(Imagen 4)
Government agencies face problems.
Specific problems.
How does your firm solve them?
Specifically?
More Monday morning.
Tag Archives: government
Survey Says
So Deloitte announced the results of a survey earlier this month.
“The fifth annual Deloitte “Connected Consumer” survey reveals that consumers have a positive perception of their technology experiences and are increasingly embracing GenAI. However, they are determined to seek balance in their digital lives and expect trust, accountability, and transparency from technology providers.”
Deloitte conducted the survey BEFORE the RIBridges hack.
On the RIBridges Benefits System Hack
I originally worked with state benefits systems during my years at Printrak, and have performed analysis of such systems at Bredemarket. These systems store sensitive personal data of many Americans, including myself. And they are therefore a target for hackers.
The hack at RIBridges
A huge benefits system was hacked in Rhode Island, according to the State.
“On December 5, the State was informed by its vendor, Deloitte, that the RIBridges data system was the target of a potential cyberattack….”
That was just the beginning.
“On December 10, the State received confirmation from Deloitte that there had been a breach of the RIBridges system based on a screenshot of file folders sent by the hacker to Deloitte. On December 11, Deloitte confirmed that there is a high probability that the implicated folders contain personally identifiable information from RIBridges. On December 13, Deloitte confirmed there was malicious code present in the system, and the State directed Deloitte to shut RIBridges down to remediate the threat.”
RIBridges is…um…a bridge from Rhode Island residents to various Federally sponsored but State administered benefits programs, including:
- Medicaid,
- Supplemental Nutrition Assistance Program (SNAP),
- Temporary Assistance for Needy Families (TANF),
- Child Care Assistance Program (CCAP),
- Health coverage purchased through HealthSource RI
- Rhode Island Works (RIW),
- Long-Term Services and Supports (LTSS), and
- General Public Assistance (GPA) Program
State benefits systems such as RIBridges are complex and often hosted on old infrastructure that requires modernization. (“Modernization” is a great buzzword to use to toss around when describing aging state computer systems, as I know from my years working with driver’s license and biometric identification systems.) The older and more complex the system, the easier to hack.
The history of RIBridges
This complexity is certainly true of Deloitte’s hacked RIBridges system.
“Gov. Daniel McKee…said the state will pay the firm $99 million over the next three years to manage and build out the RIBridges computer system….The firm has been developing the software, which handles the state’s Medicaid, SNAP and other welfare programs, since 2016, though delays and errors during (previous Governor) Raimondo’s administration caused the state to overspend by at least $150 million as of 2019, the last time the state renewed Deloitte’s contract.”
Why is Deloitte’s performance less than ideal? Anthony Kimerv of Biometric Update explains the issues facing RIBridges.
“Federal agencies, including the federal Centers for Medicare and Medicaid Services, had warned Rhode Island before the system’s launch that it was not ready for deployment….RIBridges proceeded despite clear operational risks, leading to immediate and widespread problems. The launch resulted in significant disruptions to benefits distribution, with thousands of residents experiencing delays in receiving critical assistance. Backlogs soared, with more than 20,000 cases piling up due to system malfunctions.”
After much time and effort the backlogs decreased, but the treasure trove of personally identifiable information (PII) remained a target.
“As a central repository for sensitive personal data, including financial information and health records, RIBridges became a potential target for cyberattacks. Security audits revealed vulnerabilities in the system’s defenses….Cybercriminals exploited weaknesses in RIBridges to access sensitive data. The attackers bypassed existing security measures, inserted malicious code, and obtained unauthorized access. The breach exposed flaws in the system’s technical defenses and highlighted issues with its oversight and vendor management.”
The consequences for RIBridges applicants
So now the system is down, applicants are using paper forms, and a cyber criminal is requesting a payout.
(Image by Google Gemini)
Transparency With My Employer
February 4. 2024
Bredemarket
1030 N Mountain Ave #259
Ontario, CA 91762-2114
As my employer, I am informing you that I am no longer required to report for jury duty on Monday, February 5. I have confirmed this on the San Bernardino County Superior Court website.
Please let me know if you need any additional information.
Sincerely,
John Bredehoft
Bredemarket Potential Limited Availability, February 5 Through 9
As an independent contractor who doesn’t HAVE to keep set hours this is technically none of your business, but I’m letting you know anyway. San Bernardino County has messaged me about something…and it potentially affects you.
I may have limited availability during the week of February 5-9 due to a jury duty summons.
And because of the confidentiality of jury proceedings, that’s all that I will have to say about THAT.
Currently the Bredemarket Calendly page marks me as completely unavailable during the week of February 5-9. I will adjust this as needed.
P.S. Years ago when I received a jury duty summons that potentially involved biometric evidence, I disclosed that I worked for a company that competed with the jurisdiction’s biometric provider. In this case, the PROSECUTION excused me from service.
Four Restrictions on Bredemarket’s City of Ontario Business License, and Why You Should Care
Remember when I said that I spent Labor Day renewing my City of Ontario business license?
Well, the approved license arrived in the mail today.
The electronic mail, not the snail mail.
This coming year will be the fourth year of Bredemarket’s existence. I started in August 2020, but it took a few weeks for the city business license and other paperwork to complete.
Now while the City of Ontario (California, not Canada) business license renewal entitles me to conduct business in the city as Bredemarket (when coupled with the Fictitious Business Name statement I filed with San Bernardino County), it is not an official endorsement of my activity by the city, and is definitely NOT an endorsement of the call to action at the end of this post.
More importantly, the City of Ontario has imposed four significant restrictions on the way that Bredemarket conducts business. Do they affect how I do business with you? We’ll see.
First: I must post the business license in a conspicuous place
Done.
Although as we will see when we get to the third restriction, the whole meaning of “conspicuous place” is irrelevant to Bredemarket’s business.
Second: I can’t conduct just ANY business
The business license is issued “for consulting services, including marketing and writing services.” The license does NOT allow me to bake pies, perform auto maintenance, launch rockets into space, or perform heart surgery.
Dang guvmint.
Third: No visitation from clients
Remember how the city requires that I post my license in a conspicuous place? Well, the city also prohibits me from having clients visit me at my work location. This makes sense, since residential neighborhoods aren’t really built to have a bunch of cars park outside a house where business is conducted.
This means that when I do have a person-to-person meeting (rather than a videoconference) to conduct business, the meeting has to be offsite. For example, a couple of years ago I met with an advisor at Brandon’s Diner in Upland. (And the lunch was tax deductible!)
Fourth: No signage permitted
Again, because my work location is in a residential neighborhood, I can’t put a huge neon sign in my front yard with the Bredemarket logo.
And no, I can’t put a small neon sign in my front yard.
Or any neon sign.
I wonder if the city will let me put signage on my mailbox? Actually, the UPS Store probably won’t allow that either.
So what?
The reason that these city restrictions don’t matter to you is because (since we still have the Internet) Bredemarket is perfectly capable of conducting its business online.
You don’t have to look for my business sign, or a parking place in front of the place where I conduct business. Why not? Because I can meet with you via Google Meet or another videoconferencing service, or we can talk on the phone, or even exchange emails with each other.
I’ve worked from home since March 2020—first for IDEMIA, then for Bredemarket, then for Incode Technologies, then for Bredemarket again. During that time I’ve been able to meet all of the needs of Bredemarket clients remotely, despite no public parking and no signage.
Well, almost all the needs. I haven’t been able to perform aortic valve surgery for my clients.
Dang guvmint.
The city does not endorse this call to action
Do you want to use the marketing and writing services of a government-licensed consulting firm?
More importantly, do you want to use the marketing and writing services of a consulting firm that ensures the right questions are asked at the beginning of the project, and that you have complete input during the writing and review cycles?
Authorize Bredemarket, Ontario California’s content marketing expert, to help your firm produce words that return results.
- Email me at john.bredehoft@bredemarket.com.
- Book a meeting with me at calendly.com/bredemarket.
- Contact me at bredemarket.com/contact/.
- Subscribe to my mailing list at http://eepurl.com/hdHIaT.
Generative AI Guidelines in San Jose, California
The Bredemarket blog has previously considered how private companies like Samsung and Adobe use generative AI. Government use is similar, yet differs in some ways. Let’s see how San Jose, California approaches it.
As GovTech reported in its article “San Jose Releases Generative AI Guidelines, Looks to Learn,” some of the concerns of San Jose’s city governments are similar to issues with which private companies grapple.
Privacy is also a concern, and IT advises generative AI users to assume any information entered will be exposed to the public. Materials unready for publication shouldn’t be entered, nor should private emails. Employees looking for help drafting emails should avoid copy-pasting messages into generative AI, instead prompting the tools to write a generic message they can fact-check or augment with personalized details. The guidelines advise users to fact-check with multiple credible sources, including peer-reviewed journals and official documents.
From https://www.govtech.com/artificial-intelligence/san-jose-releases-generative-ai-guidelines-looks-to-learn
This is a big concern for private companies, also.
But there are also issues that governments need to consider that private companies may not need to address.
One consideration is that government writing requires a particular style. Senate bills, for example, are written with a certain structure and formality. The city also uses gender-neutral language and the term “resident” rather than “citizen.”
From https://www.govtech.com/artificial-intelligence/san-jose-releases-generative-ai-guidelines-looks-to-learn
Of course private companies have their own writing styles, but the world won’t come to an end if the IBM memorandum includes the word “gnarly.” But the wrong word in a Senate bill, or the use of the term “citizen” in a blue state, could be catastrophic.
One thing is clear: San Jose Chief Information Officer Khaled Tawfik doesn’t think that general-purpose generative AI will cut it.
San Jose has talked with several vendors about the possibility of AI trained on data from government, potentially restricted to San Jose data only.
From https://www.govtech.com/artificial-intelligence/san-jose-releases-generative-ai-guidelines-looks-to-learn
As I noted in my post about Writer.com, this also allows implementation of privacy restrictions that could help avert problems if an employee inputs confidential information into the tool.
For the moment, San Jose is asking employees and contractors to log all use of generative AI. This will be referenced as the city develops its guidelines and policies in the future. As the city says:
Generative Artificial Intelligence (AI) is a new branch of AI technology that can generate content—such as stories, poetry, images, voice, and music— at the request of a user. Many organizations have banned Generative AI, while others allow unrestricted usage. The City recognizes the opportunity for a controlled and responsible approach that acknowledges the benefits to efficiency while minimizing the risks around AI bias, privacy, and cybersecurity.
This is the first step in a collaborative process to develop the City’s overall AI policy. Registered users will be invited to join the Information Technology Department in a working group to share their experience and co-develop the City’s AI policies.
From https://www.sanjoseca.gov/your-government/departments-offices/information-technology/itd-generative-ai-guideline
From defund the police to fund the police. But what about technology?
There’s been a tactical reversal by some cities.
Defund the police, then re-fund the police
In November, the Portland Oregon City Council unanimously voted to increase police funding, a little over a year after the city reduced police funding in the wake of the Black Lives Matter movement.
Now this month, Oakland California has also decided to increase police funding after similarly defunding the police in the past. This vote was not unanimous, but the City Council was very much in favor of the measure.
Not that Oakland has returned to the former status quo.
[Mayor Libby] Schaaf applauded the vote in a statement, saying that residents “spoke up for a comprehensive approach to public safety — one that includes prevention, intervention, and addressing crime’s root causes, as well as an adequately staffed police department.”
From https://www.police1.com/patrol-issues/articles/oakland-backtracks-votes-to-add-police-as-crimes-surge-MDirxJZAHV41wyxg/
So while Oakland doesn’t believe that police are the solution to EVERY problem, it feels that police are necessary as part of a comprehensive approach. The city had 78 homicides in 2019, 109 in 2020, and 129 so far in 2021. Granted that it’s difficult to compare year-over-year statistics in the COVID age, but clearly defunding the police hasn’t been a major success.
But if crime is to be addressed by a comprehensive approach including “prevention, intervention, … addressing crime’s root causes, … (and) an adequately staffed police department…
…what about police technology?
What about police technology?
Portland and Oakland have a lot in common. Not only have they defunded and re-funded the police, but both have participated in the “facial recognition is evil” movement.
Oakland was the third U.S. city to limit the use of facial recognition, back in July 2019.
A city ordinance … prohibits the city of Oakland from “acquiring, obtaining, retaining, requesting, or accessing” facial recognition technology….
From https://www.vice.com/en/article/zmpaex/oakland-becomes-third-us-city-to-ban-facial-recognition-xz
Portland joined the movement later, in September 2020. But when it did, it made Oakland and other cities look like havens of right-wing totalitarianism.
The Portland City Council has passed the toughest facial recognition ban in the US, blocking both public and private use of the technology. Other cities such as Boston, San Francisco, and Oakland have passed laws barring public institutions from using facial recognition, but Portland is the first to prohibit private use.
From https://www.theverge.com/2020/9/9/21429960/portland-passes-strongest-facial-recognition-ban-us-public-private-technology
Mayor Ted Wheeler noted, “Portlanders should never be in fear of having their right of privacy be exploited by either their government or by a private institution.”
Coincidentally, I was talking to someone this afternoon about some of the marketing work that I performed in 2015 for then-MorphoTrak’s video analytics offering. The market analysis included both government customers (some with acronyms, some without) and potential private customers such as large retail chains.
In 2015, we hadn’t yet seen the movements that would result in dampening both market segments in cities like Portland. (Perpetual Lineup didn’t appear until 2016, while Gender Shades didn’t appear until 2018.)
Flash – ah ah, robber of the universe
But there’s something else that I didn’t imagine in 2015, and that’s the new rage that’s sweeping the nation.
Flash!
Specifically, flash mobs. And not the fun kind, but the “flash rob” kind.
District Attorney Chesa Boudin, who is facing a recall election in June, called this weekend’s brazen robberies “absolutely unacceptable” and was preparing tough charges against those arrested during the criminal bedlam in Union Square….
Boudin said his office was eagerly awaiting more arrests and plans to announce felony charges on Tuesday. He said 25 individuals are still at large in connection with the Union Square burglaries on Friday night….
“We know that when it comes to property crime in particular, sadly San Francisco police are spread thin,” said Boudin. “They’re not able to respond to every single 911 call, they’re only making arrests at about 3% of reported thefts.”
From https://sanfrancisco.cbslocal.com/2021/11/23/smash-and-grab-embattled-san-francisco-district-attorney-chesa-boudin-prosecution/
So there are no arrests in 97% of reported thefts in San Francisco.
To be honest, this is not a “new” rage that is sweeping the nation.
In fact, “flash robs” were occurring as early as 2012 in places like…Portland, Oregon.
If only there were a technology that could recognize flash rob participants and other thieves even when the police WEREN’T present.
A technology that is continuously tested by the U.S. government for accuracy, demographic effects (see this PDF and the individual “report cards” from the 1:1 tests), and other factors.
Does anyone know of any technology that would fill this need?
Perhaps Oakland and Portland could adopt it.
Maryland will soon deal with privacy stakeholders (and they CAN’T care about the GYRO method)
Just last week, I mentioned that the state of Utah appointed the Department of Government Operations’ first privacy officer. Now Maryland is getting into the act, and it’s worth taking a semi-deep dive into what Maryland is doing, and how it affects (or doesn’t affect) public safety.
According to Government Technology, the state of Maryland has created two new state information technology positions, one of which is the State Chief Privacy Officer. Because government, I will refer to this as the SCPO throughout the remainder of this post. If you are referring to this new position in verbal conversation, you can refer to the “Maryland skip-oh.” Or the “crab skip-oh.”
Governor Hogan announced the creation of the SCPO position via an Executive Order, a PDF of which can be found here.
Let me call out a few provisions in this executive order.
- A.2. defines “personally identifiable information,” consisting of a person’s name in conjunction with other information, including but not limited to “[b]iometric information including an individual’s physiological or biological characteristics, including an individual’s deoxyribonucleic acid.” (Yes, that’s DNA.) Oh, and driver’s license numbers also.
- At the same time, A.2 excludes “information collected, processed, or shared for the purposes of…public safety.”
- But on the other hand, A.5 lists specific “state units” covered by certain provisions of the law, including both The Department of Public Safety and Correctional Services and the Department of State Police.
- The reason for the listing of the state units is because every one of them will need to appoint “an agency privacy official” (C.2) who works with the SCPO.
There are other provisions, including the need for agency justification for the collection of personally identifiable information (PII), and the need to provide individuals with access to their collected PII along with the ability to correct or amend it.
But for law enforcement agencies in Maryland, the “public safety” exemption pretty much limits the applicability of THIS executive order (although other laws to correct public safety data would still apply).
Therefore, if some Maryland sheriff’s department releases an automated fingerprint identification system Request for Proposal (RFP) next month, you probably WON’T see a privacy advocate on the evaluation committee.
But what about an RFP released in 2022? Or an RFP released in a different state?
Be sure to keep up with relevant privacy legislation BEFORE it affects you.
Bredemarket 