Mr. STANTON. How many requests do you get a year? Do you have any idea? Mr. SHEPHERD. I might also add that we disclose data for several reasons. For humane reasons, for instance. Mr. CORNISH. I understand that. I am not concerned with those. I read the whole thing very carefully. I think they are probably justified. Mr. SCHUCK. I can't provide the number on the FBI or the Secret Service. I did get a list of how many requests we serviced last year. Mr. STANTON. How many? Mr. SCHUCK. Well, the ones noted there were 302,000 requests. Mr. CORNISH. Do you have those broken down by who requested them? Mr. Schuck, I wonder if that list might be submitted for the record. Mr. MOORHEAD. Without objection that list will be submitted. [The information follows:] Mr. MOORHEAD. Does the subdivision include a subheading for the FBI? Mr. SCHUCK. I assume the reason it is not on here for the FBI is that the number of requests were so small. Mr. SHEPHERD. We can furnish that if you would like. Mr. SCHUCK. We can furnish the exact number on a breakdown of who requested, by what agency, and so forth. We would be glad to furnish this. We have one for the IRS. Mr. STANTON. How about IRS? Mr. SCHUCK. They are a very big user. We are required by law to provide this. Technically that is not a disclosure since they process the earnings information before we do. Mr. SHEPHERD. We get the earnings information from them in fact. Mr. SCHUCK. Well, they asked 105,000 times in fiscal year 1972. Mr. STANTON. Thank you. Mr. CORNISH. Is that all? Mr. SCHUCK. They didn't get the whole individual's record. They just got the last posting, the latest posting to the record. Mr. CORNISH. Are all these individuals notified that their records have been requested by somebody? Mr. SCHUCK. No, they are not. Mr. MOORHEAD. I have to leave at noon and we have some more witnesses going. We are off the record. [Discussion off the record.] Mr. MOORHEAD. Well, thank you very much, Mr. Shepherd, and your associates. We appreciate this testimony. It is pretty complicated talking about computers, but we struggle through it. The subcommittee would now like to hear from Mr. Sidney Weinstein, Assistant Commissioner for Agency Assistance, Planning, and Policy, Automated Data and Telecommunications Service of the General Services Administration. Mr. Weinstein, would you and your associates rise so I can administer the oath? Do you solemnly swear the testimony you are going to give before the subcommittee will be the truth and the whole truth so help you God! [Witnesses sworn en masse.] STATEMENT OF SIDNEY WEINSTEIN, ASSISTANT COMMISSIONER FOR AGENCY ASSISTANCE, PLANNING, AND POLICY, AUTOMATED DATA AND TELECOMMUNICATIONS SERVICE, GENERAL SERVICES ADMINISTRATION; ACCOMPANIED BY MICHAEL MUNTNER, DIRECTOR, ADVANCED PLANNING AND RESEARCH DIVISION; AND ALLIE B. LATIMER, ASSISTANT GENERAL COUNSEL Mr. MOORHEAD. Mr. Weinstein, you may proceed. Will you introduce your associates to the subcommittee? Mr. WEINSTEIN. Mr. Chairman and members of the subcommittee, my name is Sidney Weinstein and I am Assistant Commissioner for Agency Assistance, Planning, and Policy in the Automated Data and Telecommunications Service of the General Services Administration. I am accompanied by Ms. Allie Latimer, Assistant General Counsel for the Automated Data and Telecommunications Service, and Dr. Michael Muntner, Director of the Advanced Planning and Research Division of my office. We are pleased to have this opportunity to appear before your subcommittee on behalf of Hon. Arthur F. Sampson, Administrator of General Services. My appearance is at the request of Chairman Moorhead to the Administrator to discuss the responsibilities and functions of the General Services Administration with respect to the development, planning, and coordination of Federal information systems and, in particular, with specific attention to the work of the Automated Data and Telecommunications Service, ADTS. At the outset I would like to explain that the Automated Data and Telecommunications Service is new within GSA. ADTS was established on July 15, 1972, in recognition of the growing interdependence between computers and communications. We recognized that these technologies were converging and that in order to effectively discharge our responsibilities it would be essential to combine both activities into one organizational element. Prior to the establishment of ADTS. GSA's responsibilities in communications and automatic data processing, ADP, were in separate organizational elements within GSÅ. Our primary Government-wide responsibilities in the ADP area are derived directly from section 111 of the Federal Property and Administrative Services Act of 1949 as amended. Section 111 is popularly known as the Brooks Act, or Public Law 89-306, which was passed by the Congress in October 1965. Mr. MOORHEAD. I was a member of the Brooks subcommittee at that time, Mr. Weinstein. Mr. WEINSTEIN. Our Governmentwide responsibilities in the communications area are derived from section 201 of the Federal Property Act. Essentially, ADTS is responsible for the direction and coordination of a comprehensive Governmentwide program for the management, procurement, and utilization of general purpose ADP equipment and services, and general and special purpose communications equipment and services. Specifically, we coordinate and provide for the economic and efficient purchase, lease, and maintenance of general purpose ADP equipment for use by Federal agencies. We are prohibited by law, Public Law 89-306, from impairing or interfering with the determination by agencies of their individual ADP requirements. Nor can we interfere or attempt to control in any way the use made of ADP equipment or components thereof by any agency. In the field of communications our efforts are similarly directed to the provision of communications services for executive agencies with due regard for program activities of the agency concerned, with the aim of providing telecommunications services which will achieve overall operating efficiencies and economies. Specifically, ADTS also provides services to other units of the Federal Government in a number of ways. We operate 12 Federal data processing centers which provide data processing computational services, programing services, and data conversion services. We also provide remote computing, popularly known as "timesharing," through the National Teleprocessing Service. This service operates through a nationwide network developed to provide Federal agencies with a low cost and broadly based source of data teleprocessing services. Full teleprocessing services are provided to government users nationwide for both interactive and remote batch modes of processing from a common base. These services are provided by the Infonet Division of the Computer Sciences Corp. under a governmentwide requirements contract. We also operate a timesharing service from our Federal data processing center in Atlanta which provides only general interactive timesharing service to government users on a nationwide basis. Where existing government facilities cannot satisfy agencies' requirements, we satisfy their requirements by procuring either equipment or systems to meet their individual needs. We delegate to agencies the authority to procure where we do not wish to procure it for them. This is done from time to time. We also assist agencies, particularly those with limited experience or expertise, in conducting ADP and communications systems studies. We operate and provide certain telecommunications services through our Federal Telecommunications System, a nationwide network of communication lines and high speed switching facilities leased by GSA for use by Federal agencies. Its purpose is to provide a wide range of services at costs less than commercial rates. The system provides for local and long-distance telephone services, as well as transmission of facsimile and data traffic. We also operate and provide services through Federal telecommunications records centers located in Federal office buildings occupied by a number of government agencies. The purpose of these centers is to provide a wide range of centralized communications services for users, such as teletype, facsimile, and data transmission. The ADTS role in planning, operating, and/or coordinating Federal information systems is essentially limited to those activities which service the management needs of Federal agencies whose requirements in this area need to be met through the use of computers and/or communications facilities or services. In essence our role is not directly related to the establishment of Federal information systems but rather to the fulfillment of the stated agency requirements through computers and communications. To that extent we have the responsibility of analyzing current trends in the communications and data processing fields. From our analyses of these trends we develop plans for telecommunications and ADP showing long-range projection requirements based on anticipated needs of agencies and on technological advances in communications and data processing. Our aim here is to provide for these requirements in the most cost effective manner possible and, wherever technically feasible, to plan for shared systems to meet various kinds of ADP and telecommunications requirements. Our views here are that the need for shared and interconnected systems is directly related to the cost effectiveness of separate versus shared or interconnected systems and not to the necessity for or desir ability of the system itself as it relates to the subject matter. Of course, there may be a number of specific data bases which are so functionally interrelated that it is essential to interconnect the systems in order to provide for meaningful output even in the face of potentially higher costs. In the area of safeguards needed for protection against invasion of privacy or potential misuses, the extent to which data in large scale computer systems is made available within an agency having the computer or to other agencies and to others is a matter which is an agency responsibility. Current ADP technology enables certain computer systems to be tied together by communications lines which enable them to communicate with each other and to exchange information directly. There are techniques available for restricting access of certain individuals or organizations to the data base of any shared computer system unless authority has been given to the requestor by the owner of that data base. As a rule, therefore, access to the data base is restricted to the agency which created the record and to those specific individuals or organizations to which that agency has given authorization. These actions are of course taken in accordance with individual agency policies and conform to the provisions of the Freedom of Information Act where applicable. I do not wish to leave the impression, however, that it is impossible for individuals or organizations to illegally access a data base. However, there is available a wide range of technical, and I should_add administrative, means for securing data bases from unauthorized access. There are also a number of efforts underway to provide for greater security from unauthorized access. Insofar as our views are concerned regarding the development of systems to serve the information needs of the public, Joan Riordan, of the General Services Administration, last week provided your subcommittee, with information relating to the Federal Information Centers operated by GSA. This is part of our agency's effort to improve Government services to the public. While ADTS does not have the substantive responsibility for the development of such systems, we certainly feel that public needs for all kinds of information, particularly about Federal processes, should be addressed in the most cost effective manner possible. We stand ready to provide the communications and computer means for accomplishing this objective when requested to do so. Mr. Chairman, this completes my statement. We will be happy to respond to any questions which you or other members of the subcommittee may have. Mr. MOORHEAD. Thank you, Mr. Weinstein. I have one question and then I have an appointment which will take me a while. Mr. Alexander will then be presiding. The security of the data base-do you consider that part of the responsibility of the ADTS or is the responsibility exclusively with the agency with whom you are dealing? Mr. WEINSTEIN. If we in ADTS are maintaining a data base for the agency or ADTS is operating a computer system for an agency, we consider it our responsibility not to make any information available from computer systems unless the agency which has created the record has authorized the disclosure to certain individuals. This is also true of our national teleprocessing services contract. Agencies which have data bases located on this service are the only ones that can permit disclosure of that information. When they operate a system themselves and we do not operate the computer for an agency, it is completely an agency responsibility. Mr. MOORHEAD. You say, however, there is available a wide range of technical means for securing data base from unauthorized sources and that none of the efforts are underway. Are these efforts underway at ADTS? Mr. WEINSTEIN. There are administrative techniques and there are technical techniques. Administrative techniques are similar to those described by the gentlemen from the Social Security Administration. We have in our system a number of administrative techniques which concern passwords, keywords, and billing codes because we bill each user of our system for use of the system. In addition, there are certain technical means. These technical means involve the use of certain technical security measures which preclude unauthorized persons from being able to even enter the communication line. In other words, if you want to get real secure you don't use the telephone lines. You install your own secure lines and this can be done. You can have technical means which restrict the access to a certain |