Contractors and Advocacy Groups Push Back on State Efforts to Mandate Surveillance Software
State legislation pushed by one company to require contractors to install the software would compromise data privacy and carry steep costs for companies and governments, the groups argue.
A broad coalition of 14 organizations representing state contractors and issue advocacy groups released an open letter Monday opposing legislation that has cropped up in over 30 state legislatures that, if passed, would require government contractors to purchase and install monitoring software.
While varying somewhat from state-to-state, the bills typically require the software to take very specific actions, such as screenshots of all “state-funded activity at least once every three (3) minutes” and logging of “keystroke and mouse event frequency.” The legislation also demands contractors store that data for years to come.
The groups that signed onto the letter represent contractors in wide-ranging professions, including accountants, technologists and engineers, as well as the health industry and an association representing state legislators. In the letter, they state that the requirements in the bills carry “significant” privacy and data security risks.
“At a time when most states and businesses have worked together to implement stronger data protection standards, this legislation would undermine existing progress, raise costs, and needlessly expose public and private information to new threat vectors,” they wrote.
Route Fifty first reported on the legislative efforts across various states last month. While no state has passed a version of the model legislation, it is still being widely considered. Most recently, the Nebraska Legislature’s Committee on Government, Military and Veterans Affairs discussed a version of the bill last week. According to the Information Technology Industry Council, one of the groups signed on to the letter, states beyond Nebraska where lawmakers have introduced the legislation include: Washington, Oregon, Arizona, New Mexico, Utah, Idaho, Hawaii, Montana, Colorado, Texas, Kansas, Oklahoma, South Dakota, Minnesota, Iowa, Missouri, Arkansas, Mississippi, Tennessee, Illinois, Indiana, West Virginia, Pennsylvania, Virginia, Maryland, Massachusetts, Rhode Island, Connecticut, New Jersey, and Delaware.
The legislation is being pushed by TransparentBusiness, which describes itself on its website as a New York-based software company. The company says its software is “designed to help our clients increase freelancer productivity, protect client budgets from overbilling, allow coordination and monitoring of their workforce, and provide real-time information on the cost and status of all tasks and projects.”
On its website, the company has described its hiring of lobbyists to push the contractor monitoring bills, as well as offering “model legislation” that can be adopted. Alex Konanykhin, co-founder of TransparentBusiness, told Route Fifty that the company is actively lobbying in “roughly” 40 states.
Konanykhin said this effort is about bringing transparency to government contracts and rooting out fraud from “overbillers.” He emphasized that all state governments have experienced contractors that didn’t bill ethically.
“In each and every state there’s such horror stories,” he said.
He also notes that while his company is pushing the law changes, contractors wouldn’t be mandated to work with TransparentBusiness. He declined to name competitors in an interview, but said, “In addition to companies that already provide this service, there are thousands of software companies in the United States that are capable of producing competing solutions.”
The groups say, however, that the software prescribed in the legislation would likely capture sensitive public sector data, with “no mechanism for redaction before being recorded or stored.” They estimate that it would generate 800 screen shots per week for one individual contractor that worked 40 hours—all of which would have to be “secured, stored, backed-up, and made available for real-time access by the state.”
The coalition points to this database as the crux of their concern about the legislation, saying it “would effectively mandate the installation of third-party spyware on state-owned and personal/privately-owned devices for the sole purpose of reclassifying sensitive data for time-keeping purposes.”
Konanykhin responded that calling the software “spyware” isn’t a fair comparison because users don’t know when that kind of software is operating on their computers. In this case, the contractor would control the software, as well as likely storing the data that is recorded, he said.
The letter—addressed to governors, state lawmakers, state IT leaders, and procurement officials—is from some of the largest and most influential policy groups in state government contracting and procurement, as well as advocacy groups, including ALEC Action, American Council of Engineering Companies, America’s Health Insurance Plans, American Institute of Certified Public Accountants, Associated General Contractors of America, Association of Government Accountants, CompTIA, DHI (Door Security and Safety Professionals), Information Technology Industry Council, National Society of Professional Engineers, NetChoice, Security Industry Association, TechNet, and Technology Councils of North America.
The organizations on the letter are not the only ones who have weighed in against the legislation. The National Association of State Chief Information Officers took a highly unusual step for the organization of state IT leaders last month, announcing their opposition to the legislative efforts. NASCIO similarly cited “significant risks to citizen privacy and federal regulatory compliance concerns it could create.” Earlier this month, American Legislative Exchange Council, a conservative-oriented association of state legislators, also questioned the legislation’s purpose in a blog post, saying that the intent of the legislation “seems to be much more about ensuring a sales channel for one company to sell its wares” than about transparency and accountability. ALEC’s advocacy arm, ALEC Action, is a signatory to the letter.
As first reported in StateScoop, TransparentBusiness initially offered state government relations firms both equity in the company along with cash to advocate on its behalf, something Konanykhin told Route Fifty was inspired by a Wall Street Journal article about Bradley Tusk, a former campaign manager for New York City Mayor Mike Bloomberg, and his experience as a lobbyist for Uber. Materials on TransparentBusiness’ website boast of the potential of windfall returns of 90,000 percent return on investment if they are successful. Konanykhin said the company is no longer offering lobbyists equity stakes.
The company previously listed high-profile shareholders on its website, including a former governor, former state legislative leaders and a large government affairs firm. That information has since been removed.
“We removed that section as they started to receive media inquiries and some of them found it annoying,” Konanykhin said.
TransparentBusiness has retained lobbyists in many of the states that have introduced legislation—as well as several jurisdictions they have not, including California and New York City. The company has also hired two teams of federal lobbyists and has stated they hope to pass similar federal legislation; the TransparentBusiness website features pictures of members of their board with congressional officials like House Speaker Nancy Pelosi. Konanykhin says they have identified “enthusiastic” sponsors in both chambers.
Information Technology Industry Council Director for State and Local Jordan Kroll told Route Fifty the coalition acted to ensure state decision-makers are well-informed about the concerns many private sector contractors had with the bills.
“There’s the risk it could be introduced in other state capitals and we wanted to make sure we could get together as broad a group of industries that do business with state governments to show this isn’t specific to one industry or one specific organization,” Kroll said. “This is something many groups are concerned by, and legislators should do their due diligence in understanding the concerns that are posed by this.”
The letter asserts that requiring contractors to capture and store this information is a “great expense and additional risk.” The organizations say the added cost of the software and data storage—along with the additional “privacy and security risks” of properly storing and securing the data over the long-term—could eliminate small business contractors and mean additional expenses passed along to the states.
The organizations argue there would be a massive administrative burden for states that pass the legislation, as well, requiring them to implement a program to monitor and audit the tracking software across a wide range of professions: “engineering, surveying, accounting/financial, legal, environmental, and insurance-related services, just to name a few.”
“These bills make no appropriation to cover the added costs to the state for such compliance monitoring,” according to the coalition.
Asked his reaction to the contracting community coming out against his company’s legislative effort, Konanykhin said, “That’s absolutely truly [been] expected from day one.” While saying not every contractor overcharges their clients, there are “tens of billions of dollars” at stake for contractors that do so.
Konanykhin believes that while the contractor community may be successful in slowing down the legislation, “change is inevitable, as are many other transparency examples.”
The coalition’s letter suggests there are more productive ways to monitor and improve contractor performance, such as outcome-driven contracts and purchasing.
“It is unclear how tracking the number of keystrokes or mouse movements correlates to the production of timely and satisfactory work,” Kroll said.