States Wanted to Snoop on Contractors, but Plans Are Stalling

March 26, 2019, 8:46 AM

Alex Konanykhin sees a future for state government contractors where workers must provide concrete proof of hours they bill.

From Arizona to New Jersey, lobbyists hired by Konanykhin’s software company, TransparentBusiness, have tried to convince state politicians to buy into that future. They’ve introduced bills that would require state contractors to use software to automatically track employee keystroke and mouse movement frequency and take a screenshot of the computer screens every few minutes to verify state-funded work.

“Transparent verification of billable hours is an irreversible trend in public procurement,” said Konanykhin, a Russian-American entrepreneur and CEO of TransparentBusiness.

Time management and compliance systems need to move online to create a higher measure of accountability, hour verification advocate and New Jersey state assemblywoman Shavonda E. Sumter said.

But what Konanykhin calls an “irreversible trend” is largely sputtering in the states.

Industry groups, privacy advocates, businesses, and even some state research agencies have come out against mandating contractor monitoring. Legislation is stalled in more than two dozen states.

New Jersey Bill Advances

The overall aim of the bills is to help state agencies verify the hours worked on some contractors’ computers, though the proposed legislation varies from state to state. Agencies would have real-time or retroactive access to the data collected, and contractors would be required to store the data for a certain amount of time—in some of the bills, for seven years.

New Jersey is the only state where a contractor monitoring bill has gained traction. A proposal passed the state’s assembly unanimously Jan. 31, and is under consideration in the senate.

Sumter, the bill’s sponsor, said that the legislation would be a way to increase billing enforcement and modernize the state’s timekeeping software.

Validating billable hours of vendors working for New Jersey is left to individuals, the assembleywoman said. “It’s not electronic at all. And I really think we need to come of age,” she said.

State-by-State Backlash

It’s a different story in other states.

Arkansas’ Department of Finance and Administration released a legislative impact statement on proposed legislation that warned the tracking software would be equivalent to “mandating the installation of third-party spyware/malware” on both state owned and personal devices.

The Arkansas bill’s sponsor, Sen. Matthew Pitsch (R), did not return requests for an interview but said during a legislative session in February that the bill would be “dramatically modified” if it went forward.

Arizona’s bill was “dead on arrival,” state representative John Kavanagh (R) said. He was the sponsor of a bill that would have required contracts for schools and the state government in excess of $100,000 to require verification of hours. The Speaker of the Arizona House of Representatives wouldn’t even send the bill to committee, according to Kavanagh.

“I think it wasn’t really ready for prime time,” the representative said.

An Oregon legislator who introduced a similar bill said he quickly heard concerns. Companies that do business with Oregon, including Google and U.S. Bank, didn’t want third-party software on their systems, the representative said. U.S. Bank told Bloomberg Law it doesn’t have an official position on the legislation while Google did not clarify its position.

Oregon state representative Jeff Barker (D) now says the bill isn’t likely to pass.

“On the face of it, it sounded pretty good,” Barker said of the bill. “But then when people came in with all the technical objections, especially with all the hacking and everything else going on and there’s grave concerns about security, that seemed to be an issue.”

Industry Opposition

The flood of bills introduced in state legislatures over the past year, modeled after the TransparentBusiness template, could pose a myriad of employee privacy, data security, and employment concerns for contractors if passed, engineering and information technology industry groups said.

The American Council of Engineering Companies, the Information Technology Industry Council, the Computing Technology Industry Association, and the National Association of State Chief Information Officers are a few of the groups who oppose the bills and say that the potential privacy and employment implications would create more issues than the fraud and overbilling concerns the bills purport to solve.

A coalition of 14 business groups sent an open letter March 25 urging state lawmakers, IT leaders, governors and procurement officials to reject the various state measures that they say could lead to higher costs for states and taxpayers.

“While we are supportive of improved transparency and oversight, we are concerned that these bills would present significant privacy and data security risks for both contractors and state governments,” the groups wrote. Groups that signed onto the letter include the National Society of Professional Engineers, the American Legislative Exchange Council, and health insurance company trade group America’s Health Insurance Plans.

“This is not a problem that needs to be addressed,” Doug Robinson, executive director of NASCIO, which represents state chief information officers, said. NASCIO members “have not reported to us that there’s widespread, rampant fraud about overbilling.”

NASCIO, which rarely—if ever—takes a stance on specific state legislation, released a statement opposing the bills in February that it hoped would “forestall any additional filings and make states step back and examine the bills that have already been filed and ask questions about it,” Robsinson said. “It was clearly moving very, very quickly without a lot of introspection,” he said.

Konanykhin said the NASCIO statement was “based on false premise, contradicts accepted practices and was passed without any semblance of due diligence,” and that the group did not reach out to TransparentBusiness for an explanation of the bills.

Monitoring in the Workplace

Groups opposing the legislation say it would be almost impossible for the software to take screenshots of computers at regular intervals without capturing personally identifiable and other sensitive information, especially if there is no option to redact or otherwise alter the information.

TransparentBusiness said that contractors can remove non-work related screenshots but then the time becomes unverified and they may not be able to bill for it, depending on state laws.

Employers are generally able to track employees’ online activity at work if they get consent from employees, usually through a corporate policy, attorneys said. Some of the industry concerns center on the often sensitive nature of work done on behalf of state governments, and the requirement to store the information. Screenshots of computer screens could include tax, energy, financial, and health information, they said.

Ensuring sensitive data for work done on behalf of government clients is protected is a “top line concern” for all engineering company CEOs, said Steve Hall, vice president for advocacy and external affairs at the American Council of Engineering Companies.

Personal Information at Work

Industry representatives and privacy and employment attorneys said employers could run into issues complying with the federal Stored Communications Act and other state and federal privacy and data security laws if the screen shots capture and store non-work related information.

Employees often pull up personal Facebook pages, schedule a doctor’s appointment, or take five minutes to check personal emails throughout the workday.

“Any perceived problem that they think would be solved by this product I think would be dwarfed by the problem created by all this data being stored,” said V. John Ella, an employment attorney in Minnesota.

It’s also likely that employees do work on paper, and the legislation doesn’t address how the contractor would verify that work was being done offline, industry representatives and attorneys said.

TransparentBusiness only provides verification of computer-based work, but that’s where a lot of waste and fraud is occurring, Konanykhin said. A “hammer is a useful tool even if it cannot be used to screw screws,” the CEO said of his product, saying some verification is better than none.

If the software is being used as a time-keeping mechanism, “that’s a problem if you’re not considered as working unless it’s being done on your computer,” said Karla Grossenbacher, a labor and employment attorney at Seyfarth Shaw LLP. “There’d be a very narrow number of employee positions that would be done solely on a computer.”

Sarah Matz, CompTIA’s director of state government affairs for the south, also noted that there is no industry standard for the amount of keystrokes logged for a certain period of time.

Those criticisms haven’t deterred Konanykhin.

Konanykhin tells prospective investors they could see a 90,000 percent return and turn $100,000 into $90 million if they invest in his company. “Transparency will greatly reduce fraud and waste,” he said.

To contact the reporters on this story: Andrew Wallender in Washington at awallender@bloomberglaw.com; Sara Merken in Washington at smerken@bloomberglaw.com

To contact the editors responsible for this story: Terence Hyland at thyland@bloomberglaw.com; Cheryl Saenz at csaenz@bloombergtax.com

To read more articles log in. To learn more about a subscription click here.