Category Archives: privacy

Visualizing the future of programmable cities

Posted on by

0

Technology is fueling new visions for the future of cities. Today at the South by Southwest Interactive festival, a panel considered “Web Mashup Platforms and Future Programmable Cities. NYC chief digital officer Rachel Sterne (@RachelSterne) joined Christine Outram (@cityinnovation), Vlad Trifa (@vladounet) and Dominique Guinard (@domguinard) in exploring how open data, mobile platforms and citizen engagement will shape what comes next in urban life.

Below, visual notes by OgilvyNotes and ImageThink capture the conversation.

n Web Mashup Platforms and Future Programmable Cities

For more on how cities are embracing new platforms and technologies, learn about citizensourcing smarter government in New York City.

[Hat Tip: Rachel Sterne]

Daniel Weitzner is the new White House deputy CTO for Internet policy

Posted on by

1

DSC_5476

Image by Elon University via Flickr

There’s a new deputy chief technology officer in the White House Office of Science and Technology Policy: Danny Weitzner. He’ll be taking over the policy portfolio that Andrew McLaughlin held. The appointment appears to have been reported first by Julia Angwin in her story on a proposed bill for an online privacy bill of rights drafted by Senator John McCain (R-AZ) and Senator John Kerry (D-MA). Rick Weiss, director of communications at OSTP confirmed the appointment and said that they anticipate that Weitzner will start work “very soon.”

With the appointment, the OSTP staff has three deputy CTOs again working under federal CTO Aneesh Chopra: Chris Vein for innovation, Weitzner for Internet policy and Scott Deutchman for telecommunications policy.

Weitzner has a deep and interesting background when it comes to Internet policy. He was serving as associate administrator for policy at the United States Commerce Department’s National Telecommunications and Information Administration (NTIA), the principal adviser to the President on telecommunications and information policy. Prior to joining the Obama administration, Weitzner created the MIT CSAIL Decentralized Information Group and was used to be the policy director for the World Wide Web Consortium (W3C) before he joined . Here’s his bio from his time there:

Daniel Weitzner is Policy Director of the World Wide Web Consortium’s Technology and Society activities. As such, he is responsible for development of technology standards that enable the web to address social, legal, and public policy concerns such as privacy, free speech, security, protection of minors, authentication, intellectual property and identification. Weitzner holds an appointment as Principal Research Scientist at MIT’s Computer Science and Artificial Intelligence Laboratory, co-directs MIT’s Decentralized Information Group with Tim Berners-Lee, and teaches Internet public policy at MIT.

As one of the leading figures in the Internet public policy community, he was the first to advocate user control technologies such as content filtering and rating to protect children and avoid government censorship of the Intenet. These arguments played a critical role in the 1997 US Supreme Court case, Reno v. ACLU, awarding the highest free speech protections to the Internet. He successfully advocated for adoption of amendments to the Electronic Communications Privacy Act creating new privacy protections for online transactional information such as Web site access logs.

Before joining the W3C, Mr. Weitzner was co-founder and Deputy Director of the Center for Democracy and Technology, a leading Internet civil liberties organization in Washington, DC. He was also Deputy Policy Director of the Electronic Frontier Foundation. He serves on the Boards of Directors of the Center for Democracy and Technology, the Software Freedom Law Center, the Web Science Research Initiative. and the Internet Education Foundation.

His publications on technical and public policy aspects of the Internet have appeared in the Yale Law Review, Science magazine, Communications of the ACM, Computerworld, Wired Magazine, and The Whole Earth Review. He is also a commentator for NPR’s Marketplace Radio.

Mr. Weitzner has a degree in law from Buffalo Law School, and a B.A. in Philosophy from Swarthmore College.

As Angwin reported, Weitzner pushed for creation of the Commerce Department new privacy office while he was at NTIA. In his new role, he’s likely to be working closely with the FTC, Congress and a new privacy office at the Commerce that, according to Angwin, is likely to be run by Jules Polonetsky, currently head of the Future of Privacy Forum.

Weitzner’s appointment is good news for those who believe that ECPA reform matters and for advocates of free speech online. Given the recent role of the Internet as a platform for collective action, that support is worth acknowledging.

For those interested, Weitzner can be found on Twitter at @djweitzner. While he has not sent out a tweet since last November, his link to open government in the United Kingdom last July bodes well for his support for open data and Gov 2.0: “Proposed Government Data Transparency principles from UK gov’t via Shadbolt & Berners-Lee http://bit.ly/b1WyYs #opendata #gov20.”

 

Related articles
Enhanced by Zemanta

Talking about crisis data, social media and GIS on Federal News Radio

Posted on by

0

American Red Cross Conference On Use Of Intern...

Image by ShashiBellamkonda via Flickr

Earlier this week, the O’Reilly Radar published a new article about how the Red Cross and the Los Angeles Fire Department integrate social tools into crisis response. This afternoon, I talked with Federal News Radio‘s anchor Chris Dorobek about crisis data for the Dorobek Insider:

Have a crisis? Don’t worry, there’s an app for that.

With the emergence of social media tools, emergency responders have been forced to integrate social media into their crisis response.

During the Gulf Coast oil spill last year, the Coast Guard launched an app where you could actually track the oil. Now the Red Cross and the Los Angeles Fire Department are using Twitter and Facebook in their emergency response.

If you’re in the Washington, D.C. listening area, our interview was on at 4:05 and will be rebroadcast at 6:05 PM EST. For online listeners (that’s you, dear reader) you can listen to the show on crisis data here.

Related articles
Enhanced by Zemanta

Are the Internet and Social Media ‘Tools of Freedom’ or ‘Tools of Oppression?’

Posted on by

4

The role of the Internet and social media in what has been described as the “Arab Spring” in Egypt, Tunisia, Libya and the rest of the Middle East is one of the hottest topics in technology and foreign policy. Ever since the #IranElection hashtag first gave the world a look at social media as forum for information exchange about civil unrest outside of state-controlled media, there has been a huge explosion oof forums and op-eds exploring the question of whether YouTube, Facebook, Twitter, cellphones, crisis mapping and other technology platforms were creating the conditions for revolution — or acting as an accelerant to the embers of revolution. The State Department’s “Internet freedom” policy has come into conflict with both autocrats whose iron rule has carried over from the 21st century using Facebook and mobile technology to track down dissidents and Western democracies seeking increased electronic surveillance powers over the network of networks that now spans the globe.

As with so many other communications tools, it’s becoming increasingly clear that the connection technologies whose use has rapidly brought more of us together can be used in both positive and negative ways, much in the same way the printing press, radio or television changed the distribution of ideas and news in past centuries. Cellphones equipped with cameras and connected to the rest of the world have become the eyes and ears of young people in the Middle East. They can also be used to track them.

In a year when the leader of Libya mentioned Facebook by name and Egypt shuts down the Internet, it would be easy to simply celebrate the role of people power accelerated by social media. Not so fast. These social media platforms of 2011 can and will be used to people, governments and covert organizations to greenwash, astroturf or distribute propaganda or misinformation. This reality has been articulated by Evgeny Morozov in The Net Delusion and emphasized again in a commentary today on the role of social networking in the Arab Spring. While Wael Ghonim said that without social networking, this wouldn’t have happened, Morozov emphasizes that it took the bravery of millions of young people to show up in real life in Tahir Square in Egypt or in the streets of Tunisia for this to become a reality.

Smarter social networking” in the service of the ends of dictators and autocrats can and will happen, along with so many other spheres of public life. As Ben Scott, innovation advisor of the State Department acknowledged at an AMP Summit in D.C. on social networking and Egypt last month, it is happening, with more use of tools for negative purpose to come. “The question is no longer does technology matter,” he said. “It’s how, and in what ways.”

 

http://www.ustream.tv/flash/viewer.swf

“Network effects are politically agnostic,” said Scott. These connection technologies are not causing revolution. “They’re accelerating them.”

The question of whether these connection technologies are by their nature aligned with greater freedoms has also, literally, been up for debate. When it comes to a bigger question — whether connection technologies are more useful for democrats or dictators — Scott said that on the whole, he thought the proliferation of connection technologies is good for democracy. The online audience in a recent debate at Economist.com between Stanford’s Evgeny Morozov and Harvard’s John Palfrey decided by a narrow margin that the Internet is “inherently” a force for democracy. The full dialogue between the two men is well worth reading in its entirety.

Whether that view or this architecture of the Internet itself persists has other members of the academy concerned as well. As Harvard computer science professor Jonathan Zittrain observes in the Scientific American, keeping the Internet open, distributed and free is not a certain outcome.

Attacks on Internet sites and infrastructure, and the compromise of secure information, pose a particularly tricky problem because it is usually impossible to trace an attack back to its instigator. This “attribution problem” is so troublesome that some law-enforcement experts have called for a wholesale reworking of Internet architecture and protocols, such that every packet of data is engraved with the identity of its source. The idea is to make punishment, and therefore deterrence, possible. Unfortunately, such a reworking would also threaten what makes the Internet special, both technologically and socially.

The Internet works thanks to loose but trusted connections among its many constituent parts, with easy entry and exit for new Internet service providers or new forms of expanding access. That is not the case with, say, mobile phones, in which the telecom operator can tell which phone placed what call and to whom the phone is registered. Establishing this level of identity on the Internet is no small task, as we have seen with authoritarian regimes that have sought to limit anonymity. It would involve eliminating free and open Wi-Fi access points and other ways of sharing connections. Terminals in libraries and cybercafes would have to have verified sign-in rosters. Or worse, Internet access would have to be predicated on providing a special ID akin to a government-issued driver’s license—perhaps in the form of a USB key. No key, no bits. To be sure, this step would not stop criminals and states wanting to act covertly but would force them to invest much more to achieve the anonymity that comes so naturally today.

The history of the introduction of new communication tools is a reminder that most disruptive technologies have dual uses. In 1924, Calvin Coolidge was the first President of the United States to make a radio broadcast from the White House. A decade later, Hitler and Stalin were using the same tool to spread a different kind of message.

Nearly a century later, the current occupant of the White House is using YouTube, Facebook, Twitter, apps and live video on WhiteHouse.gov to communicate with citizens, both of the United States or in other countries. While the White House can claim some open source cred for running WhiteHouse.gov on Drupal, much of the rest world has long since becoming aware of the disruptive nature of a more wired society that is connected to the Internet.

The debate about the role of connection technologies in Internet freedom spans many audiences. Last month, the discussion came to the Cato Institute, where a debate on social media and revolutions was moderated by Jim Harper, Director of Information Policy Studies at Cato. The discussion featured Christopher Preble, Director of Foreign Policy Studies at Cato Institute, Tim Karr, Campaign Director, Free Press, and this correspondent.

http://www.cato.org/jwmediaplayer44/player.swf

The same platforms that can and are being used to transmit breathtaking moments of wonder,
hear digital cries for help or lift up the voices of the citizens in oppressed societies to the rest of the world will also be used against them. Palfrey has further explored Middle East conflict and an Internet tipping point for the Internet at MIT’s Tech Review. His conclusion is worth sharing again:

Today, we are entering a period that we should call “access contested.” Activists around the world are pushing back on the denial of access and controls put in place by states that wish to restrict the free flow of information. This round of the contest, at least in the Middle East and North Africa, is being won by those who are using the network to organize against autocratic regimes. Online communities such as Herdict.org and peer-to-peer technologies like mesh networking provide specific ways for people to get involved directly in shaping how these technologies develop around the world.

But it would be a big mistake to presume that this state of affairs will last for long, or that it is an inevitable outcome. History shows us that there are cycles to the way that technologies, and how we use them, change over time, as Timothy Wu argues in his new book, The Master Switch. The leaders of many states, like China, Vietnam, and Uzbekistan, have proven able to use the Internet to restrict online discussion and to put people into jail for what they do using the network. We should resist the urge to cheer the triumph of pro-Western democracy fueled by widespread Internet access and usage. The contest for control of the Internet is only just beginning.

As the rest of the world watches the changes sweeping the Middle East through snippets of cellphone video uploaded to YouTube and curated by digital journalists like Andy Carvin, connected citizens have unprecedented capacity to drink from the firehose of revolutionary media. The role of the Internet as a platform for collective action is growing. The challenge is what people do with it.

Enhanced by Zemanta

Congress faces challenges in identifying constituents using social media

Posted on by

2

Citizens are becoming more influential through social networks and influencing their peers. Research from the The Pew Research Center’s Internet & American Life Project suggests that government 2.0 an important trend, with respect to our understanding of what it means to be a citizen and how our actions influence those of our fellow citizens. The role of the Internet as a platform for collective action is growing but the authorities that control the levers of power offline still matters immensely.

Today, Politico reported that social media isn’t so hot on the Hill. Or, as FierceGovernmentIT.com reported, “Congress is using social media to talk, not listen.” Both media outlets were reporting on survey results conducted by the Congressional Management Foundation on perceptions of citizen advocacy by Congressional staffers.

A better headline, however, might have been “Twitter isn’t so hot on the hill with lawmakers,” given myriad challenges around identifying constituents online, automated campaigns and what Representative Culberson (R-TX) described as a “lot of trolls on Twitter.” (It’s even worse on YouTube, Congressman.) The question posed at the end of the Politico article — “Are lawmakers putting too much time — or staff resources — into social media?” is followed with Pew stats on *Twitter* use and penetration, not Facebook.

The complaints from numerous anonymous Congressional staffers about the time it takes to maintain social media are likely honest and parallel the experiences of higher-paid contemporaries in private industry, academia, media, fashion and the nonprofit worlds. Managing multiple social media presences can, indeed, be a pain in the a–. And it takes resources, in terms of time, that may be scarcer than ever. That said, social media is now part of the lexicon of Congressional staff trusted with constituent communications. If a Representative or Senator is speaking anywhere in DC, there’s an increasingly good chance that snippets of it may tweeted, unusual pictures will be tagged on Facebook and that any gaffes will be up on YouTube later.

Doing more than trying to fit the 20th century model of broadcasting to these platform requires time, expertise and commitment, along with a thick skin. Opening up these new online channels for Congressional communications created challenges, to be sure, but then so did adding the telegraph, radio, television, fax machines, cellphones and email. It’s not hard to find past news reports of Senators resisting the addition of dial phones to the Hill.

Every new communications technology has had an impact on Congress. In 2011, Twitter, Facebook and YouTube do each come with new wrinkles. YouTube and Twitter can work in concert to share video and share it instantly with the world. At the same time, on the Hill, automated campaigns using social media have followed the path of email and faxes deluges. Carefully edited videos can trim key context from statements, or audio from broadcasts. The risks and rewards for the use of Web 2.0 that pertain to federal and state agencies also pertain to Congress.

Take, for instance, Facebook, which is generally tied to the real identities of citizens. Engaging with citizens carries with it identity and privacy issues for constituents. That’s the rub, and it won’t come out easily. Look at how San Francisco integrated city services with 311 and Facebook for an example of how government can mitigate and address some of those issues. The National Strategy for Trusted Identities in Cyberspace might address some of the challenges as well.

In the meantime, Congresional staffers and citizens alike can hope that new, improved architectures for participatory democracy online come along soon to upgrade the status quo in Washington.

Podcast: IT Security, Internet Freedom and Open Government at Threatpost

Posted on by

0

This morning, I was privileged to join Dennis Fisher on the Digital Underground podcast to talk about IT security, open government, Internet freedom and open data movements, including how they’re affecting IT security.

ListenIT Security, Internet Freedom and Open Government [MP3]

Fisher is a founding editor of the Threatpost blog and is one of the best information security journalists in the industry and a former colleague from TechTarget.

Over the course of the podcast, we discussed the different ways in which Internet freedom and privacy play into the current climate online. (We also talked a bit about Twitter and journalism.) As 2011 matures, legitimate concerns about national security will continue to be balanced with the spirit of open government expressed by the Obama administration.

The issues created between Wikileaks and open government policies are substantial. Open data may be used for accountability, citizen utility and economic opportunity. But as federal CIO Vivek Kundra said to Harvard Business School students studying Data.gov last year, the transparency facet in the Obama administration’s open government initiative has multiple layers of complexity.

Fisher and I explore these issues, along with a number of the complexities involved with improving information sharing between the public and private sector when it comes to vulnerabilities and threats. Currently, over 80% of the nation’s critical infrastructure is in the private sector.

Related stories:

Clinton: There is no silver bullet in the struggle against Internet repression. There’s no “app” for that

Posted on by

0

Today in Washington, Secretary of State Clinton reiterated the State Department’s commitment to an Internet freedom policy in a speech at George Washington University. Rebecca MacKinnon, journalist, free speech activist, and expert on Chinese Internet censorship, provided some on the spot analysis immediately following Clinton’s words. MacKinnon made an interesting, and timely, point: there are limits to directly funding certain groups. “I think one of the reasons that the Egyptian and Tunisian revolutions were successful was that they were really home grown, grass roots. At the end of the day, the people in the countries concerned need to really want change and drive that change.”

MacKinnon parsed the considerable complexity of advocating for Internet freedom in the context of Wikileaks and electronic surveillance in other areas of the federal government. For those interested, she elaborated on the issues inherent in this nexus of government and technology in her Senate testimony last year. At some point this winter, there will be a hearing on “CALEA 2″ in the United States Congress that’s going to be worth paying close attention to for anyone tracking Internet freedom closer to home, so to speak.

Should the U.S. support Internet freedom through technology, whether it’s an “app” or other means? To date, so far the State Department has allocated only $20 million of the total funding it has received from Congress, according to a report on Internet censorship from the Senate Foreign Relations Committee obtained by the AFP. (Hat tip to Nick Kristof on that one).

Clinton defended the slow rollout of funding today in her speech (emphasis is added):

“The United States continues to help people in oppressive Internet environments get around filters, stay one step ahead of the censors, the hackers, and the thugs who beat them up or imprison them for what they say online. While the rights we seek to protect are clear, the various ways that these rights are violated are increasingly complex. Some have criticized us for not pouring funding into a single technology—but there is no silver bullet in the struggle against Internet repression. There’s no “app” for that. And accordingly, we are taking a comprehensive and innovative approach—one that matches our diplomacy with technology, secure distribution networks for tools, and direct support for those on the front lines.”

The caution in spending may well also be driven by the issues that the State Department encountered with Haystack, a much celebrated technology for Internet freedom tool that turned out to be closer to a fraud than a phenomenon.

There may be no silver bullet to deliver Internet freedom to the disconnected or filtered masses, per se, but there are more options beyond the Tor Project that people in repressive regimes can leverage. Today, MIT’s Technology Review reported on an app for dissidents that encrypts phone and text communications:

Two new applications for Android devices, called RedPhone and TextSecure, were released last week by Whisper Systems, a startup created by security researchers Moxie Marlinspike and Stuart Anderson. The apps are offered free of charge to users in Egypt, where protesters opposing ex-president Hosni Mubarak have clashed with police for weeks. The apps use end-to-end encryption and a private proxy server to obfuscate who is communicating with whom, and to secure the contents of messages or phone conversations. “We literally have been working night and day for the last two weeks to get an international server infrastructure set up,” says Anderson.

No word on whether they’ve received funding from State yet. For more on today’s speech, read the full report on the State department’s Internet freedom policy at the Huffington Post, Ethan Zuckerman or the ever sharp Nancy Scola on #NetFreedom, which does, in fact, now look like a “big deal.”

House 2.0: Livestreams of special session on Tucson Shooting on Facebook, CSPAN.org

Posted on by

1

Today, C-SPAN’s Facebook page will host streaming video coverage of Wednesday’s special U.S. House session on the Tucson shootings. The livestream will start at 10 AM ET, when the House will consider a resolution on the shootings. The session is also … Continue reading

2011 Trends: National Strategy for Trusted Identities in Cyberspace highlights key online privacy, security challenges

Posted on by

2

Blackberrys, cell phones and communications devices are tagged with post-its during a briefing on Afghanistan and Pakistan in the Cabinet Room of the White House, March 26, 2009. (Official White House Photo by Pete Souza)

Blackberrys, cell phones and communications devices are tagged with post-its during a briefing on Afghanistan and Pakistan in the Cabinet Room of the White House, March 26, 2009. (Official White House Photo by Pete Souza)

The upcoming release of the final version of the White House “National Strategy for Trusted Identities in Cyberspace” highlights three key trends that face the world in 2011: online identity, privacy and security. Governments need ways to empower citizens to identify themselves online to realize both aspirational goals for citizen-to-government interaction and secure basic interactions for commercial purposes.

Earlier today, Stanford hosted an event today where U.S. Commerce Secretary Gary Locke and White House cybersecurity coordinator Howard Schmidt talked about the Obama administration’s efforts to improve online security and privacy at the Stanford Institute for Economic Policy Research (SIEPR). Here’s the NSTIC fact sheet the administration posted last year.

“As we look at the innovation engine that drives many of the things we’re doing, what does it mean to sit there as we’ve come together today,” asked Schmidt, “bringing these things together to overcome some of these risks associated with the technology we’ve deployed over the past 20 some odd years?”

The administration took public feedback on the document at NSTIC IdeaScale, which is now closed. (For a screenshot, see the story on IdeaScale on MSNBC.com.) “Every day at the end of the day. I would go back and read some of those comments,” said Schmidt today. “Some of them quite honestly were pretty silly. Other of them were very insight full and gave us some good thoughts about how can we do this right? How can we create a document that really does those things the secretary mentioned such as privacy enhancing but also giving us better trust?”

Schmidt took to the White House blog again today to announce a “National Program Office for Enhancing Online Trust and Privacy.”

Today, at Stanford University, Commerce Secretary Gary Locke and I were pleased to announce that the Commerce Department will host a National Program Office (NPO) in support of the National Strategy for Trusted Identities in Cyberspace (NSTIC).  As I’ve written previously, the NSTIC fulfills one of the action items in theCyberspace Policy Review (pdf) and is a key building block in our efforts to secure cyberspace.

This holiday season, consumers spent a record $30.81 billion in online retail spending, an increase of 13 percent over the same period the previous year.  This striking growth outshines even the notable 3.3-5.5 percent overall increase in holiday spending this past year.  While clearly a positive sign for our economy, losses from online fraud and identity theft eat away at these gains, not to mention the harm that identity crime causes directly to millions of victims.  We have a major problem in cyberspace, because when we are online we do not really know if people, businesses, and organizations are who they say they are. Moreover, we now have to remember dozens of user names and passwords. This multiplicity is so inconvenient that most people re-use their passwords for different accounts, which gives the criminal who compromises their password the “keys to the kingdom.”

We need a cyber world that enables people to validate their identities securely, but with minimal disclosure of information when they’re doing sensitive transactions (like banking) – and lets them stay anonymous when they’re not (like blogging). We need a vibrant marketplace that provides people with choices among multiple accredited identity providers – both private and public – and choices among multiple credentials. For example, imagine that a student could get a digital credential from her cell phone provider and another one from her university and use either of them to log-in to her bank, her e-mail, her social networking site, and so on, all without having to remember dozens of passwords. Such a marketplace will ensure that no single credential or centralized database can emerge. In this world, we can cut losses from fraud and identity theft, as well as cut costs for businesses and government by reducing inefficient identification procedures. We can put in-person services online without security trade-offs, thereby providing greater convenience for everyone.

This is the world envisioned in the NSTIC.  We call it the Identity Ecosystem.  We will be working to finalize the NSTIC in the coming months, but that is only the beginning of the process. I’m excited to be working with Secretary Locke. The Commerce Department is perfectly suited to work with the private sector to implement the NSTIC. In addition, there are other departments and agencies with strategic roles to play as well. Above all though, we look to the leadership of the private sector. Therein lies the key to success. Now is the time to move forward with our shared vision of a better, more secure cyberspace.

Why NSTIC Matters

The policy that the United States government makes towards the Internet has the potential to affect every person online in 2011, as advocates know, so how this is carried out bears close watching. The Center for Democracy and Technology filed key comments on NSTIC last year, including a key issue: “We alerted the Commerce Department to our concern about NSTIC’s current focus on the use of government credentials for private transactions: A pervasive government-run online authentication scheme is incompatible with fundamental American values,” wrote Heather West regarding the cybersecurity policy proposal.

The issue is at once simple and enormously complex, as Jim Dempsey from the Center for Democracy and Technology highlighted today. Government needs a better online identity infrastructure to improve IT security, online privacy, and support ecommerce but can’t create it itself, said Dempsey, outlining the key tension present. Dempsey advocated for a solution for online identity that lies within a broader trust framework and that is codified within a baseline federal consumer privacy law.

Some of the answers to the immense challenge of securing online privacy and identity won’t be technical or legislative at all. They lie in improving the digital literacy of for online citizens. That very human reality was highlighted after the massive Gawker database breach last year, when the number of weak passwords used online became clear. Schmidt highlighted the root caused of passwords today:

The reason most people do that is because we have to worry about remembering so many different passwords and then there’s so many layers of complexity and, complexity that we have to worry about, we have different time frame. We replace them every 30-day, 60 days, 90 days and it becomes really cumbersome. And recent survey found that 46% of the people surveyed never ever have changed their passwords and 71% use the same password with over and over and over again. From reading an on-line blog to doing sensitive financial transactions.

Others answers may be founded in creating online trust frameworks, which were a key initiative in 2010 for the federal government. Multifactor authentication, where more than one forms of identity are used in transactions, will be part of that vision. Schmidt described, loosely, what that might look like.

I go to a store. I go to a grocery store in some cases. I do some level of proofing, whatever I want to wind up doing, whether it’s the lowest level or the highest level to get an online identity stored on a token. A digital identity. Whether it’s on a USB drive or whether it’s on a smart card, I have the ability to do something beyond what I’m doing now. I go to log-in to these accounts. I use the USB device, I use a smart card. I use a one time password on my mobile device that no longer puts me in a position where I’ve been in the past where I can wind up making one small mistake and paying for it for years. But then I also get the log-in to my web mail account. That credential is passed on as well. So I have the ability to do these things seamlessly without all the baggage and overhead that goes with it. But then here comes the true test – this web mail – this phishing e-mail – comes in, and working together between the token and my digital identity and the browser, it stops me from doing things that are going to be harmful. And I had the ability to control that. I have the ability to set this up. And then it keeps me from becoming a victim of fraud.

That combination of physical tokens that interface with commercial and communications infrastructure to authenticate a consumer or online user are one vision of an identity ecosystem. Given the commercial needs of the moment, it should not be a surprise that the Department of Commerce is a key player. Secretary Locke offered perspective on the challenges that face the nation in 2011. [Full unedited transcript]

Let’s flash forward to today to 2011. Nowadays the world does an estimated $10 trillion of business online. Nearly every transaction you can think of is being done over the Internet. Consumers paying their utility bills, even from smartphones. People downloading music, movies and books online. Companies from the smallest local store to bed and breakfasts, to multinational corporations, ordering goods, paying vendors, selling to customers, all around the world. All over the Internet. E-commerce sales for the third quarter of 2010 were estimated at over $41 billion, up almost 14% over last year. And early reports indicate that the recent holiday buying season saw similar growth with year over year sales up by over 13%.

But despite these ongoing successes, the reality that the Internet still faces something of a trust issue. And it will not retch its full potential until users and consumers feel more secure than they do today when they go on-line. The threats on the Internet seem to be proliferating just as fast as the opportunities. Data breaches, malware, ID theft and spam are just some of the most commonly known invasions of a user’s privacy and security. And people are worried about their personal information going out and parents, like me, are worried about unwarranted sexually explicit material coming in before their children. And the landscape is getting more complex as dedicated hackers undertake persistent targeted attacks and develop ever more sophisticated frauds.

The approach that Locke outlined will apparently be housed within the Department of Commerce, a choice that is likely relevant to the scale and growth of e-commerce online:

The end game of course, is to create an identity ecosystem where individuals and organizations can complete online transactions with greater confidence, putting greater trust in the online identities of each other, and greater trust in the infrastructure that the transactions run over. Let’s be clear, we’re not talking about a national ID card. We’re talking about a government controlled system. But what we are talking about is enhancing online security and privacy, and reducing, and perhaps even eliminating, the need to memorize a dozen password through the creation and use of more trusted digital identities. To accomplish this, we’re going to need your help. And we need the private sector’s expertise and involvement in designing, building and implementing this identity ecosystem. To succeed we’ll also need a national program office at the Department of Commerce focused on implementing our trusted identities strategy.

For more context, look back to Schmidt’s introduction of the NSTIC at the WhiteHouse.gov blog last year:

Cyberspace has become an indispensable component of everyday life for all Americans. We have all witnessed how the application and use of this technology has increased exponentially over the years. Cyberspace includes the networks in our homes, businesses, schools, and our Nation’s critical infrastructure. It is where we exchange information, buy and sell products and services, and enable many other types of transactions across a wide range of sectors. But not all components of this technology have kept up with the pace of growth. Privacy and security require greater emphasis moving forward; and because of this, the technology that has brought many benefits to our society and has empowered us to do so much — has also empowered those who are driven to cause harm.

Today, I am pleased to announce the latest step in moving our Nation forward in securing our cyberspace with the release of the draft National Strategy for Trusted Identities in Cyberspace (NSTIC). This first draft of NSTIC was developed in collaboration with key government agencies, business leaders and privacy advocates. What has emerged is a blueprint to reduce cybersecurity vulnerabilities and improve online privacy protections through the use of trusted digital identities.

The NSTIC, which is in response to one of the near term action items in the President’s Cyberspace Policy Review, calls for the creation of an online environment, or an Identity Ecosystem as we refer to it in the strategy, where individuals and organizations can complete online transactions with confidence, trusting the identities of each other and the identities of the infrastructure that the transaction runs on. For example, no longer should individuals have to remember an ever-expanding and potentially insecure list of usernames and passwords to login into various online services. Through the strategy we seek to enable a future where individuals can voluntarily choose to obtain a secure, interoperable, and privacy-enhancing credential (e.g., a smart identity card, a digital certificate on their cell phone, etc) from a variety of service providers – both public and private – to authenticate themselves online for different types of transactions (e.g., online banking, accessing electronic health records, sending email, etc.). Another key concept in the strategy is that the Identity Ecosystem is user-centric – that means you, as a user, will be able to have more control of the private information you use to authenticate yourself on-line, and generally will not have to reveal more than is necessary to do so.

This is all wonky stuff that may seem a bit dry to some readers, but it’s important. The intertwined issues of identify, security and online privacy are increasingly relevant to every citizens as more commerce, education, communication and elements of everyday life move onto the Internet and mobile infrastructure. This strategy is central to how the United States government will work with industry, nonprofits, citizens and other states to improve the status quo. On that count, Bob Gourley, CTO of Crucial Point, commented extensively on the NSTIC at CTOVision.

It won’t be easy. Supporting the creation of identity infrastructure and improvements to online privacy in the private sector has the potential to make the Internet more secure and convenient for users and consumers but could have unintended consequences if not carefully pursued. There’s a lot at stake. As the Stanford event organizers highlighted, “e-commerce worldwide is estimated at $10 trillion of business online annually.”

Wired’s Ryan Singel highlighted a key issue for the White House plan for online identity, perhaps even the fundamental one in today’s online identity landscape: Facebook.

Philip Kaplan, the outspoken founder of Blippy, AdBrite and Fucked Company, added a Silicon Valley developer voice to event’s panel, arguing that any system has to be simple to implement, so that developers working in their living room making a website can concentrate on building new features, not worrying about security.

The closest thing to that currently is Facebook Connect, which lets you use your Facebook credentials to login you in around the net and on mobile apps..

“I can put in one line of JavaScript and I have a login system,” Kaplan said. “But that doesn’t I’m not going to pay my taxes using Facebook Connect.”

Which is another way of it might be as dangerous for a single company to be the world’s online ID vault as it would for the government to handle that task.

And right now, with Facebook at 600 million users and $50 billion in valuation, that future seems much more likely than a standards-based, interoperative system built by geeks at the behest of the feds.

Whether an online trust framework can be a viable alternative to Facebook’s play to be the identity provider online is a first-order question, and one that deserved examination. Kudos to Singel for putting the event in that context.

Weekend Reading: The most recent version of the NSTIC follows. Look for more reporting, both here or at another outlet, once the final version is released.

National Strategy for Trusted Identities in Cyberspace http://d1.scribdassets.com/ScribdViewer.swf

Advice for federal agencies on social media records management [REPORT]

Posted on by

2

One of the risks and rewards for the use of Web 2.0 that came up in the July hearing on “government 2.0” technology in the House of Representatives had nothing to do with privacy, secrecy, security or embarrassment. Instead, it was a decidedly more prosaic concern, and one that is no surprise to anyone familiar with governmental institutions: record keeping. And no, this is not another story about how the Library of Congress is archiving the world’s tweets.

IBM’s Business of Government Center has released a new report on social media (PDF) records management, focusing on some best practices for harried federal employees faced with rapidly expanding troves of tweets, Facebook status updates, blog posts or wikis. For those keeping track, 22 of 24 agencies now, at the minimum, have a Facebook presence.

If you’re interested in the evolution of social media in government, a lot of what’s in here won’t be new to you. If not, the report provides a useful framework for why using social media presents headaches for federal records keeping and quite a few best practices and suggestions for mitigating them. As the preamble to the report allows, “this report does not solve the many challenges it identifies. However, it serves as a useful guide for federal managers attempting to use social media to engage citizens while meeting the statutory requirement to preserve historical records for future generations.”

If you’re still wondering what social media is at this point in 2010, Dr. Patricia Franks, the author of the report and a professor at San Jose State University in California, considers exactly that, with judicious references to experts. She offers a number of definitions and then provides her own summary: “‘social media’ encompasses a number of emerging technologies that facilitate interaction between individuals and groups both inside and outside an organization. The best return on an agency’s investment of resources in social media is realized when the goal of the social media initiative is clearly identified and clearly related to the agency’s core mission.”

And that last point is particularly interesting, and frames where much of the federal government stands at the end of 2010 well. The observation was preceded by an apt observation sourced by “insiders”: that the Obama administration’s Open Government Directive created a “Wild West” atmosphere around social media. In that content “eager individuals, embracing the freedom to innovate, moved quickly to use social media both within their departments and agencies and with the outside world. Early government enthusiasts of social media endeavored to establish a presence without first identifying a goal. Only recently have those responsible for social media initiatives begun to ask what needs to be accomplished before selecting the appropriate tool for the task.”

Some new media directors and communication staff have been aligning tools with mission for some time. Others have simply set up the accounts and then pushed updates to them. From what this correspondent hears around Washington, that “Wild West” is getting civilized, with this report representing the latest push to absorb social media into the business of government, replete with established policies, procedures and, yes, reporting standards.

“It’s not OK just to check a box and set up a Facebook page anymore,” said Cammie Croft, director of new media a the Department of Energy, last week at a forum on citizen engagement. “You have to have an idea for what you want to accomplish.” That reflects what Booz Allen social media strategist Steve Radick wrote last month, when he observed that the “new media director position is a means to an end.”

Speaking at the same event, Jack Holt, senior strategist for emerging media at the Department of Defense, reflected on how federal social media use has evolved from “no way, no how” to “accepted procedure” to “standard operating procedure.”

“These are not new tools we need to learn how to use,” he said. “It’s a new environment in which we need to live.”

As the year comes to an end, in other words, the federal government is learning how to live in the same new media world its citizens are grappling with comprehending, where “We the People” has newfound resonance. Yet again, we’re all in it together.

For more on the report, Brian Kalish has a full writeup of social media and agency records management over at NextGov.