Systems and Mechanisms to Ensure Privacy and Security

Develop Systems and Mechanisms to Ensure Privacy and Security

Business Relies on Secure Communications

Imagine this: A businesswoman walks into a post office, presents a
picture ID, and is given a "public key." Using this key card, she
electronically signs a federal contract and transmits it over the
National Information Infrastructure to a contracting agency. The
transaction is valid, secure, and paperless.

Automated teller machines (ATMs) are one of the most successful examples
of using information technology to improve service. Viewed with
skepticism at their introduction, they are now the principal means used
to conduct routine banking transactions.Fundamental to their success is
public confidence in the trustworthiness of the electronic banking
system. Indeed, people's chief anxiety about using ATMs is the fear of
being robbed while making a withdrawal.

A new type of crime is the "high-tech mugging," in which ATM access
information is stolen and used to make unauthorized withdrawals.  In a
recent Brooklyn, N.Y., case, crooks used a hidden video camera to look
over the shoulders of people withdrawing money at ATMs. The camera
recorded their personal identification numbers (PINs); later the thieves
matched these with discarded receipts to withdraw money illegally.

In another ATM caper, crooks placed a bogus ATM machine in a Connecticut
mall. The bogus machine not only recorded hundreds of PINs, but also
read the private account information stored on each ATM card.  The bogus
ATM machine returned cards to the unsuspecting owner and displayed a
message indicating that the transaction could not be completed. These
criminals later used the information to withdraw money.  In both of
these crimes, the crooks succeeded in stealing over $100,000.

These cases illustrate real money loss by exploiting system security
vulnerabilities. However, they also illustrate the real potential for a
loss of public confidence in electronic government.[1]

Unless the information systems and electronic services delivery systems
protect the information being processed and the privacy of the
individuals using them, electronic government will not work. Government
is beginning to use the recent advances in information technology to
lower costs; increase efficiency and productivity; and collect, use, and
analyze far more information, much of it personal.

As government use of electronic services and information systems grows
more extensive and widespread, government and citizens will demand
continued confidentiality and integrity in the information processed.
Also, as government, businesses, and other organizations rely more on
electronic records and information, they will also demand more access to
diverse, interconnected databases. Information technology can provide
tremendous benefits in improved service and, used properly, enhanced
privacy and security. But without proper attention, it can also permit
inappropriate, unauthorized, or illegal access to information.

Furthermore, new electronic government applications--particularly those
focused on service-to-the-citizen programs--present nontraditional
challenges and vulnerabilities regarding accuracy, authentication,
privacy, and security. These challenges and vulnerabilities are both
technical and policy-related.[2]

Although overcoming the technical challenges is straightforward, a
tradeoff must be made between cost and risk.  Information technology-
based solutions and prototypes (cryptography, digital signatures,
security protocols) for protecting distributed internetworked systems
will soon be available. The implementation of these solutions should be
weighed against all identifiable risks.

Overcoming the political and policy challenges, however, is not
straightforward. Prominent among these today is the appropriate role of
the federal government in privacy and security. Examples of particularly
challenging policy issues include balancing national security interests
with private sector business interests, and maintaining a balance
between individual privacy and governmental efficiency.

The American people want trustworthy, readily available information,
and computer systems that are user-friendly, secure, and protective of
individual privacy. These systems must:

---safeguard information, facilities, information systems, and networks
against illegal or unauthorized access, modification, or disclosure;

---balance access to agency information and records with appropriate
privacy controls;

---respect private ownership of information and be subject to policies
and disclosure procedures for government use of individual information;
and

---incorporate privacy and security safeguards early in the design of
the system.

Finally, as the nation develops information highways and expands the
national information infrastructure, systems should be designed and used
within a framework that

---protects national security interests,

---permits legitimate law enforcement activities,

---enhances global competitiveness and productivity for U.S.  business
and industry, and

---ensures the privacy and civil liberties of all citizens.

Need for Change

Public acceptance and reliance on electronic information and data
requires

---striking the proper balance between an individual's personal privacy
and the government's need for information,

---providing a high degree of security against unauthorized access or
use, and

---maintaining the accuracy of the information stored or processed.

Need for Privacy.

Americans are becoming increasingly concerned about threats to their
personal privacy resulting from wider use of information technology to
collect, maintain, and manipulate personal information. A poll conducted
in 1970 showed that only 33 percent of respondents were concerned about
personal privacy.[3] By 1990 polls, that proportion had risen to 79
percent.[4].

Although advancing technology can create new opportunities for misuse,
the real problem lies in the lack of adequate management controls over
those with access to personal records.  For example, in a recent
well-publicized case, the U.S.  Attorneys announced the arrest of over
two dozen individuals who engaged in schemes to buy and sell information
from Social Security Administration (SSA) computer files.[5] Most of
those arrested were current or former employees of the SSA or the
Department of Health and Human Services' Office of Inspector General.
This case brought to the public's attention the fact that SSA employees
in over 1,300 offices all across the country have unrestricted access to
over 130 million records on working Americans. In another case, HHS's
Inspector General found social security number fraud: An SSA employee
had used social security numbers taken from the SSA records to obtain
and establish credit.[6]

Giving increased attention to personal privacy policies and procedures
would allow the federal government to better represent American
business interests abroad, particularly in Europe, where privacy
protection approaches differ from U.S. approaches.[7] Information, and
the records associated with this information, is a global commodity,
which readily flows across international borders.  Trade conflicts and
issues may arise for U.S.  businesses when dealing with the privacy laws
of other countries, such as the recent privacy laws advocated within the
European Community for transborder flow of information.

Need for Security.

As society becomes more dependent on computers and computer
communications systems for the conduct of business, government, and
personal matters, it relies more on the availability, confidentiality,
and integrity of the information these systems rocess.  Information
security has become especially important for applications such as
electronic transactions where accuracy, authentication, or secrecy are
essential.

OMB estimates that by 2000 approximately 75 percent of public
transactions will be processed electronically.[8] The private sector
already uses electronic transactions widely. One trillion dollars in
worldwide banking and financial transactions occur each day.[9] Yet the
best security systems in use today lose money, credit and financial
reports, and private and proprietary data due to electronically
perpetrated theft and unauthorized browsing. For example, in the United
States, computer crime losses alone total $15 billion per year.[10]
These losses are minor when compared to potential losses from harmful
and illegal acts such as service disruption, terrorism, and industrial
espionage. The cost could be billions for a single debilitating
disruption of service or criminal act.

More than dollar losses are at stake. In distributed, electronically
based information systems, if access controls and security concerns are
not addressed as government proceeds with reinvention, vulnerabilities
to U.S. national security may be inadvertently created by making
information readily available to foreign governments, competitors, or
criminals.[11] Finally, large-scale service disruptions could adversely
affect recipients of federal benefits and information-based services of
all kinds.

A division between sensitive unclassified and classified information is
statutorily mandated by the 1987 Computer Security Act.  The following
actions use existing privacy and security boards, councils, and groups.
Exceptions are two near-term task forces to develop high priority,
essential standards or generally acceptable principles needed for rapid
progress in creating an electronic government.

Endnotes

1.  "On PINs and Needles Over ATMs, "Washington Post (May 21, 1993), pp.
G1, G8, and "ATM Scams; High-Tech Caper Prompts Banks to Step Up
Security," The Hartford Courant (July 11, 1993), p.  D1.

2. U.S. Congress, Office of Technology Assessment (OTA), Federal
Government Information Technology: Electronic Record Systems and
Individual Privacy, OTA-CIT-296 (Washington, D.C.,June 1986); The Report
of the Privacy Protection Study Commission, Personal Privacy in an
Information Society (Washington, D.C.: U.S.  Government Printing Office,
July 1977); and U.S. Congress, Office of Technology Assessment,
Defending Secrets, Sharing Data: New Locks and Keys for Electronic
Information, OTA-CIT-310 (Washington, D.C., October 1987).  3. Piller,
Charles, "Special Report: Workplace and Consumer Privacy Under Siege,
"MacWorld (July 1993), pp. 1-14.

4. See Weston, Alan F., and Louis Harris and Associates, The Equifax
Report on Consumers in the Information Age (Columbia University, 1990).

5. U.S. Congress, House, Committee on Ways and Means, Subcommittee on
Social Security, "Illegal Disclosure of Social Security Earnings
Information by Employees of the Social Security Administration and the
Department of Health and Human Services" Office of Inspector General:
Hearing," 102th Congress, 2nd Session, Serial 102-131, September 24,
1992.

6. Ibid.

7. Congressional Record-House, H755-757, January 29, 1991.  8. U.S.
General Accounting Office, Comptroller General's 1989 Annual Report:
Facing Facts (Washington, D.C.: U.S. General Accounting Office, 1990),
p. 28.

9. Adam, John A., "Special Report: Data Security," IEEE Spectrum
(August 1992), pp. 18-44.

10. Illustrative Risks to the Public in the Use of Computer Systems and
Related Technology, vol. 18 (Menlo Park, CA: SRI International,
undated).

11. See OTA, Defending Secrets, Sharing Data: New Locks and Keys for
Electronic Information, and Department of Defense Security Institute,
"Security Awareness News: A Compilation of News Articles on
Counterintelligence and Security," Richmond, VA, May 1993, pp. 2, 23.