PRESS RELEASE
Washington DC – Next a new relationship on how chaotic cybersecurity practices by a federal technology contractor enabled a massive attack on U.S. government systems, Sen. Ron Wyden, D-Ore., today released a bill to establish mandatory security standards information technology, save taxpayers money and break the anti-competitive blockade – in effect caused by proprietary and gated software.
Multiple disastrous attacks on US government systems were made possible by poor cybersecurity practices by large technology companies providing services to the government. Most recently, the Department of Homeland Security’s Cybersecurity Review Board cited a “cascade” of errors by Microsoft, allowing Chinese hackers to breach federal email systems.
The Secure and Interoperable Government Collaboration Technology Act would require the government to establish new, secure and open standards for collaboration software, which would also promote competition and save taxpayers money.
“My bill will protect American government communications from foreign hackers, while protecting taxpayers’ wallets. Vendor lock-in, bundling and other anticompetitive practices lead the government to spend large sums of money on insecure software,” Wyden said. “The time has come to break the stranglehold of big tech companies like Microsoft on government software, establish high cybersecurity standards, and reap the many benefits of a competitive market.”
While phone calls and email messages allow users to communicate regardless of which mobile network or email provider they use, collaboration software is frustratingly stuck. While video conferencing software like Zoom, Webex, and Microsoft Teams offer similar functionality, users cannot communicate between platforms. Similar barriers exist for chat services like Slack and document editors like Google Docs and Microsoft Office. As a result, agencies often find themselves stuck in expensive and insecure walled gardens that result in a waste of time and taxpayer money as government employees constantly switch between collaboration software products.
The Secure and Interoperable Government Collaboration Technology Act –
Require the National Institute of Standards and Technology (NIST) to identify a set of interoperable standards, requirements, and guidelines for each of these collaboration technology capabilities, based on a set of required collaboration technology capabilities identified by the General Services Administration (GSA ).
Require that, to the maximum extent possible, standards use end-to-end encryption and other technologies to protect U.S. government communications from foreign surveillance.
Require that collaborative technologies used by federal agencies enable those agencies to comply with federal recordkeeping requirements.
Four years after NIST identified the standards, collaborative technology provided by the federal government is required to be able to communicate using NIST standards.
Directs the Department of Homeland Security to conduct cybersecurity reviews of collaboration technology products widely used by the federal government.
Create a GSA and Office of Management and Budget working group to produce biannual reviews of the collaboration technology used by the federal government to recommend additions or improvements to the standards.
The bill is endorsed by Accountable Tech, Demand Progress, Fight for the Future, Proton, Nym, Matrix.org Foundation, and Cory Doctorow.
“Interoperability – the ability to put something new into a technology, with or without the manufacturer’s permission – is the key to defeating Big Tech,” Doctorow said. “This bill will require public funds to be spent on this technology whoever it can fix, extend, or improve, preventing tech companies from blocking and stealing from the US government. The most surprising part is that it isn’t Already the way it’s done.”
“Through this legislation, the federal government has the opportunity to set an example for workplaces, organizations and institutions across the country on how to fundamentally improve online safety. Protecting digital communication with end-to-end encryption is essential for data privacy and security and should be the standard across the board. Without it, messages can be intercepted and abused by hackers, repressive law enforcement, foreign governments, or the company that owns the platform itself. Everyone from the former director of the NSA to big tech companies to human rights defenders working under authoritarian regimes have highlighted the life-saving importance of end-to-end encryption. The issue of data privacy has never been more urgent, and decisive action by lawmakers is needed right now to implement policies on technology platforms that truly put our privacy and our needs as users, not profits, at the center corporate”, She said Leila Nashashibi, Fight for the Future activist.
Wyden is accepting feedback on the bill on [email protected]
THE the text of the bill is available here.
A the one-page summary of the account is here.