February 4, 2013 By Bill Schrier
The New York Times had the audacity to research and write a story critical of Chinese Prime Minister Wen Jiabao’s family. In return for its journalism, the Chinese government apparently unleashed a four-month long hacker attack against the Times stealing, among other data, every one of its employees’ passwords. This effort was apparently searching for the sources for the story. Ars Technica has a short, frightening, account of the hack.
And, of course, the Chinese government succeeded – would people crticial of the regime dare to talk to the New York Times now, knowing its technology can be hacked?
There are many related and frightening stories – the Wall Street Journal was attacked, a power station in the United States has been offline for three weeks due to an attack based on a USB drive, and, of course, Anonymous (or someone) has been hard at work with denial of service and web defacing attacks on banks and government agencies. Could a City, County or State government be subject to a similar attack?
A few years ago, when I was CIO in Seattle, I would have dismissed the notion out of hand.
A City government does not hold the secrets to making a nuclear weapon in its digital vaults, nor do cities have active networks of foreign spies (with the possible exception of my friends in the Big Apple) whose identity needs to be uncovered by foreign powers.
Today I feel exactly the opposite.
Cyberwar is real. Cyberwar is happening today, even as I’m writing this. And the New York Times attack is only the latest. The evidence is everywhere. Nation-states (and perhaps others) are creating malware with the express purpose of attacking other nations or private company. Stuxnet is one example, as is the malware which fried 30,000 computers at ARAMCO in Saudi Arabia. Many governments have been compromised with malware to steal money from their accounts by stealing finance officers passwords.
Why would anyone – other than a criminal botnet out to hack finances and bank accounts – target a City or County or State government?
The New York Times attack highlights the reasons clearly.
Suppose a Mayor or Governor publicly opposed allow trainloads of coal to pass through their city or state, in order to be loaded onto ships, sent to China, and used to power the Chinese electrical grid. Wouldn’t such opposition essentially constitute economic warfare and potentially provoke a cyber response?
Suppose a Mayor or County Executive, hoping to combat a rash of gun violence, initiates programs for a network of video surveillance cameras and gunshot detection technology (read: microphones) in a City. Could that provoke Anonymous or a similar organization?
Defacing a City or County website is bad. Stealing taxpayer money from government bank accounts is worse. Compromising SCADA systems to shut down a water supply or electric grid is dangerous. But we haven’t yet seen the worst potential attacks, such as bringing down a 911 telephone network or freezing a police or fire computer-aided dispatch system or perhaps crashing a public safety radio network.
And these overt acts pale by comparison to covert actions which may be occurring undetected – systematically compromising and falsifying utility bills, or hacking into and changing criminal and court records. We have no evidence such covert acts have ever occurred, but given the myriad of different levels of government and many repositories for the information, such databases must represent a juicy and lucrative target for criminal networks, Anonymous and even nation states. All these potential threats indicate cities, counties and states cannot be complacent, but rather need active cyber security programs, preferably in cooperation with other agencies.
Yes, Dorothy, a City could be hacked to its knees. Worse yet, it might not be discovered for months or even years after the act.
January 3, 2013 By Bill Schrier
Although Congress continues to put off really dealing with the so-called "Fiscal Cliff", the budget deficit, and a host of related issues (at least as of this writing), in the last week of 2012 both Republicans and Democrats agreed to extend FISA – the "warrantless wiretapping" law. FISA – really the "FISA Amendments Act" - essentially allows the federal government to eavesdrop on email and other communications without a warrant. The Senate even rejected amendments which would require some transparency in the process, such as revealing how many Americans are monitored in this fashion. This same law also gives telecommunications carriers blanket immunity when they turn over records or allow wiretapping of citizens.
On a slightly different issue, the National Rifle Association is reiterating its adamant opposition to the banning of assault weapons or other restrictions on the purchase and ownership of guns, despite the death of 20 young children to gunfire in Newtown. The NRA supports, however, a national registry of the mentally ill. And, of course, the Gun Control Act of 1968 prohibits gun sales to individuals who have been committed to a mental institution or "adjudicated as a mental defective." Because individual states have a wide variety of laws (or lack of them) which implement this provision, it has few teeth, hence the NRA’s call for the registry.
Recent advances in technology promise unprecedented ability to further monitor and pry into the private lives of citizens. The law is still murky about the GPS information in your cell phone, but some courts have ruled a warrant is not required for law enforcement to obtain it. Congress also approved a new law in 2012 which allows commercial pilotless aerial vehicles ("drones") to populate our skies. And technology is being developed to allow your TV to monitor your viewing habits, perhaps even via a camera which watches YOU and is embedded in the TV. This information could be reported back to advertisers and others for further targeting you as a consumer. Given the FISA extension (which protects telecommunications carriers who turn over information to the government), such data might also be available to government authorities. (More detail on drones, phones and TV monitoring here.)
Let’s add these new technologies to many which already exist – a proliferation of video surveillance cameras in both private and public hands for example, as well as a massive library of video and still images collected on sites such as Flikr, Facebook, Pinterest and YouTube. Most such sites encourage "tagging" of individuals by name in the images. Many private companies are developing facial recognition technology to allow these "tags" to proliferate to images across the Internet. Governments are also building facial recognition technologies and applying them at least to mug shot databases of criminals or suspects. License plate recognition (LPR) is now widely used by transportation and law enforcement. Indeed, between LPR and facial recognition, there might very well be a time when anonymity is essentially dead – whenever you leave your house your whereabouts will be known, tracked and entered into either a public or private database.
Add to all this the explosion of "big data" and "data analytics" such as the Domain Awareness System (DAS) developed by Microsoft for the New York City police department. DAS and similar technologies promise an unprecedented ability to analyze a vast variety of information about criminals – and citizens – to build a profile of each and every individual in the nation.
Now let’s circle back to the NRA.
At first thought, the idea of a national database of the mentally ill – who would then be prevented from at least purchasing and, perhaps, owning, weapons – seems an attractive thought. Clearly anyone who would brutally kill 20 first-graders – or murder a dozen theater-goers in Aurora – is mentally ill. Yet neither Adam Lanza or James Holmes were diagnosed prior to their acts. In retrospect, almost all perpetrators of large-scale massacres show signs of mental illness, but are rarely diagnosed before the crime. Some would argue that most cold-blooded murderers (as opposed to those who commit murder in a fit of passion or rage, or under the influence of a drug), are mentally ill.
How do we determine who is mentally ill, and therefore goes into the national database, and is then prevented from buying or owning guns? Ultra conservative groups like the NRA, who would never support government officials registering weapons, are, apparently, more than willing to allow deep violations of privacy to determine if a person is mentally ill. Do we need to build that nationwide profile of every single person living in United States (or perhaps the world), looking for those tell-tale signs of a killer? Do we need to put those cameras on every TV in every house? Do we need to wiretap and analyze every telephone or Skype conversation? And do we then use our business intelligence and big data analytics to create those profiles?
What’s amazing is not the potential for building such a database, but how far we’ve already allowed it in law, with FISA and the FISA Amendments Act and the Patriot Act and the use of our present technology. Even more amazing, is the ability of the far right and the far left, the liberals and conservatives, Obama and Boehner, Republicans and Democrats, all to sign on and support it.
We go willingly into this deep, dark night.
December 10, 2012 By Bill Schrier
I've worked as a public sector employee and a manager of government technology workers for three decades. While public sector workers share many attributes and work attitudes with their private sector counterparts, there are also some things unique to public sector employment. In writing this, I was inspired by two recent blog posts by Steve Radick including "Ten Things You Should be Saying to Your Boss."
First, government is, in the minds of many people, synonymous with bureaucracy. I've blogged about this before, but all large organizations, public or private, are painted with the bureaucracy brush. The bigger the organization, the more bureaucracy – and this applies to banks, manufacturing companies, the software industry and, well, everything where there are at least two people working together.
What should public employees be saying to their CIO bosses? When I was a CIO in a large City government, what should my folks have been telling me? And again, thanks Steve Radick for the inspiration for many of these. www.steveradick.com
1. "Don't worry about it – I got it." It is really great when, as a manager, I know an employee is going to handle something – take care of it, keep people informed and get the job done. Erin Devoto, my deputy at the City of Seattle and now the acting Chief Technology Officer (CTO) there, is a living, breathing, example of this. She took so many projects and drove forward to make sure they were accomplished.
2. "Here's a problem - here's what I'd recommend and why." Some of my worst experiences as a public sector manager were "monkey transfers". That’s where an employee recognized a problem or potential issue, brought it to my attention and then walked out of the office – transferred the monkey from her/his back to mine. But some of my best experiences were when employees recognized an issue, worked with their team to brainstorm some potential courses of action, and laid them out for a decision. Usually those employees, after the decision was made, walked out of the office saying #1 above – "I'll handle it". What a relief. I'm going to especially call out Mr. Stan Wu at the City of Seattle on this one, as he did this many times for me on projects ranging from fiber optic networks to radio networks and others.
3. "What can I do to help?" There are few better experiences for anyone – employee or boss – than being faced with a difficult situation, and having the team come together to figure out a solution and implement it. Willingness to proactively help address issues or problems – not waiting to be tasked with an assignment, is a hallmark of a great employee.
4. "Playing the 'Angel's Advocate' ..." I've been in so many meetings which go on and on as employees raise one potential issue after another with a proposed course of action or an idea. I used to cringe when someone said "Playing the Devil's Advocate …" and then went on to describe some low probability stupid scenario about how a course of action might fail. It's almost like the employees had a pool or a bet on who could come up with the most issues or the most unlikely scenarios to kill the plan. Give me an "Angel's Advocate" – a proponent – any day of the week. And if it is a legitimate issue or problem with the idea, suggest a way to mitigate it (see #2 above).
5. "I just read/watched/heard … and it got me thinking that…" As the boss, I love new ideas, and with all the changes in technology we've seen in the last 20 years, such ideas abound. In government it is relatively easy to find ideas which haven't been tried – usually private sector companies are first to adopt new technologies such as online services or mobile applications. Figuring out creative ways to use those in the government's service to constituents is something every employee can do.
6. "This idea has some risks, here they are, but I’d like to try doing it … " Government employees are notoriously risk adverse. I never quite understood that – most are protected by civil service or seniority rules or union bargaining agreements. Perhaps the risk aversion rises from fear of a newspaper headline or wasting taxpayer money. Frankly, I think bad bosses have a role to play too – ones who steal ideas for themselves or have a negative attitude about anything new. In any case, an employee who is willing to risk their reputation on an innovative solution can be a breath of fresh air.
7. "You know how we've been doing X? Why do we do it that way?" This one needs little explanation. We call it "paving the cowpath" when we apply technology or automate some business process without examining how to improve the process itself. Whether it be procurement or personnel actions or decision making or delivering a service, we should always look at the process first. This is even more important in government organizations where culture can be hard to change and existing business processes have very deep roots. No amount of technology or automation will materially improve an outmoded process.
8. "How am I doing?" Frankly, I used to cringe at employees who asked me this. Giving feedback – and honest feedback – is hard. Many employees don't want to hear bad news and many bosses don’t want to give it. But regular sessions of feedback are much more important than formal performance evaluations. And, of course, the flip side of this coin is willingness to accept that feedback, including #9 below. And employees don't need to wait for the boss to initiate such conversations.
9. "Here's what I learned and how I'll do it better next time". It is hard for many bosses to give feedback to employees on performance. It's much easier if the employee recognizes their own strengths and weaknesses and proactively brings them forward for discussion. This requires, of course, a high level of self-awareness, which is difficult for many people. (I had a long-standing employee who was totally delusional about his technical skills and abilities.) Going through post-mortems on projects and honest self-evaluation is important, and then vetting it with the boss is, again, more important than formal performance evaluations.
10. "Here's how I feel about that … " It takes a lot of guts for an employee to come forward to his/her supervisor, manager or director and give their honest opinion. The other side of this coin is that your opinion should be well considered and logical, not just some unsupported personal opinion. And it should be YOUR opinion, as an employee. I hated it when an employee said "And everyone else feels this way too". Oh yeah? Where are they at? And who appointed you as the spokesperson? Of course, some supervisors don't want to hear what their employees have to say, which is a subject for a different blog post.
11. "Yes, Boss, sometimes I know you'll move my cheese … " Change is a constant in any technology organization, or, indeed, any organization which uses technology at all. Whole industries are undergoing upheaval – just ask anyone in the newspaper, photography or land-line telephone business. Employees need to expect change, even in government, and sometimes it won’t be an improvement. But, conversely, the boss needs to explain the changes and the rationale for them.
And speaking of bosses, just like with Steve Radick's columns, my next blog post will be about what the CIO or boss should be saying to Public Sector Employees.
October 11, 2012 By Bill Schrier
(This column is updated from the original version.)
Robert Reich* had an interesting piece this week on NPR’s* Marketplace: "Is Technology to Blame for Chronic Unemployment?" He talked about the imminent end of many jobs and professions in the developed world, and specifically the United States, due to massive changes in technology. Read or listen to it here.
The logic of his arguments is quite clear.
First, the miniaturization of electronics coupled with the consumer technology revolution (smartphones and tablets) is really just in its infancy. Gee, the smartphone, for example, is just five years old, and the tablet computer (in its very usable, iPad-type format) is not even three years old. We’ve just begun to tap their potential.
Next, we are seeing more and more data and information squeezed into ever smaller spaces. While the first personal computers had less than 640 kilobytes of memory*, today we have widely available thumbdrives with 64 gigabytes of memory. Service members and others can carry their entire medical history on a chip in a credit card.
Indeed, Reich said, we may very well, in the future, carry an "all purpose" device, the "I-Everything" as he dubbed it. It could contain all relevant information about you, ranging from medical history to financial information to personal preferences (all suitably encrypted, one would hope!). Using a personal-area-network it could communicate with many other devices in or on your body to monitor your health, allow self-diagnosis of medical issues and even carry on most routine financial transactions and interactions. The I-Everything.
These revolutions in technology have already terminated many kinds of jobs. Word processors and data entry jobs are gone and secretaries, if not gone, are highly endangered. Telephone and switchboard operators, and many newspaper jobs, are gone.
More jobs will fall victim to technology. Bank tellers are endangered, as are travel agents. Retail store clerks are still employed in great numbers, but a decline must set in as more shopping goes online. Even restaurant servers may be somewhat endangered as iPads and other devices become common at tables.
This change will strike at professional jobs too. Sloan-Kettering medical centers have been testing the use of IBM's Watson to help diagnose medical conditions and, starting soon, it will start dispensing medical advice.
(You undoubtedly remember Watson from its appearance on the Jeopardy television show.)
We can see many other professional jobs which will be suspectible to the "artificial intelligence" powers of computers such as Watson. Such jobs might include attorneys and finance. Lawyers research and interpret laws, but computers are vastly better at raw text-based search. And artificial intelligence as demonstrated by IBM’s Watson computer can do much, if not all, of the interpretation and preparation of legal documents and briefs.
My title "Death of Lawyers" is a little dramatic. Lawyers aren’t going to die, but their profession will rapidly and significantly shrink. I suppose we’ll need trial lawyers for a while but almost all the "clerical" work of legal documents, wills, property transfer, tax preparation and so forth will fall victim to information technology. Most law schools and paralegals will soon follow. Indeed, most of the process of adjudication (“judges”) can probably follow as well.
IBM has 200 people working on applying applying Watson's abilities to commercial problems like medicine and finance. And my purpose in writing this column is not to "raise alarm" and cause people to "rise up against the machine." Computing is going to keep advancing and hundreds of companies and thousands of people are working to make that happen. Smarter machines will have many applications to improve our quality of life.
Many professions, however, will experience resurgence. Plumbers, electricians, carpenters and auto mechanics are definitely not susceptible to replacement by Watson -- or to outsourcing to China and India either, for that matter. But the sophisticated computers embedded in homes, appliances and automobiles will dictate more sophistication in these professions. Child care, nursing and elder care will still require "real people." Demand for, and the valuing of, these professions will rise.
Computers such as IBM’s Watson will eventually merge with the "I-Everything", I think, to produce a true digital assistant, able to interact and transact much of the routine business of your usual life. The only trouble is that, with so many people out of work, who will be able to afford one?
Well, this is, actually, supposed to be a blog about the use of technology in government. What do these revolutionary changes mean for government workers?
It’s hard to see how the "I-Everything" with integrated Watson can replace cops, firefighters, water pipe workers, electrical line workers, emergency medical techs, pothole-fillers, and parks and recreation staff. Spouses angrily fighting with each other, throwing kitchen utensils and pulling out knives and guns -- and then calling 911 -- are not exactly susceptible to Watson-like reasoning. "Bureaucrats," in the sense of employees who process documents, issue licenses and permits, and manage finances, may see their jobs in jeopardy.
And, of course, we’ll always need elected officials. Who would want to go to a public meeting and yell at a computer?
Or, perhaps, we’ll just send our I-Everthings to the meeting to yell at the electeds’ I-Everythings!
*Robert Reich is former Secretary of Labor for President Bill Clinton and presently professor of public policy at University of California – Berkeley.
*NPR – gee, you know what NPR is – its that public broadcasting service which includes Big Bird and Jim Lehrer and others who may be sacrificed to the god of Federal Deficit Reduction.
*Bill Gates did NOT say “640k of memory should be enough for anybody” - see here.
October 2, 2012 By Bill Schrier
The first-ever Evergreen Apps Competition came to a close last night in Seattle as we recognized the top applications developed over the last six months with government open data. Top honors went to Living Voters Guide with other prizes for WhichBus, Trash Backwards and Food Inspector.
I was one of the judges for the event, and, I have to admit, I had a lot of fun downloading and testing the apps on Android and iPhone platforms, as well using some apps on the web itself. Full results are posted on the Evergreen Apps website and on Geekwire.
“Apps competitions” might seem a little passé these days. It sure seems as if there have been dozens of them, starting with the original Apps for Democracy in the District of Columbia in 2008. New York City has had at least three renditions of their Big Apps contests and San Francisco continues to innovate with a whole catalog of apps.
What makes this one different? And where should we be going with Government data and apps contests in the future?
Evergreen Apps is different because it was a joint effort by the City of Seattle, King County and the State of Washington. Three governments at different levels, multiple different open data sites and $75,000 in prizes. Plus, of course, it was held in Seattle, center of the technology world, with over 100,000 people employed by companies ranging from Microsoft to Cozi to Amazon to Google to Socrata to Urbanspoon.
In return for the prize money, the rules stipulate the apps must be maintained an enhanced for a year. That, hopefully, will give some longevity to these apps. Alas, many of the results of apps contests elsewhere have resulted in dead ended apps which no longer work for a whole variety of reasons ranging from changes in the underlying data structure to developers who go on to other things.
A huge issue is sustainability. One of my very favorite apps from the original Apps for Democracy contest – “Stumble Safely” which maps crime around your present geographic location - appears to be long dead.
Developers and their startup companies can’t live on coding alone – cash really REALLY helps, but apps built on government open data are hard to monetize.
Another huge problem is non-portability. An app built in Seattle with data.seattle.gov information works in Seattle, but not in LA or Chicago or Podunk Center. We need either much better standards for the underlying datasets, along the lines of Google’s GTFS for transit data. Many transit agencies have adopted this format because increasing their ridership is core to their business, and using the standard advances that goal.
As an alternative, we could use a schema and data interchange process to mask the differences in data between different cities, counties and states.
I have great hopes for Socrata, a Seattle-based technology company which hosts the federal data.gov, data.seattle.gov, and hundreds of other government open data sites. They are one of the movers behind cities.data.gov, a first attempt at combining datasets from multiple cities.
If cities.data.gov or maybe a future states.data.gov or even restaurantinspections.data.gov can be made real, then an app writing against those open data sites would work anyplace in the world which contributes data.
Another huge problem is simply the lack of governments who participate. Sure, there are 176 federal government agencies who make data open, thanks to the commitment of the Obama Administration, the United States CTO Todd Park, his Deputy Chris Vein, U. S. CIO Steve Van Roekel and data.gov evangelists like Jeanne Holm. But only 19 cities and counties in the United States, and only 34 states have open data sites. See the list here. And many of those have incomplete or only a few datasets.
When are local and state governments going to “get it” that transparency and open data are a way to enlist a wide site of private companies and developers into helping them better serve their constituents?
Finally, there is the abysmal situation with transparency in lawmaking. Most state legislatures and city/county councils and commissions put proposed laws and ordinances on their websites, but in PDF format or non-machine readable format, making them almost impossible to consume with apps. Is this stupid, shortsighted or maybe intentional? A positive development here is the recent launch of congress.gov, which the Sunlight Foundation hails as putting much more machine-readable bulk data online.
So where do we go from here? My suggestions:
In the end, of course, it all comes down to visionary leadership.
President Barak Obama was really visionary in demanding open data and transparency from the Federal Government on his first day in office, on January 21, 2009. Then federal CIO Vivek Kundra and CTO Aneesh Chopra carried that ball forward. Mayor Mike McGinn in Seattle launched data.seattle.gov shortly after taking office in 2010 and I was proud to support him in that as Seattle CTO. Other visionary leaders range from Mayor Gavin Newsom in San Francisco to U.S. Deputy CTO Chris Vein in the White House to Mayor Michael Bloomberg in New York City.
But, alas, you can’t legislate leadership. You can only hope voters recognize it and cast their ballots for visionary candidates, and those elected officials, in turn, choose visionary CIOs.
We’ve got a great start on the brave old world of Government Transparency, and, with initiatives like Evergreen Apps, we’ll continue to push the “open data” ball forward.