"We have consistently said that public trust in a network that uses personally-identifiable information can only be achieved if government-wide guidelines for information sharing and privacy protection are established after open public debate," said Zoe Baird, co-chair of the Task Force and President of the Markle Foundation.
… To help implement a trusted information sharing environment, the Task Force recommends the adoption of:
- An "authorized use" standard to determine who should have access to information the government has lawfully collected based on the use to which they will put the information rather than its place of collection. "The borderless nature of the threat has rendered unworkable some of the old rules on sharing lawfully collected information. Under the authorized use approach we propose, each agency can get the information it needs to pursue a clearly articulated mission, subject to auditing to ensure accountability and protect privacy," says Jim Dempsey of the Center for Democracy and Technology and a member of the Task Force. The rules for the authorized use standard should be developed through open public debate. The current outdated standards for sharing and accessing information based on nationality and place of collection have caused confusion and in some cases produced a rigidity that impedes desirable information sharing without protecting civil liberties. The Task Force recommends an "authorized use" standard based on well-defined missions for participants in the information sharing environment.
- A "risk management" approach to classification that better balances the risks of inappropriate disclosure with the risks of failing to share information. Current classification procedures are frequently a barrier to effective information sharing because they overemphasize the risks of inadvertent disclosure over those of failure to share information. To avoid this situation, the Task force recommends a new risk management approach to classification that gives adequate weight to the risks of not sharing information.
- Clear guidelines for sharing information while protecting civil liberties. "Government-wide policies, processes and guidelines that facilitate information sharing and provide trust by empowering and constraining users should be developed as well as the technology solution we have suggested," says Bill Crowell of the Task Force. "The guidelines should clarify agency missions and address the requisite security, civil liberties and privacy protections." Every government agency and department should know and understand the rules of information sharing – not only to improve our anti-terror efforts but also to provide a standard to measure success and ensure accountability.
- Technology that facilitates sharing while protecting security and privacy. The Task Force calls for the continued development and use of technology to connect people in ways that improve trust among government officials and the public. Technology exists that can improve data sharing, enhance security, as well as facilitate privacy and accountability.
- An effective dispute resolution process. Even with clear and consistent guidelines for information sharing, disputes will inevitably arise over decisions not to share information. The Task Force recommends the creation of a systematic, workable, efficient process to resolve these disputes. The recommendations address disputes about dissemination and retention, accuracy and correction, as well as broader disagreements about access to and use of databases and categories of information.
- A new Information Sharing Institute. The Institute could make operational and professional expertise available beyond that of individuals working in any particular government agency, department, or contractor. This Institute would provide a mechanism to identify and distribute best practices, and to apply technologies available in other sectors. It should have the full and active participation of organizations from federal, state, and local governments as well as the private sector.