C.1.3
Information Storage

To be used subsequent to collection, information must be stored in some information repository, often an electronic database. The storage mechanism must maintain the data quality, reliability, and accuracy while ensuring operational characteristics such as robustness to failure and scalability to accommodate both data and processing volumes. In addition, since information systems have vulnerabilities and are subject to threats, appropriate data stewardship must be enforced.

Whereas banks and telecommunications companies rate highest in information protection, many industries and the government in particular rate considerably lower. Increasingly, laws or regulations govern the storage and management of information both at rest (i.e., on a storage device) and in motion (i.e., as it traverses communications networks), thus mandating improvements in data stewardship. For example, regulations requiring the encryption of information on a detachable storage medium or transmitted through a communications channel can be used to protect information in transit and at rest.

C.1.4
Information Analysis and Use

The step of information analysis and use involves the use of the program during its operational lifetime to deliver the services defined in the purpose and the rational basis and tested in the experimental basis. As with information storage, information processing must meet operational requirements such as robustness and scalability. As stated in the committee’s proposed framework (see Chapter 2) and others, a program must be used solely as defined in the approved purpose and rational basis (i.e., requirements).

Additional uses must be reviewed and approved as an extension to the approved purpose. For example, if a law enforcement program were applied to counterterrorism, that new use should be reviewed under the relevant laws and regulations. Unfortunately, unless protected by a privacy policy, commercial information systems are often used for purposes unanticipated by customers, e.g., customers receiving marketing and promotional material unrelated to the ticket that they purchased from an airline. In approving additional uses of information, one need not specify the precise method of analysis, since that is often difficult to anticipate—only the general purpose to which the information will be directed needs to be specified.

C.1.5
Information Sharing

A major counterterrorism theme that has emerged since September 11 (9/11) is the notion of information sharing—that U.S. counterterrorist



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement