Putting security on the map

California map flap rekindles debate about public access to government geospatial data

Federal Geographic Data Committee’s Guidelines for Providing Appropriate Access to Geospatial Data in Response to Security Concerns (.pdf)

Santa Clara County’s recent decision to temporarily halt the commercial sale of electronic government maps marks the latest action in a long-running conflict between providing access to spatial information and protecting that information because of security concerns.

The California county decided to stop selling geographic information systems (GIS) data to the public in March, citing security concerns. Santa Clara officials asked state and federal homeland security offices to evaluate the information in question, some of which county officials deemed protected data. But critics say the decision to stop selling the data to the public is more about money than public safety.

Similar restrictions appear to be unusual but not unprecedented. In 2005, the Connecticut Supreme Court heard the case of a man whose request for GIS records was rejected by the town of Greenwich. Some restrictions on spatial data date to the Cold War era.

Regulating access to spatial information requires balancing national security and the free flow of information, said John Olesak, vice president of geospatial intelligence at Northrop Grumman. Olesak said Web-enabled access to geospatial data is generally a good thing, but he added that some geospatial data is sensitive information. “When we think about the concept at large, many of us in the industry have wondered aloud how much is too much in terms of availability.”

The geospatial community must be concerned with individual datasets and how combinations of datasets may be used or misused, Olesak said. Information on terrains, weather, buildings, power grids and hydrology could be combined in ways not envisioned by the individual data publishers.

“Through the power of that data integration, you have placed into the hands of anyone who has access to it the capability to use it from an intelligence perspective,” Olesak said. “And I think there are good intended uses of that, but there could be a downside to that as well.”

Playing the security card?
In the case of Santa Clara County, not everyone buys the security argument. “Our view is that their national security issue is totally bogus,” said Peter Scheer, executive director of the California First Amendment Coalition.

Scheer said the county’s practice and policy has been to sell spatial information to anyone who would pay the fee. That fee is the subject of a lawsuit the coalition filed in October 2006 against Santa Clara County. The suit states that the county’s charge for parcel information for the entire county would total about $250,000. Sheer said that is a steep price tag and one that has limited sales to a handful of customers, such as utilities. The suit seeks the release of the county’s GIS base map.

“Public access to copies of the base map…would allow ordinary members of the public to have the same information as county officials, real estate development companies, insurers and other special interests,” the suit states.

Before the Superior Court of California could rule, Scheer said, the county “decided the GIS base map contained sensitive national security data and went to [the Homeland Security Department] to have it designated as sensitive.”  Scheer said he believes the county wants to preserve its high fees by limiting the customers to whom it will sell the GIS data.

But Joyce Wing, Santa Clara’s chief information officer, said the timing stems from her relative newness in that position and a desire to develop a better understanding of the county’s GIS holdings. “We all wanted to sit back and see what…we have,” she said.

Wing said the county plans to work with the state homeland security office to determine how to go about protecting certain data elements. The objective “is not restricting everything, just certain components,” she said. Wing’s concerns included map components depicting access points to the region’s water system.

As for GIS pricing, Wing said, some California counties charge more for their data, and others charge less. She found that looking at prices led to apples-to-oranges comparisons because some county base maps contained much more information than Santa Clara County and others much less.

Because the coalition filed its lawsuit, the county hired a consultant to evaluate pricing to “help us assess what we should be charging if we wanted to sell beyond government agencies,” Wing said. As a result, the base map price could come down to $22,000.

While the security assessment continues, the county’s GIS data remains available to other government bodies. In addition, the public may continue to purchase information on individual parcels. Wing said public buyers typically ask for GIS data on 10 or fewer parcels, for which the county typically charges about $250.

National security and GIS access were also the subject of debate in a recent Connecticut legal tussle. In a 2002 case before Connecticut’s Freedom of Information Commission, Greenwich officials contended that the release of the town’s GIS data could “compromise law enforcement communications networks, thereby compromising the security of the entire town,” according to a commission document.

However, the commission determined that the town’s contentions were speculative and not sufficient grounds for withholding records. The Connecticut Supreme Court eventually heard the town’s appeal. In 2005, the court ruled that “the evidence presented in this case was insufficient” to exempt the GIS data from public disclosure under the state’s Freedom of Information Act.

Linda Zellmer, a member of the Cartographic Users Advisory Council, said the Connecticut and Santa Clara County examples are the only court cases involving GIS data access she has encountered. 

In California, Scheer said, most counties, including Los Angeles County, have moved in the direction of making their GIS base map available at minimal cost. State governments want restrictive GIS access policy loosened, he added. Limits on data availability would impede efforts to create statewide GIS, he said, which is something the California Department of Transportation wants to help it plan road repairs.

“You can’t create a statewide GIS that is meant to be affordable if a couple of the pieces of the puzzle can only be available at prohibitive cost,” Scheer said.

Crafting access policies
Government agencies weighing the issue of GIS data access have a couple of guideposts they can use. One is a 2004 Rand report, “Mapping the Risks: Assessing Homeland Security Implications of Publicly Accessible Geospatial Information.”

Another is the Federal Geographic Data Committee’s “Guidelines for Providing Appropriate Access to Geospatial Data in Response to Security Concerns.” The guidelines, published in 2005, address measures that can be taken to protect data but still make it available to the public. “The guidelines are written to promote access to data, rather than limiting access to data,” said Zellmer, a user community representative who participated in the federal committee’s guideline creation process.

Olesak said those guidelines are useful, but they are evolving. “The standards that underlie this geospatial domain need to constantly be evaluated and moved forward,” he said.
Questions to ask about geospatial dataAgency managers can consult the Federal Geographic Data Committee’s guidelines when they have questions about when geospatial data from geographic information systems needs to be protected. That organization’s document, titled “Guidelines for Providing Appropriate Access to Geospatial Data in Response to Security Concerns,” published in 2005, offers a framework for identifying sensitive information.

For geospatial data that originates within an agency, the guidelines suggest that agencies ask three questions to help them determine whether the data needs to be safeguarded: What security risk would its release pose? Is the information unique? What are the net benefits of disseminating the data?

The first point addresses the question of whether the data could be useful for selecting a potential target or planning and executing an attack. The second addresses whether the agency is the sole provider of the sensitive information. Can the same information be obtained from other open sources?

A 2004 Rand Corporation study found that less than 1 percent of publicly available federal Web sites and databases house geospatial information not readily available elsewhere that could help terrorists and other hostile forces mount attacks in the United States.

Finally, an organization must decide whether the security costs of distributing sensitive data outweigh the societal benefits of dissemination.

Depending on the answers to those questions, agencies have two options for safeguarding geospatial data. They can change the data or restrict its distribution. The guidelines state that agencies could change the data by reducing the image data’s resolution, eliminating pixels or applying an algorithm that reduces the sharpness of the image.
— John Moore

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above