The U.S. Spent $2.2 Million on a Cybersecurity System That Wasn’t Implemented — and Might Have Stopped a Major Hack

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for The Big Story newsletter to receive stories like this one in your inbox.

NEW YORK—As America struggles to assess the damage from the devastating SolarWinds cyberattack discovered in December, ProPublica has learned of a promising defense that could shore up the vulnerability the hackers exploited: a system the federal government funded but has never required its vendors to use.

The massive breach, which U.S. intelligence agencies say was “likely Russian in origin,” penetrated the computer systems of critical federal agencies, including the Department of Homeland Security, the Treasury Department, the National Institutes of Health and the Department of Justice, as well as a number of Fortune 500 corporations. The hackers remained undetected, free to forage, for months.

The hackers infiltrated the systems by inserting malware into routine software updates that SolarWinds sent to customers to install on its products, which are used to monitor internal computer networks. Software updates customarily add new features, remove bugs and boost security. But in this instance, the hackers commandeered the process by slipping in malicious code, creating secret portals (called “back doors”) that granted them access to an untold bounty of government and company secrets.

The incursion became the latest — and, it appears, by far the worst — in a string of hacks targeting the software supply chain. Cybersecurity experts have voiced concern for years that existing defenses, which focus on attacks against individual end users, fail to spot malware planted in downloads from trusted software suppliers. Such attacks are especially worrisome because of their ability to rapidly distribute malicious computer code to tens of thousands of unwitting customers.

This problem spurred development of a new approach, backed by $2.2 million in federal grants and available for free, aimed at providing end-to-end protection for the entire software supply pipeline. Named in-toto (Latin for “as a whole”), it is the work of a team of academics led by Justin Cappos, an associate computer science and engineering professor at New York University. Cappos, 43, has made securing the software supply chain his life’s work. In 2013, Popular Science named him as one of its “Brilliant Ten” scientists under 40.

Cappos and his colleagues believe that the in-toto system, if widely deployed, could have blocked or minimized the damage from the SolarWinds attack. But that didn’t happen: The federal government has taken no steps to require its software vendors, such as SolarWinds, to adopt it. Indeed, no government agency has even inquired about it, according to Cappos.

“In security, you almost never go from making something possible to impossible,” Cappos told ProPublica, during two video interviews from Shanghai, where he is teaching. “You go from making it easy to making it hard. We would have made it much harder for the [SolarWinds] attackers, and most likely would have stopped the attack.” Although the SolarWinds breach was a “really sneaky” approach, Cappos said, “in-toto definitely can protect against this. It’s very possible to catch it.”

In-toto’s system has supporters among experts in the government and corporations. When ProPublica asked Robert Beverly, who oversees in-toto’s federal grant as a program director at the National Science Foundation, whether using in-toto could have saved the government from the hack, he replied, “Absolutely. There seems to be some strong evidence that had some of the, or all of the, in-toto technologies been in place, this would have been mitigated to some extent.” Beverly, whose NSF responsibilities include “cybersecurity innovation for cyberinfrastructure” and who is on leave from his post as a computer science professor at the Naval Postgraduate School, added that it’s impossible to know for sure what impact in-toto would have had, and that the system remains at an early stage of adoption. “Unfortunately,” said Beverly, “it often takes some of these kinds of events to convince people to use these kinds of technologies.”

Some companies have embraced in-toto, and others, like Microsoft, have expressed interest. “I am a big fan of in-toto,” Kay Williams, head of Microsoft’s initiatives in open source and supply-chain security, said in an email to ProPublica. A second Microsoft program manager, Ralph Squillace, praised in-toto in a recent NYU press release for applying “precisely to the problems of supply chain confidence the community expects distributed applications to have in the real world.” (After Williams’ initial response, Microsoft declined to comment further.)

One senator blasted the government’s failure to use a system it paid for. “The U.S. government invested millions of dollars in developing technology that can protect against this threat, and while several large technology companies have already adopted it, they are the exception,” said Sen. Ron Wyden, D-Ore., a member of the Senate Intelligence Committee. “The government can speed up industry adoption of this best practice by requiring every government contractor to implement the best available technology to protect their supply chains.”

The in-toto system requires software vendors to map out their process for assembling computer code that will be sent to customers, and it records what’s done at each step along the way. It then verifies electronically that no hacker has inserted something in between steps. Immediately before installation, a pre-installed tool automatically runs a final check to make sure that what the customer received matches the final product the software vendor generated for delivery, confirming that it wasn’t tampered with in transit.

Cappos and a team of colleagues have worked to develop the in-toto approach for years. It’s been up and running since 2018. The project received a three-year grant from the National Science Foundation that year, aimed at promoting “widespread practical use” of in-toto. (Later in 2018, President Donald Trump signed the Federal Acquisition Supply Chain Security Act, aimed at protecting government secrets from software supply-chain threats.)

In-toto could block and reveal countless cyberattacks that currently go undetected, according to Cappos, whose team includes Santiago Torres-Arias, an assistant electrical and computer engineering professor at Purdue University, and Reza Curtmola, co-director of the New Jersey Institute of Technology’s Cybersecurity Research Center. In an August 2019 paper and presentation to the USENIX computer conference, titled “in-toto: Providing farm-to-table guarantees for bits and bytes,” Cappos’ team reported studying 30 major supply-chain breaches dating back to 2010. In-toto, they concluded, would have prevented between 83% and 100% of those attacks.

“It’s available to everyone for free, paid for by the government, and should be used by everyone,” said Cappos. “People may still be able to break in and try to hack around it. But this is a necessary first step and will catch a ton of these things.” The slow pace of adoption is “really disappointing,” Cappos added. “In the long game, we’ll win. I just don’t know that we want to go through the pain that it’ll take for everyone to wise up.”

One of in-toto’s earliest adopters, starting in 2018, was Datadog, a SolarWinds competitor that provides monitoring software for internet cloud applications. Now a publicly traded company with 2020 revenues of nearly $600 million, its customers include Nasdaq, Whole Foods and Samsung. Datadog uses in-toto to protect the security of its software updates. In an NYU press release, Datadog staff security engineer Trishank Kuppusamy, who worked on the program’s design and implementation, said that what distinguishes in-toto is that it “has been designed against a very strong threat model that includes nation-state attackers.” (Datadog did not reply to ProPublica’s requests for comment.)

The General Services Administration, which provides access to software for federal government agencies, still lists SolarWinds products available for purchase. But it said in a statement that “compromised versions” of SolarWinds programs identified by DHS are no longer available.

SolarWinds itself declined to weigh in on whether its hack could have been prevented. “We are not going to speculate on in-toto and its capabilities,” a spokesman said in an emailed statement. “We are focused on protecting our customers, hardening our security and collaborating with the industry to understand the attack and prevent similar attacks in the future.”

Previously little known to the general public, SolarWinds is a public company based in Austin, Texas, with projected 2020 revenues of just over $1 billion. It boasts of providing software to 320,000 customers in 199 countries, including 499 of the Fortune 500 companies. In a recent SEC filing, the company said its flagship Orion products, the vehicle for the cyberattack, provide about 45% of its revenues. A SolarWinds slogan: “We make IT look easy.”

After the hack was discovered, SolarWinds’ stock plunged, and it is now facing shareholder lawsuits. The company has shifted aggressively into damage-control mode, hiring CrowdStrike, a top cybersecurity firm; elite Washington lobbyists; a crisis-communications advisor; and the newly formed consulting team of Christopher Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (who was famously fired for contradicting Trump’s claims of mass voting fraud) and Alex Stamos, former security chief at Facebook.

News of what’s now known as the SolarWinds attack first came on Dec. 8. That’s when FireEye, perhaps the nation’s preeminent hack-hunter, announced that it had itself fallen victim to a “highly sophisticated state-sponsored adversary” that had broken into its servers and stolen its “Red Team tools,” which FireEye uses to try to hack into the computer networks of its clients as a test of their cyber-defenses. FireEye soon discovered the attackers had gained access through corrupted updates to the SolarWinds Orion network-monitoring software that it used.

On the evening of Dec. 13, CISA issued an emergency directive, identifying SolarWinds as ground zero for the hack and alerting federal agencies using Orion products to disconnect them immediately. Over the following weeks, investigators discovered that SolarWinds had been targeted back in early September 2019, when hackers started testing their ability to inject code into its software updates. After remaining undetected for months, they inserted malware in new updates between February and June 2020. SolarWinds estimated these infected updates affected “fewer than 18,000 of its customers.”

Precisely what the hackers saw, and stole, has yet to be determined and is under investigation. But the full impact of the breach is becoming clearer, as we now know it touches several tech companies, including Microsoft. The software giant has also labored to limit the damage by helping seize an internet domain in the U.S. that the hackers used to siphon data from some SolarWinds customers.

Stamos told the Financial Times, in an interview after being hired to help SolarWinds, that he believed the attackers had embedded hidden code that would continue to give them access to companies and government agencies for years. He compared the situation to Belgian and French farmers going out into their fields where two world wars were fought and discovering an “iron harvest” of unexploded ordnance each spring.

Dmitri Alperovitch, who co-founded CrowdStrike (the cybersecurity firm SolarWinds has hired to investigate the hack) before leaving last year to start a nonprofit policy group, said he thinks that, in theory, the in-toto system could work. But he warned that software is so complex, with many products and companies in the supply chain, that no one defense is a panacea. Still, he agrees that in-toto could provide protection, and said “it’s always a good thing to have more protection for supply chains.”

Russian intelligence services have clearly identified supply-chain attacks “as a much better way to get in,” offering “a much bigger set of targets,” Alperovitch said. “This is an indictment of the entire cybersecurity industry, as well as the intelligence community, that they were able to orchestrate such a broad, sweeping attack right under our noses.”

Judiciary Antitrust Subcommittee Investigation Reveals Digital Economy Highly Concentrated, Impacted By Monopoly Power

WASHINGTON—The House Judiciary Committee’s Antitrust Subcommittee released the findings of its more than 16-month long investigation into the state of competition in the digital economy, especially the challenges presented by the dominance of Apple, Amazon, Google, and Facebook and their business practices.

The report, entitled Investigation of Competition in the Digital Marketplace: Majority Staff Report and Recommendations, totals more than 400 pages, marking the culmination of an investigation that included seven congressional hearings, the production of nearly 1.3 million internal documents and communications, submissions from 38 antitrust experts, and interviews with more than 240 market participants, former employees of the investigated platforms, and other individuals. The full report may be downloaded by clicking here.

“As they exist today, Apple, Amazon, Google, and Facebook each possess significant market power over large swaths of our economy. In recent years, each company has expanded and exploited their power of the marketplace in anticompetitive ways,” said Judiciary Committee Chairman Jerrold Nadler (NY-10) and Antitrust Subcommittee Chairman David N. Cicilline (RI-01) in a joint statement. “Our investigation leaves no doubt that there is a clear and compelling need for Congress and the antitrust enforcement agencies to take action that restores competition, improves innovation, and safeguards our democracy. This Report outlines a roadmap for achieving that goal.”

After outlining the challenges presented due to the market domination of Amazon, Apple, Google, and Facebook, the report walks through a series of possible remedies to (1) restore competition in the digital economy, (2) strengthen the antitrust laws, and (3) reinvigorate antitrust enforcement.

The slate of recommendations include:

  • Structural separations to prohibit platforms from operating in lines of business that depend on or interoperate with the platform;
  • Prohibiting platforms from engaging in self-preferencing;
  • Requiring platforms to make its services compatible with competing networks to allow for interoperability and data portability;
  • Mandating that platforms provide due process before taking action against market participants;
  • Establishing a standard to proscribe strategic acquisitions that reduce competition;
  • Improvements to the Clayton Act, the Sherman Act, and the Federal Trade Commission Act, to bring these laws into line with the challenges of the digital economy;
  • Eliminating anticompetitive forced arbitration clauses;
  • Strengthening the Federal Trade Commission (FTC) and the Antitrust Division of the Department of Justice;
  • And promoting greater transparency and democratization of the antitrust agencies.

“After conducting this country’s first major congressional antitrust investigation in decades in which we held hearings, heard from experts and questioned the CEOs of dominant tech platforms, I can say conclusively that self-regulation by Big Tech comes at the expense of our communities, small businesses, consumers, the free press and innovation,” said Congresswoman Pramila Jayapal. “By reasserting the power of Congress, we now have a thoroughly researched and meticulously reasoned roadmap for the work ahead as we rein in anti-competitive behavior, help prevent monopolistic practices and allow innovation to thrive. I’m looking forward to continuing this urgent work.”

“This comprehensive report is a roadmap to a future where digital behemoths with considerable power over their markets are kept accountable to consumers, small businesses, and their workers,” said Rep. Hank Johnson, Chairman of the Subcommittee on Courts, Intellectual Property and the Internet. “By following these recommendations, we can bolster antitrust protections to ensure consumer choice, data privacy, and affordability in online marketplaces. But in doing so, we must also answer the overarching question that we’ve been grappling with: How do we remain a country where small businesses can thrive, even as we shift from brick and mortar to lines of code? That is our challenge now.”

Rep. Val Demings added, “Our investigation revealed an alarming pattern of business practices that degrade competition and stifle innovation. These companies have made remarkable advancements that have shaped our markets and our culture, but their anticompetitive acts have come at a cost for consumers and small businesses. Competition must reward the best idea, not the biggest corporate account. We will take steps necessary to hold rulebreakers accountable. I thank Chairman Cicilline for his leadership, and will continue to work for a fair marketplace and a tech industry that can advance quality of life for every person without undermining it for others.”

“Small businesses are the backbone of our economy and they must be able to compete on a level playing field,” said Rep. Lucy McBath. “We must do all we can to ensure our economy remains fair, our entrepreneurs have the incentive to innovate, and our small businesses are given the opportunity to prosper and create new and good-paying jobs.”

“This investigation has revealed that Apple, Amazon, Facebook, and Google were committed to drowning out competition through unfair and anti-competitive practices – often doing so at the expense of user privacy and innovation,” said Rep. Scanlon. “We must do everything we can to protect consumers and this report is a roadmap to the work that lies ahead. I look forward to developing and introducing legislation to restore fairness to the digital marketplace.”

A D V E R T I S E M E N T

40-Year milestones marked by celebrations with Small Business, Academia, and Public Sector Executives

WASHINGTON, D.C. — BDPA Members, ICT Industry Mission-Partners, and Small Business executives visited Samsung’s Solutions Center during a 40th anniversary celebration and Holiday Soirée at 700 Penn in Washington, D.C. This season’s theme, “Innovation Beyond 5G“, was coined to welcome Industry’s next generation of professionals and students into our fifth decade of community service.

National BDPA’s Washington, D.C. Chapter (BDPADC) was chartered by Norman Mays in 1978. That same year, Samsung Electronics produced over 4 million black-and-white televisions, the most in the world. Later in 1978, Samsung Electronics established their first overseas office in the United States, Samsung Electronics America (SEA).

samdc05On Saturday, December 8, 2018, Samsung and BDPADC co-hosted this year’s 40-year milestone celebrations in Samsung’s new solutions center. Mr. Terry Halvorsen (above and left photos), Executive Vice President and CIO for Samsung Electronics America, Inc., hosted Small Business executives and BDPA Members for a very unique Holiday gathering and tour of the new Capitol Hill facility.

Located at 700 Penn, the solutions center showcases 5G and Secure-5G solutions with modular LED display technologies tailored for a wide variety of vertical industry sectors, demonstrations, and related policies.

For more information about BDPA, community programs across the nation’s 40 BDPA chapters, and technical career development activities within the National Capital Region, visit → BDPADC.org.

Join. Partner. Innovate beyond 5G with local BDPA Chapters and Mission Partners.

— Sources: Samsung USA and BDPA Washington, D.C.

2018 Holiday and 40th Anniversary Soirée | BDPADC.org Poster

CBC TECH 2020 delegation visits Silicon Valley

WASHINGTON—Congressional Black Caucus (CBC) Diversity Task Force Co-Chairs Representatives G. K. Butterfield (NC) and Barbara Lee (CA) welcomed Representative Maxine Waters (CA), Ranking Member of the Financial Services Committee and Representative Gregory Meeks (NY), also a member of the committee, to the third CBC TECH 2020 delegation to Silicon Valley. On this trip, the members of Congress met with four technology CEOs — Brian Chesky (AirBnB), Tim Cook (Apple), Jack Dorsey (Square & Twitter), and Dan Schulman (PayPal).

cbc-tech2020

Members proposed a Tech CEO summit, where leaders of major technology corporations must come together to determine specific actions needed to increase minority representation and inclusion across tech industries.  See full story, read more …

 

 — Story and cover photo credit: Keith Moore, Open Government TV (OGTV)
BDPA-DC testimonial: photo © 2016 bdpatoday)

 

Tech Association announces Earth Day Summit

WASHINGTON, D.C. (bdpatoday.com) — BDPA of Greater Washington, D.C. (BDPA-DC), an information and communications technology (ICT) local trade association, announces an Earth Day themed technology and cyber career summit for College, Community College, Vocational Technology, and High School students to partner with Industry.

Participating industry and government executives, information technology (IT) experts, and cybersecurity professionals serving as mentors or presenters are invited to present round-table workshops with regional mission-partners to new members, transitioning veterans, students, and general audiences to discuss emerging technologies, the Industrial Internet of Things (IIoT), and “Planet Earth.”

earth17-cyberkeyboardNow in its tenth successful year, BDPA-DC’s Advance Planning Briefing for Interns (APBi) series continues into 2017 with a Spring APBI, CyberEarth17, at the Washington Marriott Wardman Park followed by a Summer APBI, 2017 Regional Innovation Summit, at Bowie State University. Regional Innovation summits are presented on campus every June with participating Historically Black Colleges and Universities or Minority Serving Institutions (HBCU/MSIs.)

Chartered in 1978, BDPA-DC continues ICT and cybersecurity awareness campaigns with Industry, Academia, and Government. #CyberEarth17, an all-in-one science, cyber, and technology career summit with young adults. Onsite registration and check-in begin April 21-22, 2017 at the Washington Marriott Wardman Park. Online registration is open for members and the general public by visiting BDPADC.org.

earth17-collage_tracks-ori

About BDPA, Washington, D.C.
BDPA’s mission in the District of Columbia and the National Capital Region (NCR) is to bridge cybersecurity (CS), information technology (IT) and telecommunications competency gaps in urban, under-represented, and underserved communities. Local chapter goals in the National Capital Region (NCR) include, but are not limited to, providing IT and CS educational programs, industry publications, and community outreach services for professionals, young adults, and youth in direct support of software development initiatives, cyberspace workforce development, and government relations. Visit BDPADC.org for strategic partnerships, programs, and new membership information.

TECH & The Trump Presidency

Markets think a ‘Trillion-dollar’ technology and infrastructure stimulus may be imminent


WASHINGTON
(bdpatoday)—President-elect Trump’s victory signaled widespread uncertainty and discontent surrounding economic opportunities, something which CNBC states several technology executives recently suggested their technology eventually will help to address. For example, leaders at these companies reminded employees that eBay‘s marketplace empowers buyers and sellers, LinkedIn‘s tools help people connect or find jobs, and Apple‘s devices connect people.

Microsoft CEO Satya Nadella reminded people in one of his LinkedIn posts that our world is witnessing democracy in action and linked to his company’s blog with recommendations for the next administration and the next Congress. According to CNET’s Marguerite Reardon, here is what little we may know about President-Elect Trump’s stand on a few important technology issues.

Net neutrality

bdpatoday

Net neutrality became a relatively big deal in our 2008 election, but little was said during this election cycle about last year’s policy.Net neutrality is the idea that all traffic on the internet should be treated equally. This means our broadband providers, which control our access to the internet, can not block nor slow down services or applications we use via the web.

We know Trump is not a fan of the FCC’s current regulations. It is very possible that an FCC led by Republicans could eliminate all or part of the rules and strip the FCC of some of its authority. Should that happen, broadband providers could create so-called ‘fast lanes’ and pass charges to Internet companies, like Netflix, different rates to deliver content and their services. Loosening regulations around telecom likely will benefit broadband and wireless carriers. The NCTA, an Internet and Television Association which lobbies for the cable industry, said it is eager to work with President-elect Trump.

Industry consolidation and broadband

President-elect Trump also seems to have taken a populist view against mergers and acquisitions (M&As). That could spell trouble for big pending mergers, including AT&T’s $85 billion takeover of entertainment giant Time Warner. When that deal was announced last month, President-elect Trump vowed to block this merger if he was elected.  AT&T’s executives still like their chances of inking this deal if approved by the U.S., pointing to “investing in infrastructure” statements President-elect Trump recently made in his victory speech.

 

Encryption and cybersecurity

CNET reports the president-elect has only made vague statements about privacy and security, and downplayed Russia’s alleged hacking into the Democratic National Committee (DNC) and Secretary Clinton’s campaign email servers. Nonetheless, when our Justice Department haggled with Apple over unlocking the iPhone of a terrorist suspect in

bdpatoday Server Room

the San Bernardino shooting, he then called for a boycott of Apple’s products. What he has said about cybersecurity is that there should be a review of US cyber defenses by a “Cyber Review Team.”

STEM education

Experts who have reviewed President-elect Trump’s economic agenda suggest that deficits will explode, which could eventually lead a Republican Congress to slash budgets. This could mean heavy cuts to funding for science programs and education, which runs counter to the tech industry’s call for more tech-savvy workers in today’s digital age and software-defined ecosystems.

hscc-se16eMoreover, President-elect Trump publicly supported views that are not backed by the scientific community. He has repeated unfounded connections between vaccinations and autism and dismissed reports of climate change as a myth perpetuated by the Chinese to undermine our economy.

He appealed to voters in coal country by supporting energy policies that encourage the use of more fossil fuels and downplayed investments in renewable energy, like solar. Donald Trump also has said he would “cancel” the Paris climate agreement, the United Nations deal to curb greenhouse gases and fund adaptations to climate change, which worries many scientists.

H-1B visas and immigration

Immigration has been one of the hallmark issues of President-Elect Trump’s campaign, but most of his suggested policies center on what his administration would do to reduce illegal immigration. When it comes to legal immigration of skilled workers, he wants to increase pay for people holding H-1Bs as part of a plan to steer more opportunities to unemployed native and immigrant workers. This due largely in part some still consider H-1B visa holders a much cheaper source for highly skilled and technical labor for domestic U.S. corporations.

Tax policy

The biggest boost to the tech industry may ultimately come from President-elect Trump’s plans to lower corporate tax rates encouraging corporations to repatriate two trillion dollars of foreign profits parked overseas and reinvest their money in the United States.

stem-bdpaCNET reports there’s a good chance that money could be invested in the U.S., said Rob Atkinson, president of the Information Technology & Innovation Foundation (ITIF). But this is not a given. In the past, when the US allowed American companies to bring in profit earned overseas, we had hoped these firms would hire more workers. Instead, most of the money went to executives and shareholders.

President-elect Trump also has called for high import taxes on products, which could drive up prices for consumers on tech goods. Last January, Trump stated in one of his stump speeches, “We are going to get Apple to build computers and things in this country instead of in other countries.” Declining to comment on Trump’s statements at that time, Apple designs its products at its Silicon Valley headquarters, but uses a Chinese contractor to build them. If Apple products were manufactured in the US, the price of an iPhone could rise to as much as $900 per unit to offset worker wages versus the $650 cost of an iPhone today.

Could slashing corporate taxes to provide workforce development and mentor-protégé incentives help train more college, vocational tech, and high school students to build computers  and mobile devices with original equipment manufactures (OEMs) in the U.S.? Greg Autry, an entrepreneur researcher, predicts a shift away from the traditional start-up model, where young engineers develop a new product, get it financed and move the manufacturing overseas. He argued a Trump administration would create a regulatory and tax-friendly environment conducive to the tech sector.

“Companies like Foxconn, the Taiwanese company that manufactures Apple products will be able to expand production in the U.S. through automation,” Autry said. He added that more automation—the so-called ‘boogie man’ often described as robots stealing human jobs—would actually be a boon for OEMs and U.S. manufacturing.

“We’ve dealt with automation since the 19th century,” Autry said. “What automation does is create a lot more products for us to enjoy at a lower cost, and we get more people working more efficiently creating more products.”

Apparently, almost half of the national electorate voted along those lines—the promise of more jobs.

— Sources: cNET, CNBC, PBS, and the White House
Photo:  whitehouse.gov

Congress confirms Carla Hayden as 14th Librarian of Congress

First woman and first African American to head Library of Congress

WASHINGTON—On Wednesday, July 13, 2016, the U.S. Senate confirmed President Obama’s nominee for Librarian of Congress, Carla Hayden, by a vote of 74-18. Along with being the first woman and first African American to head the Library of Congress, Hayden is the first librarian to hold the position in six decades, according to the American Library Association. When Obama nominated Hayden in January, she was the chief executive of Baltimore’s Enoch Pratt Free Library system, where she earned praise for modernizing the nation’s oldest library system and keeping the libraries open during the Freddie Gray unrest in 2015, including personally opening the doors to the branch located in the heart of the turmoil.   Read more

Source: TheWeek.com
Cover photo: Dave Munch, Baltimore Sun
Video:  The White House

 

Privacy vs. Security – Tech Giants and Feds Weigh In

Amazon, Facebook, Google, Microsoft Back Apple in Court Fight Over Encryption

SAN FRANCISCO, CA – RE/Code reports some of Apple’s fiercest technology rivals have sided with the Cupertino company in its court fight over encryption.

apple-fbi
image courtesy Re/Code

A Who’s Who of the tech sector — 15 companies that include Amazon, Cisco, Facebook, Google and Microsoft — filed a court brief today, speaking out in one voice in a case they describe as of singular importance to the industry.

In the filing, the companies say they share the public’s outrage at the attack that took place in San Bernardino and feel no sympathy for terrorists. Indeed, they collectively respond to tens of thousands of government requests for data to assist in criminal investigations.

But the technology giants say they draw the line at the government’s request in the San Bernardino case, in which law enforcement seeks to “commandeer” Apple’s engineers to undermine the security features of its own products. The companies call on the federal judge to throw out the order that would require Apple to assist investigators in hacking the iPhone used in a recent attack.

Read more

Top photo: Navy Admiral Michael S. Rogers, director of the National Security Agency (NSA) and commander of U.S. Cyber Command, addresses RSA Security Conference in San Francisco, March 1. 2016. U.S. Navy video.

The Federal Government is hiring Innovation Specialists

So you want to join 18F?

18F
Mission
18F is a civic consultancy for the government, inside the government, working with agencies to rapidly deploy tools and services that are easy to use, cost efficient, and reusable. Their goal is to change how the government buys and develops digital services by helping agencies adopt modern techniques that deliver superior products.
18F transforms government from the inside out, creating cultural change by working with teams inside agencies who want to create great services for the public.
They are a trusted partner for agencies working to transform how they build and buy tools and services in a user-centered way.
They accomplish their mission by:
▸ putting the needs of the public first
▸ being design-centric, agile, open, and data-driven
▸ deploying tools and services early and often
%d bloggers like this: