- Email: [email protected]
Interagency workshop on public access: A summary for historical purposes
Interagency Workshop on Public Access: A Summary for Historical Purposes
John Okay Roxanne Williams*
In May 1991, the U.S. Environmental Protection Agency sponsored the first interagency conference on public access at Solomons Island, Maryland. The conference was in response to a growing need for increased public access, apparent in legislation and mission requirements, to government information. It offered departmental and agency representatives an opportunity to share experiences and to discuss the need for an integrated approach among the Federal departments and agencies to public access and dissemination of government information [see Government Information Quarterly, 9 (1992): 187-1981. The U.S. Department of Agriculture’s Office of Information Resources Management sponsored the second of these interagency meetings. Convened at Solomons, Maryland on November 18-19, 1991, the workshop focused on the issues surrounding public access to Federal computers, and the need for the development of policy statements that the various departments and agencies could adapt. This article provides an historical record of that conference.’
Numerous laws and department and agency missions have required that government information be made available to the general public. With the increase in use of computer and telecommunications technology, Congress, through separate pieces of legislation, continues to require agencies to make government information available electronically. At the same time departments and agencies receive increased pressure from their constituents for access to electronically stored information. Many of these same departments and agencies recognize that public access is a part of their overall missions, and, thus, are developing systems to meet these mission requirements. * Direct all correspondence to: Roxanne Williams, Special Assistant to the Director, office of Information Resources Management, U.S. Department of Agriculture, Room 414- W,ADMBG, Washington, DC20250. Government Information ISSN: 0740-624X.
Quarterly, Volume 10, Number 2, pages 237-253.
2.38
GOVERNMENT
THE DEPARTMENT
INFORMATION
QUARTERLY
Vol. lo/No. 211993
OF AGRICULTURE
The Department of Agriculture has addressed its information systems in stovepipe fashion, yet issues cross over units within the Department and with other departments. Most agencies deal with cross-cutting issues that do not recognize organizational boundaries (e.g., global change, food safety, water quality, and expansion of agricultural markets); thus, the need to share information is imperative. The Department is adopting an open systems concept and the technical capability exists to make these systems available to the public, The Department operates a mainframe for the use of all agencies at their option, and has a single processing center at the National Finance Center for all administrative processing. There are approximately 10,000 minicomputers and workstations and another 50,000 microcomputers containing program information in more than 12,000 agency field offices through the country. Although there are formal agreements for access to the Department’s systems with “cooperators” and Federal, state, and local government agencies, there is a vacuum of policies relating to public access. Private individuals and organizations, such as farmers and ranchers, private corporations, trade associations, and public interest groups, are now asking for access. The Office of Information Resources Management has established an “easy access” project to make it easier for farmers and others to do business with the Department in its county offices, but does not directly address public access. There is a need for a formal policy on the use of government computers to provide public access to information created by or for government agencies or collected by them in the process of carrying out their missions. This policy, while facilitating access, must at the same time protect the integrity, security, and privacy of the systems and data. This workshop attempted to arrive at a consensus on the direction the policy should take and on the issues the policy guidelines should address. The charge of the workshop was to: 0 l
Learn from each other; and Produce a framework containing broad policy guidance on public access that would be useful to all Federal agencies in defining their own specific policies and procedures and would reflect: (a) A consensus on what issues need to be covered in an agency policy or guideline; and (b) Some agreement on the direction those policies should take.
REVIEW OF FIRST INTERAGENCY CONFERENCE In reviewing the first interagency conference, Al Pesachowitz, Director of the Office of Information Resources Management, Environmental Protection Agency (EPA) explained that the agency had sponsored the first conference to define the issues, to help shape policy, to get ahead of the curve of requirements (legislative, mission, and user), and to coordinate effective programs that the agencies carry out. Public access is a complex concept with far-reaching implications for Federal agencies, and an addressing of the issues has been slow in coming.
Interagency
Workshop on Public Access
239
Cost issues, which dominated discussions in the first conference, revolved around the need for consistency in pricing policies, concerns over vendor re-sale, determining cost recovery, and how to deal with cost versus free decisions. This cost issue recently became more visible when the House Merchant Marine Committee proposed to offset revenue losses from a proposed repeal of an unpopular boat use tax by imposing a charge for online access to the Federal Maritime Commission’s Automated Tariff Filing Information (ATFI) system (see H.R. 2056). Other policy issues at that conference included the need to identify types of information and roles in disseminating information. Discussions on implementation of public access programs included the need for an inventory or locator on successful programs as a starting point for sharing information on what works. There was a belief that policy could be developed from practice. Other implementation issues included data refreshment, system design, user identification, and needs assessment. Funding, high-level commitment to public access, and the development of organizational ability to market are all essential to the development of successful and equitable public access programs. The need to stay current on technological developments was highlighted by recent action for the preparation of the National Research and Education Network (NREN). Consideration of public access early in the design of a system will affect that design. EPA’s various systems are written in different software and operate on different platforms. Its IRIS system, designed to provide information on the risk of chemicals in commerce to the regulated community, is under intense pressure to be made available to the public. Questions now focus on how to expand the system and how to get resources to provide the additional access, should the decision be made to do so. Public access must be seen as a major priority in the design, but this requires a change in attitudes of the program managers in their need to get the job done.
CONGRESSIONAL
PERSPECTIVE
Robert Gelman, Chief Counsel, House Government Information, Justice & Agriculture Subcommittee, addressed the issue of public access from two perspectives: legislative and information policy debates. There is wider acceptance of the need for openness in government and the belief that access is important. Issues center around cost and who will pay. New information technology has raised the value of information and the costs of providing it. The Office of Management and Budget’s (OMB) position on marginal cost will help with cost decisions, although some agencies are now beginning to see systems as a source of income. It was noted that the General Accounting Office has released several studies relating to the topic at hand. One relates to the barriers to information resources management in government, and another to the ways agencies use CD-ROM and bulletin board services to disseminate information and how standards impact these systems.
OMB PERSPECTIVE Peter Weiss, Senior Desk Office in the Office of Management and Budget’s Office of Information and Regulatory Affairs, presented the OMB perspective on public access
240
GOVERNMENT
INFORMATION
QUARTERLY
Vol. lo/No. 211993
through a discussion of the federal information locator study, electronic dissemination of information, and Circular A-130. A contracted study, done by Syracuse University’s School of Library and Information Studies, identified over 150 potential locator systems. The study addresses what characteristics a locator system might possess, what resources are needed, and where it should be located.* Interactions between industry and government have been primarily electronic. The electronic Commerce Business Daily (CBD) and EPA’s Toxic Release Inventory (TRI) represent government’s move to disseminate its information electronically. The Edgar system of the Security and Exchange Commission is both an electronic filing and electronic dissemination system. There is a need to integrate the concept of collection with dissemination, and address which tools are more appropriate for dissemination. When agencies decide to collect information they need to determine whether that information will just sit in the hands of government or whether it is information that the agency believes it should be disseminating. Planning for systems implementation should include the ultimate use of the information as well as the collection of the data. The planned revision of OMB Circular A-130 will provide high-level policy guidance on when information dissemination is appropriate:3 l l l
l
l
Where an agency collects and maintains information electronically for itself; Where electronic format is an appropriate means of making data available; Where information is in frequent demand. Decisions based on marginal cost must be made in deciding the format to be used: paper, CD-ROM, bulletin board, or online; Where substantial bodies of prospective users already have the technology available for access, and user friendly aspects have been incorporated into the systems’ design; and Where paper is still needed, it should be provided without imposition of substantial costs or burdens on users such as the states and small business.
SECURITY
CONCERNS
Lynn McNulty, National lnstitute of Standards and Technology (NIST), addressed the security issues brought about by public access to Federal computers. These issues fall into three categories: confidentiality, integrity, and availability. A number of laws address security of electronic information, including the Freedom of Information Act of 1974; the Privacy Act of 1974, which emphasizes confidentiality and requires the agency to publish a list of those systems which contain information on individuals; and the Computer Security Act of 1987, which requires agencies to identify computer systems containing sensitive information and to develop a security plan to protect the security and privacy of such systems. The latter act requires that security be designed into systems up front. Computer security specifications are part of design and development of systems, and new systems must receive certification of the IRM official. Appendix 3 of OMB’s Circular A-130 presents risk based considerations in determining access requirements. The collector of information has the responsibility for integrity of the data while they are in the agency’s custody. This responsibility should determine the mode of operation of a public access system, whether it will be operated in a:
heragency
0 l
0
241
Workshop on Public Access
Dedicated, Controlled Multi-level
stand-alone mode; location; or through access system.
a
Roy Saltman, also of NIST, stressed the importance of the integrity of data and systems. Agencies must identify vulnerabilities and take steps to prevent loss. Agencies are not responsible for the correctness of data coming in through collections; they are responsible for agency generated data. Both the filer and the agency are responsible when the collected data are analyzed by the agency and entered into a system. Systems design must concern itself with the volume of data and the methods of access and dissemination. There may be one sensitivity or a mix of sensitivities within one system, requiring varying levels of access.
CASE STUDIES The afternoon session discussed three categories of case studies: those that respond to legislation, those that respond to the public’s demand, and those where the agency recognizes the need and goes out ahead with a system. The Centers for Disease Control and National Center for Educational Statistics are examples of the latter. Veterans Service Organizations have had on site access to Veterans benefit and medical records for some time, but now want remote access from their offices. The Department must complete work on the language for a department-wide policy by May 1992. It is interested in providing access and is looking at whether a new network will be required, whether the Department can segregate data files, and whether access can be restricted to those the Department wishes to have access. The Department of Education plans to provide access to data surveys, permitting the user to link these together and build data files and extracts. The information in the system will have already been cleaned up and the identifiers removed, but linkage gives more information from a privacy standpoint than was originally planned and incorporated into the design. The Department is experimenting with a program through which organizations (education associations, education research groups, and some states) would be licensed to have remote access to certain sensitive data. Fines for misuse of the data would be the same for the end user as it is for the Department. In the Department of Agriculture, the Food Safety and Inspection Service (FSIS) has received requests to make its system on directives and guidelines available to the industry, as well as the Service’s inspectors. Most inspectors do not have computers, but they can use those retained in the regional offices. The industry is willing to pay for access to the regulations, just as it now pays for certain inspections. The Department’s General Counsel has ruled that the industry is not a cooperator and, therefore, access is not permitted under current policy. The Agricultural Marketing Service (AMS) runs a satellite system on a minicomputer to provide market news. All the requesters of information pay for the VSAT to access current data. The Service now plans to add archival data to the system distributed over several minicomputers on a product by product line. AMS is seeking policy direction on whether the public should have direct online access to these computers.
242
GOVERNMENT
INFORMATION
QUARTERLY
Vol. IO/No. 211993
The Patent and Trademark Office (PTO) system requires structuring of the data in order to use them internally. Tapes provided to the vendor requires expensive restructuring and the imaging system will be even more expensive to replicate. Researchers want the PTO to provide this restructuring; vendors do not. In discussions that followed, concerns were raised that an agency may be vulnerable if wrong data get out through a customer that resold them. There would also be concern if a reseller made a profit from the data. The FOIA permits a user to acquire data at marginal costs when a reseller charges too much and this, in theory, provides a balance. Working
Group Sessions
Following the case study discussions, the group broke into two working groups to address the policy issues and what should be incorporated in a policy statement. Working Group A One working group discussed the policy statement to be developed: what it will be and who should issue it. It should address: A-76, the types of data to be made available, charging and cost issues, types of users, security, capabilities and response time to be provided, fairness and equity in the provision of access, recognition that not all data can be made available, whether it would duplicate other services, working with constituents, alternative methods of dissemination, the impact on resources, and the electronic dissemination of information (EDI). While the group will be developing the policy framework in an informal manner, without official sanction, it is important to reach general agreement about the policy direction it should contain. Policy considerations should include the operating program, the level of Federal responsibility, information characteristics, interested user characteristics, and the information services environment. Open information systems should be justified on a case by case basis. Determinations need to be made based on what to do and how to do it, what the data are, who the users are, and whether the information is already being provided elsewhere. lmplementation decisions on the type of system and media used for public access are based on sensitivity of the data and system, whether the data are time sensitive and need to be maintained current, what the volume of the data is, how frequently the data are up-dated, and whether a hybrid system may be needed. Other implementation concerns have to do with security, cost recovery through a simplified billing system, and the quality of the data. Should there be some flexibility in charges with some paying more than others? To protect data integrity and ensure security, agencies will want to consider alternatives to the way in which they provide access: online, through access levels, segregation, account controls, and so forth. A risk analysis should be conducted to ensure that security concerns will be met. How will the agency respond if performance of the system is affected by large volumes of usage? Once a system has been made available, can it then be restricted to certain users or charges added where none had been charged previously?
Interagency Workshop OR Public Access
243
Conversion of a system, developing software, or conducting an analysis for an agency’s own use in meeting its mission requirements do not represent “value added.” Federal data cannot be copyrighted. When an agency’s mission requires public access and the budget is not available, the charges should be placed on the access. Agencies should not provide access to non-mission information. Working Croup B
There was consensus that everything not prohibited by law should be made available to the public. The Freedom of Information Act is the basic law guaranteeing public access, and the group believed that anything releasable under FOIA is releasable online or in any other electronic format, assuming that the information the agency has already collected or generated is maintained electronically. The agency mission determines what is collected. Improvements in technology change the way in which agencies do business and cause them to rethink their missions. The policy should be an enabling policy, not one that forces agencies to carry out a public access program but one that stresses a proactive right of the agency to provide its information. Access should be defined as applying to data and to the system. The policy statement should define the bottom line-that the agency will not provide in electronic format that information which appeared in paper. The policy should include cost considerations, permit proactive dissemination, and define whether the access is “universal” or limited to a specialized group. Other data available from the government are more research type data and are not for personal use. A checklist of items to be considered include the data (and the volume), the users (and their demands), the environment, and political considerations. Since the public may not always know what it wants, there is need for a visionary to understand what is needed and move ahead. User surveys need to be carried out, and these should not run up against A-130 collection burden requirements. There should be concern for future use of data-historical research is well beyond the mission of the agency. Design costs affect accessibility and budgets may neither permit the agencies to provide public access, nor undertake design efforts which include future use. However, to the extent possible, records retention schedules should be built into the systems. An index or locator system is needed to assist users in finding information. Users will need modems and PC’s to gain access to information in electronic format effectively. In many instances, users cannot get at information without the data, text, software, the system, and the computer being available. Questions were raised as to whether this is the right time to be offering public access and whether that access should be online? Is technology coming to the home, and, if so, will that change the methods of access? Possibly public access will need to include paper, online access, and a system similar to the French Minitel. Billing issues need to be addressed: does the agency charge?, what does it charge?, and how does it collect the fees? The group believed that if appropriated funds are available for this purpose, the data should be provided free; if not, charges should only be for the cost of providing them. Marginal cost, connect time costs, or other costs which contribute to the cost of making the information available are reasonable; marginal costs do not include the cost of collecting the data, and developing and maintaining the system. Do marginal costs cover support, maintenance, and training?
244
GOVERNMENT
INFORMATION
QUARTERLY
Vol. IO/No. 2/l 993
Relations with the private sector are a concern; agencies will want to protect themselves against accusations of competition. When should the agency provide the information? Agencies might want to use an RF1 to find out what is being done or use the Commerce Business Daily or Federal Register to announce its intention. The consensus is that there is no case for “value added” beyond that which is necessary for agency use. There may be a problem in providing access where copyrighted software is in use. Security considerations are important in any public access program, with consideration being given to confidentiality, integrity, and availability. The accessible data need to be segregated from the nonaccessible data in public systems; thus, dedicated systems may be the best approach. For data that need to be current, online systems may be best. However, there are other methods for maintaining the information. CDROM, with bulletin board updates, may be used for the basic set of information. Second Day Proceedings
The second day of the workshop began with presentation groups (see Appendix). Following the reports, the floor discussion, which centered on the following:
of reports from the work was opened for general
A definition of marginal costs is needed; what should be considered in determining marginal cost? Not all agencies have the authority to collect revenues. Those which do should describe what goes into their charges; Circular A-25 may help. Use of credit cards can simplify billing; agencies may use a 900 number, where the telephone companies will do the collection. From the viewpoint of those users looking for information, a single point of access is needed. A locator system would help with this problem. A number of agencies use other agency systems to provide public access. Before deciding to go out with a separate system, agencies should see what mechanisms are available in other agencies. What level of customer service should be provided? How would users be trained? Should staff help the user to interpret what the data mean? These functions are another cost factor and need to be addressed. At PTO the analysts cannot specifically help in searches, but documentation has been provided and is currently being evaluated. Terminals have been placed in libraries and the librarians often do training. Government should begin standardizing software for bulletin boards and the like. Other systems will need to be different (such as PTO) and there may be a role for the private sector. What about marketing? What is the role of government in letting the public know what exists? Should the policy address marketing? Press releases and announcements are still good and can be linked with other things, such as conferences, that the agency is doing at very low cost. Public services ads and 800 telephone numbers are available. Advertising may create needs the agency cannot respond to; agencies may be able to support each other with notices on systems such as bulletin boards and electronic mail.
heragency
Workshop
on Public Access
245
Should the policy address the online question? Discussion gravitates to online, but maybe smaller systems, such as bulletin board systems, will meet the need. The need has to be evaluated on a case by case basis; some may need print, others may need CD-ROM. Does the complexity of the data have a bearing on the decision? There should be no going-in presumptions on the media to be used in a public access system. Some systems need to be online if they are time sensitive or if there is an emergency need for the data. Others may be better in an offline system, pa~icularly when they contain any restrictions on the use of the data. Some systems, such as patent data, need to be online due to the size and type of searches conducted on the files; others due to the analysis that may be done with the data. It is wise to remember that what works today may not do so tomorrow. A shopper’s guide to electronic dissemination may be needed; a review of who is using a system-update this every two or three years. the Federai Register is online, on an agency by agency basis. The Government Printing Office is hoping to use a public access bulletin board to make six months of the Federal Register available. An agency may be able to get dollars to satisfy demands for products which support public access, but this has not happened in all cases. There is a need to prioritize secondary distribution; should it be an active dissemination program or respond only to requests? Agencies must take the burden of providing information in some format. The group needs to provide instructions addressing legal, cost, and security issues, and to reemphasize several points: (a)
(b) (c)
(d) (e)
Online focus-should not assume this is ihe way to provide access; use of common sense and good management techniques will help. A wide range of alternatives exist for information dissemination and public access. Equity-millions are being served who do not have equipment to use systems or the knowledge to use the systems or the data. Cost-marginal costs may be determined for those systems and activities not specifically covered by approp~ated funds. Determining marginal cost is relatively simple; it consists of cost allocation, cost accounting, and cost recovery. Bulletin board software issues. How involved should public affairs staffs become? Information dissemination needs a close coordination with public affairs’ offices to help the public identify information that is available.
PUBLIC ACCESS TO GOVERNMENT ELECTRONIC INFORMATION: A POLICY FRAMEWORK (WORKING DRAFT) Purpose This policy framework4 provides broad guidance on public access to government electronic information for the use of Federal agencies when defining their own policy
246
GOVERNMENT
INFORMATION
QUARTERLY
Vol. IO/No. 211993
and procedures. The guidance recognizes both the commonality across all Federal agencies in meeting their public access responsibilities and also the many areas where such guidance will vary because of special agency considerations. Why a policy is needed. Legislation, more frequently, is requiring Federal agencies to provide public access to specific types of information; technology advances provide less costly and more effective techniques to disseminate electronic information, resulting in a significant increase in the number of people and organizations that can utilize information in electronic format; and the increased recognition of the value of current information to the individual recipients and to the Nation has led to a growing demand on the part of the public to exercise its right to such access. Guidelines: l
l
Agencies need to recognize their obligation to respond to these public demands without waiting for further guidance from Congress or the Executive Central Management offices. Policy and guidelines developed independently by each Federal agency should be consistent in direction reflecting a single broad Federal policy on public access, with variations based on the special requirements of the agency.
GUIDING
PRINCIPLE
Agencies of the Federal government collect, produce, manipulate, evaluate, and maintain vast amounts of data which represent a valuable national resource. It is the obligation of these Federal agencies to ensure the availability of government information to the public in a useful and cost-effective manner. Guidelines: l
l l
The agency’s mission should be framed as broadly as possible. It should enable rather than proscribe dissemination. Agencies should follow the principle that Federal data cannot be copyrighted. When defining an approach, FOIA should be interpreted to include electronic information.
POLICY CONSIDERATIONS Type of Program. Data can be made available through planned outreach dissemination programs or in an ad hoc manner in response to specific requests for information. Guidelines: l
The selected type depends on factors such as the demand, the type of data, the benefits to the recipients and to the Nation, the level of fairness and equality of access provided to those needing the data in the selected approach, and the rationale for the dissemination program.
Interagency
l
l
l
Workshop
247
on Public Access
The requirement for dissemination and the method(s) to be used should be included in the initial justification, design, and management of an information system. An effective information dissemination program requires even greater involvement of program information specialists than technology experts. Who “owns” or is custodian of the data element and takes responsibility for its quality? Agencies should include libraries in planning dissemination outlets.
Program Rationale. It is recognized that not all government data can or should be made available. Some restrictions are based on national security, the rights of individuals and businesses for privacy, and on laws specifically restricting access. Before defining a dissemination program, agencies need to identify the motivation for the program in justifying this expenditure of public funds. The following are some of the key reasons for defining a dissemination approach: I. 2. 3. 4.
Electronic dissemination is specifically required Information dissemination is basic to carrying The agency determined that there is sufficient justify a dissemination program; and The agency receives outside requests to provide
by legislation; out the agency’s mission; demand for the information
to
specific information.
Guidelines: 0
0
0
0
0
0
0
Agencies must define their public. They should be able to anticipate, if not actually measure, public demand. They should survey user needs and satisfaction with existing systems. Dissemination programs should include actions to inform potential users of the existence of the dissemination service. This must be recognized as a continuing responsibility. Agencies should validate demand before initiating a dissemination program. This is particularly important when the dissemination is not clearly mandated by mission or legislation. “It seems like a good idea” is not sufficient justification. Agencies should include state and local governments in the planning of dissemination systems, both as recipients and providers of data. The implementation of an effective public dissemination service requires the efforts of skilled and dedicated personnel. Agencies must recognize the importance of this activity by assigning the required staff to the program. Generally, agencies need to expect that they will lose control of their data after the data have been disseminated to end users or information multipliers, and agencies cannot place limits on how the data will be used. Agencies should not disseminate or collect information, even when requested, that is not required to directly support its mission. Agencies must fully justify any new dissemination initiatives to ensure wise expenditure of public funds.
248
GOVERNMENT
INFORMATION
QUARTERLY
Vol. IO/No. 2/l 993
Technology Approach. There are numerous approaches available for dissemination of electronic information. Agencies should consider a variety of media. The appropriate selection will be made on a case-by-case basis. The following are some alternatives to be considered: online access to a mainframe computer; distribution through media such as CD-ROM, PC diskette, and magnetic tape; PC-type bulletin boards; or facsimile transmission. Guidelines: Even when electronic dissemination is mandated through legislation, agencies should identify and utilize any flexibility allowed in approach to select the best method for dissemination. Agency information should be managed in a manner which will promote access to and dissemination of that information to the public. Agencies should utilize, where possible, an approach that avoids software licensing costs and constraints and vendor-dependent solutions when selecting formats or software that is included with distributed data. Joint dissemination projects are encouraged to the extent that they are more cost effective to the Federal agencies and/ or to the public being served. The selected approach should consider equality of access and provide the broadest possible level of access. Multiple approaches are acceptable, if cost justified, to reach a broader audience. Current technology provides new alternatives for effective dissemination which compromise on the level of service should be considered. If necessary, sophistication to reach a wider audience in a less costly manner. Before an online service is offered, agencies must ensure that they have the computer and telecommunications capacity available to meet the required performance standards without degrading mission support services, can provide the training or appropriate manuals for users, operate a software environment that supports the type of users expected, and support a help desk capability to deal with user problems. Any justification for implementing a dissemination service must address these issues. Further, the agency must consider the need to have program staff available to answer end user questions about the information content. Costing Flexibility. The objective is to provide government information at the most reasonable cost while meeting the needs of users based on the specific special characteristics of the data. Agencies may recover marginal costs for dissemination, but they should not attempt to profit or recover unrelated costs through the sale of Federal information. Guidelines: l
When justified, marginal costs may include maintenance, training, customer support, computer and data communications costs for access to the data or production costs for the delivered product in the case of non-online techniques, and any additional costs associated with providing the dissemination service.
heragency
0
0
l
l
l
Workshop on Public Access
249
When dissemination costs are specifically covered by appropriated funds, agencies should not charge for access. Agencies should establish an equitable approach to charging, utilizing the simplest approach possible. Subscription charges rather than actual usage are acceptable as long as they can be demonstrated to be equally applied to all. Variable rates charged for different categories of users must be justified. Agencies may even consider free or reduced rates to selected users. Agencies should determine a method for collection of user fees and the frequency with which these fees will be collected before the product or service is made available. Agencies must have a mechanism in place to accurately measure access charges based on the established approach.
Security Controls. Security represents a primary consideration in determining methods adopted to provide broad based access to government information.
the
Guidelines: Agencies must identify all “sensitive information” contained in the information system, as defined by the Computer Security Act of 1987, and ensure that public access policies include and are consistent with the requirements of the Act. Security safeguards must consider protection of confidential or sensitive information, maintenance of data integrity (preventing unauthorized modification), and providing system availability (system is performing and is accessible during operational hours). Security safeguards should include tracking of all accesses to an online system. Agencies should consider moving the public data to a separate system specifically dedicated to public access. Agencies must determine, using risk analysis or similar techniques, whether public access should be allowed in a system containing restricted access data. An important factor is the technique used to segregate the data. The risk analysis will include computer facility security protection, the software and procedural protection in the operational environment, the level of sensitivity of the data maintained in the system, and the potential threat to the data integrity. Agencies should consider dissemination through read-only technology such as CD-ROM when there is concern that data will be improperly represented or applied after it leaves the government. Private Sector, State, and Local Government Role. To the extent possible, agencies should work with the private sector, and state and local governments, to implement dissemination services that best meet the requirements of the government and the public in a cost effective manner. Guidelines: l
Agencies may develop a dissemination service that duplicates one already in the private sector if advantages are offered that justify the government-provided
GOVERNMENT
250
0
INFORMATION
QUARTERLY
Vol. lo/No. 211993
service. Examples of such advantages are: lower cost, the ability to reach specific audiences that would not be served by the private sector, or the software or technology used in the government system provides additional capabilities that increase the usefulness of the data. Enhancements to a system, conversion to new technologies, or addition of software for evaluation of data which are required for effective use of the data by agency personnel, are legitimate value-added functions in a dissemination system and are not in competition with the private sector. Conversely, agencies should not spend Federal funds for developing special software, redesigning formats, or providing other enhancements for the public which are not required to meet agency mission requirements. Agencies should develop methodologies for identifying marketplace solutions without becoming vulnerable to impractical or dubious proposals. Agencies should fully explore and take advantage of opportunities to develop information disseminating programs in conjunction with state and local governments and establishments such as universities and libraries. Agencies should maintain open and full communication with the private sector, within limits of the law, when planning information dissemination services to encourage beneficial approaches and partnerships.
APPENDIX REPORT OF WORKING What are the considerations government computers? A.
B.
GROUP A
which go into the creation
of a policy
on access to
What type of policy is needed - formal or informal; how complete must it be? 1. What policy needs to be created? 2. Who will issue the policy? 0 does there need to be official sanction 0 the group should seek general agreement l it should provide an intelligent discussion of alternatives l it should be framework rather than a “model” What should the policy address? 1. A-76-government responsibilities vis-a-vis the private sector l are duplicative systems o.k.? l what is “value added;” when can government provide it 2. Types of data 3. Charging issues l cost recovery vs. free 0 variable rates for different users l basis for rate determination l billing mechanism-simple
interagency Workshop on Public Access
4.
C.
D.
251
Security 0 consider alternatives in: 0 controlled vs. remote access 0 accounts vs anonymous access l extracts of accessible data l data integrity 5. Types of users 6. Impact on resources 0 decrease capabilities 0 decrease response time 7. Electronic data interchange 8. Fairness and equity of service 9. Alternative dissemination or access methods. l recognition that not all data can be made available 0 budget constraints 10. Case justification guidelines Outline for the model policy: 1. Policy section-what and why 0 characteristics of operating program l characteristics of data l characteristics of users 0 information services environment 2. Implementation principles how-systems and media (when online?) 0 sensitivity of data 0 market effect 0 low volume-short access times 8 frequency of update l security capabilities 0 consider hybrid 0 security l cost recovery 0 simplified billing? Visa, 900 number l charge vs. free determination 0 quality Parting wisdom: 1. If you develop analysis software to meet internal requirements, it iS not value added. 2. Follow the principle that Federal data cannot be copyrighted. 3. Handling special requests 0 Mission related-charge for it l Non-mission related-do not do it 0 Be careful about justifying service based only, or primarily, on benefit to others 4. Look for simple, less expensive solutions 0 bulletin boards, CD-ROM
GOVERNMENT
5.
Avoid problems you learn.
when possible.
INFORMATION
A.
B.
C.
D.
warrant
Vol. lo/No. 211993
Start with simple cases and progress
REPORT OF THE WORKING What conditions
QUARTERLY
public access to Federal
as
CROUP B
computers?
There must be:
Motivational imperative-the “why” 1. Public law may specifically require electronic dissemination. 2. Online access may be part of the agency mission, though not specifically mandated. 3. FOIA should be interpreted to cover electronic information, and should determine what is releasable in any format. 4. State of the art of information technology. Is the timing right? New technology may provide new opportunities for greater efficiency and effectiveness in service delivery. Flexibility of approach 1. Agency dissemination mission should be framed as broadly as possible, and should be enabling rather than proscriptive-allowing flexibility of choice of online vs. other modes of access. 2. Policy should allow flexibility to incorporate new information technology as opportunities for improved delivery arise. 3. Assessing public need should be guided by life-cycle concepts; e.g., consideration should be given to long-term use and disposition of data, besides immediate satisfaction of program objectives-planning for archiving. Boundaries or levels of access 1. Delineate levels or boundaries of access; e.g., data, software, computer. 2. Degree to which data has meaning without the system. 3. Software licensing constraints. 4. Information systems should be designed to carry out agency mission; public access should be defined by system design. 5. Systems should not be enhanced or redesigned to exceed mission requirements. Cost flexibility 1. If costs are covered by appropriated funds, agencies should not charge for access; if not covered by appropriations, then charge only to recover marginal costs. 2. Marginal costs should include maintenance, training, customer support, and value added products and services; also share of the costs of a government-wide locator system. 3. Agencies should delineate level of costs to be recouped that are acceptable to the agency; e.g., connect time vs. subscription. 4. Determine method and frequency of collection of user fees.
interagency
E.
F.
G.
Workshop
on Public Access
253
Recognition of private sector role 1. Agencies should “build” when private sector cannot offer viable solution; should “buy” when solutions are available in the marketplace. It is recognized that this can be tough to determine. 2. Agencies should develop methodology for assuring availability of marketplace solutions without becoming vulnerable to unwanted or dubious proposals. 3. Agencies should determine the most cost-effective formats for the widest possible dissemination. User public should be differentiated according to appropriate formats. to a system which improve mission-based service delivery, 4. Enhancements or conversion to new technologies which improve access or system effectiveness, are legitimate value-added functions not in competition with the private sector. Delineation of user/ public domain 1. Agencies should define who is their public. 2. Agencies should be able to anticipate, if not measure, public demand. without being 3. Agencies should be able to survey user needs/satisfaction constrained by Paperwork Reduction Act burden reduction provisions. Security controls security controls to mitigate risks to data 1. Need to provide appropriate integrity at both the applications and management levels. 2. System should be dedicated if database is static; if database is highly dynamic, this is not feasible. 3. To what extent does the agency wish to limit access; non-accessible data should be segregated.
NOTES AND REFERENCES I. 2.
3. 4.
A record of the third conference and the dissemination policy will be published in Gavernmenr Informaiion Quarterly, 10 (4). See Charles R. McClure, Ann Bishop, Philip Doty, and Pierette Bergeron, Federal Information Inventory/Locator Systems: From Burden to Benefit (ERIC Clearinghouse, ED 326247); and Charles R. McClure, Joe Ryan, and William E. Moen have identified 155 potential Federal information/ inventory locator systems. See Charles R. McClure, Joe Ryan, and William E. Moen, “Identifying and Describing Federal Information Inventory Locator Systems: Final Report.” Submitted to Office of Management and Budget, Office of Information and Regulatory Affairs, 1992. See Federal Regisrer (April 29, 1992), pp. 18296-18306. The draft has since been revised, and therefore this draft is not the final version.
John Okay Roxanne Williams*
In May 1991, the U.S. Environmental Protection Agency sponsored the first interagency conference on public access at Solomons Island, Maryland. The conference was in response to a growing need for increased public access, apparent in legislation and mission requirements, to government information. It offered departmental and agency representatives an opportunity to share experiences and to discuss the need for an integrated approach among the Federal departments and agencies to public access and dissemination of government information [see Government Information Quarterly, 9 (1992): 187-1981. The U.S. Department of Agriculture’s Office of Information Resources Management sponsored the second of these interagency meetings. Convened at Solomons, Maryland on November 18-19, 1991, the workshop focused on the issues surrounding public access to Federal computers, and the need for the development of policy statements that the various departments and agencies could adapt. This article provides an historical record of that conference.’
Numerous laws and department and agency missions have required that government information be made available to the general public. With the increase in use of computer and telecommunications technology, Congress, through separate pieces of legislation, continues to require agencies to make government information available electronically. At the same time departments and agencies receive increased pressure from their constituents for access to electronically stored information. Many of these same departments and agencies recognize that public access is a part of their overall missions, and, thus, are developing systems to meet these mission requirements. * Direct all correspondence to: Roxanne Williams, Special Assistant to the Director, office of Information Resources Management, U.S. Department of Agriculture, Room 414- W,ADMBG, Washington, DC20250. Government Information ISSN: 0740-624X.
Quarterly, Volume 10, Number 2, pages 237-253.
2.38
GOVERNMENT
THE DEPARTMENT
INFORMATION
QUARTERLY
Vol. lo/No. 211993
OF AGRICULTURE
The Department of Agriculture has addressed its information systems in stovepipe fashion, yet issues cross over units within the Department and with other departments. Most agencies deal with cross-cutting issues that do not recognize organizational boundaries (e.g., global change, food safety, water quality, and expansion of agricultural markets); thus, the need to share information is imperative. The Department is adopting an open systems concept and the technical capability exists to make these systems available to the public, The Department operates a mainframe for the use of all agencies at their option, and has a single processing center at the National Finance Center for all administrative processing. There are approximately 10,000 minicomputers and workstations and another 50,000 microcomputers containing program information in more than 12,000 agency field offices through the country. Although there are formal agreements for access to the Department’s systems with “cooperators” and Federal, state, and local government agencies, there is a vacuum of policies relating to public access. Private individuals and organizations, such as farmers and ranchers, private corporations, trade associations, and public interest groups, are now asking for access. The Office of Information Resources Management has established an “easy access” project to make it easier for farmers and others to do business with the Department in its county offices, but does not directly address public access. There is a need for a formal policy on the use of government computers to provide public access to information created by or for government agencies or collected by them in the process of carrying out their missions. This policy, while facilitating access, must at the same time protect the integrity, security, and privacy of the systems and data. This workshop attempted to arrive at a consensus on the direction the policy should take and on the issues the policy guidelines should address. The charge of the workshop was to: 0 l
Learn from each other; and Produce a framework containing broad policy guidance on public access that would be useful to all Federal agencies in defining their own specific policies and procedures and would reflect: (a) A consensus on what issues need to be covered in an agency policy or guideline; and (b) Some agreement on the direction those policies should take.
REVIEW OF FIRST INTERAGENCY CONFERENCE In reviewing the first interagency conference, Al Pesachowitz, Director of the Office of Information Resources Management, Environmental Protection Agency (EPA) explained that the agency had sponsored the first conference to define the issues, to help shape policy, to get ahead of the curve of requirements (legislative, mission, and user), and to coordinate effective programs that the agencies carry out. Public access is a complex concept with far-reaching implications for Federal agencies, and an addressing of the issues has been slow in coming.
Interagency
Workshop on Public Access
239
Cost issues, which dominated discussions in the first conference, revolved around the need for consistency in pricing policies, concerns over vendor re-sale, determining cost recovery, and how to deal with cost versus free decisions. This cost issue recently became more visible when the House Merchant Marine Committee proposed to offset revenue losses from a proposed repeal of an unpopular boat use tax by imposing a charge for online access to the Federal Maritime Commission’s Automated Tariff Filing Information (ATFI) system (see H.R. 2056). Other policy issues at that conference included the need to identify types of information and roles in disseminating information. Discussions on implementation of public access programs included the need for an inventory or locator on successful programs as a starting point for sharing information on what works. There was a belief that policy could be developed from practice. Other implementation issues included data refreshment, system design, user identification, and needs assessment. Funding, high-level commitment to public access, and the development of organizational ability to market are all essential to the development of successful and equitable public access programs. The need to stay current on technological developments was highlighted by recent action for the preparation of the National Research and Education Network (NREN). Consideration of public access early in the design of a system will affect that design. EPA’s various systems are written in different software and operate on different platforms. Its IRIS system, designed to provide information on the risk of chemicals in commerce to the regulated community, is under intense pressure to be made available to the public. Questions now focus on how to expand the system and how to get resources to provide the additional access, should the decision be made to do so. Public access must be seen as a major priority in the design, but this requires a change in attitudes of the program managers in their need to get the job done.
CONGRESSIONAL
PERSPECTIVE
Robert Gelman, Chief Counsel, House Government Information, Justice & Agriculture Subcommittee, addressed the issue of public access from two perspectives: legislative and information policy debates. There is wider acceptance of the need for openness in government and the belief that access is important. Issues center around cost and who will pay. New information technology has raised the value of information and the costs of providing it. The Office of Management and Budget’s (OMB) position on marginal cost will help with cost decisions, although some agencies are now beginning to see systems as a source of income. It was noted that the General Accounting Office has released several studies relating to the topic at hand. One relates to the barriers to information resources management in government, and another to the ways agencies use CD-ROM and bulletin board services to disseminate information and how standards impact these systems.
OMB PERSPECTIVE Peter Weiss, Senior Desk Office in the Office of Management and Budget’s Office of Information and Regulatory Affairs, presented the OMB perspective on public access
240
GOVERNMENT
INFORMATION
QUARTERLY
Vol. lo/No. 211993
through a discussion of the federal information locator study, electronic dissemination of information, and Circular A-130. A contracted study, done by Syracuse University’s School of Library and Information Studies, identified over 150 potential locator systems. The study addresses what characteristics a locator system might possess, what resources are needed, and where it should be located.* Interactions between industry and government have been primarily electronic. The electronic Commerce Business Daily (CBD) and EPA’s Toxic Release Inventory (TRI) represent government’s move to disseminate its information electronically. The Edgar system of the Security and Exchange Commission is both an electronic filing and electronic dissemination system. There is a need to integrate the concept of collection with dissemination, and address which tools are more appropriate for dissemination. When agencies decide to collect information they need to determine whether that information will just sit in the hands of government or whether it is information that the agency believes it should be disseminating. Planning for systems implementation should include the ultimate use of the information as well as the collection of the data. The planned revision of OMB Circular A-130 will provide high-level policy guidance on when information dissemination is appropriate:3 l l l
l
l
Where an agency collects and maintains information electronically for itself; Where electronic format is an appropriate means of making data available; Where information is in frequent demand. Decisions based on marginal cost must be made in deciding the format to be used: paper, CD-ROM, bulletin board, or online; Where substantial bodies of prospective users already have the technology available for access, and user friendly aspects have been incorporated into the systems’ design; and Where paper is still needed, it should be provided without imposition of substantial costs or burdens on users such as the states and small business.
SECURITY
CONCERNS
Lynn McNulty, National lnstitute of Standards and Technology (NIST), addressed the security issues brought about by public access to Federal computers. These issues fall into three categories: confidentiality, integrity, and availability. A number of laws address security of electronic information, including the Freedom of Information Act of 1974; the Privacy Act of 1974, which emphasizes confidentiality and requires the agency to publish a list of those systems which contain information on individuals; and the Computer Security Act of 1987, which requires agencies to identify computer systems containing sensitive information and to develop a security plan to protect the security and privacy of such systems. The latter act requires that security be designed into systems up front. Computer security specifications are part of design and development of systems, and new systems must receive certification of the IRM official. Appendix 3 of OMB’s Circular A-130 presents risk based considerations in determining access requirements. The collector of information has the responsibility for integrity of the data while they are in the agency’s custody. This responsibility should determine the mode of operation of a public access system, whether it will be operated in a:
heragency
0 l
0
241
Workshop on Public Access
Dedicated, Controlled Multi-level
stand-alone mode; location; or through access system.
a
Roy Saltman, also of NIST, stressed the importance of the integrity of data and systems. Agencies must identify vulnerabilities and take steps to prevent loss. Agencies are not responsible for the correctness of data coming in through collections; they are responsible for agency generated data. Both the filer and the agency are responsible when the collected data are analyzed by the agency and entered into a system. Systems design must concern itself with the volume of data and the methods of access and dissemination. There may be one sensitivity or a mix of sensitivities within one system, requiring varying levels of access.
CASE STUDIES The afternoon session discussed three categories of case studies: those that respond to legislation, those that respond to the public’s demand, and those where the agency recognizes the need and goes out ahead with a system. The Centers for Disease Control and National Center for Educational Statistics are examples of the latter. Veterans Service Organizations have had on site access to Veterans benefit and medical records for some time, but now want remote access from their offices. The Department must complete work on the language for a department-wide policy by May 1992. It is interested in providing access and is looking at whether a new network will be required, whether the Department can segregate data files, and whether access can be restricted to those the Department wishes to have access. The Department of Education plans to provide access to data surveys, permitting the user to link these together and build data files and extracts. The information in the system will have already been cleaned up and the identifiers removed, but linkage gives more information from a privacy standpoint than was originally planned and incorporated into the design. The Department is experimenting with a program through which organizations (education associations, education research groups, and some states) would be licensed to have remote access to certain sensitive data. Fines for misuse of the data would be the same for the end user as it is for the Department. In the Department of Agriculture, the Food Safety and Inspection Service (FSIS) has received requests to make its system on directives and guidelines available to the industry, as well as the Service’s inspectors. Most inspectors do not have computers, but they can use those retained in the regional offices. The industry is willing to pay for access to the regulations, just as it now pays for certain inspections. The Department’s General Counsel has ruled that the industry is not a cooperator and, therefore, access is not permitted under current policy. The Agricultural Marketing Service (AMS) runs a satellite system on a minicomputer to provide market news. All the requesters of information pay for the VSAT to access current data. The Service now plans to add archival data to the system distributed over several minicomputers on a product by product line. AMS is seeking policy direction on whether the public should have direct online access to these computers.
242
GOVERNMENT
INFORMATION
QUARTERLY
Vol. IO/No. 211993
The Patent and Trademark Office (PTO) system requires structuring of the data in order to use them internally. Tapes provided to the vendor requires expensive restructuring and the imaging system will be even more expensive to replicate. Researchers want the PTO to provide this restructuring; vendors do not. In discussions that followed, concerns were raised that an agency may be vulnerable if wrong data get out through a customer that resold them. There would also be concern if a reseller made a profit from the data. The FOIA permits a user to acquire data at marginal costs when a reseller charges too much and this, in theory, provides a balance. Working
Group Sessions
Following the case study discussions, the group broke into two working groups to address the policy issues and what should be incorporated in a policy statement. Working Group A One working group discussed the policy statement to be developed: what it will be and who should issue it. It should address: A-76, the types of data to be made available, charging and cost issues, types of users, security, capabilities and response time to be provided, fairness and equity in the provision of access, recognition that not all data can be made available, whether it would duplicate other services, working with constituents, alternative methods of dissemination, the impact on resources, and the electronic dissemination of information (EDI). While the group will be developing the policy framework in an informal manner, without official sanction, it is important to reach general agreement about the policy direction it should contain. Policy considerations should include the operating program, the level of Federal responsibility, information characteristics, interested user characteristics, and the information services environment. Open information systems should be justified on a case by case basis. Determinations need to be made based on what to do and how to do it, what the data are, who the users are, and whether the information is already being provided elsewhere. lmplementation decisions on the type of system and media used for public access are based on sensitivity of the data and system, whether the data are time sensitive and need to be maintained current, what the volume of the data is, how frequently the data are up-dated, and whether a hybrid system may be needed. Other implementation concerns have to do with security, cost recovery through a simplified billing system, and the quality of the data. Should there be some flexibility in charges with some paying more than others? To protect data integrity and ensure security, agencies will want to consider alternatives to the way in which they provide access: online, through access levels, segregation, account controls, and so forth. A risk analysis should be conducted to ensure that security concerns will be met. How will the agency respond if performance of the system is affected by large volumes of usage? Once a system has been made available, can it then be restricted to certain users or charges added where none had been charged previously?
Interagency Workshop OR Public Access
243
Conversion of a system, developing software, or conducting an analysis for an agency’s own use in meeting its mission requirements do not represent “value added.” Federal data cannot be copyrighted. When an agency’s mission requires public access and the budget is not available, the charges should be placed on the access. Agencies should not provide access to non-mission information. Working Croup B
There was consensus that everything not prohibited by law should be made available to the public. The Freedom of Information Act is the basic law guaranteeing public access, and the group believed that anything releasable under FOIA is releasable online or in any other electronic format, assuming that the information the agency has already collected or generated is maintained electronically. The agency mission determines what is collected. Improvements in technology change the way in which agencies do business and cause them to rethink their missions. The policy should be an enabling policy, not one that forces agencies to carry out a public access program but one that stresses a proactive right of the agency to provide its information. Access should be defined as applying to data and to the system. The policy statement should define the bottom line-that the agency will not provide in electronic format that information which appeared in paper. The policy should include cost considerations, permit proactive dissemination, and define whether the access is “universal” or limited to a specialized group. Other data available from the government are more research type data and are not for personal use. A checklist of items to be considered include the data (and the volume), the users (and their demands), the environment, and political considerations. Since the public may not always know what it wants, there is need for a visionary to understand what is needed and move ahead. User surveys need to be carried out, and these should not run up against A-130 collection burden requirements. There should be concern for future use of data-historical research is well beyond the mission of the agency. Design costs affect accessibility and budgets may neither permit the agencies to provide public access, nor undertake design efforts which include future use. However, to the extent possible, records retention schedules should be built into the systems. An index or locator system is needed to assist users in finding information. Users will need modems and PC’s to gain access to information in electronic format effectively. In many instances, users cannot get at information without the data, text, software, the system, and the computer being available. Questions were raised as to whether this is the right time to be offering public access and whether that access should be online? Is technology coming to the home, and, if so, will that change the methods of access? Possibly public access will need to include paper, online access, and a system similar to the French Minitel. Billing issues need to be addressed: does the agency charge?, what does it charge?, and how does it collect the fees? The group believed that if appropriated funds are available for this purpose, the data should be provided free; if not, charges should only be for the cost of providing them. Marginal cost, connect time costs, or other costs which contribute to the cost of making the information available are reasonable; marginal costs do not include the cost of collecting the data, and developing and maintaining the system. Do marginal costs cover support, maintenance, and training?
244
GOVERNMENT
INFORMATION
QUARTERLY
Vol. IO/No. 2/l 993
Relations with the private sector are a concern; agencies will want to protect themselves against accusations of competition. When should the agency provide the information? Agencies might want to use an RF1 to find out what is being done or use the Commerce Business Daily or Federal Register to announce its intention. The consensus is that there is no case for “value added” beyond that which is necessary for agency use. There may be a problem in providing access where copyrighted software is in use. Security considerations are important in any public access program, with consideration being given to confidentiality, integrity, and availability. The accessible data need to be segregated from the nonaccessible data in public systems; thus, dedicated systems may be the best approach. For data that need to be current, online systems may be best. However, there are other methods for maintaining the information. CDROM, with bulletin board updates, may be used for the basic set of information. Second Day Proceedings
The second day of the workshop began with presentation groups (see Appendix). Following the reports, the floor discussion, which centered on the following:
of reports from the work was opened for general
A definition of marginal costs is needed; what should be considered in determining marginal cost? Not all agencies have the authority to collect revenues. Those which do should describe what goes into their charges; Circular A-25 may help. Use of credit cards can simplify billing; agencies may use a 900 number, where the telephone companies will do the collection. From the viewpoint of those users looking for information, a single point of access is needed. A locator system would help with this problem. A number of agencies use other agency systems to provide public access. Before deciding to go out with a separate system, agencies should see what mechanisms are available in other agencies. What level of customer service should be provided? How would users be trained? Should staff help the user to interpret what the data mean? These functions are another cost factor and need to be addressed. At PTO the analysts cannot specifically help in searches, but documentation has been provided and is currently being evaluated. Terminals have been placed in libraries and the librarians often do training. Government should begin standardizing software for bulletin boards and the like. Other systems will need to be different (such as PTO) and there may be a role for the private sector. What about marketing? What is the role of government in letting the public know what exists? Should the policy address marketing? Press releases and announcements are still good and can be linked with other things, such as conferences, that the agency is doing at very low cost. Public services ads and 800 telephone numbers are available. Advertising may create needs the agency cannot respond to; agencies may be able to support each other with notices on systems such as bulletin boards and electronic mail.
heragency
Workshop
on Public Access
245
Should the policy address the online question? Discussion gravitates to online, but maybe smaller systems, such as bulletin board systems, will meet the need. The need has to be evaluated on a case by case basis; some may need print, others may need CD-ROM. Does the complexity of the data have a bearing on the decision? There should be no going-in presumptions on the media to be used in a public access system. Some systems need to be online if they are time sensitive or if there is an emergency need for the data. Others may be better in an offline system, pa~icularly when they contain any restrictions on the use of the data. Some systems, such as patent data, need to be online due to the size and type of searches conducted on the files; others due to the analysis that may be done with the data. It is wise to remember that what works today may not do so tomorrow. A shopper’s guide to electronic dissemination may be needed; a review of who is using a system-update this every two or three years. the Federai Register is online, on an agency by agency basis. The Government Printing Office is hoping to use a public access bulletin board to make six months of the Federal Register available. An agency may be able to get dollars to satisfy demands for products which support public access, but this has not happened in all cases. There is a need to prioritize secondary distribution; should it be an active dissemination program or respond only to requests? Agencies must take the burden of providing information in some format. The group needs to provide instructions addressing legal, cost, and security issues, and to reemphasize several points: (a)
(b) (c)
(d) (e)
Online focus-should not assume this is ihe way to provide access; use of common sense and good management techniques will help. A wide range of alternatives exist for information dissemination and public access. Equity-millions are being served who do not have equipment to use systems or the knowledge to use the systems or the data. Cost-marginal costs may be determined for those systems and activities not specifically covered by approp~ated funds. Determining marginal cost is relatively simple; it consists of cost allocation, cost accounting, and cost recovery. Bulletin board software issues. How involved should public affairs staffs become? Information dissemination needs a close coordination with public affairs’ offices to help the public identify information that is available.
PUBLIC ACCESS TO GOVERNMENT ELECTRONIC INFORMATION: A POLICY FRAMEWORK (WORKING DRAFT) Purpose This policy framework4 provides broad guidance on public access to government electronic information for the use of Federal agencies when defining their own policy
246
GOVERNMENT
INFORMATION
QUARTERLY
Vol. IO/No. 211993
and procedures. The guidance recognizes both the commonality across all Federal agencies in meeting their public access responsibilities and also the many areas where such guidance will vary because of special agency considerations. Why a policy is needed. Legislation, more frequently, is requiring Federal agencies to provide public access to specific types of information; technology advances provide less costly and more effective techniques to disseminate electronic information, resulting in a significant increase in the number of people and organizations that can utilize information in electronic format; and the increased recognition of the value of current information to the individual recipients and to the Nation has led to a growing demand on the part of the public to exercise its right to such access. Guidelines: l
l
Agencies need to recognize their obligation to respond to these public demands without waiting for further guidance from Congress or the Executive Central Management offices. Policy and guidelines developed independently by each Federal agency should be consistent in direction reflecting a single broad Federal policy on public access, with variations based on the special requirements of the agency.
GUIDING
PRINCIPLE
Agencies of the Federal government collect, produce, manipulate, evaluate, and maintain vast amounts of data which represent a valuable national resource. It is the obligation of these Federal agencies to ensure the availability of government information to the public in a useful and cost-effective manner. Guidelines: l
l l
The agency’s mission should be framed as broadly as possible. It should enable rather than proscribe dissemination. Agencies should follow the principle that Federal data cannot be copyrighted. When defining an approach, FOIA should be interpreted to include electronic information.
POLICY CONSIDERATIONS Type of Program. Data can be made available through planned outreach dissemination programs or in an ad hoc manner in response to specific requests for information. Guidelines: l
The selected type depends on factors such as the demand, the type of data, the benefits to the recipients and to the Nation, the level of fairness and equality of access provided to those needing the data in the selected approach, and the rationale for the dissemination program.
Interagency
l
l
l
Workshop
247
on Public Access
The requirement for dissemination and the method(s) to be used should be included in the initial justification, design, and management of an information system. An effective information dissemination program requires even greater involvement of program information specialists than technology experts. Who “owns” or is custodian of the data element and takes responsibility for its quality? Agencies should include libraries in planning dissemination outlets.
Program Rationale. It is recognized that not all government data can or should be made available. Some restrictions are based on national security, the rights of individuals and businesses for privacy, and on laws specifically restricting access. Before defining a dissemination program, agencies need to identify the motivation for the program in justifying this expenditure of public funds. The following are some of the key reasons for defining a dissemination approach: I. 2. 3. 4.
Electronic dissemination is specifically required Information dissemination is basic to carrying The agency determined that there is sufficient justify a dissemination program; and The agency receives outside requests to provide
by legislation; out the agency’s mission; demand for the information
to
specific information.
Guidelines: 0
0
0
0
0
0
0
Agencies must define their public. They should be able to anticipate, if not actually measure, public demand. They should survey user needs and satisfaction with existing systems. Dissemination programs should include actions to inform potential users of the existence of the dissemination service. This must be recognized as a continuing responsibility. Agencies should validate demand before initiating a dissemination program. This is particularly important when the dissemination is not clearly mandated by mission or legislation. “It seems like a good idea” is not sufficient justification. Agencies should include state and local governments in the planning of dissemination systems, both as recipients and providers of data. The implementation of an effective public dissemination service requires the efforts of skilled and dedicated personnel. Agencies must recognize the importance of this activity by assigning the required staff to the program. Generally, agencies need to expect that they will lose control of their data after the data have been disseminated to end users or information multipliers, and agencies cannot place limits on how the data will be used. Agencies should not disseminate or collect information, even when requested, that is not required to directly support its mission. Agencies must fully justify any new dissemination initiatives to ensure wise expenditure of public funds.
248
GOVERNMENT
INFORMATION
QUARTERLY
Vol. IO/No. 2/l 993
Technology Approach. There are numerous approaches available for dissemination of electronic information. Agencies should consider a variety of media. The appropriate selection will be made on a case-by-case basis. The following are some alternatives to be considered: online access to a mainframe computer; distribution through media such as CD-ROM, PC diskette, and magnetic tape; PC-type bulletin boards; or facsimile transmission. Guidelines: Even when electronic dissemination is mandated through legislation, agencies should identify and utilize any flexibility allowed in approach to select the best method for dissemination. Agency information should be managed in a manner which will promote access to and dissemination of that information to the public. Agencies should utilize, where possible, an approach that avoids software licensing costs and constraints and vendor-dependent solutions when selecting formats or software that is included with distributed data. Joint dissemination projects are encouraged to the extent that they are more cost effective to the Federal agencies and/ or to the public being served. The selected approach should consider equality of access and provide the broadest possible level of access. Multiple approaches are acceptable, if cost justified, to reach a broader audience. Current technology provides new alternatives for effective dissemination which compromise on the level of service should be considered. If necessary, sophistication to reach a wider audience in a less costly manner. Before an online service is offered, agencies must ensure that they have the computer and telecommunications capacity available to meet the required performance standards without degrading mission support services, can provide the training or appropriate manuals for users, operate a software environment that supports the type of users expected, and support a help desk capability to deal with user problems. Any justification for implementing a dissemination service must address these issues. Further, the agency must consider the need to have program staff available to answer end user questions about the information content. Costing Flexibility. The objective is to provide government information at the most reasonable cost while meeting the needs of users based on the specific special characteristics of the data. Agencies may recover marginal costs for dissemination, but they should not attempt to profit or recover unrelated costs through the sale of Federal information. Guidelines: l
When justified, marginal costs may include maintenance, training, customer support, computer and data communications costs for access to the data or production costs for the delivered product in the case of non-online techniques, and any additional costs associated with providing the dissemination service.
heragency
0
0
l
l
l
Workshop on Public Access
249
When dissemination costs are specifically covered by appropriated funds, agencies should not charge for access. Agencies should establish an equitable approach to charging, utilizing the simplest approach possible. Subscription charges rather than actual usage are acceptable as long as they can be demonstrated to be equally applied to all. Variable rates charged for different categories of users must be justified. Agencies may even consider free or reduced rates to selected users. Agencies should determine a method for collection of user fees and the frequency with which these fees will be collected before the product or service is made available. Agencies must have a mechanism in place to accurately measure access charges based on the established approach.
Security Controls. Security represents a primary consideration in determining methods adopted to provide broad based access to government information.
the
Guidelines: Agencies must identify all “sensitive information” contained in the information system, as defined by the Computer Security Act of 1987, and ensure that public access policies include and are consistent with the requirements of the Act. Security safeguards must consider protection of confidential or sensitive information, maintenance of data integrity (preventing unauthorized modification), and providing system availability (system is performing and is accessible during operational hours). Security safeguards should include tracking of all accesses to an online system. Agencies should consider moving the public data to a separate system specifically dedicated to public access. Agencies must determine, using risk analysis or similar techniques, whether public access should be allowed in a system containing restricted access data. An important factor is the technique used to segregate the data. The risk analysis will include computer facility security protection, the software and procedural protection in the operational environment, the level of sensitivity of the data maintained in the system, and the potential threat to the data integrity. Agencies should consider dissemination through read-only technology such as CD-ROM when there is concern that data will be improperly represented or applied after it leaves the government. Private Sector, State, and Local Government Role. To the extent possible, agencies should work with the private sector, and state and local governments, to implement dissemination services that best meet the requirements of the government and the public in a cost effective manner. Guidelines: l
Agencies may develop a dissemination service that duplicates one already in the private sector if advantages are offered that justify the government-provided
GOVERNMENT
250
0
INFORMATION
QUARTERLY
Vol. lo/No. 211993
service. Examples of such advantages are: lower cost, the ability to reach specific audiences that would not be served by the private sector, or the software or technology used in the government system provides additional capabilities that increase the usefulness of the data. Enhancements to a system, conversion to new technologies, or addition of software for evaluation of data which are required for effective use of the data by agency personnel, are legitimate value-added functions in a dissemination system and are not in competition with the private sector. Conversely, agencies should not spend Federal funds for developing special software, redesigning formats, or providing other enhancements for the public which are not required to meet agency mission requirements. Agencies should develop methodologies for identifying marketplace solutions without becoming vulnerable to impractical or dubious proposals. Agencies should fully explore and take advantage of opportunities to develop information disseminating programs in conjunction with state and local governments and establishments such as universities and libraries. Agencies should maintain open and full communication with the private sector, within limits of the law, when planning information dissemination services to encourage beneficial approaches and partnerships.
APPENDIX REPORT OF WORKING What are the considerations government computers? A.
B.
GROUP A
which go into the creation
of a policy
on access to
What type of policy is needed - formal or informal; how complete must it be? 1. What policy needs to be created? 2. Who will issue the policy? 0 does there need to be official sanction 0 the group should seek general agreement l it should provide an intelligent discussion of alternatives l it should be framework rather than a “model” What should the policy address? 1. A-76-government responsibilities vis-a-vis the private sector l are duplicative systems o.k.? l what is “value added;” when can government provide it 2. Types of data 3. Charging issues l cost recovery vs. free 0 variable rates for different users l basis for rate determination l billing mechanism-simple
interagency Workshop on Public Access
4.
C.
D.
251
Security 0 consider alternatives in: 0 controlled vs. remote access 0 accounts vs anonymous access l extracts of accessible data l data integrity 5. Types of users 6. Impact on resources 0 decrease capabilities 0 decrease response time 7. Electronic data interchange 8. Fairness and equity of service 9. Alternative dissemination or access methods. l recognition that not all data can be made available 0 budget constraints 10. Case justification guidelines Outline for the model policy: 1. Policy section-what and why 0 characteristics of operating program l characteristics of data l characteristics of users 0 information services environment 2. Implementation principles how-systems and media (when online?) 0 sensitivity of data 0 market effect 0 low volume-short access times 8 frequency of update l security capabilities 0 consider hybrid 0 security l cost recovery 0 simplified billing? Visa, 900 number l charge vs. free determination 0 quality Parting wisdom: 1. If you develop analysis software to meet internal requirements, it iS not value added. 2. Follow the principle that Federal data cannot be copyrighted. 3. Handling special requests 0 Mission related-charge for it l Non-mission related-do not do it 0 Be careful about justifying service based only, or primarily, on benefit to others 4. Look for simple, less expensive solutions 0 bulletin boards, CD-ROM
GOVERNMENT
5.
Avoid problems you learn.
when possible.
INFORMATION
A.
B.
C.
D.
warrant
Vol. lo/No. 211993
Start with simple cases and progress
REPORT OF THE WORKING What conditions
QUARTERLY
public access to Federal
as
CROUP B
computers?
There must be:
Motivational imperative-the “why” 1. Public law may specifically require electronic dissemination. 2. Online access may be part of the agency mission, though not specifically mandated. 3. FOIA should be interpreted to cover electronic information, and should determine what is releasable in any format. 4. State of the art of information technology. Is the timing right? New technology may provide new opportunities for greater efficiency and effectiveness in service delivery. Flexibility of approach 1. Agency dissemination mission should be framed as broadly as possible, and should be enabling rather than proscriptive-allowing flexibility of choice of online vs. other modes of access. 2. Policy should allow flexibility to incorporate new information technology as opportunities for improved delivery arise. 3. Assessing public need should be guided by life-cycle concepts; e.g., consideration should be given to long-term use and disposition of data, besides immediate satisfaction of program objectives-planning for archiving. Boundaries or levels of access 1. Delineate levels or boundaries of access; e.g., data, software, computer. 2. Degree to which data has meaning without the system. 3. Software licensing constraints. 4. Information systems should be designed to carry out agency mission; public access should be defined by system design. 5. Systems should not be enhanced or redesigned to exceed mission requirements. Cost flexibility 1. If costs are covered by appropriated funds, agencies should not charge for access; if not covered by appropriations, then charge only to recover marginal costs. 2. Marginal costs should include maintenance, training, customer support, and value added products and services; also share of the costs of a government-wide locator system. 3. Agencies should delineate level of costs to be recouped that are acceptable to the agency; e.g., connect time vs. subscription. 4. Determine method and frequency of collection of user fees.
interagency
E.
F.
G.
Workshop
on Public Access
253
Recognition of private sector role 1. Agencies should “build” when private sector cannot offer viable solution; should “buy” when solutions are available in the marketplace. It is recognized that this can be tough to determine. 2. Agencies should develop methodology for assuring availability of marketplace solutions without becoming vulnerable to unwanted or dubious proposals. 3. Agencies should determine the most cost-effective formats for the widest possible dissemination. User public should be differentiated according to appropriate formats. to a system which improve mission-based service delivery, 4. Enhancements or conversion to new technologies which improve access or system effectiveness, are legitimate value-added functions not in competition with the private sector. Delineation of user/ public domain 1. Agencies should define who is their public. 2. Agencies should be able to anticipate, if not measure, public demand. without being 3. Agencies should be able to survey user needs/satisfaction constrained by Paperwork Reduction Act burden reduction provisions. Security controls security controls to mitigate risks to data 1. Need to provide appropriate integrity at both the applications and management levels. 2. System should be dedicated if database is static; if database is highly dynamic, this is not feasible. 3. To what extent does the agency wish to limit access; non-accessible data should be segregated.
NOTES AND REFERENCES I. 2.
3. 4.
A record of the third conference and the dissemination policy will be published in Gavernmenr Informaiion Quarterly, 10 (4). See Charles R. McClure, Ann Bishop, Philip Doty, and Pierette Bergeron, Federal Information Inventory/Locator Systems: From Burden to Benefit (ERIC Clearinghouse, ED 326247); and Charles R. McClure, Joe Ryan, and William E. Moen have identified 155 potential Federal information/ inventory locator systems. See Charles R. McClure, Joe Ryan, and William E. Moen, “Identifying and Describing Federal Information Inventory Locator Systems: Final Report.” Submitted to Office of Management and Budget, Office of Information and Regulatory Affairs, 1992. See Federal Regisrer (April 29, 1992), pp. 18296-18306. The draft has since been revised, and therefore this draft is not the final version.