News in Brief

Smith named CTO, Holder and Clapper back reforms, and McAfee hails Heartbleed

Google's Megan Smith has been hired to replace Todd Park as U.S. chief technology officer.

Now it's official: White House names new chief technologist

Google executive Megan Smith was named U.S. chief technology officer on Sept. 4, and former Twitter lawyer Alexander Macgillivray was named one of her deputies.

"Megan has spent her career leading talented teams and taking cutting-edge technology and innovation initiatives from concept to design to deployment," President Barack Obama said in a statement. "I am confident that in her new role as America's chief technology officer, she will put her long record of leadership and exceptional skills to work on behalf of the American people."

The appointment comes a week after the White House announced that Todd Park, who had served as U.S. CTO since March 2012, would be taking on a new role recruiting talented tech professionals in Silicon Valley to work for the government.

Rumors of Smith's candidacy for the CTO role surfaced last week, with Bloomberg and Fortune reporting her White House gig as basically a "done deal." Although she was vice president of business development at Google for nine years, Smith might be best known for her most recent role as vice president of Google X, the company's secretive innovation lab.

Macgillivray will focus mainly on Internet policy, intellectual property, and the intersection of big data, technology and privacy, according to the White House statement. He served as general counsel and head of public policy at Twitter from 2009 to 2013.

Holder, Clapper support paring back NSA phone record collection

The nation's top law enforcement official and top spy have co-signed a letter to Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) supporting passage of legislation that would ban bulk collection of phone records by the government.

The House passed its version of the bill, dubbed the USA Freedom Act, in May.

Attorney General Eric Holder and Director of National Intelligence James Clapper wrote that the bill "preserves essential Intelligence Community capabilities" and "is a reasonable compromise that enhances privacy and civil liberties and increases transparency."

The bulk collection program, authorized by Section 215 of the Patriot Act, was confirmed through leaks of classified information by former National Security Agency contractor Edward Snowden. Under the program, the government collected telephone billing records from telecommunications providers en masse, creating a database that covered most Americans.

NSA and other agencies queried the data to collect information about connections between targets of terrorist investigations and individuals linked to them. A presidential commission recommended changes to the practice after Snowden's disclosures.

The letter also outlines the government's understanding of what kind of collection data and querying would be permitted under the measure and the legal authorities and minimization procedures that apply. The letter notes that the intelligence community will "retain the operational capabilities of the existing bulk telephone metadata program," owing to the "existing practices in retaining metadata" on the part of leading commercial communications providers. Relevant billing records are typically retained for 18 months.

McAfee tags Heartbleed as critical security event

The Heartbleed vulnerability is an unintended gift to hackers that will keep on giving, according to cybersecurity provider McAfee's quarterly threat report.

The company said Heartbleed was by far the most important security event in the second quarter of 2014. The vulnerability contained in several versions of the OpenSSL security protocols "affected every IT organization -- knowingly or unknowingly," the report states.

McAfee estimated that Heartbleed affected about 17 percent of all TLS-enabled websites worldwide, which typically request user authentication via usernames and passwords. That comes to more than 600,000 affected sites.

Although the report praises the efforts in the IT community to find and patch Heartbleed vulnerabilities, it says some of that assistance has been undermined by criminals. For instance, websites that listed Heartbleed-vulnerable sites to help users who wanted to ensure they were authenticating safely "quickly became hit lists for cybercriminals," the report states.

Furthermore, one of the more astute cybercriminals extracted data from still-vulnerable sites and is selling it on the black market. McAfee's report states that more than 300,000 websites remain unpatched and vulnerable to that type of criminal activity.

About the Author

Connect with the FCW staff on Twitter @FCWnow.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.