Find a balance between info access, security

Federal agency World Wide Web sites burst forth with new information and data sources so fast nowadays that no one can keep up with the flood. If you can't get the government information you seek via the Internet, you have your choice of getting it through print, fax-on-demand, CD-ROM, e-mail or the telephone. If none of that works, you can use the Freedom of Information Act. Who could possibly worry about greater public access to government information when the bigger problem seems to be infoglut, a surfeit of publicly accessible data?

Within the past five years, the Defense Department has engaged in a public-access enterprise unmatched anywhere in government before or since. When the outcry over mysterious Gulf War illnessnes flared up, DOD established its GulfLink Web site at www.gulflink.osd.

mil. GulfLink has gradually published all documents relating to Gulf War illnesses that are not classified or otherwise unreleasable because of privacy or similar concerns. The volume of information DOD is releasing for public consumption is staggering and has done much to allay public fears.

But how quickly circumstances change in our age of instantaneous communication. At one moment public access to government information is viewed as service to the citizen and a bulwark of democracy. At the next moment, public access has become synonymous with giving aid and comfort to our enemies. Public access, it seems, is not an unalloyed good; access has a dark side.

The conventional wisdom of the day has shifted directions. All the information that federal agencies are giving out now is seen as enabling terrorists to blow up innocent people and property. All that open access over the Internet is making it easier for hackers to get into government computers, cause mischief, destroy valuable data and threaten national security.

The pendulum of government opinion is swinging away from wholesale public information access and toward concerns over information warfare. DOD is said to be clamping down on Internet information access. The Senate's Special Committee on the Year 2000 Technology Problem announced it will turn its attention after Jan. 1 to government security breaches and cyberterrorism—proving once again that when a problem such as the Year 2000 bug goes away, the people working to solve it do not. The CIO Council announced the expansion of its security committee into three subgroups: security, critical infrastructure and privacy.

The Senate recently passed a bill to restrict the Environmental Protection Agency from publishing information about the risks from accidental release of toxic chemicals into the environment. The fear is that someone might use the information to identify targets and commit terrorist attacks against U.S. industry. Curiously, the Senate would permit print publication but prohibit electronic publication, assuming, one can only guess, that terrorists will not stoop to low-tech information access.

Every day, newspapers contain headlines about protecting personal privacy. And we already have become accustomed to the idea that people can restrict access to personal information from state departments of motor vehicles. The public has begun to understand that completely unrestricted access to government information is not a good thing.

We need to recognize that public access to government information and security for government information systems are two goods in constant tension with one another. The public's appetite for online information access has grown ravenous. All things considered, we should praise and support the public's desire to use the government information resources for which their taxes paid. But information systems security also is essential, particularly where human lives and essential government functions are at stake.

So far, we have not gotten the balance between information access and security right. In the present climate of hyper-consciousness about security, we probably will not see bold public-access examples such as GulfLink replicated in the near future.

-- Sprehe is president of Sprehe Information Management Associates, Washington, D.C. He can be reached at jtsprehe@jtsprehe.com.