TUCoPS :: Privacy :: priv_207.txt

Privacy Digest 2.07 3/6/93


PRIVACY Forum Digest     Saturday, 6 March 1993     Volume 02 :
Issue 07

         Moderated by Lauren Weinstein (lauren@cv.vortex.com)
                Vortex Technology, Topanga, CA, U.S.A.
     
                     ===== PRIVACY FORUM =====

       The PRIVACY Forum digest is supported in part by the 
           ACM Committee on Computers and Public Policy.


CONTENTS
     PRIVACY Forum materials now available via Gopher
        (Lauren Weinstein; PRIVACY Forum Moderator)
     Telephone numbers vs reverse directories (A. Padgett Peterson)
     Blocking CallerID (Gregg A. TeHennepe)
     Privacy of Poilice Records (Rasch@DOCKMASTER.NCSC.MIL)
     Information America (Larry Seiler)
     Re: Information America (John Pettitt)
     Should the information industry be consentual? (Larry Seiler)
     Re: Should the information industry be consentual? (John
Pettitt)
     Forwarding: Comments on the Clinton Technology Policy 
        (Sarah M. Elkins)
     Credit Card Validation (Brinton Cooper)
     GPO Access - WINDO Update (James Love)


 *** Please include a RELEVANT "Subject:" line on all submissions!
***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------
------------
The PRIVACY Forum is a moderated digest for the discussion and
analysis of
issues relating to the general topic of privacy (both personal and
collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their
relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@cv.vortex.com" and
must have
RELEVANT "Subject:" lines.  Submissions without appropriate and
relevant
"Subject:" lines may be ignored.  Subscriptions are by an automatic
"listserv" system; for subscription information, please send a
message
consisting of the word "help" (quotes not included) in the BODY of
a message
to: "privacy-request@cv.vortex.com".  Mailing list problems should
be
reported to "list-maint@cv.vortex.com".  All submissions included
in this
digest represent the views of the individual authors and all
submissions
will be considered to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and
all
related materials, is available via anonymous FTP from site
"cv.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or
"anonymous", and
enter your e-mail address as the password.  The typical "README"
and "INDEX"
files are available to guide you through the files available for
FTP
access.  PRIVACY Forum materials may also be obtained automatically
via
e-mail through the listserv system.  Please follow the instructions
above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used
to access
the PRIVACY Forum archive.  All PRIVACY Forum materials are also
available through the Internet Gopher system via a gopher server on
site "cv.vortex.com".

For information regarding the availability of this digest via FAX,
please
send an inquiry to privacy-fax@cv.vortex.com, call (310) 455-9300,
or FAX
to (310) 455-2364.
-----------------------------------------------------------------
------------

VOLUME 02, ISSUE 07

   Quote for the day:

     "Knowledge is Good."

          -- Emil Faber (Faber College Slogan)
             "National Lampoon's Animal House" (1978)

-----------------------------------------------------------------
-----

Date:    Sat, 6 Mar 93 19:28 PST
From:    lauren@cv.vortex.com (Lauren Weinstein; PRIVACY Forum
Moderator)
Subject: PRIVACY Forum materials now available via Gopher

Greetings.  I'm pleased to announce that all PRIVACY Forum
materials
(including back issues and all other archival materials) are now 
available via the Internet Gopher system, via a gopher server here
on site "cv.vortex.com".  Gopher administrators should feel free
to set up links to the cv.vortex.com gopher server as desired.

--Lauren--

------------------------------

Date:    Sat, 20 Feb 93 09:31:28 -0500
From:    padgett@tccslr.dnet.mmc.com (A. Padgett Peterson)
Subject: Telephone numbers vs reverse directories

>From:    rogue@mica.berkeley.edu (Brett Glass)
>Subject: Numbers and Addresses (Subject field supplied by
MODERATOR)

>Mr. Peterson might be interested in knowing that getting an
>unlisted phone number, or excluding one's address from the
>telephone book, in no way impedes marketers armed with a phone
>number who wish to obtain your name and address. Several
>commercial "matching" services now exist which use data from
>magazine subscriber lists, business customer databases, and other
>pools of personal data -- many of which include phone numbers.

Guess the bottom lime is "never trust a single layer", in my case
the
second layer is a PO Box which is used for billing & commercial 
transactions.

A final suggestion is the use of "canary traps" - creative
mispellings
of your name for different uses - to pinpoint what list information
was garnered from. Finally a question: what happens when a
marketeer
gets multiple hits for the same name/number ? (different zip codes
& cities
even 8*).

Coolish today but we Floridians know what to do when it drops into
the 50s,

                         Padgett

------------------------------

Date:    Tue, 23 Feb 93 09:52:04 -0500
From:    gateh@mvax.cc.conncoll.edu (Gregg A. TeHennepe)
Subject: blocking CallerID

CallerID is beginning to be implemented in the state of CT, and so,
being a reader of this forum as well as RISKs, it was with some
interest that I read the SNET's insert in my bill regarding the
service.  They provided little stickers with the key sequence to
block on a per call basis, which I thought was handy, but what
really surprised me was the policy regarding default ID blocking.
Perhaps Privacy readers can let me know if this is unusual or not.

The policy stated that, for a $1.00 a month fee, you could have
your
number blocked on all calls, *providing you completed a sworn and
notorized affadavit to the effect that the CallerID feature was a
threat to your personal sercurity*!  I can understand charging a
service fee for such a service, but to restrict access to the
service in such a manner seems thoroughly unreasonable to me.  If
I
can block on a per call basis, why should I not be able to pay to
have blocking as a default?  

Personally I'm not all that concerned about the policy since I use
the phone very little and will use the per call blocking feature
when I need to (and that will probably be rarely).  I am a little
worried by the apparent reasoning behind the policy, tho, which
seems not to be oriented in the interest of the customer.

Cheers   - Gregg

Gregg TeHennepe | Comp & Info Services | Internet:
gateh@mvax.cc.conncoll.edu
Post/Hostmaster | Connecticut College  | BITNET/CREN:
gateh@conncoll

------------------------------

Date:    Wed, 24 Feb 93 10:50 EST
From:    Rasch@DOCKMASTER.NCSC.MIL
Subject: Privacy of Police Records

I am working on a project involving issues of personal privacy
and police and motor vehicle records.  Specifically, a question
has been raised about the legality of a private group which
publishes newsletters and periodicals obtaining police reports,
criminal history records, and licence plate checks from
"friendly" law enforcement sources.  I understand that this is a
question of state law in most states.  Can anyone advise where I
might find a compendium of state privacy statutes which would
cover the question of whether it it illegal to receive such
information?

------------------------------

Date:    Thu, 25 Feb 93 14:13:11 EST
From:    "Larry Seiler, x223-0588, MLO5-2  25-Feb-1993 1307"
      <seiler@rgb.enet.dec.com>
Subject: Information America

A posting in the RISKS DIGEST 14.34 describes the "Information
America"
dial-in service: customers (paralegals and other investigators)
dial
in to obtain information about a named individual, the owner of a 
specified telephone number, and so forth.  The database covers 111M
Americans, 80M households, and 61M telephone numbers.  According to
the RISKS posting (derived from an article in Mondo), IA can trace
people 
who have moved, and can provide current address/phone, lists of
neighbors, 
and "personal profiles".  I presume that the "personal profiles"
are the 
sort of information that Lotus' Household Database CD would have
provided:  
estimated income, buying habits, and other (sometimes speculative)
data.

A posting by John Pettitt in RISKS DIGEST 14.35 contains the
following 
statement regarding IA's personal search/profile services:

> As to the other services they provide, what is the problem ?  We
live in an
> information society.  If you don't want people using and tracking
information,
> don't give it to them (i.e., go live some place where there are
no phones or
> credit cards).
> 
> [ P.S. I am CEO of a direct response marketing company so I'm
biased :-) ]

I find the above highly disturbing.  The poster seems to imply that
if I
use a phone or a credit card, it gives those in the data business
a right
to use that data in any way they see fit.  That's like saying that
those 
who don't like peeping toms should live in houses without windows.

I don't buy the argument that using a credit card gives anyone the
right to 
sell information about what I purchased.  I don't accept that
applying for
a loan gives a bank the right to sell data about my income.  I
personally
don't care who knows where I live, but others do, and I believe
they should
have a right to privacy (if they are not charged with violating the
law).

I wonder how or if Mr. Pettit's own business would change if people
*knew* 
how information about them was being used and could stop it if they
didn't 
like it.  Perhaps most people wouldn't object to his company's
activities.
In that case, why not support those who want data privacy? 
However, if a 
right to data privacy would impact his business, that raises other
questions.
Such as, why is his business more important than a right to
privacy?

     Sincerely,
     Larry Seiler

PS:  I get about 4 unsolicited catalogs a day, plus numerous offers
of
loans and investments from people who apparently know more about my
finances than I ever publicly disclose.  So perhaps I too am
biased.  :-)
However, for me unsolicited mail is not the problem -- the
exchanging 
of data about me that I consider to be my property is the problem!

------------------------------

Date:    Thu, 25 Feb 93 12:54:22 PST
From:    John Pettitt <jpettitt@well.sf.ca.us>
Subject: Re: Information America

In reply to a posting I made to RISKS Lary Seiler writes:
> I find the above highly disturbing.  The poster seems to imply
that if I
> use a phone or a credit card, it gives those in the data business
a right
> to use that data in any way they see fit.  That's like saying
that those 
> who don't like peeping toms should live in houses without
windows.
> 
> I don't buy the argument that using a credit card gives anyone
the right to 
> sell information about what I purchased.  I don't accept that
applying for
> a loan gives a bank the right to sell data about my income.  I
personally
> don't care who knows where I live, but others do, and I believe
they should
> have a right to privacy (if they are not charged with violating
the law).

Well maybe it's an extreme analogy but the basic issues is that
it's not
possible to control the flow of information.  Attempts to do so
limit
the availablilty of information to those with money (=power).  The
current
CLID debacle in california is a classic of this problem.  (big guys
have ANI
on 800 numbers - small guys dont have caller ID).

On the specific isue of credit card sales info.  Selling that
information
gives citibank and amex an additional revenue stream and a
protential price
advantage.  In a free market if you think you can charge more for
a credit card
that does not sell information and you can find customers then good
luck
to you.   If you sign a loan form that says they will report to
credit 
agencies then you have accepted the distribution of that
information.
If you don't like it find another bank.  

Now as it happens all banks report, I suspect this is due to the
lack of
a free market in banking.  They have a duty to minimize risk which
they 
do by sharing information.  What would you like - safe savings or
privacy
you can't have both under the current system.

As to my buisness - well if I could not sell data I would have to
put
up my prices for products.   

In general business advantage comes from having more and more
accurate
information that the next guy.  This has been true since the pony
express
and or clipper ships.  The faster you can respond to a market the
more money
you make.  This is what makes the economy go round.    Ristrict the
flow
of information and you restrict buisiness and reduce the GDP, tax
base
and ability to fund all the things government already has it's
fingers
into.

What bad thing is going to happen to you if information on your
spending 
habbits, income and phone calls is globaly available ?  (and why
has it not already happened since most of this IS available for a
price).

John
(Taking an extreme view to provoke thought and question assuptions)

------------------------------

Date:    Thu, 25 Feb 93 17:23:18 EST
From:    "Larry Seiler, x223-0588, MLO5-2  25-Feb-1993 1717" 
      <seiler@rgb.enet.dec.com>
Subject: Should the information industry be consentual?

Continuing the public discussion with John Pettitt...

The real world is far too complex for extreme positions to be
viable.
I do not propose that we should shut down the information exchange
business -- I propose that it should be recast on a "disclosure and
consent" basis:  every form that requests "personal information"
would 
have to disclose how that information might be used, and consent
would 
have to be solicited for any use other than by the business that
collected
it for purposes related to the reason it was collected.  This could
be
very simple -- e.g. a line of fine print about how the data will be
sold
and a box to check to withold permission.  Most people would
probably
allow the information to be sold -- especially if it saved them
some
money.  At present, as John notes, nobody has a choice about it.

The above paragraph refers to "personal information" without
defining
the term.  This is deliberate, because I don't want to rathole on
the
details of what is personal and therefore deserving of privacy
protections.  
I claim that SOME data is personal -- for example income.  At
present, only 
credit data has any restrictions on its exchange, and those
restrictions 
come to very little in practice.  After all, anyone with a
"business need 
to know" and my SS# can look at my credit report, without my
knowledge.


Now, about the extreme view that John takes to provoke thought. 
Here are 
some extreme views of my own to spark some thought in the other
direction.

One of John's arguments is that business is more efficient if there
is
free and arbitrary flow of information.  Well, an absolute
dictatorship
is the most efficient form of government.  I don't accept
efficiency as 
the sole grounds for judging whether a social system is good.  I
don't
accept that an efficient system has to be non-consentual, either.

Another of John's arguments is that if trying to restrict the flow
of
information simply limits it to those with money (=power).  There
are
a huge variety of crimes that can be pretty freely indulged in by
those with money and power -- the S&L crisis is one example.  That
doesn't make me think that we should give equal opportunities to
all.

John argues that those who don't want their credit card data
revealed
should use a credit card company that doesn't do that.  Of course,
there are none, nor are there any credit card companies that even
inform their customers that they sell data.  If it's so reasonable
to
sell the information, why don't they tell people that they do it?

John argues that the banking industry has a duty to minimize risk
and
that's why they report.  Not true!  Minimizing risk requires
*obtaining*
information, not *selling* it.  I am happy to grant my bank
permission
to investigate my finances -- and to grant John's company
permission to 
provide the bank with any relevant information it may have.  It is
the
releasing of this information WITHOUT MY CONSENT that I object to.
The bank is free to deny my loan if I won't let them check up on
me.
And by the way, the loan form DOES NOT say that they will report my

answers, it just says they'll *check* my answers.  If they sell my
answers, they do it without my permission and without informing me.

John says that it's unfair for the big guys to have ANI on 800
number
calls, when the small guys can't use caller ID.  I agree --
California
should cause caller ID blocking to block ANI on 800 and 900 calls,
too!

John says that if he could not sell data then he would have to
raise
the prices for his products.  OK, but does he disclose to customers
that he sells the data?  Many people would be happy to take the
lower
prices, but some would not.  At present, *nobody* has a choice.


And finally, what bad thing is going to happen to me if information
on my spending, income, and phone calls is globally available?  The
mind boggles.  To start with, inaccurate information can cause a
great deal of damage.  Credit databases (for example) have been
shown
to have errors for as many as half of the people -- and serious
errors
for as many as 30%.  Who knows how many errors the "personal
profile"
databases have?  Unlike credit reports, you can't find out what
they say 
about you, except indirectly.  No, I wasn't hurt when somebody
entered
"Jewish" into some database somewhere and I started getting
catalogs 
of Passover supplies and letters about voting for senators who are
friends of Israel.  But there are many cases of people being denied
loans, being thrown off welfare roles, or losing their jobs due to
errors in the databases.  Funny, when a computer database
contradicts
something a human being says, most people consider the human guilty
until convincingly proven innocent.  Many won't even listen to
evidence that the computer database might be wrong.  

But beyond that, there's something more fundamental.  People
peeking 
into my private business are like people standing on my porch and
peeking in my windows.  Why should I have to prove that I was hurt
or might be hurt?  Privacy is now considered to be a
consitutionally
guaranteed right (yes, I know the constitution doesn't use the word
"privacy").  Why does the "information age" compel us all to give
it up?
Why can't people have a choice about what privacy to give up?  If
the
economic advantages of surrendering privacy are so great, then most
people will go for it.  If the advantages are so clear, why is the 
information industry afraid to tell their customers what they are
doing 
with personal data or to offer any choices?

     Enjoy,
     Larry

PS -- No offense meant and none taken, I hope!  I feel that this is
an
important issue and deserves vigorous discussion.  Thanks for your
replies.

------------------------------

Date:    Thu, 25 Feb 93 15:32:59 PST
From:    John Pettitt <jpettitt@well.sf.ca.us>
Subject: Re: Should the information industry be consentual?

Continuing the public discussion with Larry
> 
> The real world is far too complex for extreme positions to be
viable.

Agreed.  

In fact I agree with much of what Larry says.  I submit that he has
yet to 
prove a case where free flow of _accurate_ information has caused
a problem.
Bad information is to nobodys advantage - it is worse than no
information and
has no commercial value.  

I would submit that a dictatorship is anything but efficent -
competition 
makes things work well.  I agree that information disclosure should
be
dragged out from under the rock.  As to some sort of required
request law
well that is an interesting issue in itself.  I would welcome a
neutral
law (one that did not default private) as it would allow me to
pre-screen
the potential customers and improve my hit rate.  

I do think the bedroom window analogy is rather extreme and
emotive.  

On the ANI issue - I I am paying for a service (an 800 #) then I
want to
know that I am getting (I.E. where the call came from).  Second if
you
want to break my evening by inging a bell in my house I wan't the
electronic
peep hole (Caller ID) to see who you are before I talk to you. 
These are 
both reasonable in a free world.

Data collection and trading is going to happen no matter what -
even if it
moves off shore (a silly concept in the digital age).  The sooner
we face
the reality and establish norms, conventions and taboos regarding
data
the better.  A start would be to:

1) don't restrict the free flow of _accurate_ data
2) establish clear, enforced methods of trcking data
3) make provision for reaonable penalties for selling inaccurate
data

(#3 depends on getting the tort system under control - another of
my
pet subjects :-)

The problem with all this it is completly impossible to enforce. 
Look
at the UK "Data Protection Act" for an example of a law that is
ignored
by one and all and exempts the databases that can do real harm (law
enforcement).

If you can find a real case of harm by accurate information used
lawfully
and a way of enforcing privacy I would be happy to look at it.

John
No offence taken - I like a good argument, that why I read USENET
;-)

     [ I've suggested to John and Larry that they continue
       their discussion in private for now to encourage other
       readers to enter into the discussion. -- MODERATOR ]

------------------------------

Date:    Mon, 1 Mar 1993 13:43:47 PST
From:    Sarah_M._Elkins.Wbst139@xerox.com
Subject: forwarding: comments on the Clinton Technology Policy

I thought these comments from the sci-tech-studies distribution
might be of
interest.  Forwarded with permission.

Regards,

- Sarah (elkins.wbst139@xerox.com)

        
----------------------------------------------------------------

Sender: sci-tech-studies-relay@ucsd:edu:Xerox
Date: 28 Feb 93 13:15:14 EST (Sunday)
Subject: Clinton Technology Policy
From: wpg@ethics.med.pitt
To: sci-tech-studies@ucsd

This is a comment on the technology policy statement announced by
Clinton and Gore on 2/22/93.  The policy inititiatives include the
substance of the National High Performance Computer Technology Act
that Gore had previously sponsored in the Senate (e.g., S. 1067 in
the
101st Congress).  Central to that act and the new initiative is the
National Research and Education Network (NREN), a plan to increase
the
bandwidth of the internet and develop software for its utilization. 
I
am concerned that the technology policy does not adequately address
privacy or other concerns about the social implications of
computing,
including concerns raised by its proposed initiatives.

In the hearings on the High Performance Computing Act, medical
informatics was one of the applications envisioned for the NREN. 
It's
also part of the Clinton technology policy.  The (brief) discussion
of
medicine in the 2/22 statement is interesting:

         "This information infrastructure -- computers, computer
data
  banks, fax machines, telephones, and video displays -- has as its
  lifeline a high-speed fiber-optic network capable of transmitting
  billions of bits of information in a second....
        "The computing and networking technology that makes this
  possible is improving at an unprecedented rate, expanding both
our
  imaginations for its use and its effectiveness.  Through these
  technologies, a doctor who needs a second opinion could transmit
a
  patient's entire medical record -- x-rays and ultrasound scans
  included -- to a colleague thousands of miles away, in less time
  than it takes to send a fax today."

Well, imagine that ("Hey Sue, lookit chromosome 17 on this guy from
the Farber! 20 bucks at 7 / 5 sez he's malignant in 5 years.  Bet
he
hopes his insurer never sees this, har har.").  Without having any
expertise here, I find it plausible that network consults using
computerized medical records would have many benefits for patients.
But it's also clear that implementing a network-mediated record
system
that provided secure confidentiality would be a challenging
engineering task.  I mean social as well as computer engineering,
it's
the communication among people that is problematic here.

I find much to like in the technology policy.  Unfortunately, I see
little evidence that privacy has been a priority in the current
policy
or the former High Performance Computing Act.  I would appreciate
hearing from others whether the policy adequately covers other
aspects
of socially responsible computing.  The technology policy ought to
include a statement of ethics concerning computerized information. 
I
also believe that the NREN should follow the example of the NIH's
Human Genome Project, which devotes 5% of its research budget to a
program for studies of the Ethical, Legal, and Social Implications
of
human genetic research.

--
 [][][][][][][][][][][][]   William Gardner  
[][][][][][][][][][][][][][][]
 []   /_   o / /  Psychiatry Dept, School of Medicine     
412-681-1102   []
 []  /__) / / /       University of Pittsburgh  
wpg@ethics.med.pitt.edu  []
 [][][][][][][][][][]    Pittsburgh, PA 15213  [][][] 
FAX:412-624-0901 [][]

------------------------------

Date:    Fri, 5 Mar 93 0:18:28 EST
From:    Brinton Cooper <abc@BRL.MIL>
Subject: Credit Card Validation

We've all heard horror stories about how one person fraudulently
accessed another's credit card account (or utility account or phone
account, etc) and, with malice, altered or canceled service or
otherwise, posing as the customer, caused some change in the status
of
the account.

Now, Citibank is asking (US Government employee) users of it's
Diner's
club cards to supply them with validation info.  When activating a
new
(e.g., personal) account, changing address, or otherwise enquiring
about
one's file, the caller may be asked to supply such information in
order
to assure the credit company of the caller's legitimate identity.
Information requested is:

     Name
     Acccount #
     Address
     Date of Birth
     Social Security Number (you were surprised, maybe?)
     Mother's Maiden Name (My hospital asks for this one, too.)
     Business and home phones
     Other Diner's accounts to which this info applies.

Finally, you are asked  if you would like "...to designate another
person to manage your account..."

On the one hand, this has the potential to expose what little
privacy we
have left.  On the other hand, one can argue that it protects us
from malicious persons.  I don't yet know whether I shall comply.

_Brint

------------------------------

Date:    Wed, 3 Mar 1993 14:26:58 EDT
From:    LOVE%TEMPLEVM.BITNET@pucc.Princeton.EDU
Subject: GPO ACCESS - WINDO UPDATE

    ----------------------------Original
message----------------------------

Taxpayer Assets Project
Information Policy Note
February 28, 1993

               UPDATE ON WINDO/GATEWAY LEGISLATION

From:     James Love <love@essential.org>
Re:       GPO Access (Proposed legislation to replace GPO
          WINDO/Gateway bills)

          Note: the WINDO/GATEWAY bills from last Congress (HR
          2772; S. 2813) would have provided one-stop-shopping
          online access to federal databases and information
          systems through the Government Printing Office (GPO),
          priced at the incremental cost of dissemination for use
          in homes and offices, and free to 1,400 federal
          depository libraries).

Both the House and Senate are soon expected to introduce
legislation that would replace the GPO WINDO/GATEWAY bills that
were considered in the last Congress.  According to Congressional
staff members, the bill will be called "GPO Access."  The new
name (which may change again) was only one of many substantive
and symbolic changes to the legislation.

Since the bill is still undergoing revisions, may be possible (in
the next day or so) to provide comments to members of Congress
before the legislation is introduced.

The most important changes to the legislation concern the scope
and ambition of the program.  While we had expected Congressional
democrats to ask for an even broader public access bill than were
represented by the WINDO (hr 2772) and Gateway (S. 2813) bills,
the opposite has happened.  Despite the fact that the legislation
is no longer facing the threat of a Bush veto or an end of
session filibuster (which killed the bills last year), key
supporters have decided to opt for a decidedly scaled down bill,
based upon last year's HR 5983, which was largely written by the
House republican minority (with considerable input from the
commercial data vendors, through the Information Industry
Association (IIA)).

The politics of the bill are complex and surprising.  The
decision to go with the scaled down version of the bill was
cemented early this year when representatives of the Washington
Office of the American Library Association (including ALA
lobbyist Tom Sussman) meet with Senator Ford and Representative
Rose's staff to express their support for a strategy based upon
last year's HR 5983, the republican minority's version of the
bill that passed the House (but died in the Senate) at the end of
last year's session.  ALA's actions, which were taken without
consultation with other citizen groups supporting the
WINDO/GATEWAY legislation, immediately set a low standard for the
scope of this year's bill.

We were totally surprised by ALA's actions, as were many other
groups, since ALA had been a vigorous and effective proponent of
the original WINDO/GATEWAY bills.  ALA representatives are
privately telling people that while they still hope for broader
access legislation, they are backing the "compromise bill," which
was publicly backed (but privately opposed) last year by IIA, as
necessary, to avoid a more lengthy fight over the legislation.
If the negotiations with the House and Senate republicans hold
up, the new bill will be backed by ranking Republicans on the
Senate Rules and House Administration Committees, and passed by
Congress on fast track consent calendars.

We only obtained a draft of the legislation last week, and it is
still a "work in progress."  All changes must be approved by key
Republican members of Senate Rules and House Administration.

Gone from the WINDO/GATEWAY versions of the bill were any funding
(S. 2813 would have provided $13 million over two years) to
implement the legislation, and any findings which set out the
Congressional intent regarding the need to provide citizens with
broad access to most federal information systems.  Also missing
are any references to making the online system available through
the Internet or the NREN.


     WHAT THE GPO ACCESS BILL WILL DO (subject to further
     changes)

1.   Require the Government Printing Office (GPO) to provide
     public online access to:

     -    the Federal Register
     -    the Congressional Record
     -    an electronic directory of Federal public information
               stored electronically,
     -    other appropriate publications distributed by the
               Superintendent of Documents, and
     -    information under the control of other federal
               departments or agencies, when requested by the
               department or agency.

2.   Most users will pay user fees equal to the "incremental cost
     of dissemination of the information."  This is a very
     important feature that was included in the WINDO/GATEWAY
     legislation.  At present many federal agencies, including
     the National Technical Information Services (NTIS), make
     profits on electronic information products and services.
     Given the current federal government fiscal crisis, this
     strong limit on online prices is very welcome.

3.   The 1,400 member federal Depository Library Program will
     have free access to the system, just as they presently have
     free access to thousands of federal publications in paper
     and microfiche formats.  Issues to be resolved later are who
     will pay for Depository Library Program telecommunications
     costs, and whether or not GPO will use the online system to
     replace information products now provided in paper or
     microfiche formats.


     WHAT THE GPO ACCESS BILL DOESN'T DO

-    Provide any start-up or operational funding

-    Require GPO to provide online access through the Internet

-    The Gateway/WINDO bills would have given GPO broad authority
     to publish federal information online, but the new bill
     would restrict such authority to documents published by the
     Superintendent of Documents (A small subset of federal
     information stored electronically), or situations where the
     agency itself asked GPO to disseminate information stored in
     electronic formats.  This change gives agencies more
     discretion in deciding whether or not to allow GPO to
     provide online access to their databases, including those
     cases where agencies want to maintain control over databases
     for financial reasons (to make profits).

-    Language that would have explicitly allowed GPO to reimburse
     agencies for their costs in providing public access was
     eliminated in the new bill.  This is a potentially important
     issue, since many federal agencies will not work with GPO to
     provide public access to their own information systems,
     unless they are reimbursed for costs that they incur.

-    S. 2813 and HR 2772 would have required GPO to publish an
     annual report on the operation of  the Gateway/WINDO and
     accept and consider *annual* comments from users on a wide
     range of issues.  The new bill only makes a general
     requirement that GPO "consult" with users and data vendors.
     The annual notice requirement that was eliminated was
     designed to give citizens more say in how the service
     evolves, by creating a dynamic public record of citizen
     views on topics such as the product line, prices, standards
     and the quality of the service.  Given the poor record of
     many federal agencies in dealing with rapidly changing
     technologies and addressing user concerns, this is an
     important omission.

-    The WINDO/GATEWAY bills would have required GPO to address
     standards issues, in order to simplify public access.  The
     new bill doesn't raise the issue of standards.


     OTHER POLITICAL CONSIDERATIONS

Supporters of a quick passage of the scaled down GPO Access
legislation are concerned about a number of budget, turf and
organizational issues.  Examples are:

-    Congress is considering the elimination of the Joint
     Committee on Printing, which now has oversight of GPO.

-    There are proposals to break-up GPO or to transfer the
     entire agency to the Executive Branch, which would slow down
     action on the online program, and may reduce the federal
     support for the Federal Depository Library Program, or lead
     to a different (and higher) pricing policy.

-    The National Technical Information Service (NTIS) opposes an
     important role by GPO in the delivery of online services,
     since NTIS wants to provide these services at unconstrained
     prices.


It does not appear as though the Clinton/Gore Administration has
had much input on the GPO Access legislation, which is surprising
since Vice President Gore was the prime sponsor of the GPO
Gateway to Government (S. 2813) bill last year.  (Michael Nelson
will reportedly be moving from the Senate Commerce Committee to
the White House to be working on these and related information
policy issues.)

Even the scaled down GPO Access bill will face opposition.
According to House republicans, despite IIA's low key public
pronouncements, the vendor trade group "hates" the bill.
Opposition from NTIS is also anticipated.


TAXPAYER ASSETS PROJECT VIEW

We were baffled and disappointed the decision of ALA and Congress
to proceed with a scaled down version of last year's bills.  We
had hoped that the election of the Clinton/Gore administration
and the growing grass roots awareness of public access issues
would lead to a stronger, rather than a weaker, bill.  In our
view, public expectations are rapidly rising, and the burden is
now on Congress and the Administration to break with the past and
take public access seriously.  The GPO Access legislation
provides incremental benefits over the status quo, but less than
might seem.

-    The statutory mandate to provide online services is useful,
     but public access proponents have always argued that GPO
     already has the authority to create the WINDO/GATEWAY under
     the current statutes.   In fact, GPO now offers hundreds of
     CD-ROM titles and the online GPO Federal Bulletin Board, a
     service that could (and should) be greatly expanded.

-    The three products that the GPO Access bill refers to are
     already online or under development GPO.  GPO is now working
     on the development of a locator system and an online version
     of the Federal Register, and the Congressional Record is
     already online in the Congressional LEGIS system -- a system
     that is presently closed to the public, and which is not
     mentioned in the GPO Access bill.

-    The "incremental cost of dissemination" provision of the new
     bill is welcome, but GPO is already limited to prices that
     are 150 percent of dissemination costs.


Several suggestions to strengthen last year's bills were ignored.
Among them:

-    Expand the initial core products to include other online
     information systems that are already under the control of
     congress, such as the Federal Elections Commission (FEC)
     online database of campaign contributions, the House LEGIS
     system which provides online access to the full text of all
     bills before Congress, or the Library of Congress Scorpio
     system.

-    Create a special office of electronic dissemination in GPO.
     At present, GPO's electronic products and services are
     managed by Judy Russell, who is capable, but who is also
     responsible for managing the primarily paper and microfiche
     based federal Depository Library Program, a time consuming
     and complicated job.  We believe that GPO's electronic
     dissemination program is important enough to warrant its own
     director, whose career would depend upon the success of the
     electronic dissemination program.


The GPO Access bills will be considered by the following
Congressional Committees:

Senate Committee on Rules and Administration  202/224-6352
     Chair, Senator Wendell Ford
     Ranking Minority, Senator Ted Stevens

House Committee on House Administration 202/225-225-2061
     Chair, Representative Charlie Rose
     Ranking Minority, Representative Bill Thomas

=================================================================
James Love                              v.   215/658-0880
Taxpayer Assets Project                 f.   215/649-4066
12 Church Road                     internet  love@essential.org
Ardmore, PA  19003
=================================================================

------------------------------

End of PRIVACY Forum Digest 02.07
************************


 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH