Category Archives: Policy

Modernizing Govt ain’t so simple

Great read about the bumps that the Obama team have encountered to replicate the communiation apparatus used during the campaign in the White House.

Leave a comment

Filed under Government Information, Policy

Obama EMT investment – Government reacting to market failure

NYT story notes how the investment to create incentives to single practice physicians is classic textbook reactionto market failure:

… only about 17 percent of the nation’s physicians are using computerized patient records, according to a government-sponsored survey published last year in The New England Journal of Medicine.“This is really not a technology problem,” observed Erik Brynjolfsson, an economist at the Sloan School of Management at the Massachusetts Institute of Technology. “It’s a matter of incentives and market failure.”

Leave a comment

Filed under electronic medical records

Another hub in the cybersecurity Network

Former Washington Gov. Gary Locke is slated to be appointed Secretary of Commerce:

Experience in technology policy will also be important for the next commerce secretary, Cantwell said, since he will have to appoint the next director of the National Institute of Standards and Technology, oversee the U.S. Patent and Trademark Office, and provide leadership on issues like cybersecurity.

The National Institute of Standards and Technology (NIST) does important stuff — like set standards and prescriptions such as the new guide on maintaining data security while teleworking.  This riveting 46 page how to is written in “broad language in order to be helpful to any group that engages in telework. (see NIST release)”

In the executive summary you will find the important steps any individual should take before connecting at home or at the local cafe.

  • Before implementing any of the recommendations or suggestions in the guide, users should back up all data and verify the validity of the backups. Readers with little or no experience configuring personal computers, consumer devices, or home networks should seek assistance in applying the recommendations. Every telework device’s existing configuration and environment is unique, so changing its configuration could have unforeseen consequences, including loss of data and loss of device or application functionality.
  • Before teleworking, users should understand not only their organization’s policies and requirements, but also appropriate ways of protecting the organization’s information that they may access.
  • Teleworkers should ensure that all the devices on their wired and wireless home networks are properly secured, as well as the home networks themselves.
  • Teleworkers who use their own desktop or laptop PCs for telework should secure their operating systems and primary applications.
  • Teleworkers who use their own consumer devices for telework should secure them based on the security recommendations from the devices’ manufacturers.
  • Teleworkers should consider the security state of a third-party device before using it for telework.

Each of the steps are reasonable — but who will invest the resources required to make those steps effective?

Standards are being published and have been published for some time.  Yet, breaches continue to occur.  So, is the current status of policy and policy outcomes optimal or do we need to create another paradigm for cybersecurity?

Leave a comment

Filed under broadband, cybersecurity, electronic medical records, federal cyber security, Policy

Security, Privacy, Interoperability

These terms are strongly related, inter-related to be more precise, and have a significant effect upon the level of trust and confidence that any information system engenders with its users.  Separately dealing with each attributed of a network, as though the relationship between each term were independent, is not good design.  Yet, read the following taken from Cnet article on problems building a new healthcare system:

Lawmakers and health care representatives also asked the HISPC to clarify why privacy issues were such a critical part of maintaining electronic health records.

“It seems to me there is a big concern about the digitization of data as separate, but if we have the right security measures, that data is no different from the data physically sitting in my office,” said Herb Conway, a physician who sits on the New Jersey state legislature. “Are we going to be designing laws that interfere with our ability to have interoperability?

“While we appreciate that different states have different rules, we’re trying to find a way to streamline the process so patient treatment is not affected by delays in sharing information,” he said.

Leave a comment

Filed under cyber policy, cybersecurity, electronic medical records

Regulatory Transparency – will it change your behavior?

A relatively new policy tool, mandatory disclosure of infromation with a regulatory intent, is being proposed as a means to deal with the net neutrality issue.  In an article announcing Obama’s choice of Leibowitz as FTC chair,  Cnet reports:

On the issue of Net neutrality, Leibowitz stood out from his colleagues in June 2007 when the FTC released a report stating no new laws were necessary. Leibowitz issued an opinion saying existing antitrust laws may not have been “adequate to the task” of Internet broadband regulation.

“Will carriers block, slow or interfere with applications?” Leibowitz asked at a public hearing held by the FTC in November 2006. “If so, will consumers be told about this before they sign up? In my mind, failure to disclose these procedures would be…unfair and deceptive.”

Researchers believe that in order for such transparency to be effective a) the user behavior must be changeable via better information and b) the disclosers’ behavior (i.e. internet access providers AT&T and Comcast) must be changeable in reaction to the users’ choices.  I question whether the users will have a choice even if they possess perfect information to act upon (not even gonna get into the details of whether the information disclosed is comprhensible by the average user)>

Leave a comment

Filed under broadband, Policy, policy tools

Cyber Policy – Tracking law breakers

Seems some folks in Congress believe that all access point providers should maintain a log of users to be accessible by law enforcement.

Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations.

…Translated, the Internet Safety Act applies not just to AT&T, Comcast, Verizon, and so on–but also to the tens of millions of homes with Wi-Fi access points or wired routers that use the standard method of dynamically assigning temporary addresses. (That method is called Dynamic Host Configuration Protocol, or DHCP.)

Good synopsis by DeClan McCullagh.

And this headline sums up the Congressional approach to problem solving that the two bills above represent:

New Congress SO last century

And one last comment, taken from Scott Cleland at precursor, indicating where policymakers should be focusing their energies:

Out of sight — out of mind.

It is very troubling that in all the public discourse about the future of the Internet, cloud computing, and appropriate Internet public policy, there is so little discussion or coverage of the real and growing threat of Internet cyber attacks on our people, economy, government, and network-infrastructure.

2 Comments

Filed under federal cyber security, Policy, policy tools, privacy

Cyber Security Policy Tools – parental control

What you don’t know, can hurt your kids:

Because parents generally don’t understand that Internet features exist on these devices, they are not supervising their use (other than for choice of game content for sex or violence). They are often shocked to learn that their kids are using voice-over-Internet phone technologies (VoIP) to scream at or chat with anyone else playing the game.

Even when strong parental controls exist, such as with Xbox 360 or Wii, parents don’t think about setting them and rarely know they are available.

Leave a comment

Filed under Policy, policy tools