Blog - Articles Tagged 'Technology'

The stimulus bill hasn’t (update: has been) been signed into law yet, but one of its mandates – the establishment of a public website to track how the stimulus funds are being spent – has already been implemented.

Recovery.gov went live earlier today with projections on the bill’s impact in public investment and job creation based on the final version of the legislation. At first glance, it is refreshingly attractive and user-friendly for a government website. There are some simple visualizations of where all the money is going and a handy timeline showing all the reporting requirements for federal agencies and groups that receive stimulus money. Of course, there are also areas for improvement. One thing I’d like to see is RSS feeds for all the data so that I can review it as soon as it is made public.

Overall, the launch of the website does indeed feel like an important moment; a key indicator that the internet is being recognized by government as an essential element of disclosure and public oversight.

As for the specific information that will be posted on the site in the coming weeks and months, here’s what is required by the legislation:

>(1) The website shall provide materials explaining what this Act means for citizens. The materials shall be easy to understand and regularly updated.

(2) The website shall provide accountability in formation, including findings from audits, inspectors general, and the Government Accountability Office.

(3) The website shall provide data on relevant economic, financial, grant, and contract information in user-friendly visual presentations to enhance public awareness of the use of covered funds.

(4) The website shall provide detailed data on contracts awarded by the Federal Government that expend covered funds, including information about the competitiveness of the contracting process, information about the process that was used for the award of contracts, and for contracts over $500,000 a summary of the contract.

(5) The website shall include printable reports on covered funds obligated by month to each State and congressional district.

(6) The website shall provide a means for the public to give feedback on the performance of contracts that expend covered funds.

(7) The website shall include detailed information on Federal Government contracts and grants that expend covered funds, to include the data elements required to comply with the Federal Funding Accountability and Transparency Act of 2006 (Public Law 109-282), allowing aggregate reporting on awards below $25,000 or to individuals, as prescribed by the Director of the Office of Management and Budget.

(8) The website shall provide a link to estimates of the jobs sustained or created by the Act.

(9) The website shall provide a link to information about announcements of grant competitions and solicitations for contracts to be awarded.

(10) The website shall include appropriate links to other government websites with information concerning covered funds, including Federal agency and State websites.

(11) The website shall include a plan from each Federal agency for using funds made available in this Act to the agency.

(12) The website shall provide information on Federal allocations of formula grants and awards of competitive grants using covered funds.

(13) The website shall provide information on Federal allocations of mandatory and other entitlement programs by State, county, or other appropriate geographical unit.

(14) To the extent practical, the website shall provide, organized by the location of the job opportunities involved, links to and information about how to access job opportunities, including, if possible, links to or information about local employment agencies, job banks operated by State workforce agencies, the Department of Labor’s CareerOneStop website, State, local and other public agencies receiving Federal funding, and private firms contracted to perform work with Federal funding, in order to direct job seekers to job opportunities created by this Act.

(15) The website shall be enhanced and updated as necessary to carry out the purposes of this subtitle.


>
>(d) WAIVER.-The Board may exclude posting contractual or other information on the website on a case
by-case basis when necessary to protect national security or to protect information that is not subject to disclosure under sections 552 and 552a of title 5, United States Code.

“America’s vulnerability to massive cyber crime, global cyber espionage, and cyber attacks has emerged as one of the most urgent national security problems facing our country today,” says Sen. Olympia Snowe [R, ME]. "If we fail to take swift action, we, regrettably, risk a cyber-Katrina.”

To deal with the issue, she has teamed up with Sen. Jay Rockefeller [D, WV] (pictured) and introduced into Congress the Cybersecurity Act of 2009. Since it’s introduction on April 1st, it has moved up the OpenCongress most-viewed bills list into the top five, and here’s why: it would give the President unilateral authority to shut down the internet.

No joke. I know this sounds a little paranoid, so here are a couple of key excerpts directly from the bill’s text (link and link):

SEC. 18. CYBERSECURITY RESPONSIBILITIES AND AUTHORITY.

The President -

[…]

(2) may declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network;

[…]

(6) may order the disconnection of any Federal Government or United States critical infrastructure information systems or networks in the interest of national security;

SEC. 14. PUBLIC-PRIVATE CLEARINGHOUSE.

[…]

(b) FUNCTIONS- The Secretary of Commerce –

(1) shall have access to all relevant data concerning [Federal Government and private sector owned critical infrastructure information systems and] networks without regard to any provision of law, regulation, rule, or policy restricting such access;

As Jennifer Granick of the Electronic Frontier Foundation points out, the language in the second excerpt would give the Commerce Department “absolute, non-emergency access to ‘all relevant data’ without any privacy safeguards like standards or judicial review.”

Of course, the scope of these new powers ultimately comes down to how the phrase “Federal Government and private sector owned critical infrastructure information systems,” which is mentioned repeatedly in the bill, is defined. Taking a Look at the bill’s “Definitions” section we learn that it is left wide open to be defined however the President chooses to define it:

(3) FEDERAL GOVERNMENT AND UNITED STATES CRITICAL INFRASTRUCTURE INFORMATION SYSTEMS AND NETWORKS- The term ‘Federal Government and United States critical infrastructure information systems and networks’ includes -

(A) Federal Government information systems and networks; and

(B) State, local, and nongovernmental information systems and networks in the United States designated by the President as critical infrastructure information systems and networks.

Some obvious information systems that would be considered critical are banks, credit card companies, utilities, airlines, trains, hospitals, etc. But, as Center for Democracy and Technology general counsel Greg Nojeim says, it’s possible that less obvious systems, like email, might also be included. “I’d be very surprised if it doesn’t include communications systems, which are certainly critical infrastructure,” Nojeim told eWeek.

That said – and this is also something Nojeim mentions – the bill has several less controversial parts. For example, its companion measure, S. 778, would establish an executive Office of National Cybersecurity Advisor, or “cyberczar” and take the job of securing cyberspace away from the Department of Homeland Security and put it under the purview of the White House. This was the subject of a Senate Homeland Security Committee hearing that took place yesterday. It also contains scholarships for students to study cybersecurity issues, a cybersecurity awareness campaign, a mandate for the creation of cybersecurity metrics, and much more.

I think many tech savvy types would agree that cybersecurity is crucial, that the government needs to improve in this area, and that private sector systems must be involved and protected. But the proper solution would probably be focused more on finding specific critical lapses and developing solutions, and less on broad powers for the federal government to shut things down.

There’s been more talk than usual in Congress recently about the issue of cyber security. I think we’re all convinced that it’s a serious issue and that there needs to be some kind of unified effort to address it. But it’s been difficult for any of us outside the realms of information security and technology to know what to do — or even to begin talking and thinking about what to do.

Most people seem to agree that the bill introduced into Congress, the Cybersecurity Act of 2009, does not take the right approach. It seems to threaten privacy and to call for system-wide standards in a way that would make the hacking game even easier for those with malicious intent.

Marc Ambinder has a piece on the issue today stemming from an email discussion with Rob Beckstrom, a former chief U.S. cyber security official who resigned recently because he felt the National Security Agency was trying to take over his operation and that their attitude towards the issue was counterproductive. It’s helpful, I think, for starting to find ways to think and talk about this.

“’Who’s in charge’ has been a topic of political debate in DC since Dick Clarke first raised the cybersecurity issue in the late 1990’s,” he said via e-mail. “No matter how and where the boxes are drawn, let’s get to work on re-architecting and evolving the Internet for the benefit of all.”

Though Beckstrom didn’t quite say this, I think he is worried that if the NSA – by mission a parochial, defensive intelligence organization – comes to dominate the thinking on cyber security, it will fail to cooperate meaningfully with international institutions.

“International collaboration is the key to developing, standardizing and implementing these critical new upgrades. America cannot do it alone. No amount of re-organizing the boxes in Washington is going to solve the cybersecurity problem. We need to make the internet itself more secure, and we need to invest in program areas that work.”

And Beckstrom wants these upgrades to be largely open source, available to the public community of programmers and thinkers. It’s safe to say that any cyber security program defined as a counter-intelligence / counter-terrorism / counter-espionage effort would be wrapped up in all sorts of classified ropes.

How does cyber security intersect with politics? The money spent on lobbying, for one thing. But publicly, it hasn’t really, yet, outside of the trade journals and some blogs. It’s important for people who care about the future of the Internet to brief themselves about the scope of these issues and the debates now; the Obama administration might act quickly, and its decisions – and where it and Congress decide to put the money – will resonate in ways we haven’t conceived of.