D
Overview of Selected Legislation Pertaining to E-Government

The highest level of federal e-government policymaking is public law. Although some of the public law reviewed below predates the concept of e-government, these pieces of legislation are nonetheless still in place. The overview proceeds generally from broader to more specific information policy and, where possible, links public law to government-wide policy.

THE PAPERWORK REDUCTION ACT OF 1995

The Paperwork Reduction Act (PRA; Public Law 96-511) was originally enacted 1980 as an outgrowth of the 1977 report of the U.S. Commission on Federal Paperwork. The original act recognized the economic cost of the federal government’s imposing of paperwork burdens on the public and laid the groundwork for the creation of the Office of Information and Regulatory Affairs (OIRA) in the Office of Management and Budget (OMB) to manage federal information policy centrally. Over time, the PRA has been amended (i.e., in 1986 and 1995) and has resulted in related updates to OMB Circular A-130.1 It is the PRA that compels federal agencies to get an OMB clearance number on information collections (including such things as forms, surveys, and regulations that require

1

See Executive Office of the President, Office of Management and Budget (OMB), OMB Circular No. A-130 Revised, available at http://www.whitehouse.gov/omb/circulars/a130/a130trans4.html, accessed June 9, 2006. OMB Circular A-130’s subject is management of federal information resources.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 144
Social Security Administration Electronic Service Provision: A Strategic Assessment D Overview of Selected Legislation Pertaining to E-Government The highest level of federal e-government policymaking is public law. Although some of the public law reviewed below predates the concept of e-government, these pieces of legislation are nonetheless still in place. The overview proceeds generally from broader to more specific information policy and, where possible, links public law to government-wide policy. THE PAPERWORK REDUCTION ACT OF 1995 The Paperwork Reduction Act (PRA; Public Law 96-511) was originally enacted 1980 as an outgrowth of the 1977 report of the U.S. Commission on Federal Paperwork. The original act recognized the economic cost of the federal government’s imposing of paperwork burdens on the public and laid the groundwork for the creation of the Office of Information and Regulatory Affairs (OIRA) in the Office of Management and Budget (OMB) to manage federal information policy centrally. Over time, the PRA has been amended (i.e., in 1986 and 1995) and has resulted in related updates to OMB Circular A-130.1 It is the PRA that compels federal agencies to get an OMB clearance number on information collections (including such things as forms, surveys, and regulations that require 1 See Executive Office of the President, Office of Management and Budget (OMB), OMB Circular No. A-130 Revised, available at http://www.whitehouse.gov/omb/circulars/a130/a130trans4.html, accessed June 9, 2006. OMB Circular A-130’s subject is management of federal information resources.

OCR for page 144
Social Security Administration Electronic Service Provision: A Strategic Assessment reporting) and for OMB to aggregate the amount of burden that federal agencies impose on the public annually through the Information Collection Budget. This landmark legislation also had practical implications for agencies, as it forced them to manage information collection as a resource much like they did financial and human resources. THE INFORMATION TECHNOLOGY REFORM ACT In many ways, the Information Technology Reform Act (Public Law 104-106; also known as the Clinger-Cohen Act)2 provided some of the early underpinnings for the e-government movement by requiring agencies to elevate the position of “Senior Official for Information Resources Management” to that of “Chief Information Officer” (CIO). This law recognized the strategic importance of technology in meeting agency objectives, giving the CIO in a federal agency a prominent position that is supposed to report directly to the head of the agency. Consistent with this view, the act created the expectation that agency investments in IT would be evaluated on the basis of the attainment of goals and objectives laid out in agency strategic and tactical plans. THE PRIVACY ACT OF 1974 Although it is likely the oldest piece of federal information policy that shapes e-government implementation, the Privacy Act of 1974 (Public Law 93-579, as amended)3 remains quite influential. The Privacy Act is built on the fair information principles outlined by the then-Department of Health, Education and Welfare’s policy4 to provide citizens with insight into their government’s stewardship of what the act defines as “sensitive information.”5 Sensitive information includes “information, the loss, misuse, or unauthorized access to or modification of, which could adversely affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled under … the Privacy Act.”6 To 2 See http://www.cio.gov/Documents/it_management_reform_act_Feb_1996.html, accessed June 20, 2007. See also S.H. Holden and P. Hernon, “An Executive Branch Perspective on Managing Information Resources,” pp. 83-104 in P. Hernon, C.R. McClure, and H.C. Relyea, Eds., Federal Information Policies in the 1990’s: Views and Perspectives, Norwood, N.J.: Ablex Publishing, 1996. 3 See http://www.usdoj.gov/foia/privstat.htm, accessed June 20, 2007. 4 See Department of Health, Education, and Welfare Secretary’s Advisory Committee on Automated Personal Data Systems, Records, Computers and the Rights of Citizens, Cambridge, Mass.: MIT Press, 1973. 5 P.M. Regan, Legislating Privacy: Technology, Social Values, and Public Policy, Chapel Hill, N.C.: University of North Carolina Press, 1995. 6 See http://www.atis.org/tg2k/_sensitive_information.html, accessed June 20, 2007.

OCR for page 144
Social Security Administration Electronic Service Provision: A Strategic Assessment the extent that federal agencies maintain “systems of records” in which it is possible to organize, index, or retrieve the information about a citizen by unique identifier (typically a Social Security number), an agency must post public notice of how the data will be used through a “routine use notice.” If any agency wishes to disclose such sensitive data to a third party, the subject of the information must provide consent to such disclosure. For agencies that are receiving or exchanging sensitive information about an individual, which is typical for most e-government transactions, they must take steps to comply with the Privacy Act. Appendix I of OMB Circular A-130 provides the more detailed requirements for agencies to follow when complying with the Privacy Act. OMB has issued some privacy-related policy pertaining to the use of “cookies” on federal Web sites that grows, in part, out of some of the philosophies of the Privacy Act. OMB issued Memorandum 00-13,7 which sought to severely limit (and some believe prevent) agencies from using “persistent cookies” that track “the activities of users over time and across different web sites.” The memorandum stipulates that federal Web sites should not use persistent cookies unless agencies can meet the following four conditions: The site gives clear and conspicuous notice; There is a compelling need to gather the data on the site; There are appropriate and publicly disclosed privacy safeguards for handling any information derived from the cookies; and The agency head gives personal approval for the use.8 THE FEDERAL INFORMATION SECURITY MANAGEMENT ACT OF 2002 The Federal Information Security Management Act of 2002 (FISMA; Title III of Public Law 107-347) has superseded the Computer Security Act of 1987. FISMA provides the analytical framework for agencies to assess risk and then to mitigate identified risks for “sensitive information” in federal information systems. In this context, FISMA includes systems that are not national security systems but that contain sensitive information. The following quote from FISMA provides the high-level risk-based security guide for agency decision making in this area. The act states 7 OMB Memorandum 00-13’s subject is privacy policies and data collection on federal Web sites. It is available at http://www.whitehouse.gov/omb/memoranda/m00-13.html, accessed April 14, 2007. 8 OMB Memorandum 00-13, available at http://www.whitehouse.gov/omb/memoranda/m00-13.html, accessed April 14, 2007.

OCR for page 144
Social Security Administration Electronic Service Provision: A Strategic Assessment that agencies shall “identify and provide information security protections commensurate with the risk and magnitude of the harm resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of …” information or information systems maintained by federal agencies or by organizations on behalf of federal agencies. Explicitly in the law, agencies are expected to pursue the goals of the legislation with a cost-effectiveness standard in mind by “implementing policies and procedures to cost-effectively reduce risks to an acceptable level….”9 Appendix III of OMB Circular A-130 provides the more detailed requirements for agency compliance with FISMA. THE GOVERNMENT PAPERWORK ELIMINATION ACT OF 1998 The law likely to have provided the most impetus to federal agency e-government efforts was the Government Paperwork Elimination Act of 1998 (Title XVII of Public Law 105-277). It required that individuals or entities that deal with the agencies have the option of submitting information or transacting with the agency electronically by October 2003. It was intended to serve as a transition point from traditional paper-based government and governance at the federal level to the emerging ideals of e-government.10 Besides setting this target date for agencies to enable electronic information and transactions, it also defined and established the legal sufficiency of electronic signatures necessary for agencies to move away from “wet” signatures on paper. What the law did not do was to specify particular technologies to implement electronic signatures. Instead, the law and subsequent OMB policy11 was technology neutral, giving agencies wide discretion to match the needs of their technical solutions to the capabilities of their user base and risk mitigation that agency desired.12 9 See http://csrc.nist.gov/policies/FISMA-final.pdf, accessed June 20, 2007. 10 Office of Management and Budget, “Implementation of the Government Paperwork Elimination Act,” available at http://www.whitehouse.gov/omb/fedreg/gpea2.html, accessed April 14, 2007. 11 Office of Management and Budget, Dec. 16, 2003, “E-Authentication Guidance for Federal Agencies,” available at http://www.whitehouse.gov/omb/memoranda/fy04/m04-04.pdf, accessed April 14, 2007. 12 S.H. Holden, “Electronic Authentication Initiatives in the IRS E-File Program: Enabling E-Government Through Electronic Signatures,” pp. 984-985 in M. Khosrowpour, Ed., Issues and Trends of Information Technology Management in Contemporary Organizations, Hershey, Pa.: Idea Group, 2002.

OCR for page 144
Social Security Administration Electronic Service Provision: A Strategic Assessment THE E-GOVERNMENT ACT OF 2002 The E-Government Act of 2002 (Public Law 107-347) and the federal government’s strategic plan for e-government provide further impetus for e-government initiatives. The law reaffirmed the federal mandate for e-government by codifying the creation of the associate director for IT and e-government in OMB. It also imposed new annual reporting requirements for OMB to inform Congress of progress toward meeting the goals of the act. Recognizing the need to address public concerns about privacy and e-government adoption, the law required agencies to conduct Privacy Impact Assessments to make privacy considerations more explicit in the development of e-government systems.13 13 S.H. Holden and L.I. Millett, “Authentication, Privacy, and the Federal E-Government,” The Information Society 21(5):367-377.