States Wrestle With Touchy Issue of Info E-Sharing

Find opportunities — and win them.

Sometime in the next 12 months, a clever hacker is going to break into a state Web site and post government-owned data on perhaps 200,000 citizens, such as personal information about child support payments, taxes, criminal histories or driving records.

By Steve LeSueur, EditorSometime in the next 12 months, a clever hacker is going to break into a state Web site and post government-owned data on perhaps 200,000 citizens, such as personal information about child support payments, taxes, criminal histories or driving records."It's going to happen," said Jeffrey Eisenach, president of the Progress & Freedom Foundation in Washington. "It's not something you can stop."Eisenach, whose organization is studying how digital government will affect privacy, issued this warning at a May 1 gathering of chief information officers from the states. The CIOs, he said, must be ready to defend their e-government initiatives in the face of legitimate and rising concerns about privacy."They must be prepared to answer the question: What steps are we taking to make sure this doesn't happen again?" he said.Questions regarding privacy are topping state agendas as governors move quickly to put more operations and functions online. State governments collect an enormous amount of personal information about their citizens, including home addresses, phone numbers, Social Security numbers, credit card numbers, driving records, medical records and criminal records. Citizens expect this information to be protected by their government, while at the same time, they want open access to public records. "It's a huge issue," said J.D. Williams, Idaho's state controller, regarding privacy. "All it will take is one or two problems to cause a setback in e-government."Recognizing this, government officials are just beginning to examine the implications of their online projects with regard to privacy, and are taking steps to balance the competing interests of public access and privacy. Consider these examples:• In Pennsylvania, a working group led by the general counsel is crafting a privacy policy to guide the state's agencies as they develop e-government applications. The group, which started its efforts in March, hopes to have a policy in place by July. "People need to know that their privacy will be respected, that personal information we collect will not be shared without their knowledge and approval," said Charlie Gerhards, Pennsylvania's deputy secretary for information technology.• The IT Task Force of the National Governors' Association is meeting May 31 to begin considering the privacy implications of e-government. "We're trying to get this issue elevated with the governors," said Thom Rubel, director of state information technology programs for the association. "We don't want [privacy] to be something we trip over."• The Justice Department's Office of Justice Programs is preparing a series of reports on privacy issues as they relate to integrated justice systems. Slated for release this summer, the reports will attempt to establish the privacy principles and guidelines for information sharing among law enforcement agencies. • The National Electronic Commerce Coordinating Council, an alliance of state employee associations and IT companies, has been asked by the White House office on privacy to put up a Web site with federal, state and local laws, policies and guidebooks pertaining to privacy, said Basil Nikas, chair of the council's privacy committee and chief executive officer of iNetPurchasing.com of Herndon, Va. The site should be up the second week in June, he said.One of the most important goals of these efforts is to understand the trade-offs between efficient online government and privacy. That is, if governments are to take full advantage of Internet technologies, they must be able to obtain and share information about citizens among agencies and across state and local jurisdictions. In the private sector, companies gather personal information about consumers to better serve them. The government could do that too, but at a cost of privacy."Anonymity and efficiency are at odds," said John Thomasian, director of the center for best practices with the National Governors' Association.This is especially true in the criminal justice arena, said Paul Kendall, general counsel in the Office of Justice Programs. The more information police have about potential criminals and crimes, the easier it is to prevent crimes. But there's a trade-off between efficient, effective prevention and individual privacy. "I don't know how you can have both the level of crime prevention people want and the privacy people want," Kendall said.All this concern for privacy has some officials worried that federal and state legislators might overreact to perceived digital breaches of privacy. Iowa CIO Richard Varn feels the horror stories regarding the loss of privacy are fictional and extreme examples of what might happen. Most of the information the government collects is, in fact, innocuous, he said."You have to ask what's the harm," he said. "Is it really so bad if your neighbor finds out how much you paid for your house?"Open access to public records is the cornerstone of American democracy, he said. Public records are used to catch criminals, locate missing family members, catch tax evaders and deadbeat dads and provide critical data to insurance companies.Digital government already survived one major controversy when published reports said that Florida, South Carolina and other states were planning to sell the personal information contained on drivers' licenses, including digital photographs, to a private company, which planned to resell that information to businesses. The reports ignited a public outcry and prompted Congress to pass legislation prohibiting the states from using federal transportation funds if they give third parties access to drivers' Social Security numbers, photos and other personal information without permission. President Clinton signed the legislation October 1999 as part of the fiscal 2000 Transportation Appropriations Act.But citizens also have showed a willingness to accept the online transfer of personal information under certain circumstances. The National Information Consortium of Overland Park, Kan., runs the Web sites for about a dozen state governments. The states help pay for NIC's online applications by repackaging some of their data and selling it to private companies. Drivers' records, for example, are sold to insurance companies.James Dodd, NIC's president and chief executive officer, said the controversy in Florida and South Carolina did not create a backlash against their business model or slow operations. State and local government officials are just getting their feet wet with privacy issues, but they realize that these issues must be addressed as more government services move online, said government officials. "We recognize that if we're going to be successful with electronic government, that we must have privacy policies and procedures in place," said Pennsylvania's Gerhards.

Jeffrey Eisenach