After years of calling for an alternative to the Federal Information Security Management Act of 2002, one may have been proposed -- or at least the start of one. As Nextgov reported today, Rep. Jim Langevin, D-R.I., introduced the 2008 Homeland Security Network Defense and Accountability Act. generally, the knock against FISMA is that it measures processes not results. For example, good FISMA compliance requires providing training for "employees with significant security responsibilities," but nowhere does it require the agency to test how much the employees learned or retained form the training. With FISMA, agencies aren't sure how good or bad their security vulnerabilities are because FISMA doesn't test for them.

Langevin's bill takes a stab at measuring actual security results, at least for the Homeland Security Department, and, for what some security experts hope, could be governmentwide. The key to the bill is requiring DHS to test if it can successfully defend its networks against known cyberattacks and to conduct vulnerability testing. The bill would have DHS measure what is actually happening on the ground and defending itself against what are real threats.

Information technology experts and analysts have written about extensively: If you want IT to help drive an organization to meet its mission, the chief information officer must report directly to the head of the organization. California Gov. Arnold Schwarzenegger (R) has taken that to heart in his bid to improve the state's convoluted and disparate computer systems that resemble the federal government. He's placed the state's new CIO, Teresa "Teri" Takai, on his cabinet, "which means she has direct access to the governor, who also will hold her accountable," according to an article posted by the San Jose Mercury News. "In addition, the elevated stature earns her the respect of other cabinet secretaries, with whom she will need to work closely to institute any major changes that affect how computers are run across the state's dozens of departments and agencies."

In the federal government, rarely does a CIO have such a lofty position in a department, much less the president's cabinet. We'll watch closely to see how successful Takai is.

If you needed reminding that information technology isn't always the answer to efficiency, you may want to check out New York Times technology reviewer David Pogue's recent pieces on the modernization of the air traffic control system. Last week he wrote about the automatic dependent surveillance - broadcast system (ADS-B), a GPS-based system that gives pilots a view of the air traffic around them. The idea is that with that kind of control (and not having to depend on air traffic controllers so much), planes could fly closer together and relieve some of the congestion that has led to record delays this past year.

But wait.

In an editorial in the New York Times Thursday, the paper calls the 2007 Secure America Through Verification and Enforcement Act, " a bad idea compounded by the notoriously bad state of federal government records."

The act would, among other things, "force all workers, including citizens, to prove they have a right to earn a living," by relying on the Social Security Administration to verify Social Security numbers for workers, the paper contends. The problem is that one SSA database has a 4 percent error rate, which would mean possibly thousands of workers would face firings and discrimination.

Other federal databases contain errors. The inspector general at the Justice Department reported last year that the Terrorist Watch List, which is used to screen 270 million people a month to identify possible terrorists, has a large error rate. "In an examination of 105 records, for example, the auditors found that 38 percent of the records contained errors or inconsistencies that the [Terrorist Screening Center's] own quality-assurance efforts had not found," according to a Washington Post article.

As the federal government relies more on information technology to support critical decisions, the importance of how clean its data is rises.

How confident are you that your data is error free?

The Government Accountability Office recently reiterated its designation of information security as a governmentwide “high-risk issue” in its report, Information Security: Protecting Personally Identifiable Information. The high-risk designation for information security in the federal government has been included in GAO reports to Congress each year since 1997. Along with its own audits, GAO’s most recent high-risk assessment was based on consideration of annual reporting by federal agencies of their own assessments of risk, including certain material risks reported regarding information security.

Consequences of real and perceived inadequacies in information security policies and controls

Under what circumstances would U.S. consumers confidently continue to share their data with companies that self report under Sarbanes-Oxley that their operations put customer data at high risk? Frankly, it is hard to imagine the likelihood that such companies could easily maintain the continuing trust and confidence of customers or shareholders without significant costs. In fact, Larry Ponemon, chairman of The Ponemon Institute, has reported that U.S. businesses have seen a steady exodus of customers, a reluctance of some customers to share data and increased costs, including from lost business opportunities, following disclosure of data breaches at their companies. Should we expect the reactions of U.S. citizens to be any different in the federal space? It seems unlikely.

Since retiring from the federal government in 2007, I have watched with a mixture of alarm and amusement as the Office of Management and Budget, Congress, the National Institute of Standards and technology, the inspectors general, the Government Accountability Office and agencies have continued to miss the point of information and mission assurance while enriching consultants and printer manufacturers by producing mountains of increasingly meaningless paperwork.

I intend to bring to readers’ attention various issues I believe deserve more critical thinking than is typically available in the federal enterprise (which I will henceforth call FedWorld).

I also believe:

• Information protection is better than security plans
• Privacy protection is better than privacy plans or impact statements
• Intrusion prevention beats the pants off intrusion detection
• Personnel security has almost nothing to do with HSPD-12
• Cybersecurity is only marginally related to information security
• … and so on.

Please remember my point of view before you comment on something I’ve written by chiding me that the Federal Information Security Management Act (FISMA) has it otherwise, that OMB guidance points in another direction, or that an IG will write me up. I no longer live in FedWorld so those customs and folk beliefs seem quaint.

There is increasing evidence that management of the federal government may actually become a key issue in the candidates' debates and the upcoming presidential election. The most recent issue of The Economist features Sen. Obama on the cover and asks “But could he deliver?” Of course, for different reasons, Sens. Clinton and McCain are asking a very similar question. Government Executive's own Tom Shoop noted in a recent article, “the debate is shaping up to be not just a battle of sound bites, but a genuine discussion about how to improve the government's underlying capability to address the challenges facing the country.” So it may be useful to take a look at the top candidates as they have begun to lay out their plans for “reforming government” and “cleaning up Washington.”

On the Democratic side of the spectrum, Sen. Clinton co-sponsored legislation to create a U.S. Public Service Academy -- the equivalent of West Point or the Naval Academy -- for civil servants. The measure would dedicate $205 million to fund a 5,000 student institution aimed at producing high-quality federal employees. Last spring, she delivered a major policy address at Saint Anselm College in New Hampshire, where she laid out a 10 point agenda for government reform. One of those drew most of the attention: cutting back the government's contract workforce by 500,000 people. But there is much more in the speech, including making it possible for virtually every government service and transaction to be paperless. Sen. Obama has outlined an aggressive technology agenda to make government more transparent, place much more government information online and to create a government chief technology officer with real authority over government services and infrastructures.

Republican presidential contender John McCain delivered a speech in Oklahoma City, Okla. -- also last spring -- where he outlined a comprehensive platform for government management reforms, describing steps he would take to boost federal pay, speed firings, tie program funding to yearly evaluations and toughen acquisition rules.

All of these positions and speeches can be found on the candidates' Web sites. One can also look at the site created by Professor Donald Kettl of the University of Pennsylvania to track management issues in the 2008 campaign.

Not long from now, we will make laws, set policies, write regulations and create programs by first "playing" the likely consequences in synthetic worlds, says Anne Laurent, longtime observer of federal management and creator, just this year, of a new blog, “The Agile Mind.”

Laurent has written and edited for Government Executive for 12 years and did the same for Federal Times for 10 years before that. Now, she is blazing a new trail both in journalism and government, exploring how new human-computer interfaces, gaming, virtual worlds and other innovations will reshape the way agencies function and the way we explain what they do and how they do it.

Laurent has written recently for Tech Insider about NASA and other agencies venturing into synthetic worlds such as Second Life. She has written for Government Executive about the Defense Department’s increasing use of gaming software for training, and about the Army’s move into private virtual worlds.

On “The Agile Mind,” she's weaving all these trends and others into a vision of a virtual government in which, she writes:

We will interact with all kinds of data--program results, claims processed, rates of environmental change, response times, performance, cost, schedule, etc.--physically via wall-sized multi-touch screens and computer tables, not keyboards and monitors.

Displaying and manipulating on one large screen both live and historical information about the past and current conditions and the effects of agency actions will allow us to see trends and possibilities and make predictions in ways we simply cannot today, when information resides in silos and behind the walls of very different organizations and is static and lifeless. Most of what we do digitally will involve touching and moving images or actually stepping into situations via our digital doubles--avatars--in uncannily accurate models of the real world.

For a sneak peak at the future, she points out, we need only turn to CNN, which began using a multi-touch computer wall as a news broadcasting tool on Jan. 2. Or visit NASA, the National Oceanic and Atmospheric Administration and the Centers for Disease Control and Prevention in Second Life. Or test the online game, “America’s Army,” the hugely popular recruiting tool. Or join the Federal Consortium for Virtual Worlds.

Laurent suggests that gaming and synthetic worlds and visualization and ubiquitous computing will become commonplace in government because the next generation of politicians and employees will expect and demand it. "These people will not, cannot, manage information on paper, or in spreadsheets or online dashboards," she writes. "They will not endure the kludgy, slow, inefficient process of learning new software and keeping that knowledge up to date merely to be able to manipulate data. . . . They will demand to see and touch and manipulate what is known about problems and to 'play' possible solutions so they can view the likely outcomes before choosing how to proceed."

It’s a beguiling vision filled with promise and peril. Laurent is an able and engaging chronicler of it.

States' motor vehicle departments may be in for a treat: Incorporating a national standard for screening applicants in state and federal sex offender registries before issuing driver’s licenses.

The Government Accountability Office released results of a study this week that looked at the impact that such a requirement would have on states, noting that while 22 states use some form of driver’s license-related process to encourage registration or provide additional monitoring of convicted sex offenders, none have screening processes that compare driver’s license applicants’ information against both the state’s sex offender registry and the FBI’s national registry.

The Adam Walsh Child Protection and Safety Act of 2006 requires states to collect information about resident sex offenders and submit that information to the attorney general for inclusion in the National Sex Offender Registry (NSOR), maintained by the FBI. Most states’ sex offender registries are centrally maintained by a state criminal justice agency and need to be routinely updated – a challenge because sex offenders move and fail to comply with self-reporting requirements. Screening individuals against a state’s sex offender registry database when applying for or renewing a driver’s license would help solve that problem.

Fair enough, but what kind of burden does that place on states? A substantial one, according to the study. Most of the motor vehicle agencies in the 26 states surveyed said that “moderate to major modifications” to current IT systems would be needed, with major expense accrued from changes to software in particular. Officials in one state said that seven of the motor vehicle agency’s interrelated systems would need extensive software modifications, and officials in another state said that the types of software used to issue different types of licenses and collect fees are governed by complex rules and procedures – all of which would be impacted by additional screening processes.

So, just as state governments and their motor vehicle departments try to comply with the just released REAL ID requirements, yet another expensive, complex and controversial process requirement has been placed on the table. At least they know what they may be in for.

If you're heading back home tomorrow on New Year's Day, you may want to take note of a new Transportation Department rule that forbids air travelers from packing loose lithium batteries (those typically used in laptops, cell phones, digital cameras and other electronic equipment) in checked luggage.

Transportation Department officials have been concerned for years that the lithium batteries can ignite a fire. The batteries can generate intense heat if a short circuit occurs, which can be caused by metal touching both battery terminals or if internal seals fail. (More on why lithium batteries ignite.) Dell Computer recalled 1.4 million laptop computer batteries in 2006 because of a fire hazard due to the batteries. Days later, Apple Computer Inc. recalled 1.8 million batteries. Recalls of lithium batteries go back years.

According to the WSJ, the rule, which goes into effect Jan.1, requires that:

travelers can bring a laptop computer, digital camera, cellphone and other equipment on board or in checked luggage if their lithium batteries are installed in the items.

And fliers can bring spare batteries in carry-on luggage if they're stored in plastic bags or if they're in the original retail packaging. But travelers can bring only as many as two such spare batteries, and each must be packed separately.

Here are some examples of airline fires linked to lithium batteries, as reported by USA Today:

On July 26, 600 people were evacuated from a San Diego office building when a FedEx package exploded. The package contained a backup power supply for a computer, a type of battery. No one was seriously injured.

Prompted by a 1999 fire in a crate of lithium batteries at Los Angeles International Airport, the FAA two years ago banned shipments of such batteries on passenger planes because they can spontaneously combust. The batteries can still be shipped on cargo flights.

A lithium camera battery burst into flames and ignited a seat on a chartered Boeing 727 on Oct. 29, 2004, FAA records show. A flight attendant extinguished the fire, and the jet returned to Raleigh-Durham International Airport.

Several aircraft accidents have been linked to hazardous cargo. Pilots of a UPS DC-8 barely landed in Philadelphia on Feb. 7 with a raging cargo fire. The National Transportation Safety Board says there is no evidence that an aircraft malfunction caused the fire, but they have not identified its cause.

Investigators found lithium-based batteries near the fire.

In my last (modestly named) “What’s Brewin” column, I suggested a way to honor the troops this season: Anyone lucky enough to fly in one of those big, cushy first-class seats should think about giving it up to someone in uniform – especially troops wearing their desert fatigues and on home leave from Iraq or Afghanistan.

Several well-intentioned, but definitely Pecksniffian, folks wrote in to say any service member who accepted such a seat would be in violation of various government regulations, which for the most part consign federal employees to steerage class.

But, according to Eric Rishel, a senior Defense Department attorney, that’s not exactly the case. The Office of Government Ethics does bar federal employees from accepting gifts due to their position from “prohibited sources,” which means folks doing business with the government, Rishel said.

This means that a service member flying out to test a new plane, gadget or gizmo, should not accept a first-class seat from a contractor program manager whose company paid for that cushy seat (on the grounds that this might be an attempt to gain some influence with the service member).

But, if a service member is offered a seat from someone who does not fall into the dreaded “prohibited sources” category offers a big cushy seat, it can be accepted – with some additional caveats, Rishel said.

It probably would not be a good idea for a three star in uniform to accept the upgrade because it would provide the impression of some “fat cat deal going on,” Rishel said. He added that the Air Force has regulations that say no one in the Air Force should fly in first class in uniform, a hard rule to adhere to as a “practical matter” if the cushy seat is offered on the plane.

The bottom line is anyone who does not fall into the dread “prohibited source” category can give away their first-class seat to a service member this holiday season reasonably sure the E4 or E5 will not end up standing at attention at the Office of Government Ethics.

Reporters are sometimes called all kinds of names by folks in uniform, but Rishel assured me that we scribes are not labeled “prohibited sources,” so I look forward to giving up my big, cushy seat once again when I fly to Washington next week.

Merry Christmas

We think you, the technology manager in the federal government and industry, have a pretty good insight into just what are the hot issues and events that will unfold in 2008 for the federal IT market. Over the past few weeks we've invited you to take an online survey to let us know what you think; we just want to take this opportunity to invite you to take the survey again, if you haven’t.

We are conducting the survey in conjunction with our friends at Government Futures, which is also offering readers a chance to place bets on what’s going to happen in the federal IT community using the prediction markets on Government Future's Web site.

If you have taken the survey and placed your bets, thank you. If you haven't, please visit the site and give us your opinions. The questions cover a number of hot areas, including information security, the next-generation Internet and federal information technology spending.

In January, we’ll host a webinar to discuss the results of the survey and present an analysis of the predictions.

In the December issue of Government Executive, we discuss some trends that IT experts told us would be important. Now, we want your opinion. So, please take the survey and join the government futures market to help us figure it out.

Shannon Kellogg, director of government and industry affairs at RSA Security, recently recounted a decision by a federal agency to encrypt everything (systems, emails, devices) to avoid the dreaded security breach that so many other agencies have reported. Apparently, after the decision was made, a contractor working with the agency (Kellogg declined to name the agency or the contractor) accessed sensitive information while on the network, saved it on a USB memory stick -- and then walked out the door. Kellogg didn’t say if the agency reported any data loss – but who's to know? Exposure is exposure, and the risks still apply.

This story certainly isn't unusual, but it bears repeating because this plays out in every agency routinely. Among the most important lessons that can be learned may be to avoid knee-jerk reactions to security threats -- such as believing an encrypt-everything policy will insulate you from security breaches. Such policies are, by definition, reactionary – not strategic. Encryption – like any security strategy – works in specific circumstances, but should not be the end-all-be-all security policy.

And this lesson comes from a security vendor.

Like companies in the private sector, federal agencies may eventually be required to notify citizens of an information security breach on a federal computer network that exposes citizens’ personal information, such as Social Security numbers, financial data, addresses and credit card numbers. (The Federal Agency Data Breach Protection Act, introduced by Rep. Tom Davis, R-Va., in May, would establish standards for how an agency informs the public if it loses personal information as does like legislation passed by more than two dozen states.)

As is the case in most comparisons with the private sector, the federal government would likely not do as a good a job in notifying the public, most people would say. But that isn’t the case in one, real-world example. In its December/January issue (not yet posted online), CSO Magazine compares how Monster.com and the USAJOBS, the federal government’s site for job openings, handled the security breach of monster.com’s database of resumes in August. About 146,000 names and contact information of job seekers on the USAJOBS Web site were stolen.

CSO Executive Editor Scott Berinato offers a side-by-side comparison of the notification letters that the organizations sent out to notify customers of the breach. (He describes such notification letters as requiring “verbal contortionists who must twist words unnaturally and move sentences in awkward, sometimes contradictory directions.”)

The upshot: USAJOBS did a relatively better job in its letter than Monster.com did, according to the two anonymous public relations executives CSO asked to critique the letters. Here’s a synopsis of CSO’s critique:

-- While neither organization should have started out their letters using the “dear” salutation (the personal touch doesn’t match the urgent tone of the notice), USAJOBS executives wrote a better letter by stating the facts immediately and clearly versus Monster’s “hollow marketing spin” opening. (“We value the trust you place in Monster,” the company’s CEO wrote.)
-- USAJOBS avoids saying sorry and uses the more legally safe word “regrettably.” Monster tells readers that they, too, are a victim in this crime (a no-no) and that many other companies have experienced security breaches as well (another non-no). USAJOBS dos not offer similar excuses.
-- Monster violated the rule more than USAJOBS in urging customers to learn more about online fraud. (That makes it sound like customers/citizens are partly to blame for the breach, which is an implication you don’t want to make.)
-- Both organizations failed in putting the breach into fuller context of what the breach could mean to the customer.

Maybe one reason for why Monster’s letter was less effective than USAJOBS’ letter is the fact that Monster’s letter had more of a lawyer’s influence. The federal government may be less afraid of being hauled into court over a security breach.

The Army has canceled for the third consecutive year the Army Small Computer Program (ASCP), its annual information technology conference. The ASCP was scheduled to take place next March in Phoenix.

Instead, ASCP said in a note to vendors it will hold its conference in conjunction with the LandWarNet Conference in Orlando Aug. 19-31, 2008, which may make things a wee bit hot for golf.

I asked the Army’s Program Executive Office for Enterprise Information Systems if the conference was canceled for budget reasons. The folks at PEO-EIS said they could not answer that question and pointed to a statement on the ASCP Web site for an explanation. The statement reads: “The ASCP move to the LandWarNet Conference is aligned with the Vision set forth in the Army CIO/G-6 500-Day Plan, to deliver a joint net-centric information enterprise that enables Warfighter decision superiority.”

The PEO-EIS folks, who understandably like to remain anonymous, said they really did not know what that means. Neither do I. Anyone who would like to enlighten me or PEO EIS, please send in a comment.

The City of Westminster – the London Borough which encompasses the West End Theater District and government buildings such as Parliament – launched last week what it described as the first service in the United Kingdom to help people find their nearest public loo using mobile phone location technology.

SatLav is a play on words for the term used in the UK for consumer GPS receivers – SatNav – and the word lavatory – for toilet. But SatLav works by determining the location of the nearest public toilet for a desperate user by triangulation with nearby mobile phone towers.

If nature calls while in London, just send a simple text message – “toilet” to 80097 – and the SatLav technology provider will do a database search to determine the location of the nearest public toilet – much to the relief of the caller.

Gail King, a 26-year-old student, came up with the idea for SatLav while writing her Master’s thesis, “'Public Toilets: A Woman’s Place” and figured “a text service would be really useful for people on the move.” And, ostensibly, who just can’t hold it.

The Westminster cabinet member for street environment said that the SatLav service puts the Borough way ahead of any other local authority in the UK in public lavatory service. Bradley said Westminster already had “an unrivalled, award-winning provision of public toilets” but the “groundbreaking” SatLav initiative “shows we are always looking for new, innovative ways to improve our service.”

This is a government that really cares at the most basic level.

Health and Human Services Secretary Mike Leavitt wrote in his blog that he wants to see Medicare and Medicaid and large federal health care providers make e-prescribing “a mandatory part of medical practice soon.”

Leavitt wrote in his blog that a low rate of adoption by physicians has slowed e-prescribing nationwide. “Most doctors haven’t invested in the necessary technology to do e-prescribing,” he wrote. “The reasons are complex and range from a perceived lack of financial incentives to a reluctance to give up the familiar prescription pad. It is not expensive. This change needs to happen, and from my standpoint, sooner rather than later.”

Leavitt did not define what he meant by soon, and I’ve not heard back from HHS asking about it. But the Centers for Medicare and Medicaid services released Nov. 16 final standards for the Medicare e-prescribing program, which covers million of patients. Ray Sass, an HHS spokesman, said he expected these rules to be adopted in less than a year.

Lee Shapiro, president of Allscripts, an electronic health record and e-prescribing software vendor, said cost should be no impediment to adoption of e-prescribing. Allscripts, along with its partners in the National ePrescribing Software Initiative, have offered to provide free software to any clinician in the country who wants to give up their prescription pads and enter the electronic age.

Shapiro said e-prescribing will help cut billions of dollars a year from the national heath care bill and go a long way to reducing the 7,000 deaths a year caused by adverse drug reactions.

A senior research fellow with the Mercatus Center at George Mason University has characterized federal agencies’ efforts to post data and documents online as a perfunctory exercise and calls for legislation to force agencies to make more information available and searchable online. That way, public policy can be improved because more people can access and manipulate government information.

Jerry Brito, in his working paper “Hack, Mash & Peer: Crowdsourcing Government Transparency,” writes:

Unfortunately, many of the statutory requirements for disclosure do not take Internet technology into account. For example, the 1978 Ethics in Government Act requires the disclosure of financial information -- including the source, type, and amount of income -- by many federal employees, elected officials, and candidates for office, including the president and vice president, and members of Congress. The act further requires that all filings be available to the public. One might imagine, then, that every representative or senator’s information would be just a Web search away, but one would be wrong.

He adds that, “Even when public information is available online, it is often not available in an easily accessible form. If data is difficult to search for and find, the effect might be the same as if it were not online.”

Brito attributes the lack of online, searchable information to “bureaucratic inertia” and to “no incentive, and often a disincentive, to make public information easily accessible.”

Brito calls for agencies to make information “meaningfully publicly available and in today’s day and age this means it should be made available online” and to put “data online in structured, open, and searchable formats.”

To do this, Brito calls for legislation. “The most obvious route to this goal is legislation that mandates online disclosure. Any such legislation, however, must take care to ensure that it lays all parts of the foundation.” He also argues for why it is government’s role to do this, and not the private sector:

First, government holds the digital originals of the data and can ensure the integrity and quality of the data made available online. ... Second, while exact figures are difficult to estimate, the marginal cost to the government of presenting its data in a useful format is certainly less than the cost incurred by third parties to devise and maintain clever hacks [defined by Brito as “a modification of a program or device to give the user access to features that were otherwise unavailable to them”] to siphon otherwise difficult-to-access government data. Finally, not all desirable government data can be hacked and made available by third parties. The major obstacle is that the government has not made some data available online. Online availability is a foundational piece that can only be addressed by government, and to the extent it makes new information available online, as we have just seen, it makes most sense for it to do so in useful formats.

The State Department wasn't the only agency that launched a group blog this week. The Federal Citizen Information Center (FCIC), part of the General Services Administration's Office of Citizen Services, went online this week with GovGab. (The FCIC, according to its Web site, "provides the answers to questions about the federal government and everyday consumer issues whether citizens write, call or log on.”)

“The purpose of our blog is to highlight government services and information that many people may not know about and show them how to use it in their everyday lives," according to an email Government Executive received about the blog. GovGab’s five bloggers so far have written about online apartment hunting resources, international travel tips, lost luggage, free online photo services, and saving energy.

Another new blog comes from Department of Homeland Security Secretary Michael Chertoff, who started blogging Sept. 12. In the first entry of his blog Leadership Journal, Chertoff wrote, "I’ve started this journal to open a dialogue with the American people about our nation’s security."

In that blog post, titled "Is 9/11 Fading?," Chertoff also writes, "I know these family members [of passengers killed on the planes used in the terrorist attacks] and responders will never forget what happened to our country six years ago. I am concerned, however, that for some Americans, the reality of 9/11 is fading."

Right off the bat, Chertoff seems to have met his goal to open a dialogue with Americans. That first post had received 33 comments by this afternoon. The comments ranged from avid support ("The fact that there has not been another terrorist attack on America since 9-11 speaks well of you and your department. Thank you," an anonymous commenter wrote) to sharp criticism ("[E]verytime an illegal alien escapes across our border and assaults our children ,we Americans are reminded about 9/11 and the terrorism your dept , does not protect us from. We live in fear," wrote jorge, and "Why do you think people are finding it harder and harder to believe anything you say?" wrote durandel.).

In another blog post, Chertoff takes on a New York Times editorial criticizing DHS for a poor organizational policy for FEMA. Chertoff’s latest post is about privacy. ("We view privacy as a fundamental human right and that’s why preserving it is an integral part of our mission.") The only commenter as of this afternoon links to a sharp critique of Chertoff's post.

So far, most comments in the Leadership Journal blog reflect an American public fearful, frustrated and skeptical about DHS' ability to fight terrorism. How Chertoff and DHS use this feedback (understanding that most people who comment are motivated by negative emotions, not positive ones) will determine how successful the Leadership Journal blog is. That goes for State's DipNote and the less controversial Gov Gab.

Information security managers in government, corporations and universities are about as frustrated as they can get in trying to find ways to tighten network security and protect privacy. (Just last month, as posted in Tech Insider, a well respected cybersecurity expert from Georgia Tech figuratively threw up his hands, saying securing the Internet against cybercrime isn’t going to happen.)

But the gloomy outlook hasn’t stopped security experts from trying new approaches. The University of Toronto this year launched the Identity, Privacy and Security Initiative (IPSI), which includes two related interdisciplinary masters level programs: a Masters of Professional Engineering and a Masters of Information Studies with concentration in security, reports InterGovWorld.com.

The program’s chair, Dimitrios Hatzinakos, says security managers have not been trained in programs that combine identity, privacy and security technology, processes and management. “Most of them are self-trained after they joined companies, but they have never been trained to have a holistic understanding of security,” according to the article.

Ontario's Information and Privacy Commissioner, Ann Cavoukian, said:

The IPSI program will not only educate future generations on how to build privacy into technology, but it will also hopefully develop a culture of privacy, a way of thinking that is committed to better information management and the protection of privacy. Even the most advanced technologies and the most rigorous privacy policies will not be wholly effective if organizations do not accept the protection of privacy as part of their institutional culture.

Changing culture. Not sure if a masters degree is the tool that can make that happen.

What was once thought to be theoretically possible is no longer. The Justice Department has arrested a Seattle man charging him with using peer-to-peer software to snoop through personal computers to commit identity theft, according to an Associated Press article. Gregory Thomas Kopiloff used the peer-to-peer software LimeWire to steal personal financial information stored on individuals' computers. The Justice Department said it is the first case in which someone used peer-to-peer software to commit identity theft.

LimeWire allows users who have downloaded the software the ability to primarily share music but it can also be used to share any file on the computer. Many users are not aware of the risk that LimeWire and other peer-to-peer applications present. In a hearing this summer, Rep. Henry Waxman, D-Calif., grilled Lime Group CEO Mark Gorton about how the peer-to-peer software, which had been downloaded onto government computers, put sensitive government information at risk of theft. Here’s a related Tech Insider post on the subject.

According to the AP, Kopiloff used LimeWire to steal identities this way:

When other users might search on LimeWire for "Madonna," Kopiloff would search for "federal tax return," or for student financial aid forms or other financial information, [assistant U.S. attorney Kathryn] Warma said. And instead of getting access to a few hundred files containing "Like a Virgin" or "Papa Don't Preach," he would get a few hundred files containing tax returns.

He would vet his victims before opening accounts in their name, ensuring they earned at least $150,000 a year and had good credit, Warma said.

In what may prove to be prescient, Rep. Darrell Issa, R-Calif., during the summer congressional hearing on peer-to-peer software, warned Gorton about lawsuits if LimeWire is proved to be used to steal identities. According to a ZDNet article:

Rep. Darrell Issa, R-Calif., warned Gorton that LimeWire's practices may open the company up to serious legal liability.

“Would it surprise you if you have a string of lawsuits for inherent defect in your product if people like Charlie Mueller of Missouri finds out he's lost his IRS filings and feels he's been damaged?” Issa asked.

Gorton repeatedly defended his company's practices and said he wasn't aware of the extent to which national security information was being accessed through his network.

LimeWire strives to make its product easier to understand and is working on a new version even more tailored to the “neophyte” user, Gorton said. The software incorporates a number of warnings intended to stave off inadvertent file sharing, he added. For instance, pop-up messages appear when users attempt to share folders, such as the all-encompassing “My Documents” folder and the root directory, which are considered likely to contain sensitive information.

“A lot of the information that gets out there now is because people accidentally share directories that they wouldn't mean to share clearly," Gorton said. "Those warnings are not enough, at least in a handful of cases.”

This may be one of those cases.

Who is editing most of the entries on Wikipedia, the open online encyclopedia that anyone can edit? For government agencies, NASA wins by a large margin, according to the Web site WikiScanner.

WikiScanner was created by Virgil Griffith, a California Institute of Technology graduate student who is now the talk of the blogging community. Visitors to WikiScanner can search the millions of anonymous Wikipedia edits to find the IP addresses from where the edits originated. You can search by organization name or use a range of IP addresses. You can also search to find the specific edited portion of a Wikipedia entry, but that search function has been disabled for now because the site is experiencing large amounts of traffic.

News articles worldwide have searched the database to show how Wikipedia can be used to edit portions of Wikipedia entries for political purposes and to remove portions of entries that may criticize government programs or policies. Here's one from Toronto's Globe and Mail.

The government agencies that have been cited by WikiScanner for more than 1,000 edits to Wikipedia entries are listed below. The number represents the number of times a computer at that government organization was used to edit an entry on Wikipedia. (What exactly was edited cannot be determined until the WikiScanner edit search function is restored.) Many science-related government agencies make the list, although the departments of Veteran Affairs and Homeland Security and the U.S. House of Representatives rank 2, 3, and 5, respectively.

1. National Aeronautics and Space Administration (nasa.gov) 6,846
2. Department Of Veterans Affairs (va.gov) 4,210
3. Forestry And Fire Protection (ca.gov) 4,148
4. Dept Homeland Security (dhs.gov) 4,081
5. Information Systems U.S. House Of Representatives (house.gov) 3,736
6. National Institutes Of Health (nih.gov) 3,019
7. U.S. Courts (uscourts.gov) 2,869
8. U.S. Dept. Of Agriculture (usda.gov) 2,435
9. City Of New York (nyc.gov) 2,404
10. Salem Public Schools (ct.gov) 2,398
11. U.S. Dept Of Justice (usdoj.gov) 2,189
12. Information Services Division (nd.gov) 2,140
13. U.S. Senate Sergeant At Arms (senate.gov) 1,809
14. Federal Aviation Administration (faa.gov) 1,706
15. NOAA Aircraft Operations Center (noaa.gov) 1,590
16. Dotrspavolpe Center (dot.gov) 1,566
17. Lawrence Livermore Laboratory (llnl.gov) 1,456
18. U.S. Department Of Labor/Employment Standards Admin (dol-esa.gov) 1,449
19. U.S. Environmental Protection Agency (epa.gov) 1,449
20. Internal Revenue Service (irs.gov) 1,290
21. National Park Service (nps.gov) 1,214
22. Library Of Congress Information Technology Services (loc.gov) 1,142
23. Social Security Administration (ssa.gov) 1,134
24. U.S. Patent And Trademark Office (uspto.gov) 1,097
25. Virginia Information Technologies Agency (Vita) (virginia.gov) 1,047

WikiScanner provides "Wired's list of salacious edits" on a stand alone page. The list provides some of the more troublesome edits and from where they originated, including some from government agencies such as "FBI removes aerial images of Guantanamo," according to the salacious edits page.

Some of the edits are written with a pre-pubescent sense of humor, such as one coming from the Defense Network Information Center on the New Orleans Jazz Fest.

Then there are the more serious ones, such as the edit from the Federal Trade Commission on former FTC Chairman Michael Powell, who resigned in 2005. "According to someone at the FCC, they 'Tried to balance the article with a more neutral point-of-view.' You be the judge," according to the salacious page.

Last week, the Environmental Protection Agency issued a report listing ways federal datacenters could reduce the amount of electricity they consume, therefore saving money and reducing greenhouse gases.

In a quick analysis of the report, IT research firm Gartner praises the report by saying it "is bursting with good ideas," but quickly adds that EPA ...

should have made this a stronger call to action, with recommendations that would provide incentives for stakeholders to work at getting closer to the best-practice scenario the report outlines. The U.S. is home to more than 40% of the world’s largest data centers, and most server and processor manufacturers are U.S.-based. The EPA thus had a unique opportunity to provide forceful recommendations that would help to set a worldwide agenda.

Many of the recommendations are based on the principle of "lead and they shall follow," which Gartner believes is too optimistic for this subject.

The federal government may soon be asked to take a leadership position in reducing the amount of energy that datacenters consume.

According to a report released last week by the Environmental Protection Agency, the federal government, working with the private sector, should develop a standard method to measure how much energy federal datacenters consume; publicly report how much energy each federal datacenter consumes; conduct in two to three years what energy efficient methods can be utilized; and install cost-effective equipment that leads to reduced energy consumption in each datacenter. EPA found that by following certain best practices (including consolidating servers, purchasing energy-efficient servers, installing energy-efficient fans and coolers, and adopting advanced technologies such as “direct liquid cooling), federal data centers could cut up to 80 percent of its electrical demand, producing a savings of $510 million a year.

You may wonder why. It turns out that datacenters and servers are using up an increasing amount of electricity to process, store and manipulate the exploding amount of digital data. And that leads to the emission of more greenhouse gases. Datacenters and servers in the United States accounted for 1.5 percent of all electrical consumption in 2006, double the consumption in 2000, according to the EPA report. If unabated, consumption could double again in the next five years with a cost of $7.4 billion. According to the report:

The peak load on the power grid from these servers and data centers is currently estimated to be approximately 7 gigawatts (GW), equivalent to the output of about 15 baseload power plants. If current trends continue, this demand would rise to 12 GW by 2011, which would require an additional 10 power plants.

No information exists for the number of federal datacenters and servers, but the EPA estimates that the federal government accounts for 10 percent of the national consumption of electricity by all datacenters and servers. Therefore, the report concludes:

These forecasts indicate that unless energy efficiency is improved beyond current trends, the federal government’s electricity cost for servers and data centers could be nearly $740 million annually by 2011, with a peak load of approximately 1.2 GW.

EPA submitted its report to Congress as required by Public Law 109-431, asking the EPA to work with the computer industry to determine if anything can be done to curtail the energy consumption of federal datacenters and servers.

The trend is clear for federal datacenter operators: Expect some new energy requirements coming from the Hill.

The United States, as well as any other nation hooked into the Internet, is losing the battle against cyberthieves and hackers looking to commit crimes and steal sensitive, and possibly classified, information from networks. And it doesn't look like we will be able to improve the situation much in the near future.

That sobering assessment comes from cybersecurity expert Seymour Goodman, who was in Washington, D.C., yesterday at the Hudson Institute to give a talk on securing the Internet. Goodman, a professor of international affairs and computing at the College of Computing at Georgia Tech, was frank about the extremely difficult path nations face in trying to secure the Internet. In fact he was downright apologetic. An excerpt from Goodman's response to a question about how viable his plan to secure cyberspace really is:

The bottom line, and I hope it doesn't sound too defeatist, and I hope it sounds more realist, is we got to do what we can. We got to fight the battle. We are losing it. ... It seems that the bad guys are more innovative, and they bring their innovations into practice much more effectively than we do, and again despite the fact that all the PhDs are on our side. ... We've just got to fight this battle the best way we can. I don't see any silver bullet solutions out there. The NRC [National Research Council] committee said the same thing. We said something nobody in Congress wants to hear, and that is this is going to be a long, tough battle. ... It is going to be a battle that goes on forever. And if we stop fighting the battle, we are going to be in a deeper hole than we now are. I'm sorry I don't have a better answer for you.

Goodman did offer a model on which to build a process to police the Internet: the International Civil Aviation Organization, the members of which must follow certain safety and security guidelines, among other rules. Goodman says the model could work because it is scalable (just about every United Nations member belongs to the ICAO), because its coverage area has increased over time (from general safety to acts against aircraft to acts against the aviation infrastructure), and because it is focused on prevention. The ICAO also has a proven record, reducing the high number of hijackings that occurred in the 1960s and 1970s to nearly zero today. "This thing sorta works," Goodman says.

But at the end of his talk, Goodman admitted that the model might not be a good analogy for cyberspace because of one huge difference: the civil aviation infrastructure is finite. There are a finite number of airplanes, all of which must land at a finite number of airports, all of which are at a fixed, known location. Cyberspace and the number of computers with access to the Internet are increasing, and cyberspace is ubiquitous. It's everywhere. "So it is easier to organize this [civil aviation] case than it is to organize the cybercase," Goodman admits.

So, is it hopeless to try to make the Internet safe? Goodman's response: "We just can't say the cybercase is hopeless."

In other words, we have to believe, despite the enormous odds facing us.

That's not a real encouraging assessment. But then again, Goodman says he'd rather be a realist.

(C-Span broadcast Goodman's talk in its entirety.)

Boston is the latest government organization to join Second Life, an animated online world where individuals can create virtual alter egos and interact with others. Boston officials plan to build a virtual Boston in which residents can visit virtual government buildings and chat with other Bostonians online, The Boston Globe reports.

Boston joins other public-sector groups that have done the same, including the Swedish embassy, the Vancouver Police Department, NASA, and the National Oceanic and Atmospheric Administration (and reviewed here), and Ohio University (see below), to name a few.

Ohio University's YouTube promo for Second Life site.

Boston officials say they developed the Second Life site to encourage more people to participate in local government, and the city may use the site to promote tourism, collect public opinion about proposed developments, and, as Bill Oates, Boston’s chief information officer, says, just to keep up with what other cities and government organizations are doing.

Just how much Second Life will encourage Bostonians -- or for that matter, any citizen -- to become more involved in civic life remains to be seen. But as "istarr" commented on Planetizen, it's likely going to be a hard sell. "Expecting people to attend 'neighborhood meetings' in second life is unbelievable -- how many people do you know that attend neighborhood meetings in their first lives (where it might count)?"

We've all heard the argument before: "Why should you worry about the government looking into your personal records if you have nothing to hide?" Daniel J. Solove, an associate professor of law at The George Washington University Law School, analyzes that argument in a recently published paper titled "I've Got Nothing to Hide and Other Misunderstandings of Privacy."

Solove argues that "the question assumes faulty assumptions about privacy and its value." Those who make the "nothing to hide" argument fail to understand the chilling effect that surveillance has on public discourse, the fact that small bits of private data (which an individual may not object to being uncovered) when put together form a larger and more intimate profile (which an individual may object to), and the mistake of having one's profile mistakenly associated with a group that is labeled as threatening.

Here's an excerpt from the paper, which was published in the latest issue of the San Diego Law Review:

[T]he problem with the “nothing to hide” argument is that it focuses on just one or two particular kinds of privacy problems – the disclosure of personal information or surveillance – and not others. It assumes a particular view about what privacy entails, and it sets the terms for debate in a manner that is often unproductive.

It is important to distinguish here between two ways of justifying a program such as the NSA surveillance and data mining program. First is to not recognize a problem. This is how the “nothing to hide” argument works. It denies even the existence of a problem. The second manner of justifying such a program is to acknowledge the problems but contend that the benefits of the NSA program outweigh the privacy harms. The first justification influences the second, for the low value given to privacy is based upon a narrow view of the problem.

The key misunderstanding is that the “nothing to hide” argument views privacy in a particular way – as a form of secrecy, as the right to hide things. But there are many other types of harm involved beyond exposing one’s secrets to the government.

California recently split its Department of Health Services so that it can separate its two primary missions: managing the state's Medicaid program called Medi-Cal and protecting public health.

State legislators and Gov. Arnold Schwarzenegger supported the split, which health advocates argued was needed to pull public health programs out from under the Medi-Cal program, which had dominated government managers' time and resources.

The new Department of Public Health will employ high-tech tools to track and test for bioterrorism; avian flu; West Nile virus; tuberculosis; obesity; toxins in food, water and air; birth defects; and the aging of the population, according to insidebayarea.com. The public health department also plans to invest heavily in electronic health records and to upgrade health databases.

California typically leads the nation in setting government strategies and policies. Could the federal government be far behind in splitting the U.S. Department of Health and Human Services organizations?

We've all heard the jokes about how senior citizens just don't get the Internet. Well, that may be changing -- and changing fast, according to an article in The Baltimore Sun. Since 2000, the number of Americans 65 years and older who have hooked up to the Internet has increased 160 percent, according to the Pew Internet and American Life Project in Washington, D.C. The next closest rate of increase for any age group was 70 percent.

The gist quote from the article:

"They hear, 'For a lower price or more information, check our Web site,' " said Tobey Dichter, founder of Generations on Line, a nonprofit group dedicated to Internet literacy for older adults. "They want access to resources, everything from government help to getting discounts."

Maybe it's time for those agencies serving the older age groups to rethink their online strategies.

A professor at the University of Georgia has developed a computer model that, she claims, accurately predicts the outcome of wars 80 percent of the time. “If you know some key variables – like the major objective, the nature of the target, whether there’s going to be another strong state that will intervene on the side of the target and whether you’ll have an ally – you can get a sense of your probability of victory,” said Patricia Sullivan, an assistant professor in the School of Public and International Affairs, in a press release issued this week by the University of Georgia.

Sullivan, whose article appears in the June issue of the Journal of Conflict Resolution (access to the article requires payment), studied 122 post-World War II conflicts to build the model. When applied to past wars, the model predicts a 93 percent chance of success for the first Gulf War, but only a 26 percent chance of success for the current Iraq War if the war is waged over a 10 year period.

The reason, according to the press release:

Driving Saddam Hussein’s army out of Kuwait in the 1991 Gulf War and overthrowing his government in 2003 was a brute force objective that was accomplished relatively quickly, for example, but quelling sectarian violence and building support for the current government has been much more difficult because it requires target compliance.

“We can try to use brute force to kill insurgents and terrorists, but what we really need is for the population to be supportive of the government and to stop supporting the insurgents,” Sullivan said. “Otherwise, every time we kill an insurgent or a terrorist, they’re going to be replaced by others.”

Hat tip: Slashdot

The head of a group of tax preparers who provide free tax-preparation services under an IRS program sent a letter yesterday to members of the Senate Finance Committee complaining about the IRS' plans to create an agency web site that will offer the same service, according to a press release issued by the Free File Alliance.

In the letter, Tim Hugo, executive director of the alliance, which provides tax-preparation and electronic-filing services for low-to-moderate income families under an agreement with the IRS, wrote, "If Congress enacts the web portal proposal, it would abrogate the current agreement between the Free File Alliance and the IRS. Per the terms of that Agreement, the Alliance would dissolve and cease to be an entity providing free Income Tax Returns and electronic filing to millions of Americans."

Hugo argues that the IRS web portal would make the government a direct and subsidized competitor to the private companies. Alliance members include H&R Block and Intuit's Turbo Tax. Families with adjusted gross incomes of $52,000 a year are eligible to take part in the Free File program. The Free File Alliance prepared and filed taxes for 20 million Americans this past tax season.

Congress and the IRS are concerned that hidden fees and the poor quality of tax preparation services offered to Free File customers is holding back e-filing of taxes and is driving the government to consider building an IRS web portal for tax filing. "If the tax preparation industry cannot provide free basic filing services without hidden costs and traps, perhaps it is time to consider having the IRS provide a direct filing portal to enable all taxpayers to file electronically without cost," wrote Sens. Charles Grassley, R-Iowa, then chairman of the Senate Finance Committee, and Max Baucus, D-Mont., then the committee's ranking member, in a November 2006 letter to IRS Commissioner Mark Everson.

Most taxpayers using Free File must pay a fee to have their taxes electronically filed to the IRS, and alliance members make money by providing other services.

In a May 2 Tech Insider post, we linked to a Wired article on the Army's new policy of requiring soldiers (as well as contractors and soldier's family members) to have any blog material approved before posting. Some speculated it would effectively end all soldiers' blogs from Iraq.

It looks like soldiers' (and others') blogs may be around for awhile.

Wired today posted a response to the article from David Axe, the military editor of Defense Technology International magazine and a correspondent who has reported from Iraq and Lebanon since 2005, according to his bio page on his personal web site, War is Boring. Axe quotes from a memo the Army issued after Wired posted its original article:

In no way will every blog post/update a soldier makes on his or her blog need to be monitored or first approved by an immediate supervisor and operations security (OPSEC) officer. After receiving guidance and awareness training from the appointed OPSEC officer, that soldier blogger is entrusted to practice OPSEC when posting in a public forum.

And this from the same memo:

Soldiers may also have a blog without needing to consult with their immediate supervisor and OPSEC officer if the following conditions are met: 1. The blog’s topic is not military-related (i.e., Sgt. Doe publishes a blog about his favorite basketball team). 2. The soldier doesn’t represent or act on behalf of the Army in any way. 3. The soldier doesn’t use government equipment when on his or her personal blog.

The United States isn't the only government struggling with what to allow employees to view on their government-issued computers during work hours. Ontario's provincial government is too.

When Ontario government employees tried yesterday to call up the social-networking site Facebook, they were presented with an "access denied" message, the Toronto Star reports. "'The Internet web site that you have requested has been deemed unacceptable for use for government business purposes,'" the warning reads," according to the article.

However, Ontario has not blocked the other popular social-networking site MySpace. The Star reports about Facebook:

"The staff determined it's not as directly related to the workplace as we'd like it to be so we're restricting access to it," Phillips told the Toronto Star.

"Our IT ... people are pretty broadly familiar with the marketplace and they said, 'Here's a website that's going to be increasingly more popular for the OPS (Ontario public service). Is this an appropriate website to be spending time on?'" he said.

"It's the ministry making these decisions on trying to ... restrict access to ones that are inappropriate and then to anticipate where one may grow in popularity and we may end up with a lot of OPS time being taken (up) on it."

As a reminder, the Office of Management and Budget requires agencies to create a personal use policy for government equipment, including computers. It refers agencies to a document issued by the federal CIO Council, which states:

Federal employees are permitted limited use of government office equipment for personal needs if the use does not interfere with official business and involves minimal additional expense to the government. This limited personal use of government office equipment should take place during the employee’s non-work time. This privilege to use government office equipment for nongovernment purposes may be revoked or limited at any time by appropriate federal agency or department officials.

When it comes to IT projects frequently failing, Colorado is no exception. The state's troubled $223 million welfare benefit system is just one example.

But the state legislature is trying to do something about it, according to an article posted by the Rocky Mountain News. The Colorado Senate passed Senate Bill 254 abolishing the Colorado Commission on Information Management, which was compromised of lawmakers, private-sector experts and department heads who oversaw IT projects.

Taking over those duties will be the Colorado Governor's Office of Innovation and Technology, comprised of much of the same individuals: tech specialists and department heads, who will draw "on outside experts," according to the article. "The idea is for the governor's respected Chief Information Officer Michael Locatis to forge better collaboration and expertise-sharing among information technology teams now scattered across 20 agencies, said Rep. Bernie Buescher, D-Grand Junction," the newspaper reports. "An executive with strong private- and public-sector IT expertise, Locatis won praise as Denver's technology czar for forging the city's fragmented technology offices into a strong team."

The Rocky Mountain News quotes Buescher:

This is an effort to say: Let's get our very best minds together. Let's concentrate our effort. Let's make sure that when we do a new technology program that it's driven from within one department.

Is creating another office to oversee IT projects enterprisewide the answer for failed technology projects? Or is the key to IT project success a strong central leader? Or is it something else? Let us hear how you feel by clicking the "comment" link below.

A minister in the Australian government has suggested using Web 2.0 applications to help set federal policies, according to an article in the Brisbane Times.

Special Minister of State Gary Nairn envisions the Australian government setting up blogs in which citizens and community groups could comment on proposed public policies. The newspaper quotes Nairn:

Instead of going through the long and iterative process of drafting papers, issuing them to community groups and waiting for feedback, we could be doing this online through blog sites. ... There are a lot of risks but it would be silly not to do it. This is the way the younger generation interacts. A problem the political process has had for a long time is how to get people engaged. Web 2.0 could help rectify the situation, which is exciting, because further engagement builds education.

Nairn gave no timetable in which to establish the blogs and admits the government does not yet have the technology to offer the service.

The following post was written by Tim Clark, editor and president of Government Executive.

It was a long day of technology talk at the Press Club yesterday. The security event (see below) began at 7:30 a.m., and another event, sponsored by the Association for Federal Information Resources Management ended at 7:30 p.m. I moderated both.

At the AFFIRM gathering, I moderated a panel on the topic, "Beginning a National Conversation: Using IT to Improve Government Services to Citizens."

Some might think that that conversation has been going on for close to a generation. But it turns out that what the AFFIRM organizers are really after is more engagement on the part of Congress.

Of course, Congress has been funding federal IT to the tune of $70 billion or so per year. And a lot of good things have happened:

• IRS electronic filing
• Electronic delivery of food stamps
• Veterans Administration development of electronic health records
• Fantastic military applications such as the very sophisticated systems for managing the Predator aircraft flying over Baghdad. I saw this first-hand during a trip to the Persian Gulf sponsored by the Defense Department last October.

Congress has funded these kinds of projects, and there have been big payoffs in agency capabilities. Less easy have been efforts to develop cross-cutting e-government systems. I observed that there have been at least two thrusts here:

• Measures to increase standardization and thus bring efficiencies within the four walls of government itself. An interesting example was provided at the morning GE-SANS event on cybersecurity: OMB’s mandate that agencies use a common set of security standards for Microsoft systems that command most of the government’s desktops.
• Measures to serve citizens of the United States that range beyond agency stovepipes. Citizens, especially needy citizens, often are beneficiaries of a number of government programs, yet often have had to travel from office to office, dealing with bureaucracy after bureaucracy, to get their due.

It’s notable that one effort to solve this problem now is a finalist in the Kennedy School’s Innovations in American Government contest: Govbenefits.gov. Here’s what the Labor Department had to say about it this past Friday: “GovBenefits.gov offers extensive benefit program information for veterans, seniors, students, teachers, children, people with disabilities, dependents, disaster victims, farmers, caregivers, job seekers, prospective homeowners and more. … The Web site has attracted more than 25 million visitors since it went online in April 2002, increasing citizens’ access to benefit programs and information they may not have known existed.”

What a great idea.

Other projects have struggled. And one reason has been reluctance of Congress to fund them. Congress has never appropriated more than $5 million to fund such cross-cutting e-government projects. And it has resisted subventions among agencies, seeing the pass-the-hat method of funding as violating appropriations’ turf boundaries. One committee report last year said: “Many aspects of the initiative are fundamentally flawed, contradict underlying statutory requirements and have stifled innovation by forcing conformity to an arbitrary government standard.”

One of our panelists was Richard Burk, chief architect in the Office of E-Government and Information Technology at the Office of Management and Budget, who is also current president of AFFIRM. He, and others in the audience, expressed the fervent hope that Congress could step beyond the stove-piped approach endemic in its authorizing-committee and appropriations-subcommittee structure. That’s needed if Congress is to get behind governmentwide, and intergovernmental, IT initiatives.

We had a lone but game person from Congress on the panel, Charles M. Phillips, who is minority policy counsel on Committee on Oversight and Government Reform, responsible for technology and information policy issues under ranking minority member Tom Davis, R-Va.

Not to put too fine a point on it, but Phillips said, in essence, that it would be a very cold day in the hottest precincts of Hades before Congress got behind multi-agency, cross-cutting IT initiatives. My words, but that was the gist. I think he and Davis probably approve of some of them, but most of Congress has no interest at all.

To its credit, AFFIRM isn’t giving up, and will continue to work on “beginning” the conversation.

The California Senate plans to vote on bills this week that would limit the use of Radio Frequency Identification (RFID) technology in documents the government issues for personal identification, ComputerWorld reports. According to the article:

Two of the bills would impose a three-year moratorium on the use of RFID technology in California driver’s licenses and in public school ID cards, while a third would create interim privacy safeguards for existing RFID-enabled government IDs, such as those that students use in the state college system.

A fourth bill would make it a crime to “skim,” or surreptitiously read, data from an RFID document.

The remaining bill addresses fears that companies might try to force their employees to undergo an RFID implantation, noted [the bills' sponsor Sen. Joe] Simitian.

California Gov. Arnold Schwarzenegger (R) vetoed similar bills last October.

As the use of RFID technology spreads, opposition to the technology has increased. The Electronic Privacy Information Center provides a web page containing a compilation of reports and articles written about RFID.