Skip to content
Legal Hotline

Federal government enters the era of the “cloud”

Post categories

  1. Freedom of Information
When the country’s head archivist David Ferriero is asked about the most modern problems plaguing federal records management, he likes…

When the country’s head archivist David Ferriero is asked about the most modern problems plaguing federal records management, he likes to explain by telling the story of the first man who had his job in 1934.

Speaking about open government at a panel discussion in March of this year Ferriero, the man now charged with safeguarding the government’s records and making them publicly accessible as the head of the National Archives and Records Administration (NARA), again began comparing himself to his long-ago predecessor.

“He, before accepting the job, did an assessment of the state of the records in the federal government at the time, and we are talking about during the Roosevelt administration,” he said. “And he discovered a horrendous situation where records were being stored in attics and garages and [were] flooded and fires and stolen and destroyed.”

From reading about this as he prepared to take the same job in 2009, he said, “The analogy became very clear to me that we are in the same situation with electronic records.”

The warnings of an archiving crisis are more than just rhetorical. A 2010 assessment conducted by NARA supports Ferriero’s concerns: 95 percent of federal agencies who participated in the study self-reported that they were at moderate or high risk of essentially losing records. The same assessment identified electronic records — from employee email to basic data — as one of the most troubling issues agencies faced.

But at least on one front in the struggle to preserve terabytes and terabytes of government records, Ferriero said at the same panel discussion, there was a solution.

“Cloud computing,” he said, “is the only way we are going to be able to provide for the future.”

And cloud computing — the tech buzzword for storing computer data in remote, shared data centers rather than on in-house servers — is being promoted by more than just Ferriero. While the term may seem foreign to those less computer-savvy, many are already using it if they have signed up for online services such as Gmail.

The White House and the Office of Management and Budget (OMB) have for a few years been encouraging agencies to reap the benefits of the new technology, and many federal offices have already begun a migration to the cloud.

While many in the government are heralding the burgeoning technology as the answer to the future of record keeping, critics worry that agencies have been putting off serious concerns, such as security and privacy, in their hasty embrace of the new medium that many know so little about.

The move could raise new and troubling questions about how, and if, the government can search and respond to your next Freedom of Information Act request in this coming electronic frontier.

Heads in the cloud

The cloud represents a major trend in the information technology world that has already caught on in the private sector.

Cloud computing offers the option to have computer programs and data stored by an outside provider and made accessible via the web rather than having them reside on in-house servers. And familiar corporate names including Amazon, Apple Inc., AT&T, Google and Microsoft Corp., as well as smaller outfits have already started offering these services.

For individuals and companies, cloud computing can mean the difference from simply getting their programs and data over the Internet versus having to pay for building and maintaining their own data centers and installing suites of software on each computer. Think of the difference between Gmail and GoogleDocs, which are in the cloud, versus Outlook Express and Microsoft Office, which are grounded.

The concept of cloud computing presents many advantages—advantages that captured the attention of Vivek Kundra, the first-ever Chief Information Officer of the United States.

Quickly after taking the Obama-appointed OMB position overseeing the federal government’s IT programs in 2009, Kundra unveiled an ambitious agenda to overhaul the government’s lagging computer technology. At the heart of that plan: cloud computing.

In short, Kundra outlined in the “Federal Cloud Computing Strategy,” that transitioning to the cloud means cutting the need for managing the government’s vast amounts of data on expensive, aging, energy-inefficient, agency-owned servers. The government projects that this alone will save billions in IT costs over what is expected to be a decade-long migration of records to the cloud.

The change also has other advantages, such as scalability, meaning that the government can pay-as-they-go in purchasing server space to store ever-increasing amounts of electronic data and to handle spikes in usage — something the non-cloud system did not offer, as evidenced by incidents such as the servers of the “Cash for Clunkers” website crashing because the government failed to predict the overwhelming demand for the program that overloaded their capacity.

Beyond strict logistical concerns, the report continues, the new technology also has the potential to promote collaboration with information sharing and makes data more portable to suit a progressively more mobile workforce.

And the change has already begun. As part of a “cloud first” initiative, the government is requiring that federal agencies default to cloud computing “whenever secure, reliable, cost-effective cloud option exists.” The government has also urged each federal office — from the Department of Commerce to the Department of Veterans Affairs — to move at least one of their systems to the cloud by 2011 and three by June 2012.

The most common functions expected to head to the cloud in the near future are email and website hosting, the majority of which will go to private sector cloud vendors. For example, the General Services Administration became the first agency to move its entire email system on the cloud using the Google-based service Gmail earlier this year.

Officials say that more sensitive data, such as information related to national security, will likely be hosted on private government clouds rather than being outsourced to third party contractors.

Kundra, who is largely credited as the architect of the government’s cloud computing initiative, has since left his position as U.S. Chief Information Officer to take dual fellowships at Harvard University’s Berkman Center for Internet and Society and the Shorenstein Center on the Press, Politics, and Public Policy. But Kundra, writing in a New York Times op-ed as he prepared to leave the post, defended his vision and again emphasized the urgency of moving the government into the new tech frontier.

“The United States,” he wrote, “cannot afford to be left behind in the cloud computing revolution.”

Down-to-earth concerns

While cloud computing is being heralded as the answer to modern electronic record-keeping, information watchdogs both inside and outside the government worry that agencies might be ignoring some of their responsibilities in embracing the new technology.

Security issues tend to dominate the debate surrounding the government’s push to move to the cloud: Will the cloud make the government more vulnerable to a cyber-attack? Another WikiLeaks scenario? Do we know if the records of private citizens will be safe in the cloud? What about our national security information?

Drowned out in that debate, however, are the much quieter voices sounding the alarm about what the move might mean for records management.

Although records management may sound like a paper-pushing, bureaucratic term, in this case the concern translates to whether or not agencies will be able to fulfill their legal responsibilities to maintain important information, from correspondence to scientific databases, and ensure that they are accessible when a citizen or court requests them.

“Records have a way of telling us the whole story,” Anne Weismann, chief counsel at Citizens for Responsibility and Ethics in Washington (CREW), said. For members of watchdog organizations and the press who regularly file Freedom of Information Act requests she said, it makes a difference what records management practices go on behind their queries.

One of the first to raise these issues was NARA itself, who in 2010 issued guidance on managing records in the new cloud computing environment. The bulletin served as a red flag that although agencies were already addressing issues such as privacy, security and data ownership in planning for a transition, they, just as importantly, needed to begin making the same considerations for their records management responsibilities, too.

Part of the problem, said Weismann, is that cloud computing was initially geared toward serving the private sector, where cloud computing is taking off, but has not necessarily caught up to governmental needs.

“Right now cloud computing is just a storage system,” Weismann said. “But when it comes to federal records, agencies have a job that is more than just preserving them. The records they preserve have to be organized, follow disposition schedules [kept, transferred or deleted according to set standards] and they have to be accessible.”

And accessibility is one of the key concerns with the cloud.

With the old model of storing electronic information on in-house servers, agencies had full autonomy over their records (though, as previous NARA assessments have highlighted, electronic records management is still lagging).

In the cloud, however, some fear agencies might lose the freedom to control their own records. They might be locked into systems where data is difficult or expensive to extract. They might be in a situation where records are stuck when they want to transfer or remove information. They could further be subject to different laws if the cloud system includes storage on servers abroad. Or they might find records jeopardized if a company goes belly-up.

Even when agencies store information safely in the cloud, there is still a question of whether they will be able to search and access the records when it comes time to, for example, responding to a Freedom of Information Act request.

“I heard it described that there’s a roach motel of cloud computing,” Arian Ravanbakhsh, an electronic records policy analyst at NARA, said. “Some of the vendors are not addressing or have yet to address how you get your stuff out.”

Weismann, who has been researching how different federal agencies are planning to manage their records in the federal cloud for CREW, said that it is her current impression that agencies were either not considering these concerns or putting them off for round two.

“They are looking at the cloud computing as a way to save money and preserve records, but I suspect that agencies are not giving due attention to records keeping issues,” she said. “I feel this could become an issue that the leadership in the government might have pushed before it was ready.”

Clearing the air

The momentum of the cloud revolution, however, is unlikely to be reversed and those voicing concerns in the conversation about the move, such as NARA, emphasize the importance of being proactive.

“What we have done to date is to make it clear and make sure agencies know that they are still on the hook and need to manage records according to their requirements no matter where they do it,” Paul Wester, the director of the Modern Records Program at NARA, said.

“There is the issue that the cloud in and of itself is not a records management solution, so it is up to agencies to articulate these needs to the cloud contractor,” he said.

For its part, NARA has issued guidance to federal agencies on this topic. In the same bulletin that flagged records management as an issue that demanded more attention as agencies started the move, NARA went so far as to craft the legal language they thought agencies should insert into their contracts with cloud vendors. The goal: to make sure that the ownership and record-keeping requirements of government information was absolutely clear to these third-party providers.

Similarly, according to NARA officials, agencies have to think about addressing specific accessibility issues in their contracts. This might mean, for example, asking providers to build in sophisticated search capabilities so that the agencies are better and more quickly able to find records responsive to FOIA requests.

But ultimately it is up to each federal office to adopt these standards in their cloud computing negotiations.

It is still too early to know how or if agencies are using NARA’s guidance, Wester and Ravanbakhsh said, and there will still be more “nuts and bolts” issues that they will have to deal with as agencies put more and more records into the cloud.

Weismann, who continues to monitor the transition and expects to release a more comprehensive report on it for CREW, said that she does not mean to sound anti-technology in her worries.

“But I don’t know about the headstrong rush to put records in the cloud, and the pressure from [the Office of Management and Budget] and the White House, when no one has thought through the accessibility concerns,” she said. “NARA has, but I suspect agencies still are not giving due attention to the record keeping issues.”

Weismann said that cloud computing does offer a huge potential to be better for records — the same kind of potential Ferriero declared when he said cloud computing was the way to provide for the future — if federal offices take the time to address these issues.

“[Otherwise] I would make the analogy that cloud computing now is the equivalent of tossing paper records into a room and shutting the door,”Weismann said, “Yes, you are preserving them, and that is good. But how useful are they?”

Stay informed by signing up for our mailing list

Keep up with our work by signing up to receive our monthly newsletter. We'll send you updates about the cases we're doing with journalists, news organizations, and documentary filmmakers working to keep you informed.