Facebook

If federal CIO’s are judged by how well they lead by example in the social media revolution, then a new study suggests not enough of them are walking the talk.

An analysis of 31 federal chief information officers, just released by MeriTalk, reports that certain federal CIOs are much more engaged than others on Facebook, Twitter and LinkedIn. Keep reading →

This week, millions of voters will confront not only the decision of who to vote for, but also the more mundane questions of where and when to vote, whether they need to bring identification, and who or what exactly will be on the ballot.

Despite the march of technology that makes that information available online to more and more people, finding the correct information for a given voting district has been a continuing challenge for veteran and prospective voters alike, as well as state and local election officials. Keep reading →

For those who follow government computing trends, the biggest story of 2012 in the U.S. has been the accelerating adoption of cloud services by federal agencies as well as by state and local governments. This growth has been fostered in large part by the admirably proactive stance in favor of cloud taken by the White House’s Office of Management and Budget (OMB).

It has also been propelled by the FedRAMP program, which streamlines the procedures used to vet the security features of commercial cloud solutions. At SafeGov we enthusiastically endorse this trend and look forward to the cost savings and improvements in citizen services it will bring to all levels of government.

______________________________________________
This article originally appeared on SafeGov.org and is republished by permission. For more news and insights on innovations at work in government, please sign up for the AOL Gov newsletter. For the quickest updates, like us on Facebook.
______________________________________________

But while U.S. government use of cloud services surges, U.S. regulators have paid relatively little attention to the emerging issue of data confidentiality in the cloud. The focus of Federal cloud standardization efforts such as the NIST requirements built into FedRAMP has been data security, not privacy and confidentiality.

In Europe, however, the picture looks very different. The European public sector is approaching the cloud with caution: governments are keenly interested in the potential benefits, but have not yet issued the kind of top-down mandate for rapid migration that we’ve seen in the U.S.

At the same time, European regulators are much further along the path toward a modernized regulatory regime for cloud computing. The key development looming on the horizon in Europe is the proposed new EU Data Protection Regulation. This draft legislation represents a sweeping revision of the 1995 EU Privacy Directive and is currently the subject of intense scrutiny by interested stakeholders.

Observers expect it to be passed by the EU Parliament sometime in early 2014. In the short term, the most significant event is the investigation of Google’s privacy policy that the French Data Protection Authority – the CNIL – is conducting at the request of the Article 29 Working Party (the association of European DPAs).

Before we assess the impact of European privacy regulations on government cloud computing, let’s take a step back to review the recent debate over online privacy in the U.S. As visitors to this forum may know, SafeGov contributors were among the first to identify the mismatch between the privacy policies of giant web advertising companies like Google and the requirements of safe cloud computing in a government or educational environment.

Recall that the new Google privacy policy introduced in March of this year allows the Mountain View, Calif., firm to combine all of the vast knowledge it gleans from tracking a user’s activity across its many web services (Gmail, Docs, Search, YouTube, DoubleClick, etc.) into a single “master profile.” This profile can then be intensively data mined to select the most profitable ads to serve to that user.

Scaled up to tens and even hundreds of millions of users, this profiling technique yields an extraordinarily profitable business model that has made Google the most successful advertising firm in history.

Google, by the way, is not the only web firm to use this model. Facebook does essentially the same thing, although it has less raw data about users’ behavior outside of its own site. Even Microsoft has recently adopted a unified privacy policy for its consumer services However, a critical difference between the Google and Microsoft policies is the fact that Microsoft, unlike Google, has a specific privacy policy for enterprise and government users.

Privacy advocates on both sides of the Atlantic have objected to Google’s business model on the grounds that web users are not informed that they are being tracked in this manner and are not given an obvious opportunity to opt out. We also note that the European DPAs asked Google to delay implementation of the policy until it could be investigated, but Google declined.

SafeGov itself does not take a position on business models deployed by consumer advertising firms. We recognize that opinions on this difficult and sensitive question will differ. Web advertising (which does not necessarily require hidden user tracking) can be a healthy form of technological innovation that offers significant benefits to consumers.

However, our contributing experts have pointed out on many occasions that the kind of stealthy user profiling and systematic data mining of user content that has become the norm on the consumer web is absolutely unacceptable when performed in cloud services provided under contract to governments or schools.

I believe that our experts who have spoken out on this issue are on solid ground. Imagine for example that a cloud provider decided to apply the same data mining algorithms it uses for consumer ad targeting to the email traffic of tens or hundreds of thousands of government users or school children.

Even if no personal information of individual users was disclosed to advertisers, the power of these algorithms to identify trending topics and keywords in user content could be of immense economic value. In the case of sensitive government information, it could also represent a grave threat to the security of nations. It is for these reasons that SafeGov has called on all cloud service providers to create separate privacy policies for public sector users that expressly ban these practices.

Now what of the European regulators? As noted above, the French DPA – the CNIL – was assigned the task last February of investigating Google’s new privacy policy in order to determine whether it complies with existing European data protection rules. The CNIL is expected to present its initial findings on the Google policy to its European peers sometime in the coming days.

It is important to understand that although the CNIL is a French institution, it is not acting on behalf of the French government, but on that of the association of European DPAs (the Article 29 Working Party). These DPAs are national regulatory bodies whose members are appointed by their national governments, but which operate as independent authorities (in much the same way that the FTC and the FCC do in the U.S.). Their mandate is to enforce European and national laws concerning data protection and online privacy.

While nothing has yet leaked to the press regarding the CNIL’s findings (the contrast on this point with the American FTC is noteworthy), past statements of the CNIL and the Article 29 Working Party allow us to anticipate the likely direction the regulator will take.

First, it is highly probable that the CNIL will find that Google’s privacy policy indeed does not fully comply with European law. This much was already implied in the statements of Article 29 Working Party Chairman Jacob Kohnstamm last February and by the decision to entrust an investigation to the CNIL.

Second, it is unlikely that the CNIL will adopt a punitive stance toward Google, for example by imposing a fine. European law gives the DPAs the power to fine companies that violate the rules, and several DPAs (including the CNIL) have already inflicted fines on Google for that firm’s conduct in the so-called Wi-Spy scandal. But in this case it is more likely that the CNIL and the other DPAs will politely ask Google to change its privacy policy in ways that make it compatible with European laws.

What changes might the Europeans seek in Google’s privacy policy? Any answer to this question before the release of the CNIL’s report is of course purely speculative. Certainly we can expect the regulator to require that Google do more to disclose to users the extent of its data gathering and to offer them more explicit opportunities to opt out.

In recent months many web sites in Europe have begun to implement the new EU cookie rules that require increased disclosure and express consent prior to the serving of web cookies to user browsers. We might expect similar requirements to be imposed on Google and its web advertising peers (Facebook, Yahoo, Hotmail and Bing, etc.).

But at SafeGov our mission is government computing. We don’t know at this point whether the CNIL will express an opinion on the suitability of Google’s privacy policy for cloud services delivered to government customers. We note optimistically that the CNIL asked Google whether its new privacy policy applied to users of Google Apps for Education and Google Apps for Business (of which Google Apps for Government is a derivative. See Question 47 in the CNIL’s second questionnaire addressed to Google).

However, the regulator may prefer to focus its initial report on a broad outline of the changes it wishes to see in Google’s privacy policy, rather than drilling down to issues that confront specific sectors such as government or education.

In any case, observers can be confident that the debate on the topic of the confidentiality and safety of government data in the cloud is only just beginning.

The CNIL’s findings on behalf of the Article 29 Working Party, whatever they are, will be only the first step in a long road. As Europe prepares a fundamental revision of its data protection and online privacy law, that road will ultimately lead to significant changes in the privacy practices and perhaps even in the business models of all web advertising firms that wish to do business in Europe.

These changes will inevitably encompass the rules that govern the cloud services provided to European governments and schools.

We hope that Europe’s Data Protection Authorities will recognize the need for dedicated privacy policies that guarantee users in these critical sectors of the European economy protection from the user profiling and data mining practices of the online consumer advertising industry.

Jeff Gould is CEO and Director of Research, Peerstone Research, and a regular contributor to SafeGov.org, a forum for IT providers and industry experts dedicated to promoting trusted and responsible cloud computing. Keep reading →


Are you sure the agency Facebook, YouTube or Twitter account you follow is legit? How do you know it’s an official government account?

Before now, you couldn’t. But now through the efforts of the General Services Administration’s new Social Media Registry you can. Keep reading →

After six days of the 2012 International Open Government Data Conference, which concluded last week, I and others are asking ourselves this question: Is there a business case for open government data?

Clearly, more needs to be done to spread what is working with open government data.

But when it comes to making a business case for open government data, there are at least three success models – or examples I am aware of:

  • Statistical agencies that get regular funding because it is critical to governmental decisions such as establishing congressional districts;
  • Intelligence agencies and the larger intelligence community that received a big budget increase for big data because of the need to find more needles in bigger haystacks;
  • Google, Facebook, LinkedIn, and other big data users of online data that learned they needed a data science team with an information platform to grow their businesses.
But the question remains, what business value can make open government data fundable and sustainable like the above three? Keep reading →


As the nature of media shifts, the nature of government communications offices will be forced to shift as well.

Recently, GovLoop member Dave Hebert asked the community: what will the future of government communications look like? Even though he leads internal communications at his agency, he was asked to assume responsibility for public-facing web content. Keep reading →

The fact that the Department of Defense got its budget cut and the Intelligence Community got its budget increased in the White House’s 2013 budget request of Congress is indicative of more than the need to roll back a decade of military growth. It’s also indicative of a shift in IT focus–and a reflection that DoD’s network-centric focus is being overtaken by the IC’s big data-centric focus.

There are probably many reasons for such a shift. One is the world’s population. The U.S. Census Bureau estimates the world population passed 7 billion mark this past weekend. The rapidly growing number of people who will eventually have smartphones with multiple sensors (your iPhone has them now for GPS position, etc.) promises a future where there will be massive streams of real-time data that the IC will want to mine, looking for lone-wolf terrorists (who are relatively but easy to stop) who I have written about previously.

For companies like Google and Facebook, big data is big business, and for other companies big data is becoming their business as they mine their large swaths of data to improve their services and develop new business activities. The IC may not come out and say it, but it has to love the fact that Facebook will soon have 1/7th of the world’s population using it’s platform to share what’s going on. Or that Google is almost everyone’s favorite search engine because they can keep track of what people are posting and searching for much easier than many in government can.

The IC also has to love big data, and the rapid evolution of systems used to ingest and process it, because it helps push the technology wave, as Gus Hunt, CIA chief technology officer (pictured above), described it at the recent Government Big Data Forum.

Hunt said that in every aspect of their workflow at the CIA, from sensors to finished intelligence, massive, multiple, real-time sensor data streams cause bottlenecks on current networks that swamp current storage devices and overwhelm current query, analytics, and visualization tools, that are needed to produce finished intelligence.

So he wants his cake and to eat it too: He wants real-time analytics and visualizations that he says a few start-ups are trying to achieve. He also wants the Federal Cloud Computing Initiative to add two more services to Platform-, Software-, and Infrastructure-as-a-Service, namely, Data-as-a-Service and Security-as-a-Service.

Part of the solution is emerging from Google’s MapReduce, which is a parallel data processing framework that has been commercialized as Apache Hadoop (developed by Doug Cutting who named it after his son’s toy elephant) by Cloudera so one can store and compute big data at the same time.

Amr Awadallah, founder and CTO of Cloudera, calls Apache Hadoop a data operating system in contrast to Windows and Linux, which are essentially file operating systems (they store and manage all the files you create and are needed for your software applications). He points out that Apache Hadoop provides the three essential things: velocity, scalability, and economics, that are needed to handle big data.


So the IC, Gus Hunt, Amr Awadalla, and others at the Government Big Data Forum are leading the next technology wave and gave us a glimpse of both the technology infrastructure and the business organization with chief data officers and data scientists that will be needed to implement and succeed with big data.

More details about what was said can be found at CTOVision and at my wiki document, Data Science Visualizations Past Present and Future.

COMMENTARY: I keep hearing and reading that Google and Facebook are changing their polices about handling our personal information and that the White House, Congress, consumer groups, regulators, and their millions of users are concerned.

Then I heard a recent interview with Facebook founder Mark Zucherberg that asks him if he thinks that Google is trying to compete with Facebook and his answers are evasive and so I know that the interviewer is on to something. Keep reading →

UPDATED. President Barack Obama reached out across the Internet to engage directly with Americans and small business owners in a live virtual interview staged by The White House Monday. The virtual session, held at 5:30 EST, was hosted by Google and produced using YouTube in what was billed as a post State of the Union Google+ Hangout.

The online question and answer session were streamed live on WhiteHouse.gov, YouTube.com/WhiteHouse and on the White House Google+ page. Keep reading →


I got the announcement a couple days ago that Vivek Kundra is joining Salesforce.com as executive vice president of emerging markets, and the invitation to be first to post a comment.

Mark Amtower beat me to it and he was right to the point: “Is Salesforce.com part of that “IT Cartel” that Vivek warned us about?” Keep reading →

Page 1 of 212