The votes are in for the 2025 FedScoop.

See the winners!

18F preps agile contract for FedRAMP dashboard

The General Services Administration’s 18F team is gearing up to launch the first task order on its agile development contract — a Web dashboard for the Federal Risk and Authorization Management Program.

18F published a draft request for quotations for the FedRAMP dashboard on its GitHub page this week, along with an ordering guide and transparency policy for its agile BPA, on which the project will be awarded.

The digital team launched the agile BPA last June to more than 200 vendors vying for spots on the contract to perform work with 18F for its agency partners, and, in a sense, help it meet the overwhelming demand for digital services work around government. In December, 18F officially awarded 17 spots to vendors on one of its three pools for the BPA after receiving eight protests.

The vendor eventually awarded this task order will build “a publicly available, web-based dashboard that provides greater visibility and up to date status for vendors going through the FedRAMP certification process,” meant to “yield a variety of positive outcomes, including increased transparency and monitoring, improved decision-making and prioritization abilities, reduced effort in compliance activities, among others,” the project’s statement of work says.

The biggest complaints with the FedRAMP process recently have been the time it takes to authorize cloud service providers and the lack of transparency into that certification for outside parties, like the providers and federal agencies. The FedRAMP team recently said it’s working to fix both those issues. 

With all of the projects on the agile BPA, awardees will be required to work in two-week delivery sprints, a typical workflow for agile development. Likewise, they must comply with the U.S. Web Design Standards, and 18F’s open source policy and accessibility guidelines. Under the transparency policy, vendors will host their source code on a publicly displayed GitHub page along with other open data and documents, all of which can be pulled by third parties for reuse or repurposing. 

Bidding vendors will need to provide two examples or working prototypes of past dashboards they’ve built similar to what FedRAMP is hoping for with this project.  

18F plans to release the official RFQ for the dashboard during the week of March 28 and says it would award the contract within four to eight weeks. The team is open to comments on the draft, which can be submitted as issues on the GitHub page.  

Contact the reporter on this story via email at Billy.Mitchell@FedScoop.com or follow him on Twitter @BillyMitchell89. Subscribe to the Daily Scoop to get all the federal IT news you need in your inbox every morning at fdscp.com/sign-me-on.

6 priorities for building enterprise mobility in government

mobile-package-image

Four years ago, then-U.S. Chief Information Officer Steven VanRoekel announced a new federal strategy focused on incorporating mobile technology into federal government activities.

The strategy later became a central part of the Obama administration’s Digital Management Strategy, which had two over arching goals related to mobility:

Since then, the widespread adoption of smartphones by consumers and the growth of 4G LTE and Wi-Fi capacity across the nation have made mobile technology and applications a ubiquitous part of the workplace. Debates over bring your own device policies and mobile device management systems that once dominated agency IT discussions have gradually receded into the background of the government’s digital strategy. 

Yet enterprise mobility issues continue to play a crucial role for agency CIOs and their IT investment strategies.

Last month, FedScoop convened two dozen senior government and private sector IT leaders for a “Mobility Leadership Roundtable” at FedScoop’s headquarters to take a fresh look at the state of enterprise mobility, what challenges remain and where agency IT leaders should focus their attention looking ahead. The roundtable included federal agency CIOs, chief technology officers and mobile technology executives.

One of the central challenges federal and private sector IT leaders voiced during the discussion was how to adapt to an environment where products are becoming “software-itized.” Another is how to keep up with new services and features being released more rapidly than ever.

The not-for-attribution discussion took many turns. There was a general consensus that “mobility is simply how you get IT done;” that “mobility needs to support the mission and be infused in the way agencies do business;” and that when it comes to security, enterprises need to “assume every device is hostile.”

But by the end of the discussion, there were six major strategies the IT leaders recommended agencies should consider for building a stronger, more mobile enterprise IT environment:

1. Deliver data to any device, anywhere, anytime 

Mobile devices are now central to the way people manage their lives. “Enterprise mobility needs to reflect the way we live — that’s how people want to work,” said one federal IT leader. People are used to accomplishing all kinds of things using their smartphones. Consequently, government agencies need to meet those expectations with a mindset of delivering “public service without boundaries,” as one IT leader put it.

When it comes to supporting federal workers, agencies must also develop plans for operating off the network, when Wi-Fi and wireless aren’t available to federal workers and military personnel in the field.

More also needs to be done to make data readily available and useable over the air to empower federal workers.

“Mobility’s potential is still more promise than reality,” observed one federal IT leader, who contended that mobility is still “used 95 percent of the time for voice, emailing and checking your calendar.” Agencies must overcome the obstacles that prevent workers from accessing, using and updating relevant work data via mobile devices.

2. Push for a responsive procurement system 

Mobile technology procurement continues to reflect the greater need for enterprise transformation, despite strong headwinds of consumerism and younger generation preferences for bring your own device, choose your own device and multi-persona capabilities in mobile computing. But agencies have to maintain a certain discipline.

“Fragmented acquisitions do not allow the enterprise to change the security architecture from boundary to data, nor does fragmented purchasing enable the consistent application of security policy and governance,” said a federal executive.

However, while agencies pursue a mobile anytime, anywhere, any device vision as a means of focusing on a data-centric strategy — one that is responsive to a more adaptive and responsive workforce — federal mobile procurement must take a more agile approach.

The old models of procurement — serially identifying needs, defining requirements, developing acquisition strategies and solicitations, evaluating bids, and awarding contracts — generally take three times longer than the life cycle of most devices. Agile development practices must be extended to procurement systems and Federal Acquisition Regulation rules.

An agile approach would allow for “a more robust mobile and digital environment that incorporates future technologies and avoids lock-in while also keeping costs down and capturing savings,” said a federal executive familiar with IT acquisition.

That would also help agencies take advantage of pricing competition in the market.

“As we have seen with the mobility space the past three years, price compression is a function of establishing real competition at the point of sale,” said that same executive. He cited how “the pricing for competed national carrier services has dropped [for government] due to a more competitive acquisition that consolidates volumes” and as “smarter customer agencies communicate their needs to the marketplace.”

“Competition in cloud, mobile security and other mobility components continue to drive down pricing while also enhancing capabilities,” he added, making it easier to introduce new technologies into the federal mobile environment. 

3. Develop a secure environment, from boundary to data

“We need to change the mindset from ‘static’ or ‘one-to-one’ IT system connections to more complex simultaneous device and data conversations,” said a senior federal IT official. That means “interactions are becoming increasingly like webs, allowing data to flow in several directions seemingly simultaneously.”

Across the board, there was a strong consensus for IT departments to stop focusing on the device. “Assume every device is hostile and focus on secure data ecosystem and applications,” as one leader put it.

More specifically, the IT leaders suggested three courses of action:

4. Focus on a data-centric strategy  

In addition to securing their IT environment, agencies need to expand their security solution to the data layer. Specifically, IT leaders suggested:

5. Establish clear, simple governance and policy   

Governance can be a challenge with mobility. Mobile projects often begin organically, driven by the desire for a specific mobile device for specific office or person. Despite its obvious importance, the leaders at our roundtable agreed more work needs to be done on governance structure, especially when governing a mobile device and application management program.

As with all major IT initiatives, it’s important to consider mobility from the enterprise perspective so that all users within a department or agency follow a standard set of mobility guidelines. 

But here are some specific elements, proposed by one executive, responsible for mobile device management at a leading federal department, which agencies should consider when developing governance policies for mobile devices:

“The key to a successful mobility program is stakeholder collaboration and communication throughout development and implementation of governance,” he added. “Standardizing the governance and its inherent policies will drive users to the solution of choice and create a duplicable certification process that can be followed as a mobility program matures.”

6. Create an agile, learning, adaptive culture and workforce 

Finally, to move to a more mobile and next generation IT shop, here was the advice of one federal CIO:

Empower the edge of your organization, he said. “If you’re trying to operate in a top-down fashion, issuing writs and commands, you’ll just always be out of date — you won’t be able to keep up with the speed of business.”

Encourage a diversity of views. “You want to encourage debate on a variety of ideas; but also have individuals support those views with data. That allows you to stay nimble with the evolving technology landscape as opposed to getting used to certain a technology platform and finding out that platform is no longer the best platform for your agency,” the CIO added.

Ensure that you put the user in the driver’s seat. “It used to be that because technology was so complicated, you’d have build every permutation of user interface for your stakeholders,” the CIO said. “Now, with the shift to cloud services, we can have the IT department define the lanes of the road, and give stakeholders the car or truck, as it were, to drive on the road as they need. So IT becomes more of a brokerage model working in partnership with their stakeholders, as opposed to ‘we build everything for you.’”

How do you get there? “First, you make the change by being the change,” he said. “As an IT leader, you visibly reward risk takers and the skeptics, giving recognition and praise to those creative problem solvers. And you coach those people who sitting more on the sidelines. And if you have to persuade upper management — or provide cover for your team — IT leaders need to show evidence: quick wins within the organization or case studies elsewhere that model what you need to have done.”

There’s an added benefit for agencies and agency IT leaders, said another agency executive: “When we create enterprises that are more adaptable, we don’t have to be as predictive,” meaning agencies can begin to escape getting locked into legacy technologies and begin to reap the benefits of new technologies faster.

Contact the writer on this story via email at wyatt.kash@fedscoop.com, or follow him on Twitter at @WyattKash. Subscribe to the Daily Scoop for stories like this in your inbox every morning by signing up here: fdscp.com/sign-me-on.

Can a digital security commission accomplish anything?

AUSTIN, Texas — A number of elected officials spent time preaching to the tech masses at the South by Southwest Interactive conference this week about the need for Congress to have a conversation about the future of digital security in the U.S. The tech masses, though, are not sure if those conversations are going to change the tenor of the debate around encryption.

Over the five-day conference, officials spoke about Capitol Hill’s efforts to weigh in on the hotly contested encryption debate. Several said lawmakers need to do a better job creating a dialogue that produces something substantial and reduces the white-hot tension between the technology community and federal law enforcement.

“We have elevated this conversation to a place where it shouldn’t be in the court of public opinion,” said Rep. Will Hurd, R-Texas, during a Sunday panel.

A number of the conversations revolved around a proposed digital security commission, which would establish a panel of experts who would give recommendations to Congress on how to act.

The authors of the bill to create the commission — Sen. Mark Warner, D-Va., and Rep. Mike McCaul, R-Texas — told conference attendees that their plan would reduce the friction between the two sides while plotting a course of action for future technologies.

SXSW-Logos-2016

“You have parts of law enforcement and parts of the tech community talking past one another without a set of facts,” Warner said during a media roundtable Sunday. “The thing that we have heard repeatedly on both sides is you have to force us into the room so we can lay out things and get this problem fixed.”

McCaul said the commission is “urgently and desperately” important, and, if the commission becomes a reality, its recommendations should come in six months

“This is desperately needed,” McCaul said. “We think the commission would be an educational experience so that we don’t act in a knee-jerk response and we actually legislate after careful conditions from the experts.”

But some experts aren’t sure. During a Tuesday panel, Kevin Bankston, the director of New America’s Open Technology Institute, said he was skeptical about the impact the commission could have.

“There have been so many blue ribbon panels that have looked at this in the past several years, including President Barack Obama’s handpicked review group, concluding that back doors are bad for security,” Bankston said. “Why do we need another commission picked by the leaders of the House and Senate to talk about this issue?”

Heather West, a senior policy manager at open source software company Mozilla, said the message from technologists is not going to change just because they are behind closed Capitol Hill doors.

“I think history has shown us that whenever the feds get into a room and talk about this issue, and include the technologists to understand what can and can’t be done, they’ve come to the conclusion that they can’t build a secure back door,” West said.

In addition to the encryption debate, the commission would also look at Internet of Things, which is slated to grow to billions of devices by the end of the decade, Warner said Sunday.

“These problems are going to get exponentially harder,” Warner said. “You look at the geopolitical map, and we are the most Internet-tied country in the world. It can be exploited against us. It’s our strength but can also be a weakness.”

“This is the greatest challenge to law enforcement in our lifetime,” McCaul said. “I don’t see any other path other than we do nothing. There will be consequences to pay for that.”

Even as the tech community harbors doubts over whether Congress will do anything substantial, Hurd believes a leveling of the conversation will ultimately produce a result that everyone can live with.

“We can protect our civil liberties, defend our digital infrastructure and chase bad guys all at the same time,” he said.

Contact the reporter on this story via email at greg.otto@fedscoop.com, or follow him on Twitter at @gregotto. His OTR and PGP info can be found here. Subscribe to the Daily Scoop for stories like this in your inbox every morning by signing up here: fdscp.com/sign-me-on.

People are the biggest cyber challenge — officials

The key to preventing another catastrophic federal systems breach is greater commitment to cybersecurity from federal workers, IT officials said Tuesday. 

Despite the fallout of the recent breaches at the Office of Personnel Management that comprised the personal information of more than 22 million federal employees and background check applicants, cybersecurity in some aspects is beginning to get the organizationwide attention it deserves, from entry- and mid-level employees to the senior leadership, federal IT executives said during a pair of panels at AFFIRM’s Cybersecurity Summit. 

“We just haven’t learned basic cyber hygiene,” said Donald Davidson, chief of outreach, science and standards in Defense Department CIO’s Office. Since the OPM hack, DOD is going back to basics for cybersecurity, he said, which means focusing more on user cyber hygiene and discipline — like using stronger forms of authentication, and learning to recognize and avoid phishing attempts. “We’re not doing the basics of cybersecurity well in lots of ways.”

During the federalwide cyber sprint ordered by U.S. CIO Tony Scott after the breaches were made public, Transportation Department CIO Richard McKinney said it “brought to my entire department’s attention that something is going to have to change.”

“Everybody is part of that,” McKinney said.

Though cybersecurity is often equated to a technical skill reserved for IT security teams, if federal employees accessing networks every day aren’t educated on possible threats, they become easy targets, the panelists said. 

“People are our biggest challenge at the end of the day,” Treasury Department CIO Sonny Bhagowalia said. “We’re only as good as the individual users, not just the cyber defenders. Professionals know what’s going on, but we’re busy.”

“History teaches us that a lot of times it’s the basic techniques someone has to block against,” he said. “We’ve got to make sure there is cyber hygiene and all of the training that goes with it.” 

For that reason, McKinney said during the sprint he blocked department personnel wanting to access the network who didn’t use a personal identification verification card to log on. By doing so, he boosted his agency’s use of strong authentication for system access to 100 percent.

“All of the sudden, something that was so hard was doable in a short period of time,” he said. 

McKinney said it helped that he received backing from high-ranking department officials. Many fellow panelists agreed that was critical for improving cybersecurity. 

“This change in upper management focus is really the thing we need, because the techies know what needs to be done. But they can’t get that management backing,” said Randy Marchany, chief information security officer at Virginia Tech. 

While many chalk up the breaches to technical shortcomings like missing patches, Thomas DiBiase, deputy CISO at the Department of Homeland Security, said agencies need to be more focused on “reinforcing to our senior executives that they have responsibilities in regards to protecting the systems and information.” 

In the wake of the OPM breaches, said Ben Scribner, director of DHS’ National Cybersecurity Professionalization and Workforce Development program, “I’ve seen amongst CFOs and others that cybersecurity is part of their enterprise risk management considerations, and I think that will help us going forward in the future to be more proactive.”

Progress is being made, several panelists said — it’s just a matter of looking at it in a positive way, like the fact that the federal government is blocking “millions and billions of access attempts, successfully,” Bhagowalia said.

“We’ve actually made a lot of progress in a lot of areas,” he said. However, the federal government is held to “the highest standards in the world; others are not.”

“They only have to be right 1 percent of the time” with their attacks, Bhagowalia said. To defend against that, “with all the laws and the two-year cyber budget time and all the things that we’ve got to do, we’ve got to be right 100 percent of the time.

Microsoft cloud on the cusp of high-impact provisional ATO

Azure Government, Microsoft’s federal cloud services platform, announced it is on the cusp of receiving the Federal Risk and Authorization Management Program’s high-impact provisional authority to operate — a new accreditation that would allow it to store highly sensitive government data in the cloud.

If it succeeds, Azure would be one of the first cloud providers to receive a FedRAMP high-impact P-ATO. To date, Azure and other cloud providers, like Amazon Web Services, have achieved only a “moderate impact” certification, limiting the sensitivity of data they can store in their cloud services. 

FedRAMP first released its high-impact baseline for cloud security to the public in January. In a blog post, Microsoft Cloud Security Director Matt Rathbun said Azure Government participated in a FedRAMP pilot to help test out the benchmarks cloud providers must reach to store the highest tiers of secured data. After completing the pilot, Azure Government submitted for a high-impact P-ATO. 

Rathbun said that FedRAMP could sign off on the P-ATO certification within a month. 

“The creation of the FedRAMP High Security Baseline is essential in allowing agencies to migrate more high-impact level data to the cloud,” Matt Goodrich, director for FedRAMP’s Program Management Office at the General Services Administration, said in the post. “Selecting Microsoft Azure Government to participate in FedRAMP’s High Impact baseline pilot and its forthcoming Provisional Authority to Operate (P-ATO) from the FedRAMP JAB are testaments to Microsoft’s ability to meet the government’s rigorous security requirements.”

Microsoft also announced that Azure finalized a security assessment report that will qualify it for Defense Information Systems Agency Impact Level 4 authorization, allowing it to handle Department of Defense data marked as “for official use only,” “law enforcement sensitive” or “sensitive security information.”

In a bid to achieve DISA Level 5 authorization — the second highest level — Microsoft will also establish two new physically isolated regions, designated U.S. DOD East and U.S. DOD West, catered specifically to the Defense Department’s stringent security standards. It is projected to be operational by 2017.

David Vargas acting as OPM’s CIO

David-Vargas-opm

David Vargas (OPM photo)

David Vargas has been acting as CIO of the Office of Personnel Management, acting OPM Director Beth Cobert said Monday.

Testifying before the House Committee on Appropriations’ Subcommittee on Financial Services and General Government on the agency’s fiscal year 2017 budget request, Cobert said Vargas has been leading OPM’s IT operations as the agency looks to replace former CIO Donna Seymour. Seymour retired suddenly last month amid the fallout of last year’s discovery that federal personnel and security clearance records for 22 million individuals had been compromised.

Vargas, a senior executive service member, and OPM’s associate CIO, has spent most of his career in the federal government, serving for more than 20 years in senior-level positions at the Department of Housing and Urban Development before joining OPM in 2013 as director of human resources IT transformation. He was named associate CIO in 2014.

Cobert told the subcommittee Vargas has been very involved with the agency’s ongoing IT modernization plan, a topic of great discussion during the hearing because of the increased funding request, up from $21 million for fiscal year 2016 to $37 million in this latest budget plan.

As she looks to fill Seymour’s position on a permanent basis, Cobert said she’s seeking “someone who’s a disciplined leader of getting things done.”

“We need a strong and proven leader who understands both cybersecurity and modernizing IT systems,” she said.  Cobert added, “We also need an individual who is very effective at building networks and collaborating across the government,” skills that she said will be especially important as OPM works with the Department of Homeland Security to improve its cybersecurity and the Defense Department to stand up the National Background Investigations Bureau, which will replace the Federal Investigative Services at OPM.

“We know we will need that with our work with [the Defense Department] on NBIB; we’re going to continue to need that in our work with DHS on improving our cybersecurity,” she said.

In the meantime, Cobert said there’s a “terrific team” with four new SES members leading the CIO’s office and OPM’s ongoing modernization efforts.

“We have a strong team,” she said. “They built a plan they’re working together on, and I know they will continue to carry forward in a very thoughtful way while we are filling this position. But I also think we can bring in a terrific person that will continue to help them and build on this success.”

Contact the writer Contact the reporter on this story via email at billy.mitchell@fedscoop.com or follow him on Twitter at BillyMitchell89. Subscribe to the Daily Scoop for stories like this in your inbox every morning by signing up here: fdscp.com/sign-me-on.

PIF program revives Apps.gov

AUSTIN, Texas — The second iteration of a once-defunct technology product catalog for the federal government was relaunched over the weekend, giving both agencies and tech companies an easier way to make deals on cloud-based services.

The new Apps.gov was unveiled Sunday at the South by Southwest Interactive conference, resurrecting the directory that was shuttered in 2012 after causing more problems than solutions for agencies looking to streamline their cloud procurement efforts.

appsdotgov

Built by members of the Presidential Innovation Fellows, Apps.gov gives agencies the chance to comb through over 100 products to determine if they could be purchased. Each product page includes information on security requirements, authority to operate and procurement options.

The majority of the current catalog is made up of cloud infrastructure providers like Amazon, Microsoft and IBM. However, there is also procurement information for cloud-based software services like internal collaboration tool Slack, open data software tool Socrata and visual project management tool Trello.

appsdotgov

What a product page looks like on the new apps.gov

Andrew Stroup, one of the fellows responsible for building the site, told FedScoop the PIF program was approached by the General Services Administration to identify ways that tech companies, specifically those who sell cloud products, could be expedited into the government market. His team initially thought about ideas around an accelerator but decided that approach would be “putting lipstick on a pig.”

“We could have easily created a three-month program to include tech companies and help them maneuver through Schedule 70 and FedRAMP, but that wouldn’t have done any good other than some PR,” he said

Stroup said the idea with the new Apps.gov is to add a level of curation to the “double-sided marketplace” feds and tech companies deal with and better understand how each side works when it comes to procurement.

“The government builds a lot of double-sided marketplaces,” Stroup told FedScoop. “We have to be very careful about how we curate those. You can only curate those by having input from both sides and having it evolve over time.”

Currently in the alpha stage of development, Stroup envisions the project collecting enough data that it eventually gives tech companies the ability to tailor their offerings to exactly what agency CIOs and CISOs need. He told FedScoop the FedRAMP office is also working to tailor a message to providers on how to roll out capabilities before going through the arduous paperwork included with GSA’s cloud security program.

“It could lead to really cool things around how could the government could really buy things better,” Stroup said. “We’re only solving a small part of a hard problem.”

Contact the reporter on this story via email at greg.otto@fedscoop.com, or follow him on Twitter at @gregotto. His OTR and PGP info can be found here. Subscribe to the Daily Scoop for stories like this in your inbox every morning by signing up here: fdscp.com/sign-me-on.

Transportation announces Smart City Challenge finalists, new partnership with AWS

AUSTIN, Texas — The national contest for $40 million in funding for smart city initiatives is down to seven cities, U.S. Transportation Department Secretary Anthony Foxx announced Saturday.

During a session at South By Southwest Interactive, Foxx announced the finalists for the department’s Smart City Challenge: Austin, Texas; Columbus, Ohio; Denver; Kansas City, Missouri; Pittsburgh; Portland, Oregon; and San Francisco.

The seven finalists will each now receive a $100,000 grant to further develop their proposals. From here, the winning city will be selected based on “their ability to think big, and provide a detailed roadmap on how they will integrate innovative technologies to prototype the future of transportation in their city,” according to a release from the department. The finalists will have ten weeks to finalize and present their full smart city implementation plans.

At a panel with mayors from six of the seven finalist cities, Foxx said the program’s outcome will do more than just ease congestion — it will improve quality of life, provide cities with new economic benefits and reduce the country’s contributions to climate change.

“What this competition is about is urging our nation’s incubators of ideas, our cities, to begin envisioning the future and deploying the plans we have…where quality of life doesn’t get worse, it gets better,” Foxx said Sunday.

For Saturday’s announcement, Foxx was joined by Barbara Bennett, president and chief operating officer of Vulcan Inc., which committed $10 million to the winning city for carbon emission reduction efforts; and Rick Clemmer, the CEO of NXP Semiconductors, which committed to provide the winning city with wireless communication modules to enable connected vehicle programs.

foxx

All together, the department received 78 applications, Foxx said. The department also chose seven finalists instead of the original planned five because of “their outstanding potential to transform the future of urban transportation,” Foxx said.

During Sunday’s panel, each mayor talked about why this project is so important for their city; Denver Mayor Mike Hancock called it the “Super Bowl of mobility.”

Pittsburgh Mayor William Peduto said in a statement that smart city technology gives the city the chance to improve the lives of citizens through better technology-enabled transit.

“Smart cities is not just about promoting the latest transportation and energy related technology,” Peduto said. “It’s about applying those efforts to improve the lives of everyday Pittsburghers by building smarter transit corridors and connections, bridging the digital divide and building greater equity in city neighborhoods.”

In addition to naming the finalists, Foxx also announced a partnership with Amazon Web Services for the challenge. The company committed $1 million worth of AWS cloud credits to the eventual winner.

In all, each mayor who spoke Sunday grasped that the outcomes of this challenge can lead to ending a lot of inequality and digital divides that currently exist in American cities.

“We want to take what we are doing in our downtown area and put it in places where people have been disenfranchised for a period of time and development has not come their way,” Kansas City Mayor Sly James said.

Austin Mayor Steve Adler said the transportation problems his city — the largest city in America with only one highway running through it — can be solved by the collaborative efforts from the public, private and academic sectors. He called the challenge vital to staving off the flight of a large portion of his city’s population.

“We are losing communities and people. We are losing artists. We have the most economically segregated city in the country,” Adler said.  “We cannot pave our way out of the problems that we have in this city. We have to rely on every bit of creativity and innovation that we can put forward. The reason Austin keeps me up at night is all the things that are going incredibly well for this city, we stand to lose all of them if we cannot solve this issue.”

Greg Otto contributed to this report. 

Rep. Suzan DelBene: Our digital security laws are ‘out of date’

As Apple and the Justice Department continue their war of words in the case to open an iPhone owned by one of the the San Bernardino shooters, Congress has been scurrying to find a legislative answer to balance security and privacy regarding encryption. Rep. Suzan DelBene, D-Wash., is one of the lawmakers trying to make things happen, issuing several bills that deal with the way the government handles digital security. 

At South by Southwest, FedScoop sat down with Rep. DelBene to talk about the president’s comments on encryption, what security legislation could mean for U.S. tech businesses and the lack of technical expertise currently in Congress. 

____________________________________________________________________

Editor’s note: The transcript has been edited for clarity and length.

FedScoop: So President Obama tried to take both sides with his comments on encryption but called for more dialogue to rise above the “fetishization of our phones.” What did you think of these remarks?

Rep. Suzan DelBene: I think it’s important that we have a dialogue and discussion about this. In that respect, I agree. I know that encryption is an important thing. I worked in encryption and it’s very important to protecting people’s information and for security. We have to always keep that in mind. Back doors in the system compromises that security. The question was phrased to him as “privacy versus security,” and clearly uses of personal privacy are important, but it’s also “security vs. security.” We don’t talk about that as much. I do think encryption is important to security, to information, to business information, to government information. He alluded to this a little bit — creating a back door that creates a hole for bad actors to take advantage of I think is extremely concerning. That’s why you can’t just say “we’re going to require there to be back doors.” I’m on legislation that would say we should not do that. That’s going to be the conversation going forward. Clearly, Apple has real concerns.

FS: Before President Obama spoke, Press Secretary Josh Earnest said the following at his daily press briefing: “I continue to be personally skeptical, more broadly … of Congress’ ability to handle such a complicated policy area, given Congress’ recent inability to handle simple things.” Does Congress need move faster on this matter?

SD: I think there are places where Congress hasn’t acted. In this particular area, there are some simple things we can do right away. Look at the Electronic Communications Privacy Act. President Obama talked about a warrant coming to access information. Well, we don’t have a warrant standard on all digital information. We have a pretty simple bill, the Email Privacy Act, that would say you need a warrant to access digital communications just like you need a warrant to access a piece of paper in your file drawer. It has over 300 co-sponsors in Congress. That’s pretty unheard of. So we all agree. We haven’t been allowed to vote on that legislation. I am hoping it will move forward, but that actually is a case of something that should be straightforward and easy to do, but we have been working hard in a bipartisan effort to move to legislation forward. The House Judiciary Committee chairman [Bob Goodlatte, R-Va.] said we might be able to move forward on that bill and bring it into committee. I’m hopeful that will move forward because I think it will pass with bipartisan support.

Fundamentally, there are laws that are very out of date with the way the world works today. We should be updating our laws. It’s hard to go back and look historically at our laws and say what the intent was. I’m pretty sure when folks were writing ECPA in 1986 they didn’t know the way the world was going to be today. I worked on email at 1989, and you could only send email inside your company. It wasn’t a consumer based system at this point. The world has changed a lot since then. The way that technology works has changed since then. Our law hasn’t changed in 30 years. Congress does need to be more responsible there. Even if an issue is complicated, that is not a reason why we shouldn’t require Congress to make a decision.

FS: So the rhetoric between Apple and DOJ has gotten heated in the lead-up to their court case. How was that taken away from the dialogue revolving around the issue?

SD: This isn’t about one particular case; it’s about creating a back door and the concern of having bad actors take advantage of that. I think the other thing that has been missed in this conversation is strong encryption technology exists around the world. So if you say that U.S. companies have to provide back doors, it’s not going to prevent bad actors from using technology from another part of the world where you won’t have a back door. You have to realize that technology is available around the world and one simple solution here can move the challenge and problem somewhere else. That part of the conversation needs to be considered.

FS: What about the notion that if legislation is passed, U.S. companies will be forced to move out of the country?

SD: Or what if you have to provide similar back doors to other governments in the world? Even if U.S. companies aren’t overseas, technology from other companies will be available. You can put encryption technology on top of your phone if your phone doesn’t have it. It’s not contained in that same way, the one particular phone, one device. I think that has to be discussed and brought into the conversation. At the same time, with the Internet of Things, we are going to have more and more devices with more and more data being exchanged. These are connected devices. You are going to want to make sure if you have autonomous, driverless cars that you can’t hack into it. Also your home security system, your thermostat. Security is going to be critically, critically important. We have to have that broad conversation.

FS: How do you account for the fact that technology evolves faster than the policy crafted around its use?

SD: Well, with bills like the Email Privacy Act, there is no reason why that shouldn’t have moved more quickly. It has strong bipartisan support, like it did in the last Congress. This is really about letting our legislative process move forward. This is one bill that’s bipartisan. We have an interesting opportunity to move forward on issues like privacy and cybersecurity, and on issues like these you get people to work across party lines. I think part of the discussion in this issue has been what role does Congress play and what role do the courts play? Congress should say, “Here’s where we think things should go in the world today,” and then courts can make decisions on individual decisions going forward, too. On things where we don’t have a warrant standard on information, we have confused the legislative intent.

FS: Given your background in tech, you have a good foundation to work from on these issues. That level of expertise is rare in Congress. How do you account for that so the policies regarding tech actually meet with how these devices function?

We have got to get folks up to speed. It will partly change over time because kids growing up today are growing up with technology in a different way from even my generation. I think we will see changes come naturally from that. As is true with any issue we deal with, we need people to be engaged and understand the depths of these issues. That’s why [Rep. Darrell Issa, R-Calif.,] and I set up the Internet of Things caucus to talk about where IoT is today, where it may be going and to be thoughtful about putting these policies together so that it does not inhibit innovation but also makes sure we are beginning to protect consumers in these issues. That has to be part of the work that we all do to educate folks.

The president asked for folks to get involved in the U.S. Digital Service; maybe that means we will get more tech folks interested in serving in different ways to facilitate this.

Contact the reporter on this story via email at greg.otto@fedscoop.com, or follow him on Twitter at @gregotto. His OTR and PGP info can be found here. Subscribe to the Daily Scoop for stories like this in your inbox every morning by signing up here: fdscp.com/sign-me-on.

Obama’s call to the country: We need you to code

AUSTIN, Texas — President Barack Obama made a plea to the crowd at the South By Southwest Interactive Conference Friday: Come help the government solve its technology problems.

In a conversation with Texas Tribune Editor-In-Chief Evan Smith, Obama touted the novel ways his administration has reached out to the technology community, while asking for more to follow in the path laid by groups like the U.S. Digital Service and the General Series Administration’s 18F.

“The reason I’m here really is to recruit all of you,” Obama said. “It’s to say to you as I’m about to leave office — ‘How can we start coming up with new platforms, new ideas, and new approaches across disciplines and across skill sets to solve some of the big problems we’re facing today?'”

Obama spoke for approximately 30 minutes, mentioning how the Healthcare.gov website failure kickstarted his work to overhaul the way the government harnesses modern technology.

SXSW-Logos-2016

“This was a little embarrassing for me because I was the cool early adaptor president, and my entire campaign had been premised on having really cool technology and social media and all that,” Obama said.

Then, he plucked Mikey Dickerson out of Silicon Valley to save Healthcare.gov and stand up the U.S. Digital Service — a tale familiar to many FedScoop readers.

“The folks who are working in [USDS], they’re having a great time,” Obama said. “Now what they’ll tell me is that as long as they feel that they’ve got a president and somebody who is providing some air cover, there’s no system they can’t get in there and change and make it significantly better.”

The conversation comes after the administration has spent the past week rolling out a number of tech-minded initiatives, from open data tools that give the public new ways to measure up their communities to a new partnership with online retailer Jet that makes diapers affordable for low-income families to a new draft policy that aims to make federal source code open source and reusable within agencies.

In a preview posted to the White House blog Friday, Chief Digital Officer Jason Goldman said Obama has spent his administration using technology to help people successfully engage with their government.

“This story is not about the transformative power of technology, but a way of governing that empowers people to find the ‘imperative of citizenship,'” Goldman wrote. “Giving people a voice, enabling them to be heard, and working with them to solve big problems is the animating principle of President Obama’s campaign and the core of his presidency.”

While tech efforts like USDS have gotten a lot of positive press, it remains to be seen if the administration’s work resonates with the greater tech community. According to a poll conducted by SXSW organizers, there still may be a disconnect.

Done in conjunction with Edelman public relations firm, a survey of nearly 900 SXSW attendees found that 61 percent have more faith in technology-based solutions than policy-driven ones to address societal problems. More than two-thirds of respondents also believe private and encrypted data should not be shared with the government.

Conversely, Obama rebuked the tech community for building great technology platforms that can immediately hail car service or share video with the world while voting is stuck decades behind the times.

“We’re the only advanced democracy in the world that makes it harder for people to vote,” Obama said. “You’re laughing, but it’s sad. We take enormous pride in the fact that we are the world’s oldest continuous democracy, and yet we systematically put up barriers and make it as hard as possible for our citizens to vote, and it is much easier to order pizza or a trip than it is for you to exercise the most important task of a democracy.”

While he did not specifically weigh in on the Apple vs. FBI encryption standoff in the fight over information possibly contained on an iPhone used by one of the San Bernardino shooters, he did address the each side’s stances. Obama expressed support for strong encryption but also the need for the government to examine property if it possesses a warrant to do so.

“We’ve got two values, both of which are important, and the question we now have to ask is if, technologically, it is possible to make an impenetrable device or system where the encryption is so strong that there’s no key, there’s no door at all, then how do we apprehend the child pornographer, how do we solve or disrupt a terror plot, what mechanisms do we have available to even do simple things like tax enforcement,” Obama said. “Because if in fact government can’t get in, then everyone is walking around with a Swiss bank account in their pocket so there has to be some concession to the need to get into that somehow.”

However, Obama’s recruitment call comes with the realization that how well citizens can interact with their agencies online can influence how they feel about the government overall.

“Anti-government sentiment grows when people have a hard time interacting with government services,” Obama said.

He added that, while he has made technology a key part of his second term, he has a finite amount of time to change things.

“I want to underscore the fact that in 10 months I will not have this office. It has been the great privilege of my life, but it’s not like I stop caring about the stuff I care about right now,” Obama said. “I expect you to step up and get involved because the country needs you and if the brainpower and talent thats on display today.”

Contact the reporter on this story via email at greg.otto@fedscoop.com, or follow him on Twitter at @gregotto. His OTR and PGP info can be found here. Subscribe to the Daily Scoop for stories like this in your inbox every morning by signing up here: fdscp.com/sign-me-on.