encryption techniques in civilian applications for protecting data during transmission.

Research and development of new mechanisms and techniques where significant needs
cannot be met satisfactorily by existing technology. Among the needs requiring this
type of effort are self-protected computer systems which have the internal ability
to enforce the access controls necessary for the prescribed level of security. Other
needs include techniques for positively and uniquely identifying individuals who
have authorization for access to the system and data and the development of secure
network models for evaluating alternative network designs.

• A study of the costs of data confidentiality and security to build an understanding useful in making public choices about degrees of privacy desired by individuals and for allocating costs among the public, industry and government.

It is hoped that the Conference will stimulate the computer industry and other interested parties to propose specific approaches and solutions to the needs and problems outlined and will promote new initiatives for protecting data confidentiality in computerbased records systems.

A second Conference is planned for March 4-5, 1974, which will provide an opportunity for the presentation of proposed technological and regulatory solutions to the computer security needs and problems identified in this Conference.

Government Looks At

Privacy and Security in Computer Systems

Summary of a Conference held at the
National Bureau of Standards, Gaithersburg, Maryland
November 19-20, 1973

Clark R. Renninger and Dennis K. Branstad, Editors

This publication summarizes the proceedings of a conference held for the
purpose of highlighting the needs and problems of Federal, State, and local
governments in safeguarding individual privacy and protecting confidential
data contained in computer systems from loss or misuse. The Conference was
held at the National Bureau of Standards on November 19-20, 1973.

The origin of governmental problems is discussed in the context of the
public's concern for privacy arising out of computer-based recordkeeping,
the diverse legislative actions now being taken to safeguard privacy, the
threats to the security of computer-based information systems and the
technological problems associated with protecting against such threats.
Useful distinctions are drawn between privacy, confidentiality and security
to clarify the issues and allocate responsiblities for solving the problem
among lawmakers, technologists and management.

Major needs are described. These include the need for cohesive Federal,
State and local legislation; technological guidelines and standards for
assuring uniform compliance with legislative requirements; management guide-
lines for identifying and evaluating threats to security; and improved
technological mechanisms for controlling access to computer systems and
networks. Cost implications of providing security measures are discussed.
Key words: Computer systems, privacy and security; confidentiality; privacy;
security.

I. Introduction

1.1. Purpose of the Conference

This paper is a summary of a two-day Conference on Privacy and Security in Computer Systems, held on November 19-20, 1973, and sponsored by the Institute for Computer Sciences and Technology of the National Bureau of Standards.

In his introductory remarks, Dr. Richard W. Roberts, Director, NBS, indicated that the Conference was attended by 510 people: 375 of them from Federal, State and local governThese attendees represented 7 Congressional offices,

ments, and 135 from the private sector.

46 Federal agencies, 30 States, 7 local governments, 34 computer companies and 41 professional associations, universities and public interest groups.

The stated purpose of the conference was to:

531-849 O-14-2

"Identify initial requirements and issues that confront governmental
organizations in safeguarding individual privacy, data confidentiality
and computer security.

"Communicate this information to groups in the public and private
sector in order to mobilize and orient efforts that can respond to
recognized needs.

"Establish a foundation for a second conference to be held on March 4-5,
1974, which will provide the opportunity for the presentation of pro-
posed technological or regulatory solutions to the computer security
needs and problems identified in this Conference."

1.2. Organization of the Summary

This summary identifies the principal themes of the various presentations and organizes them to:

A.

Identify the origins of the problems encountered by Federal, State and
local governmental bodies in attempting to meet their responsibilities
in safeguarding information needed to perform governmental functions.

C.

Describe the problems as seen by Federal, State and local governments.

The summary is an integration of the papers and presentations of the Conference. all cases, it is believed that the intent of the speakers has been preserved.

1.3. Appendices

A. The Conference Program

B. References to source materials cited at the Conference

C. A preview of the March 4-5, 1974, conference

II. Where the Problem Arises

2.1. Public Interest

In

In the keynote address, John K. Tabor, Under Secretary of Commerce, noted a number of factors that are creating pressure for solutions to the problems of providing protection to confidential or valuable data against misuse or loss. He cited the general expansion of government and private information gathering and recordkeeping to support the needs of

society as a phenomenon of recent American life. The capability to manage large recordkeeping activities and derive useful data is made possible and even accelerated through use of computers. He noted that linking computers through telecommunications multiplies the capability to exchange and share the results of information-collecting activities while at the same time compounding the protection problem. Under Secretary Tabor called for soundly designed safeguards to protect the confidentiality of data collected in support of expanded services and programs at all levels of government.

Congressman Jack Brooks, Chairman of the Government Activities Subcommittee of the House Committee on Government Operations, noted that control over dissemination of such information involves two concepts: privacy, or who should have access to what information for what purposes; and data security, which prevents unauthorized access to the data and also protects its integrity.

In discussing the large number of data banks involving personal data that already exist, Congressman Brooks indicated that 7500 data banks were counted in the Federal Government alone; he further indicated that he believed the count was "low." The number of non-Federal data banks involving personal information is unknown although it was indicated that the State of California has between 8,000 - 10,000 data bases of which approximately 45% (3,600 - 4,500) involve personal data. While these figures represent only two very isolated data points, it is evident that the number of Federal, State and local government data files containing personal data is very large indeed. Coupled with the large or even larger number of files containing personal data to be found in the private sector (e.g., insurance companies, credit card plans, mailing lists, school records, etc.), this represents a very large pool of information that is being actively collected and maintained.

Along with the intensified recordkeeping activities of governmental units has come an increased awareness of the part of the public that such activities are going on, and with this awareness there is an increased sensitivity about individuality and personal rights. It would be stretching facts to suggest that the rise of awareness and feeling of potential threat to one's individuality comes from abuses in the collection and use of data by governmental units. Rather, it would seem that such awareness comes about from a variety of factors present in an increasingly complex society. Regardless, the public's desire for privacy is quite real and has created a conflict between the interests and rights of an individual and the interests and rights of government (and private) institutions. As David B. H. Martin, Special Assistant to the Secretary, HEW, pointed out, this conflict of interests raises the public policy questions that require legislative and regulatory solutions.

Congressman Brooks pointed out that no legislative action can be effective without the corresponding technological advances to support legislative efforts. He said, "The directives of Congress and State legislatures as to constitutional and social restrictions to protect the