Democratic National Committee Creates A 'Cybersecurity Board' Without A Single Cybersecurity Expert

from the this-is-not-good dept

The Democratic National Committee, still reeling from the hack on its computer system that resulted in a bunch of leaked emails and the resignation of basically all of its top people, has now created a "cybersecurity advisory board" to improve its cybersecurity and to "prevent future attacks."

“To prevent future attacks and ensure that the DNC’s cybersecurity capabilities are best-in-class, I am creating a Cybersecurity Advisory Board composed of distinguished experts in the field,” interim DNC Chairwoman Donna Brazile wrote in a memo. “The Advisory Board will work closely with me and the entire DNC to ensure that the party is prepared for the grave threats it faces—today and in the future.”

Sure. That sounds like a good idea. But, then there's this:

Members include Rand Beers, former Department of Homeland Security acting secretary; Nicole Wong, former deputy chief technology officer of the U.S. and a former technology lawyer for Google and Twitter; Aneesh Copra, co-founder of Hunch Analytics and former chief technology officer of the U.S.; and Michael Sussmann, a partner in privacy and data security at the law firm Perkins Coie and a former Justice Department cybercrime prosecutor.

I've met and/or dealt with Chopra (misspelled Copra in the article) and Wong -- and both are very smart and good policy people. The other two seem to have good policy chops as well. But none of them are actual cybersecurity experts. I have no problem with these people being on this advisory board, but it's insane to put together a cybersecurity advisory board that doesn't include at least a single (and probably more) actual technologist with experience in cybersecurity. And that's doubly true when the goal of the board is to help the DNC with its own cybersecurity.

If the goal of the board was to advise on cybersecurity policy, then the makeup of it is at least slightly more understandable, but that's not the goal. It's to actually improve the cybersecurity of the DNC. Even if the goal were just policy, having someone with actual technology experience with cybersecurity would be sensible. Again, I don't think there's anything wrong with these four people on the board if they also included some actual technologists who understood this stuff at a core level. Instead, they're just asking for more problems.

Filed Under: advisory board, aneesh chopra, cybersecurity, democratic national committee, dnc, michael sussmann, nicole wong, rand beers

White House Comes Out Against The Approach In SOPA/PIPA In Response To Online Petition

from the boom dept

Remember that big first petition to the White House against SOPA? As you may recall, that got enough signatures that it required a response from the White House... and that response has come out. It rejects the approaches found in both SOPA and PIPA. They say that "online piracy by foreign websites is a serious problem that requires a serious legislative response" but that there are many things they will not support.

They will not support a bill that has the potential to censor lawful activity or inhibit innovation:

To minimize this risk, new legislation must be narrowly targeted only at sites beyond the reach of current U.S. law, cover activity clearly prohibited under existing U.S. laws, and be effectively tailored, with strong due process and focused on criminal activity. Any provision covering Internet intermediaries such as online advertising networks, payment processors, or search engines must be transparent and designed to prevent overly broad private rights of action that could encourage unjustified litigation that could discourage startup businesses and innovative firms from growing.

They flat out reject anything that involves DNS blocking:

We must avoid creating new cybersecurity risks or disrupting the underlying architecture of the Internet. Proposed laws must not tamper with the technical architecture of the Internet through manipulation of the Domain Name System (DNS), a foundation of Internet security. Our analysis of the DNS filtering provisions in some proposed legislation suggests that they pose a real risk to cybersecurity and yet leave contraband goods and services accessible online. We must avoid legislation that drives users to dangerous, unreliable DNS servers and puts next-generation security policies, such as the deployment of DNSSEC, at risk.

They do still say that new legislation is needed, but they want something where every stakeholder is actually involved:

So, rather than just look at how legislation can be stopped, ask yourself: Where do we go from here? Don’t limit your opinion to what’s the wrong thing to do, ask yourself what’s right. Already, many of members of Congress are asking for public input around the issue. We are paying close attention to those opportunities, as well as to public input to the Administration. The organizer of this petition and a random sample of the signers will be invited to a conference call to discuss this issue further with Administration officials and soon after that, we will host an online event to get more input and answer your questions. Details on that will follow in the coming days.

Washington needs to hear your best ideas about how to clamp down on rogue websites and other criminals who make money off the creative efforts of American artists and rights holders. We should all be committed to working with all interested constituencies to develop new legal tools to protect global intellectual property rights without jeopardizing the openness of the Internet. Our hope is that you will bring enthusiasm and know-how to this important challenge.

Moving forward, we will continue to work with Congress on a bipartisan basis on legislation that provides new tools needed in the global fight against piracy and counterfeiting, while vigorously defending an open Internet based on the values of free expression, privacy, security and innovation. Again, thank you for taking the time to participate in this important process. We hope you’ll continue to be part of it.

Make no mistake about this: this is the White House asking for a hard reset of SOPA/PIPA and saying start again from scratch. This is an astounding turn of events, and a much stronger statement from the White House than anyone honestly expected. This is almost entirely because of the outcry that came out of the internet over the last few months. Without that, it is unlikely that the White House ever would have come out with such a strong position that questions the key provisions of these bills.

It will be important to continue to be engaged and to make sure that what happens next really is reasonable. Let's hope that Congress actually recognizes the importance of what the White House is saying, and that any future process really is open. Congress has a way of ignoring things like this, and until Harry Reid agrees to put PIPA on the shelf and take part in this hard reset, people need to keep the pressure on the Senate. But, in the short term, this is a rather historic moment, in that it is a case where a loud public outcry really has had a major impact on this process. When the Senate introduced PIPA early last year, it was seen as almost assured that it would pass in something close to its initial form. Now that seems impossible.

Filed Under: aneesh chopra, censorship, dns blocking, free speech, howard schmidt, pipa, protect ip, sopa, victoria espinel, white house

Is The Federal Government The Most Interesting Tech Startup For 2009?

from the perhaps... dept

A few weeks back I got to see the federal government's CTO, Aneesh Chopra, speak twice during his first trip to Silicon Valley. I've seen him speak before (before he was appointed, when he was CTO for Virginia), but I have to admit I was pretty skeptical going in. For plenty of reasons that you can guess, I'm pretty jaded by people in government, and it's rare to come across people who seem to be doing things for anything other than "political" purposes. But I have to admit that the amazing thing that came through in both Chopra's talks was that they were both entirely about actually getting stuff done, with a focus on openness and data sharing. Chopra talked, repeatedly, about figuring out what could be done both short- and long-term, and never once struck me as someone looking to hoard power or focus on a partisan or political reason for doing things. It was never about positioning things to figure out how to increase his budget. In fact, many of the ideas he was discussing was looking at ways to just get stuff done now without any need for extra budget. Needless to say, this is not the sort of thing you hear regularly from folks involved in the government.

But, of course, talk is cheap (especially in politics). And, while Chopra (and Vivek Kundra, the government's CIO) both actually have a nice track record of accomplishing these sorts of goals in their past jobs, the proof is in what's actually getting done. We'd already mentioned at least one success story with the IT dashboard at USASpending.gov, but can it continue? I have to admit, a second thing that impressed me about Chopra was that, even with such a success, he didn't focus on it. The fact that he got together such a site in such a short period of time is impressive enough, and while he mentioned it in his talks, most of them were much more focused not on what he'd already done, but on what he was going to do -- and the plans all seemed quite achievable.

So I have to agree with Anil Dash, that one of the most interesting tech "startups" to watch this year is the federal government of the US. The tech projects that they're already coming out with are compelling and well done. As Anil notes:

What's remarkable about these sites is not merely that they exist; There had been some efforts to provide this kind of information in the past. Rather, what stands out is that they exhibit a lot of the traits of some of the best tech startups in Silicon Valley or New York City. Each site has remarkably consistent branding elements, leading to a predictable and trustworthy sense of place when you visit the sites. There is clear attention to design, both from the cosmetic elements of these pages, and from the thoughtfulness of the information architecture on each site. (The clear, focused promotional areas on each homepage feel just like the "Sign up now!" links on the site of most Web 2.0 companies.) And increasingly, these services are being accompanied by new APIs and data sources that can be used by others to build interesting applications.

That last point is perhaps most significant. We've seen the remarkable innovation that sprung up years ago around the API for services like Flickr, and that continues full-force today around apps like Twitter. But who could have predicted just a year or two ago that we might have something like Apps for America, the effort being led by the Sunlight Foundation, Google, O'Reilly Media and TechWeb to reward applications built around datasets provided by Data.gov. The tools that have already been built are fascinating. And, frankly, they're a lot more compelling than most of the sample apps that a typical startup can wring out of its community with a developer contest.

There's plenty going on in the administration that I disagree with and am troubled by -- but efforts on the tech side are something worth applauding, while also watching to see what the folks there can do in the next few years.

Filed Under: aneesh chopra, cto, federal government, innovation, plans, priorities, technology, vivek kundra

National CTO's Plans Sound Pretty Good... Let's Hope They Don't Get Bogged Down In Politics

from the good-signs dept

Aneesh Chopra, who recently became the federal government's CTO has a very impressive track record in encouraging more governmental openness and also adopting new technologies. I think he was an excellent choice as CTO, though I'm always cautious until we get to see what actually is being done. Saul Hansell from the NY Times interviewed Chopra recently, where he laid out his basic priorities, and they definitely sound like steps in the right direction:

• Economic growth through innovation
• Addressing presidential priorities through innovation platforms
• Building the next-generation digital infrastructure
• Fostering a culture of open and innovative government

While those bullet points may sound a little vague, they certainly are the key things he should be focused on, and the rest of the article details some of the details of where he may be heading on all of those points, and it suggests that he's certainly going beyond the soundbite style thoughts found all too commonly in political circles these days. For example, when most politicians talk about economic growth through innovation, they usually mean just dumping more money into research programs or increasing the number of patents. But, as we've all seen, those don't necessarily serve as an accurate proxy for real innovation. Instead, Chopra wants to focus on looking at actual data about how products are getting to market:

Rather than purely thinking about basic research, he said, the government should focus on investing in technologies that can be developed. A first step is to find ways to actually measure how much research is being commercialized.

"There is an implicit assumption that R.&D. investment will lead to job growth and economic success," he said. "The measurement question will lead us to think about, how do we begin to assess the outcomes."

It's great to see that he's skeptical of the common wisdom that R&D automatically leads to economic growth, but wants to dig deeper into the data to see what the numbers really mean. He's also hoping to learn from how different universities lead to commercialization:

Mr. Chopra noted that among universities, there is a wide range in how effective they are in commercializing the work of their laboratories. He wants to take the practices used by the most commercial of universities and spread them to other research facilities.

Again, this is good news. Many people falsely assume that things like the Bayh-Dole Act, which pushed universities to patent their research to drive commercialization was a good thing. But there's a growing amount of research suggesting that Bayh-Dole has actually harmed research and the ability to commercialize products. Hopefully, the data that Chopra is looking at takes that into account. Bayh-Dole caused many universities to set up "tech transfer" offices, but the vast majority of them are losing money -- in part because they've focused on the patents rather than the actual steps to innovation. The universities that have focused on enabling innovation rather than just collecting and licensing the most patents, have had the most success.

Hopefully, there is where Chopra will lead the government... but, as always, until we see it in action, it's worth being skeptical and watching closely. At this point, though, it's nice to see that he actually seems to be looking in the right direction.

Filed Under: aneesh chopra, cto, innovation, plans, priorities