Our primary Government-wide responsibilities in the ADP area are derived directly from section 111 of the Federal Property and Administrative Services Act of 1949 as amended.

Section 111 is popularly known as the Brooks Act, or Public Law 89-306, which was passed by the Congress in October 1965.

Mr. MOORHEAD. I was a member of the Brooks subcommittee at that time, Mr. Weinstein.

Mr. WEINSTEIN. Our Governmentwide responsibilities in the communications area are derived from section 201 of the Federal Property Act. Essentially, ADTS is responsible for the direction and coordination of a comprehensive Governmentwide program for the management, procurement, and utilization of general purpose ADP equipment and services, and general and special purpose communications equipment and services.

Specifically, we coordinate and provide for the economic and efficient purchase, lease, and maintenance of general purpose ADP equipment for use by Federal agencies. We are prohibited by law, Public Law 89-306, from impairing or interfering with the determination by agencies of their individual ADP requirements. Nor can we interfere or attempt to control in any way the use made of ADP equipment or components thereof by any agency.

In the field of communications our efforts are similarly directed to the provision of communications services for executive agencies with due regard for program activities of the agency concerned, with the aim of providing telecommunications services which will achieve overall operating efficiencies and economies.

Specifically, ADTS also provides services to other units of the Federal Government in a number of ways. We operate 12 Federal data processing centers which provide data processing computational services, programing services, and data conversion services. We also provide remote computing, popularly known as "timesharing," through the National Teleprocessing Service.

This service operates through a nationwide network developed to provide Federal agencies with a low cost and broadly based source of data teleprocessing services. Full teleprocessing services are provided to government users nationwide for both interactive and remote batch modes of processing from a common base.

These services are provided by the Infonet Division of the Computer Sciences Corp. under a governmentwide requirements contract. We also operate a timesharing service from our Federal data processing center in Atlanta which provides only general interactive timesharing service to government users on a nationwide basis.

Where existing government facilities cannot satisfy agencies' requirements, we satisfy their requirements by procuring either equipment or systems to meet their individual needs.

We delegate to agencies the authority to procure where we do not wish to procure it for them. This is done from time to time.

We also assist agencies, particularly those with limited experience or expertise, in conducting ADP and communications systems studies. We operate and provide certain telecommunications services. through our Federal Telecommunications System, a nationwide network of communication lines and high speed switching facilities leased by GSA for use by Federal agencies.

Its purpose is to provide a wide range of services at costs less than commercial rates. The system provides for local and long-distance telephone services, as well as transmission of facsimile and data traffic. We also operate and provide services through Federal telecommunications records centers located in Federal office buildings occupied by a number of government agencies. The purpose of these centers is to provide a wide range of centralized communications services for users, such as teletype, facsimile, and data transmission.

The ADTS role in planning, operating, and/or coordinating Federal information systems is essentially limited to those activities which service the management needs of Federal agencies whose requirements in this area need to be met through the use of computers and/or communications facilities or services.

In essence our role is not directly related to the establishment of Federal information systems but rather to the fulfillment of the stated agency requirements through computers and communications. To that extent we have the responsibility of analyzing current trends in the communications and data processing fields.

From our analyses of these trends we develop plans for telecommunications and ADP showing long-range projection requirements based on anticipated needs of agencies and on technological advances in communications and data processing.

Our aim here is to provide for these requirements in the most cost effective manner possible and, wherever technically feasible, to plan for shared systems to meet various kinds of ADP and telecommunications requirements.

Our views here are that the need for shared and interconnected systems is directly related to the cost effectiveness of separate versus shared or interconnected systems and not to the necessity for or desirability of the system itself as it relates to the subject matter.

Of course, there may be a number of specific data bases which are so functionally interrelated that it is essential to interconnect the systems in order to provide for meaningful output even in the face of potentially higher costs.

In the area of safeguards needed for protection against invasion of privacy or potential misuses, the extent to which data in large scale computer systems is made available within an agency having the computer or to other agencies and to others is a matter which is an agency responsibility. Current ADP technology enables certain computer systems to be tied together by communications lines which enable them to communicate with each other and to exchange information directly.

There are techniques available for restricting access of certain individuals or organizations to the data base of any shared computer system unless authority has been given to the requestor by the owner of that data base.

As a rule, therefore, access to the data base is restricted to the agency which created the record and to those specific individuals or organizations to which that agency has given authorization. These actions are of course taken in accordance with individual agency policies and conform to the provisions of the Freedom of Information Act where applicable.

I do not wish to leave the impression, however, that it is impossible for individuals or organizations to illegally access a data base. However, there is available a wide range of technical, and I should add administrative, means for securing data bases from unauthorized access. There are also a number of efforts underway to provide for greater security from unauthorized access.

Insofar as our views are concerned regarding the development of systems to serve the information needs of the public, Joan Riordan, of the General Services Administration, last week provided your subcommittee, with information relating to the Federal Information Centers operated by GSA. This is part of our agency's effort to improve Government services to the public.

While ADTS does not have the substantive responsibility for the development of such systems, we certainly feel that public needs for all kinds of information, particularly about Federal processes, should be addressed in the most cost effective manner possible. We stand ready to provide the communications and computer means for accomplishing this objective when requested to do so.

Mr. Chairman, this completes my statement. We will be happy to respond to any questions which you or other members of the subcommittee may have.

Mr. MOORHEAD. Thank you, Mr. Weinstein. I have one question and then I have an appointment which will take me a while. Mr. Alexander will then be presiding.

The security of the data base-do you consider that part of the responsibility of the ADTS or is the responsibility exclusively with the agency with whom you are dealing?

Mr. WEINSTEIN. If we in ADTS are maintaining a data base for the agency or ADTS is operating a computer system for an agency, we consider it our responsibility not to make any information available from computer systems unless the agency which has created the record has authorized the disclosure to certain individuals.

This is also true of our national teleprocessing services contract. Agencies which have data bases located on this service are the only ones that can permit disclosure of that information. When they operate a system themselves and we do not operate the computer for an agency, it is completely an agency responsibility.

Mr. MOORHEAD. You say, however, there is available a wide range of technical means for securing data base from unauthorized sources and that none of the efforts are underway. Are these efforts underway at ADTS?

Mr. WEINSTEIN. There are administrative techniques and there are technical techniques. Administrative techniques are similar to those described by the gentlemen from the Social Security Administration.

We have in our system a number of administrative techniques which concern passwords, keywords, and billing codes because we bill each user of our system for use of the system. In addition, there are certain technical means. These technical means involve the use of certain technical security measures which preclude unauthorized persons from being able to even enter the communication line.

In other words, if you want to get real secure you don't use the telephone lines. You install your own secure lines and this can be done. You can have technical means which restrict the access to a certain

port, certain hole in the computer system itself. So that only the authorized individual can get into that part of the computer system.

You can spend as much money as you can think of in designing technical means or cryptological means for restricting access. It depends on what you want to restrict.

There is a study underway by the IBM Corp. which started about a year ago for devising additional technical means. The study, as far as I know, has not been completed as yet. There are additional studies underway in other Government agencies.

Mr. MOORHEAD. Thank you, Mr. Weinstein.

Will you please take the chair, Mr. Alexander?

Mr. ALEXANDER [presiding]. Mr. Weinstein, the susceptibility of data processing information stored in computer data banks to reproduction by a rapid method is frightening. Now when one thinks in terms of abuses that could be made of that information and the exploitation of persons of less character than those represented by your administration and those that preceded you, we in this committee feel a very solid responsibility to inquire into the methods that have been deployed and that are being devised in order to secure that information.

I appreciate your reference to that. I would like to ask if you are satisfied in your own mind, based on your technical experience, that the information that is stored in these data banks, say, for social security purposes would be secured from abuse by those who would abuse that information.

Mr. WEINSTEIN. You are specifically referring to the Social Security Administration?

Mr. ALEXANDER. Yes, sir.

Mr. WEINSTEIN. To be frank, I really could not answer that question with 100 percent certainty.

Mr. ALEXANDER. Would it comfort you as a citizen to know that the Congress is concerned about this problem and that we are considering requirements for security that may not now be employed or used in order to protect that information? Would you care to respond to that question?

Mr. WEINSTEIN. Would it comfort me?

Mr. ALEXANDER. Yes.

Mr. WEINSTEIN. Yes: My view on that is that certain information on individuals should not be released, generally, to any individual who might want it. There should be an established methodology for determining that the individual that wants the information has a right to the information. And so that what I am saying is that it would comfort me to know that there might be additional requirements.

Mr. ALEXANDER. In view of the fact that you now think that information, such as may be contained in computer data banks for social security beneficiaries, may not be as secure as it should be? Mr. WEINSTEIN. I honestly can't answer that. I don't know. Mr. ALEXANDER. Mr. Phillips?

Mr. PHILLIPS. Thank you, Mr. Chairman.

I think we have established that GSA has major overriding responsibilities in data processing areas and certain telecommunication functions that are related to Government information systems.

We were surprised to learn that GSA did not participate in the study for the President's Domestic Council entitled "Communications for Social Needs: Technological Opportunities," completed in September 1971. The report lists many agencies that did participate in this study, directed at an overall concept of interconnected telecommunication services, including very extensive use of data processing. That seems to be right in your ball park and your responsibility. Can you explain or offer some reason why GSA was not included in this study? Mr. WEINSTEIN. No; I can't explain the reason why it wasn't. I might be able to conjecture.

Mr. PHILLIPS. Speculate.

Mr. WEINSTEIN. Speculate, if you will. I became aware of the study recently as a result of reading about it in the Congressional Record. Let us put it that way.

I can conjecture that they were initially perhaps interested in a substantive area. By substantive area I mean an information system which would deal with certain discreet subjects, such as making information available. I can only conjecture that perhaps they would have presented the material to us at that stage of the game, that is when they had completed that investigation or their study.

I am merely speculating or conjecturing. I personally know that the automated data and telecommunication services was not aware of this study, to the best of my knowledge.

Mr. PHILLIPS. Also, I notice that the Social Security Administration was not a participant either. Two agencies that are among the largest users of this type of system that deals with all types of social security functions, including such things as education, health standards, law enforcement, disaster work, urban programs, and many others.

It seems almost impossible that you would not be brought into the planning and development of an overall administration recommendation for major innovations in this entire field. The subcommittee has been looking for an answer to this question. We are even more amazed that you hadn't seen it, let alone have input into it.

Do you think there is a need for some better overall coordination in this field within the executive branch?

Mr. WEINSTEIN. You are talking about an overall coordination in communication?

Mr. PHILLIPS. In telecommunications and automated data processing systems. Your office has a great deal of responsibility under the Brooks Act in this field. But do you feel that there is an adequate amount of overall coordination taking place?

This is a study of considerable magnitude-and this is only a very small part of it, the appendices in this volume-but they project a number of programs in very precise budgetary terms over the next 5 or 6 fiscal years. It leads us to the obvious question as to what type of coordination is taking place within the executive branch in this whole area, if any.

I know it is divided up among those involved-the Office of Telecommunications Policy, the Office of Telecommunications in the Conmerce Department, NASA, and many other agencies. But it doesn't seem to us that there is the kind of coordination that is needed if the executive branch is going to make the kind of long-range studies and