The Must-Do List: Table Stakes for Tech in American Government

The U.S. Federal government is the largest employer on earth, with the biggest budget. We also sometimes have actual “website business hours” listed on government services. For example, as I write this, the FAFSA form, the key for many families to access college, is “unavailable due to scheduled maintenance,” as it is every Sunday from 3–11am ET.*

There are children — little ones — across the country who get their only access to food in a normal day through the hard work of Federal programs and services, and there is so much work to do to make those work better and more reliably for them. And also, a lot of people and firms stand to make an extraordinary amount of money duping the Federal government into vanity blockchain projects.

I’ve worked in, stewed about, been at the mercy of, and hoped for better Federal government services for years. And I also literally had to hire a lawyer to help my family figure out Medicaid this year (It still didn’t work. YAY!). I am so proud of the progress that’s been made in federal tech, but please join me in coming up with your list of #govtablestakes. The *minimum* things we need to get done to do right by our colleagues and country.

At least some places are doing these things, and I’ve linked to some examples. None of these things are revolutionary, but they’re all necessary. Here’s my list:

Services

• Public metrics like these for, at minimum, the top 25 services in government by volume. Not in a quarterly PDF that’s emailed to someone, actually listed on the same website as the service.

Paper prototype produced before any coding for the College Scorecard. Public domain image.

• Users (real ones — colleagues in a hallway are great, but don’t stop there) have to test something before any new code is written. To this day, I continue to see multi-million dollar government projects that are first seen by an actual user on launch day. Normally I wouldn’t be so prescriptive on when testing begins, but for the federal government, we both must validate our assumptions and make sure that our agency doesn’t believe the dying myth that the Paperwork Reduction Act makes it impossible to do usability testing. These things are both critical to suss out immediately.
• Use the common, pre-approved tools for services like the Office of Management and Budget’s Digital Service Playbook, the General Service Administration’s U.S. Web Design System. Everyone from GAO to Congress to agency leadership to Dr. Biden’s husband should use these tools for oversight, as well.

Infrastructure

• We can solve an extraordinary amount of misery if we can give people a way to use the data IRS already has for eligibility for means-tested services. It’s nothing less than cruel that people who are so low-income that they’re eligible for help from the government have to fill out what are the government’s most complex forms when we *ALREADY HAVE THE DATA.* This should be an A-1 priority for anyone working to reduce poverty and/or increase enrollment in means tested programs.
• Follow open data and FOIA laws and regulations. In my time, I’ve seen agencies paying 6+ figures for access to data that was supposed to be public, and people spending months fighting for things that should have been publicly available or released quickly.

Policy

• Everything from executive orders to laws to regs must move away from the doomed-to-fail approach of not having technical and design folks as part of the team developing policy. You can tell when it’s happened because there will be a sentence like “there will be a website” and “on the homepage/three clicks or less/etc.” in order to tack on something addressing how people will use it. When I was there, the U.S. Digital Service had a policy committee available to agencies and EOP for work like this. I hope it’s still there!

Security

• Every agency must have a public vulnerability disclosure policy. Nothing burns my biscuits like researchers who are trying to warn us about a problem and find a brick wall.
• Every agency must ALLOW EMPLOYEES TO USE BROWSERS THAT ARE STILL BEING SUPPORTED AND PATCHED. INTERNET EXPLORER 7 WAS LAST PATCHED OVER FOUR YEARS AGO. THIS IS DANGEROUS.**
• Every agency must use a modern email provider that has sophisticated security features that are regularly updated. Email is a primary vector for government attacks, and clip art trainings and “raising awareness” has not yet solved the problem. We need better tools.

Engagement

• Every agency must answer the mail. Firms are ready and willing to sell the government millions of dollars worth of “engagement” ideas, “viral” videos, and “awareness” campaigns for social media. God bless. We need to 1) answer the mail (in whatever form) with meaningful responses that actually help people rather than just collecting data for our own purposes, responding with bulk responses and leaving cries for help in a black hole, and 2) respond to people where they’re talking to us. The “single front door” “one stop shop” “portal” idea is dead. What if there was no wrong door, and we responded?

Creeps

• We are no longer hosting, attending, tweeting about, funding, speaking on, sending heads-up emails about, inviting people to, or letting slide all-white civic tech panels. We are not doing that. Stop.
• We are no longer looking the other way when predatory men rise in the ranks. We cannot afford to lose the people they push out of this work. Instead, we are investing in what comes next. Whisper systems about people to watch out for aren’t enough. As Sabrina Hersi Issa says, “Have a values system, put a stake in the ground.”
• We must treat our colleagues who have served for decades at agencies with respect and honor their contributions. None of these problems exist because agency staff are stupid. They exist because the systems are set up to produce these outcomes. It makes lots of people a ton of money, and screws people without much power. We must change the systems.
• We must learn the history of how tech has been used by governments to commit crimes against humanity, and we must not repeat it. You must red team your own products to prepare for how they could be used to hurt people.

*I deeply respect and admire the staff that has been working on the FAFSA for years. They have fought to improve this service and they deserve unflinching support from agency leadership, the White House, and the larger civic tech community to make their plans come true. If there are more glitzy events calling to “just fill out this simple form!!!!!” before the form is even available when prospective students and their parents might be home and have time to work on it together on a Sunday morning, we have failed.

**It’s curious to me why security reporters haven’t done a story about which agencies are still using software that is literally not even supported by the companies that made them anymore. This is bargain-basement level security. Can anyone explain this to me?