Policy & Procurement

Government policy and regulation regarding the procurement and use of cloud computing technologies is still in its nascent stages. This portion of the SafeGov.org site focuses on current policy and procurement issues related to cloud adoption in the public sector, including analyses of Federal, state, and local issues, developments in higher education, and related laws, regulations, and directives.

GSA adopts agile acquisition for government marketplace

Rutrell Yasin, Federal Times,  Friday, November 21, 2014

GSA is working with other agencies to construct a Government Acquisition Marketplace that will result in cost savings, reduced duplication of acquisition programs and better procurement decisions. A Common Acquisition Platform (CAP) and category management are key supporting initiatives central to the creation of the marketplace.

Microsoft 365 first cloud email to gain FedRAMP approval

,  Friday, November 21, 2014

Microsoft’s Office 365 became the first Email-as-a-Service (EaaS) to gain accreditation under the Federal Risk and Authorization Management Program (FedRAMP) Thursday, receiving authority to operate (ATO) cloud services for the Department of Health and Human Services Office of the Inspector General. Microsoft’s Azure public cloud service received provisional authority to operate (P-ATO) last year, but the full ATO awarded Thursday makes it the first EaaS to gain full accreditation.

Google’s Admission to Data Mining of Student and Government Emails Demands Further Scrutiny

Jeff Gould by Jeff Gould, SafeGov.org
Thursday, May 15, 2014

In a surprise announcement on April 30, 2014, Google announced on its company blog that it would no longer “collect or use student data in Apps for Education services for advertising purposes.” Google also noted that it would make similar changes to its Google Apps for Government products. This announcement suggests that Google has been scanning, storing and monetizing student, business and government emails for years, which raises concerns about Google’s past privacy practices and their future policies. This is a significant violation of the trust placed in the company by the schools and government agencies who signed contracts with the assurance that there would be “no ad-related scanning or processing” in Google Apps – language that Google once noted on their website.

Why Did inBloom Die? A Hard Lesson About Education Privacy

Daniel J. Solove by Daniel Solove, TeachPrivacy
Monday, April 28, 2014

For any organization who doesn't take privacy seriously, the demise of inBoom should be a loud wake up call. Funded by $100 million from the Gates Foundation, inBloom was a non-profit organization aiming to store student data so that school officials and teachers could use it to learn about their students and how to more effectively teach them and improve their performance in school. Who would have thought that a project with so much funding and promise would be shutting down just a few years after its creation? What went wrong?

What is the Cost of a Snowden?

Paul Rosenzweig by Paul Rosenzweig, The Chertoff Group
Wednesday, March 26, 2014

In 2012, the American cybersecurity company, Mandiant (now owned by FireEye) released a report tracking an extensive, comprehensive cybersecurity threat from China. It gave the Chinese program the name “APT-1,” where APT stands for Advanced Persistent Threat. APT was as accurate a characterization as one could imagine – the techniques used by the Chinese where highly sophisticated and advanced, and they were determined and continuous.

Lawsuit Raises Red Flags For Government Cloud Users

Karen Evans by Karen Evans, KE&T Partners
Tuesday, March 25, 2014

A California lawsuit suggests the federal government must take stronger steps to protect government data from data mining and user profiling by cloud service providers. In the technology-rich world we live in, it's critical for everyone to understand how their data is processed and used. For the government, it is arguably even more important, given the massive amounts of sensitive citizen data it possesses and stores.

Is Ireland the First “Cloud Haven”?

H. Bryan Cunningham by Bryan Cunningham, Cunningham Levy LLP
Thursday, February 27, 2014

If you’re looking to launch a cloud-based venture, Ireland wants you to know it’s open for business. Very open. Not just a tax haven, mind you, Ireland wants to be very clear about that, given allegations to the contrary in the US Congress last year. In late 2013, Ireland’s Industrial Development Agency, chartered to attract foreign business to the island, pushed back hard on allegations that companies establish “headquarters” in Ireland in order to render themselves immune from corporate tax. The IDA stressed, in a Venture Beat Op-Ed, that, while it’s 12.5 percent corporate tax rate is attractive there is far more to recommend Ireland as a “cloud haven.”

Net Neutrality and the Cloud

Paul Rosenzweig by Paul Rosenzweig, The Chertoff Group
Tuesday, February 25, 2014

In a sweeping decision, the District of Columbia Circuit Court of Appeals in Washington struck down an order from the Federal Communications Commission (FCC) that the FCC said was intended to foster an open internet network and provide transparency and ease of access for consumers. In doing so, the DC Circuit dramatically affected the prospects for many current and future cloud applications – so dramatically, for example, that the value of Netflix stock initially dropped 5% in the wake of the decision. (Netflix is thought to be disadvantaged by the decision). The stock has rebounded since, but the incident makes it clear that some cloud providers are dependent on a particular pricing framework for internet transmission – a one size fits all model where broadband service providers cannot charge discriminatory prices to different content creators based on the nature and volume of their product. The current pricing framework is now likely to be reexamined. How that reexamination plays out will determine the security and efficacy of cloud services in the next few years.

Duties When Contracting With Data Service Providers

Daniel J. Solove by Daniel Solove, TeachPrivacy
Tuesday, February 18, 2014

In the world of data protection, it’s an old story: Personal data gets shared with a third party data service provider, and then something goes wrong at the provider.

New Year’s Resolution for EU: Don’t Kill Safe Harbor

H. Bryan Cunningham by Bryan Cunningham, Cunningham Levy LLP
Friday, January 24, 2014

As the year changes, everyone makes lists. Here’s mine: the top 5 reasons the EU would be wrong to kill Safe Harbor. I hope EU politicians will resolve to consider them before dropping lumps of coal into their citizens’ privacy stockings. Their threat to terminate the Safe Harbor program: is based on inaccurate information; would destroy one of the few effective US legal tools to protect EU citizens’ privacy; would heavily burden US companies and trans-Atlantic commerce; has no chance to stop NSA spying-- the professed goal; and is ill-timed given now that the US government now is starting to police itself.