|Empathy Jam: New York City, August 2016|
There has never been a better time than now for governments to build new partnerships with outside technologists and data users. These partnerships can yield important benefits for the people that governments serve.
This book looks at the ways governments have traditionally tapped into outside expertise to help solve problems or achieve an objective. These traditional mechanisms are often not a good fit for projects that involve new technologies, and the preceding sections outline some new strategies and ideas that those working in government can use to collaborate with partners outside the bureaucracy.
As potentially valuable as these new opportunities to collaborate are, it would be a mistake to view them as a replacement for the ways that governments have traditionally done things. These new strategies can provide an important compliment to the tools that governments already have at their disposal to serve the public.
In early 2016, the Department of Defense (DoD) launched a new program called "Hack the Pentagon." This program was the DoD's first attempt at a bug bounty program - a competition where outside security experts are invited to find vulnerabilities in technology assets and report them to the DoD for a share of prize money. We can look at this experiment by DoD as a manifestation of many of the core motivations that governments have for reaching out to civic hackers and collaborating with outside technology groups on civic issues:
We can't hire every great 'white hat' hacker to come in and help us...but [Hack the Pentagon] allows us to use their skill sets, their expertise, to help us build better more secure products and make the country more secure.1
Bug bounties are an approach often used in the private sector to enhance security and identify previously unknown vulnerabilities in technology assets. But bug bounty programs, by themselves, are rarely used as a wholesale replacement for other kinds of security testing. The nature of bug bounty programs probably isn't a good fit for certain kinds of penetration testing that some organizations view as critical - for example: social engineering.2
Private companies that use bug bounties also hire outside security experts to conduct different types of penetration tests, to augment the issues that can be identified through bug bounty programs. While bug bounties can be valuable because they are a relatively cheap and easy way for organizations to tap into outside expertise, they may be limited in the types of issues they can address.
This same is true when governments collaborate with outside technology groups. Providing open data, open source code and collaborating with groups of talented outsiders to focus on important problems are a part of the job description for public servants in the 21st century. But this isn't the only tool that public servant have in their toolkit.
This book began with a simple observation - we now live in a time when people outside of government often have better tools to build things with government data than government employees themselves. This imbalance has implications for those inside government that want to use technology and data to make government work more effectively.
The process of using data and technology to improve the way governments work is now inextricably linked to how effective governments are at engaging with outside data users and technology experts.
Hopefully, this book has provided some insights on how those working inside government can do this more effectively.