Annual Report of the
           ACM Committee on Computers and Public Policy (CCPP)
              For the Period 1 July 2015 to 30 June 2016
                Submitted by Peter G. Neumann, Chairman 

Date: June 30, 2016
To: Rosemary McGuinness
    ACM, 2 Penn Plaza, Suite 701 New York, NY 10121-0701


The ACM Committee on Computers and Public Policy (CCPP) seeks to

 * aid the ACM with respect to a variety of internationally relevant
   issues pertaining to computers and public policy, and
 * help make the ACM even better recognized worldwide.

Its most visible project is the ACM Forum on Risks to the Public in
Computers and Related Systems, established in August 1986 in response to
Adele Goldberg's ACM President's message in the February 1985 issue of
the Communications of the ACM (CACM).  It has also served as a hands-on
review board for the Inside Risks articles in the CACM, since July 1990.


The Chairman of the ACM Committee on Computers and Public Policy (CCPP) is
Peter G. Neumann.  During the reporting year, the committee consisted of
Steve Bellovin, Peter Denning, Virgil Gligor, Kevin Fu, Nancy Leveson, David
Parnas, Jerry Saltzer, and Lauren Weinstein.  This body is as an expert
advisory group rather than a membership organization, and seems to have
considerable impact worldwide even though it maintains a relatively low
profile.  I am extraordinarily grateful to them for their continued
long-standing participation, including their incisive reviewing of CACM
Inside Risks columns and helping to resolve occasional potentially sticky
issues relating to the ACM Risks Forum.  The intellectual memory span and
diversity of interests that they represent and are contributing is
extraordinary, and have greatly improved the quality of the Inside Risks
content, as well as keeping the ACM Risks Forum on a sound track.  I
continue to value their incisive contributions on many issues that require
insight and wisdom.  Although their oversight efforts regarding Inside Risks
are often not visible to readers, some of the CACM columns have emerged only
after intense interactions with the authors that in a few cases even
escalated into coauthorship.

CCPP internal interactions generally involve e-mail, with occasional
telephone calls and in-person discussions.  Many constructive interchanges
have occurred during the reporting year, as in the past.

There is some overlap with other ACM committees.  Although there is some
commonality of problem areas, the charters of CCPP and USACM are quite
different.  USACM has a specifically U.S.-centric focus, whereas CCPP tends
to consider problems more generally, with a broader scope of topics, and
with a truly global perspective.  Neumann remains active in USACM
committees, including risks related to election systems, which is a common
interest of USACM and CCPP -- with primary domestic and international
scopes, respectively.

CCPP Efforts

CCPP has several manifestations, including

  * RISKS online: The ACM Forum on Risks to the Public in Computers as a
    newsgroup (a digest by e-mail, and distributed as comp.risks via
    USENET).  See Item 1 below.
  * RISKS highlights in ACM Software Engineering Notes (SEN): Edited
    and distilled from the online ACM Risks Forum.  See Item 2 below.
  * The CACM Inside Risks now with scheduled tri-yearly columns.  
    See Item 3 below.
  * RISKS: The Book, Computer-Related Risks.  See Item 4 below.

Neumann has been highly visible in those efforts, but other CCPP members
have also been active participants.  Additionally, some other efforts have
been undertaken, and CCPP members have continued to be active in ACM
advisory roles and in computer policy issues, either directly related to
CCPP or otherwise.

Neumann contributes many hours each week pro bono, moderating RISKS,
commissioning and editing CACM Inside Risks articles, responding to queries,
engaging in individual dialogues with readers, and distilling the RISKS
highlights for SIGSOFT's Software Engineering Notes (SEN).  From the
feedback we receive, RISKS appears to be one of the most widely read and
most useful of the moderated on-line digests relating to computer
technology.  It serves a real educational purpose.  Despite its high profile
and the occasionally controversial nature of some of the material, RISKS has
been a relatively noninflammatory operation; this reflects the fact that
Neumann takes his moderator's role quite seriously.  (The advisory members
of CCPP are invoked as informal reviewers whenever a potentially
controversial contribution must be considered.  In addition, each member of
the committee has typically played an advisory role during the year on
various sensitive issues.)

CCPP represents an extraordinary collection of creative thinking ability
and resources for ACM, and its members are invoked as appropriate.


Following is a list of CCPP-relevant activities.  Almost all were done
essentially pro-bono, and in my case with the considerable blessing and
computer support of SRI International's Computer Science Lab -- for which I
am hugely grateful.


1.  The on-line ACM Forum on Risks to the Public in Computers and Related
    Systems.  In addition to various unofficial mirrored sites on the
    Internet, including a feed at for comp.risks on USENET as of
    May, 2011, the official archives are available by anonymous ftp in the
    U.S. at , and in a nicely formatted searchable
    site in the U.K., courtesy of Lindsay Marshall:
    which is also accessible (without the search facility) as

    The ACM Risks Forum activity involves many tens or even hundreds of
    thousands of people around the world, some of whom are contributing to
    the CCPP effort through their RISKS submissions.  There are always many
    new first-time contributors each year.

    The ACM Risks Forum continues as an institution.  Since its first issue
    on August 1, 1985, its readership continues to expand, with a steady
    flow of new direct subscribers, via USENET newsgroups as comp.risks, and
    through redistribution centers and mirrored websites throughout the
    Internet.  It reaches essentially every country that does not censor the

    During the 2015-2016 reporting year, 83 issues of the ACM Risks Digest
    appeared (RISKS-28.74 to 28.97 and RISKS-29.01 to 29.59).  The number of
    submissions for consideration continues to be considerable, and the
    primarily limitation on the frequency of issues is the scarcity of my
    time.  (Roughly 97% of all mail that arrives in my mailbox at is spam, *after* pre-filtering.  However, that is not
    a problem, because regular readers have been trained to include a magic
    string in the subject line of genuine submissions, and almost all of
    which are generally considered for inclusion.  My rejection rate varies.)

2.  Highlights from the on-line RISKS Forum continue to appear six times
    each year in the ACM SIGSOFT Software Engineering Notes.  Neumann was
    SEN's founding editor in 1976.  After Will Tracz took over as Editor in
    1995, Neumann continued to contribute a RISKS section to every regular
    issue.  This continued under the third editor, Mike Wing, after Will
    Tracz became SIGSOFT Chairman.  Mike has now retired, breaking the
    precedent of his predecessors being editor for 19 years each.  The new
    editor is John Georgas .  (SEN's circulation is
    one of the larger among SIGs.)

3. P.G. Neumann (ed).  Inside Risks began in July 1990 as a monthly one-page
   item, originally inside the back cover of the CACM for 18 years.  It is
   now slated for three longer articles each year, as of 2009.  (The empty
   February 2016 slot was actually the first time since 1990 when we missed
   being able to produce a scheduled issue.)

We continue to seek diversity among the authors and the content.  The
following articles appeared during the reporting year, as Inside Risks

  * Oct 2015, #237 Keys Under Doormats: Mandating insecurity by requiring
    government access to all data and communications, Harold Abelson, Ross
    Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield
    Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann,
    Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael Specter,
    Daniel J. Weitzner.  This included the abstract and executive summary of
    a report noted below (item 13), which was subsequently turned into an
    published article for a new online journal (item 14).

  * Feb 2016, #238, Risks of Self-Auditing Systems: Unforeseen problems can
    result from the absence of impartial independent evaluations, Rebecca
    Mercuri and PGN.

  All Inside Risks articles since December 1997 (and a few selected popular
  earlier ones) are available online at

4.  Neumann's RISKS BOOK ("Computer-Related Risks", ACM Press and
    Addison-Wesley, 1995), having transcended its fifth printing, is now
    being printed "on demand", and is available online as well.
    It is also available in a Japanese translation.  More recent source
    material is online in the ACM Risks Forum.

    culled, excerpted, and to some extent indexed in a topically relevant
    form bimonthly in SEN (item 2).  As noted last year, the thought of
    producing a second edition was dispelled after the retirement of Peter
    Gordon, as the online Risks Forum and the online RISKS highlights in
    Software Engineering Notes are widely accessible.

    What is to me most frustrating is that most of the content of the 1995
    book is still valid today.  Many of the problems discussed there are
    still recurring, and many of the recommendations for doing better seem
    to have been widely ignored.  (NOTE: Used copies are available for as
    little as one cent on Amazon.)

5.  PGN's Illustrative Risks document provides a topical index for
    SEN and RISKS.  It used to be updated periodically, but is fairly
    complete up to a point.  It is available online:
    The task of maintaining the currency of this resource has become more
    daunting over time, and this index is not up to date -- except for
    recent items on election integrity.  However, the search engine at tends to compensate for that, and the accessible information
    in item 5 makes that less necessary.  However, it is still valuable as a
    source of references for earlier RISKS material prior to the Internet.

6.  Numerous additional activities of PGN are enumerated in Appendix I

7.  Lauren Weinstein continues his operation of the PRIVACY Forum and
    the Network Neutrality Squad under the partial aegis of CCPP.


    The Privacy Forum and related services from People For Internet
    Responsibility (PFIR, which he co-founded with PGN), and his other
    outreach efforts continue to provide discussions, information, and other
    services that include the many areas of privacy -- which intersect
    virtually every aspect of our lives.  The PRIVACY Forum, Network
    Neutrality Squad, and his other archives are continually referenced
    around the world, and have been listed as major network resources in the
    links of many private, commercial, and governmental entities globally.
    As is the case with PGN, Lauren receives numerous e-mail and telephone
    contacts from all manner of media points, and continues to participate
    in newspaper and magazine articles, local and network radio and
    television interviews, and similar discussions on privacy and related
    technology topics.  He has also been a commentator for National Public
    Radio's ``Morning Edition'' and for "Wired News" regarding technology
    and society.

8.  Other CCPP members have also interacted with various ACM people on ACM
    and CCPP-related issues, reviewed drafts, refereed papers, etc.  See
    their websites, listed in Appendix II.

9.  Other CCPP members wrote papers (e.g., Steve Bellovin was a coauthor of
    item 13) and gave talks that bear on computers and public policy.

10. This CCPP annual report is accessible from the pages, via a link
    to my CCPP Web page: 


Three conference papers from our ongoing joint SRI-University of Cambridge
DARPA project were noted in the previous year's report, aimed at greatly
reducing security risks!  Our 2015-2016 papers relating to that project
include two more:

11. Khilan Gudka (University of Cambridge), Robert N. M. Watson (University of
  Cambridge), Jonathan Anderson (Memorial University of Newfoundland), David
  Chisnall (University of Cambridge), Brooks Davis (SRI International), Ben
  Laurie (Google UK Ltd.), Ilias Marinos (University of Cambridge), Peter
  G. Neumann (SRI International), Alex Richardson (University of Cambridge),
  SOAAP: Reasoning About Application Compartmentalization, 22nd ACM
  Conference on Computer and Communications Security (CCS 2015), 12-16
  October, Denver, Colorado.

12. R.N.M. Watson, S.W.Moore, and PGN, CHERI: a hardware-software system to
    support the principle of least privilege, ERCIM News, The European
    Research Consortium for Informatics and Mathematics, June 2016.
    (Subtitle: The CHERI hardware-software system has the potential to
    provide unprecedented security, reliability, assurance, ease of
    programmability, and compatibility.)  This article provides a short
    summary of our clean-slate hardware-software co-design for the CHERI
    system, published in a journal that has frequent articles on
    trustworthiness, safety, security, reliability, and related topics.

The next two items represent important contributions relating to the
struggles of law enforcement to be able to cope with access to information.

13. Keys Under Doormats (abstract and executive summary of the report
  version), CACM Inside Risks series, October 2015, Harold Abelson, Ross
  Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie,
  John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald
  L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael Specter, Daniel
  J. Weitzner.  This was a major collaborative effort, which produced an
  online report and subsequent published paper (item 14):
  This report was noted prominently by Senator Leahy in
  a hearing of the Senate Judiciary Committee on the FBI's Going Dark.
  It subsequently won the 2015 J.D. Falk Award from the
  Messaging Malware Mobile Anti-Abuse Working Group (M3AAWG) at M3AAWG
  meeting in Atlanta, 20-22 Oct 2015: ``The M3AAWG J.D. Falk Award seeks to
  recognize people who are committed to making a better online world...  The
  award seeks to recognize efforts for a particularly meritorious item of
  work... The recipient must also embody the spirit of J.D.'s volunteerism
  and community building. The J.D. Falk Award winners have a vigilant eye on
  the broader perspective of Internet systems and communities and call upon
  thoughtful humor when things get tough.''  [PGN contributed a three-minute
  video that was shown at the award ceremony.]

14. A refined version of Keys Under Doormats with the same group of authors
  was published in the fully open-access new Journal of Cybersecurity, vol 1
  no 1, Oxford University Press.

15. PGN, How Might System and Network Security Interact with Privacy?  A
    chapter in Visions of Privacy in the Modern Age: A Search for Solutions,
    Marc Rotenberg and Jeramie Scott (editors), The New Press, 2015.
    This book was produced under a MacArthur Foundation grant to the
    Electronic Privacy Information Center.

16. PGN, Reminiscences on the 25th SOSP's History Day Workshop, on the
  History Day website, October 2015:\\

17. I wrote the preface to one of the most powerful risks-related books I
  have ever read: Earl Boebert and James M. Blossom, Deepwater Horizon: A
  Systems Analysis of the Macondo Disaster. Harvard University Press,
  written in 2015, scheduled for publication 6 September 2016.  (Amazon is
  taking pre-orders already.)


18. Neumann plans on continuing his moderating the on-line ACM RISKS Forum
    and contributing condensed summaries of RISKS to ACM SIGSOFT's Software
    Engineering Notes.

19. Neumann will continue to coordinate/edit/write the CACM Inside Risks
    columns, seeking articles on topical RISKS-related subjects written by
    members of CCPP and other contributors.  (Please contact me if you think
    you might have an appropriate RISKS-relevant Viewpoints article.)

20. CCPP members are likely continue to interact with USACM as appropriate.
    We continue to encourage submission of more Inside Risks columns from
    the USACM community.  Perhaps in the future that will happen more often.

The 2015-2016 CCPP expenditures were as usual minimal, and the budget was
adequate, with no expenses for computing resources and communications.  (SRI
continues to provide free disk space for the RISKS FTP archives on; the CSL.SRI.COM resources are partly subsidized by SRI.  In
addition, Lindsay Marshall at Newcastle University provides the extremely
useful searchable archives on a pro bono basis, and with the
blessing of the university.  (Newcastle had an unfortunate rupture of a
watermain during April 2016, which took three servers offline; catless was
down for three weeks.)  I use my cell phone and free home phone
extensively.)  We appreciate ACM's past support, and have been happy to stay
within budget each year.


The ACM RISKS Forum, the monthly CACM Inside Risks columns, Illustrative
Risks, and the related efforts have continued to be successful in
achieving their intended goals, as well as being highly popular.

We note that several related efforts are already ongoing under the aegis of
the External Activities Board or USACM committees.  For example, the
scientific freedom and human rights, legal, education, and USACM committees
involve issues relevant to CCPP that frequently are discussed in the ACM
Risks Forum from the RISKS perspective.  We are happy to interact with
others in those related areas, without CCPP having to be directly in the
loop, and to offer the Inside Risks space to those efforts that have a
reasonable RISKS-relevant content.  Overall, CCPP seems to be usefully
situated in a well-defined niche of its own.

The ACM RISKS Forum and the PRIVACY Forum/NNSquad/PFIR items span a
large gamut of CCPP issues, and reach out to many thousands of people,
throughout the world, quite a few of whom are actively contributing
participants.  RISKS is heavily involved in human safety, privacy,
ethics, legal responsibility, election integrity, and so on, and there
is no shortage of public-policy related issues!  In addition, the Inside
Risks articles continue to serve as a popular CACM feature, and distill
a diverse collection of timely topics on computer-related risks in a
broadly accessible and carefully vetted and edited form.

Continued support of existing and possibly new CCPP activities is
appropriate, and will be appreciated at essentially the same level.  We
are delighted to be a low-budget high-yield part of the visible ACM


As noted above, CCPP (as opposed to USACM, for example) is explicitly
international in its outlook and content.  In general, we always seek to
broaden our scope and deepen the incisiveness of our content in Inside
Risks columns and RISKS issues.  Also, the risks relating to vvcomputers
that we address span a wide range of requirements and application areas.

Also as noted above, CCPP is somewhat unusual within ACM in that it tends to
act as an editorial and advisory board rather than a membership
organization.  We welcome suggestions for additional CCPP members who might
also be willing to be active in writing and reviewing proposed Inside Risks
columns.  We note that the makeup of CCPP has always been intentionally
diverse in the areas of expertise that it encompasses.  At the moment, David
Parnas is the only non-US member, and Nancy Leveson is the only woman.
Kevin Fu is the youngest and most recent new member.  Although we currently
represent significant topical longevity, we would be delighted to add more
younger folks who have the appropriate experiential breadth and depth.
Suggestions would be welcomed. However, the small size of the group with
deep commitments to the purposes noted above is beneficial to the end
results, so we are not seeking a major expansion.

The CCPP members represent a valuable cross-section of ACM interests
relating to public-policy issues.  All of their efforts in helping CCPP
and the ACM are greatly appreciated, even though many of those efforts
are not noted here explicitly.

We would be delighted to receive further suggestions for new directions
relating to computers and public policy, internationally relevant
initiatives that we might address beyond the ACM Risks Forum and the CACM
Inside Risks columns, and ideas for making our efforts even more visibly
attributable to ACM without compromising the special role of CCPP.

Respectfully submitted, 

Peter G. Neumann, 
  Senior Principal Scientist, Computer Science Laboratory, 
  SRI International EL-243, Menlo Park CA 94025-3493 
E-mail address: Neumann@CSL.SRI.COM 
  or for nonbusiness related communications
Web address:
Office phone: 1-650-859-2375


APPENDIX I: CCPP-Relevant Activities of Peter G. Neumann

RELEVANT PGN EVENTS, July 2015 -- June 2016


* 6-7 Jul, Our Keys Under Doormats report [6] was discussed in Nicole
   Perlroth's blog and in \emph{The New York Times} print edition 
   the following day, front page above the fold!  I was quoted.

* 8 Jul, Our Keys Under Doormats report [6] was featured by Senator Leahy
   several others in testimony before a hearing of the Senate Judiciary
   Committee on Going Dark.

* 28 Jul, Many of the points raised by the Keys Under Doormats report [6]
   were supported and amplified in an Op-Ed in the \emph{The Washington
   Post}, Why the fear over ubiquitous data encryption is overblown, by
   three leading former government executives, Mike McConnel, Michael
   Chertoff, and William Lynn.

* 4 Oct, Participated in the special History Day workshop for the 25th ACM
   Symposium on Operating Systems Priciples, for which I was on the
   organizing committee and wrote a paper that is on the ACM website [7].

* 21 Oct, Informal talk for the Silicon Valley Information Systems Security
   Association (ISSA) chapter meeting, an open forum on information security.

* 7-8 Dec, Attended the 10th Layered Assurance Workshop (on compositional
  trustworthiness) in Los Angeles, for which I am a co-organizer (with
  Rance DeLong and Gabriela Ciocarlie).  I chaired the final panel,
  Reflections on the Future.


 * 1-2 Mar Attended the RSA Security Conference, and served on a panel
   on Tuesday afternoon with
     Shawn Mathew Powers (Georgia State), 
     Julia Powles (U.Cambridge, The Guardian), former NSA/FBI official
     Paul Rosenzweig, Red Branch Consulting;  PGN,
     Tom Corcoran (Cyberthreat Intelligence, Zurich Insurance Group)
  Encryption and Information Sovereignty: Destroying the Internet to Save it?
    This panel will investigate the inherent tensions between information
    security and national security, focusing specifically on encryption
    policy, governmental needs to access secure information, and civil
    rights. By convening panelists with expertise in industry, government, law
    and academia, this panel aims to offer empirically grounded perspectives
    in order to move towards a workable solution.

* 19 May: attended The Three T's of the Digital Economy:  Technology,
   Threat, and Trust, Four Seasons, 2050 University Ave, E Palo Alto CA
   94303, Chertoff Group.

* 23-25 May 2016: IEEE SSP, 37th IEEE Symposium on Security and Privacy,
   San Jose, CA, USA.  [Throughout this decade, I have been the only
   remaining SSP attendee who was at the FIRST meeting in 1980 (with many

* 14 June 2016: gave a talk for the annual Joint Silicon Valley/San
    Francisco InfraGard and ISSA meeting (Cornerstones of Trust):
    Reflections on the Past, Present, and Future of Cybersecurity,


Current Web and Internet Addresses for CCPP Members

(Peter G. Neumann) and
(Steve Bellovin)
(Peter J. Denning)
(Virgil Gligor)
(Kevin Fu) and (Kevin Fu's group)
(Nancy Leveson)
(David Parnas)
(Jerry Saltzer)
(Lauren Weinstein)