Lapas attēli
PDF
ePub

private "back-yard" swimming pools than any other country. We are paying for this recreational privacy far more than any other society. The overwhelming majority of working

Americans commute in private automobiles rather than use public transportation. There is a nationwide willingness to pay for privacy in transportation.

Apartment buildings find it a valuable asset in gaining tenants to have security guards, TV monitors in halls and garages, and building doors able to be opened only when triggered by an occupant. These security and privacy costs are openly reflected in rental costs. Banks, stores and offices are increasingly making use of TV monitors both for security and to prevent invasion of privacy.

Individuals who select the services of a private physician as opposed to a clinic or other publicly available medical services pay a known price for "private" attention and care. Private education facilities have always been an accepted symbol of individually financed privacy in education.

Executive placement services provide for the prevention of disclosure that an individual is seeking a change in employment. Individuals who have filed their credentials with such a service are compared with the needs of hiring firms. When a match occurs, the individual is notified and requested whether or not he wishes his name forwarded to the hiring firm. The individual is given control over the release of the information that he is seeking

employment.

Advertisements for real estate place great emphasis on the privacy afforded in the properties offered for sale. There is a measurable and direct correlation between price and the degree of privacy.

Already and knowingly then the American public is voluntarily paying for many types of privacy and security, representative of which are phone listings, airline travel, recreation, housing, commuting travel, health, and education.

The economics of information management and hence the costs of confidentiality and security of information in automated information systems, unfortunately, are neither wellunderstood, well-documented nor well-quantified. Some of the costs of system and facility security are fairly easy to derive. These include, as discussed earlier, the costs of 1) administrative security procedures, 2) equipment security features and 3) communications safeguards.

Costs of program or software security safeguards still need to be derived on a case-by-case

basis as do certain of the costs of changes to computer system architecture required by security safeguards.

The costs of injecting data confidentiality tags into an information system and storing and retrieving the information so that is meets the safeguards imposed on these data confidentiality tags have to be determined on a caseby-case, system-by-system basis. An

example may help to illustrate the factors involved.

AN EXAMPLE OF COSTS

OF DATA CONFIDENTIALITY

In order to respond to the privacy concerns which are embodied in part in the current proposed legislation before Congress, significant changes will have to be made in the way current personal data systems are designed and operated. File sizes will grow and processing and security capabilities of existing computer systems will have to be augmented. Organizations will incur additional administrative costs such as those of corresponding with the individuals about whom they maintain information as well as costs of educating their staff concerning security procedures and its responsibility for individual privacy.

As a concrete example, one might consider the impact of responding to these concerns in a hypothetical credit reporting agency's

system. Such an operation may have a file of one million records, each of which typically contains 220 characters of truncated data. These same records contain an average of 330 additional characters representing the six most current transactions on postings to the record. Turning to the specific impact which privacy safeguards would impose, we must first consider that the 220 characters of truncated data are not sufficient to privide for unambiguous identification of an individual. This size will have to be significantly increased, say to about 440 characters since personal identification numbers are not presently used. Likewise, one must provide additional information in each record such as a complete history of all accesses to the record, any access limitation which may be imposed on data within that record, and tags to indicate the age of the information, when it may or must be deleted and

when it may be given out in answer to an inquiry.

In this hypothetical model such changes would result in an average file growth of 10 percent per year, i.e., 33 million additional characters would be added each year so that in seven years the size of the file would double. This growth is due totally to requirements for data confidentiality and does not reflect any file growth due to increase in substantive material. Such growth will clearly affect the operations of the data system. As file size increases and as additional checking procedures are implemented in the software, a price will have to be paid in increased processing time for each query. Larger files will also mean additional hardware. One can thus envision a significant cost for safeguarding data confidentiality.

ALLOCATION OF PRIVACY

AND SECURITY COSTS

The question of allocation of these costs between the supplier industries, the service industries, the consumer public and the government has rarely been directly addressed. In the examples cited earlier of privacy and security already accepted or desired, the cost allocation schema vary widely.

The Federal government, for example, shares with the consumer the costs of privacy in education, health and travel. The consumer generally bears the entire costs of privacy and security in recreation, housing and phone listings. The allocation of costs to guarantee individual privacy in information systems maintained by the credit and banking industry should presumably be handled differently than the costs of ensuring privacy through security and confidentiality safeguards imposed on government information systems.

Under any circumstances, an important action that needs strong support now is the determination, service-by-service, of the costs of individual privacy and decisions on how to allocate these costs.

INFORMATION SYSTEMS, SECURITY
INCIDENTS, AND EXISTING THREATS

In resolving the problems of confidentiality and security, any approach taken is dictated by the

[blocks in formation]

Threats to information systems range over a broad spectrum including events such as: natural catastrophe, sabotage, theft, bugging, accidental disclosure and physical assault. The countermeasure spectrum is just as extensive, for example: physical barriers and guards, passwords and identification badges, data encryption, audit trails, personnel practices, backup

copies of data, and access control software. Not all threats will exist for each system, and not all countermeasures are appropriate to counter each threat. Each information system must be analyzed to design an adequate security environment.

It is only when armed with these types of data and knowledge that an appropriate approach to the problems of data confidentiality and security can be formulated.

AN APPROACH TO THE PROBLEMS
OF CONFIDENTIALITY AND SECURITY

Any realistic approach taken to meet the problems of data confidentiality and computer system security will be multipronged in nature. Minimally, it will be comprised of parallel efforts to:

Introduce uniform operating practices and
procedures where the supporting technol-
ogy is adequate.

Conduct coordinated research and de-
velopment efforts where the necessary
science and technology does not exist so
that nationwide benefits will result from
non-duplicative and widely needed R&D
efforts, and

• Apply available technology in systems and
procedures in innovative ways which will
result in widespread use of these new
applications.

The establishment within government as well as in the private sector of uniform administrative and physical security procedures is an example of the first type of effort listed. Here, for instance, the National Bureau of Standards intends to provide by the first quarter of Fiscal Year 1975 a set of guidelines for achieving physical security within Federal automated information systems. An initial survey of feasible physical security procedures and guidelines to be used as a basis for these Federal-wide guidelines has been completed and will be published this year.

A number of very obviously needed safeguards for data confidentiality and system security

« iepriekšējāTurpināt »