Issues in public access: The Solomons conferences

Government Publications Revielrx, Vol. 20, pp. 251-272, 1993 0277-9390/93 $6.00 + .OO

Printed in the USA. All rights reserved. Copyright 0 1993 Pergamon Press Ltd.

ISSUES IN PUBLIC ACCESS: THE SOLOMONS CONFERENCES

J. TIMOTHY SPREHE* President, Sprehe Information Management Associates, 1301 Pennsylvania Ave.. N.W.. Suite 507,

Washington, DC 20004-1701, U.S.A. Internet: pOO269@ psilink.com

Abstract - In 1991 and 1992, officials in the offices of information resources management in several federal agencies held interagency conferences on public access to electronic government information. The conferences were held at Solo- mons, Maryland. and became known as the Solomons conferences. The first conference. sponsored by the Environmental Protection Agency in May 1991. consisted principally of the sharing of ideas and experience with regard to agency information dissemination programs. The second conference, sponsored by the Department of Agriculture in November 1991, concentrated on the question: under what conditions should the public have online access to federal computers’.’ An outcome of the second Solomons conference was a working draft policy framework on public access to government electronic information. In July 1992. the author sponsored a public/private sector dialogue to critique the draft policy framework. The dialogue addressed questions such as: Who is(are) the public(s)?; security controls and public access: value enhancement in the public sector: user charges and restrictions on redissemination; and netw,orks and public access. The public! private sector dialogue served as input to the third Solomons conference. spon- 5ored by the Department of Commerce in September 1992. The third conference concentrated more on cost recovery and pricing of information products.

In 1991 and 1992, officials in the offices of information resources management in several federal agencies held interagency conferences on public access to electronic government information. The conferences were held at Solomons, Maryland, and became known as the Solomons conferences. The Environmental Protection Agency organized the first conference in May 1991, and the Department of Agriculture sponsored the second conference in November 1991. The author organized a public/private sector conference in July 1992 to discuss a working draft public access policy framework that resulted from the second Solomons conference. In September 1992, the Department of Commerce sponsored

the third Solomons conference. This paper reports on the proceedings of these various meetings and synthesizes the

major issue areas arising out of the conferences and facing federal agencies as they develop more aggressive policies for public access to their databases.

THE FIRST SOLOMONS CONFERENCE

The Environmental Protection Agency (EPA) sponsored the first interagency conference on public access to federal electronic information at Solomons, Maryland, on May 20-21.

* J. Timothy Sprehe, Ph.D., was formerly with the Office of Management and Budget where he was the principal author of OMB Circular No. A-130, Mrrnngetnenf of Faderr~l Infhwmtion Resorrrc~e.s. He is now a private consultant specializing in federal information policy.

251

252 J. I-. SPREHE

1991. The purpose was to share experiences about changing demands and technologies for government information dissemination. What made the conference more than just another blip on the federal conference screen was that, for EPA at least, the business of whether and how the government puts data into the public’s hands has become a serious senior management concern, as matters both of policy and of operations.

Since becoming law in 1986, EPA’s Community Right to Know legislation [I] has required that the Toxics Release Inventory database be made accessible to the public via telecommunications. As one result the agency has faced a strong public sentiment that all its data should be publicly available-available with substantial value added and available immediately. Public interest groups and congressional staff drafting new legislative initiatives in the environmental field are increasingly including instantaneous and comprehensive public accessibility to information. The prospect of wholesale accessibility of agency databases faces EPA’s administrative officials. EPA’s information resources management (IRM) officials have come to believe that, far from a defensive posture, their agency must be ahead of the trend and take a proactive dissemination policy and program stance. Officials envision that, if EPA does not voluntarily demonstrate leadership on public access, Congress might pass legislation that could prove far more administratively painful than any risks EPA would run from taking the initiative. Hence EPA’s motive for the conference was to find out how other federal agencies were coping with the new conditions of the 1990s.

The conference brought together information dissemination experts from a generous spoonful of Washington’s alphabet soup: in addition to EPA, the Office of Management and Budget (OMB), the National Technical Information Service (NTIS), the National Oceanic and Atmospheric Administration (NOAA), the Bureau of Labor Statistics (BLS), the U.S. Geological Survey (USGS), the National Center for Health Statistics (NCHS), the Federal Energy Regulatory Commission (FERC). the Energy Information Administration (EIA), the U.S. Department of Agriculture (USDA), the Securities and Exchange Commis- sion (SEC), the Patent and Trademark Office (PTO), the Internal Revenue Service (IRS), and the Census Bureau, in addition to some congressional staff. For two days they practiced what they called “level setting,” that is, discovering whether they were all coming from roughly the same place on the issues. At that point, May 1991, OMB had no hard news to report on OMB Circular No. A-130, nor did a staff member from the House Subcommit-

tee on Government Information foresee any major legislative events on public access in the near future. The Census Bureau described its efforts to meet the demand for accelerated dissemination of time-sensitive data through an online system called CENDATA. NCHS reported that it sponsors a public health data network through which NCHS provides data files free to states and schools of public health and receives in return valuable feedback insights into user needs. FERC said it operates a bulletin board called the Commission Issuance Posting System to provide free and timely access to FERC news releases, regulations, and other documents. The SEC’s Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system was receiving test filings and planned to offer its full suite of dissemination services by late 1992. USDA described the Computerized Information Delivery Service, a system for dissemination of time-sensitive or “perishable” agricultural information. The participants also heard the National Science Foundation discuss the development and potential of NREN, the National Research and Education Network.

The lively discussions surrounding these show-and-tells revealed that federal agencies were learning some valuable lessons from their public access programs. They learned that, as public data users become more sophisticated, they provide the agencies with a stream of surprisingly good ideas about improving the quality and ease-of-use of the data,

Issues in public access: The Solomons conferences 253

in effect multiplying the agencies’ own analytic capabilities. They learned the folly of relying on their information products as a revenue source. They learned, too, that the more data services they give the public, the more the public wants; supply generates greater demand.

THE SECOND SOLOMONS CONFERENCE

Under What Conditions Should the Public Huve Online Access to Federal Computers?

This question was the organizing principle behind the second Solomons conference in mid-November 1991. Many federal agencies were contemplating arrangements that would permit members of the public to connect directly into agency computers in order to query databases and download government information.

Depending on the agency, the prospect of online public access was viewed as either an exciting new challenge in service to the public or something terrifying to be resisted at all costs. The Centers for Disease Control (CDC) and the National Center for Educational Statistics (NCES) welcomed online public access to their computers; these agencies were designing special programs to encourage the public to explore agency data. For agencies just now being pestered by data users to open up agency databases that may include sensitive identifiable data on persons, the idea of members of the public wandering inside their databases was a nightmare.

The group of federal agency officials attending the second interagency conference on public access seemed to be convinced that online public access was a foregone conclusion, a natural extension of current technology trends. USDA’s Office of Information Resources Management hosted the meeting and expressed the hope of laying the groundwork for a policy directive governing online public access. At present USDA has a department-wide policy that no public access to agency computers will be permitted. At the same time USDA has promised to reassess departmental policy in light of increasing requests for various kinds of online public access.

Participants examined a set of real-life cases facing their agencies.

l CDC has created WONDER, standing for Wide-ranging ONline Data for Epidemiological Research. WONDER is a computerized information system that provides online access to epidemiologic and public health data sets for state and local health departments, the Public Health Service, and the academic public health community.

l USDA’s Food Safety and Inspection Service (FSIS) described the Document Issuance and Automated Library System (DIALS), a text database management system containing the legislation, directives, and notices relevant to meat and poultry inspection. FSIS is currently tussling with the policy issues surrounding making DIALS accessible to state inspection agencies and to the 8,000 establishments where FSIS inspections are carried out.

l The Patent and Trademark Office explained PTO’s public access quandary. Making the PTO database widely available will not satisfy users; users want access to PTO’s value- added system for conducting sophisticated searches. PTO is sympathetic to user needs but must also be sensitive to the fact that commercial value-added providers offer highly similar services.

l NCES said it recognized that perhaps no one but NCES is capable of establishing linkages among several of its large survey databases. NCES is contemplating creating a very large database that would consist of linked data sets and that would be available online to researchers in the public. One downside is that the same linkages that enhance

254 J. T. SPREHE

the databases’ value to researchers also enhance the likelihood that individual privacy could be violated.

l The Department of Veterans Affairs (DVA), noted that DVA has a special relationship with veterans’ service organizations (VSO). The VSOs, avid users of DVA data, also regularly offer to their membership the service of searching veterans’ records to explore whether the veterans are eligible for certain benefits. When a VSO operating on DVA premises acquires limited power of attorney to gain access to a veteran’s benefit claims record, DVA permits the VSO to link its computer into DVA’s mainframe to search the record. While DVA has refused to grant off-site remote access to its mainframe and never permits access to veterans’ medical records, the agency recognizes that the pressures for public access are growing in complexity and is seeking systematic policy solutions.

l The Federal Highway Administration (FHWA) has an electronic data sharing program with state highway agencies. FHWA maintains a number of national databases that are shared online with the states: federal aid project data; motor carrier data; highway statistics; highway research; a commercial driver’s license information system; and a highway performance monitoring system. Under development is CHIPS, the Compre- hensive Highway Information and Planning system, a joint state-FHWA information system that will integrate various highway-related databases. FHWA is in the process of joining two networks, one run by the American Association of State Highway and Transportation Officials and one sponsored by the American Association of Motor Vehicle Administrators.

A major factor influencing an agency’s stance toward online public access is the perception of the security threat, especially the likelihood that users can gain access to individually identifiable data in violation of the Privacy Act [2]. The National Computer Systems Laboratory at the National Institute of Standards and Technology stressed the importance of designing security into systems from the outset with a set of decisions based on careful risk assessment. The simplest way to ensure that members of the public gaining online access to a public-use system cannot enter into other systems or databases is to physically isolate the public-use system in its own dedicated, stand-alone computer. Often a sophisticated microcomputer is sufficient to handle the public use databases.

The federal computer security community possesses a widely shared perception that most federal computer systems are security disasters waiting to happen. Again and again, security appears to be patched onto federal information systems as an afterthought instead of being designed as part of the system from the outset. Once system managers satisfy themselves they have a secure system, they tend to assume that the system is impenetrable and they forget about security. In particular, when networking grows, agencies tend to overlook ways in which unauthorized users can leapfrog from unclassified systems into classified systems.

Conference participants appeared to leave the conference convinced that spelling out the governing policies for online public access to federal agency computers was almost within their grasp. Online access had become technologically easy. There are sound answers to the security issues if they are only applied. More and more there is no good reason for agencies to say no to public demand for online access.

The PubliclPrivate Sector Diulogue

As an outcome of the second Solomons conference, USDA and others developed Work- ing Draft: Public Access to Government Electronic Information: A Policy Framework,


included here as Appendix I; this document was widely circulated during the spring and summer of 1992. The framework was the Solomons conferences agencies’ first attempt at a consensus public access policy, although the framework was not itself considered to be the policy, Rather, the framework was to be the basis upon which each participating agency would build and tailor a policy to its own circumstances.

The Solomons conferences made substantial strides toward a common policy framework. In the eyes of the author and many others, they have also raised a major question: Zf the objective is to develop a policy facilitating greater public access, should not the public be asked to participate in formulating the policy? The absence of voices representing the public during the policy formulation holds certain dangers. It holds the danger that, once the agencies have finished formulating the public-access policy, the public may reject the policy. It holds also the danger of paternalism, the notion that somehow the agencies know best what the public needs by way of access to agency databases.

On the other hand, the agencies have apparently felt the need to develop ideas first among themselves before exposing them to public user and interest groups. For the agencies a major question has been whether they can even arrive at a common policy framework, let alone whether the public will accept the framework. The desire to “get their ducks in a row” seems to be the principal factor that has kept the agencies from involving the public in the Solomons process to date.

While the agencies are far from finished with their work, the Working Draft Policy Framework is at least a first statement of what they are doing. The framework was taken as the principal focus of a meeting held on July 15, 1992, in Washington, DC [3]. The purpose of the meeting was to engage in a public/private sector dialogue about the framework. The meeting was to be an informal, nonconfrontational exchange of ideas among public and private sector people who share common goals of increasing public access. To this end some 30 experts, half federal agency personnel and half private sector personnel, chosen for their individual qualifications rather than as institutional representatives, gathered to discuss the framework.

The Working Draft Policy Framework: A General Critique

Patricia Bauman, president of the Bauman Foundation, opened the public/private sector dialogue by noting that the excitement in information access today centers around how rapidly access is expanding and how many government agencies are considering the issues and formulating policy. In this sea of change it is important for those constructing policy and those affected by it (e.g., commercial and nonprofit groups) to discuss the issues, to understand their diversity, and to fashion diverse responses. The common thread in the discussions, however, has to be to involve the public early and often in formulating information access policy. In designing and evaluating new policies and techniques there is no substitute for user feedback. The goal of the public/private sector dialogue was not to achieve a consensus or rewrite the Solomons draft or to adopt a specific position or program. The goal was rather to have the discussion itself, which begins the process of involving the public in formulating information access policies.

The centerpiece of the public/private sector dialogue was the working draft policy framework. The discussion began with an exposition of the framework by federal personnel. Henry Perritt, Professor of Law from Villanova University, then presented a private sector reaction to the draft policy framework. He identified two key points on which remarkable consensus has been reached:

256 J. T. SPREHE

l There is an affirmative government role in disseminating information in electronic form, at least in some cases.

l The government may add certain types of value to the raw information.

At the same time, there are a number of open issues related to the boundary between the public and private sector roles:

l Who adds different types of value? l How are different types of value priced? l What types of value are appropriate? Deciding this issue depends on how the markets

(publics) are defined and contrasted (e.g., dissemination through resellers, wholesalers, and intermediaries versus transfer directly to end users).

l How to deal with the certainty that whatever markets are defined are going to shift over time?

l How to deal with technological uncertainty, choose the appropriate delivery or access mechanism?

l How to provide a directory or locator service’? New and potentially inexpensive alternatives may relate to Internet, NREN, or the developing wide-area-server systems.

Perritt then presented seven propositions to address these issues:

1. There should be a diversity of information products, because agencies cannot know permanently what users want, and the technology is volatile. Agencies should also consider multiple suppliers, possibly including themselves, to enhance private sector alternatives.

2. It is appropriate to distinguish between value added by an agency for its own purposes and value added solely for external consumption and public use. The former may be modestly priced to the public, but the latter should be priced at market value.

3. Libraries are the natural safety net for those who do not use electronic information, but the information community has not decided what that means. Which libraries are included? How does information get from agencies to libraries? If the government sponsors a distribution system, how does that mesh with diversity?

4. Agencies must recognize the interplay between the Freedom of Information Act (FOIA) access obligations and dissemination. First, since FOIA probably covers electronic data, indexes, and some software, agency pricing decisions should take into account that entrepreneurs can use the FOIA authority to undersell the agency and circumvent agency user fees. Also, if an agency anticipates many FOIA requests, it should design into its information systems some active dissemination and save FOIA response costs.

S. Security risk assessment is necessary because investments in security should be com- mensurate with the risks.

6. If dissemination is priced at marginal cost, with concessions for those who cannot afford those costs, the private sector cannot compete-the taxpayer is covering the capital costs. There is a dilemma between marginal cost pricing and the principle of diversity. A possible solution is for the private sector to add different kinds of value than would the agency. Another is for the public supplier to unbundle information products, pricing transfers to resellers and transfers to end users differentially.

7. The negotiated rule-making model for resolving public/private differences should be adopted. This brings users, private sector, and agency system designers together for constructive interaction, to satisfy the public’s needs and to avoid destroying the market.


The ensuing general discussion of the policy began by asking whether agencies have traded off incentives for ideology. That is, federal agencies have no economic incentive to invest in enhanced information dissemination programs when budgets are tight, because dissemination costs must come out of nonbudgeted resources. Instead, agency officials are expected to accept ideological rewards: greater public access is greater service to the public, which is its own reward. At present, however, greater public access does not lead to career rewards for the responsible officials, nor, because of marginal cost pricing, does greater dissemination lead to greater programmable revenues. Only pricing above marginal costs, an ideologically unpopular stance in federal circles, will generate enough revenue to cover the development of expensive information dissemination systems.

On the other side of the incentives/ideology question, others pointed out that, although the framework does recognize an affirmative role for government, the obligation is grudg- ing. There is no expression of excitement and optimism, no sense that there are now greater opportunities to serve the citizens and improve society. That should be the incentive. Today, satisfying the public’s right to know is a difficult obligation for agencies to meet. The information technology revolution will provide more citizens more access, and entrepreneurs will assist this process through innovation. The goal should be to remove restrictions on access, leveling the playing field, and ensuring diversity of information products.

Others believed the problem of adequate agency incentives to promote greater public access needs to be explored further. The often widespread perception that agencies are simply making investments from which the private sector will ultimately profit presents a situation that does not foster agency innovation. Also, it was clear from several examples that agency personnel who are experimenters or innovators in making agency data more accessible to the public also succeed in making the agency’s own data more accessible to the agency. They become agency heroes because they have solved an internal management problem or improved a service. This kind of incentive payoff should be expressed in the framework.

Some asked: is the framework explicit enough about how agencies develop interrelation- ships in the dissemination community? The framework’s statement on libraries may not be sufficient. Indeed, the statement was acknowledged to be a bare nod toward the depository libraries. The framework must expand to other outlets and other users as well.

As EPA has learned, information dissemination is not simply basic to an agency’s mission, but may enhance and expand the mission as new dissemination techniques are developed. Some would say that EPA’s experience with the Toxic Release Indicators database transformed the agency from the Environmental Protection Agency to the Envi- ronmental Policy Agency.

Finally, the framework makes no mention of interactive models, such as the client- server relationship in the Internet community, where a modicum of intelligence exists at the user end, rather than solely on the host machine. The framework represents a past approach; more appropriately, it should encourage information resources managers to compete and interact with one another to offer better solutions to their clientele.

Who is(ure) the Public(s)?

In addition to general discussion of the Solomons working draft framework, the public/ private sector dialogue focused on several themes, the first of which was: Who Is(Are) the Public(s)? J. Timothy Sprehe stated that, when one speaks of giving the public greater access to government electronic information, it is important to consider what is meant by

258 .I. T. SPREHE

Table I. Characteristics of user groups

The general public

Information needs general Needs diffuse, undifferentiated

Do not know what they want; need to be helped to refine their information needs

Receive most federal information through intermediaries; mass media, libraries

Ignorant of federal agency Not organized Traditional dissemination media: print. audio/

visual Technologically unsophisticated: computer

illiterate

Specialized user groups

Information needs highly specific Needs diversified. sophisticated

Know exactly what they want; define their own information needs

Receive federal information direct from agencies; special libraries, “trade press”

Knowledgeable about agency Highly organized High technology dissemination media; tape,

diskette, CD-ROM, online, etc. Technologically sophisticated: computer literate

“the public.” Modern advertising has demonstrated that the public is not an undifferentiated mass, but a myriad of groups, more or less cohesive and organized.

According to Sprehe, federal agencies serve many publics, from the general undifferentiated mass public to highly specialized user groups. As an agency’s information dissemination programs grow and mature, relationships between the agency and its publics change, often rapidly and dramatically. To a considerable degree, what an agency is capable of doing with respect to public access depends on where the agency stands at any given time in the development of its relations with the public. What publics are capable of doing with information to which they have access depends also on where they stand in their relations with the agency. Tables 1 and 2 present a simplified picture of these assertions. The presentation is deliberately overdrawn to highlight contrasts. The public, at its most general, has information needs that are diffuse and undifferentiated. Everyone who has a specialized knowledge and works with the general public has experienced dealing with people who do not know what information they really seek. It takes time and experience to know how to ask questions intelligently in a given field, to learn what information is available, and to know what kinds of information will answer one’s questions. The general public receives most of its government information through intermediaries such as the mass media and, to a lesser degree, through libraries; depends on traditional print and

Table 2. Stages of agency/public user relations

As agency begins After initial stages Advanced stage

Public ignorant of information content, value, and use

Sharp boundaries between agency and public. Public generally ignorant of agency, perhaps mutually suspicious. hostile

Agency is sole analyzer of information

Interested public begins to become knowledgeable of info content, value, use

Boundaries less sharp: Interested public begins to deal with agency, mutual acquisition of knowledge: adversarial relations abate

Interested public begins to develop analytic capabilities, interests. Supply generates increasing demand

Special publics intimately familiar with info content, value, and use

Boundaries blur between agency and user public (e.g., government-owned, contractor-operated facilities): personnel flow both ways; collaborative programs develop.

Data and analytic functions fully shared between agency and user public: perhaps even shifted from agency to user public.


audio/visual media; is ignorant of the nature and workings of federal agencies; is technologically unsophisticated in the uses of information; and is not organized into user groups.

At the opposite end of the spectrum are specialized user groups that have highly specific and sophisticated information needs. These people know exactly what they want in terms of public access to government information. They are knowledgeable about the federal agencies possessing the information. They get their information direct from agencies or from a “trade press” that follows the inner workings of the agency. These user groups tend to be highly organized (e.g., Association of Public Data Users). They tend to use information in high-tech media such as computer tape, CD-ROM, or online; and they are technologically sophisticated and computer literate.

With respect to government databases in a given field, agency/user relations change over time, often rapidly and dramatically. In the initial stages, user publics are ignorant of the information’s content, value, and use. The boundaries between an agency and the user public tend to be rigid and formal. The agency and the public are sometimes mutually suspicious and hostile. The agency may adopt a proprietary and paternalistic view of its databases: “these are our data and we’ll decide what’s best for the public in terms of public access” [4]. At this stage, the agency tends to be the sole analyzer of the information.

As agencies begin to establish dissemination programs, groups outside the agency famil- iarize themselves with the content, value, and use of the agency’s databases. Interested user groups begin to deal with the agency directly, seeking more information and legitimiz- ing with the agency their intentions and need to know. Suspicions and hostilities diminish as the agency and its publics learn more about one another. User groups acquire expertise with the data and begin to request an increasing volume of information.

Agencies reach a stage where supply generates demand. The more information they provide their users, the more value the users discover in the information and the more they demand from the agency. This is a mixed blessing. On the one hand, users place greater strains on the agency’s resources to provide more data. On the other hand, user groups begin to transform themselves from political adversaries to political allies of the agency’s information programs.

In the advanced stage of agency/public relations, user groups have become intimately familiar with the agency’s information, Boundaries blur between the agency and its users; in GOCOs (government-owned, contractor-operated facilities) such as the national energy laboratories, agency and user interests tend to fuse. Personnel move back and forth from agency to user group (e.g., university, research institute) employment. Cooperative programs develop (e.g., American Statistical Association fellowships for university personnel to work in federal statistical agencies). Finally, data administration and analysis functions may become fully shared as in the global change research program where all parties agree to share all data. In its policy statements on Data Management for Global Change Research, the program states, “Full and open sharing of the full suite of global data sets for all global change researchers is a fundamental objective” [5]. Or, in the case of some agencies, the data and analysis functions are divested from the agency and placed in the user groups [6].

In short, public access policy in a given agency is conditioned and to some extent defined by where the agency lies along various continua of agency/user group relations. Since different agencies and user groups are at different points along the spectrum, both agencies and user groups at earlier stages can profit from the experience of agencies at later stages.

EPA’s experience with respect to the Toxic Release Inventory (TRI) is instructive in this regard, as reported by Linda Travers from EPA’s Office of Toxic Substances. Early

260 J. T. SPREHE

on, EPA’s approach to dissemination was traditional-analyzing demand through studies for which the agency contracted. The studies did not yield answers until EPA expanded its activities to direct talks with the user community, out of which grew a diverse selection of products. That was just the beginning. By integrating TRI with other databases since 1990, EPA has made its data of interest to other communities and other publics, that have then suggested other possible innovations. The process is listen/adjust/listen/adjust; the agency communicates with its publics, increasing its own understanding by the questions it is asked.

Travers also noted that, as an agency information dissemination program gets older and larger, system maintenance gets more expensive and funds for public access often decrease. Agencies may have to trade off database quality control and reliability in order to maintain public access.

Security Controls and Public Access

In addition to many government-wide and agency-specific laws and regulations relating to computer and information security, federal agencies comtemplating more liberalized public access policies must necessarily take into account concerns about confidentiality, availability and access, integrity and sensitivity. Edward Roback, National Computer Systems Laboratory at the National Institute of Standards and Technology, stated that even though a system is publicly accessible, the integrity of the information must still be maintained. Based on Computer Security Act [7] definitions, some information is sensitive, although not necessarily confidential. Agencies wrestle with two security goals: protection of information available to the public and protection of the information, possibly on the same system, not available to the public.

Principal security issues are:

l Who in an agency certifies that a sensitive information system is secure? l Are there legal means to punish authorized users of public access systems who get into

areas that are not public? l Data aggregation-does the power of search and matching capacities across databases

open up new privacy issues? Who is responsible? l Who pays for security? How does this relate to marginal pricing? l Security planning needs to be done early in system development, when it is inexpensive

to incorporate. l Who is liable for the integrity of data? Agencies‘? Resellers? l What will be the standard of “due care” for public access systems? l Who will set the limits on public access systems ? Will it be done globally or case-by-

case? l Are there appropriate computer security tools for public access systems? l Are stand-alone systems too expensive’? l In segregated systems, who is going to pay for security technology?

Looking at security from an open access point of view, Roback said it was important to contrast issues that are clearly in the computer security realm (e.g., hackers and viruses) with the need to protect the centers of information. Starting with FOIA premises, the operating assumption should be that information is public, unless specifically exempted. The problem in the Computer Security Act was that it reacted to the problem of aggregation with an entirely new quasi-classification system; categories of unclassified information became restricted because they might be aggregatable with other information and the


result might be sensitive. This “mosaic theory” is a very slippery and problematic issue; new principles need to be established.

In the genera1 discussions on security a number of additional issues were raised:

l Should aggregatable data, for example, deeds and toxic release information, be permitted to be released electronically at all‘?

l Does the argument that electronic information somehow differs from information in other forms damage freedom of speech?

l A great deal of seemingly sensitive persona1 information (e.g., land holdings, driver’s licenses) is widely available and can be mined at will. Should that be tolerated?

l Are these really security or first amendment issues‘? Once the decision is made to collect information, is there any justification for impeding access?

l Should database accessors be tracked? There may be privacy implications, but accessors do leave a legally useful audit trail or have marketing value. Unauthorized accessors could be tracked.

One problem with the draft framework is that any treatment of security within a public access policy must address the misuse of security controls in order to defeat public access. Much of the reason for the existence of the Freedom of Information Act is governmental misapplication of security principles in order to restrict public access. The framework must explicitly counsel agencies against misapplication of security to curtail access.

In addition, the policy ultimately ought to say that in systems design available and restricted databases should be segregated from the outset; this is systems design with public access in mind. Security problems connected with public access will diminish when the problems start to be solved at the design stage.

Vulrrc> Enhnnwment in thr Public, Sector

Paul Planchon, Associate Commissioner for Elementary and Secondary School Statis- tics. National Center for Education Statistics (NCES), discussed the NCES information dissemination programs as one example of a federal agency engaged in aggressively expanding public access. NCES is a mainline federal statistical agency the budget of which has grown from $8 million to $100 million in a few short years. NCES has expanded its data collection programs and is now trying to expand its dissemination activities. Fully documented data tapes have historically been made available at marginal price. User training has been a priority. NCES now publishes data sets on diskette and CD-ROMs with search software included. One new CD-ROM multilevel product contains encrypted data sets to protect otherwise non-releasable individual data. A recently established electronic bulletin board describes publications and meetings and provides selected tables. Also, NCES’ National Data Resource Center provides free materials and analyses to the public.

NCES has no online public access yet, but a planned LAN (local area network) will permit this. NCES is especially careful to certify that released data sets could not disclose confidential information if aggregated with other data sets. As to relations with data users, a National Forum for Education Statistics, whose members are the chief state school officers, meets semiannually. Annually, a summer data conference brings together five users from each state to review NCES data sets.

NCES sees the provision of value-added products as necessary to fulfill the NCES mission. The databases in question are fairly complex; without NCES-provided value-

262 J. T. SPREHE

added attributes, general use would be difficult. Also, there is virtually no private secondary market for NCES data. Hence, little repackaging by the private sector occurs. Nor does conflict arise over the fact that NCES adds value; its data users expect this. Their view is that the government should subsidize development costs and offer value enhancements free of charge, as a recognized and legitimate part of doing its business.

On the other hand, in answering the question of whether to add value, Mark Vonderhaar of Congressional Information Service, Inc. stated that one first must consider what kind of added value is appropriate and at what cost.

l Value for one person is not value for another. A highly structured interface that helps a casual user may hinder a sophisticated one. Also, authors and compilers cannot predict all possible uses of their information.

l Systems should be designed in order to limit obsolescence and make data available in a common form; no design team can predict future access modes.

l If the public’s needs are already being met by a diversity of sources, it is superfluous for the agency to add even more value. This is part of the reason it is no longer adequate that decisions on adding value be left entirely to agencies.

l Pricing decisions should be made by the agencies, but prices should recover only the marginal cost of dissemination. If an information product was developed primarily for internal use, then the marginal cost is just the incremental cost of the additional copies or interactive capacity needed to satisfy public demand. If the product was developed primarily for public use, then the true marginal cost of dissemination might include some costs-such as equipment upgrades or specialized staff positions-that are often considered fixed costs. In no case should prices be stratified according to presumed ability to pay.

Other participants noted that some federal agencies believe that most agency mission requirements are satisfied with simple, plain-vanilla dissemination, so they ask what business do agencies have getting into value-added entrepreneurship. In any event, the relationship between an agency’s use of its information for internal consumption and the public’s use may, in fact, blur after a while as relations with user groups mature. Certainly, the public should be able to benefit from value added by an agency for its own use, because information as an element of the democratic process needs to be made available and the market may not choose to do it. In any event, when there is no money to be made, there is never any argument about who should add value; if the public needs it, the agency provides it without protest arising from the private sector.

Participants agreed that the concept of added value is both a policy and budgetary issue, and therefore decisions on dissemination should focus on agency missions, which vary. For example, federal statistical agencies have a strong mission to collect and disseminate information; however, the Department of Veterans Affairs has a health care mission, and information is only a by-product of that mission.

Federal agencies have the responsibility to let potential users know what is available, because the market may not do so. The consensus of the meeting was that the draft policy framework should make the following process explicit: the market should not be given a veto on an information product, but should engage in dialogue with an agency that has determined the need for an information product. The result should be that the agency releases the raw data and the market adds value. This is basically the posture of OMB Circular A-130 and offers the best hope for the private sector. Travers said EPA releases TRI raw data to a dozen software vendors, who add value. The process started with a dialogue; EPA had to test the vendors’ software. Subsequently, EPA released its own


bulk version to stimulate electronic submissions. There have been no objections from the

private sector to this procedure. From the agency viewpoint, virtually no agencies are making large profits from the sale

of information products. The more typical agency problem is that the requests the agency gets are low-value, high-cost. Money is simply not available to do all the disseminating an agency would like to do, and the private sector demonstrates little interest in most

cases. In the case of the Patent and Trademark Office (PTO), Tom Giammo, PTO’s Director

of Automation, said the agency developed and funded software and databases for its own use. In that case, the public should have the same level of added value available. But. beyond this situation, how do agencies learn what the public wants? The best means are dialogue, agreement on “proper performance of agency functions,” a lot of listening and

adjusting, and flexibility.

User Charges and Restrictions on Redisserninution

By way of contrast with the federal setting, Sharon Dawes outlined the user charges situation in state governments. According to Dawes, state environments differ sharply from the federal level in at least the following ways:

l State budgets must be balanced at the end of the fiscal year. l There is no general State information policy to govern individual agency behavior. There

is a general reliance on FOIA for public access policy and procedure. l The information is thought of as belonging to the programs, not the agencies or even

the State government as a whole. l Access laws give individuals the right to correct their own records and require govern-

ment accountability.

l Fees go to the general fund, not to the agencies providing the service.

Dawes said state agencies use fees as:

l Barriers to access to information; l A means for recovery of the cost of dissemination; and l A revenue source.

At the local government level, it is more often possible for programs to retain fees to offset costs, so fees are more prevalent. But states, in general, are so starved that any source of revenue is of potential interest. Dawes concluded that most states have not yet addressed the issue of user charges adequately.

At the federal level, Tom Giammo spoke of the Patent and Trademark Office approach to addressing user charge issues. By law PTO is fully fee funded, and has wrestled with the problem of equity in pricing and has found it impossible to administer pricing objectively. In the absence of clear guidance in legislation or elsewhere, PTO charges for services by allocating costs as fairly as it can across the range of services. PTO has passed along most of the costs to the applicant through the patent or trademark issuance process. The cost structure must be program-based, but many costs are product-shared. The result has been a program financed by a mix of an internal revolving fund, cross-program charges, and some appropriated funds.

Other PTO positions, according to Giammo, are:

l No royalties beyond cost recovery l Opposed to restrictions on resale

264 J. T. SPREHE

These positions are far from trouble free. The U.S. has a treaty with Japan and Europe on patent sharing, but Europe charges a royalty for copies of patents and Japan will not permit resale. The treaty originally covered internal patent sharing; it is only in the last five years that patent dissemination has become an issue.

Nrtworks and Public Accrss

Networks are the future for information dissemination, according to Pam Andre, Associ- ate Director for Automation at the National Agricultural Library (NAL). Most of the user institutions are already on the Internet. These institutions want to know why they cannot get more information from NAL electronically. Some of the issues networks raise are the same as have been discussed earlier: cost, diverse publics, security. Others are more specialized:

l Network activity is decentralized to PCs and workstations. The framework should reflect that orientation.

l The Internet contains a vast amount of information-library catalogues, full-text, and so forth. It is sometimes difficult to know whether what you want is on the network. What are agencies going to do to facilitate effective user access with finders’ aids?

Many information professionals now believe that the High Performance Computing and Communications Act (HPCA) and the resulting National Research and Education Network (NREN) will revolutionize access to and use of all information, including government information. Discussion covered the following contexts, issues, and concerns.

l HPCA encourages and requires agencies to disseminate information over the Internet. l Federal agency Internet experimentation is already ongoing. The Syracuse University

information locator study [8] has identified many of these including the wide-area information server (WAIS) work at the U.S. Geological Survey. Many of these experiments may help agencies provide access and assist in the management of their own data.

l Standards are important. NISO 239.50 standardizes how users of information in an electronic format and directory can be provided access. The study will facilitate access and search of agency databases over the Internet.

l How do agencies close the widening gulf between the information haves and have nots? Will the Internet be an equalizer, closing the gap, or widening it?

l How should government get connected to Internet? l What kinds of government information are appropriate for dissemination over the In-

ternet? Probably not all. But a government-wide locator, on the WAIS-Z39.50 model, should be Internet-based.

l Traditional dissemination agencies such as GPO and NTIS may become less relevant if agencies are providing Internet access to their databases.

According to John Clement of EDUCOM, in at least five states every state educator has an Internet connection; they represent over half the nation’s students and teachers. Also included on the Internet are school board members, small businesses interested in education, superintendents, and principals.

Charles McClure of Syracuse University pointed out that many federal agencies have connected to the Internet. The Internet interface is still primitive, and WAIS searches are imprecise. As it functions today, this network will not go into the home, but it will go to the universities, the schools, and government agencies. There are policy issues embedded in the rapid growth of the networking public, because the future digital public switch telephone and cable networks are also converging; this will eventually result in an end-


to-end residential digital pipeline for voice, data, video, and interactive services. According to McClure, public policy needs to catch up with these systems.

Discussion revealed differences of opinion over whether or not the Internet is just another conduit whose ultimate uses have yet to be discerned. Some suggested the Internet may permit agencies to retreat from the value-adding business, offering raw ASCII files, and letting the market do the user-friendly interfaces, possibly subsidizing an interface for those who cannot afford the market-driven prices.

THE THIRD SOLOMONS CONFERENCE

The Department of Commerce’s Office of Information Resources Management (OIRM) sponsored the third Solomons conference, held on September 22 and 23, 1992. In opening the conference, Reed Phillips, Director of Commerce’s OIRM, stressed the continuing importance of public access issues across government and the growing number of agencies seeking admission to the conferences.

The conference devoted some time to further critique of the draft policy framework. Some participants wanted more concentration on client-type databases, meaning databases consisting of sensitive data concerning individual persons such as those held by the Department of Veterans Affairs and the Social Security Administration. Scientific agencies noted that their peer review policies pose special problems; for example, should a scientific agency release a database for public access only after peer review? Several participants wanted more emphasis on locator systems and other mechanisms to inform the public about what information the government has.

Some asked what was the relationship of the draft policy framework to OMB Circular No. A-130, Munugement of Federal Information Resources. The consensus of the group was that there was no direct relationship, other than an effort to keep the two documents consistent. The framework was seen as helpful for influencing government-wide policy, for giving agencies a guideline for designing their own policies, and for documenting successful agency practices. The policies arising from the framework were intended to be more specific and more tailored to agency missions and circumstances than was Circular A-130.

Roxanne Williams, Office of Information Resources Management, Department of Agri- culture, presented a draft departmental policy that had been derived from the framework. Carol Watts, Director of the National Oceanic and Atmospheric Administration’s (NOAA) Library, described efforts to establish a policy for NOAA publications. J. Timothy Sprehe presented results from the July 15 public/private sector dialogue (discussed above), after which David Plocher, Assistant Counsel, Committee on Governmental Affairs, U.S. Sen- ate, gave a congressional perspective on public access issues. Peter Weiss from the Office of Management and Budget discussed the current state of affairs with Circular A-130.

Eliot Christian, U.S. Geological Survey, described the Earth Science Data Directory and the use of Wide Area Information Servers (WAIS) software to locate information in the directory. Elizabeth Buffum, Director of the Office of Scientific and Technical Information (OSTI), Department of Energy, described OSTI’s program for making results of research and development accessible to the public. Information management is complicated for several reasons:

l Most research and development is done through contractors; l DOE’s technology transfer program gives universities the authority to hold information

for certain periods of time before it is released;

266 J. T. SPREHE

l A large portion of their information holdings are proprietary; and l About sixty percent of the information is from international resources and the department

is not permitted to release information from one country to another country.

Discussions surrounding the foregoing presentations focused on the issue of pricing information products under electronic public access. Several participants noted that, when revenues from sales cannot be brought back into the agency to provide additional products or improve existing ones [9], the agency has little incentive to develop an aggressive information dissemination program. Some pointed out that the ability to reprogram funds from sales might lead to favoring only those products that make money. Most important,

agencies must address how much appropriated funds they can afford to spend for public access when budgets are tight and information dissemination is not required per se by agency statutory mandates. Many believed that barriers to access are constructed when revenues cannot be used to provide public access services, offset dissemination costs, or create new public access systems.

OMB’s Peter Weiss suggested a scheme for dividing cost factors into three categories:

those costs never recovered from users in the public, those always recoverable, and a middle area of discretionary cost recovery. Into the nonrecoverable bin would go the costs of creation or collection of databases, database development, hardware, data maintenance, data archiving, and a certain amount of value added solely for the government’s use. The area of administrative discretion would include those database modifications made specifically for dissemination purposes, hardware enhancements for dissemination, CD-ROM premastering and mastering, and value-added software enhancements made just for public access. Always recoverable costs would be those that involved direct agency expenditures for dissemination: customer service costs, incremental telecommunications, and computer time. Cautioning against viewing his suggestions as a formula, Weiss noted that agencies with different missions would no doubt assign costs differently among the

categories. Bruce Johnson, Assistant Director, Information and Statistics, General Accounting

Office (GAO), described a new GAO study on the pricing of electronic information products, including CD-ROMs. Pricing varies widely by product and agency. He described how various communities view information dissemination.

l Librarians want maximum access at no charge. l Budgeteers want to minimize the deficit by raising revenues. l Economists want to maximize economic efficiency by marginal cost pricing. l Lawyers are concerned with precedence; consistency with other laws such as the Free-

dom of Information Act and the Privacy Act. l Political scientists want a fair process for setting prices. l Politicians see access in the context of practices and policies on other issues.

l Researchers and scientists want to know what data or information is available and its researchability: they are not interested in price.

l Statisticians and demographers want data integrity and accuracy in presentation. l Business entrepreneurs want to encourage and reward risk taking. l Accountants and auditors (such as those in GAO) want a stated policy and an audit

trail. l Mainframe computer specialists want efficient usage allocation.

l PC computer specialists want flexibility. l IRM managers want consistency of practices and recognize the need for a policy.


Unlike its predecessors, the third Solomons conference gave itself some homework. Edward Roback from the National Institute of Standards and Technology indicated that NIST would begin work on a guidance document concerning security and public access. The participants decided that follow-up working groups would be useful, and established the following groups:

l Policy framework, including security, for public access l Locator systems and standards for locators, including cross-cutting data l Pricing and budgeting for public access l User support for public access l Client-based systems

Participants agreed that the working groups would meet separately, and that the fourth Solomons conference would occur in the spring 1993, hosted by the U.S. Geological Survey.

CONCLUSION

If nothing else, the Solomons conferences convey the presence of a great deal of activity and ferment in federal agencies with respect to public access to government electronic information holdings. More than this, the Solomons conferences may be events that signal the beginning of a new federal mindset on public access. In initiating the conferences, EPA entertained no illusions that it was an exemplar in the public-access field. Still, its first interagency conference was evidence of a more aggressive public outreach philosophy. Rather than shrinking in fear from the enormous public interest in its databases, EPA was trying to seize the opportunity and get out in front of the trend toward offering newer and better public access services.

OMB was an invited participant in the first as well as succeeding Solomons conferences, but the impetus for the meetings arose from two sources: a shared conclusion that the major agencies must develop their own policy positions on public access and not expect OMB to develop policy for them; and a shared desire to reach a common policy framework, insofar as that it was possible.

To the extent that the Solomons conferences constitute a precedent, they may signal a shift in overall federal information policy leadership away from the center in OMB and toward the major agencies that are facing the need to develop new ways of coping with internal and external demand for greater access to federal databases. These agencies tend to see OMB Circular No. A-130 as a fairly useful document that does not go far enough for their needs. The circular, for example, does not give any really useful guidance on pricing of information products and has virtually nothing to say about how the Internet and NREN impinge on federal information policy. That the agencies are acutely interested in comparing experiences and developing common policies is good news for government information users because it increases the chances that the agencies will develop standard- ized user interfaces for their information products. It is also encouraging to see that more and more agencies are asking for invitations and clamoring to be included in the Solomons process.

For all their progress, the Solomons conferences are just a first step in developing sound public access policies for federal electronic information. The critical next step, which one hopes the agencies are taking in other fora, is to involve the information using public in the formulation of agency programs.

XX J. 7‘. SPREHE

I.

2.

3.

4.

5

6.

7. 8.

9.

NOTES

“Superfund ~\mcndment~ ;~nd Ke~tuthoriratiotl Act of 1986” (PL 99-499. 17 October 1986). U~itcd .Srcl/es sttrtrrrc.\ (I/ 1.0/.X(, 100. Ihl T- 17x2. “Public Information: Agcncl Rules. Opinion\. Or-dcrs. Record\. and Proceedings.” U.S. C&c,. Title 5. Section 55%. The meeting. titled ;I Public’Private Sector- Dialogue on Public Access to Government Electronic Information. was hosted by Sprehe Information Management .Ajaociates. Inc., under a consulting agreement with the Bauman Foundation. See below. Sharon Dawe\. Executive Director of the New York State Forum for lnformation Resources Management. noted that. in state governments. the prevailing attitude tends to be that information holdings belong neither to the public nor to the agency but to the particular program that has them. See: U.S. Global Change Research Program, “Policy Statements on Data Management for Global Change Research” (Washington. DC: National Science Foundation. 1991). For example. data banks for the Bureau of Justice Statistics are housed and operated by the Inter-university Consortium for Political and Social Research in Ann Arbor. Ml. “Computer Security Act of 1987 (PL 100-235. 8 January 1988). United Str~tc~.s Sttrtrrtcs ut Ltrr;ye 101. 1724-30. Charles R. McClure. Joe Ryan. and William E. Moen. Id~nrif:\.ing tr& L)e.xc~rihi~r,g Fcclrrtrl fr~for.mc~/ion Inuc~r~~or~lLoc~~~t~~~ .Sy\/ert~.c: Dc~.ti~rl ,fbr Nc~/worX-Btr.sc’d Loctrtor.s, vols. 1 and II (Syracuse: NY: School of Information Studies, Syt-acuse University, August 1992). Standard policy is that revenues from sales are returned to miscellaneous receipts in the U.S. Treasury. In order to retain the revenues. an agency must have a revolving fund. Revolving funds require legislation. Congress and OMB usually try to restrict the growth of revolving funds because they are extra-budgetary and hence somewhat difficult to control.

APPENDIX

WORKING DRAFT PUBLIC ACCESS TO GOVERNMENT ELECTRONIC INFORMATION

A POLICY FRAMEWORK

PURPOSE

This policy framework provides broad guidance on public access to government electronic information for the use of federal agencies when defining their own policy and procedures. The guidance recognizes both the common federal public access responsibilities and the many areas where such guidance will vary because of special agency considerations.

Why (I Policy is Needed

Federal agencies need to rethink and refocus the priority placed on providing government information to the public. Congressional intent is clear as legislation, with increasing frequency, is requiring Federal agencies to provide public access to specific types of information. Technology advances offer less costly and more effective techniques to disseminate electronic information, resulting in a significant increase in the number of people and organizations that can utilize information in electronic format. The increased recognition of the value of current information to the individual recipients and to the nation has led to a growing demand on the part of the public to exercise their right to such access. Furthermore, a policy reflecting the increased national priority to provide public access to government information and encouraging agencies to develop dissemination programs, provides federal managers with additional incentive to try new initiatives at a time when budgets are under close scrutiny and managers are expected to avoid new or risky undertakings.

Guidelines:

l Agencies need to recognize their obligation as part of their mission responsibility to respond to these public demands without waiting for further guidance from Congress or the Executive Central Management offices.

l Policy and guidelines developed independently by each federal agency should be consistent in direction reflecting a single broad federal policy on public access to federal government information, with variations based on the special requirements of the agency.


GUIDING PRINCIPLE

Agencies of the federal government collect, produce, manipulate, evaluate, maintain, distribute, publish, and archive vast amounts of data, which represent a valuable national resource that belongs to the people. Some of this is subject to limitations on dissemination, ranging from national security classification through FOIA exemptions. However, it is in the best interest of the country and the responsibility of these federal agencies to ensure the availability of the remaining government information to the public in a useful and cost-effective manner.

Guidelines

l The agency’s mission should be framed as broadly as possible. It should enable rather than discourage dissemination.

l Agencies should follow the principle that federal data cannot be copyrighted. l When defining an approach, FOIA should be interpreted to include all information regardless of

form or media.

POLICY CONSIDERATIONS

Type of Progrtrm Information can be made available through planned outreach dissemination programs or in an ad

hoc manner in response to specific requests for information.

Guidelines:

l The selected type of dissemination depends on factors such as the cost of the alternatives to both the government and to the public users, type of expected audience, level of demand, the type of information, the benefits to the recipients and to the nation, the level of fairness and equality of access provided to those needing the information in the selected approach, and the rationale for the dissemination program.

l The requirement for dissemination and the method(s) to be used should be included in the initial plan, determination of data to be collected, system design, and management of an information system.

l An effective information dissemination program requires continuing involvement of program information specialists in addition to technology experts. The determination of who “owns” or is custodian of the data and takes responsibility for its quality lies within the program arena and not in the technology arena.

l Agencies should include libraries and other public and private purveyors in planning dissemination outlets.

Not all government information can or should be made available through a planned dissemination service. In addition to the restrictions listed above, with limited resources, selections for dissemination sometimes need to be made for economic reasons. Before defining a dissemination program. agencies need to identify the rationale for the program in planning this expenditure of public funds. The following are some of the key reasons for defining a dissemination approach:

I. Electronic dissemination is specifically required by legislation. 2. Information dissemination is basic to carrying out the agency’s mission. 3. The agency determined that there is sufficient demand for the information tojustify a dissemination

program. 4. The agency receives outside requests to provide specific information.

Guidelines:

l Agencies should validate demand before initiating a dissemination program. This is particularly important when the dissemination isn’t clearly mandated by mission or legislation. “It seems like a good idea” is not sufficient justification.

l Agencies should not collect or disseminate information, even when requested, that is not required to directly support its mission.

l Dissemination programs should include actions to inform potential users of the existence of the service. This must be recognized as a continuing responsibility.

l Agencies should periodically survey user needs and satisfaction with existing and proposed future

270 .I. T. SPKEHE

systems and incorporate improvements, if needed. Information needs and types of users should be expected to change with experience with a dissemination service.

l Agencies should include state and local governments in the planning of a dissemination service, both as recipients and providers of data.

l The implementation of an effective public dissemination service requires the efforts of skilled and dedicated personnel. Agencies must recognize the importance of this activity by assigning the required staff to the program.

l Agencies should expect that they will lose control of their data after it has been disseminated to end users or information multipliers and they cannot place limits on how the data will be used. While agencies are, therefore, no longer responsible for the information marketed by others, they need to be alert to misleading or inaccurate claims for data obtained from the government.

Federal agencies serve many publics from the general undifferentiated public to highly specialized user groups. The information needs of the public tend to be diverse and unpredictable and this public requires substantially more assistance to provide answers to their questions. Specialized user groups have specific information needs, have the understanding and knowledge about the agencies and where to go for their information, and are usually more technologically sophisticated.

Guidelines:

l Agencies must define their public and recognize that they probably have several, often very different, user groups interested in their information. Program staff should be directly involved because of their understanding as to what groups need access to the information. Agencies should be able to anticipate, if not actually measure, public demand.

l Supply generates demand. Agency dissemination programs should be expected to evolve as both agencies and users gain experience and learn about data that is available and techniques for accessing it.

l Agencies should recognize and prepare for changes in the public as originally defined. l Maintenance of usage statistics (who accessed what data and when) provides a useful tool for

identifying user requirements and modifying the service to respond to demand.

There are numerous approaches available for dissemination of electronic information. Agencies should consider a variety of media. The appropriate selection will be made on a case-by-case basis. The following are some alternatives to be considered: online access to a mainframe computer: computer networking; distribution through media such as CD-ROM, PC diskette, and magnetic tape; PC-type bulletin boards: or facsimile transmission.

Guidelines:

l Joint government dissemination projects are encouraged to the extent that they are more cost effective to the Federal agencies and/or to the public being served.

l Even when electronic dissemination is mandated through legislation, agencies should identify and utilize any flexibility allowed in approach to select the best method for dissemination.

l Agency information should be managed in a manner which will promote access to and dissemination of that information to the public. During the design stage of an information system, agencies should separate public records from discretionary information, to the extent possible.

l Agencies should use, where possible, an approach that avoids or minimizes software licensing costs and constraints and vendor-dependent solutions when selecting formats or software that is included with distributed data.

l Current technology provides new alternatives for effective dissemination which should be considered. If necessary, compromise on the level of service sophistication to reach a wider audience in a less costly manner.

l The selected approach should consider equality of access and provide the broadest possible level of access. Multiple approaches are encouraged, if cost justified, to reach a broader audience. For example, one version might include value-added format and software and another would offer a less costly unenhanced product. This approach both meets the varying requirements of users and allows the information distributors an alternative to which they can add value for their particular market.


l Before an online service is offered, agencies must ensure that they have adequately secure computer and telecommunications capacity available to meet the required performance standards without degrading mission support services, can provide the training or appropriate manuals for users, operate a software environment that supports the type of users expected, and support a help desk capability to deal with user problems. Any justification for implementing a dissemination service must address these issues. Further, the agency must include the need to have program staff available to answer end user questions about the information content.

Pricing Flexibility The objective is to provide government information at the most reasonable cost while meeting

the needs of users based on the specific special characteristics of the information. Agencies may recover marginal costs for dissemination, but they should not attempt to profit or recover other costs through the sale of federal government information.

Guidelines:

l When justified, marginal costs may include maintenance, training, customer support, computer and data communications costs for access to the data or production costs for the delivered product in the case of non-online techniques, and any additional costs associated with providing the dissemination service. Developmental costs should not be included.

l When dissemination costs are specifically covered by appropriated funds, agencies should not charge for access.

l Agencies should establish an equitable approach to pricing, utilizing the simplest approach possible. Subscription rates rather than actual usage are acceptable as long as they can be demonstrated to be equally applied to all.

l Variable rates charged for different categories of users must be justified. Agencies may consider free or reduced rates to selected users.

l Agencies should determine a method for collection of user fees and the frequency with which these fees will be collected before the product or service is made available.

l Agencies must have a mechanism in place to accurately measure access charges based on the established approach.

Secrrrity, Priuacy, and Information Integrity This section refers primarily to providing the public with online access to a government computer.

Security should be a primary consideration in determining the methods adopted to provide broad public access. However, security must not be used as an excuse to arbitrarily prevent public access to government information.

Guidelines:

l Agencies must identify all “sensitive information” contained in the information system, as defined by the Computer Security Act of 1987 and ensure that public access policies include and are consistent with the requirements of the Act.

l Security safeguards must address protection of FOIA-exempt, sensitive information, maintenance of data integrity (preventing unauthorized modification), and system availability (ensuring the system is performing and is accessible during operational hours).

l Security safeguards should include logging of all accesses to an online system to support intrusion detection and protection, while avoiding comprehensive monitoring of public access which might be misconstrued as impinging on civil liberties.

l Agencies must determine, using risk analysis or similar techniques, whether public access should be allowed in a system containing restricted access data. An important factor is the technique used to segregate the data. The risk analysis will include computer facility security protection, the software and procedural protection in the operational environment, the level of sensitivity of the data maintained in the system, and the potential threat to the data integrity or continued systems availability.

l Agencies should consider moving the public data to a separate system specifically dedicated to public access if security concerns cannot be resolved.

l Agencies should consider dissemination through read-only technology such as CD-ROM when there is concern that data will be improperly represented or applied after it leaves the government.

l A reasonable effort must be made to protect the public from security problems such as inadvertent dissemination of viruses on media.

272 J. 1‘. SPREHE

Private Sector., State, and Local Gover-nment Role To the extent possible, agencies should work with the private sector, state, and local governments

to implement dissemination services that best meet the requirements of the government and the public in a cost effective manner.

Guidelines:

l Agencies should maintain open and full communication with the private sector, within limits of the law, when planning information dissemination services to encourage beneficial approaches and partnerships and to encourage competition among service providers in the interest of efficiency and lower overall cost.

l Agencies may develop a dissemination service that parallels or competes with one already in the private sector if advantages are offered that justify the government-provided service. Examples of such advantages are: lower cost, the ability to reach specific audiences that would not be served by the private sector, or additional capabilities provided by the software or technology used in the government system that increase the usefulness of the data.

. Enhancements to a system, conversion to new technologies, or addition of software for evaluation of data which are required for effective use of the data by agency personnel, are legitimate value- added functions in a dissemination service and are not in competition with the private sector. Conversely, agencies should not spend Federal funds for developing special software, redesigning formats, or providing other enhancements for the public which are not required to meet agency mission requirements.

l Agencies should develop methodologies for identifying marketplace solutions to avoid becoming vulnerable to impractical or dubious proposals.

l Agencies should fully explore and take advantage of opportunities to develop information dissemination programs in conjunction with state and local governments and establishments such as universities and libraries.

August IO, 1992

Documents

Issues in public access: The Solomons conferences