The first session, “Security: Getting Past ‘No’ -- How to Implement 2.0 without a Security Crisis,” heavily emphasized new life that Web 2.0’s interactive nature has breathed into all manner of old Web security threats: cross-site scripting, cross-site request forgery, widget attacks, SQL injection attacks, XPATH vulnerability, cross-scripting worms, and authentication and authorization vulnerabilities.
One of the panelists (sadly, I didn’t catch his name, which doesn’t appear anywhere on the GTC East 2009 Web site or print program) works for the New York State Office of Cyber Security and Critical Infrastructure Coordination (CSCIC). He noted that CSCIC is currently blocking third-party social networking sites pending analysis of their risks, costs, and benefits but stressed that other agencies needed to answer the following questions for themselves:
- Can your employees safely use these sites?
- Do you trust the creators of these sites to address security vulnerabilities appropriately?
- Do all of the good things that social networking offers outweigh the risks?
The other session, “Engaging Citizens Through Web 2.0” emphasized the benefits of Web 2.0. Andrew Hoppin, the CIO of the New York State Senate, highlighted its role in making the Senate more transparent and more participatory. The Senate Web site:
- Uses a collaborative filtering process that highlights the most frequently accessed resources on the site’s home page.
- Gives individual senators and committees complete control over the content that appears on their own pages, their own RSS feeds, and the ability to link to their Facebook pages, Twitter feeds, etc.
- Allows citizens to comment on proposed legislation and upon comments left by other users of the site, which helps to ensure that popular ideas “float to the top. (staff remove hate speech, scatological language, etc., but keep moderation to a minimum, which ensures lots of public input -- check out some of the great comments concerning the Senate’s tumultuous recent past)
- Provides social bookmarks that make it easy for citizens to post items of interest to Facebook, etc.
After Jim Silvia of Laserfiche discussed how enterprise content management systems can, among other things, help governments create Web 2.0 applications and meet recordkeeping and other requirements relating to all types of government information, there was a lengthy question-and-answer session that focused largely on the Senate’s enthusiastic embrace of Web 2.0. Topics included:
- Building support: The Office of the CIO had to go through a very lengthy consensus-building process governing the posting of content, and has carved out a few narrow areas in which re-use is prohibited; for example, information posted on the site cannot be used for fundraising or other political purposes. Whenever possible, the Office of the CIO “evangelizes” about new possibilities for citizen involvement.
- Coordinated citizen campaigns: comments are tracked by IP address, so a small number of people can’t game the system by posting comments repeatedly or ranking each other’s comments favorably. It is possible for large, organized groups of citizens to deluge the Senate site with comments, but citizen groups have long engaged in letter-writing campaigns, etc., and it’s easy to figure out when a coordinated effort is taking place. Moreover, all citizen input has value.
- Security (my question): The Office of the CIO has determined that third-party social networking sites support the Senate’s core mission of interacting with and soliciting input from citizens. It keeps systems housing restricted data separate from those that offer Web 2.0 capability.
- The digital divide: some citizens lack ready access to or comfort with the Web, and Hoppin and his colleagues are exploring other ways to interact with citizens (e.g., telephone).