Hardware — the machines or equipment involved in a data Software- the set of programs, languages, logical operat- Personnel - perhaps the most influential component of an Where information sharing activities are proposed, each of these Inhibiting Effects of Hardware. Fortunately, there are not many hardware incompatibilities which affect information exchanges among Federal agencies. In situations where different systems have to be linked in a telecommunications network, the problems of hardware interface may be severe. But most data transfer operations are simply that data transfers. Files of information, on tapes or other machine-readable media, are really the substance of any transfer. Compatibility of these raw data is, for the most part, easily met among various computer systems.90 89 For example, it is reported that the Environmental Protection Agency's replacement of IBM with UNIVAC hardware has run two years behind schedule at cost overruns of $5 million, due largely to coordination problems with personnel. "Conversion: A Dirty Word in Government," 23 Datamation, p. 150f (April 1977). 90 An important exception to this rule may involve the use of "minicomputers," small computers which are designed to be dedicated to a small 125 126 Inhibiting Effects of Software. Data exchange programs can be greatly impeded by the use of different software systems among different agencies. For example, if agency A had a large data file which was managed by data base management system X, the documentation, file structure, and processing would all be limited by the capabilities of X. If agency B wanted to use the file, but could not easily install X on its hardware, the documentation, file structure, etc., would have to be re-programmed on another software system, usually at considerable cost or with increased chances of error. Even if agency B maintained X for some other purpose, the data file transferred from agency A might require software beyond the capabilities of X. New software would have to be procured. More significant, if agency B maintained a non-secure data base management system Y and Agency A's system X had good security, a transfer of a confidential file would pose a serious security breach even if legal protection for B were afforded. The system Y would have to be extensively modified or discarded. Sometimes minor software incompatibilities can inhibit transfers by increasing conversion costs. If one data file used characters, conventions, or symbols not recognized by another system, the file would have to be edited or converted. Standards need to be developed which rely on common coding schemes, layouts, and record structures. Inhibiting Effects of Personnel Practices. When people are accustomed to working with one type of hardware or one software system, considerable retraining may be required before assigning them to other systems. Management of data processing in the Federal government typically segregates the "systems" people from the users. Those having extensive training in computer systems are generally involved in high-level conversion efforts. Although applications personnel and systems users bear the major responsibility for working with a system and its data files, they often have the least amount of training in computer science since they are primarily interested in applied areas-economics, statistics, program administration, etc. As a result, when data must be shared on a different or new system, the training of the user community may not be equal to the task. Moreover, the users may encounter other problems when using another agency's system. The agency hosting the data and the software system may be responsible for training outside users and consequently may be reluctant to absorb this burden. The costs of data sharing must therefore include training for outside personnel, including security-related procedures for those unfamiliar with handling confidential information. number of tasks. These systems allow for increased specialization and isolation from other systems and often have uniquely designed hardware and software features. See U.S. General Accounting Office, Uses of Minicomputers in the Federal Government: Trends, Benefits, and Problems, April 22, 1976. Enhancing Data Sharing Through Hardware. A decision to support data sharing activities will have certain impacts on system hardware. If the sharing requirements involve linking different computer systems into a network, some extensive hardware alterations and additions may be needed. Standardizing hardware requirements, however, may sacrifice competitive bidding from different manufacturers. Extensive networking and time-sharing activities may also involve security problems otherwise avoidable. For the most part, "plug to plug" compatibility is available among main frames, storage devices, and terminals. Economic, marketing, and technical considerations have led most hardware vendors to emphasize at least limited compatibility as a matter of corporate survival. On balance, interagency arrangements should be designed to share different information as much as possible and different computer systems as little as possible. Enhancing Sharing Through Software. Standardization of software as well as of data can contribute greatly to increased sharing under conditions of confidentiality. Increased familiarity of different agency users with common software standards can minimize training requirements and often compensate for the strictures of security required to maintain confidentiality. Standards for software can be implemented by adopting common programming languages, especially higher-level applications languages and compilers. The Department of Defense has enforced its data processing software standards with some success and the National Bureau of Standards has made available certain standards for coding and formatting data derived from reporting forms. Effective use of these conventions by the agencies collecting information, the major statistical agencies, and users may naturally 'spill over' into each other, but effective management and procurement policies can expedite the process of standardization. Enhancing Sharing Through Personnel Practices. The improvements required in agency personnel practices to enhance sharing while maintaining confidentiality call for increased standardization among the various agencies involved. At the same time, certain essential differences would have to be maintained for security purposes, to be disclosed only to those persons having a need to retrieve the information. Certain organizational responses may also overcome constraints and enhance sharing arrangements. Multi-agency users' organizations, interagency councils, and the like have, in the past, brought together agency employees with common interests or common problems. Observing the concept of a "host" agency responsible for leadership in an interagency data sharing program is another means of encouraging standardization. Constraints and Technology. The efficiency made possible by the growth of computer technology—the capability to link, exchange, and consolidate virtually limitless amounts of data has given rise to popular fears that mass abuses are inherent in any computerized systems. This popular reaction is not unlike the concomitant fear, expressed by many and also voiced in the Congress, that the use of 127 any universal unique identifier, such as the SSN, will also facilitate the misuse of personal information about the individuals so identified. Hence, despite the strong arguments to be made for the centralization and coordination of Federal data systems and the growing need for such steps, proposals for increased interagency data sharing and the establishment of information networks have met with considerable resistance. Obviously, the linkages, exchanges, and consolidation made possible by new technology must be subjected to controls to safeguard confidentiality. In designing such controls, consideration must be given not only to the legal, administrative, and technical safeguards required to preclude abuse but, equally important, to providing assurance to the Congress and the private sector that confidentiality will be maintained. These challenges will be easier to meet if approached on a step-bystep basis. Despite past opposition to the National Data Center proposal, consolidation of statistical record systems would seem to be the least controversial area, particularly in view of the flawless record of the Census Bureau in safeguarding confidentiality. Similarly, as popular and Congressional fears seem to be directed largely at the potential misuse of data—that is, for purposes other than those for which the data were collected proposals to consolidate data systems should probably be limited to programs performing similar functions. At the same time as efforts are being made to consolidate data systems and to foster data sharing, consideration must be given to the technological requirements of any such moves. The employment of advanced data processing technologies can facilitate such information practice reforms but only if adequate advance attention is given to the need for improved standards, procurement, and administrative practices affecting hardware, software, and person nel. Confidentiality Standards and Security This report has been concerned thus far with the legal framework of The maintenance of adequate physical safeguards is, of course, as essential to honoring confidentiality pledges as the statutory protection previously discussed. Legal and administrative safeguards can protect against disclosure in matters of agency discretion or litigation; only physical safeguards can protect confidential information from unauthorized or inadvertent disclosure, destruction, diversion, or alteration. Security breaches can also erode the confidence of voluntary respondents individuals and organizations participating in Federal data-gathering programs and surveys. Interagency exchanges of information can also be impeded or precluded if information transfers from one agency to another will not guarantee equal and adequate protection. As previous sections have considered appropriate standards and guidelines to safeguard confidentiality through legal and administrative means, this section considers measures necessary to resolve the remainder of the problem-security standards. Any such standards must meet two essential criteria: first, they must not interfere with intended reductions in the paperwork burden by inhibiting data exchange programs; second, they must be developed with appropriate legal and administrative rules in mind to coordinate all levels of protection. Also, such standards must be applicable to all records systems. Too often, the safeguards problem has focused only on computer security. What is needed is a comprehensive and balanced strategy that recognizes the full range of threats to system integrity whether the system is manual or automated. 'Most writers use the term "computer security" to mean the protection of hardware, software, and automated records. Nevertheless, at some time in the recordkeeping process, all records systems are in manual or paper form. Application forms, questionnaires, etc., are normally submitted in hard copy and much of the output of records systems is also in paper form. When these records have confidentiality constraints, they are part of the security picture even though they are not technically associated with the computer itself. 129 |