March 15-21 is “Sunshine Week“, a government transparency initiative described by its main proponents as
a national initiative to open a dialogue about the importance of open government and freedom of information. Participants include print, broadcast and online news media, civic groups, libraries, non-profits, schools and others interested in the public’s right to know.
The arguments in favor of governmental transparency are numerous and well-known. On a purely pragmatic basis, it is harder to hide misdeeds, inefficiencies, and feather-bedding when anyone can ask you to show your work. Stated simply, quality evidence aids decision-making and reveals entrenched self-dealing, waste, and deception.
Information security folks, particularly New School adherents, should find much to like in this. I want to highlight once again the outstanding work of our friends at DataLossDB.org. In addition to operating what was formerly Attrition.org’s DataLoss database, they have become a central repository for the actual source documents — notification letters, reporting forms, etc. — pertaining to breaches. The majority of these documents have been obtained via — you guessed it — Freedom of Information requests.
By highlighting DataLossDB, I do not mean to slight the actions of others. Since I have been fairly active as a researcher in querying government entities, I know there is a small community of like-minded folks, with DataLossDB having several (and certainly the fastest RonR coders!).
The fact that relatively obscure people — all of whom have day jobs, as far as I know — can assemble an archive of this caliber is a testament to the leverage Freedom of Information laws give to citizens. And we know the information in these materials is valuable when made available broadly because state legislatures have seen the results and are looking to emulate the leaders.
So, with Spring on it’s way — at least at my latitude — here’s to more sunshine.