, ,

Are You Allowed to Use that Awesome App?

I hate carrying legal pads or laptops at conferences, but I need to take notes if I want to remember anything anyone says. The perfect solution? I take notes with Evernote on my mobile device, which I can access on my desktop at work, my laptop at home, and on both my phones wherever I get a signal.

But why stop there? I could

  • share my notes with coworkers,
  • allow them to add and edit,
  • supplement with photos, videos, scanned business cards, voice memos,
  • use them to start a brainstorm session,
  • tweet out nice, catchy soundbites,
  • derive action items and task team members,
  • integrate with Microsoft Office…

…essentially transforming its use from my personal note-taking tool to an agency-wide knowledge-sharing and productivity application.

Sounds brilliant, right?

…Except, there might be a problem: I might not be allowed to use it for conducting official government business.

There are so many great web-based services that add productivity to the workplace, and many of them are free. From cloud-based services like Dropbox and Evernote to collaboration tools like wikis to schedule makers like Doodle to even just a URL shortener like bit.ly, the web is full of fantastic, innovative third parties waiting for people and organizations to take advantage of its services.

The problem is, many of these third parties have terms that a government agency can’t agree to, such as

Indemnification – this is a legal term meaning that you won’t hold the provider responsible for legal actions created as a result of using their website. A real world example is if you rent a power drill from the hardware store, and you hurt yourself with the tool, you can’t hold the store responsible for what you’ve done. What are the chances that the government’s use of a website would result in legal action? Probably not high, but still, the fact that the provider would have such a clause might give your legal department heartburn.

Jurisdiction – It’s easy to forget that although a website is ubiquitous, the provider still resides in one location, like Silicone Valley or Austin, TX. To protect themselves, they’ll often say that if you ever need to duke it out in court, you must go to the court on their home turf, which may have different laws than where you are, especially if they’re in a different country. Is it likely that you’re agency will take legal aciton against a website? Again, not likely. But again, it’s still there.

Advertisement – In order for many websites to offer services at no cost to the user, they’ll place advertisements on the site to generate revenue. Pretty standard. But having official government information displayed on a website with advertisements on the side might violate legislation, even if it’s not viewed by the public.

Agreement via clickthrough – When you click that checkbox saying you agree, you are legally entering into a contract with the provider. There are still many government entities that have restrictions about entering into contracts, such as requiring a signature or approval from the Executive Director. This makes sense for paper contracts entered between government and a vendor, but wouldn’t be possible with websites. But still, a contract is a contract.

Other problems not related to Terms of Service:

Privacy Policy – In addition to Terms of Service, it’s standard practice for websites to have a Privacy Policy. This is a statement about the information they collect about their users. Even though you’re a government agency, it was a private person that signed up, not the agency. Many of these sites will collect information such as log data and cookies to use as part of their business model research and analytics.

Now with many websites providing mobile apps to enhance services, they might have insight into information on your phone or tablet, such as your address book, call log, what other apps you have and GPS coordinates. You’ll probably never know what they do with this data, but the thought that it’s being collected could deter your agency.

Accessibility – Many modern websites have problems meeting accessibility requirements, which could preclude your government entity from using its services, even if the website is used by one person with no physical disabilities. There are often workarounds or exemptions, but it could take some time to get approval.

Offshore operations – Many government entities have Security policies that prohibit data to reside on offshore servers for disaster recovery purposes. If the service provider is in another country, their servers will be too. And with so much stuff going into the cloud, who knows where your data is being housed?

An example is bit.ly, a popular URL shortener service for many Twitter clients. The “.ly” top level domain is the country code for Lybia, which has nothing to do with bit.ly. They just wanted a short and catchy URL. But to a CISO, this might give the impression that their servers are housed in Lybia, which could be a deal breaker (for the record, bit.ly is based in New York and doesn’t do any business in Lybia. More details here).

This is just a quick list of obstacles you could encounter if you try to use web-based applications for official government business. The problem is that this model of no-cost-in-exchange-for-non-negotiable-agreements fly in the face of traditional government procurement methods. In many cases, legal departments will accept the risk involved with terms of service, because the risk is so small compared to the potential business value gained.

There is a lot of work being done in this area for social media sites like Facebook and YouTube, but not as much for internal business use applications like Evernote and Dropbox. The federal government is definitely aware of these issues and is very successful at negotiating with service providers on www.apps.gov, but this doesn’t apply to state and local govenrment (A provider only has to agree to one jurisdiction with the federal government, Washington D.C., but 50 different jurisdictions for states, and countless for locals).

In the end, government workers need to get our jobs done. These services can help us do it chearper, better, faster. At some point, government will need to figure out how to effectively and efficiently allow apps and websites that deliver business value to be implemented safely and quickly for its business users.

How does your agency handle these issues?

Leave a Comment


Leave a Reply

Alicia Mazzara

Thanks for outlining these obstacles — it’s super important to understand the roadblocks before we can figure out how we might overcome them. A few more to consider – how to handle records retention and ensure data security when you have documents that are getting stored on a third-party website. With regard to the agreement via click-through, I know some agencies have negotiated a separate contract between them and the website.

Jon Lee

Hi Alicia, yes, thanks for adding to the list of considerations. Record Retention is especially tricky and much too often an afterthought. And security will always be linked to the third party and the cloud.

Which agencies have negotiated directly with service providers? Is this federal, state, or local? I’d love to hear more about their experience.