U.S. government launches online traffic analytics dashboard for federal websites

Posted on by

3

There are roughly 1,361 .gov domains* operated by the executive branch of the United States federal government, 700-800 of which are live and in active use. Today, for the first time, the public can see how many people are visiting 300 executive branch government domains in real-time, including every cabinet department, by visiting analytics.usa.gov.

According to a post on the White House blog, the United States Digital Service “will use the data from the Digital Analytics Program to focus our digital service teams on the services that matter most to the American people, and analyze how much progress we are making. The Dashboard will help government agencies understand how people find, access, and use government services online to better serve the public – all while protecting privacy.  The program does not track individuals. It anonymizes the IP addresses of all visitors and then uses the resulting information in the aggregate.”

On Thursday morning, March 19th, tax-related services, weather, and immigration status are all popular. Notably, there’s an e-petition on the White House WeThePeople platform listed as well, adding data-driven transparency to what’s popular there right now.
analytics_usa_gov___The_US_government_s_web_traffic_

Former United States deputy chief technology officer Nick Sinai is excited about seeing the Web analytics data opened up online. Writing for the Harvard Shorenstein Center, where he is currently a fellow, Sinai adds some context for the new feature:

“Making government web performance open follows the digital services playbook from the new U.S. Digital Services,” he wrote. “Using data to drive decisions and defaulting to open are important strategies for building simple and useful citizen-facing digital services. Teal-time and historical government web performance is another example of how open government data holds the promise of improving government accountability and rebuilding trust in government.”

Here’s what the U.S. digital services team says they’ve already learned from analyzing this data:

Here’s what we’ve already learned from the data:

  • Our services must work well on all devices. Over the past 90 days, 33% all traffic to our sites came from people using phones and tablets. Over the same period last year, the number was 24%. Most of this growth came from an increase in mobile traffic. Every year, building digital services that work well on small screens becomes more important.
  • Seasonal services and unexpected events can cause surges in traffic. As you might expect, tax season is a busy time for the IRS. This is reflected in visits to pages on IRS.gov, which have more than tripled in the past 90 days compared with the previous quarter. Other jumps in traffic are less easy to predict. For example, a recently-announced settlement between AT&T and the Federal Trade Commissiongenerated a large increase in visits to the FTC’s website. Shortly after the settlement was announced, FTC.gov had four times more visitors than the same period in the previous year. These fluctuations underscore the importance of flexibility in the way we deploy our services so that we can scale our web hosting to support surges in traffic as well as save money when our sites are less busy.
  • Most people access our sites using newer web browsers. How do we improve digital services for everyone when not all web browsers work the same way? The data tells us that the percentage of people accessing our sites using outdated browsers is declining steadily. As users adopt newer web browsers, we can build services that use modern features and spend less time and money building services that work on outdated browsers. This change will also allow us to take advantage of features found in modern browsers that make it easier to build services that work well for Americans with disabilities, who access digital services using specialized devices such as screen readers.

If you have ideas, feedback or questions, the team behind the dashboard is working in the open on Github.

Over the coming months, we will encourage more sites to join the Digital Analytics Program, and we’ll include more information and insights about traffic to government sites with the same open source development process we used to create the Dashboard. If you have ideas for the project, or want to help improve it, let us know by contributing to the project on GitHub or emailing digitalgov@gsa.gov.

That last bit is notable; as its true all of the projects that 18F works on, this analytics dashboard is open source software.

There are some interesting additional details in 18F’s blog post on how the analytics dashbard was built, including the estimate that it took place “over the course of 2-3 weeks” with usability testing at a “local civic hacking meetup.”

First, that big number is made from HTML and D3, a Javascript library, that downloads and render the data. Using open standards means it renders well across browsers and mobile devices.

Second, 18F made an open source tool to manage the data reporting process called “analytics-reporter” that downloads Google Analytics reports and transforms that data into JSON.

Hopefully, in the years ahead, the American people will see more than the traffic to .gov websites: they’ll see concrete performance metrics like those displayed for the digital services the United Kingdom’s Government Digital Services team publishes at gov.uk/performance, including uptime, completion rate and satisfaction rate.

In the future, if the public can see the performance of Heathcare.gov, including glitches, or other government digital services, perhaps the people building and operating them will have more accountability for uptime and quality of service.

White House hosts “Open Government Workshop” during Sunshine Week

Posted on by

2

Yesterday, the White House hosted an “Open Government Workshop” in Washington, DC, a portion of which was livestreamed at though whitehouse.gov. The workshop was the kickoff event for planning the third United States Open Government National Action Plan for the Open Government Partnership.

Archived video is embedded below, including remarks from Megan Smith, the U.S. chief technology officer, Gayle Smith, a special assistant to the President and senior director at the National Security Council, and Tom Malinowski, the assistant secretary of state for democracy, human rights and labor. T

Some of the participants in the workshop shared pictures of the event coupled with brief observations on Twitter, but little of substance regarding the participants or the outcomes of their discussions has been released to the public to date.

https://twitter.com/mheadd/status/577894164387524608

Editor’s Note: Where social media falls short of sunshine

Shinning a light today on public participation in government thru social media! #opengov

A photo posted by Laura Cohen (@lauraandotis) on Mar 17, 2015 at 2:13pm PDT

Ironically, given that the event took place during Sunshine Week, the open government workshop was not open to the public or the press. While a user of the White House open government Twitter account encouraged its followers to “share ideas” and “keep the dialogue going,” the choice to use the #SunshineWeek hashtag effectively meant that the backchannel for the event was swamped with news of the White House’s decision to officially remove a regulation that subjected its Office of Administration to the Freedom of Information Act, the news of which broke on Freedom of Information Day in the United States. The administration’s legal reasoning is based upon a 2009 federal court decision that ruled the office was not subject to FOIA. In the Federal Register notice of the final rule, the administration hold that “The Office of Administration, as an entity whose sole function is to advise and assist the President of the United States, is not an agency under the Freedom of Information Act or the Privacy Act of 1974, nor does its implementation of Executive Order 13526 affect members of the public.”

The White House indicated that they will “absolutely” share more info about the workshop in the future.

https://twitter.com/mheadd/status/577912018482659328

UPDATE: OpenTheGovernment.org is helping to coordinate the public-facing aspect of the civil society consultation. They’re asking the public to contribute to a model National Action Plan. You can learn more and, after reading the guidelines, submit your own commitment online.

UPDATE II: In a followup post, the White House shared a link to a collaborative online document where the notes from the workshop were posted online for comment.

UCS: Progress on public access to U.S. government scientists, but serious issues remain

Posted on by

1

A new report (PDF) from the Union of Concerned Scientists found some improvements on the freedom of government scientists to speak, including their use of social media, but that significant impediments to unimpeded access also remain. The report, which included the scorecard pictured below, was published during Sunshine Week, the annual celebration of the People’s right to know what government does on their behalf. According to the report:

“Progress has continued since the 2013 report, with a majority of agency policies now including key provisions such as the right to state personal views, whistleblower provisions, and a dispute resolution process. On the social media front, where five agencies in the 2013 analysis had no social media policy at all, that number in the 2015 report has shrunk to just one.

However, most agency policies still lack important provisions such as right of last review and access to drafts and revisions. And while nearly all the agencies now have social media policies, some of those policies are still vague or incomplete. Thus, there is still significant work to do.”

csd-transparency-ggt2015-scorecard-full

The accessibility of government scientists to journalists and the public has been a significant issue in the United States in recent years (and north of the border, in Canada), particularly in the context of climate science and other environmental issues. In September 2011, Columbia Journalism Review (CJR) published an extensive feature that found that, despite high hopes, President Barack Obama’s administration had failed to make science accessible. By 2013, there was some measurable progress in the relationship between the scientific agencies and the press, at least as measured by the 2013 version of the UCS report.

UCS made several recommendations to federal agencies improve further:

Federal agency media policies need to be stronger to offer scientists clear guidance and protections against political interference. More broadly, agencies need to put free and open communication ahead of political considerations.

  • Federal agencies should develop strong media and social media policies that grant scientists the fundamental right of scientific free speech.
  • The Office of Science and Technology Policy should assess agency progress and speak forcefully on the importance of strong and effective media and social media policies.
  • Congress should hold agency heads accountable for encouraging the free flow of scientific information to the public.
  • The president should make strong and effective agency policies on media and social media a priority.
  • Journalists should call out those agencies that block the free flow of information to the public.

The importance of media and public access to government scientists will only grow in the years ahead as more government data is released online. It’s crucial for the press and the public to be able to contact the people who create, maintain and understand these databases when they create acts of journalism based upon them.

National Security Archive finds 40% E-FOIA compliance rate in federal government agencies

Posted on by

1

underConstruction

For Sunshine Week 2015, the National Security Archive​ conducted an audit of how well 165 federal government agencies in the United States of America comply with the E-FOIA Act of 1996. They found that only 67 of them had online libraries that were regularly updated with a significant number of documents released under the Freedom of Information Act. The criteria for the 165 agencies were that they had to have a chief Freedom of Information Officer and components that handled more than 500 FOIA requests annually.

Almost a decade after the E-FOIA Act, that’s about a 40% compliance rate. I wonder if the next U.S. Attorney General or the next presidential administration will make improving on this poor performance priority. It’s important for The United States Department of Justice​ to not only lead by example but push agencies into the 21st century when it comes to the Freedom of Information Act.

It would certainly help if Congress passed FOIA reform.

On that count, the Archive highlights a relevant issue in the current House and Senate FOIA reform bills in Congress: the FOIA statute states that documents that are “likely to become the subject of subsequent requests” should be published electronic reading rooms:

“The Department of Justice’s Office of Information Policy defines these records as “frequently requested records… or those which have been released three or more times to FOIA requesters.” Of course, it is time-consuming for agencies to develop a system that keeps track of how often a record has been released, which is in part why agencies rarely do so and are often in breach of the law. Troublingly, both the current House and Senate FOIA bills include language that codifies the instructions from the Department of Justice.

The National Security Archive believes the addition of this “three or more times” language actually harms the intent of the Freedom of Information Act as it will give agencies an easy excuse (“not requested three times yet!”) not to proactively post documents that agency FOIA offices have already spent time, money, and energy processing. We have formally suggested alternate language requiring that agencies generally post “all records, regardless of form or format that have been released in response to a FOIA request.”

This is a point that Members of Congress should think through carefully as they take another swing at reform. As I’ve highlighted elsewhere, FOIA requests that industry make are an important demand signal to show where data with economic value lies. (It’s also where the public interest tends to lie, with respect to FOIA requests from the media.)

While it’s true that it would take time and resources to build and maintain a system that tracks such requests by industry, there should already be a money trail from the fees paid to the agency. If FOIA reform leads to modernizing how it’s implemented, perhaps tying FOIA.gov to Data.gov might finally take place. The datasets are the subject of the most FOIA requests are the ones that should be prioritized for proactive disclosure online.

Adding a component that identifies which data sets are frequently requested, particularly periodically, should be a priority across the board for any administration that seeks to “manage information as an asset.” Adding the volume and periodicity of requests to the expanding national enterprise data inventory might naturally follow. It’s worth noting, too, that reform of the FOIA statute may not be necessary to achieve this end, if the 18F team working on modernizing FOIA software worked on it.

[STAT] State Department employees made .004% of email sent in 2013 into public records

Posted on by

0

Window_and_Hillary_Clinton_Not_Alone_in_Using_Private_Emails_to_Govern_-_Tech_-_GovExec_com

According to a new report from U.S. Department of State’s Office of the Inspector General, agency employees sent more than 1 billion emails, of which they made just 41,649 of them into public records.

That’s about 0.004% of them, by my rough calculation.

It’s a minuscule number, which probably why The Daily Beast ran a post reporting “only .00006% of State Department emails are preserved.”

While their calculation looks off by orders of magnitude, this tiny percentage still translates into members of the civil and foreign service entering almost none of their emails into archiving systems.

While the story hardly need it, this adds more interesting context to former Secretary of State Hillary Clinton’s decision to designate roughly 50% of her personal email as public records.

As Sunlight Foundation policy director John Wonderlich commented in Politico, this IG report undermines her argument that her emails with State Department workers were preserved on their end.

“Her justification around FOIA requests and around preservation became that most of the documents were cc’d or sent to .gov or state.gov addresses used by employees and therefore were preserved and accessible to requests, ” said Wonderlich “This [report] suggests that is not reliable at all.”

For more, read Josh Gerstein report exploring the broader ramifcations of the watchdog report on Clinton’s defense at greater length.

White House moves WhiteHouse.gov to HTTPS by default, tying privacy to security

Posted on by

2

The_White_House-https

A .gov website that uses HTTPS encryption by default for its visitors is a superb example of “privacy by design.” On March 6th, the Federal Trade Commission enabled encryption for FTC.gov. When I visited whitehouse.gov tonight, I found that the White House digital team had flipped the site for what’s likely the most prominent government website in the world. The White House Web team confirmed the change just after midnight.

According to Leigh Heyman, director of new media technologies at the White House, over the next few days, the team be migrating other domains, like the bare domain name, whitehouse.gov, and m.whitehouse.gov, over to HTTPS as well, joining http://www.whitehouse.gov.

“Americans care about their privacy, and that’s what the White House’s move to HTTPS by default is about,” said Eric Mill, an open government software engineer at 18F. “The White House’s use of HTTPS protects visitors’ personal information and browsing activity when they connect to whitehouse.gov across the vast, unpredictable network of computers that is the internet.”

If you’re unfamiliar with HTTPS, it’s a way of encrypting the way you connect to a Web server online. Specifically, HTTPS refers to layering the Hypertext Transfer Protocol (HTTP) on top of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS). What that means in practice is that your requests to the Web server and the pages results from it are encrypted and decrypted. Why does that matter? Consider, for instance, if someone is looking up sensitive health information online and visits a government website without HTTPS that also has data collection.

“Use of https is generally considered to be good practice, however, as opposed to unencrypted, regular http, although it adds a small amount of extra processing and delay to do the encryption,” commented Eugene Spafford, a Purdue University computer science professor and founder and executive director of the Center for Education and Research in Information Assurance and Security.

“HTTPS primarily provides three things: greater authentication, stream privacy, and message integrity. A quick look at the site doesn’t reveal (to me) anything that would likely require privacy or heightened message integrity. The most immediate consequence is that parties connecting to the website can have increased confidence of the site’s authenticity because a signed certificate will be employed. Of course, most people don’t actually verify certificates and their roots (cf. Superfish), so this isn’t an ironclad identification.”

Why does this matter?

“This immediately creates a strong baseline of privacy and security for anyone in the world, American or otherwise, who visits the White House website — whether to read their blog, learn more about the President, download official policies, or anything else inside whitehouse.gov,” said Mill.

“At a basic level, what a person sees and does on whitehouse.gov should be between them and the White House. When someone reads official policies published on whitehouse.gov, they should be confident that policy is real and authentic. The White House’s use of HTTPS by default means those promises just got a lot stronger.”

Ashkan Soltani, the FTC’s chief technologist, explained why that federal agency shifted at the Tech@FTC blog:

As a quick primer, HTTPS encryption secures your communications while in transit with websites so that only you and the website are able to view the content. The lock icon now appearing in your browser represents that the communication is encrypted and eavesdroppers are unable to look in. At this time, secure browsing is generally not a requirement for federal websites, but it is considered an industry best practice. Transit encryption is an important safeguard against eavesdroppers and has been the subject of previous investigations where we alleged companies failed to live up to their security promises when collecting personal information. It’s an important step when websites or apps collect personal information, and is a great best practice even if they don’t.

What broader trends does this tap into?

The White House moving to HTTPS is part of a larger move to lead by example in promoting privacy and security best practices, related Soltani, over email.

“I believe we’ll see a slow shift over the next few years of websites and services moving to HTTPS by default,” he said, “something a number of standards bodies including ISOC, IETF, and IAB have also called for.”

Along with FTC.gov, Mill highlighted the Privacy and Civil Liberties Oversight Board (PCLOB), the independent agency charged with balancing the rights of American citizens against the security steps taken in the wake of the terrorist attacks of 9/11, to HTTPS.

They’re far from alone: “Last month, 18F worked with 19 other .gov domains to go the distance to ensure browsers would always connect to them over HTTPS,” said Mill.

“Tt’s important to understand that what’s happening now in the federal government is what the broader internet has been working on for a while: making privacy the default.

The standards bodies that guide the internet’s development are recommending that the internet be encrypted by default, instructing their working groups to prioritize encryption in new protocol development, and declaring a more secure future for the web. The fastest versions of HTTP today already require encryption in major browsers, and it’s becoming easier to imagine a future where web browsers proactively warn users about unencrypted websites.

This is also why every .gov that 18F builds with its partner agencies uses HTTPS, full stop. We work hard to demonstrate that HTTPS can be fast, inexpensive, and easy. It’s a better future, and a practical one.”

The kind of privacy and security the White House is offering its visitors is what we should come to expect from the entire web, not just websites someone thinks are “sensitive”. All Web browsing is sensitive, and the White House’s leadership here reinforces that.”

It looks like Chris Soghoian, the principal technologist at the Speech, Privacy and Technology Project in the American Civil Liberties Union, is going to have a good day tomorrow.

While the Obama administration has taken its lumps on digital privacy after revelations of bulk surveillance of the Internet backbone by the National Security Agency, this is undeniably an important step towards securing the traffic of millions of people who visit whitehouse.gov every month.

Now that the White House is leading by example, hopefully other federal, state and local government entities will also adopt the standard.

“Everyone should want a simple feeling of privacy as they use the web, and confidence that they’re at the real and exact website they meant to visit,” said Mill. “While not everyone is highly attuned to watching for that padlock in their browser, the more websites that add it — especially high profile ones like the White House — the more that people can depend on that promise being met.”

Could Hillary Clinton’s email account galvanize Congress to pass FOIA reform?

Posted on by

1

IMG_1992It’d be swell if the flap over former Secretary of State Hillary Clinton’s personal email account catalyzed the passage of Freedom of Information Act reform in Congress. Trevor Timm, executive director of the Freedom of the Press Foundation, laid out a strong case in the Guardian today for why both sides of the aisle should support reform:

Instead of both parties competing over who can be more secretive, like they did in the 2012 presidential campaign, this is also a great opportunity for 2016 presidential candidates to debate about who can deliver the most transparent White House. That doesn’t mean just voluntarily releasing emails you want the public to see – though that’s a start – but implementing lasting policy changes and laws that will change the trajectory of US secrecy law, which has grown out of control in the past decade.

The challenge is that the interests that didn’t want that reform to happen, both inside and outside of government, aren’t going to go away, from the financial industry to government agencies.

As readers no doubt recall, FOIA reform bills passed the U.S. Senate and House *unanimously* last year and yet failed to become law.

The pushback is already (quietly) happening in Congress, as reported last week in E&E publishing:

“I think a number of the agencies are probably concerned. This is the impression that I get: They think that you shouldn’t have this presumption that things should be revealed. In other words, there should be more of a screening process,” [Representative Elijah] Cummings said. “It’s hard for them to just come outright and say, ‘No, we don’t like that, we’re not going to do it.’ But I get that impression that they don’t feel that people need to have access to every record.”

Asked whether he or other lawmakers have heard from agencies regarding his bill, Cummings said their concerns about FOIA are more subtly made to Congress.

“In general, in general. But I don’t think it’s a big push, but that’s just the impression I get,” said the ranking member on the House Oversight and Government Reform Committee.

That doesn’t mean that reform won’t happen, or that it couldn’t be a political winner for members of both parties, particularly Republican Senators who aspire to higher office. This year, editorial boards are more outspoken on the issue and transparency could, once again, be a campaign issue. Here’s hoping that’s enough to lead to Congress enacting FOIA reform the country needs, not a watered down bill.

What Hillary Clinton’s private email account tells us about secrecy, security and transparency

Posted on by

0

In 2009, a confirmed secretary of state enters the office on the first day and is offered a State Department email address. Why in the world would Hillary Clinton not use it, given the context of millions of emails gone missing from the previous administration?

Or, if she chose to intentionally follow the practice of former Secretary of State Colin Powell in using a personal email address for government business and registered clintonmail.com, would she not ensure that all email related to government business was forwarded and preserved? Using Occam’s Razor, it’s hard not to conclude that Secretary Clinton was intentionally not complying with the Federal Records Act, as the headline by New York Times suggests

It goes without saying that the Secretary of State of the United States conducts some of the most sensitive diplomatic communications imaginable, although one would presume that the most sensitive of those would not flow over email. Security is an issue. And it’s worth noting that Clinton’s use of a personal email account was known in 2013. What the public didn’t know that no state.gov email account was used, although presumably hdr22@clintonemail.com ended up in a few diplomats inboxes.

Window_and_Hillary_Clinton_Not_Alone_in_Using_Private_Emails_to_Govern_-_Tech_-_GovExec_comWhile the former Secretary of State may have the highest profile, Hillary Clinton is not alone among federal workers in using a private email account:

“A new survey of high-level agency executives from Government Executive Media Group’s research arm shows that the practice appears relatively common, even though it likely violates the 1950 Federal Records Act, as updated to reflect the digital age.

Thirty-three percent of 412 respondents to the mid-February online survey by the Government Business Council confirmed that personnel in their agency use personal email for government business at least sometimes, 15 percent said employees use it always or often and 48 percent said colleagues use it rarely or never.”

This isn’t a partisan issue, though it will be made into one in the days and, presumably, campaign ahead. It’s worth noting at this point the use of personal email accounts or mobile devices to avoid public records retention is an issue at all levels of government, in both major parties in the USA and beyond. Comments about other politicians doing this don’t excuse the practice.

At minimum, not ensuring that the email archived would seem to display a basic lack of respect for preserving the record of business done on the public’s behalf. At worst, it’s deliberate avoidance of discoverability of communications with foreign world leaders and private entities from Freedom of Information Act requests and Congressional investigations. Update: On Wednesday, the New York Times reported that using this personal email account led to thwarted public records requests, with an additional detail: the State Department had no access to Secretary Clinton’s emails. There is no question, in other words, that not preserving the emails on state.gov servers under the Federal Records Act led to less accountability.

Was it illegal? On the one hand, the presidential records law Congress passed and President Obama signed didn’t come into force until after Secretary Clinton left office. On the other,  Laura Diachenko, a spokesperson for the National Archives and Records Administration, told the New York Times that federal regulations have stated since 2009 that “agencies that allow employees to send and receive official electronic mail messages using a system not operated by the agency must ensure that federal records sent or received on such systems are preserved in the appropriate agency record-keeping system.”

White House spokesman Josh Earnest also said that “when there are situations where personal email accounts are used, it is important for those records to be preserved consistent with the Federal Records Act.”

There’s at least five more questions that deserve answers.

All that said, I find it hard to fathom how her staff, the rest of the State Department, and White House officials did not raise red flags about the use of this email address or ask about how the messages were being preserved.

While there may be good reasons not to archive every email, call, note, txt, tweet, Whatsapp or Snapchat sent by a government official, I find it difficult not to argue that the primary email account used by a Secretary of State to conduct business should not be archived in its entirety for the historic record.

One solution to “transparency theater:” If the deliberations or diplomacy shared electronically or otherwise are sufficiently sensitive to raise concerns, let them be held for 5 or 10 or 20 or even 50 years before they are released in un-redacted form. Personal notes, jokes and mundane messages will also offer insight for the historic record.

On security

Putting adherence to public records laws and open government aside, the integrity of these communications bears scrutiny of its own. “The focus here really needs to be on the information-security piece,” said Chris Soghoian, principal technologist with the American Civil Liberties Union, told National Journal.

“It’s irresponsible to use a private email account when you are the head of an agency that is going to be targeted by foreign intelligence services.”

How safe were Clinton’s emails? The short answer is that we don’t know yet.

Update: The Associated Press reported on March 5 that clintonemail.com was hosted and run in Mrs. Clinton’s home in Chappaqua, New York. If so, choice would have positive and negative consequences for security:

Operating her own server would have afforded Clinton additional legal opportunities to block government or private subpoenas in criminal, administrative or civil cases because her lawyers could object in court before being forced to turn over any emails. And since the Secret Service was guarding Clinton’s home, an email server there would have been well protected from theft or a physical hacking.

But homemade email servers are generally not as reliable, secure from hackers or protected from fires or floods as those in commercial data centers. Those professional facilities provide monitoring for viruses or hacking attempts, regulated temperatures, off-site backups, generators in case of power outages, fire-suppression systems and redundant communications lines.

According to the AP, Clinton’s private email account was reconfigured in November 2012 to use Google’s servers as a backup, and then reconfigured again to use MX Logic until July 2013.

The New York Times repeated the same assertion in a followup story, reporting that “In earlier years, Mrs. Clinton’s account at clintonemail.com was connected to a server registered to the Clintons’ Chappaqua home in the name of Eric P. Hothem.”

Update: David Gewirtz, however, argued that Clinton probably did not have an email server in her basement. His hypothesis is that the AP and the New York Times somehow mistook the address in related to the clintoenmail.com domain registry for the physical location of the server and then reported it as a “homebrew” server.

Today, “Clinton is clearly using two cloud services for at least some of her email management: Google and MX Logic,” wrote Gewirtz. “A physical server associated with her MX records is being operated by a managed services firm. Therefore, the premise that she’s trying to lock down all her email, protected physically inside her own house so posterity can’t get to it, seems unlikely.”

As Gewirtz noted in a followup post on “EmailGate,” that would create a myth that “Clinton was running her private email account on equipment in her home in New York” which will live on, particularly as it is repeated in subsequent media accounts.

Update: While a statement subsequently released by Clinton’s office after a press conference regarding her email practices only confirmed that it was on her property, an anonymous source identified as a “Clinton ally” who was “familiar with her e-mail practices” confirmed to the Washington Post that she “used a server housed at her private home in Chappaqua, N.Y.”

The State Department told Vice Media that it has “no indication that [Clinton’s] emails were compromised,” and added that, in past interviews, Clinton “referenced an awareness of security protocols for her email use.”

“We have no indication that Secretary Clinton used her personal email account for anything but unclassified purposes,” a State Department representative told Jason Koebler. “While Secretary Clinton did not have a classified email system, she did have multiple other ways of communicating in a classified manner (assistants printing documents for her, secure phone calls, secure video conferences).

We don’t know that much about the security behind clintonemail.com, other than the apparent involvement of MX Logic, a managed email provider, or whether the former secretary of state used encryption.

Clay Johnson suggested that the private account may well have been more secure than the State Department’s system for unclassified email, which has been compromised for an unclear length of time.

According to a Stanford computer science researcher Jonathan Mayer, however, “this personal address couldn’t securely receive email,” and neither could a State Department address:

Why this stuff matters, however, isn’t hard to understand:

“If the personal communications of heads of state weren’t interesting, then governments wouldn’t monitor them,” said Soghoian. “This is the easiest thing for the intelligence services to target.”

Update: According to a security expert consulted by Bloomberg News, Clinton’s personal email system appeared to use a commercial encryption product from Fortinet, but “when examined it used a default encryption certificate instead of one purchased specifically for Clinton’s service.” it’s worth keeping that this examination is occurring now, not from 2009-2012, when she was Secretary of State.

It’s worth noting that Bloomberg Business erred on the headline regarding Hillary Clinton’s personal email system, although the details regarding encryption are interesting. Insecure email is by definition not private, certainly when you’re talking about the capabilities intelligence services of nation states.

Gawker also published the opinions of several IT security experts regarding the safety of Clinton’s email, based upon the current state of the systems.

The legacy of Google+: Google’s Internet backbone for digital identity

Posted on by

1

aggregate-trends-Q414

The news that Google would be splitting Google+ into Streams, Photos and communication has already led to dozens of articles opining about what went wrong in the search giant’s pursuit of social media. Someday, Google Hangouts and Google Talk may become part of a wireless service from Google.

One challenge for judging its success or failure is that the majority of media accounts and analysis of Google+ always compared it to Facebook. That comparison is not entirely unreasonable, given reports about how Google executives were concerned about the rise of the world’s largest social network in 2011. If Google was trying to “play catchup” after having missed social, and Facebook is the leader, how can someone not compare the efforts?

If you looked at Google+ in terms of the ability of its social stream to attract and retain the attention and participation of a billion users for an hour every day, as Facebook does, it’s hard to argue that it succeeded. If you compared the time people spend on Plus +1’ing, sharing and commenting to Facebook, Pinterest, Tumblr or Twitter, Google’s effort paled.

No doubt because of my former colleague Edd Dumbill, however, I’ve always thought of Google+ as a social backbone for all of Google’s products, not simply a destination. Google+ was a way of associating an identity for hundreds of millions of users across applications and services.

When viewed in that context, it may be that Google+ is much more successful than many people have yet realized: according to Federal News Radio, the U.S. General Services Administration has quietly added Google to the list of identity providers that the federal government has authorized to provide secure digital credentials for logging into digital services. Today, it looks like Google will be be part of the federated identity strategy that could allow U.S. citizens to renew passports online, download personal heath data and reserve campground sites in the years ahead.

Even if “Streams” does end up going away, look for Google’s identity layer to endure and mature across all of its products and services, from Documents to Maps. In 2015, being able to confirm that you’re not a dog on the Internet can sometimes be useful, too.

[Image Source: JanRain social login trends]

In a step towards sunlight, United States begins to publish a national data inventory

Posted on by

1

20130929-142228.jpg
Last year, a successful Freedom of Information request for the United States enterprise data inventory by the Sunlight Foundation was a big win for open government, nudging Uncle Sam towards a better information policy through some creative legal arguments. Today, the federal government started releasing its enterprise indices at data.gov. You can browse the data for individual agencies, like the feed for the Office for Personnel Management, using a JSON viewer like this one.

“Access to this data will empower journalists, government officials, civic technologists, innovators and the public to better hold government accountable,” said Sunlight Foundation president Chris Gates, in a statement. “Previously, it was next to impossible to know what and how much data the government has, and this is an unprecedented window into its internal workings. Transparency is a bedrock principle for democracy, and the federal government’s response to Sunlight’s Freedom of Information request shows a strong commitment to open data. We expect to see each of these agencies continue to proactively release their data inventories.”

Understanding what data an organization holds is a critical first step in deciding how it should be stored, analyzed or published, shifting towards thinking about data as an asset. That’s why President Barack Obama’s executive order requiring federal agencies to catalog the data they have was a big deal. When that organization is a democratic government and the data in question was created using taxpayer funds, releasing the inventory of the data sets that it holds is a basic expression of open and accountable government.