Information Access Policy

Gathering data is not the act of accessing it. Safeguarding data is not the act of gathering it. Accessing information represents the third member of a data triune that enables movement between users and retrieval systems. Throughout this paper, you will read certain words:

Data Set – is metadata derived from any activity through observation or analysis.

Data Users – are granted access to a Data Set.

Data Set Creator – is someone who authors or produces a Data Set

Data Set Owner – holds the intellectual property rights to a given dataset.

Data Set Distributor - individual or institution providing access to the Data Sets.

Data Set Contact - party designated in the accompanying metadata of the Data Set as the primary contact for the Data Set.

PURPOSE

Because TSA exists implicitly for the safety of passengers, TSA and the public are intrinsically involved, more so than any other branch of government. We know where you live.

WHAT IS THE SCOPE OF ACCESS POLICY

TSA access policy covers Routine and Specific data uses from system-wide to highly guarded. A lot of public information is, ironically, already publicly accessible – most people just don’t know that.

BACKGROUND

Following the events of September 11, 2001, and in accordance with the Aviation and Transportation Security Act, TSA took action to enhance passenger prescreening operations. In March 2003, TSA began developing a new Computer-Assisted Passenger Prescreening System, known as CAPPS II, as a means of enhancing security through passenger prescreening. However, following our review of this program in February 2004, and a DHS internal review, DHS canceled CAPPS II’s development in August 2004, due in part to concerns about privacy issues.

<> That same year, TSA announced plans to develop a new passenger prescreening program known as Secure Flight. Under the Secure Flight program, TSA plans to take over from commercial airlines the responsibility for comparing information on domestic airline passengers against information on known or suspected terrorists. In addition, Congress passed the Intelligence Reform and Terrorism Prevention Act of 2004, establishing requirements that TSA assume this passenger prescreening responsibility.

<> As part of Secure Flight’s development, TSA contractors conducted tests to identify data elements needed to make accurate comparisons between airline reservation system data and government watch list data. TSA contractors also conducted tests to determine if the use of commercial data could improve the results of watch list comparisons. To accomplish this, TSA collected information from airline reservation systems that included passenger name, flight reservation date, and flight number. The sample included all passengers who flew during June 2004 using data maintained in airline PNR systems.

<> The Privacy Act regulates federal agencies’ use of personal information and allows citizens to learn how their personal information is collected, maintained, used, and disseminated by the federal government. The act applies to personal information maintained by federal agencies or their contractors in a “system of records” from which records are retrieved by name or other personal identifier. The Privacy Act requires agencies to disclose information to the public regarding the collection of personal information through a system of records notice (SORN) published in the References & Authority Policy.

REVISION HISTORY

<> Because the Secure Flight program involves, by design, personal information, it is important that TSA be vigilant with respect to individual privacy protections and fully disclose uses of personal information prior to accessing such data. In its fall 2004 notices, TSA informed the public of its plans to use personal information during Secure Flight testing, including the use of commercial data in a limited manner. However, these initial notices did not fully describe how personal information would be collected, used, and stored for commercial data testing. As a result, individuals were not fully informed of their personal information being collected and used, nor did they have the opportunity to comment on this or become informed on how they might exercise their rights of access to their information. Although TSA did not fully disclose its use of personal information prior to beginning Secure Flight testing, the agency recently issued revised privacy notices to more fully disclose the nature of these tests, and address the issues identified in this letter. Issuing the revised notices is an appropriate step to more fully inform the public of its use of personal information.

Electronic Archives Are:

Publicly accessible

Permanent

Searchable

Why Public Access?

Archive - A central archive of NIH-funded research publications preserves these vital published research findings for years to come.

Advance Science - The repository is an information resource for scientists to mine more easily medical research publications and for NIH to manage better its entire research investment.

Access - The policy provides patients, families, health professionals, scientists, teachers, and others electronic access to research publications resulting from NIH-funded research.

Authors and journals can continue to assert copyright in scientific publications resulting from NIH-funding, in accordance with current practice.

While individual copyright arrangements can take many forms, NIH encourages investigators to sign agreements that specifically allow the manuscript to be deposited with NIH for public posting on PubMed Central.

Cross-linking information across scientific fields is expected to lead to new lines of research as well as more comprehensive approaches to understanding scientific data.

Ensuring access to the full text of NIH-funded research publications will improve the public's understanding and appreciation of biomedical research findings.

Enhanced access to information strengthens and expands the impact of research while disseminating results in a timelier manner. The online archive will increase the public's access to health-related publications at a time when demand for such information is on a steady rise.

This system also facilitates the creation of an end-to-end, paperless grants management process.

Data

There are two data types:

Type I – data are to be released to the general public according to the terms of the general data use agreement (see Section 3 below) within 2 years from collection and no later than the publication of the main findings from the dataset and,

Type II - data are to be released to restricted audiences according to terms specified by the owners of the data. Type II data are considered to be exceptional and should be rare in occurrence.

Researchers that make use of Type II Data may be subject to additional restrictions to protect any applicable commercial or confidentiality interests.

Finally, some data may be determined of lowest priority for archiving on the grounds that they are interim data that led to final products that carry the scientific value. These might include data files created during stages within an analytic workflow, raw or replicate data values that were subsequently aggregated or processed for release, or individual outputs from stochastic models.

Metadata

Metadata documenting archived/online data sets of all types listed above will be made available when, or before, the dataset itself is released according to the terms above.

All metadata will be publicly available regardless of any restrictions on access to the data.

All metadata will follow LTER recommended standards and will minimally contain adequate information on proper citation, access, contact information, and discovery.

Complete information including methods, structure, semantics, and quality control/assurance is expected for most datasets and is strongly encouraged.

LTER Network Data Access Requirements

The access to all LTER data is subject to requirements set forth by this policy document to enable data providers to track usage, evaluate its impact in the community, and confirm users' acceptance of the terms of acceptable use. These requirements are standardized across the LTER Network to provide contractual exchange of data between Site Data Providers, Network Data Providers, and Data Users that can be encoded into electronic form and exchanged between computers. This will allow direct access to data via a common portal once these requirements have been fulfilled.

The following information may be required directly or by proxy prior to the transference of any data object:

Registration
1. Name
2. Affiliation
3. Email Address
4. Full Contact Information

Acceptance of the General Public Use Agreement or Restricted Data Use Agreement, as applicable.

A Statement of Intended Use that is compliant with the above agreements. Such statements may be made submitted explicitly or made implicitly via the data access portal interface.

Data providers wishing to impose further requirements beyond these are encouraged to include them in their Restricted Data Use Agreements accompanying the datasets.

Data Use Agreements Datasets released by LTER sites or the network will be accompanied with a use agreement that specifies the conditions for data use.

For Type I data, this shall be the General Data Use Agreement (see appendix II). This document specifies general roles and the obligations and rights enjoyed by each regarding the use of most dataset released for general public use. For Type II datasets, a Restricted Data Use Agreement must be provided with the dataset that identifies the specific restrictions on the use of the data and their justification.

Because these are expected to be unique to the dataset, no template is provided although in most cases the General Data Use Agreement can be modified to serve.

Grounds for restricting data may include the need to restrict access to species, habitats or cultural resources protected by legislation; rights of privacy granted by human subjects legislation; or protection of intellectual, financial or legal rights over the data held by a third party.

This policy becomes effective when approved by the LTER Network Coordinating Committee. It may be revised by, or at the request of, the same body.

General Data Use Agreement

Conditions of Use

1. Acceptable use – is restricted to a forum for which the data was created: Academic, research, educational, government, recreational or other not-for-profit professional purposes.

Any other use requires the explicit permission from dataset owner.

2. Redistribution – a metadata license must accompany all copies. The Data User will not redistribute the original Data Set beyond this collaboration sphere.

3. Citation – it is a matter of professional ethics to acknowledge the work of an author.

[Creator, Year of Data Publication, Title of Dataset, Publisher, Dataset identifier]

4. Acknowledgement – of institutional support or specific funding awards.

5. Notification – includes an explanation of how the Data Set was used to produce the derived work.

6. Collaboration – when someone uses a dataset, that person becomes responsible per se.

Remote Access Policy helps to mitigate dangers

The policy should address:

- How decisions are made as to which employees are eligible for telecommuting assignments and remote access privileges.

- What behavior constitutes acceptable use of remote access connections.

- Acknowledgement that any organization equipment provided to employees remains the organization's property.

- Potential penalties resulting from violations of the organization's remote access policy.

Data Access Policy Guidelines

The Chief [data] Stewards assign data stewardship responsibilities, manage data subsets and appoint Data Coordinators to assist with data classification.

Data Coordinators grant access to the data within their purview according to criteria defined for specific access requirements.

Data Administrators will maintain electronic archives of all requests, serve as the point of contact for audit reviews and maintain a repository of information classified by properly credentialed Stewards, Coordinators and authorized contributors.

Employee Access to Organizational Data

Employee Internet Access Policy or an Acceptable Use Policy

INTERNET ACCEPTABLE USE POLICY

Internet access or acceptable use policies are usually designed to prevent encounters with questionable or potentially offensive documents, graphics and so forth, in the workplace. The idea is to draw boundaries on the limits of what users may view or read while in the workplace, so as to prevent possible perceptions of or accusations regarding creation of a hostile or negative work environment. Most companies deploy firewall filters that block known sources of questionable content and use policy to warn users in advance to stay away from other examples of such information that might escape filters.

TSA’s COMPUTER ACCESS AGREEMENT

1. Classified Processing – is conducted only on equipment specifically designated per se.

2. Credential Protection – passwords have one upper & lower alpha + 1 no. + 1 special.

3. User Accounts – Each user is responsible for their account activity.

4. Data Protection – protect all data storage devices.

5. Physical Security – government property will not be removed.

6. E-mail – is for official TSA business only and is regarded no less official than hardcopy.

7. Internet Use – is limited to official TSA business.

8. Unauthorized Software – do not down/up load from the Internet or non-TSA media.

9. Consent to Monitor/Privacy – government may audit my computer use at any time.

10. Protection of Displayed Data – logoff computer when absent / password screensaver.

11. Copyright Protection – do not duplicate government software.

12. Termination of Employment – return all issued equipment to the government.

CONCLUSION

There is an extremely critical flaw that the entire IT world is ignoring. Somebody somewhere came up with the idea that a data object in the digital world is as tangible as a paper object in the corporeal / physical world. Where a paper object can be shredded and incinerated, a data object does not just disappear.

In much the same way that fingerprints will not be changed once biometric access is perfected,

The policy should contain information on access and acceptable use technology resources in your agency.

If you already have a policy in this area, please review it and make suggestions on updating the policy.

Your final paper should consist of the policy and your justification(s) for the various critical elements of the policy.

If you critique your existing policy, please show where and why you made changes.

Remember to use your security assessment as a resource for the policy!

Here are some examples of access policies from other organizations:

We’ve heard, “What you don’t know can’t hurt you,” which may be true in those perspectives in which it applies. I’d like to recommend a prerequisite etiquette level or protocol in how information is disseminated based on local observations and comments by others. I think because the obvious can cause embarrassment, the issue is ignored.

Almost any object of danger, this side of a rock, requires some kind of protocol training. Because ‘Knowledge is Power,’ there are those who can’t resist announcing to subordinates that they know something classified or confidential. Finally, someone in a room full of blank stares will ask, “OK. What it is?” The response is, “That’s on a need to know.”

What doesn’t get said is, “OK then -- why did you bring it up?” Even more bluntly, “What sort of psychosis compels you to repeat this performance with or without being asked for details?”

A non-verbal variety of the same absurdity is exemplified by someone who wears 5 SITA ID lanyards and 4 jump drives in plain view so that everyone will recognize just how important that person is. Nobody says anything about that either; perhaps there’s a plausible reason for parading SSI devices outside of a secure area:

Imagine what could happen if a bad guy knocked one of those characters upside the head and made off with 4 jumpers and 5 SITA badges?

I’ve had installation technicians get stuck and ask me for ideas. Privately, I’m thinking, “How did you manage to wrangle a ‘title of expertise’ that pays you three times what I make, so that I can solve your problem?”

I would be very paranoid to take that kind of chance and I suppose that’s why I don’t claim any particular title. I have observed a quantum anomaly that coincides:

“As income approaches infinity, relative usefulness reaches zero.” I’ve noticed that the non-operational side of many corporations develop their greatest assets on the golf course. They can’t give their producers a pay raise though. Sorry, I went off topic.

The chart presented in the powerpoint presentation listed a 6-stage cycle: External Monitoring – this is how we assess access attempts on our server / frontal / gate. Next is Internal monitoring –

My point isn’t to compare the different approaches that agencies take to safeguard information, but to address the criterion for possessing such information in the first place. If my other classmates also recognize this kind of behavior, then we could be exposing the most belligerent ‘weakest link’ in what otherwise should be a good information security plan.

This is something that should be addressed before attempting to fortify a retrieval system.

These are just my thoughts on the matter – feel free to modify and rearrange to taste.

That is a rather exhaustive challenge:

Investigation

Analysis

Logical Design

Physical Design

Implementation

Maintenance

But a lot of people make a lot of money to not know what they’re doing in this business.

I would like to ask my classmates:

Have any of you ever worked with IT personnel who knew less about what they were doing than you do? This happens to me on a routine basis…and I’m not soliciting.

assess what attempts are made to slip data out the door within normal looking streams. That technique is how viruses migrate unless a filter can recognize a specific data strain. State 3 is Planning and Risk Management – that’s where we add detail to our model and assess what degree of risk is beyond our control?

Beyond our Control represents anything unethical or accidental that ‘could’ happen. In those cases, although security has been breached, there is always the possibility that someone who acquires data doesn’t know what to do with it once they have it. Just because we have the launch manual to the space shuttle doesn’t mean that we can realistically launch the shuttle. Vulnerability Assessment and Remediation addresses every possible threat, real or imagined, and remedies those faults in practice.

Readiness and Review is a tried and proven true method borrowed from the Military. If we can conceptualize every possible contingency and develop an effective response to those contingencies, we should stand the test of a real-world unauthorized access attempts.

The last stage is Vulnerability Assessment which occurs any time a new breach is discovered or advisories forewarn of impending attacks from reliable sources. This is where we get as surgical and as specific as needed to protect aspects of the apparatus that are deemed most vulnerable.

In theory: What remains is a fine tuned perfectly integrated security engine whose future faults can be intercepted and remedied before infecting protected data.

My other extemporaneous comments can be considered fuel for the fire.

===========

Part I

http://www.sfaa.net/sfaagoal.html

The society of Applied Anthropology does not seem to care whether it’s data is breached or not. I will hypothesize that entities unaffected by industrial espionage will possess a negligent or non-existent security aptitude.

http://www.okc.gov/mission/index.html

The City of Oklahoma City mission, vision and values statement does not mention security.

http://www.citgo.com/AboutCITGO/VisionMissionValues.jsp

CITGO – claims to be the world’s benchmark energy corporation and makes no mention of security.

So far, I have sampled one academic, one government and one business concern that do not mention security in their respective mission, vision and values statements.

For part II of the question, I will randomly select a company that MUST have information security concerns due to my claim in part I; that industrial espionage is a determining factor to include / not include security in a mission, vision and values statement.

http://www.boeing.com

Boeing Aircraft is a DoD contractor and I could not even find a mission statement.

http://www.microsoft.com/about/default.mspx#values

The Microsoft Corporation did not mention security in their values statement.

I checked Colt and Ruger firearms manufactures, for irony, and did not find vision, mission or values statements. I must revoke my hypothesis that entities with industrial espionage concerns will automatically address said awareness in their mission statements.

Part III

1. Hackers penetrate T-mobile at http://www.securityfocus.com/news/10271

2. Credit Card breach exposes 40 Million accounts at http://news.com.com/Credit+card+breach+exposes+40+million+accounts/2100-1029_3-5751886.html

3. This one I thought was rather fascinating because SANS not only identifies the threats but identifies how the threat can be corrected. It is said that memory retention is much greater when you can “observing the process” rather than read about it. This provides a glimpse of the identify and correct process: http://www.sans.org/top20/

Security Threat Assessment for SIDA and

Sterile Area Workers

The Security Threat Assessment for ‘Security Identification Display Area’ [SIDA] and Sterile Area Workers identify 13 components for handling sensitive employee data. The need to safeguard private information is not questioned; however, meaningful information was occluded by redundancies in writing style. Twelve separate sentences, each one containing a single adjectival variance, could have been reshaped into one intelligent sentence. This narrative seeks to overcome that encumbrance for faster understanding.

l Vital information is gathered by TSA on all interagency, air carrier and airport applicants by “named-based” and “biometric” means. A SIDA badge must be visible in sterile areas.

l Biometric information i.e. electronic fingerprints are submitted to the American Association of Airport Executives [AAAE] who acts as a single point of contact for TSA. A single agency maximizes efficiency, expedites turn-around and eliminates the cumbersome procedural variations that existed when multiple formats were attempted.

TSA takes every precaution to protect vital information from unauthorized use, hackers and malicious intent using a layered security approach. Vital information is shared with DHS, intergovernmental agencies and contractors who by law, are subject to the Privacy Act. More exhaustive treatment will follow in part II of this threat assessment.

During the two weeks that followed 9/11, the FAA scrambled to contact every American who had been a Ground Security Coordinator [GSC] at some point during their life. That included retirees, rehirables, veterans and actively working GSC personnel. The logic behind this decision was based largely upon the antiterrorism component of GSC certification and the ready response capability that GSC’s have to a wide range of airport security contingencies.

The Homeland Security Act of 2002 authorized the implementation of all possible means to prevent another 9/11. On March 1, 2003, the Act of 2002 was brought to fruition when 180,000 employees representing 22 agencies integrated under the Department of Homeland Security [DHS]. The Transportation Security Administration [TSA], a component of DHS, took control of 700+ security checkpoints and 7,000 baggage screening areas at domestic shipping ports, railways, boarders and airports. TSA began screening 80% of US-bound cargo at more than 40 foreign ports.

Areas that require screening protocols to access are called ‘Sterile Areas.’ Persons allowed to enter a sterile area unescorted wear a ‘Security Identification Display Area’ or SIDA badge. Persons without a SIDA credential will undergo standard screening procedures per TSA SOP.

TSA gathers vital information on all interagency, air carrier, rail, shipping port and airport applicants using a “named-based” and “biometric” validation process. The American Association of Airport Executives [AAAE] consolidates information from the airlines / airports and provides it to TSA as the single point-of-contact. TSA forwards the information to the FBI. The FBI bumps the information against its Criminal Justice Information System [CJIS] and return the results back to TSA, who posts the results on a secure, password protected website. That information is shared with intergovernmental agencies within DHS that have a need to know. Individuals who pass a fingerprint-based records check may be issued a Security Identification Display Area [SIDA] badge.

“Name Based” security threat assessments refer known terrorists, violent criminals and others listed on the “No Fly List” for further questioning. This check includes an immigration status check. Flagged applications are forwarded to the most logical intelligence or law enforcement agency for review, who will in turn, advise TSA to rescind or permit an applicant to correct the questionable information. Applicants not flagged by this process are approved for a SIDA badge by their gaining agency.

l The information collected in compliance with statutory mandate contains the applicant’s: Full name, aliases, date and place of birth, citizenship, immigration status, gender and race, height and weight, eye and hair color, fingerprints, social security number and employer’s name and address.

l Biometric capabilities are being used at ports of entry at land, air, and sea. By checking finger scans, someone’s identity can be confirmed against a passport, watch list and immigration record. Electronic fingerprints are submitted to the FBI’s networked law enforcement database, ‘Fingerprint Results Distribution’ [FPRD] to authenticate new hire applications and alert authorities to falsified, misrepresented or incomplete data. TSA shares this information with AAAE who overseas the quality control procedures used at airports by air carriers and AAAE members. TSA and AAAE have a synergetic relationship that maximizes turn-around time where previously multiple formats created cumbersome delays. AAAE can also convert paper fingerprints into an electronic format when a member-employer does not have the means to do so.

TSA retains rap sheet information at the FBI’s FRPD website for up to sixty days in the event that an employee’s credentials fall into question and require adjudication. This affords the affected employee to seek redress and appeal. This precautionary measure also facilitates airport and airline auditing. Files on individuals who no longer possess SIDA credentials are purged. If an individual applying for a credential disputes the disposition of a charge, the applicant can provide court documentation to his or her employer’s security office. If new evidence proves that the charge does not fall under a disqualifying category; the employee will be granted a credential provided that the FBI can verify with NCIC that both records match. Immigrations issues will be referred to ICE.

DHS contractors also hold appropriate facility security clearances.

l New technology helps to minimize the damage from possible future terrorist attacks. Improvements in border security, explosives detection, consumables and public perception aid incident management teams. Improved radiation detection monitors screen cargo for radiological and nuclear threats.

l SIDA and Sterile Area Workers are provided with a Privacy Act notice that describes the authority and purpose for collecting personal data and how biographic and biometric data will be used. TSA’s method of personal information collection does NOT create a ‘new’ system of records. TSA’s data collection method does facilitate the performance of background investigations to ensure transportation security.

l TSA protects data against unauthorized intrusion using a layered security approach. This approach combines advanced encryption technology, password-protection, network firewalls and hard-bolting retrieval systems and workstations so that they can not be casually removed without a colleague noticing. There will be limitations on data tracking and greater training on telecommunications security. ‘Physical’ security layers include screening cargo at land, sea and air ports, swabbing luggage for traces of explosives, tracking border activity with cameras, posting armed / unarmed guards where necessary and implementing credential card readers for sterile area access. Some persons have legitimate limited access to databases and / or workstations but should not be left unattended. Each new innovation and security layer helps to minimize the risk of a terror attack.

Positives:

Implementation of more BDO’s to screen new hires.

Precognitive interdiction techniques by it’s many names.

Examples in physics to support the development of precognitive interdiction as a science.