Recently, CDT was asked to testify about the ways that technology can be used to improve financial oversight during a 2009 congressional session that saw “bank bailouts,” “housing markets” and “economic stability” become commonly used buzzwords. While TARP and mortgages aren’t our usual area of expertise, we have a lot to say on how Congress can ensure that the databases supporting these endeavors can help the government be more transparent and protect privacy at the same time.

The Troubled Asset Relief Program – or TARP – has been in the news a lot lately, as the program designed to strengthen the financial sector comes under scrutiny from the media and the public to figure out whether or not the program is actually working. Unfortunately, there hasn’t been an effective way to track TARP funding, in part because so many agencies are involved in distributing the money. One of the bills we discussed, H.R. 1242 (and companion bill S. 910), would create a centralized database for TARP information. It’s surprising that a program of this size doesn’t already have a way to consolidate the information around it’s expenditures, but not even the oversight committee has an easy time tracking the dollars. TARP funds are distributed by 25 agencies, using incompatible and outdated systems to track spending. The H.R. 1242 database would not only centralize this information for easy access, but would require almost real-time updates to the information.

We believe that the database needs to be made public in order to allow the media, watchdogs, and citizens to see how TARP money is being spent. A good example to follow is the Recovery.gov website, which pulls together information from the 28 agencies distributing Recovery Act funds. The site allows users to sift through stimulus contracts in useful ways and, though not perfect, it is an incredibly important step in keeping the public in-the-know. The lack of a similar site for TARP has made it difficult for the public to understand the program – so it’s a perfect opportunity to make a government database public.

Another bill we talked about in our testimony, H.R. 932 looks to improve technology for oversight on housing issues by linking location information to mortgage information, making it easier to track foreclosures, abusive lending practices, and vacancies. Currently, land parcel information is kept by counties, but centralizing them would allow regional analyses of the housing crisis and regional responses. Of course, if regional geo-databases are created, they may not fall under the privacy protections imposed on the federal government. In that case, it will be vital to ensure that the databases are subject to privacy and security protections. The financial information that can be correlated to land parcels is both personally identifiable and sensitive, as financial information is defined as sensitive by almost all definitions.
(more…)

In a much-hyped launch this afternoon, Apps.gov was introduced as a centralized service for federal agencies to obtain cloud-based IT services. These services range from productivity and management applications for internal use to free social media plugins for agency websites. US CIO Vivek Kundra has often noted that taking the government into the cloud was a priority for him for many reasons, among them cost saving and increased security among agencies, as well as furthering interagency collaboration.

Apps.gov is billed as a storefront for cloud services for government agencies. Many of these are apps for internal use only, and the website notes that internal agency users have no expectation of privacy. However, there are some external facing social media tools that are listed within the Apps.gov catalog, and I hope that they make it clear as they work with these social media sites that user privacy is important. While amended terms of service for the social media tools are included on the site, we’d also like to see the contracts that GSA has entered into with third party vendors. Of particular interest are details about what types of social media tools will be available to interact with citizens. Apps.gov’s social media section would be an excellent place to put a repository of tips and best practices for user privacy, for example- an example Privacy Impact Assessment for agency use of Facebook could be one of the resources at Apps.gov.

We are excited to see government begin to harness the cloud, and begin to take advantage of centralized services within agencies. Hopefully we’ll see Apps.gov turn into a repository of information on how to use cloud tools internally and with the public as well as serving as a storefront for agencies.

Last week, the federal government announced a pilot project to develop digital identity solutions for federal websites, working with OpenID and Information Cards technologies. This will allow government agencies authenticate the public (for low and no security uses) and provide personalization and services. Online industry leaders have signed up as identity providers, and will allow citizens to use their existing identity online to interact with the government. Even six years ago, one third of online users logged in to government sites. The proliferation of online services and websites surely means that the identity program is something that agencies will be quick to take advantage of. Using a federated identity solution will allow agencies to stop developing and investing in independent solutions and instead use a plug-and-play system for identity. However, linking identities across the .gov web – let alone with the commercial web – carries new issues to be addressed.

There are 300 million Americans, any number of whom may want to do business with government at any time of the day or night. Often, this may just be looking up an address or printing forms, but many interactions will require some way to identify the citizen who is asking for services from the website.

Last week at the Gov 2.0 Summit, federal CIO Vivek Kundra noted that identity is crucial if government websites are to move beyond ‘brochureware” and provide services to and interact with the public. Making government websites more interactive and useful is a key component to the Open Government Initiative, and identity is a step towards that goal.
(more…)

Yesterday, the New York Times published an editorial on the revising the tracking policy on federal government web sites. This piece aligns closely with recommendations CDT and EFF made recently about updating the “cookie” policy to provide both transparency and privacy protection.

As mentioned in a blog post from EFF’s Tim Jones, this piece really nails it in terms of what the administration needs to do to ensure that citizen privacy is taken into account in web site measurement and tracking. It is important to note from the CDT and EFF recommendations that this type of notice does not need to be legalistic to be useful. We recommend that agencies have regular for users on each page that users can find more information about.

While we often concentrate on the Executive and Legislative branches when we talk about government transparency, the federal court system lags behind them both. The Public Access to Court Electronic Records (PACER) system – the only online source for “public” court documents – is hardly a modern system for openness. Sure, it was when it launched several years ago, but it has fallen far behind the times. In order to access court records, users must use a confusing and outdated system to pay eight cents per page for PDFs of court documents.

A new project from Princeton University’s Center for Information Technology Policy aims to “turn PACER around” with a Firefox extension called RECAP. This extension is crowd-sourcing the task of making documents available, letting users know when a document can be had for free at the RECAP archive and letting users donate documents they purchase to the free collection.

As I noted in February, these opinions and documents often form the basis for our understanding of legislation and law. They are currently locked behind a pay wall. RECAP is working with Public.Resource.Org and Justia to build on their existing free court documents, consolidating them with user submissions at the Internet Archive. This is exactly the kind of project that we need in order to show that the courts shouldn’t rely on high user fees to make information public – in fact, the information can and should be shared easily.

Transparency advocates are not the only people pushing PACER to modernize it’s system; Senator Lieberman continues to question the fees levied on users. He’s right- the courts are not making documents “freely available to the greatest extent possibleâ€? as mandated in 2002 as part of the E-Government Act. When the government won’t free information, third parties stepping in to compile and share information is the next best thing.

RECAP will be presenting on their new extension as well as the policy context of their work at the O’Reilly Gov 2.0 Expo next month, and I’m looking forward to hearing more about it.

Earlier this week, CDT co-hosted an appearance by the nation’s new Chief Technology Officer, Aneesh Chopra. Speaking at the Computer History Museum in Silicon Valley, Chopra outlined how he wants to use technology to address the critical issues facing the nation and how he thinks the federal government can best support innovation. The video of Chopra’s remarks is up courtesy of our co-host, the Churchill Club.

Tim O’Reilly explained at length earlier this year why Chopra was such a good choice to shape technology policy in Washington, and it was impossible not to agree after hearing Chopra speak this week. Chopra is an opportunist in the best sense of the word. He has a grand vision of how technology can contribute to issues ranging from health care to education to the environment, but he also understands the value of incremental steps and short-term results. His talk was peppered with examples from his tenure as Virginia’s Secretary of Technology and his first months in the White House, where he is already in charge of an overhaul of the case status system for the US Citizenship and Immigration Services, among other projects promising immediate pay-out.

CDT is working on many of the issues Chopra mentioned, including health IT, cyber-security, broadband deployment, and, of course, government transparency. At times, we will be pushing the Administration to go further that it might otherwise be inclined to go in terms of openness and privacy, and we will criticize the Administration when it falls short, but we couldn’t want a smarter, more receptive official to engage with than Aneesh Chopra.

If I had one criticism of Chopra’s remarks, it would be his repeated emphasis on accomplishing things without changing the underlying laws. On the one hand, working within existing frameworks is consistent with his attractive opportunism. However, it is clear that some laws need to be updated to ensure deep, government-wide change. One example is the Privacy Act, which applies to federal databases; CDT has a major project underway to bring this 1974 law into the 21st century. Getting legislation passed will require White House leadership, and we hope that Chopra, while developing practical tools to make government more transparent and participatory, will also lend his credibility to improving the legislative framework for privacy in government systems.

Update: Here are the slides Aneesh Chopra used in his August 4, 2009 presentation in Silicon Valley. [pdf]

The Congressional Research Service is a $100 million a year think tank that researches and writes informative and non-partisan reports on topics suggested by members of Congress. The catch–and the reason you might not have read their work–is that CRS reports are only made easily available to members of Congress. Citizens can request these reports from lawmakers, but without a public index, they can’t request something they don’t know exists. The CRS Reports currently rank first on CDT’s Most Wanted Government Documents. In an ongoing effort liberate these documents, CDT runs Open CRS, an online repository of public CRS Reports. To spotlight these reports, I will be writing “CRS Report of the Week” posts and feature a relevant report each week. These reports are informative in both that they serve as excellent primers to political issues and that they offer a degree of insight into what information is circulating around Congress.

Access to Broadband Networks: The Net Neutrality Debate
R40616
June 1, 2009

July 21st has passed, which means just one thing: Reply Comments to the Federal Communications Commission (FCC) Broadband Plan are in! Anyone interested in digging in and reading the Reply Comments can do so by searching the FCC’s website using the parameters Proceeding 09-51 and Document Type RC (CDT’s Reply Comments can be found here). This CRS Report on the Net Neutrality Debate might come in handy before you dive in. It was written very recently, which makes it even more useful.
(more…)

The Congressional Research Service is a $100 million a year think tank that researches and writes informative and non-partisan reports on topics suggested by members of Congress. The catch–and the reason you might not have read their work–is that CRS reports are only made easily available to members of Congress. Citizens can request these reports from lawmakers, but without a public index, they can’t request something they don’t know exists. The CRS Reports currently rank first on CDT’s Most Wanted Government Documents. In an ongoing effort liberate these documents, CDT runs Open CRS, an online repository of public CRS Reports. To spotlight these reports, I will be writing “CRS Report of the Week” posts and feature a relevant report each week. These reports are informative in both that they serve as excellent primers to political issues and that they offer a degree of insight into what information is circulating around Congress.

The REAL ID Act of 2005: Legal, Regulatory, and Implementation Issues
RL34430
April 1, 2008

REAL ID is an issue that, if you have not been following from the beginning, can be daunting to understand. With the introduction of the PASS ID Act, the debate becomes even more confusing to a newcomer. This CRS Report provides an overview of REAL ID, covering its history, a few provisions, relevant constitutional questions, debates, and selected regulatory requirements. However, the Report does not highlight many of the implications on the privacy and security side, so take a look at CDT’s REAL ID Primer to get filled in on that. However, this Report’s analysis of the potential constitutional objections (pgs 6 – 14) to REAL ID are worth a look and the cases mentioned read like a greatest hits list of important Supreme Court cases. The section explaining selected regulatory requirements of REAL ID (pgs 20-28) is also informative.
(more…)

The Congressional Research Service is a $100 million a year think tank that researches and writes informative and non-partisan reports on topics suggested by members of Congress. The catch–and the reason you might not have read their work–is that CRS reports are only made easily available to members of Congress. Citizens can request these reports from lawmakers, but without a public index, they can’t request something they don’t know exists. The CRS Reports currently rank first on CDT’s Most Wanted Government Documents. In an ongoing effort liberate these documents, CDT runs Open CRS, an online repository of public CRS Reports. To spotlight these reports, I will be writing “CRS Report of the Week” posts and feature a relevant report each week. These reports are informative in both that they serve as excellent primers to political issues and that they offer a degree of insight into what information is circulating around Congress.

The Social Security Number: Legal Developments Affecting Its Collection, Disclosure, and Confidentiality
#RL30318
October 2nd, 2008

It is well known that Social Security Numbers (SSNs) should not be used as authenticators. A new study demonstrating the ease with which SSNs can be predicted serves as further evidence to this fact.  Simply put, SSNs weren’t designed to be authenticators. The problem with SSNs is that they have become both the de facto national identifier and authenticator for private industry.  This is analogous to using your name (an identifier) as your password (an authenticator). Identifiers are simply a reference to who you are and, thus, are often public.  Authenticators, on the other hand, are used to prove identity, and should not be known publicly.  These dual uses of SSNs as identifiers and authenticators has worried identity experts for some time because of this difference in security levels.  The new research steps over those concerns and suggest that SSNs should never be used as authenticators not just because of the risk an individual’s SSN might be disclosed, but because SSNs are predictable based upon publicly available information.  Ultimately, it does not matter how vigilant one is in protecting his or her SSN.  It can easily be discovered.

(more…)

This post was originally made on the PrivacyCamp Blog.

PrivacyCampDC is in the books and it was fantastic! A collection of people representing interests in both the public and private sector gathered together to share knowledge and expertise on a number of topics including (but certainly not limited to) the future of privacy rights in a Government 2.0 world, surveillance technologies, digital signage, updating the 1974 federal Privacy Act (something CDT is pushing for citizen feedback on with their Privacy Act Wiki if you want to check it out), and how we achieve a greater level of transparency and openness without compromising ones privacy. With attendees representing privacy organizations, federal agencies, security companies, information technology and even Congress, there were a lot of great ideas shared during the event.

One of the most important takeaways that nearly everyone walked away with was the notion that collaborative discussion is vital to protecting privacy in the digital age. The more voices and interests at the table from the beginning, the more likely concerns will be addressed as legislation is crafted, regulations are made, and the intersection between government and new and emerging technologies grows.

The event was tweeted under the hashtag #privacydc and a video slideshow featuring photos from the event’s Flickr page is available. Can’t wait for the next one!