Showdown: data sharing vs. privacy
- By Susan M. Menke
- May 23, 2002
GCN Photos by Henrik G. DeGyor
PowerPoint-style graphs have given way to detailed engineering reports 'as we got the data owners involved and comfortable.'
'NASA's Ronald L. Phelps
'It scares the heck out of [agency managers] that they have to resolve their internal inconsistencies and draw a picture of their business processes.'
'VA's Edward R. Meagher
How can agencies share their information while keeping control of it?
Negotiating the proper rules is the crux of the matter'not technology, IT managers said last week at a Baltimore meeting sponsored by Information Builders Inc. of New York.
'We envision sometime in the future getting to an end state,' said George R. Molaski, former Transportation Department CIO and now president of E-Associates of Falls Church, Va. 'We're all going to be in Extensible Markup Language or all in some other type of system at different levels of government and across agencies. But what can we use today?'
Ronald L. Phelps, a program manager at NASA's Kennedy Space Center, said he had to negotiate hard to build the 3-year-old Insight metrics system that extracts shuttle preparation data from contractors' as well as NASA's own systems. Now, he is adding a daily electronic logbook to keep every engineer and manager on the same virtual page.Made the switch
About 300 managers have 'switched from oversight to Insight,' he said, because it integrates information 'from a lot of different databases and different operating systems.'
Phelps said he managed to get access agreements from the data owners by showing them that Insight is 'not a tool to beat people up with. The first time they feel uncomfortable, they're going to cut off access.'
The key, he said, was letting each contractor set its own security rules.
'If my system sees things that are different' from what NASA managers and contractors are officially reporting, 'then let's sit down and talk about it,' he said. 'Maybe I'm looking at the data wrong. Maybe there's an error.'
Another step that called for negotiation skills was 'making the engineers comfortable with a new way of doing business' by browser, Phelps said, because Insight eliminated the paper reports by which they gauged shuttle contractor performance.
'We started it out as strictly a metrics system,' he said, but Microsoft PowerPoint-style graphs have given way to detailed engineering reports 'as we got the data owners involved and comfortable.'
Passwords are adequate authentication to use Insight, Phelps said, because the space center's Microsoft Windows 2000 network operating system already knows each user.
But Edward R. Meagher, deputy CIO of the Veterans Affairs Department, had a different take on the security aspects of sharing data'in his case, with the Defense Department.
'In e-government and homeland defense, security is one issue and privacy is another,' Meagher said. 'We don't have veterans' permission to share' their personal information across agencies. 'The problem we have to come to grips with before we do this grand work is, how do we protect privacy? Is technology going to do it for us? If not, what new agreements are we going to have to make?'
E-government projects will run up hard against the privacy issue, Meagher predicted, when interagency data sharing leads to an accumulation of data about individuals. Such accumulations are highly desirable for homeland defense but highly undesirable to many citizens, he said.
Digital certificates are one way to protect information at multiple levels, although maintaining relationships among several hundred data types across multiple agencies' systems 'gets very complex,' Meagher said.Sharing citizen information
'To get to where we need to get to,' Molaski said, 'we need some way to control the integrity and confidentiality of data,' such as a mature public-key infrastructure with integrated encryption, or role-based security.
Both DOD and the General Services Ad-ministration have PKI in place, said John O. Clark, program director in GSA's Intergovernmental Solutions Office. 'But citizens want more'an opt-in policy so that we know up front what information we can share about them.'
Agency managers have only recently begun to accept that 'IT is an enabler' and not in charge of the business processes, Meagher said.
'It scares the heck out of them that they have to resolve their internal inconsistencies and draw a picture of their business processes' before IT can help them move along in information sharing, he said.