Yesterday, Jeff Kramer from Reed Tech shared his thoughts with us on how federal agencies can work on improving citizen experience to meet the mission. Today, he expands on this topic by identifying some best practices agencies should consider implementing in terms of service delivery and information security. Here’s what Jeff had to say:
GTI: Going forward, most information is going to be captured, stored and recalled electronically. But what about the decades worth of information that only exists on paper? How does that become available to the agencies and its customers? People are used to being able to log in to a retailer’s site and get their order history. How do you do that if this information is kept in, essentially, mountains of paper?
JK: The company I work for, Reed Tech has been doing business with the Commerce Department and the USPTO, the Patent and Trademark Office, for the better part of 48 years and you can imagine the mountains of paperwork that’s been generated in establishing patents. There are huge storage warehouses all over the place that do nothing but store paper files, truckloads and truckloads of files.
First off, do we even need those truckloads of information? I mean, how relevant is that information? In terms of being able to recall it, maybe we could just look at a timeframe of, “Hey, only this information is available online and if you want information that’s not online, you’re going to have to submit some type of request and we’ll dig for it. But we can’t make all of the information online back from, basically, when paper was invented.” It’s just not possible.
The government spends an inordinate amount of time and money and resources just moving paper documents around from one warehouse to another. Has somebody even gone in to say, “Do we really need it? Do we need to see 20, 30 years’ worth of data and is this stuff even viable anymore?” And then, in the short term, maybe you made a concerted effort to say, “Okay, we’re going back 10 years and we’ll scan all the information that’s available. Other than that, from a resource perspective, we’ve got to cut it off.” So I think that’s probably something that we need to do.
Moving forward, obviously, everything is going to be digital. I’m sure you’ve gone into commercial entities and asked for something and they said, “Well, you know, we’ve only digitized our records back to 10 years, so it’s not in there.” Then you have to re-enter your information or redo your application or whatever it is. And maybe that’s the answer, just to try to make things more cost effective.
GTI: Online interaction is opening up access to agencies for a lot more people, especially because they can get to it through their mobile devices. But, of course, that also leads to new risks. So can the security challenges be handled effectively?
JK: Well, there are ways to do properly handle security issues. I mean obviously there’s probably not a person, you and I included, that haven’t been the subject of a breach of data.
I don’t know how many data protection “free subscriptions” I have access to now between Target and Home Depot and OPM and my security clearance and everything else. I’m probably the most secure person on the planet because I’ve got something like 16 different agencies monitoring it, because it’s all been breached at one point.
I’m a big proponent of data in one place. The more places you have data, the more vulnerabilities you have. There are so many agencies out there that have your Social Security number in multiple places. Your number should only be stored in one place. I often talk about how data is king now and data is everything.
Do we need a Department of Data? Do we need some type of agency that is the one stop shop for all PII information, and it’s only stored there and there’s only one way to get to it? Obviously, that makes it a bit more of a target. But then you can at least have one place to strengthen.
It’s kind of like the Pentagon, right? The Pentagon is a huge target for hackers and nation-states, etc. But at least there’s one place and they can definitely strengthen their forces. So I’m kind of a “data-in-one-place-doesn’t-need-to-be-all-over-the-place” kind of person. Limit your liability.
GTI: What seems to happen with most cyber security is we wait for a breach and then try and plug the hole.
JK: Exactly. Everybody’s been hacked. The fact that that you think you haven’t, it’s just that you don’t know about it. From a cyber perspective, there are ways to put traps out there. They call them honeypots or honey grids and you can track the digital signatures of where somebody is going.
It needs to be a little bit more proactive versus reactive — “let’s set up some defenses” versus “there’s a breach, now what?” Let’s try to be offensive against the hackers versus just defensive.
GTI: It sounds like the government needs to be needs to be thinking more like an e-tailer or a commercial online business in the way that they approach a customer experience, security and all of the things that surround citizen access. Is that what you see?
JK: Yeah, exactly. To their credit agencies often look to industry for the best and brightest ideas. And, there are a lot of agencies out there — I know USCIS has recruited a number of folks from Amazon and Google and Microsoft, kind of the best and brightest. The fundamental issue is that the government is funded by taxpayers. They have to report to Congress, but they don’t have to report profits. They don’t have to report to stockholders. And so the commercial industry is a little bit more advanced and stringent just because they have folks to answer to — you know revenue is the bottom line.
The government has to answer to the citizens but if the citizens are not exactly happy, that doesn’t necessarily translate into shareholders pulling their funds and things like that. So it’s a little bit different.
There may need to be some type of score. Customer service satisfaction scoring — I know there’s a couple of them, I don’t know if they’re really standardized — but there needs to be some level of a standardized score across the agency that is published every year. And if you deal with the Department of Veterans Affairs, or if you deal with DHS or USCIS and there’s this particular score, all these folks should be held accountable and report up to Congress. And government agencies should be held accountable, just as stockholders hold employees in commercial entities. There needs to be some accountability in order for these things to change.
GTI: Any last thoughts on how customer experience can be improved?
JK: A lot of this is tied with IT modernization overall and a lot of it is tied with acquisition reform, as well. So, in order for these government agencies to modernize, you need to have a solicitation, you need to have an acquisition process. And the acquisition process is horrible and it’s long and it’s time consuming. By the time you get through an acquisition cycle, the technology is probably either on its way to being out of date or it is out of date.
We’ve all responded to solicitations that come out and there’s six to eight months before you hear anything about them. And then they’re protested and they go on for a year or two. And in this day and age with technology, you’re pretty much on the leading edge of being obsolete after six months.
Some of these solicitations are set up for five years. Well, what does your technology look like after five years? So, not to get on the soapbox but the acquisition part of this is also part of the problem with the government. It’s all tied together, and there needs to be reform basically from top to bottom in order for this situation to change.