VA plans national network to spur medical innovation

The Department of Veterans Affairs and its employees have pioneered some of the most notable innovations in medical history over the past half century — implantable pacemakers, nicotine patches and the first successful liver transplants, to name a few. Now, to continue driving those types of medical breakthroughs, the VA has launched the Innovators Network.

Described as “a community of VA employees who are actively engaged in work that is moving the agency forward,” VA’s Innovators Network is meant to spur collaboration among VA personnel, “no matter the distance,” Secretary Bob McDonald wrote in a little noticed blog post about the launch Monday.

“VA needs to continue to increase its ability to rapidly respond to Veterans’ needs and to deliver the best possible experience for Veterans. We can accomplish this by developing a culture of innovation,” McDonald said. “The innovation we aim for is a framework —  a mode of operating, a toolset  —  through which we can constantly find, test, and create better ways to deliver services to our customers.”

Currently, the department is piloting the program at eight of its medical facilities across the country, including the Boston, Atlanta and Milwaukee VA medical centers. “Innovation specialists” will head up each pilot location’s development of “a culture of innovation,” according to the program’s website.

The Innovators Network resembles the IDEA Lab at the Department of Health and Human Services and the Office of Personnel Management’s Innovation Lab — efforts to support federal staff with resources and connections to like-minded colleagues across the country when they have innovative ideas that might not necessarily fall under their job description but nevertheless they are passionate about and want to implement. VA employees will have the opportunity to apply for small amounts of special funding for their projects through the network’s Spark-Seed-Spread Innovation Funding Program.

Much like the HHS and OPM programs, the Innovators Network also employs human-centered design — a methodology that primarily focuses on users’ needs to shape outcomes — as a guiding principle.

“Simply put, people are better served when their needs are aligned with the application and purpose of the products and services they use,” McDonald wrote. “The Innovators Network leans heavily on this development approach, and innovators will use it to build a strong understanding of VA’s clients, generate ideas for new products and services, test concepts with real people, and ultimately delver easy-to-use, consistent products and positive customer experiences.”

Additionally, the program is rooted in a variety of other core principles, such as diversity, innovation from the field, agile development and employee empowerment. That latter principle, Secretary McDonald believes, is integral to improving the veteran’s experience.

“We have no hope of improving the Veteran experience unless we improve the employee experience,” he said. “We must enable and empower employees to better care for Veterans. Innovation is how we improve the way we improve Veterans’ lives.”

80 percent of online retailers fail password security test

A shocking lapse in basic cybersecurity practices may leave online holiday shoppers vulnerable this season, warns a study by Dashlane Security.

In a survey of the 25 most popular online retailers, 80 percent of websites did not meet Dashlane’s standards for setting “minimum secure password threshold.” Apple scored the best, the only site with a perfect score. Dick’s Sporting Goods got the lowest score.

“A strong password is at least eight random characters long, and contains a mix of capital letters, lowercase letters, and numbers and/or symbols,” Dashlane CEO Emmanuel Schalit said in a statement. “This complexity is what keeps hackers from easily guessing your password.”

A wide shift towards online retail over the last decade — Dashlane estimates that nearly 50 percent of all holiday shopping will take place over the Internet in 2015 — has drastically increased the pool of potential hacking victims globally and upped the cybersecurity ante for retails firms.

Yet, according to the study, 72 percent of sites do not require passwords with a capital letter and a number or symbol, and nearly a third commit the security taboo of accepting the 10 most common passwords, including “password.”

Dashlane analyzed sites on 22 criteria, creating composite scores for each company that ranged from -100 to +100, with a score of +50 standing as the minimum safe password requirement. Apple, Target and Best Buy topped the list, with scores of 100, 85, and 75, respectively.

The weakest retailers were Dick’s Sporting Goods, Walmart and Amazon, with scores of -70, -65 and -44, indicating “dangerously weak password requirements.” Overall, 44 percent of sites received a negative score.

“It is encouraging to see positive password security trends in the world of e-commerce,” Schalit said. “Yet, while the numbers indicate retailers are moving in the right direction, much work remains. It’s 2015, so no website has an excuse for not implementing security policies that will better secure their users.”

IT leaders discuss cybersecurity, innovation at 2015 FedTalks

As the Patent and Trademark Office works to modernize its IT systems, the agency’s chief information officer said he had to eliminate a few words from his staff’s vocabulary.

“That first word was ‘no,’ and the second was ‘I can’t,’” he said.

Instead, he wanted his workers to focus on what they could deliver — and break down internal barriers so they could embrace industry practices like DevOps, which emphasizes rapid production, integration and delivery.

He made the remarks at FedScoop’s annual FedTalks, held Tuesday in Washington, D.C., where more than two dozen technology execs from the public and private sectors took to the stage to discuss how IT could be better deployed to help the federal government.

These leaders met as the federal government IT faces a host of challenges: It’s still reeling from the massive hacks to the Office of Personnel Management’s systems, which exposed the data of millions of federal workers and their families. Agencies are working to implement plans for the Federal information Technology Acquisition Reform Act, a new law that consolidates IT budget authority to the department’s CIO. And all the while, they’re trying to determine how new ideas like cloud, big data and mobility fit into their strategic plans.

Many of these challenges were addressed by several speakers, including federal CIO Tony Scott, whose office is just coming off the cybersecurity “sprint” to bolster agency’s defenses in wake of the OPM hacks. He talked about his plans to expand the initial sprint into a marathon, and he emphasized the importance of sharing the responsibility of federal cybersecurity.

“You need partners and you need an environment where people can both share information but also share learnings and work together,” he said.

Scott and other speakers also spoke about workforce issues.

“Focusing on introducing new technology faster means we fundamentally need to change our business,” said Herb Strauss, assistant deputy commissioner and deputy CIO for the Social Security Administration. And culture is a key piece in that, he said.

“Technology tends not to be the issue. Bringing in new capability, you have to deal with the human factor,” said David Bennett, director of implementation and sustainment center at Defense Information Systems Agency.

Bennett also discussed DISA’s efforts to put out cloud and mobile-enabled network technologies to improve IT performance and security across the Department of Defense. So far, DISA has been able to develop smartphones that transmit classified information up to the secret level.

Agency tech leaders highlighted some of the technology innovations they’ve put forth. Speakers from the Federal Communications Commission talked about their agency’s move from legacy systems to the cloud.

“We continued our culture change and we believe we’re all in for cloud,” said Christine Calvosa, deputy CIO of resiliency at the FCC.

Aaron Snow, executive director of the General Services Administration digital tiger team 18F, talked about his group’s work with the Federal Election Commission to help rebuild its website for publishing data on campaign spending.

“Agencies have to want to come work with us … they know that we’re going to be running short sprints and trying different things.”

Several leaders spoke about the difficulty of implementing change in government. But during his presentation, Frank Baitman, CIO of HHS who is leaving federal government at the end of this month after six years, stressed its importance.

“There isn’t that much time to get things done, and what we’re doing today is not sustainable. We need to change our course,” he said. He added, “That being said, I think much of the change that’s needed is within our control. We can do the things that are needed.”

Outside of government, industries are constantly changing in the face of technological advancements, he said. “And unless we do the same thing in government, change the way government does business, change the way we deliver services to the American people, we are going to lose their confidence…We can’t go out of business…but we are losing the confidence of the American people because we are not embracing change. And I think it’s within our control to do so.”

LaVerne Council, CIO of the Department of Veterans Affairs, who took office over the summer, said she’s been working to build a foundation at the agency — and complained about a journalist’s description of her three-and-a-half months in post as “scant.”

“When you don’t have much time, that’s an eternity,” she said of three-and-a-half months, adding that it was enough time to put in place a solid strategic plan. She finished by saying the foundation she laid was to prepare “a place for … the veterans. And that focal point made it easy.”

Several speakers addressed the importance of managing data.

Darin Bartik, executive director for information management for Dell Software, discussed his belief that both government IT agencies and the vendors working with them have increasingly become “data hoarders.” Accordingly, he’s advocating for a more targeted approach to data management across the public and private sectors to avoid wasteful data storage.

“There must be a better way of approaching this and getting past the hype of big data and tapping into the right data, whether it’s big or small,” Bartik said.

Wrapping up the event, U.S. Chief Technology Officer Megan Smith talked about ways to encourage more women and other under-represented groups to come into the field. One solution she suggested was making science and math classes more like gym class.

“We would never walk into a PE class and say, ‘OK, sit down and open your books,’” she said. She added, “We want to flip into the PE mode.”

But she entreated attendees to promote diversity in the industry.

“None of the people here have created this problem of the diversity issues in tech, but we’ve inherited them,” she said.

FedScoop editorial staff contributed to this report.

Read the rest of our 2015 FedTalks coverage:

Tony Scott: Cybersecurity means sharing more than just information

DISA to make cloud and mobile enabled networks 2016 priority

Blackberry taking ‘balanced’ approach to encryption, lawful intercept

Pentagon IT leaders push for more collaboration across defense agencies

 

Watch our TV coverage of FedTalks 2015:

Social Security’s Herb Strauss on meeting citizens’ demands

DOT CIO Richard McKinney on his ‘sense of urgency’ with FITARA

CIO John Owens discusses DevOps at USPTO

EPA’s Ann Dunkin on her love for FITARA

Blackberry taking ‘balanced’ approach to encryption, lawful intercept

Blackberry believes in a “balanced” approach to encryption, incorporating lawful intercept capabilities, and the company prioritizes cooperation with law enforcement, Chief Operating Officer Marty Beard said Tuesday.

“We very much take a balanced approach” to the issue of encryption, he told the FedTalks government IT summit, differentiating Blackberry’s approach from that of some of their competitors who are “all about encryption all the way.”

Blackberry products have traditionally been widely regarded as more secure than their competitors’. The company does have a history of close cooperation with law enforcement in many of the jurisdictions where it operates.

“Zero knowledge” encryption, where even the company providing the digital communication or storage service cannot unscramble encrypted messages or data without the subscriber’s key, has been the subject of a reinvigorated debate since terrorists were able to plan and carry out a complex series of coordinated, near simultaneous attacks in Paris last week — apparently without leaving a digital footprint that could be tracked by intelligence services.

U.S. intelligence and law enforcement officials have seized on the attacks there to relaunch their campaign for mandatory inclusion of backdoors into encrypted communications and data storage services sold in the U.S.

Critics say that backdoors, even those supposedly available only to court authorized law enforcement agencies, undermine the integrity and security of encrypted communications. Terrorists, they say, will merely resort to using non-U.S. products, and other countries will begin to demand access to U.S. backdoors as authorized by their own court systems.

Later in the week, BlackBerry issued a statement to clarify that its support for working with law enforcement did not extend to advocating the introduction of backdoors.

“Encryption is very important to protect governments, business and individuals from hacking,” read the statement e-mailed to FedScoop by a BlackBerry PR executive. “At the same time, no one wants to see terrorists and criminals taking advantage of encryption to evade detection. That’s why we have always strongly supported law enforcement around the world when they need our help. While we do not support so-called ‘back-doors,’ we and every other tech company bears a responsibility to do all we can to help governments protect their citizens.”

This story has been updated to include BlackBerry’s clarification.

Read the rest of our 2015 FedTalks coverage:

Tony Scott: Cybersecurity means sharing more than just information

DISA to make cloud and mobile enabled networks 2016 priority

Pentagon IT leaders push for more collaboration across defense agencies

IT leaders discuss cybersecurity, innovation at 2015 FedTalks

 

Watch our TV coverage of FedTalks 2015:

Social Security’s Herb Strauss on meeting citizens’ demands

DOT CIO Richard McKinney on his ‘sense of urgency’ with FITARA

CIO John Owens discusses DevOps at USPTO

EPA’s Ann Dunkin on her love for FITARA

 

DISA to make cloud and mobile enabled networks 2016 priority

The Defense Information Systems Agency has begun taking concrete steps toward rolling out cloud and mobile enabled network technologies to improve IT performance and security across the Department of Defense, a Pentagon official said Tuesday.

David Bennett, who heads DISA’s implementation and sustainment center, said that the agency is mapping out plans to move its cybersecurity boundaries, from localized bases to regional hubs, “So there are fewer points in the ecosystem that we have to protect.” he said, speaking at FedScoop’s FedTalks government innovation forum Tuesday.

He also said DISA has successfully developed smartphones that can operate on DOD’s Secret Internet Protocol Router Network, capable of transmitting classified information up to the “secret” level.

“Taking a commercial solution and bringing that into these environments in a no-fail [situation] is a pretty big step forward,” Bennett said. The secure smartphones look no different than everyday smartphones, he said, and are a far cry from the brick-like, and much-derided SME-PED smartphones DOD developed in 2009.

“Everyone knows DOD is slow,” Bennett said. “Our world is not about making money, it’s about fighting the nation’s battle where most folks in this room do not go, where it’s not hospitable to IT.”

Advances in cloud technologies and virtualization, however, are also giving DISA new ways to provide more flexibility to military operations while trying to protect defense networks, too. Bennett, for instance, said DISA is moving to secure endpoints by pushing out images instead of data using virtual desktop infrastructure, or VDI.

“VDI is a huge capability,” Bennett said. “I can’t get it into the field fast enough. Now I give the user the environment to move with or across the environment.”

Bennett acknowledged that the despite Defense Department’s push for Joint Regional Security Stacks, and broader joint enterprise IT systems, the agency faces an uphill climb re-educating defense IT units on the steps necessary to move some of their IT operations and applications to a cloud-based ecosystem. Some of that re-education is also necessary within DISA, he said.

With 12,000 employees who are scattered across the globe and 15,000 locations that support military personnel and operations, Bennett acknowledged that “we need to change the agency” to innovate.

“Folks say, ‘I’m used to doing this process in 10 steps and that’s the way I’ve done it for 10 years,’” he said. “It isn’t just the technical change, it’s ‘how do I best put capabilities in place that optimize how we do business going forward?’ And do it in a way that’s easy to work with the user community to help them understand this new solution.”

Wyatt Kash contributed to this report.

Read the rest of our 2015 FedTalks coverage:

Tony Scott: Cybersecurity means sharing more than just information

Blackberry taking ‘balanced’ approach to encryption, lawful intercept

Pentagon IT leaders push for more collaboration across defense agencies

IT leaders discuss cybersecurity, innovation at 2015 FedTalks

 

Watch our TV coverage of FedTalks 2015:

Social Security’s Herb Strauss on meeting citizens’ demands

 

DOT CIO Richard McKinney on his ‘sense of urgency’ with FITARA

CIO John Owens discusses DevOps at USPTO

 

EPA’s Ann Dunkin on her love for FITARA

 

Tony Scott: Cyber means sharing more than just info

When it comes to cybersecurity, U.S. Chief Information Officer Tony Scott believes it’s not enough just to share information — federal officials have to regard it as “a shared responsibility.” And he wants agencies to start sharing their cyber systems to help narrow security disparities within the federal government.

“There’s nothing you can do at an enterprise scale, or certainly at the scale of the federal government or even more broadly as a nation, that doesn’t have a bunch of dependencies,” Scott said Tuesday at FedScoop’s FedTalks. “You need partners and you need environment where people can both share information but also share learnings and work together.”

Since executing a federal cybersecurity “sprint” this summer focused on better use of two-factor authentication employing personal identification verification cards — he said they made “remarkable progress in that short a period of time” — Scott and his team have turned their focus to long-term cyber strategy and, in large part, a cultural change to improve cyber hygiene in federal government.

In addition to the obvious modernization of legacy systems and stronger cyber recruitment efforts needed in federal government that he’s talked about before, Scott told the FedTalks crowd gathered at the Andrew Mellon Auditorium in Washington, D.C., that he envisioned a federal IT model in which the cybersecurity is not siloed at the agency level, with far fewer security systems shared between multiple agencies.

“We have a culture of every agency doing 100 percent of its own work most of the time, absent of a few shared services,” he said. “And not just at the agency level, but sometimes well below that there’s tons and tons and tons of uniqueness.”

But as security becomes a “much more intense activity and a much more critical factor in how we do our business,” Scott said, “we can’t rely on every single agency having [enough] resources and access to all of the technology that’s needed to really do your job in this space.”

No, Scott doesn’t envision a single cyber system for all of the government. But, “I don’t think we need hundreds and hundreds and hundreds of individual” security systems either, he said.

The federal IT community, and the general technology industry, is at a critical inflection point, Scott said, which is “exciting and exhilarating” but will likely come with some bumps.

Scott, though, stood confident in the federal government’s ability to thrive in the changing times if it can be flexible and promote an economy of sharing, closing by asking government and industry for more of the same help they’ve given him over the past year.

“Over the next year what I hope for is … the sharing of information and knowledge and lessons learned, whether it’s cyber or whether it’s this broader transformation effort that we’re on,” he said. “I need, your help, the country needs your help, and we need each other’s help in order to make this effective.”

Read the rest of our 2015 FedTalks coverage:

DISA to make cloud and mobile enabled networks 2016 priority

Blackberry taking ‘balanced’ approach to encryption, lawful intercept

Pentagon IT leaders push for more collaboration across defense agencies

IT leaders discuss cybersecurity, innovation at 2015 FedTalks

 

Watch our TV coverage of FedTalks 2015:

Social Security’s Herb Strauss on meeting citizens’ demands

DOT CIO Richard McKinney on his ‘sense of urgency’ with FITARA

CIO John Owens discusses DevOps at USPTO

EPA’s Ann Dunkin on her love for FITARA

 

Intel officials reopen ‘going dark’ argument after Paris attacks

U.S. officials and policymakers have seized on the Paris terror attacks to highlight their concerns about extremists’ use of encrypted communications, after suicide attackers claimed by ISIS were able to plan and execute a complex series of coordinated deadly attacks in the French capital, apparently without leaving a digital footprint.

Speaking Monday at a Center for Strategic and International Studies event, CIA Director John Brennan said that though “it’s not a surprise that this attack was carried out” and there was “strategic warning,” terrorist networks are becoming more sophisticated in their use of communications technology.

“We knew that these plans or plotting by ISIL was under way, looking at Europe in particular as the venue for carrying out these attacks,” Brennan said. “But I must say that there has been a significant increase in the operational security of a number of these operatives and terrorist networks as they have gone to school on what it is that they need to do in order to keep their activities concealed from the authorities. And as I mentioned, there are a lot of technological capabilities that are available right now that make it exceptionally difficult, both technically as well as legally, for intelligence and security services to have the insight they need to uncover it.”

It remains unclear exactly how the terrorists coordinated such an intricate operation — four separate gun and suicide-vest attacks within minutes of one another that killed at least 129 people within less than an hour. But the airwaves were abuzz over the weekend with speculation — and so-called “end-to-end” or “zero-knowledge” encryption, where even the provider of the service cannot unscramble messages without the subscriber’s key, was the leading suspect.

“We don’t know for sure yet, but I think what we’re going to learn is that these guys are communicating via these encrypted apps, right, the commercial encryption, which is very difficult, if not impossible, for governments to break, and the producers of which don’t produce the keys necessary for law enforcement to read the encrypted messages,” Michael Morell, former CIA deputy director, said on CBS’ “Face the Nation” Sunday.

Jan Jambon — federal home affairs minister of Belgium, the believed home of Abdelhamid Abaaoud, the man French authorities suspect plotted the attacks — said this type of encryption troubles his country, a hotbed for terrorism recruitment. Jambon said terrorist groups have been know to use unconventional technologies, like video game systems, to communicate, plan and recruit.

“The thing that keeps me awake at night is the guy behind his computer, looking for messages from IS and other hate preachers,” he said, as reported by Belgian publication the Bulletin. “PlayStation 4 is even more difficult to keep track of than WhatsApp.” Other tools like TOR, or the The Onion Router, allow users to navigate the deep Web anonymously with encryption.

Last year, U.S. intelligence and law enforcement officials renewed their campaign — defeated in the 1990s — for technology providers to implant “backdoors” in their encryption products, so they can be decoded and read by court authorized police authorities. FBI Director James Comey has lead the effort to convince companies to give intelligence and security officials access to keep criminals and terrorists from “going dark,” or communicating in untraceable ways.

“With going dark, those of us in law enforcement and public safety have a major fear of missing out,” Comey said in October 2014. “Missing out on predators who exploit the most vulnerable among us; missing out on violent criminals who target our communities; missing out on a terrorist cell using social media to recruit, plan and execute an attack.

But then this year, following an outcry from technologists and cryptographers, the Justice Department acknowledged that — for the time — the administration was not proposing any legislation to impose a backdoor requirement.

But many observers believe the attacks in Paris and the apparent use of encrypted communication will change the administration’s calculation.

“Evidence that terrorists were, in fact, using strong end-to-end encryption to kill people could be game-changing in a debate that has heretofore been defined by anxieties about NSA,” said Benjamin Wittes, editor-in-chief of Lawfare and a senior fellow in governance studies at the Brookings Institution, adding that the public has mostly been in favor of companies’ stronger privacy through encryption, especially in the wake of whistleblower Edward Snowden exposing the National Security Agency’s mass collection of digital metadata.

“All that could change in an instant were it to emerge that the Paris attackers were using technology specifically chosen to secure their communications from those charged with stopping terrorist attacks,” Wittes added.

Morell said the attacks could dramatically impact the argument for encryption, one that, for the moment, is “defined by Edward Snowden and the concern about privacy.”

“I think we’re now going to have another debate about that. It’s going to be defined by what happened in Paris,” he said. “This event is, in many respects, similar to the events of 9/11, in terms of the game-changing aspect of it.”

‘Hive’ computing could help FDA assess next-gen sequencing data

The server room for the Food and Drug Administration’s “Hive” literally buzzes with activity as it harnesses massive amounts of computing power to analyze detailed information on DNA and RNA sequences.

More pharmaceutical companies are making the foray into next-generation genetic sequencing as they develop or improve drugs and vaccines. And researchers working at the Hive, short for High-Performance Integrated Virtual Environment, want to better equip FDA evaluators to analyze that kind of data as it starts to turn up in drug and vaccine regulatory submissions to the agency.

“The goal of this research is to understand how [next-generation genetic sequencing, known as] NGS can be used to support the evolution of a regulated product,” said Vahan Simonyan, lead scientist for the Hive.

The research is critical to the FDA’s mission, said Carolyn Wilson, associate director for research at the agency’s Center for Biologics Evaluation and Research, where the Hive is housed. She said two years ago, the agency’s Center for Drugs received NGS data in a regulatory submission and, when officials conducted an analysis, their results were different from the firm’s original conclusions.

“There are so many variables that can impact what these data mean and how to interpret them,” Wilson said. “Our scientists, our reviewers really need to understand and evaluate the technology and need to have the tools to do it.”

NGS is advanced technology that can conduct fast, high-resolution sequences of DNA and RNA. Wilson said it’s the difference between learning the “average” ethnicity of a room full of people is Caucasian, and getting the specific genetic background and country of origin of each person in the room.

FDA’s Hive allows users to submit NGS data through a Web portal. From there, the Hive uses its super powerful computing power, vast library of data and algorithms to scrutinize the data. In a blog post she wrote last year, Wilson said one algorithm that the Hive uses could help determine whether a flu virus strain in a vaccine could reduce its effectiveness — or even cause infections. “When ready and approved by FDA for use, we will use this powerful, CBER-managed, inter-center resource to handle regulatory submissions,” she wrote.

But in the mean time, the program has 80 large and small-scale research projects it is conducting.

“There’s just a lot of activity in the outside world using NextGen sequencing,” she told FedScoop. “And essentially it’s one of those technologies where the potential application of the technology is only limited by the imagination of the individual scientists who are applying it.”

Indeed, Richard Daly, CEO of genomics analytics company DNAnexus, said pharmaceutical companies are increasingly researching how they can use genomics to develop drugs. He pointed to biotechnology company Regeneron Pharmaceuticals’ work with Geisinger Health System to sequence the genomes in patients as a way to find genetic markers that could make someone predisposed to certain diseases.

“The truth is nobody’s really sure what information is going to end up being valuable in next generation,” Daly said. “When it cost $25,000 to do a sequence, people were hesitant. But now that the cost is dropping to $1,000, the theory is, as long as we’re doing anything, lets get all the information.”

DNAnexus is working with FDA on precisionFDA, a platform to allow scientists to share research around next-generation sequencing. It’s part of FDA’s response to the White House’s Precision Medicine Initiative, announced earlier this year. Just last week, FDA unveiled a “closed beta” version of the platform and FDA press officer Jennifer Corbett Dooren told FedScoop that the Hive team contributed some data for the effort.

Several high-performance computing projects, like the Hive, are spread out across FDA’s centers, said agency Chief Information Officer Todd Simpson. But, he said some of these efforts were stood up without much consideration for how to maintain the necessary infrastructure and staff. To address that, Simpson said he wants to collaborate with researchers on these projects to find ways to centralize FDA’s high-performance computing efforts.

“The goal here is not to stymie any work that’s going on here in the centers,” Simpson told FedScoop. “The goal here is to make things more effective and more efficient.”

E.U.: New Safe Harbor deal will be done by deadline

The United States and the European Union have made significant progress in crafting new regulations to protect consumers’ privacy during commercial data transfers between American and European jurisdictions, a senior European official said Monday.

In a speech at the Brookings Institution in Washington, D.C., European Commissioner for Justice, Consumers and Gender Equality Věra Jourová said both sides will reach an agreement before a Jan. 31 deadline.

“I’m confident that we will meet the deadline of January 2016 for a new agreement on international commercial data transfers,” Jourová said. “Why? Because we have clear guidelines from Europe’s highest court. Because we can build on discussions held since January 2014. Because it is in both Europeans’ and Americans’ interest. And finally, because there is a strong political commitment at the highest level on both sides of the Atlantic.”

Talks have accelerated since an Oct. 6 ruling from the European Court of Justice that invalidated the Safe Harbor law, a regulatory workaround that let American companies store Europeans’ personal data outside the E.U. — without falling foul of strict European data privacy rules. A working group of privacy regulators said days later that unless the two sides reach an agreement, they will take “necessary and appropriate actions” against companies who are violating those rules.

Jourová said negotiations with Commerce Secretary Penny Pritzker have yielded some results, including a move to make oversight more “responsive” and “pro-active.” According to the commissioner, the Commerce Department has already committed to stronger oversight of companies and stronger cooperation between European data protection authorities and the Federal Trade Commission.

She also said she is working with the Commerce Department to include an annual joint review mechanism, which will detail the number of requests American companies receive from U.S. intelligence and other agencies to pass on information on European citizens.

According to an interview in the Wall Street Journal, Jourová said this review has been a point of contention since the summer, with the U.S. balking at the E.U.’s stipulation that data request reports be made mandatory.

Another key facet in agreements is passage of the Judicial Redress Act, which if signed into law, would give E.U. citizens the same rights to legal recourse that U.S. citizens have if law enforcement is found to have violated their privacy. Jourová will be visiting Capitol Hill tomorrow, urging the Senate to pass the bill.

“The major difficulty we have faced over the years is the fact that the 1974 Privacy Act only grants rights to U.S. citizens and residents, whereas in the E.U. there is no such limitation for U.S. citizens in our redress system,” Jourová said. “This is a long-awaited and historical step and we appreciate the efforts of the Administration and Congress so far.”

Even with the bill’s passage, privacy experts believe the “umbrella agreement” being used as a framework will eventually be tossed out by a European Court. Last week, a letter from U.S.- and Europe-based privacy groups urged both sides to head back to the drawing board.

A revised Safe Harbor framework similar to the earlier Safe Harbor framework will almost certainly be found invalid by the national data protection agencies and ultimately by the [European court],” the letter reads. “Failure will almost certainly lead to disruption of data flows and uncertainty for consumers and businesses on both sides of the Atlantic.”

Jourová said that both sides need to continue to work together to have a “comprehensive and effective framework in place as soon as possible.”

“Only a comprehensive arrangement with clear legal commitments, enforced by the U.S. authorities, can ensure the level of data protection Europeans are entitled to under E.U. law,” she said. “And this is what the judgment requires: where personal data travels, the protection has to travel with it.”

Exclusive: Veterans’ CIO names head of new enterprise management office

Rob Thomas will lead the Department of Veteran Affairs’ new Enterprise Program Management Office — a vital component of CIO LaVerne Council’s recently unveiled vision for the department’s success in IT — FedScoop has learned.

In his new role, Thomas will stand up and run the EPMO — in the department’s Office of Information & Technology — and “ensure the VA is managing its IT investments to maximize value, minimize risk, and ensure transparency,” Council wrote to VA senior leaders in a memo obtained by FedScoop. According to a VA official, Council announced the move internally on Oct. 26, but the news has not been reported until now.

A former acting chief information officer and deputy CIO with the Federal Emergency Management Agency, Thomas joined the VA in March under then-acting CIO Stephen Warren as assistant deputy CIO for product support and to pilot a new role as federal integrator for VA’s OI&T, FedScoop previously reported.

FedScoop spoke with Council in October about VA OI&T’s move to more agile technology development and how the EPMO should bolster that with smarter planning.

“You can’t underestimate the value of planning. People talk about agile development like it’s the panacea. The panacea is a good plan,” she said. “If you’ve got a good plan, the development takes no time. The outcome is pretty much understood. And you understand when you’re not going to make that outcome, and you can take a different direction or you can shut it down and move on to something else.”