@Info.Policy: Protecting data about infrastructures could be too big a task
- By Robert Gellman
- Apr 22, 2004
Sept. 11, 2001, sparked widespread re-examination of information disclosure policies. It isn't clear, however, that the response makes much sense to date.
The distinction between protecting critical infrastructure facilities and information about them has too often been glossed over. It's worth thinking about the consequences of additional protections for the broadly defined category of critical infrastructure information.
A fundamental problem is that many things qualify as critical infrastructure, including power plants, water and sewer systems, telephone networks, harbors, subways, chemical plants, bridges, computers, hospitals and pipelines. Don't overlook administrative functions such as issuance of driver's licenses and other identification documents.
Further, a considerable amount of basic infrastructure information is available to anyone who walks, drives, reads or surfs the Web. Do you remember how the FBI became a laughingstock last year for warning about travelers who carry almanacs? Did someone at the FBI open the World Almanac and discover a list of dams, bridges and tall buildings?
Nevertheless, let's suppose that we want real restrictions. How do we do it?
We begin by considering who has legitimate access to critical infrastructure information. We can start with outsiders: workers who built the facilities, truckers who move things between plants, police and firefighters, safety inspectors, meter readers and others. It's a big number, and we haven't yet counted the insiders. Should we include every bridge toll-taker?
Anyone who gets a job as a laborer in a chemical plant could theoretically leak critical information. Does that mean these workers will need a clearance of some sort? If so, then someone has to pay the cost. A midlevel clearance runs a few thousand dollars. The total cost to society could be tens of billions of dollars.
Another effect would be denial of work to individuals with something problematic on their records. How many construction workers, truck drivers or architects have convictions for drunk driving, have traveled to countries harboring terrorists, have bad credit or did something stupid in college? Not only could these people lose their jobs if investigated, but some could become permanently unemployable in their fields. We deny security clearances to people with felonies. Will we have the same policy for critical infrastructure information?
This has been a very short stroll down the garden path of comprehensive controls. The options are not easy, inexpensive or inconsequential. A half-baked system of controls is not likely to make much difference, but full controls would be intolerable.
Without question, some critical infrastructure information has always deserved and received protection for security or economic reasons. But some of it is essential to public debate. Hiding information is often a tactic of political appointees and bureaucrats who are lazy, scared or avoiding oversight.
At this late date, any agency still withdrawing information from public view on grounds of protecting critical infrastructure bears a heavy burden of showing that it doesn't fall into one of those categories.
The task of defining a comprehensive, coherent and workable system of critical infrastructure information controls is overwhelmingly difficult. It remains to be seen if there will be any takers. Robert Gellman is a Washington privacy and information policy consultant. E-mail him at firstname.lastname@example.org.