Support all your favorite nonprofits with a single donation.Donate safely, anonymously & monthly, in any amount. It's a smarter way to give online. Learn more
The Sunlight Foundation uses technology and ideas to make government transparent and accountable.
The Sunlight Foundation is:
A think-tank that develops and encourages new policies inside the government to make it more open and transparent.
A campaign to engage citizens in demanding the policies that will open government and hold their elected officials accountable for being transparent.
An investigative organization that uses the data we uncover to demonstrate why we need new policies that free government data.
A grant-giving institution that provides resources to organizations using technology to further our mission and create community
An open source technology community that revolves around the Sunlight Foundation’s core mission
Last Wednesday became a curious spectacle about surveillance reform that set up a dramatic showdown on Capitol Hill late Friday.
The first part was a filibuster, in which Sen. Rand Paul, R-Ky., occupied the floor during the ongoing trade debate, which, to simplify complex Senate procedure, prevented Senate Majority Leader Mitch McConnell, R-Ky., from filing for cloture. In turn, this meant cloture could not be invoked until Saturday — after the House had left for recess. During the filibuster, Paul unexpectedly ended up reading one of Sunlight's articles about the USA FREEDOM Act of 2015.
But the most important effect was setting the stage for a breaking point, which occurred just before 1 a.m. on Saturday (when the cloture motions had ripened). In effect, the Senate faced a choice: the House-passed USA FREEDOM Act (which is considered by some to be modest reform, and others — including Sunlight — too small a step at too great a price1); a "clean" reauthorization of Section 215 without any reforms for two months; or no action at all, which would result in Section 215 and two other provisions of the USA PATRIOT Act simply expiring (Sunlight's preferred outcome). If any bill other than the House-passed USA FREEDOM went through the Senate, it would require action by the House (before sunset on June 1).
First, USA FREEDOM failed with 57 votes in favor — three shy necessary to invoke cloture. While that was a success, the pervasive threat reformers have been facing was that a short-term reauthorization would be an even closer vote. That's certainly what McConnell and Sen. Richard Burr, R-N.C., had bet on.
So, we couldn't have been happier when that two-month reauthorization failed next, with only 45 votes in favor. Not achieving even a simple majority — on a bill heavily whipped by leadership — was a resounding rebuke of the idea that secret, mass surveillance of Americans can or should continue.
Then, the denouement: McConnell tried to get several even shorter extensions passed, of only days. But the senators who are leaders in this — from Paul to Sens. Ron Wyden, D-Ore., Martin Heinrich, D-N.M., and others — objected to bringing any of them to the floor.
With clean reauthorization dead (for now), we expect more moderate hawks to switch in favor of USA FREEDOM Act. And while that's an outcome Sunlight opposes (in favor of full sunset), we're happy to see the lawmakers fighting for reform and proud to be part of an effort that just may have killed the modern bogeyman of surveillance reform: the "clean" reauthorization.
1 On the note of USA FREEDOM's flaws, the Inspector General of the Department of Justice released on Thursday a report on the FBI's use of Section 215 from 2007-2009. It's worth a read, and confirms that if USA FREEDOM passes on May 31 when the Senate returns, mass surveillance of Americans will still occur under Section 215 — and the FBI, under the act, won't be required to report on it.
About a month ago, Sunlight's Nicko Margolies noticed something strange. As a concerned netizen, he had installed EFF's HTTPS Everywhere plugin, which will automatically send you to the HTTPS version of a page if it's available. But as he was visiting various Senate websites, he noticed that many would bring up Sen. Barbara Boxer's website instead of the intended Web page. Curious, he hailed me, Sunlight's system administrator, and I started to investigate.
First, I examined the SSL certificate for the California Democrat's site, then several other senators. It quickly became apparent that the entire Senate relied on one misconfigured SSL certificate and some poor Web server settings, causing the everywhere plugin to redirect to Boxer's site even when looking at another, distinct page. We tweeted out our finding; the official Senate Sergeant at Arms replied that they would look into it. Job done. Let the professionals get on with it.
Last week, I decided to check up on the current state of SSL support in the Senate and in Congress generally. What I found was that it was not substantially better: In fact, only 15 percent of congressional websites are completely ready for HTTPS. In order to quantify it I wrote some code to figure it out.
In this article we will describe the methodology of the survey and present the survey results. We will also offer a brief analysis of what can be done to address the situation. It is important to note that this evaluation should not and is not a reflection on individual members of Congress or their websites, but is reflective of the entities that host those websites. We know this because across the 652 websites surveyed they were only served from 24 IP addresses:
ips = set() for site in survey_group: ... ips.add(socket.gethostbyname(parse_url(site['url']).host)) ... ips set(['188.8.131.52', '184.108.40.206', '220.127.116.11', '18.104.22.168', '22.214.171.124', '126.96.36.199', '188.8.131.52', '184.108.40.206', '220.127.116.11', '18.104.22.168', '22.214.171.124', '126.96.36.199', '188.8.131.52', '184.108.40.206', '220.127.116.11', '18.104.22.168', '22.214.171.124', '126.96.36.199', '188.8.131.52', '184.108.40.206', '220.127.116.11', '18.104.22.168', '22.214.171.124', '126.96.36.199']) len(ips) 24 ``` Of those 24 unique IP addresses, just two (188.8.131.52 and 184.108.40.206) serve the bulk, 609 out of 652, of those homepages.
What follows is my report.
What is HTTPS?
Hypertext Transfer Protocol Secure (HTTPS) is the method by which data is transferred over the Web in a secure manner. Users know they're on an HTTPS webpage when a small padlock icon shows up in the address bar. The padlock, like the HTTPS in the URL, means that the Web browser and the Web server have agreed to encrypt the full contents of the Web page and that the user can feel confident that none of the information was at risk of compromise during the transmission of that Web page from server to browser. It's a little bit like the difference between using a postcard and sealing a letter in an envelope. Someone other than the sender can easily add text to a postcard; to tamper with a letter, one must open the envelope.
And HTTPS is coming. Two major Web browser companies have decided enforcement of secure socket layer (SSL) connections will be mandatory and that visiting non-SSL Web pages will be considered an error. While the author of this analysis does not necessarily endorse this view completely, he nevertheless decided to undertake a survey of congressional websites to see if they were ready for HTTPS. Of the 652 websites surveyed, only 98 (15 percent) passed completely.
Both House and Senate certificates use similar levels of encryption, that being TLSv1/SSLv3 with AES256-SHA. Technically, the SSLv3 is considered obsolete and new certs using more robust ciphers should be generated. We did not penalize a Web page's grade because of this flaw, even though the Internet considers it a major problem.
How did we analyze the HTTPS status of congressional websites?
For this analysis, we examined 652 websites, including those of all senators, representatives, leadership offices, congressional committees, and congressional support offices. The software was written to check individual website SSL certificates and make HTTPS requests. Once those requests were served, the resulting page content was examined for mixed content and non-relative internal introspective links, which are signifiers of whether a site was ready for HTTPS. Once the survey was complete, a scoring metric was calculated for each website.
The software to produce the survey had four main functions:
- Gather a list of relevant congressional homepages to test.
- Retrieve and examine each website SSL certificate.
- Retrieve the homepage and examine both the server response and homepage content.
- Calculate a scoring metric based upon those three previous steps.
The Sunlight Foundation provides an API to retrieve information about members of Congress. A secondary source was needed to retrieve information about various congressional committees. From these sources the software gathered:
- entity name;
- entity chamber;
- whether entity was a member of Congress or a congressional committee; and
- the URL for the entity's homepage.
Daniel Schuman of the Congressional Data Coalition provided the author with a list of legislative branch committees and office URLs, and had written elsewhere about the need for this kind of analysis. (These were added to the unitedstates GitHub repository.)
Once this information was gathered, each entity's homepage SSL certificate was retrieved via python's SSL library and examined. Critical data at this step included:
- whether the CommonName (CN) or SubjectAltName (SAN) matched the homepage hostname;
- certificate expiration date; and
- certificate cipher information.
For our more technically minded readers (others can skip this paragraph), another way to have done this step would be to use the openssl command line tool. From a UNIX command prompt, the following example can be used to examine a certificate, like so:
$ echo -n | openssl s_client -connect www.example.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > example.crt
$ openssl x509 -text -in example.crt
Here are links for the text of both U.S. Senate and U.S. House HTTPS certificates:
A single "forced" request to retrieve the entity's HTTPS homepage was
made, forced in the sense that the URL schema for the homepage was
explicitly set to
https://, but encryption was not enforced. This
technique allowed us to survey websites that did not have valid
encryption settings. This step examined:
- the server's HTTP response;
- whether the client was redirected to another Web page; and
- whether the resulting Web page contains mixed https/http content.
Once all the data from the three previous steps were gathered, a scoring
metric was applied based on the homepage's security profile, and a table
was generated. From preliminary tests, 11 unique security states
were found to exist. They are specified in the
grade_summary variable of the
HTML table generating code. Those security states were then translated
In order to make the grades emotionally meaningful, each grade has an associated emoji ranging from a green check mark to an red "X" emoji.
What did we find?
The results are not stellar. Take a look at the graphic below to view our findings.
If you'd like to embed this chart here's the html code:
<iframe src="https://sunlight-cdn.s3.amazonaws.com/ssl-survey/tester-results.html" width="700" height="700" frameborder="0">
Of the 652 websites, just 98 (or 15 percent) had no issues and worked
correctly. Ignoring the non-relative URL and mixed content warning
raises that percentage to 37.7 percent of Capitol Hill homepages with
somewhat functional HTTPS homepages. A worryingly common behavior was
to force visitors back to the non-SSL body Web page, either
www.senate.gov. Because this could confuse users, we considered this
to be a failure. Sadly, 22.2 percent of all congressional pages were just
broken, most likely due to server misconfiguration.
Analyzing the HTTPS status of the House versus the Senate
Examining chambers individually skews results wildly in favor of the House. The number of House member websites implementing SSL correctly was 86, or 19.6 percent. Ignoring non-relative URL and mixed content warning raises that percentage to 43.8 percent. The most common behavior for secure house member websites, comprising 47 percent, was to force redirection to the insecure Web pages — thereby nullifying the intended purpose of the secure Web server.
By contrast, in the Senate, a mere 2 percent of homepages worked with SSL correctly: Boxer's and Sen. Richard Durbin's, D-Ill., proving that it is possible to have a valid configuration in the the Senate infrastructure. Expanding the results to include non-relative URL and mixed content raises that to 19 percent. Among the more secure Senate websites, the most common flaw, found in 46 percent of them, was for the Web server to throw an error saying "Forbidden."
The House is also bolstered by the number of members whose
hostname matched the house.gov SSL certificate. Only one member failed
that test: Rep. Robert Aderholt, R-Ala. The other 437 member and
delegate websites passed. Aderholt's website failed to even connect
in our repeated tests. We attribute this to the House SSL certificate
having a SAN of
*.house.gov, which allowed
any host ending in
.house.gov to match its SSL certificate.
The subject of Aderholt's homepage is confounding. In some browser/operating systems, his page worked under HTTPS as intended. In others, it would simply never connect, resulting in a client-side timeout. Unfortunately, our software always experienced the client timeout, meaning we could not fairly evaluate Aderholt's homepage — resulting in a failure. This may well be an unfair evaluation on our part, but it is worth highlighting because it may indicate some underlying server configuration issues.
On the other hand, the Senate only had 38 matching member hostnames, leaving
the 62 other senators with the inability to even have a valid certificate.
That severely impacted scores. Unlike the House SSL certificate, the
Senate explicitly listed entities in its SAN field. This limited the
total number of hosts that could be matched. Unfortunately, a wildcard
certificate like the House's would not work —
*.senate.gov, for example —
because the Senate seems to enforce use of the
www. prefix. And so
called "wildcard" certificates only authenticate one level of subdomain
per domain. For example,
one.domain.com would match, but
would not match a wildcard certificate for
Thankfully, the Senate will have to fix all these issues by Dec. 11, 2015; after that day, the current SSL certificate will expire, forcing all 100 senators to have invalid SSL certificates. The House's SSL certificate expires two months after that on Feb. 6, 2016.
What have we learned?
In general, you should close unused and nonfunctioning ports to the general public. If a port is open, you should be using it properly — otherwise close it. The current state of HTTPS support for members of Congress needs work. It's more than likely that several server configurations will have to be adjusted. Thankfully, the Mozilla Foundation has a set of recommendations. Leaving misconfigured ports open — even if they are secure — is worse than having them closed.
Finally, Sunlight is interested in seeing Congress take sound steps to properly secure its — and the American people's — information. This author, in particular, hopes that lawmakers will read this analysis and ponder some of the questions that have been raised, potentially making changes to improve their security practices. To that end, we'll run these tests again periodically to identify any changes that they may or may not make. See you all very soon!
On May 18, 2015 the White House formally launched the Police Data Initiative (of which the Sunlight Foundation is a participant!) with a speech by President Obama in Camden, N.J. However, before the formal launch, many of the initial partnerships began to form at an April 8 convening at the White House. As part of that gathering, individuals participated in four topic-specific breakout sessions to identify challenges and solutions across areas critical to law enforcement data collection, analysis and release. The following summaries outline key challenges and solutions identified during group discussions.
Data supply chains
During this session, participants debated the life cycle of data, from collection to storage and retention to decisions about release. Discussion centered on the importance of metadata in both the collection and publishing phases, as well the need for better collaboration with vendors in developing tools that are responsive to the needs of law enforcement agencies. Many attendees felt that current systems were cumbersome, and not entirely designed with the end users in mind.
What were some solutions to these issues? The need for better procurement procedures was identified, along with an incremental approach to modernizing IT systems. A central point of conversation was the need to adopt technologies that reduce barriers to officers collecting data in the field, with a suggestion that departments insist on collaborative relationships with vendors in the design of software products for them. With regard to the release of data to the public, it was suggested that departments use existing municipal infrastructure to make that process easier. For example, many large cities already support a municipal open data portal that could host datasets released by departments.
Balancing privacy and access
Many privacy issues arise when we discuss opening up incident-level data to the public, in terms of both officers and citizens, especially when dealing with juveniles and victims. During this session, participants discussed how to share data in a way that respects these issues. The key issue arising during this breakout was the lack of guidance around what legally can and cannot be shared by departments. While variance around privacy law across states can complicate matters, participants agreed that the development of a best practices guide related to privacy issues, including a risk assessment document and model policy, would be beneficial in helping departments move past privacy-related issues when attempting to share data with the public.
In instances when redaction might be needed before the release of certain datasets, several agencies cited the high cost of department personnel time as a barrier. Many in attendance indicated a desire for a lightweight text redaction solution that would not be burdensome on staff time.
Data as dialogue
The publication of previously undisclosed data about policing, and the associated increase in transparency, presents a unique opportunity to consider how data might be used as a starting point for conversations between law enforcement agencies and the communities they serve. In this session, participants discussed how appropriate context could be provided alongside dataset releases, as well as how to effectively incorporate public feedback into the policies and processes represented through the data. In particular, with respect to feedback loops for the community, several departments suggested the use of constituent satisfaction surveys and officer score cards.
Other ideas for giving context to the data that would aide community dialogue included developing partnerships with local university researchers and other data and technology groups to help interpret the data and develop products, including reports, dashboards, maps and other visualizations. However, in addition to the development of data products, many noted the need for departments to be more transparent around policies, trainings and department goals, which would make it easier for the community to contextualize the data and connect policy to outcomes.
This session dove deeper into the discussion of data analysis. In particular, participants wanted to understand how innovations in data science might be incorporated in police departments to support internal accountability. Here, many challenges related to the earlier data supply chain discussion, which included the difficulty of aggregating data across multiple systems as well as “data input fatigue” affecting the quality and amount of data that is entered into department systems, which in turn affects the quality of any analysis. Another recurring theme from earlier discussions dealt with the lack of the capacity internally to conduct rigorous evaluation that might lead to important insights about departments.
Again, participants addressed the opportunity to partner with university researchers, with a note that in smaller jurisdictions it may be useful to collaborate across departments when engaging researchers and data analysts. Others stressed the need for automated tools, particularly for smaller departments, which would enable more efficient analysis and understanding of internal data for departments of all sizes.
It was recognized that while not every department can invest in the same level of internal data analysis, it is critical that pathways are created to share lessons learned across departments, particularly as departments better understand what indicators are most important when evaluating how they practice policing.
Building a community around open data and policing
As more law enforcement agencies around the country consider how they can increase transparency and drive meaningful community engagement through the release of data about policing, the community around the Police Data Initiative is committed to enabling that work by helping provide solutions to the inevitable challenges along the way.
To learn more about the Police Data Initiative, read this blog post by U.S. Chief Technology Officer Megan Smith and Deputy Assistant to the President for Urban Affairs Roy Austin.
Interested in writing a guest blog for Sunlight? Email us at email@example.com
Next week, Sunlight, alongside nearly 2,000 open government advocates, civic hackers, journalists and policymakers from around the world, will be headed to Ottawa for the 3rd Annual International Open Data Conference (IODC). It is going to be a week jam-packed with discussions, panels and interactive workshops centered around one central question: How can we use data to make government more transparent and accountable?
IODC 2015 presents us with an excellent opportunity to brainstorm on how to tackle the common challenges within our community. We hope that hearing from the global leaders in open government will give us some fresh insight on our recent projects — and hopefully we can provide some support to others, too! Throughout the week, Sunlight is hosting or participating in several events where we’ll look to discover creative ways to answer these questions. No matter where your open data interests may lie — be it in opening up parliamentary data, supporting efforts to increase access to coveted political finance information or weighing in on a new methodology to measure the impact of open data, we’d love to see you at any of these events!
Tuesday, May 26:
Time: All day
With help from ILDA, Open Knowledge, Open North and Sunlight, the IODC is organizing an unconference on May 26, 2015. Participants at the international open data unconference will have an opportunity to:
- Share knowledge and best practices from each other’s contexts;
- Engage their peers on issues that the community considers important;
- Coordinate and build new initiatives together;
- Create new alliances and opportunities for future collaboration across regions; and
- Raise awareness around who is working on what, where emerging opportunities lie, and how to most strategically advance the field.
Wednesday, May 27:
Open Data Impacts
Time: 9:30 a.m. — 11:00 a.m.
Strong evidence on the long-term impact of open data initiatives is incredibly scarce. The lack of compelling proof is partly due to the relative novelty of the open government field, but also to the inherent difficulties in measuring good governance and social change. Open government projects tend to operate in an environment where the contribution of other stakeholders and initiatives is essential to achieving sustainable change, making it even more difficult to show the causality between a project’s activities and the impact it strives to achieve. With generous support from the Open Data for Development Research Fund of the OGP Open Data Working Group, we at the Sunlight Foundation have tackled some of the methodological challenges of the field through building an evidence base that can empower further generalizations and advocacy efforts, as well as developing a methodological framework to unpack theories of change and to evaluate the impact of open data and digital transparency initiatives. We’ll be presenting our findings and soliciting feedback on this exciting new methodology.
The notion that parliamentarians serve at the behest of citizens is fundamental to democratic governance. Public access to legislative information is already bringing lawmaking into the 21st century: The proactive release of parliamentary and legislative data in open and structured formats has the potential to help strengthen and modernize legislatures, increase trust in governing institutions and empower legislatures to better represent and engage with an increasingly technology-enabled public. In this interactive panel and break-out discussion, we will showcase some of the relevant work around standards and norms on open parliaments, open politics and open data, including the introduction of discussion documents on standards on parliamentary conduct and ethics, political funding and lobbying. Register here to attend this pre-conference event!
Thursday, May 28:
Data + Parliaments
Time: 11:00 a.m. — 12:15 p.m.
Increasingly across the globe, parliaments are acknowledging that only through proactive disclosure of legislative data using open formats can citizens exercise true ownership of this information. Parliaments, citizens, PMOs, civic hackers and journalists are working together to increase openness of parliaments and foster innovation of its use, both inside and outside parliamentary institutions. This interactive panel session and discussion will explore the use of open legislative and parliamentary data as a catalyst for stronger citizen engagement in democratic governments.
Friday, May 29:
Money in Politics: Political finance regimes across the globe from an open data perspective
Time: 10:30 a.m. — 12:30 p.m.
The Money, Politics and Transparency Project (MPT) is a joint endeavor of Global Integrity, the Sunlight Foundation and the Electoral Integrity Project, three civil society organizations at the forefront of transparency and governance issues. MPT is an innovative, multipronged effort that investigates the role of money in politics, generating evidence to inform the development of standards that can improve the openness, regulation and enforcement of political finance regimes across the world. In our panel discussion, the MPT team will present its research findings, and propose standards for future political finance legislation. Experts drawn from our global network will then participate in an interactive discussion of how free, open political finance information is critical for inclusive, accountable political processes. We’ll ask: How might disjunctions between de jure legal frameworks and de facto realities be minimized? How can open data standards be adapted to specific country situations? What are the characteristics of successful reform efforts in this field and what challenges impede change?
Measuring Open Data Impacts
Time: 1:30 p.m. — 3:00 p.m.
Trying to measure how the release and use of government data can help make institutions more efficient and improve the lives of citizens is a question that the open data community is only just beginning to explore. Over the last few years, several research initiatives have been undertaken to begin to determine what and how this impact takes shape. In this interactive panel, we’ll showcase some recent endeavors to measure the social impact of open data in the Global South, including a new methodology framework created by the Sunlight Foundation that we hope will lay the groundwork for the research of others in the field.
Since the U.S. version of Politwoops began nearly three years ago, it's enabled journalists to sift through retracted public statements of politicians and, in the words of The Atlantic, added "another layer of accountability to the churning machine of political communications."
But political communications didn't always churn away online. Up until 2008, it was against the rules for members of Congress to post "official communications" on nonofficial websites, such as Twitter or YouTube. In a report in 2007, the Open House Project, a collaborative reform initiative hosted by the Sunlight Foundation, proposed a rules update to allow Congress to use social media. After many discussions advocating for the change on Capitol Hill, we launched a site called Let Our Congress Tweet to showcase public support. Later in 2008, the Web-use guidelines were overhauled to allow members of Congress to join any social media service they wanted. The updated rules changed evaluations of official communications to focus on the communications' content, rather than the location of that content.
When reacting to the news about the rules change, my colleague John Wonderlich wrote, "The revisions should cause a renaissance in official political Web-use, with eager new media staff and savvy Members now able to confidently engage with their constituents." And boy oh boy was he right.
Today, members of Congress race to try out the latest apps to communicate with the public online. While the early-adopters jump between whatever service is trending, there are few social media services that have spread so deeply through the halls of Congress as Twitter. According to data gleaned from Politwoops and Sunlight's Congress API, there are only two members of Congress who do not appear to have either an official or campaign Twitter account: Del. Gregorio Sablan, D-Northern Mariana Islands, and Del. Madeleine Bordallo, D-Guam. Or put another way: Every member of the Senate and nearly every member of the House is on Twitter.
The Sunlight Foundation is very much in favor of representatives communicating with constituents and the media, but we're also committed to building free tools to assist reporters and citizens keep government accountable. That's where Politwoops comes in. The project simply archives public communications that were removed. The tweets in Politwoops were once live and viewable by anyone on Twitter and other third-party platforms for at least some amount of time. Sunlight is committed to making these public communications available to anyone who wants to see them, rather than those who were lucky enough to be online at the right moment. We think it's a powerful tool for evaluations of modern political communication. According to The Washington Post, Politwoops "has become an invaluable accountability resource."
Doug Hughes, the 61-year-old postal worker who landed his gyrocopter on the Capitol lawn to protest “the corrosive influence of money in our political system,” is due in court in Washington today. He faces two felonies, four misdemeanors and possibly 9 1/2 years in prison.
Last weekend, he published an op-ed in The Washington Post explaining his act of civil disobedience, pointing to the growing movement of reforming the way that money flows through our politics and highlighting some of the solutions being considered across the country.
Hughes aligned himself with 152 organizations that signed on to the Unity Statement of Principles and called for “a 21st-century democracy where everyone has a right to know who is influencing our government, everyone has a voice, everyone participates, everyone plays by the same set of commonsense rules and everyone is held accountable if they break faith with those rules.”
Some of the reforms that could help achieve these goals, like a constitutional amendment, are ambitious and, while worthwhile, could take years to achieve. Others are common sense ideas that could easily be approved on a bipartisan basis — some already have been on the state level. The Sunlight Foundation has been pushing for a few of these ideas on the federal level — namely, Senate e-filing, real-time disclosure of campaign finance and better data on nonprofits — and we wanted to highlight them here.
This is, perhaps, the most obvious and easy fix. Currently, Senate candidates follow a convoluted, expensive, archaic and tortoise-paced method for reporting their campaign finance information. It costs taxpayers money and ensures that we don’t have timely access to information about who is funding Senate races.
Candidates for the House of Representatives and the White House already file their reports electronically, and it’s a quick fix to pull the Senate into the 21st century. Sen. Jon Tester, D-Mont., is currently championing the Senate Campaign Disclosure Parity Act (S. 366) which would require senators to file electronically. The bill has received broad bipartisan support, but faces obstacles in leadership to get a vote.
In its McCutcheon v. FEC decision, the Supreme Court argued that robust disclosure can be an effective antidote to loose limits on money in politics. Unfortunately for the public, disclosure has remained stagnant while money is flooding the system.
As Sunlight has said before, “The laws don’t exist to ensure effective, complete and timely disclosure. Right now, we have a system in which the public must wait as long as three months before some contributions are made public.” And it's even longer for the Senate, as I detailed above.
There is a legislative fix that could solve some of these problems by ensuring that campaign contributions to candidates of more than $1,000 are reported within 48 hours. The bill, called the Real Time Transparency Act, was introduced in the 113th Congress by Sen. Angus King, I-Maine, and Rep. Beto O’Rourke, D-Texas. It has not been reintroduced in the 114th Congress, but we hope that it will be.
The SUN Act
The Sunlight for Unaccountable Nonprofits Act (the SUN Act) is another smart bill from Tester, a true champion of reform in the Senate. It tackles a longstanding problem with a relatively easy solution. Currently, the Internal Revenue Service collects data on nonprofits (via form 990s) and releases it to the public. The problem? It doesn’t release the information in the same, useful format that it collects and keeps it in.
The SUN Act would require this information be posted online in a searchable, usable format. It would also require nonprofits that engage in political activities to disclose information about their major donors.
Shadowy nonprofits are playing an increasingly influential role in the political process — to the tune of $150 million in the last election cycle — and this bill would shed some light on their influence.
Congress isn’t the only federal body with a say in our campaign finance system. In his op-ed, Hughes mentioned an executive order that would restrict donations by federal contractors. There are also efforts underway at the Federal Communications Commission to require more disclosure around political ads; the IRS is being pushed to consider clear regulations around nonprofit political activities; and the Securities and Exchange Commission is under pressure to issue a rule that would require public companies to disclose their political spending to shareholders.
Hughes is far from the only American fed up with the money in our political system. It’s time for our leaders to recognize that reform is necessary and move now to strengthen our democracy.
There’s a lot more influence peddling in Washington than is ever disclosed to the public. As my colleague Peter Olsen-Phillips demonstrated in a piece on Tuesday, defense giant Northrop Grumman employs dozens of people, many of whom came from prominent positions in government service, whose titles and online biographies indicate that their jobs involve interaction with government officials — but do not register as lobbyists. Included in that list are not one but two former generals who led missile commands for the Army and Air Force and now oversee the sale of Northrop Grumman’s missiles to their old units; a former head of the Defense Counterintelligence and HUMINT Center of the Defense Intelligence Agency who now sells Northrop Grumman spy technology and tradecraft to Fort Meade, home of both the National Security Agency and the United States Cyber Command; and several other former high ranking soldiers who manage their company’s sales, annually totaling billions of dollars, to their former colleagues.
As Olsen-Phillips’ piece points out, the legal definition of who’s a lobbyist and who isn’t doesn’t require these individuals to lobby, but that doesn’t mean that company officials acting in a similar capacity don’t use their powers of persuasion to influence the government. In fact, a pair of inspector general reports shows just how effective company officials seeking federal dollars can be in cutting deals that benefit their bottom lines, arguably leaving taxpayers with less bang for their buck.
A 2013 General Services Administration inspector general’s investigation found that executives from three companies went over the head of contracting officers, the specialists in federal agencies who are charged with getting the best price for taxpayers when buying goods and services from the private sector, to find more favorable terms. Deloitte Consulting LLP officials met with managers in the General Services Administration’s Federal Acquisition Service (FAS) in 2012 trying to get better terms on a contract up for renewal. They succeeded, winning labor rates for some jobs as much as 18.5 percent higher. Not one of Deloitte’s lobbying disclosure forms in 2012 list the General Services Administration as an agency it lobbied.
The same investigation found executives for Carahsoft, a major vendor of IT services, also met with FAS managers in 2011 when a contract officer determined that it wasn’t in taxpayers’ best interest to renew a contract worth $432 million to the firm in 2011. The pressure worked, netting the firm an agreement that resulted in “the lengthy extension of a contract with inflated pricing and other terms and conditions unfavorable” to taxpayers. Carahsoft disclosed lobbying Congress in 2011, but not GSA.
According to the GSA inspector general's report, only Oracle used a registered lobbyist to promote the software giant’s case with FAS managers; it disclosed lobbying GSA on “General issues regarding government procurement policy. General issues related to IT procurement. Matters surrounding cybersecurity and procurement.” Oddly enough, it was the only of the three that ultimately did not have its contract renewed.
An even more tangled affair resulted when a Veterans Affairs (VA) official froze the contract of reverse-auctioneer FedBid over concerns that the company was charging the government exorbitant transaction fees. The company mounted a temporarily successful full-court press to reverse the decision. Its then-CEO, Ali Saadat, sent a company-wide email thanking several big names for their efforts to persuade Congress and top officials at the VA, including Edward Shinseki, then the head of the agency, for helping the company “come out victorious, untainted and, in fact, in a much better position than we were before this issue began.” People praised included Steve Case, the AOL founder and a major investor in the company; retired Gen. George Casey, a company board member; advisor and procurement expert Steve Kelman, who wrote op-eds praising the company; Jim Noone, a lobbyist at Mercury Clark & Weinstock; and former Rep. Chet Edwards, D-Texas.
But Saadat spoke too soon. A scathing inspector general report released in June 2014 found that a VA official had improperly intervened on behalf of FedBid, which was in fact charging high transaction fees. In January of this year, the Veterans Administration announced it would no longer award new business to the firm; the company, under a new CEO, told The Washington Post at the time it is cooperating with the government and is responding to the concerns raised by the inspector general. As for the supporters who pushed VA officials and members of Congress singled out by Saadat for high praise, only one — James Noone — was registered to lobby the federal government at the time.
So we end where we began: There’s a lot more influence peddling in Washington than is ever disclosed to the public.
Sen. Rand Paul, R-Ky., with the aid of Sens. Martin Heinrich, Mike Lee and Ron Wyden (and maybe others by midnight), may have stopped Senate Majority Leader Mitch McConnell's PATRIOT Act extension bills (if the filibuster lasts until midnight) from consideration before Memorial Day.
There's a ton of confusion about what's happening right now in the Senate regarding surveillance reform. Not just about the general brinksmanship that's been developing, but about why, right now, Paul is filibustering, along with Heinrich, Lee, Wyden and perhaps others' help (which is critical for long filibusters). Both Paul and Wyden have said that they would filibuster reauthorization of the PATRIOT Act, but that was supposed to happen Thursday – reauthorization isn't even up for debate right now.
One suggestion is that the filibuster now is useless – that nothing was scheduled today, so Paul could filibuster without actually stopping the USA FREEDOM Act and without allowing Section 215 to sunset.
It's not. Or, at least, it may not be. In fact, it could be a very clever reversal of the environment McConnell has created, which was clearly designed to put senators in the middle on surveillance in a vice: Either the USA FREEDOM Act passes or fails (McConnell has said he expects it to fail), or, on the other hand, senators will have to vote on a 2-month reauthorization or nothing. If USA FREEDOM — which offers some reforms but also some sacrifices (Sunlight has been opposed since last year because of said sacrifices) — fails, will 41 senators allow Section 215 to sunset instead of supporting a short-term reauthorization?
We don't know. McConnell has also said he expects senators to be swayed by USA FREEDOM's possible failure.
Those are high stakes for reformers.
The critical factors that inform the rest of this: The House has passed a version of the USA FREEDOM Act; it has not passed any kind of "clean" reauthorization (one that doesn't include any changes); the last time the House is in session before sunset occurs is Thursday at 3:00 p.m.; and the House has indicated they are not willing to acquiesce to the results of the Senate's brinksmanship. This is where the brilliance lies: Senate procedure.
What does the currently ongoing filibuster have to do with this? It's not just that it stalls the vote in the Senate and wedges it up closer to Section 215's expiration. If Paul and his allies get to midnight tonight, as far as we can tell, it stops the Senate from considering any bill other than the House-passed USA FREEDOM Act, or, by default, sunset before Saturday. Without this filibuster, McConnell could have moved today to proceed on from the trade vote to USA FREEDOM or the 2-month reauthorization (though the Senate will have a cloture vote on trade tomorrow no matter what), and in turn begun the cloture process, which would have matured Friday. While the House is supposed to be out on Friday, keeping the House for another day, versus through the weekend and into Memorial Day, is a bit different.
Here's a lengthy write-up by the Congressional Research Service about filibuster rules in the Senate. Here's a more easily synthesizable walkthrough. Below is a summary of how they apply to what's going on. (Huge thanks to Senate Parliamentarian Elizabeth MacDonough for helping me through this.)
When the Senate invokes cloture, it limits the debate to 30 additional hours (which means no vote can come up). But why is the filibuster happening now, during the trade debate? Because not only does one need to invoke cloture, get 60 votes to stop a senator from talking and then wait (up to) 30 hours to move on from debate, someone needs to file a motion for cloture, and, after filing for cloture, it's only on the second day that that cloture has matured.
In other words: File for cloture, then on the second day move to invoke cloture if there are 60 votes (thereby limiting debate to an additional 30 hours), and only then can the Senate move.
So, if McConnell had filed for cloture on Monday, the first day the reauthorization bills or USA FREEDOM could have arrived would have been Wednesday, and, with a filibuster, the first vote 30 hours later. On Tuesday, it would have been Thursday.
We, and others, expected him to do so on Tuesday.
But, surprisingly, McConnell did not file for cloture yesterday. Indeed, we just called the Senate Parliamentarian, and have confirmed that the Senate version of USA FREEDOM was still in committee, and both the House version of USAF and the two-month reauthorization were still "on the calendar" (meaning it hasn't been brought to the floor, and therefore, there hasn't been any filing for cloture, because one can only do so on the current measure being considered – which, right now, is trade).
If McConnell thought the House would stay till Friday to pass whatever the Senate passed, assuming this filibuster goes to midnight and cloture is still required on whatever bill comes up, it appears the Senate cannot act until Saturday, and, in addition to that, and would still have to wait until 30 hours after cloture is invoked (which again, would be Saturday and require 60 votes). After those 30 hours, maybe a bill goes back to the House.
So, although this filibuster is going on during the trade debate, it is profoundly impactful on whether we end up with USA FREEDOM Act, full sunset or whether there will even be time to consider a "clean" reauthorization.
Assuming the House does not stay in session, as it has strongly suggested it will not, these senators appear to have moved us further into a world where there are only two outcomes on surveillance reform: House-passed USA FREEDOM Act, or sunset.