ACLU wants Secret Service and Coast Guard records included in its phone tracking suit

The American Civil Liberties Union seeks a court order requiring the Department of Homeland Security to refer its request for records on the warrantless purchase of cellphone location data to the Secret Service and Coast Guard.

DHS waited more than 14 months to reject the ACLU’s request, and the organization is arguing that resubmission to the individual agencies would cause a “pointless delay” in its lawsuit.

The ACLU sued DHS, Immigration and Customs Enforcement, and Customs and Border Protection in December over their secret use of a Venntel database for immigration enforcement and potentially more, and now it seems other agencies within the department may be involved.

Since the start of the lawsuit, ICE has proposed a records processing schedule of 500 pages a month — an “unreasonable” pace given the “significant” public interest in the case, according to the ACLU’s response filed April 23.

The DHS Office of Inspector General is now investigating use of the database, and legislation has been introduced that would prohibit warrantless access of such data — necessitating a records processing schedule of at least 1,000 pages a month, the ACLU continued.

“CBP and ICE are producing records on an ongoing basis, but the court has not yet ruled on the disputes the parties presented to it in April,” Nathan Freed Wessler, deputy director of the ACLU’s Speech, Privacy, and Technology Project told FedScoop. “The public interest in the information we are seeking is as strong as ever, with Congress now considering the Fourth Amendment is Not For Sale Act and federal agencies continuing to aggressively purchase access to this highly sensitive information about people’s movements and activities.”

ICE’s current pace would take a year and a half to complete, and that doesn’t include the time the ACLU will have to spend challenging the adequacy of the records returned and agency withholdings and redactions.

The ACLU said the end of May was a reasonable timeframe for the DHS Office of Procurement Operations to provide 22 pages of relevant records and May 20 a fair deadline for the Office of Civil Rights and Civil Liberties, Science and Technology Directorate, Privacy Office, and Office of the General Counsel to complete their searches and assess the volume of relevant records. The organization proposed they submit a joint letter to the U.S. District Court setting a deadline of May 27 to process the records.

DHS did not respond to a request for comment by time of publication.

Democratic Senate aides initially uncovered DHS agencies’ warrantless use of the cell-phone location database during a series of summer oversight calls, but their follow-up requests for more information were ignored — prompting the ACLU’s lawsuit.

Washington, D.C.-based mobile analytics company Venntel collects the data from apps and sells it to government customers, though its full client list hasn’t been disclosed.

The IRS revealed on a June oversight call that its Criminal Investigation unit subscribed to Venntel’s database between 2017 and 2018. Senators subsequently pressured the agency’s inspector general to investigate, though J. Russell George only promised to report back “to the extent allowable under the law.”

CBP’s Venntel database subscription cost half-a-million dollars.

At issue is the Supreme Court’s 2018 Carpenter v. United States decision, which found collection of significant quantities of historical phone location data constitutes a search requiring a warrant under the Fourth Amendment. The ACLU wants to know if immigration authorities are paying for access to databases to circumvent that ruling.

The lawsuit requests copies of contracts, policies and procedures for data use, communications with companies and the related legal analyses.

DOD switches off its temporary teleworking platform used by millions

The Department of Defense will shut down its Commerical Virtual Remote (CVR) environment at midnight Tuesday, marking the transition to a higher security, long-term office productivity environment that employees will use in the office and at home.

Creating CVR was a feat by government standards, with millions of users brought online in a matter of weeks when the pandemic first sent much of the workforce home in March 2020. CVR gave users access to Microsoft Teams and other basic collaboration tools. It was a telework environment born of necessity, and is now being replaced by a more robust version of Office 365 dubbed “DOD365.”

The new platform offers much of the same capabilities as CVR with the ability to do work up to impact level five (IL 5), a jump up from CVR’s max of IL 2 data, and store documents in the OneDrive cloud.

“The rapid stand up of Commercial Virtual Remote (CVR) marked the turning point to the way DoD approaches IT challenges and showed the value of the close working relationships that have been established over the last few years,” John Sherman, acting CIO, told FedScoop in a statement.

At its hight, CVR had nearly 1.5 million users chatting, video calling and sharing documents on the system across the military. It brought novel capabilities to the DOD workforce, which until 2020 rarely could work from outside of military installations. Since early 2021 DOD has been onboarding users on to DOD365 to try and smooth the transition. It’s unclear how many users are on the envionrment now. DOD also recently expanded the number of types of devices that can access the platform.

Part of what got CVR up and running so fast was a telework task force of military department CIOs that convened to surge resources to CVR. The task force was led by then-CIO Dana Deasy and met daily at the onset of the pandemic, the DOD said at the time.

A small office within the DOD CIO’s office, the Cloud Computing Program Office, worked “24 hours a day, seven days a week” in the first two months to get the cloud space needed to run the environment.

“It is the Thursday that never ended because it was the day that never ended for us,” she said in December, retelling the story of March for the first time.

CVR was not without its limitation. Only IL 2 work could be done on the system and its capabilities were rudimentary compared to the full suite of tools many private sector companies offer. It also operated on a security waiver in order to be stood up so fast.

Building a better citizen experience with contact center modernization strategies

Government contact center operations have long been stretched thin by escalating pressure to control bottom-line costs. But the effects of the pandemic — and the subsequent unemployment and health crisis — showed many government leaders that their agency contact centers were not prepared to meet the surge in citizen needs.

Modernizing contact center operations with cloud-enabled infrastructure promises a more agile approach in the face of crisis or surge events, according to a new report, produced by Scoop News Group, and underwritten by TTEC.

CX

Read the full report.

Moreover, by moving contact centers away from legacy infrastructure, agencies can integrate automation and ai-enabled tools that connect the front-end citizen interactions with other downstream workflow processes at the agency.

The report describes how agencies, like the Wyoming Department of Workforce Services (DWS), deployed cloud and automation technology to deflect calls from at-capacity systems. Additionally, they were able to use an intelligent virtual assistant (IVA) to provide rapid answers to routine questions, resulting in a 24% decrease in call frequency.

TTEC’s Director of Public Sector, Ryan Haywood explains that injecting a layer of digital interaction with the agency before connecting to a live agent is one of the most effective ways agencies have found to streamline surges in requests. That is achieved by incorporating new communication channels such as text messaging, chatbots and other automation tools to make interactions more efficient.

By integrating automation technology, agency contact centers have been able to reduce operations costs, improve employee and constituent satisfaction and provide greater agility to react to surge events, according to Amber Rosebaugh, director of government technology strategy for TTEC.

“When an agency automates the back-end processes, response times also accelerate for the citizen,” she explained.

Read more about FedRAMP-authorized contact center solutions that are designed to deliver better citizen experiences. 

This article was produced by FedScoop and StateScoop and sponsored by TTEC.

FBI wants to work more closely with private sector to boost deterrence

The Federal Bureau of Investigations wants to work more closely with the private sector to glean data from hacks and work to deter future attacks on both government and company networks.

The agency’s lead cyber policy official, Tonya Ugoretz, said that in order to better defend against the range of attacks in cyberspace, the agency can’t act alone. She stressed that the government needs both preemptive cooperation from industry for tips on the latest cyber incidents, but it also needs to work with victims of cyber crime to follow patterns and have a greater chance at attributing the criminals or nation states behind the attack. Boosting cooperations is critical part of implementing the FBI’s cyber strategy.

“The private sector holds valuable cyber threat intelligence that exists no where else,” Tonya Ugoretz, deputy assistant director for the FBI Cyber Division, said at CyberScoop’s CyberTalks digital conference. “So each of us is half-blind if we don’t bring our perspectives together.”

The private sector has tipped off the FBI on several recent major hacks, including the SolarWinds supply chain breech that targeted government data.

“Our work doesn’t stop with this public attribution, we will continue to comb through data and make connections,” she said.

The private sector partners Ugoretz has identified for more engagement include: IT service providers, owners and operators of critical infrastructure, and also victims of cyber crime that can provide rich data to the government.

“Our engagement with victims is an under appreciated piece of the puzzle,” she said.

To boost its own cyber defenses, the FBI recently requested an additional $15.2 million from Congress. The agency is also seeking to modernize its enterprise IT with recent requests to industry. The bureau anticipates signing a long-term contract with an IT vendor for enterprise services that will support its recently reformed office of the chief information officer to better defend its own networks that are under constant attack.

Cyber EO response will involve leaders from every agency, Federal CISO says

Federal CIOs and CISOs from every agency will be involved in creating new governmentwide cybersecurity guidelines set to be issued as part of President Biden’s recent cybersecurity executive order, according to Federal CISO Chris DeRusha.

DeRusha said Tuesday his office is working with the Federal CIO and CISO councils to ensure information security leaders from across government are involved in drafting the new guidelines.

“Obviously this is a pretty big executive order…it really is an all-of-government exercise,” he said at CyberTalks 2021, hosted by CyberScoop. “CIOs and CISOs will be included in the drafting of every aspect of the guidance. They are going to need to implement them, so they are more than welcome to help us develop them and to make them successful.”

The cyber executive order, issued last month by the Biden administration, requires the Office of Management and Budget to issue a slew of new cybersecurity rules for agencies. It includes a mandate that the OMB should work with the Department of Homeland Security and the General Services Administration over the next 90 days to develop a federal cloud-security strategy and guidance.

Commenting more broadly on the government’s response to last year’s SolarWinds hack, DeRusha said there remains a way to go until basic security measures such as multi-factor authentication and endpoint detection are implemented uniformly across government agencies.

He noted also the importance of senior agency leaders having appropriate emergency plans in place that can be followed in the event of another major cyberattack.

“Agencies need a consistent playbook for senior leaders to work through when an incident like SolarWinds occurs,” he said.

Modernizing federal cybersecurity is just one element of the larger cybersecurity EO. It also calls for increased sharing of threat information between the government and private sector, and for the development of baseline software supply chain security standards for any software sold to the federal government.

Additionally, the order calls for the creation of a national Cybersecurity Safety Review Board, akin to the National Transportation Safety Board.

Cisco inks $1.2B software contract with DISA

The Defense Information Systems Agency has awarded Cisco a $1.2 billion indefinite-delivery/indefinite-quantity contract for software services, the Department of Defense announced Monday.

The software Cisco will be providing is “Cisco Smart Net Total Care and Software Support Services,” according to a public release about the contract. The performance period will start with a one-year base but could be extended up to three years if all goes well.

The DOD’s request received three proposals, the department said.

Cisco’s Smart Net software is designed to help resolve IT issues and keep enterprise software for large organizations up to date, according to its website. It’s tech that “that keeps your IT running smoothly,” a promotional video claims.

DISA has been consolidating the networks of combat support agencies and taking on the responsibility to run their help desks. It’s unclear if this contract is directly related to that initiative.

Agriculture CISO Venice Goodwine takes role with Air Force

Venice Goodwine has left the Department of Agriculture to lead the U.S. Air Force’s enterprise IT function.

Goodwine started in the role of director of enterprise IT for the Air Force under CIO Lauren Knausenberger last Monday, a source familiar with the matter told FedScoop.

She served as USDA’s chief information security officer since late 2018, overseeing a $208 million cybersecurity budget, according to the agency. Before that, she had a long tenure in the military, serving as a senior cybersecurity officer advising the Air Force CISO and a senior program manager in the Marine Corps Systems Command.

While at USDA, she led improvements to the agency’s cybersecurity maturity score under the House Committee on Oversight and Reform’s Federal IT Acquisition and Reform Act (FITARA) Scorecard from an F to a B grade.

She spoke with FedScoop in January 2020 about the emerging importance of a zero-trust security framework in the federal government, acknowledging that “identity is now the new perimeter” for cybersecurity. “I understand that my data will now be at Starbucks and outside of my actual perimeter and how am I actually going to protect that data throughout its lifecycle?” she said at the 2020 Zero Trust Security Summit.

USDA did not comment on Goodwine’s departure prior to publication.

FBI seeks assistance with major IT modernization initiatives

The Federal Bureau of Investigations is looking for an IT vendor to help with enterprise-wide IT modernization projects, it said in a request for information.

The request states the FBI is gathering information to help inform a five-year indefinite delivery/indefinite quantity contract it plans to issue for enterprise-wide IT support. The RFI lists four areas for which the FBI is looking for contractor support: the FBI’s enterprise IT strategic plan, transforming FBI IT infrastructure, the enterprise data strategy and the data science roadmap.

“As technology continues to become more complex and interwoven, the FBI’s enterprise information technology (IT) must evolve into a customer-centric set of unified services readily available, secure, and always focused on enabling the work of front-line personnel,” the RFI states. “The FBI must be nimble, agile, and mission-focused to continue to meet the growing demands and needs of the users and communities it supports.”

The FBI’s office of the chief information officer was created in 2016, but has since seen two major reorganizations in 2017 and 2019, and work continues to “centralize, supplement, and effectively coordinate existing efforts.” That work continues through this latest contract it is preparing and aims to be accelerated by the contract’s eventual award.

Zero trust, identity management and DOD network security strategies

Defense agency leaders — aware of the shortcomings of “defense in depth” security approaches — are exploring other security frameworks, like zero trust, to better protect networks from identity-based attacks.

DOD

Read the full report.

According to a recent Okta report, the Air Force is one of several agencies using modern identity and access management tools to assist with security and user experience.

It is working to “centralize IAM across 33 systems and 200 applications,” the report says. Additionally, among other capabilities, the IAM platform allows them to streamline auditing and reporting tools and user behavior analytics to uncover anomalies.

The report describes how Okta’s zero trust architecture is being used as a foundation to secure DOD resource across on-premise and cloud environments to help defense organizations manage their extended enterprise, and by making it possible for them to:

Learn more about how zero trust and identity management are proving to be a game-changer for DOD network security.

This article was produced by FedScoop for, and sponsored by, Okta.

US, Albania agree to develop secure 5G networks abroad

The U.S. and Albania agreed Sunday to coordinate development of secure 4G and 5G networks abroad, as the former tries to stop Western Balkans countries from buying potentially compromised Chinese infrastructure.

Without mentioning China by name, both parties acknowledged the threat foreign adversaries pose to the telecommunications supply chain.

In recent years the U.S. has struck similar agreements with the Western Balkans countries of Serbia, Kosovo and North Macedonia to assess the risk of 5G equipment supplied by vendors with connections to foreign adversaries, namely Huawei and ZTE, before buying.

“I think we’re setting a very strong example together here today, particularly on the need to make sure that when it comes to our most sensitive technology and networks, we’re working with trusted vendors,” said Secretary of State Antony Blinken.

Blinken signed the memorandum of understanding with Albanian Prime Minister Edi Rama, noting the partnership between the two countries was “growing stronger, growing deeper.”

Albania was elected to the U.N. Security Council for a two-year term beginning next year on Friday. The country previously participated in a U.S. Army-led, joint military exercise with 27 European and NATO countries called DEFENDER-Europe 21.

House lawmakers recently reintroduced legislation that would see the U.S. Development Finance Corporation fund 5G infrastructure projects in 22 Central and Eastern European countries including Albania. The bill is seen as a counter to China’s Belt and Road and 17+1 initiatives seen as taking advantage of a region that’s historically lacked telecom infrastructure since the Soviet era.

“[W]e have undertaken these issues … asking also the other countries in the region join and to put all together our effort for a very secure path of communication,” Rama said. “And to put this path of communication of very critical services in the hands of the people of Albania, in the hands of institutions of our security forces, and to not allow compromise by third actors and sometimes-malign actors.”