Government Technology

    Digital Communities
    Industry Members

  • Click sponsor logos for whitepapers, case studies, and best practices.
  • McAfee

By Bill Schrier: Making technology work for a city government.

Is FirstNet Open and Transparent?

September 25, 2013 By Bill Schrier

Is FirstNet Transparent?The answer is "no" … and "yes".

FirstNet is the First Responder Network Authority. FirstNet was created by Congress in February, 2012, and authorized to spend up to $7 billion to build a nationwide public safety wireless network. A Board of 15 members was appointed in August, 2012, to begin the work.

In April, 2013, one board member, Sheriff Paul Fitzgerald raised concerns about lack of transparency in the work of the Board. The FirstNet Board convened a special review committee to look at Sheriff Paul Fitzgerald's concerns that FirstNet was not being open in the way it conducted its meetings, hired its staff and operated in general.

I have no special expertise or thoughts regarding Sheriff Fitzgerald's concerns as expressed in his April, 2013, resolution, or the report of the special review committee announced on September 23rd.

But I do have specific concerns of my own and suggestions for the FirstNet Board and staff.

Suggestion: Be more open about your meetings.

Some board meetings are open and announced, although the agendas are not published very far in advance. But other meetings of the full board clearly happen and are NOT announced in advance, and I’ve never seen announcement of committee meetings or weekly board teleconference calls.

One example: FirstNet had an open meeting on Tuesday, June 4th in Colorado. Many people were there for a PSCR meeting at the same time. But, unbeknownst to most of us, the Board actually had an all-day meeting the day before, June 3rd, when they reviewed and essentially approved a fiscal year 2014 budget! During the open meeting they constantly referred back to the Monday meeting which was both closed and unannounced. It was hard to follow the open meeting due to phrases like “as we discussed yesterday”. Oh yeah? What did you discuss yesterday?

I suggest FirstNet should announce EVERY board meeting and EVERY board committee meeting, and, at least in general, what the subject matter is.

We all understand some meetings will have to be closed for budgetary and personnel matters. But EVERY meeting, even the closed ones, should be announced and the subject, at least, should be public.

And when the open meetings actually happen, make them like city council or state legislative meetings - in a large open room where there is plenty of space for an audience. Allow some "public comment" before or after. And not just for press, but for many of the rest of us who are interested in FirstNet work.

Oh, and, by the way, does FirstNet know that a meeting held at 10AM Eastern Time is 7AM Pacific Time, 6AM Alaska time and 5AM Hawaii time?

Finally, it is commendable that FirstNet webcasts video of its meetings and accepts questions via the phone, then quickly publishes a verbatim transcript. But I suggest getting a professional service with good microphones and cameras to improve the quality of those broadcasts.

Suggestion: Publish a directory of staff names, responsibilities and contact information.

FirstNet has been decently good about announcing its hires. When FirstNet staff come to meetings in person, they are quite open and approachable. T. J. Kennedy

For example, I chaired a meeting of city, county and State CIOs at the APCO annual conference in Anaheim in August, 2013. Deputy General Manager T. J. Kennedy came into the meeting and gave his business card to each of us, spoke at length, answered questions and interacted quite well with the group.

I applaud this openness.

But there's no website which shows the FirstNet organization and the names and contact information. (The org chart itself is buried in a PowerPoint someplace online.)

Much worse is transparency on contractors.

Again, I’ve interacted with a few of FirstNet’s contracted staff. They are knowledgeable and professional on the phone and at meetings. They listen, interact and are genuinely committed to FirstNet’s mission. In person and on the phone they are quite willing to give out their contact information.

But many of us involved at the state and private level have been approached by people who say they are FirstNet contractors - and they are, I guess, but how would we know? Where's the "index" or website listing all the contractor names and their responsibilities?

Perhaps there’s some fear that if all that contact information is on a public website, the staff will be inundated with phone calls and email messages, but I think most of us on the outside will be more respectful about that.

And a small suggestion: anyone involved with FirstNet should have a signature block which includes their name, title and contact info attached to the email messages they send.

Suggestion: Be more open when contractors are hired.

Just like when full-time staff are hired, couldn’t FirstNet make some announcements or tweet or something to tell the community that a new contractor is on board? Tell us a little about their background and qualifications. Tell us how they fit into FirstNet's overall planning and work.

We all understand that contractors are hired for various reasons and from various sources. Often a board member or another contractor or a full-time FirstNet staff person knows someone they've worked with in the past who has certain skills, and they are hired on that basis. That's fine.

When I've hired people I always looked for people who were known to be competent or referred by my existing staff and employees. A secondary benefit is the existing staff became invested in the success of the new hire.

Especially at the beginning, but even now, FirstNet contractor hires appeared to be all people almost exclusively with private company cellular technology expertise. Some of the first hires had little or no experience with LTE. It was (and still is) a mystery as to how they were hired, by what mechanism, and what their connection or expertise/background is. The lack of transparency here certainly contributes to the feeling that the effort is being managed or railroaded in a certain direction.

Be open about all this. It will only add credibility to these key individuals and the role they are each playing.

I’ll give a specific example. Brian Kassa was a senior LTE engineer with Nokia Siemens. He joined FirstNet’s technical team as a contractor a few months ago. One of his duties is interacting with State government teams. I’ve known Brian for a few years and he actually is a responder working on a search-and-rescue team near Seattle. He’s an outstanding engineer, very committed to the effort. But you’d never know he’s working on this effort from looking at websites or other public documents/announcements from FirstNet.

If FirstNet trumpets hires like Brian, they will build their own credibility as an organization which hires good people and is moving quickly to design the network.

Suggestion: Appoint some more advisory committees

The Spectrum Act requires just one advisory committee – a public safety advisory committee or PSAC. That committee has been appointed. But it is somewhat of a mystery as to what charge that committee has, when it meets and what’s on the agenda for the meetings. Notes and minutes of the meetings are not publicly available.

Now, most of that information is available if you know someone on the PSAC. And the PSAC Chair, Harlin McEwen, is one of the very best at quick responses to email and being open to talking on the phone.

But I’d suggest FirstNet allow the PSAC to be much more open and public with what it is doing, including staffing it to allow it to do more work and have meetings which are more open. Create a special section on http://www.firsnet.gov for the PSAC.

I’d suggest FirstNet consider appointing some additional advisory committees – which are allowed under the law – to increase the amount of input it gets and its openness. Specifically there could be a commercial advisory committee of potential vendors and manufacturers.

There also could be a committee which directly includes the state governments upon which FirstNet will depend upon to build its network and its user base. Another committee might include secondary responders such as public and private utilities, transportation and transit departments.

Again, the idea here is to improve FirstNet’s outreach to this potential user base. A secondary effect of the additional committees is getting more people involved - and therefore committed - to the overall effort. Yes, all of this will take staffing and money. But small investments today will pay big dividends (I think) when FirstNet is marketing its new network and services. 

Suggestion: Get a decent website with calendar of events

I think that’s self-explanatory, if you look at the present website. I understand this new website is in the works, promised “within a month” as of this writing. But gee folks, the Board was announced in August, 2012, and there are hundreds of great web design firms out there. Does it take 13 months to get a decent website?

Having a comprehensive, easy-to-use website demonstrates FirstNet’s commitment to transparency.

The website also needs to include a decent calendar of events. Presently there is a calendar of speaking events on the existing website, but NOT a calendar of FirstNet meetings or events.

Here’s a specific example. Kevin McGinnis is the Board member responsible for tribal outreach and has done a good job trying to contact as many tribal officials as possible. FirstNet originally set a meeting of tribal officials for August 26th for Washington DC, which then was pushed back to October and is now November 4th. Nowhere on any website or other document (as far as I know) has this meeting been announced. It is all word of mouth or, presumably, email messages to a group of tribal officials (I’ve never seen such emails, however).

Suggestion: Get your own lawyers.

After the Spectrum Act passed, a lot of attorneys made a lot of money interpreting it.

The FCC, NTIA and DHS all had their staff attorneys go over it with a fine tooth comb, and I suspect there was a little bit of infighting as roles and responsibilities were sorted out.

It seems that, in some cases, the FirstNet Board and staff let the lawyers tell them what they can and cannot do. I suspect that’s what going on in the spectrum leases with the 8 jurisdictions who have money and had FCC waivers to build their own networks. Here it is, 18 months after those jurisdictions were told by NTIA they couldn’t spend grant funds on LTE equipment, and only two of them have a spectrum lease allowing them to proceed on their networks. Elected officials, Mayors, Governors, Legislators, City Councils, police and fire chiefs supported these 8 efforts to build locally, and this long delay (both NTIA's delay and the slowness in spectrum lease negotiations) has made some of them wary of FirstNet.   I believe some of that delay has to do with the lawyers who are advising FirstNet that it cannot spend money on these pilots or otherwise has to restrict them. Such lawyers are (in my opinion) taking the most conservative possible interpretation of the law and what it allows or doesn’t allow with these early builders.

What I’ve written in the previous couple of paragraphs is speculative, of course, because FirstNet has NOT been transparent about what the real issues are in the spectrum lease negotiations.

The 8 early builders represent a tremendous opportunity for FirstNet to be entrepreneurial and test out a number of different models in the real world of public safety. The user stories from these 8 sites can help cement and improve public safety’s (and general government’s) support for FirstNet.

When I ran the information technology department of Seattle’s City government, I had city attorney’s ADVISE me on contracts, risks and other matters. But in the end it was the attorney's ADVICE and it was up to me to make the decisions and take some risks to move government forward with technology.

It seems like the commercial members of the FirstNet Board should be quite familiar with this entrepreneurial model. Perhaps they should say to the lawyers “thank you for the advice” but take some risks to get these 8 early builders going and make them successful.

Suggestions: Outreach

Jeff Johnson and Craig Farrill have been outstanding “on the road” speaking and obtaining input about the project. They’ve been open. They’ve demonstrated the ability to listen. They know there are huge challenges ahead and they’ve been transparent about them. See, for example, page 22 of Jeff's report to the board here.

But FirstNet also understands (or needs to understand) that only a tiny fraction of their potential stakeholders know anything at all about the project, and most of the public – especially the technology-knowledgeable public – knows even less. If you don’t think so, just read the comments in this Ars Technica article about FirstNet.

I just hope the outreach teams hired full time have the same sort of ability to listen and honesty which Jeff and Craig have displayed.

Closing: FirstNet has a great natural wellspring of support. More openness will capitalize on it.

Over the last four or five years, there was a huge campaign which generated public safety support for assigning the D block to public safety and to pass the Spectrum Act which created FirstNet. Indeed, I’ll often go to 911 centers or first responder departments here in Washington State to talk about the upcoming nationwide public safety wireless broadband network, and people will say – “that’s the D block, right”?

This support is a major untapped resource for FirstNet.

First responders, especially, want to see this work succeed. But, in addition, most of the associations and organizations comprising the old PSST (Public Safety Spectrum Trust) plus many telecommunications carriers, manufacturers, consultants and others have a long-term vested interest in the success of FirstNet’s mission.

FirstNet, be open about what you’re doing. Embrace all these stakeholders, especially courageous, concerned folks like Sheriff Fitzgerald. Ask them for advice and support. Reach out to the larger potential user base - transportation, public works, utilities, railroads, small telephone companies and others.

Being open, transparent and welcoming today will not only help you build the network tomorrow, but will also stand you in good stead as the inevitable bumps occur on your road to success.


Caution: This statement represents the personal views of Bill Schrier, and does not reflect the views or opinions of any governmental or non-governmental association with which I’m affiliated. There may be inadvertent inaccuracies in the material presented above, and, if there are, contact me and I’ll fix them.


Leave a comment

Lessons from NG-311 for NG-911

August 22, 2013 By Bill Schrier

Next Generation 911When you are in a life-threatening emergency – a serious car accident or having a heart attack or your house is on fire – what do you do? You call 9-1-1, of course. With the emphasis on CALL, because, with just a few exceptions, there’s no other way to get police or firefighter or emergency medical help except calling on the phone. You can’t text 9-1-1 or send an email to a PSAP or tweet to 9-1-1.

9-1-1 Centers, often called PSAPs or Public Safety Answering Points, have a lot of sophisticated technology beyond 1920s-era voice phone calls, but very little of it is used to communicate with the public.

The National Emergency Number Association (NENA) and the government – specifically the Federal Department of Transportation – have a plan to fix that. The plan is called "Next Generation 9-1-1" or NG-9-1-1. At some point you may be able to text 9-1-1 or send an e-mail message or upload photos and video to help first responders protect life and property.

Some cities, however, have already implemented 3-1-1 systems for non-emergency customer service. In these cities – Portland and Denver for examples– you call 9-1-1 for emergencies and 3-1-1 to get help with any other municipal government service such as building permits, streetlight repair or animal control.

I recently did a podcast with Mark Fletcher on the Avaya Podcast Network (APN) discussing 9-1-1, 3-1-1 and these next-generation contact methods for the public. Fletch(@Fletch911) and I came up with the term "Next Generation 3-1-1" to describe using a set of new technologies and social media for citizens to reach their governments for service.

What can NG-9-1-1 and PSAPS learn from "next generation 3-1-1"?

Next Generation 311 - term coined in this blogWell, for one thing, "next generation 3-1-1" has already arrived. If you are in one of the places with 3-1-1, you can obviously just call that number to initiate almost any government service or report a problem. But virtually all those 3-1-1 cities also offer a 3-1-1 web input form and give you a tracking number. Some of them now tweet and allow tweeting as an input. Others are experimenting with Facebook pages, online chat, and email. Many of these contact methods allow you to send a photo or video of the issue.

Another common contact method is texting – there’s even "an app for that" in Textizen, developed by Code for America. In truth, Textizenis as much about citizen engagement and interaction as it is 3-1-1 and requesting service. But the important point is that Philadelphia, Austin, Salt Lake City and other places have implemented it as an alternate contact method.

Seattle's Find-It Fix-ItA final, powerful, "NG3-1-1" technology is the downloadable mobile app. Some cities have developed their own app such as Boston’s Citizen Connect or Seattle’s Find It Fix It. These are sometimes built on technology developed by private companies such as Connected Bits or See-Click-Fix (Ben Berkowitz, the CEO, is a worldwide leader in this space).

A frequent criticism of NG-3-1-1 services and apps is that they only work in one city. You can download the "Chicago Works" NG-3-1-1 app, but cross into the suburbs and it is useless. But Boston and Massachusetts fixing this by extending Boston’s Citizens Connect into Massachusetts Commonwealth Connect. This allows 40 cities in Massachusetts to have their own individually branded app, but, using the GPS feature on smartphones, to report problems no matter where they are. A resident of Chelsea who is in Boston for a Red Sox game could see a problem – a smashed stop sign for example – and use the Chelsea app to report it to the Boston

Admittedly, we have a long way to go with 3-1-1 – most places in the nation don’t have it (indeed, even in Boston and Seattle you don’t call 3-1-1, but rather a 10 digit phone number). But we can still think about some future "next generation" features for 3-1-1 which would be relatively easy to implement with today’s technology even if they are still difficult to implement in the culture of government operations:

  • Fedex-style tracking of service requests. With tracking you could snap a photo of graffiti, get a tracking number and then be notified as the service request is reviewed, triaged, sent to the police department for review by the gang unit, sent to "graffiti control central" to determine if it is on government property and which department (transportation, parks, etc.) is responsible to clean it up, see when the crew is dispatched, be notified when the work is done, and then be asked your opinion of how well the whole process worked. (Some 3-1-1 apps purport to do this now, e.g. Chicago, and the Open 3-1-1.org organization actually is evangelizing it).
  • 3-1-1 Open Data and analysis. The details and results of 3-1-1 calls for service should be on an open dataset for anyone to review and, indeed, are in some cities such as Boston, New York City, and San Francisco. Certainly departments and Mayor’s Offices should be analyzing the tracking data to improve service management processes. But how about mashing the 3-1-1 data up against datasets such as building code violations, utility shutoff due to non-payment or crime incident reports to find "hot spots" of difficulties in the City which need to be broadly addressed by cross-functional teams from law enforcement, code enforcement, social workers and more. Boston is, indeed, doing this, but I’ve not been able to find detailed data about it. (Note: Socrata, headquartered in Seattle, is the software driving all the "open data" sites mentioned above as well as hundreds of others such as the Federal Governments own data.gov.
  • Facetime and Skype to 3-1-1, conveying video to the 3-1-1 operator so they can see your situation or you can show them graffiti, a problem in the street, and so forth.
  • Chat and video chat. Chat functions are fairly common on private customer service sites but extraordinarily rare in government. Indeed, I can’t cite a single example. I think government customer service departments are concerned about being overwhelmed by work if chat is opened to the public.
  • Twitter and Facebook comments/apps. Elected officials certainly realize the power of Twitter and Facebook. And I think they (or their staff) actually review and respond to comments or tweets, and even turn them into service requests for follow up. But most of the line departments in most cities (water, transportation, public works, certainly police and fire) don’t accept calls for service via these social media channels. I’d also like to see developers write Facebook apps or games which could be used inside that social media community to engage the public or manage 3-1-1/service requests.

Lessons for NG-9-1-1. I’ve laid out a long list of examples and suggestions above which, together, could be called the "landscape and roadmap" for Next Generation 3-1-1. Some of them clearly could be adopted for use in PSAPs and 9-1-1 centers. The "low hanging fruit" here, I think, for NG 9-1-1 is:

  • A smartphone app for texting 9-1-1. Although you can directly text 9-1-1 from your phone, an app would be better because it could prompt you for critical information such as your location. Textizen could be an NG-3-1-1 model for this.
  • A smartphone app for calling 9-1-1. This sort of app might not just telephone 9-1-1, but also allow you to include photos or other data from your phone, including GPS coordinates, direction and speed of travel etc.
  • Facetime or Skype to 9-1-1. Such an app (when PSAPs are able to receive the information) would allow the telecommunicator in the PSAP to see what’s happening to you or in your area.

A number of obstacles remain, however:

  • Technology is an obstacle, as most 9-1-1 centers don’t have even text messaging available, much less email, twitter or chat. A notable exception: York County, Virginia, where past APCO president Terry Hall directs the 9-1-1 center – you can text 9-1-1 in York County.
  • Culture and training are an obstacles. Telecommunicators (call takers and dispatchers) in 9-1-1 centers know their jobs extraordinarily well and execute them almost flawlessly, as you hear from tapes after any major incident. Every new technology or method of communication we add to the PSAP makes those jobs harder in terms of training and obtaining the right information to get first responders to the incident.
  • Chain of evidence. When a video or video call or image is sent from a citizen to a 9-1-1 center about a crime, can it be used as evidence? Has it been altered (even by Instagram) thereby perhaps rendering it useless in a court of law?
  • Security and cybersecurity. We’ve seen cases of "spoofing" telephone numbers and "swatting", where 9-1-1 centers are tricked into sending officers or SWATs to unsuspecting citizens. Every new method of communicating adds new difficulties in verifying caller identities and preventing such antics.

And, most importantly, with 9-1-1 lives are often at stake, so thorough research and preparation must precede adoption of these new technologies in PSAPs.

My podcast with Mark Fletcher on the Avaya Podcast Network was a fortuitous meeting. We've probably coined the phrase "Next Generation 3-1-1". But while the tools and technologies of NG-3-1-1 certainly chart a path for PSAPs and NG-9-1-1, following that path will require innovative solutions to a number of obstacles.


Leave a comment

Apps Contests are Stupid

July 2, 2013 By Bill Schrier

HackathonIt seems like apps contests and apps challenges and hackathons sponsored by governments have been all the rage over the last couple of years.

They were kinda cool when they were new, in 2008, such as Washington DC's original "Apps for Democracy".   Vivek Kundra, then CTO of the District, valued the apps developed there at $2.3 million, although how he arrived at that number is unknown.

But now apps contests are not just overdone - there are just so many of them - but actually are becoming counterproductive, turning off developers and governments.   In fact, they are stupid.

Why?

First, the data sources are not standardized between different cities, counties and states.   This leads to myriad problems. 

One of the great breakthrough ideas in the government of the District of Columbia in 2008 was the concept of a "data catalog".   Governments have always had masses of data which they crunched to produce reports and insights and to support policy development.  But they also kept such data under lock-and-key.   The District's government made some of those datasets open and available for citizens, academics, researchers and app developers to use.   Kundra’s successors in D.C., Bryan Sivak and Rob Mancini, extended the District’s data catalog to 507 datasets.   Kundra ported the idea to the federal government with data.gov, and a whole industry – including Seattle startup Socrata, is now built on opening up data. 

But very few "normal" citizens are interested in this stuff.  Many of them don't have the skills or interest to spend a lot of time loading thousands of rows of data into a spreadsheet or some statistics program and crunching the data.  Most non-policy-wonk citizens, if they have an opinion on a policy issue at all, have that opinion based on a logical or emotional basis and don't generally want it polluted or confused by facts.  As an example many people feel "crime is rampant in our city, we need more cops", when, actually, violent crime has dropped steadily in almost every US City for the last 20 years.

Nevertheless, the open data catalog is a brilliant idea because it allows developers to build apps using that data and display it in new and interesting ways.

My favorite example of this from the Apps for Democracy days is the "stumble safely" app.  

This app used the crime dataset from the DC government.  It took your location, as determined from the GPS on your smartphone, along with the time of day, day of the week and other information.    It mashed that data against the crime dataset.   And it showed the safest path for you to "stumble home" from a night of eating or drinking.

It no longer works.

Stumble SafelyA primary reason:  "stumble safely" used the DC crime dataset, but was useless outside the District of Columbia.   Few other cities - even today - have put their crime datasets in an open data catalog.  And the formats of those datasets vary widely from place to place.   So "stumble safely", written for the District of Columbia, won't work anyplace else unless it is modified for each individual city or government.

This is a common problem with almost all government open data on the web.

In fact, the only commonly used data which is standardized - as far as I know - is transit data with the GTFS standard promulgated by Google.  Transit data is widely standardized because transit agencies are like private companies.  They have to market and sell their services - ridership on buses and trains - or they will run budget deficits and cease to exist.

Few other government organizations are in the same situation - there is little incentive for police departments or fire departments or building inspectors or water departments or electric utilities to standardize their datasets and make them open.  Indeed, most of them fear (wrongly so), that exposing data will open them to criticism for problems with the data or bad comparisons with other agencies, e.g. being less efficient or more expensive at delivering service than the same agency in a nearby city.   And every agency will say "we don't have the time or money to standardize our data."   It takes strong leadership (aka "arm twisting") by an elected official or extraordinary leadership by a CIO to push an open data initiative forward.

Yelp, Code for America and the City of San Francisco are trying to standardize restaurant inspection data with the LIVES specification, an effort I applaud.    But I predict this will be a slow slog - slow adoption - for the reasons mentioned above.   

A second major reason apps contests are stupid is the lack of monetization.   Apps developers need to eat, too, and put a roof over their heads and a Porsche in their garage.  They're all looking to create that "killer app"  which will be downloaded a million times at a $9.99 per download.

But how many apps created from hackathons or apps challenges or contests are monetized?   How many of them are still active and downloaded and used?

My answer:  few, very few.

Stumble safely, alas, is dead (just click on the link here). Most of the apps on Apps for Democracy and other apps contest sites are dead.  

A few are living and continuing to develop because their creators are passionate about them (Living Voters Guide by Travis Kriplean) or they do have a monetized component (Seattle Emergency Radio by Brian Adams, monetized via advertising).   

One Bus AwayAnother potential avenue for monetization is for a City/County/State government to take over the use, care and feeding of an app after an apps contest.   That sometimes happens, but often can be a dicey proposition.  Brian Ferris, a Ph.D. student at the University of Washington in Seattle, wrote One Bus Away, an extraordinarily innovative transit application to track, in real time bus arrival times without using GPS (since Seattle buses at that time had no on-board GPS).  It has a 100,000 users each week.  Brian now works for Google in Zurich, and the area’s four transit agencies are trying (and fighting with each other) on how to keep the app going.  

Evergreen Apps CompetitionAnother possible solution to the monetization problem is offering prize money to encourage participation such as the $100,000 offered this summer by Battle Hack.  When we did the evergreen apps challenge last year in Seattle, the three governments involved were able to offer some prize money funded by federal grants and local innovation funds.  But that’s rare – taxpayers will quickly wonder why we’re offering money to hackers when potholes are still jarring their cars.

One potential exception to the hackathon/monetization problem is New York City.  New York City has its “Big Apps” competitions, 8 million people, hundreds of thousands of businesses and innovative Mayoral leadership with Michael Bloomberg.   It represents an “apps ecosystem” which might survive and thrive despite the other hurdles.   

If most apps contests are stupid, where do we go from here?

I'm not sure how to get datasets standardized across 3000 counties and 18,000 or more cities and 50 states.   Perhaps private companies such as Socrata, a premier provider of data catalog services such as data.gov, or a company which has monetized data such as CrimeReports.com can figure that out.   Or - and this is a long shot - perhaps the Mayors' Innovation Task Force of the US Conference of Mayors would take this on, but I'm not holding my breath.  

Perhaps an innovative state government will take leadership and build a data catalog with its cities and counties and standardize the data on the catalog.  This presents a great economic development opportunity - think of all the startup companies in that state which might develop statewide apps, or mash up the government open data against data from other sources such as the census or sales data from, say, Amazon.

The second problem - monetization of apps - will be hard to solve unless and until data is standardized so a single app – a crime reporting app, for example – can be downloaded and used across an entire state or the nation with the potential for millions of users.

In the meantime, we’ll have to rely on the kindness of friends to the government community like Travis Kriplean, innovative leaders like Jay Nath in San Francisco and Mark Headd in Philly, plus the ongoing attempts to standardize data like GTFS and LIVES to carry us forward.

But proliferating these stupid apps contests sure ain’t going to do it.


Leave a comment

Cyberhacked - Again

May 12, 2013 By Bill Schrier

HackedIn the face of continuing breaches, what are Governments to Do?

The depressing news made headlines in Washington State and nationwide last week – the Washington State Courts systems had been hacked, and about 160,000 social security numbers and the information from a million driver's licenses was potentially exposed to hackers. This announcement was almost coincident with the news of $45 million stolen from the world’s cash machines, a problem with weak security in several private banks. 

Plenty of similar news abounds – South Carolina's Department of Revenue had a data breach which affected 6.4 million businesses and residents and has cost the state $25 million, so far. The State of Utah had the personal information (social security numbers, healthcare information, etc.) of 780,000 residents compromised in 2012. Indeed, 21 million people have had their health records lost or stolen or breached in the last three years, and millions more have been victims of identity theft, loss of credit card or personal financial information, and similar issues. Even law enforcement is not immune, as the Salt Lake City police department itself was hacked and information lost in early 2012, and the Honolulu Police Department revealed a breach this past week as well.  

Believe me, these reports are just the tip of the iceberg in terms of lost or breached data in government and the private sector.

What's a government to do?

I have several practical suggestions:

1. Hang together, don't hang separately.

In every government, departments are silos. Each department wants to assert its independence from the others and manage its own data, technology and IT systems. At another level, there are three branches of government - judicial, legislative and executive. For the Federal government these are the federal courts (e.g. U.S. Supreme Court), Congress and the President. Each branch asserts its independence from the others. And, of course, cities are independent of their counties who are independent of their states and everyone mistrusts the Federal government.

When it comes to cybersecurity, this is bullshit.

The "bad guys" are incredibly well-organized. Bad actors could be a criminal syndicate, as in the ATM hack earlier this week, or Anonymous, or even nation-states. Several national governments - China, Israel and the United States – are widely cited as developing cyber weapons.

To respond to these threats, cyber defense teams have to work together, ignoring their organizational silos. There might be separate teams in separate branches or departments, but they need to support each other, probe vulnerabilities in each others' systems, and actively share information. Every government should have cross-agency cyberincident response teams and forensic investigation teams which are activated at a moment’s notice whenever an incident - even a single infected computer - occurs.

2. Actively use private sector resources.

Many private companies will handle credit card processing, perform vulnerability scans, and do risk assessments. They’ll even manage a network on behalf of a government. No government should be doing its own credit card processing or holding/securing citizen credit card information. At the very least governments can contract with private companies to scan their networks and websites for vulnerabilities, do audits of internal systems, and similar work. Private companies will have much more expertise than most governments can hope to hire directly.

3. Consider the "cloud".

Amazon, Microsoft, Google, and a number of other companies offer to store data or manage applications at their data centers and sites, in their "cloud". These companies have teams of information security experts to protect this data. Governments should actively think about using such services. One problem is contractual - most cloud providers want to limit their liability in case a breach occurs. Unfortunately, I'm not aware of contract language with a cloud provider which would satisfy all of a government’s concerns about breaches and loss of personal information, and I encourage your comments about this.

However, another alternative is for one government to create and host cloud services for others, again using joint cyber protection and response teams. Such a technique might also address other concerns such as the need for backgrounding data center employees for CJIS or HIPPA compliance.

4. Use hackers.

Every state has a major university. A friend of mine, CISO at a university, has described the school as having "35,000 potential hackers". Governments could create special relationships with their colleges and universities to employ students and student interns in a wide variety of tasks to manage, monitor and audit/probe their government systems. This technique has the added advantage of helping to train these students – give them practical skills necessary to solve the shortage of information security workers.

There are, undoubtedly, many other protection techniques governments should adopt. A major problem in my experience, however is complacency. "Our techniques are working." "It can't happen here." "We passed a cyber security audit last year." Again, such complacency is bullshit. Cyber attacks, vulnerability discovery and the application software we use changes too rapidly.

This underscores the most important of my suggestions - the first one - working together. Too often we government employees put our department first, or believe we "work for the xxx independent branch of government", not the governor or mayor or legislature or (fill in the blank). Maybe we're afraid of losing our jobs or fear what the results of an audit might disclose.

In the face of the attacks above, this attitude, this culture absolutely must change. We all work for the citizens of our city or our state, who entrust us with their sensitive data. And we absolutely must cooperate much more to safeguard that information.

After all these data breaches, have we learned our lessons?

Sadly, I doubt it. I expect that, over the next 12 months, I’ll be tweeting and reporting further breaches and potential losses of citizen information.

When will we really learn?

(Full disclosure:  I now work for the State of Washington.  However I have no "inside" knowledge of the breach at the State of Washington Courts.)


Leave a comment

No more Collisions, Speeding Tickets & Jobs

April 7, 2013 By Bill Schrier

Seattle Car AccidentA long, long time ago in a galaxy – well, actually, a City – far away, I was a police officer - a street cop. I witnessed some of the most horrific episodes of my life as I came upon scenes of automobile collisions with gruesome injuries. I also wrote my share of speeding tickets (and no, I did not have a quota!) and arrested a fair number of drunk drivers.

New technology, however, heralds the potential for an end to automobile collisions, speeding tickets, drunk driving and even most traffic management. Gee, there’s even the possibility that the traffic jam may be relegated to the dustbin of history (along with the dustbin itself, I might add).

A combination of technologies is maturing which foretells such a future.

Google Driverless Car

The first one, of course, is the driverless car. Google has been at the forefront of prototyping that vehicle, to the point where California and Nevada have both passed laws explicitly allowing such vehicles on their roads. Beyond Google, most of the major automobile manufacturersare also testing driverless vehicles. And it’s only a matter of time before such vehicles are regularly driving our roads.

Next, we are seeing the appearance of the “vehicle area network” and “networked vehicles”.

I just purchased a new 2013 Toyota Prius C (and then promptly crashed it in a minor accident – subject matter for a different blog post). When I plugged my iPhone into the Prius to charge it, the Prius recognized the iPhone and linked to it, and offered the ability to use the iPhone’s cellular connection to link the Prius’ own touchscreen display, maps and apps to the wider world. Toyota also has an “entune” appfor this purpose.

We’ll see much more of this in the future – where cars are linked to the Internet. BMW already connects most of its vehicles worldwide to collect performance data via Teleservices. GM’s Onstar has been around for a number of years. Insurance companies are starting to offer discounts for good drivers who consent to put a monitoring devicein their vehicle to sense sudden starts and stops, speeding, and other actions which may be dangerous (or at least insurance companies think are dangerous).

Future vehicles will have networks which link the vehicle to all your personal devices – keys, smart phone, tablets, DVD players and more, to keep you “connected” and in control on the highway.

Furthermore, cars will talk to each other. They could exchange location information, proximity information, directional information and much more. In this fashion cars might be able to avoid each other or allow for smooth lane changes and turns without colliding.

A related development is the instrumentation of the highway.

Seattle Traffic Management Center

I had the privilege of working with the Seattle Transportation Department, which was at the forefront of intelligent transportation systems (ITS), when I was City CTO there. Today ITS means, for the most part, traffic sensing and detection devices to time traffic signals, extensive networks of traffic cameras linked with fiber cable, readerboards on streets, and some novel technologies like traffic time estimators and displays. Mobile apps are all the rage, of course, to display traffic conditions. Seattle just launched an amazing mobile app which actually shows live video from traffic cams on your smartphone.

Indeed, the City of Los Angeles just became the first major City worldwide to automate all of its 4,500 traffic signals, synchronizing them. That will reduce travel times somewhat, although our experience with expansion of capacity (e.g. building new freeways or widening them) is just that more traffic is generated.

But sensors and instrumentation can be taken a step further.

Almost everything in the roadway could, of course, be instrumented – sensors in guard rails, school crosswalks, stop signs, bridges. Such sensors might not only collect information but also broadcast it to traffic management centers or, indeed, nearby vehicles.

Your car would know when you are approaching a stop sign and automagically apply the brakes – gee, the “California stop” might become thing of the past. As you approached a school zone during school hours, your car would automatically slow to no faster than the allowable speed. Radars or sensors in the vehicle would detect the presence of children and stop for them – indeed, if every child was somehow sensor-equipped, they might never be struck by cars whose intelligent management systems would automatically avoid them. (And no, I am NOT going to discuss the potential for placing microchips in human beings, although some sort of sensor attached as a smart phone or bracelet or watch DOES have its advantages!)

And you can see where this is leading – as cars become more “intelligent” with their own networks and sensors, and roads become more “intelligent” with their own sensors, networks and computers, the need for human drivers may become irrelevant.

  • You could put your 3 year old alone in a vehicle, tell it to take her to daycare, and have it drop her off there and return home.
  • Drunks (or their Washington-State modern day equivalents: pot smokers) could stumble into their cars and the vehicle would quickly and efficiently woosh them home – or to the detox ward, as the case may be, with almost zero chance of that drunk killing or maiming someone.
  • With driverless cars, even the need for taxicab drivers might be eliminated – you’d use your smartphone to call a taxi and it would smoothly come to the curb;

Speeding tickets, collisions, accident investigations, even automobile deaths might become history.

This, of course, has many implications for local and state governments:

  • Cops would no longer “work traffic”, investigate accidents or write tickets – they’d concentrate on investigating and preventing non-traffic crimes;
  • There could be a new set of government regulations requiring regular maintenance of vehicles and government inspections of them, because the only major source of collisions would be mechanical failure;
  • Emergency rooms and morgues would not be treating traumas and death from car collisions;
  • A significant source of revenue for local governments (traffic tickets) would dry up, although they could respond by increasing parking rates or licensing fees;
  • As emergency vehicles speed to fires or crimes, traffic would autmagically stop and pull over - somewhat like the parting of the Red Sea – reducing response times for police and fire.
  • Lawyers and courts would be freed (or put out of a job) litigating traffic accidents and court cases (see my blog post here explaining why most lawyers will be become history anyway);
  • Auto insurance rates would drop steeply, and, again, put a lot of people out of work adjusting claims, fixing cars, etc.;
  • Indeed, traffic might actually move faster and more efficiently through cities because the need for traffic lights and synchronization might end as vehicles negotiate with each other to speed along roads and through intersections. However traffic signals would not go away in many places, because pedestrians still need to cross streets;
  • Transportation departments would probably spend less time building new roads and widening existing ones, but high quality roads would be essential to prevent damage to vehicles driving at higher speeds.
  • Many delivery jobs might be gone.  Perhaps mailboxes would move to the curb (if not there already) and driverless Postal Service, UPS, FedEx and similar vehicles with robotic arms would just deposit most mail and packages in the box.  This is a logical extension to today's robot-filled Amazon warehouses.   Of course how people are able to buy anything to be delivered, given all the job losses, is a separate issue!

I don’t expect to see this traffic "nirvana" anytime soon. But I clearly see it on the horizon. Yes, there will be a lot of disruption and both loss of jobs and creation of new, unknown ones. 

But I welcome the day when grandparents are not killed and ripped from their families by drunk drivers. I hope to see over 36,000 Americans saved from needless death and 3.9 million from injury at the hands of automobiles and their drivers.


Leave a comment