If you want a vision of the future, imagine not a boot stamping on a face, but keystroke logging on govt contractors' PCs

US states mull 'work verification' laws, shaped by work verification biz


Special report Anyone working on a substantial contract with the US state of New Jersey could soon be required to install software that captures the screen and tracks keystrokes – to verify all hours billed are legit.

That's if proposed legislation – coincidentally shaped by a maker of work verification software – is approved.

What's more: New Jersey is not alone. These rules are being mulled in nearly two dozen states across America.

A draft law that just cleared the New Jersey State Assembly, NJ A3989, requires any contractor working on a New Jersey contract worth more than $100,000 "to use software to verify that all hours billed for work under the contract for services performed on a computer are eligible charges."

The text of the bill comes courtesy of TransparentBusiness, a New York-based firm that provides work tracking software. "TransparentBusiness gives state managers real-time information about the work performed for the state by programmers, architects, engineers, and other professionals, but does not intrude on their privacy," the company explains on its website.

And similar bills, many echoing the TransparentBusiness template, are being considered in at least 21 other states.

The mandated software – which is not vendor-specific – must provide the applicable state agency with real-time access to collected data. It must gather data automatically – by taking screenshots and capturing keystroke and mouse event frequency – and make the information available on demand to management and government.

It must provide automated real-time cost status for each task, along with a professional bio – not private or confidential info – of those doing the work. And it must provide the relevant agency with a feedback mechanism.

The system should "ensure appropriate privacy and confidentiality of any data for individuals." There's no specific security requirement.

The bill as presently written requires contractors to retain said data for seven years after payment from the state, and forbids them from passing along the cost of the verification software to the state. Its stated purpose is to prevent fraud.

A similarly worded bill was introduced last year in the Rhode Island State Legislature. It's currently being held in committee for further study.

Procurement

"We have indeed been evangelizing the benefits of transparency in government procurement," said TransparentBusiness CEO Alex Konanykhin in an email to The Register. "I have no doubt that transparent verification of billable hours will soon become the new standard of public and corporate procurement. (Blind management is so last century!)"

In addition to his role as boss of TransparentBusiness, Konanykhin is the chair of the board of KGMi Group, a holding company for a variety of other firms. Among these is Yandiki, another firm with an interest in worker data analysis.

"We support NJ A3989 as it can save New Jersey tens of millions of dollars at zero cost," Konanykhin said.

Politics in America

In addition to New Jersey and Rhode Island, similar bills have been introduced in Illinois, Minnesota, Missouri, and many other states. Konanykhin says he hopes to have like-minded bills introduced in every state. His firm has hired a lobbyist to push for a work verification law in Virginia.

"Paying contractors on self-certifications results in some of them robbing the states blind," he explained. "Even on municipal level, SAIC overbilled New York City over half a billion dollars on a single project! Such fraud and waste shall not be tolerated; billing must be verifiable and our tax dollars protected."

According to a brochure prepared by the company to promote a federal Transparent Billing Act, 22 states have proposed transparency bills aimed at state contractors. And more are expected.

In one way at least, the suggested federal legislation would enforce opaqueness rather than transparency: "The records of billable activity will remain the property of the contractor, similarly to their accounting records and, therefore, NOT a subject of FOIA requests," the promotional document says. (The New Jersey bill does not include a FOIA exemption.)

A video touting TransparentBusiness' tech claims the most productive workers love the software because it helps them stand apart less productive colleagues.

"Productive workers want to be recognized for the diligent and productive work they do," the narrator explains. "TransparentBusiness offers them the perfect opportunity to be differentiated from the idlers who spend their time socializing online during billable hours."

For those who look slow in the metrics, there may be no place left to hide.

Meanwhile, back in the real world...

In a phone interview with The Register, Lewis Maltby, president of the National Workrights Institute, took issue with the notion it's easy to separate work and personal time.

"The days when people worked at work and didn't do work at home are long gone," he said. "People read work-related emails and send text messages in their off-hours. They routinely take care of small personal matters during the workday. That's how the world today works."

Maltby allows that work monitoring software can be designed to respect the way people really work and to protect privacy.

"But I've seen enough of these industrial monitoring systems where the phrase 'theft of time' pops up," he said. "There really are employee monitoring companies that think if you take five minutes off you're stealing time for the company."

"There’s no monitoring, just billing verification," insisted Konanykhin. His company's video says its software "allows [managers] to easily monitor the work of employees…"

In terms of privacy, TransparentBusiness' software allows people to turn it off as needed, so it only tracks billable activity. That obviates a significant privacy risk – capturing personal online activity.

European Court of Human Rights

Give staff privacy at work, Euro human rights court tells bosses

READ MORE

Employee monitoring, in the form of work verification software or other time tracking tech, is generally allowed in the US, provided there's disclosure. It's widely used in some sectors, like freelance worker market Upwork. The various contractor verification requirements being considered across the US may not raise any legal issues, but that doesn't mean they'll be universally embraced or equitably applied in organizations.

"The law could be problematic but I think it depends on the nature of the data that is being collected and the circumstances under which it is being used by the state," said Alan Butler, senior counsel at the Electronic Privacy Information Center (EPIC), a privacy advocacy group, in an email to The Register.

"If the computer usage data is collected about a business that has a contract with the state, then it likely does not trigger data protection obligations. But if the usage data is associated with specific persons who use those computers, then that personal data collection would need to be strictly limited to what is necessary and subject to data protection controls set in law."

Konanykhin contends any issues can be dealt with during the deliberative process. "The bills were released by legislative counsels, but EPIC is welcome to suggest improvements!" he said. "That’s what public hearings of the bills are for." ®


Other stories you might like

  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading
  • Conti: Russian-backed rulers of Costa Rican hacktocracy?
    Also, Chinese IT admin jailed for deleting database, and the NSA promises no more backdoors

    In brief The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn't pay a $20 million ransom. 

    Costa Rican president Rodrigo Chaves said that the country is effectively at war with the gang, who in April infiltrated the government's computer systems, gaining a foothold in 27 agencies at various government levels. The US State Department has offered a $15 million reward leading to the capture of Conti's leaders, who it said have made more than $150 million from 1,000+ victims.

    Conti claimed this week that it has insiders in the Costa Rican government, the AP reported, warning that "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power, you have introduced an emergency." 

    Continue reading
  • China-linked Twisted Panda caught spying on Russian defense R&D
    Because Beijing isn't above covert ops to accomplish its five-year goals

    Chinese cyberspies targeted two Russian defense institutes and possibly another research facility in Belarus, according to Check Point Research.

    The new campaign, dubbed Twisted Panda, is part of a larger, state-sponsored espionage operation that has been ongoing for several months, if not nearly a year, according to the security shop.

    In a technical analysis, the researchers detail the various malicious stages and payloads of the campaign that used sanctions-related phishing emails to attack Russian entities, which are part of the state-owned defense conglomerate Rostec Corporation.

    Continue reading
  • FTC signals crackdown on ed-tech harvesting kid's data
    Trade watchdog, and President, reminds that COPPA can ban ya

    The US Federal Trade Commission on Thursday said it intends to take action against educational technology companies that unlawfully collect data from children using online educational services.

    In a policy statement, the agency said, "Children should not have to needlessly hand over their data and forfeit their privacy in order to do their schoolwork or participate in remote learning, especially given the wide and increasing adoption of ed tech tools."

    The agency says it will scrutinize educational service providers to ensure that they are meeting their legal obligations under COPPA, the Children's Online Privacy Protection Act.

    Continue reading
  • Mysterious firm seeks to buy majority stake in Arm China
    Chinese joint venture's ousted CEO tries to hang on - who will get control?

    The saga surrounding Arm's joint venture in China just took another intriguing turn: a mysterious firm named Lotcap Group claims it has signed a letter of intent to buy a 51 percent stake in Arm China from existing investors in the country.

    In a Chinese-language press release posted Wednesday, Lotcap said it has formed a subsidiary, Lotcap Fund, to buy a majority stake in the joint venture. However, reporting by one newspaper suggested that the investment firm still needs the approval of one significant investor to gain 51 percent control of Arm China.

    The development comes a couple of weeks after Arm China said that its former CEO, Allen Wu, was refusing once again to step down from his position, despite the company's board voting in late April to replace Wu with two co-chief executives. SoftBank Group, which owns 49 percent of the Chinese venture, has been trying to unentangle Arm China from Wu as the Japanese tech investment giant plans for an initial public offering of the British parent company.

    Continue reading
  • SmartNICs power the cloud, are enterprise datacenters next?
    High pricing, lack of software make smartNICs a tough sell, despite offload potential

    SmartNICs have the potential to accelerate enterprise workloads, but don't expect to see them bring hyperscale-class efficiency to most datacenters anytime soon, ZK Research's Zeus Kerravala told The Register.

    SmartNICs are widely deployed in cloud and hyperscale datacenters as a means to offload input/output (I/O) intensive network, security, and storage operations from the CPU, freeing it up to run revenue generating tenant workloads. Some more advanced chips even offload the hypervisor to further separate the infrastructure management layer from the rest of the server.

    Despite relative success in the cloud and a flurry of innovation from the still-limited vendor SmartNIC ecosystem, including Mellanox (Nvidia), Intel, Marvell, and Xilinx (AMD), Kerravala argues that the use cases for enterprise datacenters are unlikely to resemble those of the major hyperscalers, at least in the near term.

    Continue reading

Biting the hand that feeds IT © 1998–2022