Government Looks at Privacy and Security in Computer Systems: Summary of a Conference held at the National Bureau of Standards, Gaithersburg, Maryland, November 19-20, 1973

This publication summarizes the proceedings of a conference held for the purpose of highlighting the needs and problems of Federal, State, and local governments in safeguarding individual privacy and protecting confidential data contained in computer systems from loss or misuse. The Conference was held at the National Bureau of Standards on November 19-20, 1973.

The origin of governmental problems is discussed in the context of the public's concern for privacy arising out of computer-based recordkeeping, the diverse legislative actions now being taken to safeguard privacy, the threats to the security of computer-based information systems and the technological problems associated with protecting against such threats. Useful distinctions are drawn between privacy, confidentiality and security to clarify the issues and allocate responsibilities for solving the problem among lawmakers, technologists and management.

Major needs are described. These include the need for cohesive Federal, State and local legislation; technological guidelines and standards for assuring uniform compliance with legislative requirements; management guidelines for identifying and evaluating threats to security, and improved technological mechanisms for controlling access to computer systems and networks. Cost implications of providing security measures are discussed.