Government Accountability Office

Federal Agencies Could Improve Oversight of Equal Employment Opportunity Requirements

This report examines (1) trends in the gender, racial, and ethnic composition of the technology sector workforce; and (2) oversight of technology companies' compliance with equal employment and affirmative action requirements. The estimated percentage of minority technology workers increased from 2005 to 2015, but GAO found that no growth occurred for female and Black workers, whereas Asian and Hispanic workers made statistically significant increases (see figure).

Rural Broadband Deployment: Improved Consistency with Leading Practices Could Enhance Management of Loan and Grant Programs

This report examines the extent to which Rural Utilities Service's (RUS) procedures and activities are consistent with leading practices and how, if at all, its management practices could be improved. The Government Accountability Office synthesized, from federal guidance and relevant literature, a set of 10 leading practices that would be appropriate for the management of broadband loan and grant programs. GAO validated its set of practices with states that have programs similar to the RUS programs. GAO then reviewed RUS documentation and interviewed RUS officials and six program recipients, selected for having geographically dispersed projects currently under construction. Based on this information, GAO determined whether RUS's procedures and activities were consistent, partially consistent, or not consistent with each leading practice.

GAO recommends that RUS develop program performance goals and measures, conduct program risk assessments, evaluate completed grant projects, establish a timeline for implementing a centralized internal data system, and update written policies and procedures for RUS staff. USDA agreed with the recommendations.

DHS Needs to Continue to Advance Initiatives to Protect Federal Systems

Cyber-based intrusions and attacks on federal systems are evolving and becoming more sophisticated. The Government Accountability Office first designated information security as a government-wide high-risk area in 1997. This was expanded to include the protection of cyber critical infrastructure in 2003 and protecting the privacy of personally identifiable information in 2015. The Department of Homeland Security plays a key role in strengthening the cybersecurity posture of the federal government. Among other things, DHS has initiatives for (1) detecting and preventing malicious cyber intrusions into agencies' networks and (2) deploying technology to assist agencies to continuously diagnose and mitigate cyber threats and vulnerabilities.

This statement provides an overview of GAO's work related to DHS's efforts to improve the cybersecurity posture of the federal government. In preparing this statement, GAO relied on previously published work, as well as information provided by DHS on its actions in response to GAO's previous recommendations. In a January 2016 report, GAO made nine recommendations related to expanding NCPS's capability to detect cyber intrusions; notifying customers of potential incidents; providing analytic services; and sharing cyber-related information, among other things. DHS concurred with the recommendations and is taking actions to implement them.

GAO Report: DOJ and FBI Need to Take Additional Action to Ensure Privacy and Accuracy

Technology advancements have increased the overall accuracy of automated face recognition over the past few decades. This technology has helped law enforcement agencies identify criminals in their investigations. However, privacy advocates and members of the Congress remain concerned regarding the accuracy of the technology and the protection of privacy and individual civil liberties when technologies are used to identify people based on their biological and behavioral characteristics. This statement describes the extent to which the FBI ensures adherence to laws and policies related to privacy regarding its use of face recognition technology, and ensure its face recognition capabilities are sufficiently accurate. In May 2016, DOJ and the FBI partially agreed with two recommendations and disagreed with another on privacy. FBI agreed with one and disagreed with two recommendations on accuracy. GAO continues to believe that the recommendations are valid.

GAO Report: Cybersecurity: Actions Needed to Strengthen US Capabilities

This statement (1) provides an overview of Government Accountability Office's work related to cybersecurity of the federal government and the nation's critical infrastructure and (2) identifies areas of consistency between GAO recommendations and those recently made by the Cybersecurity Commission and CSIS. In preparing this statement, GAO relied on previously published work and its review of the two recent reports issued by the Commission and CSIS. Over the past several years, GAO has made about 2,500 recommendations to federal agencies to enhance their information security programs and controls. As of February 2017, about 1,000 recommendations had not been implemented.

While previous administrations and agencies have acted to improve the protections over federal and critical infrastructure information and information systems, the federal government needs to take the following actions to strengthen U.S. cybersecurity:

  • Effectively implement risk-based entity-wide information security programs consistently over time.
  • Improve its cyber incident detection, response, and mitigation capabilities. The Department of Homeland Security needs to expand the capabilities and support wider adoption of its government-wide intrusion detection and prevention system. In addition, the federal government needs to improve cyber incident response practices, update guidance on reporting data breaches, and develop consistent responses to breaches of PII.
  • Expand its cyber workforce planning and training efforts.
  • Expand efforts to strengthen cybersecurity of the nation's critical infrastructures.
  • Better oversee protection of personally identifiable information.

Information on Low Power Television, FCC's Spectrum Incentive Auction, and Unlicensed Spectrum Use

The Government Accountability Office was asked to review the possible effects of the auction on LPTV and translator stations and their viewers.

This report examines: (1) LPTV and translator stations and how FCC’s incentive auction might affect their viewers, (2) selected stakeholders’ views on actions FCC has proposed to mitigate the possible effects of the auction on such stations, and (3) selected stakeholders’ views on the expected outcomes of preserving a vacant television channel for unlicensed use.

GAO reviewed relevant FCC proceedings and comments associated with those proceedings; surveyed a non-generalizable sample of 330 LPTV and translator station representatives with available e-mail addresses; and interviewed officials from FCC and industry stakeholders selected to represent various types of organizations, such as broadcast industry associations and technology companies.

Information on How Broadband Affects Postal Use and the Communications Options for Rural Residents

Broadband use has in recent years been associated with reduced use of FirstClass Mail. Continued declines as a result of broadband, however, are uncertain.

Broadband access to various Internet services, especially online bill paying, is associated with reduced use of transaction mail, a subset of First-Class Mail. GAO analysis of the U.S. Postal Service’s (USPS) Household Diary Survey (HDS) data from 2007-2014 found that households using broadband to access Internet services tended to send less transaction mail than other households, controlling for age, income, and education. However, GAO found that in recent years broadband use may not have had a statistically significant effect on correspondence mail, a subset of First-Class Mail that includes letters and greeting cards. GAO found that rural households tend to visit post offices more regardless of broadband use.

Property Implications of Proposed Transition of U.S. Government Oversight of Key Internet Technical Functions

The Department of Commerce’s National Telecommunications and Information Administration (NTIA) proposes to transition its oversight of key Internet technical functions (the IANA functions) and the Internet domain name system to a global multistakeholder community. We addressed whether U.S. Government property will be transferred or otherwise disposed of in connection with the transition in violation of the Property Clause of the U.S. Constitution (Article IV).

We find it is unlikely that either the domain name system or the authoritative root zone file (the “address book” for the top-level domain) is U.S. Government property under Article IV. We also find the Government may have certain data rights, and has limited intellectual and tangible property, all of which constitute Article IV property, but that property will be retained and not disposed of in connection with the transition. Finally, the Government has a contractual right to continued performance by the entities carrying out the IANA functions and related services. That right, which also constitutes U.S. Government property, would be disposed of if NTIA terminates the agreements rather than allowing them to expire, but NTIA has the requisite authority to dispose of this Government property interest.

FCC Should Review the Effects of Broadcaster Agreements on Its Media Policy Goals

Competing television stations are entering into agreements to share or outsource services, and some policymakers are concerned about the effects of these agreements on competition and programming. The Government Accountability Office was asked to review issues related to broadcaster agreements.

This report examines (1) the uses and prevalence of broadcaster agreements; (2) stakeholders' views on the effects of broadcaster agreements; and (3) the extent, if at all, that Federal Communications Commission has regulated these agreements.

GAO recommends that the FCC should determine whether it needs to collect additional data to understand the prevalence and context of broadcast agreements and whether broadcaster agreements affect its media policy goals of competition, localism, and diversity.

Virtual Currencies: Emerging Regulatory, Law Enforcement, and Consumer Protection Challenges

Virtual currencies are financial innovations that pose emerging challenges to federal financial regulatory and law enforcement agencies in carrying out their responsibilities, as the following examples illustrate:

  • Virtual currency systems may provide greater anonymity than traditional payment systems and sometimes lack a central intermediary to maintain transaction information. As a result, financial regulators and law enforcement agencies may find it difficult to detect money laundering and other crimes involving virtual currencies.
  • Many virtual currency systems can be accessed globally to make payments and transfer funds across borders. Consequently, law enforcement agencies investigating and prosecuting crimes that involve virtual currencies may have to rely upon cooperation from international partners who may operate under different regulatory and legal regimes.
  • The emergence of virtual currencies has raised a number of consumer and investor protection issues. These include the reported loss of consumer funds maintained by bitcoin exchanges, volatility in bitcoin prices, and the development of virtual-currency-based investment products.

This report discusses (1) federal financial regulatory and law enforcement agency responsibilities related to the use of virtual currencies and associated challenges and (2) actions and collaborative efforts the agencies have undertaken regarding virtual currencies.

To address these objectives, Government Accountability Office (GAO) reviewed federal laws and regulations, academic and industry research, and agency documents; and interviewed federal agency officials, researchers, and industry groups. GAO recommends that Consumer Financial Protection Bureau (CFPB) take steps to identify and participate in pertinent interagency working groups addressing virtual currencies, in coordination with other participating agencies.