Gov 2.0: Silicon Valley-style

Last week, I attended the inaugural Government 2.0 Expo and Summit by O’Reilly Media, co-produced by Techweb. It was a well-attended event and I learned a lot – much more than I could talk about in any one post. So, over the coming days, I’ll be highlighting a series of posts about the topics, people, and technologies that were featured at the event.

Before diving into any one area, though, I’ll share a few high-level impressions…

First, Tim O’Reilly, namesake of O’Reilly Media, has done a nice job of using his access to (and support of) administration principals as a way to build relationships with leaders in agencies and is an unabashed cheerleader of “government as a platform.”

Even though others – including my own company, New Paradigm / nGenera – have had active “Government 2.0” syndicated research programs and member events for a couple of years, O’Reilly has used his attribution for coining the phrase “web 2.0” as an opportunity to (re)claim “government 2.0” from a publishing and thought leadership perspective.

Second, not surprisingly, given the organizer’s tech-heavy center of gravity, the audience composition felt like it was evenly composed of one-part Silicon Valley tech entrepreneurs and one-part DC-based large systems consultants/contractors, with a tiny dash of attendees from the “fly over” heartland of the US or international. 

And, as one might expect from those two main locations, the average age difference between the West and East coasters was about 8-10 years, by my anecdotal guess, with Easterners being the elders. Given this concentration of youth and valley tech:  

  • There was an obsessive over-representation of the visual, programmatic and evangelical, but a large-scale lip service under-representation of critical process change, methodology, cultural dynamics and impacts.  (More about that in a future post.)
  • In fact, the only ones that spoke intelligently about those issues were the government reps themselves, although it was clear they were relying heavily on existing, traditional SDLC frameworks, leadership approaches, etc. 
  • The one exception was Eric Ries of Kleiner whose “lean start-up” discussion was an insightful reference, but again, moreso from the perspective of the “developer of a product” and not “the implementation of an in-house enterprise solution” – see:
  • But to balance Eric’s keen-eyed observations were some almost comically evangelical presentations by a couple of the web 2.0 outfits, perhaps made more frenetic by a Demo-esque “rapid fire” format used several times to pack some quick examples into a series of 5-minute pitches by company founders. A memorable one in this vein was in which the co-founder spoke so fervently about the miracles of human, social interaction you’d have thought they invented it.

Third, while the overall theme was “government as a platform,” the descriptive sub-heading to that theme might well be have been: “federal government as a provider and protector of public data, and private sector a developer and implementer of web 2.0 services at all levels, from hyper-local to national.” Because of this sub-heading, there was enormous focus placed on and advocacy of further release of all forms of data via the open gov initiative.

There were some truly amazing web services that were demonstrated in healthcare, public safety, intelligence and defense, and municipal services, including:

  • At the federal level, I was very impressed with the Apps for America winners:  Datamasher, ThisWeKnow and Govpulse. 
  • At the state level, I was surprised at the lack of applications targeted specifically for the needs of states or similarly large geographic regions, such as provinces.
  • And at the local level, I felt there was significant redundancy in some of the business implementations and objectives of several of the gov 2.0 services described, such as:,, and

To that end, I was pleased to see the work of TOPP and its objective to serve as kind of a gov-oriented sourceforge for services developed by different groups and jurisdictions, to promote a much higher degree of repeatability and improvement of best practices/strongest common code bases.

In summary:  a strong inaugural event that has good momentum going into 2010, during which the Expo and Summit will be split on the calendar as spring and fall events.  And, for everyone that was unable to attend, I encourage you to catch a large majority of the videos on BlipTV.

Security Roundup: Dewey, Cheatam, and Howe

I love it when the NPR Cartalk guys – Click and Clack – give the closing credits of their show each week and credit their law firm “Dewey Cheatam and Howe” along with their other various pun-derific service providers and sponsors. Besides bringing a smile to my lips, the name is a constant reminder to me of how you can be getting robbed right before your eyes and not even know it.

One of the benefits (occasionally, co-workers would say a curse) that I received during my tenure leading the IT services practice of Bridgepoint Consulting in 2006-2007 was gaining a healthy respect for systems security, compliance, and IT general controls.

Not that I’m any better than the next person in securing my day-to-day personal and work IT assets; but, you might say I’m a bit more likely to browse the headlines concerning security issues than my average colleague. With that in mind, what follows are a couple of headlines that have caught my attention recently.

There’s a great article by the BBC that describes how bad guys are increasingly operating like small business. I love the quote by the Cisco security researcher when he talks about how “One of the most important themes for a business is customer acquisition.” He then goes on to document how the hot memes and search terms of the day, combined with web 2.0 mass communications platforms like twitter and Facebook, make for a major boon to online criminals.

The moral of the BBC article: it’s all about knowing who it is you are dealing with and, for the moment, the easiest way for the average Joe or Jane to ensure the authenticity of the party on the other end of communications is by using a digital signature. If you are a MS-Office user, like much of the business world, then you can read all about activating a digital signature from Microsoft.

Moving on from signatures to other forms of identification (or ID), I found this article in InformationWeek about the increasing ease of cracking American social security numbers (or SSNs) a good reminder of the need to rely on multi-factor unique identifiers to protect one’s privacy. Since basic identity theft normally relies on the three essentials of ID – SSN, name, and date of birth – this article is a rude awakening.

In the article, it describes how a research team was able to predict SSNs with 60% accuracy after 1,000 attempts, among those born recently in small states. It goes on to describe the staggering potential street value of credit cards obtained using swiped identities, by deploying a large botnet. We’re talking hundreds of thousands of dollars per hour! Definitely enough to persuade your average criminal into a hiring a couple of ethically ambiguous computer science majors.

So, with all of this risk, what does one do? My experience, and what I’ve repeatedly seen advised by the security professionals, is to create a layered approach to security. As with all things, stay informed about the latest recommendations, like this Top 20 security controls list from ZDNet.

An industry colleague, Susan Scrupski, is fond of offering the simple rule “blog smart” when asked what the policies ought to look like for well-run online communities. Co-opting that rule for purposes of security, I would “compute smart” when it comes to conducting your business and personal interactions online.