Listening to Reince Priebus make noise about how the real culprit in the Russian hacking scandal is the Democratic Party for not being good stewards of their data is enough to make us gag. The whole system of computers used in government is too vulnerable, but it does not have to be. Here are some suggestions.
Unified Government Data
Every government entity has, and jealously guards, their information in separate data centers. This is ridiculous. In most cases, it’s not really their data. It’s our data, and they are supposed to be good stewards of this information. However, even though agencies like NIST promote standards for safe operation, these systems are constantly getting probed, and occasionally getting hacked.
A set of data centers spread across the US could be constructed that would accommodate the needs of all departments. They would be more consistently configured. That does not mean they would necessarily safer, but the would be much easier to defend. The objection will always be that diversity makes it harder to hack systems, but that has not been proven. In fact it has been disproven.
A government-based version of Proton mail would encrypt all mail between government employees, Congress, the Supreme Court, and the White House. Private email accounts would be discouraged. No hotmail or gmail accounts. No emails could be forwarded to non-encrypted accounts.
Private email should be private
The reason groups like the DNC stand up their own servers is because they don’t want prying eyes reading personal and confidential email. Which eyes? The ones that can subpoena them. The Trey Gowdy’s and the Darrell Issa’s of the world. If this email was deemed personal and not subject to subpoena by the opposition, then all email could sit on government servers. We can create three mail categories; personal, political, and confidential, with levels of access strictly defined.
Create an Information Court
Access to information that is held by the government can only be approved by an independent, non-partisan Information Court, subject to appeals up to the Supreme Court, but with broad powers over the FOIA. This is referred to as an honest broker. It is a group that can determine if the information requested has any bearing on the investigators that are interested in them. That will irritate a few, but be more efficient than the existing FOIA path.
The biggest problem we face as a digital nation is the sheer volume of information that we define as this, or that. We need a metadata structure, a taxonomy, and a standard for what needs to be kept, hidden, and destroyed. Layers of security and access is called an onion model. The deeper the data resides, the more layers you need to navigate to get to it.
None of this will happen
When you discuss data security with government employees who are tasked with protecting said information, you can almost feel the unease they are feeling. Some of that is training. They know how they want it done, and they want to be in control of the information. Giving it to a centralized, external group makes them very uncomfortable. We need to give departments personalized control and oversight of their information. We need to make sure that no one can view or change that data without their permission. All of this can be accomplished with existing technology.
Government is not the enemy
The other reason this will not happen is Congress. If you think you don’t trust the government, your lack of faith pales in comparison to theirs. There is a lot of ignorance about technology at the level of our public employees. They are convinced that a private email account will keep the prying eyes of the government from their thoughts. John Podesta now knows the truth. Government is not the enemy.