In a pair of priority open recommendations, the Government Accountability Office said the Federal Reserve and the Securities and Exchange Commission have succeeded in establishing coordination mechanisms with other federal regulators and financial working groups to identify the risks posed by blockchain-related products and services. But neither the Fed nor the SEC has “regularly” convened those bodies since the GAO delivered its recommendation in August 2023.

Lacking a cadence in convening these groups, the GAO said, means both agencies are unable “specifically to identify the full range of risks and regulatory challenges of existing and emerging blockchain products and services and provide a timely response to any unaddressed risks.”

The Fed, which neither agreed nor disagreed with the GAO’s recommendation, said it “routinely engages with the other federal financial regulators on emerging risks posed by blockchain-related products and services.” The banking regulator noted that it participates in information-sharing on identifying blockchain risks with other regulators in the Digital Asset Working Group, but the GAO is pushing for “planning processes for identifying and addressing such risks” within that group. 

“Fully implementing this priority recommendation would help the Federal Reserve and other financial regulators collectively identify risks posed by blockchain-related products and services and develop and implement a regulatory response in a timely manner,” the GAO stated.

The SEC, meanwhile, told the GAO that it works to identify crypto-related risks in the agency’s work with the Financial Stability Oversight Council, the President’s Working Group on Financial Markets and some international bodies. FSOC “established a coordination mechanism” through the Digital Asset Working Group, the SEC reported to the GAO, adding that the working group “meets regularly and has discussed a variety of topics, including regulatory developments, rulemakings, risks, data collection, and market developments.”

The GAO called the Digital Asset Working Group “a positive step,” but prodded the SEC to embrace planning documents.

“Such planning documents could include (1) objectives and meeting frequency; (2) processes for identifying the full range of risks and regulatory challenges concerning blockchain-related products and services (not only those related to financial stability); and (3) processes for responding to these risks and challenges within agreed-upon timeframes,” the GAO said.

Beyond blockchain, the GAO re-upped a second priority recommendation to the Federal Reserve, which was originally delivered in 2019. The watchdog wanted the Fed, along with other banking regulators and the Consumer Financial Protection Bureau, to finalize “written communication that gives banks specific direction on the appropriate use of alternative data in the underwriting process when partnering with fintech lenders.”

The Fed teamed with the Federal Deposit Insurance Corp. and the Office of the Comptroller of the Currency a year ago in issuing interagency guidance on third-party risk management, but the GAO said that the guidance falls short on specificity.

The guidance “does not include specific direction to banks that engage with fintech lenders on the appropriate use of alternative data in the underwriting process,” the GAO wrote. “Rather, the guidance broadly applies to all topics and third-party relationships. Accordingly, it does not address specific topics, such as the use of alternative data, or specific types of third-party relationships, such as relationships with fintech companies.”

The post Fed, SEC need more consistent blockchain coordination, GAO says appeared first on FedScoop.

Scott Flanders, who will assume the permanent CIO position Sunday, is charged with managing and employing technology to enhance “information access and strengthen agency performance,” the NRC’s release states. Additionally, Flanders’s office is also charged with overseeing cyber and information security, data management, artificial intelligence and more.

Flanders “has risen through the ranks at the NRC over many years and has been an outstanding member of the senior executive service since 2004,” Raymond Furstenau, NRC’s acting executive director for operations, said in the release. “His experience with the government’s use of information technology and his deep understanding of the NRC mission will help the agency navigate the challenges of the future.”

As deputy CIO, Flanders “planned, directed and oversaw resources” to ensure IT and information management systems’ delivery to support the agency’s goals and priorities, the NRC said. 

Flanders joined the NRC in 1991 as a reactor engineer intern, and later served in the agency’s Office of Nuclear Material Safety and Safeguards’ Division of Site Safety and Environmental Analysis and in the Office of New Reactors as the director, according to CIO.gov. Additionally, he served as the deputy director of the Division of Waste Management and Environment Review in the ONMSS.

Flanders takes over as NRC’s permanent IT chief  amid an internal push on artificial intelligence. A staff letter sent earlier this month recommended the agency follow an AI framework that outlines AI governance, hiring new talent, upskilling existing workers, maturing the commission’s data management program and allocating resources to support AI integration into IT infrastructure.

The post Nuclear Regulatory Commission names permanent CIO appeared first on FedScoop.

The Office of Science and Technology Policy said in a fact sheet that it had secured  hundreds of commitments with non-federal organizations to assist in areas of need within STEMM, such as improving representation in entertainment, ensuring inclusive workplaces, enabling related programs to be more accessible, and more.

OSTP’s announcement came during a White House summit on STEMM equity and excellence, expanding on the 2022 STEMM Opportunity Alliance (SOA) initiative to “lead and coordinate cross-sector action to help achieve greater equity” across science and technology-facing fields.  

The commitment to this effort is intended to “help drive progress” on STEMM Equity and Excellence 2050, a strategic plan released Wednesday by SOA that outlines a national strategy for constructing a diverse workforce with expanded opportunities.

“Knowing that those from underserved communities, individuals from underrepresented racial and ethnic groups, rural communities, women, people with disabilities and LGBTQI+ people have long faced barriers to equitable participation in STEMM, this administration has acted to foster a more just STEMM ecosystem,” Kei Koizumi, the principal deputy director for policy at OSTP, said during the event.

The office said in its press release that the SOA’s coalition represents over 200 organizations and “has powered additional commitments towards STEMM equity,” bringing a total of $2 billion to support these efforts. 

“The bold goal is to add 20 million new diverse STEMM professionals to the U.S. workforce across all jobs and sectors by 2050,” the strategic plan’s executive summary states. “This vision requires decades of concerted, coordinated action beginning now.”

OSTP touted non-federal partnerships that complement work done by federal entities, such as the Department of Energy’s first cohort for the agency’s Faculty-Applied Clean Energy Sciences program. That partnership, also announced Wednesday, will work to support the expansion of opportunities and diversification of the STEMM workforce. 

Participants in the DOE’s 10-week summer program were selected from minority-serving institutions that included tribal colleges and universities, historically Black colleges and universities, Asian-American and Native American Pacific Islander-serving institutions and others. 

Christy Jackiewicz, chief of the Minority Educational Institutions Division in DOE’s Office of Energy Justice and Equity, said in a statement that program leaders are “excited to partner with [the agency’s Office of Energy Justice and Equity] and [the National Renewable Energy Laboratory] to improve the future of STEM, not only through the faculty of minority-serving institutions but also through the students who will benefit from their knowledge and understanding, both in the classroom and as they enter the workforce of the future.”

The post OSTP unveils national STEMM strategy centered on improving workforce diversity and opportunities appeared first on FedScoop.

But today, agencies are no longer mandated to update the tool with their information, a spokesperson for GSA told FedScoop. The elimination of that requirement comes as election season draws closer and the threat of online impersonations of official government accounts grows.  Meanwhile, the Cybersecurity and Infrastructure Security Agency has said that it’s no longer communicating or coordinating with social media companies over potential disinformation campaigns, as CyberScoop reported last month. 

The tool came amid a series of Obama-era government digital transformation efforts. Back in November 2016, the White House circulated a memo that required agencies to “register their public-facing digital services such as social media, collaboration accounts, mobile apps and mobile websites” on the site within 60 days. The point, the memo said, was to “help confirm the validity of official U.S. Government digital platforms.” 

But a new memo, from September 2023, did not renew that requirement, GSA said. The agency told FedScoop that it is in the process of updating a page that still notes the requirement. Currently, there are 463 user accounts on the registry, according to GSA, though it’s not clear how actively it is used by the public. 

A spokesperson for the Office of Management and Budget directed FedScoop to GSA.

Still, many agencies don’t seem to be updating their accounts. NASA, for instance, is extremely prolific on social media, but does not upload its accounts to the tool because the requirement was rescinded. The Federal Bureau of Investigation, which maintains social media accounts for its many field offices, only has five registered accounts on the tool. 

The tool has also seen other issues: Back in 2017, a researcher at George Washington University flagged vulnerabilities in the tool, including the inclusion of suspended accounts that, at one point, were tweeting in Russian, as well as deleted accounts with usernames that could be taken over. 

The government continues to face issues identifying the authenticity of its accounts. Last year, FedScoop reported on how, after the U.S. Office of Personnel Management deleted a mobile app meant to help recruit people to federal jobs, a similar-sounding fake took its place. When FedScoop asked about the tool, Google removed the app from the Google Play Store.

The post Database of verified government social media accounts loses its teeth appeared first on FedScoop.

The 10x program — which considers technology ideas from civil servants across the government and invests in a handful that it deems transformative for the delivery of public services — received almost 200 proposals this go-round, with roughly one-fifth related to AI.

One selected investment that leverages AI came from a GSA presidential innovation fellow, who pitched a reusable large language model chatbot template for federal agency use. Another idea, submitted by a staffer with the GSA’s Federal Acquisition Service, wants to harness LLMs and other search capabilities to provide more “reliable and accurate” government search results.

A Federal Emergency Management Agency worker, meanwhile, wants the agency to explore automation capabilities in concert with existing FEMA prototypes to ease the documentation work its federal site inspectors must do during disaster recovery. 

And civil servants from the Veterans Health Administration and the Census Bureau teamed up on an idea that would probe “the development of standard technical methods to perform risk assessment, and metrics to measure AI application performance using ethical principles with their technical counterparts,” ensuring that ethical concepts are properly translated to technical methods. 

Non-AI proposals that 10x selected for investments include projects to better define digital identity and rights, a service to verify tribal membership with the tribes themselves, a platform to ease the navigation of federal buildings, and the creation of a shared portal for public feedback, among others.

As part of phase one of the 10x investment program, GSA teams will investigate the problems and determine whether a technical solution is feasible. The results of those investigations inform subsequent investment decisions.

The GSA notes that “only a handful” of the 16 projects will be provided funding through the fourth and final phase, “when we scale our solutions to deliver impact for as many users as possible. For 10x, users include the entire American public.”

The post GSA’s latest 10x projects have notable AI bent appeared first on FedScoop.

That surge — from more than 2,500 in January 2015 to more than 8,500 in January of this year — is a notable increase, given that the number of passengers with TSA PreCheck who passed through the security checkpoint have only grown by 25% from 2015 to last year, according to separate data provided by the TSA to FedScoop. The metrics reflect a broader surge in complaints about the agency that were assembled from PDFs into data files by the Data Liberation Project, which recently digitized documents related to traveler complaints uploaded by the TSA to its online repository of Freedom of Information Act documents. 

“The TSA PreCheck program continues to be the premier trusted traveler program and has experienced significant growth since 2015. Total enrollments have surged by around 800%, from less than 2 million at the end of 2015 to 18 million at the end of 2023,” a spokesperson for the agency told FedScoop in response to questions about the data. “As the program continues to grow and new travelers begin using the program, we expect to experience an increased volume in queries. To enhance options for TSA PreCheck members, TSA has increased promotion of available customer service alternatives.”

The spokesperson said that changes to several platforms and customer service tools are responsible for the rise in complaints. In May 2021, the agency created a new TSA PreCheck webform that saw complaints increase around 79% in the following four months. That August, the agency deployed messaging enhancements that, in combination with the new online form, saw complaints grow by 62% in the subsequent four months. (Switching to Salesforce for the TSA Contact Center at the end of 2020 also meant that the airport field in the data started to populate). 

After publication of this story, a different TSA spokesperson said the jump in complaints can also be attributed to the fact that in 2015, many travelers that received expedited screening were “rules-based” as opposed to being enrolled in or paying for PreCheck. With “little expectation they would receive” the benefit, those “rules-based passengers were not likely to contact TSA to complain,” the spokesperson said. Now, there are roughly 36 million travelers eligible to use TSA PreCheck and the agency has taken steps to make registering complaints easier, the spokesperson added.

The data collected by the Data Liberation Project, and then analyzed by FedScoop, reflect complaints about the expedited passenger screening program, which the TSA refers to as PreCheck. Complaints within this category can also include specific concerns from active-duty military members, about TSA PreCheck applications, and regarding expedited screening for Department of Homeland Security employees. The second TSA spokesperson said 85.1% of individuals “contact TSA because they do not receive TSA PreCheck on their boarding pass.”

In the past, the TSA has suggested that complaints, which are aggregated by the Department of Transportation’s Office of Aviation Consumer Protection, are preventable issues related to passengers, such as people not checking their documentation correctly. 

Meanwhile, the Data Liberation Project is also calling on the DHS component to make the dataset more accessible. The project’s director, Jeremy Singer-Vine, said that among other formatting challenges, the PDF form in which the TSA data is published can prevent deeper analysis. To deal with the problem, the DLP developed custom software to read through those documents. 

“All the data were trapped in PDFs, a format that (unlike standard spreadsheets) allows for no sorting, filtering, or analysis,” Singer-Vine told FedScoop in an email. “Worse, the reports use a deeply idiosyncratic layout, which meant the public couldn’t accurately copy-paste the text in the PDF into a spreadsheet. Without the ability to analyze the complaint counts, what value do the PDFs actually provide to the public?”

This story was updated March, 28, 2024, with comments from a second TSA spokesperson.

The post As TSA PreCheck enrollments surge, data shows complaints have followed appeared first on FedScoop.

Airlines can access several forms of personal information about passengers, including through apps, online purchases, software used by flight attendants, and, increasingly, biometric screening systems. While the Department of Transportation isn’t typically associated with investigations into digital rights violations, the agency says it has the authority to impose civil penalties involving unfair and deceptive practices involving passenger information.

The agency also has some enforcement jurisdiction under the Children’s Online Privacy Protection Act pertaining  to airlines, as well as some responsibilities — shared with the Federal Trade Commission — in regard to ticketing agents. 

“Airline passengers should have confidence that their personal information is not being shared improperly with third parties or mishandled by employees,” Buttigieg in a statement. “This review of airline practices is the beginning of a new initiative by DOT to ensure airlines are being good stewards of sensitive passenger data. DOT is grateful for the expertise and partnership of [Sen. Ron Wyden, D-Ore.] as we undertake this effort to protect passengers.”   

The privacy review comes amid collaboration with Wyden’s office and is supposed to be the first of many. This round will apply to Allegiant, Alaska, American, Delta, Frontier, Hawaiian, JetBlue, Southwest, Spirit, and United, which have already received letters from the agency. The investigation will be led by the agency’s Office of Aviation Consumer Protection and cover personal information policies, privacy training within the airlines and complaints about airline privacy violations. 

Last year, that same office announced in a notice that it would begin to seek higher penalties on “airlines and ticket agents for violations of consumer protection, civil rights and economic licensing requirements.”

The post Transportation Department to examine consumer privacy issues with big airlines appeared first on FedScoop.

The congressional watchdog, tasked by a bicameral, bipartisan group of lawmakers to investigate FOIA response delays, found that the backlog jumped from 14% in 2013 to 22% in 2022, with the growing complexity of requests, staffing shortages and increasing threats of litigation also cited as impediments to the work.

A host of tech-related problems, including with FOIA request management systems and other processing tools, came up regularly during the January 2023 to March 2024 performance audit by the GAO, which conducted four virtual focus groups with senior officials representing 23 Chief Financial Officers Act agencies. 

“As technology has developed, we are able to store so many more records than in the past,” a senior FOIA agency official told the GAO. “When we search large volumes of data, we receive tons of records back that are potentially relevant. Unfortunately, we don’t have the budget to invest in sophisticated software that would help us to review the volume of records that we receive. So at the end of the day, it’s one person that’s having to review tens of thousands of records for potential responsiveness, which is a huge issue. It takes a lot of time.”

Another focus group participant called out requests related to email records or internal communications, such as chat and text, as their agency’s “most complex and time-intensive responses.” The large volume of records combined with coordination challenges with other agencies presents a legitimate problem, the official said.

When pressed by the GAO on how agencies could overcome technical challenges and pare down backlogs, some officials pointed to governmentwide adoption of technology upgrades, ensuring that FOIA offices use identical systems to streamline document review and general coordination. Standardization in tech upgrades will become increasingly important as agencies deal with a proliferation of agency records in electronic formats, officials added.

While standardized tech upgrades to support FOIA requests haven’t materialized yet, agency officials who have leveraged new technologies have seen a marked difference in their efficiencies. 

“We now have the ability in our FOIA office to search our agency’s email system,” one focus group participant said. “Before we were using our information technology staff to provide that service, where we would request that they run searches. They would use key terms, then come back to us, and we would have to go back and forth with different search terms, until we got it right. The ability for us to do the search has enabled us to finish these in a more timely and efficient way, which we couldn’t do previously.” 

Another official said their agency uses technology to remove “duplicative entries in extremely large volumes of responsive documents,” while another spoke of going from five different systems to process requests across multiple bureaus and offices to just one, “and that’s streamlined and automated a lot of our processes,” they said.

The FOIA office within Customs and Border Protection and the agency’s IT leaders were cited specifically by the GAO for their use of robotic process automation, a new technology that allowed staff to more “quickly search for records with specific criteria, and complete simple, routine FOIA processing tasks.” Per the Department of Homeland Security, CBP closed more than 12,400 simple requests thanks to the RPA tool, saving FOIA staffers over 1,500 hours of work. 

The GAO offered four recommendations to the Department of Justice, whose Office of Information Policy, along with the Office of Government Information Services, provides support and resources to agency FOIA offices. Those recommendations ask the Attorney General to direct OIP to issue guidance to agencies on effective backlog reduction plans, advise agencies to identify staff- and skill-related support efforts, develop a process to examine data reporting, and update training materials and related agency reporting standards.

The OIP has previously recommended that agencies “use enhanced technology to process requests,” per the GAO, pushing FOIA staff to partner with agency IT leaders to assess the efficacy and costliness of new tools, as well as acquiring “proper FOIA case management systems to automate the request intake process.”

On Capitol Hill, lawmakers applauded the release of the GAO’s report, which comes in the aftermath of the 2015 bipartisan FOIA Oversight and Implementation Act and was timed for release during Sunshine Week.

“An increasing backlog of FOIA requests compromises the already dwindling trust the American people have in their government,” House Oversight and Accountability ranking member Jamie Raskin, D-Md., said in a statement. The GAO’s report “not only outlines the key challenges that agencies face in their efforts to process FOIA requests in a timely manner, but it also highlights a pathway to transparency and regaining public trust in our institutions. Congress must ensure agencies have the resources needed to live up to FOIA’s promise.”

Sen. John Cornyn, R-Texas, added that FOIA serves as “a cornerstone” for the country’s “belief in open and transparent government.” The GAO report “should serve as a starting point to reduce the backlog of FOIA requests so Americans can continue to hold those who represent them accountable.”

The post Tech issues are part of the problem — and solution — for FOIA backlog, GAO finds appeared first on FedScoop.

During a House Science, Space and Technology Committee hearing on Thursday, Republican and Democratic lawmakers asked for an update on where the White House Office of Science and Technology Policy stands in releasing  final guidance for securing institutions and organizations — primarily in higher education — that receive federal funding for research and development within science and technology.

OSTP Director Arati Prabhakar said that RSP is a “personal priority” for her and that the office is looking to “get this sorted and clear for everyone.” She added that OSTP is working through “very significant comments” that organizations have shared in response to the draft guidance and is “re-vectoring accordingly.” 

The feedback on the draft guidance from “inside and outside of government” throughout the research space “gave us considerable pause,” Prabhakar said during the hearing. “What I want to be sure of is that we don’t turn this research security program process into a checklist that an administrator signs off on. … [Researchers should] have an awareness of what’s going on and until we do that, that research security program isn’t really going to work. So that has turned out to be more complex and taking us much longer than I would like.”

The RSP’s creation is in response to a 2021 presidential memorandum on national security strategy in government-supported research and development. The memorandum, known as NSPM-33, directed OSTP to coordinate activities to protect federally funded research from “foreign government interference and outreach to the United States scientific and academic communities to enhance awareness of risks to research security and federal government actions to address these risks.”

Committee Chairman Frank Lucas, R-Okla., said during the hearing that RSP “is an issue that is critically important to the committee and for so many purposes overall,” urging Prabhakar to reach out to Congress if OSTP needs “any additional authorities or directives … to mandate this. We want to help facilitate this process as quickly and as effectively as possible.”

In February 2023, OSTP released draft guidance on requirements for research security programs at universities across the country. In March, the office issued a request for information for research organizations impacted by the program requirement and other research organizations, seeking comment on equity, clarity, feasibility, burden and compliance. 

Since then, multiple organizations have published comments to OSTP, but the office has not released official guidance on foreign talent recruitment programs. Prabhakar acknowledged during the hearing that the comments included the administrative burden of reporting and training, which “falls even heavier on smaller research institutions.”

The Massachusetts Institute of Technology submitted comments for OSTP’s request for comment, expressing various concerns about potential burdens and the need for clarification and consistency with terminology throughout the document. 

“Having a uniform certification standard should not mean that all research projects are treated identically, but rather that all projects that present a similar risk are treated similarly,” MIT’s response states. “The proposed standards do not seem to take risk into account, resulting in an undue burden on researchers and on activities that pose little in the way of risk to research security.”

Without the finalized guidance, officials from the National Science Foundation, the Department of Energy and the National Institutes of Health shared that they are attempting to fill in the gaps of guidance and implement security for enterprise research organizations until RSP is officially issued. 

“It’s a tough one, but the Department of Energy has had to step out and say, ‘We’re doing this right now,’ because we’ve got grants coming in,” Geri Richmond, Under Secretary for Science and Innovation for DOE, said during the hearing. “We’ve got to do this. We would just like to see more consistency.”

OSTP did not respond to a request for comment by the time of publication.

The post Congress presses White House on timeline for research security requirement appeared first on FedScoop.