DHS to keep an eye on access to IT systems
DHS to create a database of employees, contractors, and consultants with access to DHS computer systems; database will contain names, business affiliations, positions, phone numbers, citizenship, home addresses, e-mail addresses, access records, date and time of access, logs of Internet activity, and Internet protocol address of access
Government employees, contractors, and consultants
with access to DHS computer systems are among those whose names and personal
information will be kept in a newly created database, according to a notice posted in the
Federal Register. Washington Technology’s Alice Lipowicz writes that the General Information Technology Access Account Records System (GITAARS)
will collect and store information on everyone with regular access to
departmental IT systems. Use and distribution of the GITAARS system of records
is to be regulated by the Privacy Act of 1984. Public comments on the proposed
database are due by 16 June. The database will contain names, business
affiliations, positions, phone numbers, citizenship, home addresses, e-mail
addresses, access records, date and time of access, logs of Internet activity,
and Internet protocol address of access. The information will be shared
routinely with other government agencies for purposes such as workforce surveys
in addition to auditing and oversight. In some cases, DHS will provide additional
information, the notice stated. “In some cases DHS must provide … other
information such as: occupation group/family, organization, supervisory status,
grade, work role, duty station, series, pay plan, service in government,
highest level of education, years of professional service, years of service in
government, projected retirement, position title, work phone number and work
address,” the notice said. The department also proposed routinely sharing
business contact information available in the database and information that
might relate to an investigation of identity theft.
In a separate Federal Register notice, the Office
of Intelligence and Analysis at DHS intends to create a new Enterprise Records
System to track the investigation of people suspected of terrorist threats and
activity, including threats against critical infrastructure such as key
computer systems. The Bush administration is proposing that the new
intelligence database be exempt — for national security purposes — from most
Privacy Act rules and notifications. The new Enterprise Records System will
apply to persons suspected of being involved in threats, which includes
cyberthreats against critical infrastructure computer systems, according to the
notice. The database covers activities
meant to “identify, create, or exploit” the vulnerabilities of key resources
such as “the cyber and national telecommunications infrastructure and
availability of a viable national security and emergency preparedness
communications infrastructure, ” the notice said. Investigations of people
suspected of financial crimes, including those conducted through identity
theft, computer fraud and computer-based attacks, are also to be included in
the database.
