NCJ Number
51856
Date Published
1978
Length
56 pages
Annotation
AN OVERVIEW OF PRIVACY AND COMPUTER SECURITY PROBLEM IS PRESENTED, AND APPROACHES TO PROTECTING PRIVACY WHEN FEDERAL AGENCIES SHARE COMPUTER HARDWARE, DATA, AND COMMUNICATIONS ARE OUTLINED.
Abstract
THE CONCEPT AND POTENTIAL ECONOMIES OF A FEDERAL COMPUTER NETWORK WERE RECOGNIZED IN THE BROOKS ACT OF 1965 (P.L. 89-306). HOWEVER, PUBLIC AND PRIVATE CONCERN OVER THE ABILITY OF COMPUTER SYSTEMS AND NETWORKS TO PROVIDE ADEQUATE PROTECTION FOR PERSONAL INFORMATION HAS BEEN GROWING. THE FIRST ATTEMPT TO PROVIDE CENTRAL ACCESS TO INFORMATION WAS MADE IN THE MID-1960'S WITH A PROPOSAL TO ESTABLISH A NATIONAL DATA CENTER. THE PROPOSAL MET WITH CONCERN OVER THE POSSIBILITY THAT THE CENTRALIZED DATA WOULD BE MISUSED, RESULTING IN AN INVASION OF THE PRIVACY OF INDIVIDUALS REPRESENTED BY THE DATA. THE JOINT GENERAL SERVICES ADMINISTRATION-U.S. DEPARTMENT OF AGRICULTURE COMPUTER ACQUISITION PROJECT MET SIMILAR OPPOSITION IN 1974. CONGRESSIONAL ACTION KEPT BOTH PROJECTS FROM MATERIALIZING. THE INTERNAL REVENUE SERVICE'S PROPOSED TAX ADMINISTRATION SYSTEM WAS TERMINATED IN 1978, WITH PRIVACY AS ONE OF THE MAJOR ISSUES. IN LIGHT OF THIS BACKGROUND, THE LESSONS LEARNED FROM VARIOUS GENERAL ACCOUNTING OFFICE STUDIES OF COMPUTER SYSTEMS AND THE PROBLEMS AND PROMISES OF COMPUTER NETWORKS ARE SUMMARIZED. IT IS POINTED OUT THAT ABSOLUTE SECURITY RARELY IS PRACTICABLE IN ANY COMPUTER ENVIRONMENT, AND THAT COST-BENEFIT DECISIONS MUST BE MADE ABOUT THE LEVEL OF PROTECTION TO BE PROVIDED. CLASSES OF THREATS TO WHICH COMPUTER SYSTEMS ARE PARTICULARLY VULNERABLE ARE CATEGORIZED, THE MAJOR THREAT TO PERSONAL PRIVACY BEING THE MISUSE OF DATA BY PEOPLE WITH AUTHORIZED ACCESS TO THE COMPUTER SYSTEM. THE TECHNOLOGY AVAILABLE TO COMBAT SECURITY PROBLEMS IN COMPUTER NETWORKS IS DISCUSSED. A FORMAL APPROACH DEVELOPED FOR THE AIR FORCE SHOWS PARTICULAR PROMISE IN THAT SECURITY CAN BE EVALUATED AND VALIDATED. IT IS CONCLUDED THAT, BY APPLYING AVAILABLE TECHNOLOGY IN COMPLIANCE WITH THE ADMINISTRATIVE PRACTICES AND TECHNICAL SAFEGUARDS REQUIRED BY THE FEDERAL PRIVACY ACT, IT WILL BE POSSIBLE TO PROVIDE REASONABLE PROTECTION FOR THE CONFIDENTIALITY OF PERSONAL INFORMATION WHILE ENABLING THE FEDERAL GOVERNMENT TO REALIZE THE ECONOMIES OF COMPUTER NETWORKING AND DATA SHARING. THE OFFICE OF MANAGEMENT AND BUDGET IS URGED TO PROVIDE FEDERAL AGENCIES WITH COMPREHENSIVE GUIDELINES FOR ACHIEVING THESE ENDS. (AUTHOR ABSTRACT MODIFIED--LKM)