GovernmentExecutive.com

The House Appropriations Committee (HAC) fully funded the Bush Administration’s request for the Defense Department’s key satellite program. The committee last week funded the Transformational Satellite (TSat) Program to the tune of $968.3 million in the House’s version of the fiscal 2008 Defense Appropriations Bill.

The HAC report on the 2008 Defense bill said the committee is supportive of the program, but in recent reports, the Government Accountability Office found the program behind schedule and over budget.

The GAO concluded in a May 2006 report on TSat that the planned launch of the first satellite in the constellation had slipped from 2011 to 2014 and the budget had increased from $15.5 billion to $16 billion. In addition, the initial satellites have less capability than originally planned. The first TSat birds won’t have all the nifty space-laser cross links (the way the satellites communicate with one another) as the later ones.

Evidently you can only get so many laser cross-link capability for $16 billion.

The HAC endorsement of TSat came just days before two contactor teams submitted bids for satellite contracts, with both Boeing and Lockheed Martin submitting their proposals Monday, July 30.

We posted an item yesterday about Boston joining other cities, corporations and universities that have created, or plan to create, a virtual replica of their community in Second Life, the animated online world where individuals create avatars and interact with other virtual personalities. The idea for cities is to encourage civic participation; for businesses, to market services and products.

But that's not the only purpose the sites are serving. The virtual communities are now becoming training grounds and recruiting centers for terrorists, according to an article posted by The Australian. An excerpt:

Just as September 11 terrorists practised flying planes on simulators in preparation for their deadly assault on US buildings, law enforcement agencies believe some of those behind the Second Life attacks are home-grown Australian jihadists who are rehearsing for strikes against real targets. ...

Roderick Jones, who is investigating the potential use of the games by terrorists, says SL could easily become a terror classroom. ... Jones says streaming video can be uploaded into SL and a scenario can easily be constructed whereby an experienced bomb-maker could demonstrate how to assemble bombs using his avatar to answer questions as he plays the video.

Terrorist groups have attacked the virtual Second Life headquarters of ABC and Nissan and a Reebok store, leaving explosions that "look like hazy white balls," according to the article. "One radical group, called Second Life Liberation Army, has been responsible for some computer-coded atomic bombings of virtual world stores in the past six months," according to the article.

Sailors should remember their user ID or password when they head to sea. The reason: The Navy won't have the infrastructure to support the Defense Department Common Access Card fully deployed throughout the fleet until at least 2011, according to an internal briefing last month by the Space and Naval Warfare Systems Command.

The CAC contains a digital certificate needed to access Defense information systems, removing the need to remember a password to access a system.

The Navy has installed Real Time Automated Personnel Identification Systems (RAPIDS) terminals needed to support the use of the digital ID card on just 15 ships, according to briefing slides from the Program Executive Office for Command, Control, Computers and Intelligence shop at SPAWAR.

The RAPID terminals access a defense manpower database known as the Defense Enrollment Eligibility System, which is maintained by the Defense Manpower Data Center, to verify user identities. The terminals, equipped with a digital camera, laser printer and fingerprint scanner then produce the digital ID cards on the spot.

If the digital ID card ends up “locked” or is missing needed certificates, end users need access to a RAPIDS workstation to fix the problem, according to an article in CHIPS, the Navy’s computer magazine.

But because the Navy has only equipped 15 ships with RAPIDS terminals, the SPAWAR brief said shipboard sailors will have to log on manually with an old-fashioned user ID and password. Use of cryptographic log-ins without a RAPIDS terminal could lead to “operational failures” if an end user’s digital ID is lost or stolen, the briefing said.

The Navy plans to start fleet-wide RAPIDS installs in July 2009, and it will take two years to install the terminals on 160 ships out of the 278 ships currently in the fleet, according to the SPAWAR brief.

The briefing also stated that this time schedule is dependent “on the availability of funding.”

Don’t you just hate it when good plans run into the funding issue?

I’m waiting to hear more from SPAWAR.

Home smoke alarms beep when the batteries start to die. Maybe data centers need the same technology, as New Mexico's Motor Vehicle Division recently learned.

Boston is the latest government organization to join Second Life, an animated online world where individuals can create virtual alter egos and interact with others. Boston officials plan to build a virtual Boston in which residents can visit virtual government buildings and chat with other Bostonians online, The Boston Globe reports.

Boston joins other public-sector groups that have done the same, including the Swedish embassy, the Vancouver Police Department, NASA, and the National Oceanic and Atmospheric Administration (and reviewed here), and Ohio University (see below), to name a few.

Ohio University's YouTube promo for Second Life site.

Boston officials say they developed the Second Life site to encourage more people to participate in local government, and the city may use the site to promote tourism, collect public opinion about proposed developments, and, as Bill Oates, Boston’s chief information officer, says, just to keep up with what other cities and government organizations are doing.

Just how much Second Life will encourage Bostonians -- or for that matter, any citizen -- to become more involved in civic life remains to be seen. But as "istarr" commented on Planetizen, it's likely going to be a hard sell. "Expecting people to attend 'neighborhood meetings' in second life is unbelievable -- how many people do you know that attend neighborhood meetings in their first lives (where it might count)?"

A Customs and Border Protection officer with the Department of Homeland Security was convicted yesterday for unauthorized use of a government computer, Newsday.com reports.

Kelly Bossinger was convicted "on a three-count indictment charging her with unauthorized use of a government computer, lying and conspiring to lie," according to the article.

In 2004, Bossinger had asked other offices to use government computers to find out why Bossinger's sister had been stopped and searched at the U.S.-Canadian border. Bossinger was concerned that her sister was under investigation. She was.

When it comes to military health systems, the departments of Defense and Veterans Affairs need to follow the KISS principle (Keep It Simple, Stupid), so says, in so many words, the final report released by the President’s Commission on Care for America’s Returning Wounded Warriors.

Defense and the VA should simplify the way they share health care and veterans’ benefits information, according to the commission, which was headed by former Sen. Bob Dole and former Health and Human Services Department Secretary Donna Shalala.

The current information technology systems in the two departments are so complex that users of the systems “often do not know what data are readily available to them,” the report concluded.

The report added the IT systems in the two departments are “fragmented and compartmentalized,” with information collected and stored in isolated, yet overlapping, data systems that are rarely integrated. “Some parts of the system collect more information than needed; others duplicate information available in other parts of the system, increasing opportunities for errors and inconsistencies,” and while the two Departments are working to exchange medical and disability information, “they do not fully integrate health care data with benefit information,” according to the report.

The commission said “simplifying processes” for exchange of information should be a priority and wants to see an inter-departmental system built within 12 months that provides clinicians, health professionals and administrators with access to health and benefits data.

Defense and VA also should develop a Web-based portal for service members, veterans and families within a year, the commission advised. While that may seem a daunting task, loosely organized volunteer groups developed a Web-based electronic health record system for people displaced by Hurricane Katrina in 2005 in just over a month.

We now have an excuse that is even better than the old standby, "The dog ate my homework." Now it's astronauts fault.

According to a report released yesterday by the Government Accountability Office, when a NASA employee misplaced his $4,265 laptop, he explained the loss this way:

This computer, although assigned to me, was being used on board the International Space Station. I was informed that it was tossed overboard to be burned up in the atmosphere when it failed.

The employee was not disciplined -- not even for a lame excuse.

GAO took NASA to task for such poor management of agency equipment. NASA's weak controls for keeping track of equipment are "rooted in an agency culture that does not demand accountability,” according to GAO, leading to NASA losing $94 million worth of equipment over the past decade.

Hat tip: Bloomberg News

Ever since the failed car bomb attacks in London, privacy debates have been top of mind for Brits. And the fear that the Department of Homeland Security could somehow be involved has been a subtext that runs through many of the debates.

Here's an example from earlier this week that appeared in the Daily Mail about fingerprinting school children as young as 5 years old without being required to obtain parental permission -- a practice, it is safe to say, that wouldn't be too popular in the United States, either. (School administrators will use the children's fingerprints for many purposes, including taking attendance, paing for lunch and checking out library books. The schools also have permission to "take retina and iris scans and record children's voices, face shapes, hand measurements, handwriting and typing patterns," according to the article.

A reader from Cambridge posted this comment: "So does this mean that school library fingerprint data may ultimately end up at the US Department of Homeland Security?"

George Ou, a blogger at ZDNet, takes on Rep. Henry Waxman, D-Calif., chairman of the House Committee on Oversight and Government Reform, over Waxman's call for tighter regulation of peer-to-peer software. After ZDNet posted a story on a Government Reform Committee hearing on how peer-to-peer software threatens national security, Ou wrote that Waxman "hasn’t a clue what he’s talking about and this new round of political grandstanding is absurd." Committee members grilled Mark Gorton, the chairman of peer-to-peer Lime Wire who testified before the committee.

Ou argues that peer-to-peer makers like Gorton are not the problem. Rather, federal information technology shops should do a better job of policing federal employees' computers for peer-to-peer software and to remove it when it is found. "The onus is on the Government or any organization to lock down their infrastructure from the physical layer to the application layer to the people working for them," Ou writes. Good point. Transportation Department chief information officer Daniel Mintz told the committee that DOT, after a peer-to-peer software downloaded on a DOT laptop opened access to government documents, developed a policy that requires "written authorization for installation of P2P programs on government machines," according to the ZDNet article.

But Ou goes a few steps further, which pushes his argument over the edge. He argues that the problem isn't the technology, but the people who use the technology to commit crimes. "Sandy Berger stole secret documents from the National Archives by shoving the documents in to his socks so will Congressman Waxman propose a new law against socks? Will Congressman Waxman call the CEO of Fruit of the Loom to the hearings and grill him about the dangers of socks?"

This misses a finer point. Creators of peer-to-peer software such as Gorton know that their software can be misused to spread malware. It is questionable -- and the committee did raise the questions -- whether Gorton and other peer-to-peer programmers have ignored this fact to spread the use of their software and whether they have been responsible enough in informing users that, if not properly configured, peer-to-peer software can open up personal files. Think of a warning label like you see on a pack of cigarettes. It doesn't take a stretch of the imagination to come up with that possibility. It does take a stretch of the imagination for Fruit of the Loom to consider the possibility of someone using their socks to pilfer documents. Regulation to prevent such an event would be absurd. No one in their right mind would think of such a thing.

Not so for peer to peer. The makers of peer-to-peer software know the dangers that their products present. Just like drug manufacturers know the dangers of misusing the drugs they make. But we have regulations in place to require drug companies to inform the public of possible side effects and the dangers of drug interactions and overdosing. Is it too onerous to ask peer-to-peer manufacturers to act as responsibly? By requiring some action from peer-to-peer providers to better secure their products, together with more vigilance from federal security IT shops, peer to peer can become a safer app and continue to provide value to federal workers.

A trend seems to be forming for how the Bush Administration plans to manage the federal chief information officer positions throughout government. And it's not too favorable for CIOs.

Last week U.S. Agriculture Secretary Mike Johanns appointed Charles Christopherson Jr. as the department's chief information officer. Christopherson has been working as the department's chief financial officer. Johanns, in his announcement , informs us that Christopherson will retain his position as CFO.

One fact about being a CIO, either in the public or private sector: It's more than a 40 hour a week job. More like 50 or 60 hours a week, federal CIOs say. And the CFO position? It has similar demands. Just how much attention can a busy CFO give to information technology? Or conversely, how much time can a CIO give CFO duties? It can't be as much as what an executive appointed to that position can in full time.

That certainly wasn't the case in the past. Past USDA CIOs have held no other position at the department. Dave Combs was CIO from 2004 to 2007. Scott Charbo was the first USDA CIO appointed under the Bush Administration, serving from 2002 to 2004. Charbo left to become CIO at the Homeland Security Department, where two years later he took on a second top-level DHS executive position when he was named acting under secretary of management. Prior to Charbo, Ira Hobbs served as acting USDA CIO for a year and a half.

We can probably expect more of the same. With only 18 months or so left in President Bush's second term, finding top executives to fill CIO slots that they would have to give up within months is a difficult recruiting task at best.

But a bigger issue is at play here. The problem isn't whether basic IT work can get done. (USDA Deputy CIO Jerry Williams probably will oversee more.) The problem is the message it sends: We don't need a full-time CIO because IT doesn't matter. The vast majority of government executives have yet to embrace IT as a strategic tool in running agencies. Most businesses have yet to come to that conclusion as well, although the majority of large corporations -- the size of which are smaller than or close to the size of federal agencies -- view IT as having a primary role in setting business strategy. So, that may be a better comparison.

In any case, such a view doesn't bode well for federal IT in the months ahead. The chances that we'll see in the next year or so these CIOs promote innovative and bold IT initiatives to support agency missions is most likely slim to none. Expect these IT shops to have time to just keep the lights on.

The reviews of CNN/You Tube presidential debate are in, and it seems no political analyst, reporter or blogger was particularly impressed. The debate, described by CNN as the first that was "solely in the voters' hands," allowed "ordinary" voters to submit via YouTube videos of themselves asking questions directly to the Democratic candidates running for president.

For John Dickerson, a political analyst for CNN who wrote an article for Slate.com, described some of the videos as "so washed-out, it made you want to dial 911 to report a hostage taking. ... But what the majority of the nearly 40 YouTube videos provided was authenticity, which is usually as hard to find in presidential debates as humility."

Brian Braiker of Newsweek was far from impressed. He wrote that "for all the hype, this debate was not effectively that much different from all the others to date."

The same ho-hum reaction was provided by Michael Falcone. Blogging for The New York Times, Falcone wrote that "... in some ways, we had seen it all before. Since the beginning of the year, the Democrats have taken part in numerous unofficial debates and forums and faced questions on many of the same issues."

Some political reporters just skipped right over writing about the format as if this whole YouTube phenomenon is so 2005 (the year YouTube was founded). Ben Smith of Politico.com mentioned the homemade videos barely in passing to get to what the candidates talked about. "Amid the entertainment of a talking snowman and rapping education advocate, however, the candidates drew clear distinctions on crucial questions of foreign policy in a debate that circled repeatedly around Sen. Hillary Rodham Clinton's positions on the war in Iraq."

Judging form the comments Smith received on his article, the American voter had mixed reviews for the format, as well. "I'm all for creativity and the integration of technology into everyday life but the submitted YouTube questions from last night really distracted, IMHO, from the debate," wrote dallenva.

"I liked that the answers weren't professionally developed (even though they were highly screened in the selection process but that's just the way it is) and that they weren't pre-given to the candidates - at least to my knowledge," dallasmsl wrote.

Ordinary citizens also, of course, include government employees and contractors, presumably readers of this blog. So, how did the CNN/YouTube debate strike you? Let us hear from you by clicking on the comment link below.

Even though the Homeland Security Department has not yet decided what type of technology to use in passes issued to frequent travelers crossing the border, it appears the department has decided that Radio Frequency Identification (RFID) beats any other alternative in terms of speeding folks across the border with Mexico and Canada.

Customs and Border Protection, whose parent department is DHS, came to that conclusion in its Draft Programmatic Environmental Assessment for the Western Hemisphere Travel Initiative released last month. That draft report says it will take just 20 seconds to read an RFID-enabled document, query the CPB database before a traveler reaches the guard booth and send the travelers (except for bad guys) on their merry way.

That’s five seconds faster than it would take to process machine readable documents through an optical card scanner and 25 seconds faster than it would take for an officer to inspect paper travel documents and manually enter a database query, the environmental assessment concluded.

Those saved seconds can add up, according to the environmental assessment, as there were 246.9 million border crossings from Mexico and 76.7 million crossings from Canada in 2004. At those volumes, even a five second difference can amount to a lot of stalled traffic burning up $3-plus a gallon gas.

The environmental assessment said that if Customs opts for the RFID alternative, the agency will have to equip every vehicle and pedestrian lane at the 163 land border crossings with RFID readers (an undisclosed number already have the technology installed), which may be why RFID companies are in a pitched battle to convince CPB of the efficacy of their technology.

Then there’s the privacy concerns about RFID. Theoretically someone could steal an identity by setting up a pirate reader near a border crossing, scarfing up personal information on thousands of people in a matter of minutes. But, privacy seems to be a quaint notion that is oh so 20th century.

Now this is network-centric warfare. The Defense Department not only wants networks to provide better information on the enemy to fight future battles, it wants computers to help figure out how to fight the battles. The Defense Advanced Research Projects Agency (DARPA) released a Broad Agency Announcement, in which DARPA says it is looking for a system, dubbed "Deep Green," that is:

composed of tools to help the commander rapidly generate courses of action (options) through multimodal sketch and speech recognition technologies. Deep Green will develop technologies to help the commander create courses of action (options), fill in details for the commander, evaluate the options, develop alternatives, and evaluate the impact of decisions on other parts of the plan. The permutations of these option sketches for all sides and forces are assembled and passed to a new kind of combat model which generates many qualitatively different possible futures. These possible futures are organized into a graph-like structure. The commander can explore the space of possible futures, conducting “what-if” drills and generating branch and sequel options. Deep Green will take information from the ongoing, current operation to estimate the likelihood that the various possible futures may occur. Using this information, Deep Green will prune futures that are becoming very improbable and ask the commander to generate options for futures that are becoming more likely. In this way, Deep Green will ensure that the commander rarely reaches a point in the operation at which he has no options. This will keep the enemy firmly inside our decision cycle.

An image from the Broad Agency Announcement

Hat tip: The Register

A former National Security Agency computer expert and two other security epxerts at the Baltimore-based security research firm Security Evaluators report they have found a security vulnerability in Apple's newly released iPhone. "Charles Miller, the principal security analyst for [Security Evaluators], admitted though that Apple’s efforts to make the iPhone a secure environment are quite impressive, but 'once you did manage to find a hole, you were in complete control,'" according to a brief posted by the online newspaper eFluxMedia. According to various news accounts, a hacker can take over an individual's iPhone by luring the user to a Web page, where the user unexpectedly download's malware allowing the hacker access into the user's iPhone. But government employees don't have to worry about the security vulnerability since they aren't allowed, yet, to buy one for work.

As I have written before (and here), the trend to more green computing is picking up steam. Here's yet another sign: The Environmental Protection Agency has boosted its standard for its Energy Star program for PCs. To get the Energy Star seal, PCs, notebooks and laptops will have to possess 80 percent efficient power supplies and a sleep mode that kicks in after 30 minutes, according to The Wall Street Journal's OK Computer blog. That's the "equivalent of taking 2.7 million cars off the road each year," the blog reports.

Hat tip: Gearlog

It's been one bad year for Indianapolis, writes Matthew Tulley at the Indianapolis Star. He cites three big "fiascos" in city government, including tax assessors who ignored valuing commercial property leading to higher tax rates for residential property owners, polls that opened a day late, and a school system network that left students' private information wide open on the Internet. And 2007 is barely a little more than half over.

An increasing number of local governments are getting into the business of providing Wi-Fi service to residents who want to access the Internet throughout a city or county. About 385 cities, communities, and counties in the United States have a wireless networking project, with most intended partially or wholly for residential use, according to a recently released report by Forrester Research. (Requires a subscription.)

But Forrester researcher Sally Cohen questions if the investment is worth the cost. Only 27 percent of all U.S. online households use Wi-Fi, and the majority of these users (76 percent) connect to a private Wi-Fi service in their home, not to a municipal or county network provided in, say, parks, libraries, commercial areas or other hot spots.

To make wireless networks a better investment, Cohen advises local governments to do some homework. This includes determining what percentage of residents want a wireless service, how much they may be willing to pay for certain services available on the network, if other services can piggyback on the network such as remote parking payment systems and traffic control video surveillance, and educating residents abut Wi-Fi to increase usage.

The Forrester report, however, doesn't discuss the controversy of local governments providing what telecommunications companies argue is a business that government has no place competing with the private sector.

At a Senate hearing on the 2010 census this week, Census Bureau Director C. Louis Kincannon said one of the reasons why the bureau wasn't using the Internet to allow Americans to file their personal census information directly with the bureau was because the agency feared the Web just isn't secure enough. He also said phishing schemes may trick the public in giving up personal information to ID thieves -- and then the bureau would be in really big trouble.

I'm having a hard time following this line of reasoning. The handheld computers that the bureau is testing for the temporary enumerators to use in the field in 2010 have huge security risks. But the bureau and the handheld contractor, Harris Corp., seem to have solved many of the device's security issues. That was no easy task (although other, much bigger risks face the Census Bureau and the handhelds, as I point out in an article that ran in the July 15 issue of Government Executive, and as my colleague, Tom Shoop, points out in his Fedblog). So, the Census Bureau and its contractors seem to know how to follow best practices to solve big security problems for the handhelds. The same best practices from the biggest e-retailers and online banking also could be followed for a Web-based census app.

As for phishing, the Internal Revenue Service, in its popular electronic tax filing program, which members of Congress (namely Sen. Tom Coburn, R-Okla., who is one of the most outspoken census critics) say the bureau could copy to develop a Web-based census filing app, have come up with ways to defend against phishing attacks. Banks and online merchants also can provide best practices to fight phishing.

It's not like the Census Bureau needs to reinvent the wheel -- which it seems it did when it issued requirements for the proprietary handheld computers, by the way. Much of the work already has been done for them. They just need to borrow it.

The list of federal agencies that are being used in email scams continues to grow. The FBI's Internet Crime Complaint Center issued separate press releases this week warning that the FBI and the U.S. military are the most recent agencies that ID thieves are using in email scams designed to trick the public in giving up personal information or to open an attachment containing malware.

In one spoof, the thieves send emails that look like they are legitimate emails from the FBI, using "pictures of the FBI Director [Robert Mueller], seal, letter head, and/or banners," according to a press release. "The types of schemes utilizing the Director's name and/or FBI are lottery endorsements and inheritance notifications." Other emails include threats to extort money, contain malicious software such as Web monitoring apps, and online auction scams.

In another scheme, spammers have sent emails that purport to be from a U.S. military official who is writing on behalf of American soldiers stationed overseas. The emails asks for the recipient to provide personal information or money.

The FBI and Defense Department now join the Justice Department and the Federal Trade Commission as unfortunate subjects in ID thieves' scams.

Advancing technology is making it possible to develop satellites that are so small that they can spy (undetected) on other satellites and come close enough to sabotage or destroy a satellite, the BBC reports today. The United Kingdom, as well as other nations, has launched microsatellites, some of which weigh as little as 22 pounds (10 kilograms). The lightweights are much easier to maneuver in space, making it relatively easy to sidle up to another satellite. With that capability, the specter of satellite espionage becomes more real.

Physicist Laura Grego, with the Union of Concerned Scientists, says it is time to update the Outer Space Treaty of 1967, signed by 98 nations including the United States, which lays the framework of international space law. Grego says space must be regulated to prevent spying and destruction of satellites. "Despite space being militarised, it has not yet been 'weaponized,' and this should be strictly prevented," the Union of Concerned Scientists believe, the BBC reports.

With more than 400 microsatellites having been launched, it's a pretty good bet to believe that a large part of any nation's satellite program already includes giving satellites capabilities to spy on other satellites as well as the capability to destroy another nation's satellites at a moments notice. Increasing regulation may be a bitter battle.

Spyware isn't just for criminals out to steal personal data. The FBI recently used spyware it calls CIPAV, for Computer and Internet Provider Address Verifier, to catch a 10th grader who was emailing bomb threats to his high school in Olympia, Wash., CNET reported this week. "School officials said seven bomb threats were received by e-mail between June 4th and June 13th, resulting in evacuations almost daily, restrictions on student movement and police patrols on campus," according to seattlepi.com. A judge sentenced the student to 90 days in juvenile detention. The FBI has been working on numerous computer programs to help it investigate computer-related crimes.

It seems as if the Homeland Security Department doesn't want to be outdone by the Defense Department. On May 16, the Defense Academy for Credibility Assessment (formerly the Defense Department Polygraph Institute) released a request for proposals asking industry to provide ways it can use information technology and/or behavioral analysis methods to screen large groups of people who may be, say, preparing to board planes or attending an event. (See Government Executive's "The Shrink Approach to Airport Checkpoints.")

DHS released July 9 an RFP asking industry to provide IT solutions that use sensors to scan individuals who plan to board planes, trains or other modes of public transportation as well as people planning to attend "Special Security Events."

"Persons involved in or planning to be involved in possible malicious or deceitful acts will show various behavioral or physiological abnormalities," and sensors can help detect an individual's intention to do harm by applying monitoring systems for provide information on "cardiovascular, respiration, ... eye tracking as well as other promising technology capable of providing behavioral indicators," according to the RFP. "The goal is to take the individual outputs of the distinct sensors and combine them into a decision matrix in order to provide a single decision."

Maybe the folks at Defense and DHS need to get together to see if they can work together on this one.

Hat tip: Wired

The General Services Administration named Karl O. Krumbholz the new director of network services programs within the Federal Acquisition Service’s Office of Integrated Technology Services.

As head of the network services office, based in Fairfax, Va., Krumbholz will help provide strategic, operational, technical, and acquisition leadership for an organization that delivers $1.5 billion in telecommunications services to 135 government agencies in 190 countries.

The new position brings together GSA’s legacy long distance and local services programs in a manner that is intended to reflect the integrated network-enabled government of the future, according to GSA.

John Johnson, assistant FAS commissioner, said Krumbholz has been acting in this role for almost a year and during that time has provided leadership and oversight for the award of the Networx, SATCOM II and the federal relay service contracts.

"He is well-positioned to help lead the federal telecommunications community through the challenges of transition to these new programs," Johnson said.

Previously, Krumbholz served as the deputy assistant commissioner for GSA’s Office of Service Development and Delivery in the legacy Federal Technology Service. In that role he was responsible for managing the FTS2001 and crossover federal telecommunications programs as well as the development activities that defined the next generation of GSA offerings.

Krumbholz has a bachelor’s degree in management from the U.S. Naval Academy, a master’s degree in aeronautical engineering from the Naval Postgraduate School and a master’s degree in business administration from George Washington University.

More criticism of Radio Frequency Identification (RFID) technology comes today in an article posted by EETimes, the electronics industry's newspaper. The article takes the Homeland Security Department to task for using RFID technology for its Pass Card, which people crossing the Canadian and Mexican borders will eventually use as outlined under the Western Hemisphere Travel Initiative. Readers will be able to read the card up to 30 feet away.

"DHS plans to offer 'privacy protection' by placing a unique ID number on the card and using the number to retrieve personal information (a photograph and demographic information) from a central database when the card is used at a border crossing," according to the article. "This effectively means that Pass Card holders' identification number can be stolen from a distance with relative ease. A stolen ID number can be programmed on a blank chip or programmed in an RFID reader, with the reader then acting like a chip by spitting out the false ID number."

At least one government agency, the U.S. Army, seems to be having second thoughts about the value RFID, as Government Executive's Bob Brewin reported last week.

Of course, knocks against RFID and the use of the technology in government ID cards are nothing new. But is there something more here? The fear that RFID is not secure has been building for some time, with many security companies and consultants sounding the alarm. One of the most recent, for example, comes from security software maker McAfee Inc., which in its semiannual Sage report on security trends and analysis, says RFID "is vulnerable to
eavesdropping, recording, cloning, and forgery."

The backlash against RFID seems to be building. Are we approaching a tipping point in which agencies and businesses abandon RFID until the technology improves?

The EETimes article also points out that other identity cards under development in the United States use non-compatible technologies, which means federal and local governments will not be able to integrate the cards into one convenient card. (U.S. electronic passports will use contactless smart card technology and Real ID driver's licenses are based on 2D bar code.)

EETimes reports that:

technology companies are making a last-ditch effort to convince Congress to change the implementation decision on the Pass Card. Members of the Secure ID Coalition and Smart Card Alliance including Texas Instruments, Gemalto and Infineon Technologies are in Washington [D.C.] Wednesday (July 18) to brief lawmakers on identification technologies. The briefing includes a real-time demonstration showing the differences between two types of automatic identification technologies for electronic ID documents: RFID and contactless smart card technologies.

James Nicholson, head of the Veterans Affairs Department for the last two and a half years, announced he will leave government service by Oct. 1. In announcing his departure, the VA praised his leadership in modernizing the department's information technology, among other things.

But just a year ago members of Congress were calling on Nicholson to resign in the wake of one of the largest security breaches in U.S. history. In May 2006 a laptop computer containing personal information on 26.5 million veterans and active duty military personnel was stolen from an employee's home.

In June 2006, Pedro Cadenas, who resigned as VA information security chief, told Government Executive that he had an impossible job and that he was cut out of the department's executive decision-making process. During his tenure at the department, Cadenas said he met Nicholson only once at a social event. After Cadenas introduced himself, Nicholson reportedly said that he heard that Cadenas' job was important.

"The department has no interest in doing the right thing," Cadenas said at the time. "I was trained to do things the right way, not the good old boy way. I am having personal difficulty looking veterans in the eye and telling them that things will be OK."

Earlier that month Nicholson issued a directive giving expanded powers to the VA's chief information officer, in addition to the authority granted in the department's IT reorganization the previous year.

Sen. Tom Coburn, R-Okla., issued a statement today calling on the private sector and academia to come up with ideas to reduce the cost of the 2010 decennial census, including technologies that may keep costs in check. Coburn has been critical of the Census Bureau's decision not to use the Internet for the decennial census. The Census Bureau estimates the 2010 Census will be $11.5 billion, which is an increase of $200 million from an estimate it had been quoting just a couple of months ago.

According to the statement:

The Census Bureau’s reluctance to employ new methods and online tools goes against the grain of common sense. If we can collect taxes online from any tax filers, surely we can count every American quickly, inexpensively and accurately,” Dr. Coburn said.

At a hearing this afternoon of the Subcommittee on Federal Financial Management (FFM), the Census Bureau will announce that the most recent cost of the next census is estimated to be at least $11.5 billion.

The Census Bureau has developed and is testing handheld computers as a way to reduce costs, as I wrote about for Government Executive Magazine this month. But much of the savings from the handhelds ($445 million) that the bureau is banking on has mostly been overtaken by rising costs, which are expected to continue to rise as we move closer to the 2010 census, according to the General Accountability Office.

Shane Harris, who writes about intelligence for National Journal, suggests in his blog that the recent nomination of Donald Kerr as deputy Director of National Intelligence (DNI) signals a "big push" into technology. Kerr, who will report to Director Mike McConnell, served as director of the heavily technology-reliant National Reconnaissance Office since July 2005. Harris writes:

The DNI's office is launching a big push on the science and technology front. As part of the fiscal 2008 budget request, McConnell has asked Congress for money to set up the Intelligence Advanced Research Projects Activity, iARPA, modeled after the successful Pentagon R&D unit, DARPA. Kerr used to run the CIA's science and technology division, and so has some familiarity with that terrain. As a former senior CIA official reminded me this morning, a huge portion of the intelligence community is devoted to technical issues--everything from signals collection and processing to geospatial intelligence. Kerr is also double-hatted at NRO--he's assistant to the Secretary of the Airforce.

Ever since the public learned that surveillance cameras helped British authorities identify suspects behind last month's foiled car bomb attacks in London, politicians and security experts have called for similar systems in the United States. Sen. Joseph Lieberman, D-Conn., chairman of the Committee on Homeland Security and Governmental Affairs, has called for more electronic surveillance systems. New York City is adding to its 4,200 cameras scattered throughout the city. It plans to have by the end of the year more than 100 cameras watching traffic in Lower Manhattan to read license plates. Chicago and Los Angeles, as well as Boston and Baltimore, also have camera surveillance systems.

But the debate on whether the camera surveillance systems are something that we want as a society is revving up. "Under such constant surveillance, you will find yourself becoming painfully conscious of being observed, recorded and judged," wrote John Whitehead, founder of the Rutherford Institute, a civil liberties group. "Without realizing it, you will begin to censor your own actions—in regard to even the most innocuous of things." (The same point was made by George Washington University law prof David Solove.)

In an interview with National Public Radio today, Cortez Trotter, Chicago's former chief of emergency management, explained that the Chicago security officials tried to assuage privacy concerns by meeting with the American Civil Liberties Union and the business community about the city's camera surveillance system before it was built. Privacy was built into the system, he said, such as putting blinders on some cameras and limiting how much the camera can pan to keep it from peering into office buildings.

Despite the concerns, surveillance seemingly will only become more ubiquitous. Look at what's being planned for the next generation of surveillance.

Let us know what you think by clicking the comment link below.

We've all heard the argument before: "Why should you worry about the government looking into your personal records if you have nothing to hide?" Daniel J. Solove, an associate professor of law at The George Washington University Law School, analyzes that argument in a recently published paper titled "I've Got Nothing to Hide and Other Misunderstandings of Privacy."

Solove argues that "the question assumes faulty assumptions about privacy and its value." Those who make the "nothing to hide" argument fail to understand the chilling effect that surveillance has on public discourse, the fact that small bits of private data (which an individual may not object to being uncovered) when put together form a larger and more intimate profile (which an individual may object to), and the mistake of having one's profile mistakenly associated with a group that is labeled as threatening.

Here's an excerpt from the paper, which was published in the latest issue of the San Diego Law Review:

[T]he problem with the “nothing to hide” argument is that it focuses on just one or two particular kinds of privacy problems – the disclosure of personal information or surveillance – and not others. It assumes a particular view about what privacy entails, and it sets the terms for debate in a manner that is often unproductive.

It is important to distinguish here between two ways of justifying a program such as the NSA surveillance and data mining program. First is to not recognize a problem. This is how the “nothing to hide” argument works. It denies even the existence of a problem. The second manner of justifying such a program is to acknowledge the problems but contend that the benefits of the NSA program outweigh the privacy harms. The first justification influences the second, for the low value given to privacy is based upon a narrow view of the problem.

The key misunderstanding is that the “nothing to hide” argument views privacy in a particular way – as a form of secrecy, as the right to hide things. But there are many other types of harm involved beyond exposing one’s secrets to the government.

British Prime Minister Gordon Brown has proposed new legislation that would relax the United Kingdom's strict privacy laws (as compared with U.S. laws) to allow for greater information sharing among British authorities, according to Intergovworld.com. Brown's predecessor, Tony Blair, also called for similar legislation, but a significant difference, the article points out, is that Blair called for relaxation of the laws to allow for greater efficiency in administering welfare programs. Brown's proposals are unabashedly embedded in proposed new laws to fight terrorism and to support education, in which "data sharing powers would 'help report on whether the system as a whole is delivering economically valuable skills' - a statement that may suggest the government will seek to check individuals' employment status or income after training," according to the article. Foiled car bomb attacks make political sensitivities less so, it would seem.

If your memory of those first PCs you bought back in the 1980s (if you're that old) were as expensive as a car, well, your memory serves you right. Just what kind of computer you could get for that money now is offered up by a blog post by The Atlantic's Matthew Yglesias.

Maybe President Bush's proposed $65.5 billion federal IT budget for fiscal 2008 (nearly twice what it was eight years ago) isn't such a good deal.

What's the deal in Maryland and Virginia when it comes to information technology and government? In its 2007 list of the most advanced digital counties, which the Center for Digital Government and the National Association of Counties released this week, 11 counties in Maryland and Virginia made the list. Together the states' counties account for 23 percent of the 47 positions in the rankings. (Some counties tied for spots on the list, which divides counties into four categories based on population.) Counties were ranked on more than 100 measurements including online service delivery, IT infrastructures and architectures, and governance models.

The two Mid-Atlantic states had quite a showing. Maryland and Virginia have only 158 counties or county equivalents (such as independent cities) between them. That's only 5 percent of the total number of counties and equivalents in the United States, far less than the 23 percent representation on the list.

What gives? Could it be that proximity to Washington, D.C., provides some influence on local governments' willingness to invest in technology? Or maybe the ocean air has some influence. Non-coastal states placed only 17 counties (18 percent) on the list, despite the fact that the vast majority of counties are in non-coastal states. Texas, which boasts the largest number of counties (254), didn't place one county on the list.

We've asked the Center for Digital Government to speculate on why some states had a larger representation than others, but we have yet to hear back. We'll let you know when we do.

But while we wait, we can provide this reason: As is the case with most things in life, money plays the biggest part. The counties in the Washington, D.C., metropolitan area are wealthy, as are most of the counties in California, New York and in the Mid-west that made the list. While a good rule of thumb, the reason is not universal. Yuma County, Ariz., with a fiscal 2006-2007 budget of $82 million, made the list. Maybe that county has some insights to show other governments.

The Small Business Administration, which operates Business Gateway, has added an application to the Web site intended to help businesses determine license and permit requirements. The tool was launched in response to feedback from its users in the business community.

The new “Permit Me” feature, launched as a beta, is intended to be a single source for obtaining federal, state and local permits and professional licenses for businesses. Every business in the United States is required to obtain a permit, professional license or identification number to operate. While some states offer assistance to help individuals understand local permit and license requirements, not all provide information on federal requirements.

SBA officials also have expanded the content on Business.gov and added context for the information contained in its compliance guides. SBA launched Business.gov in 2004 in a partnership with 21 agencies as part of President Bush's management agenda. The site was re-launched in October 2006 in response to feedback provided by test groups.

You don't need the technical skills of a hacker to get your hands on sensitive military secrets; you just need a Web browser and time to sift through long search results, according to a survey of servers conducted by the Associated Press.

"In a survey of servers run by agencies or companies involved with the military and the wars in Iraq and Afghanistan, the Associated Press found dozens of documents that officials refused to release when asked directly, citing troop security," according to an article by the AP.

Among the documents that the AP was able to download off agency and contractor servers:

-- security features and proposed fencing upgrades at Tallil Air Base, a compound in southeastern Iraq.

-- National Geospatial-Intelligence Agency aerial surveys of military airfields near Balad and Al Asad, Iraq.

-- maps of buildings and infrastructure at Fort Sill, Okla., on a network managed by Benham Companies LLC.

-- U.S. Central Command aerial photographs and schematics of Camp Bucca, a U.S.-run facility for detainees in Iraq, showing "where U.S. forces keep prisoners and fuel tanks, as well as the locations of security fences, guard towers and other security measures," the AP reported.

Security experts say it is common for agencies and corporations to post documents on servers that are available to the public, thinking the documents cannot be accessed by the public or will be difficult, or impossible, to find.

Hat tip: fedsmith.com

Sharing information within agencies -- much less among agencies -- has been hampered by systems that are not compatible. Still, policymakers say a free and secure flow of information is the key element in better managing government and producing better policies and public services.

Integrating these systems, which have incompatible protocols, security and data management systems, has proven to be an intractable problem. But Microsoft, Cisco and EMC have founded "an alliance of technology vendors that will offer one of the most comprehensive, security-enhanced, commercial, multi-vendor, end-to-end information-sharing technology architectures for helping protect and share sensitive government information," according to a statement released yesterday by the Secure Information Sharing Architecture (SISA) Alliance, the name of the new group.

According to a ComputerWorld article:

Cisco will lend its network protection and secure virtualized network links capabilities, EMC will provide its networked storage systems and information life cycle management tools, and Microsoft will add its identity management software and its expertise in client systems and operating systems, the executives said.

The other vendors include Liquid Machines Inc., which will provide content protection expertise, Swan Island Networks Inc., which specializes in trusted computing environments, and Titus Labs, a provider of e-mail and document classification tools.

The alliance gave no details on spending or contracts related to the effort.

Here is something new for constitution lawyers to ponder: How would you apply constitutional law to the hacking technique known as "keystroke logging?"

According to an article by CNET.com's Declan McCullagh, a federal agent with the Drug Enforcement Administration convinced a federal judge to legally authorize the installation of keystroke logging software into the computer of a suspected ecstasy drug manufacturer. Key logging software is used to capture a computer user's keystrokes, and it is often used to spy on people's computer usage and to capture usernames and passwords. According to the article:

That was necessary, according to DEA Agent Greg Coffey, because the suspects were using PGP and the encrypted Web e-mail service Hushmail.com. Coffey asserted that the DEA needed "real-time and meaningful access" to "monitor the keystrokes" for PGP and Hushmail passphrases.

The aggressive surveillance techniques employed by the DEA were part of a case that resulted in a ruling on Friday by the 9th Circuit Court of Appeals, which primarily dealt with Internet surveillance through a wiretap conducted on a PacBell (now AT&T) business DSL line used by the defendants. More on that below.

The DEA's pursuit of alleged Ecstasy manufacturers Mark Forrester and Dennis Alba differs from the first known police use of key-logging software, which snared reputed mobster Nicodemo Scarfo in 1999. In the Scarfo case, the FBI said in an unclassified affidavit at the time, a key logger that also was planted in a black bag job was disabled when the Internet connection became active.

Since the DEA agent did not use the key logging software when the modem was in use, they were able to avoid the question of whether the technique is unconstitutional and permitted under wiretap laws.

The defendants in this case argued that key logging software is the same thing as a "general warrant" or a "writ of assistance" that would allow police to take "any record, including e-mail, simply because it was typed on a computer." The Fourth Amendment of the Constitution prohibits general warrants and requires warrants to identify the "things to be seized." Wiretap laws require that the interception of non-applicable information, such as conversations, be kept to a minimum.

The FBI is testing a computer system that will allow agents to share information on informants -- those individuals who provide evidence on what's going on inside a crime organization, NPR reports today.

The protected system, called Delta, gives agents access to a database of information from informants as well as the names of informants whom agents can scan in hopes that they could be helpful in solving other cases. In the future, Delta will offer ratings on informants on how reliable and helpful they are. In the past, agents had been protective of informants and the information they provided, fearful that cases may be compromised. The FBI is testing the system "in a handful of FBI field offices," according to NPR.

What's striking for someone on the outside looking in is that the FBI hadn't developed Delta and other systems like it long ago. It was just last month that FBI launched the first phase of its Sentinel system, which allows agents to better manage cases and share information on cases nationwide. The FBI, like most law enforcement agencies, operates in a hold-everything-close-to-the-chest culture, in which agents distrust sharing. That may help explain FBI's slow adoption of information technology.

But that explanation goes just so far. The real problem may be at the top. For decades, executives at the bureau have had no interest in using information technology as a strategic tool. Louis Freeh, who served as FBI director from 1993 to 2001, had the computer removed from his desk when he took over the bureau.

Is the culture changing? It's slow. When Robert Mueller took over as director after Freeh, he identified as one of his top 10 goals upgrading the bureau's technology. But six years later, the bureau is still testing and building systems that it hopes will lead to solving and preventing more crimes.

The Communist government in China does not mess around when it comes to punishing government employees who are viewed as failures. According to USA Today, the former head of the State Food and Drug Administration was given a death sentence Tuesday for taking money from drug companies and signing off on unsafe machines:

The sentence, announced by state media, comes as China is under growing domestic and international pressure to clean up its food and drug sectors after a series of scandals, including the poisoning of hundreds of American pets.

Zheng Xiaoyu, director of China's State Food and Drug Administration from 1998 to 2005, was convicted of dereliction of duty and taking more than $832,000 in cash and gifts, according to state news agency Xinhua.

An antibiotic OK'd under Zheng was withdrawn from the market last year after 10 patients died, state media reported. Six types of fake drugs were approved while he led the agency, according to state-run media.