Skip Navigation
You Are In: Services > Information Resource Center > Topical Alerts > Information & Media (Updated November 23, 2009) > Information Policy archive
Skip Left Section Navigation

Information & Media

Information Policy Archive

AA09294
Wilson, David (Maj.) A GLOBAL PROBLEM: CYBERSPACE THREATS DEMAND AN INTERNATIONAL APPROACH (Armed Forces Journal, July 2009)
Full Text [HTML format]

Cyberspace has changed the way people communicate forever, the author writes, but with that change comes a host of new problems including identity theft, computer viruses, the defacement of websites and network intrusions. He says cyberspace has become “an entity unto itself, not controlled by anyone, but affecting all in one form or another.” Nations need to establish agreed-upon standards to help resolve problems plaguing cyberspace, including cybercrime. Wilson, who is chief of cyberlaw at the Army’s U.S. Space and Missile Defense Command, advocates setting up an international organization comprised of cyber-faring nations to oversee the borderless domain of international cyberspace. Such an organization would promote collaboration by governments and industry on software and filtering standards needed to block viruses and create an international firewall. He also calls for the creation of an international cyberspace convention to monitor the health of cyberspace and to deal with problems. Within that context, the author says an international Computer Emergency Response Group must be created.

 

FORCING THE NET THROUGH A SIEVE: WHY COPYRIGHT FILTERING IS NOT A VIABLE SOLUTION FOR U.S.
IPSS. Public Knowledge. Mehan Jayasuriya et al. July 2009.
Full Text [PDF format, 60 pages]

The analysis shows that filtering of Internet content as advocated by big media companies will not work and will be harmful to the Internet. Gigi B. Sohn, president and co-founder of Public Knowledge, said the report, “… examines for the first time the complex topic of content filtering from the technical, economic and legal perspectives. Content filtering fails in all of these tests. Filtering will not be the ‘magic bullet’ that the media moguls want, but it could degrade and alter the Internet for everyone while invading the privacy of every Internet user. There is no reason that any Internet Service Provider or media company should even think about engaging in such activity.”

[Note: contains copyrighted material.]

 

 

KNOWPRIVACY: CURRENT STATUS OF WEB PRIVACY, DATA COLLECTION, AND INFORMATION SHARING.
U.C. Berkeley, School of Information. Joshua Gomez et al. June 3, 2009.
Full Text [PDF format, 44 pages]

The authors compare users’ expectations of privacy online and the data collection practices of website operators. They also strive to identify specific practices that may be harmful or deceptive and attract the attention of government regulators.

[Note: contains copyright material.]

 

CYBERSPACE POLICY REVIEW: ASSURING A TRUSTED RESILIENT INFORMATION AND COMMUNICATIONS INFRASTRUCTURE.
The White House. May 29, 2009.
Full Text [PDF format, 76 pages]

The President directed a 60-day, comprehensive, “clean-slate” review to assess U.S. policies and structures for cyber security. Cyber security policy includes strategy, policy, and standards regarding the security of and operations in cyberspace, and encompasses the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure.

AA09162
Bhattacharjee, Yudhijit PORN’S BEST FRIEND (Atlantic, May 2009)
Full Text [HTML format]

Programs like “TrackMeNot” may disguise an individual’s Internet searches, but is search privacy a good thing for society? Monitoring searches and responsibly mining search logs can further the common good, says the author. For example, epidemiologists use Google search data to track the spread of influenza. Google and other companies claim that records of searches help them improve their search engines and prevent “click fraud,” automated clicking of links by those seeking to drive up their advertising revenue. The pressure from privacy advocates, however, is getting some results. Google announced it would “anonymize” IP addresses stored in search logs after nine months instead of its previous 18 month time frame.

 

AA09164
Fallows, James TINFOIL UNDERWEAR (Atlantic, May 2009)
Full Text [HTML format]

The author notes that there is no privacy on the Internet; the question is how to control the lack of privacy and the threats it may pose. Cookies, old files, browsing histories, are easy for users to control, and encrypting utilities work pretty well against eavesdropping. But it is “the inexorable pileup of information” on a variety of Web sites that experts identify as the major long-term threat to a user’s privacy. Your IIP addresses allow tracking of all your Internet activities, and the companies that collect and own that data have decided to retain it more or less forever. The technical developments that make this possible cannot easily be undone, but the business policies could be, Fallows says. Online firms, however, are disinclined to reveal everything they know about their users – this would be commercial suicide. Nonetheless, many experts believe that government legislation offers modern computer users their best hope. For instance, a future law might require Google and other companies to strip specific IP addresses from records of searching or browsing activity that they intended to store for more than a brief period. This would be a balancing act similar to the creation of the “do-not-call” list for telemarketers. It would preserve the legitimate commercial value of aggregate data about Internet use, while protecting individuals if the records were dredged up in legal proceedings — or simply lost, stolen, or exposed through negligence or incompetence.

 

A PLAN TO EXTEND SUPER-FAST BROADBAND CONNECTIONS TO ALL AMERICANS.
Century Foundation. John Windhausen, Jr. Web posted January 29, 2009.
Full Text [PDF format, 32 pages]

Few doubt that broadband communications are increasingly vital to our social and economic well-being. The universal availability of affordable high-speed access to the Internet has become essential not only for business, but also for public safety, research, education, health care, and protecting the environment. Broadband communications are the future, yet the U.S. government has no national broadband policy, and does not treat broadband as a form of infrastructure and does not regard broadband as an “essential” service. The U.S. currently lags behind other nations both in terms of connection speeds and the number of citizens who have access to broadband.

[Note: contains copyrighted material]

 

ENHANCING CHILD SAFETY & ONLINE TECHNOLOGIES.
Internet Safety Technical Task Force. January 13, 2009.
Full Text [PDF format, 278 pages]

The scope of the Task Force’s inquiry was to consider those technologies that industry and end users, including parents, can use to help keep minors safer on the Internet.

[Note: contains copyrighted material]

 

AA09027
Poulson, Theresa ‘FATHER OF THE INTERNET’ SEEKS EXPANSIVE ROLE FOR CTO (National Journal, December 22, 2008)
Full Text [HTML format]

Poulson interviews Google Vice President Vinton Cerf about what he envisions a chief technology officer (CTO) could do in the Obama administration. Obama has said he would create this position, the first for a presidential administration, but little specifics are available about what this person would do. Cerf said that while “it’s not an easy job to define” he thinks there are a lot of ways a CTO could not only improve American technology but contribute to improving the American economy by creating jobs through investments in infrastructure. Cerf said a CTO could reinvigorate broadband infrastructure, improve cyber security and explore how information technology can improve energy efficiency.

 

RISKS AT HOME: PRIVACY AND SECURITY RISKS IN TELECOMMUTING.
Ernst & Young and Center for Democracy & Technology. Web posted July 29, 2008.
Full Text [pdf format, 26 pages]

According to the report, personal and private information related to both employees and their employers may be compromised by telecommuting staff if privacy risks are not dealt with effectively. It identifies such issues in work-from-home arrangements. It covers the effective approaches and areas in need of improvement in how organizations protect personal and other sensitive company-related information.

[Note: contains copyrighted material]

 

AA08006
Nordenson, Bree THE UNCLE SAM SOLUTION: CAN THE GOVERNMENT HELP THE PRESS? SHOULD IT? (Columbia Journalism Review, vol. 46, no. 3, September/October 2007, pp. 37-41)
Full Text [html format]

The future of American newspapers has become a topic of increasing concern as circulation wanes and editorial cutbacks affect the quality of journalism. Top editors, experts and a media investor discuss the viability of government support of good news outlets with lagging profits. University of Illinois professor Robert McChesney notes that America’s founders protected the press in the Constitution and subsidized three newspapers in each state, because without that, “there would be places with no newspapers.” Serious newsgathering is seldom done in Internet-based media, and newspapers continue to cut investigative reporting resources. This is despite the fact that editorial costs make up only nine to twelve percent of the average newspaper’s budget. But there is substantial opposition among journalists to government subsidies, editor Geneva Overholser says, adding that it should be carefully considered rather than rejected outright. European examples are given, the British Broadcasting Corporation among them, which show how government support has bolstered a free press and preserved it from undue corporate influence. Government support of American public broadcasting is also discussed. Prejudices against government should be discarded when survival of journalism is at stake, writes the author, who quotes McChesney: “The nation was built on the idea that we have to put into place policies that guarantee journalism no matter what.”

 

ACCESS TO GOVERNMENT INFORMATION IN THE UNITED STATES.
Harold C. Relyea and Michael W. Kolakowski. Congressional Research Service (CRS), Library of Congress. Updated June 13, 2007.
Full Text [pdf format, 6 pages]

This Congressional Research Service (CRS) report reviews the historical aspects of inter-branch disputes of government information. “The Constitution of the United States makes no specific allowance for any one of the co-equal branches to have access to information held by the others and contains no provision expressly establishing a procedure for, or a right of, public access to government information.” However, over the years, Congress has legislated public access laws; e.g., the Freedom of Information Act (FOIA). Federal courts, on the other hand, have been reluctant to review disputes between Congress and the executive branch. It is expected that these conflicts will continue.

 

IDENTITY THEFT LAWS: STATE PENALTIES AND REMEDIES AND PENDING FEDERAL BILLS.
Tara Alexandra Rainson. Congressional Research Service (CRS), Library of Congress. June 1, 2007.
Full Text [pdf format, 18 pages]

“This report provides an overview of state laws on identity theft. It discusses state laws that penalize identity theft, as well as state laws that assist identity theft victims, including those that permit consumers to block unauthorized persons from obtaining their credit information, known as ‘security freezes.’” The report also provides summaries of pending legislation concerning identify theft.

 

VIOLENT TELEVISION PROGRAMMING AND ITS IMPACT ON CHILDREN.
U.S. Federal Communications Commission. April 25, 2007.
Full Text [pdf format, 39 pages]

The average American family watches television 8 hours and 11 minutes daily, and children watch approximately 2 to 4 hours daily. By the time children begin first grade, they will have spent the equivalent of three school years watching television.

Both private and governmental entities are concerned about the adverse effects on children of excessive violence on television. Consequently, Congress asked the Federal Communications Commission (FCC) to investigate the negative effects of excessively violent programs, the government’s ability to restrict broadcasts of these programs, and to clearly define the phrase: “excessively violent programming that is harmful to children.” This report is the results of the FCC’s investigation.

 

THE DIGITAL MILLENNIUM COPYRIGHT ACT: EXEMPTIONS TO THE PROHIBITION ON CIRCUMVENTION.
Kate M. Manual and Brian T. Yeh. Congressional Research Service (CRS), Library of Congress. February 21, 2007.
Full Text [pdf format, 18 pages]

The Digital Millennium Copyright Act (DMCA) passed in 1998 to protect copyright owners from infringement facilitated by digital technologies. However, the DMCA does permit temporary exemptions, such as “fair use,” which are granted every three years.

Six new exemptions have been granted and will take effect on October 27, 2009. These exemptions permit (1) the making of compilations of video clips for study courses; (2) archiving of obsolete computer programs or games; (3) bypassing obsolete hardware locks; (4) reading-aloud e-book functions; (5) connecting wireless telephone handsets to networks; and (6) testing for and correcting security flaws.

 

THE NET NEUTRALITY DEBATE: TWENTY FIVE YEARS AFTER UNITED STATES V. AT&T AND 120 YEARS AFTER THE ACT TO REGULATE COMMERCE.
Bruce M. Owen. Working Paper, AEI-Brookings Joint Center for Regulatory Studies, American Enterprise Institution and The Brookings Institution. February 2007.
Full Text [pdf format, 12 pages]

“Net neutrality is a slogan that stands for the proposition that the Internet and physical means of access to it should be available to all on uniform, non-discriminatory terms.” Proponents of net neutrality fear that access will be monopolized and that once successfully monopolized, services will be excluded to some. This paper presents an overview of agencies’ policies that regulate prices and economic interests and provides a historical view of monopoly power and anticompetitive behavior.

 

INFORMATION SECURITY GUIDE FOR GOVERNMENT EXECUTIVES.
Pauline Bowen, Elizabeth Chew, and Joan Hash. Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, U.S. Department of Commerce. January 2007.
Full Text [pdf format, 19 pages]

Studies have shown that senior management’s commitment to information security is the single most important element of the program’s success. Meeting these needs requires senior leadership to focus on effective information security and integrate security strategies into daily operation. This report provides a “broad overview of information security program concepts to assist senior leaders in understanding how to oversee and support the development and implementation of information security programs.”

 

INFORMATION ECONOMY REPORT 2006: THE DEVELOPMENT PERSPECTIVE.
United Nations Conference on Trade and Development (UNCTAD). November 16, 2006.
Download the document [pdf format, 346 pages]

This report emphasizes the role of governments in ensuring the development of policies that encourage competition and innovation in the information and communication technology (ICT) sector. According to the report, governments can play a major part in helping developing and transition countries establish and expand ICT networks that in turn stimulate economic growth and help domestic businesses compete internationally.

Currently 44% of developing and transition countries have national plans for fostering their information societies, and 20% are developing such plans. However, the report says, few of the countries that have such plans monitor and evaluate how effective they are.

[Note: Contains copyrighted material.]

 

INFORMATION SECURITY: COORDINATION OF FEDERAL CYBER SECURITY RESEARCH AND DEVELOPMENT.
United States Government Accountability Office (GAO). September 29, 2006
Download the document [pdf format, 34 pages]

Federal law and policy call for critical infrastructure protection activities to enhance the cyber and physical security of the infrastructures that are essential to national security, national economic security, and national public health and safety. These activities include building public-private partnerships, identifying critical infrastructure sectors, identifying federal agencies to work with the sectors to coordinate efforts to strengthen the security of critical infrastructures, and research and development (R&D) of cyber security tools and techniques. GAO was asked to identify the 1) federal entities involved in cyber security (R&D); 2) actions taken to improve oversight and coordination of federal cyber security R&D, including developing a federal research agenda; and 3) methods used for technology transfer at agencies with significant activities in this area. To do this, GAO examined relevant laws, policies, budget documents, plans, and reports.

GAO finds that federal entities have taken several important steps to improve the oversight and coordination of federal cyber security R&D. Actions taken to facilitate oversight and coordination of cyber security research include 1) chartering an interagency working group to focus on this type of research, 2) publishing a federal plan for cyber security and information assurance that is to provide baseline information and a framework for planning and conducting this research, 3) reporting budget information for cyber security research separately from other types of research, and 4) developing and maintaining government-wide repositories of information on R&D projects. However, says GAO, a federal cyber security research agenda has not been developed, as recommended in the National Strategy to Secure Cyberspace. Furthermore, the government-wide repositories are incomplete and not fully populated, in part because OMB has not issued guidance to ensure that agencies provide all information required for the repositories. As a result, key information needed for the effective oversight and coordination of cyber security research activities is not readily available.

 

PROTECTION OF SECURITY-RELATED INFORMATION.
Gina Marie Stevens and Todd B. Tatelman. Library of Congress, Congressional Research Service (CRS). September 27, 2006.
Download the document [pdf format, 29 pages]

The terrorist attacks of September 11 prompted a reevaluation of how to balance public access to information with the need for safety and security. The accumulation of confidential business information from owners and operators of the nation's critical infrastructures, 85 percent of which is reportedly owned by the private sector, continues to be a critical component of homeland security efforts.

The Freedom of Information Act of 1974 (FOIA) along with other statutes and regulations provide legal authorities for the protection of various types of security-related information. Nevertheless, some owners and operators are hesitant to voluntarily share security-related information with the government because of the possible disclosure of this information to the public.

To prohibit public disclosure of security-related information under the Freedom of Information Act and other laws, Congress has drafted and passed legislation designed to remove legal obstacles to information sharing. The Aviation and Transportation Security Act of 2001 (ATSA); the Critical Infrastructure Information Act of 2002 in section 214 of the Homeland Security Act; the Maritime Transportation Security Act of 2002 (MTSA); and the Safe Drinking Water Act (SDWA), as amended by the Public Health Security and Bioterrorism Preparedness and Response Act of 2002, each exempt certain types of security-related information from disclosure under the Freedom of Information Act. These statutes are examples of what are referred to as FOIA exemption 3 statutes; separate federal statutes prohibiting the disclosure of a certain type of information and authorizing its withholding under FOIA subsection (b)(3).

This report describes the current state of the law with regard to the protection of security-related information. This report does not apply to the maintenance, safeguarding, or disclosure of classified national security information.

 

RECOMMENDATIONS FOR IDENTITY THEFT RELATED DATA BREACH NOTIFICATION. MEMORANDUM FOR THE HEADS OF DEPARTMENTS AND AGENCIES. Executive Office of the President, Office of Management and Budget (OMB). September 20, 2006.
Download the document [pdf format, 11 pages]

The President's Identity Theft Task Force ("Task Force") was established by Executive Order 13402

on May 10, 2006. The Task Force has considered the steps that a U.S. Government department or agency should take in responding to a theft, loss, or unauthorized acquisition of personal information that poses a risk of subsequent identity theft.

 

The main Task Force recommendations are the following:

  • Agencies should identify a core response group in the event of a data breach. The group should include the CIO, chief legal officer, chief privacy officer, the inspector general, and a senior management official.
  • If an incident occurs, the core response group should do a risk analysis to determine whether the incident poses problems related to ID theft. The response group should consider how easy or difficult it would be for an unauthorized person to access the personal data; how the data was lost; the ability of the agency to mitigate the theft; and any evidence that the lost data is being used to commit identity theft.
  • If the response group determines there is risk, the agency should tailor its response to the nature and scope of the risk presented. Agencies should consider using technology to analyze whether the data loss appears to result in an identity theft. Agencies also should consider providing credit monitoring services at the government's expense.

 

MASS DIGITIZATION: IMPLICATIONS FOR INFORMATION POLICY.
United States National Commission on Libraries and Information Science (NCLIS). May 2006.
Download the document [pdf format, 24 pages]

This is a report from the "Scholarship and Libraries in Transition: A Dialogue about the Impacts of Mass Digitization Projects" Symposium held on March 10-11, 2006 at the University of Michigan, Ann Arbor.

Google announced in December 2004 that it would, in conjunction with five major research libraries (University of Michigan, Harvard University, Stanford University, Oxford University, and the New York Public Library ) digitize 10 million unique titles.

This report focuses on nine major project areas that have serious implications for national information policy.

The report addresses the following questions:

  1. How should important aspects of copyright -- fair use, orphan works, opt-in vs. opt-out models -- be handled in digitization projects?
  2. When is the quality of optical character recognition good enough? What about quality of content and authentication?
  3. What are libraries' roles and priorities in the digital age?
  4. Who will assume long-term ownership of books and journals and other media, and take responsibility for their long-term preservation? Who will preserve the public record?
  5. Standardization and interoperability -- How can the silos of digital initiatives communicate with each other?
  6. What are the roles of publishers and booksellers in the digital age?
  7. What business models are needed in the era of mass digitization? How will the open access movement affect the economics of digitization?
  8. What should be done about information illiteracy?
  9. What types of assessment are being used? How will we know if digitization and electronic access are meeting people's needs?

 

INTERNET INFRASTRUCTURE: DHS FACES CHALLENGES IN DEVELOPING A JOINT PUBLIC/PRIVATE RECOVERY PLAN. [GAO-06-672]
United States Government Accountability Office (GAO). June 16, 2006; Web-posted July 28, 2006.
Download the document [pdf format, 81 pages]

Federal policy recognizes the need to prepare for debilitating Internet disruptions and tasks the Department of Homeland Security (DHS) with developing an integrated public/private plan for Internet recovery. GAO was asked to (1) identify examples of major disruptions to the Internet, (2) identify the primary laws and regulations governing recovery of the Internet in the event of a major disruption, (3) evaluate DHS plans for facilitating recovery from Internet disruptions, and (4) assess challenges to such efforts.

Key challenges to establishing a plan for recovering from Internet disruptions include:

  1. The Internet's innate characteristics (such as the diffuse control of the many networks making up the Internet and private sector ownership of core components) that make planning for, and responding to, disruptions difficult;
  2. A lack of consensus on DHS's role and when the department should get involved in responding to a disruption;
  3. Legal issues affecting DHS's ability to provide assistance to restore Internet service;
  4. Reluctance of many in the private sector to share information on Internet disruptions with DHS; and
  5. Leadership and organizational uncertainties within DHS.

In this report, GAO urges Congress to consider clarifying the legal framework guiding Internet recovery. GAO also makes recommendations to the Secretary of the Department of Homeland Security to strengthen the department's ability to serve as a focal point for helping to recover from Internet disruptions by completing key plans and activities and addressing challenges.

 

PERSONAL INFORMATION: KEY FEDERAL PRIVACY LAWS DO NOT REQUIRE INFORMATION RESELLERS TO SAFEGUARD ALL SENSITIVE DATA. [GAO-06-674]
United States Government Accountability Office (GAO). June 26, 2006; Web-posted July 26, 2006.
Download the document [pdf format, 76 pages]

Financial institutions such as banks, credit card companies, securities firms, and insurance companies use personal data obtained from information resellers to help make eligibility determinations, comply with legal requirements, prevent fraud, and market their products. For example, lenders rely on credit reports sold by the three nationwide credit bureaus to help decide whether to offer credit and on what terms. Some companies also use reseller products to comply with PATRIOT Act rules, to investigate fraud, and to identify customers with specific characteristics for marketing purposes.

GAO was asked to examine (1) financial institutions' use of resellers; (2) federal privacy and security laws applicable to resellers; (3) federal regulators' oversight of resellers; and (4) regulators' oversight of financial institution compliance with privacy and data security laws. To meet these objectives, GAO analyzed documents and interviewed representatives from 10 information resellers, 14 financial institutions, 11 regulators, industry and consumer groups, and others.

GAO found that the applicability of the primary federal privacy and data security laws -- the Fair Credit Reporting Act (FCRA) and Gramm-Leach-Bliley Act (GLBA) - to information resellers, is limited. FCRA applies to information collected or used to help determine eligibility for such things as credit or insurance, while GLBA only applies to information obtained by or from a GLBA-defined financial institution. Although these laws include data security provisions, GAO recommends the expansion of such requirements to all sensitive personal information held by resellers. The report says that Congress should consider requiring information resellers to safeguard all sensitive personal information they hold, and giving the Federal Trade Commission civil penalty authority for enforcement of GLBA's privacy and safeguarding provisions. GAO also recommends that state insurance regulators ensure compliance with GLBA.

 

PROTECTION OF NATIONAL SECURITY INFORMATION.
Jennifer K. Elsea. Library of Congress, Congressional Research Service. June 30, 2006.
Download the document [pdf format, 26 pages]

Recent cases involving alleged disclosures of classified information to the news media or others who are not entitled to receive it have renewed Congress's interest with regard to the possible need for legislation to provide for criminal punishment for the "leaks" of classified information. The Espionage Act of 1917 and other statutes and regulations provide a web of authorities for the protection of various types of sensitive information, but some have expressed concern that gaps in these laws may make prosecution of some disclosures impossible.

The 106th Congress passed a measure to criminalize leaks, but President Clinton vetoed it. The 108th Congress reconsidered the same provision, but instead passed a requirement for the relevant agencies to review the need for such a proscription. The Department of Justice, in turn, reported that existing statutes and regulations are sufficient to prosecute disclosures of information that might harm the national security.

This report provides background on previous legislative efforts to criminalize the unauthorized disclosure of classified information; describes the current state of the laws that potentially apply, including criminal and civil penalties that can be imposed on violators; and some of the disciplinary actions and administrative procedures available to federal government agencies, that have been addressed by federal courts. Finally, the report considers the possible First Amendment implications of applying the Espionage Act to prosecute newspapers for publishing classified national defense information.

 

SECURITY CLASSIFIED AND CONTROLLED INFORMATION: HISTORY, STATUS, AND EMERGING MANAGEMENT ISSUES.
Harold C. Relyea. Library of Congress. Congressional Research Service. June 26, 2006.
Download the document [pdf format, 36 pages]

Current security classification arrangements, prescribed by an executive order (EO) of the President, trace their origins to a March 1940 directive issued by President Franklin D. Roosevelt as E.O. 8381. This development was prompted by desires to clarify the authority of civilian personnel in the national defense community to classify information, to establish a broader basis for protecting military information in view of growing global hostilities, and to manage better a discretionary power seemingly of increasing importance to the entire executive branch.

Since September 11, 2001, several issues have arisen regarding security classified and controlled information. The volume is a concern: 8 million new classification actions in 2001 jumped to 14 million new actions in 2005, while the quantity of declassified pages dropped from 100 million in 2001 to
29 million in 2005. Expense is an issue: $4.5 billion spent on classification in 2001 increased to $7.1 billion in 2004, while declassification costs fell from $232 million in 2001 to $48.3 million in 2004, according to annual reports by the Information Security Oversight Office (ISOO) of the National Archives and Records Administration (NARA).

Some agencies were recently discovered to be withdrawing archived records from public access, and reclassifying them. ISOO has indicated that the federal government needs to apply a more integrated approach among the classifying agencies. The force of, and authority for, information control markings, other than security classification labels, have come under congressional scrutiny, prompting concerns about their number, variety, lack of underlying managerial regimes, and effects. Among those effects, contend the Government Accountability Office and the manager of the Information Sharing Environment for the intelligence community, is the obstruction of information sharing across the federal government and with state and local governments. These and related matters, including remedial legislation (H.R. 2331, H.R. 5112, H.R. 5441), are examined in this report.

 

TOOLS TO AVOID DISCLOSING INFORMATION ABOUT INDIVIDUALS IN PUBLIC USE MICRODATA FILES.
Cynthia M. Taeuber. Brookings Institution, Metropolitan Policy Program. June 2006.
Download the document [pdf format, 45 pages]

To meet the needs of data users (researchers and policy makers), statistical agencies have long provided public use microdata (PUMS) research files that have a low risk of re-identification of individuals. Technological advances in recent years have made it easier for researchers to create a "mosaic" of data sets that increase the chances of identifying an individual, and make it more complex for statistical agencies to meet their statutory mandate to keep private information private. Simply put, the problem can be worded thus:

  • A great deal of information is available about individuals on the Internet.
  • Sophisticated software has been developed that allows the linkage of records, and as a result, a small percentage of individuals that make up traditional public use microdata (PUMS) files can be identified.

This paper examines the risks and effectiveness of traditional techniques for protecting data confidentiality and the privacy of individuals. The author recommends that statistical agencies invest more to find alternatives to enhance data quality, while lowering the risks of the identification of individuals.

[Note: Contains copyrighted material.]

 

2005 REPORT TO THE PRESIDENT: INFORMATION SECURITY OVERSIGHT OFFICE.
National Archives and Records Administration (NARA). Information Security Oversight Office (ISOO). May 25, 2006.
Download the document [pdf format, 32 pages]

ISOO oversees the security classification programs in both government and industry and reports annually to the President on their status. This NARA office:

  1. Promotes and enhances the system that protects the national security information that safeguards the American Government and its people.
  2. Provides for an informed American public by ensuring that the minimum information necessary to the interest of national security is classified and that information is declassified as soon as it no longer requires protection.
  3. Promotes and enhances concepts that facilitate the sharing of information in the fulfillment of mission-critical functions related to national security.
  4. Provides expert advice and guidance pertinent to the principles of information security.

Among the findings in the report:

  • Classification - The numbers reported to ISOO for FY 2005 reveal an estimated 258,633 original classification decisions, 26 percent fewer than those reported for FY 2004. Most of this decrease came in the Secret and Confidential categories, which are down by 29 percent and 23 percent, respectively. In both of these categories, the most significant decreases were reported at the Department of Defense (DOD) and the Department of State (State), while the total at the Department of Homeland Security (DHS) was up slightly.
  • Declassification - DOD, whose numbers had previously been declining, reported a 4 percent increase in the number of pages declassified in FY 2005. Six other agencies- Department of Commerce (Commerce), Department of Energy (DOE), Department of Transportation (DOT), National Aeronautics and Space Administration (NASA), Nuclear Regulatory Commission (NRC), and National Security Council (NSC)-reported large increases in declassification productivity during FY 2005. Of particular note are Commerce and DOT.

Commerce reported 78,080 pages declassified (up from zero). Likewise, DOT reported 8,000 pages declassified, whereas in previous years it averaged only 18 pages.

 

AA06172
Powers, William THIS LEAKY WORLD (National Journal, Vol. 38, No. 18, May 6, 2006, p. 60)
Full text available from your nearest IRC

Powers, a National Journal columnist, describes how democracies in various parts of the world are dealing with questions about anonymous sources, the law, and the press. While Americans tend to see the problem as peculiar to the U.S., he points out that Australia has recently enacted anti-terrorism legislation that some observers see as already having a "chilling effect on the news." In Mexico, the government has passed a law which allows journalists to protect their sources because of the danger from drug cartels and gangs. A recent court case in Japan allowed some journalists to protect their sources. Powers concludes, "Freedom of the press is a delicate dance, a never-ending series of judgment calls. The more tightly a society ... tries to define that freedom, the harder it becomes for journalists to do their jobs."

 

INTERNET DOMAIN NAMES: BACKGROUND AND POLICY ISSUES [97-868 STM]
Kruger, Lennard G. Congressional Research Service, Library of Congress. Updated: April 18, 2006
Download the document [pdf format, 6 pages]

"To navigate the Internet requires using addresses (and corresponding names) that identify the location of individual computers. As the Internet grew, the method for allocating and designating those domain names became controversial. The Administration issued a White Paper in June 1998 endorsing the creation of a new notfor-profit corporation of private sector Internet stakeholders to administer policy for the Internet name and address system. On November 25, 1998, the Department of Commerce (DOC) formally approved a new corporation, called the Internet Corporation for Assigned Names and Numbers (ICANN). A Memorandum of Understanding (MOU) between ICANN and DOC has been extended through September 2006. The 109th Congress maintains oversight on how the Department of Commerce manages and oversees ICANN’s activities and policies. This report will be updated as events warrant." — Summary

 

BROADBAND INTERNET REGULATION AND ACCESS: BACKGROUND AND ISSUES [IB10045]
Gilroy, Angele A.; Kruger, Lennard G. Congressional Research Service, Library of Congress. Updated: April 14, 2006
Download the document [pdf format, 15 pages]

The latest update on policy issues regarding broadband internet access. The report notes, "While President Bush has set a goal of universal broadband availability by 2007, some areas of the nation — particularly rural and low-income communities — continue to lack full access to high-speed broadband Internet service. In order to address this problem, the 109th Congress is examining the scope and effect of federal broadband financial assistance programs (including universal service), and the impact of telecommunications regulation and new technologies on broadband deployment." The US Government regards fair competition among broadband providers as key to affordability and availability.

 

"SENSITIVE BUT UNCLASSIFIED" INFORMATION AND OTHER CONTROLS: POLICY AND OPTIONS FOR SCIENTIFIC AND TECHNICAL INFORMATION [RL33303]
Knezo, Genevieve J., Congressional Research Service, Library of Congress, February 15, 2006
View the document [pdf format, 86 pages]

"Providing access to scientific and technical information for legitimate uses while protecting it from potential terrorists is complex and poses difficult policy choices. Federally funded, extramural academic research (basic and applied) is supposed to be “classified” if it poses a security threat; otherwise, it is to be ‘unrestricted’. Since the September 11, 2001 terrorist attacks, controls increasingly have been placed on some types of unclassified research and scientific and technical information, including information used to inform decision making and citizen oversight. These controls include “sensitive but unclassified” (SBU) labels; restrictive contract clauses; visa controls; controlled laboratories; and the widening of legal restrictions on access to some federal biological, transportation, critical infrastructure, geospatial, environmental impact, and nuclear information. On December 16, 2005, President Bush instructed federal agencies to standardize procedures to designate, mark, and handle SBU information, and to forward recommendations for government-wide standards to the Director of National Intelligence (DNI). Federal agencies do not use uniform definitions of SBU information or have consistent policies for safeguarding or releasing it. This lack of uniformity and consistency raises issues about how to identify SBU information, especially scientific and technical information; how to keep it from those who would use it malevolently, while allowing access for those who need to use it; and how to develop uniform nondisclosure policies and penalties." — from the summary

 

AA06106
Tessler, Joelle PRIVACY EROSION: A 'NET LOSS (CQ Weekly, vol. 64, no. 8, February 20, 2006, pp. 480-485)
Full text available from your nearest IRC

According to Tessler, Congress has fallen behind in applying privacy laws to the ever-evolving Internet technology. This results in government's ability to tap private information from e-mail storage, Internet search engine logs, and online wiretapping. Since most targeted individuals are not aware that they are being tracked, there haven't been many court cases to shed stronger light on the situation. Although a number of lawmakers in Congress recognize this as a problem, "it doesn't attract a lot of attention or excitement," notes Sen. John Sununu (R-NH). However, with more high-profile cases, like Google resisting subpoenas, stronger focus would be set on privacy protection.

 

INFORMATION SECURITY: GUIDE FOR DEVELOPING SECURITY PLANS FOR FEDERAL INFORMATION SYSTEMS
Marianne Swanson, Joan, Hash Pauline Bowen, National Institute of Standards and Technology (NIST), U.S. Department of Commerce, February 2006
Download the document [pdf format, 48 pages]

"The objective of system security planning is to improve protection of information system resources. All federal systems have some level of sensitivity and require protection as part of good management practice. The protection of a system must be documented in a system security plan....The purpose of the system security plan is to provide an overview of the security requirements of the system and describe the controls in place or planned for meeting those requirements. The system security plan also delineates responsibilities and expected behavior of all individuals who access the system." — from the executive summary

 

EXPANDING THE FRONTIERS OF OUR DIGITAL FUTURE: REDUCING SOFTWARE PIRACY TO ACCELERATE GLOBAL IT BENEFITS.
Business Software Alliance. December 2005.
Download the document [pdf format, 32 pages]

This paper is based upon findings from an analysis (conducted by IDC) of the Information Technology (IT) sector's economic impact in 70 countries, and the benefits that can accrue to countries that reduce software piracy. It finds that the IT sector's ability to create economic benefits can not only continue, but accelerate. However, the continued growth, vitality and innovation of the global IT sector are increasingly dependent upon reducing software piracy worldwide.

The paper discusses five key findings:

  • Lower software piracy produces higher IT benefits.
  • Cutting software piracy globally can generate faster IT growth.
  • Faster IT growth can increase global economic output.
  • Countries with the highest piracy rates have the most to gain through reductions.
  • Every region benefits.

[Note: Contains copyrighted material.]

 

LONG-LIVED DIGITAL DATA COLLECTIONS: ENABLING RESEARCH AND EDUCATION IN THE 21ST CENTURY.
National Science Foundation; National Science Board. September 2005.
Download the document [pdf format, 92 pages]

In response to the growing importance of digital data collections for research and education, the National Science Foundation's increasing investment in their creation and maintenance, and their rapid multiplication, the National Science Board formed the Long-lived Data Collections Task Force. This report provides the findings and recommendations from the task force's analysis of digital data collection policy issues, and seeks to frame the issues and begin a broad discourse.

The Board anticipates that a broader dialog among other agencies in the U.S. and with international partners will be required.

The report recommends that the National Science Foundation:

  • Clarify its current investments in resource and reference digital data collections.
  • Develop an agency-wide umbrella strategy for supporting and advancing long-lived digital data collections.
  • Require that research proposals for activities that will generate digital data state such intentions in the proposal, so that peer reviewers can evaluate a proposed data management plan.
  • Ensure that education and training in the use of digital collections are available and effectively delivered to broaden participation in digitally enabled research.
  • Work in partnership with collection managers and the community at large to develop the career path for data scientists, and ensure that the research enterprise includes a sufficient number of high-quality data scientists.

 

INTERNET PRIVACY: OVERVIEW AND PENDING LEGISLATION [RL31408]
Marcia S. Smith. Congressional Research Service. Library of Congress. Updated October 19, 2005
Download the document [pdf format, 25 pages]

The CRS continues to track Internet privacy-related legislation in the 109th Congress, providing an overview of Internet privacy issues and related laws passed in the previous two Congresses.

 

ON THEIR OWN TERMS: A LEXICON WITH AN EMPHASIS ON INFORMATION-RELATED TERMS PRODUCED BY THE U.S. FEDERAL GOVERNMENT
Susan Maret, Federation of American Scientists November 2005
Download the document [pdf format, 304 pages]

Maret comments that gathering together the terms used by the executive branch of the U.S. government, the military, the intelligence community and other federal bodies "illuminates how the information language of bureaucracy defines, and ultimately shapes social and political reality, as well as access to information".

 

INTERNET DEVELOPMENT AND INFORMATION CONTROL IN THE PEOPLE'S REPUBLIC OF CHINA [RL33167]
Michelle W. Lau. Congressional Research Service. Library of Congress. November 22, 2005
Download the document [pdf format, 15 pages]

"Empirical studies have found that China has one of the most sophisticated content-filtering Internet regimes in the world. The Chinese government employs increasingly sophisticated methods to limit content online, including a combination of legal regulation, surveillance, and punishment to promote self-censorship, as well as technical controls. U.S. government efforts to defeat Internet 'jamming', include funding through the Broadcasting Board of Governors to provide counter-censorship software to Chinese Internet users to access Radio Free Asia (RFA) and Voice of America (VOA) sites available to Chinese users. There is considerable debate, however, on whether developing and implementing counter-censorship software is the most effective U.S. strategy to combat information control on the Internet in China." — from the report.

 

INTERNET PRIVACY: OVERVIEW AND PENDING LEGISLATION [RL31408]
Marcia S. Smith. Library of Congress. Congressional Research Service. Updated September 1, 2005.
Full text available from your nearest IRC

The collection of personally identifiable information, either by spyware or by website operators, is one privacy concern. The other is the monitoring of e-mail and web usage by law enforcement officials, employers, etc. The passage of the 2001 USA PATRIOT Act made it easier for for law enforcement to monitor internet activities, as did the Homeland Security Act. Related legislation is pending in Congress.

 

INFORMATION SECURITY: DEPARTMENT OF HOMELAND SECURITY NEEDS TO FULLY IMPLEMENT ITS SECURITY PROGRAM: REPORT TO THE RANKING MINORITY MEMBER, COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS, U.S. SENATE [GAO-05-700]
United States Government Accountability Office, June 2005
Highlights [pdf format, 1 page]

Full Report [pdf format, 36 pages]

 

GAO reports that certain components of the Department of Homeland Security "have not yet fully implemented key information security practices and controls". A "comprehensive, departmentwide information security program" is needed to fully protect the department's information and information systems.

 

VIDEO NEWS RELEASES: UNATTRIBUTED PREPACKAGED NEWS STORIES VIOLATE PUBLICITY OR PROPAGANDA PROHIBITION. TESTIMONY OF SUSAN A. POLING BEFORE THE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION, U.S. SENATE. [GAO-05-643T]
United States Government Accountability Office (GAO). May 12, 2005.
Download the document [pdf format, 12 pages]

In recent years, federal agencies have been increasing their use of video news releases (VNRs), which frequently include prepackaged news stories. While the use of VNRs is widespread and widely known by those in the media industry, the quality and content of materials considered to constitute a VNR can vary greatly. Generally, a VNR package may contain several items, including a series of video clips, known as B-roll footage; title cards containing relevant information, known as slates; a prepackaged news story, referred to as a story package; and other promotional materials. These materials are produced in the same manner as television news organizations produce materials for their own news segments. The prepackaged news stories are distributed to local television news stations and are designed to resemble actual news stories. By eliminating the costs and effort of producing an original news story, agencies can find news stations willing to broadcast a favorable news segment on a desired topic. GAO examined prepackaged news stories produced by the Department of Health and Human Services and the Office of National Drug Control Policy and evaluated whether these materials constituted covert propaganda in violation of the prohibition on using appropriated funds for publicity and propaganda not authorized by Congress.

This following states the position of the General Counsel of GAO: "While agencies generally have the right to disseminate information about their policies and activities, agencies may not use appropriated funds to produce or distribute prepackaged news stories intended to be viewed by television audiences that conceal or do not clearly identify for the television viewing audience that the agency was the source of those materials. It is not enough that the contents of an agency's communication may be unobjectionable. Neither is it enough for an agency to identify itself to the broadcasting organization as the source of the prepackaged news story.

 

BROADBAND OVER POWERLINES: REGULATORY AND POLICY ISSUES [RL32421]
Patricia Moloney Figliola. Library of Congress. Congressional Research Service. Updated November 1, 2005
Full text available from your nearest IRC

Latest update on this topic; should be of interest to readers tracking developments in South Africa such as the Tshwane Metro's experiments with this technology. While proponents of BPL argue that it is cheaper to deploy than cable and other broadband technologies, and does not require upgrades to the electric grid, critics are worried that it could interfere with licensed radio spectrum such as amateur radio, government, and emergency response frequencies.

 

SUPPORT FOR TOUGHER INDECENCY MEASURES, BUT WORRIES ABOUT GOVERNMENT INTRUSIVENESS. Pew Research Center for the People and the Press. April 19, 2005.
Download the document [pdf format, 43 pages]

This latest Pew Research Center nationwide survey finds that the tug of war in U.S. public opinion about government regulation of entertainment reflects political and religious divides about the issue. For example, on the fundamental question of whether undue government restrictions ­ or harmful content ­ presents the greater danger, a solid majority of conservative Republicans (57%) cite harmful entertainment. Liberal Democrats, by contrast, overwhelmingly believe excessive government restrictions are the larger concern (by 72%-21%). Similarly, while 51% of white evangelical Protestants say offensive entertainment presents a greater danger than undue government restriction, just 27% of seculars agree.

Despite these divisions, however, there are a number of points of broad national agreement on issues relating to entertainment and the government's role in reducing offensive content. Most Americans say parents are primarily to blame when children are exposed to explicit sex or graphic violence. Fully 79% say inadequate parental supervision ­ rather than inadequate laws ­ is mostly responsible for children being exposed to that sort of offensive material; there are no significant political or religious differences on this point. And by more than ten-to-one (86%-8%), the public believes that parents, rather than the entertainment industry, bear the most responsibility for keeping children from seeing sex and violence in TV and movies.

 

BROADBAND INTERNET ACCESS: BACKGROUND AND ISSUES [IB10045]
Angele A. Gilroy and Lennard G. Kruger. Library of Congress. Congressional Research Service. Updated August 3, 2005
Full text available from your nearest IRC

Latest update on this topic, as Congress examines the scope and effect of federal broadband financial assistance programs (including universal service), and the impact of telecommunications regulation and new technologies on broadband deployment.

 

INTERNET: AN OVERVIEW OF KEY TECHNOLOGY POLICY ISSUES AFFECTING ITS USE AND GROWTH.
Marcia S. Smith. Library of Congress. Congressional Research Service. Updated April 13, 2005
Download the document [pdf format, 47 pages]

In the decade between 1994 and 2004, the number of U.S. adults using the Internet increased from 15% to 64%. From electronic mail to accessing information to online purchasing ('electronic commerce'), the Internet touches almost every aspect of modern life. The extent to which use of the Internet continues to grow, however, may be affected by a number of technology policy issues being debated in Congress.