A US CTO?
A workspace for a discussing what a CTO for the US government should be.
We had an idea for a conference. Because of a bunch of complicated (and somewhat political issues) we've decided not to pursue the conference at the moment.
archived thoughts on a conference
The idea of this conference is to pick four policy areas, and to invite leaders in each area to reflect upon how a Chief Technology Officer would address the issues within each area. Then, at the end of the day, experts in administrative law will sketch how best to structure a CTO within the structure of the US government.
Obama of course has called for a CTO, but this conference has no connection to his campaign. The idea of CTO is one any of the candidates should consider. Our aim is to make the concept more understandable.
The tentative date for this conference is April 18/19, at Stanford Law School.
I've bulleted the four topic areas I'm considering now below. Please feel free to suggest others. And please suggest who you believe would be ideal to address the policy questions presented within each.
- Privacy: The relationship between technology and privacy in the USG.
- Security: The relationship between technology and security in the USG.
- Transparency: How technology might make the workings of the USG more transparent.
- Efficiency: How technology might make the workings of the USG more efficient.
- Organization: How a US CTO should be organized within the USG, given the insights drawn from the previous four panels.
Ways to Organize a Conference
Kaliya Hamlin: Conferences of talking heads and panel presentations might be a good way to do this event . However, having a well developed thematic question (like you have) attracts a lot of good thinkers to sit in the audience. It might be wise to leverage the collective intelligence drawn to the to address the question with a conference format that moves things forward with interaction in real time. Open Space Technology is an unconference method that is 20 years old and was designed to do just this - help really smart passionate people organize their time well together and get stuff done. It is a has been quite useful for the user-centric identity community. We just completed our 5th Internet Identity Workshop with great success. One of the draw backs of the way I have been doing these unconferences is the lack of consistent documentation - I have recently learned how to run an effective News Room and give all attendees a book of proceedings the notes of all the sessions that happen. You can leverage traditional conference forms - papers and presentations....instead of those being done 'at the conference' almost all of them could be done before hand and either read, watched or listened to by those attending. Then the face time of the conference could be largely used to converse about the critical issues and deepen understanding, further next steps and consider actions. Happy to help in any way I can. - Identity Woman, unconference.net.
Mike Weisman: I took a class from Phil Bereano at Univ of Washington on precisely this subject. Bereano's course touched on how other countries make technology policy (Denmark, NL, etc.) There are some very important participatory democracy models from the EU countries. Bereano has also been an actor as a tech policy advocate, particularly involving GMO foods and genetic engineering on UN panels. He would be a very good speaker, with real world relevant experience. A short seminar on the existing models, from his class materials, would help expand the discussion while also giving hope that there are good models out there.
Maintaining Civilian Oversight of Civilian Computer Security: Lessons Learned
Susan Landau: One of the issues to consider here --- and it is a critical one --- is maintaining civilian control of civilian computer security. We had those battles in the 1980s with NSDD-145; the outcome was the Computer Security Act of 1987, which reestablished NIST as the developer of standards and guidelines for federal agencies dealing with unclassified information. We had those battles again in the 1990s with Clipper. The Cybersecurity Initiative seem to be this decade's incarnation of those battles, and the threat it raises is potentially more serious than the previous two times. So understanding that dynamic, and the role that a CTO would play in them, is extremely important. To centralize power in a CTO and then have that centralization result in a loss of control of civilian authority over civilian computer security would be disastrous for security, transparency, efficiency and privacy.
Related Roles in Other Departments
Susan Landau: You might also want to consider the roles played by the DHS CPO and the DHS Assistant Secretary for Cybersecurity, as well as the NIST role within federal civilian cybersecurity.
Other Departments to Consider
Peter Backof: The National Telecommunications and Information Administration is "the President's principal adviser on telecommunications and information policy issues, and in this role frequently works with other Executive Branch agencies to develop and present the Administration's position on these issues." The NTIA is run by an Assistant Secretary of the Commerce Department, thus a political appointee directly accountable to the President. Unlike the Office of Science and Technology Policy the NTIA deals with tech policy issues on a daily basis, like the Digital Television Transition, spectrum auctions, and broadband deployment. Gregory Rhode was the last head of the NTIA under President Clinton, so he might be good, or John Kneuer, who just resigned last month, if you can track him down.
The FCC had a Chief Technologist post that was influential. Dave Farber (now, U. Pittsburgh) and Stagg Newman would be natural speakers. Perhaps add one of the "Presidential Science Advisors" you'd have a good panel on "Does having a CTO/Chief Scientist make a difference"
Working models and other subjects
Mike Weisman: I would expand the subject to the biotech area because that sector seems to me to be in the jurisdiction of a USCTO. Subjects might include GMO products, food safety, genetic engineering and cloning (the UK has a good model for this), privacy and safety of research subjects, etc. The existing departments aren't doing the job (FDA, NIH, FTC) and perhaps the CTO would set standards of general application re privacy, security, open data, etc.
I also think there some models worth looking at, for good or ill, like the Surgeon General, the various Czars, the GAO, NTSB, etc.
Larry has posited this as a corporate CTO type person. I don't think we need to discuss buying computers. However, something like the Privacy Commissioners, which they have in all the EU countries (it is an EU mandate) and Canada would be another model to discuss. Perhaps we could invite Canada's PC!