Panel: Industry, government must cooperate on privacy
- By Roseanne Gerin, Wilson P. Dizard III
- Mar 23, 2004
Government agencies and IT companies must work together to identify and prevent ethical violations and threats to privacy as the use of new technologies grows in the federal sector, a panel of public-policy professionals said today.
The call comes as more IT companies sell advanced applications to the government, especially for intelligence- and security-related functions.
The potentially thorny issues in the government's procurement and use of new systems are the handling of personal information and business confidentiality, assurance of the availability of systems and the integrity of databases, the openness of information, intelligence property laws, and equality and access policies, said Frank Reeder, an information policy consultant.
'It's a partnership issue; those on the private side must help us on the public side to think through the larger implications [of using technology] before they come back to bite you,' Reeder said.
He was part of a panel hosted by the Association for Federal Information Resources Management at FOSE 2004 in Washington.
IT companies, some of which are unaccustomed to dealing with the government, have been pitching new technologies to agencies that raise questions about who should have access to the systems and for what purposes they can be used.
'For every technology solution rolled out, there is a constituency questioning the utility and ethics of it, so policy swirls around the CIO's office like never before,' said Scott Hastings, CIO for the U.S. Visitor and Immigrant Status Indicator Technology Program Management Office at the Homeland Security Department. Through the US Visit program, border guards use fingerprint scans and digital photographs to verify the identities of foreign visitors.
Using new applications can be risky business for federal government workers. Those who misuse personal information are in danger of being called before oversight committees to explain their actions or winding up in jail, Reeder said. Data abuses can also destroy public trust in agencies, especially those such as the IRS, which have moved certain document-filing abilities online to be more efficient, he said.
The question of just how far IT companies should have to go to point out potential technological threats to agencies that buy their systems is a nonissue, said Alan Paller, director of research at the SANS Institute, a research organization for people who secure and mange information systems.
The government cannot expect companies to undertake the task because they are focused on selling their systems and are 'drilled with [providing] satisfying answers to customers,' he said. He recommended the government enact explicit regulations to compel companies to inform agencies about the rules of delivering and using their technologies.
AFFIRM plans to launch a public analysis of computer ethics as they relate to the federal government, said Hastings, who is the organization's president. AFFIRM will invite comments on ethics issues from the public and agencies.
'I hope there will be push-back to this,' Hastings said.
The organization will take the debate a step further by publishing a white paper on the subject in a few months, he said.