Lawmakers from both chambers, led by Sen. Elizabeth Warren, D-Mass., sent a letter to IRS commissioner Daniel Werfel and the Treasury Department on Monday in which they said a large majority of Americans support the creation of a free direct filing service.

“We write to applaud this announcement and your leadership on this issue, and to share our support for making a strong tool available to as many taxpayers as feasible next filing season and for continuing to build the free and easy filing tool that many Americans want and deserve,” the Democrats wrote in the letter to Werfel and the Treasury Department.

The Internal Revenue Service and the U.S. Digital Service are working to develop a prototype free filing service, which is expected to be made available to certain taxpayers in January 2024.

“We urge you to make this pilot of the direct file tool available to as many taxpayers as is feasible, in order to deliver real value quickly to American taxpayers and demonstrate the value of modernizing the IRS, while also gathering data to make improvements and to better serve American taxpayers,” the Democrats’ letter added. 

The missive highlighted a recent IRS report to Congress which indicated that taxpayers trust the IRS to provide a direct free filing service, and think it is the agency’s role to build and operate such a system.

In the Monday letter, lawmakers argued that the Treasury agency’s existing Free File Program—which is a partnership between IRS and private tax preparation companies—has not been successful despite 70% of taxpayers qualifying for the service.

The missive also criticized companies offering tax preparation services that are advertised to be free but often are not. Last month, TurboTax began paying $141 million in settlement payments to American taxpayers who the company allegedly unfairly steered into paying for tax preparation software that should have been free, the Democrats said.

The Democrats’ letter states 72% of taxpayers across party lines are interested in an IRS direct file tool and 68% of taxpayers who currently self-prepare their returns are likely to switch to a direct free filing IRS tool if given the chance to.

The post Democrats push for IRS free file service, citing bipartisan demand from taxpayers appeared first on FedScoop.

He takes up the new role at the White House agency after two years at State, during which time he has spearheaded the department’s data modernization strategy with CDO Matt Graviss. 

Berntsen will serve on secondment at the National Security Council until at least the end of the year. Previously, he was a senior manager at Deloitte, and before that was a country director for Afghanistan within the Department of Defense.

The National Security Council is the president’s principal forum for national security and foreign policy decision-making. In addition to technology and cybersecurity, it brings together senior leaders in areas crucial for national security including homeland security, global public health, international economics, climate, migration and others.

At the State Department, the Office of the Chief Data Officer has worked to implement Secretary Antony Blinken’s modernization agenda, which includes the department’s first-ever enterprise data strategy. 

Writing for FedScoop last September, Berntsen and Graviss said their team was focused on completing six-month sprint data campaigns to drive forward the agency’s digital transformation.

Earlier this year, the State Department appointed Laura Williams as deputy chief information officer for foreign operations. Williams took up the post on March 1 after previously serving as director of analytics at the agency’s Center for Analytics. 

The post State Department deputy CDO joins National Security Council appeared first on FedScoop.

The trademark office said the data leak affected about 3% of the total number of trademark applicants filed during the three-year period and that the issue was fully fixed on April 1, without any data having been misused. 

“Upon discovery, the USPTO reported the data exposure to the Department’s Senior Agency Official for Privacy and it’s Enterprise Security Operations Center, which in turn reported the exposure to the Department of Homeland Security. As you are aware, the USPTO also notified affected parties of the exposure,” a USPTO spokesperson emailed FedScoop.

“The USPTO has no reason to believe that the data has been misused,” the spokesperson added.

U.S. law requires trademark applicants to include their private address when submitting an application in order to combat fraudulent trademark filings.

The trademark office said in a notice sent to all those impacted by the data leak that by April 1 the issue had been fully fixed by properly masking all of the private addresses and correcting all system vulnerabilities found.

The trademark office said that in February it discovered that private domicile addresses that should have been hidden from public view appeared in records retrieved through some application programming interfaces (APIs) of the Trademark Status and Document Review system (TSDR). The APIs are used in apps by both agency staff and trademark filers to access the TSDR system for checking the status of pending and registered trademarks.

Some private addresses also appeared on the bulk data portal of the USPTO website.

The trademark office highlighted that as a federal government agency, the USPTO does not have the same reporting requirements as a private company or a state or local agency would and does have a process whereby those who do not want their address to be shown publicly can request that it is not made public or they can waive the requirement altogether.

Details of the USPTO leak were first reported by TechCrunch.

The post US Patent and Trademark Office data leak exposed 61K private addresses  appeared first on FedScoop.

In a Thursday statement, managing associate general counsel for procurement law at GAO Kenneth E. Patton said the agency’s decision to not advance those proposals was “flawed”, citing NIH’s inability to show that it both reasonably evaluated phase one proposals and determined which would move on to the next stages of the competition.

“GAO recommended that the agency reevaluate proposals consistent with the decision, and make new determinations of which proposals advance past phase 1 of the competition based on the results of these new evaluations,” Patton said, echoing previous statements from the organization.

Patton also said the GAO found the agency “unreasonably evaluated specific aspects” of a phase one proposal from Sky Solutions LLC. GAO denied remaining arguments the protesters raised, which included challenges to other aspects of the evaluations and untimely challenges, he said.

The decision was issued under a protective order because it “may contain proprietary and source selection sensitive information,” according to Patton. It addressed protests by entities represented by outside counsel who were eligible for a protective order. Protests filed by entities not represented by counsel will be addressed in a separate, forthcoming decision, Patton added.

CIO-SP4 is the fourth iteration of a contract vehicle for acquiring commoditized IT products and specialized services that has been dogged by pre-award protests since the agency first requested proposals in May 2021. The CIO-SP4 vehicle has a $50 billion ceiling.

Entities seeking inclusion in National Institutes of Health Information Technology Acquisition and Assessment Center (NITAAC)’s 10-year solicitation have made multiple challenges through bid protests over the last two years. Those challenges have focused on the process and criteria by which the awarding agency was using to select awardees. They’ve been both dismissed and sustained, as the agency pushes forward with the solicitation.

In March, the GAO dismissed a round of bid protests after the agency agreed to voluntary corrective action to make a new phase one determination on highest rated offerors. GAO previously dismissed 117 complaints in November 2022 over the use of a points based scoring system used to analyze prior performance of the entities bidding. The agency agreed to voluntary corrective action in that case as well.

Both of those decisions came after GAO partially sustained a pre-award protest arguing the procurement unfairly disadvantaged large companies in mentor-protégé arrangements in November 2021.

Commenting on the bid protest decisions, founder of federal procurement consultancy ProcureLinx, Mark Hijar, said: “This is a sign, to me, that they have some very serious retooling to do before they move to the next phase of evaluation. And for this to happen at this late date is not a good sign.”

Hijar, who has worked with contractors who were awardees under past iterations of the vehicle, said he’ll be watching how the agency addresses the recommendation efficiently “without materially changing the evaluation criteria that were originally provided.”

Editor’s note, 6/29/23: This story was updated to add further context about prior CIO-SP4 bid protests and to include comment from ProcureLinx.

The post GAO sustains 98 bid protests filed over CIO-SP4 solicitation appeared first on FedScoop.

The app no longer exists. The system was taken offline, a spokesperson for OPM told FedScoop, after a redesign of the regular USA JOBS website incorporated a new, mobile-first design. Today, a page that used to focus on mobile apps like the USA JOBS app redirects to the USAJOBS.gov help center, while a link to usa.gov site touting the system now displays a “Page Not Found” notice. The OPM spokesperson did not say how many used the original app before it was shut down. 

But a fake with a similar name eventually appeared in its place. A “USA JOBS” app was downloaded more than 50,000 times on the Google Play Store, where it had a 2-star rating. The app, which was most recently updated in June, attracted a slew of reviews complaining about it being “misleading,” as well as its advertisements, broken links, and “fake jobs.” Many users complained that the app isn’t associated with the actual USA Jobs website and that their credentials for the actual USAJOBS.gov platform didn’t work. 

Google ultimately took down the app after it was flagged by FedScoop. The system, said company spokesperson Dan Jackson, violated the Play Store’s rules about misleading claims, which specifically ban apps that falsely claim affiliation with a government entity. Still, the existence of this and other fake apps also highlights that government agencies aren’t always tracking down platforms and websites impersonating their services. 

“The official government website for Federal job seekers is https://USAJOBS.gov,” the OPM spokesperson told FedScoop. “Job seekers are encouraged to use the USAJOBS site to search for Federal opportunities. They may also create a USAJOBS profile, create or upload a resume, make their resume searchable by Federal recruiters, and apply for positions.”

Researchers at Stairwell, a cybersecurity firm, didn’t find any overt malicious behavior and noted that the app’s primary purpose seemed to be pulling information that’s freely available on the internet and incorporating a “tremendous amount of advertising.” The app didn’t directly claim to be affiliated with the US government, but took intentional advantage of search terms — they called it “scam-ish.” 

“They might make thousands of dollars or tens of thousands of dollars just getting people to go off as keywords,” Eric Foster, a vice president at Stairwell, told FedScoop. “Lot of times we find that the government both isn’t great at branding, and then they aren’t great at protecting their brand the same way a lot of the corporations are.” 

The researchers said that there’s evidence, based on their analysis of the app, that the developer was in Zambia. FedScoop reached out to the email address listed for the developer, but did not hear back by the time of publication.

Ads like the ones on the USA JOBS app could be a potential vector for malicious activity, the Stairwell researchers noted. The app could also collect personal information, both because it requires that users provide personal information to sign up for an account on the app, and because people may use their actual USAJOBS.gov login credentials when trying to log into the app. 

“In reviews, people were saying they uploaded their resumes. So if you’re uploading your resume, that’s going to include contact information and your work history. That’s not something you would want to give away to just anyone,” Chris St. Meyers, Stairwell’s head of threat research, told FedScoop. “They’re not necessarily malicious intentions, but they’re not good. I don’t know what they’re doing with that information they collect.” 

Similar, but more obviously malicious, sites are an ongoing challenge for the government. The Securities and Exchange Commission warned people on government employee retirement plans that they might be targeted by fraudsters back in 2017. Earlier this year, the United States Postal Service flagged to employees that cyber criminals were attempting to steal their information by creating fake sites. This issue has been an ongoing challenge for employees, according to unions representing these workers.

The post The government quietly shut down a jobs app. A tricky fake took its place.  appeared first on FedScoop.

On June 13, CISA issued a binding operational directive ordering civilian agencies to remove from the internet any “networked management devices,” making them accessible only from an internal network, or to deploy zero-trust capabilities into their network architecture so an agency administrator can enforce access controls separate from the interface. Agencies were required to do so within two weeks of notification of such devices being connected to the internet.

Censys — a cybersecurity firm that specializes in threat-hunting across devices connected to the internet — used its platform to analyze more than 50 federal civilian branch agencies’ publicly exposed devices that they use to manage networks from the internet. It found ” hundreds of publicly exposed devices within the scope outlined in the [CISA] directive.”

“In the course of our research, we discovered nearly 250 instances of web interfaces for hosts exposing network appliances, many of which were running remote protocols such as SSH and TELNET. Among these were various Cisco network devices with exposed Adaptive Security Device Manager interfaces, enterprise Cradlepoint router interfaces exposing wireless network details, and many popular firewall solutions such as Fortinet Fortiguard and SonicWall appliances,” Censys wrote in a blog post sharing its findings.

In the post, the company explained: “These internet-exposed devices have long been the low-hanging fruit for threat actors to gain unauthorized access to important assets, and it’s encouraging that the federal government is taking this step to proactively improve their overall security posture and those of their adjacent systems.”

Censys also found more than “15 instances of exposed remote access protocols such as FTP, SMB, NetBIOS, and SNMP” — protocols that the firm says “have a history of security vulnerabilities, and exposing them to the internet raises the risk of being targeted by threat actors trying to gain remote unauthorized access to government infrastructure” — and “[m]ultiple out-of-band remote server management devices such as Lantronix SLC console servers,” which CISA said in its directive “should never be directly accessible via the public internet.”

To help civilian agencies meet the requirements of the directive, CISA issued accompanying implementation guidance with additional background and commonly asked questions.

The post ‘Hundreds’ of agency internet-connected devices found running in violation of recent CISA directive, cyber firm reports appeared first on FedScoop.

In a report published on Tuesday, the Electronic Tax Administration Advisory Committee (ETAAC) called on the tax authority to assess how much it would cost to improve public understanding of commonly used services run by the Free File Alliance, the Volunteer Income Tax Assistance program and the Tax Counseling for the Elderly.

The intervention comes as the Internal Revenue Service and the U.S. Digital Service work to develop a prototype free filing service, which is expected to be made available to certain taxpayers in January 2024.

ETAAC is an advisory committee that provides a public forum for the discussion of electronic tax administration issues. Last September the committee appointed eight new members including Deputy Chief Financial Officer and Tax Commissioner for the District of Columbia Keith Richardson and Code for America Senior Manager RaeAnn Pilarski.

In the new report, the committee cited previous work by the nonprofit MITRE Corp., which identified low participation rates in existing free filing programs and found a low level of awareness among consumers. In 2018, just 3 million out of nearly 104 million eligible taxpayers used a free file product to submit their federal income tax returns, according to the MITRE study.

The committee said: “ETAAC reiterates MITRE’s conclusion and joins in the recommendation that Congress appropriate funds to increase awareness of existing free filing options and encourages the IRS to make use of free electronic filing resources already at its disposal to promote greater adoption of Free File.”

It added: “ETAAC further recommends that the IRS work with the Free File Alliance and other software industry associations to continue enhancing the Free File program. This could include expanding eligibility (in terms of adjusted gross income) and communication and marketing opportunities for the program.”

Details of the IRS’s new prototype tax filing platform were first reported by the Washington Post as the Treasury in May delivered a report to Congress on the feasibility of building such a service. That study was carried on behalf of the IRS by the nonprofit New America and was funded with $15 million included in the Inflation Reduction Act.

Other new recommendations from ETAAC include that IRS make tax information documents digitally available in real-time to allow easier use of third-party filing software and that the agency prioritize and allocate funding for the modernization of IRS.gov and search engine optimization.

The post IRS advisory committee calls on agency to assess public awareness of existing free file tools appeared first on FedScoop.

Earlier this week, Chief Administrative Officer Catherine L. Szpindor sent a memo to all House staff saying that offices are only authorized to use the paid version of the AI tool known as ChatGPT Plus, which has a $20-per-month subscription that “incorporates important privacy features that are necessary to protect House data.” 

Furthermore, Szpindor highlighted that offices are allowed to use the chatbot for “research and evaluation only” and are “not authorized to incorporate it into regular workflow” or use it for any official purposes.

Lieu — a member of the House Artificial Intelligence Caucus and one of three members of Congress with a computer science degree — pushed back on the CAO’s new rules during an interview with FedScoop, saying he planned to reach out to the CAO with a number of questions on the decision.

“I don’t believe all this is [necessary]. I don’t understand why they’re making any statements about workflow. I think that’s something within the province of each member’s office, and each member can figure out how they want the workflow of their office to function,” Lieu told FedScoop during an interview on the subject of AI in Congress.

“And so if they’ve determined that ChatGPT is not a security threat, which it looks like they’ve determined that, then I think every office should use it as they deem fit,” he said. 

FedScoop first reported in April that the House of Representatives’ digital service had obtained 40 licenses of ChatGPT Plus, the first publicized congressional use of the popular AI tool. House offices said they were using ChatGPT for generating constituent response drafts and press documents, summarizing large amounts of text in speeches, and drafting policy papers or, in some cases, bill language.

Earlier this year, Lieu introduced the first measure in Congress that was written entirely by ChatGPT with a nonbinding resolution on how to comprehensively regulate AI in Congress.

Similarly, he said he gives his staff immense freedom to use tech tools without restrictions.

“So I put an enormous amount of trust in my staff, and my staff can basically do whatever they want. So if they feel like looking something up on Google Bard they can do that. If they want to use ChatGPT to draft, do the first draft of a document [or policy], they can do that,” Lieu said.

The California congressman said his staff regularly uses ChatGPT for regular day–to–day purposes but wasn’t sure if they use the CAO-authorized ChatGPT Plus service. Lieu added that his staff would look into getting the paid version of the tool if they weren’t already using it.

The CAO’s ChatGPT guidance comes as lawmakers from both parties and in both chambers are rushing to craft legislation on how to regulate AI, including Senate Majority Leader Chuck Schumer, D-NY., and Lieu, who is pushing for a new bipartisan AI regulatory commission. 

The House Chief Administrative Office said the memo is not enforceable by law but is intended to provide best practice guidance based on internal research and procedures.

“Our intent in providing this information on ChatGPT was to explain best practice guidance consistent with our approved processes and procedures,” a CAO spokesperson told FedScoop. “Our House Cyber team will study this closely and continue to advise offices on the appropriate use of emerging technology.”

The CAO memo regarding limits and restrictions on ChatGPT use in Congress was first reported by Axios.

The post Congressional AI proponent Ted Lieu pushes back on ChatGPT restrictions placed by House administrative office appeared first on FedScoop.

While this proposed rule has received less attention, the inclusion of algorithms represents an important example of how Biden administration regulators are hoping to rein in AI. ONC wants to get that final rule out as soon as possible, “perhaps as early as later this year,” an ONC spokesman said in an email.

The proposal — the comment period closed earlier this month — would require electronic health record systems using predictive tools like AI and algorithms to provide users with information about how that technology works, including a description of the data it uses. That would add to a certification process already overseen by ONC.

“The idea is that you should have a standardized nutrition label for an algorithm,” Micky Tripathi, who leads the health IT division housed within the U.S. Department of Health and Human Services, said in an interview with FedScoop.

ONC’s certification program for health IT — which includes electronic health record technologies — is voluntary. It’s incentivized, however, by requirements that hospitals and physicians use certified systems when participating in certain Centers for Medicare and Medicaid Services payment programs.

While ONC hopes that more transparency will help avoid unintended consequences of algorithmic bias, the rule has received some pushback from medical professionals, health IT companies, and associations for both not going far enough and being too hard to comply with. The division will next review those comments and work on finalizing the rule.

The AI and algorithm requirements are part of ONC’s proposed rule titled “Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing” (HTI-1), which includes a variety of updates for the division’s Health IT Certification Program.

Specifically, the artificial intelligence portion of the rule would build upon its existing certification requirements for clinical decision support (CDS) systems by defining a new category for predictive tools, which includes AI and algorithms. 

Artificial intelligence presents “a whole new dimension in this area of clinical decision support,” Tripathi said. There are things about AI that are “fundamentally different” and require ONC to again weigh in on how these technologies are incorporated into electronic health records systems, he explained.

ONC doesn’t want to be in the position of telling people they can’t use a particular algorithm, Tripathi said, which is why it’s pointing to transparency as a way to help people “navigate” the technology.

For example, Tripathi said, a user in San Juan, Puerto Rico, might learn that an algorithm in an electronic health record system was trained on data from the Mayo Clinic in Minnesota and question whether that would be appropriate for their patient population. 

ONC’s emerging approach to AI regulation has won support from a variety of healthcare industry stakeholders, public comments revealed. For example, the College of American Pathologists — a nonprofit with thousands of members — has said that more information about the datasets AI systems are trained on would boost transparency, and also help pathologists with their “AI-related responsibilities.”

Ron Wyatt, the chief scientist and medical officer at the Society to Improve Diagnosis in Medicine, said the rule didn’t go far enough, and argued that the information that’s made available to “end users,” like health systems and patients, should also be shared in the public domain — so that it’s “exposed to the expert academic research and developer communities that now are sensitized” to the problems with using AI in healthcare. 

Unsurprisingly, there’s also been pushback. The HIMSS Electronic Record Association, on behalf of 30 companies, has suggested that ONC’s requirements for “decision support interventions” would be hard for electronic health record developers to implement, since — they argue — these tools are often created by third parties. 

The American College of Cardiology, a nonprofit association that credentials cardiovascular professionals, said the algorithms proposal was “overly broad,” could potentially cover “thousands of technology solutions utilized in health care,” and may also be confusing for clinicians dealing with software that’s defined differently by other agencies. 

It’s not yet clear how ONC will incorporate this feedback. Still, the proposal and the feedback it received show the mounting effort to regulate AI across the Biden administration. 

The Office of Science and Technology Policy, for example, has emphasized fighting algorithmic discrimination in the Blueprint for an AI Bill of Rights, which was released in October. The Department of Justice and the Department of Housing and Urban Development have looked at algorithmic bias in systems used to screen tenant applications. Senator Charles Schumer highlighted fighting bias in the SAFE Innovation Framework he introduced earlier this month. 

ONC’s own work on artificial intelligence isn’t limited to the proposed rule. Separately, Tripathi said the ONC is working on the department’s broader efforts to develop AI regulatory strategies and is exploring how to make sure a type of application programming interface (API) used for healthcare interoperability — known as Fast Healthcare Interoperability Resources (FHIR) — is able to interact with AI. 

“As ONC, and as the HHS, and as the federal government, we want to balance the ability to allow us to continue to have innovation in a really — what we recognize is — a really important space that could offer tremendous benefit at the end of the day,” Tripathi said.

The post Regulations to govern use of AI in health records could come later this year appeared first on FedScoop.