Connecting state and local government leaders
NASCIO opposes the legislation proposed in 23 states. One company has been vocal in advocating for the bills.
Over the past year, bills have been introduced by lawmakers in 23 state legislatures that would require government contractors to use software to log their workers’ activities—often down to the keystroke—according to the National Association of State Chief Information Officers.
While the legislation varies slightly from state to state, it generally requires contractors to install software that allows “automatic verification” of their hours billed. Some bills, such as those being considered in New Jersey, Pennsylvania and Rhode Island, are as exact as requiring a software solution that takes screenshots of “state-funded activity at least once every three (3) minutes” and store that data for seven years. The New Jersey and Pennsylvania proposals also require logging “keystroke and mouse event frequency.”
On Thursday, NASCIO came out with a statement in opposition to the wave of legislation, saying the requirements in the bills pose “significant risks to citizen privacy and federal regulatory compliance concerns.”
“That data would be stored by the contractor’s contractor, which has the potential to have screenshots of numerous state systems—everything from DMV, to health and social services, to public safety, to labor and so on,” Delaware CIO and NASCIO President James Collins told Route Fifty. “It’s creating this other repository of potentially sensitive data around the citizens of our state.”
NASCIO Executive Director Doug Robinson also pointed to a number of potential conflicts with federal privacy rules around citizen data that could make the requirements in the legislation unworkable, ranging from the Health Information Privacy Protection Act (HIPPA) to IRS regulations on taxpayer data.
Robinson said it is problematic that contractors would be both responsible for holding this information over the long-term and ensuring “appropriate” privacy and confidentiality of data for individuals that might be captured. In a situation where screenshots are being stored regularly, it is unclear how to ensure proper redaction of personally identifiable information on citizens, or how contractors could store such information in a secure and proper manner.
“It’s highly unusual to see it done in this way and prescribed in this manner,” Robinson said. “In theory, this might be a good idea … the CIOs said this was an inelegant approach to doing that.”
While NASCIO has been active on matters of federal policy and promoted certain best practices among its members, the organization has not traditionally weighed in on actions by state legislators. Robinson told Route Fifty this is the first time he recalls the organization releasing a statement in opposition to state legislation in his 15 years at its helm.
The unusual decision to weigh in required action by the organization’s executive committee. After more than an hour of deliberation, the leadership decided it was important as the legislation being considered “does not reflect the complexity necessary to protect data” and was “highly prescriptive” in its approach to contractor accountability, Robinson said.
One company, TransparentBusiness, has been vocal in their support of legislation like the bills NASCIO has criticized.
The company’s website touts their involvement in efforts to push legislation, from announcements about the hiring of lobbyists in various states to a page of “model bill” language that the website says is “based on” measures introduced in Rhode Island, Illinois, Missouri, Minnesota and New Jersey. The company pledges on that page it will “save your state tens of millions of dollars by simply requiring state contractors to provide transparent verification of billable hours.”
An executive with the company spoke to news outlets in Rhode Island last year about the proposal in that state, which did not become law. Alex Konanykhin, CEO of the company, told television station WPRI it would increase transparency and allow for better management of employees.
TransparentBusiness and Konanykhin did not respond to multiple emails from Route Fifty prior to publishing. Konanykhin also declined to comment for this article prior to publishing when reached by phone. He did, however, answer questions via email after the article was published.
His written responses were highly critical of NASCIO and state CIOs, saying the organization’s statement in opposition to the legislation “is likely to remain a major embarrassment for NASCIO for decades to come.”
“It’s based on a false premise, contradicts accepted practices and was passed without any semblance of due diligence,” he wrote.
In response to NASCIO’s concerns about privacy and data security, Konanykhin compared data stored under the legislation to “accounting records” that the IRS might audit.
“Government data is stored on the commercial clouds, mailed via FedEx, UPS and other commercial parties, communicated by phone, etc.—and those companies DO get access to the data. These accepted practices never bothered NASCIO,” Konanykhin wrote.
"We have indeed been evangelizing the benefits of transparency in government procurement. I have no doubt that transparent verification of billable hours will soon become the new standard of public and corporate procurement. (Blind management is so last century!),” Konanykhin is quoted as writing.
When Route Fifty asked for clients that use TransparentBusiness' solution, Konanykhin replied that he would "prefer to keep our clients out of the public discussion of our position on legislation." On its website, TransparentBusiness described its platform as helping businesses manage freelancers and remote workers.
The company on the website has also noted its past legislative wins, such as a bill signed by Indiana Governor Holcomb in March that creates a study committee that will in part look at “internal control procedures for state government that ensure verification of the number of work hours reported or billed by state contractors or state employees.”
TransparentBusiness heralded the Indiana committee as “the first step of our strategy to obtain official findings of the benefits of TransparentBusiness, to be used in all other jurisdictions, on state and federal level as well as with major cities, counties and corporations.”
The company also highlighted in December that a New Jersey state assembly committee had approved what TransparentBusiness referred to as “our bill.” That legislation has subsequently been approved by the assembly and sent to the state senate, according to the state legislative website.
In May, the TransparentBusiness website said that Louisiana had become the “first legislature to pass the requirement for transparent verification of billable hours.” But the law mentioned in the blog deals with information that must be provided for the state’s spending transparency website. For contractors, the legislation says the database should include information from automatic verification software “if available.”
In regards to efforts to build accountability for contractors, especially as state technology operations are increasingly outsourced, Collins with NASCIO said he and his fellow CIOs are supportive of efforts to ensure quality work on behalf of their vendors, if not the methodology put forward in these bills.
“I think if you talk to any vendor they will tell you we are working hard to maximize every taxpayer dollar spent," Collins said, explaining that beyond the quantity of hours worked, there are qualitative measures that can be used to ensure a state gets value out of its contractors. “There are really modern ways to use milestones and agile approaches to ensure that you are getting what is being paid for.”
Editor's Note: This story was updated after publication to incorporate comments from TransparentBusiness CEO Alex Konanykhin
Mitch Herckis is Senior Editor and Director of Strategic Initiatives for Route Fifty.