2 announcements (one from PRIVACY, the other from Cyberia.) second is NII Security Issues Forum to Hold 2 Meetings 01/27/95 NEW 01/12/95 Date: Fri, 13 Jan 95 11:25:27 EST From: denning@cs.cosc.georgetown.edu (Dorothy Denning) Subject: INTERNATIONAL CRYPTOGRAPHY INSTITUTE 1995 Call for Participation (Deadline: March 15, 1995) INTERNATIONAL CRYPTOGRAPHY INSTITUTE 1995: GLOBAL CHALLENGES September 21-22, 1995 Washington, DC Presented by The National Intellectual Property Law Institute The International Cryptography Institute will focus on the cryptography challenges associated with meeting the information protection needs of users and the law enforcement and national security needs of nations. The Institute will address such topics as: - national encryption policies and regulations - meeting user needs for information security and data recovery - meeting law enforcement and national security needs - national and global encryption markets and product availability - international approaches and standards - creating an international cryptography infrastructure - the use of encryption technologies in different countries - cryptography in the financial industry and other industries - legal and policy issues of digital signatures and digital cash - new developments in encryption policies and technologies Persons interested in speaking at the conference are invited to submit a proposal to the Institute Chair: Prof. Dorothy E. Denning, Chair ICI '95 Georgetown University Computer Science Department 225 Reiss Building Washington DC 20057-0997 ph: 202-687-5703, fax: 202-687-6067 e-mail: denning@cs.georgetown.edu Proposals must be received by MARCH 15, 1995, and should include the following: - Name, title, organization, address, phone, fax, and e-mail address - Brief biography - Title of presentation - Abstract of presentation or paper - Amount of time requested for presentation and discussion Notification of acceptance will be made by April 15, 1995. Papers and materials for the proceedings will be due on August 15, 1995. Inquiries about registration or the proceedings should be addressed to: The National Intellectual Property Law Institute P.O. Box 27913, Washington, DC 20038-7913 ph: 800-301-MIND or 202-962-9494 fax: 800-304-MIND or 202-962-9495 ------------------------------ From: Seth Greenstein <sethg@access.digex.net> Subject: NII Security Issues Forum to Hold 2 Meetings 01/27/95 NEW 01/12/95 OFFICE OF MANAGEMENT AND BUDGET NOTICE OF PUBLIC MEETING Agency: Office of Management and Budget Action: National Information Infrastructure Security Issues Forum: Notice of Public Meetings and request for public comments SUMMARY: The National Information Infrastructure Security Issues Forum will conduct two public meetings to continue a dialogue between government and the private and public interest sectors on issues related to the security of information on the National Information Infrastructure (NII). Interested parties -- especially beneficiaries of Aid to Families with Dependent Children and Food Stamps, and users of public information, and participants in the sophisticated communications networks which support the U.S. transportation and customs systems -- are invited to submit a 1 - 2 page position statement and request to testify. The meetings are sponsored by the NII Security Issues Forum of the Information Infrastructure Task Force and Mega-Project III of the U.S. Advisory Council on the NII. DATES: Both public meetings, "Security of the Electronic Delivery of Government Information and Services" and "Security for Intelligent Transportation Systems and Trade Information," will be held simultaneously on Friday, January 27, 1995, from 9:00 a.m. to 12:30 p.m. in Raleigh, North Carolina. Those wishing to testify should submit a 1 - 2 page position statement and request to participate by January 20, 1995. Individuals wishing to offer general comments or present questions may request to do so during the meeting. Written comments may be submitted on paper or electronically, in ASCII format, and will be accepted until February 10, 1995. ADDRESSES: The public meeting, "Security of the Electronic Delivery of Government Information and Services," will be held in the Auditorium of the North Carolina Museum of History, 1 East Edenton Street, Raleigh, North Carolina. The public meeting, "Security for Intelligent Transportation Systems and Trade Information," will be held in the Auditorium of the Department of Cultural Affairs, 109 East Jones Street, Raleigh, North Carolina. Both buildings are in close proximity to the North Carolina Capitol Building. Position statements and requests to appear for the meeting, "Security of the Electronic Delivery of Government Information and Services," sent to the Government Information Technology Services Working Group, marked to the attention of Ms. April Ramey, U.S. Department of the Treasury, 1425 New York Avenue, Room 2150 N.W., Washington, D.C. 20220. Position statements may also be submitted via fax to (202) 622-1595 or through electronic mail to april.ramey@treas.sprint.com. Electronic mail should be submitted as unencoded, unformatted, ASCII text. Position statements and requests to appear for the meeting, "Security for Intelligent Transportation Systems and Trade Information," should be sent to the Volpe National Transportation Systems Center of the Department of Transportation, marked to the attention of Mr. Gary Ritter, DTS-21, at 55 Broadway, Cambridge, MA, 02142. Position statements may also be submitted via fax to (617) 494-2370 or through electronic mail to "Ritter@volpe1.dot.gov". Electronic mail should be submitted as unencoded, unformatted, ASCII text. Parties offering testimony are asked to provide them on paper, and where possible, in machine-readable format. Machine- readable submissions may be provided through electronic mail messages sent over the Internet, or on a 3.5" floppy disk formatted for use in an MS-DOS based computer. Machine-readable submissions should be provided as unencoded, unformatted ASCII text. Written comments should include the following information: * Name and organizational affiliation, if any, of the individual responding; * An indication of whether comments offered represent views of the respondent's organization or are the respondent's personal views; and * If applicable, information on the respondent's organization, including the type of organization (e.g., trade association, private corporation, non-profit organization) and general areas of interest. FOR FURTHER INFORMATION CONTACT: For further information relating to electronic delivery of information and services, contact Ms. April Ramey of the Treasury Department at (202) 622- 1278. For further information relating to transportation and trade issues, contact Mr. Gary Ritter at the Volpe National Transportation Systems Center by telephone at (617) 494-2716. SUPPLEMENTARY INFORMATION: I. Issues for Public Comment A. Background The public meetings are part of an ongoing dialogue with the Administration to assess the security needs and concerns of users of the National Information Infrastructure (NII). The NII is a system of high-speed telecommunications networks, databases, and advanced computer systems that will make electronic information more widely available and accessible than ever before. For example, citizens may be able to learn about federal benefits programs through public kiosks, or may receive their social security payments through direct deposit to their bank accounts. As the U.S. transportation infrastructure becomes more complex, Americans will benefit from the application of information technologies to such operations as toll collection, motor vehicle registration, and traffic routing. This increased availability and accessibility of services and products provided through information technology will dramatically affect the way in which individuals conduct their everyday affairs. Consequently, broad public and commercial use of the NII hinges upon implementing technologies, policies, and practices that not only ensure that users of information systems have access to information when and where they need it, but that subjects of information records are able to protect themselves from unauthorized or inappropriate use of information. "Americans will not use the NII to its full potential unless they trust that information will go where and when they want it and nowhere else," declared Sally Katzen, Administrator of the Office of Information Regulatory Affairs at OMB and chair of the Forum. "The Federal government is a primary user of the NII and thus a catalyst for change. Yet the NII will be designed, built, owned, operated, and used primarily by the private sector, making it essential that security on the NII be considered in partnership with the public." To address these critical issues, the Vice President formed the Information Infrastructure Task Force (IITF). The IITF is chaired by Secretary of Commerce Ron Brown and is comprised of senior Administration officials having expertise in technical, legal, and policy areas pertinent to the NII. The mission of the IITF is to articulate and implement the Administration's vision for the NII. The NII Security Issues Forum was established within the IITF to address the cross-cutting issue of security in the NII. The Forum is chaired by Sally Katzen, Administrator of the Office of Information and Regulatory Affairs in the Office of Management and Budget. In addition to the IITF, the President has established the U.S. Advisory Council on the National Information Infrastructure. The Advisory Council represents industry, labor, and public interest groups, and advises the Secretary of Commerce on issues relating to the NII. Mega-Project III, one of three work groups of the Advisory Council, is responsible for addressing security, intellectual property, and privacy issues as they relate to the NII. B. Structure and Content of Public Meeting Security is linked inextricably to broad public use of the NII. The technologies, policies, and procedures used to ensure the confidentiality, availability, and integrity of digitally produced and transmitted information, information products, and services on the NII will determine whether, how, and to what extent digitally linked information services will be broadly used in such critical applications as providing public information, supporting the delivery of government services, utilizing intelligent transportation systems, and conducting trade. Development of policies and procedures that will ensure the security of public and private information and communications on the NII requires study from different perspectives, whether that of the subject of the information, the user of the information, or the creator of the information. The Forum and Mega-Project III seek input from parties representing beneficiaries of federal information and services and users of intelligent transportation systems and trade data. Solutions to these concerns will come via technical solutions, as well as legal and policy mechanisms. The Forum and Mega-Project III seek input in this area as well. Specifically, what legal measures, policy mechanisms, and technological solutions, or combinations thereof, can be used to effectively protect the security of federal benefits information or transportation or trade data, delivered or made accessible on the NII? A panel of witnesses drawn from the public will be assembled to discuss the following topics with a panel of senior Administration officials, members of the Security Issues Forum, members of the Advisory Council, and policy makers at the State level, and to field questions and comments from other members of the public. Position statements for the meeting, "Security in the Delivery of Electronic Information and Services," should address four principal questions: 1. How do you envision the NII being used to provide services and information electronically to citizens? Specifically, what types of services and information should be delivered or made available? 2. What risks and threats do you foresee in making services and information available via the NII? Such threats might include fraud, unauthorized access, breach of confidentiality or privacy, breach of integrity, and system performance. 3. What legal, policy, and ethical issues do you foresee affecting usage of the NII? Such issues may include liability, information/property rights, access, document/records management, legal admissibility/evidentiary requirements, and auditability. Do some issues, such as privacy and open access, tend to countervene each other? 4. What kinds of administrative or technical solutions should be developed or promoted to address security, legal, and ethical concerns? Such solutions may include verifying recipient and/or vendor eligibility, ensuring operational and systems security, and establishing means to facilitate settlement, detection, and prosecution. Position statements for the meeting, "Security for Intelligent Transportation Systems and Trade Information," should address five principal questions: 1. Who should be permitted access to sensitive trade and transportation information systems? How can inappropriate access and use be prevented? 2. What technical and institutional safeguards in electronic data transmission, storage, and retrieval are needed to protect the security of trade and transportation data? Such risks might include: disclosure of proprietary and confidential business information, criminal access to trade and cargo records, disclosure of individual travel patterns or vehicle locations, or disclosure of transportation dispatch communications regarding sensitive cargo shipment routes, itineraries, and locations. 3. What does an "appropriate level of security" consist of? Is there a "one-size-fits-all" solution, or can policies be established which flexibly meet diverse needs? 4. Do certain systems merit greater degrees of security protection, such as traffic signal control systems, variable message signs, fleet location monitoring, electronic toll collection, international trade data, and motor vehicle registration records? 5. Who should establish and enforce security policies? How can government and the private sector work together to support a secure National Information Infrastructure? II. Guidelines for Participation in the Public Hearing Individuals who would like to participate on a panel must request an opportunity to do so no later than January 20, 1995, by submitting a brief, 1 - 2 page summary position statement. If approved, each participant will be allowed to present brief opening remarks. Primary participation, however, shall be during the general discussion to follow, according to the format described above. Participants in the public meeting will testify before and participate in discussions with a panel consisting of members of the Advisory Council, members of the Security Issues Forum, and other Administration officials. Individuals not selected as panel participants may offer comments or ask questions of the witnesses by requesting an opportunity to do so and being recognized during the meeting by the chairs of the meetings. Oral remarks offered in this fashion should not exceed three minutes. No advance approval is required to attend the public meetings, offer comments, or present questions. The public meeting on "Security of the Electronic Delivery of Information and Services" will be chaired by Mr. Jim Flyzik, Chair of the Government Information Technology Services Working Group of the IITF. The public meeting on "Security for Intelligent Transportation Systems and Trade Information," will be co-chaired by Ms. Ana Sol Gutierrez, Deputy Administrator of the Research and Special Programs Administration of the U.S. Department of Transportation, and Ms. Christine Johnson, Director of the Intelligent Transportation Systems Joint Program Office of the U.S. Department of Transportation. More information about the Clinton Administration's National Information Infrastructure initiative can be obtained from the IITF Secretariat. Inquiries may be directed to Yvette Barrett at (202) 482-1835, by e-mail to ybarrett@ntia.doc.gov, or by mail to U.S. Department of Commerce, IITF Secretariat, NTIA, Room 4892, Washington, D.C., 20230. For inquiries over the Internet to the IITF Gopher Server, gopher, telnet (login = gopher), or anonymous ftp to iitf.doc.gov. Access is also available over the World-Wide-Web. Questions may be addressed to nii@ntia.doc.gov. For access by modem, dial (202) 501-1920 and set modem communication parameters at no parity, 8 data bits, and one stop (N,8,1). Modem speeds of up to 14,400 baud are supported. Sally Katzen Administrator, Office of Information and Regulatory Affairs Certified to be a true copy of the original by John B. Arthur, Associate Director for Administration