ACM Committee on Computers and Public Policy (CCPP) FY 2003 Annual Report
Committee on Computers and Public Policy
Annual Report of thehttp://catless.ncl.ac.uk/Risks/
ACM Committee on Computers and Public Policy (CCPP)
For the Period 1 July 2002 to 30 June 2003
Submitted by Peter G. Neumann, Chairman
Date: 9 July 2003
To: Rosemary and Pat, ACM, 1515 Broadway, NY NY 10036-9998
[Please Cc: further to whomever, as appropriate]
The Chairman of the ACM Committee on Computers and Public Policy is Peter G. Neumann. Active participants in CCPP include Peter Denning, Sy Goodman, Jim Horning, Nancy Leveson, David Parnas, Jerry Saltzer, Barbara Simons, and Lauren Weinstein. (We note the loss of Rob Kling, who was a long-time congtributor to CCPP.) Interactions generally involve e-mail and telephone calls, with occasional in-person meetings. Various constructive interchanges have occurred during the year. I am very grateful to the committee members for their continued long-standing participation.
There is some overlap with other ACM committees (notably USACM). Horning, Neumann, and Simons (at least) are members of both committees.
The ACM Risks Forum activity involves many tens (hundreds?) of thousands of people around the world, few of whom are contributing to the CCPP effort through their RISKS submissions.
PURPOSE OF CCPP
CCPP seeks (1) to aid the ACM with respect to a variety of issues relating to computers and public policy, and (2) to help make the ACM more visible worldwide. The most visible project is the Forum on Risks to the Public in Computers and Related Systems, established according to Adele Goldberg's President's message in the February 1985 issue of the Communications of the ACM. This has several manifestations, such as
* RISKS: The Newsgroup;
* RISKS: The Software Engineering Notes Highlights four times a year;
* The CACM Inside Risks monthly column; and
* RISKS: The Book (see below).
Neumann has been highly visible in those efforts, but other CCPP members have also been active participants. Additionally, some other efforts have been undertaken, and CCPP members have continued to be active in ACM advisory roles and in computer policy issues, either directly related to CCPP or otherwise.
CCPP represents an extraordinary collection of creative thinking ability and resources for ACM.
RELEVANT ACTIVITIES DURING THE REPORTING YEAR
Following is a list of activities involving CCPP members related to CCPP, RISKS, and ACM. Most of the items have specific relevance to the CCPP charter, although some of them were not done directly under CCPP auspices.
ITEMS OF IMMEDIATE RELEVANCE to CCPP
1. The on-line Forum on Risks to the Public in Computers and Related
Systems. In addition to various unofficial mirrored sites on the
Internet, the official archives are available by anonymous ftp
in the U.S. at ftp://ftp.sri.com/risks/ , and in a nicely indexed
and formatted site in the U.K., courtesy of Lindsay Marshall:
which is also accessible ashttp://www.risks.org
The Risks Forum continues as an institution. Its readershiphttp://www.CSL.sri.com/neumann/illustrative.html
continues to expand, with a steady flow of new direct subscribers
who receive RISKS directly from me (now in every country that
supports the Internet), or via USENET as comp.risks, or as a
newsgroup via BBOARD sites and redistribution centers throughout
the Internet. (We suspect there are well over 200,000 readers
Neumann contributes many hours each week, moderating RISKS,
responding to queries, engaging in individual dialogues with
readers, distilling the highlights for SIGSOFT's Software
Engineering Notes (SEN), deleting huge quantities of spamming
e-mail, and handling tons of rejected addresses, with many new
ones with each successive issue. From the feedback we receive,
RISKS appears to be one of the most widely read and most useful of
the moderated on-line digests. Despite its high profile and the
intrinsically controversial nature of some of the material, RISKS
has been a relatively noninflammatory operation; this reflects the
fact that Neumann takes his moderator's role quite seriously,
although a few things still slip by. (The advisory members of
CCPP are invoked as informal reviewers whenever a potentially
controversial contribution must be considered. In addition, each
member of the committee has typically played an important advisory
role during the year on various sensitive issues.)
2. Highlights from the on-line RISKS Forum continue to appear four
times each year in Software Engineering Notes. Neumann, the
founding editor in 1976, continues on as Associate Editor for the
RISKS section, after Will Tracz took over as Editor in 1995.
SEN's circulation is one of the larger among SIGs.
PGN's Illustrative Risks document provides a topical index for
SEN and RISKS:
as well as illustrative.pdf and illustrative.ps for print versions.http://www.CSL.sri.com/neumann/insiderisks.html
3. The "Inside Risks" series inside the back cover of each CACM
highlights particular issues with a broader perspective. CCPP
members have been very helpful in reviewing prospective columns.
Guest columns are solicited as appropriate, and proposals are always
considered. The following columns either appeared or were written
within the reporting year. This year, Neumann authored two columns,
and Barbara Simons co-authored one. As seen from the following list,
we have substantially broadened the authorship in the past year.
P.G. Neumann (ed). Inside Risks. Communications of the ACM (inside
back cover), which began monthly in the July 1990 issue.
Jul 02.145. Risks: Beyond the Computer Industry, Don Norman
Aug 02.146. Risks in Features vs. Assurance, Tolga Acar and John R. Michener
Sep 02.147. Risks of Digital Rights Management, Mark Stamp
Oct 02.148. Secure Systems Conundrum, Fred B. Schneider
Nov 02.149. Florida 2002: Sluggish Systems, Vanishing Votes, Rebecca Mercuri
Dec 02.150. Why Security Standards Sometimes Fail, Avishai Wool
Jan 03.151. The Mindset of Dependability, Michael Lesk
Feb 03.152. Gambling on System Accountability, PGN
Mar 03.153. Risks of Total Surveillance, Barbara Simons and Gene H. Spafford
Apr 03.154. On Sapphire and Type-Safe Languages, Andrew Wright
May 03.155. Risks of Misinformation, PGN
Jun 03.156. Reflections on Trusting Trust Revisited, Diomidis Spinellis
These issues are available at
4. Neumann's RISKS BOOK ("Computer-Related Risks", (ACM Press,http://www.risks.org
Addison-Wesley) is still chugging along in the fifth printing,
and is also available in a Japanese translation.
All source material since 1985 is online in the Risks Forum
5. Numerous activities of PGN are enumerated in Appendix I below.PRIVACY FORUM: http://www.vortex.com/privacy
6. Lauren Weinstein continues his moderation of the PRIVACY
Forum Digest under the partial aegis of CCPP.
REALITY RESET: http://www.vortex.com/reality
The Privacy Forum and related services continue to provide
discussions, information, and other services that include the many
areas of privacy -- which intersect virtually every aspect of our
lives. The PRIVACY Forum and its archive are continually referenced
from around the world, and have been listed as major network
resources in the links of many private, commercial, and governmental
Like PGN, Lauren receives numerous e-mail and telephone contacts
from all manner of media points, and continues to participate in
newspaper and magazine articles, local and network radio and
television interviews, and similar discussions on privacy topics.
He also conducts PRIVACY Forum Radio interviews regarding
a range of privacy-related issues, and has been a frequent
commentator on National Public Radio's ``Morning Edition''
regarding technology and society. In the past year, he has put
out numerous Reality Reset and Factsquad pieces:
THIS FILE: http://www.CSL.sri.com/neumann/ccpp.html
7. Other CCPP members have also interacted with various ACM people on ACM
and CCPP-related issues, reviewed drafts, refereed papers, etc. The
others not specifically having their activities described here were
presumably too busy or too modest to report on those activities. Many
requests from media personnel were fielded in the past year.
8. CCPP members wrote papers and gave talks that bear on computers and
9. This CCPP report is accessible from the acm.org pages, via a link
to my CCPP Web page:
PLANS THROUGH 1 JULY 2004
10. Neumann will continue moderating the on-line RISKS Forum and
contributing the RISKS sections of SIGSOFT.
11. Neumann will continue to coordinate/edit/write the CACM Inside
Risks, seeking some more invited pieces on topical RISKS-related
subjects written by members of CCPP and other contributors, to
12. We will continue interactions between CCPP and USACM, with some
overlapping membership. There is also some overlap with ACSP,
the ACM Committee on Security and Privacy, co-chaired by Gene
Spafford and Neumann, although the purposes of these three groups
are quite different.
BUDGET AND FUNDING
The 2002-2003 CCPP expenditures were as usual minimal, and the budget was adequate, with only modest amounts required for computing resources and communications. (SRI continues to provide free disk space for the RISKS FTP archives on ftp.sri.com; the CSL.SRI.COM resources are partly subsidized by SRI.) In addition, Lindsay Marshall at Newcastle provides the risks.org archives on a pro bono basis, which is greatly appreciated. We appreciate ACM's past support, and have been fortunate in staying under budget.
The RISKS Forum and its related efforts have thrived, although there have been other CCPP-related activities as well. This year we have renewed our long-term involvement in the risks of electronic voting systems.
We note that several closely related efforts are already ongoing under the aegis of the External Activities Board. For example, the scientific freedom and human rights, legal, education, and USACM committees involve issues relevant to CCPP. Consequently, we are happy to interact with others in those related areas, without CCPP having to be directly in the loop.
The RISKS Forum and the PRIVACY Forum span the entire gamut of CCPP issues, and involves reaching out to many thousands of people, throughout the world, quite a few of whom are actively contributing participants. Certainly RISKS is heavily involved in human safety, privacy, ethics, legal responsibility, etc., and there is no shortage of public-policy related issues!
The Inside Risks column serves as an outlet for CCPP, not just narrowly as highlights of the RISKS Forum. We expect to continue that approach for selected topics in the future.
Continued support of existing and possibly new CCPP activities is appropriate, and will be appreciated. However, we are delighted to be a low-budget high-yield part of the ACM.
In general, we continue to broaden our scope and involvement, subject to the limitations of personal availability. We would be delighted to receive from ACM executive folks suggestions for new directions relating to computers and public policy. The CCPP members represent a valuable cross-section of ACM interests relating to public-policy issues. I greatly appreciate all of their efforts in helping CCPP and the ACM, even though many of those efforts are not noted here explicitly. I believe that ACM would do well to use CCPP resources more often as a resource for advice and review. PGN
Peter G. Neumann, Principal Scientist, Computer Science Laboratory,
SRI International EL-243, Menlo Park CA 94025-3493
Net address: Neumann@CSL.SRI.COM ;
Phone: 1-650-859-2375 FAX 1-650-859-2844
APPENDIX I: Relevant Activities of Peter G. Neumann
2002 RELEVANT EVENTS by PGN
July 10, Speaker in a Conference on the Impact of Future Information
Technology on Information Operations, sponsored by the CIA
Information Operations Center.
August 2-11, lecturer in residence, 23rd ISODARCO, Trento, Italy,
Italian Pugwash Group, International School on Disarmament and Resolution
of Conflicts, http://www.roma2.infn.it/isodarco
Cyberwar, Netwar, and the Revolution in Military Affairs --
Real Threats and Virtual Myths, Trento, Italy.
Talk: Risks of Computer-Related Technology;
Panelist: Risks in Critical Infrastructures
August 20, interviewed for Testing and Formal Methods, article by Rick
Whiting. InfoWeek, September 2nd issue
September 3-5, organizer and attendee for the Silicon Valley Summit
on Securing the Future for Internetworking, at HP, Palo Alto, chaired
by Stephen Squires
September 17-18, Washington DC, Workshop on Trustworthy Computing in
Dynamic Environments, Hyatt Fair Lakes, Fairfax VA, organizer, discussion
session moderator, breakout session leader (for Anup Ghosh)
September 20, IBM Hawthorne, security review of their future
research agenda, for Charles Palmer; colloquium talk: Reflections on
the Future of Trustworthy Systems and Networks
October 10, California Consumer Affairs Association, panelist
on biometric authentication
October 16, Sacramento, Advisory Council of the California
Office of Privacy Protection
November 18, Purdue Distinguished Visitor lecture:
The Artful Practice of Developing Trustworthy Systems
November 22, CARDIS02 (annual smart-card conference),
panelist on Trusted Computing Technologies, San Jose
2003 RELEVANT EVENTS by PGN
January 15, California Office of Privacy Protection Advisory Board, Sacramento
January 28, San Diego, moderated Town Meeting Homeland Defense
with Richard Clarke
January-February, testified four time for the Santa Clara County Supervisors on
their procurement of electronic voting machines
February, NPR interview with Dan Charles on electronic voting, aired on 10 February and subsequent days.
February 22, League of Women Voters, talk: Computer-Related Risks:
Security, Privacy, and Democracy
February 27, talk for Contra Costa Voter Integrity project
March 18, interviewed for Chief Security Officer Magazine
April 5, ACCESS: Broadband and the Digital Future: Who is in control? Stanford
Panel on privacy, spying, and censorship,
Panel on Internet Governance Karl Auerbach
April 9-11, attended IBM Almaden Institute on Privacy
April 22-24, attended DISCEX3, Crystal City
April 25, final meeting as member of NSF CISE Advisory Committee
April 28-29, participated in Harvard KSG Workshop on Identity in Digital Govt
May 8 California Office of Privacy Protection Advisory Council
May 9 Speaker at the EPIC/CalOPP workshop on Privacy and the 1st Amendment
May 13-14, GAO Executive Committee on Information Management and Technology
May 15, NSF workshop Management and Models for Cyberinfrastructure
May 16, Cyber Conflict Studies Association, National Defense University
May 21-23, Stanford Affiliates + Security Day
June 1, EPIC Advisory Board
June 2, EPIC privacy workshop, National Press Club
June 3, panelist, PoLaTech (Policy, Law, and Technology), Separating Fact
from Fiction in Assessing the Role of Technology in Addressing Privacy
June 4, FTC workshop on Technologies for Protecting Personal Information,
The Business Experience
June 5-6, NSF Committee of Visitors, reviewing Carl Landwehr's
Current Web and Internet Addresses for CCPP Members
(Peter G. Neumann)
Neumann@CSL.sri.com and email@example.com
(Peter J. Denning)