1

Transparency and Open Government:Policies and Implications

October 20, 2009

Stephanie ZiertenDeputy General Counsel,

Information Technology Division

Jess WeissProject and Social Media Coordinator, Mass.gov®

Information Technology Division

22

Agenda: Transparency and Open Government:Policies and Implications

• Background – What is Transparent and Open Government?

• Legal and Policy Implications

• Organizational Issues

3

Transparent and Open Government

Government should be:

1.Transparent

2.Participatory

3.Collaborative

President Barack Obama

Memorandum on Transparency and Open Government

January 21, 2009

4

What is Transparent Government?

• Federal Register – “[t]he official daily publication for

rules, proposed rules, and notices of Federal agencies and organizations, as well as executive orders and other presidential documents."

– Traditionally printed 5 days per week

– Inelegant free online search– Expensive Westlaw, Lexis access

• Publication in XML announced Oct. 5, 2009

5

Princeton Frees FedReg

http://www.fedthread.org/

6

What is Participatory Government?

http://www.tsa.gov/blog

7

The TSA Blog Affecting Policy

"On Monday afternoon we began receiving questions about airports that were requiring ALL electronics to be removed from carry-on bags (everything, including BlackBerrys, iPods, and even cords). This practice was also mentioned on several other blogs and left us scratching our heads“

"So…we checked with our security operations team to figure out what was going on. After some calls to our airports, we learned that this exercise was set up by local TSA offices and was not part of any grand plan across the country. These practices were stopped on Monday afternoon."

http://www.tsa.gov/blog/2008/02/hooray-bloggers.html

8

Regulatory Comments Online

http://www.regulations.gov/

9

What is Collaborative Government?

• Medicare Nursing Home Compare Application

– Combines data from state and federal reports

– Includes self-reported and observed data

http://www.medicare.gov/NHCompare/Home.asp

10

Internal Collaboration

• Wikis– Bureaupedia (FBI)– Intellipedia (Office of the Director of

National Intelligence)– Diplopedia (US Department of State)– DOD Techipedia (US Department of

Defense)– Commonwiki (Commonwealth of

Massachusetts)

11

Group Collaboration

Navy for Moms

http://www.navyformoms.com/

12

Encouraging Open Government

“How do I get some web 2.0”

Or

“I need a blog (or Twitter or Facebook)”

Or

“I can’t be bothered. It’s just a fad.”

13

The Drill and Social Media

No one who buys a drill wants a drill. They want a hole.

~Anon.

14

Social Media is a Tool

Direct, two-way communications:

• Increased control over the message

• Conversation between government & citizens

• Improved understanding of constituent needs and wants

• Opportunity to help

15

Most Important Question

WHY!Why do you want to get involved with social media

– What agency goals will social media allow you to achieve?– Who are you trying to reach?– How will social media allow you to engage with a particular audience?

16

Let’s be Transparent, Collaborate, and Participate Implications … Moving into the Cloud

Cloud Computing:

Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable resources (for example networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

NIST Working Definition May 10, 2009 (updated June 1,

2009)

17

Models of Cloud Computing

• Three Delivery Models– Software as a Service (SaaS)– Platform as a Services (PaaS)– Infrastructure as a Service (IaaS)

• Four Deployment Models

Model User Management Location

Private One Org. Organization or 3rd Party

On or off premises

Community Several Orgs Organization or 3rd Party

On or off premises

Public General Public/Large Industry Grp.

Organization that sells cloud services

Variable, but likely off

Hybrid Combination of Above

Variable Variable

18

Desktop or Enterprise Applications

• Types of applications:– Agency bought or built– Maintenance

• Agency maintains component of applications in house (e.g. user interface, business functionality, and data storage) or

• Agency has a negotiated contract with service provider to maintain application; specific terms provider must meet.

• The “Private” model: agency controls – User interface;– Business functionality;– Data; and – technical controls (i.e. privacy settings; system security);

19

Cloud Social Media Applications

• The “Public” Model

• Agency just another user – the cloud application provider has physical control of infrastructure and data.

• Examples of Cloud Applications:– Social Media Providers

• Twitter™, Facebook™ etc.– Software as a Service (SaaS)

• Salesforce.com™• Gmail™

The Cloud• application• data• infrastructure

The Cloud• application• data• infrastructure

20

Social Media Providers

• Public Model Generally:– No negotiated contract between users and application provider– Take it or leave it

• Terms of Use and • Privacy Policies

• Why? – Free– Monopoly providers:

• Network Effects (applications have higher value when more people use the application)

21

Issues Raised by Cloud Social Media Applications

• Security– Will agency and/or users be able to access the information?– Will agency be able to access the data at any time?– What measures are being taken to ensure security of data?

• Encryption in route?• Encryption while stored?

– How does provider ensure data integrity?

• Privacy– Who has access to the information?

• Disaster and Backup– How is data backed up?– How often?– Are there redundant servers?

• Formats– In what format can agency retrieve the data?

• Viability– Will this provider be around for a long time?– What happens to the data if the provider goes under?

22

Privacy and Security in Cloud Applications –Shared Responsibility

• Which entity actually controls the content?– Service or Application Provider

• Which entity apparently controls the content?– Service or Application Provider?– Government Agency?– User?

• Which entity is legally required to control the content?– Some terms: Service or Application Provider

• Data breach laws– Some terms: Government Agency

• Records retention;• Open meeting law requirements

– Some terms: User• Privacy waiver (if placed in public domain)

23Digital Gov Summit 10/21/09

What Entity “Controls” this Page?

24

How about this Page?

25

The Citizen’s Perspective

• Who sees my data?

• Who controls the data?

• Who owns the data?

• How do I find out the answers?

26

Policies Policies Everywhere, but which Policy Applies?

• Clarify for the User– Agency Policies

• Update Terms of Use• Update Privacy Policy• Adopt a Social Media Policy

– Cite back to agency’s website policies when on a third party website– Give notice to users whenever possible that site is not controlled by

government entity (e.g. Direct Message DM on Twitter)

27

Social Media Third Party Provider Terms of Service (TOS)

• Privacy policies – cross reference privacy policy

• Limits on user conduct

• License rights to posted content

• Indemnification

• Disclaimer of warranties

• Limitation of liability

• Modifications to service or TOS

• Jurisdiction and governing law

• Copyright infringement procedures

28

Social Media Third Party Provider Privacy Policies

• What it governs: collection, dissemination and protection of personally identifiable information and other sensitive data

– Types of data collected• User supplied data (name; email address; birth date; cellular phone;

number and account information; associated websites etc.)• Log data (e.g. IP address; browser type or the domain from which

user visits; the web-pages user has visited; search terms used; and advertisements clicked on).

• Cookies– Sharing of the data: (e.g. other service providers, marketing companies,

business transfers)– Deleting of data– Security of data– Policy towards children

29

How do Citizens Know the Rules of the Game?Website Policies

• Website Policies:– Pre Web 2.0:

• Terms of Service• Privacy Policies• Accessibility Policies

– Post Web 2.0• Social Media Policy• Comment Terms

30

Update Agency’s Existing Website PoliciesGive Notice

• Terms of Use– Intellectual property over content submitted (e.g. creative commons

license)– Copyright infringement claims (safe harbor under the DMCA)

• Privacy Policy– Give notice that some third party providers might collect information

through their site (not controlled by the agency), and such data is subject to different policies.

31

Website Social Media Policy

• What: Describes how the agency uses social media tools

• How: How each social media site used by the agency

• Limits: Notice that each social media site has its own policies

• Example: YouTube

To both increase transparency and save money on video hosting and streaming, we publish all of our video content to our YouTube channel at www.youtube.com/massgovernor and embed the videos back on our site. If you would like the video in another format, please contact us and we’ll be happy to provide it for you.The Governor also encourages citizens to submit questions for him and his administration via video.  He will periodically respond to some (such as this response to a Barnstable High School student’s question) and members of his staff will respond to others via video or text.  Please watch this video to learn more.While we encourage you to subscribe to our videos, share them, comment on them, and embed them in your own sites, we often include additional context and information on our website that you might find helpful.  Visit our Media Center for more.

32

Participatory and/or Collaborative Government Comment Policy

• Describe purpose of site (facilitate dialogue about given topic)

• When are comments welcome

• Notice that site is moderated

• Limitations of site – not used for business purposes– not used for submission of claims

• Limitations on posting of comments– Profane, vulgar etc.– Threats– Sensitive information– Offensive– Off-topic

• Cross reference other policies (e.g. privacy, terms of use)

33

Giving Notice on Cloud Application –Not a Government Application

34

Give Notice on Page: Specific Comment Terms Apply

35

Accountability and Moderating Sites – Transparent, Collaborative, or Participatory Government Sites

• Using the Sites -- Consider:– First Amendment

• Creating a public forum• Chilling or limiting protected speech

– Open Meeting Law• Posting by members of a deliberative body could implicate Open Meeting Law:

When a quorum knows what a quorum thinks.– Accessibility: meet requirements – Rules of professional conduct (lawyers, doctors etc.)

• Legal obligations unique to public sector:– Records retention requirements

• Manage the content:– Enforce Comment Policy– Prevent or mitigate:

• Copyright infringement• Privacy tort claims• Defamation

36

Organizational IssuesKey Steps

• Select Toolset– Micro-blogging

• Short blasts, rapid deployment• Links to dispersed content• Crowd sourcing

– Video sharing– Social Network

• Aggregated, updated multimedia, conversations• Nimble, low maintenance platform

– Blogs/Wiki• In-depth conversations• Soliciting feedback• Encouraging conversation

– Other?

• Select Forums– Demographic– Goal

37

Organizational IssuesKey Steps (cont’d)

• Update Policies– Privacy Policy– Terms of Use– Social Media Policy– Comment Policy

• Select and Train Agency Participants– Consider goal of social media site– Update Acceptable Use Policy (AUP) to reflect social media use.

• Monitor and Update Agency Social Media Sites

38

Fast Failure or Speedy Success

• What resources do you have?– Social media success requires dedication– Need to devote people to participating in the conversation

• Don’t over-orchestrate.– Social media community values authenticity, genuine conversation. – Don’t limit your participation to press releases.

• Prepare to make mistakes.– Social media community expects and forgives

mistakes.– Ask forgiveness. Promise improvements.

• Evaluate & Tweak.

39

Contact Information

Jess WeissProject and Social Media Coordinator, Mass.govInformation Technology DivisionCommonwealth of Massachusetts1 Ashburton Place, Room 1601Boston, Massachusetts 02108Phone: 617.626.4497Email : jessica.weiss@state.ma.us Web: http://www.mass.gov/itd

Stephanie ZiertenDeputy General CounselInformation Technology DivisionCommonwealth of Massachusetts 1 Ashburton Place, Room 804Boston, MA 02108Phone: 617.626.4698Fax: 617.626.4459Email: Stephanie.Zierten@state.ma.usweb:  http://www.mass.gov/itd