Editorial: Access vs. security: a balancing act
The Internet has made it possible for agencies to share information across government and with the public with previously unimaginable ease and relatively little cost. But recent cases have underscored the fact that agencies have the right to share information electronically only if they provide the means to protect it.
Vice President Al Gore made that connection clear this month when he called for a top-down review of how agencies protect personal information that is collected and stored electronically. The administration recognizes that information technology, and the Internet in particular, has the potential to erode the protections required by the Privacy Act and related statutes.
The Defense Department has come to a similar realization with respect to security. DOD recently decided to restrict Internet access to a database containing information on DOD systems' Year 2000 compliance status and other information. While this case had nothing to do with a person's right to privacy, DOD rightly decided that the risk of adversaries easily accessing this data outweighs the concerns about slowing down the efforts of individual services to fix the millennium bug.
Both cases demonstrated the growing realization that the Internet, regardless of its virtues, requires agencies to think carefully about the information they collect and the vulnerabilities they create by making that data available on the World Wide Web. The Social Security Administration set a good example last year when, in response to concerns about an online benefits database, it pulled the service off the Web and kept it off until the agency had determined how to eliminate potential vulnerabilities.
The Internet is a powerful tool for helping agencies make better use of information. But if agencies do not protect sensitive information with both policy and technology, they will be forced by public outcry or by Congress to shut access down. In that scenario, everyone loses.