banks contains provisions requiring computing firms to report on the nature and use of their data to desig nated authorities. ADAPSO urges its industry and the government to provide the public with more information about the issues and costs involved in policing the thousands of computer systems maintaining and transmitting personal data.

Other Economic Considerations

The building and maintenance of a broadly covered, universal computerized data bank is very costly. There is a market for this kind of information, but this market must provide enough economic incentive to justify the huge on-going costs of maintenance. Because of this cost factor, it would not be possible for a commercial, computerized data bank to secretly exist that held current information about a sizeable percentage of the population. ADAPSO believes that these cost factors, along with new regulations defining ownership of personal data, would sufficiently limit proliferation of this data. On the other hand, the cost of a government bureaucracy required to protect against commercial computer data banks that target specific groups or classes of individuals would be considerable. Indeed, the size of this bureaucracy would not be restricted by the balance of costs in the marketplace, and the economic impact on the thousands of small, independent data processing service companies who would be

required to feed the bureaucracy up-to-date information on their mailing lists, accounts receivable files, and the like, would be disastrous for the industry.

Efforts to Standardize Personal Data

There are government agencies urging the standardization of codes for personal identification, location, time, personal characteristics, and medical and physical status descriptors.

It is obvious that universally applied codes in these areas would aid in the accumulation and interchange of meaningful personal data, and would reduce the cost of building a data bank. However, the key code necessary to concentrate personal data from several sources is some universally accepted system of linking this coded data to an individual. The pragmatic computer systems designer will specify Social Security number as this identifier unless the public is aware of the dangers of the universal use of the number as a key to personal and private data. It must be apparent that the computer systems designer in industry is only following the lead of the computer systems designer in most government agencies where Social Security number has really become Federal Identification Number. ADAPSO recommends that government and industry efforts to standardize the encoding of personal data descriptors for the purpose of information interchange include the question of personal data ownership.

While I wholeheartedly support the need for coherent legislation, technical guidelines, and improved hardware and software mechanisms for handling privacy and security in computer systems, I submit that we are remiss if we do not take some time in a series of conferences on Privacy and Security to talk about the true role of people not just people as "passwords," "inquirers," or "authorized personnel." I mean, in par ticular, the information processing professional and his organizations. Congressman Jack Brooks alerted us to the fact that when we deal with complex computer bases systems, no legislative action can be effective without the corresponding technological advances to support legislative efforts-and I add that no technological advance is effective without a sense of profes sional responsibility among the people involved.

I was surprised in reviewing the proceedings of our earlier conference that no one identified the role of the "professional" as such. Yet at that meeting almost all of the participants probably belonged to one or more

professional societies in information processing or closely allied fields. I am sure that many of you here today are members of at least one of the thirteen Constituent Societies that form the American Federation of Information Processing Societies, Inc. What might be our chagrin is that this meeting is not held under our sponsorship, or that of one of our Societies, is mitigated by the thought that former conferences and workshops sponsored by the Societies have done much to stimulate and focus the interest in privacy matters that exists in government today. Probably the first serious statement of the problem, along with a suggested remedy was Paul Baran's paper Communica tions, Computers and People at the 1965 Fall Joint Computer Conference. Other landmark papers are to be found in the Proceedings of subsequent Joint Computer Conferences.

Let us then look at the role that the professional plays as a part of the problem and as part of the solution. Certainly it is easy to demonstrate that the

professional is central to all aspects of the privacy problem.

As a consumer-The authorized recipient of output and the supplier of input-who, in the higher echelons at least, should be concerned about what is "proper" and "useful." These customers are often members of the formal professional societies such as the American Institute of Certified Public Accountants, the American Medical Association, the American Bar Association. The fact that such user oriented societies have specialized subgroups to deal with computer based information systems is recognition of this role.

• As a producer-The systems analyst and the application programmer are the backbone of the membership in the Constituent Societies of our American Federation of Information Processing Societies.

As a servicer-certainly in the classic sense of the systems programmer, but also in the ancillary function of operations, there is a growing association at the management level, at least, with the professional societies operating in this field.

And finally, I regret to say,

As an intruder-The evidence already presented points out that the unauthorized entrant to data systems is not uneducated or untrained. He may be the most "professional" of the professionals. Since few of our professional societies have taken steps to act on cases of malfeasance, we may assume there are intruders in the ranks.

Surely then there is a close interaction between the professional in information processing and problems dealing with privacy and security. If we approach the problem through people-professional people-we should ask the question what are the steps that have been taken or can be taken, to solve the problems that in the end effect all of us? But first a caution: If the thesis is to promote professionalism to solve all our problems, we may be in trouble. If professionalism equates to Godliness, we may end up as zealots without solving the real problems of the world. I trust none of us will take such a cavalier attitude for there are real contributions that have been made by the professional societies in data processing. The critical question is, "Are we doing enough?"

Over simplifying the purpose of a professional society, let us describe its two major functions as protection and promotion through education. Both of the terms, protection and promotion are used broadly. They cover not only the professional himself but they refer to a number of audiences or groups and the various interfaces between these groups. I shall try to identify some of these elements with particular reference to the problems of privacy and security.

The AFIPS interest in these questions which had surfaced at all of the Joint Computer Conferences in the late sixties was brought into sharp focus with a Roundtable Meeting chaired by the Honorable Willard

Wirtz in January 1970. Although it covered the larger question of "Professionalism in the Computer Field," the same concerns that bring us together today, were present then. They said, "The general public is coming to recognize that larger data bases pose threats to privacy. With large amounts of sensitive data in a data base, the competence and ethics of the persons who design and operate such systems become vital." In attacking the problem, four groups or publics were identified as requiring protection. These were (1) The "general public," (2) the "consumers of computer products and services," (3) the "employers of computer people" and (4) the "employees" themselves. In each case the degree and type of protection is different.

It is the protection of the general public welfare that provides the real motivation for our interest in privacy today. The protection of the other three groups may offer solutions to these same problems. The techniques that may be employed include the classic response mechanisms of professionals who have banded together to form the professional society. They include certification, licensing, accreditation and codes of ethics. I submit that all of these techniques can provide assistance in solving the problems that we now face.

The role of certification—an affirmation by a governmental or private organization that an individual has met certain qualifications-can be a strong influence on the field. But certification demands standards; a priori standards of knowledge and performance are necessary to attest to and maintain competence. Then there can follow the recognition and codification of "commonly accepted practice" that do much to stabilize a profession.

There are, of course, very complex problems that surround certification. The approach that is now being implemented by our professional societies is the estab lishment of The Institute for the Certification of Computer Professionals. This organization is investigating all aspects of the problem of certification. AFIPS for its part has developed all aspects of the problem of certification. AFIPS for its part has developed what it hopes wil be a definitive set of job descriptors and skills for the computer programmer. This is meant to be a set of meaningful descriptions of tasks and skills that will find sufficiently universal use to give rise to at least de facto standards. This material will be used in turn by the ICCP to study the problem of training and certification.

Simultaneously with this project AFIPS has carried on a second effort. This effort also had its genesis in the same area of certification. The concept is one of systems certification. It asserts that it might be possible to certify that a system, particularly a system in which the public had a third party interest, met the proposed specifications. In subsequent workshops the leaders came to the conclusion that it was currently impossible to define the necessary standards for systems certification and that it was difficult even to specify

1 Professionalism in the Computer Field, 1970, AFIPS Press, 210 Summit Ave., Montvale, N.J. 07645.

preferred practices. Further discussions led AFIPS to set up a Systems Improvement Committee to explore what approaches might be taken toward developing professional solutions to the problems caused by maldesign or malfunction of computer based information systems.

To date, the committee has attempted to pinpoint questions which should be asked by any manager as he attempts to decide whether or not his systems are well designed and will perform in the desired way.

Work is now nearing completion on a manual covering privacy and security. This is the first of an intended series of Systems Review Manuals. It will be field tested and published in 1974 by AFIPS Press.

AFIPS attaches a great deal of importance to this effort. While emphasis is focused on the civil, public supported, and private systems whose maldesign could have an adverse impact on society or on individuals, the same type of critical review-pointed toward correction rather than cure is required for all major information systems.

I believe these examples are indicative of the increased interest that professional societies have displayed in formal "Professionalism." It should also be noted that AFIPS has recently amended its Constitution to incorporate the improvement of professional standards and practices as a requirement for constituent membership. A committee headed by Donn B. Parker has been appointed to implement an active program. Some of our Constituent Societies have recently passed codes of ethics and rules of conduct. All of these actions are part of the historic pattern. that a discipline must take if it expects to develop competent technical performance and ethical behavior.

Unfortunately it is not easy to fit all of information processing into the classical mold. While the essential criterion expertise is required, it usually has not been obtained through a prolonged period of generalized formal training and a period of practical apprenticeship or practice to perfect the accompanying skills. There is, in fact, no common curriculum, no univer sally accepted body of knowledge, nor any performance standards. There are compelling reasons to argue that we should never expect to reach such a steady state. The field is changing too fast! We have tapped too many other fields for talent. As a result we have ended with a young, bright, versatile, and aggressive set of individuals-all challenged by the computer and its application to the real world's problems-but somewhat prone at times to see if they could break the operating system, "just because it's there."

The other part of the challenge is the promotion of professional objectives through education. In the technical aspects, no one can fault the excellent educational job the societies have done through their publications, conferences and workshops. Their members share experience, help educate newcomers to the field and make

it possible for the individual who is motivated to engage in continuing self education.

It should be noted that through these procedures, many of the mechanisms that are required for secure systems operations are already in place. If not, the hardware and software needed to do the job can easily be produced, once the specifications for security and confidentiality have been set by the public or by its authorized representatives. I believe that this is a critical question before us today-what do we want? Or rather, what does the public want? Certainly, in theory at least, the public should not oppose the collection of factual information and the efficient storage and retrieval of this information by a modern computer based system. On the other hand, the concern that follows the exposé of the abuse and exploitation of large data bases under time sharing networks should have been equally predictable. Studies have shown that every instance of computer abuse has its counterparts in an existing manual system. All of these facts pointed out deficiencies in the educational process. Anticipation of this should help bridge the interface between the consumers of computer products and the general public on one hand, and the suppliers and professionals in data processing, on the other.

What is needed is a continuing plan of education for both the general public and the professional. Professional societies should plan an educational program of bold and imaginative dimensions that will bring the challenges of data processing into true prospective. It is unfortunate that much of the interest in privacy and security comes on with negative overtones. It would be equally unfortunate, of course, if the professional did not warn the general public of the pitfalls and social costs of a proposed system.

Just as real is the need for education within the professional ranks. A recent study of programmer's attitudes shows a fantastic difference in understanding among the professionals over legal matters involving the use of the programs of others (including proprietary programs), unauthorized use of a time sharing system, and other questionable practices. Here, open discussion and education would do much to clarify the

situation.

I am optimistic that these conferences on privacy and security will do much to develop understanding among professionals and the legislators. Hopefully, it will be done with the approval and understanding of the general public. If this does not happen we shall all lose.

In a larger sense I hope that the discussions that we have had here, will serve as a practicum for the professional society. What has happened in this area can happen in other types of applications of computerized systems. It behooves the professional and his society to think and act as professionals.

The Data Processing Management Association is the largest management-oriented professional society in the field of information processing. As managers, the more than twenty-thousand members of DPMA are very much "people-oriented," and not exclusively "technically-oriented."

As managers of data processing installations, DPMA members have perhaps a greater opportunity to see, on a day to day basis, some of the privacy and security problems which are being discussed during this Conference. DPMA members, being responsible for the implementation of whatever laws and/or regulations may eventually result from the rapidly increasing interest in protecting citizens' rights to privacy, are dedicated to finding a workable solution.

Individually and collectively, the members of the Data Processing Management Association are vitally interested, both as professionals and as individuals, in assuring that the rights of privacy of all Americans are fully and permanently protected. There is concern, however, that in the post-Watergate mood of today, that there may be those who feel that their primary mission is to emasculate what they regard as the "monstercomputer."

The end result of Conferences, like this one, or future legislation and regulations, must be both practical and workable... safeguards which will protect without crippling business and Government. Hastify drafted procedures or laws based on fear of the "Big Brother" syndrome will surely be as onerous as the ill they seek to rectify.

In my opinion, the Bagley Bill recently introduced in the California State Assembly (as the "Computer Crime Prevention Act of 1973"), is an example of the type of "overkill" we hope can be avoided. While its purpose is laudable, and many of its provisions are highly desirable, one questions whether other requirements of the proposed Act would, in fact, defeat the entire purpose of computer utilization.

As stated by the manager of a major California County Data Processing department, the bill would "penalize organizations wishing to take advantage of the benefits of automation, thus discouraging the desirable use of computers and depriving the public of the cost savings to be realized from computerization." And, why should data stored in computers be subjected to restrictive regulations not also applied to records stored in manual systems? Shouldn't "obsolete data" be purged from file cabinets, too?

In his statement on The American Right to Privacy, President Nixon quoted from the Federalist Papers

wherein James Madison declared that government has "twin duties" to "secure the public good" while "securing the citizens' "private rights." Inherent in this quotation is recognition of the need for balance between the two-neither should be regarded as more important than the other.

It is this delicate balance that DPMA feels must be kept in the forefront. We agree with the President's statement that "it is becoming much easier for recordkeeping systems to affect people than for people to affect record-keeping systems"... and further endorse Mr. Nixon's action to seek ways to assure that people dominate the machines, rather than awakening some dark morning in an Orwelian world.

Again quoting from Mr. Nixon's February 23 address, he stated that "At no time in the past has our Government known so much about so many of its individual citizens. This new knowledge brings with it an awesome potential for harm as well as goodand an equally awesome responsibility on those who have that knowledge." I would add that not only does government know more about all of us than ever before... so now does the business world.

It is "the awesome responsibility" referred to by the President that most concerns DPMA. The equipment manufacturers will provide the hardware and modified architecture to protect the physical data and the computer center. . . others will focus on the design of "secure software" which will help reduce risk of unauthorized utilization of information in the computer. But let us all remember that it is the user who must implement the systems, comply with the safeguards, and assure that all new requirements are being met.

Both as professional data processors and as citizens, the members of the Data Processing Management Association will support a positive approach to the privacy issue. Indeed, so will the thousands of members who make up the dozens of other computer-related organizations represented here this morning. It is imperative, however, that members of all these groups-not just DPMA-get involved now in helping to draft and test the new procedures and operational concepts which will be required to make the result practical instead of foolishly idealistic.

In closing, I am happy to report that DPMA's governing body will consider at its meeting next week, a newly drafted "Standards of Ethical Professional Practice Regarding Individuals' Rights of Privacy." Recognizing that codes of practice are merely words on paper unless adhered to, we feel nonetheless that this one small step is better than none at all. These standards were drafted by Mr. Robert Marrigan, CDP,

DPMA International Vice President for Government. Relations, who is attending this Conference. I would like to share these standards with all of you:

The members of the Data Processing Management Association, recognize their responsibility to:

1. Continuously strive to honor the rights to privacy of all individuals by using the information provided for their use only in the manner for which it was obtained and intended;

2. Uphold the responsibility of trust, implicit with their professional status, by maintaining the confidentiality of data entrusted to their care;

3. Avoid using information of a confidential nature to further their own personal interests;

4. Attempt to remove any misleading or inaccurate data associated with any individual, immediately upon learning that its current status is in error.

Granted, these are but words on paper . . . and in fact, have not yet been adopted. We hope, however, that they can be considered as a sort of Hippocratic Oath for Professional Data Processors who recognize their obligation to protect the citizens of this nation. We obviously see the need for stronger more effective rules, laws and procedures, but hope that a balance. will be maintained to assure what many have called the greatest business development of all time—the computer-will not be reduced to piles of rubble, unable to help because it's been rendered powerless to harm.

To quote another American President . . . “Come, let us reason together" and let computer users, technicians, government agencies, and citizen representatives all sit down calmly and cut a path through the looming morass of laws and regulations which could harm as well as help.

Mr. Thomas.

This meeting and the conference last November focus. upon the need to bring additional understanding to the complex issues of privacy, confidentiality, and security, particularly as they relate to computer systems. Bob Courtney, the next speaker, and I appreciate this op portunity to discuss some of the areas in which IBM is active to help in the resolution of these problems.

As a manufacturer of computer systems we recognize our responsibility to assist our customers in achieving the data security they require. To offer systems, products, services and counsel that clearly contribute to the solution of data security problems.

Our earliest activities in the security area were prompted, frankly, more by our customers' need to secure certain business information than "privacy" motivations. Historically, customers have expressed a strong desire for broader and easier access to systems, and a relatively low level of demand for data security. Today the demand is somewhat greater and a variety of security techniques and capabilities are available to provide a level of security commensurate with the riskcost trade-offs most desire. But the demand from customers for computer security features still ranks below other considerations such as price, performance and other special capabilities.

It is our feeling the awareness and identification of the needs of security will increase in the future, and demand for product features and systems solutions will grow considerably. And although certain tools and techniques are available today, we feel it would be

wrong for the industry to wait until that demand becomes pressing before taking the necessary steps to meet the problem.

As many of you know, at the 1972 Spring Joint Computer Conference, T. Vincent Learson, then Chairman of the IBM Board committed IBM to a significant investment in the study of the requirements of data security and for further development of appropriate safeguards for IBM products. For example, the cryptographic techniques included in the cash issuing termi nals of our recently announced finance communications system.

Another part of that investment has gone into a two-year joint study begun in 1972 with MIT, the State of Illinois and TRW; each giving special emphasis to a particular aspect of data security. We plan to publish the results of these study site efforts by the spring of this year. We do not expect significant technological breakthroughs; however, the results evaluate several key factors in data security protection and identify requirements for secure systems. Further, they confirm the belief, that an effective security system must include the total environment: physical and procedural safeguards as well as those provided by hardware and software. Results are based upon actual experience with the Resource Security System and include observations and recommendations relative to identification, authorization, journaling and programming system integrity. The understanding gained on data security as a result of this work will be placed in the public domain. While only some of the pressing data