Taking a FIRM Stand: E-Records and the President's E-Gov/E-Society Directives
February 2, 2000 - Expanded Version of Article for the E-Gov Journal
by Owen Ambur, on behalf of the FIRM Council*

In an apt tribute to the cyberage, President Clinton inaugurated the new millennium with two memoranda - known as the E-Gov and E-Society directives - promoting the use of information technology by Federal agencies. Issued on December 17, 1999, the memoranda direct agency heads to take a number of specific actions to enhance service to the public and the performance of agency missions. Implicit in each of the President's directives is the need to manage electronic records (E-records) effectively.

The Federal Information and Records Managers Council (FIRM) is a voluntary association of Federal records and information management professionals dedicated to enhancing the performance of their agencies on behalf of the U.S. taxpayer. Here are some of the parallels that FIRM has identified between the President's E-Gov directives and the need for effective records management policies, procedures, and systems.

Electronic Government

E-Gov Directive 1 ... promote access to Government information organized not by agency, but by the type of service or information that people may be seeking; the data should be identified and organized in a way that makes it easier for the public to find the information it seeks ...
Through the Blue Pages initiative, efforts are underway to identify government telephone numbers by commonly understood terms in the local, printed directories. However, citizens should also be able to search for E-records using the very same commonly understood terms on the Internet. Links should be grouped for browsing based upon the way that citizens look for information, rather than how bureaucratic boundaries may be drawn among agency offices. Equally importantly, capabilities should be provided for categorical searching across the Web sites and records series of all agencies.

To facilitate that objective, government E-records should be classified, indexed, and made available for online retrieval by a standard set of metadata elements that may be queried over the Internet. In order to obtain records under the Freedom of Information Act (FOIA), citizens are required to "reasonably describe" the records they seek. The metadata that is made available for queries constitutes such a description. Thus, it enables agencies to uphold their obligation to the public while at the same time making information more readily accessible within and across agency work processes. It might be said that metadata specifies what "freedom of information" truly means. Without it, FOIA is little more than lofty rhetoric.

FIRM's E-records Standards Committee is striving to specify the metadata elements by which all records series should be classified, Governmentwide, and thus by which searches could be conducted. The Defense Department's 5015.2 standard already specifies a number of metadata elements that must be provided in order to achieve DoD certification. The standard also provides for the inclusion of additional, user-defined elements. Meanwhile, the American Records Managers Association (ARMA) is compiling suggestions for enhancing the standard, and Australia has proposed a similar set of metadata elements for establishment as an international standard. In cooperation with ARMA and others, FIRM hopes to play an active role in enhancing and fostering the adoption and use of such a standard.

E-Gov Directive 2 ... to the maximum extent possible, make available online, by December 2000, the forms needed for the top 500 Government services used by the public... [and to] make transactions available online ...
Government systems and procedures should be designed not only to provide for real-time transaction processing on the Internet but also to manage and maintain the E-records that are created. Each transaction set should be maintained as an inviolate E-record for the period required to support not only the immediate business process but also audit and historical reference purposes. The identification and processing of E-records for longer-term retention should be accomplished automatically as a by-product of metadata required during the normal course of the routine business process. In addition, standards should be adopted to facilitate the retention/migration of E-records as technology evolves.

The December 2000 deadline established by the President is nearly 3 years earlier than required by the Government Paperwork Elimination Act (GPEA), meaning that agencies should be preparing to manage E-records as rapidly as possible. Indeed, the Electronic Freedom of Information Act Amendments (E-FOIA) require agencies, upon request, to make available by electronic means any record created after October 31, 1996.

If you are a Federal agency manager, do you know where your E-records are? Are they maintained in a system that has been certified to meet the underlying requirements that are applicable to all U.S. federal agencies? Can you provide access to your records in electronic form upon request, as required by E-FOIA? Do you aspire to be among the top 500 providers of Government services? Are you prepared to meet the challenge of public service in the cyberage?

E-Gov Directive 3 ... promote the use of electronic commerce ...
It would be irresponsible to promote E-commerce without ensuring the accuracy, authenticity, and integrity of E-records. To do so would be to invite waste, fraud, and abuse.

Pertinent regulations governing E-records management are set forth in 36 CFR 1234.10(d), (h), and (m) and 1234.20(a), which require agency heads to:

Not only would it be irresponsible to promote E-commerce without managing E-records, but it would be irresponsible to use E-records management systems (ERMSs) that have not been proven to meet the underlying requirements. The DoD 5015.2 standard specifies a baseline set of the legal, logical, and technical requirements that are applicable to all U.S. federal agencies with respect to the management of E-records. The National Archives and Records Administration (NARA) has endorsed the standard for use by all agencies, and DoD is in the process of certifying commercial off-the-shelf (COTS) products that meet the standard. Thus far, 20 COTS applications have achieved certification.

OMB Circular A-119 encourages agencies to use and participate in the development of voluntary consensus standards, including international standards such as Australia's proposal for records management. Raines' Rules require agencies to avoid customized solutions and to use standards-compliant COTS applications whenever possible, even if that means redesigning agency work processes. OMB Circular A-76 suggests that agencies should refrain from engaging in activities that are not inherently governmental in nature. OMB Circular A-123 requires standards for internal controls, including documentation that is promptly recorded, properly classified, and readily available for examination. In Exhibit 300B (Part II.E) to accompany budget requests for information technology projects, OMB Circular A-11 (Part 3, p. 548) requires agencies to:

Could the message be any clearer? Does it need to be? OMB is currently revising Circular A-130, which sets forth guidance on the management of Federal information resources. It's a safe bet that these principles will be reemphasized. No doubt, agencies will be directed yet again to look for opportunities to share costs and benefits through standards-compliant COTS systems meeting business requirements - such as E-records management - that are common across offices and agencies. The proposed revisions to A-130 will be published in the Federal Register for public comment prior to adoption. What will be the result? ... Merely more words? ... Or real, effective action? In the interest of the most productive outcome, comments are encouraged.
E-Gov Directive 4 ... build good privacy practices into ... web sites
Beyond rhetoric and good intentions, privacy requires effective management of records. In particular, E-records must be maintained in ERMSs that provide for controlled access to individual records, including the ability to audit access to and usage of each record. Such requirements are applicable to records that are sensitive for any reason, most notably, for example, national security.

The Clinger-Cohen Act requires agencies to consider the potential to share costs and benefits across offices and applications when designing their information systems. The need to control access is just one of many common requirements that can best be served by using a DoD-certified ERMS. The 5015.2 standard should be enhanced to address more fully the requirements for privacy and national security as well as public access (i.e., E-FOIA). Indeed, at DoD and integrated product/process team (IPT) is already working on enhancements. However, the existing standard is a baseline for the management of all Government E-records. Not only is it a best practice, in effect it is a legal mandate. (Those who may consider it to be an unfunded mandate should take a long hard look at themselves and consider how much of the taxpayers' money they have spent on IT without effectively managing the I created with the T.) The 5015.2 standard is an enabler of continuous improvement, a firm foundation on which to build.

E-Gov Directive 5 ... permit greater access to ... officials by creating a public electronic mail address through which citizens can contact the agency with questions, comments, or concerns ...
Citizens have the right to contact their public officials by whatever means they choose, and E-mail is one means by which they may do so. However, E-mail is designed and best used for quick, informal, communication. It is not designed nor appropriately used to process, manage, maintain, or share authoritative information. Many agencies lack sufficient resources to respond promptly and authoritatively to phone calls and E-mail. To the degree that authoritative, public E-records can made readily available on the Internet, service to citizens can be maximized while freeing public officials to attend to higher-value functions, e.g., resolving concerns that have not yet been addressed in authoritative records.

Business process reengineering (BPR) aims to increase organizational effectiveness by eliminating needless steps in business processes. Both GPEA as well as its predecessor, the Paperwork Reduction Act, require agencies to eliminate the needless use of paper from their business processes. Agencies are under no legal mandate to reduce needless inefficiencies associated with phone calls and E-mail. However, the principle is the same: Citizens should be free to use whatever method they prefer but public agencies should strive to achieve the greatest possible efficiencies, thereby minimizing the waste of the taxpayers' money.

The Paperwork Reduction Act requires agencies to maintain a "current and complete inventory" of their information resources, including their E-records. E-FOIA requires agencies to make their records available by electronic means upon request. Only by maintaining a current and complete inventory of all of their records and making such an inventory available on the Internet can agencies truly uphold their obligations to the public, while at the same time reducing the need for less efficient means of accessing the information contained in authoritative, agency records.

E-Gov Directive 6 ... examining the feasibility of online voting ...
As with more traditional means, online voting requires that records be kept to identify eligible voters and how they choose to vote on each candidate and issue, while at the same time ensuring anonymity in each instance. The requirements are well-suited to the application of public key cryptography to records maintained in 5015.2-certified ERMSs.

Records managers will be watching this feasibility study with interest. If citizens must authenticate themselves in order to exercise their most basic civic duty in the electoral process, why should they not be able to use the very same means to authenticate themselves to any government agency for any purpose? Moreover, if a system is devised to assure the validity, integrity, and privacy of their vote, why should they not be able to use it also to provide the same level of assurance for the E-records created in any communications they may have with their government?

E-Gov Directive 7 ... make a broad range of benefits and services available though private and secure electronic use of the Internet ...
Private and secure use of the Internet can be accomplished via the use of public key cryptography. However, managing in a business-like manner the E-records created via E-commerce requires the use of ERMSs that have been certified to meet the 5015.2 specifications.
E-Gov Directive 8 ... private, secure, and effective communication across agencies and with the public, through the use of public key technology ... agencies are encouraged to issue ... a Government-wide minimum of 100,000 digital signature certificates by December 2000.
Effective business communications require not only the use of public key technology but also the maintenance of E-records in certified ERMSs for ready, controlled access by those who have valid needs and rights. The relationship between public key infrastructure (PKI) and E-records management is reciprocal. Each is dependent upon the other.
E-Gov Directive 9 ... strategy for upgrading ... capacity for using the Internet to become more open, efficient, and responsive ... [including] ... mechanisms for collecting input from the agency's stakeholders ...
Ultimately, such a strategy envisions a virtual worldwide library in which all business-quality E-records are maintained for ready and appropriately controlled access for appropriate periods of time. Moreover, the system must be interactive. That is, not only must it automatically assist citizens in locating and using existing E-records, but it must also afford them the opportunity to query the system for that which is not yet known ... but should be.

This directive supports the Government Performance and Results Act (GPRA), which requires agencies to consult with their stakeholders in the process of formulating strategic plans and annual objectives. Agency objectives must measurable so that outputs and outcomes can be balanced against the use of inputs, particularly the taxpayers' money. The Internet strategies that agencies develop under this directive should facilitate not only consultations with stakeholders and the establishment of agency priorities, but also the assessment and presentation of output and outcome measures in relation to inputs.

The role of government is to assist citizens in doing what they cannot do for themselves, and the role of public officials is to add value to that which is already known and documented - in government records. In short, the outcome of this directive should be that the American taxpayer can readily see - based upon readily accessible public records - exactly what they are getting for their money. As reflected in the President's E-Gov directives, life is changing in the cyberage. To remain relevant, bureaucracies and bureaucrats must change with it. So too must librarians and records managers.

Use of Information Technology to Improve Our Society

E-records management is implicit in all 16 of the President's E-Society directives as well. The following implications are particularly noteworthy:

E-Society Directive 5 ... determine how telecommuting might be used to help more disabled Americans get jobs and to provide jobs for Americans located in geographic regions outside traditional commuting areas ...
Disability is a relative term. Each of us is disabled in our own ways. If disability is defined as personal attributes beyond the control of individuals, technology is the means by which disabilities may be overcome. However, technology inappropriately applied disables all of us. ERMSs are the technology by which recorded, business-quality information should be managed and made available to each of us, regardless of our personal degrees of disability.
E-Society Directive 6 ... make web content, software, and development tools more accessible for people with disabilities by adopting technical standards consistent with the Web Accessibility Initiative ...
Standards are the key not only to accessibility of information to people but also to interoperability among the systems in which information (E-records) is maintained.
E-Society Directive 10 ... greater access to financial services through the use of information technology ...
By definition, financial information is of business-quality because money is the metric by which we value our time in economic terms. Thus, all financial transaction sets should be maintained in certified ERMSs for the retention period that is appropriate for the business processes they support.
E-Society Directive 11 ... accelerate the use of unclassified geospatial information systems ...
Geospatial records are just one of many types of information that may be sensitive and, thus, require more highly controlled access and auditing of usage. Sensitivity is among the attributes that should be effectively and efficiently addressed by implementing standards-compliant ERMSs, for E-records of all types.
E-Society Directive 12 ... apply advances in information technology to managing the consequences of natural and man-made disasters ...
The first requisite for the use of IT to offset the impacts of disasters is to ensure that vital information (i.e., E-records) itself can be quickly and easily restored. That requirement can only be efficiently met by using standards-compliant ERMSs.
E-Society Directive 13 ... create a Digital Library of Education to house this country's cultural and educational resources ...
Since an enlightened citizenry is a prerequisite for democracy, any and all of our business-quality governmental E-records might be considered to be part of our "cultural and educational resources." However, regardless of how the boundaries of a "library of education" are delineated, all E-records regardless of type or purpose should be managed, maintained, and made available in standards-compliant ERMSs. Indeed, there is nothing that we could do to more effectively promote the cause of democracy than to participate actively in the specification and use of FOIA-compliant EDMSs by government agencies worldwide.

Federal employees interested in supporting these objectives are encouraged to join the FIRM by registering for our discussion forum. Others are welcome to participate in our listserv. Instructions for both are provided at http://firm.hq.navy.mil/discussion/index.html . FIRM is especially interested in engaging PALS (Professional Association Liaisons). For information on how to become a PAL, please contact Anne.J.Baker@agf.noaa.gov

*Owen Ambur is Acting Chief of the Branch of Management Services, Division of Information Resources Management, U.S. Fish and Wildlife Service. He is a member of FIRM's Board of Directors and serves on FIRM's E-records Standards Committee. FIRM's home page is currently at http://firm.hq.navy.mil/ but will be moving soon to a new site. The page that Owen maintains on behalf of the Standards Committee is at http://www.fws.gov/laws/firmstand/FIRMstand.htm . Owen's personal home page is at http://users.erols.com/ambur/ . The E-Gov and E-Society directives are available on the White House site, respectively, at: http://www.pub.whitehouse.gov/uri-res/I2R?urn:pdi://oma.eop.gov.us/1999/12/20/5.text.1 and http://www.pub.whitehouse.gov/uri-res/I2R?urn:pdi://oma.eop.gov.us/1999/12/20/2.text.1

Other References:

OMB Circular A-11, Preparation and Submission of Budget Estimates; Preparation and Submission of Strategic Plans, Annual Performance Plans, and Annual Program Performance Reports; and Planning, Budgeting, and Acquisition of Capital Assets http://www.whitehouse.gov/OMB/circulars/a11/99toc.html

OMB Circular A-76, Performance of Commercial Activities http://www.whitehouse.gov/OMB/circulars/a076/a076.html

OMB Circular A-119, Federal Participation in the Development and Use of Voluntary Consensus Standards and in Conformity Assessment Activities http://www.whitehouse.gov/OMB/circulars/a119/a119.html

OMB Circular A-123, Management Accountability and Control http://www.whitehouse.gov/OMB/circulars/a123/a123.html

OMB Circular A-130, Management of Federal Information Resources http://www.whitehouse.gov/OMB/circulars/a130/a130.html

Raines' Rules on Federal Information Systems Investments, OMB Memorandum M-97-02, October 25,1996: http://www.whitehouse.gov/OMB/memoranda/m97-02.html Abbreviated at: http://www.fws.gov/laws/itmra.html

Records Management Metadata: http://www.fws.gov/laws/firmstand/RMmetadata.htm