2011 Trends: National Strategy for Trusted Identities in Cyberspace highlights key online privacy, security challenges

Blackberrys, cell phones and communications devices are tagged with post-its during a briefing on Afghanistan and Pakistan in the Cabinet Room of the White House, March 26, 2009. (Official White House Photo by Pete Souza)
Blackberrys, cell phones and communications devices are tagged with post-its during a briefing on Afghanistan and Pakistan in the Cabinet Room of the White House, March 26, 2009. (Official White House Photo by Pete Souza)

The upcoming release of the final version of the White House “National Strategy for Trusted Identities in Cyberspace” highlights three key trends that face the world in 2011: online identity, privacy and security. Governments need ways to empower citizens to identify themselves online to realize both aspirational goals for citizen-to-government interaction and secure basic interactions for commercial purposes.

Earlier today, Stanford hosted an event today where U.S. Commerce Secretary Gary Locke and White House cybersecurity coordinator Howard Schmidt talked about the Obama administration’s efforts to improve online security and privacy at the Stanford Institute for Economic Policy Research (SIEPR). Here’s the NSTIC fact sheet the administration posted last year.

“As we look at the innovation engine that drives many of the things we’re doing, what does it mean to sit there as we’ve come together today,” asked Schmidt, “bringing these things together to overcome some of these risks associated with the technology we’ve deployed over the past 20 some odd years?”

The administration took public feedback on the document at NSTIC IdeaScale, which is now closed. (For a screenshot, see the story on IdeaScale on MSNBC.com.) “Every day at the end of the day. I would go back and read some of those comments,” said Schmidt today. “Some of them quite honestly were pretty silly. Other of them were very insight full and gave us some good thoughts about how can we do this right? How can we create a document that really does those things the secretary mentioned such as privacy enhancing but also giving us better trust?”

Schmidt took to the White House blog again today to announce a “National Program Office for Enhancing Online Trust and Privacy.”

Today, at Stanford University, Commerce Secretary Gary Locke and I were pleased to announce that the Commerce Department will host a National Program Office (NPO) in support of the National Strategy for Trusted Identities in Cyberspace (NSTIC).  As I’ve written previously, the NSTIC fulfills one of the action items in theCyberspace Policy Review (pdf) and is a key building block in our efforts to secure cyberspace.

This holiday season, consumers spent a record $30.81 billion in online retail spending, an increase of 13 percent over the same period the previous year.  This striking growth outshines even the notable 3.3-5.5 percent overall increase in holiday spending this past year.  While clearly a positive sign for our economy, losses from online fraud and identity theft eat away at these gains, not to mention the harm that identity crime causes directly to millions of victims.  We have a major problem in cyberspace, because when we are online we do not really know if people, businesses, and organizations are who they say they are. Moreover, we now have to remember dozens of user names and passwords. This multiplicity is so inconvenient that most people re-use their passwords for different accounts, which gives the criminal who compromises their password the “keys to the kingdom.”

We need a cyber world that enables people to validate their identities securely, but with minimal disclosure of information when they’re doing sensitive transactions (like banking) – and lets them stay anonymous when they’re not (like blogging). We need a vibrant marketplace that provides people with choices among multiple accredited identity providers – both private and public – and choices among multiple credentials. For example, imagine that a student could get a digital credential from her cell phone provider and another one from her university and use either of them to log-in to her bank, her e-mail, her social networking site, and so on, all without having to remember dozens of passwords. Such a marketplace will ensure that no single credential or centralized database can emerge. In this world, we can cut losses from fraud and identity theft, as well as cut costs for businesses and government by reducing inefficient identification procedures. We can put in-person services online without security trade-offs, thereby providing greater convenience for everyone.

This is the world envisioned in the NSTIC.  We call it the Identity Ecosystem.  We will be working to finalize the NSTIC in the coming months, but that is only the beginning of the process. I’m excited to be working with Secretary Locke. The Commerce Department is perfectly suited to work with the private sector to implement the NSTIC. In addition, there are other departments and agencies with strategic roles to play as well. Above all though, we look to the leadership of the private sector. Therein lies the key to success. Now is the time to move forward with our shared vision of a better, more secure cyberspace.

Why NSTIC Matters

The policy that the United States government makes towards the Internet has the potential to affect every person online in 2011, as advocates know, so how this is carried out bears close watching. The Center for Democracy and Technology filed key comments on NSTIC last year, including a key issue: “We alerted the Commerce Department to our concern about NSTIC’s current focus on the use of government credentials for private transactions: A pervasive government-run online authentication scheme is incompatible with fundamental American values,” wrote Heather West regarding the cybersecurity policy proposal.

The issue is at once simple and enormously complex, as Jim Dempsey from the Center for Democracy and Technology highlighted today. Government needs a better online identity infrastructure to improve IT security, online privacy, and support ecommerce but can’t create it itself, said Dempsey, outlining the key tension present. Dempsey advocated for a solution for online identity that lies within a broader trust framework and that is codified within a baseline federal consumer privacy law.

Some of the answers to the immense challenge of securing online privacy and identity won’t be technical or legislative at all. They lie in improving the digital literacy of for online citizens. That very human reality was highlighted after the massive Gawker database breach last year, when the number of weak passwords used online became clear. Schmidt highlighted the root caused of passwords today:

The reason most people do that is because we have to worry about remembering so many different passwords and then there’s so many layers of complexity and, complexity that we have to worry about, we have different time frame. We replace them every 30-day, 60 days, 90 days and it becomes really cumbersome. And recent survey found that 46% of the people surveyed never ever have changed their passwords and 71% use the same password with over and over and over again. From reading an on-line blog to doing sensitive financial transactions.

Others answers may be founded in creating online trust frameworks, which were a key initiative in 2010 for the federal government. Multifactor authentication, where more than one forms of identity are used in transactions, will be part of that vision. Schmidt described, loosely, what that might look like.

I go to a store. I go to a grocery store in some cases. I do some level of proofing, whatever I want to wind up doing, whether it’s the lowest level or the highest level to get an online identity stored on a token. A digital identity. Whether it’s on a USB drive or whether it’s on a smart card, I have the ability to do something beyond what I’m doing now. I go to log-in to these accounts. I use the USB device, I use a smart card. I use a one time password on my mobile device that no longer puts me in a position where I’ve been in the past where I can wind up making one small mistake and paying for it for years. But then I also get the log-in to my web mail account. That credential is passed on as well. So I have the ability to do these things seamlessly without all the baggage and overhead that goes with it. But then here comes the true test – this web mail – this phishing e-mail – comes in, and working together between the token and my digital identity and the browser, it stops me from doing things that are going to be harmful. And I had the ability to control that. I have the ability to set this up. And then it keeps me from becoming a victim of fraud.

That combination of physical tokens that interface with commercial and communications infrastructure to authenticate a consumer or online user are one vision of an identity ecosystem. Given the commercial needs of the moment, it should not be a surprise that the Department of Commerce is a key player. Secretary Locke offered perspective on the challenges that face the nation in 2011. [Full unedited transcript]

Let’s flash forward to today to 2011. Nowadays the world does an estimated $10 trillion of business online. Nearly every transaction you can think of is being done over the Internet. Consumers paying their utility bills, even from smartphones. People downloading music, movies and books online. Companies from the smallest local store to bed and breakfasts, to multinational corporations, ordering goods, paying vendors, selling to customers, all around the world. All over the Internet. E-commerce sales for the third quarter of 2010 were estimated at over $41 billion, up almost 14% over last year. And early reports indicate that the recent holiday buying season saw similar growth with year over year sales up by over 13%.

But despite these ongoing successes, the reality that the Internet still faces something of a trust issue. And it will not retch its full potential until users and consumers feel more secure than they do today when they go on-line. The threats on the Internet seem to be proliferating just as fast as the opportunities. Data breaches, malware, ID theft and spam are just some of the most commonly known invasions of a user’s privacy and security. And people are worried about their personal information going out and parents, like me, are worried about unwarranted sexually explicit material coming in before their children. And the landscape is getting more complex as dedicated hackers undertake persistent targeted attacks and develop ever more sophisticated frauds.

The approach that Locke outlined will apparently be housed within the Department of Commerce, a choice that is likely relevant to the scale and growth of e-commerce online:

The end game of course, is to create an identity ecosystem where individuals and organizations can complete online transactions with greater confidence, putting greater trust in the online identities of each other, and greater trust in the infrastructure that the transactions run over. Let’s be clear, we’re not talking about a national ID card. We’re talking about a government controlled system. But what we are talking about is enhancing online security and privacy, and reducing, and perhaps even eliminating, the need to memorize a dozen password through the creation and use of more trusted digital identities. To accomplish this, we’re going to need your help. And we need the private sector’s expertise and involvement in designing, building and implementing this identity ecosystem. To succeed we’ll also need a national program office at the Department of Commerce focused on implementing our trusted identities strategy.

For more context, look back to Schmidt’s introduction of the NSTIC at the WhiteHouse.gov blog last year:

Cyberspace has become an indispensable component of everyday life for all Americans. We have all witnessed how the application and use of this technology has increased exponentially over the years. Cyberspace includes the networks in our homes, businesses, schools, and our Nation’s critical infrastructure. It is where we exchange information, buy and sell products and services, and enable many other types of transactions across a wide range of sectors. But not all components of this technology have kept up with the pace of growth. Privacy and security require greater emphasis moving forward; and because of this, the technology that has brought many benefits to our society and has empowered us to do so much — has also empowered those who are driven to cause harm.

Today, I am pleased to announce the latest step in moving our Nation forward in securing our cyberspace with the release of the draft National Strategy for Trusted Identities in Cyberspace (NSTIC). This first draft of NSTIC was developed in collaboration with key government agencies, business leaders and privacy advocates. What has emerged is a blueprint to reduce cybersecurity vulnerabilities and improve online privacy protections through the use of trusted digital identities.

The NSTIC, which is in response to one of the near term action items in the President’s Cyberspace Policy Review, calls for the creation of an online environment, or an Identity Ecosystem as we refer to it in the strategy, where individuals and organizations can complete online transactions with confidence, trusting the identities of each other and the identities of the infrastructure that the transaction runs on. For example, no longer should individuals have to remember an ever-expanding and potentially insecure list of usernames and passwords to login into various online services. Through the strategy we seek to enable a future where individuals can voluntarily choose to obtain a secure, interoperable, and privacy-enhancing credential (e.g., a smart identity card, a digital certificate on their cell phone, etc) from a variety of service providers – both public and private – to authenticate themselves online for different types of transactions (e.g., online banking, accessing electronic health records, sending email, etc.). Another key concept in the strategy is that the Identity Ecosystem is user-centric – that means you, as a user, will be able to have more control of the private information you use to authenticate yourself on-line, and generally will not have to reveal more than is necessary to do so.

This is all wonky stuff that may seem a bit dry to some readers, but it’s important. The intertwined issues of identify, security and online privacy are increasingly relevant to every citizens as more commerce, education, communication and elements of everyday life move onto the Internet and mobile infrastructure. This strategy is central to how the United States government will work with industry, nonprofits, citizens and other states to improve the status quo. On that count, Bob Gourley, CTO of Crucial Point, commented extensively on the NSTIC at CTOVision.

It won’t be easy. Supporting the creation of identity infrastructure and improvements to online privacy in the private sector has the potential to make the Internet more secure and convenient for users and consumers but could have unintended consequences if not carefully pursued. There’s a lot at stake. As the Stanford event organizers highlighted, “e-commerce worldwide is estimated at $10 trillion of business online annually.”

Wired’s Ryan Singel highlighted a key issue for the White House plan for online identity, perhaps even the fundamental one in today’s online identity landscape: Facebook.

Philip Kaplan, the outspoken founder of Blippy, AdBrite and Fucked Company, added a Silicon Valley developer voice to event’s panel, arguing that any system has to be simple to implement, so that developers working in their living room making a website can concentrate on building new features, not worrying about security.

The closest thing to that currently is Facebook Connect, which lets you use your Facebook credentials to login you in around the net and on mobile apps..

“I can put in one line of JavaScript and I have a login system,” Kaplan said. “But that doesn’t I’m not going to pay my taxes using Facebook Connect.”

Which is another way of it might be as dangerous for a single company to be the world’s online ID vault as it would for the government to handle that task.

And right now, with Facebook at 600 million users and $50 billion in valuation, that future seems much more likely than a standards-based, interoperative system built by geeks at the behest of the feds.

Whether an online trust framework can be a viable alternative to Facebook’s play to be the identity provider online is a first-order question, and one that deserved examination. Kudos to Singel for putting the event in that context.

Weekend Reading: The most recent version of the NSTIC follows. Look for more reporting, both here or at another outlet, once the final version is released.

National Strategy for Trusted Identities in Cyberspace

FTC online privacy report endorses “Do-Not-Track” mechanism for Web browsers

The Federal Trade Commission released an online privacy report today that will reshape how companies, consumers and businesses interact on the Internet. The agency will take questions from reporters at 1 PM EST and from the public on Twitter in its first Twitter chat at 3 PM EST. The recommendation that “companies should adopt a ‘privacy by design’ approach by building privacy protections into their everyday business practices” is a key direction to every startup or Global 1000 corporation that comes under the FTC’s purview as the nation’s top consumer protection regulator.

The new FTC privacy report proposes a framework that would “balance the privacy interests of consumers with innovation that relies on consumer information to develop beneficial new products and services,” according to the agency’s statement, and recommends the implementation of a “Do Not Track” mechanism, which the agency describes as “a persistent setting on consumers’ browsers – so consumers can choose whether to allow the collection of data regarding their online searching and browsing activities.”

“Technological and business ingenuity have spawned a whole new online culture and vocabulary – email, IMs, apps and blogs – that consumers have come to expect and enjoy. The FTC wants to help ensure that the growing, changing, thriving information marketplace is built on a framework that promotes privacy, transparency, business innovation and consumer choice. We believe that’s what most Americans want as well,” said FTC Chairman Jon Leibowitz.

The report states that industry efforts to address privacy through self-regulation “have been too slow, and up to now have failed to provide adequate and meaningful protection.” The framework outlined in the report is designed to reduce the burdens on consumers and businesses.

“This proposal is intended to inform policymakers, including Congress, as they develop solutions, policies, and potential laws governing privacy, and guide and motivate industry as it develops more robust and effective best practices and self-regulatory guidelines,” according to the report, which is titled, “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers.”

“Self-regulation has not kept pace with technology,” said David Vladeck, director of the FTC’s Consumer Protection Bureau, speaking this morning about the proposed online privacy rules. “We have to simplify consumer choice and ‘do not track’ will achieve that goal,” he said. “I don’t think that under the FTC authority we could unilaterally mandate ‘do not track.'”

One of the nation’s top technology policy advocates approved. “The FTC report hits all the right notes. It sets out a modern and forward looking framework for privacy protection that moves beyond a narrow focus on notice and choice toward a full set of fair information practices and accountability measures,” said Center for Democracy and Technology president Leslie Harris. “The FTC has provided the blueprint. Now it is time for Congress and industry to follow suit.”

“We are very pleased to see the FTC exerting strong leadership on privacy,” said CDT Privacy Project Director Justin Brookman. “This report should bolster efforts to enact a privacy bill next Congress. Its recommendations are consistent with what is being discussed on the Hill.”

In a novel move, the FTC tweeted out “key points” from the report, embedded below, using @FTCGov.

“FTC proposes new framework 2 guide policymakers & industry as they develop legislation & other solutions. Self-regulation on privacy has been too slow. Important privacy choices should be presented in relevant context, not buried in privacy policy. Baseline protections of FTC’s proposed framework include reasonable security & accuracy, confidence that data collected or kept only 4 legitimate needs & privacy considered at every stage of product development. Privacy notices should be clearer, shorter & more standardized to better understand privacy practices & promote accountability. Consumers should have reasonable access to data upon request. Commission supports a more uniform mechanism for behavioral advertising: a so-called “Do Not Track”. Do Not Track could signal consumer’s choices about being tracked & receiving targeted ads.”

Below are the prepared remarks of the FTC chairman, followed by a liveblog of the press call. Audio of the FTC online privacy press call is available as an MP3.

FTC Chairman Privacy Report Remarks

FTC Online Privacy Report

FTC to release online privacy report, host first Twitter chat at #FTCpriv

This fall, online privacy debates have been heating up in Washington. Tomorrow, the Federal Trade Commission will finally deliver its long awaited online privacy report. Chairman. Over the past year FTC has explored new online privacy frameworks and examined the strength of cloud computing privacy in a series of privacy roundtables.

The FTC has issued a privacy advisory for tomorrow, stating that FTC chairman Jon Leibowitz, Jessica Rich, deputy director of the Bureau of Consumer Protection, and Edward W. Felten, the FTC’s new chief technologist, will answer reporters’ questions “about a new FTC report on privacy that outlines a framework for consumers, businesses and policymakers.”

This FTC online privacy report will be one of the most important government assessments this year. Look for widespread reaction to its contents across industry and technology media. Particular attention likely be paid to two events here in Washington:

First, David Vladeck, the FTC’s director of the Bureau of Consumer Protection Protection, will speak tomorrow at Consumer Watchdog’s policy conference on the future of online consumer protections. You can watch live here (if you can stream Windows Media files.)

Second, House of Representatives will hold a hearing on “Do-Not-Track legislation, which would consider whether citizens should be able to opting of from Web tracking

Will online privacy look different by the end of the day? As Jamie Court, Author, President of Consumer Watchdog, wrote in the Huffington Post:

There are few issues 9 out of 10 Americans agree on. A Consumer Watchdog poll shows that 90% of Americans agree it is important to protect their privacy online. 86% want a “make me anonymous” button and 80% want the creation of a “do not track me” list online that would be administered by the Federal Trade Commission.

The release of the FTC online privacy report also comes with a new media twist: According to @FTCGov, the agency’s Twitter account, the nation’s top regulator will also host its first Twitter chat at 3 PM. It remains to be seen how civil citizens are in the famously snarky medium. The agency has suggested the #FTCpriv hashtag to aggregate tweets. UPDATE: Although the White House OpenGov account and FTC tweeted on Wednesday that the chat would be at #FTCpriv hashtag, not #FTCpriv, the chat ended up being at the original hashtag.

Breaking News! Tomorrow we will release our #privacy report & host our 1st Twitter Chat to answer Qs. More details to come. #FTCprivless than a minute ago via web

Is Wikileaks open government?

Aeschylus wrote nearly 2,500 years ago that in war, “truth is the first casualty.” His words are no doubt known to another wise man, whose strategic “maneuvers within a changing information environment” would not be an utterly foreign concept to the Greeks in the Peloponnesian War. Aeschylus and Thucydides would no doubt wonder at the capacity of the Information Age to spread truth and disinformation alike. In November 2010, it’s clear that legitimate concerns about national security must be balanced with the spirit of open government expressed by the Obama administration.

The issues created between Wikileaks and open government policies are substantial. As Samantha Power made clear in her interview on open government and transparency: “There are two factors that are always brought to bear in discussions in open government, as President Obama has made clear from the day he issued his memorandum. One is privacy, one is security.”

As the State Department made clear in its open letter to Wikileaks, the position of the United States government is that the planned release of thousands of diplomatic cables by that organization today will place military operations, diplomatic relationships and the lives of many individuals at risk.

As this post went live, the Wikileaks website is undergoing a massive distributed denial of service (DDoS) attack, though the organization’s Twitter account is far from silenced. A tweet earlier on Sunday morning noted that “El Pais, Le Monde, Speigel, Guardian & NYT will publish many US embassy cables tonight, even if WikiLeaks goes down.”

In fact, Wikileaks’ newest leak, through the early release of Der Spiegel, had long since leaked onto Twitter by midday. Adrien Chen’s assessment at Gawker? “At least from the German point of view there are no earth-shattering revelations, just a lot of candid talk about world leaders.”

The New York Times offered a similar assessment in its own report on Wikileaks, Cables Shine Light Into Secret Diplomatic Channels: “an unprecedented look at backroom bargaining by embassies around the world, brutally candid views of foreign leaders and frank assessments of nuclear and terrorist threats.”

The Lede is liveblogged reaction to Wikileaks at NYTimes.com, including the statement to Fareed Zakaria by the chairman of the Joint Chiefs of Staff, Admiral Mullen, that “the leak would put the lives of some people at risk.”

The Lede added some context for that statement:

Despite that dire warning, Robert Gates, the defense secretary, told Congress in October that a Pentagon review “to date has not revealed any sensitive intelligence sources and methods compromised by the disclosure,” of the war logs by WikiLeaks.

The Guardian put today’s release into context, reporting that the embassy cable leaks sparks a global diplomatic crisis. Among other disclosures, the Guardian reported that the cables showed “Arab leaders are privately urging an air strike on Iran and that US officials have been instructed to spy on the UN’s leadership … a major shift in relations between China and North Korea, Pakistan’s growing instability and details of clandestine US efforts to combat al-Qaida in Yemen.” The Guardian’s new interactive of diplomatic cables is one of the best places online to browse the documents.

Is the “radical transparency” that Wikileaks both advocates for – and effectively forces – by posting classified government information “open government?” The war logs from Afghanistan are likely the biggest military intelligence leak ever. At this point in 2010, it’s clear that Wikileaks represents a watershed in the difficult challenge to information control that the Internet represents for every government.

On the one hand, Open Government Directive issued by the Obama administration on December 8, 2009 explicitly rejects releasing information that would threaten national security. Open government expert Steven Aftergood was crystal clear in June on that count: Wikileaks fails the due diligence review.

On the other hand, Wikileaks is making the diplomatic and military record of the U.S. government more open to its citizens and world, albeit using a methodology on its own site that does not appear to allow for the redaction of information that could be damaging to the national security interests of the United States or its allies. “For me Wikileaks is open govt,” tweeted Dominic Campbell. “True [open government] is not determined and controlled by govts, but redistributes power to the people to decide.”

The New York Times editorial board explored some of these tensions in a note to readers on its decision to publish Wikileaks.

The Times believes that the documents serve an important public interest, illuminating the goals, successes, compromises and frustrations of American diplomacy in a way that other accounts cannot match… The Times has taken care to exclude, in its articles and in supplementary material, in print and online, information that would endanger confidential informants or compromise national security. The Times’s redactions were shared with other news organizations and communicated to WikiLeaks, in the hope that they would similarly edit the documents they planned to post online.

…the more important reason to publish these articles is that the cables tell the unvarnished story of how the government makes its biggest decisions, the decisions that cost the country most heavily in lives and money. They shed light on the motivations — and, in some cases, duplicity — of allies on the receiving end of American courtship and foreign aid. They illuminate the diplomacy surrounding two current wars and several countries, like Pakistan and Yemen, where American military involvement is growing. As daunting as it is to publish such material over official objections, it would be presumptuous to conclude that Americans have no right to know what is being done in their name.

It seems that the Times and Guardian decided to make redactions from the diplomatic cables before publication. It’s not clear how that will compare to what will be posted on Wikileaks.org alongside the War Logs and Afghan Diaries.

Open government, radical transparency and the Internet

More transparency from the military, Congress and the White House regarding the progress of wars is important, desirable and perhaps inevitable. Accountability to civilian leadership and the electorate is a bedrock principle in a representative democracy, not least because of the vast amounts of spending that has been outlaid since 9/11 in the shadow government that Dana Priest reported out in Top Secret America in the Washington Post.

Wikileaks and the Internet together add the concept of asymmetric journalism to the modern media lexicon. File asymmetric journalism next to the more traditional accountability journalism that Priest practices or the database journalism of the new media crew online at the Sunlight Foundation and similar organizations are pioneering.

As Tim O’Reilly tweeted, “wikileaks *challenges* [open government government 2.0] philosophy. Challenges are good if we rise to them.” No question about the former point. Governments that invest in the capacity to maneuver in new media environment might well fare better in the information warfare the 21st century battlefield includes.

Open government is a mindset, but goes beyond new media literacy or harnessing new technologies. The fundamental elements of open government, as least as proposed by the architects of that policy in Washington now, do not include releasing diplomatic cables regarding espionage or private assessments of of world leaders. Those priorities or guidelines will not always be followed by the governed, as Wikileaks amply demonstrates.

Increasingly, citizens are turning to the Internet for data, policy and services. Alongside the efforts of government webmasters at .gov websites, citizens will find the rich stew of social media, media conglomerates or mashups that use government and private data. That mix includes sites like Wikileaks, its chosen media partners, the recently launched WLCentral.org or new models for accountability like IPaidABribe.com.

That reality reinforces that fact that information literacy is a paramount concern for citizens in the digital age. As danah boyd has eloquently pointed out, transparency is not enough. The new media environment makes such literacy more essential than ever, particularly in the context of the “first stateless news organization” Jay Rosen has described. There’s a new kind of alliance behind the War Logs, as David Carr wrote in the New York Times.

There’s also a critical reality: in a time of war, some information can and will have to remain classified for years if those fighting them are to have any realistic chances of winning. Asymmetries of information between combatants are, after all, essential to winning maneuvers on the battlefields of the 21st century. Governments appear to be playing catchup given the changed media environment, supercharged by the power of the Internet, broadband and smartphones. This year, we’ve seen a tipping point in the relationship of government, media and techology.

Comparing the Wikileaks War Logs to the Pentagon Papers is inevitable — and not exactly valid, as ProPublica reported. It would be difficult for the military to win battles, much less wars, without control over situational awareness, operational information or effective counterintelligence.

Given the importance of the ENIGMA machine or intercepts of Japanese intel in WWII, or damage caused by subsequent counterintelligence leaks from the FBI and elsewhere, working to limit intelligence leaks that damage ongoing ops will continue to be vitally important to the military for as long as we have one. Rethinking the definitions for secrecy by default will also require hard work. As the disclosures from the most recent release continue to reverberate around the globe, the only certainty is that thousands of State Department and Defense Department workers are going to have an extra headache this winter.

Fall 2010 Gov 2.0 Events Calendar

It’s the first day of September, and with it the beginning of the fall conference season. After looking toward the months head, my colleague Laurel Ruma and I thought that it would be worth sharing the camps, panels, conferences and forums that were on our “radar.” We won’t be able to attend all of them, unfortunately, but the community should be aware of what’s happening. I hope to see many of you at the Gov 2.0 Summit next week.

Supernova Unconference

9/1 Govfresh, San Francisco

9/3-9/5 CrisisCamp Marathon Weekend, Global

9/7-9/8 Gov 2.0 Summit, Washington, D.C.

9/9-9/10 Internet Identity Workshop, Washington, D.C.

9/14-9/16 NSA Trusted Computing Conference and Exposition, Washington, D.C.

9/20-9/21 Govfresh, Manor, Texas

9/22 – 9/24 Online Trust and Cybersecurity Forum, Georgetown, Washington, D.C.

9/22-9/24 National Association of Government Webmasters National Conference, St. Louis, Missouri

9/23 Amp Summit, Washington, D.C.

9/26 – 9/29 NASCIO 2010 Annual Conference, Miami, Florida

9/27 Ogilvy Gov 2.0 Exchange, Washington, D.C.

9/28 Govup, Tampa, Florida

9/28-9/30 Web 2.0 Expo, New York, New York

9/29 Govup, Huntsville, Alabama

10/4 Govup, Seattle, Washington

10/4-10/5 Knight Community Info Challenge Boot Camp, Chicago, Illinois

10/7 Govup, Denver, Colorado

10/8-10/10 City Camp London, England

10/12 Fedtalks, Washington, D.C.

10/16-10/17 CityCampSF, San Francisco

10/17-10/18 Place Summit, Cambridge, Massachusetts

10/18 – 10/21 Gartner Symposium, Orlando, Florida

10/20-10/21 Beyond 2010, Edmonton, Canada

10/21 Govup, Kansas City, Kansas

10/26 Govup, Austin, Texas

10/27-10/28 GOSCON, Portland, Oregon

10/28 Govup, Chicago, Illinois

10/31 NASA Tweetup at Space Shuttle Launch, Kennedy Space Center, Florida

11/1 Excellence in Government, Washington, D.C.

11/2 Govup, Philadelphia, Pennsylvania

11/3 Govup, New York, New York

11/4 Govup, Boston, Massachusetts

11/4-11/5 Tech@State’s Civil Society 2.0 event. More info: What is Civil Society 2.0?

11/10 Open Gov West, British Columbia

11/11 FedScoop’s 2nd Annual Cloud Computing Shoot Out, Washington, D.C.

11/15-11/17 Web 2.0 Summit, San Francisco, California

For events down under, check out Craig Thommler’s useful shared Gov 2.0 and social media events calendar. You’ll find comprehensive guides to all government-related events at GovEvents.com or GovEvents.org. And, of course, you can follow Govfresh events here.

If you have an event related to Gov 2.0 that I’ve missed, please add it in the comments or @reply to @digiphile on Twitter.