In the report, they published the results of their fifth annual study on the costs of data breaches for U.S.-based companies. They surveyed 45 companies represnting 15 various industry sectors–significant contributors were financial, retail, services and healthcare companies.

Numbers-wise, the companies they interviewed lost between 5,000 and 101,000 records, at a cost range between $750,000 and $31 million.

What was really interesting was that the average per-record cost of the loss was determined to be $204.00–and how many records does your law enforcement/public safety agency hold?

Some factors they considered in computing the cost of the breach included:

• Direct costs - communications costs, investigations and forensics costs and legal costs
• Indirect costs - lost business, public relations, and new customer acquisition costs

The report also lists a number of causes for the data breaches, such as:

• 82% of all breaches involved organizations that had experienced more than one data breach
• 42% of all breaches studied involved errors made by a third party
• 36% of all breaches studied involved lost, misplaced or stolen laptops or other mobile computing devices
• 24% of all breaches studied involved some sort of criminal or other malicious attack or act (as opposed to mere negligence).

You can download the full report here: http://www.encryptionreports.com/download/Ponemon_COB_2009_US.pdf

Thoughts and comments welcomed…r/Chuck

1. Funding – Data.gov cannot be another unfunded federal mandate

Federal agencies are already trying their best to respond to a stream of unfunded mandates. Requiring federal agencies to a) expose their raw data as a service and b) collect, analyze, and respond to public comments requires resources. The requirement to make data accessible to (through) Data.gov should be formally established as a component of one of the Federal strategic planning and performance management frameworks (GPRA, OMB PART, PMA) and each agency should be funded (resourced) to help ensure agency commitment towards the Data.gov effort. Without direct linkage to a planning framework and allocation of dedicated resources, success of Data.gov will vary considerably across the federal government.

2. Strategy – Revise CONOP to address the value to American citizens

As currently written, the CONOP only addresses internal activities (means) and doesn’t identify the outcomes (ends) that would result from successful implementation of Data.gov. In paragraph 1 the CONOP states “Data.gov is a flagship Administration initiative intended to allow the public to easily find, access, understand, and use data that are generated by the Federal government.”, yet there is no discussion about “what data” the “public” wants or needs to know about.

The examples given in the document are anecdotal at best and (in my opinion) do not reflect what the average citizen will want to see–all apologies to Aneesh Chopra and Vivek Kundra, but I do not believe (as they spoke in the December 8th webcast) that citizens really care much about things like average airline delay times, visa application wait times, or who visited the Whitehouse yesterday.

In paragraph 1.3 the CONOP states “An important value proposition of Data.gov is that it allows members of the public to leverage Federal data for robust discovery of information, knowledge and innovation,” yet these terms are not defined–what are they to mean to the average citizen (public)? I would suggest the Data.gov effort begin with a dialogue of the ‘public’ they envision using the data feeds on Data.gov; a few questions I would recommend they ask include:

1. What issues about federal agency performance is important to them?
2. What specific questions do they have about those issues?
3. In what format(s) would they like to see the data?

I would also suggest stratifying the “public” into the different categories of potential users, for example:

1. General taxpayer public, non-government employee
2. Government employee seeking data to do their job
3. Government agency with oversight responsibility
4. Commercial/non-profit organization providing voluntary oversight
5. Press, news media, blogs, and mash-ups using data to generate ‘buzz’

3. Key Partnerships – Engage Congress to participate in Data.gov

To some, Data.gov can be viewed as an end-run around the many congressional committees who have official responsibility for oversight of federal agency performance. Aside from general concepts of government transparency, Data.gov could (should) be a very valuable resource to our legislators.

Towards that end, I recommend that Data.gov open a dialogue with Congress to help ensure that Data.gov addresses the data needs of these oversight committees so that Senators and Congressmen alike can make better informed decisions that ultimately affect agency responsibilities, staffing, performance expectations, and funding.

4. Data Quality – Need process for assuring ‘good data’ on Data.gov

On Page 9 of the CONOP, the example of Forbes’ use of Federal data to develop the list of “America’s Safest Cities” brings to light a significant risk associated with providing ‘raw data’ for public consumption. As you are aware, much of the crime data used for that survey is drawn from the Uniformed Crime Reporting effort of the FBI.

As self-reported on the “Crime in the United States” website, “Figures used in this Report are submitted voluntarily by law enforcement agencies throughout the country. Individuals using these tabulations are cautioned against drawing conclusions by making direct comparisons between cities. Comparisons lead to simplistic and/or incomplete analyses that often create misleading perceptions adversely affecting communities and their residents.”

Because Data.gov seeks to make raw data available to a broad set of potential users; How will Data.gov address the issue of data quality within the feeds provided through Data.gov? Currently, federal agency Annual Performance Reports required under the Government Performance and Results Act (GPRA) of 1993 require some assurance of data accuracy of the data reported; will there be a similar process for federal agency data made accessible through Data.gov? If not, what measures will be put in-place to ensure that conclusions drawn from the Data.gov data sources reflect the risks associated with ‘raw’ data? And, how will we know that the data made available through Data.gov is accurate and up-to-date?

5. Measuring success of Data.gov – a suggested (simple) framework

The OMB Open Government Directive published on December 8, 2009 includes what are (in my opinion) some undefined terms and very unrealistic expectations and deadlines for federal agency compliance with the directive. It also did not include any method for assessing progress towards the spirit and intent of the stated objectives.

I would like to offer a simple framework that the Data.gov effort can use to work (collaboratively) with federal agencies to help achieve the objectives laid out in the directive. The framework includes the following five questions:

1. Are we are clear about the performance questions that we want to answer with data to be made available from each of the contributing federal agencies?
2. Have we identified the availability of the desired data and have we appropriately addressed security and privacy risks or concerns related to making that data available through Data.gov?
3. Do we understand the burden (level of effort) required to make each of the desired data streams available through Data.gov and is the funding available (either internally or externally) to make the effort a success?
4. Do we understand how the various data consumer groups (the ‘public’) will want to see or access the data and does the infrastructure exist to make the data available in the desired format?
5. Do we (Data.gov and the federal agency involved) have a documented and agreed to strategy that prepares us to digest and respond to public feedback, ideas for innovation, etc., received as a result of making data available through Data.gov?

I would recommend this framework be included in the next version of the Data.gov CONOP so as to provide a way for everyone involved to a) measure progress towards the objectives of the OMB directive and b) provide a tool for facilitating the dialogue with federal agencies and Congress that will be required to make Data.gov a success.

I just finished watching a rerun episode of Tough Love on VH1 and I know some of you will think this is a bit odd, but the show led me to some thoughts about how to give the Data.gov project some focus and priority.

You’re probably wondering what Data.gov has to do with eight beautiful women looking for marriage and long-lasting love, but believe it or not, the show and Data.gov have a lot in common.

In this particular episode of the show, the “boot camp” director was focusing on communication skills. He made it very clear to the ladies that communication is very important in making a good first impression with a would be suitor. In the show he counseled the ladies that if they wanted to make a good impression, the ladies would need to:

• Listen carefully to what their date is telling them about what’s important to them;
• Make the conversation about “them” on first contact and avoid bragging about yourself; and
• Resist the urge to reveal too much information about their own respective private lives.

While I will avoid speaking to the validity of this counsel as it applies to love, I would like to suggest that these three rules are also quite relevant in our efforts to have a more transparent, open and collaborative government.

Along these lines, I offer the following three suggestions for Data.gov’s first (transparent, open and collaborative) date with America:

1. Ask the public (and Congress) what they specifically want to see on Data.gov and the forthcoming dashboard; all apologies to Aneesh Chopra and Vivek Kundra, but I do not believe (as they spoke in the December 8th webcast) that citizens really care much about things like average airline delay times, visa application wait times, or who visited the Whitehouse yesterday. I particualry suggest they work with Congressional Oversight Committees to make Data.gov a tool that Congress can (and will) use.
2. Make Data.gov about demonstrating the good things that Federal agencies do that directly impact the general public. It’s no surprise that most agencies do a poor job of explaining to citizens what they do. I suggest reviving the OMB Performance Assessment Rating Tool (PART) Program (which appears to have died on the vine with the new administration) and use the performance measures in the Program Results/Accountability section to better communicate the relevant value these agencies deliver to citizens.
3. Focus Data.gov data sources and the desire for openness on the critical few measures and metrics that matter to the public. Avoid the urge to just “get the data posted” – not many people will care about how many kilowatt hours of hydroelectric power the Bureau of Reclamation is counting, how many FOIA requests the Department of Justice received, or the Toxic Release Inventory for the Mariana Islands. Information sharing is most successful when it is directly relevant with the person (or agency)with whom you are sharing.

I’ll let you know if the next episode is as enlightening as this was.

r/Chuck

1. We fully understand why we want it and are clear about what we are really asking for;
2. We understand the burden involved in achieving open government and that we fund the agencies to do it right;
3. We are clear about the performance questions that we want the [transparent] data to answer;
4. We have an understanding for how the public will want to see/access the information; and
5. We are fully prepared to digest and respond to received public feedback .

After reading the 3,185 words of the Office of Management and Budget (OMB) Open Government Directive (with attachment), I am very sorry to report that IMO none of the five critiera (conditions) listed above have been met by the language contained in the document. From what I read:

• It would appear that no one in the approval chain asked any hard questions about the language–much of the language used is very vague and leaves a lot of room for interpretation (or misinterpretation);
• There is no mention of how agencies will be funded to build the capacity to meet the additional workload that the requirements of the memorandum are certain to cause.
• The focus of the document to “get agency data on the web” and “solicit (direct) public feedback” appears to be totally out of context of any other strategic management, performance assessment, or planning framework.  This appears to ba an end-run around other oversight committees and organizations, like Congress. Will Federal agencies be able to deal with direct feedback from hundreds or thousands of citizens? I am reminded of the old adage “be careful what you ask for”…;
• The document tells agencies to “publish information online in an open format that can be retrieved, downloaded, indexed, and searched by commonly used web search applications;” however, this can be satisfied in many ways–.txt, .csv, .doc, .pdf, .html,.xml, etc.–some formats will make it very cumbersome for the “public” to view, analyze and understand the data.
• Finally, the memorandum sets what I believe to be some very unrealistic expectations from both a performance and timeline perspective. For example, how can agencies be expected to review and respond to public input from the web when these same agencies are already overwhelmed with their current day-to-day tasks?

Here are a couple examples to ponder:

On Page 2 – “To increase accountability, promote informed participation by the public, and create economic opportunity, each agency shall take prompt steps to expand access to information by making it available online in open formats”

• Nowhere in the memorandum are the terms “accountability” or “informed participation” defined
• What does “create economic opportunity” really mean?
• It would appear that this mandate circumvents established management processes for holding Federal agencies accountable for efficient and effective performance? (OMB,GAO, Congress)

On Page 3 – “Each agency shall respond to public input received on its Open Government Webpage on a regular basis…Each agency with a significant pending backlog of outstanding Freedom of Information requests shall take steps to reduce any such backlog by ten percent each year.”

• What do the mean by “respond to public feedback on a regular basis?”
• All feedback? Some feedback?
• What does “regular basis” mean? Within 24 hours? Weekly? Annually?

If we really want Federal agencies to be more “open” with their data and information, we must be willing to commit the effort required to:

What are your thoughts and comments on this issue?

Thanks…r/Chuck

1. Resist the urge to see information sharing as an outcome. Information sharing is a means to an end, not the end itself. Each federal agency, every state and regional fusion center, and all law enforcement intelligence units should have a clear set of information requirements, questions if you will, that information sharing and the intelligence process should work to answer–hold agencies accountable for having clear and valid requirements. This has been a common practice in the intelligence community for decades and should be a practice for all information sharing elements.
2. Build clear accountability into the information sharing process. Every federal agency, fusion center and law enforcement agency should have one person, preferably an impassioned, well-respected leader, that can ensure that their agencies requirements are  well documented and communicated horizontally across federal boundaries and vertically to local, state, and municipal agencies, and (where applicable) private sector organizations.
3. Establish clear linkage of information sharing to agency operational performance measures. Just as staffing, information technology, facilities, and utilities are seen as strategic resources in a performance-based budget, information sharing must be seen as a resource to be strategically used to help an agency achieve its mission. When measuring the success of information sharing, focus on the extent to which it helped achieve agency goals–just as counting cases in law enforcement is a misleading way to judge public safety success, counting RFIs, records shared, SARs submitted is not a good way to gauge information sharing success–successful information sharing can only be measured through the extent to which it helps agencies (at all levels) achieve their operational goals.
4. Discourage agencies from using stovepiped portals for information sharing. All shareable data should be available as a “service” for consumer agencies to ingest into their systems and not through a dedicated portal that users will need a discrete login to access. You can read my previous “Portal-mania” blog post for more detail here, but all federal agencies should be required to make their data accessible through National information Exchange Model (NIEM) based web services. This will enable consumer agencies to integrate multiple data streams into their workflow and will reduce the number of websites and portals analysts are required to access to perform their work.
5. Give the same amount of attention to what is shared and how it is shared. Over the last few years, a significant amount of effort has gone into how information is shared at the expense of understanding the depth and breadth of information actually being shared. Many regional and national information sharing efforts still only contain basic levels of information, or worse are just pointer systems that require additional human effort to gain access to the actual record. Encourage agencies to communicate to each other what specific information is being shared, and what is not being shared, and help everyone understand the consequences of their decisions.
6. Encourage maximum use of NIEM and the Information Exchange Package Descriptions (IEPD) contained it its clearinghouse. NIEM has emerged as the dictionary of shareable data elements. When you string together sets of these data elements to satisfy a specific business need, an IEPD is born. The NIEM IEPD clearinghouse contains more than 150 IEPDs, many of which apply to national security, law enforcement and public safety missions. While many federal agencies have pledged their support of NIEM, more effort is needed to ensure that they first seek to use IEPDs already contained in the clearinghouse and do not develop one-off IEPDs designed to meet very narrow applications.
7. Finally, foster a culture of transparency to help communicate an appreciation of personal civil rights and civil liberties.  All information sharing and intelligence operations should engage in proactive efforts to help alleviate any fears that individual privacy and liberties are violated by any of the actions taken by those agencies. In my September 3, 2009 blog posting I list ten questions a fusion center director should ask of their own intelligence operations. I’d like to offer up these questions as a beginning framework for any information sharing or intelligence operation. They also serve as a good framework for evaluating the extent to which information sharing and intelligence operations are in fact seriously working to do the right thing.

In closing, I hope you can see how these seven points help to frame how you might structure a results oriented evaluation of information sharing across our federal agencies and with our state and regional fusion center, and private sector partners. Taken together you will be able to report the extent to which agencies have:

• Documented their information sharing requirements – what needs to be shared;
• Someone who can be directly held accountable for effective and proper information sharing;
• Linked their need for information to specific operational goals and strategies;
• Implemented mechanisms that makes it easy for other agencies to access their information;
• Ensured that they are sharing the right information (most meaningful) information;
• Taken advantage of NIEM as a way to save money and expedite information sharing; and
• Taken measures to proactively diffuse public (and media) perceptions of information misuse.

I wish you well in your new role as Senior Director for Information Sharing Policy.

Regards,

Chuck Georgo
chuck@nowheretohide.org

I’m paraphrasing a bit, but he basically indicated that the state, local, and private sector organizations in his state told him that they “DO NOT want to have to log into multiple portals” to stay informed about criminal and terrorism threats to their state’s  infrastructure.” 

When you take a closer look at the “Portal-mania” that exists, it seems that every agency and multiple programs within a single agency has to have their own portal for accessing the information and analytic tools that agency or program provides; here’s a quick list of ones I am familar with, (feel free to email me the names of others you know about):

1. DHS HSIN State and Local Community of Interest (SLIC)
2. DHS Lessons Learned Information Sharing (LLIS)
3. DHS Automated Critical Asset Management System (ACAMS)
4. DOJ Regional Data Exchange (R-DEx)
5. DOJ National Data Exchange (N-DEx)
6. DOJ eGuardian
7. DOJ Law Enforcement Online (LEO)
8. DOJ InfraGard
9. DOJ National Sex Offender Public Website (NSOPW)
10. DOJ National Criminal Intelligence Resource Center (NCIRC)
11. DOJ Regional information Sharing System (RISS)
12. Private Sector CyberCop
13. [State] Criminal Justice Information System (CJIS)
14. …add to this Department of the Treasury, Department of Transportation, and other federal agency portals
15. …and about three-dozen other databases and private sector websites

This is nutz! Dedicated portals are so 1990′s…we should be able to use the same technology I used to create this website and blog (WordPress and four different plug-in widgets) to make information and advanced analytic capabilities available to Fusion Centers and other public safety users.  I would like to challenge the agencies and programs listed above to make the information and capabilities they offer available  through widgets, web-parts, and gadgets that Fusion Centers and other intelligence/information sharing users can integrate into THEIR portal of choice. 

Whether it’s SharePoint, Oracle, or IBM Websphere, state, local, or private sector organizations should be able to pick and integrate into THEIR selected portal environment from the portal list above the information and capabilities that they need to do their job–they should not have to access the multiple, stovepiped portals as they do today.

I’d like to know what you think about this…Thanks..r/Chuck Georgo

Whether you like the idea of a fusion center or not, they are here to stay. At last count, there were about 70 of them, and DHS recently spoke of helping to get even more going.  At their core, I believe a fusion center is responsible for doing three basic things: 

1. Accepting and vetting reports of unusual behavior (criminal or terrorism related);
2. Providing intelligence support to major case and tactical law enforcement operations; and
3. Proactively supporting federal, state, and local homeland security and community safety objectives. 

To do this well, the majority of fusion centers in operation today are required to rely on an assortment of manual processes, a patchwork of incompatible software applications, and dozens of disparate information sources. Walk into the typical fusion center today and you’ll probably find that an analyst answering the phone has to enter the request for their services into one application for management purposes, enter the same information into a second application for sharing purposes, then has to manually bring up and login to anywhere from 5-15 different data sources to search for information related to the service request, then has to open up at least one or more applications to write up  and package up the requested response, and then, more than likely, has to either manually fax it to whomever asked for the information or call them back on the telephone to give them the answer–a pretty painful and tedious way to work.

Today though, Microsoft announced release of a project that I have been helping them to develop for quite some time–the Fusion Core Solution.  Microsoft hopes, through use of Office, SharePoint and ESRI’s ArcGIS to help ease the pain described above.  The FCS uses SharePoint as a horizontal integration and workflow management platform to help an analyst go from taking in a fusion center service request, to searching for information, to analyzing that information, to producing the intelligence product without having to leave the SharePoint environment at all.

At a non-technical level, the FCS will enable fusion centers to do a couple of pretty cool things:

1. Provides a common look and feel across multiple analytic tools and business processes.
2. Greatly reduces the number of user names and passwords analyst must remember.
3. Organizes requests for fusion center services, and tracks progress of fusion center work.
4. Helps to better document and comply with 28 CFR Part 23, CUI and PCII requirements.
5. Provides multiple analyst-to-analyst and fusion center-to-fusion center collaboration tools
6. Helps to keep track of fusion center and extended staff capabilities and availability.

From a technical perspective, FCS fully supports NIEM conformant information exchanges and establishes a framework for supporting the service-oriented principles of the Justice Reference Architecture (JRA) as it applies to information and data sharing.

In a nutshell, “Fusion Core Solution is for a Fusion Center what Microsoft Windows is to a personal computer“–you can think of FCS as the “operating system” for a Fusion Center.

For more info, check out the Fusion Core Solution website, or email me.

r/Chuck

Added 8/4/2009: Click HERE to see Joe Rozek, Microsoft’s Executive Director of Homeland Security, and Former Senior Director for Domestic Counterterrorism at The White House Office of Homeland Security talk about Fusion Core Solution

It’s no secret, the National Information Exchange Model (NIEM) is a huge success.  Not only has it been embraced horizontally and vertically for law enforcement information sharing at all levels of government, but it is now spreading internationally.  A check of the it.ojp.gov website lists more than 150 justice-related Information Exchange Package Documentation (IEPD) based on NIEM–it’s been adopted by N-DEX, ISE-SAR, NCIC, IJIS PMIX, NCSC, OLLEISN, and many other CAD and RMS projects. 

For at least the last four years, Search.org has been maintaining the Justice Information Exchange Model (JIEM) developed by Search.org.  JIEM documents more than 15,000 justice information exchanges across  9 justice processes, 75 justice events, that affect 27 different justice agencies. 

So if JIEM establishes the required information exchanges required in the conduct of justice system business activities, and NIEM defines the syntactic and semantic model for the data elements within those justice information exchanges…then…

Wouldn’t it make sense for JIEM exchanges to call-out specific NIEM IEPDs?

And vice-versa, wouldn’t it make sense for NIEM IEPDs to identify the specific JIEM exchanges they correspond to?

Here’s a diagram that illustrates this…

Let me know what you think..

r/Chuck

chuck@nowheretohide.org - www.nowheretohide.org

If you haven’t heard about the Department of Health and Human Services Federal Health Architecure and CONNECT project, I suggest you pop over to this website where documentation for version 2.0 of the software resides:

http://www.connectopensource.org/display/NHINR2/Release+2.0+Home

CONNECT is an open source software gateway that connects public and private health orgaizations to the National Health Information Network.  Think of it like a giant peer-to-peer N-DEx, but with an open source “front-porch” that drops into each agency and extracts the data from back-end systems.

I’ll be doing more investigation into the CONNECT project to see if we can adapt it for law enforcement information sharing use–the closest thing to this on the LEIS side is the FINDER project in orlando, FL.

as always, comments and thoughts welcomed.

r/Chuck

chuck@nowheretohide.org - www.nowheretohide.org

I did a quick check of four online appliactions that I use–Zoho, Windows Live, MySpace and Google Apps–here’s what I found.

1. ZoHo’s terms of use states:“We store and maintain files, documents, to-do lists, emails and other data stored in your Account at our facilities in the United States or any other country. Use of Zoho Services signifies your consent to such transfer of your data outside of your country.  In order to prevent loss of data due to errors or system failures, we also keep backup copies of data including the contents of your Account. Hence your files and data may remain on our servers even after deletion or termination of your Account.”
   
2. Windows Live had a different twist:
   “Microsoft does not claim ownership of the materials you provide to Microsoft (including feedback and suggestions) or post, upload, input or submit to any Services or its associated services for review by the general public, or by the members of any public or private community, (each a “Submission” and collectively “Submissions”).  However, by posting, uploading, inputting, providing or submitting (“Posting”) your Submission you are granting Microsoft, its affiliated companies and necessary sublicensees permission to use your Submission in connection with the operation of their Internet businesses (including, without limitation, all Microsoft Services), including, without limitation, the license rights to: copy, distribute, transmit, publicly display, publicly perform, reproduce, edit, translate and reformat your Submission; to publish your name in connection with your Submission; and the right to sublicense such rights to any supplier of the Services.”
3. MySpace pretty much mirrors Microsoft’s terms:
   “After posting your Content to the MySpace Services, you continue to retain any such rights that you may have in your Content, subject to the limited license herein. By displaying or publishing (“posting”) any Content on or through the MySpace Services, you hereby grant to MySpace a limited license to use, modify, delete from, add to, publicly perform, publicly display, reproduce, and distribute such Content solely on or through the MySpace Services, including without limitation distributing part or all of the MySpace Website in any media formats and through any media channels, except Content marked “private” will not be distributed outside the MySpace Website.”
4. Google had the best (or worst) of all worlds: It’s Privacy Policy states “Google processes personal information on our servers in the United States of America and in other countries. In some cases, we process personal information on a server outside your own country. We may process personal information to provide our own services. In some cases, we may process personal information on behalf of and according to the instructions of a third party, such as our advertising partners.”It’s Google Apps terms of service states “Information collected by Google may be stored and processed in the United States or any other country in which Google or its agents maintain facilities.”It’s general terms of service states “You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive licence to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This licence is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services..You agree that this licence includes a right for Google to make such Content available to other companies, organizations or individuals with whom Google has relationships for the provision of syndicated services, and to use such Content in connection with the provision of those services.You understand that Google, in performing the required technical steps to provide the Services to our users, may (a) transmit or distribute your Content over various public networks and in various media; and (b) make such changes to your Content as are necessary to conform and adapt that Content to the technical requirements of connecting networks, devices, services or media. You agree that this licence shall permit Google to take these actions. You confirm and warrant to Google that you have all the rights, power and authority necessary to grant the above licence.”

So, what’s the moral to this story?  Three things…

1. Take the time to read the fine print; make yourself and others aware of the privacy and terms of service conditions for these and other (free or fee-based) online appliacations;
2. If your federal, state or law enforcement agency, fusion center, or other government agency are using any of these services, make sure you have written policies about what can and cannot be posted, stored, or shared through these services; and
3. Assume anything you do post or share will a) make its way outside of the United States and b) reused in some way for marketing or advertising purposes.

Play it safe; don’t assume your information posted to these services will remain private. Remember, once out, that privacy genie will be nearly impossible to get back in the bottle.

As always, your thoughts and comments are welcomed…r/Chuck