Annual Report of the
           ACM Committee on Computers and Public Policy (CCPP)
              For the Period 1 July 2017 to 30 June 2018
               Submitted by Peter G. Neumann, Chairman 

Date: June 30, 2018
To: Rosemary McGuinness
    ACM, 2 Penn Plaza, Suite 701 New York, NY 10121-0701

Purpose of CCPP

The ACM Committee on Computers and Public Policy (CCPP) seeks to

 * aid the ACM with respect to a variety of internationally relevant
   issues pertaining to computers and public policy, and
 * help make the ACM even more well recognized worldwide.

CCPP's most visible project is the ACM Forum on Risks to the Public in
Computers and Related Systems, established in August 1986 in response to
Adele Goldberg's ACM President's message in the February 1985 issue of the
Communications of the ACM (CACM).  It has also served as a hands-on review
board for the 244 Inside Risks articles in the CACM (now in the Viewpoints
section), since July 1990.

CCPP Committee Members

The Chairman of the ACM Committee on Computers and Public Policy (CCPP) is
Peter G. Neumann.  During the entire reporting year, the committee consisted
of Steve Bellovin, Peter Denning, Virgil Gligor, Kevin Fu, Nancy Leveson,
David Parnas, Jerry Saltzer, Lauren Weinstein, Zeynep Tufekci and Ben Zorn.
See the following section titled Diversity of CCPP for more on their
backgrounds and contributions.

CCPP acts as an expert advisory group rather than a general membership
organization.  It appears to have considerable impact worldwide, even though
it maintains a relatively low profile.  I am extraordinarily grateful to
those CCPPers with continued long-standing participation, and look forward
to the new additions.  Since 1990, CCPP has had an incisive role with
intensive reviewing of CACM Inside Risks columns and has also helped
resolving occasional potentially sticky issues relating to the ACM Risks
Forum.  The intellectual memory span and diversity of interests that the
CCPP group represents and is contributing is really extraordinary, and has
ensured the high quality of the Inside Risks content, as well as helping me
keep the ACM Risks Forum on a sound track.  I continue to value their
incisive contributions on many issues that require insight and wisdom.
Although their oversight efforts regarding Inside Risks are often not
visible to readers, some of the CACM columns have emerged only after intense
interactions with the authors, and in some cases escalated into
coauthorship.

CCPP internal interactions generally involve e-mail, with occasional
telephone calls and in-person discussions.  Many constructive interchanges
have occurred during the reporting year, as in the past.

There is some overlap with other ACM committees.  Although there is some
commonality of problem areas, the charters of CCPP and USACM are quite
different.  USACM has a specifically U.S.-centric focus, whereas CCPP tends
to consider problems more generally, with a broader scope of topics, and
with a truly global perspective.  Neumann remains active in USACM
committees, including risks related to election systems, which is a common
interest of USACM and CCPP -- with primary domestic and international
scopes, respectively.  Peter Denning has provided some coordination between
CCPP and ACM's Ubiquity.

Diversity of CCPP 

Many of the CCPP members have been with us for decades, with minimal
turnover.  Steve Bellovin was added a decade ago and Kevin Fu in 2013, each
to continue bringing in new blood and to increase diversity.  During most of
the 2016-2017 ACM year, David Parnas was the only non-US member, and Nancy
Leveson the only woman.  Several of us have been on multiple National
Academies study groups.  Having previously been the Chief Technologist of
the FTC, Steve Bellovin is now on the NSA Advisory Council.  Nancy Leveson's
ongoing work is having a major impact on system safety.  Kevin Fu has been
particularly active in bringing concerns for security into the medical
safety communities, which adds significant expertise and breadth to CCPP.
He has received an award for that work from the Association for the
Advancement of Medical Instrumentation.  Lauren Weinstein continues his
active relevance to network neutrality and privacy, among other areas.
David Parnas has been particularly helpful in keeping us on point, and will
once again be a contributing author for the October 2017 Inside Risks
article.  Even though retired, Jerry Saltzer still makes incisive
contributions based on his extensive system and security experience.  Virgil
Gligor has been relatively busy on other efforts during the past year, but
is still a vital contributor.  Our newest members are Zeynep Tufekci and Ben
Zorn, both of whom joined CCPP in June 2017.  Zeynep is an Associate
Professor in the School of Information and Library Science at the University
of North Carolina.  She is the author of Twitter and Tear Gas: The Power and
Fragility of Networked Protest, and is an incisive contributor to the Op-Ed
pages of The New York Times.  Ben Zorn works for Microsoft.  Extending his
contributions to computer science, programming languages, and memory
security, Ben has recently been actively involved in public policy.  Each of
them has special interests and experience that atr vital to our diversity
and to the overall charter of CCPP.

Several CCPPers are academics who have had extensive experience in industry.
Overall, we represent significant topical breadth and depth, and yet seek
further diversity.  The basic criterion for the committee is that it should
span a long intellectual history going back to the early days of the ACM,
while also being able to go with the flow in terms of continual advances in
technology and social implications -- albeit with a relatively broad scope
of what might be relevant to computers and public policy issues that are
global and not just U.S.-centric.

CCPP Efforts

CCPP has several primary manifestations, including

  * RISKS online: The ACM Forum on Risks to the Public in Computers as a
    newsgroup (a digest by e-mail, and distributed as comp.risks via
    USENET).  See Item 1 below.
  * RISKS highlights in ACM Software Engineering Notes (SEN), edited
    and distilled from the online ACM Risks Forum.  See Item 2 below.
  * The CACM Inside Risks, now with scheduled tri-yearly columns.  
    See Item 3 below.
  * RISKS: The Book, Computer-Related Risks.  See Item 4 below.

Neumann has been highly visible in those efforts, but other CCPP members
have also been active participants.  Additionally, some other efforts have
been undertaken, and CCPP members have continued to be active in ACM
advisory roles and in computer policy issues, either directly related to
CCPP or otherwise.

Neumann contributes many hours each week pro bono, moderating RISKS,
commissioning and editing CACM Inside Risks articles, responding to queries,
engaging in individual dialogues with readers, and distilling the RISKS
highlights for SIGSOFT's Software Engineering Notes (SEN).  From the
feedback we receive, RISKS appears to be one of the most widely read and
most useful of the moderated on-line digests relating to computer
technology.  It serves a vital educational purpose.  Despite its high
profile and occasionally controversial nature of some of the material, RISKS
has been a relatively noninflammatory operation; this reflects the fact that
Neumann takes his moderator's role quite seriously.  The advisory members
of CCPP are invoked as informal reviewers whenever a potentially
controversial contribution must be considered, and they are consistently
cautious in representing ACM's interests -- as I believe am I.  In addition,
each member of the committee has typically played an advisory role during
the year on various sensitive issues.  

Overall, CCPP represents an extraordinary collection of creative thinking
ability and resources for ACM, and its members are invoked as appropriate.

Relevant Activities During the Reporting Year

Following is a list of CCPP-relevant activities.  Almost all were done
essentially pro-bono, and in my case with the considerable blessing and
computer support of SRI International's Computer Science Lab -- for which I
am hugely grateful, and with external pro bono support from Lindsay Marshall
at Newcastle (see Item 1).

Items of Immediate Relevance to CCPP 

1.  The on-line ACM Forum on Risks to the Public in Computers and Related
    Systems.  In addition to various unofficial mirrored sites on the
    Internet, including a feed at panix.com for comp.risks on USENET as of
    the official archives are available by anonymous ftp in the U.S. at 
    ftp://ftp.sri.com/risks/ , and in a nicely formatted searchable
    site in the U.K., courtesy of Lindsay Marshall:

    which is also accessible (without the search facility) as

    The ACM Risks Forum activity involves many tens or even hundreds of
    thousands of people around the world, some of whom are contributing to
    the CCPP effort through their RISKS submissions.  There are always many
    new first-time contributors each year.

    The ACM Risks Forum continues as an institution.  Since its first issue
    on August 1, 1985, its readership continues to expand, with a steady
    flow of new direct subscribers, via USENET newsgroups as comp.risks, and
    through redistribution centers and mirrored websites throughout the
    Internet.  It reaches essentially every country that does not censor the
    Internet.

    During the 2017-2018 ACM reporting year, 38 issues of the ACM Risks
    Digest appeared (RISKS-30.36 to 30.73).  Although the number issues was
    fewer than in previous years, the size of each issue tended to be much
    larger, because of limited available time slots to create each issue.

    The number of submissions for consideration continues to be
    considerable, and the primarily limitation on the frequency of issues is
    the scarcity of my time.  (Sometimes as much as 90% of all mail that
    arrives in my RISKS mailbox at risks@csl.sri.com is spam, *after*
    pre-filtering.  However, that is not a problem, because regular readers
    have been trained to include a magic string in the subject line of
    genuine submissions, almost all of which are generally considered for
    inclusion.  Inclusion rates vary with the relevance of the topic.)

2.  Highlights from the on-line RISKS Forum now appear four times each year
    in the ACM SIGSOFT Software Engineering Notes.  (In 2017, SEN was
    transformed to a quarterly instead of a bi-monthly.)  Neumann was SEN's
    founding editor in 1976.  After Will Tracz took over as Editor in 1995,
    Neumann continued to contribute a RISKS section to every regular issue,
    which now continues under SEN's fourth editor, John Georgas
    .  (SEN's circulation is one of the larger among
    SIGs.)

3. P.G. Neumann (ed).  Inside Risks began in July 1990 as a monthly one-page
   article, originally inside the back cover of the CACM for 18 years.  It
   became slated for three longer articles each year in 2009.

We continue to seek diversity among the authors and the content.  The
following articles appeared (or were written) during the reporting year, as
Inside Risks Viewpoints:

* Oct 2017.242. The Real Risks of Artifical Intelligence:
  Incidents from the early days of AI research are instructive
  in the current AI environment, David Lorge Parnas.

* Feb 2018.243. Risks of Trusting the Physics of Sensors: Protecting the
  Internet of Everything with embedded security, Kevin Fu and Wenyuan Xu,
  http://www.csl.sri.com/neumann/cacm243.pdf

* Jun 2018.244. Risks of Cryptocurrencies, Nicholas Weaver
  http://www.csl.sri.com/neumann/cacm244.pdf

  All Inside Risks articles since December 1997 (and a few selected popular
  earlier ones) are available online at

4.  Neumann's RISKS BOOK ("Computer-Related Risks", ACM Press and
    Addison-Wesley, 1995), having transcended its fifth printing, is now
    being printed "on demand", and is available online as well.  Used copies
    sell for as little os $0.01.  It is also available in a Japanese
    translation.  More recent source material is online in the ACM Risks
    Forum.

    culled, excerpted, and to some extent indexed in a topically relevant
    form bimonthly in SEN (item 2).  As noted last year, the thought of
    producing a second edition was dispelled after the retirement of Peter
    Gordon, as the online Risks Forum and the online RISKS highlights in
    Software Engineering Notes are widely accessible.

    What is to me most frustrating is that most of the content of the 1995
    book is still valid today.  Many of the problems discussed there are
    still recurring, and many of the recommendations for doing better seem
    to have been widely ignored.  (NOTE: Used copies are available for as
    little as one cent on Amazon.)

5.  PGN's Illustrative Risks document provides a topical index for early
    SEN and RISKS issues.  It used to be updated periodically, and is fairly
    complete up to the point that it became too difficult to maintain.  
    It is available online:

    The task of maintaining the currency of this resource has become more
    daunting over time, and this index is not up to date -- except for
    recent items on election integrity.  However, the search engine at
    risks.org tends to compensate for that, and the accessible information
    in item 5 makes that less necessary.  However, it is still valuable as a
    source of references for earlier RISKS material prior to the Internet.
    More recent quasi-indices can be found in the RISKS highlights in 
    each issue of Software Engineering Notes (Item 2).

6.  Numerous additional activities of PGN are enumerated in Appendix I
    below.

7.  Lauren Weinstein continues his operation of the PRIVACY Forum and
    the Network Neutrality Squad under the partial aegis of CCPP.
      

 

    The Privacy Forum and related services from People For Internet
    Responsibility (PFIR, which he co-founded with PGN), and his other
    outreach efforts continue to provide discussions, information, and other
    services that include the many areas of privacy -- which intersect
    virtually every aspect of our lives.  The PRIVACY Forum, Network
    Neutrality Squad, and his other archives are continually referenced
    around the world, and have been listed as major network resources in the
    links of many private, commercial, and governmental entities globally.
 
    As is the case with PGN, Lauren receives numerous e-mail and telephone
    contacts from all manner of media points, and continues to participate
    in newspaper and magazine articles, local and network radio and
    television interviews, and similar discussions on privacy and related
    technology topics.  He has also been a commentator for National Public
    Radio's ``Morning Edition'' and for "Wired News" regarding technology
    and society.

8.  Other CCPP members have also interacted with various ACM people on ACM
    and CCPP-related issues, reviewed drafts, refereed papers, etc.  See
    their websites, listed in Appendix II.

9.  Other CCPP members wrote papers and gave talks that bear on computers
    and public policy.

10. This CCPP annual report is accessible from the acm.org
    pages, via a link to my CCPP Web page: 

Related Papers 

Published papers from my ongoing joint SRI-University of Cambridge DARPA
project were noted in previous years' reports, and linked on my website.
Our hardware-software total-system architecture can provide
unprecedented trustworthiness, including greatly reducing security
risks.  (It seems worth mentioning here as something highly relevant to
RISKS readers who worry about the future resembling the seriously
vulnerable state of the art today.)  Our 2016-2017 papers relating to
that project include two new ones:

11. Alexandre Joannou, Jonathan Woodruff, Simon W. Moore, Robert Kovacsics,
   Hongyan Xia, Robert N. M. Watson, David Chisnall, Michael Roe, Brooks
   Davis, Peter G. Neumann, Edward Napierala, John Baldwin, A. Theodore
   Markettos, Khilan Gudka, Alfredo Mazzinghi, Alexander Richardson, Stacey
   Son, Alex Bradbury, Efficient Tagged Memory, International Conference on
   Computer Design, ICCD 2017, Boston, 5-8 November 2017.

12. Robert N. M. Watson, Peter G. Neumann, and Simon W. Moore, Balancing
   Disruption and Deployability in the CHERI Instruction-Set Architecture
   (ISA), in New Solutions for Cybersecurity, Howie Shrobe, David Shrier,
   Alex Pentland, eds., MIT Press/Connection Science: Cambridge
   MA. (February 2018).

13. Peter G. Neumann, Fundamental Trustworthiness Principles, in New Solutions
   for Cybersecurity, Howie Shrobe, David Shrier, Alex Pentland, eds., MIT
   Press/Connection Science: Cambridge MA. (February 2018).

14. Robert N.W. Watson, Jonathan Woodruff, Michael Roe, Simon W. Moore, and
   Peter G. Neumann, Capability Hardware Enhanced RISC Instructions (CHERI):
   Notes on the Meltdown and Spectre Attacks, Technical Report
   UCAM-CL-TR-916, Computer Laboratory, University of Cambridge, UK,
   February 2018.  

Plans Through 30 June 2019

Neumann plans to continue moderating the on-line ACM RISKS Forum, and to
continue contributing condensed highlight summaries of the ACM Risks Forum
to ACM SIGSOFT's Software Engineering Notes.

Neumann, with significant help from the CCPP group, will continue to
coordinate/edit/write the CACM Inside Risks columns, seeking articles on
topical RISKS-related subjects written by members of CCPP and other
contributors.  (Please contact me if you think you might have an appropriate
relevant Inside Risks Viewpoints article.)

Some CCPPers will continue participating in USACM.  We continue to encourage
submission of more Inside Risks columns from the USACM community, even
though we try to keep the international focus.

Budget and Funding
 
The 2017-2018 CCPP expenditures were as usual minimal, and the budget was
adequate, with no expenses for computing resources and communications (all
contributed pro bono).  SRI continues to provide free disk space for the
RISKS FTP archives at ftp.sri.com; the CSL.SRI.COM resources are partly
subsidized by SRI.  In addition, Lindsay Marshall at Newcastle University
provides the extremely useful searchable risks.org archives on a pro bono
basis, and with the blessing of his university.  I use my personal cell
phone and free home phone extensively.  We appreciate ACM's past support,
and have been happy to stay within budget each year.

Summary

The ACM RISKS Forum, the monthly CACM Inside Risks columns, Illustrative
Risks, and the related efforts have continued to be successful in
achieving their intended goals, as well as being highly popular.

We note that several related efforts are already ongoing under the aegis of
the External Activities Board or USACM committees.  For example, the
scientific freedom and human rights, legal, education, and USACM committees
involve issues relevant to CCPP that frequently are discussed in the ACM
Risks Forum from the RISKS perspective.  We are happy to interact with
others in those related areas, without CCPP having to be directly in the
loop, and to offer the Inside Risks space to those efforts that have a
reasonable RISKS-relevant content.  Overall, CCPP seems to be usefully
situated in a well-defined niche of its own.

The ACM RISKS Forum and the PRIVACY Forum/NNSquad/PFIR items span a
large gamut of CCPP issues, and reach out to many thousands of people,
throughout the world, quite a few of whom are actively contributing
participants.  RISKS is heavily involved in human safety, privacy,
ethics, legal responsibility, election integrity, and so on, and there
is no shortage of public-policy related issues!  In addition, the Inside
Risks articles continue to serve as a popular CACM feature, and distill
a diverse collection of timely topics on computer-related risks in a
broadly accessible and carefully vetted and edited form.

Continued support of existing and possibly new CCPP activities is
appropriate, and will be appreciated at essentially the same level.  We
are delighted to be a low-budget high-yield part of the visible ACM
output.

The CCPP members represent a valuable cross-section of ACM interests
relating to public-policy issues.  All of their efforts in helping CCPP
and the ACM are greatly appreciated, even though many of those efforts
are not noted here explicitly.

We would be delighted to receive further suggestions for new directions
relating to computers and public policy, internationally relevant
initiatives that we might address beyond the ACM Risks Forum and the CACM
Inside Risks columns, and ideas for making our efforts even more visibly
attributable to ACM without compromising the special role of CCPP.

Respectfully submitted, 

Peter G. Neumann, 
  Chief Scientist, Computer Science Laboratory, 
  SRI International EL-243, Menlo Park CA 94025-3493 
E-mail address: Neumann@CSL.SRI.COM 
  or pneumann@acm.org for nonbusiness related communications
Web site: http://www.csl.sri.com/neumann
Office phone: 1-650-859-2375

=============================================================

Appendix I: CCPP-Relevant Activities of Peter G. Neumann
RELEVANT PGN EVENTS, July 2017 -- June 2018

   [Severely restricted because of workload.]

Second half of 2017:

 * Mo-Tu 4-5 December, Layered Assurance Workshop, Orlando FL, organizing
   committee, panel chair.  This workshop (long associated with ACSAC) had a
   ten-year lifetime, and was dedicated primarily to high-assurance
   composable trustworthy systems for safety, security, ultra-reliability,
   and other critical requirements.  With dwindling attendance, it has been
   discontinued for 2018, although its organizers are contemplating a less
   specialized approach for the future.

First half of 2018:

 * Mo-We 21-23 May, Attended the 39th IEEE Symposium on Security and Privacy
   (Hyatt Regency, San Francisco), for which PGN is the only remaining
   attendee from the first one in 1980, having attended roughly 3/4 of the
   39 meetings.

 * W 6 June, Attended the Electronic Privacy Information Center's Champions
   of Freedom evening ceremonies, at which Matthew Dunlap (Maine Secretary
   of State) and Alex Padilla (California Secretary of State) received the
   Champions of Freedom Award, primarily for their stellar roles in election
   integrity.  Neumann received the EPIC Lifetime Achievement Award (whose
   previous awardees since its creation in 2012 were Willis Ware, Whitfield
   Diffie, David Flaherty, Anita L. Allen, Bruce Schneier, and Christopher
   Wolf).

=======================================================================


Appendix II: 

Current Web and Internet Addresses for CCPP Members


 (Peter G. Neumann) 
  pneumann@acm.org (and Neumann@CSL.sri.com for SRI-related e-mail) 

 (Steve Bellovin) 
  smb@columbia.cs.edu 

 (Peter J. Denning) 
  pjd@nps.edu 

 (Virgil Gligor) 
  virgil@andrew.cmu.edu 

 (Kevin Fu)  and
 (Kevin Fu's group) 
  kevinfu@umich.edu 

 (Nancy Leveson) 
  leveson@mit.edu

 (David Parnas)
  parnas@mcmaster.ca

 (Jerry Saltzer) 
  saltzer@mit.edu 

(Lauren Weinstein) 
  lauren@vortex.com