2844
APPENDIX I: Relevant Activities of Peter G. Neumann
2001 RELEVANT EVENTS by PGN
July 30, Stanford WAIS conference, spoke in session following talks by
John McCarthy and Vaughan Pratt.
August 26-28, Caltech/MIT Voting Technology Workshop, Tomales Bay
August 29, testified for Congressman Steve Horn's House Government
Efficiency Committee on computer security.
September 2, panelist on voting at the American Political Science
Convention of the American Political Science, San Francisco.
September 10-12, CHATS PI meeting Myrtle Beach SC.
September 26, Distinguished lecturer, Adobe,
Software Risks and What To Do About Them, San Jose.
September 28, interviewed for FOX TV on the role of technology
October interview with John Gehl appears in ACM's Ubiquity,
http://www.acm.org/ubiquity/ and http://www.csl.sri.com/ubiquity.html .
October 21, roundtable discussion featured in two-page article in the San
Jose Mercury News.
October 26, interviewed by Terry McElhatten for TechTV on Carnivore and
October 29, recipient of Honorary CISSP from ISC2.
November 6-8, attended Microsoft's Trusted Computing Conference in
November 15, Distinguished Lecturer, Santa Clara University
Computer-Related Risks and What To Do About Them
December 3-5, attended and gave the keynote lecture for the DARPA
OpticIA Workshop in Santa Cruz.
2002 RELEVANT EVENTS by PGN
January 31, World Affairs Council talk in San Francisco:
Cybersecurity, Cyberterrorism, and the Future
February 14-15, NSF meeting on future of computer security,
February 25-26, open source workshop at Newcastle, keynoted
talk, Developing Dependable Open-Source Systems: Principles for
March 4, gave the computer science colloquium at UCBerkeley
March 6, International Diplomacy Council, spoke to 27 lawyers, judges,
academicians, and court officials from foreign governments,
guests of the U.S. Government
March 19-20, GAO Executive Committee on Information Management and Technology
March 21, Stanford Affiliates Week, panel, Information Technology and
Security In the New Era, with John Mitchell, Dan Boneh, Teresa Lunt,
Steve Lukasik, and Dave Liddle
March 22, talk on software complexity for IBM senior VPs' Research
April 9, taught John Markoff's class at Stanford (technojournalism)
April 18, participated in two panels at Computers, Freedom, and Privacy
2002 in San Francisco: (1) Risks of electronic voting; (2) Assessing
the future of ICANN at Year 3
April 24-25, University of Nebraska, Omaha: taped six half-hour segments
for Blaine Burnham's computer security history project, and keynoted
their InfoTec security conference, Risks in Information Systems,
Networks, and Critical Infrastructures
May 13-15, attended the IEEE Symposium on Security and Privacy
May 14, O'Reilly Emerging Technology Conference, Santa Clara, talk:
Future of Computer Systems and Networks
May 15, taught a Stanford CS course, Computers and Social Decisions,
run by Todd Davies, talking on risks of electronic voting systems
May 16, participated in an NRC/GAO workshop on biometrics
May 20, taught a Stanford CS course run by Ed Felten and Barbara Simons,
talking on the computer science issues in electronic voting systems
May 31, NSF Computer Information System and Engineering Advisory Board,
in Arlington VA
June 12, Talk at Hewlett-Packard, The Art and Practice of Developing
June 18, Received the 2002 National Computer System Security Award
(under the auspices of NIST and NSA, formerly given in conjuction
with the National Information System Security Conference)
June 19, WashDC, INET Panel: Security and Dependability in the New
Current Web and Internet Addresses for CCPP Members
(Peter G. Neumann)
Neumann@csl.sri.com and firstname.lastname@example.org
(Peter J. Denning)