Information: To Share and Protect, Part 1

This article was originally posted by Dan Chenok at the IBM Center for the Business of Government blog.

Among my New Year’s reading list were two December issuances that impact the world of information and privacy in government: the White House’s National Strategy on Information Sharing, and the Federal CIO Council’s Recommendations for Digital Privacy Controls. The interrelated nature of these issues should not be lost – sharing information requires protection for individuals in order to be sustained and supported over the long term. This blog post addresses the Sharing Strategy; a second will address the Privacy Controls; and a third will discuss the necessary linkages between the two.

President Obama released the Administration’s “National Strategy for Information Sharing and Safeguarding” on December 19. This document, which addresses information sharing to improve homeland security, intelligence, law enforcement, and the fight against terrorism, builds on a commitment made in the May 2010 National Security Strategy,and adds to a similar 2007 information strategy document. It puts forward three overarching principles for sharing information with the right people at the right time:

  1. Information is a national asset – similar to waterways, highways, or the electric grid, the health of our nation depends on the efficient flow of information.
  2. Information sharing requires shared management of risks – senders and receivers both have a responsibility to keep information safe and secure in a consistent way.
  3. Information informs decisionmaking – information has its highest value when it is accurate, timely and relevant – thus helping to improve choices made by those who rely on that information.

A lot has been done to improve information sharing over the past several years, led by the Information Sharing Environment (ISE) (www.ise.gov) office in the Directorate of National Intelligence (www.dni.gov). These measures include the expansion of fusion centers that integrate law enforcement and intelligence resources at the State and local level; the incorporation of suspicious activity reports (http://nsi.ncirc.gov) from individual citizens into fusion center analysis; advances in identity management under the National Strategy for Trusted Identities in Cyberspace (www.nstic.gov); and the growth in the coordinating role and data of the National Counterterrorism Center (www.nctc.gov). All of these steps enable further progress in way that promotes protection of data, privacy and civil liberties

The Strategy then goes through five goals that help implement theses core principles:

  • Driving collective action through collaboration and accountability, such as the use of common governance processes and agreements that allow multiple agencies and stakeholders to work together over time without reinventing wheels each time.
  • Improving discovery and access through common standards, such as those used to “tag” personal information in way that increases its protections regardless of who uses it, or to integrate disparate information resources through “big data” analysis techniques.
  • Optimizing effectiveness through shared services, especially those that use standards to define common acquisition of information resources by multiple parties who share that data.
  • Strengthening safeguards through structural solutions, including security approaches like continuous monitoring that points out threats and disseminates the information in real time.
  • Protecting privacy, civil rights, and civil liberties, by enhancing governmetwide policies, building protections into information sharing systems, and ensuring accountability for results.

Taken together, the Administration’s Information Sharing Strategy provides broad directional guidance for all levels of government, companies, and non-profits who can contribute to and benefit from a coherent national information sharing system. The last goal of the Strategy, around protecting privacy, leads directly to the question of how best to do so. In my next post, I’ll assess the Federal CIO Council recommendations that provide a set of tools for that task.

Leave a Comment

Leave a comment

Leave a Reply