Lohrmann on Infrastructure

 I read a very interesting CNET article yesterday entitled, "Why no one cares about privacy anymore." I urge you to take five minutes and read it. If you have ten minutes more, continue on and read the comments.

 Here's an interesting excerpt:

  "Norms are changing, with confidentiality giving way to openness. Participating in YouTube, Loopt, FriendFeed, Flickr, and other elements of modern digital society means giving up some privacy, yet millions of people are willing to make that trade-off every day. Of people with an online profile, nearly 40 percent have disabled privacy settings so anyone may view it, according to a Pew Internet survey released a year ago. The percentage is probably higher today." 

Or how about this intriguing interview with appeals court judge, senior lecturer and author Richard Posner: "As a social good, I think privacy is greatly overrated because privacy basically means concealment. People conceal things in order to fool other people about them. They want to appear healthier than they are, smarter, more honest and so forth." That isn't a defense of snooping as much as a warning of the flip side of privacy--concealing facts that are discreditable, including those that other people have a legitimate reason for knowing."

 There is no doubt that many young people have different views on these topics than the baby boomers. One key question revolves around the defaults in "opting-in" versus "opting-out" of various privacy settings. Like so many other aspects of technology, anonymity can be used for good or for evil.

 So why do I mention this now? There are thousands of implications to thought-provoking questions on privacy. We build laws around protecting medical records, family data and more, but what if people freely give away very personal information about themselves? How do we know where someone obtained personal information about someone else? Should we be building laws, rules and regulations for the most private person in society or the majority or multiple different systems for different viewpoints?

 Yes, these are hard questions to answer. But as these articles and interviews point out, many leaders are forging forward without asking for permission. No doubt, they are pushing the envelope, asking for forgiveness when necessary, but not slowing down.

 As a security and privacy advocate, I am in no way suggesting that we can ignore nor diminish the importance of protecting legally protected records. We all know that credit cards, social security numbers and medical records are legally protected. But we can also expect to see cases where medical records were freely shared by patients on social networking sites. Our challenge will be to deal with those who want to share and those who don't and to give them options - which is harder than a one size fits all.

As we write or modfiy our polices on social networks at work, protect our sensitive records, build cloud computing with new interfaces and engage our citizens in the 21st century, the definition of privacy will be constantly changing. Government technology professionals need to be aware of the various perspectives.

What are your thoughts on where privacy is going?        

Microsoft is warning that the extended support phase is ending for Windows 2000 (server and client), on July 13, 2010.  In addition, other products with lapsing service include: Windows XP Service Pack 2, Vista RTM, and Windows Server 2003.

Here's what GCN was reporting: "On Wednesday, a Microsoft lifecycle support blog post hinted at grim prospects for those who don't upgrade before that time. Simply put, the end of extended support for those products means that no more security updates will be delivered to patch vulnerabilities in those operating systems. Support articles will remain online, but just for a year.

Microsoft customers who can't upgrade when extended support ends have another option: They can request "custom support" from Microsoft, which will cost extra."

Yes, this is a big deal for many state and local governments. As anyone who suffered through the migration off of Windows NT will tell you, upgrading operating systems can become quite challenging for a long list of reasons. Applications need to be tested in the new environment, and there never seems to be enough time to get systems migrated. These projects required time, resources and priority.    

So what if you stay put? The cost is very expensive to buy continued support on Windows 2000 after July 13, according to my sources. However, if you do nothing with your Windows 2000 servers, you will open up your enterprise to numerous malware threats and other problems.

Within the state of Michigan, we still have dozens of servers on Windows 2000, and we have kicked off a project to virtualize and upgrade these boxes. No doubt, the simpler thing to do is to just get off of older hardware; however, we are utilizing a variety of tools to help upgrade the OS at the same time. This project is sure to cause some unexpected challenges.

What are your plans for Windows 2000 servers? (Feel free to go ahead and brag if you're totally off of this OS.)

Many schools around the nation issue student laptops. But what activities are allowed with those laptops by students or family members? What policies apply? What happens if a laptop gets lost or stolen? Equally important, what can be done if policies are broken?  How are policies enforced? What privacy rights do students have? What if network or security staff use these tools inappropriately?

These are just a few of the questions being asked by students, parents, lawyers and school administrators around the nation after a student claimed that his school spied on him with a webcam. In case you're not familiar with the case, here's an excerpt from philly.com:

"A Lower Merion (PA) family has set off a furor among students, parents, and civil liberties groups by alleging that Harriton High School officials used a webcam on a school-issued laptop to spy on their 15-year-old son at home.

In a lawsuit filed Tuesday in federal court, the family said the school's assistant principal had confronted their son, told him he had "engaged in improper behavior in [his] home, and cited as evidence a photograph from the webcam embedded in [his] personal laptop issued by the school district."

The suit contends the Lower Merion School District, one of the most prosperous and highest-achieving in the state, had the ability to turn on students' webcams and illegally invade their privacy."

To be fair, the facts of this case are not known at this time. The PA school district denies spying on students. Here is an excerpt of the statement that was made by Dr. Christopher McGinley, who is the Superintendent of the Lower Merion School District:

"Last year, our district became one of the first school systems in the United States to provide laptop computers to all high school students. This initiative has been well received and has provided educational benefits to our students.

The District is dedicated to protecting and promoting student privacy. The laptops do contain a security feature intended to track lost, stolen and missing laptops. This feature has been deactivated effective today."

The letter goes on to describe their policy and reasons for using this security feature - mainly for situations that involve lost or stolen laptops.

So why highlight this issue for government technology professionals? No doubt, some readers have authority and/or oversight responsibilities for school networks, laptops and other technology. In those situations, this case has a direct impact on any student laptop program you are administering. 

And yet, related issues could, and in my personal opinion probably will, surface for government laptops (and other portable devices). That is, the same questions that I asked at the beginning of this blog also apply to adults at work for state and local governments. No, you don't need webcams for similar questions to arise. What about any type of personal use or conversations or activities that you users feel are private?

The vast majority of governments have an acceptable use policy which states that employees should have no expectations of personal privacy protection when using government owned IT resources. While there are many good reasons for these types of policies, turning on laptop webcams to monitor user activity is certainly not a behavior that anyone that I know would condone or implement. In Michigan, we don't even issue webcams on standard state government-issued laptops.

So while we may not have this specific issue, all of us can still ask similar "what if" policy questions about use of government laptops both now and in the future. Questions will also arise for mobile devices (such as blackberries) or cell phones with cameras. For example: Are pictures you take on work cell phones the property of your employer? Most lawyers I know would probably say, "It depends."

A different aspect of this case (or future cases) may involve the potential unauthorized monitoring by technology staff. For example, even if the policy is correct, fair, and proper, what if someone working for a government or school turned on those webcams remotely in violation of the stated policy?  This would be similar to the police misusing their authority and/or weapons to do harm instead of good. Is the school responsible for an employee's unethical behavior? What safeguards are in place?

Meanwhile, technology executives will continue to make decisions on what technology tools should be used for monitoring and accountability with work-issued PCs, laptops or other devices. This CBS News video describes how some private companies are cracking down on those who surf the web on the job while others encourage monitoring with accountability software - where every website and keystroke is captured.  Of course, every situation is different, but some people tend to lump all of these topics together under "spying"- which is an extreme response. Building trust between employees and management is the key, and the employees shown in this video appreciate the fact that they can surf the web within reasonable limits.

There is no doubt that these monitoring tools can be used for good or evil. Remember that malicious hackers could even take control of these same web cams or other devices and use the computer for their own purposes.  The issue of illegal hacking of web cameras is not new, since Bruce Schneier blogged about this topic back in 2005.       

From a simplistic point of view, this particular school laptop case may seem like an obvious violation of decent behavior. Spying on kids via school laptops with webcams in homes is clearly wrong and a violation of personal privacy. Nevertheless, that may not be what truly happened. Time will tell on this case, and the courts will decide whether this activity was appropriate security or illegal spying on children at home.            

Regardless of the outcome, there will be more cases and similar questions for all of us in government technology. In fact, the same questions also apply to the private sector. We need to ask: what is the right balance between security and privacy. How often should we update our policies? And, what if proper security technology tools are used to violate personal privacy or to do harm to staff?

What are your thoughts on this case or on monitoring software?

 What's all the Buzz about? No, I'm not referring to the Olympics, an uptick in the economy or even springtime bees. Google has a new social network service called Buzz. What makes this a bit different is the linkage with Gmail and other Google products. The Internet is full of analysis of Buzz -v- Facebook, so I won't go there.

 I haven't tried the product yet, although I have seen it pop up within my personal Gmail account. In fact, I wasn't even going to blog about this topic, until some interesting developments around privacy emerged last week. My view is that state and local IT officials can learn from this rollout.

  To get an initial sense of the issues, read this USA Today article. Here's an excerpt:

"Buzz lets Gmail subscribers create profiles, like Facebook, and send Internet-wide blog postings, like Twitter. One issue of concern is a feature called "auto follow" that automatically sets up people you e-mail and chat with the most as followers of your Buzz postings."

The central questions revolve around "opt-in" versus "opt-out" features. That is, what happens automatically? Does everyone who has a Gmail account instantly start getting Buzz updates on their friend's lives? For users who may mix work and family contacts, will they start seeing pictures of work colleagues on vacation?

 More than that, what becomes searchable online? I am not taking any sides on these questions, only pointing out the potential good and not so good potential outcomes.  

 So why should state and local technology professionals care? Besides the implications on personal accounts, I think this trend has several implications for us. Here are a few things to consider:

1) Several governments have implemented (or are considering) Google's email and other office applications. How will Buzz fit into that strategy (on not)? This could be a good thing or a problem.

2) For all of us, social networking continues to grow. There are still those who have policies that say "ban social networks" like MySpace and Facebook at the office.  This is not going to last in the long run. We need to manage the situation both now and in the future with policies and enforcement. Practically speaking, some may be blocking Facebook but allowing personal Gmail accounts. That distinction just got more blurry. Check those filters.

3)  Examine the privacy implications for using this Buzz service at home and work. What are your settings? Should sharing certain information be turned off?

4) Lastly (for now), we can learn from the reaction of Google in rolling out Buzz. As we roll out Intranet and Internet portals, internal social networking sites, or other apps, we need to make sure that we understand how these apps link together (or not) from an "opt-in" perspective. Don't assume that users will like all of these automatic connections. While some people will certainly benefit and like the additional functionality, we need to address the cultural issues surrounding perceived (and real) privacy and security changes.

 Meanwhile, I'm going to get my hands dirty find out what all the Buzz is about (for myself).  

 This is not your grandfather's winter games. Every Olympic city makes major investments in technology, security and infrastructure in the 21st Century, and the Vancouver Winter Games are no exception.  The Olympic Cauldron will be lit on February 12, 2010. And yet, the hard work began immediately after Canada was selected to host the 2010 Winter Olympics back in 2004.

Want some examples?

1)      Technology companies are certainly talking about their unique role in these Games.  Green technology is a central element. Check out this Canadian website on technology related to the Olympics.

2)      Stopping terrorism is essential. One article back in 2005 estimated that the security budget would be about $177 million with a 50-50 split between the federal and provincial governments, but USA Today called actual security spending to be closer to $1 billion. More than 1000 security cameras are in place for the Winter Olympics.

3)      Infrastructure development has been important. There are plenty of stories online about the people behind the scenes who make the Olympic Games happen. There are also stories about the technology being used. If you look hard enough, you'll find just about every big IT company is involved in some way. One example is Sun, but AT&T and others are right there as well.

4)      The economic development aspects and wider role of the Olympics can be seen in YouTube videos like this one.

5)      The role of the city mayors and Vancouver Government overall has been a huge part of this story.

Bottom line, this is big business. Just like the involvement of the South African Government in preparing for the 2010 World Cup in June, the Vancouver Olympic Games required an incredible investment in everything that we do in government technology every day. The difference is the scale, and the number of people watching.

So when you watch that beautiful opening or closing ceremony, when the US Hockey Team is skating to victory or those international downhill skiers fly past your TV screen, remember the technology and security infrastructure that made it all possible.   

Let the games begin...

Now that Oracle's acquisition of Sun has been approved by the European Commission, what's next? That is, what does this merger mean for government technology leaders around the country?

Some readers may be thinking that this is old news, but this major deal has been on hold since April 2009 due to competition concerns.  The merger now looks certain to go through in the next few months or sooner.  

This is a very important announcement for the technology industry since:

"Oracle chief executive Larry Ellison said in September that the delay was breeding customer uncertainty, causing Sun to lose $100 million a month as companies held off purchases. The panel had threatened to block the deal due to fears that Oracle might be able to eliminate MySQL as a competitor."

Going back to the analysis of the announcement last year, Oracle was deemed to be getting a bargain for $7.4 Billion. Experts reported that Oracle, "Ends up acquiring MySQL, the upstart database that has been viewed as Oracle's Achilles' heel." Now we know that Oracle will not only keep MySQL, but they will boost investment in MySQL's open-source licensing platform.

Om Malik, from gigaom.com, wrote this on the merger after to speaking to "inside" sources:

• "The deal could mean trouble for Sybase, which has a lot of customers on Solaris.
• It could prove challenging for non-database users of Solaris, for it's not clear how Oracle will treat Solaris.
• It's good news for Java, as two major corporate giants will be supporting it and will be forced to play nice with each other.
• Oracle will keep MySQL going mostly because it can act as a funnel for further business opportunities."

 Mr. Malik goes on to quote Miko Matsumura, VP and deputy CTO at Software AG, who had a contrarian take on the merger. He predicts it will be a disaster, with thousands of layoffs.

The Linux Journal posed an open-ended question to readers about the acquisition, and here's what they said about what's next back in April 2009.

Fast-forward back to today, and ask the same question. What are we likely to see as the 2010 progresses? Check out this internal Sun memo from their CEO that was obtained by CNET.com. The theme:  Beat IBM, which comes from the first letter from the first seven paragraphs.

Meanwhile, Oracle announced their plans for Sun last month, and here's a bit of what zdnet.com  reported:

"Ellison also gave some insight to his Sun strategy. In a nutshell, he's staying out of the high-volume, low margin game that IBM and HP play. Simply put, Ellison is taking Sun upmarket with hardware-software devices like the Exadata database machine. Exadata has been a hit, said Oracle executives, who noted that orders have tripled sequentially and the biggest problem right now is manufacturing enough systems.

The future of Sun will rest with high-value systems, said Ellison, who added the computer industry is focused on selling components instead of complete packages."

No doubt, these are interesting times. I can't help but think back to my earliest memories of Sun. I remember buying and playing with a Sun Sparcstation 1 when I was at NSA in the late 1980s.  Over the next decade, we configured hundreds of Sun boxes.

Now, as the Sun CEO stated to his employees:  "Sun is a brand, Oracle is your company."

I've never worked at Sun, but along with thousands of employees, I'll have a hard time getting used to that distinction.

What are your thoughts on this merger?

The world-wide media was full of stories this week regarding the Google situation in China. Articles ranged from the Global Implications of Google's Stand to a new perspective on Global Net Intrigue. There is no denying that this is a potential Internet game-changer in many ways that go way beyond just security and hacking challenges we all face over the next decade.

 But I"d like to point out a few related issues that may not be immediately evident. For example, what implications might this announcement have for cloud computing and/or Offshore Outsourcing?

I found it very interesting that Google immediately defended cloud computing after the attacks. This defense seemed almost too quick. Check out this quote:

 "(Google Chief Legal Officer David) Drummond said the attack on Google's corporate infrastructure resulted in the theft of intellectual property from Google, though he declined to specify what the hackers stole. 
  

However, he also said the accounts of dozens of Gmail users in the U.S., Europe and China who are advocates of human rights in China were routinely accessed by third parties. Drummond stressed that these accounts were compromised through phishing scams or malware, not through holes in Google's computing infrastructure. This is a key point.

Google's hosts data from search, Gmail and other collaboration programs that comprise Google Apps for millions of consumers on thousands of servers in data centers all over the world as part of a cloud computing model. When a Google user triggers a request from his or her computer, it speeds to these servers, looking for a response."

 The article goes on to quote Drummand as he defended the Google security controls as well as cloud computing as a whole. And yet, it seems to me that his answers may be too narrow. A wider question remains around the laws, practices and policies of global governments.

 That is, what if a law in another country changes or conflict with a cloud company's policies and procedures. Or, what if laws are not enforced or followed? Might a major investment be lost? What legal recourse will a company or local or state government have if a nation state decides to not play by their own rules?

It seems to me that this China situation has huge implications for cloud computing globally and locally for states. Put in another way, how does the legal framework of a country impact cloud computing?

 I heard a lecture once by a defense expert who said something to the effect that intentions can change overnight, but capabilities take many years to deploy. He was speaking about aircraft carriers and tanks, but I think that same quote applies to cloud infrastructure overseas - as we have just witnessed in China.

What are your thoughts on this topic? 

The Federal Communications Commission (FCC) Chairman Julius Genachowski has asked congressional leaders for more time to deliver the much anticipated National Broadband Plan, now due Feb. 17. According to Government Computer News (GCN), Genachowski said that,"this extension will not affect the FCC's budget for the National Broadband Plan, which was mandated as part of the National Recovery Act, and asked that it be accepted March 17."

 This entire process, which was kicked off last April, has taken much longer than orginally anticipated. The plan is an important driver for the nation's economic recovery. State and local governments have been very engaged in this broadband planning process, and many state planners are waiting eagerly for the final plan which will provide more guidance. Here's another excerpt from the GCN article:

"The goals are to ensure access to broadband capability for all Americans, provide a detailed strategy for affordability and adoption of broadband and to maximize utilization of broadband and craft a strategy for using broadband to achieve national purposes. Under the plan, grants will be provided by the Agriculture Department's Rural Utilities Service and the Commerce Department's National Telecommunications and Information Administration." 

 The commission invited broad public participation in developing the plan, and this summer launched a blog called Blogband, to chronicle development of the plan and invite comment. It also launched a Twitter channel to report progress on the National Broadband Plan." 

 State and local governments have been eagerly waiting to find out who will receive grants in their state. State-specific plans will depend upon national decisions.

Meanwhile, in a related development, the Federal Trade Commission (FTC) has announced that they are examining cloud computing's privacy and security implications for consumers. The FTC wants its findings to be considered as the FCC formulates the National Broadband Plan.

Information Week ran a story on this topic, and here is an interesting quote:

"[T]he ability of cloud computing services to collect and centrally store increasing amounts of consumer data, combined with the ease with which such centrally stored data may be shared with others, create a risk that larger amounts of data may be used by entities in ways not originally intended or understood by consumers," wrote FTC attorney David C. Vladeck in a letter to FCC Secretary Marlene H. Dortch. 

One interesting note: the timing of the upcoming FTC roundtable discussions on the implications of cloud security and privacy, the last of which is scheduled for March 17, does not work with the February release schedule for the National Broadband Plan. So what does this mean?

 I agree with Thomas Claburn of Information Week that, "The letter appears to be a reminder to the FCC, as it comes up with a broadband framework for the U.S., to save a place at the table for the FTC."

What are your thoughts on the National Broadband Plan and/or your views on how the plan relates to cloud computing?    

What's around the corner for 2010? What new invention will be the next iPhone, iPod or blackberry? Are there any hot tech topics that CTOs need to be considering for their infrastructure budgets? Just as important for technology professionals, what Christmas presents might be showing up at a government office near you?

Over the holidays I was reading about upcoming innovations and technology predictions for the new year and beyond. Along the way, I came across a new term called "vooks."

 I thought to myself: What's a vook? So I googled it and typed, "articles on vooks."  Google came back with: "Did you mean: articles on books?" My Microsoft Word program didn't do much better - putting a red line under the word and offering suggestions like "look, took and cook."

My daughter thought vooks might be creatures from outerspace or aliens in the movie Avatar - which she reminded me that we need to see soon.

But a vook is a hybrid between a video and a book. Scrolling down further from my Google search, you will come across these somewhat recent articles:

Curling Up with Hybrid Books, Videos Included (excerpt from New York Times)

"... In the age of the iPhone, Kindle and YouTube, the notion of the book is becoming increasingly elastic as publishers mash together text, video and Web features in a scramble to keep readers interested in an archaic form of entertainment."

Vook Publishes Sherlock Holmes Classics and Offers Hundreds of Thousands of Copies to Schools and Libraries in the United States and United Kingdom (excerpt from www.earthtimes.org )

"The Sherlock Holmes Experience vook is a revolutionary new way to read the exploits of Arthur Conan Doyle's legendary character, Sherlock Holmes. The vook enhances these timeless stories with videos that delve into the history and legend surrounding Holmes. The videos annotate the text, giving readers a better picture of the times and the ability to pick out details and historical facts that help readers further immerse themselves in the mysteries. Additionally, key terms are hyperlinked throughout the vook to let readers explore sites on the Web related to the plot without having to lose their place in the story. The vook will be available as an application on the iPhone and the browser-based Vook Reader."

What is a Vook and will it change how you read? (Excerpt from Entertainment Weekly)

"Is this the first hole in the dam for our traditional definition of what books are? Can a single medium continue to exist alone in this increasingly multimedia world, or will reading inevitably end up looking less like Gutenberg and more like Google?"

Where does a vook come from? Well, from vook.com, of course. Vook is also a company started in 2008.  (No, I have no financial interest or any other relationship with them.) Their front pages announces: "Make a new you in 2010." 

OK, so why is a government CTO writing about vooks in an infrastructure blog? Great question. A few things (and trends) to consider:

1) One complaint that I hear from our customers is that we are not thinking about their apps, the future, what's next, and building infrastructure to support it. We're too worried (and busy) solving current issues and not looking at strategic directions for government.    

2) Here's another great example of the new media world we live in where video, the Internet, text and just about everything end users do with technology, are merging together. Yes, we've seen similar things before with mashups - but vooks, or some variation thereof, may become a new killer app for select customers.

3) Think about future training opportunities at work and possibilities for K-12 and higher education.

4) More directly, this technology has major implications for network connectivity for governments, Internet access speeds, and more. I know many state and local governments that block all video, and that strategy will only work for so long.

5) As an author, I'm interested in books, new forms of writing, interpersonal communication and this cool, trendy topic. 

Bottom line - Watch out, the vooks are coming!     

One more thing - when I told my wife Priscilla about this new term "vook" she sighed. "Where have all the book lovers gone?"   She's not the only one asking that question.

 As we approach a new decade in 2010, my mind instinctively goes back in time and scans the past decade.

 My thoughts easily jump back to ten years ago as we prepared for Y2K and the new millennium. I recall the fear and excitement as we watched the local, national and international news on New Year's Eve to see if computer programs would crash and send the world into chaos. Our government technology teams spent over three years preparing for that night, and I remember the relief when all went well.

 Events seemed to seesaw back and forth over the past ten years. After Y2K came the contested Presidential election of 2000 - with "hanging chads" and plenty of resulting technological challenges.

 Next came 9/11/01. Who can forget where they were on 911? I was in the Romney building in downtown Lansing, Michigan. Our team was building the first Michigan.gov portal, which would bring together state websites in new ways and provide one face of government to citizens. I was shocked as I watched the second plane hit the World Trade Center on live TV.

But these events are more than just sad memories or interesting History Channel topics. These true stories helped to shape who we are in government today. After September 11^th, government priorities changed. The Department of Homeland Security was established in Washington DC. I went back to focusing on computer security at work.     

Meanwhile the Internet was taking off. Everyone was going online as never before. Families installed wireless networks in homes, MySpace and then Facebook became huge, and Google became a verb. Check out these fascinating statistics from CNET on average web usage growth over the past fifteen years.  

Along with the good came the bad. The increase in cyber crime and identity theft started attracting attention. The growth in malware became exponential.  

In my opinion, the growth of Internet use is the most important technology story of the decade.  Yes, there are many sub-trends, such as the Apple iPod, blackberries, and more. But the Internet is changing so many aspects of society. Taking a peek into the future, I suspect virtual worlds and avatars are going to continue that trend into the next decade.

I could go on and on regarding events this decade. The historic election of Barack Obama, our "great recession" and the many events of 2009 will certainly be remembered decades from now.  New pushes towards infrastructure projects such as rural broadband, health IT and cloud computing are certainly changing government now and will shape our future.     

But my point in this blog is to encourage you to look back as you look forward.  Aristotle said, "If you would understand anything, observe its beginning and its development."

So I encourage you to take a few minutes and visit the "Wayback Machine" online. This Internet archive will take you back to what various websites looked like on different days. Scroll down and look at the coverage of various significant events.   

 This has been a remarkable first decade of the 21^st century.  What new technology has made the biggest impact to government in your opinion?