National Bureau of Standards Special Publication 404 U.S. GOVERNMENT PRINTING OFFICE For sale by the Superintendent of Documents, U.S. Government Printing Office, Washington, D.C. 20402 (Order by SD Catalog No. C13.10:404). Price $1.20 Foreword This second conference on Privacy and Security in Computer Systems completes the initial step in what we hope will be a continuing process whereby all responsible and interested groups will work cooperatively in dealing with the complex issues of privacy and data confidentiality. The National Bureau of Standards is grateful to all those who responded to this opportunity for identifying governmental needs for safeguarding personal and valuable information and suggesting approaches for meeting these needs. We are especially heartened by the broad spectrum of organizations who participated in these conferences: legislators, governmental agencies at the Federal, State and local levels, public interest groups, the computer industry, professional associations and societies, universities, trade associations, and individual citizens. We believe this demonstration of interest on the part of so many persons and organizations indicates not only a deep concern for the problems of privacy and data confidentiality, but also the promise of accelerated attention to the development of sound legislative policies, administrative procedures and technological safeguards by which these problems can be resolved. RUTH M. DAVIS Institute for Computer Abstract This publication summarizes and contains the proceedings of a conference held at the National Bureau of Standards on March 4-5, 1974 to continue the dialog in search of ways to protect confidential information in computer systems. Proposals are presented for meeting governmental needs in safeguarding individual privacy and data confidentiality that were identified at a conference held in November 1973. Among the proposals are the enactment of privacy legislation, improved computer system architecture and access controls, information and security management guidelines and the development of a systematic, balanced approach to system security. The proposals were presented by legislators, citizens, computer industry associations and companies, professional societies, and public interest groups. Key words: Computer systems; confidentiality; privacy; privacy and security; security. A Call for Non-Proprietary Security Systems: August C. W. Biddle The Views of the Association of Data Processing Service Organizations: Access Controls in Burroughs Large Systems: Harvey W. Bingham Systems Architecture for Security and Protection: James P. Anderson Pragmatic Approaches to Software Security: Richard L. Caplan INFORMATION AND SECURITY MANAGEMENT Joseph F. Cunningham, Chairman of Panel Risk Analysis in Planning for Physical Security: Robert V. Jacobson The Medical Patient's Right to Privacy: Lois A. Bowden Confidentiality of the Medical Record: Margaret Beard Model Legislation: Brian Backus On Information Files and People: Mark P. Kriger The Need for Privacy Legislation: Robert H. Long The Administrative Burdens of Privacy Legislation: Edwin I. Golding |