Cover Image

Not for Sale



View/Hide Left Panel
Click for next page ( 50


The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 49
49 managing this information. In addition, state law may applicable exemptions are mandatory or permissive.481 require that public records be designed to facilitate seg- The question of how to release such information to per- regation to the extent practicable. Such requirements sons with a need to know, subject to limitations, is dis- may support an approach of not scattering security in- cussed below under V.C, Procedures for Maintaining formation throughout the documentation (assuming Contract Records Containing CII/SSI/Restricted Secu- security information cannot be kept out of procurement rity Information. documentation altogether). The drafting of bid specifications and other contract 1. Determining When Disclosure Threatens Public documents is a very good place to apply the "need to Security482 know" concept by asking: Is there a compelling need to The very existence of security measures is often pub- include SSI/Restricted Security Information in the lic, while the operational details of the measures are documents? For example, if bid documents related to a not.483 For example, if a transit agency purchases closed security project themselves only specify security pa- circuit security cameras for buses, the existence of those rameters--which are disclosable--as opposed to de- cameras is likely to be readily apparent. If so, disclosing tailed operations requirements, 478 those bid documents information about a contract to purchase readily dis- can be made available for the same public inspection as cernible security cameras is not likely to threaten pub- bid documents that have no relation to security. This lic security. On the other hand, details of enhancements approach requires making any SSI/restricted security to those cameras, not readily apparent from observing information needed for bid response available to bidders the cameras in place, may not be publicly announced. separately, presumably under properly controlled cir- Disclosing information about commercially available cumstances. However, the practicability of keeping such security systems, commercially available system effec- information entirely out of contract documents will tiveness data, and accepted construction techniques is vary, largely depending on the particular procurement not likely to threaten public security, while disclosing at issue, and to some extent on the tracking capabilities unique information about methods to defeat those secu- of the agency's procurement process. Alternatively, SSI rity systems could assist persons seeking to attack the may be included in an appendix, which can be redacted systems. Even information identifying critical system 479 from public records requests. elements is not likely to threaten public security if the It is important that the personnel structuring pro- equipment is readily observable to the public. curement documents understand these security issues. The distinction between existence/parameters (dis- The authors of the Security and Emergency Prepared- closable) and details of execution (sensitive) is critical in ness Planning Guide, supra, recommend that the classifying information. For example, the release of ge- agency security manager have authority in overseeing neric security criteria is not likely to threaten public security issues in the procurement process.480 security, while releasing site-specific information gen- erated from such criteria could be harmful. Similarly, B. Deciding Whether Information Should Be releasing information about the general location of se- Disclosed curity projects is not likely to result in harm, while re- Information that has been classified as SSI should vealing explicit details or capabilities could threaten not be disclosed to the public under state public records public security. This is analogous to notice require- acts. However, circumstances may change over time so ments in the Fourth Amendment context, where that information originally classified as SSI may no requirements for conducting random searches must be longer merit that classification when a particular re- disclosed, but not the manner in which the government quest is made. Restricted security information may or will attempt to ensure that search requirements are not 484 may not be exempt from disclosure, depending on state violated. law. When a transit agency official considers a request State requirements for disclosing the results of for information in either category, the deciding official bridge inspections illustrate the possible differences in must consider whether 1) the requested information is covered by an exemption from disclosure requirements; 481 2) if covered, the official has the discretion to disclose Maryland, for example, has both mandatory and discre- the information; and 3) if the discretion exists, whether tionary exemptions, www.oag.state.md.us/Opengov/ChapterIII.pdf. it should be exercised. In the case of information cov- 482 ered solely by state law, this will depend on whether TRANSTECH MANAGEMENT, INC., supra note 1, at 34. 483 E.g., New Jersey purchase of buses with closed-circuit camera systems, enhancing Newark Penn Station: Jan. 23, 478 E.g., Blank TSA vulnerability checklist is considered dis- 2007, Minutes of NJ Transit Board of Directors meeting, at 6, closable. It does not become SSI until it has been completed www.njtransit.com/pdf/Jan%2023%202007.pdf with specific information. (accessed Feb. 28, 2009); Michael Fickes, Preventing Mass 479 CHANDLER, SUTHERLAND, & ELDREDGE, supra note 164, Transit Terror Attacks, GOVERNMENT SECURITY MAGAZINE, at 5. Oct. 1, 2005 (describing security measures taken by NYMTA), 480 BALOG, BOYD, & CATON, supra note 1, at 2526 (2003), http://govtsecurity.com/transportation_security/preventing_ma http://transit- ss_transit/ (accessed Feb. 28, 2009). 484 safety.volpe.dot.gov/publications/security/PlanningGuide.pdf. See, e.g., WAITE, supra note 10, at 23.