March 1, 2010 By Dan Lohrmann
Microsoft is warning that the extended support phase is ending for Windows 2000 (server and client), on July 13, 2010 . In addition, other products with lapsing service include: Windows XP Service Pack 2, Vista RTM, and Windows Server 2003.
Here's what GCN was reporting : " On Wednesday, a Microsoft lifecycle support blog post hinted at grim prospects for those who don't upgrade before that time. Simply put, the end of extended support for those products means that no more security updates will be delivered to patch vulnerabilities in those operating systems. Support articles will remain online, but just for a year.
Microsoft customers who can't upgrade when extended support ends have another option: They can request "custom support" from Microsoft, which will cost extra."
Yes, this is a big deal for many state and local governments. As anyone who suffered through the migration off of Windows NT will tell you, upgrading operating systems can become quite challenging for a long list of reasons. Applications need to be tested in the new environment, and there never seems to be enough time to get systems migrated. These projects required time, resources and priority.
So what if you stay put? The cost is very expensive to buy continued support on Windows 2000 after July 13, according to my sources. However, if you do nothing with your Windows 2000 servers, you will open up your enterprise to numerous malware threats and other problems.
Within the state of Michigan, we still have dozens of servers on Windows 2000, and we have kicked off a project to virtualize and upgrade these boxes. No doubt, the simpler thing to do is to just get off of older hardware; however, we are utilizing a variety of tools to help upgrade the OS at the same time. This project is sure to cause some unexpected challenges.
What are your plans for Windows 2000 servers? (Feel free to go ahead and brag if you're totally off of this OS.)
February 21, 2010 By Dan Lohrmann
Many schools around the nation issue student laptops. But what activities are allowed with those laptops by students or family members? What policies apply? What happens if a laptop gets lost or stolen? Equally important, what can be done if policies are broken? How are policies enforced? What privacy rights do students have? What if network or security staff use these tools inappropriately?
These are just a few of the questions being asked by students, parents, lawyers and school administrators around the nation after a student claimed that his school spied on him with a webcam . In case you're not familiar with the case, here's an excerpt from philly.com :
"A Lower Merion (PA) family has set off a furor among students, parents, and civil liberties groups by alleging that Harriton High School officials used a webcam on a school-issued laptop to spy on their 15-year-old son at home.
In a lawsuit filed Tuesday in federal court, the family said the school's assistant principal had confronted their son, told him he had "engaged in improper behavior in [his] home, and cited as evidence a photograph from the webcam embedded in [his] personal laptop issued by the school district."
The suit contends the Lower Merion School District, one of the most prosperous and highest-achieving in the state, had the ability to turn on students' webcams and illegally invade their privacy."
To be fair, the facts of this case are not known at this time. The PA school district denies spying on students . Here is an excerpt of the statement that was made by Dr. Christopher McGinley, who is the Superintendent of the Lower Merion School District:
"Last year, our district became one of the first school systems in the United States to provide laptop computers to all high school students. This initiative has been well received and has provided educational benefits to our students.
The District is dedicated to protecting and promoting student privacy. The laptops do contain a security feature intended to track lost, stolen and missing laptops. This feature has been deactivated effective today."
The letter goes on to describe their policy and reasons for using this security feature - mainly for situations that involve lost or stolen laptops.
So why highlight this issue for government technology professionals? No doubt, some readers have authority and/or oversight responsibilities for school networks, laptops and other technology. In those situations, this case has a direct impact on any student laptop program you are administering.
And yet, related issues could, and in my personal opinion probably will, surface for government laptops (and other portable devices). That is, the same questions that I asked at the beginning of this blog also apply to adults at work for state and local governments. No, you don't need webcams for similar questions to arise. What about any type of personal use or conversations or activities that you users feel are private?
The vast majority of governments have an acceptable use policy which states that employees should have no expectations of personal privacy protection when using government owned IT resources. While there are many good reasons for these types of policies, turning on laptop webcams to monitor user activity is certainly not a behavior that anyone that I know would condone or implement. In Michigan, we don't even issue webcams on standard state government-issued laptops.
So while we may not have this specific issue, all of us can still ask similar "what if" policy questions about use of government laptops both now and in the future. Questions will also arise for mobile devices (such as blackberries) or cell phones with cameras. For example: Are pictures you take on work cell phones the property of your employer? Most lawyers I know would probably say, "It depends."
A different aspect of this case (or future cases) may involve the potential unauthorized monitoring by technology staff. For example, even if the policy is correct, fair, and proper, what if someone working for a government or school turned on those webcams remotely in violation of the stated policy? This would be similar to the police misusing their authority and/or weapons to do harm instead of good. Is the school responsible for an employee's unethical behavior? What safeguards are in place?
Meanwhile, technology executives will continue to make decisions on what technology tools should be used for monitoring and accountability with work-issued PCs, laptops or other devices. This CBS News video describes how some private companies are cracking down on those who surf the web on the job while others encourage monitoring with accountability software - where every website and keystroke is captured. Of course, every situation is different, but some people tend to lump all of these topics together under "spying"- which is an extreme response. Building trust between employees and management is the key, and the employees shown in this video appreciate the fact that they can surf the web within reasonable limits.
There is no doubt that these monitoring tools can be used for good or evil. Remember that malicious hackers could even take control of these same web cams or other devices and use the computer for their own purposes. The issue of illegal hacking of web cameras is not new, since Bruce Schneier blogged about this topic back in 2005 .
From a simplistic point of view, this particular school laptop case may seem like an obvious violation of decent behavior. Spying on kids via school laptops with webcams in homes is clearly wrong and a violation of personal privacy. Nevertheless, that may not be what truly happened. Time will tell on this case, and the courts will decide whether this activity was appropriate security or illegal spying on children at home.
Regardless of the outcome, there will be more cases and similar questions for all of us in government technology. In fact, the same questions also apply to the private sector. We need to ask: what is the right balance between security and privacy. How often should we update our policies? And, what if proper security technology tools are used to violate personal privacy or to do harm to staff?
What are your thoughts on this case or on monitoring software?
February 15, 2010 By Dan Lohrmann
What's all the Buzz about? No, I'm not referring to the Olympics, an uptick in the economy or even springtime bees. Google has a new social network service called Buzz. What makes this a bit different is the linkage with Gmail and other Google products. The Internet is full of analysis of Buzz -v- Facebook, so I won't go there.
I haven't tried the product yet, although I have seen it pop up within my personal Gmail account. In fact, I wasn't even going to blog about this topic, until some interesting developments around privacy emerged last week. My view is that state and local IT officials can learn from this rollout.
To get an initial sense of the issues, read this USA Today article. Here's an excerpt:
"Buzz lets Gmail subscribers create profiles, like Facebook , and send Internet-wide blog postings, like Twitter. One issue of concern is a feature called "auto follow" that automatically sets up people you e-mail and chat with the most as followers of your Buzz postings."
The central questions revolve around "opt-in" versus "opt-out" features. That is, what happens automatically? Does everyone who has a Gmail account instantly start getting Buzz updates on their friend's lives? For users who may mix work and family contacts, will they start seeing pictures of work colleagues on vacation?
More than that, what becomes searchable online? I am not taking any sides on these questions, only pointing out the potential good and not so good potential outcomes.
So why should state and local technology professionals care? Besides the implications on personal accounts, I think this trend has several implications for us. Here are a few things to consider:
1) Several governments have implemented (or are considering) Google's email and other office applications. How will Buzz fit into that strategy (on not)? This could be a good thing or a problem.
2) For all of us, social networking continues to grow. There are still those who have policies that say "ban social networks" like MySpace and Facebook at the office. This is not going to last in the long run. We need to manage the situation both now and in the future with policies and enforcement. Practically speaking, some may be blocking Facebook but allowing personal Gmail accounts. That distinction just got more blurry. Check those filters.
3) Examine the privacy implications for using this Buzz service at home and work. What are your settings? Should sharing certain information be turned off?
4) Lastly (for now), we can learn from the reaction of Google in rolling out Buzz. As we roll out Intranet and Internet portals, internal social networking sites, or other apps, we need to make sure that we understand how these apps link together (or not) from an "opt-in" perspective. Don't assume that users will like all of these automatic connections. While some people will certainly benefit and like the additional functionality, we need to address the cultural issues surrounding perceived (and real) privacy and security changes.
Meanwhile, I'm going to get my hands dirty find out what all the Buzz is about (for myself).
February 2, 2010 By Dan Lohrmann
This is not your grandfather's winter games. Every Olympic city makes major investments in technology, security and infrastructure in the 21st Century, and the Vancouver Winter Games are no exception. The Olympic Cauldron will be lit on February 12, 2010. And yet, the hard work began immediately after Canada was selected to host the 2010 Winter Olympics back in 2004.
Want some examples?
2) Stopping terrorism is essential. One article back in 2005 estimated that the security budget would be about $177 million with a 50-50 split between the federal and provincial governments, but USA Today called actual security spending to be closer to $1 billion . More than 1000 security cameras are in place for the Winter Olympics.
3) Infrastructure development has been important. There are plenty of stories online about the people behind the scenes who make the Olympic Games happen. There are also stories about the technology being used . If you look hard enough, you'll find just about every big IT company is involved in some way. One example is Sun , but AT&T and others are right there as well.
4) The economic development aspects and wider role of the Olympics can be seen in YouTube videos like this one.
5) The role of the city mayors and Vancouver Government overall has been a huge part of this story.
Bottom line, this is big business. Just like the involvement of the South African Government in preparing for the 2010 World Cup in June , the Vancouver Olympic Games required an incredible investment in everything that we do in government technology every day. The difference is the scale, and the number of people watching.
So when you watch that beautiful opening or closing ceremony, when the US Hockey Team is skating to victory or those international downhill skiers fly past your TV screen, remember the technology and security infrastructure that made it all possible.
Let the games begin...
Building effective virtual government requires new ideas, innovative thinking and hard work. From federal stimulus projects to enterprise architectures to cloud computing, Dan Lohrmann will discuss what's hot and what's not in the world of technology infrastructure.