The Business Council of New York State, the state’s leading statewide business and industry association, opposes this legislation that would amend the state finance law to require contractors performing work for a state agency with the use of a computer to track such computer usage.
This bill would mandate use of third-party tracking software to verify hours worked and billed on state government contracts greater than $250,000. The data collected includes key strokes, mouse activity, and screen shots “at least once every three minutes.” Data collected by this software would be stored by the contractor and accessible upon request by the state agency or state auditors. The bill touts the collection of this data as a means of addressing the “difficulty in verifying hours worked on computers and billed to the government under government contracts.”
While the intent of this bill might be to target specific types of work, as written it would apply to a wide range of contracts, i.e. any work performed that involves professional or technical services, with any computer-based work, where the contract is based on hourly rates.
While this goal of accountability is laudable, the bill’s negative implications are much broader. There is no mention in the legislation as to who would oversee the operations and functionality of the newly mandated third-party software. Since it would be a contract mandate under this bill, each and every contract throughout New York State would be required to purchase and utilize some sort of verification software to comply with this new this system. A myriad of software programs could technically suffice under this legislation for each individual contractor, but it would be the State who would have to be fluent in the use of each and every program. The compatibility or knowledge required to undertake such an operational change is certainly daunting. It also begs the question as to what system or software should the contractors look to since they have only 180 days to comply and are moving from one documentation system (books, records, etc.) to computer tracking on their systems by a third party provider of tracking software.
Further, the installation of this software on each system is, for lack of a better word, spyware. It monitors a user’s activity, takes screen shots of pages being worked on, and saves them to a master file until such time as the contracting agency or state auditors request the file. The security implications are dramatic for such a new, and previously unexplored system. What if more than key strokes are divulged? What if the upload to state systems includes malware or other damaging programs? And, what if the third parties installing the system have design or other issues that may lead to data breaches that collect and then divulge more than simple key strokes? This also places the state at risk by uploading hundreds of thousands of computerized files from divergent systems all across New York State.
The proposed legislation also has numerous cost implications to both the contractor and the State. Since each contractor would be required to utilize this new system, the purchase will be borne by contractors, who will either be forced to add increased financial burden, or pass this along to the State – and its taxpayers. This will be especially damaging to smaller firms less able to bear the additional cost burden.
The legislation specifically states that “the contractor shall not charge the agency or an auditor of the agency” for access to the data collected. This will have a deep impact on small and large businesses alike who must insure they collect, store and maintain data files on all agency contracts – in addition to the usual papers, files, and documentation pertinent to contracts – for years. This leads one to wonder about the added costs for new data storage and related computer system maintenance beyond the added costs of verification software.
For the above reasons, The Business Council opposes approval of this legislation.