typing on keyboard

Groups oppose states tracking contractor costs with keystroke monitoring

A move to require state agencies to install keystroke-monitoring software to collect data on work performed by contractors on a computer is getting pushback from tech and government advocacy groups that are urging states to reject proposed legislation requiring  keystroke-level oversight in service of greater billing transparency.

A March 25 letter signed by the Information Technology Industry Council, the Association of Government Accountants and other groups is critical of bills popping up in state legislatures nationwide that would require vendors with state contracts over $100,000 or so to install monitoring software that would capture "everything including sensitive data like passwords, personal health information, and other personally identifiable information with no mechanism for redaction before being recorded or stored."

Some of the proposed bills would require contractors to bear the expense and risk of storing data collected by the software for years.

"At a time when most states and businesses have worked together to implement stronger data protection standards, this legislation would undermine existing progress, raise costs, and needlessly expose public and private information to new threat vectors," the letter says.

The bills, according to letter signers, are "based on model language being pushed by a single company, ostensibly as a mechanism to increase transparency and oversight in state contracting." The company, which is not mentioned in the letter, is TransparentBusiness. It sells software that promises accountability to remote and contract workforces by monitoring keystroke activity.

In February, the National Association of State CIOs issued a statement opposing the same sort of contractor monitoring legislation because it "could introduce unnecessary risks to citizen data by essentially transferring ownership of private citizen data to a third party. This type of legislation also has the potential for unintended consequences, such as impacting a state’s cybersecurity insurance policy coverage," NASCIO said.

About the Author

Connect with the GCN staff on Twitter @GCNtech.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.