White House moves WhiteHouse.gov to HTTPS by default, tying privacy to security

The_White_House-https

A .gov website that uses HTTPS encryption by default for its visitors is a superb example of “privacy by design.” On March 6th, the Federal Trade Commission enabled encryption for FTC.gov. When I visited whitehouse.gov tonight, I found that the White House digital team had flipped the site for what’s likely the most prominent government website in the world. The White House Web team confirmed the change just after midnight.

According to Leigh Heyman, director of new media technologies at the White House, over the next few days, the team be migrating other domains, like the bare domain name, whitehouse.gov, and m.whitehouse.gov, over to HTTPS as well, joining http://www.whitehouse.gov.

“Americans care about their privacy, and that’s what the White House’s move to HTTPS by default is about,” said Eric Mill, an open government software engineer at 18F. “The White House’s use of HTTPS protects visitors’ personal information and browsing activity when they connect to whitehouse.gov across the vast, unpredictable network of computers that is the internet.”

If you’re unfamiliar with HTTPS, it’s a way of encrypting the way you connect to a Web server online. Specifically, HTTPS refers to layering the Hypertext Transfer Protocol (HTTP) on top of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS). What that means in practice is that your requests to the Web server and the pages results from it are encrypted and decrypted. Why does that matter? Consider, for instance, if someone is looking up sensitive health information online and visits a government website without HTTPS that also has data collection.

“Use of https is generally considered to be good practice, however, as opposed to unencrypted, regular http, although it adds a small amount of extra processing and delay to do the encryption,” commented Eugene Spafford, a Purdue University computer science professor and founder and executive director of the Center for Education and Research in Information Assurance and Security.

“HTTPS primarily provides three things: greater authentication, stream privacy, and message integrity. A quick look at the site doesn’t reveal (to me) anything that would likely require privacy or heightened message integrity. The most immediate consequence is that parties connecting to the website can have increased confidence of the site’s authenticity because a signed certificate will be employed. Of course, most people don’t actually verify certificates and their roots (cf. Superfish), so this isn’t an ironclad identification.”

Why does this matter?

“This immediately creates a strong baseline of privacy and security for anyone in the world, American or otherwise, who visits the White House website — whether to read their blog, learn more about the President, download official policies, or anything else inside whitehouse.gov,” said Mill.

“At a basic level, what a person sees and does on whitehouse.gov should be between them and the White House. When someone reads official policies published on whitehouse.gov, they should be confident that policy is real and authentic. The White House’s use of HTTPS by default means those promises just got a lot stronger.”

Ashkan Soltani, the FTC’s chief technologist, explained why that federal agency shifted at the Tech@FTC blog:

As a quick primer, HTTPS encryption secures your communications while in transit with websites so that only you and the website are able to view the content. The lock icon now appearing in your browser represents that the communication is encrypted and eavesdroppers are unable to look in. At this time, secure browsing is generally not a requirement for federal websites, but it is considered an industry best practice. Transit encryption is an important safeguard against eavesdroppers and has been the subject of previous investigations where we alleged companies failed to live up to their security promises when collecting personal information. It’s an important step when websites or apps collect personal information, and is a great best practice even if they don’t.

What broader trends does this tap into?

The White House moving to HTTPS is part of a larger move to lead by example in promoting privacy and security best practices, related Soltani, over email.

“I believe we’ll see a slow shift over the next few years of websites and services moving to HTTPS by default,” he said, “something a number of standards bodies including ISOC, IETF, and IAB have also called for.”

Along with FTC.gov, Mill highlighted the Privacy and Civil Liberties Oversight Board (PCLOB), the independent agency charged with balancing the rights of American citizens against the security steps taken in the wake of the terrorist attacks of 9/11, to HTTPS.

They’re far from alone: “Last month, 18F worked with 19 other .gov domains to go the distance to ensure browsers would always connect to them over HTTPS,” said Mill.

“Tt’s important to understand that what’s happening now in the federal government is what the broader internet has been working on for a while: making privacy the default.

The standards bodies that guide the internet’s development are recommending that the internet be encrypted by default, instructing their working groups to prioritize encryption in new protocol development, and declaring a more secure future for the web. The fastest versions of HTTP today already require encryption in major browsers, and it’s becoming easier to imagine a future where web browsers proactively warn users about unencrypted websites.

This is also why every .gov that 18F builds with its partner agencies uses HTTPS, full stop. We work hard to demonstrate that HTTPS can be fast, inexpensive, and easy. It’s a better future, and a practical one.”

The kind of privacy and security the White House is offering its visitors is what we should come to expect from the entire web, not just websites someone thinks are “sensitive”. All Web browsing is sensitive, and the White House’s leadership here reinforces that.”

It looks like Chris Soghoian, the principal technologist at the Speech, Privacy and Technology Project in the American Civil Liberties Union, is going to have a good day tomorrow.

While the Obama administration has taken its lumps on digital privacy after revelations of bulk surveillance of the Internet backbone by the National Security Agency, this is undeniably an important step towards securing the traffic of millions of people who visit whitehouse.gov every month.

Now that the White House is leading by example, hopefully other federal, state and local government entities will also adopt the standard.

“Everyone should want a simple feeling of privacy as they use the web, and confidence that they’re at the real and exact website they meant to visit,” said Mill. “While not everyone is highly attuned to watching for that padlock in their browser, the more websites that add it — especially high profile ones like the White House — the more that people can depend on that promise being met.”

Privacy and Civil Liberties Report Finds NSA bulk phone records program illegal and ineffective

Earlier this afternoon, I emailed info@pclob.gov in search of the report that the New York Times  and Washington Post had obtained and reported upon this morning. 2 hours later, I received a response: www.pclob.gov. There, visitors can now find, download and read a “Report on the Telephone Records Program Conducted under Section 215 of the USA PATRIOT Act and on the Operations of the Foreign Intelligence Surveillance Court” and separate statements by Elisebeth Collins Cook  Rachel Brand. As Charlie Savage and Ellen Nakashima reported, Cook and Brand dissented from the report’s recommendation to end the collection of phone records under the 215 programs of the USA Patriot Act.

The privacy and civil liberties board’s report is strongly critical of the impact that mass surveillance has upon the privacy and civil liberties of American citizens, along with billions of other people around the world.

“The Section 215 bulk telephone records program lacks a viable legal foundation under Section 215, implicates constitutional concerns under the First and Fourth Amendments, raises serious threats to privacy and civil liberties as a policy matter, and has shown only limited value. As a result, the Board recommends that the government end the program.”

PCLOB Board Members meet with President Obama on June 21, 2013​. Photo by Pete Souza.

PCLOB Board Members meet with President Obama on June 21, 2013​. Photo by Pete Souza.

While President Obama met with the board and heard their recommendations prior to his speech last week, his administration is disputing its legal analysis.

“We disagree with the board’s analysis on the legality,” said Caitlin Hayden, spokeswoman for the White House National Security Council, in an e-mail to Bloomberg News. “The administration believes that the program is lawful.”

House Intelligence Committee Chairman Mike Rogers (R-MI) was also critical of the report’s findings. “I am disappointed that three members of the Board decided to step well beyond their policy and oversight role and conducted a legal review of a program that has been thoroughly reviewed,” he said in a statement.

The Electronic Frontier Foundation hailed the report as a vindication of its position on the consitutionality of the programs.

“The board’s other recommendations—increasing transparency and changing the FISA court in important ways—similarly reflect a nearly universal consensus that significant reform is needed,” wrote Mark Rumold, a staff attorney. “In the coming weeks, PCLOB is set to release a second report addressing the NSA’s collection under Section 702 of the FISA Amendments Act. We hope that the board will apply similar principles and recognize the threat of mass surveillance to the privacy rights of all people, not just American citizens.”

IRS enables Americans to download their tax transcripts over the Internet

UPDATE: This service was taken offline after IRS security was compromised.

UPDATE: Learn how to download your tax transcript from IRS.gov.

button_online_transcript

Earlier today, at the White House Education Datapalooza, an official from the United States Department of the Treasury informed a packed theater and livestream that students, parents and citizens would finally be able to do something simple and profoundly useful over the Internet: download a transcript of their tax return from the Internal Revenue Service.

“I am very excited to announce that the IRS has just launched, this week, a transcript application which will give taxpayers the ability to view, print, and download tax transcripts,” said Katherine Sydor, a policy advisor in the Office of Consumer Policy of the Treasury, “making it easier for student borrowers to access tax records he or she might need to submit loan applications or grant applications.” [VIDEO]

Previously, filers could request a copy of the transcript (not the full return) but would have to wait 5-10 business days to receive it in the mail. For people who needed more rapid access for applications, the delay could be critical. A White House fact sheet subsequently confirmed the news, under the rubric of “streamlining application paperwork,” and a quick follow up with an official secured the correct URL for the new IRS Web application to get a tax transcript.

irs-transcript

I created an account, which involved jumping through the  hoops familiar from establishing online access bank accounts — choosing pass phrase, pass image and security questions — and then answered a number of questions that made it pretty clear that the IRS knew exactly who I was and where I had lived. (It’s not clear whether they hold this information or used a credit bureau, from the consumer-side.)

When I tried to actually download the transcript, though, I ran into some issues: first, a browser error in Chrome — “This XML file does not appear to have any style information associated with it. The document tree is shown below.” Using Firefox, however, I was able to at least get the page where I could choose from various years of transcripts.

irs-transcript-purposes

Unfortunately, clicking any of the links delivered a file that my Macbook was unable to parse. I was, however, able to log into IRS.gov and easily download last year’s tax return with one click to my iPhone. Success!

While the technical problems I ran into suggest that Apple computer users might run into some issues, I have a funny feeling that (the vast majority) of people who are running Internet Explorer on a Windows machine will fare better.

The fact that American citizens could not access their own tax returns online in 2014 might seem jarring but, until this week, that was the status quo. This advance represents the sort of somewhat mundane but important shift that the Obama administration’s approach to digital government have enabled over the past five years.

While the troubles behind the botched launch of Healthcare.gov have shaken the confidence of many citizens in the capacity of this administration to deliver effective digital services and months of headlines about digital surveillance by the National Security Agency have diminished trust in government overall, the ability of the “tech surge” to fix the site and the success of the technology team at the Consumer Financial Protection Bureau not only offers a guide for how to avoid similar issues but highlights a less salacious and boring reality that will generate no headlines nor heated rhetoric on cable news shows: most public officials and civil servants are quietly working to deliver better customer service for citizens.

Being able to download a tax transcript online is not, however, without risks. The Internal Revenue Service will need to continue to be vigilant about security. The new functionality will almost certainly inspire fraudsters to create mockups of the government website that look similar and then send phishing emails to consumers, urging them to “log in” to fake websites.

Perhaps most problematically, people will download tax transcripts to mobile devices and laptops and then not take steps to protect them with encryption. If you do download your transcripts or personal health information, make sure to also install full disk encryption on every machine you own. Leaving your files unprotected there is like leaving the door to your house unlocked with your tax returns and medical records on the kitchen table.

I have asked the IRS for comment on the new feature, browser and operating system and security guidance and will update this post if and when I receive any.

Update: comment from the IRS on follows.

How much time and technical resources did the IRS invest in deploying the feature? Has the IRS increased the capacity of the website for more demand?

From establishing the business case and receiving funding plus approval to start the work to implementation took approximately one year. Additional time was spent in ideation, innovation, and confirming requirements of the product prior to receiving approval.

I had trouble downloading my transcript on an Apple computer using Chrome and Firefox. (I was able to get it through my iPhone.) What browsers and operating systems does the new function officially support?

As a web application, Get Transcript is supported on most modern OS/browser combinations. While there may be intermittent issues due to certain end-user configurations, IRS has not implemented any restrictions against certain browsers or operating systems. We are continuing to work open issues as they are identified and validated.

A side note: For the best user experience, taxpayers may want to try up-to-date versions of internet explorer and a supported version of Microsoft windows; however, that is certainly not a requirement.)

Does the IRS have any guidance for ensuring that Americans connect securely to the website and then protect tax returns on their home computers once they have downloaded them?

The IRS has made good progress on oversight and enhanced security controls in the area of information technology. With state-of-the-art technology as the foundation for our portal (e.g. irs.gov), we continue to focus on protecting the PII of all taxpayers when communicating with the IRS.

However, security is a two-way street with both the IRS and users needing to take steps for a secure experience. On our end, our security is comparable to leaders in private industry.

Our IRS2GO app has successfully completed a security assessment and received approval to launch by our cybersecurity organization after being scanned for weaknesses and vulnerabilities.

Any personally identifiable information (PII) or sensitive information transmitted to the IRS through IRS2Go for refund status or tax record requests uses secure communication channels that meet or exceed federal requirements for encryption. No PII is passed back to the taxpayer through IRS2GO and no PII is stored on the smartphone by the application.

When using our popular Where’s My Refund? application, taxpayers may notice just a few of our security measures. The URL for Where’s My Refund? begins with https. Just like in private industry, the “s” is a key indicator that a web user should notice indicating you are in a “secure session.” Taxpayers may also notice our message that we recommend they close their browser when finished accessing your refund status.

As we become a more mobile society and able to link to the internet while we’re on the go, we remind taxpayers to take precautions to protect themselves from being victimized, including using secure networks, firewalls, virus protection and other safeguards.

We always recommend taxpayers check with the Federal Trade Commission for the latest on reporting incidents of identity theft. You can find more information on our website, including tips if you believe you have become the victim of identity theft.

Does the IRS have any plans to provide Americans with access or insight to estimated tax returns online in the future? Now that we have the ability to establish user accounts, would it ever be possible, for instance, for people with simple taxes (1040EZ, etc) to log in, review an estimated return, make any required edits, and then e-file it on IRS.gov?

IRS: The IRS is considering a number of new proposals that may become a part of the online services roadmap some time in the future. This may include a taxpayer account where up to date status could be securely reviewed by the account owner.

Note: This post has been updated throughout to make it clear that the IRS has provided online access to tax transcripts, not the entire return. You can read up on the difference between a tax transcript and tax return here.

In depth: news and analysis about the troubles behind Healthcare.gov

npr-healthcare.gov

Over the past 27 days, as I’ve steadily shared analysis and links on what went wrong in the botched re(launch) of Healthcare.gov on TwitterFacebook and Google+, I’ve also been talking in more depth about what went wrong on various media outlets, including:

Last week, the Obama administration announced a plan to fix the issues with the software behind HealthCare.gov, including putting QSSI in charge of as the “general contractor” and prioritizing fixing errors in 834 file data first, with the goal of have the system functioning end-to-end by November 30.

The teams of Presidential Innovation Fellows and “A List” contractors in the “tech surge” to fix the software have a tough challenge ahead of them. According to reporting from The New York Times and The Washington Post,  Healthcare.gov wasn’t tested as a complete system until the last week of September, when it crashed with only a few hundred users.

Despite the issues revealed by this limited testing, government officials signed off on it launching anyway, and thus was born a historic government IT debacle whose epic proportions may still expand further.

Should the White House have delayed?

“When faced with go live pressures, I tell my staff the following:

‘If you go live months late when you’re ready, no one will ever remember. If you go live on time, when you’re not ready, no one will ever forget.”-Dr. John Halamka, CIO Beth Israel Deaconness Hospital

In retrospect, the administration might have been better served by not launching on October 1st, something that was within HHS Secretary Kathleen Sebelius’ legal purview. After all, would the federal government launch a battleship that had a broken engine, faulty wiring or non-functional weapons systems into an ongoing fight? This software wasn’t simply “buggy” at launch — It was broken. These weren’t “glitches” caused by traffic, although the surge of traffic did expose where the system didn’t work quickly. Now that a reported 90% of users are able to register, other issues on the backend that are just beginning to become clear, from subsidy calculation to enrollment data to insurers reporting issues with what they are receiving to serious concerns about system security.

Based upon what we know about troubles at Healthcare.gov, it appears that people from the industry that were brought in to test the Healthcare.gov system a month ago urged CMS not to go live. It also appears that inside the agency who saw what was going on warned leadership months in advance that the system hadn’t been tested end-to-end. Anyone building enterprise software should have the code locked down in the final month and stopped introducing new features 3-6 months prior. Instead, it appears new requirements kept coming in and development continued to the end. The result is online now. (Or offline, as the case may be.)

On September 30, President Obama could have gone before the American people and said that the software was clearly not ready, explained why and told Americans that his administration wouldn’t push it live until they knew the system would work. HHS could have published a downloadable PDF of an application that could be mailed in and a phone number on the front page, added more capacity to the call centers and paper processing. It’s notable that three weeks later, that’s pretty much what President Obama said they have done.

The failed launch isn’t just about “optics,” politics or the policy of the Affordable Care Act itself, which is a far greater shift in how people in the United States browse, buy, compare and consume health insurance and services. A working system represents the faith and trust of the American people in the ability of government. This is something Jennifer Pahlka has said that resonates: how government builds websites and software matters, given the expectations that people now have for technology. The administration has handed the opponents of the law an enormous club to bash them with now — and they’ll deserve every bit of hard criticism they get, given this failure to execute on a signature governance initiative.

Articles worth reading on Healthcare.gov and potential reforms

  • Whenever I see Fred Trotter, I’m reminded that he’s forgotten more about open source software and healthcare IT than I’m ever likely to learn. Last week, he talked with Ezra Klein about the issues with Healthcare.gov
  • Ezra Klein also talked  to Clay Johnson about the lessons of Healthcare.gov (hint: procurement, project management and insourcing)
  • Tough reporting on failures in e-government is critical to improving those services for all, but particularly for the poor.
  • A post by Development Seed founder Eric Gunderson on the open source front-end for Healthcare.gov: “It’s called Jekyll, and it works.”
  • Rusty Foster on Healthcare.gov: it could have been worse. This failure to (re)launch just happened under vastly more political scrutiny and deadlines set by Congress. The FBI’s Sentinel program, by contrast, had massive issues — but you didn’t see the Speaker of the House tweeting out bug reports or cable news pundits opining about issues. The same is true of many other huge software projects.
  • A must-read op-ed by former Obama campaign CTO Harper Reed and Blue State Digital co-founder and former Presidential Innovation Fellow Clay Johnson on what ails government IT, adding much-needed context to what ailed Healthcare.gov
  • A Mother Jones interview that asked whether Reed and other former campaign staff could fix Healthcare.gov. (Spoiler: No.)
  • If not those folks, then how should the administration fix Healthcare.gov? In the larger sense, either the federal government will reform how it buys, builds and maintains software, through a combination of reforming procurement with modular contracting, bringing more technologists into government, and adopting open source and agile development processes …or this will just keep happening. The problems go much deeper that a “website.”
  • Ezra Klein pulled all of these pieces together in a feature on the “broken promise of better government through technology” at the end of the month. (He may have been heard in the Oval Office, given that the president has said he reads him.) Speaking at an “Organizing for America” event on November 4th, President Obama acknowledged the problem. “…I, personally, have been frustrated with the problems around the website on health care,” he said, “And it’s inexcusable, and there are a whole range of things that we’re going to need to do once we get this fixed – to talk about federal procurement when it comes to IT and how that’s organized…”
  • The issues behind Healthcare.gov cannot only be ascribed to procurement or human resources, as Amy Goldstein and Juliet Eilperin reported in the Washington Post: insularity and political sensitivity were a central factor behind the launch..

    Based on interviews with more than two dozen current and former administration officials and outsiders who worked alongside them, the project was hampered by the White House’s political sensitivity to Republican hatred of the law — sensitivity so intense that the president’s aides ordered that some work be slowed down or remain secret for fear of feeding the opposition. Inside the Department of Health and Human Services’ Centers for Medicare and Medicaid, the main agency responsible for the exchanges, there was no single administrator whose full-time job was to manage the project. Republicans also made clear they would block funding, while some outside IT companies that were hired to build the Web site, HealthCare.gov, performed poorly.

  • What could be done next? Congress might look across the Atlantic Ocean for an example. After one massive IT failure too many, at the National Health Service the United Kingdom created and empowered a Government Digital Services team. UK Executive Director of Digital Mike Bracken urged U.S. to adopt a digital core.”
  • In the video below, Clay Johnson goes deep on what went wrong with Healthcare.gov and suggests ways to fix it.

  • Can the White House and Congress take on the powerful entrenched providers in Washington & do the same? I’m not optimistic, unfortunately, given the campaign contributions and lobbying prowess of those entities, but it’s not an impossible prospect. I’ll write more about it in the future.

Open government experts raise concerns about “mosaic effect” in open data policy

“…one of the things we’re doing to fuel … more private sector innovation and discovery,” said President Barack Obama is to make the vast amounts of America’s data open and easy to access for the first time in history.”

That aspirational goal is one that countries around the world have taken on as their own over the past four years. Globally, officials are increasingly viewing open data as fundamental to democratic governance and development. That growth has naturally promoted new scrutiny and questions about what open data is and who benefits from its release.

“This comes at a time when there are significant doubts around the world about outcomes and best practices,” said John Wonderlich, policy director for the Sunlight Foundation, in an interview. “The White House’s new policies make clear that we don’t have all the answers, but there are ways forward, towards new data and better processes.”

Last week, Slate published my article exploring why a new executive order to open up federal government data is a big deal.

The article generally presents the new executive order and associated open data policy in a generally positive light, with one significant caveat: its effect upon or relevance to government transparency.

The focus that the President and his advisors have taken on “open data” is squarely upon entrepreneurship, innovation, and scientific discovery, not “transparency,” an issue his administration has faced substantial — and growing — criticism over after a promising start to his first term.

“Creating transparency and accountability through new technology won’t be achieved through a single policy, or just through cultural change or political commitments,” said Wonderlich. “What was so reassuring about this announcement is that the White House is still working on all of those areas. There are certainly some still missing, or some areas where the White House is less accountable, or more secretive (money in politics and national security still come to mind immediately) but this demonstrates that “open data,” if that phrase is to have lasting meaning, will evolve through a complex policy process.”

Steven Aftergood, however, questioned whether making government data open and machine-readable would have an effect on government secrecy, particularly in the intelligence world. Aftergood, the director of the Project on Government Secrecy at the Federation of American Scientists, has been a long-time observer and critic of the culture and machinery of secrecy in the federal government.

A second caveat, which wasn’t in my Slate article, comes with respect to the inclusion of a warning about the so-called “mosaic effect” in the open data policy.

This effect, which originates in the intelligence world, describes a situation in which multiple pieces of data and information that are meaningless (or at least harmless or unclassified) on their own could be combined and analyzed to discover the identities of people, sensitive locations or other secrets.

That official consideration left journalists and open government advocates worried.

OpenTheGovernment.org praised aspects of the open data policy but expressed concern about potential exemptions from disclosure because of the mosaic effect. Scholars and journalists have long been concerned that the mosaic theory has been used to deny Freedom of Information Act requests.

While architects of Data.gov and former US CIO Vivek Kundra have acknowledged concerns about the mosaic effect in the past, formal articulation in the policy is a new wrinkle.

In answer to my question about this precise concern at a press conference at the FOSE Conference in Washington last week, US CIO Steven VanRoekel said that nothing in the executive order or in the open data policy would allow the federal government to restrict the release of information requested under the Freedom of Information Act.

Federal agencies will “still follow FOIA to the letter,” said VanRoekel. “Nothing about executive orders and policy changes law.”

Whether or not this new policy is used to restrict sensitive information will be seen in the months and years ahead. In the meantime, concern is probably better focused upon the dangerous parallel the Department of Justice is making between espionage and investigative journalism.