E-health has always been one of the feel-good stories about e-government. Even mainstream media outlets love to report on how technology helps these days with everything from organizing information to conducting brain surgery. Their accounts are usually warm and fuzzy in the extreme.

So it’s useful to be reminded every once in a while of the downside of e-health – which, unsurprisingly, is a security yarn.

The government site NextGov reported the other day on an unnerving incident in which hackers broke into a Virginia state site used by pharmacists to track prescription drug abuse. The nogoodniks deleted records on more than 8 million patients and then “replaced the site’s homepage with a ransom note demanding $10 million for the return of the records, according to a posting on Wikileaks.org, an online clearinghouse for leaked documents.”

Wikileaks also favored us with the ransom note:

“I have your [expletive]. In my possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh For $10 million, I will gladly send along the password).”

Virginia shut down the site soon after the attack was discovered on April 30 and began restoring the system, but there’s no further word on the outcome, legally or otherwise.

So: A small story, in a way. But useful to the extent that it reminds all of us to be careful out there, people, to reach back well before health care hooked up with data management. (Hill Street Blues, since you asked).

Security. It’s an old problem, but it’s just been restated with a new urgency. And it has all kinds of implications for the practice of e-government as it’s evolved over the past few years.

The Cassandras were both CEOs, availing themselves of a platform at the RSA conference last month. And they were singing from the same gloomy songbook.

Enrique Salem, the new CEO at the security heavyweight Symantec, was particularly blunt. The current model of cybersecurity, he said, just isn’t working.

“It’s time to change the game,” Salem said as he called for “a bridge between day-to-day operations and security departments” to create shared plans and goals.

In Salem’s reckoning, the problem with security now is that it’s done piecemeal. His argument was nicely captured by Internetnews.com:

“(A)dministrators still perform manual analysis of threats against their systems within carefully partitioned silos. One team configures laptops, another looks after the datacenters, an operations team keeps an eye on routine tasks and an entirely separate security team does vulnerability testing. . . . Stand-alone products at various points within the system hamper policy coordination, making automation of many processes nearly impossible. Lower-level administrators end up creating de facto policy day-by-day based on how they configure e-mail, backup and server security.”

Salem’s musings ran along the same lines as the keynote address at the same conference by John Chambers, chairman and CEO of Cisco. Chambers argued that security has to become fundamental in IT infrastructure – which means integrating it into business processes.

“Security isn’t a stand-alone area,” he warned. “Security is something that has to be embedded in our strategy, it has to be embedded in our technology, it has to be automated,”

Salem and Chambers are hardly the first to worry about security, and cynics will argue that Salem in particular has a vested interest in making his case. On the other hand, CEOs don’t often go this route in public – which suggests that their fretting about the bad guys is entirely appropriate.

And if that’s true, reflect for a moment on the consequences for the good old Internet, vehicle of choice for citizen cyberconnection with government.

It’s simple, really: If the bad guys make the Internet in its various incarnations too risky, people will simply abandon it where possible. Snail mail used to work as a way to pay your taxes; it still does, by all accounts.

Which of course would leave all those nifty vehicles of electronic service delivery – the pride and joy of e-government over the past 10 to 15 years – in a difficult spot.

Pity, that.

Governments may be dismissed as inherently inefficient in some quarters, but the research heavyweights at Accenture say the public sector can more than hold its own head-to-head.

The great leveler, Accenture says in a report called Knowing Beats Guessing, is analytics – “the extensive use of data, statistical and quantitative analysis, predictive models, and fact-based management to drive decisions and actions.”

The data-driven model is already sweeping the public sector, Accenture says, and that means that “many top government agencies can be classed as high performers — easily on a par with high-performance businesses in the commercial sector, such as Procter & Gamble and General Electric.”

“We have found that those high-performance agencies share a number of key attributes with their corporate counterparts. For example, they are relentlessly focused on outcomes and are not misled by measures that are means rather than ends. They are highly efficient, continually rethinking their processes to improve the delivery and maintenance of public services. They are exceptionally aware of changes in their environments and able to translate insight into action quickly and effectively. And they have a keen understanding of the value of analytics to their overall effectiveness.”

The report is available at the Accenture site – www.accenture.com; search for Knowing Beats Guessing.

You will likely be familiar with e-Obama. That’s the cute-if-awkward (lacks alliteration and sibilance) handle sometimes used to describe the tech-savvy new president of the United (kind of) States. Barrack Obama’s victories in last year’s Democratic primary and in the presidential election campaign that followed were widely considered a tech triumph, in that they relied on all manner of social media tools and techniques.

And Obama has in fact been true to that school, launching a serious (and busy) public policy wiki, adding a Chief Technology Officer to the mix at the top, ensuring (against vociferous objection) that he himself keeps plugged into cyberspace via Blackberry, and generally turning the Oval Office into a kind of cybersuite.

It’s all been great for the evangels of e-government everywhere, whether considered as service delivery or as the more exotic digital democracy. There’s many a slip, though, and one of them could materialize next month – specifically around May 21. That’s the deadline for a promised directive outlining just what agencies will do to make government more transparent, participatory and collaborative. As proposals go, it’s what you could call breathtaking in its audacity.

Obama’s assignment to his technology types was one of the first to materialize the day after his Jan. 20 inauguration and could well have been overlooked in the crush of copy. It’s on the record though, clearly enough to give government watchdogs one more thing to watch for. You could watch too.

Turns out that you don’t have enough to worry about. A recent British report is reminding public sector tech types of challenges beyond privacy and security and such detritus as coding,

Like – managing expectations.

Researchers with the Hansard Society, a research forum which promotes public involvement in politics, wants government to ensure that expectations of online government aren’t set too high.

“Online deliberations offer a promise of transparency; unclear communication from engagement teams is often read by participants as obfuscation,” the Hansard study warns.

“Web sites that combine careful planning and appropriate marketing with the development of reflexive engagement strategies have a greater chance of success. In such cases, policy leads have benefited from user input with government departments seeing enhanced public trust and receiving positive feedback from stakeholders. In turn, end users report more faith in the political process and better understanding of government.”

The report, part of the society’s Digital Dialogues review, says people visit the Digital Dialogues web site for any number of reasons – “from general interest in online engagement to a strong interest in the policy matters being discussed,” according to a summary in CIO magazine.

“Many had previously not engaged in political processes; even when they had, most were initially critical of government,” the report says. “Such distrust was overcome when moderators facilitated open discussion and provided information to Web site users.

“When government departments were reticent, they courted controversy and disengagement became inevitable. Some Web sites failed to gain traction (measured through few repeat visits) because users did not believe that anyone was listening or responding to their perspectives; in such cases, departments were paralyzed by a sense of ‘risk’ and failed to harness the range of engagement opportunities at their disposal — responding only on topics deemed ‘safe’.”

In one sense, there’s nothing new in any of that. It amounts, however, to a reminder for CIOs and their nearest and dearest: Don’t get so caught up in tweaking the latest back-end wiki that you overlook the front end of the operation as a whole. The digital democracy side of Government 2.0 may indeed be lagging as service delivery is ever more automated. But be warned: It hasn’t been written off entirely.

Government tech types intrigued by cloud computing – there aren’t a lot of you, but you know who you are – may wish to reflect on yet another problematic point: Compliance.

As Sara Peters of Information Week noted recently, “thorough logs are the key to proving compliance with security regulations.”

“So how,” she wonders, “do you prove your organization is/was compliant when you aren’t able to maintain logs?”

Peters uses a definition of oft-defined cloud computing worked up by Michael Crandell of RightScale. It’s “…the notion of providing easily accessible compute and storage resources on a pay-as-you-go, on-demand basis, from a virtually infinite infrastructure managed by someone else. As a customer, you don’t know where the resources are, and for the most part, you don’t care. What’s really important is the capability to access your application anywhere, move it freely and easily, and inexpensively add resources for instant scalability.”

Right; elegantly phrased. Peters riffs on this in language that is particularly pertinent for public sector folk:

“The parts of this definition that unnerve me are ‘managed by someone else’ and ‘you don’t know where the resources are.” I’ve not yet investigated any of the usage agreements or discussed this with the companies that offer cloud services, but my guess is that organizations have neither the authority nor the ability to establish log settings, maintain logs, or view logs of any activity conducted on that ‘virtually infinite infrastructure.’

“This is particularly worrisome if you are (and I really hope you aren’t) using cloud computing services for storing sensitive/protected data. Wouldn’t you like to know whom else’s data is stored on the same server as yours? Wouldn’t you like to know when, by whom, and where to your data is copied? Wouldn’t you like to know (in the quite likely instance that the cloud data centre is employing the use of server virtualization) when the server VM holding your data is migrated to some other server? Wouldn’t you like to know that all of these things were done securely? I doubt many organizations are using cloud computing in this way, yet, but it’s worth making note of when revamping your risk model for 2009.”

She’s got more, but the point is clear if arguably unoriginal. Be careful with the cloud.

Gartner’s recent scolding wasn’t enough. Public sector organizations that are dragging their feet on Web 2.0 applications and practices have caught another slap upside the head, courtesy of a British study which suggests that it’s really all about power.

Just weeks after the heavyweights at Gartner drew “a gloomy picture of current adoption and plans for Web 2.0 in government” around the world, the Society of IT Management has concluded that the British public sector in particular is excessively cautious on the social networking front. And author Chris Head thinks he knows why:

“Web 2.0 challenges the very roots of the public sector ethos,” he says. “As if the retreat from paternalism and recognition of the citizen as a customer were not enough, Web 2.0 provides the facilities to put citizens in control. This turns public sector thinking upside-down. It means marketing services, not rationing them. It means being proactive, and not responding defensively to criticism.”

That’s basically a brief on behalf of the digital democracy side of e-government, focusing the potential of technology not simply as a neat way to deliver government services but as a way to reinvigorate everything from public consultations to, no doubt, elections.

There’s good news and bad news as public sector thinkers on things technological contemplate the approach of cloud computing.

The good news, according to a new report from the Pew Internet and American Life Project, is that people have already embraced cloud computing.

The bad news is that they still can’t get their heads around the privacy and security side of it.

Which may well mean that e-government is not about to meet the cloud – now or, frankly, ever.

The basic notion of cloud computing – a user friendly place to keep data and storage – is enormously appealing on one level. Taken to an extreme, it points to a world in which people don’t really need computers; they just need access to them now and then, wherever.

To the researchers at Pew, this brave new world is already both here and successful: “Some 69% of online Americans use webmail services, store data online, or use software programs such as word processing applications whose functionality is located on the web,” they report.

Sounds terrific, and in a sense it is – except that it’s an analysis that’s heavily dependent on the success of programs like hotmail and gmail, which are pale imitations of what the theorists of cloud computing have in mind. Those deep thinkers reach way beyond simple e-mail exchange, to the entire range of programs, applications and data.

And data is the sticking point, because the same Pew project found the same Americans leery of the same privacy and security concerns which have bedeviled e-government evangelists for 15 years or more.

“(U)sers report high levels of concern when presented with scenarios in which companies may put their data to uses of which they may not be aware,” Pew reported. Specifically:

.

·         90 per cent of cloud application users say they would be very concerned if the company at which their data were stored sold it to another party.

·         80 per cent say they would be very concerned if companies used their photos or other data in marketing campaigns.

·         68 per cent of users of at least one of the six cloud applications say they would be very concerned if companies who provided these services.

Caveats abound, to be sure. This latest project by Pew was set in a private sector context, not a government setting. Plus: Its sample was exclusively American.

Still, the findings amount to a reminder of ongoing public concerns about the use of public data. It’s still a poser after all these years, one that government tech managers will ignore at their peril.

With government trying to figure out how to deploy the tools and applications of social networking – the likes of Facebook, wikis and such – it’s at least interesting to stumble across a suggestion that social networking itself could turn out to be just another fad.

A survey of 13,000 people in 17 countries by the research firm Synovate (www.synovate.com) found that fully 58 per cent of them were unfamiliar with social networking.

Plus: More than a third – 36 per cent – were losing interest in online social networking. That included 47 per cent of Canadians polled.

Steve Garton of Synovate acknowledged the universal truth that social networking is by and large keeping youth on board. But overall, he said, “It turns out social networking is not taking over the world. Well, not yet anyway.”

In the short term, the findings merely suggest that “not everyone is pokable,” as e-Marketer put it. At a higher level, though, they also point to a plain requirement for more research by the public sector on the potential of social networking applications: Can they become part of the fabric of routine community consultation, as some e-government apostles preach, or will they merely become a series of behind-the-scenes intranets for assorted tech types?

The folks at Gartner aren’t happy with the state of play on the e-government file around the world – specifically on web 2.0.

The tech research heavyweight talked to 80 government clients on five continents and checked in with what it described as “a gloomy picture of current adoption and plans for Web 2.0 in government.”

“Attention is still primarily focused on technologies and applications that aim at improving engagement and collaboration,” Gartner reported. “There is little evidence that government IT professionals appreciate (and indeed plan to pursue or at least pilot) the most disruptive, but also potentially rewarding aspects of Web 2.0, such as its impact on lighter, middle-out architectures that promote reusability and composability, and the shift from constituent-centric to constituent-driven initiatives.”

Rather scoldingly, Gartner added:

“Governments have always been — and will always be — conservative adopters of technology, as they are concerned with inclusion and accountability more than with the bottom line and market share. However, they should have learned a few lessons from their e-government ventures, where their attempts at modernizing their face and processes have had mixed results — even in the best cases, citizen engagement and uptake remain lower than expected.”

“There is a concrete risk of widening the disconnect between citizens who embrace technology and change their personal and professional behavior as a consequence, and governments that keep defending their turf, playing with technology at the edges.”

And, for the high-minded, Garter concluded with a reminder of the potential of web 2.0:

“Web 2.0 is not just a bunch of promising technologies. It is an opportunity for government agencies to step back, reflect on what their core mission is, and determine on how they should structure information and services that closely relate to that mission. This will allow the ecosystem of other agencies, intermediaries and communities to access those services and information in the most convenient, effective and efficient way.”

Nothing if not plain. . . .