Advertisement

Contractor-monitoring software bills that worried state CIOs mostly failed to pass

Bills filed in 32 states requiring aggressive contractor monitoring software have mostly failed to pass, but there's always New Jersey.
Getty Images

A wave of bills that would’ve forced IT contractors working for state governments to install aggressive monitoring software appears mostly to have failed to advance as state lawmakers wrap up their spring schedules. But the legislation, which prompted an uncharacteristically loud outcry from state chief information officers, is not dead everywhere.

The bills, which started appearing in statehouses last year, would require nearly all of those states’ IT contractors to outfit their employees’ computers with software that takes screenshots of those workstations once every three seconds, records keystrokes and tracks mouse movements, and then store that information for at least seven years. All of the measures, which have been filed in at least 30 states, are based off model legislation written by a little-known company called TransparentBusiness, which happens to sell a program that captures periodic screenshots and keystrokes of the computers it’s installed on, and hired lobbyists across the country to promote its interests to state legislators.

But of the 32 states where the legislation was introduced, it appears to have advanced only in New Jersey. Though Trenton lawmakers approved that bill unanimously in February, Gov. Phil Murphy has not taken any action on it yet.

Meanwhile, another version of the bill appeared this week in the New York State Senate, about six weeks after TransparentBusiness announced it had hired a lobbying firm to represent it in Albany.

Advertisement

Despite the New Jersey version’s shot at becoming law, many other states’ versions failed to advance past the committee stage, sometimes after the intervention of chief information officers. The National Association of State Chief Information Officers, which ordinarily keeps away from political fights, issued a strongly worded statement in mid-February blasting the contracting-software bills, saying that they would create “significant risk” to personal privacy while jeopardizing states’ relationships with the IT firms they partner with. NASCIO was joined in its opposition by several industry groups.

“Legislation of this nature could introduce unnecessary risks to citizen data by essentially transferring ownership of private citizen data to a third party,” the NASCIO statement read.

At the group’s midyear conference in National Harbor, Maryland, on Monday, Utah CIO Mike Hussey said he approached his state’s lawmakers, who had been supporting the bill, with the NASCIO statement and a request to table the bill.

“I said if you’re looking for more transparency, let’s look at other options,” Hussey told StateScoop.

Hussey said he mentioned that contractors can be held to account more effectively with payments based on project milestones, for instance, whereas imposing invasive monitoring software would only sew mistrust between an IT agency and its vendors.

Advertisement

“That’s why we treat vendors as partners,” he said.

Still, though most of the bills appear to have fallen to the wayside in current legislative sessions, the fight between NASCIO and its partners and TransparentBusiness is far from over.

“We expect these bill will likely be introduced next year as well,” said Meredith Ward, a NASCIO senior policy analyst. “NASCIO stands ready to speak out against this type of legislation if so.”

In a guide provided to its lobbyists and in its marketing materials, TransparentBusiness pitches its product as a uniquely essential tool for state governments to avoid being fleeced by their contractors. Reached by email, TransparentBusiness’ founder and chief executive, Alex Konanykhin, told StateScoop that while none of the bills have become law anywhere, he is still “very encouraged” by the flurry of lobbying activity he sponsored.

“Evangelizing the benefits of transparency to legislators is not our focus, it’s something we do in our spare time and on a limited budget to facilitate positive social changes,” Konanykhin wrote. “Draining the swamp is not an overnight process and it does raise stink. Some entrenched contractors are spending tons of money to delay the transparency bills. They are fighting a losing battle.”

Advertisement

In New Jersey, a spokeswoman for Murphy said the governor’s office does not comment on pending legislation. And TransparentBusiness has not let up its pressure on Trenton: the company’s website recently posted a photo of Silvina Moschini — the company’s co-founder and Konanykhin’s wife — meeting with Murphy.

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed was the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He wrote extensively about ransomware, election security and the federal government’s role in assisting states and cities with information security.

Latest Podcasts