- Cyberhacked – Again

In the face of continuing breaches, what are Governments to Do?

The depressing news made headlines in Washington State and nationwide last week – the Washington State Courts systems had been hacked, and about 160,000 social security numbers and the information from a million driver’s licenses was potentially exposed to hackers. This announcement was almost coincident with the news of $45 million stolen from the world’s cash machines, a problem with weak security in several private banks.

Plenty of similar news abounds – South Carolina’s Department of Revenue had a data breach which affected 6.4 million businesses and residents and has cost the state $25 million, so far. The State of Utah had the personal information (social security numbers, healthcare information, etc.) of 780,000 residents compromised in 2012. Indeed, 21 million people have had their health records lost or stolen or breached in the last three years, and millions more have been victims of identity theft, loss of credit card or personal financial information, and similar issues. Even law enforcement is not immune, as the Salt Lake City police department itself was hacked and information lost in early 2012, and the Honolulu Police Department revealed a breach this past week as well.

Believe me, these reports are just the tip of the iceberg in terms of lost or breached data in government and the private sector.

What’s a government to do?

I have several practical suggestions:

1. Hang together, don’t hang separately.

In every government, departments are silos. Each department wants to assert its independence from the others and manage its own data, technology and IT systems. At another level, there are three branches of government - judicial, legislative and executive. For the Federal government these are the federal courts (e.g. U.S. Supreme Court), Congress and the President. Each branch asserts its independence from the others. And, of course, cities are independent of their counties who are independent of their states and everyone mistrusts the Federal government.

When it comes to cybersecurity, this is bullshit.

The “bad guys” are incredibly well-organized. Bad actors could be a criminal syndicate, as in the ATM hack earlier this week, or Anonymous, or even nation-states. Several national governments – China, Israel and the United States – are widely cited as developing cyber weapons.

To respond to these threats, cyber defense teams have to work together, ignoring their organizational silos. There might be separate teams in separate branches or departments, but they need to support each other, probe vulnerabilities in each others’ systems, and actively share information. Every government should have cross-agency cyberincident response teams and forensic investigation teams which are activated at a moment’s notice whenever an incident - even a single infected computer - occurs.

2. Actively use private sector resources.

Many private companies will handle credit card processing, perform vulnerability scans, and do risk assessments. They’ll even manage a network on behalf of a government. No government should be doing its own credit card processing or holding/securing citizen credit card information. At the very least governments can contract with private companies to scan their networks and websites for vulnerabilities, do audits of internal systems, and similar work. Private companies will have much more expertise than most governments can hope to hire directly.

3. Consider the “cloud”.

Amazon, Microsoft, Google, and a number of other companies offer to store data or manage applications at their data centers and sites, in their “cloud”. These companies have teams of information security experts to protect this data. Governments should actively think about using such services. One problem is contractual – most cloud providers want to limit their liability in case a breach occurs. Unfortunately, I’m not aware of contract language with a cloud provider which would satisfy all of a government’s concerns about breaches and loss of personal information, and I encourage your comments about this.

However, another alternative is for one government to create and host cloud services for others, again using joint cyber protection and response teams. Such a technique might also address other concerns such as the need for backgrounding data center employees for CJIS or HIPPA compliance.

4. Use hackers.

Every state has a major university. A friend of mine, CISO at a university, has described the school as having “35,000 potential hackers”. Governments could create special relationships with their colleges and universities to employ students and student interns in a wide variety of tasks to manage, monitor and audit/probe their government systems. This technique has the added advantage of helping to train these students – give them practical skills necessary to solve the shortage of information security workers.

There are, undoubtedly, many other protection techniques governments should adopt. A major problem in my experience, however is complacency. “Our techniques are working.” “It can’t happen here.” “We passed a cyber security audit last year.” Again, such complacency is bullshit. Cyber attacks, vulnerability discovery and the application software we use changes too rapidly.

This underscores the most important of my suggestions - the first one - working together. Too often we government employees put our department first, or believe we “work for the xxx independent branch of government”, not the governor or mayor or legislature or (fill in the blank). Maybe we’re afraid of losing our jobs or fear what the results of an audit might disclose.

In the face of the attacks above, this attitude, this culture absolutely must change. We all work for the citizens of our city or our state, who entrust us with their sensitive data. And we absolutely must cooperate much more to safeguard that information.

After all these data breaches, have we learned our lessons?

Sadly, I doubt it. I expect that, over the next 12 months, I’ll be tweeting and reporting further breaches and potential losses of citizen information.

When will we really learn?

(Full disclosure:  I now work for the State of Washington.  However I have no “inside” knowledge of the breach at the State of Washington Courts.)

- 4 Quick Fixes for the Procurement Dragon

Yes we can!

Almost everyone who deals with government – internally or externally – is frustrated by the “procurement dragon”.  Procurement seem to take forever and are one of the most bureaucracy-laced processes in all of governing.   In these days of innovation and the flourishing of the startup culture, procurement processes seem to be an anachronistic throwback.

Furthermore, the convoluted purchasing process only seems to benefit large corporations who have the legions of attorneys and technical staff to respond to RFPs and negotiate the maze.

Purchasing practice is steeped in a web of local and state laws, regulations and executive orders, so they’re not easy to change.   There are good reasons for the present procurement practices, and I’ll mention those at the end of this post.   But first, can innovation and a culture of agile government survive in the present purchasing jungle?

I suggest four quick fixes, some of which are already in place in many governments:

1. Direct Purchase.   This is a direct purchasing mechanism for small procurements – say procurements under $5000.   This would allow a department director or senior manager to directly purchase a good or service from a company without going through more formal purchasing processes.   A manager might purchase a smartphone app and associated database for use by field crews, or a couple of tablet computers for testing.  There still need to be limits on this mechanism, so I’m not issuing 20 direct purchases to the same company in a year, for example, and to make sure the vendor has a valid business license.
2. Roster and invitation to bid.   With this mechanism, companies would be pre-qualified and put on a roster for bids.   A city, for example, might set up a roster for “web applications”.  Companies who want to be on that roster would provide a minimal amount of information – ownership, business address, business license, etc.   And when the city needs a “web application” for a specific purpose, e.g. to accept photos of graffiti from citizens, it could issue a simple, two-or-three page  “invitation to bid” with its requirements and allow companies on the roster to bid.  Typically these bids would also be restricted to procurements of a certain size, say $50,000.
3. Piggy-back on an existing contract.   This mechanism is already widely used.   If a company already has a contract on the Federal Government’s GSA (General Services Administration) schedule, or the Western States’ Contracting Alliance  (WSCA – commonly called “wisca”), any jurisdiction which joins the alliance and authorizes itself to purchase can purchase at the terms and conditions specified by GSA or WSCA.
4. Credit card.   Most government agencies give their trusted department directors and senior employees credit cards.   These are most often used for travel and similar expenses, but they certainly could be used (depending on local ordinance or law) for small purchases, again, up to a limit of, say, several thousand dollars.
5. Budget.   As an adjunct to these four mechanisms, a city, county or department also needs budget to make the procurement.  Perhaps every department or government should have an “innovation fund”.

Using mechanisms like these, governments could quickly and easily procure innovative technologies, goods and services to help them become more efficient and effective.

Implementing these mechanisms requires a great deal of trust – trust by elected officials in their department directors, and trust by those department directors in their senior managers.    There are many cases where that trust has been abused, for example, by a manager purchasing good/services from friends or by making procurements and receiving kickbacks.  Examples include the controversy which engulfed recently appointed federal CIO Vivek Kundra in 2009, or these Seattle Public Utilities customer service representatives in 2012.  So my “quick fixes” for procurment also require diligent oversight and auditing by the appropriate authorities.

Finally, the present procurement practices in most jurisdictions are not the results of “bureaucrats run wild” with regulations, forms and requirements.   They came into being because of widespread abuse of purchasing in the 19^th Century, where Mayors and other elected officials gave jobs to friends, contracts to cronies and similarly greased their own pockets using the procurement process.

“Good government” advocates instituted reforms such as civil service to protect most employees from the winds of politics, and purchasing laws which required specifications and open competition.   These practices still should be followed for major procurements to keep a “level playing field” for competition for the work.

Over the years, however, city councils and legislatures and county commissions have added twists and turns to procurement, largely to correct past injustices or for social engineering.  Do contracts go to firms owned by white men?  Then let’s add a provision for subcontracts to historically underused businesses (HUBs) – women and minority-owned business.   Are we angered by human rights abuses in ______ (fill in the blank, e.g. Burma, Iran, China, etc.)?  Then let’s add a regulation so we don’t  do any business with a company with business interests or a manufacturing plant in those places.   Are we upset that some companies pollute the air and water with their factories or other facilities?  Then let’s eliminate them from bidding on contracts (or have our pension funds divest themselves of the company’s stock).  Do we want to encourage economic development in our City (county, State, or even the entire United States)?   Then let’s add regulations to give preference to firms headquartered or with operations in those places.

I’m not saying these practices are wrong and should all be eliminated.   I’m pointing out that there are reasons the purchasing process is so complicated, and it will take a lot of thought and careful consideration to “unwind the maze”.

In the meantime, let’s implement the “quick fixes”.

- No More Car Collisions or Speeding Tickets

Seattle Car Accident courtesy Univ Of Washington

A long, long time ago in a galaxy – well, actually, a City – far away, I was a police officer – a street cop.  I witnessed some of the most horrific episodes of my life as I came upon scenes of automobile collisions with gruesome injuries.   I also wrote my share of speeding tickets (and NO, I did NOT have a quota!) and arrested a fair number of drunk drivers.

New technology, however, heralds the potential for an end to automobile collisions, speeding tickets, drunk driving and even most traffic management.   Gee, there’s even the possibility that the traffic jam may be relegated to the dustbin of history (along with the dustbin itself, I might add).

A combination of technologies is maturing which foretells such a future.

Google Driverless Car

The first one, of course, is the driverless car.   Google has been at the forefront of prototyping that vehicle, to the point where California and Nevada have both passed laws explicitly allowing such vehicles on their roads.   Beyond Google, most of the major automobile manufacturers are also testing driverless vehicles.   And it’s only a matter of time before such vehicles are regularly driving our roads.

Next, we are seeing the appearance of the “vehicle area network” and “networked vehicles”.

I just purchased a new 2013 Toyota Prius C (and then promptly crashed it in a minor accident – subject matter for a different blog post).  When I plugged my iPhone into the Prius to charge it, the Prius recognized the iPhone and linked to it, and offered the ability to use the iPhone’s cellular connection to link the Prius’ own touchscreen display, maps and apps to the wider world.   Toyota also has an “entune” app for this purpose.

We’ll see much more of this in the future – where cars are linked to the Internet.  BMW already connects most of its vehicles worldwide to collect performance data via Teleservices.   GM’s Onstar has been around for a number of years.    Insurance companies are starting to offer discounts for good drivers who consent to put a monitoring device in their vehicle to sense sudden starts and stops, speeding, and other actions which may be dangerous (or at least insurance companies think are dangerous).

Future vehicles will have networks which link the vehicle to all your personal devices – keys, smart phone, tablets, DVD players and more, to keep you “connected” and in control on the highway.

Furthermore, cars will talk to each other.  They could exchange location information, proximity information, directional information and much more.   In this fashion cars might be able to avoid each other or allow for smooth lane changes and turns without colliding.

A related development is the instrumentation of the highway.

Seattle Traffic Management Center

I had the privilege of working with the Seattle Transportation Department, which was at the forefront of intelligent transportation systems (ITS), when I was City CTO there.   Today ITS means, for the most part, traffic sensing and detection devices to time traffic signals, extensive networks of traffic cameras linked with fiber cable, readerboards on streets, and some novel technologies like traffic time estimators and displays.   Mobile apps are all the rage, of course, to display traffic conditions.   Seattle just launched an amazing mobile app which actually shows live video from traffic cams on your smartphone.

Indeed, the City of Los Angeles just became the first major City worldwide to automate all  of its 4,500 traffic signals, synchronizing them.   That will reduce travel times somewhat, although our experience with expansion of capacity (e.g. building new freeways or widening them) is just that more traffic is generated.

But sensors and instrumentation can be taken a step further.

Almost everything in the roadway could, of course, be instrumented – sensors in guard rails, school crosswalks, stop signs, bridges.   Such sensors might not only collect information but also broadcast it to traffic management centers or, indeed, nearby vehicles.

Your car would know when you are approaching a stop sign and automagically apply the brakes – gee, the “California stop” might become thing of the past.   As you approached a school zone during school hours, your car would automatically slow to no faster than the allowable speed.   Radars or sensors in the vehicle would detect the presence of children and stop for them – indeed, if every child was somehow sensor-equipped, they might never be struck by cars whose intelligent management systems would automatically avoid them.  (And no, I am NOT going to discuss the potential for placing microchips in human beings, although some sort of sensor attached as a smart phone or bracelet or watch DOES have its advantages!)

And you can see where this is leading – as cars become more “intelligent” with their own networks and sensors, and roads become more “intelligent” with their own sensors, networks and computers, the need for human drivers may become irrelevant.

• You could put your 3 year old alone in a vehicle, tell it to take her to daycare, and have it drop her off there and return home.
• Drunks (or their Washington-State modern day equivalents:  pot smokers) could stumble into their cars and the vehicle would quickly and efficiently woosh them home – or to the detox ward, as the case may be, with almost zero chance of that drunk killing or maiming someone.
• With driverless cars, even the need for taxicab drivers might be eliminated – you’d use your smartphone to call a taxi and it would smoothly come to the curb;

Speeding tickets, collisions, accident investigations, even automobile deaths might become history.

This, of course, has many implications for local and state governments:

• Cops would no longer “work traffic”, investigate accidents or write tickets – they’d concentrate on investigating and preventing non-traffic crimes;
• There could be a new set of government regulations requiring regular maintenance of vehicles and government inspections of them, because the only major source of collisions would be mechanical failure;
• Emergency rooms and morgues would not be treating traumas and death from car collisions;
• A significant source of revenue for local governments (traffic tickets) would dry up, although they could respond by increasing parking rates or licensing fees;
• As emergency vehicles speed to fires or crimes, traffic would autmagically stop and pull over  – somewhat like the parting of the Red Sea – reducing response times for police and fire.
• Lawyers and courts would be freed (or put out of a job) litigating traffic accidents and court cases (see my blog post here explaining why most lawyers will be become history anyway);
• Auto insurance rates would drop steeply, and, again, put a lot of people out of work adjusting claims, fixing cars, etc.;
• Indeed, traffic might actually move faster and more efficiently through cities because the need for traffic lights and synchronization might end as vehicles negotiate with each other to speed along roads and through intersections.    However traffic signals would not go away in many places, because pedestrians still need to cross streets;
• Transportation departments would probably spend less time building new roads and widening existing ones, but high quality roads would be essential to prevent damage to vehicles driving at higher speeds.
• Many delivery jobs might be gone.  Perhaps mailboxes would move to the curb (if not there already) and driverless Postal Service, UPS, FedEx and similar vehicles with robotic arms would just deposit most mail and packages in the box.  This is a logical extension to today’s robot-filled Amazon warehouses.   Of course how people are able to buy anything to be delivered, given all the job losses, is a separate issue!

I don’t expect to see this traffic “nirvana” anytime soon. But I clearly see it on the horizon. Yes, there will be a lot of disruption and both loss of jobs and creation of new, unknown ones.

But I welcome the day when grandparents are not killed and ripped from their families by drunk drivers. I hope to see over 36,000 Americans saved from needless death and 3.9 million from injury at the hands of automobiles and their drivers.

- Are Government CIOs Irrelevant?

The Government CIO as viewed by the Business

“The Department of No”. “The Geeks in the Basement”. “Expensive Projects, Always Late”.Increasingly, many IT departments – and their CIOs – are becoming irrelevant to the business of government.

Peter Hinssen is a visiting lecturer at London Business School and a senior industry fellow at the University of California Irvine’s School of Business. He recently wrote a provocative article on this subject, focused on CIOs and IT departments in the commercial sector.

But, as I thought about it, many of the same criticisms apply to government CIOs and my own experience as a City CIO.

We can really trace IT department irrelevance back to smart phones. I remember when I was approached by Seattle’s Police Chief and Human Services Department director in about 2004 regarding BlackBerrys. As those City business leaders attended conferences, they saw their counterparts doing email on their cell phones. “Bill, why can’t we do the same?”

Luckily I was smart enough to investigate RIM and lucky enough that RIM (now branded BlackBerry) had a robust enterprise solution which catered to my IT department. We quickly put up a BlackBerry Enterprise Server (BES) and at last count more than 1000 BlackBerrys powered by Sprint and Verizon were in use by City of Seattle employees.

I wasn’t unique, of course – most CIOs and IT departments embraced BlackBerrys.

The problem of course, is that danged fruit company, Apple. They launched the iPhone about six years ago and the iPad a couple years later. Apple didn’t give a dang about Enterprises. It’s “their way or the BlackBerry way”. No management software for IT departments. Most IT departments resisted the iPhone and iPad trend citing security, public records act, and lack of manageability. But City and County employees quickly embraced them. Suddenly, the IT department was irrelevant.

I’ve blogged about this before, especially when Seattle elected a new Mayor, Mike McGinn, in 2009, and he and his staff brought iPhones to work and said “hook us up”.

But we see this trend in many other things.

You want a constituent relationship management system? Salesforce can be up in a day for a few thousand bucks (depending on number of users. Installing a CRM in the traditional manner, especially with RFP and customization, takes 18 months and hundreds of thousands of dollars.

You want to share files? You can install and customize sharepoint, which works pretty well, or go with any one of a number of document management systems. Again, 6 to 18 months, hundreds of thousands or millions of dollars. But Dropbox or Box.com can be up and working in minutes.

You need to spin up a few dozen servers and a couple terrabytes of storage quickly to support an election application or another urgent need? You can spend hundreds of thousands of dollars and months buying and installing equipment, then configuring and patching it, or you can go contract platform-as-a-service from Microsoft Azure or Amazon Web services or others.

You need office software like word processing, spreadsheet and an email client? You can spend five million dollars and three years justifying budget, planning, installing and training users (like we did at the City of Seattle), or you can go contract for Microsoft Office 365 in the cloud or Google Apps and have it up in weeks.   (In fairness to Seattle, we did our email/Office project before cloud alternatives were readily available.)

I talked to a CIO last week who thankfully stopped the deployment of over 10,000 desk telephones in her organization. Desk telephones a tiny little window for displaying information and without video conferencing, presence or most other features found on even low-end cell phones these days.

Traditional IT folks will point to a variety of problems with my examples, of course – the cloud-based systems have security issues and they are not robust (supporting thousands of users). And they are not configurable to the unique requirements of a city, county or state government – although I’m convinced most of the “unique requirements” are actually just job security for those employees rather than true “requirements”. That’s the subject for a future blog post.

Ok, I’ve made my point about infrastructure. It’s a commodity. It’s easily purchased on the outside.

This is one problem.

Here’s the greater one: while CIOs and IT departments spend their time on software and services like those above, there are a ton of unmet needs. And, frankly, line-of-business departments are now tech saavy enough (thanks again to smartphones, tablet computers, and downloadable apps or software as a service), that they can go contract to meet these needs directly, by-passing the IT department. Here are a few examples:

• Mapping. Yes, a city or county or state can install very robust configured software to produce beautiful maps using GIS analysts. But, frankly, most (not all) of a department’s needs can be met with Google Maps or Bing Maps or even Mapquest. (I could make a snide comment here about Apple maps, but I won’t). There are even specialized commercial mapping systems for some functions like crime mapping.
• Big Data and Business Analytics. Government business departments are hungering for this software for uses as wide as traffic management to predictive policing to analysis of water complaints and electricity usage to simple dashboards of what happened overnight in the City (sometimes called “common operating picture”). This software is of huge use in managing a government. Is the CIO and IT department providing it?
• Mobile devices and apps. When I was CIO in Seattle, the Transportation Director said he had been chastised by his business advisory board (trucking companies, retailers and others who depend upon freight mobility) because all his crews used paper for inspections and scheduling and construction work. Why didn’t I, as the CIO, capitalize on that comment and immediately get tablet computers and mobile clients for his traffic and asset management systems into the hands of those field workers? (For one thing the software companies who made those systems didn’t have mobile apps, but that’s a lame excuse.)

Is there a way out of this hell and dead-end of irrelevance for the Government CIO? I think there may be, with the trend we’re seeing for Chief Innovation Officers and Chief Digital Officers. I’ll blog about that in the near future.

In the meantime, I’m going back to configuring my server.

- Can a City be Hacked to its Knees?

The New York Times had the audacity to research and write a story critical of Chinese Prime Minister Wen Jiabao’s family.    In return for its journalism, the Chinese government apparently unleashed a four-month long hacker attack against the Times stealing, among other data, every one of its employees’ passwords.  This effort was apparently searching for the sources for the story.  Ars Technica has a short, frightening, account of the hack.   And, of course, the Chinese government succeeded – would people crticial of the regime dare to talk to the New York Times now, knowing its technology can be hacked?

There are many related and frightening stories – the Wall Street Journal was attacked, a power station in the United States has been offline for three weeks due to an attack based on a USB drive, and, of course, Anonymous (or someone) has been hard at work with denial of service and web defacing attacks on banks and government agencies.

Could a City, County or State government be subject to a similar attack ?

A few years ago, when I was CIO in Seattle, I would have dismissed the notion out of hand.  A City government does not hold the secrets to making a nuclear weapon in its digital vaults, nor do cities have active networks of foreign spies (with the possible exception of my friends in the Big Apple) whose identity needs to be uncovered by foreign powers.

Today I feel exactly the opposite.

Cyberwar is real.  Cyberwar is happening today, even as I’m writing this.   And the New York Times attack is only the latest.

The evidence is everywhere.  Nation-states (and perhaps others) are creating malware with the express purpose of attacking other nations or private company.  Stuxnet is one example, as is the malware which fried 30,000 computers at ARAMCO in Saudi Arabia.   Many governments have been compromised with malware to steal money from their accounts by stealing finance officers passwords.

Why would anyone – other than a criminal botnet out to hack finances and bank accounts – target a City or County or State government?

The New York Times attack highlights the reasons clearly.

Suppose a Mayor or Governor publicly opposed allow trainloads of coal to pass through their city or state, in order to be loaded onto ships, sent to China, and used to power the Chinese electrical grid.  Wouldn’t such opposition essentially constitute economic warfare and potentially provoke a cyber response?

Suppose a Mayor or County Executive, hoping to combat a rash of gun violence, initiates programs for a network of video surveillance cameras and gunshot detection technology (read:  microphones) in a City.   Could that provoke Anonymous or a similar organization?

Defacing a City or County website is bad.   Stealing taxpayer money from government bank accounts is worse.   Compromising SCADA systems to shut down a water supply or electric grid is dangerous.  But we haven’t yet seen the worst potential attacks, such as bringing down a 911 telephone network or freezing a police or fire computer-aided dispatch system or perhaps crashing a public safety radio network.

And these overt acts pale by comparison to covert actions which may be occurring undetected – systematically compromising and falsifying utility bills, or hacking into and changing criminal and court records.    We have no evidence such covert acts have ever occurred, but given the myriad of different levels of government and many repositories for the information, such databases must represent a juicy and lucrative target for criminal networks, Anonymous and even nation states.

All these potential threats indicate cities, counties and states cannot be complacent, but rather need active cyber security programs, preferably in cooperation with other agencies.

Yes, Dorothy, a City could be hacked to its knees.   Worse yet, it might not be discovered for months or even years after the act.

- Will we give up our Privacy to keep our Guns?

Although Congress cannot agree on a method to avoid the so-called “Fiscal Cliff” (at least as of this writing), last week both Republicans and Democrats agreed to extend FISA – the “warrantless wiretapping” law.  FISA – really the “FISA Amendments Act” – essentially allows the federal government to eavesdrop on email and other communications without a warrant.  The Senate even rejected amendments which would require some transparency in the process, such as revealing how many Americans are monitored in this fashion.   This same law also gives telecommunications carriers blanket immunity when they turn over records or allow wiretapping of citizens.

On a slightly different issue, the National Rifle Association is reiterating its adamant opposition to the banning of assault weapons or other restrictions on the purchase and ownership of guns, despite the death of 20 young children to gunfire in Newtown.    The NRA supports, however, a national registry of the mentally ill.   And, of course, the Gun Control Act of 1968 prohibits gun sales to individuals who have been committed to a mental institution or “adjudicated as a mental defective.”   Because individual states have a wide variety of laws (or lack of them) which implement this provision, it has few teeth, hence the NRA’s call for the registry.

Recent advances in technology promise unprecedented ability to further monitor and pry into the private lives of citizens.  The law is still murky about the GPS information in your cell phone, but some courts have ruled a warrant is not required for law enforcement to obtain it.   Congress also approved a new law in 2012 which allows commercial pilotless aerial vehicles (“drones”) to populate our skies.  And technology is being developed to allow your TV to monitor your viewing habits, perhaps even via a camera which watches YOU and is embedded in the TV.  This information could be reported back to advertisers and others for further targeting you as a consumer.  Given the FISA extension (which protects telecommunications carriers who turn over information to the government), such data might also be available to government authorities.
(More detail on drones, phones and TV monitoring here.)

Let’s add these new technologies to many which already exist – a proliferation of video surveillance cameras in both private and public hands for example, as well as a massive library of video and still images collected on sites such as Flikr, Facebook, Pinterest and YouTube.   Most such sites encourage “tagging” of individuals by name in the images.  Many private companies are developing facial recognition technology to allow these “tags” to proliferate to images across the Internet.  Governments are also building facial recognition technologies and applying them at least to mug shot databases of criminals or suspects.   License plate recognition (LPR) is now widely used by transportation and law enforcement.  Indeed, between LPR and facial recognition, there might very well be a time when anonymity is essentially dead – whenever you leave your house your whereabouts will be known, tracked and entered into either a public or private database.

Add to all this the explosion of “big data” and “data analytics” such as the Domain Awareness System (DAS) developed by Microsoft for the New York City police department.  DAS and similar technologies promise an unprecedented ability to analyze a vast variety of information about criminals – and citizens – to build a profile of each and every individual in the nation.

Now let’s circle back to the NRA.

At first thought, the idea of a national database of the mentally ill – who would then be prevented from at least purchasing and, perhaps, owning, weapons – seems an attractive thought.  Clearly anyone who would brutally kill 20 first-graders – or murder a dozen theater-goers in Aurora – is mentally ill.  Yet neither Adam Lanza or James Holmes were diagnosed prior to their acts.  In retrospect, almost all perpetrators of large-scale massacres show signs of mental illness, but are rarely diagnosed before the crime.     Some would argue that most cold-blooded murderers (as opposed to those who commit murder in a fit of passion or rage, or under the influence of a drug), are mentally ill.

How do we determine who is mentally ill, and therefore goes into the national database, and is then prevented from buying or owning guns?  Ultra conservative groups like the NRA, who would never support government officials registering weapons, are, apparently, more than willing to allow deep violations of privacy to determine if a person is mentally ill. Do we need to build that nationwide profile of every single person living in United States (or perhaps the world), looking for those tell-tale signs of a killer?  Do we need to put those cameras on every TV in every house?  Do we need to wiretap and analyze every telephone or Skype conversation?  And do we then use our business intelligence and big data analytics to create those profiles?

What’s amazing is not the potential for building such a database, but how far we’ve already allowed it in law, with FISA and the FISA Amendments Act and the Patriot Act and the use of our present technology.  Even more amazing, is the ability of the far right and the far left, the liberals and conservatives, Obama and Boehner, Republicans and Democrats, all to sign on and support it.

We go willingly into this deep, dark night.

- I-Everything, Lawyers, Watson and Plumbers

The I-Everything?

Robert Reich* had an interesting piece on October 10th on NPR’s* Marketplace:  “Is technology to Blame for Chronic Unemployment?” He talked about the immanent end of many jobs and professions in the developed world, and specifically the United States, due to massive changes in technology.  Read or listen to it here.

The logic of his arguments is quite clear.

First, the miniaturization of electronics coupled with the consumer technology revolution (smart phones and tablets) is really just in its infancy. Gee, the smart phone, for example, is just five years old, and the tablet computer (in its very usable, iPad-type format) is not even three years old. We’ve just begun to tap their potential.

Next, we are seeing more and more data and information squeezed into ever smaller spaces. While the first personal computers had less than 640 kilobytes of memory*, today we have widely available thumbdrives with 64 gigabytes of memory. Service members and others can carry their entire medical history on a chip in a credit card.

Indeed, Reich said, we may very well, in the future, carry an “all purpose” device, the “I-Everything” as he dubbed it. It could contain all relevant information about you, ranging from medical history to financial information to personal preferences (all suitably encrypted, one would hope!). Using a personal-area-network it could communicate with many other devices in or on your body to monitor your health, allow self-diagnosis of medical issues and even carry on most routine financial transactions and interactions. The I-Everything.

These revolutions in technology have already terminated many kinds of jobs. Word processors and data entry jobs are gone and secretaries, if not gone, are highly endangered. Telephone and switchboard operators, and many newspaper jobs, are gone.

More jobs will fall victim to technology. Bank tellers are endangered, as are travel agents. Retail store clerks are still employed in great numbers, but a decline must set in as more shopping goes online. Even restaurant servers may be somewhat endangered as i-Pads and other devices become common at tables.

This change will strike at professional jobs too.  Sloan-Kettering medical centers have been testing the use of IBM’s Watson to help do diagnosis of medical conditions and, starting soon, it will start dispensing medical advice.

(You undoubtedly remember Watson from its appearance on the Jepoardy television show.)

We can see many other professional jobs which will be suspectible to the “artificial intelligence” powers of computers such as Watson.   Such jobs might include attorneys and finance. Lawyers research and interpret laws, but computers are vastly better at raw text-based search. And artificial intelligence as demonstrated by IBM’s Watson computer can do much, if not all, of the interpretation and preparation of legal documents and briefs.

My title “Death of Lawyers” is a little dramatic. Lawyers aren’t going to die, but their profession will rapidly and significantly shrink. I suppose we’ll need trial lawyers for a while but almost all the “clerical” work of legal documents, wills, property transfer, tax preparation and so forth will fall victim to information technology. Most law schools and paralegals will soon follow. Indeed, most of the process of adjudication (“judges”) can probably follow as well.

IBM has 200 people working on applying applying Watson’s abilities to commercial problems like medicine and finance.   And my purpose in writing this column is not to “raise alarm” and cause people to “rise up against the machine”.    Computing is going to keep advancing and hundreds of companies and thousands of people are working to make that happen.  Smarter machines will have many applications to improve our quality of life.

Many professions, however, will experience resurgence. Plumbers, electricians, carpenters, and auto mechanics are definitely not susceptible to replacement by Watson – or to outsourcing to China and India either, for that matter.  But the sophisticated computers embedded in homes, appliances and automobiles will dictate more sophistication in these professions. Childcare, nursing and eldercare will still require “real people”.   Demand for, and the valuing of, these professions will rise.

Computers such as IBM’s Watson will eventually merge with the “I-Everything”, I think, to produce a true digital assistant, able to interact and transact much of the routine business of your usual life. The only trouble is that, with so many people out of work, who will be able to afford one?

Well, this is, actually, supposed to be a blog about the use of technology in government. What do these revolutionary changes mean for government workers?

It’s hard to see how the “I-everything” with integrated Watson can replace cops, firefighters, water pipe workers, electrical line workers, emergency medical techs, pothole-fillers and parks and recreation staff. Spouses angrily fighting with each other, throwing kitchen utensils and pulling out knives and guns – and then calling 911 - are not exactly susceptible to Watson-like reasoning. “Bureaucrats”, in the sense of employees who process documents, issue licenses and permits, and manage finances, may see their jobs in jeopardy.

And, of course, we’ll always need elected officials. Who would want to go to a public meeting and yell at a computer?

Or, perhaps, we’ll just send our I-Everthings to the meeting to yell at the electeds’ I-Everythings!

---

*Robert Reich is former Secretary of Labor for President Bill Clinton and presently professor of public policy at University of California – Berkeley. http://robertreich.org/

*NPR – gee, you know what NPR is – its that public broadcasting service which includes Big Bird and Jim Lehrer and others who may be sacrificed to the god of Federal Deficit Reduction.

*Bill Gates did NOT say “640k of memory should be enough for anybody” – see here.