Doing HTTPS everywhere in the .gov space

[Eric Mill]

Hey,

I wrote a piece today for my organization, 18F, about our HTTPS-everywhere
policy for the .gov websites we build inside the US government:

https://18f.gsa.gov/2014/11/13/why-we-use-https-in-every-gov-website-we-make/

I wanted to give this list some extra context, since I understand the US
government is a big, complicated, freighted topic. Below is my *personal*
attempt to describe my workplace and is not anything close to an official
description or the voice of the government.

18F[1] is a team of ~70 people working as full time employees inside the US
federal government. (The name comes from the street intersection -- 18th St
& F St -- that its HQ is at in DC.) 18F as a unit was created around a year
ago to be a competent, top class in-house technology team for the US
federal government.

A driving idea here is that the government shouldn't need to outsource its
*entire* technical brain to contractors, and that government services can
be simple and even beautiful. If you've noticed what's happened over the
last few years in the UK at https://www.gov.uk by the Government Digital
Service[2], 18F takes a lot of inspiration from them.

18F is housed inside the General Services Administration, an independent
federal agency[3] that does as many different things as its name implies,
from running all the buildings to housing the nation's data catalog at
Data.gov. It's an "independent" federal agency in that it's not subject to
the same level of direct executive and White House control that cabinet
agencies are. It's the same kind of "independent" that lets the FCC
potentially disagree with the President on net neutrality, for example.

The team has people all over the country (it has a big SF office, for
example), many of which have either never been in government before, or who
came in after doing the Presidential Innovation Fellows[4] program.

I joined 18F after working for 5 years on open data apps, infrastructure,
and policy at the Sunlight Foundation[5], a non-profit in DC that pushes
for open government. I had also done a fair amount of work around privacy,
HTTPS, and ongoing judicial activity around surveillance. I get to continue
doing all of that work in my personal capacity.

I say this just to try to communicate that the 18F team has some very
sincere people trying to make the US government work better for people all
over the world, and to do right by technology in the process. We have
substantial support and autonomy to make that happen.

When it comes to HTTPS, the .gov surface area is absolutely enormous, and
moving it helps move the whole Internet forward. Bringing the government in
line with the rest of the web/security community (and being loud about it)
is one of my big priorities at 18F, and so I wanted to share this here with
you all.

-- Eric

[1] https://18f.gsa.gov/
[2] https://gds.blog.gov.uk/
[3]
https://en.wikipedia.org/wiki/Independent_agencies_of_the_United_States_government
[4] https://en.wikipedia.org/wiki/Presidential_Innovation_Fellows
[5] https://sunlightfoundation.com/

-- 
konklone.com | @konklone <https://twitter.com/konklone>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20141114/cfb4ac5b/attachment.html>