Will GPO guarantee user privacy? Can it?

Will GPO guarantee the privacy of users? Will any guarantees it does make be implemented carefully and accurately? It is important to ask these questions if libraries do not have copies of digital government information and all users must retrieve copies from government managed web servers. If libraries had copies of digital government information, users could retrieve that information from libraries (which have a long tradition and policies of protecting privacy of users) rather than from the government.

I was thinking about these issues and GPO’s commitment to data mining in its “Future Digital System” when I read a story this morning that sheds some light on current implementation of data mining in federal government agencies:

• GAO: Privacy issues remain in data mining programs By Patience Wait, Government Computer News (08/30/05).

The story quotes a new GAO report and says that “implementing privacy and security measures is haphazard…. Of five data mining programs at five different agencies, ‘none followed all key procedures’ for privacy and security measures.” The GAO report:

• Data Mining: Agencies Have Taken Key Steps to Protect Privacy in Selected Efforts, but Significant Compliance Issues Remain, Government Accountability Office, “Report to the Ranking Minority Member, Subcommittee on Oversight of Government Management, Committee on Homeland Security and Governmental Affairs, U.S. Senate.” (GAO-05-866) August 2005.

GPO’s commitment to data mining is spelled out in its Future Digital System requirements document in section 3.2.14.7, pages 92-95. This section specifies that the FDsys will log transactions and be able to extract, analyze and present data from Business Process Information, perform cross tabulations and “clusterization” and categorization, and perform association and link analyses. It will be able to “expose” sequential and temporal relationships and patterns and filter data at different levels of granularity and will have ability to create customizable reports for analysis of search terms. It will be able to send alerts or notifications to GPO users based on defined criteria.

Each of those functions could be used in ways that improved system performance and did not violate privacy. Indeed the system specifies that it must “provide the capability conform to GPO’s privacy policy and Federal privacy laws and regulations.”

Unfortunately, there are two problems with this. First, since the new system is “policy neutral” (see Policy, by Magan Fleetwood, August 29, 2005, Future Digital System (FDsys) Blog, and comments to that blog including: “Policy neutral” does not mean “neutral policies” by James A. Jacobs, 8/21/2005 or FGI copy of that comment), GPO provides no guarantee of user privacy. Instead, it only guarantees that it will conform to whatever policy is in place at any given point in time. And, it is developing a system flexible enough to conform to changing policies. Its system guarantees that it can implement a no-privacy policy. So, even though the system will, for example, be designed so that it has “the capability of maintaining Access privacy (e.g., Search, Request),” there is nothing that says it must implement that capability.

Second there is nothing in the system specification to prevent the kinds of problems found by the GAO. Having procedures and policies in place doesn’t help if the agency doesn’t follow them.

What is to be done? FDLP librarians and others should be demanding that GPO has a strong privacy policy, of course. But even more importantly, we should be insisting that GPO guarantee the availability of fully-functional digital content to the public and to libraries. To restate questions I’ve asked before:

1. Will GPO guarantee that it will provide information products for free to the public and that those products will be fully-functional and not encumbered, disabled, controlled or otherwise non-optimal or locked-down versions?
2. Will GPO guarantee that it will make available for deposit, without fee, into FDLP libraries that wish to receive them, all fully functional digital government information products within its purview?

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.