It’s 2008, Do You Know Where Your Information Is? National Information Security Policies in Comparative Perspective.

There is an inherent tension in policymaking in deciding how much information governments should make available to citizens. In democracies, the tendency has been to release more. Authoritarian societies tend to exert greater control over what types of information are released. There are numerous options in between. John Street describes three models which help us understand this spectrum of tensions between politics and technology: 1) autonomous technology, 2) technological determinism and 3) the political choice model of technology. His approach is to explain how the political process has an impact on the development of technology. This paper extends his original models and evaluates their application to the question of how these processes impact information security-related policy.When dealing with information, the debate often lies at the extremes: one side claims that government, even in an open society, has the right to limit the release of information as it sees fit. The other side claims that government has the obligation, especially in an open society, to release information to the public in all but the most sensitive of national security matters. The types of policies that limit or release information are sometimes referred to as Information Security Policies. Our research questions are: What types of information do governments control through its policies? Under what circumstances and with what arguments? This paper will determine what policies are in place, in open societies, to protect and manage the release of sensitive information. These policies fall generally into two categories: 1) those dealing with generally sensitive and private information like medical records or pension benefits; and 2) those dealing with information that has been deemed important to secure for reasons of “national security,” such as the locations/blueprints of nuclear power plants or intelligence gathering operations.We will analyze these policies and programs by compiling a data set of proposed and existing national level information security policies from various types of governments around the world. We are ultimately interested in correlating which countries release or limit which types of information and analyzing the policy content to better understand levels of control or transparency. The conclusion will apply Street’s models to the data to ascertain what might best explain any correlations that we find. ..PAT.-Unpublished Manuscript [ABSTRACT FROM AUTHOR]