Security

IT professionals continue to cite security concerns as one of the largest barriers to cloud migration. Uniform government standards specific to cloud computing have yet to be finalized, leaving important questions regarding data availability and integrity unanswered. SafeGov.org aims to provoke discussion related to these concerns as well as raise awareness of the ways in which cloud computing could ultimately strengthen existing security measures.

Giving government special access to data poses major security risks

Adam Conner-Simons, Computer Science and Artificial Intelligence Lab, MIT News,  Tuesday, July 07, 2015

In recent months, government officials in the United States, the United Kingdom, and other countries have made repeated calls for law-enforcement agencies to be able to access, upon due authorization, encrypted data to help them solve crimes. Beyond the ethical and political implications of such an approach, though, is a more practical question: If we want to maintain the security of user information, is this sort of access even technically possible? That was the impetus for a report — titled “Keys under doormats: Mandating insecurity by requiring government access to all data and communications” — published today by security experts from MIT’s Computer Science and Artificial Intelligence Lab (CSAIL), alongside other leading researchers from the U.S. and the U.K.

Code Specialists Oppose U.S. and British Government Access to Encrypted Communication

Nicole Perlroth, New york Times,  Tuesday, July 07, 2015

An elite group of code makers and code breakers is taking American and British intelligence and law enforcement agencies to task in a new paper that evaluates government proposals to maintain special access to encrypted digital communications.

Privacy group files FTC complaint to push Google to extend right to be forgotten to US

Grant Gross, IDG News Service,  Tuesday, July 07, 2015

Google’s refusal to implement the EU’s controversial right to be forgotten rules in the U.S. amounts to an unfair and deceptive business practice, a frequent critic of the search engine giant said. Consumer Watchdog will file a complaint against Google with the U.S. Federal Trade Commission Tuesday, said John Simpson, director of the group’s Privacy Project. The complaint will ask the FTC to rule that Google, by declining to delete search engine links on request from U.S. residents, is an unfair business practice that violates the U.S. FTC Act.

Encryption, Public Safety, and "Going Dark"

James Comey FBI Director), Lawfare,  Monday, July 06, 2015

I am worried we are talking past each other with respect to "Going Dark," so let me try to frame it in a way that I hope is fair-minded and provides a basis for healthy discussion: These are things I believe to be true: The logic of encryption will bring us, in the not-to-distant future, to a place where devices and data in motion are protected by universal strong encryption. That is, our conversations and our "papers and effects" will be locked in such a way that permits access only by participants to a conversation or the owner of the device holding the data.

Russian parliament approves Internet privacy bill

Jack Stubbs and Maria Kiselyova, Reuters,  Saturday, July 04, 2015

Russia's parliament gave its final approval on Friday to a law that would require Internet search engines to remove users' personal information from their results. The bill, passed by the State Duma lower house in its third reading, seeks to emulate European Union rules on the "right to be forgotten", under which search engines must take down certain results that appear under a search of a person's name. Under the new Russian legislation, Internet users will have the right to request the removal of information that is incorrect or "no longer relevant because of subsequent events or actions", TASS news agency reported.

After the OPM Breach, It’s Time for IT Organizations to be Accountable

Jeff Gould by Jeff Gould, SafeGov.org
Thursday, July 02, 2015

It is time to change the rules, and hold federal IT organizations accountable for their missteps. The OPM breach, which the Obama administration says was the work of Chinese hackers, exposes every current and former federal employee to blackmail, identity theft, phishing attacks, espionage and untold other forms of harassment. While no lives have been lost, the OPM attack is undeniably a national catastrophe whose consequences will be felt for years to come.

“Welcome to Our World” – Building Bridges in the Cloud

Mark Lange, Microsoft EU Policy Blog,  Thursday, July 02, 2015

Some insist that the physical location of data does and should affect what rules apply to it. Others, considering their own move to modern cloud services, want to know exactly how their data would be managed in the cloud and want reassurance that access to it would be strictly controlled. And these same agencies cannot contemplate a situation without limits on what other governments could do to gather digital records. Different government stakeholders can create divergent, sometimes competing, demands for cloud providers. Welcome to our world. With such different imperatives at work, there is a growing recognition of the need for clear rules about law enforcement access to data in the cloud. These should be consistent with the rule of law, as agreed upon among nations and understandable to citizens.

Agencies are taking the right steps to protect data

Karen Evans by Karen Evans, KE&T Partners
Wednesday, July 01, 2015

The Office of Personnel Management's Electronic Questionnaires for Investigations Processing system is offline now after the agency says it found a security vulnerability. The site will be offline for four to six weeks. OPM hasn't said the discovery came out of the 30-day cyber sprint called for by federal CIO Tony Scott. Karen Evans, executive director of the U.S. Cyber Challenge and former e-gov administrator at the Office of Management and Budget, is watching the agencies respond to Tony Scott's call. She tells In Depth with Francis Rose, how the OPM breach is changing the way agencies protect their data.

CIO Scott seeks new framework for government cloud

Adam Mazmanian, FCW,  Tuesday, June 30, 2015

The devastating hacks of the legacy systems at the Office of Personnel Management are a reminder that government needs to move off of antiquated IT and into modern systems built with integrated security. Federal CIO Tony Scott is urging cloud vendors to come up with solutions that operate at the government scale.

Digital Customer Experience Expectations, IoT Extend Into City Government

Michael Tarbet, Business2Community,  Tuesday, June 30, 2015

Interview with Jonathan Reichental, Ph.D. who is CIO for the City of Palo Alto, California. He is an adjunct professor at the University of San Francisco, and previously the CIO at O’Reilly Media and the Director of IT Innovations at PricewaterhouseCoopers.