Better Census testing, CDM training and car-data privacy concerns

GAO: Census needs better planning to save 2020 legwork

Instead of trekking house to house, the Census Bureau could use administrative records -- data other government organizations already have -- to replace some in-person collections and cut down on costs. But in a report released on Oct. 20, the Government Accountability Office warned that the bureau needs to plan better in order to save money.

GAO auditors noted that Census officials recently ran a successful test of the administrative records strategy and new collection technology in Maricopa County, Ariz. During the test, however, problems with new technologies weren’t systemically reported and tracked.

The bureau’s savings estimates are logical, GAO said, but learning which houses are abandoned and therefore can be skipped by census canvassers, for instance, could dramatically reduce time spent pounding the pavement.

GAO’s report recommends that the Commerce Department secretary push to establish deadlines for Census to determine which administrative records it will use and how. Auditors also advocate clear reporting guidelines so that pre-2020 census field problems can be tracked and remedied.

DHS official discusses CDM training

The Department of Homeland Security will provide virtual personnel training for all three phases of Continuous Diagnostics and Mitigation, a broad cybersecurity program whose acquisition vehicle has a ceiling of $6 billion.

The training is an acknowledgement that the sensors and other tools provided by the program need human expertise to be effective.

DHS is also doing “road shows” in which officials visit various agencies and provide CDM training, said Darryl Peek, a cybersecurity strategist in DHS’ Federal Network Resilience Division.

DHS is conducting the training “because we realize we’re introducing something quickly to a population that may not be used to the tools that are being provided,” he said Oct. 20 at an FCW-sponsored acquisition conference in Washington. “So therefore there’s a certain level of ramp-up that needs to take place…but we just know that it’s going to take a little while for governance to catch up with the actual tool implementation.”

Some vendors, such as those that win continuous-monitoring-as-a-service contracts, are also responsible for undergoing a certain level of CDM training, Peek said.

DHS Secretary Jeh Johnson pledged in July to make the first phase of CDM tools available to 97 percent of the federal civilian workforce by the end of fiscal 2015.

Protecting cars' data systems -- from car owners?

The House Energy and Commerce Committee has released a discussion draft of a bill that seeks to protect automobile data systems, but privacy advocates warn that the legislation could wind up stifling security research -- and possibly penalize car owners for accessing their own data.

Mark Jaycox, a legislative analyst at the Electronic Frontier Foundation, wrote in an Oct. 19 blog post that the bill, which has not been officially introduced, has a particularly troubling provision that would allow the government to fine car owners $100,000 every time they access their cars’ data and computer code "without authorization."

The provision does not say whose authorization is required, Jaycox noted. The language could block researchers who want to use the data to bolster protections. It also might make maintenance work difficult or prohibitively expensive.

“We would certainly argue that the language shouldn’t be read so expansively, but people shouldn't have to hire a lawyer before repairing their cars or inspecting code to make sure they are safe," Jaycox said. "And they certainly shouldn't have to fear a $100,000 penalty.”

“It's a classic one-two punch from Congress -- not understanding something and then deciding to draft a bill about it anyway," he added.