I was invited to participate in a panel on emerging technology issues for a group of newly elected members of Congress. Following is the very terse handout that I used. PGN

Some Fundamental Technology-Related Risks
Peter G. Neumann, Principal Scientist, Computer Science Laboratory
SRI International EL-243, 333 Ravenswood Ave, Menlo Park CA 94025-3493
E-mail Neumann@CSL.sri.com Telephone 1-650/859-2375 Fax 1-650/859-2844
Harvard Program for Newly Elected Members of Congress
Panel on Emerging Technology Issues, 15 December 2000

1. SOFTWARE AND COMPUTER-RELATED SYSTEM DEVELOPMENT: Fiascoes: IRS and FAA Air Traffic Control modernizations canceled ($4B each!). Failures: ATC outages, USS Yorktown, Vincennes' Airbus shootdown, 3 Mars probes, 1980 ARPAnet collapse, 1990 AT&T long-distance collapse, etc. Costly lack of foresight: Y2K problems. Many critical applications require safe, dependable, easily usable information systems. A serious situation has long existed, and seems to be getting worse. (See my archives.)

2. INFORMATION SYSTEM SECURITY: Penetrations and denials of service, not just for Internet-connected systems; insider misuse; Trojan horses and trapdoors; Internet Web sites hacked (DoJ, DoD, CIA, NASA, ...) [added note: these are of course insignificant examples and easy to perpetrate, but symptomatic of serious weaknesses]; critical infrastructures (see CIAO). A serious situation already exists (worsened by Area 1--see archives), and is getting worse relative to the increased worldwide threats, pervasive vulnerabilities, and greater risks.

3. PRIVACY: Monitoring, interception, misuse of SSNs, identity theft, insider misuse, cryptography policy, anonymity, intellectual property protection, etc. Carnivore. Many problems exist. They depend on Areas 1 and 2, but many invasions of privacy occur outside of computer systems.

4. INTEGRITY OF OUR ELECTIONS involves *all three* of the preceding areas: reliability; nonsubvertible systems that prevent fraud and accidents; accountability of the entire voting process; vote confidentiality, with no vote-enumeration record that can be taken outside of the polling place for vote-selling purposes. Lever machines and optically scanned ballots are much more dependable than punched cards, which are very problematic. Electronic voting and Internet voting are both riddled with potential vulnerabilities, and need serious study before use. (See my archives.)

All four of these problem areas are sociotechnical, with many economic implications. In each, the state of the technology is seriously inadequate, and the social problems are difficult. Major risks arise in confronting social problems with technology, or in confronting technological problems with laws. Good legislation can help, although risks, social implications, and other relevant factors must be considered. Research is essential. I look forward to future opportunities to testify before your committees.

For background, please see my Web site: click on items of interest at http://www.csl.sri.com/neumann
* Testimonies on critical infrastructures, security, crypto policy, etc.:
House Science Committee (3x); Senate Governmental Affairs Committee (2x);
Senate Judiciary Committee (1x); House Ways and Means Subcomm on SSA (1x)
* Material on Risks to the Public in the Use of Computer-Related Systems
- The on-line Risks Forum newsgroup, since 1985
- Illustrative Risks document, brief summaries of thousands of cases
- Inside Risks monthly columns in the Communications of the ACM
* My Army Research Lab research report on how to achieve practical systems and networks that are highly survivable and highly secure, June 2000
* Many papers and reports on secure/robust/open-source systems
* Various articles and source material on computerized elections