an eddy in the bitstream

Category: misc

HB 2196 Testimony – Unemployment Insurance

The Kansas legislature is considering a bill that would create a legislative oversight committee specific to the technical modernization of the Kansas Department of Labor. The following is the testimony I wrote for the committee.

Testimony on Substitute for HB2196
Senate Commerce Committee
Peter Karman
March 17, 2021

Mr. Chairman and Committee Members,

I am Peter Karman, resident of Lawrence. I am here to present testimony on Substitute for House Bill 2196.

I am a technology professional with over 25 years of experience. I am also a former federal employee where I played a significant engineering role in the development of several IT projects, including the identity verification, security and fraud prevention, and authentication features of login.gov, which currently serves over 30 million Americans. I also worked on the modernization of the Department of Veterans Affairs case appeals management system.

During April and May of 2020 I assisted the Kansas Department of Labor as a volunteer with the United States Digital Response. The USDR is a group of several thousand volunteer technologists who stepped forward during the early days of the COVID-19 pandemic to assist state and local governments with the sudden demands on their technical infrastructure. I spent hundreds of hours in the depths of the KDOL technical systems and with the KDOL IT team during those weeks and have remained in touch with the department in the year since.

I also served on Governor Kelly’s transition team in 2018 and have knowledge of many of the IT systems, architectures and challenges within Kansas state government.

First, I applaud the committee’s desire to see KDOL technology systems modernized. The state’s reliance on mainframe technology poses several challenges to providing key services to constituents, particularly in the quickly evolving online environment on which many Kansans depend. I also support the legislature’s desire to understand the unemployment application process from the perspective of the users of the system. Filing a claim and receiving benefits should combine the best of design research, security and fraud prevention practices. Kansans facing these difficult circumstances deserve an experience filled with empathy and respect.

Second, there are provisions in the current bill that concern me, both as a professional and as a taxpayer. Creating a new oversight committee will add redundant bureaucracy to the existing legislative oversight structure that includes the Joint Committee on Information Technology. Empowering this committee with architectural decision-making power will place incredible demands on the committee and will prevent professional technologists and architects from using their industry knowledge and expertise to address complex design and security issues. We should let professional technologists determine the best technology solutions.

Page 3 of the current bill enumerates several technical security remediations and strategies that have no reason to exist in statute. I have worked on several IT modernization projects at the federal level that were initiated via Congressional action and every one of them that made specific technological requirements part of the law resulted in delays and inferior technological outcomes. Digital security practices must evolve as quickly as the threats they hope to defeat. When technical specifications make their way into statute, IT professionals face a dilemma between implementing the legal requirements and implementing secure systems. This false choice can lead, in the best case, to security theater and, in the worst case, insecure implementations. Please don’t enshrine today’s technical specifications, which must constantly evolve, into law preventing IT professionals from solving tomorrow’s security threats.

Thank you to the committee for considering this testimony and for your continued work in helping KDOL better serve Kansans.

Sincerely,

Peter Karman

Elasticsearch development

Over the last few years I have done a lot of development against Elasticsearch, especially using the Ruby libraries. The Elasticsearch::DSL is very powerful, but anything beyond a simple query can take hours of debugging to get the syntax just right. I always learn the hard way that it is better to handcraft the JSON first to get the logic correct, and then translate it to the Ruby DSL code.

I don’t do it often enough to remember, so after my latest struggle with ES, I thought it useful to document.

The curl command is:

curl -X POST localhost:9200/myindex/_search \
-H 'Content-Type: application/json' -s \
-d '@q-test.json' | json_xs  | jq .hits.total

where q-test.json is a file with the DSL JSON.

© 2021 peknet

Theme by Anders NorenUp ↑