October 19, 2021•1,162 words
Last week, the Missouri governor showed the world his technological illiteracy by vowing to prosecute a "hacker" that brought a major data leak to the government's attention. The entire tech community had a big laugh, since the government itself was sending Social Security Numbers to users that could be easily found with the barest modicum of tech know-how.
The governor's public blunder never should have happened. The fact that he publicly stated his ignorance in such an embarrassing manner demonstrates that nobody in his advisory circle knew enough about technology to tell him to stop. Nobody he knew understood that it was the government's mistake, even though the data breach was responsibly reported.
It's not a big leap to assume that nobody competent is leading Missouri's technology departments. I shudder to think what else in the state is wide-open for attackers.
Sure, it's easy to call out government incompetency (especially when it comes to technology). It's practically an American past time. But things like this keep happening and we should keep getting upset until the issue is solved.
Securing IT systems is no trivial task, and we make it incredibly difficult on ourselves due to the very structure of the US federal government system. States have an incredible amount of power, which means the United States has about 50 different ways of doing any one thing when it comes to running the state IT systems. That's a huge attack surface for malicious actors to find their way into.
But regardless of which state we're talking about they all need to do similar things that involve information technology. Here are just a few things I could think of off the top of my head:
- City planning
- Infrastructure maintenance
- Citizen feedback
- COVID reporting and notifying
I could keep going.
So why are we creating 50 different IT systems for these? As a small example, I live in Washington, which has a great legislation system that even allows citizens to provide feedback on bills. Looking at the same type of site from Texas, the last state I lived in, their legislation system leaves much to be desired, especially because there's no way to provide feedback on the very bills you're searching.
I'm sure both state's IT departments (or potentially hired contractors) put a lot of hours into these systems. It's great they're available, but sad that my friends in Texas don't have the same tools of democracy I have. And looking back at the utter incompetency of Missouri, many of these systems across the US were likely built on a shoestring budget by people who don't have an understanding of IT security.
All this leads me to ask: why aren't states working together to provide a great, secure technology experience for their citizens?
I argue that our federalist system discourages coordination, at least when it comes to IT systems.
One benefit to the federal system is that states get to be "laboratories of democracy". Each state can adapt their laws to its specific citizens, with a federal government theoretically providing a common floor of basic human rights that every state has to provide. Sometimes those "experiments" do leak over to other states, until things that used to be unthinkable (gay marriage or cannabis legalization) are essentially the law of the land, even without federal support. That can be a pretty great way to run a country, but it does have its pitfalls. One of which is the fragmentation of technology solutions, further exacerbating our already inefficient bureaucracy.
Maybe I'm just ignorant, but I haven't seen collaborative thinking when it comes to building and running the information technology powering our state, county, and local governments. Part of it is likely because the Internet and supporting technologies are relatively new and the machinery of government moves deliberately slow. Another part is that private industry sucks up the best IT talent just to put them to work on milking a few more dollars out of ad clicks instead of positively contributing to society. And yet another is because the one government body in place to facilitate coordination between states simply hasn't done it yet!
Now is the perfect time for the US Digital Service to create a Government as a Service (GaaS) platform.
The federal government should lead the charge in researching and developing a suite of open source state management tools that are free to use and expand upon. This would create a cooperative IT community where states can add to these systems based on their unique circumstances and make those improvements available to others. It also greatly reduces the attack vector of potential hackers, since these handful of common systems can be more efficiently hardened than all of the unique systems built in each state. Hell, even private businesses would be free to use or contribute to any of the tools that overlap with their needs.
This doesn't even have to be done with changing laws, as far as I'm aware (though I'm no lawyer). The US Digital Service could be instructed to coordinate or build these tools through an executive order. New laws enabling this kind of digital transformation would further accelerate the quality of these shared tools, especially when it comes to allocating funds towards making the systems private and secure. And with the USDS leading the way, these systems would be fantastic. The USDS is already working on a common set of tools to standardize federal websites to create a unified user experience. They would be in the perfect position to help states take advantage of the tools already built and create even more quality tech to support state governance.
Obviously, some people will have concerns with such coordination. I imagine some folks are happy that there's no federal coordination of IT strategy in order to protect against some sort of centralized government technology takeover. But to mitigate those fears, these tools would be open source and voluntary to use. In addition, information privacy should be a major concern when creating all of these new systems. The latest encryption methods should be employed with no backdoors, and independent audits should be performed to keep everyone using these systems safe from bad actors, both internal and external.
Imagine the time and money saved if all US states coordinated in building an open source suite of government management tools.
Your next trip to the DMV could take minutes, no matter what state you live in. You could easily find and look through an interactive breakdown of your city's finances. You no longer would have to pay some company to file your state and federal taxes. You city's administration budget could be slashed, all while getting a more-responsive government.
And best of all, you could finally sleep soundly at night knowing your fellow citizens in other states are getting just as excellent an experience interacting with their government online as you are.