While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
The General Services Administration (GSA) wants to make it easier for citizens, application developers and federal workers to know that the social media accounts and third-party platforms federal agencies use are, in fact, legitimate. To accomplish that, the GSA announced the U.S. Digital Registry, a repository of the official accounts managed by federal agencies.
The registry is, in part, a cybersecurity measure and a way for people to know that they can trust the federal accounts being accessed. “A challenge in embracing emerging startup and private sector platforms for public service is ensuring that citizens can trust the app used for official engagement is managed by the legitimate agency and not a unofficial source, phishing scam or malicious entity,” the U.S. Digital Registry’s site notes.
The GSA is also using an application programming interface, or API, to let developers take advantage of the data stored in the registry to create new apps or services.
Justin Herman, the GSA's SocialGov program lead, wrote in a blog post on Medium (itself a third-party platform) domain names such as “.gov” and “.mil” make it easy to identify most official government websites . Yet many people access government services, seek out information and connect through third-party platforms such as Facebook, Twitter and GitHub.
“While some of those platforms authenticate public services in order to maintain trust between their users and the information they rely on, it’s not enough: we know there is a long way to go down a road that is ever changing,” Herman wrote. “The rise of third-party platforms in delivering modern public services required us to rise beside them with greater means of maintaining accountability over official government accounts, and make it as easy to follow all public services as it was to find one.”
Federal agencies, including the interagency SocialGov and MobileGov communities, “use OMB Max to authenticate users of the U.S. Digital Registry,” Herman said. OBM Max, managed by the Office of Management and Budget, is an information system OMB uses “to collect, validate, analyze, model, collaborate with agencies on, and publish information relating to its government-wide management and budgeting activities.”
According to Herman, the Digital Registry includes the name of an account and its appropriate agency; the platform used; the URL; a short description (including mission focus) and a long description (including links to comment policies, terms of service and other resources); and what is known as “collaborative tagging.”
Herman noted that “anyone can use that data to curate and conduct analysis across platforms, languages or by tags,” and the GSA will continuously update and improve the registry via feedback it receives, including updates for the tags and input on users’ experiences with the API.
Federal agencies are undertaking a “verification sprint” to boost the number of accounts in the U.S. Digital Registry, from almost 3,000 to more than 6,000 by the end of February, Herman said. “Hundreds of managers across government are authenticating their profiles and enriching the data for each individual account by March 31,” he added.
The GSA is encouraging local, state, and international public-services entities to “share in the open source code of the U.S. Digital Registry and create your own repositories so we can explore new fields of integrated, location-based services.” Herman said.
Herman also noted that the GSA would like to see “all third-party platforms with Terms of Service with the government to use the registry to conclusively authenticate public service accounts. Not all platforms are in the registry in this first iteration, but we’ll get there.”
Meanwhile, the GSA is meeting with organizations that want to use the registry’s API, Herman said “and we’re determined to develop it into an expanding and evolving service that combines an easy-to-use tool with the active participation of hundreds of government technologists, innovative private-sector developers, news organizations, researchers and anyone who wants reliable access to the public information they need.”
How could the API be used? Herman gave several examples, including the creation of an “Emergency Broadcast System for the digital age” that would take advantage of disaster-relief information, regardless of the agency or subagency — and it would be in Spanish.
The website ProgrammableWeb also presented several examples of how organizations can take advantage of the registry’s API, including keeping track of federal contracts, finding new open data released by government agencies, creating streaming video services or newsreels of government announcements, monitoring risk data released by agencies and even building government-themed app stores.