Annual Report of the
           ACM Committee on Computers and Public Policy (CCPP)
              For the Period 1 July 2014 to 30 June 2015
                Submitted by Peter G. Neumann, Chairman 

Date: June 30, 2015
To: Rosemary McGuinness
    ACM, 2 Penn Plaza, Suite 701 New York, NY 10121-0701


The ACM Committee on Computers and Public Policy (CCPP) seeks to

 * aid the ACM with respect to a variety of internationally relevant
   issues pertaining to computers and public policy, and
 * help make the ACM even better recognized worldwide.

Its most visible project is the ACM Forum on Risks to the Public in
Computers and Related Systems, established in August 1986 in response to
Adele Goldberg's ACM President's message in the February 1985 issue of
the Communications of the ACM (CACM).  It has also served as a hands-on
review board for the Inside Risks articles in the CACM, since July 1990.


The Chairman of the ACM Committee on Computers and Public Policy (CCPP) is
Peter G. Neumann.  During the reporting year, the committee consisted of
Steve Bellovin, Peter Denning, Virgil Gligor, Jim Horning (until his
passing), Kevin Fu, Nancy Leveson, David Parnas, Jerry Saltzer, and Lauren
Weinstein.  This body exists as an expert advisory group rather than a
membership organization, and has considerable impact worldwide even though
it maintains a relatively low profile.  I am extraordinarily grateful to
them for their continued long-standing participation and their incisive
reviewing of CACM Inside Risks columns and helping resolve occasional
potentially sticky issues relating to the ACM Risks Forum.  The intellectual
memory span and diversity of interests that they represent and are
contributing is extraordinary, and have greatly improved the quality of the
Inside Risks content and kept the ACM Risks Forum on track.  I continue to
value their incisive contributions on many issues that require insight and
wisdom.  Although their oversight efforts regarding Inside Risks are often
not visible to readers, some of the CACM columns have led to intense
interactions with the authors that occasionally escalated to coauthorship.

CCPP internal interactions generally involve e-mail, with occasional
telephone calls and in-person discussions.  Many constructive interchanges
have occurred during the year, as in the past.

There is some overlap with other ACM committees -- for example, Neumann.
Although there is some commonality of problem areas, the charters of
CCPP and USACM are quite different.  USACM has a specifically
U.S.-centric focus, whereas CCPP tends to consider problems more
generally with a global perspective.  For example, Neumann remains
active in risks related to election systems, which is a common interest
of USACM and CCPP -- respectively with primary domestic and more
international scope.

CCPP Efforts

CCPP has several manifestations, including

  * RISKS online: The ACM Forum on Risks to the Public in Computers as a
    newsgroup (a digest by e-mail, and distributed as comp.risks via
    USENET).  See Item 1 below.
  * RISKS highlights in ACM Software Engineering Notes (SEN): Edited
    and distilled from the online ACM Risks Forum.  See Item 2 below.
  * The CACM Inside Risks tri-yearly columns.  See Item 3 below.
  * RISKS: The Book, Computer-Related Risks.  See Item 4 below.

Neumann has been highly visible in those efforts, but other CCPP members
have also been active participants.  Additionally, some other efforts
have been undertaken, and CCPP members have continued to be active in
ACM advisory roles and in computer policy issues, either directly
related to CCPP or otherwise.

Neumann contributes many hours each week pro bono, moderating RISKS,
commissioning and editing CACM Inside Risks articles, responding to
queries, engaging in individual dialogues with readers, and distilling
the RISKS highlights for SIGSOFT's Software Engineering Notes (SEN).
From the feedback we receive, RISKS appears to be one of the most widely
read and most useful of the moderated on-line digests relating to
computer technology.  It serves a real educational purpose.  Despite its
high profile and the occasionally controversial nature of some of the
material, RISKS has been a relatively noninflammatory operation; this
reflects the fact that Neumann takes his moderator's role quite
seriously.  (The advisory members of CCPP are invoked as informal
reviewers whenever a potentially controversial contribution must be
considered.  In addition, each member of the committee has typically
played an advisory role during the year on various sensitive issues.)

CCPP represents an extraordinary collection of creative thinking ability
and resources for ACM, and its members are invoked as appropriate.


Following is a list of CCPP-relevant activities.  Almost all were done
essentially pro-bono, and in my case with the considerable blessing and
computer support of SRI International's Computer Science Lab -- for
which I am hugely grateful.


1.  The on-line ACM Forum on Risks to the Public in Computers and
    Related Systems.  In addition to various unofficial mirrored sites
    on the Internet, including a feed at for comp.risks on
    USENET as of May, 2011, the official archives are available by
    anonymous ftp in the U.S. at , and in a
    nicely formatted searchable site in the U.K., courtesy of Lindsay
    which is also accessible as

    The ACM Risks Forum activity involves many tens or even hundreds of
    thousands of people around the world, some of whom are contributing
    to the CCPP effort through their RISKS submissions.  There are
    always many new first-time contributors each year.

    The ACM Risks Forum continues as an institution.  Since its first
    issue on August 1, 1985, its readership continues to expand, with a
    steady flow of new direct subscribers, via USENET newsgroups as
    comp.risks, and through redistribution centers and mirrored websites
    throughout the Internet.  It reaches essentially every country that
    does not censor the Internet.

    During the 2014-2015 reporting year, 68 issues of the ACM Risks Digest
    appeared (RISKS-28.06 to RISKS-28.73).  The number of submissions for
    consideration continues to be considerable, and the primarily limitation
    on the frequency of issues is the scarcity of my time.  (About 97% of
    all mail that arrives in my mailbox at is spam,
    *after* pre-filtering.  However, that is not a problem, because regular
    readers have been trained to include a magic string in the subject line
    of genuine submissions, and almost all of those are generally considered
    for inclusion.)

2.  Highlights from the on-line RISKS Forum continue to appear six times
    each year in the ACM SIGSOFT Software Engineering Notes.  Neumann was
    SEN's founding editor in 1976.  After Will Tracz took over as Editor in
    1995, Neumann continued to contribute a RISKS section to every regular
    issue.  This continued under the third editor, Mike Wing, after Will
    Tracz became SIGSOFT Chairman.  Mike is retiring, breaking the 
    precedent of his predecessors being editor for 19 years each.  
    (SEN's circulation is one of the larger among SIGs.)

3. P.G. Neumann (ed).  Inside Risks began in July 1990 as a monthly
   one-page item, originally inside the back cover of the CACM for 18
   years.  It is now slated for three longer articles each year, as of
   2009.  We continue to seek diversity among the authors.  The
   following articles appeared during the reporting year, as Inside
   Risks Viewpoints:

* Oct 2014.234  Risks and Myths of Cloud Computing and Cloud Storage, PGN

* Feb 2015.235  Far-Sighted Planning for Deleterious Computer-Related Events:
  Considerably more anticipation is needed for what might seriously go
  wrong, PGN  

* Jun 2015.236  Routing Money, Not Packets: Revisiting Network Neutrality,
  Vishal Misra

All Inside Risks articles since December 1997 (and a few selected popular
  earlier ones) are available online at

4.  Neumann's RISKS BOOK ("Computer-Related Risks", ACM Press and
    Addison-Wesley, 1995), having transcended its fifth printing, is now
    being printed "on demand", and is now available online as well.  
    Amazon has used copies for $0.01.  It is also available in a Japanese
    translation.  More recent source material is online in the ACM Risks
    and culled and excerpted in a topically relevant form bimonthly in
    SEN (item 2).  AWL's former editor, Peter Gordon, had suggested
    a 20th Anniversary second edition along the lines of what Fred Brooks
    did for The Mythical Man-Month.  However, Peter G retired before I
    could seriously consider doing something along those lines, and I have
    abandoned such an effort because I keep producing the summaries of
    RISKS highlights in Software Engineering Notes (which is online), with
    references to the appropriate online RISKS material.

    What is to me most frustrating is that most of the content of the 1995
    book is still valid today.  Many of the problems discussed there are
    still recurring, and many of the recommendations for doing better seem
    to have been widely ignored.  (NOTE: Used copies are available for as
    little as one cent on Amazon.)

5.  PGN's Illustrative Risks document provides a topical index for
    SEN and RISKS.  It used to be updated periodically, but is fairly
    complete up to a point.  It is available online:
    The task of maintaining the currency of this resource has become more
    daunting over time, and this index is not up to date -- except for
    recent items on election integrity.  However, the search engine at tends to compensate for that, and the accessible information
    in item 5 makes that less necessary.  However, it is still valuable 
    as a source of references for earlier RISKS material.

6.  Numerous additional activities of PGN are enumerated in Appendix I

7.  Lauren Weinstein continues his operation of the PRIVACY Forum and
    the Network Neutrality Squad under the partial aegis of CCPP.

    The Privacy Forum and related services from People For Internet
    Responsibility (PFIR, which he co-founded with PGN), and his other
    outreach efforts continue to provide discussions, information, and
    other services that include the many areas of privacy -- which
    intersect virtually every aspect of our lives.  The PRIVACY Forum,
    Network Neutrality Squad, and his other archives are continually
    referenced around the world, and have been listed as major network
    resources in the links of many private, commercial, and governmental
    entities globally.
    As is the case with PGN, Lauren receives numerous e-mail and telephone
    contacts from all manner of media points, and continues to participate
    in newspaper and magazine articles, local and network radio and
    television interviews, and similar discussions on privacy and related
    technology topics.  He has also been a commentator for National Public
    Radio's ``Morning Edition'' and for "Wired News" regarding technology
    and society.

8.  Other CCPP members have also interacted with various ACM people on
    ACM and CCPP-related issues, reviewed drafts, refereed papers, etc.
    See their websites, listed in Appendix II.

9.  Other CCPP members wrote papers and gave talks that bear on
    computers and public policy.

10. This CCPP annual report is accessible from the pages, via a
    link to my CCPP Web page:


Papers from my DARPA projects, aimed at greatly reducing security risks!

11. David Chisnall, Colin Rothwell, Brooks Davis, Peter G. Neumann, Robert
    N.M. Watson, Jonathan Woodruff, Simon W. Moore, and Michael Roe, Beyond
    the PDP-11: Architectural Support for a Memory-Safe Abstract Machine,
    accepted for ASPLOS 2015, Istanbul, Turkey, 14--18 March 2015.

12. Jong Hun Han, Prashanth Mundkur, Charalampos Rotsos, Gianni Antichi,
    Nirav Dave, Andrew W. Moore, PGN, Blueswitch: Enabling provably
    consistent configuration of network switches, The ACM/IEEE Symposium on
    Architectures for Networking and Communications Systems (ANCS 2015),
    Oakland, California, 7--8 May 2015.

13. Robert N. M. Watson, Jonathan Woodruff, Peter G. Neumann, Simon
    W. Moore, Jonathan Anderson, David Chisnall, Nirav Dave, Brooks Davis,
    Ben Laurie, Steven J. Murdoch, Robert Norton, Michael Roe, Stacey Son,
    and Munraj Vadera. CHERI: A Hybrid Capability-System Architecture for
    Scalable Software Compartmentalization. IEEE Symposium on Security and
    Privacy, San Jose, CA, May 18-20, 2015.

One additional publication, relating to privacy risks:

14. PGN, How Might System and Network Security Interact with Privacy?
    A chapter in Visions of Privacy in the Modern Age, Marc Rotenberg and
    Jeramie Scott (editors), produced under a MacArthur Foundation grant to
    the Electronic Privacy Information Center, 2015.


15. Neumann hopes to continue moderating the on-line ACM RISKS Forum and
    contributing RISKS sections to ACM SIGSOFT's Software Engineering

16. Neumann will continue to coordinate/edit/write the CACM Inside Risks
    columns, seeking articles on topical RISKS-related subjects written by
    members of CCPP and other contributors.  (Please contact me if you think
    you might have an appropriate RISKS-relevant Viewpoints article.)

17. CCPP members will continue to interact with USACM as appropriate.
    We continue to encourage submission of more Inside Risks columns
    from the USACM community.  Perhaps in the
    future that will change.   

The 2014-2015 CCPP expenditures were as usual minimal, and the budget was
adequate, with no expenses for computing resources and communications.  (SRI
continues to provide free disk space for the RISKS FTP archives on; the CSL.SRI.COM resources are partly subsidized by SRI.  In
addition, Lindsay Marshall at Newcastle University provides the extremely
useful searchable archives on a pro bono basis, and with the
blessing of the university.  I use my cell phone and free home phone
extensively.)  We appreciate ACM's past support, and have been happy to stay
within budget each year.


The ACM RISKS Forum, the monthly CACM Inside Risks columns, Illustrative
Risks, and the related efforts have continued to be successful in
achieving their intended goals, as well as being highly popular.

We note that several related efforts are already ongoing under the aegis
of the External Activities Board.  For example, the scientific freedom
and human rights, legal, education, and USACM committees involve issues
relevant to CCPP that frequently are discussed in the ACM Risks Forum
from the RISKS perspective.  We are happy to interact with others in
those related areas, without CCPP having to be directly in the loop, and
to offer the Inside Risks space to those efforts that have a reasonable
RISKS-relevant content.  Overall, CCPP seems to be usefully situated in
a well-defined niche of its own.

The ACM RISKS Forum and the PRIVACY Forum/NNSquad/PFIR items span a
large gamut of CCPP issues, and reach out to many thousands of people,
throughout the world, quite a few of whom are actively contributing
participants.  RISKS is heavily involved in human safety, privacy,
ethics, legal responsibility, election integrity, and so on, and there
is no shortage of public-policy related issues!  In addition, the Inside
Risks articles continue to serve as a popular CACM feature, and distill
a diverse collection of timely topics on computer-related risks in a
broadly accessible and carefully vetted and edited form.

Continued support of existing and possibly new CCPP activities is
appropriate, and will be appreciated at essentially the same level.  We
are delighted to be a low-budget high-yield part of the visible ACM


As noted above, CCPP (as opposed to USACM, for example) is explicitly
international in its outlook and content.  In general, we always seek to
broaden our scope and deepen the incisiveness of our content in Inside
Risks columns and RISKS issues.  Also, the risks relating to computers
that we address span a wide range of requirements and application areas.

Also as noted above, CCPP is somewhat unusual within ACM in that it
tends to act as an editorial and advisory board rather than a membership
organization.  We welcome suggestions for additional CCPP members who
might also be willing to be active in writing and reviewing proposed
Inside Risks columns.  We note that the makeup of CCPP has always been
intentionally diverse in the areas of expertise that it encompasses.  At
the moment, David Parnas is the only non-US member, and Nancy Leveson is
the only woman.  Kevin Fu is the youngest member.  Although we currently
represent significant topical longevity, we would be delighted to add
more younger folks who have the appropriate experiential breadth and
depth.  Suggestions would be welcomed. However, the small size of the
group with deep commitments to the purposes noted above is beneficial to
the end results, so we are not seeking a major expansion.

The CCPP members represent a valuable cross-section of ACM interests
relating to public-policy issues.  All of their efforts in helping CCPP
and the ACM are greatly appreciated, even though many of those efforts
are not noted here explicitly.

We would be delighted to receive further suggestions for new directions
relating to computers and public policy, internationally relevant
initiatives that we might address beyond the ACM Risks Forum and the CACM
Inside Risks columns, and ideas for making our efforts even more visibly
attributable to ACM without compromising the special role of CCPP.

Respectfully submitted, 

Peter G. Neumann, Principal Scientist, Computer Science Laboratory, 
SRI International EL-243, Menlo Park CA 94025-3493 
E-mail address: Neumann@CSL.SRI.COM or; 
Web address:
Phone: 1-650-859-2375 FAX 1-650-859-2844


APPENDIX I: CCPP-Relevant Activities of Peter G. Neumann

RELEVANT PGN EVENTS, July 2014 -- June 2015


 17 Sep, GAO Executive Committee on Information Management and Technology
  (by telephone).

 1 Oct. keynote address for Cornerstones of Trust: On the Confluence of Many
   Challenges, talk title: A Holistic View of System Trustworthiness, from
   the Perspectives of Hardware, Software, and Programming Languages,
   Foster City, CA.

 21 Oct, Silicom Valley Chapter, Information Systems Security Association
   (SV-ISSA) chapter meeting at Symantec in Mountain View, CA; gave the
   invited talk, Open Forum on the Past, Present, and Future of Information

 29 Oct, organizer and panel chair at the CataCrypt workshop at the Grand
   Hyatt in San Francisco, devoted to anticipating possible crises relating
   to cryptography and trustworthy systems (or the lack thereof).  This was
   the follow-on to a workshop at SRI in January 2013.

 6 Nov, keynoted ISACA Silicon Valley Chapter, Santa Clara Biltmore.

 20 Nov, InfraGard meeting in the SRI I-Bldg, invited participation
    on the program following the conclusion of Jeff Klaben's talk.

 2-3 Dec, Two articles by Nicole Perlroth in The New York Times, 3 Dec 2014
   (and on her Times blog on 2 Dec 2014), one on cybersecurity and the
   lack thereof, and the second on the DARPA CRASH clean-slate architecture
   program (items 11 and 13), both quoting Howie Shrobe and me:

 8-9 Dec, organizer and chair of two panels at the Layered Assurance
   Workshop in New Orleans (LAW 2014).  On 10 Dec, I attended the plenary
   ACSAC Distinguished Practitioner Keynote Panel session, Multics: Before
   During, and After, with Olin Sibert, Roger Schell, Tom Van Vleck, and
   Steve Lipner.  I actually got to speak from the floor for about five
   minutes, as the the oldest Multician in the house (and perhaps the
   earliest Multician still working: I began essentially on Day One of
   the system effort, on 4 January 1965.)


14 Jan GAO Executive Council (call-in)

11 Feb CTIA Wireless Association, Cybersecurity R&D Roundtable,
   José Raúl Perales. DHS Assistant Secretary for the Private Sector

12 Feb, meeting with Michael Daniel, special asst to the
   President, and U.S. CyberSecurity Coordinator

12 Feb, meeting with GAO Chief Scientist Dr. Tim Persons

21 Apr morning, Attended the RSA Security

21 Apr afternoon, Bay Area Council Cybersecurity Summit, San Francisco.

21 Apr evening, InfraGard meeting at RSA Security, gave talk:
  A Holistic View of System Trustworthiness, from the Perspectives of 
  Hardware, Software, Programming Languages, Networks, People, and More

18-20 May, Attended the 36th IEEE SSP (the "Oakland" conference in San Jose)

28-29 May, Attended a small invitational workshop of experts concerned with
  cybersecurity risk assessment, hosted by the International Risk Governance
  Council (, in Washington DC.

3 Jun, gave a talk at the Stanford Computer Systems Colloquium:
  The future of trustworthy computer systems.


Current Web and Internet Addresses for CCPP Members

(Peter G. Neumann) and
(Steve Bellovin)
(Peter J. Denning)
(Virgil Gligor)
(Kevin Fu) and (Kevin Fu's group)
(Nancy Leveson)
(David Parnas)
(Jerry Saltzer)
(Lauren Weinstein)