,4llglrst I Yt!lo COMPUTERS AND PRIVACY How the Government Obtains, Verifies, Uses, and Protects Personal Data RESTRICTED-- Not to be released outside the General Accounting Office unless specifically approved by tbe Office of Congressional Relations. (ii40 ~IM'l'I1:(:-!)0-7OlIK -- Information Management and Technology Division IS239819 August 3,199O The IIonorable Edward *J.Markey Chairman, Subcommittee on Telecommunications and Finance Committee on Energy and Commerce IIouse of Representatives Dear Mr. Chairman: Your ,June 23, 1989, letter requested information on how federal agen- cies obtain, verify, use, and protect personal data; how individuals are made aware of information collected about them; what telecommunica- tions and network facilities agencies’ systems use to transmit data; and what effect new technologies have on the sharing of personal data. On May 11, 1990, we briefed your staff on the results of our rcvicw. This report expands on the information provided at that briefing. To respond to your request, we sent a comprehensive questionnaire to 189 federal agencies to collect data on their information management practices and use of computer technology. We received responses from 178 agencies, for a 94-percent response rate. We did not independently validate the agencies’ responses; however, we reviewed and edited all questionnaires and contacted agency personnel when additional infor- mation or clarification was necessary. By providing a quantitative sum- mary of government activities in this area, this report should facilitate discussions on how to most appropriately provide both individual pri- vacy protection and effective government operations. A more detailed discussion of our objectives, scope, and methodology appears in section 1. Appendix I summarizes general laws relating to privacy and computer security, appendix II shows the number of federal systems reported to contain personal information, and appendix III con- tains our questionnaire with agencies’ responses.’ Almost every federal agency collects and uses personal information in Overview carrying out its responsibilities. The 178 agencies reported that, as of w early 19389,they maintained about 2,000 predominantly computerized Page 1 GAO/IMTEC-90.70BR Government Computers and Privacy B-239819 i- _“._ ..I.. .. . ~. . .-.._ .--- --. systems containing personal information. Almost 83 percent of these systems are covered by the Privacy Act, which governs federal agencies’ handling of personal information. In recent years, advances in com- puters and communications technology have had a major impact on information activities by making it easier for agencies to maintain, manipulate, and share personal information on large numbers of indi- viduals. These applications have been promoted as a means of increasing agencies’ efficiency and effectiveness; however, privacy experts have raised concerns about their impact on personal privacy. Agencies gave us detailed information on their 9 10 largest computerized Agencies Have systems containing personal information. These systems-which Hundreds of Computer include payroll, personnel, and program systems-contain extensive Systems Containing data, ranging from names and social security numbers to financial and health information, on many aspects of individuals’ lives. Agencies use Extensive Personal this information for such purposes as determining initial eligibility for Information federal programs, investigations, and statistical studies. The Privacy Act requires agencies to publish in the Federal Register a notice about their systems of records containing personal information. However, agencies reported that they did not comply with this requirement for 292 of these systems. Computers and advanced technologies-such as computer networking- are widespread throughout the federal government. Some 78 percent of the 9 10 large computerized systems are networked through telecommu- nications facilities, and many of these systems can be accessed by a variety of federal, state, and local agencies, as well as by private organi- zations. These organizations use the accessed information for such pur- poses as initial eligibility/certification determinations and investigations. Section 2 of this report presents information on how agencies obt,ain, validate, use, and protect personal information; how they make individuals aware of systems containing personal informa- tion; and what network and telecommunications facilities the systems USC’. Page 2 GAO/IMTEC-YO-70BR Government Computers and Privacy Complltcrs and communications technologies have enabled agencies to New Computer use personal information in new applications designed to detect and pre- Applications Have vent, fraud, waste, and abuse. Such applications include computer _ Had a Major Impact on matching, used to compare two or more automated sets of records to identify similarities or differences in data; front-end verification, used How Agencies Use t,o verify personal information on government application forms; and Personal Information computer profiling, used to determine types of individuals more likely to exhibit, behaviors of interest to an agency. Section 3 details the extent of computer matching, front-end verification, and computer profiling within the federal government, and describes how the information resulting from these applications is used. As agl*e(td with your office, we did not obtain written comments from the agencies on a draft of this report. IJnless you publicly announce the contents of this report earlier, we plan no further distribution of it until 30 days aftor the date of this letter. We will then send copies to the agencies, and make copies available to others upon request. This information was compiled under the direction of Jack L. Brock, Jr., I.)ircctor, Government Information and Financial Management, who can bo rcachod at (202) 275-3195 should you require further information or have any qucst,ions about this report. Other major contributors are list.cbdin appendix IV. Sinccrc~ly yours, lialpl~ V. Carlonc Assistant, Comptroller General Page 3 GAO/IMTEC-90-70BR Government Computers and Privacy --- ,” Contents Letter 1 Section 1 6 Introduction: Privacy Objectives, Scope, and Methodology 8 in a Computerized Society Section 2 10 Government Maintains Agencies IJse Computers to Collect and Store Personal Information 10 Vast Amounts of Security Issues Relating to Systems Containing Personal 21 Personal Information Information Section 3 24 Applications of New Computer Matching Is Used Extensively for Many Purposes 24 Information Agencies Use Front-End Verification to Determine 31 Technology Are Eligibility Widespread Agencies Conduct Computer Profiling to Identify 32 Behaviors of Interest Throughout the Government Appendixes Appendix I: Summary of General Legislation Relating to 36 Privacy and Computer Security Appendix II: Number of Federal Systems Containing 41 Personal Information, as Reported by Federal Agencies Appendix III: U.S. General Accounting Office Survey of 44 Computers, Networks, and Privacy Appendix IV: Major Contributors to This Report 68 Tables Table 2.1: Controls in Place in Agencies’ 910 Largest 22 Systems Table 3.1: Numbers and Purposes of Agencies’ Computer 26 Matching Activities Table 3.2: Federal Agencies That Participated in 29 Computer Matching With State Agencies Page 4 GAO/IMTEC90-70BR Government Cemputera and h’ivacY Contents Table 3.3: Federal Agencies That Participated in 29 Computer Matching With Local Agencies Table 3.4: Federal Agencies That Participated in 30 Computer Matching With Private Organizations Table 3.5: Organizations With Which Agencies 30 Participated in Computer Matching Activities Figures Figure 2.1: A Federal Register Notice of an Air Force 11 System of Records Figure 2.2: Percentage of Systems Containing Data 12 Covered by the Privacy Act About Which Information Was Published in the Federal Register Figure 2.3: Agencies’ Methods of Notifying Individuals 13 Figure 2.4: Sources From Which Agencies Obtain Data 14 Figure 2.5: Procedures Agencies Use to Ensure Complete 15 and Accurate Information Figure 2.6: Purposes for Which Organizations Access 16 Systems Figure 2.7: Procedures Used to Verify Third-Party 17 Information Collected Electronically Figure 2.8: Organizations That Have Access to Systems 18 Figure 2.9: Number of Systems Accessed for Unknown 19 Purposes Figure 2.10: Types of Networks Through Which Systems 20 Are Accessed Figure 3.1: Percentage of Agencies That Used Their 27 Employees as Computer Matching Subjects Figure 3.2: Types of Information Developed by Agencies 33 That Conduct Computer Profiling Figure 3.3: Agencies’ Use of Computer Profiles 34 Abbreviations IQIA Freedom of Information Act GAO General Accounting Office IMTEC Information Management and Technology Division OMH Office of Management and Budget Page 6 GAO/IMTEGSO-70BR Government Computers and Privacy Section 1 ~___ Introduction: Privacy in a Computerized Society Many of the existing legal protections for and safeguards on the use of personal information maintained by federal agencies date back to 1974. At that time the Congress passed the Privacy Act of 1974 (P.1,. 93-579), which established governmentwide standards for the protection of pri- vacy. For some time, privacy issues had been a focus of public atten- tion-in part as a result of congressional inquiries in the 1960s and early 1970s into wiretapping, mail openings, and burglaries by govern- mcnt employees, harassment of individuals for political purposes, and the questionable use of individuals’ personal records. In 1973 a committee appointed by the Secretary of Health, Education, and Welfare to study the impact of computers on record keeping recom- mended giving individuals more control over personal information con- cerning them maintained by government agencies and private organizations. The committee recommended the enactment of a federal “Code of Fair Information Practice,” which would apply to both com- puterized and manual systems. The code, which incorporated principles designed to protect the privacy of individuals, served as the intellectual framework for the Privacy Act of 1974. In enacting the Privacy Act, the Congress codified information princi- ples requiring federal agencies to take certain actions: . Collect, maintain, and use only relevant and accurate information. . Permit individuals to gain access to information about themselves and to correct or amend such information. l Permit individuals to determine what records concerning themselves are collected, maintained, used, and disseminated. In this regard, agencies arc required to publish in the Federal Register a notice of the existence and nature of all systems of records containing personal information.’ l Generally permit individuals to prevent records about themselves obtained by an agency for one purpose from being used for another pur- pose without their consent. l Provide adequate safeguards to ensure information security and confidentiality. ‘A system of rc~rds is any group of records under an agency’s control in which information is ret tkvc,d by an individual’s name or by an identifying numhcr, symbol, or other identifying pa-tic- UIW assigned to an individual. Ilow the information is rc~trkvrd (by a personal identifier) and not t hc substantivr content drtcbrmincs whether t hc information is covcrcld by t hc act. Page 6 GAO/IMTEC-90.70BK Government Computers and Privacy Section 1 Introduction: Privacy in a Computerized Society Personal information is not covered by the act if the system in which it is contained does not meet the definition of a “system of records” or is specifically exempted.2 Additionally, the act provided for criminal penalties for officers of agen- cies that violate it, and civil remedies for citizens when agencies do not comply with it. For example, individuals can seek judicial relief to force access to or correction of records that agencies maintain on them and recover damages after an unlawful disclosure or violation of their rights under the act that results in an adverse determination. The Office of Management and Budget (OMB) was assigned responsibility for over- seeing agencies’ implementation of the act. When the Privacy Act was passed, most federal record systems were manual; computers were used to store and retrieve information, rather than to manipulate and share it. However, in the ensuing years, advances in computer and communications technology have had a major impact on agencies’ information practices. These technologies have enabled agencies to share and manipulate information in ways largely unforeseen in 1974. High-speed, high-capacity computers enable agen- cies to search large numbers of record systems and instantaneously retrieve information. Similarly, the linkage of records through computer networks allows a vast increase in the exchange of information as well as the number of people having access to it. These technologies have facilitated new ways to use, correlate, and manipulate information collected. For example, computer matching-a major application facilitated by computer technology-compares infor- mation from two or more automated lists or files and can involve thousands of records. Front-end verification and computer profiling are other applications facilitated by computer technology. These new appli- cations have made it easier for agencies to access, share, and process information and to carry out their missions effectively and efficiently. However, they have also increased opportunities for inappropriate or unauthorized use of personal information and have made it more diffi- cult to oversee agencies’ information management practices and to safe- guard individuals’ rights. ‘Seven specific Privacy Act exemptions exist, covering information such as law enforcement activi- ties, investigatory material and statistical records. Page 7 GAO/IMTEC90-7OBR Government Computers and Privacy . . . . --_- -__.. Srction 1 IuLroduction: Privacy in a Computerized Society This report was requested by the Chairman, Subcommittee on Telecom- Objectives, Scope,and munications and Finance, House Committee on Energy and Commerce, Methodology who asked that we provide information on l fcdcral agencies’ largest computer and network systems containing information on ITS citizens and how agencies obtain, verify, and protect this information; l the telecommunications facilities and networks used to transmit the per- sonal information in these systems and how the networked information is used; l the effect of new technologies on the sharing of information across these net.works and the extent to which personal information is matched with that, contained in other systems; and l the extent to which individuals are made aware of records concerning them and t,he recourse they have if they find incorrect information or if there has been unauthorized disclosure of information. To obtain this information, we developed and sent a comprehensive questionnaire to 189 federal cabinet and subcabinet-level and indepen- dent agencies. To develop our questionnaire and identify privacy con- cerns, we analyzed privacy and security laws, 0~13's guidance on agencies’ responsibilities in maintaining and sharing personal informa- tion, and earlier reports prepared by us and by the President’s Council on Integrity and Efficiency, the Office of Technology Assessment, and the Privacy Protection Study Commission. In addition, we spoke with computer security and information technology experts, privacy interest groups, and scholars at the Massachusetts Institute of Technology, IIarvard Tlnivcrsity, Northeastern [Jniversity, and The George Wash- ington IJnivcrsity in Washington, D. C., and Boston, Massachusetts. We pretested our questionnaire with officials from the Department of the Air Force, Department of Energy, Department of Education, Depart- ment of Labor, Department of IIousing and IJrban Development, the Food and Nutrition Service of the Department of Agriculture, the Social Security Administration of the Department of Health and Human Ser- vices, and the Selective Service System. We used pretest results to refine our questionnaire. We used a contractor for mailing the questionnaires, designing a data base, and entering agency responses into the data base. We verified the contractor’s data entry on a random-sample basis. We queried the dat,a base and analyzed results. We did not validate questionnaire responses; however, we reviewed and edited all questionnaires and followed up Page 8 GAO/IMTEC-90.7OHR Govrrnmrnt Computers and Privacy Section 1 Introduction: Privacy in a Computerized Society with agency officials when additional information was needed. Since the data-collection methods involve self-reporting by the respondents, we expected adverse findings to be somewhat underreported. We received responses from 178 agencies-a 94-percent response rate. Appendix II lists the agencies that responded to our questionnaire, as well as those that did not, and shows for each agency that responded the number of systems containing personal information. Appendix III reproduces our questionnaire and agency responses to each question. In some cases, questions were preceded by a filter question, which instructed respondents to skip a number of subsequent questions if they responded to the filter question in a certain way. The reader is cau- tioned to account for these questions when comparing responses to spc- cific: questions with statistics cited in the report. In addition, because certain questions allowed the respondents to choose more than one alter- native, the sum of the numbers of responses for each alternative may not, equal the total number of respondents for that question. Page 9 GAO/IMTEC-00.70BR Government Computers aud Privacy Government Maintains Vast Amounts of Personal Information Federal agencies are making significant use of computer technology to store, process, and share personal information. Much of this information is subject. to the Privacy Act of 1974. This information is maintained in about 2,000 program management, payroll, personnel, financial, and other types of systems and is used by agencies for purposes such as making payments and determining program eligibility. Although agen- cies collect much of the information directly from individuals, personal information is also collected-sometimes electronically-from third- party sources. Agencies use various methods to inform individuals about the information they maintain; however, individuals are not always informed about such information. Many agencies share the per- sonal information they maintain with other federal, state, and local agencies, as well as with the private sector. Agencies reported that, as of .January 19389,they collected and stored Agencies Use personal information on individuals in approximately 2,000 predomi- Computers to Collect nantly computerized systems. Agencies identified 910 systems as their and Store Personal largest computerized systems containing personal information. Data maintained in these systems include social security numbers; names and Information addresses; and financial, health, education, demographic (e.g., race, sex), and occllpational/regSulatory information. Data in about 91 percent, of theso systems are covered by the Privacy Act. How Individuals Are Made I Jnder the Privacy Act, agencies are required to publish information about their systems of records in the Federal Register. The purpose of Aware of Information this is t,o prevent agencies from maintaining secret files on individuals Colleeted About Them by giving the public notice of agency record-keeping practices. However, concerns have been raised that the Federal Register is not the best moans of notification since it is not easily accessible to most people. Information published in the Federal Register is to include a description of’ the categories of records maintained, types of sources for the infor- mation, and purposes of the records. An example of a Federal Register c>ntry is illustrated in figure 2.1. Page 10 GAO/IMTE<:-W70BR Govrrnment Computers and Privacy ~..-- Section 2 Government Maintains Vast Amounts of Personal Information Figure 2.1: A Federal .. -- --- Ree .._ Notice of an Air Force System of Records _.__..^. - _.-..-_ --._~-... FM0 AF A Syttta Mmt: safeguudr: 010 AF A Automated Orders Data System. Records UC accessed by person(s) responsible for servicing the Syttem loatlaa: records in performance of their oflicial duties who are properly screened for need-to-know. Records are protected by computer Any location where tern rary duty travel orders arc published at system software. all lcvcl~ down to and inc p”. udmg Air Force squadrona. ofiicial mail- inp addresser are in the Department of Defense directory in the Rtttntioa and diaporrl: appendix to the Air Force’s systems notica. Orders are maintained for one year after the year in which they are published. Identification data is maintained until the individual ia Catagorta of lndlrlduala covered by the ryrtam: reassigned. AU Air Force civilian employees and military mcmbcn who per- Syrttm mtnqtrb) arid addren: form temporary duty travel. Director of Administration, Headquarters United States Air Force cagwlta of rtcorda h tht ryatcm: Washington, DC. Local System Manager, base director or chief of All temporary duty travel ordcn published by the organizstioa administration. maintaining the ryrtcm also containa identification data on individrul, N~dflcatlon procedure: who perform travel. Requests from individuals should be addressed to the local system Autbdty for malatenanct of tbt #y&m: manager. IO USC 8012, Secretary of the Air Force: Powers and dutia; Record acccw procedura: delegation by. Individuals can obtain assistance in gaining access from the Local -): System Manager. Uud to prepare temporary duty travel orders and to determine contwting rtmrd procedura: atatu) of individual orders. The Air Force’s NICE for acce$a lo records and for contesting and ROdat 0tw of rtcod arlntalatd in tbt tynttm, lncludhg cattgo- a pealing initial determinations by the individual concerned may be rleaofuaanaadtbepqoaeaofaucbuaea: oEtaincd from the System Manager and are published in Air Force Regulation 12-35. Record8 from Ihis system of records may be disclosed for any of (he blanket routine UKI published by the Air Force. Rtcord sourct categoria: Pollcla and prtttlctt for tiering, rttrltvlng, ttcusltq, rttth~ing, and Information is obtained from personnel records and travel order dlapttlng of ruwda b tbt myattm: reguats prepared by clerical staff serving the individual traveler. stongt: Extmptionr tltimtd for tit rytiem: Maintained on computer. None. RtMtrtblllty: Filed by name, Social Security Number, or Air Force Service Number. ^,,,.._....l.l”..l . . . ._.-~-- ..____-. Source Federal Register, Prwacy Act Issuances, 1987 Compdation, Vol. III, pp, 204-205 Page 11 GAO/IMTEC:-80.7OBR Government Computers and Privacy Section 2 Government Maintains Vast Amounts of Personal Information Agencies reported that they use the Federal Register to publish informa- tion about most of their Privacy Act record systems. Although 827 (91 percent) of agencies’ 910 largest systems were reported to contain infor- mation covered by the act, information on only 535 (65 percent) was published in the Federal Register. (See fig. 2.2.) Containing Data Covered by the Privacy Act About Which Information Was Published in the Federal Register Information not published in Federal Register (292 systems) Information published in Federal Register (535 systems) Number of systems (N = 827) Page 12 GAO/IMTEGSO-7OBR Government Computers and Privacy Section 2 Government Maintains Vast Amounts of Personal Information Written notification on the form (e.g., benefits application) was the second most used notification method (used for 445, or 54 percent, of the systems). Other notification methods used included (1) verbal notifi- cation at the time the information is collected (176, or 21 percent) and (2) other methods, such as leave and earnings statements (63, or 8 per- cent). There were 97 systems covered by the Privacy Act for which no notification was provided. (See fig. 2.3.) These questionnaire results indicate that agencies do not always comply with the Privacy Act’s noti- fication provisions, Figure 2.8: Agencies’ Methods of Notlfylng Indivldual8 Numbsr of systems (N I 827) 5s0 500 450 400 am 300 280 2oQ 150 100 50 0 Msthods of notlflcdlon (more than ona method may be used) Page 13 GAO/IMTEC-90-70BR Government Computers and Privacy -. - Swtion 2 Govrrnment Maintains Vast Amounts of Pwsonal Information How Agencies Collect, Agencies reported that they obtained personal information from various Validate, and Use Personal sources, sometimes more than one. Sources include federal, state, and local agcncics, and the subject individuals themselves. Agencies reported Information that for over 70 percent of their largest 910 systems, personal informa- tion was obtained from the individuals themselves and/or within their own agency. (See fig. 2.4.) ----______-- -.-. Figure 2.4: Sources From Which A&cies Obtain Data 700 Number of systems (N I 910) 600 550 600 450 400 350 300 250 200 150 100 50 0 Sources (data may be obtained from more than one source) Page 14 GAO/IMTEC-90.70BR Govrrnment Computrrs and Privacy I_._._.,. I _._.. -.---. Section 2 <iovernment Maintains Vast Amounts of Percional Infw-mation Agencies reported that the information maintained in 71 percent of their 9 10 largest systems was validated by checking with the individual. This practice allows individuals to correct inaccurate information, as well as to control information about themselves. Additional methods of valida- tion included (1) comparison with other federal agencies’ records, (2) checking with institutions, such as banks and schools, and (3) checking with state and local agencies. (See fig. 2.5.) .^.._......- ..-.._-_----- _.._ -__ Figure 2.5: Procedures Agencies Use to Ensure Complete and Accurate Information Number of systems (N = 910) 650 600 550 500 460 400 360 300 250 Procedures (more than one procedure may be used) Page 15 GAO/IMTECYO-70BR Government Computers arid Privacy . _ ._.___ ^...“., _I.-_.^..._---- Swtiou 2 Goverument Maintains Vast Amounts of Personal Iuformation .-.. - .~_ -..... “._.-- ..-.-..- “I --.- -- Federal agencies and other organizations use the information they obtain primarily for (1) payment (340, or 37 percent, of the systems), (2) initial eligibility/certification determinations (338, or 37 percent), and (3) investigations (334, or 37 percent). (See fig. 2.6.) Figure 2.6: Purposes for Which Organizations Access Systems 400 Number of systems (N = 910) 350 r 300 250 200 150 100 50 0 Purpose of access (organizations may access systems for more than one purpose) Page 10 GAO/IMTEC-90770BR Government Computers and Privacy - sectloll 2 Government MaWaine Vast Amounts of Persoual Information Agencies Collect Thi rd- Agencies also obtain and verify information from third-party sources. Party Information Of the 178 agencies responding to our questionnaire, 36 (20 percent) reported that they collected personal information electronically from Electronically third-party sources, such as state divisions of motor vehicles, credit bureaus, and insurance companies. Agencies use third-party information for debt collection (e.g., repayment of education loans), enforcement, and prescreening (e.g., to determine whether an individual meets speci- fied qualifications). Agencies use various methods, sometimes more than one, to ensure the accuracy of third-party information. Of the 36 agencies, 25 validate information with subject individuals and 15 compare information with original source documents. Other means used to ensure the accuracy of third-party information included (1) comparing information with other federal agencies’ records (13 agencies) and (2) validating information with sources other than federal agencies (12 agencies). (See fig. 2.7.) Figure 2.7~ Procedures Used to Verify Third-Party Information Collected Numbr of agonciea (N = 36) Electronically 26 24 22 20 18 16 14 12 10 8 6 4 2 0 Procdunr (mom th8n one procedura may ba raw!) Page 17 GAO/IMTEC9O-70BR Government Computers and Priwcy Section 2 Government Maintains Vast Amounts of Personal Information Many Systems Are Information in 509 (56 percent) of the agencies’ 910 largest systems can Accessedby a Variety of be accessed by a variety of organizations, such as other agency compo- nents within cabinet-level departments; other federal agencies; state and Organizations local agencies; and private organizations, such as health care providers, marketing companies, and insurance companies. (See fig. 2.8.) - Figure 2.8: Organizations That Have Access to Systems Number of systems (N = 910) 900 940 790 720 860 600 540 4eO 420 360 300 240 i , , I 7-t-l~ Organizations Seventy-nine systems (9 percent) can be accessed by all of these entities, as well as the agencies responsible for them. One system-the Federal Election Commission’s mail list system containing individuals’ addresses -is accessed solely by the private sector. Page 18 GAO/IMTEC-90-70BR Government Computers and Privacy Section 2 Government Maintains Vast Amounts of Personal Information Some of the purposes for which these organizations use the accessed information are initial eligibility/certification determinations, payment, investigation, and employment purposes. However, for 75 (8 percent) of the 910 systems, agencies responsible for the systems reported that they did not know the purposes for which the personal information was being accessed by other organizations. For example, agency respondents reported that they did not know how accessed information was being used by (1) their own agency for 9 systems (1 percent), (2) educational institutions for 49 systems (5 percent), (3) local organizations for 46 sys- tems (5 percent), and (4) private organizations for 42 systems (5 per- cent). (See fig. 2.9.) Figure 2.9: Number of Systems Accessed for Unknown Purposes Numbar of systems accessed (N = 910) 50 45 40 35 30 25 20 15 10 6 0 Organlratlone accessing systems Page 19 GAO/IMTEC-90-70BR Government Computers and Privacy Section 2 , Government Maintains Vast Amounts of Personal Information Most Agencies’ Largest Federal, state, local, and private organizations have access to personal Systems Are Accessed information maintained in many federal agencies’ computerized systems through various types of networks. Some 707 of the agencies’ 9 10 Through Networks largest systems (78 percent) are accessed through one or more communi- cations networks. Of the 910 systems, 413 (45 percent) are accessed through a public-switched network, such as AT&T and MCI, or through a commercial network, such as Tymnet and Telenet; 379 (42 percent) are accessed through a local area network; 363 (40 percent) are accessed through a private network using private-leased lines; and 251 (28 per- cent) are accessed through a private network using government-owned facilities. (See fig. 2.10.) Figure 2.10: Types of Networks Through Which Systems Are Accessed 450 Number of systems (N - 910) 400 350 300 250 200 160 100 so 0 Networks (system may be accessed through more than one type of network) Page 20 GAO/IMTEC-90.70BR Government Computers and Privacy Section 2 Government Maintains Vast Amounts of Prrsonal Infomlation Security controls are needed to protect the personal information stored Security Issues and processed in computer systems from unauthorized disclosure and Relating to Systems modification. We asked agencies to provide us with information on (1) Containing Personal the types of security controls they have implemented in their 910 largest systems, (2) computer security weaknesses identified under the Information Federal Managers’ Financial Integrity Act, and (3) security breaches in their systems. This information is not intended to provide an assessment of the security of these systems, but to provide examples of the types of security controls used, security problems encountered, and agency efforts to address these problems. Computer Security The Congress passed the Computer Security Act of 1987 in response to Controls Agencies Use to concerns that the federal government was not adequately addressing the security and privacy of its sensitive information. The act required, Safeguard Their Systems among other things, that agencies develop a security and privacy plan for each system containing sensitive information.’ Guidance developed by OMII for federal agencies to follow in preparing their computer security plans segregated computer security measures into six basic con- trol categories: management, development, operational, technical, sup- port system security measures, and security awareness and training for employees. Most of these categories consist of several security controls that address an underlying security objective. For instance, “assigning security responsibilities, ” “conducting risk assessments,” and “screening per- sonnel” are examples of specific security controls that address the broader security category of management controls. Depending on the functions and importance of a particular system, as well as acceptable levels of risks, one or more controls may be necessary within each cate- gory to provide an adequate level of security. We asked agencies to identify the controls they have implemented for each security category outlined in OMH’s guidance. Table 2.1 lists the controls within each security category that agencies reported as being in place for their 910 largest systems. “l’hc act defines sensitive information as any unclassified information that in the event of loss, misuse, or unauthorized access or modification could adversely affect the national interest, conduct of a f’edcral program, or the privacy to which individuals are entitled under the Privacy Act of 1974. Page 2 1 GAO/IMTEC-SO-7OBR Govemment Computers and Privacy Section 2 Government Maintains Vast Amounts of Personal Information Table 2.1: Controls in Place in Agencies’ 910 Largest Systems. Percentage of systems with Security controls - ~~~_.~___.. security controls in place Management controls --- Assignment of security responsibility __- 95 Documented risk assessment 53 Undocumented risk-assessment ____- ___--.- 24 Personnel screening __-I_- -- 66 Development controls Secunty specifications a3 Design, review, and testing ___ --- __..- 80 Certification __- ___- 46 Operational controls ---- Productron, input/output controls __I__ 90 Contingency plannrng ..~~ -_.__ -- -- 63 Audit detection 60 Software maintenance control _. 77 Documentation -- _____--.---_____- 74 Security awareness and training controls .__.___ __--- Security awareness and training measures 91 Technical controls ~ ~~ ~.__ User authentication a9 Access controls .--- 94 Data Integrity controls ___--. 77 Audit trails -. -.-. 65 Support system security measures -- .--.-____~- Activity monitonng ~- ~- -.-~.._-~-.-. __-__ 78 Securrtv measures for support svstems 76 ..- _-..- .._~~..- - Security Weaknesses IJndcr the Federal Managers’ Financial Integrity Act, federal agencies Identified LJnderthe are required, on an ongoing basis, to evaluate the ability of their internal control systems to protect federal programs against fraud, waste, abuse, Financial Integrity Act and mismanagement. For fiscal year 1988,13 agencies reported that they had identified material weaknesses in the security of their comput- erized systems containing personal information. For fiscal year 1989, 10 agencies responded that they had identified such material weaknesses, For example, the Department of the Treasury reported, for fiscal year 1988, that programmers had access to both data files and production programs for the departmental salaries and expenses system. This con- trol weakness allowed employees access to more information than was Page 22 GAO/IMTEGSO-70BR Government Computers and Privacy . Section 2 Government Maintains Vast Amounts of Personal Information needed to perform their jobs and, as a result, increased the risk of fraud- ulent behavior. To correct this problem, Treasury implemented a pass- word security system to prevent programmers from accessing data files of systems for which they also write programs. Agencies Reported 34 Agencies reported 34 instances of security breaches in their computer- Security Breaches ized systems containing personal information in fiscal years 1988 and 1989. Two agencies reported 13 incidents of unauthorized access in fiscal year 1988; 5 agencies reported 21 incidents in fiscal year 1989. Thirty of the 34 incidents involved unauthorized access to personal information by personnel otherwise authorized to use the system. For example, in one case, an employee modified his own personal informa- tion to benefit himself financially. In two other cases, unauthorized users gained access to agencies’ systems by using passwords others had disclosed to them. In another case, an agency’s contractor was allowing third-party access to a system that the agency intended to be confidential. Page 23 GAO/IMTECSO-7OBR Government Computers and Privacy Section 3 Applications of New Information Technology Are Widespread Throughout the Government Computer matching, front-end verification, and profiling are applica- tions of information technology facilitated by technological advances, such as computer networks. Computer matching, the electronic compar- ison of two or more sets of records, is used by federal agencies for such purposes as uncovering unreported income, erroneously reported tax information, and duplicate benefits. Some 46 agencies reported that they participated in computer matching. Front-end verification, used when an individual applies for government benefits, employment, or services to determine whether the individual is a qualified applicant, was used by 28 agencies, Computer profiling, which involves searching a record system to determine characteristics of individuals most likely to engage in behaviors of interest (e.g., tax evasion), was used by 37 agencies. These three applications have been supported by organizations such as OMR and the inspectors general as effective means of detecting fraud, waste, and abuse; however, their use has raised privacy and constitu- tional concerns. Computer matching, as discussed in OMB'S June 19, 1989, final guidance Computer Matching Is interpreting the provisions of the Computer Matching and Privacy Act Used Extensively for of 1988, is the electronic comparison of records from (1) two or more Many Purposes automated federal systems of records or (2) federal systems of records with nonfederal records to identify similarities or dissimilarities in the data. To facilitate computer matching, a number of data bases have been created. Often, the data bases contain information on beneficiaries under different government programs. Organizations support computer matching as a means of improving gov- ernment efficiency and strengthening program management. The Presi- dent’s Council on Integrity and Efficiency and OMB have attributed substantial savings and recoveries of overpayments in federal benefits programs to the use of computer matching. Savings can be realized from matching records of recipients in federal benefit programs with the files of other agencies or programs to verify the eligibility of individuals receiving benefits, For example, the Social Security Administration matches its supplemental security income benefit file with the Internal Revenue Service’s tax data to identify potential overpayments and investigates and resolves identified cases. As a result of this computer matching effort, the Social Security Administration estimated savings of $184.1 million for fiscal years 1986 through 1988. IIowever, privacy advocates have raised a number of concerns regarding the effect of computer matching on individuals’ privacy Page 24 GAO/IMTEGSO-70BR Government Computers and Privacy Section 3 Applications of New Information Technology Are Widespread Throughout the Government rights. Some of these concerns are that (1) computer matching makes it more difficult for individuals to control information about themselves and (2) Fourth Amendment protections against unreasonable searches and seizures may be violated because of the lack of probable cause linking a crime and an individual. In response to these concerns, the Congress enacted the Computer Matching and Privacy Protection Act of 1988, a major amendment to the Privacy Act, that became effective July 19, 1989. The act covers matches (1) involving federal benefits programs and (2) using records from federal personnel or payroll systems of records. The legislation created an important procedural framework providing for independent verification of matching results before further action can be taken; ade- quate notice to individuals; the right to a hearing before benefits are reduced, suspended, or terminated; and mandatory requirements for agency reporting to the Congress and OMB. Each federal agency must, establish an internal data integrity board to oversee and coordinate its matching activity. Before participating in a matching program, agencies must enter into written agreements specifying the purpose of the pro- gram and the records to be matched and, where appropriate, perform a cost-benefit analysis. In cases where individuals are wrongfully affected as a result of a match subject to the act, the Privacy Act’s civil remedy provisions may be applicable. Of the 178 agencies responding to our questionnaire, 46 (26 percent) reported that they participated in computer matching as either a matching agency (the agency performing the match) or a source agency (the agency disclosing records to the matching agency for use in a match).’ In each of fiscal years 1988 and 1989,31 respondents partici- pated as a matching agency and 35 as a source agency. The Drug Enforcement Administration and the Farmers Home Administration accounted for about 97 percent of the matches.’ Most of these computer matches were for law enforcement (78 percent) and tax (18 percent) purposes. Agencies reported the numbers and purposes of their matches as shown in table 3.1. ‘Qucstionnairc respondents were asked to provide information on matching activities for fiscal years 1988 and 1989. Most of this period was before the act’s effective date. ‘Most of t.ho matches reported by these two agencies involved comparing information on a single individual with various agency data bases. Page 25 GAO/IMTEC-90.7OBR Government Computers and Privacy Section 3 Applications of New Information Technology Are Widespread Throughout the Government Table 3.1: Numbers and Purposes of Agencies’ Computer Matching Activities Matches in which agencies participated as a Matching Source Purpose of match agency agency Establishlig or verifying federal program eligibility 681 ____-___--~ 442 Re&uping payments or delinquent debts 10,208 10,183 ___-..---_ Law enforcement 4,320,932” 1,148 Tax purposes ~~ ~~~~~~~~ ~~ 16,245 1,000,024” Audit purposes 72 2,044 Statut&y mandate 10,037 _____-..____ 10,004 Aggregate statistical purposes” 16,099 20,055 Research/statistical purposesc 16,073 570 Other 3,471 112,373 “The majority of matches in these categories Involved matching Information on a smgle Individual with on-Me law enforcement and tax-related data bases “Data produced do not Include information that Identifies an mdwidual ’ Data may be produced that identify an individual. Over half (27) of the 46 agencies engaging in computer matching activi- ties reported that they included their employees as matching subjects. Of these 27 agencies, 15 involved their employees as subjects in 1 to 80 percent of their matches, 11 involved their employees as subjects in 100 percent of their matches, and 1 did not know how many of its matches involved its employees. (See fig. 3.1.) Y Page 26 GAO/IMTEC-90-70BR Government Computers and Privacy , Section 3 Applications of New Information Technology Are Widespread Throughout the Government Figure 3.1: Percentage of Agencies That Used Their Employees as Computer Matching Subjects Agencies’ employees are always match subjects (11 agencies) Agencies’ employees are subjects in 1% to 80% of matches (15 agencies) Don’t know (1 agency) Agencies’ employees are never match subjects (19 agencies) Numberof agencies(N = 46) Many Matches Are Not Many matches conducted by the federal government are exempt from Covered by Computer the Computer Matching and Privacy Protection Act. Types of matching activities specifically exempted include matches that (1) produce aggre- Matching and Privacy gate statistical data without personal identifiers; (2) support any Protection Act research or statistical project in which the results may include personal identifiers, but which are not used to affect an individual’s rights, bene- fits, or privileges; (3) are conducted for law-enforcement purposes-i.e., matches performed by agencies or components whose principal function is criminal law enforcement; (4) use federal employees’ personnel or payroll records for routine administrative purposes;” (5) are conducted for background investigation and foreign counterintelligence matters; (6) involve various types of tax return information; and (7) are con- ducted within an agency using records only from the agency’s systems of records. 2According to OMWs guidance, the percentage of records in the system relating to federal employees must bc greater than any other category. Page 27 GAO/IM’lXGSO-70BR Government Computers and Privacy I Section 3 Applications of New Information Technology Are Widespread Throughout the Government Our questionnaire results indicated that a significant portion of govern- mentwide matching activity is excluded from the act. For example, in fiscal years 1988 and 1989, 11 source agencies reported that they partic- ipated in over 1 million matches for tax purposes, while 4 matching agencies reported 16,245 matches conducted for this purpose in fiscal years 1988 and 1989. Such matches are excluded from the act’s cov- erage. In addition, 18 agencies reported that in fiscal years 1988 and 1989, they conducted about 2 million matches using only their own records. Federal Agencies During fiscal years 1988 and 1989, respondents reported that they par- Participate in Computer ticipated in computer matching not only with other federal agencies, but also with state and local agencies and private organizations. As shown Matching With Many in tables 3.2, 3.3, and 3.4, 21 agencies participated in computer matching Organizations with state agencies, 9 with local agencies, and 16 with private organizations. Page 28 GAO/IMTEC-YO-70BR Govenunent Computers and Privacy Section 3 a Applications of New Information Technology Are Widespread Throughout the Government Table 3.2: Federal Aaencies That Participated in Computer Matching With State Agencies Sent information Received information to a state agency from a state agency Bureau of Labor Statrstrcs .~~ __.. ~~--. ______ X Centers for Disease Control X __- Defense Logtstrcs Agency ____ X ___- X Department of Housrng and Urban Development ‘~ ---__ X Department of Veterans Affarrs -_ X Drug Enforcement Admlntstration ._______.__ X -- ___ ~- Employment and Standards Admrnistratton ___-_- X Envtronmental Protection Agency ~- X -. Federal Crop Insurance Corporatron .~ ~-- -~~ ____--___ X ..___-- X Food and Nutntron Service ____--- X X Health Care Financing Admrnrstration X ______- lmmrgratron and Naturalrzation Service X X lndran Health Service ___~.. X -.. -. Internal Revenue Servtce X X National Highway Traffic Safety Admintstratton -~-.___ .~_..____-- X -. Office of Information Resources Management, Department of Education ~-- -____ X X Office of Personnel Management ~~~~ ~~~~.. ~-..~~~~. ~~_..--~ __..___ X Railroad Retirement Board X _____-__- X Selective Service System - _. ._-~ -... -~ - ~-_.--. __-__-~--. ___---~-~- X ---_________-.- X Social Security Administration - .___ X ___. X Tennessee Valley Authority X Table 3.3: Federal Aaencies That Particioated in Cornouter Matchina With Local Agencies Sent information Received information to a~..-_____- local agency from a local agency Department of Housing and Urban Development X -.--.- .--____-- X Drug Enforcement Administration X Environmental Protectron Agency X -___ lmmtgratron and Naturalization Service _.~ .--.-~ X internal Revenue Service ______ X Office of Personnel Management X Selective Service System X Soctal Security Admrnrstratton X ___- X Tennessee Vallev Authoritv X Page 29 GAO/IMTEC-9OQOBR Government Computers and Privacy _-_--- Section 3 , Applications uf New Information Technology Are Widespread Throughout the Guvernment Table --_.-- 3.4: Federal Agencies That Participated in Computer Matching With Private Organizations Sent information Received information to a private agency from a private agency -~- ACTION ~~~~-._~ _....~ X -.__---_--_---..~_~___ Centers for Drsease Control ___-_. .- X Defense Logrstrcs Agency X X Department of the Army X Department of Commerce X _____~.~ Department of Labor x ~... .~~ Department of Veterans Affairs X Employment and Standards Admrnrstratron X Farmers Home Admrnrstration X X Internal Revenue Service X Offrcc of lnformatron Resources Management, Department of Education ~~~~ -~~~ - .~~-~~. ~-~~~ ~~.. X __~- ~-~_..~~~.._.._ _. -..X Offrce of Personnel Management X Rarlroad Retirement Board X Social Secunty Admrnrstratron X U S Coast Guard X U S Customs Service X Private organizations that received information from and provide infor- mation to federal agencies include credit bureaus, banks, schools and universities, unions, insurance companies, real estate brokers, employers, health care providers and insurers, and railroads. While only 5 federal agencies reported that they received information from private organizations, 14 sent information to such organizations. (See table 3.5.) Table 3.5: Organizations With Which .., ,,_ ,,_., _ Agencies Participated in Computer Number of agencies that Matching Activities Sent Received Organization information to information from Anotherbffice/component within agency ~-___~18 .-__ . .~~ -... - 15 Another federatagency 35 33 State agency 16 14 Local agency 5 6 Pnvate organization 14 5 Congress” 1 1 “The Department of Education particrpated in computer matching with the House and Senate Page 30 GAO/IMTEC-90.7OBR Government Computers and Privacy Section 3 Applications of New Information Technology Are Widespread Throughout the Government Number of Individuals Individuals identified through a computer match and found ineligible to Affected by Computer receive a specified federal benefit may have their benefits reduced, sus- pended, or terminated. Under the Computer Matching and Privacy Pro- Matches tection Act, however, agencies may take further action against individuals only after investigation and verification. Individuals must also be given advance notification and an opportunity to challenge the results before final actions are taken. Agencies reported that the number of individuals against whom further action was taken (e.g., ben- efits denied, reduced, or suspended) as a result of computer matching was about 3.6 million in each of fiscal years 1988 and 1989. In each of these two years, the Internal Revenue Service took further action against 3 million individuals because they had filed erroneous tax infor- mation. The Social Security Administration reported that further action had been taken against 600,000 individuals in each of the two years for various reasons, such as overpayments due to unreported increased income. Front-end verification involves certifying the accuracy and authenticity Agencies Use Front- of information supplied by an applicant by comparing it with similar End Verification to information held in a computerized data base, generally obtained from a Determine Eligibility third party. For instance, an applicant’s eligibility for a benefit, such as food stamps, is validated both before the applicant receives the benefit and later to determine continued eligibility. Front-end verification is similar to computer matching in that it involves an electronic search to ensure the accuracy and completeness of the personal information. Such ~%rcRes through personal records have raised privacy experts’ con- cerns about the protection of individual’s privacy. IIowever, front-end verification differs from computer matching in that it is used to verify information on an individual, at the time of the initial transac- tion, before the individual receives government benefits, employment, or services; and prevent, rather than detect, fraudulent activities. Some privacy experts believe that because this procedure involves a search through a particular citizen’s file rather than a general search through all files, it may constitute less of an intrusion into citizens’ pri- vacy than computer matching. Twenty-eight agencies responded that they used front-end verification during fiscal years 1988 and 1989. Page 31 GAO/IMTECXO-70BR Government Computers and Privacy Section 3 Applications of New Information Technology Are Widespread Throughout the Government Computer profiling involves using inductive logic to determine the char- Agencies Conduct acteristics of individuals most likely to engage in behaviors of interest- Computer Profiling to for example, illegal activities. In computer profiling, a record system is Identify Behaviors of electronically searched for a specified combination of data elements to construct a profile. For example, a profile may describe the characteris- Interest tics of persons more likely to misrepresent information in order to receive federal aid or benefits. The profile can then be used to make judgments about individuals based on the past behavior of others who appear statistically similar. Computer profiling raises privacy and con- stitutional concerns because individuals may be singled out for scrutiny or different treatment before they take any action warranting such treatment. Whereas computer matching and front-end verification com- pare factual information, profiling compares characteristics or events that may not be indicative of the action to be prevented. Advocates of profiling, however, believe it increases agencies’ efficiency and effec- tiveness by permitting resources to be applied more judiciously. Thirty-seven agencies reported that they conducted computer profiling. Agencies obtain data for profiles from their own agency, other federal agencies, state and local governments, organizations, and associations. In developing profiles, agencies use social security, health, educational, financial, tax, law enforcement, property, and housing and public assis- tance information. (See fig. 3.2.) Page 32 GAO/IMTEC-YO-70BR Government Computers and Privacy -- . Section 3 Applications of New information Technology Are Widespread Throughout the Government Figure 3.2: Types of Information Developed by Agencies That Conduct Computer Profiling Numbor of rgenclr (N I 37) 3o r- 27 24 21 18 15 12 0 6 3 0 nLAI Intormatlon developed Agencies use profiles for many purposes, including program analyses, planning, investigation, screening, scientific research, and surveillance. (See fig. 3.3.) Two examples of agencies’ computer profiling descriptions are the Social Security Administration’s profiles on people most likely to have unreported changes in income, resources, and/or living arrange- ments; and the U.S. Secret Service’s profiles of individuals most likely to commit aggressive action against a public figure. Page 33 GAO/IMTEC-90-70BR Government Computers and Privacy Section 3 Applications of New Information Technology Are Widespread Throughout the Government Figure 3.3: Agencies’ Use of Computer Profiles 26 Number of agencies (N I 37) r 24 22 20 18 16 14 12 10 6 6 4 2 0 Page 34 GAO/IMTEC-90-70BR Government Computers and Privacy Page 36 GAO/IMTEC-90.70BR Goverument Computers and Privacy Appendix I bnmary of General Legislation Relating to ’ Privacy and Computer Security The Privacy Act is the primary legislation regulating the federal govern- Privacy Act of 1974, ment’s maintenance of personal information. The act establishes (1) as Amended (5 U.S.C. requirements and prohibitions federal agencies must observe regarding 552a) record-keeping and disclosure practices and (2) safeguards for individ- uals (U. S. citizens and aliens lawfully admitted for permanent resi- dence) against invasion of their personal privacy. Personal information is not covered by the act if the system in which it is contained does not meet the definition of a “system of records” or is specifically exempted. .4 system of records is any group of records under an agency’s control in which information is retrieved by an individual’s name or by an identi- fying number, symbol, or other identifying particular assigned to the individual. How the information is retrieved (by a personal identifier) and not the substantive content determines whether the information is covered by the act. The Privacy Act, along with the Freedom of Information Act (5 U.S.C. !%a), permits disclosure of most personal files to the individual who is the subject of the files. The two laws, however, restrict disclosure of personal information to others when disclosure would violate privacy interests. Agencies cannot disclose records pertaining to individuals without their consent, except under prescribed circumstances. Federal agencies must also account for disclosures made of such records. In enacting the Privacy Act, the Congress codified information princi- ples requiring specific actions of federal agencies: . Publish a notice of their Privacy Act record systems in the Federal Reg- ister. (This provision was intended to prevent agencies from maintaining secret records.) l Grant individuals access to records concerning them and an opportunity to correct inaccurate information. l Maintain only information that is relevant and necessary to accomplish a legal purpose. l Collect information, to the greatest extent practicable, directly from individuals when the use of the information may result in an adverse determination about individuals’ rights, benefits, and privileges under federal programs. l Maintain accurate, complete, and timely records to assure that individ- uals are treated fairly. l Establish safeguards to ensure information security and confidentiality. Page 36 GAO/IMTEGSO-7OBR Goverument Computers and Privacy Appendix I Summary of General Legislation Relating to Privacy and Computer Security The Privacy Act provides civil remedies for individuals whose rights under the act have been violated, as well as criminal penalties for viola- tion of the act. The act also contains provisions for the treatment of archival records, mailing lists, and the use of social security numbers. Government contractors are also subject to the act under certain circum- stances. 0~13 has oversight responsibility for the Privacy Act. The Freedom of Information Act (EY)IA) establishes a presumption that Freedom of records in the possession of Executive Branch agencies and departments Information Act, as I are accessible to the public. FOIA sets standards for determining which Amended (5 U.S.C. records must be made available for public inspection or released to a party that requests access and which records may be withheld. The law 552) also provides administrative and judicial remedies for those persons denied access to records. Above all, the statute requires federal agencies to provide the fullest possible disclosure of information to the public. Agencies must justify why records are not accessible to the public. Like the Privacy Act, EQIA recognizes the legitimate need to restrict dis- closure of some information. For example, agencies may withhold infor- mation classified in the interest of national defense or foreign policy, trade secrets, and criminal investigatory files. Other specifically defined categories of confidential information may also be withheld. An essential feature of both laws is that they make federal agencies accountable for information disclosure policies and practices. While neither law grants an absolute right to examine government documents, both laws provide a right to request records and to receive a response to the request. If a requested record cannot be released, the requester is entitled to know why. The requester has a right to appeal the denial and, if necessary, challenge it in court. The Computer Matching and Privacy Protection Act, which became Computer Matching effective ,July 19, 1989, establishes procedural safeguards affecting and Privacy agencies’ use of Privacy Act records in performing certain types of com- Protection Act of 1988 pwritten u terized matching programs. The act requires that agencies enter into agreements specifying the terms under which matches are to be (5 U.S.C.552a Note) performed. It also provides due process rights for record subjects to prc- vent agencies from taking adverse actions unless they have indepen- Y dently verified the results of a match and given the subject 30 days’ advance notice, Oversight is accomplished by having agencies publish agreements, report matching programs to the Congress and OMI3, and Page 37 GAO/IMTEC-90-70BR Government Computers and Privacy Appendix I Summary of General Legislation Relating to Privacy and Computer Security establish internal data integrity boards to oversee and coordinate their matching activity. The act covers only matches having one or more of the following purposes: . establishing or verifyinginitial or continuing eligibility for federal bene- fits programs, . verifying compliance with the requirements (either statutory or regula- tory) of such programs, or . recouping payments or delinquent debts under such federal benefits programs. In addition, to be covered, a match must also involve (1) the computer- ized comparison in an automated form; (2) individuals initially applying for benefits, individual program participants who are currently receiving or formerly received benefits, or individuals who are not the primary beneficiaries of federal benefits programs, but may derive income from them, such as health care providers; and (3) a federal bene- fits program. For example, if the Department of Education matched a student loan recipient data base with the Department of Veterans Affairs education benefit recipient data base for the purpose of ensuring that both agencies were maintaining current and accurate home address information, the match would not be covered since the matching pur- pose is not one of those listed above. If, however, the purpose of the match were to identify recipients receiving excess benefits, the match would be covered. The Computer Matching and Privacy Protection Act brings state and local agencies within the scope of the Privacy Act when they engage in matching activities with a federal agency subject to the Privacy Act and when a federal system of records is used. The act does not cover matches between nonfederal agencies or matches involving private enti- ties In 1989 the Congress amended the act to extend the compliance date for agencies rworting some of their matchhg p?rw-vs. For the= pro&-ams in operation beforit Jiiiie 1, 1889, ~lf~lli~iB WtTt3 giWn WW *January 1, 1990, to report their matching programs to the Congress and OMB, Page 38 GAO/IMTEGSO-70BR Goverument Computers and Privacy Appendk I Summary of General Legislation Relating to Privacy and Computer Security The Right to Financial Privacy Act prescribes the procedures and safe- Right to Financial guards that federal agencies must follow in obtaining access to customer Privacy Act of 1978 financial records maintained by financial institutions. Generally, this (12 U.S.C.3401) law requires that the access be in conjunction with a legitimate law- enforcement inquiry. The act requires notification to customers about the access or subsequent transfer of their records to another agency and gives customers the right to challenge such disclosure or transfer. How- ever, the notice and opportunity to challenge may be delayed with an appropriate judicial order. The act does not apply to customer financial records being disclosed for criminal, civil, or administrative litigation in which t,hc government and customers are both parties. Neither does this act supercede other statutes, such as the Internal Revenue Code, in regard to accessing financial records. The Electronic Communications Privacy Act provides protection for Electronic electronic communications, including computer data transmissions, elec- Communications tronic mailboxes, cellular phones, and fiber-optic transmissions. The Privacy Act of 1986 basic premise behind this legislation was to protect the content of pri- vate communications, regardless of how they are transmitted. (18 USC. 2510) The Computer Security Act provides for improving the security and pri- Computer Security Act vacy of sensitive information in federal computer systems. The act of 1987 (Public Law defines sensitive information as any unclassified information which, if 100-235) lost, misused, or accessed or modified without authorization, could affect the privacy to which individuals are entitled under the Privacy Act. In general, the Computer Security Act requires that all federal agencies identify their computer systems, whether operational or under develop- ment, that contain sensitive information, establish training programs to increase security awareness and knowledge of security practices, and establish a security plan for each computer system with sensitive infor- mation. IIowever, some federal entities are exempt from complying with the act either because they are not federal agencies as defined in the act or their computer systems are excluded from the act’s application. Agencies not exempted are required to develop security plans, in accor- dance with the guidance issued in OMU Bulletin 88-16, showing the imple- mentation status of 18 control measures. Page 39 GAO/IMTEWO-70BR Government Computers and Privacy I Appendix I Summary of General Legislation Relating to Privacy and Computer Security The Federal Managers’ Financial Integrity Act requires ongoing evalua- Federal Managers’ tions of the internal control and accounting systems that protect federal Financial Integrity Act programs against fraud, waste, abuse, and mismanagement. It further of 1982 (31 U.S.C. requires that the heads of federal agencies report annually to the Presi- dent and the Congress on the condition of these systems and on their 3512) actions to correct the material weaknesses identified. For example, material weaknesses are weaknesses that could significantly impair the fulfillment of an agency mission or significantly weaken safeguards against the loss or waste of funds, property, or other assets. Page 40 GAO/IMTEC-90-70BR Government Computers and Privacy Appendix II Numbed?of Federal Systems Containing Personal Information, as Reported by Federal Agencies Computerized systems containing personal information Total number of Systems covered Cabinet departments system@ I___ by the Privacy Acta Largest 8ystemsb ---- Department of Agriculture __.. --. 109 _______. 87 -_-__ 90 Department of Commerce -- -----~- 49 47 39 Department of Defense 363 360 -102 --._ Department of Educatron 20 20 IO Department of Energy 43 43 _-..--_.-10 Departmen! of Health and Human Services _I_-- 274 _____ 210 78 Department of Housrng and Urban Development .___ 20 20 _~-__---- 10 Department of the Intenor 70 70 64 Department of Justice 201 169 ___.- 53 Department of Labor 96 -_- 30 --~ --44 Department of Transportation 59-___- - 54 57 Department of the Treasury -~ 78 l____-l_ 70 __--.-__ 65 Department of Veterans Affairs 35 ..-. ---~-- ----.~ 35 __-.--.~~--- IO Subtotal 1,417 1,223 632 independent agencies ____-__ ACTION 3 ---- ___ 2 -___-__. 3 Admrnrstratrve Conference of the United States 1 1-. ____~._. 1 Agency for lnternatronal Development 9 8 ___--__ 9 Appalachian Regronal Commrssion 1 1 ___. __- --.- 1 Arms Control and Disarmament Agency 0 0 .___ --.._0 Commrssron on CIVII Rrghts 5 .II___- 5 --__.- 5 Commodrty Futures Trading Cornmiss& 17 17 -___ 10 Consumer Product Safety Cbmmrssion 2 -___ 2 2 Envrronmental Protectron Agency 98 20 IO Equal Employment Opportunity Commissions 5 -____ __-. 5 --- 5 Farm Credit Admrnrstratron 6 __. --6 6 Federal Communrcatrons Commission 66 66------ -.-__- 10 Federal Deposit Insurance Corporation 17 ____--- 17 10 Federal Election Commrssron --. 8 8 -.__ ~~8 Federal Emergency Management Agency 39 25 .__.__ _-_- ..__ 10 Federal Energy Regulatory Commission- 20 20 IO Federal Labor Relations Authonty 2 2 2 Federal Maritime Commission 1 1 1 Federal Medratron and Concrliation Service 0 0 0 Board of Governors of the Federal Reserve System -~ 40 22 IO Federal Retrrement Thrift Investment Board __-__ 1 1 - -.---.~-.- 1 Federal Trade Commrssion -...~-~ .__.~. -__ 15 14 10 (continued) Page 41 GAO/IMTEC-SO-7OBR Government Computers and Privacy C- Appendix II Number of Federal Systems Containing Personal Information, as Reported by Federal Agencies _- .-_. -- Computerized systems containing perbonal information Total number of Systems covered Cabinet departments - _- _.....^__ - ..._--____ ...~. .._... - -_._--__ - system@ by the Privacy Act’ Largest systemab General Services Administration: - .-~---.--_--. ..- .----.__~.-.__ .__ Federal Supply Service 0 0 0 Information-Resources Management Service -~ .--.-.__-. -__--.-0 0 0 Public Buildings Service 1 0 -- 1 Interstate Commerce Cdmmission _~_~~~____~~~...~~ -_---. 15 5 10 Merit Systems Protection Board 6 6 6 Natlonal Aeronautics and Space Administration 33 19 10 National Archtves and Records Administration 2 2 2 ---. ____- National Credit Union Administration 3 ~. -.-- __- __-.-3 - -_____-__- 3 National Labor Relatlon~~Bo~rd 7 6 ---.. 7 NatIonal Mediation Board 1 0 1 Natlonal Science Foundation __ 15 -.- 15 ________. ~.-._- 10 Nuclear Regulatory Comm&on -~ 29 29 ___. 10 Occupational Safety and Health Review Commission _~ .~~~~~ 2 2 2 Office of Management and Budget 2 .~~~-~-. 2 ___-.- 2 ..~.. Office of Personnel Managemini 12 11 10 . .~ ~. . -.... Office of the Special Counsel 3 3 ~-.-__ 3 Office of Thrift SupervIsion 7 ___-- 5 --__ -- __-. 7 Overseas Private Investment Corporation 1 1 1 ~....~__--- Peace Corps 11 11 10 .-~ Pension Benefit Guaranty Corporation 5 __.---__ --. 5 ---_-. 5 Railroad Retirement Board 7 7 7 Secuntles and Exchange Cdmmission 5-.----.-- 10 __~ ..J6-.- --. .__ . . --- Selective Service System 4 4 4 Small Business Admlnistratidn 9 _--- 9 9 --.- Tennessee Valley Authority -~ 23 -. ..-- ___- 23 -_-. _____---___---- 10 United States International Trade Commission 4 2 -. 4 _. ..- United States Postal Service 15 15 -- 10 Subtotal 589 433 278 Total 2,008 1,666 910 “Includes predominantly computerized systems maintained by agencies at the end of calendar year 1988. “A 9 encies ldentlfied up to 10 of their largest computerized systems containing personal Information ’ Formerly the Veterans Administration Note One hundred twenty-seven cabinet and subcablnet-level agencies responded to our question- naire The Agency for International Development consolidated its responses with the United States Trade and Development Program. Cabinet, subcabinet, and independent agencies that did not respond Include. the Offlce of Human Development Services (Department of Health and Human Services), the Bureau of International Labor Affairs (Department of Labor), the Pension and Welfare Administration (Department of Labor), the Department of State, the General Services Administration, the Federal Prop- erty Resources Service (General Services Administration), the National Transportation Safety Board, and the Office of Information Regulatory Affairs (Offlce of Management and Budget). We received the fol- Page 42 GAO/IMTEGSO-7OBR Government Computers and Privacy Appendix II Number of Federal Systems Containing Personal Information, as Reported by Federal Agencies lowing agencres’ questionnaire responses too late to be included in our analyses: the Agrrcultural Stabr- lization and Conservation Service (Department of Agriculture) and the Export-Import Bank of the United States The Central Intelligence Agency reported that it could not respond to the questionnaire wrthout exposing sensitive rntellrgence methodology. Page 43 GAO/IMTEC-90-7OBR Govemment Computers and Privacy , Appendix III U.S. General Accounting Office Survey of ’ Computers, Networks, and Privacy ql.ledonnaire. Ifycuhave any guestions, -m please call Mary m at (202) 275-0471 or-iaoltreras at (202) 275-3178. me U.S. Germal. Acmlmaq Offh hat3 heen ThaIiJcyau forycurhelp. ~~YtheOfthe -marTal ecamamicatiw and F-, --$=-epz FJlargy ad PleaaepxuvidetheMmeofthecneperson -, carprtarsd whallwemayconwzttoclarify ne+=rkWBpereonal infonnaticm, if tle-s=q. illformatia. Th-,---N thisqueatiormab3todhxh.infornrati0n Name: fran fewal agerlciee on OmQuterized e5yatm3 ap-rtnining personal information Title: whichmayormaycrmaymtbeeubjectto the Privacy Act. Dapartmerrt: -m -: ToL%Esdstyalincarp?letingthis 'Iblephone No: questionnaire,uJe-prwidin3an -witiaUgf.pfmglXl otxmnmAND-nmm dlefinitlwls Please readthe. attachrmxk FJEBWALLt2mmwncN (GmmM.J before z-eq&rq to the questionnaFre. we occasionally ask for information whe.re l.Pleaae estimate the nmbar of estimate~maybepruvidsrl. H0w~er,unl.ess predcminanuy canplterizd SW- ckherwise hsQxcUd, specific information ~intrgperwnalinformationmaintainezl is-. byyauragencyattheendofcalendary~ 1988. (m NUMBER. ) Pleasereturnthecanplet&questionnaire intheencla3adself-addressed envelcpe m 2.906- 1aterfhanDecenWr 22, 1989, to: 2.Please estimate the number of the above Araceli antraras (Questionl)qsteInsWhicharecWeredby U.S. Genaral Accarntirq Office the Privacy Act. pINl?ERNUMBER.1 FZccxn 6905, 441 G street, N.W. Washh$on, D.C. 20548. -l.&Lsystens Please respxld to the follcwiI?g questions astheyrelatet0yaxagencyaslistedon theabovelabel. Aslrotedinae- latter,We~asMnrJ~chdagwtlrent anponw&toaaapleteaseparate Page 44 GAO/IMTEC-SO-70BRGovernmentComputersandPrivacy Appendix III U.S. General Accounting office Survey of Computers, Networks, and Privacy ltAllASEl8Elll OF CDIWUIERIZED SlSlLltS CollfilllMi PERSOWAI. IUFDRMTIW (SPECIFIC) Pt.... provld. th. folIowln# lntorm.tlon for your ip of trmswtlona) computwlred Syaterr whether or not they l re cowred by the Prlwsy Act. Plrrrr provldr the followinS MO h.v. u..d th. In.tructlon ‘(ENTER All CDDES IllAl APPLY.)' throughout the quortionnrlr.. For ..ch qu..tlon roqulrlng thl. reeponrr, .nt.r In th. .p.c. provldrd, thr numbrr (cod.) PuLpr thr rrrpon.. th.t I. mo.t ch.r.ct.rl.tlc of th. ry.t.a. In rddltlon, krrp th. .y.tnn. in th. ..I* ord.r throughout thr qu..tionn.ir.. When r..pmdlnS @oth.rl, pI...r .pwlfy no mar. th.n 5 1t.m. und.r thl. c.t.Sory. SYSlElf SYSTLM SYSTEM SYSTf)I SYSTfll SYSlfI4 SYSlE)I SYSlfM s 4 5 6 7 8 9 10 Full n.u .nd 0th.r 1d.ntlfI.r of --- eyetern. I. th. Informtlon In thle .y.t.m cov.r.d by th. Prlv.cy Act7 (ENTER OWf CoDf.) I. '100 (00 IO aufsrloti 6.) 2. NO (00 TO aufsTloN I.) --- If th. Informtlon In thl. .y.t.n I. not cov.r.d by the Prlv.cy Act, pl.... 1ndlc.t. the remone. (ENTER CODE.) 1. fn.mpt.d 2. Not ratrlrwd by . p.r.0n.l Id.ntlfl.r 3. 0th.r (SPECIFY.) ----_ -- L Page 45 GAO/IMTEGSO-7OBR Government Computers and Privacy Appendix III U.S. General Accounting Office Survey of Computers, Networks, aud Privacy ------- -- -_-. --- --. ----. SYSTEM SYSIEH SYSIEH SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM 1 2 3 4 5 6 7 a 9 10 --- .-_-. -- 6. Yhrt l 9wuleS or partlea oprrrt. the I 7a eyetom on your behalf? DDIrlfPr of . : I fedrrel conputw ayetom II e tederll : ) l Se”ey, contractor of l federal 1: l wncy. or other orpwtlzPtlon that : : proceSsa* lnfornltlon wlnp I ii ) 11 computw eystom on behalf of the 7) federal 9ovwrYIent to wccmpllsh l fodwml function. (ENYER ALL CODES INAT APPLY.) 1. Your own agency 2. Your cabIna-level department 3. Another federal aSw~y 4. Contractor (not etatc or local 5. Grantee (not fitate or local povsrnment) 6. State or local 9overnms”t 7. Other (SPECIFY.) .-. _--__--. ----_ _--_ 7. Yhat type@ at information are 11 iat collected and malnta4ned in this 171 lY,t*ll? (ENTER ALL CODES THAT APPLY.) :’ ; 2a 4) 21 .i ; 1:: 631 ;i ) 171 91 341 11I) 51 1. Soclel Security number 1’ I) 151 a. Retirement 471 9. Flnanclal :i I; 41: 10. Credl t Lb 3( 11. Wllitwy hlntory II i) 7t 12. Rerldenee (address) 11 SSi 13. Demographic (e.g.. #SC, sex, raw, 1; Fi aa etc.) II 5) 191 14. Sclec~lw Service replstration 15. Property (e.g., realwe8tate, Personal. etc.) 16. Occup~tlan~l/r~9ul~tory te.9.. p*rsonn*I paY, pllot cwtltlcbtlo”, etc.) 17. LIM rntorcmo”t 18. Other (SPECIFY.) .__ .------_ __---- Page 46 GAO/IMTEC-90.7OBR Goverument Computers and Privacy Appendtx III U.S. General Accountiug Office Survey of Computers, Networks, and Privacy .-----. SYSIEM SYSIEW 1 2 SYSTEM 3 SYSTEM 4 SYSTEM 5 SYWEN 6 T SYETEN 9 SYSTEM 10 a. from whom do.. Vow .P."CY obt.in th. 661 d.t. .nt.r.d into thli .Yit.m? (ENTER 'i ALL COWS 7NAl APPLY.) ) ;;i ) 14: 1. Your own rg*ncy ) lli 2. lh. .ubJ.ct i"dividu.l 3. An0th.r 1.d.r.t 9ov.r"m.nt .9.ncy 4. St*t* or locrl .9."ey 5. Other (SPEClfY.3 aoi 9. Now doe. your .S.ncy obt.ln th. dot. 4ai .nt.r.d into this .yrtm? (ENTER ALL ) !a COOLS lNA1 APPLY.) 1. nard copy 2. Elwtronie (e.g., floppy di.k, t.p., .tc.1 3. 0th.r (SPECIFY.) ----- ---- ---- -- 55Y 10. Hou .r. Indlvldu.1. .ndfor group. 47C n.d. .w.r. of record. your .S."cy iai q .int.in. on them in thl. .y.t.n7 : 67 (ENTER All CODES INAI APPLY.) 1 71 1 131 1. F.d.r.1 R.qi.t.r 2. Uritt.n notlflc.tion on form 3. Verbel notifis.tion .t int.rvl.u 4. 0th.r p.r.on.1 notiflc.tion (SPECIfY.) 5. Other (SPECIFY.) 6. Do not notify -------_ --- --- 1 21s 11. Uhleh of th. following proc.dure. 643 do.. your .S.ncy p.rform t. .n.ur. ; 1lC th.t p.r.on.1 lnform.tion m.1nt.in.d 1 12i in thir ryatm is complct. .nd ) 19e aCcurate7 (ENTER ALL THAT APPLY.) 1. Comp.ri.on ulth other fad.r.1 l pancier~ records 2. V.lid.tlon check. with wbjoct Individu.l. 3. V.lld.tion ch.ck. nlth .t.t. ."d l0c.l . .."Ci.. 4. V.1id.ti.n cheek. uith lnstltution. t..g., b.nk., etc.) 5. Other (SPECIFY.1 --- ---_ ------- Page 47 GAO/IMTEC&O-70BR Government Computers and Privacy _.-----.-l ----“- Appendix III U.S. General Accounting Office Survey of Computers, Networks, and Privacy _------- ---. -- --. -- SYSTEM SYSTEII SYSlE#l SYSTEM SYSTEll SYSTEM SYSTEM SYSTEM EYETEll 6YSlEM 1 2 3 4 5 6 7 8 Q 10 .--- --- -- -- -- 12. Uhat pwaonal Idontltlara .~a used to I) 706 WC.I~ the rawdo In thlo eyetern? (ENTER ALL CODES THAT APPLV.) f: 571 151 1) 221 1. Yen* i) 2. Social Security number b) :'; 3. OAt. o( blrth '1 104 4. Account number (8.0.. bwk, MedIcare, etc.) 5. Mllltclrv I.D. 6. RalDtlw'a naln. (U.S.. prrenti)/reaponilbla Individual to.@., Suardlan Intormatlon) 7. Other (SPECIFY.) -__ --_ ---- 1). Uhlch of the tollowIng orgenitatlon rl) 316 (are mrts A-C below) hrvc acc~‘ 12) 151 (autoimatcd or nanualj tD lntormstlon 13) 276 In this @votam? (ENILR ALL CODES i4) 1WAl APPLC.) is1 2:; 1.5) 51 A. Your 0"" .#ency: 17) 150 10) 323 For what purpow? (ENTER 19) 15 ALL CODES lNA1 APPLY.) 110) 274 111) 9 1. lo determIne Inltlal rIlSlblllty/csrtlfy 2. llccertltlc~tlon 3. InVCstlS~tlon 4. SurveilI&nc~ 5. Employment 6. Credlt 7. rrllnlng 8. Pwment 9. Ini"ctl0" 10. Other (SPEClfV.) 11. Do not knou _---- -----. -----. -__ Page 48 GAO/IMTECSO-7OBR Government Computers and Privacy Appendix III U.S. General Accounting Office Survey of Computers, Networks, and Privacy .----. ---_ -- --- -- SYSTEM SYSTEM SYSWI SYSTEM SYSTEM SYSTEM SYSTEM SYSTEP SYSTEM (OUESTION 13 CONTINUED) 2 3 4 5 6 7 8 9 10 --. -- -- -- -- 13. Uhlch of the foIlowIng OrRanlzRtlon fl have RcceRR (RutowtRd or mmwl) to :; InformatIon In this System? (EYlER 3) 1: ALL CODES TIIAY APPLY.) :: 78 1, 0. Other offlceS/RmenclRR within crblnRt-lrwl department (e.g., 2 2, " IRS within the Departnant of rho 7' lre~sury): t: 10) 81 for what ptrpoS.7 (ENlER 11) 3 ALL CODES THAI APPLY.) 1.IO detrrmlne Inltlel sllglblIIty/certlty 2. Recortlflertlon 5. InvePtlRRtlon 4. SurvelIl*nce 5. Employment 6. Crsdlt 7. Yralnlnp 1. Pwment 9. In&ctlon 10. Other (SPEClfY.) 11. Do not know --- --- -- t: 101 C. Other federal agencies: 4i 5) 13i for what purpow? (ENTER ALL i) 15 CODES THAI APPLY.) 5) 111 1. To determIne Initial :; 25 22 rllRlblIItY/certlfy lot 2. RrcertlflcRtlon ;; I 3. Inve*tlSatlon IO) 111 4. Survalllbncc II) 3s 5. Emplovment 6. Cr;dli 7. Irafnlnp II. Pwment 9. lnb"ctlo" 10. Other (SPECIFY.) 11. Do not knou ------_ ---- -----I .----_ .---- Page 49 GAO/IMTEC-90-70BR Government Computers and Privacy Appendix III U.S. Qeneral Accounting Office Survey of Computers, Networks, and Privacy .-es, -_-- -- 5lsTEn SVSlEN SvsrEN SVSIEM SVElRl SVllEW SVSTLN WSWI tVSlEl SVblEM (OUESTIOY 13 COYTIYUEO) 1 2 3 4 5 6 7 8 9 10 --- -- 13. Yhlch of the followInS or9antrAtlon 11) 6; have WC.,. (Automated OP l wwA1) to 2) 25 Inform~tlan In thlS SyStAl? (ENTER 15) 71 ALL CooEs TIIAT APPLY.) 14) l! 15) 44 16) 11 7) I for wh@t purpoee? (ENIER '8) si ALL TWA1 APPLY.) 9) 10) 6: 1.To detarmlm Inltlbl 11) 31 sllgiblllty/c~rtlfy 2. RcccrtificAtion 3. Invertlpatlon 4. Surveillmce 5. Employment 6. Credit 7. Irainln9 5. Peymcnt 9. InductIon 10. Other (SPECIfV.) 11. Do not know __----- --- for h'hat purpoSe? (ENIER :; :: ALL CODES 1HAT APPLV.) 3) 57 6) 13 1. lo dcterllna InltiaI 5) 43 rll9iblllty/ccrtlfy 6) 13 2. Reccrtlflc~tlon 3. Invcstl9atlon i: 3: 4. survrlIlmcr 0) 0 5. Employment 10) 69 6. Crcdlt 11) 46 7. lrllninp 8. Payment 9. lnductlon 10. Other (SPEClfV.) 11. Do not know .----- _-- -_...- ” Page 50 GAO/IMTEC-90-70BR Government Computers and Privacy -- Appendix III U.S. General Accounting Office Survey of Computers, Networks, and Privacy ------_ .-- ---. ----- -- ---. SYSTEW SYSTEM SYSTEM SYSTEM SVSTEM SVSTEN SVblEM STSTEM SYSTEM SISTER (QUESTION 13 COYTINUEO) 1 2 3 4 5 6 7 II 9 10 -- --- 13. Uhlch of tho followina oroonizotion 21 have .CC~II (autoutoi orvmmuel) to :; 3 Inforrotion In this l yntom? (ENTER 3) t ALL CODES THAT APP1V.j 5"; 2: f. Educational Inrtitution~ (privoto 6) 6 and public): x; 1': for whmt purport? (ENTER 9) 0 ALL CODES TNAT APPLY.) 10) 49 10 49 1. To detormlno Initial eliSibility/cwtlfy 2. nccertific*tlo" 3. I"vcstigrtio" 4. SurveiIIa"cr 5. Enployncnt 6. Crcdlt 7. 1rainlnp 6. Poymcnt 9. Induction 10. Other (SPECIfV.) 11. Do not know C. Private lcctoc tC.9.. honks, ------- ----- --- -- physiclow, omployoro, crrdit 66 burcoua, etc.) OPEClfV.) :: 12 3) 14 for uhat purpo~.? (ENTER ALL COOES THAT APPLY.) 1. lo datormlna inltlol cll9lbiIlty/c.rtify 2. Recertification 9) 0 3. Invcstlpotion 10) 69 4. Survcillancc 11) 42 5. Employment 6. Credit 7. Training 8. Pllyncnt 9. Inductlo” 10. Other tSPECIfV.1 11. Do not know .----_- ------_ _----_ _-- ---_ _------- Page 51 GAO/IMTEGSO-7OBR Government Computers and Privacy Appendix III U.S. General Accountig Office Survey of Computera, Networks, and Privacy SYSTEM FISTEN SYSTEM SYSTEM SYSTEM SILTEY SYSIEM 1 SVSlEfl 1 2 3 4 5 6 7 10 14. In what form, if At @II, I@ the P-e lntorutlon from thla dAtAbAee 700 r*l*aa*d') (ENTER ALL CODES TIMI :; 411 APPLI.) 3) JE 4) 164 1. Herd copy 2. Elactro”(c te.0.. floppy disk. tap*. *tc.) 3. Other OPECIfY.) 4. Cwmot b. reteAsed -- --- ----- 15. AOY doeA ywr @S.“cy .cc.pt requests 1) 365 for the reloue of InformAtion from 750 this system? tENlEA ALL CODES THAT :: 230 APPLY.) 110 :; 19 1. In p*r*on 2. Written requert 3. Telephone 4. Electronic (e.g., floppy disk, t.p. etc.> 5. OthAr (SPECIFY.) --------- -I---. --- ----- ----- ---- ------- --- -- -- 16. Ihrough which of the followInS kind Al) 254 of network t,.. pwts A-E belou) I, LZ) 637 thla ‘Yet.. l CCa#Aedl (EYIER ALL COOEE TIIAI APPLY.) A. Publlc*swltch network ti.8.. ATLl, Sprint, end MCI): (ElITEA CODE.) 1. ver 2. no S. Other cornrclal network (e.S., Tynet, 1elcnet, etc.): (EYlER CODE.) 1. VOI 2. no 81) 258 82) 627 -------. _----- _------ ---_ --_--- ----. ----- Y Page 52 GAO/IMTJ3G9OBOBR Government Computers and Privacy Appendix III U.S. General Accounting Office Survey of Computers, Networks, and Privacy (PUESIIOY 16 COYIIYUED) ._-----_ _--. .------ ---_ ----- ----- -- SYSTEM SVSl SVSTI i'lSlEM SYSTEM SYSTEM SYSTEM SYSTEM SVSlEl SYSTEU 1 1 3 4 5 6 7 0 9 10 16. lhrou9h uhlch of (he foIlwin kind ,--- - -. -- --- --- -__ --_ --- of “etuork is Ihi sy.tcm accwred? C 47 (EYIER ALL CODES TtlAT APPLY.) C :: 36 C,3) 1 C. Local .r.. "eIwrk: C 4) 2 C A~mclss or partier oporrtlng 2 “sCuork (ENTER ALL CODES I ,I) 1 THAT APPLY.) 1. Syltem Ir not mcce@Aed vim locrl .r.. network8 (GO 10 OUEfill011 16D.b 2. Own .gency 3. Atwhsr federal a9a"cy 4. Contractor (not *(ate or local povarnnsnt) 5. Grantee (not st.ta or local Qovernncnt) 6. State or local ~overnmsnt 7. Other (SPECIFV.) ------ _-__ ----- .------ _-- _--- --- II 1) 45 29 A~lnclcr w partie OpsratinQ i :; 3 network. (EYlER ALL CODES 4) 9 THAT APPLY.) : 5) D 6) 1. sy.tw i8 not l cceared via D 7) 1 private netuork uslnp leaned line8 (GO 10 PUESIION 16E.j 2. Own aQc”cy 3. Another federal wcncy 4. contractor (not 8lIfC or local government) 6. State Or IOCllt QOWr”,“c”t 7. Other (SPECIFY.) ------ _--- ------ -- --I. Page 53 GAO/IMTEC-90.70RR Government Computrrs and Privacy Appendix III U.S. General Accounting Office Survey of Computers, Networks, and Privacy _--. ,-I--- ---- -. SVSTEI SYSTEM SVSTEH SVSTEl4 SrSlER SVSTEW SVSlEM SVSTEI tPUESIIOY 16 CONTINUED) 1 2 3 4 5 6 v 10 -- --- .---- --- 16. IhrouSh uhtch of the folIowIng kind of network I# thle nyntem wceesed? ;; ; (EYIER ALL CODES THAI APPLY.) 3) E. Private network urlng government- :: owned facllltles: 6) 7) Asencle~ or Partiel OPer~tlng network. tEitlER ALL iODES THAI APPLY.) 1. Syatam Is not rccc@erd vir prlvste network usInn &rnment.ownsd facilitlel (CO 10 0UES1l0Y 17.) 3. Another fcderel qency k. contractor (not *t.sta or IOCSI government) 5. Grantee (not etatc or locrl government, 6. state or local gO"e,"lnc"t 7. Other (SPECIFY.) 17. For uhich of th, following IS there _----- ---_ authorlrad acce., via dial-up? 1 3 tENlER ALL CODES Ill11 APPLV.) 15 1 1. Syatema proSrams (I.e., software : used In the oporotinp system) ; 2. Applicat(ons 3. DLagnosticn (e.g., diagnostics to identlfy 6 avtem problem) L. Routine or general maintenance 5. Other (SPECIFY.) _----- _------. ------ _------ _----_ Page 54 GAO/IMTEC-YO-70BR Government Computers and Privacy Appendix III U.S. General Accounting Office Survey of Computers, Networks, aud Privacy ____~____________ ---. ---- --__ --- .___ -- -----. SYSTLn SYSIEI SVS’ SYSTEM SYSlEfl SlSlElt SYSTEM SYSTEM SYSTEH SYSTEM 1 2 4 5 6 7 0 9 10 ------ -..-- --- ---. ----- -- -- __- -. 18. What rartrictlon, .re imposed on 420 Indlvidualr with wthorlzsd dial-up :; 327 .ECCI. to the l y#tem? (EYIER ALL 3) 325 CODES lHA1 APPLY. ) 4) 316 5) 1. Ability to read personal data 6) 3:: 2. ltodlfy perw~al data 3. Add ~crsonal data 4. Oslcic personal data 5. Other (SPECIFY.) 6. Not rppllcrblc -------..----- _- ---- -- 19. Uhat controla .re Jn PISCC to protect Al) 060 the information maintained In your AZ) 406 computcr(zed systems against h3) 219 altcretio” and unauthorized ICCCIO? A41 601 (See OIB’s Suldance for prepwinS and L5) 5 submitting o9e”cV security plsns, OltB BulLstin No. 118-16. July 6, 1988.1 (EYIER ALL CODES 7HAT APPLV.) A. HAWAGEMEUI COW,ROLS: 1. Aasipnment of security re8ponvlblIity 2. Documented risk 8usewme"t 3. Undocumrnted risk l smsnment 4. Personnel 8creeni"S 5. Wonc of the above ,nanaS~ment controlr ore in place _--- -------. _--- ---- .- -- --. 8. DEVCLOPMENI COYIROLS: I. Security specifications 2. Design. review and testing 3. Certification 4. IIon@ 01 the above development controls are in place -------. ---- ---. .-. --. Page 55 GAO/IMTEC-90.70BH Government Computers aud Privacy - , Appendix III U.S. General Accounting Office Survey of Computers, Networks, and Privacy -- -- SVSlEM SYsrEM SYSTEM 5VETEl SYSTEM 8YSYLll 8YOYE1 (OULSTIOW 19 COYIIYUED) 2 3 4 5 6 r 0 --I_ 19. What controls .,. earputwlzed ryrtrmr roalnat ! altrrrtlon wad unwthorfted 1~1117 (SO* o)(S’a guldanc. for pr*pwing and 1 rubmltting .#.nsy I*curlty plw, OH5 I SulIetln Ya. 88*16, July 6, 1988.) (LYlEI ALL CODES TIM1 APPLY.) C. OPERAlIOYAL CONTROLS: 1. Pcoductlon, lnputloutput controll 2. Contlno*ncY Plmnlna 5. Audit &t&ion - 4. Software nalntenmca control 5. oocunsnt~tion 6. “one of the *bow operational controls ar* In place ------ _---- _--- D. SLCURllY AWARENESS AND 1AAIYING: , 2. Sccurlty .~.r.ne.. and trelnin9 me.,we* not In place .. __- t. IECIUIICAL CONTROLS; I 1. USar ruth.ntlcation 2. ACC~IS controls 3. Dota Int*RrltY controla 4. Audit trailr 5. Mona of the @bow tschnlcll control8 .re In place --I- ---- -- I. SUPPORI SVSIEM SECURITV MEASURES I (1.0.. physical or facllitlss sscurlty control) 1. Actlvlty monltorlng 2. sscurity m.a*“reI for wpport .y.tcm. . ----- _----- --- Page 56 GAO/IMTEGSO-70BR Government Computers and Privacy . Appendix III U.S. General Accounting Office Survey of Computers, Networks, and Privacy ---. SYSTEM 1 SYSlEM 2 SYSTEM I_. 3 SYSTEM 4 SYSTEM 5 SYSTEM 6 SYSTEII r “*:E” 20. for thaw control8 thAt Are not In 0 j p\Ac.. plmm IndlcAte which of th. ii’ followlnp, If Any, Am reAsonA they :; 3( we not In pIAce. (EWlER ALL CODES 6) THAT APPLY.) 5) ti 6) 52: 1. tludgrt corwtrmlnts 2. RlAk AAswAment IndicAtAd control tier* not neeesswy 3. Dlfflculty In hirlno qwliflrd mpl aye*. 4. Lwk of AdequAtA guidance 5. Other (SPECIfY.1 6. Yet l ppllcmblr - .------- _-----. Page 57 GAO/IMTFJCSO-7OBR Goverument Computers and Privacy . Appendix III U.S. General Accounting Office Survey of Computers, Networks, and Privacy -- Please mspcmd to the folluhq questions for&J of yaE agenq's systam mining personal information 21. Did yax agency participate in aqmter matdhq activities with amthr WPW a a (A) matching agency (* agency WOW the ma-1 or W -agerrcy(-agMcy dixlos~recordstothe~~agencyforuseinthe~~)atanytimeduring fiscal years (FYs) 1988 and 1989? OJmxrter m is defined as the cuq~~terized ~iw;oloftwoormJreautcmatrdlistsorfFlestoiderrtifyLrcnsiotenciesor irregularitiesamorrJthelistsorfiles.(CHW(YES~NOFCBlEAMYEAR.) (A) (B) ASA- ASASUJRCE zGEx!Y? AGENCY? -iriL zf-zl FY 1988 (311 (1171 (351 11121 FY 1989 t311 [1161 1351 [I=1 (IF NO ‘El (A) m (B), a, TO QUESI.TCN 32.) (QvEsmm 2.2 -) 22. For each pupoeelistedbelaw,please estimate gp the 6axtent avail,&& the nwlber of j + saera raqggy (inclucli.ng fedLi¶l,~andlccal agencies)azqutermtchesinwhichyauz BwlTx Bamx agency participated during FY 1988 and FY 1989. We reaqnize that in&a-agency 5.hlditpuqxxes 72 2,044 (withinyouragencyaqonmt)matchs arenotaweredbythecanprterMa~ 6.statutoryIMnJate 10,037 10,004 and Privacy F??atedion Act of 1988. However, if possible, please include the 7. Al3grepb nmber for htra-agency matches in yauc statistical calculations. (ENfER '0' IF NCME.) plrp-ses (data produceddoesnot include informtion that 16,099 20,055 auldbeusedto identify an IJ!xmi samx iJ-dividLlal) 1. Establishirq or 8. Research/ verifyimj statistical eligibility for a 681 442 pupa;es (data federal Program maYbP- aIri retained that 2.Recot4kq amldkeusdto 16,073 570 pnyments or 10,208 10,183 identify an delinquent debts individual) 3. rawenforcamlt 4,320,932 1,148 9. other (SPECIFY.) 3,471 112,373 4.Taxpuposes 16,245 1,000,024 GRAND- 4,393,818 1,156,843 -- Page 58 GAO/IMTEC-YO-70BR Government Computers and Privacy Appendix111 U.S.General Accounting Office Survey of timputem, Networks, and Privacy 1 23. ofunalq7larmamheB-by 25. wmn participating in ampter yaaa+mcyinN1988andR[1989,what matches clurjnq F-i 1988 and FY 1989, porarntofthmamtchmiwol~yalr w~-~yauEtgancy~ infonnatimand (2) franwbatscxlrces did ycur agency reoeive/accese infcnnaticm? (aiEcK Au.4n-m APPLY.) yalr Agent: F&ceived/ 0% - 19 ageulcief3 Infomtia 1%to 80%- I.5 arpenciee ozqanizaticm mm (2) 100%- 11 agrmcies 1. Amther 1agencyd.idIWthOWthspercrpltage office/ 18 15 24.Rowmaq'~mbi1emdidyour wx agcvrcYQIlchlct cIW?inqFY 1988 ar~I Fy w 1989 wbm all the infonmtion used had heenauedgibyyarragency?(~ m-1 2. Another federal 35 33 (1) 575.219 MdtChS in F'Y 1988 agency (2) 1,185.209 I-b* in F'Y 1989 3. state 16 14 (3)locQmtma.inbmktrtainrecprds on intra-mmatchee 4. Iccal. 5 6 agency 5. Private oqaniza- 14 5 tion u-m upw five as-ET2 2* 3. 5. 1 I 6. ullm (SPFXXFY) 1 1 Y Page69 GAO/IMTEC-SO-70BR Government Computers and Privacy , Appendix III U.S. General Accounting Office Survey of Computers, Networks, and Privacy 26.Inadditimtcyo~rrk~ticeofax~~br 29. what are ycur agency's step aId mL%tchrasintheFederal -iI*, h pztzwuw forverifyirqda~prxduced often,ifever,daesyourarpney frana 'hit'? (CBCKWTfBTAPPLY.) provide separatewrittmnctification tclsubjectindLvidualstl¶attheyare 1.  hsking the subject irdividual invclvedinaaqutermat&?(CHECK a=.) 2.  Tracing the cCqutwz outpn to the original doa0ent 1.  Always or almDet always 3. [201 -in3 indepenaMt 2. [ 21 MO& of the tine investigaticm ard confimation 3.Akcuthalfthetilm 4. [ 41 other (SPMIIFY.) 4. [ l] scmatimes 5.  Never cr allmst nevar 30.Iiowmanyinlividualshaveker1 (GO'IU GUBI'ICXl 28.) adwrsely affected (e.g., denied benefits, inzlictad, etc.) asamsult 27.WhenimIividualsareadvisedthattheir ofacempltermat&Mtiatsd byyour P-&g Mermat~~J~ z 2 in age.nc&Wc2ut. $ 1988 and EY 1989? . follcw~~~on is prwided to the subject irdividllal? (CHECX ALL (1) 3,611,67L irdividudls in FY 1988 ?lmT APPLY.) (2) j.624.984. irdividuals in FY 1989 1. 1141 zhs pupose ofulemti 31.Hasyaxagencyd~elqedanappm.ls 2.menardhcw0ftentheuEltches process for individuals/h3titutions will - whohavelxenadverselyaffsctedas ths result of a %it'? (C-ECKONE.) 3. [ 81 Vii-& infozmtion will be matrfied 1.  Yes 4. [ 91 How the matched information 2.  NC willkeusd 32.Hasyouragencyusf%Ica~@erized 5. [ 41 other (SPECIFY.) frorrt-endverificationdurhq fiscal years 1988 and 1989 when inlividuils applied for federal prqram, benefits, enplcylmtorservi.ce8? m-Q@ 28.Doesyaxagexyve~ifydataprcduced verification is the certification of fruna %.it'? (CHDXCNE.) the acmuacy and authenticity of information suppliedby an applicant 1.  Yes (Go To QtJFmmN 29.) thatisdmclcedagainstsimilar informationheld ina aqmterized 2.  No (Go -ID QUESTION30.) databas.e,gemmllyofathizdparty. (- ONE.1 1. [ 281 Yes 2.  No Pagr 80 GAO/IMTEC-SO-70BR Government Computers and Privacy . .” .Y.~.... .~_..._ --_- ..__ ~~__ __--- Appendix III U.S. General Accounting Office Survey of Computers, Networks, and Privacy 7mRDpAKcl IIlmmmI(H?lND- 36. What ar-8 yCUr agencY's procPcfures for assurinqtheaccua~ofthis 33. DoQsyalragencycoll6!ct inelectrcnic infoxmation? (CliEcx Au.4'IHAT APPLY.) form (allel~coroptical madcnarrdar-line Qcoess)fmuthiId 1.  canparison with ether federal parq - (e.g., credit l-xlrQau!3, agerd3s !cecodQ death records, Divisitm of M&x VehiclW) any i.nfcrmatiul fxlu whid-l 2. [l2] Validaticmcheckswithsowx yw can idenufy i.na.VidualS? (a+EcK ctherthanfederalag~ncies m.1 3.  Validation checks with subje 1. [ 361 Yes (GOTo QUESlTCN34.) individuals 2.  NC (Go To QuEslToN 37.) 4.  (Bnparison with smrce 34. Run what -Qesycuragency ccllectth.i5hlformaticm? (CzmKALL 5. [ 51 other (SPECIFY.) THATAPPIX.) - 1. [ll] credit kureaus - 2. [U] Division of N&or Vehicles 3.Educatimalinstitutions 37.~~--agency~ccmplterp- I tcdevelcpgemricpmfil~s of types of 4. [lo] Iaw enforcement agencies individuals or catqories of inlivichaals? w BrPfilirn is t he 5.courtre~ieus smrhing~arecordsysternfor *a specified cfmbinationofdata element1, 6. [ 21 Inmranm bureaus i.e., the profilQ. For awmple, a profile amid describe the 7. [ 51 l3meauofVital statistics cilaracteristics ofpersomi mxelikel .Y to misrepresent infornation in order to 8.  Other (SPECIFY.) receive federal aid or benefits. t- ONE.1 1. [ 371 Yes (Go To WEEtON 38.) 35. Forwhatpzpcse was this infoxTaticn aAl.ectQd? (cHw(W'IHAT~.) 2.  No (GO'TOCJJESTION 42.) 1. FLnf0x-ament 2.  Dsbt ccllecticm 3. [lo] Pre g 4. [ 91 Denial of benefits 5.  other (SpMII:FY.) Page 61 GAO/IMTEC-SO-70BR Government Computers and Privacy ..- ..--.---~ , Appendix III U.S. General Accounting Office Survey of Computers, Networks, and Privacy 38.Whattypesofinf'on1Wicnare~develcqed 39. Ifyouragencydevelcpegeneric 1 intheprofile (cElEcxw;'RII\T pmfileds, please describebalcmthe =.I tYF+- OfpmfilirqyGaragencyperfonr (e.g., categories of taxpayers mre 1.  Iiaalth/lmdical lihlytobeunder--taxable i.ncmmortypeeofpecplemrelikely 2. [lo] Inwstigati~ LEi=&mwJ i.n Ulesal w . 3.  Eduaticn 4.Bcusin3ass- 30 agencies-. 7agemieedidmtcuumnt. 5. [ l] RlRlic see- 6.Taxinfon&i~ 7. [ 9]sccialseeurity 8.  - 40. wlat are tiw salrces of input data for yazagencytsgmericpmfilee? (am 9. [ 91 Financial ALLTliXl?APPLY.) lO.[ 81 M.Uitary hbtazy 1. [351 - csgency ll.[l5] Reeideplce (ackb38) 2. [ 81 Federal aqm=ies 12.1301 t-mgr@ic (e.g., we, sex, 3.stateorlccalgove1nmant -r etc.1 4. [ 21 organization or asmciaticn 13. 41 prcperty (e.g., a estate, pewondl, etc.1 5. [ 51 other (SPECIFY.) 14. 161 Om.wticmal/regulatory (e.g., pareopnralpaY# Pfi0.t certification, etc.) 41. Forwhatuses &es ycur agencydevelq profiles? ((3IEcxALLmAepL;y.) 15. [ 61 Lawenforcenent 1.  Prcqzam nmnagementanalyses 16.[ 61 Other (SPECIFY.) 2. [ll] Scientific research 3.  Plann&! 4. [ 21 Sumeillance 5. [lo] !2cmmiq 6. [I.21 InvestiqatiOn 7.  other (SPECIFY.) Page62 GAO/IMTEC-SO-70BRGovernment ComputersandPrivacy Appendix III U.S. General Accounting Office Survey of Computers, Networks, and Privacy - in FY 1988 and (Que9itims 42 thrU 50, balaW, refer to the N 1989 in therre systsem? (EWlEFt syatwslisbd incueetion 3.) m-1 42. lUri.nq F'i 1988 and FY 1989, did yam ceapltar~~-containirq pereeplal data (i.e., system identified inQWstial3) basedc?litxlevaluatioQ UrKlQrtheFedexal~ Financial Integrity Aft (FMFIA) of 1982? (CIiECK m.1 2. [ 41 word ofnulth [ 41 conf- 3. [ 21 Destruction of cupiter file 4. [ l] Denial of servicse 43. Please prc4ide cqhs of reports cm 5. [ l] Other (sm.) securitywea)oleasesinthe~ idmtified inmestion 3 thatyalr 47. Please describe WCW BQPBewnples of agencypEpWdWthsFMFLAaSwel1 theiJvAdentthathave-in asthosepmpar&bythehosident~s these systems since Cctchr 1987. CbmA.l QI Infqrity and Efficiency (=m, ~agencyreport, =dany catsultant report for Fy 1988 and FY 5agenciesm 1989. qenciesprcvidedreports 1agencydidnotanment.. [l21] agerhxi did net 44. Curirq F'Y 1988 and FY 1989, were there any hClents of unauthorized a- or axceedFngauthorizedacces3stopersonal -authorized ~istoaccmseaaquterwith authcrizaticm~tcuaesuchaccessto maad, cbtain, OraltQr~ inforolation in ths axqaker that the auassorisrwtentiUedtoacoess. 1. [ 61 Yes (a, 'ID QUES'ICN45.) 2.  No (Go 'ID t2lJEWIcxJ48.) 3. [ 8]Donot)ouxJ (GOT0 QTJFSTION 48.) Page 63 GAO/IMTEC-SO-7OBR Government Computers and Privacy Appendix III U.S. General Accounting Office Survey of Computers, Networks, and Privacy -te Great very Grd (2) (3) (4) (5) (6) 1 48 75 39 27 8 2 33 42 33 18 3 77 39 38 6 4 170 91 39 11 1 6 181 73 1 117 83 j :: / :: 1 : 88 200 97 65 10 26 3 0 0 0 47 8 3 0 0 Page 64 GAO/IMTECBO-7OBR Government Computers and Privacy Appendix XII U.S. General Accounting Office Survey of Computers, Networks, and Privacy 49.am8idutb8pIxblml6,ifany,thatwerebldicedabwe. Inycuropinicn,whatarethe Vuwmo#tsfgnificantprd3lminycuragoncy? (lWER0XEFFfl'lWESl'XCN48;FoR aam.E, '-OF nM!A' Is a3m 'l'.) I.. 7 xmtaignificmtpmblm (Imufficientmf/reewroes) 2. 4 smmdnnstsignifiamt~l6m (Qualityofdatasu@ie3bythesubject hiividual or third party) 3. 5 ThMmo6tsignificantpmbl&m(sof?twmand- ml-1 4.52hadnoEignificantpmblm6 50. Phaw aabozataalthmpmblenstllatycunrnksd~. (useadditicmlpaper,if "yyurv*) 8lagaTmziemoasmnta 698qemi.emdidnotammt. 51. If you hmm any aorrmBllte thatyoubmldlikotomakeakxaztthequestionnaireor aoprtrrMcurityingenual,pleasepawidetheapbelow. 42 agrnciea oemmmted. 108alg8ncieedidnot-. 52.mmaz PLEASR- CCWIESOFFMFIA,FCE,AGEN~ANDCDNSULXANT REPXIS FOR FISCAL YEARS 1988 AND 1989 (C&ESTICM 43.) Page 66 GAO/IMTEGSO-7OBR Government Computers and Privacy Appendix III U.S. General Accounting Office Survey of Computers, Networks, and Privacy ~-theazquterized~~oftwoormore autcmk3~list5orfilesof~informationtoidentify inaana~ies or irregularities anmg the lists or files. --- eerarchirqWa-rdsystem(or n3wrdeystsmrr) foraspacifiedunkdnaticmofdataelfmu3nts, Le., the PfFle (e.g., typee of people mope likely to be erqagirq in illegal dxug activity). Qrarfer-wanYWarmsystaaor aiu&easof~thatisusedintheautunatic acquisiticzI, sknage, maniprlation, management,nuvement, -td, aisplay, =j.t=fdw, me, tzandssion, or Klacepdcm, of data or inf~tion. TrI.ls inclules amprters; anciUqequipWnt;so~,firnware,tisimilarprocedures; eezvicee,includiqsqportsarvices;andrelatedresxtus paxradim-toaaess a ccaputerwith authorizaticmadtousesuchaaxss to mad, btain, or alter ~in.formaticnintheomprtertbatttm accessoristi entitled to access. Hi& -aneormoredataelatlantsintwoormolleautcmatedfiles thataFpeartobeidentical0rsimi1arwhen(xqanzd (e.g.,mlme, 8ocial swurity mker, add~~~,dateofbirth,andthfslih). &QQ& - ths mqxf3itirm of a cmmunicationsmadiumtiall aWxhedcarpDnentg fortzansferrirq information. such ~mayillclude,butaren3tli.mitedto,haet~, aamD.mimticm ciracits, packet switches, teldcatioRs amtrollers,kayd!L3tr~oncenters,accessamtxulcenters, t33chnicalcaRmltice.s,andutheramponentsusedbythe network. svstan-afederalagency, 0xtractorofafederalagenq,orotheroqanizationthat prooesseainformationusi.ngamrpxrtersysi23nonk&alfofthe fedaral g5fw to acca@isb a federal function. v - any type of inforndion on an irdividual. -identifierthetheofanirdividual,orsane identify~ mmber (e.g., social Secxritynunker), symbol, or othri&ntlfyirrJpartiarlarassignedtotheindivi.dual. Page 66 GAO/IMTEC:-90.7OHK <;ovrrrunent <:omputersand Privacy Appendix III U.S. General Accounting Office Survey of Computers, Networks, and Privacy Page 67 GAO/IMTEC-90.70BR Government Computers and Privacy Appendix--_.-- IV - Major Contributors to This Report Linda D. Koontz, Assistant Director Information ,Jerilynn 13.Hoy, Assignment Manager Management and Mary T. Brewer, Evaluator-in-Charge Technology Division, Araceli Contreras, Evaluator Washington, DC. *JamesS. Jorritsma, Regional Assignment Manager Boston Re@ona1 Office C Jeff Appel Senior Evaluator Eii’zabeth Q. iacar, Evaluator Susan Wong, Evaluator Luann M. Moy, Social Scientist Human Resources Division, Washington, D.C. Page 68 GAO/IMTEC-90-70BH Government Computers and Privacy - . . ..^ .-._. _. “_ ..__ _ ..-.. ._ _-_ ..I .__. ._ . ..“” ._ _--_- - -.._ I----- I____--_-- .-- il. ‘I’de[JhtJtlt~ 202-275-8241 ‘I’iitw~ is a 25”0 disconnl. on or&w for 100 or Inow t:oIJies rnailtd t,o a single atithss.
Computers and Privacy: How the Government Obtains, Verifies, Uses, and Protects Personal Data
Published by the Government Accountability Office on 1990-08-03.
Below is a raw (and likely hideous) rendition of the original report. (PDF)