CONTENTS

[1] Newsletter Highlights
[2] George Mason University E-Mail System Compromised
[3] Electronic Voting Machines Produce Some Problems, But No Meltdown
[4] Computers, Freedom and Privacy Conference Wants Your Proposals
[5] USACM Chair Concerned About Information Security Curricula
[6] Final E-Verify Rule Issued for Federal Contractors
[7] About USACM

[An archive of all previous editions of Washington Update is available at
http://www.acm.org/usacm/update/]
(more…)

USACM Chair Eugene Spafford recently made predictions about information security curriculua in American higher education for CSO Magazine. You can read his comments online.

According to Spafford, information security is like most areas of information technology where there is often more demand than students available. In the areas of cyber forensics and information, the curriculum has shifted away from some of the lower-level (machine-specific) skills that are needed in those specialties. This can pose a challenge for some employers seeking students with the right combination of skills. Unfortunately, these skills are not well integrated into existing computer science curricula, and what courses exist are not universally available. Read more about Dr. Spafford’s thoughts on information security curricula, and other predictions made in this CSO magazine series, online.

While some federal races remain too close to call, or are headed to runoffs, the 2008 election is notable for the lack of a dispute over election machines that may affect the outcome of an election. USACM members and ACM staff were observing activity throughout the country and noted the problems and issues with electronic voting in several media articles and interviews. We outlined these issues in a press release, which you can read online. It emphasizes voter registration database concerns.

USACM Barbara Simons was interviewed by O’Reilly Media about the election. They have a podcast and transcript of the interview available online. Some excerpts from other press reports involving USACM members:

From the Associated Press and the Welland Tribune (Ontario, Canada):

The majority staff of the House Homeland Security Committee hosted a workshop December 3 on “Constitutional Protections in Homeland Security.” A copy of the agenda is currently available on the Committee’s schedule page. The speakers covered a wide variety of homeland security related topics, including communications during natural disasters, data mining, information sharing, transportation, border crossing and cybersecurity. If the committee will address each of the issues that came up during the workshop, its members will have a very busy Congress.

If there is a common theme to extract from the various issues raised at the event, it is that the transition to a new Secretary of Homeland Security (Arizona Governor Janet Napolitano has been nominated for the position) provides an excellent opportunity to take a step back and assess the progress DHS has made in the five years since it was formed. Many of the criticisms of homeland security programs (the no fly list and related travel programs, REAL ID, the utility of predictive data mining) came about in part because the Department has been primarily reactive, trying to institute programs quickly. As a result, privacy and security provisions of many of these programs were either ignored or added after the fact. Similarly, many different programs operate in relative isolation - not everyone knows what the Department is doing. Many of the speakers expressed a hope that increased oversight of the Department could allow for some of these problems to be corrected and improve the ability of the Department to protect the nation.

Under a final rule published November 14, certain federal contractors and subcontractors will be required to use e-Verify, an electronic employment verification system, starting early next year. The regulation applies to certain contractors and subcontractors of the Defense Department, the National Aeronautics and Space Administration and the General Services Administration. It will take effect January 15.

The major changes since the initial rule was announced in June amount to changes in deadlines and thresholds that determine how relevant federal contracts must address the program. Any contracts worth $100,000 or more must use e-Verify (increased from $3,000). Many deadlines in the initial rule have been extended. For instance, contractors enrolling for the first time will have 90 days instead of 30 to start using the system.

While the changes will make the program less onerous for many, particularly small businesses, there are still many issues with a large database such as the ones e-Verify will use. USACM has provided testimony on this issue, and our concerns have not changed. E-Verify will be a continued concern going into the new year and new administration, and we will continue to watch developments.

The Computers, Freedom and Privacy (CFP) Conference recently issued the call for proposals for its 19th conference, slated for June 1-4, 2009 in the Washington, D.C. area. Proposals are due December 19, 2008.

The conference organizers intend to take advantage of the new administration and conference location to shape their agenda. From the conference web page:
(more…)