July 1992 Vol. 4; Issue 5 ELECTRIFYING SPEECH New Communications Technologies and Traditional Civil Liberties =------------------------------------------------------------= |This document is Copyright (c) 1992 by Human Rights Watch. | |It is reproduced in electronic form by permission of Human | |Rights Watch. For printed versions of this document, contact| |Human Rights Watch Publications, 485 Fifth Avenue, New York,| |NY 10017. Printed copies are $3.00 with quantity discounts | |available. This electronic copy of the document is being | |made available as a service of Human Rights Watch and | |The Electronic Frontier Foundation (eff.org). It originated | |in the eff.org ftp library. Redistribution of this document | |should always be accompanied by this header. | =------------------------------------------------------------= INTRODUCTION: NEW COMMUNICATION TECHNOLOGIES Since the personal computer ushered in a communication revolution about 15 years ago, the accompanying technology has been likened to everything from the printing press to Hyde Park Corner, from the postal system to talk radio. Pungent as these analogies are, their limitations point up the essential uniqueness of computer-mediated communication. While the printing press made possible the mass dissemination of information, computers can individualize information and increase its flow a thousandfold. In the process, they change the nature of communication itself. Few Americans are unaffected by this revolution, whether they rely on computers to do their taxes, write a novel, serve up money from a bank machine, or make airplane reservations -- and then guide the plane safely back to land. Those who are "on-line" "talk" to people whom they may never meet face-to-face and form "virtual communities" in "Cyberspace" -- a place without physical dimensions, but with the capacity to store vast amounts of facts, conversation, messages, written or voice mail and graphic images. While it is axiomatic that these new capabilities can open up faster, easier and more inclusive communication, they also call into question long held assumptions about individual and communal rights. Some are old questions in a new context: What, if any, is the role of the government in regulating electronic communication? As more and more information is recorded and stored automatically, how can the right of privacy be balanced with the right to know? What happens to individual protections when information is a salable commodity? Does the form in which information is kept change the government's obligation to inform its citizens? Other questions arise from the new technologies: When borders can be breached by a keystroke and texts and images can be reproduced and modified without ever being published, what happens to definitions of intellectual property, scholarship, conversation, publication, community, even knowledge itself? In 1983, Ithiel de Sola Pool began his seminal book, Technologies of Freedom, with the warning that "Civil liberty functions today in a changing technological context." As if to prove him right, the government is now proposing a $2 billion investment in computer networking technologies which will radically alter the way American communicate. Because the technological context changes more rapidly than the laws regulating it, the debate about how we want to live in an electronic world is both volatile and urgent. ELECTRONIC COMMUNICATION AND THE LAW United States law has not treated all communication technology alike. As Pool notes, regulatory policy is based on different assumptions and varies among print, common carriage and broadcasting, which were the three prominent modes of mass communication when he wrote. Thus, lawmakers and jurists delineating free speech sought to minimize traditional controls on printed speech by rejecting the types of censorship associated with it, such as prior restraint, taxation and seditious libel. But early regulators, with an eye to the social good, had no qualms about requiring common carriers, such as the postal and telegraph systems, to provide universal service without discrimination. Their successors, assuming that the broadcast spectrum was a scarce commodity, designed a regulatory system for radio and TV based on government licensing, business advertising and a limited number of channels. Later regulations included the Fairness Doctrine (imposing on licensed broadcasters an obligation to cover issues fairly), which regulated the content of speech. But as technologies merge, traditional distinctions among the modes are no longer applicable. Today, for instance, anyone regulating electronic bulletin boards is looking at a cross between a publisher and a bookstore that operates by means of the telephone, a common carrier. Historically, the law has responded to, not anticipated, technological changes, often reacting repressively when a new technology challenges the status quo. As in the past, regulation of electronic communication has been influenced more by market and political forces than constitutional principles or legal issues. But electronic communication policy is still fluid enough to allow for questions about who should set the policy and to what end. The Constitution Among the most active participants in the policy discussion is Computer Professionals for Social Responsibility (CPSR), a public interest group formed to explore the impact of computers on society. In March 1991, CPSR held the First Conference on Computers, Freedom & Privacy in Burlingame, California. The concerns addressed at the conference fell into three broad civil liberty categories: protecting speech, protecting privacy, and gaining access to government information. In an opening address, constitutional scholar Laurence Tribe posed a question of his own: "When the lines along which our Constitution is drawn warp or vanish, what happens to the Constitution itself?" The sections of the Constitution Tribe was referring to in relation to electronic communication are: # the First Amendment, with its prohibition against laws abridging freedom of speech, assembly, or the press; # the Fourth Amendment, protecting people and their property from unreasonable government intrusion; # the Fifth Amendment, guaranteeing due process of law and exemption from self-incrimination; # the Ninth and Fourteenth Amendments, which reinforce other rights and provisions in the Constitution. In applying these long-standing guarantees in the burgeoning electronic forum, Tribe recommends that policy makers look not at what technology makes possible, but at the core values the Constitution enshrines. The overarching principles of that document, he maintains, are its protection of people rather than places, and its regulation of the actions of the government, not of private individuals. Other central values Tribe notes are the ban on governmental control of the content of speech; the principle that a person's body and property belong to that person and not the public; and the invariability of constitutional principles despite accidents of technology. To insure that these values prevail as technology changes, Tribe proposes adding a 27th amendment to the Constitution to read: "This Constitution's protections for the freedoms of speech, press, petition and assembly, and its protections against unreasonable searches and seizures and the deprivation of life, liberty or property without due process of law, shall be construed as fully applicable without regard to the technological method or medium through which information content is generated, stored, altered, transmitted or controlled." Who Regulates and How Speakers at the conference did not argue with Tribe's goal of an enlightened electronic communication policy on the part of the government, but some disagreed over who should be responsible for formulating that policy and whatever regulations accompany it. Jerry Berman, a longtime privacy advocate who is now Director of the Washington office of the Electronic Frontier Foundation, warned that, in light of the courts' current record on civil liberties, any strategy giving them primary power to settle electronic speech disputes was dangerous. He argued instead for legislative controls. Others worried that lawmakers, misunderstanding or misinterpreting existing electronic speech problems, would push through harsh and intrusive regulations. Steve McLellan, a special assistant to the Washington Utilities Commission, cited efforts in his state by phone companies wanting to institute caller ID systems. The companies lobbied for authorization of that technology by portraying it as customer protection, a way to combat obscene and crank phone calls. The constitutional privacy issues got buried in politics until the utilities commission announced that it would approve caller-ID tariffs only if they provided for blocking mechanisms provided free and at the discretion of the customer. Yet another potential regulatory force was posited by Eli Noam, Director of the Center for Telecommunications and Information Studies at Columbia University. Noam suggested that computer- based information networks will become quasi-political entities, not subordinated to other jurisdictions, as they tax, set standards of behavior and mediate conflicts among their members, and band together to influence economic and social policy. Current Regulation There are myriad laws on the federal and state levels with potential impact in the electronic forum: the Privacy Protection Act, Freedom of Information Act, Wiretap Act, Paperwork Reduction Act, sunshine laws, obscenity laws, and laws regulating copyright, trademark, interstate commerce, and product liability. As New York attorney Lance Rose points out, this proliferation of laws tends to reinforce the most restrictive standard -- because computer users and service providers cannot inform themselves about all potentially relevant rules, they are well-advised to stay within the boundaries of the strictest regulation that may apply. Congress has also passed legislation aimed directly at electronic communication within the government, including: # the Computer Matching and Privacy Protection Act of 1988, which prohibits government agencies from combining discrete computerized personal records as a basis for taking adverse action against an individual until the results of the match have been verified independently; # the Computer Security Act of 1987, designed to improve the security and privacy of federal computer systems; # the Electronic Communication Protection Act of 1986, which safeguards electronic communication from interception, disclosure and random monitoring without a court order; and stipulates that a court order must be time-limited and must specify the information sought; # the Computer Fraud and Abuse Act of 1984 (revised in 1986), which criminalizes unauthorized entry, and taking or alteration of information from computers; authorizes fines and imprisonment up to 20 years under certain circumstances; and gives the Secret Service authority to investigate potential offenses. In an effort to balance the punitive aspects of the Act, Sen. Patrick Leahy (D-VT) introduced an amendment to the 1991 crime bill that defines criminal liability in electronic communication cases as intent to damage, rather than as the technical concept of unauthorized access. The bill (S. 1322) will come up for a vote again in 1992. Both the Computer Fraud and Electronic Communication Protection Acts include exceptions to their non-disclosure provisions for service providers who "may divulge" the content of a communication to a law enforcement agency if the contents "appear to pertain to the commission of a crime." Bulletin board operators have voiced concern over the ambiguity of this provision, questioning if it implies a duty on their part to report on the content of their boards. THE ELECTRONIC FRONTIER: SOME SKIRMISHES It is by no means a foregone conclusion among potential regulators of electronic speech that it is wholly protected by the First Amendment, but even if that were agreed upon, the issue of how to determine the limits of what is permissible, desirable and necessary would still loom large. The discussion has been framed by a set of paradigms, in which the electronic forum is portrayed as a mix of the past - - the American frontier -- and a wholly new phenomenon, Cyberspace. The term Cyberspace comes from William Gibson's novel, Neuromancer. It is the "place" telephone conversations and most financial transactions exist, the home of cyberpunks, and the bane of those who prefer to keep personal information private. Though subject to legal and social pressures, there is still something untamed about it, and so, a writer in Wyoming named John Perry Barlow coined the term "the electronic frontier." Hoping to seize the initiative in taming this territory, Barlow teamed up with computer entrepreneur Mitch Kapor to create the Electronic Frontier Foundation (EFF). Since it began in July 1990, the EFF has provided guidance to legislators and courts about civil liberties on the frontier, and legal assistance to those whose liberties have been threatened. Frontier Law Even with much of its territory up for grabs, Cyberspace has been populated for some time, albeit by groups with widely divergent perceptions of the communal good. On one side are "hackers," a sometimes pejorative term, but used neutrally here to describe people who gain unauthorized access to computers for whatever purpose. These hackers see themselves as unfettered, adventuresome cowboys who, in keeping with the frontier myth, are being fenced in by the settlers -- the business interests who have staked claim to the terrain -- and by the law that tends to protect these established interests. The cowboys defend computer hacking as a harmless pastime, as a pioneering activity that expands the boundaries of what is electronically possible, or as a political response to proprietary interests and individual profit. The settlers attack it as criminal, antisocial and malicious activity that costs everyone in money and security. By some estimates, computer crime accounts for as much as $5 billion in losses to government and business yearly. One of the most publicized cases of computer crime involved a virus (a software program that can alter data or erase a computer's memory) that was unleashed in 1988 over InterNet, an international computer network. The virus, known as the Worm, was written by Robert Morris, a graduate student at Cornell University, who claimed that he had created it as a prank before it got loose and infected thousands of government and academic computers. As a first-time offender, Morris was given a light sentence, but the principle established by the case has been allowed to remain: to get a conviction for computer abuse, the government need only prove unauthorized access, not intent to harm. This ruling has been compared to punishing a trespasser for the more serious offense of burglary or arson. The Morris virus not withstanding, the bulk of computer crime is not committed by hackers, but involves credit card fraud or theft by people within large companies, which are often reluctant to report it and publicize their vulnerability. In setting up the Electronic Frontier Foundation, Barlow and Kapor were reacting most directly to Operation Sun Devil, a part of a federal effort to combat computer crime, which had as its most visible targets young computer hackers and their systems of communication. On May 8, 1990, armed with 28 search warrants in 14 cities, Secret Service agents seized at least 40 computers and over 50,000 disks of data from individuals they suspected of possessing illegally- obtained information. Only seven arrests resulted, although the government kept and searched the computers and software of more who were not charged. Information obtained by CPSR under a Freedom of Information request reveals that the Secret Service had been monitoring on-line communication and keeping files on individuals who had committed no crime for several years prior to the raids. Steve Jackson Games The February before the Sun Devil raids, a grand jury indicted Craig Neidorf, a student and the publisher of an electronic magazine called Phrack, for reprinting a document stolen from a Bell South computer. Three hackers had already been sentenced to prison for stealing the document, which concerned a 911 emergency system. The phone company claimed the document was highly sensitive and set its value at $79,499. When Neidorf's case came to trial that July, however, it was revealed that the document was publicly available at a cost of $30. The government dropped the charges, but the magazine had already ceased publication, and Neidorf had incurred about $100,000 in legal costs. The Bell South file had been made available to bulletin board systems (BBSs) around the country, including one operated by an employee of Steve Jackson Games (SJG), a creator and publisher of computer games in Austin, Texas. While looking for evidence against the employee, Secret Service agents searched the bulletin board run by Jackson and found the draft of a rule book for a fantasy game called GURPS Cyberpunk. They decided it was a manual for breaking into computers. On March 1, 1990, agents raided SJG and seized computers, drafts of the game, and all the information and private communication stored on the computer used for the bulletin board. Jackson was never charged with a crime, but none of his equipment or files was returned until nearly four months later. He was forced to lay off half of his employees and estimates that the raid cost him $125,000 in publishing delays. This is a small-scale equivalent of seizing the printing presses and files of The New York Times because the Pentagon papers were found on their premises; such raids are expressly forbidden by the Privacy Protection Act. With the help of the Electronic Frontier Foundation, Jackson is suing the Secret Service for violating his Constitutional rights. Specifically, his lawyers are arguing that the request for the search warrant caused a prior restraint of a publication, was misleading because it did not tell the judge that SJG was a publisher, did not meet the specificity requirement of the Fourth Amendment, and failed to establish probable cause that criminal activity was taking place. The case is in litigation. Meanwhile, the EFF has been working on model search and seizure guidelines, which they hope to persuade the American Bar Association to adopt in place of its current guidelines for the issuance of search warrants relating to business records. In an attempt to make searches less intrusive and destructive, EFF recommends that: 1. computers used for publishing or electronic bulletin boards be afforded the same First Amendment protections as other means of publication; 2. in determining if just cause for seizure of equipment and software exists, judges shift the emphasis from what is technologically possible (e.g. an electronic trip wire that can erase all data) to what is likely to happen; 3. the search of computer disks take place on a business's premises, whenever possible; 4. under most circumstances, computers be seized only when they are the instruments of a crime. Bulletin Boards Electronic bulletin board systems are an increasingly pervasive mode of electronic communication and probably the most vulnerable to censorship. Part of the problem stems from a lack of definition. Are bulletin boards publishers, common carriers, broadcasters, electronic file cabinets, owners of intellectual property, private forums, libraries, newsstands, a combination, or none of the above? How they are categorized will determine if and how they are regulated. BBSs are relatively new, dating from about 1978; today, as many as 60,000 may be operating in the U.S. Though most are small and specialized, the government operates several big ones, such as InterNet, and businesses run others, including the two largest: Prodigy (owned by IBM and Sears) and CompuServe (a subsidiary of H & R Block). These BBSs allow individuals to "log on" to a host computer by use of a modem and telephone lines. Once they are hooked up, users can participate in electronic conferences, or conversations, send electronic or E-mail to specific individuals, and "post" messages directed at a general audience. Most BBSs neither monitor nor control E-mail, but many edit or otherwise restrict the messages on their bulletin boards. Some, such as the Whole Earth 'Lectronic Link (the WELL) in Sausalito, CA, place all responsibility for words posted on their system with the author, removing only clearly illegal or libelous material. The WELL community of about 5,000 members so far has regulated itself effectively. Other systems are less tolerant. In 1988, Stanford University attempted to block a jokes section of the bulletin board Usenet after becoming aware of an ethnically derogatory joke posted on it. The ban, though official policy, could not be implemented technically, and the jokes continued to be available throughout the campus. After a protest by students and faculty, the ban was lifted. Prodigy has been more successful in controlling the content of its bulletin board. It claims the right to do so as a private company contracting with customers to deliver a service, and as a publisher selecting the content of its on-line publication much as an editor edits a letters-to-the-editor page. Messages are first scanned by a computer to catch words and phrases Prodigy deems offensive, then vetted by employees before being posted. This editing has made for considerable controversy in Prodigy's three years of existence. In 1989, Prodigy cut out a section of its bulletin board called "health spa" after a yeasty exchange between homosexuals and fundamentalists. The next year, it banned messages from members protesting its pricing and editorial policies. Then this past year, the Anti-Defamation League publicly condemned the bulletin board for carrying grossly anti-Semitic messages. Prodigy responded that the messages were protected speech, but added the puzzling explanation that it made a distinction between derogatory messages aimed at individuals and those aimed at groups. The question of what legal precedent to apply to bulletin boards moved closer to resolution with a court ruling late in 1991. In Cubby v. CompuServe, an electronic newsletter called Skuttlebut claimed that it had been defamed by a competitor known as Rumorville, which CompuServe publishes on its Journalism Forum. A federal judge in New York likened electronic bulletin boards neither to publishers nor common carriers, but to distributors of information such as newsstands, bookstores and libraries to which a lower standard of liability applies. He decided, therefore, that CompuServe could not be held liable for statements published through its electronic library, particularly because it had no reason to know what was contained there. ELECTRONIC INFORMATION AND PRIVACY Private facts about individuals are much easier to gather and store on computer than on paper and are much more accessible to unauthorized scrutiny. Thus, computer monitoring challenges traditional expectations of privacy, exposes nearly every facet of an individual's life to potential public view and commercial use, alters the relationship between employers and employees, and opens the way for unprecedented government surveillance of citizens. For these reasons, concerns about the courts' vitiating the Fourth Amendment intensify when computer-based communication and surveillance are involved. Gary Marx, professor of sociology at MIT, notes ten characteristics of new kinds of computer- based monitoring that make them particularly intrusive: They transcend boundaries...that traditionally protect privacy. They permit the inexpensive and immediate sharing and merging and reproducing of information. They permit combining discrete types of information. They permit altering data. They involve remote access which complicates accountability issues They may be done invisibly They can be done without the subject's knowledge or consent. They are more intensive. They reveal previously inaccessible information. They are also more extensive and they cover broader areas. Privacy and Property At a meeting of Computer Professionals for Social Responsibility held in Cambridge, MA October 1991, John Shattuck, Vice President for Government, Community and Public Affairs at Harvard University, noted that when the Bill of Rights was written, personal liberty was closely linked to private property. Thus, the Fourth Amendment protected concrete things and places from unreasonable government intrusion. This idea was first upheld in relation to electronic technology in 1928, when the Supreme Court ruled in Olmstead v. United States that the Fourth Amendment did not apply to wiretapping because telephone communication was not a material thing. (It was in his dissent on this ruling that Justice Brandeis defined privacy as "the right to be left alone.") The principle of protection for tangible property remained largely unchallenged until 1967. Then, in Katz v. United States, the Supreme Court decided that the Fourth Amendment "protects people, not places," and was, therefore, applicable to wiretapping and electronic eavesdropping. This decision brought a person's ideas, politics and communication under the Amendment's protection for the first time, and set "reasonable expectation" as the standard by which to measure privacy rights. According to Shattuck, it also began a revolution in Fourth Amendment law. From 1967 until the Electronic Communication Protection Act was passed in 1986, the only electronic communication covered by law was what could be heard. Nearly all computer-based communication remained outside traditional and legal privacy protections, even as it was becoming the dominant technology. Much of digital communication in the U.S., including medical, insurance, personnel and retail transactions still lacks firm legal protection from intrusion, and the FBI recently proposed legislation that would require that all new telephone systems be designed to allow wiretapping, an ability the agency fears is endangered by new technology. In the privacy arena, the United States still lags far behind Canada, Australia and Western Europe, where at least six countries have a constitutional right to privacy and data protection. Commercial Uses The Fourth Amendment and the Privacy Protection Act apply only to the federal government, leaving commercial intrusion to be addressed piecemeal over the past two decades. For instance, the Supreme Court ruled in 1976 that there was no constitutional protection for personal information held by a bank because bank customers do not own these documents. In response, Congress passed the Right to Financial Privacy Act two years later to create a statutory protection for bank records. In 1977, the federal Privacy Protection Study Commission looked at the Privacy Act, seen then as a flawed compromise, and issued over 100 recommendations, many of which died at birth. However, one recommendation -- that the Privacy Act not be extended to the private sector, which should be allowed to comply voluntarily -- was more or less adopted by default. Other laws have since been passed to control private access to personal information, including the Fair Credit Reporting Act (1970), the Debt Collection Act (1982), the Cable Communications Policy Act (1984) and the Video Privacy Protection Act (1988). Recently, Rep. Robert Wise (D- WV), chair of the Subcommittee on Government Operations, tried to establish a Data Protection Commission, but without giving it regulatory power. As technology makes its easier to match databases and repackage personal information in commercially valuable forms, unease increases over the amount of information gathered and retained, where it comes from, how accurate it is, what use is made of it, and how individuals can control that use, especially when it is reused. Again, computers exacerbate the problem because they create a pervasive and long- lasting information trail that is decreasingly under the control of the individual involved. Often there is no direct relationship between individuals and the keeper of information about them, as with credit bureaus. Other businesses, such as telephone companies and airlines, collect information routinely without external regulation of who sees the records or how long they are kept. Even when there is an intimate connection, as with medical information, the lack of legal protection allows genetic information and records of job-related injuries, for example, to end up in private databases that are available to employers and insurance companies. Control over one's personal facts becomes even more tenuous when data collected by one organization are sold to another, which happens regularly without the individual's consent. This "second use" takes place primarily among businesses, but non-profit groups sell their mailing lists, and government agencies compare databases with businesses and each other: tax returns with welfare or student-loan records, for example. In 1991, Governor William Weld of Massachusetts proposed selling computer access to state Registry of Motor Vehicles records to private companies, but was dissuaded by vocal legislative opposition to the plan. Privacy advocates are also troubled by deceptive data collection techniques and inaccurate information that can be difficult and expensive to correct. In July 1991, six state attorneys general sued TRW, one of the three big credit-reporting companies, for failure to correct major reporting errors. TRW eventually agreed to supply individuals with free copies of their credit files on request; other companies still charge for such reports. Computers also provide a mechanism for fighting this Big Brother scenario. In 1990, Lotus Marketplace worked with Equifax, another consumer data collector, to put portions of its database onto compact disk so that marketing information about individuals could be sold in a convenient format to businesses. When the plan became public, it occasioned an outcry of surprising proportions -- about 30,000 responses, many from people who had learned about the project through electronic forums, and nearly all negative. In January 1991, Equifax and Lotus bowed to the pressure and scrapped the project. Privacy Protections For the past several years, privacy advocates have been working to pass policies and laws to protect individuals from the unwanted intrusions into their personal lives that computers make easy and appealing to businesses. The guiding principles for privacy policy are well summed up in a 1989 paper written by Jerry Berman and Janlori Goldman for the Benton Foundation: 1. Information collected for one purpose should not be used for a different purpose without the individual's consent. 2. Policy should be developed with an eye towards new advances in information technology and telecommunications. 3. Legal limits should be placed on the collection and use of sensitive information -- the more sensitive the information, the more rigorous the disclosure standard. 4. Individuals must be provided with easy access to their records, including access to computerized records, for the purpose of copying, correcting, or completing information in the records. 5. Exemptions for non-disclosure should be clearly justified and narrowly tailored to suit the requester's need. 6. Legislation should include enforcement mechanisms, such as injunctive relief, damages, criminal penalties, and reimbursement of attorney's fees and costs. Watching Employees Also in the private sector, computers are increasingly being used to track employees' use of time, productivity, and communication with each other and the public. According to Karen Nussbaum, Executive Director of 9to5, the national organization of office workers, the work of 26 million employees is monitored electronically, and the evaluation and pay of 10 million is determined by computer-generated statistics. This kind of monitoring is more intrusive than human supervision, she points out, because it watches the personal habits of employees and because it is constant. As a form of surveillance, employers often reserve the right to read the electronic mail of employees and may do so because the Electronic Communications Privacy Act protects electronic mail only on public networks. The E-mail systems of large corporations, including Federal Express and American Airlines, automatically inform workers that the company may read mail sent over the systems. Other companies do not inform, but read anyway. When an employee of Epson America, a California- based computer company, learned that this was the company's practice and complained, she was fired the next day. Her lawsuit charging wrongful termination is in litigation. In the fall of 1991, Sen. Paul Simon (D-IL) introduced legislation (S. 516) which would require that employees and customers be notified if their electronic communication and telephone conversations are being monitored, either in specific instances or as a policy of their employer. Rep. Pat Williams (D-MT) has introduced similar legislation in the House (HR. 1218), and both bills are in committee. Government Surveillance The United States government is the largest collector of information about people in this country and perhaps the largest keeper of personal information in the world. This information consists mostly of separate records, such as tax and social security files, but in a 1986 study, Congress's Office of Technology Assessment determined that, because these files can be matched and combined, a de facto national database on Americans already exists. Other information is gathered by surveillance. The FBI's National Crime Information System (NCIC) is a high-speed, computerized system containing criminal justice information, including Secret Service investigations, missing person files, and criminal histories or "rap sheets." The system began in 1967 and now runs about one million transactions each day. Information is maintained on a computer in Washington, DC, which is connected to each state and to 60,000 offices including those of sheriffs, prosecutors, courts, prisons, and military investigators. For instance, a police officer using the NCIC system to find out if a driver he or she has stopped is wanted for a crime can call up fingerprints and photos on the database to make an on-the-spot identification. The NCIC is proud of the efficiency of its system and claims that it has built in safeguards against inaccuracy and abuse. Civil libertarians, however, have doubts. In addition questioning whether arrests for current actions should be made on the basis of past behavior, they point out that data on arrests may be stored separately from data on convictions, and that computers make it harder to control the spread of inaccurate, outdated or ambiguous information. They also fear that the ease in using the system will encourage police to be less discerning in stopping people for investigation. There is concern too that the system can be used for purposes other than criminal justice, with information shared when someone applies for a government or military job or a professional license. In 1988, the FBI suggested connecting the NCIC to the computers of the Department of Health and Human Services, the IRS, the Social Security Administration and the Immigration and Naturalization Service; the plan was eventually defeated. More recently, alarms were raised by disclosures that the FBI conducted years of surveillance of political opponents of the Reagan administration's Central American policy, though they had committed no crime. Library Awareness Program On June 8, 1987, a clerk at Columbia University's Math/ Science Library was approached by two FBI agents who asked for information about "foreigners" using the library. This was, the agents said, part of the Library Awareness Program under which the FBI tried to enlist the assistance of librarians in monitoring the reading habits of "suspicious" individuals, variously defined as people with Eastern European or Russian-sounding names or accents, or coming from countries hostile to the U.S. It is still unclear how extensive the program is -- FBI officials have given contradictory information -- but the American Library Association (ALA) has verified 22 visits in various parts of the country that appear to have had the same purpose, and, in one statement, the FBI said the program was 25 years old. The FBI has also requested computerized check-out records from technical and science libraries and has asked private information providers, including Mead Data Central and Charles E. Simon Co., to help monitor use of their databases. Although public and university libraries do not have classified information, the FBI has justified its interest in library use by a version of the "information mosaic" theory: that discrete and benign pieces of information can be put together to present a danger to national security and therefore need to be controlled. Monitoring library usage is illegal in 44 states and the District of Columbia and violates an ALA policy, dating from 1970, that prohibits the disclosure of information about patrons' reading habits. In July 1987, the ALA wrote the FBI to inquire about the Library Awareness Program, and the National Security Archive filed an FOIA request asking for records about the program. The FBI responded that it had no records under that name, and Quin Shea, who was then Special Counsel to the Archive, says they probably didn't, since the real name of the program is classified. The Archive filed a second FOIA request that September, and the ALA filed its own requests in October and December. In September 1988, the ALA Intellectual Freedom Committee met with high-level representatives of the FBI. That same month, FBI Director William Sessions wrote Rep. Don Edwards (D-CA) that the program would be limited to technical libraries in the New York City area, presumably where the concentration of spies is greatest, and that cooperation of librarians would be voluntary. It was only in the summer of 1989, after Edwards and other members of Congress had gotten involved and the Archive had sued the FBI, that about 1200 pages of documents were released. These showed, among other things, that some librarians did cooperate. The Archive is again suing the FBI for the release of more material. ACCESS TO GOVERNMENT INFORMATION Privacy advocates and policy makers have long emphasized the importance of an individual's right to review information held about him or her. But, though the federal government has been collecting large amounts of information since the end of the last century, the public's right to monitor that information and the government's activities, has gained cache only fairly recently. The Freedom of Information Act (FOIA) was passed in 1966, and strengthened in 1974, followed in 1976 by the Sunshine Act. These laws gave the public greater access to information about government practices and decision making. Significantly, this swing toward openness in government took place at the same time that technological developments provided the government with ever greater information- collecting abilities. Information policy, the means by which government information is made available, can be divided into three broad categories: disclosure, access and dissemination. The past decade has seen cutbacks in all three areas: for example, a 10% annual increase in classification decisions since 1982; the elimination or privatization of one in four government publications since 1981 under the Paperwork Reduction Act; and foot dragging or outright hostility on Freedom of Information requests. In addition, the computerization of government operations has consistently been designed for bureaucratic efficiency with little interest in increased openness or access. Electronic Access and Freedom of Information One major area of debate in information policy is the effect of computerization on the FOIA. Theoretically at least, it is easier to search and retrieve records by computer than by hand, thereby lessening the burden on the responding agency and making them more amenable to FOI requests. But it is also likely that the volume and variety of requests will grow as the possibilities of information searches become apparent. The Act mandates that records of the executive branch of government be available to the public on request, exempting only nine narrowly-defined categories, and it is almost universally accepted by now that electronic records are covered along with those on paper. There have been legal decisions to the contrary, which have placed privacy above disclosure concerns, but these have usually involved requests for information to be used commercially. However, since the FOIA was written with paper records in mind, it left unaddressed the questions of what constitutes a record and a reasonable search, and what format is required for making information available. These and other disputes are currently being arbitrated by the courts, Congress and the agencies involved. The balancing act between access and privacy also becomes trickier with electronic storage of information. In 1977, the Supreme Court looked at a state's records of people who obtained prescription drugs legally and determined that this centralized file included sufficient safeguards to protect privacy, making it constitutional. Still, the Court found that government collection of personal information did pose a threat to privacy because "that central computer storage of the data thus collected...vastly increases the potential for abuse of that information." A similar privacy concern informed a more recent Supreme Court decision in which the Reporters Committee for Freedom of the Press was denied access to FBI criminal history records in computerized form. In addition to arguing against disclosure on privacy grounds, the Justice Department has opposed requests for records analyzed and combined by computer, maintaining that this is equivalent to creating a new record, something the FOIA does not require an agency to do. Independent studies, however, tend to conclude that this is more like searching through an electronic filing cabinet and suggest that disputes be settled by applying a standard of reasonable effort, a term yet to be defined satisfactorily. A third major area of dispute is the form in which the requested information is made available. This problem arises in two different situations: where the data exist in more than one format and a requester has a preference, and where they do not exist in the format requested. The first is more common and more controversial. In 1984, a district court ruled that the government does not have to provide information in a requested format in order to fulfill its FOIA obligation (Dismukes v. Department of Interior, 603 F. Supp. 760 (DDC 1984)). But in Department of Justice v. Tax Analysts (492 U.S. 136 (1989)), the court determined that an agency can withhold a record only if it falls under one of the delineated exemptions. This ruling suggests that such a rationale would override Dismukes in a new court case. In 1989, the Justice Department asked federal agencies how they viewed their obligations under FOIA to provide electronic information. The survey found wide variation among agencies, but a tendency against disclosure: # 76% of the respondents did not think the law required them to create new, or modify existing, computer programs to search for requested information; # 47% did not think they had to create new programs to separate disclosable from classified information; # 59% did not think the FOIA required them to comply with the requested format. Sen. Leahy is attempting to codify these requirements through a proposed Electronic Freedom of Information Improvement Act (S. 1939), which will come up for a hearing this spring. This amendment to the FOIA would require agencies to provide records in the form requested and make a reasonable effort to provide them in electronic form, if requested, even if they are not usually kept that way. It defines "record" to include "...computer programs, machine readable materials and computerized, digitized, and electronic information, regardless of the medium by which it is stored..." "Search" is defined to include automated examination to locate records. While many researchers and journalists support Leahy's bill, some public interest groups worry that, like other legislation targeting electronic communication, this will draw unwelcome scrutiny to the issue. Instead, they support an evolutionary process involving education and specific appeals to agencies. Transactional Data and the IRS The manipulation of data in a usable format is a useful tool in analyzing how government agencies really work. One particularly rich vein is transactional information, data recorded by government agencies in the course of their work. When this information is matched with other statistics, it can be analyzed to reveal what might otherwise be obscured about the activities of the government. A successful practitioner of this kind of investigation is investigative journalist David Burnham. In A Law Unto Itself: Power, Politics and the IRS, Burnham reports that computerized files obtained from the IRS revealed that audit rates vary widely among sections of the country, as does the likelihood of property seizure for delinquent taxes. He also discovered that there had been no increase in non- compliance rates over the past 15 years, although the IRS used the threat of increasing tax evasion as a basis for requesting new money for enforcement. The IRS had failed to adjust for inflation or margin of error in their calculations. Burnham drew some of his conclusions from the work of Susan Long, Director of the Center for Tax Studies at Syracuse University. Burnham and Long founded the Transactional Records Access Clearinghouse (TRAC) with the goal of forcing the release of government data not available before. Long, who began her siege on the IRS in 1969, filed 13 FOIA requests to that agency and frequently took it to court to force it to open its records. She won a precedent-setting victory in Long v. IRS (596 F. 2nd 362 (9th Cir. 1979), with a ruling that the FOIA definition of "record" covered data on computer tapes. Her lawsuit, concerned the Taxpayer Compliance Measurement Program (TCMP), which measures the effectiveness of the IRS system and determines who will be audited. Although the data produced were kept so secret that they were withheld even from the Government Accounting Office, Long found that the information had little effect on the IRS's audit coverage, even when it pointed up regions or classes that were under- audited. ENHANCING FREE EXPRESSION WITHIN THE ELECTRONIC FORUM The dangers of assuming that because a technology is value-free and neutral, the uses to which it is put will also be benign are well- documented and real. But for all the new or magnified threats to individual liberties arising from computer-assisted communication, the electronic forum also offers the means to increase those liberties by expanding the possibilities for talking and working together and for building political and social alliances. Widespread and fairly allocated computerized resources can offer: increased citizen participation in and oversight of government affairs; assembly, organizing and debate unrestricted by geographical distances or boundaries; decentralized decision making; a challenge to news and publishing monopolies; rapid international exchange of information; and individually-tailored, focused information to combat the information glut that interferes with communication. Stewart Brand has said that information wants to be free, and this may be nowhere more true than in electronic communication, which, by its very design, abhors censorship and monopolies (though history has proven that technology does not outsmart repression for long). It is important that those concerned with civil liberties enter the electronic forum with a mixture of optimism and vigilance and take part in the debate on its future while that debate is still open. FOR FURTHER INFORMATION: Berman, Jerry and Janlori Goldman. A Federal Right of Information Privacy: The Need for Reform. Washington, DC: Benton Foundation, 1989. Berman, Jerry. "The Right to Know: Public Access to Electronic Public Information." Software Law Journal Summer 1989:491-530 (reprinted by The Markle Foundation). Burnham, David. A Law Unto Itself: Power, Politics and the IRS. NY: Random House, 1989. " " The Rise of the Computer State. NY: Random House, 1983. Demac, Donna A. "The Electronic Book." American Writer Winter 1992. Ermann, M. David et al. Computers, Ethics, & Society. NY: Oxford UP, 1990. Index on Censorship July 1991. Section on computers and free speech. "Is Computer Hacking a Crime? A Debate From the Electronic Underground." Harper's March 1990:45-57. Lacayo, Richard. "Nowhere to Hide." Time 11/11/91: 34-40. Office of Information and Privacy. Department of Justice Report on "Electronic Record" Issues Under the Freedom of Information Act. Washington, DC, 1990. Perritt, Henry H. Jr. (prepared report). Electronic Public Information and the Public's Right to Know. Washington, DC: Benton Foundation, 1990. Pool, Ithiel de Sola. Technologies of Freedom. Cambridge, MA: Harvard UP, 1983. Proceedings of The First Conference on Computers, Freedom & Privacy. Los Alamitos, CA: IEEE Computer Society Press, 1991. Reporters Committee for Freedom of the Press. Access to Electronic Records. Washington, DC, 1990. Rosenberg, Roni. Selected and Annotated Bibliography on Computers and Privacy. Palo Alto: Computer Professionals for Social Responsibility. Scientific American. Special issue on communications, computers and networks. Sept. 1991. Shattuck, John and Muriel Morisey Spence. Government Information Controls: Implications for Scholarship, Science and Technology. Association of American Universities occasional paper, 1988. Westin, Alan. Privacy and Freedom. NY: Atheneum, 1967. RESOURCES ACLU Project on Privacy and Technology 122 Maryland Avenue, NE Washington, DC 20002 (202) 675-2320 privacy issues Computer Professionals for Social Responsibility National Office P.O. Box 717 Palo Alto, CA 94302 415/322-3778 general political and social issues Electronic Frontier Foundation 155 Second Street Cambridge, MA 02141 617/864-0665 general political and legal issues National Writers Union 13 Astor Place, 7th floor New York, NY 10003 (212) 254-0279 intellectual property issues Public Citizen 2000 P Street, Suite 700 Washington, DC 20036 (202) 833-3000 privacy issues Reporters Committee for Freedom of the Press 1735 Eye Street, NW, suite 504 Washington, DC 20006 (202) 466-6312 access to government information Transactional Records Access Clearinghouse 478 Newhouse II Syracuse, NY 13244 (315) 443-3563 access to government information For more information, contact: Gara LaMarche, (212) 972-8400 (o) (718) 789-5808 (h) * * * This newsletter is a publication of the Fund for Free Expression, which was created in 1975 to monitor and combat censorship around the world and in the United States. It was researched and written by Nan Levinson,a freelance writer based in Boston and the U.S. correspondent for Index on Censorship. The Chair of the Fund for Free Expression is Roland Algrant; Vice Chairs, Aryeh Neier and Robert Wedgeworth; Executive Director, Gara LaMarche; Associate, Lydia Lobenthal. The members are Alice Arlen, Robert L. Bernstein, Tom A. Bernstein, Hortense Calisher, Geoffrey Cowan, Dorothy Cullman, Patricia Derian, Adrian DeWind, Irene Diamond, E.L. Doctorow, Norman Dorsen, Alan Finberg, Francis FitzGerald, Jack Greenberg, Vartan Gregorian, S. Miller Harris, Alice H. Henkin, Pam Hill, Joseph Hofheimer, Lawrence Hughes, Ellen Hume, Anne M. Johnson, Mark Kaplan, Stephen Kass, William Koshland, Judith F. Krug, Jeri Laber, Anthony Lewis, William Loverd, Wendy Luers, John Macro, III, Michael Massing, Nancy Meiselas, Arthur Miller, The Rt. Rev. Paul Moore, Jr., Toni Morrison, Peter Osnos, Bruce Rabb, Geoffrey Cobb Ryan, John G. Ryden, Steven R. Shapiro, Jerome Shestack, Nadine Strossen, Rose Styron, Hector Timerman, John Updike, Luisa Valenzuela, Nicholas A. Veliotes, Kurt Vonnegut, Jr., Gregory Wallance and Roger Wilkins. The Fund for Free Expression is a division of Human Rights Watch, which also includes Africa Watch, Americas Watch, Asia Watch, Helsinki Watch, Middle East Watch, and special projects on Prisoners' Rights and Women's Rights. The Chair is Robert L. Bernstein and the Vice Chair is Adrian W. DeWind. Aryeh Neier is Executive Director; Kenneth Roth, Deputy Director; Holly J. Burkhalter, Washington Director; Susan Osnos, Press Director.