June 21, 2010 By Dan Lohrmann
In a unanimous decision last week, the US Supreme Court rejected the privacy claims of an employee who was texting using employer-provided equipment. According to the Washington Times,
"The ruling essentially maintains the status quo of allowing employers to implement policies preventing employees from using company communication equipment for personal use.
But Bart Lazar, an intellectual-property lawyer whose expertise includes privacy and security involving electronic communications, said the narrowness of the ruling leaves open scenarios in which employees could keep private communications made on company equipment."
The ruling was widely covered by both newspapers and technology magazines. Here are a few examples:
Southern CA Public Radio - No sexting on the job!: Supreme Court upholds search of text messages at work in City of Ontario v. Quon
USA Today - Justices uphold search of officer's texts
For other similar topics and stories, you can visit the Electronic Privacy Information Center (EPIC).
So what does this Supreme Court ruling mean for government technology executives today? In my view, this ruling is very important, since it reconfirms the status quo in a unanimous decision - which is pretty unusual for the Supreme Court. This (admittedly narrow) ruling is unlikely to be overturned anytime soon. So here are a few suggestions:
1) Go back and check your acceptable use policy. Do you specifically declare that state and/or local employees and contractors have no presumption of privacy when working on government networks (with government - issued technology)?
2) Is the policy clearly explained and available to all employees? What training is in place?
3) Do you use a splash screen which lists the policy as employees are logging onto the network?
In Michigan, we are currently updating many of our policies for social networking and other new online situations. However, our acceptable use policy has contained these three basic elements (listed above) since at least 2003. But while we have further to go over the next year in modifying our policies and training, it seems to me that every state and local government needs to reaffirm these basics policy elements right now. The federal government should do the same as well.
What are your thoughts on this new ruling - which reaffirms the status quo on workplace privacy?
June 13, 2010 By Dan Lohrmann
Imagine this: " A motorist still at the office can use a cell phone to remotely start his car or truck, adjust the temperature, confirm the vehicle is locked, detect an intruder, check the fuel level and make sure the tires are properly inflated.
Later, if the gas tank is running low, a couple of taps on the phone's screen locates a gas station and downloads directions, so the navigation system is programmed and ready when the driver reaches the car parked blocks away."
This is the vision articulated by Delphi Holdings LLP and described in this recent Detroit News article entitled: Key fob morphs into high-tech wonder. The idea: turn that device on your key chain that unlocks your car into a conduit between your smart phone and your car.
While Bluetooth technology is popular today, consumers want even more integration in the future - allowing internet access and exchange of data to mobile apps.
While expensive cars have similar (or even more advanced) features available now, this new technology may be made available for less expensive cars at a much lower price.
So what does all of this have to do with government technology? Check out this article on some of the latest advances in RFID asset tracking with key fobs . Here's an excerpt: "This active key fob RFID tag which is well suited for personnel tracking and access control application, vehicle identification, or for use in applications where keys need to be tracked, such as in prisons, hospitals and government offices."
It will certainly be interesting to see how this market develops. What is not in doubt is the power of mobile devices when they interface with smart phones and more. The Bill Gates prediction a few years back, in which everything in the home and work is connected to a network which communicates with our car and more, certainly seems to be coming true.
The question that government technology professionals need to ask is not whether we will be integrating our government apps with key fobs and smart phones, but how will we do it. We need to watching these trends and not building new stovepipe solutions that will be unique islands that won't work with commercial off-the-shelf devices.
So how many government apps will we eventually connect to your personal key fob? I'm not sure yet, but I suspect we'll find our sooner rather than later.
What are your thoughts on smart key fobs?
June 1, 2010 By Dan Lohrmann
Move over Second Life , a new virtual world is being created for the federal government called vGov. According to Government Computer News: "The vGov virtual world environment is now being built and is expected to go online starting in July. It will be used for employee education, continuity of operations training, cybersecurity education and disaster response..."
vGov is a joint federal effort with the Department of Agriculture, Department of Homeland Security, Air Force and National Defense University iCollege joining forces to create the vGov virtual world behind a secure firewalls that require authentication to enter. The virtual world will initially be limited to federal employees.
One thing for sure, the technology used to create these virtual worlds is not just a game. Virtual World News described the USDA contract and the technology which is pretty cutting edge. Here's an excerpt:
"... Like many enterprise-class virtual worlds, Teleplace's is designed for use in training, collaboration, and project management. What sets Teleplace's solution apart is that it allows application sharing across platforms, even through firewalls or cloud computing systems. Another key component of Teleplace's solution is vPresence, a communications suite that combines VOIP, text chat, and video conferencing features within a single virtual conferencing center...."
I can easily see this virtual world interface taking off, not just in the federal government, but also in the state and local government spaces. I anticipate virtual worlds for training and interaction in a business environment, which is currently limited in popular virtual worlds like Second Life. In my opinion, virtual worlds are currently viewed as games by most professionals, but I see that changing in the coming few years. Here's a good article describing the evolution of virtual worlds and training in global businesses.
I also see this trend becoming more widespread in the next few years, and we'll all have avatars within less than a decade in my opinion. In the meantime, bleeding edge adopters of fun workplace training will be busy creating virtual worlds for governments and businesses with appropriate controls, dress and acceptable use provisions. I'm not sure if Second Life will be the ultimate leader or not, but vGoc points the way for all of us.
To learn more about vGov, you can watch this video which describes vGov in detail.
Any thoughts on virtual worlds being used for training? Do you have an avatar?
May 17, 2010 By Dan Lohrmann
Try typing "free storage" into a Google search, and you'll get almost 47 million results. Here are a few highlights:
Mozy.com offers: "2GB, Absolutely Free - Not A Trial! Fast, Secure, And Free."
Squidoo.com offers: "Up to 45 GB Free Online Storage Not Trials. No CC req.100% Free."
Over on the sponsored links we see Huddle.net which offers free document sharing and: " Free 100% Secure, Get Up To 25GB Store and Edit Documents Online."
Why would you want to do this research? Well, I can think of many reasons. For one, your users probably are. Even if the services are not free, the top online storage prices may be so attractive to some customers that they just get their credit cards out - without asking for permission from anyone.
If you are thinking that I am advocating this approach, you should read my recent article on the topic: Is Cloud Computing More Secure? There are many, many questions that must be answered prior to using one of these low cost storage providers in the cloud. Some of those questions include: Who owns the data? Where is my data? Do the laws of that country protect privacy rights? What are the terms and conditions? How can that company use my data? Is the data available 7x24x365? Can I get my data back if they go bankrupt? Can I switch providers easily? Is our data secure? Are you sure? Can I legally enter into this agreement for my government? How do I audit you? Can I see your logs? The list goes on and on.
A recent cloud security survey of U.S. and European IT security professionals conducted by CA and the Ponemon Institute found: "... About half of the respondents don't believe the organization has thoroughly vetted cloud services for security risks prior to deployment. It also showed that 55 percent of respondents are not confident they know all the cloud services in use in their organization today."
There are many recent blogs on this topic, such as this one from Information Week's George Hulme . Commenting on the lack of understanding that security pros have regarding what cloud services that are in use in their organizations, George says, " Let's hope that the end users are employing some common sense, and not moving corporate financial information, trade secrets, customer data, or health related information to the cloud. Unfortunately, we don't know what data is moving to the cloud because IT departments have no clue how their end users are using cloud services."
So where does that leave us as IT executives in government? We clearly need to perform an "As Is" assessment of current Internet usage (or cloud computing usage) first. This includes an understanding all Software as a Service (SaaS) activity as well as cloud storage usage and other relevant activity.
In Michigan, one of our first steps was to use our web monitoring capabilities to monitor and block unauthorized cloud connectivity. Yes, we fully embrace the power and opportunities brought by cloud computing. We are running a cloud storage pilot, and we are expanding our cloud storage over the coming year. We will be publishing a new strategic plan that includes many exciting cloud offerings.
However, we don't want unauthorized cloud providers entering and leaving through the back door either. This would be penny-wise but pound foolish. While these various low-cost options may seem enticing to end users, they provide perhaps even more problems than other undesireable storage options (like putting data on USB flash drives) - if these new relationships are not managed appropriately. Information is vital to the running of every area within government, and we can't lose control of that data inventory.
Let me end on a positive note. Cloud computing will transform government IT Service delivery. Positive changes are already beginning to happen. The opportunities are immense. Many of these companies offer excellent service, and I appreciate what they do. We don't want to appear defensive or dismissive of their value.
Nevertheless, we need to implement cloud services legally, safely and with excellence. Include your clients in this discussion and help them understand what is at stake by getting out their credit card and sending sensitive government data off to a free or low cost cloud service without following proper procedures. This service will not be "free" or "low cost" if you lose your information or run into other trouble. In fact, it will cost much more.
What are your thoughts on this topic? What is your government doing?
May 8, 2010 By Dan Lohrmann
The National Association of State CIOs (NASCIO) Midyear Conference for 2010 was held during the last week of April in Baltimore. The attendance was the highest ever for a NASCIO Midyear Conference, and I was impressed with the content, speakers and overall agenda . This blog briefly covers some of the highlights from my perspective.
On Tuesday afternoon, a pre-conference session on Identity Management was held. We heard updates on ongoing activities in several states, Washington DC and federal agencies, and we discussed the upcoming draft document entitled: The National Strategy for Secure Online Transactions . If you're looking for more information on this new national strategy, here's another article on this topic. The discussion and break-out sessions were excellent. This issue is sure to be a hot topic in coming months, so stay tuned for more updates on this pivotal aspect of digital government. (I plan to spend more time blogging on this topic later this summer.)
The Weds afternoon members-only session began with a presentation by Federal CIO Vivek Kundra . Here's an excerpt from the NASCIO website:
"Kundra challenged the CIOs to identify two areas where states and the federal government can collaborate on addressing challenges in information technology. Federal and state government spends billions a year annually on technology. With limited resources in federal and state government to carry out critical and non-critical services, we must work together in a state-federal IT partnership to find solutions and tools to get the maximum return on investment from information technology."
After Mr. Kundra, we heard from the Director of the US CERT, Randy Vickers. Mr. Vickers, who recently moved from "Acting Director" to become the formal US CERT Director , did a very nice job of articulating the various priorities that DHS is working on right now within the National Cyber Security Division (NCSD) and within a variety of public sector and private sector committees and working groups. The importance of fusion centers , the opportunity for more state CIOs to obtain security clearances, and pilot programs on cyber security, were just a few of the topics Randy mentioned.
The opening session on Thursday morning was perhaps my favorite session. The topic was: " Perspectives from Great Leaders: Visionaries, Role Models and Innovators." The moderator was Peter Harkness, founder and publisher emeritus, Governing. The speakers were Martha Dorris, Deputy Associate Administrator, Office of Citizen Services, US General Services Administration, Phyllis Kahn, Representative, State of Minnesota and Bill Purcell, Lecturer in Public Policy and the Director of the Institute of Politics, Kennedy School of Government, Harvard University.
Here were some interesting topics/comments that were discussed by this excellent panel:
· Leaders understand where the organization is, where they need to go, and what the gaps are. They execute and deliver results.
· Leaders act as a "heat shield."
· Leaders are respected - but less fear used as a technique (than in earlier generations).
· Leaders are on point and bring everyone home safe.
· The debt crisis is the most predictable crisis we have ever faced.
· Great quote: "I have friends on both sides of that issue and I'm with my friends."
· Unhelpful techniques include concepts like "year of the child." (So next year we won't care about children?)
Other great sessions included Howard Schmidt's lunchtime keynote , new developments in wireless broadband, breakout sessions on topics like cloud computing and discussions on smart strategies with tight budgets.
Overall, I found the mid-year conference to be extremely valuable. The networking with colleagues from around the country was great, and the interaction amongst the states during the working sessions provided a unique opportunity. The federal government sent several high-level executives that clearly want to partner with the states in new and exciting ways.
The upcoming elections this fall have also focused everyone's attention in several ways. CIOs are asking what can be accomplished in the next six months that will show meaningful and lasting results. Many leaders within NASCIO are predicting that we will see many new CIOs by this time next year, so a big focus in the hallways was preparing for fall transitions and for new administrations in state capitals beginning in January. Some speakers predicted that CIO influence will also continue to rise.
If you are a state IT exec and missed the conference and/or you are thinking about the rest of 2010, I urge you to attend the NASCIO Annual Conference this fall. The investment in time and resources is well worth it. In fact, I find that I always get much more out of these NASCIO events than I put in.
If you were in Baltimore, I'd love to hear your thoughts on the NASCIO 2010 Midyear Conference. Please leave comments below.
Building effective virtual government requires new ideas, innovative thinking and hard work. From federal stimulus projects to enterprise architectures to cloud computing, Dan Lohrmann will discuss what's hot and what's not in the world of technology infrastructure.