home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Handbook of Infosec Terms 2.0
/
Handbook_of_Infosec_Terms_Version_2.0_ISSO.iso
/
text
/
privacy
/
p02_007.txt
< prev
next >
Wrap
Text File
|
1996-09-03
|
40KB
|
839 lines
PRIVACY Forum Digest Saturday, 6 March 1993 Volume 02 : Issue 07
Moderated by Lauren Weinstein (lauren@cv.vortex.com)
Vortex Technology, Topanga, CA, U.S.A.
===== PRIVACY FORUM =====
The PRIVACY Forum digest is supported in part by the
ACM Committee on Computers and Public Policy.
CONTENTS
PRIVACY Forum materials now available via Gopher
(Lauren Weinstein; PRIVACY Forum Moderator)
Telephone numbers vs reverse directories (A. Padgett Peterson)
Blocking CallerID (Gregg A. TeHennepe)
Privacy of Poilice Records (Rasch@DOCKMASTER.NCSC.MIL)
Information America (Larry Seiler)
Re: Information America (John Pettitt)
Should the information industry be consentual? (Larry Seiler)
Re: Should the information industry be consentual? (John Pettitt)
Forwarding: Comments on the Clinton Technology Policy
(Sarah M. Elkins)
Credit Card Validation (Brinton Cooper)
GPO Access - WINDO Update (James Love)
*** Please include a RELEVANT "Subject:" line on all submissions! ***
*** Submissions without them may be ignored! ***
-----------------------------------------------------------------------------
The PRIVACY Forum is a moderated digest for the discussion and analysis of
issues relating to the general topic of privacy (both personal and
collective) in the "information age" of the 1990's and beyond. The
moderator will choose submissions for inclusion based on their relevance and
content. Submissions will not be routinely acknowledged.
ALL submissions should be addressed to "privacy@cv.vortex.com" and must have
RELEVANT "Subject:" lines. Submissions without appropriate and relevant
"Subject:" lines may be ignored. Subscriptions are by an automatic
"listserv" system; for subscription information, please send a message
consisting of the word "help" (quotes not included) in the BODY of a message
to: "privacy-request@cv.vortex.com". Mailing list problems should be
reported to "list-maint@cv.vortex.com". All submissions included in this
digest represent the views of the individual authors and all submissions
will be considered to be distributable without limitations.
The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "cv.vortex.com",
in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password. The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access. PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system. Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive. All PRIVACY Forum materials are also
available through the Internet Gopher system via a gopher server on
site "cv.vortex.com".
For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@cv.vortex.com, call (310) 455-9300, or FAX
to (310) 455-2364.
-----------------------------------------------------------------------------
VOLUME 02, ISSUE 07
Quote for the day:
"Knowledge is Good."
-- Emil Faber (Faber College Slogan)
"National Lampoon's Animal House" (1978)
----------------------------------------------------------------------
Date: Sat, 6 Mar 93 19:28 PST
From: lauren@cv.vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: PRIVACY Forum materials now available via Gopher
Greetings. I'm pleased to announce that all PRIVACY Forum materials
(including back issues and all other archival materials) are now
available via the Internet Gopher system, via a gopher server here
on site "cv.vortex.com". Gopher administrators should feel free
to set up links to the cv.vortex.com gopher server as desired.
--Lauren--
------------------------------
Date: Sat, 20 Feb 93 09:31:28 -0500
From: padgett@tccslr.dnet.mmc.com (A. Padgett Peterson)
Subject: Telephone numbers vs reverse directories
>From: rogue@mica.berkeley.edu (Brett Glass)
>Subject: Numbers and Addresses (Subject field supplied by MODERATOR)
>Mr. Peterson might be interested in knowing that getting an
>unlisted phone number, or excluding one's address from the
>telephone book, in no way impedes marketers armed with a phone
>number who wish to obtain your name and address. Several
>commercial "matching" services now exist which use data from
>magazine subscriber lists, business customer databases, and other
>pools of personal data -- many of which include phone numbers.
Guess the bottom lime is "never trust a single layer", in my case the
second layer is a PO Box which is used for billing & commercial
transactions.
A final suggestion is the use of "canary traps" - creative mispellings
of your name for different uses - to pinpoint what list information
was garnered from. Finally a question: what happens when a marketeer
gets multiple hits for the same name/number ? (different zip codes & cities
even 8*).
Coolish today but we Floridians know what to do when it drops into the 50s,
Padgett
------------------------------
Date: Tue, 23 Feb 93 09:52:04 -0500
From: gateh@mvax.cc.conncoll.edu (Gregg A. TeHennepe)
Subject: blocking CallerID
CallerID is beginning to be implemented in the state of CT, and so,
being a reader of this forum as well as RISKs, it was with some
interest that I read the SNET's insert in my bill regarding the
service. They provided little stickers with the key sequence to
block on a per call basis, which I thought was handy, but what
really surprised me was the policy regarding default ID blocking.
Perhaps Privacy readers can let me know if this is unusual or not.
The policy stated that, for a $1.00 a month fee, you could have your
number blocked on all calls, *providing you completed a sworn and
notorized affadavit to the effect that the CallerID feature was a
threat to your personal sercurity*! I can understand charging a
service fee for such a service, but to restrict access to the
service in such a manner seems thoroughly unreasonable to me. If I
can block on a per call basis, why should I not be able to pay to
have blocking as a default?
Personally I'm not all that concerned about the policy since I use
the phone very little and will use the per call blocking feature
when I need to (and that will probably be rarely). I am a little
worried by the apparent reasoning behind the policy, tho, which
seems not to be oriented in the interest of the customer.
Cheers - Gregg
Gregg TeHennepe | Comp & Info Services | Internet: gateh@mvax.cc.conncoll.edu
Post/Hostmaster | Connecticut College | BITNET/CREN: gateh@conncoll
------------------------------
Date: Wed, 24 Feb 93 10:50 EST
From: Rasch@DOCKMASTER.NCSC.MIL
Subject: Privacy of Police Records
I am working on a project involving issues of personal privacy
and police and motor vehicle records. Specifically, a question
has been raised about the legality of a private group which
publishes newsletters and periodicals obtaining police reports,
criminal history records, and licence plate checks from
"friendly" law enforcement sources. I understand that this is a
question of state law in most states. Can anyone advise where I
might find a compendium of state privacy statutes which would
cover the question of whether it it illegal to receive such
information?
------------------------------
Date: Thu, 25 Feb 93 14:13:11 EST
From: "Larry Seiler, x223-0588, MLO5-2 25-Feb-1993 1307"
<seiler@rgb.enet.dec.com>
Subject: Information America
A posting in the RISKS DIGEST 14.34 describes the "Information America"
dial-in service: customers (paralegals and other investigators) dial
in to obtain information about a named individual, the owner of a
specified telephone number, and so forth. The database covers 111M
Americans, 80M households, and 61M telephone numbers. According to
the RISKS posting (derived from an article in Mondo), IA can trace people
who have moved, and can provide current address/phone, lists of neighbors,
and "personal profiles". I presume that the "personal profiles" are the
sort of information that Lotus' Household Database CD would have provided:
estimated income, buying habits, and other (sometimes speculative) data.
A posting by John Pettitt in RISKS DIGEST 14.35 contains the following
statement regarding IA's personal search/profile services:
> As to the other services they provide, what is the problem ? We live in an
> information society. If you don't want people using and tracking information,
> don't give it to them (i.e., go live some place where there are no phones or
> credit cards).
>
> [ P.S. I am CEO of a direct response marketing company so I'm biased :-) ]
I find the above highly disturbing. The poster seems to imply that if I
use a phone or a credit card, it gives those in the data business a right
to use that data in any way they see fit. That's like saying that those
who don't like peeping toms should live in houses without windows.
I don't buy the argument that using a credit card gives anyone the right to
sell information about what I purchased. I don't accept that applying for
a loan gives a bank the right to sell data about my income. I personally
don't care who knows where I live, but others do, and I believe they should
have a right to privacy (if they are not charged with violating the law).
I wonder how or if Mr. Pettit's own business would change if people *knew*
how information about them was being used and could stop it if they didn't
like it. Perhaps most people wouldn't object to his company's activities.
In that case, why not support those who want data privacy? However, if a
right to data privacy would impact his business, that raises other questions.
Such as, why is his business more important than a right to privacy?
Sincerely,
Larry Seiler
PS: I get about 4 unsolicited catalogs a day, plus numerous offers of
loans and investments from people who apparently know more about my
finances than I ever publicly disclose. So perhaps I too am biased. :-)
However, for me unsolicited mail is not the problem -- the exchanging
of data about me that I consider to be my property is the problem!
------------------------------
Date: Thu, 25 Feb 93 12:54:22 PST
From: John Pettitt <jpettitt@well.sf.ca.us>
Subject: Re: Information America
In reply to a posting I made to RISKS Lary Seiler writes:
> I find the above highly disturbing. The poster seems to imply that if I
> use a phone or a credit card, it gives those in the data business a right
> to use that data in any way they see fit. That's like saying that those
> who don't like peeping toms should live in houses without windows.
>
> I don't buy the argument that using a credit card gives anyone the right to
> sell information about what I purchased. I don't accept that applying for
> a loan gives a bank the right to sell data about my income. I personally
> don't care who knows where I live, but others do, and I believe they should
> have a right to privacy (if they are not charged with violating the law).
Well maybe it's an extreme analogy but the basic issues is that it's not
possible to control the flow of information. Attempts to do so limit
the availablilty of information to those with money (=power). The current
CLID debacle in california is a classic of this problem. (big guys have ANI
on 800 numbers - small guys dont have caller ID).
On the specific isue of credit card sales info. Selling that information
gives citibank and amex an additional revenue stream and a protential price
advantage. In a free market if you think you can charge more for a credit card
that does not sell information and you can find customers then good luck
to you. If you sign a loan form that says they will report to credit
agencies then you have accepted the distribution of that information.
If you don't like it find another bank.
Now as it happens all banks report, I suspect this is due to the lack of
a free market in banking. They have a duty to minimize risk which they
do by sharing information. What would you like - safe savings or privacy
you can't have both under the current system.
As to my buisness - well if I could not sell data I would have to put
up my prices for products.
In general business advantage comes from having more and more accurate
information that the next guy. This has been true since the pony express
and or clipper ships. The faster you can respond to a market the more money
you make. This is what makes the economy go round. Ristrict the flow
of information and you restrict buisiness and reduce the GDP, tax base
and ability to fund all the things government already has it's fingers
into.
What bad thing is going to happen to you if information on your spending
habbits, income and phone calls is globaly available ? (and why
has it not already happened since most of this IS available for a price).
John
(Taking an extreme view to provoke thought and question assuptions)
------------------------------
Date: Thu, 25 Feb 93 17:23:18 EST
From: "Larry Seiler, x223-0588, MLO5-2 25-Feb-1993 1717"
<seiler@rgb.enet.dec.com>
Subject: Should the information industry be consentual?
Continuing the public discussion with John Pettitt...
The real world is far too complex for extreme positions to be viable.
I do not propose that we should shut down the information exchange
business -- I propose that it should be recast on a "disclosure and
consent" basis: every form that requests "personal information" would
have to disclose how that information might be used, and consent would
have to be solicited for any use other than by the business that collected
it for purposes related to the reason it was collected. This could be
very simple -- e.g. a line of fine print about how the data will be sold
and a box to check to withold permission. Most people would probably
allow the information to be sold -- especially if it saved them some
money. At present, as John notes, nobody has a choice about it.
The above paragraph refers to "personal information" without defining
the term. This is deliberate, because I don't want to rathole on the
details of what is personal and therefore deserving of privacy protections.
I claim that SOME data is personal -- for example income. At present, only
credit data has any restrictions on its exchange, and those restrictions
come to very little in practice. After all, anyone with a "business need
to know" and my SS# can look at my credit report, without my knowledge.
Now, about the extreme view that John takes to provoke thought. Here are
some extreme views of my own to spark some thought in the other direction.
One of John's arguments is that business is more efficient if there is
free and arbitrary flow of information. Well, an absolute dictatorship
is the most efficient form of government. I don't accept efficiency as
the sole grounds for judging whether a social system is good. I don't
accept that an efficient system has to be non-consentual, either.
Another of John's arguments is that if trying to restrict the flow of
information simply limits it to those with money (=power). There are
a huge variety of crimes that can be pretty freely indulged in by
those with money and power -- the S&L crisis is one example. That
doesn't make me think that we should give equal opportunities to all.
John argues that those who don't want their credit card data revealed
should use a credit card company that doesn't do that. Of course,
there are none, nor are there any credit card companies that even
inform their customers that they sell data. If it's so reasonable to
sell the information, why don't they tell people that they do it?
John argues that the banking industry has a duty to minimize risk and
that's why they report. Not true! Minimizing risk requires *obtaining*
information, not *selling* it. I am happy to grant my bank permission
to investigate my finances -- and to grant John's company permission to
provide the bank with any relevant information it may have. It is the
releasing of this information WITHOUT MY CONSENT that I object to.
The bank is free to deny my loan if I won't let them check up on me.
And by the way, the loan form DOES NOT say that they will report my
answers, it just says they'll *check* my answers. If they sell my
answers, they do it without my permission and without informing me.
John says that it's unfair for the big guys to have ANI on 800 number
calls, when the small guys can't use caller ID. I agree -- California
should cause caller ID blocking to block ANI on 800 and 900 calls, too!
John says that if he could not sell data then he would have to raise
the prices for his products. OK, but does he disclose to customers
that he sells the data? Many people would be happy to take the lower
prices, but some would not. At present, *nobody* has a choice.
And finally, what bad thing is going to happen to me if information
on my spending, income, and phone calls is globally available? The
mind boggles. To start with, inaccurate information can cause a
great deal of damage. Credit databases (for example) have been shown
to have errors for as many as half of the people -- and serious errors
for as many as 30%. Who knows how many errors the "personal profile"
databases have? Unlike credit reports, you can't find out what they say
about you, except indirectly. No, I wasn't hurt when somebody entered
"Jewish" into some database somewhere and I started getting catalogs
of Passover supplies and letters about voting for senators who are
friends of Israel. But there are many cases of people being denied
loans, being thrown off welfare roles, or losing their jobs due to
errors in the databases. Funny, when a computer database contradicts
something a human being says, most people consider the human guilty
until convincingly proven innocent. Many won't even listen to
evidence that the computer database might be wrong.
But beyond that, there's something more fundamental. People peeking
into my private business are like people standing on my porch and
peeking in my windows. Why should I have to prove that I was hurt
or might be hurt? Privacy is now considered to be a consitutionally
guaranteed right (yes, I know the constitution doesn't use the word
"privacy"). Why does the "information age" compel us all to give it up?
Why can't people have a choice about what privacy to give up? If the
economic advantages of surrendering privacy are so great, then most
people will go for it. If the advantages are so clear, why is the
information industry afraid to tell their customers what they are doing
with personal data or to offer any choices?
Enjoy,
Larry
PS -- No offense meant and none taken, I hope! I feel that this is an
important issue and deserves vigorous discussion. Thanks for your replies.
------------------------------
Date: Thu, 25 Feb 93 15:32:59 PST
From: John Pettitt <jpettitt@well.sf.ca.us>
Subject: Re: Should the information industry be consentual?
Continuing the public discussion with Larry
>
> The real world is far too complex for extreme positions to be viable.
Agreed.
In fact I agree with much of what Larry says. I submit that he has yet to
prove a case where free flow of _accurate_ information has caused a problem.
Bad information is to nobodys advantage - it is worse than no information and
has no commercial value.
I would submit that a dictatorship is anything but efficent - competition
makes things work well. I agree that information disclosure should be
dragged out from under the rock. As to some sort of required request law
well that is an interesting issue in itself. I would welcome a neutral
law (one that did not default private) as it would allow me to pre-screen
the potential customers and improve my hit rate.
I do think the bedroom window analogy is rather extreme and emotive.
On the ANI issue - I I am paying for a service (an 800 #) then I want to
know that I am getting (I.E. where the call came from). Second if you
want to break my evening by inging a bell in my house I wan't the electronic
peep hole (Caller ID) to see who you are before I talk to you. These are
both reasonable in a free world.
Data collection and trading is going to happen no matter what - even if it
moves off shore (a silly concept in the digital age). The sooner we face
the reality and establish norms, conventions and taboos regarding data
the better. A start would be to:
1) don't restrict the free flow of _accurate_ data
2) establish clear, enforced methods of trcking data
3) make provision for reaonable penalties for selling inaccurate data
(#3 depends on getting the tort system under control - another of my
pet subjects :-)
The problem with all this it is completly impossible to enforce. Look
at the UK "Data Protection Act" for an example of a law that is ignored
by one and all and exempts the databases that can do real harm (law
enforcement).
If you can find a real case of harm by accurate information used lawfully
and a way of enforcing privacy I would be happy to look at it.
John
No offence taken - I like a good argument, that why I read USENET ;-)
[ I've suggested to John and Larry that they continue
their discussion in private for now to encourage other
readers to enter into the discussion. -- MODERATOR ]
------------------------------
Date: Mon, 1 Mar 1993 13:43:47 PST
From: Sarah_M._Elkins.Wbst139@xerox.com
Subject: forwarding: comments on the Clinton Technology Policy
I thought these comments from the sci-tech-studies distribution might be of
interest. Forwarded with permission.
Regards,
- Sarah (elkins.wbst139@xerox.com)
----------------------------------------------------------------
Sender: sci-tech-studies-relay@ucsd:edu:Xerox
Date: 28 Feb 93 13:15:14 EST (Sunday)
Subject: Clinton Technology Policy
From: wpg@ethics.med.pitt
To: sci-tech-studies@ucsd
This is a comment on the technology policy statement announced by
Clinton and Gore on 2/22/93. The policy inititiatives include the
substance of the National High Performance Computer Technology Act
that Gore had previously sponsored in the Senate (e.g., S. 1067 in the
101st Congress). Central to that act and the new initiative is the
National Research and Education Network (NREN), a plan to increase the
bandwidth of the internet and develop software for its utilization. I
am concerned that the technology policy does not adequately address
privacy or other concerns about the social implications of computing,
including concerns raised by its proposed initiatives.
In the hearings on the High Performance Computing Act, medical
informatics was one of the applications envisioned for the NREN. It's
also part of the Clinton technology policy. The (brief) discussion of
medicine in the 2/22 statement is interesting:
"This information infrastructure -- computers, computer data
banks, fax machines, telephones, and video displays -- has as its
lifeline a high-speed fiber-optic network capable of transmitting
billions of bits of information in a second....
"The computing and networking technology that makes this
possible is improving at an unprecedented rate, expanding both our
imaginations for its use and its effectiveness. Through these
technologies, a doctor who needs a second opinion could transmit a
patient's entire medical record -- x-rays and ultrasound scans
included -- to a colleague thousands of miles away, in less time
than it takes to send a fax today."
Well, imagine that ("Hey Sue, lookit chromosome 17 on this guy from
the Farber! 20 bucks at 7 / 5 sez he's malignant in 5 years. Bet he
hopes his insurer never sees this, har har."). Without having any
expertise here, I find it plausible that network consults using
computerized medical records would have many benefits for patients.
But it's also clear that implementing a network-mediated record system
that provided secure confidentiality would be a challenging
engineering task. I mean social as well as computer engineering, it's
the communication among people that is problematic here.
I find much to like in the technology policy. Unfortunately, I see
little evidence that privacy has been a priority in the current policy
or the former High Performance Computing Act. I would appreciate
hearing from others whether the policy adequately covers other aspects
of socially responsible computing. The technology policy ought to
include a statement of ethics concerning computerized information. I
also believe that the NREN should follow the example of the NIH's
Human Genome Project, which devotes 5% of its research budget to a
program for studies of the Ethical, Legal, and Social Implications of
human genetic research.
--
[][][][][][][][][][][][] William Gardner [][][][][][][][][][][][][][][]
[] /_ o / / Psychiatry Dept, School of Medicine 412-681-1102 []
[] /__) / / / University of Pittsburgh wpg@ethics.med.pitt.edu []
[][][][][][][][][][] Pittsburgh, PA 15213 [][][] FAX:412-624-0901 [][]
------------------------------
Date: Fri, 5 Mar 93 0:18:28 EST
From: Brinton Cooper <abc@BRL.MIL>
Subject: Credit Card Validation
We've all heard horror stories about how one person fraudulently
accessed another's credit card account (or utility account or phone
account, etc) and, with malice, altered or canceled service or
otherwise, posing as the customer, caused some change in the status of
the account.
Now, Citibank is asking (US Government employee) users of it's Diner's
club cards to supply them with validation info. When activating a new
(e.g., personal) account, changing address, or otherwise enquiring about
one's file, the caller may be asked to supply such information in order
to assure the credit company of the caller's legitimate identity.
Information requested is:
Name
Acccount #
Address
Date of Birth
Social Security Number (you were surprised, maybe?)
Mother's Maiden Name (My hospital asks for this one, too.)
Business and home phones
Other Diner's accounts to which this info applies.
Finally, you are asked if you would like "...to designate another
person to manage your account..."
On the one hand, this has the potential to expose what little privacy we
have left. On the other hand, one can argue that it protects us
from malicious persons. I don't yet know whether I shall comply.
_Brint
------------------------------
Date: Wed, 3 Mar 1993 14:26:58 EDT
From: LOVE%TEMPLEVM.BITNET@pucc.Princeton.EDU
Subject: GPO ACCESS - WINDO UPDATE
----------------------------Original message----------------------------
Taxpayer Assets Project
Information Policy Note
February 28, 1993
UPDATE ON WINDO/GATEWAY LEGISLATION
From: James Love <love@essential.org>
Re: GPO Access (Proposed legislation to replace GPO
WINDO/Gateway bills)
Note: the WINDO/GATEWAY bills from last Congress (HR
2772; S. 2813) would have provided one-stop-shopping
online access to federal databases and information
systems through the Government Printing Office (GPO),
priced at the incremental cost of dissemination for use
in homes and offices, and free to 1,400 federal
depository libraries).
Both the House and Senate are soon expected to introduce
legislation that would replace the GPO WINDO/GATEWAY bills that
were considered in the last Congress. According to Congressional
staff members, the bill will be called "GPO Access." The new
name (which may change again) was only one of many substantive
and symbolic changes to the legislation.
Since the bill is still undergoing revisions, may be possible (in
the next day or so) to provide comments to members of Congress
before the legislation is introduced.
The most important changes to the legislation concern the scope
and ambition of the program. While we had expected Congressional
democrats to ask for an even broader public access bill than were
represented by the WINDO (hr 2772) and Gateway (S. 2813) bills,
the opposite has happened. Despite the fact that the legislation
is no longer facing the threat of a Bush veto or an end of
session filibuster (which killed the bills last year), key
supporters have decided to opt for a decidedly scaled down bill,
based upon last year's HR 5983, which was largely written by the
House republican minority (with considerable input from the
commercial data vendors, through the Information Industry
Association (IIA)).
The politics of the bill are complex and surprising. The
decision to go with the scaled down version of the bill was
cemented early this year when representatives of the Washington
Office of the American Library Association (including ALA
lobbyist Tom Sussman) meet with Senator Ford and Representative
Rose's staff to express their support for a strategy based upon
last year's HR 5983, the republican minority's version of the
bill that passed the House (but died in the Senate) at the end of
last year's session. ALA's actions, which were taken without
consultation with other citizen groups supporting the
WINDO/GATEWAY legislation, immediately set a low standard for the
scope of this year's bill.
We were totally surprised by ALA's actions, as were many other
groups, since ALA had been a vigorous and effective proponent of
the original WINDO/GATEWAY bills. ALA representatives are
privately telling people that while they still hope for broader
access legislation, they are backing the "compromise bill," which
was publicly backed (but privately opposed) last year by IIA, as
necessary, to avoid a more lengthy fight over the legislation.
If the negotiations with the House and Senate republicans hold
up, the new bill will be backed by ranking Republicans on the
Senate Rules and House Administration Committees, and passed by
Congress on fast track consent calendars.
We only obtained a draft of the legislation last week, and it is
still a "work in progress." All changes must be approved by key
Republican members of Senate Rules and House Administration.
Gone from the WINDO/GATEWAY versions of the bill were any funding
(S. 2813 would have provided $13 million over two years) to
implement the legislation, and any findings which set out the
Congressional intent regarding the need to provide citizens with
broad access to most federal information systems. Also missing
are any references to making the online system available through
the Internet or the NREN.
WHAT THE GPO ACCESS BILL WILL DO (subject to further
changes)
1. Require the Government Printing Office (GPO) to provide
public online access to:
- the Federal Register
- the Congressional Record
- an electronic directory of Federal public information
stored electronically,
- other appropriate publications distributed by the
Superintendent of Documents, and
- information under the control of other federal
departments or agencies, when requested by the
department or agency.
2. Most users will pay user fees equal to the "incremental cost
of dissemination of the information." This is a very
important feature that was included in the WINDO/GATEWAY
legislation. At present many federal agencies, including
the National Technical Information Services (NTIS), make
profits on electronic information products and services.
Given the current federal government fiscal crisis, this
strong limit on online prices is very welcome.
3. The 1,400 member federal Depository Library Program will
have free access to the system, just as they presently have
free access to thousands of federal publications in paper
and microfiche formats. Issues to be resolved later are who
will pay for Depository Library Program telecommunications
costs, and whether or not GPO will use the online system to
replace information products now provided in paper or
microfiche formats.
WHAT THE GPO ACCESS BILL DOESN'T DO
- Provide any start-up or operational funding
- Require GPO to provide online access through the Internet
- The Gateway/WINDO bills would have given GPO broad authority
to publish federal information online, but the new bill
would restrict such authority to documents published by the
Superintendent of Documents (A small subset of federal
information stored electronically), or situations where the
agency itself asked GPO to disseminate information stored in
electronic formats. This change gives agencies more
discretion in deciding whether or not to allow GPO to
provide online access to their databases, including those
cases where agencies want to maintain control over databases
for financial reasons (to make profits).
- Language that would have explicitly allowed GPO to reimburse
agencies for their costs in providing public access was
eliminated in the new bill. This is a potentially important
issue, since many federal agencies will not work with GPO to
provide public access to their own information systems,
unless they are reimbursed for costs that they incur.
- S. 2813 and HR 2772 would have required GPO to publish an
annual report on the operation of the Gateway/WINDO and
accept and consider *annual* comments from users on a wide
range of issues. The new bill only makes a general
requirement that GPO "consult" with users and data vendors.
The annual notice requirement that was eliminated was
designed to give citizens more say in how the service
evolves, by creating a dynamic public record of citizen
views on topics such as the product line, prices, standards
and the quality of the service. Given the poor record of
many federal agencies in dealing with rapidly changing
technologies and addressing user concerns, this is an
important omission.
- The WINDO/GATEWAY bills would have required GPO to address
standards issues, in order to simplify public access. The
new bill doesn't raise the issue of standards.
OTHER POLITICAL CONSIDERATIONS
Supporters of a quick passage of the scaled down GPO Access
legislation are concerned about a number of budget, turf and
organizational issues. Examples are:
- Congress is considering the elimination of the Joint
Committee on Printing, which now has oversight of GPO.
- There are proposals to break-up GPO or to transfer the
entire agency to the Executive Branch, which would slow down
action on the online program, and may reduce the federal
support for the Federal Depository Library Program, or lead
to a different (and higher) pricing policy.
- The National Technical Information Service (NTIS) opposes an
important role by GPO in the delivery of online services,
since NTIS wants to provide these services at unconstrained
prices.
It does not appear as though the Clinton/Gore Administration has
had much input on the GPO Access legislation, which is surprising
since Vice President Gore was the prime sponsor of the GPO
Gateway to Government (S. 2813) bill last year. (Michael Nelson
will reportedly be moving from the Senate Commerce Committee to
the White House to be working on these and related information
policy issues.)
Even the scaled down GPO Access bill will face opposition.
According to House republicans, despite IIA's low key public
pronouncements, the vendor trade group "hates" the bill.
Opposition from NTIS is also anticipated.
TAXPAYER ASSETS PROJECT VIEW
We were baffled and disappointed the decision of ALA and Congress
to proceed with a scaled down version of last year's bills. We
had hoped that the election of the Clinton/Gore administration
and the growing grass roots awareness of public access issues
would lead to a stronger, rather than a weaker, bill. In our
view, public expectations are rapidly rising, and the burden is
now on Congress and the Administration to break with the past and
take public access seriously. The GPO Access legislation
provides incremental benefits over the status quo, but less than
might seem.
- The statutory mandate to provide online services is useful,
but public access proponents have always argued that GPO
already has the authority to create the WINDO/GATEWAY under
the current statutes. In fact, GPO now offers hundreds of
CD-ROM titles and the online GPO Federal Bulletin Board, a
service that could (and should) be greatly expanded.
- The three products that the GPO Access bill refers to are
already online or under development GPO. GPO is now working
on the development of a locator system and an online version
of the Federal Register, and the Congressional Record is
already online in the Congressional LEGIS system -- a system
that is presently closed to the public, and which is not
mentioned in the GPO Access bill.
- The "incremental cost of dissemination" provision of the new
bill is welcome, but GPO is already limited to prices that
are 150 percent of dissemination costs.
Several suggestions to strengthen last year's bills were ignored.
Among them:
- Expand the initial core products to include other online
information systems that are already under the control of
congress, such as the Federal Elections Commission (FEC)
online database of campaign contributions, the House LEGIS
system which provides online access to the full text of all
bills before Congress, or the Library of Congress Scorpio
system.
- Create a special office of electronic dissemination in GPO.
At present, GPO's electronic products and services are
managed by Judy Russell, who is capable, but who is also
responsible for managing the primarily paper and microfiche
based federal Depository Library Program, a time consuming
and complicated job. We believe that GPO's electronic
dissemination program is important enough to warrant its own
director, whose career would depend upon the success of the
electronic dissemination program.
The GPO Access bills will be considered by the following
Congressional Committees:
Senate Committee on Rules and Administration 202/224-6352
Chair, Senator Wendell Ford
Ranking Minority, Senator Ted Stevens
House Committee on House Administration 202/225-225-2061
Chair, Representative Charlie Rose
Ranking Minority, Representative Bill Thomas
=================================================================
James Love v. 215/658-0880
Taxpayer Assets Project f. 215/649-4066
12 Church Road internet love@essential.org
Ardmore, PA 19003
=================================================================
------------------------------
End of PRIVACY Forum Digest 02.07
************************
