Sharon Dawes (CTG, Moderator): Making government information widely accessible over the Internet has become controversial since September 11 and many agencies are re-evaluating their Web site content -- what are the benefits, risks and trade-offs of broad content and access? What criteria should agencies apply when adding or deleting content from their Web sites?
John Sennett: This is a common sense issue and a sliding scale issue. The ideal, of course, is complete transparency of government to the people who pay for it and are served by it. It would be ideal if everything you ever wanted to know about New York State Environmental Conservation or the United States Environmental Protection Agency was on their Web site, and you didn't have to go to the library or get on the phone or write them a letter to get any of their manuals. It would be ideal if everything you wanted about an agency was on the Web site, including a full description of all the staff. That would be ideal -- aside from the fact that it raises obvious security problems. A rule of thumb is that a Web site should contain all of the information that a reasonably diligent citizen could get by going to a public library, but certain obvious things should be deleted.
Julie Leeper: The initiative that I'm most familiar with is our e-commerce/e-government initiative, and our goal is to make information available to anyone, anywhere, anytime -- 24 /7. That means getting information to the public, and letting citizens, other levels of government and businesses access services whenever they want. It also includes stewardship of the infrastructure, providing a secure network and ensuring that transactions are safe. We need to know we're providing the right security when we provide a service or transaction. If we have the right security, then we can also provide privacy to citizens and businesses. There is a need to do risk assessment. When you look at providing information or a transaction, you have to ask "what is the risk?"
After 9/11, our office sent out a memo to all the state agencies asking them to do a review of their Web sites. The directions we gave them were to look at things like detailed building floor plans that showed every exit, every floor, every emergency exit, and every elevator. The general public really doesn't need that kind of information. We asked 72 agencies to complete reviews and 10 agencies took some type of information off. This doesn't mean the public doesn't have access to information. They can request that information. It just may require some type of authentication or identification so that we can trace that back to who received that information.
Debra Cohn: We have a strong legal framework to help us with these questions and past experience representing state agencies on information policy issues. For example, if an academic or a reporter studying flood planning sues the State Emergency Management Office for removing Web site information about emergency stockpiles and water pumps, the Attorney General's office would serve as the State's counsel. We would wrestle with the provisions of the U.S. and New York State Constitutions and examine the statute, and then we would work with the agency managers and counsel to address the issues.
There are other concerns that might affect the contents of a Web site or information made available to the public. For example, our office did a study of election law, and suggested that there be a computerized voter registration list for the state. It would enhance voter participation and help detect voter fraud. But there's a lot of private information there, and it would be available to lots to people, for illegal as well as political and commercial purposes. So it's not just security that must be balanced against making all public information available to everyone. Privacy matters, too.
Ari Schwartz: It does go a little bit beyond common sense. Seven years ago we advocated for guidance for what information went up online, particularly around the time when the army generals' Social Security numbers were being posted up online by well-meaning people in some different offices. But at that time they said, "Well, the policy's been let a thousand flowers bloom." And now we are basically giving out pesticide to everyone and letting them sprinkle it wherever they want.
There are many things that could be considered security threats: bus schedules, public meeting points. Just because it's a security threat doesn't automatically mean that it's taken down. What's the balancing point? Common sense has changed quite a bit since September 11. How should rules be set in a way that is balanced? Guidance is necessary.
| Next >