This is the accessible text file for GAO report number GAO-10-872T 
entitled 'Information Management: Challenges In Federal Agencies' Use 
of Web 2.0 Technologies' which was released on July 22, 2010. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as 
part of a longer term project to improve GAO products' accessibility. 
Every attempt has been made to maintain the structural and data 
integrity of the original printed product. Accessibility features, 
such as text descriptions of tables, consecutively numbered footnotes 
placed at the end of the file, and the text of agency comment letters, 
are provided but may not exactly duplicate the presentation or format 
of the printed version. The portable document format (PDF) file is an 
exact electronic replica of the printed version. We welcome your 
feedback. Please E-mail your comments regarding the contents or 
accessibility features of this document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Testimony: 

Before the Subcommittee on Information Policy, Census, and National 
Archives, Committee on Oversight and Government Reform, House of 
Representatives: 

United States Government Accountability Office: 
GAO: 

For Release on Delivery: 
Expected at 2:00 p.m. EDT: 
Thursday, July 22, 2010: 

Information Management: 

Challenges In Federal Agencies' Use of Web 2.0 Technologies: 

Statement of: 

Gregory C. Wilshusen, Director: 
Information Security Issues: 

GAO-10-872T: 

GAO Highlights: 

Highlights of GAO-10-872T, a testimony before the Subcommittee on 
Information Policy, Census, and National Archives, Committee on 
Oversight and Government Reform, House of Representatives. 

Why GAO Did This Study: 

“Web 2.0” technologies—such as Web logs (“blogs”), social networking 
Web sites, video- and multimedia-sharing sites, and “wikis”—are 
increasingly being utilized by federal agencies to communicate with 
the public. These tools have the potential to, among other things, 
better include the public in the governing process. However, agency 
use of these technologies can present risks associated with properly 
managing and protecting government records and sensitive information, 
including personally identifiable information. In light of the rapidly 
increasing popularity of Web 2.0 technologies, GAO was asked to 
identify and describe current uses of Web 2.0 technologies by federal 
agencies and key challenges associated with their use. 

To accomplish this, GAO analyzed federal policies, reports, and 
guidance related to the use of Web 2.0 technologies and interviewed 
officials at selected federal agencies, including the Department of 
Homeland Security, the General Services Administration, and the 
National Archives and Records Administration. 

What GAO Found: 

Federal agencies are using Web 2.0 technologies to enhance services 
and support their individual missions. Federal Web managers use these 
applications to connect to people in new ways. As of July 2010, we 
identified that 22 of 24 major federal agencies had a presence on 
Facebook, Twitter, and YouTube. 

Several challenges in federal agencies’ use of Web 2.0 technologies 
have been identified: 

Privacy and security. Agencies are faced with the challenges of 
determining how the Privacy Act of 1974, which provides certain 
protections to personally identifiable information, applies to 
information exchanged in the use of Web 2.0 technologies, such as 
social networking sites. Further, the federal government may face 
challenges in determining how to appropriately limit collection and 
use of personal information as agencies utilize these technologies and 
how and when to extend privacy protections to information collected 
and used by third-party providers of Web 2.0 services. In addition, 
personal information needs to be safeguarded from security threats, 
and guidance may be needed for employees on how to use social media 
Web sites properly and how to handle personal information in the 
context of social media. 

Records management and freedom of information. Web 2.0 technologies 
raise issues in the government’s ability to identify and preserve 
federal records. Agencies may face challenges in assessing whether the 
information they generate and receive by means of these technologies 
constitutes federal records and establish mechanisms for preserving 
such records, which involves, among other things, determining the 
appropriate intervals at which to capture constantly changing Web 
content. The use of Web 2.0 technologies can also present challenges 
in appropriately responding to Freedom of Information Act (FOIA) 
requests because there are significant complexities in determining 
whether agencies control Web 2.0-generated content, as understood 
within the context of FOIA. 

Federal agencies have begun to identify some of the issues associated 
with Web 2.0 technologies and have taken steps to start addressing 
them. For example, the Office of Management and Budget recently issued 
guidance intended to (1) clarify when and how the Paperwork Reduction 
Act of 1995 applies to federal agency use of social media and Web-
based interactive technologies; and (2) help federal agencies protect 
privacy when using third-party Web sites and applications. 

View [hyperlink, http://www.gao.gov/products/GAO-10-872T] or key 
components. For more information, contact Gregory C. Wilshusen at 
(202) 512-6244 or wilshuseng@gao.gov. 

[End of section] 

Chairman Clay and Members of the Subcommittee: 

Thank you for the opportunity to testify today on the use of "Web 2.0" 
technologies by federal government agencies and the challenges 
associated with the use of these technologies. 

Federal agencies are increasingly using recently developed 
technologies (commonly referred to as "Web 2.0" technologies) that 
offer flexible, sophisticated capabilities for interaction with 
individuals, allowing agencies and the public to publish comments, 
photos, and videos directly on agency-sponsored Web pages. The use of 
these tools by federal agencies is growing tremendously, supported by 
initiatives from the administration, directives from government 
leaders, and demands from the public. These tools offer the potential 
to better include people in the governing process and may also 
contribute to accomplishing agency missions. However, agency use of 
these technologies also may present risks associated with properly 
managing and protecting government records and sensitive information, 
including personally identifiable information. 

In this statement I will describe the current uses of Web 2.0 
technologies by federal agencies, key challenges associated with their 
use of these technologies, and initial steps agencies have taken to 
address identified issues. 

My testimony is based on our analysis of federal government policies, 
reports, and guidance related to the use of Web 2.0 technologies. To 
perform our analysis, we reviewed relevant reports produced by the 
Department of Homeland Security (DHS), General Services Administration 
(GSA), and National Archives and Records Administration (NARA). Based 
on our review of these reports, we identified potential challenges 
related to privacy, security, records management, and freedom of 
information. We interviewed agency officials involved in the 
development of these reports to validate the challenges identified in 
relevant reports and obtain their views regarding the extent to which 
government efforts are underway to address them. We conducted our work 
from February 2010 to July 2010 in accordance with all sections of 
GAO's Quality Assurance Framework that are relevant to our objectives. 
The framework requires that we plan and perform the engagement to 
obtain sufficient and appropriate evidence to meet our stated 
objectives and to discuss any limitations to our work. We believe that 
the information and data obtained, and the analysis conducted, provide 
a reasonable basis for any findings and conclusions in this product. 

In addition, at your request, we are currently undertaking a more 
comprehensive review of the management and protection of information 
collected and maintained by commercial providers of social media on 
behalf of or in association with federal agencies. 

Background: 

Internet-based services using Web 2.0 technology have become 
increasingly popular. Web 2.0 technologies refer to a second 
generation of the World Wide Web as an enabling platform for Web-based 
communities of interest, collaboration, and interactive services. 
These technologies include Web logs (known as "blogs"), which allow 
individuals to respond online to agency notices and other postings; 
social-networking sites (such as Facebook and Twitter), which also 
facilitate informal sharing of information among agencies and 
individuals; video-sharing Web sites (such as YouTube), which allow 
users to discover, watch, and share originally created videos; 
"wikis," which allow individual users to directly collaborate on the 
content of Web pages; "podcasting," which allows users to download 
audio content; and "mashups," which are Web sites that combine content 
from multiple sources. 

While in the past Internet usage concentrated on sites that provide 
online shopping opportunities and other services, according to the 
Nielsen Company, today video and social networking sites have moved to 
the forefront, becoming the two fastest growing types of Web sites in 
2009, with 87 percent more users than in 2003. Furthermore, in 
February 2009, usage of social networking services reportedly exceeded 
Web-based e-mail usage for the first time. Similarly, the number of 
American users frequenting online video sites has more than tripled 
since 2003. 

Some of the most popular Web 2.0 technologies in use today are social 
networking services, such as Facebook and Twitter. Facebook is a 
social networking site that lets users create personal profiles 
describing themselves and then locate and connect with friends, co-
workers, and others who share similar interests or who have common 
backgrounds. According to the Nielsen Company, Facebook was the number 
one global social networking site in December 2009 with 206.9 million 
unique visitors. Twitter is a social networking and blogging site that 
allows users to share and receive information through short messages. 
According to the Nielsen Company, Twitter has been the fastest-growing 
social networking Web site in terms of unique visitors, increasing 
over 500 percent, from 2.7 million visitors in December 2008 to 18.1 
million in December 2009. 

Federal Agencies are Increasingly Using Web 2.0 Technologies: 

Federal agencies are increasingly using Web 2.0 technologies to 
enhance services and interactions with the public. Federal Web 
managers use these applications to connect to people in new ways. As 
of July 2010, we identified that 22 of 24 major federal agencies 
[Footnote 1] had a presence on Facebook, Twitter, and YouTube. 
[Footnote 2] 

Use of such technologies was endorsed in President Obama's January 
2009 memorandum promoting transparency and open government.[Footnote 
3] The memorandum encouraged executive departments and agencies to 
harness new technologies to put information about their operations and 
decisions online so that it would be readily available to the public. 
It also encouraged the solicitation of public feedback to identify 
information of the greatest use to the public, assess and improve 
levels of collaboration, and identify new opportunities for 
cooperation in government. Table 1 presents examples of Web 2.0 
technologies and their current uses in the federal government. 

Table 1: Current and Potential Uses of Web 2.0 in the Federal 
Government: 

Web 2.0 technology: Blogs; 
Simplified definition: Web sites where regular entries are made (such 
as in a journal or diary) and presented in reverse chronological order; 
Examples of federal use: White House Blog; Department of State's 
Dipnote Blog; The Transportation Security Administration's Air 
Security Blog; 
Potential for government: Can provide government information to new 
audiences and encourage public conversations on government issues. 

Web 2.0 technology: Social networking sites; 
Simplified definition: Web sites that connect people through online 
communities. Users can establish pages with their profiles and find 
other people they know or look for other members with similar 
interests or affiliations; 
Examples of federal use: USA.gov Facebook Page; NASA Spacebook and 
CoLab Program; EPA Facebook Group; State Department and Transportation 
Security Administration Twitter accounts; 
Potential for government: Can support public interaction in response 
to agency announcements. 

Web 2.0 technology: Video and multimedia sharing; 
Simplified definition: Web sites that use videos, images, and audio 
libraries to share information; 
Examples of federal use: USA.gov Multimedia Library; NASA's YouTube 
Page; 
Potential for government: Can support public outreach, education, 
training, and other communication with online audiences. 

Web 2.0 technology: Wikis; 
Simplified definition: Collections of Web pages that encourage users 
to contribute or directly modify the content; 
Examples of federal use: GSA's Intergovernmental Solutions Wiki; 
Intellipedia; Office of Management and Budget's USAspending.gov Wiki; 
Potential for government: Can support public collaboration, knowledge 
sharing, and input on government issues. 

Web 2.0 technology: Podcasting; 
Simplified definition: Publishing audio files on the Web so they can 
be downloaded onto computers or portable listening devices. Users can 
subscribe to a "feed" of new audio files and download them 
automatically as they are posted; 
Examples of federal use: White House podcasts; USA.gov Federal Podcast 
Library; Webcontent.gov podcasts; Census daily podcasts; 
Potential for government: Provide updates, coverage of live government 
deliberations, emergency response information, and how-to messages to 
the public. 

Web 2.0 technology: Mashups; 
Simplified definition: Web sites that combine content from multiple 
sources for an integrated experience; 
Examples of federal use: USA Search; HUD's National Housing Locator 
System; 
Potential for government: Can support richer information sharing by 
integrating external data and expanding government reach. 

Source: GAO analysis of USA.gov and GSA data. 

[End of table] 

Federal agencies have been adapting Web 2.0 technologies to support 
their individual missions. For example: 

* The U.S. Agency for International Development (USAID) uses Facebook 
to inform the public about the developmental and humanitarian 
assistance that it is providing to different countries in the world. 
It also posts links to other USAID resources, including blogs, videos, 
and relevant news articles. 

* The National Aeronautics and Space Administration (NASA) uses 
Twitter to notify the public about the status of its missions as well 
as to respond to questions regarding space exploration. For example, 
NASA recently posted entries about its Mars Phoenix Lander mission on 
Twitter, which included answers to questions by individuals who 
followed its updates on the site. 

* The State Department uses YouTube and other video technology in 
supporting its public diplomacy efforts. The department posts YouTube 
videos of remarks by Secretary Clinton, daily press briefings, 
interviews of U.S. diplomats, and testimonies by ambassadors. It also 
conducted a global video contest that encouraged public participation. 
The department then posted the videos submitted to it on its 
America.gov Web site to prompt further online discussion and 
participation. 

* The Transportation Security Administration (TSA) developed a blog to 
facilitate an ongoing dialogue on security enhancements to the 
passenger screening process. The blog provides a forum for TSA to 
provide explanations about issues that can arise during the passenger 
screening process and describe the rationale for the agency's policies 
and practices. TSA also uses Twitter to alert subscribers to new blog 
posts. A program analyst in TSA's Office of Strategic Communications 
and Public Affairs stated that blogging encourages conversation, and 
provides direct and timely clarification regarding issues of public 
concern. 

Determining Appropriate Agency Use of Web 2.0 Technologies Presents 
Challenges: 

While the use of Web 2.0 technologies can transform how federal 
agencies engage the public by allowing citizens to be more involved in 
the governing process, agency use of such technologies can also 
present challenges related to privacy, security, records management, 
and freedom of information. 

Privacy and Security Challenges: 

Determining how the Privacy Act of 1974 applies to government use of 
social media. The Privacy Act of 197[Footnote 4]4 places limitations 
on agencies' collection, disclosure, and use of personal information 
maintained in systems of records. The act describes a "record" as any 
item, collection, or grouping of information about an individual that 
is maintained by an agency and contains his or her name or another 
personal identifier. It also defines "system of records" as a group of 
records under the control of any agency from which information is 
retrieved by the name of the individual or by an individual identifier. 

However, because of the nature of Web 2.0 technologies, identifying 
how the act applies to the information exchanged is difficult. Some 
cases may be more clear-cut than others. For example, as noted by a 
participant discussing Web 2.0 challenges at a recent conference 
sponsored by DHS, the Privacy Act clearly applies to systems owned and 
operated by the government that make use of Web 2.0 technologies. 
Government agencies may also take advantage of commercial Web 2.0 
offerings, in which case they are likely to have much less control 
over the systems that maintain and exchange information. For example, 
a government agency that chooses to establish a presence on a third 
party provider's service, such as Facebook, could have limited control 
over what is done with its information once posted on the electronic 
venue. Given this limited control, key officials we interviewed said 
they are unsure about the extent to which personal information that is 
exchanged in such forums is protected by the provisions of the Privacy 
Act. 

Ensuring that agencies are taking appropriate steps to limit the 
collection and use of personal information through social media. 
Privacy could be compromised if clear limits are not set on how the 
government uses personal information to which it has access in social 
networking environments. Social networking sites, such as Facebook, 
encourage people to provide personal information that they intend to 
be used only for social purposes. Government agencies that participate 
in such sites may have access to this information and may need rules 
on how such information can be used. While such agencies cannot 
control what information may be captured by social networking sites, 
they can make determinations about what information they will collect 
and what to disclose. However, unless rules to guide their decisions 
are clear, agencies could handle information inconsistently. 
Individual privacy could be affected, depending upon whether and how 
government agencies collect or use personal information disclosed by 
individuals in interactive settings. 

Extending privacy protections to the collection and use of personal 
information by third party providers. Individuals interacting with the 
government via Web 2.0 media may provide personal information for 
specific government purposes and may not understand that the 
information may be collected and stored by third-party commercial 
providers. It also may not be clear as to whose privacy policy applies 
when a third party manages content on a government agency Web site. 
Accordingly, agencies may need to be clear about the extent to which 
they make use of commercial providers and the providers' specific 
roles. Uncertainty about who has access to personal information 
provided through agency social networking sites could diminish 
individuals' willingness to express their views and otherwise interact 
with the government. 

Safeguarding personal information from security threats that target 
Web 2.0 technologies. Federal government information systems have been 
targeted by persistent, pervasive, aggressive threats.[Footnote 5] In 
addition, as the popularity of social media has grown, they have 
increasingly been targeted as well. Thus as agencies make use of Web 
2.0 technologies, they face persistent, sophisticated threats 
targeting their own information as well as the personal information of 
individuals interacting with them. The rapid development of Web 2.0 
technologies makes it challenging to keep up with the constantly 
evolving threats deployed against them and raises the risks associated 
with government participation in such technologies. 

Further, the Federal Information Security Management Act[Footnote 6] 
states that agencies are responsible for the security of information 
collected or maintained on their behalf and for information systems 
used or operated on their behalf. The extent to which FISMA makes 
federal agencies responsible for the security of third-party social 
media Web sites may depend on whether such sites are operating their 
systems or collecting information on behalf of the federal government, 
which may not be clear. 

Training government participants on the proper use of social 
networking tools. Use of Web 2.0 technologies can result in a blending 
of professional and personal use by government employees, which can 
pose risks to their agencies. When an individual identifies him-or 
herself on a social media site as a federal employee, he or she 
provides information that may be exploited in a cyber attack on the 
agency. However, federal guidance may be needed for employees on how 
to use social media Web sites properly and how to handle personal 
information in the context of social media. In addition, training may 
be needed to ensure that employees are aware of agency policies and 
accountable for adhering to them. 

Records Management and Freedom of Information Challenges: 

Determining requirements for preserving Web 2.0 information as federal 
records. A challenge associated with government use of Web 2.0 
technologies, including government blogs and wikis and Web pages 
hosted by commercial providers, is the question of whether information 
exchanged through these technologies constitute federal records 
pursuant to the Federal Records Act.[Footnote 7] The National Archives 
and Records Administration (NARA) has issued guidance to help agencies 
make decisions on what records generated by these technologies should 
be considered agency records. According to the guidance, records 
generated when a user interacts with an agency Web site may form part 
of a set of official agency records.[Footnote 8] NARA guidance also 
indicates that content created with interactive software on government 
Web sites is owned by the government, not the individuals who created 
it, and is likely to constitute agency records and should be managed 
as such. Given these complex considerations, it may be challenging for 
federal agencies engaging the public via Web 2.0 technologies to 
assess the information they generate and receive via these 
technologies to determine its status as federal records. 

Establishing mechanisms for preserving Web 2.0 information as records. 
Once the need to preserve information as federal records has been 
established, mechanisms need to be put in place to capture such 
records and preserve them properly. Proper records retention 
management needs to take into account NARA record scheduling 
requirements and federal law, which requires that the disposition of 
all federal records be planned according to an agency schedule or a 
general records schedule approved by NARA. The records schedule 
identifies records as being either temporary or permanent and sets 
times for their disposal. 

These requirements may be challenging for agencies because the types 
of records involved when information is collected via Web 2.0 
technologies may not be clear. For example, part of managing Web 
records includes determining when and how Web "snapshots" should be 
taken to capture the content of agency Web pages as they existed at 
particular points in time. Business needs and the extent to which 
unique information is at risk of being lost determine whether such 
snapshots are warranted and their frequency. NARA guidance requires 
that snapshots be taken each time a Web site changes significantly; 
thus, agencies may need to assess how frequently the information on 
their sites changes. 

Comments by individuals on agency postings may need to be scheduled in 
addition to agency postings. In the case of a wiki, NARA guidance 
requires agencies to determine whether the collaborative wiki process 
should be scheduled along with the resulting final product. In 
addition, because a wiki depends on a collaborative community to 
provide content, agencies are required to make determinations about 
how much content is required to make the wiki significant or 
"authoritative" from a record perspective. 

The potential complexity of these decisions and the resulting record- 
keeping requirements and processes can be daunting to agencies. 

Ensuring proper adherence to the requirements of FOIA. Federal 
agencies' use of Web 2.0 technologies could pose challenges in 
appropriately responding to FOIA requests. Determining whether Web 2.0 
records qualify as "agency records" under FOIA's definition is a 
complex question. FOIA's definition focuses on the extent to which the 
government controls the information in question. According to the 
Department of Justice's FOIA guidance, courts apply a four-part test 
to determine whether an agency exercises control over a record. They 
examine: (a) who created the record and the intent of the record 
creator; (b) whether the agency intended to relinquish control; (c) 
the agency's ability to use or dispose of the record; and (d) the 
extent to which the record is integrated into the agency's files. 
Agency "control" is also the predominant consideration in determining 
whether information generated or maintained by a government contractor 
is subject to FOIA's requirements. Given the complexity of these 
criteria, agencies may be challenged in making appropriate FOIA 
determinations about information generated or disseminated via Web 2.0 
technologies. If not handled properly, such information may become 
unavailable for public access. 

Federal Agencies Have Taken Steps to Identify and Start Addressing Web 
2.0 Technology Issues: 

As federal agencies have increasingly adopted Web 2.0 technologies, 
often by making use of commercially provided services, information 
technology officials have begun to consider the array of privacy, 
security, records management, and freedom of information issues that 
such usage poses. Once these issues are understood, measures can then 
be developed and implemented to address them. Several steps have been 
taken to identify these issues and to begin developing processes and 
procedures to address them: 

* In June 2009, DHS hosted a two-day public workshop to discuss 
leading practices for the use of social media technologies to further 
the President's Transparency and Open Government Initiative. The 
workshop consisted of panels of academic, private-sector, and public-
sector experts and included discussions on social media activities of 
federal agencies and the impact of those activities on privacy and 
security. In November 2009, DHS released a report summarizing the 
findings of the panels and highlighting potential solutions. According 
to a DHS official involved in coordinating the workshop, the array of 
issues raised during the workshop--which are reflected in the 
challenges I have discussed today--remain critically important to 
effective agency use of Web 2.0 technologies and have not yet been 
fully addressed across the government. 

* NARA has issued guidance outlining issues related to the management 
of government information associated with Web 2.0 use. The agency 
recently released a brief document, Implications of Recent Web 
Technologies for NARA Web Guidance, as a supplement to its guidance to 
federal agencies on managing Web-based records. The document discusses 
Web technologies used by federal agencies--including Web portals, 
blogs, and wikis--and their impact on records management. NARA 
officials recognize that the guidance does not fully address more 
recent Web 2.0 technologies, and they said the agency is currently 
conducting a study of the impact of those technologies and plans to 
release additional guidance later this year. 

* In April 2009, the General Services Administration announced that it 
had negotiated terms-of-service agreements with several social 
networking providers, including Facebook, MySpace, and YouTube. The 
purpose of these agreements was to provide federal agencies with 
standardized vehicles for engaging these providers and to resolve 
legal concerns raised by following the terms and conditions generally 
used by the providers, which posed problems for federal agencies, 
including liability, endorsements, advertising, and freedom of 
information. As a result, other federal agencies can take advantage of 
these negotiated agreements when determining whether to use the 
providers' services. 

* The Office of Management and Budget (OMB), in response to President 
Obama's January 2009 memorandum promoting transparency and open 
government, recently issued guidance intended to (1) clarify when and 
how the Paperwork Reduction Act of 1995 (PRA)[Footnote 9] applies to 
federal agency use of social media and Web-based interactive 
technologies; and (2) help federal agencies protect privacy when using 
third-party Web sites and applications. Specifically, a memo issued in 
April 2010[Footnote 10] explained that certain uses of social media 
and web-based interactive technologies would not be treated as 
"information collections" that would otherwise require review under 
the PRA. Such uses include many uses of wikis, the posting of 
comments, the conduct of certain contests, and the rating and ranking 
of posts or comments by Web site users. It also states that items 
collected by third party Web sites or platforms that are not 
collecting information on behalf of the federal government are not 
subject to the PRA. In addition, a memorandum issued by OMB in June 
2010[Footnote 11] called for agencies to provide transparent privacy 
policies, individual notice, and a careful analysis of the privacy 
implications whenever they choose to use third-party technologies to 
engage with the public. The memo stated--among other things--that 
prior to using any third-party Web site or application, agencies 
should examine the third-party's privacy policy to evaluate the risks 
and determine whether it is appropriate for agency use. Further, if 
agencies post links on their Web sites that lead to third-party Web 
sites, they should notify users that they are being directed to non-
government Web sites that may have privacy policies that differ from 
the agency's. In addition, the memo required agencies to complete a 
privacy impact assessment whenever an agency's use of a third-party 
Web site or application gives it access to personally identifiable 
information. 

In summary, federal agencies are increasingly using Web 2.0 
technologies to enhance services and interactions with the public, and 
such technologies have the potential to transform how federal agencies 
engage the public by allowing citizens to become more involved in the 
governing process and thus promoting transparency and collaboration. 
However, determining the appropriate use of these new technologies 
presents new potential challenges to the ability of agencies to 
protect the privacy and security of sensitive information, including 
personal information, shared by individuals interacting with the 
government and to the ability of agencies to manage, preserve, and 
make available official government records. Agencies have taken steps 
to identify these issues and begun developing processes and procedures 
for addressing them. Until such procedures are in place, agencies will 
likely continue to face challenges in appropriately using Web 2.0 
technologies. We have ongoing work to assess these actions. 

Mr. Chairman, this concludes my statement. I would be happy to answer 
any questions you or other Members of the Subcommittee may have. 

Contact and Acknowledgments: 

If you have any questions regarding this testimony, please contact 
Gregory C. Wilshusen at (202) 512-6244 or wilshuseng@gao.gov. Other 
individuals who made key contributions include John de Ferrari 
(Assistant Director), Sher`rie Bacon, Marisol Cruz, Susan Czachor, 
Fatima Jahan, Nick Marinos, Lee McCracken, David Plocher, and Jeffrey 
Woodward. 

[End of section] 

Footnotes: 

[1] The 24 major departments and agencies (agencies) are the 
Departments of Agriculture, Commerce, Defense, Education, Energy, 
Health and Human Services, Homeland Security, Housing and Urban 
Development, the Interior, Justice, Labor, State, Transportation, the 
Treasury, and Veterans Affairs; the Environmental Protection Agency, 
General Services Administration, National Aeronautics and Space 
Administration, National Science Foundation, Nuclear Regulatory 
Commission, Office of Personnel Management, Small Business 
Administration, Social Security Administration, and U.S. Agency for 
International Development. 

[2] Totals include Facebook, Twitter, and YouTube pages that were 
readily accessible through official agency Web sites as of July 19, 
2010. For each of these three social media services, the 22 agencies 
using them varied. 

[3] The White House, Memorandum for the Heads of Executive Departments 
and Agencies: Transparency and Open Government (Washington, D.C.: Jan. 
21, 2009). 

[4] The Privacy Act of 1974 (5 U.S.C § 552a) serves as a key mechanism 
for controlling the collection, use, and disclosure of personally 
identifiable information within the federal government. The act also 
allows citizens to learn how their personal information is collected, 
maintained, used, and disseminated by the federal government. 

[5] U.S. Government Accountability Office, Cybersecurity: Continued 
Attention Is Needed to Protect Federal Information Systems from 
Evolving Threats, [hyperlink, http://www.gao.gov/products/GAO-10-834T] 
(Washington, D.C.: Jun. 16, 2010). 

[6] 44 USC 3544(a)(1). 

[7] The act provides that "records" include "all books, papers, maps, 
photographs, machine readable materials, or other documentary 
materials, regardless of physical form or characteristics, made or 
received by an agency of the United States Government under Federal 
law or in connection with the transaction of public business and 
preserved or appropriate for preservation by that agency or its 
legitimate successor as evidence of the organization, functions, 
policies, decisions, procedures, operations, or other activities of 
the Government or because of the informational value of data in them." 
44 U.S.C.§ 3301. 

[8] The National Archives and Records Administration, Implications of 
Recent Web Technologies for NARA Web Guidance (posted September 30, 
2006). See [hyperlink, http://www.archives.gov/records-
mgmt/initiatives/web-tech.html]. 

[9] 44 U.S.C. § 3501, et. seq. 

[10] OMB, Office of Information and Regulatory Affairs, Memorandum for 
the Heads of Executive Departments and Agencies, and Independent 
Regulatory Agencies: Social Media, Web-Based Interactive Technologies, 
and the Paperwork Reduction Act (Washington, D.C.: April 7, 2010). 

[11] OMB, Memorandum for the Heads of Executive Departments and 
Agencies: Guidance for Agency Use of Third-Party Websites and 
Applications, M-10-23 (Washington, D.C.: June 25, 2010). 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates." 

Order by Phone: 

The price of each GAO publication reflects GAO’s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO’s Web site, 
[hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional 
information. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Ralph Dawn, Managing Director, dawnr@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548: 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: