critical information flows presentation
DESCRIPTION
This is my first presentation on the topic of information sharing entitled, "Critical Information Flows", the first in a series of reports and presentations culminating in my thesis work on information sharing and exchanges.TRANSCRIPT
Critical Information Flows: Effective Policymaking in Government
(C) 2008 Alina J. Johnson
Outline of Presentation
Problem Statements
Timeline
Methodology
Framework
Next Steps
Framework: Transparency Oversight Privacy Accountability Security
Problem Statements
What information sharing policies currently exist? Is terrorist information just a subset of information that
needs to be protected or secured in some way? Can information be both private and secure? Is security feasible today? Is privacy being challenged today? Are there levels of security and privacy?
© 2008 Alina J. Johnson
Timeline – Federal ResponseSept. 11, 2001 Terrorist Attacks upon the United StatesOct. 8, 2001 Executive Order 13228Oct. 26, 2001 USA PATRIOT ActJuly 16, 2002 National Strategy for Homeland SecurityNov. 25, 2002 Homeland Security ActJuly 29, 2003 Executive Order 13311Aug. 27, 2004 Executive Order 13355
Executive Order 13356 Homeland Security PD-11
Dec. 17, 2004 Intelligence Reform and Terrorist Prevention Act
(c) 2008 – Alina J. Johnson
Timeline
Oct. 25, 2005 Executive Order 13388 Dec. 16, 2005 Memo to Congress
Memo to Agency HeadsOct. 27, 2007National Strategy for Information Sharing
Are We Safe?
Adoption of best practices applied to all information flows
Industry (domain) specific protections
Inter-agency and intra-agency communication
Intra-agency communication
International (Global)Local or National
HOLISTICMYOPIC
(c) 2008 – Alina J. Johnson
How It's Done
GAO Reports 06-385 07-1036
Presidential Directives HSPD-11
Executive Orders 13311 13388
© 2008 Alina J. Johnson
How It's Done
National Intelligence Estimates– The Terrorist Threat to the US
Homeland A mixture of intelligence, military,
civilian, governmental, and private citizenry information sources
Domain-Specific Information Sharing Policies
HIPAA, 1996 Health information sharing within the
health/medical industry
PCI-DSS, 2006 Payment account data security within
the payment card industry
Stakeholders Laws and Entities
PRIVATE SECTOR Electronic Frontier
Foundation; American Civil Liberties Union; Electronic Privacy Information Center; a robust, secure information sharing architecture; Cato Institute; the public (American people); other world citizens
PUBLIC SECTOR Freedom of
Information Act (1966); Government Accountability Office; the Privacy
Board; Inspector General(s); Federal Information Security Management Act (2002); the U.S. government; other world governments
Framework of Analysis
Transparency Laws, Foundations, Policies, Rules,
Regulations Oversight
Agencies, Organizations, Foundations, Policies
Privacy Interoffice/agency, Intraoffice/agency,
public from private, classified from nonclassified
Framework of Analysis
Accountability Laws, Agencies, People
Security How is this achieved?
Private Sector vs. Public Sector
Transparency www.eff.org
Oversight CATO, EFF, EPIC,
ACLU Privacy
www.epic.gov Accountability
www.aclu.org Security
FOIA, www.usa.gov www.gao.gov www.privacyboard.gov
Inspectors General FISMA, 2002 National security,
defense, homeland security, information sharing and global diplomacy policies
Compare & Contrast - Privacy
Public Sector The Privacy
Board, established under IRTPA
FISMA, 2002 eGovernment
Act, 2002
Private Sector Numerous
organizations, institutions, and foundations
standards, best practices: common ground
Compare & Contrast - Security
Public Sector FISMA, 2004
Framework for securing the federal government's information technology
Private Sector SISA
Collaborative work effort across six organizations
Next Steps and Challenges Ahead
Difference between Presidential directive, Executive order, Initiative, and Presidential Memo/Press Release – power of law
Overlap among vision/mission statements How to mitigate risk by establishing sound practices Identification of proactive and reactive agencies Information Flows - inter and intra-agency and governmental
communications Current industry/domain-specific protections (laws and
regulations such as HIPAA, FOIA, PCI-DSS security standards) that limit broad information sharing practices
Concerns, such as Real ID (DHS): http://www.gcn.com/online/vol1_no1/45737-1.html
Others?
Bibliography
American Bar Association (2004). International Guide to Privacy. Chicago: ABA Books.
American Bar Association (2004). International Guide to Cyber-Security. Chicago: ABA Books.
Bimber, Bruce (2003). Information and American Democracy: Technology in the Evolution of Political Power. New York: Cambridge University Press.
Bok, Sissela (1989). Secrets: On the Ethics of Concealment and Revelation. New York: Vintage Books.
Bibliography
Fisher, Louis (1985). Constitutional Conflicts Between Congress and the President. Princeton: Princeton University Press.
Li, Joyce (2003). The Center for Democracy and Technology and Internet Privacy in the U.S.: Lessons of the Last Five Years. Maryland: The
Scarecrow Press. Surowiekcki, James (2004). The Wisdom of
Crowds. New York: Doubleday.
Bibliography
National Commission on Terrorist Attacks Upon the United States. (2004). The 9/11 Commission Report: Final Report on the National Commission on Terrorist Attacks Upon the United States (Authorized Edition). NewYork: W.W. Norton & Company. Papers/Publications
CBACI Terrorism Info. (Sept. 2006). 9/11 Five Years Later: Successes and Challenges.
CBACI Terrorism Info. (2002). Critical Information Flows in the Alfred P. Murrah Building Bombing: A Case Study.
Bibliography
Papers/Publications Center for Digital Government. (2007). I AM
WHO I SAY I am: The Role of Identity and Access Management in Government.
CRS Report for Congress. (April 5, 2006). Protection of Classified Information by Congress: Practices and Proposals.
Director of National Intelligence (Feb. 2007). The 2006 Annual Report of the United States Intelligence Community (Unclassified).
Bibliography
Papers/Publications Institute for Bioethics, Health Policy and Law,
University of Louisville School of Medicine. (Nov. 2003). Quarantine and Isolation: Lessons Learned from SARS.
National Intelligence Council (July 2007). The Terrorist Threat to the Homeland.
U.S. Government Accountability Office, (June 26, 2007). OECD's Second World Forum on Statistics, Knowledge, and Policy, Istanbul, Turkey. How Key National Indicators Can Improve Policymaking and Strengthen Democracy.
Bibliography
Papers/Publications U.S. Government Services Administration,
(Issue 19, May 2007). Office of Citizen Services and Communications, Intergovernmental Solutions Division. Protecting Personally Identifiable Information (PPI).
U.S. Government Accountability Office. Information Sharing: #02-1048R
Any Further Questions
....Thank you!
(c) 2008 – Alina J. Johnson