|
PRIVACY Forum Digest Sunday, 10 October 1993 Volume 02 : Issue 32 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy. CONTENTS Personal Privacy vs. the "Digital Detective"? [long] (Lauren Weinstein; PRIVACY Forum Moderator) Key Escrow Panel at 16th NCSC (Tom Zmudzinski) Breaking DES (A. Padgett Peterson) DMV vs. Loss of Consciousness (Mel Beckman) Justice Department Issues New FOIA Policy (Lauren Weinstein; PRIVACY Forum Moderator) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. ALL submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All submissions included in this digest represent the views of the individual authors and all submissions will be considered to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are also available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". For information regarding the availability of this digest via FAX, please send an inquiry to privacy-fax@vortex.com, call (818) 225-2800, or FAX to (818) 225-7203. ----------------------------------------------------------------------------- VOLUME 02, ISSUE 32 Quote for the day: "We want information." -- "Number 2" (various actors) "The Prisoner" (1968-1969) ---------------------------------------------------------------------- Date: Sun, 10 Oct 93 16:52 PDT From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Personal Privacy vs. the "Digital Detective"? Greetings. This is going to be a somewhat complex message, but I feel that it's an important one, so please try to bear along with me. Also, I must ask that anyone who wishes to forward any information from this message please forward the entire message and keep it intact and complete with all attributions--any further excerpting from this material could be extremely confusing, to say the least. A few days ago, in my capacity as PRIVACY Forum moderator, I received an e-mail submission from Patrick Townson, politely asking if I would consider publishing it in the digest. (Pat is moderator of the TELECOM digest; we have various communications regarding digest matters from time to time.) The submission was essentially an ad promoting a new service he is offering. I informed him that my policy is not to run ads, though particular products and services may be mentioned in the context of informational or discussion messages submitted to the Forum. However, the particular ad in question is potentially of significant importance to readers of PRIVACY Forum, and brings to a sharp focus a number of issues which we've had bouncing around for sometime, with seemingly little action. So, I asked for and received permission from Pat to publish excerpts from his ad, as well as excerpts from our private communications that occurred after I read his original submission. I've attempted to keep these excerpts in context, and I'll have additional comments as we go along. Once again, I'm sorry about the complexity of this message. ---- EXCERPTED MATERIAL BEGINS BELOW. Omitted material is indicated by "..." in the text. The original complete message was widely distributed on Usenet, as indicated by the "Newsgroups" field below. *************** From: ptownson@telecom.chi.il.us Newsgroups: comp.society.privacy,alt.privacy,misc.consumers, misc.legal,misc.misc,chi.general Subject: Digital Detective At Your Service Date: Wed, 6 Oct 1993 15:35:00 CDT DIGITAL DETECTIVE ... I wish to announce my recent aquisition of some databases which are primarily used by skip-tracing, investigative and government agencies to locate people, any assets they may have, and other pertinent and personal details of their lives. These databases are being made available to anyone who wishes to have access to them. The charges are simply being passed along, 'at cost' based on what I am paying. ... SOCIAL SECURITY NUMBER TRACING: =============================== You provide an SSN. I will advise you of all the names which have been used with this SSN, and the addresses which go with each. Or it can be the other way around: you supply an exact name and address (it can sometimes be a former address), and I will supply you with the SSN used by that person. Cost for each lookup, either direction is $60.00 PEOPLE FINDER: ============== You provide a name. Any name okay, but very common names will render a useless list. Middle initials and last known address is requested if possible. You'll receive a listing of every person who has that name, along with other data: New address if they moved; Telephone number provided the number is published; Residence type; Length of residence; Gender; Date of birth; Up to four other household members and their dates of birth. For additional information, People Finder also can provide a neighbor listing which includes up to ten neighbors, their addresses, phone numbers and residence types. ... It can be searched by telephone number only: You provide the phone number, I will respond with the person's profile and neighbor listing. Or it can be searched by address only, with the same results. ... Cost for each lookup is based on how extensive the search is. ... Both address/phone trace $90 ... CONSUMER CREDIT REPORTS: ======================== Consumer Credit reports availale from one bureau, $60 Consumer Credit reports available from three bureaus, $100 I need two things: 1. The name and address of the person, plus SSN if possible. 2. A *signed* statement that your request is for bonafide, legal reasons, i.e. you are considering an extension of credit to the person, or possibly employing them, etc. I cannot proceed without this signed statement. ... Has someone ever filed bankruptcy? The database will tell you if they have or not. Not all federal districts are yet installed but for those that are in the database, I can get you the details: ... Criminal History records available at $75-100 per jurisdiction you request searched. Want to know if someone has ever been in prison? Want to know if someone has ever been sued, or been a defendant in a criminal action? ... Death Records can be provided in various formats: By SSN only - is the holder of that SSN deceased or not? $30 By name - a more detailed account of their demise $40 Drivers Records can be pulled but the exact name and DOB is essential; otherwise if you have the full driver's license number, the search can be reversed, providing a name and DOB plus address. (Then use People Finder address trace on them.) $65 [ Various other information types listed omitted. -- MODERATOR ] ... Information should be available to everyone, not just the lawyers and bankers and government agencies. I'll provide information to anyone, at anytime from the categories above. Hope to hear from you soon with your requests. Here's to successful snooping! Get the goods on your friends and enemies alike. An imposter/fraud/con-artist on the net? Expose them in a detailed message with stuff you get from the database. Patrick Townson for DIGITAL DETECTIVE *************** >>> End of excerpted material from original submission <<< After reading the original ad, I had a number of exchanges with Pat regarding the possible negative reactions to this service among the PRIVACY Forum readership. Here are some excerpts from that discussion. ----- Excerpts from followup messages begin below ----- From Pat: Say whatever you like. I would ask that you point out a couple of pertinent things however: 1. All the information is gleaned from public sources. You'll find very few non-pub phone numbers for example unless the person used it someplace. And *yes* there are public sources of SSN's ... I know where, you don't know where, so you pay me to tell you where or at least produce the results. 2. All information is available free of charge to anyone who wants to go to the sources and get it himself. I'm placing myself in the middle as the 'gopher' ...I'll go fetch the information if you pay me. When I say 'free of charge if you get it yourself' I am not including the occassional cost of making copies, etc. That much is assumed. Regards criminal histories for example, if someone does not like the information being given out, then their real beef is with the concept of free, open to the public trials in the USA. In every courthouse in America, anyone is free to walk in, sit down and observe a trial going on. We do not have secret trials in the USA. So I am free to observe you on trial, and you are free to observe me on trial. It should follow then that we are free to exchange information with each other about trials we have observed. About 85 percent of the counties in the USA gladly supply transcripts and summaries of judgments regards criminal cases in their jurisdiction to anyone who asks for them (plus again, the copy costs etc). It is not feasable for you to come to Chicago and visit our courthouse, nor for me to visit the courthouses in California. So we cooperate with each other by you looking up things for me there and me looking up things for you here. It then should follow that a logical next step is to put it all on a computer; all researchers contibute their data to the common database. And so it goes. All I do is fetch the records you have created about yourself as a service for people who don't want to go to the trouble of fetching them for themselves. 3. Regards credit bureaus: Anyone can be a commissioned sales agent for the credit bureaus as long as they sign up with the bureaus to do that. You'll note I refuse to pull bureau files without your signed statement saying that you have a lawful purpose, ie an extension of credit or possible employment, etc. This puts the burden on you. In fact the bureaus themselves say in their contracts that they release information to their clients making the assumption the client has a lawful right to the information. If not, its your ass .. not theirs. If a bureau is pulled on you, you later find out and ask me why, I refer you to the person who purported to be lawfully inquiring. Doing so, I've met the requirements of the law. It is all public information except for the consumer credit reports, and for those the people who own the data base which I use absolutely insist on meeting all legal requirements. 4. Finally, it is only because we have computers that we can keep records in the prolific way we do. Do you also object to manual record keeping? Or is your complaint only that because it is computerized it has become so much easier for the average person to obtain? Remember, YOU are the person who gave out your SSN (I do not do the trace from government records but from public collections) ... YOU are the person who registered your telephone number in a directory of same with your address, etc. If you don't like people collecting information, don't give them any to collect, and get the law changed so that like in Russia you can be tried in secret and taken away in the middle of the night. Then there won't be any information for the public to look at regards what you were convicted of. Please summarize the above as my response to negative comments. Pat [ Below, text after ">" is from Lauren, other text is from Pat ]: Lauren: > I'm not disagreeing with your statements that it's all (presumably) > public information. In effect, that's what needs to be stopped! Pat: Well, then you better go to work on getting the First Amendment repealed or greatly modified addressing the issue of what people are permitted to say to other people, etc. If you feel I should be forbidden to speak about your SSN, so be it. Get the law changed and make sure it is constitutional. > In any case, publicizing your service may well have the effect of helping to > foster efforts to pass pending and future legislation to control the reuse > and distribution of such info, simply because so many people would get so > irate that such a service existed with such simple access. I want people to see how easy it is. I want enough people doing it that the cost of accessing the databases comes down from sixty dollars for an SSN to sixty cents! I want getting all sorts of info on your neighbors, enemies, employers and employees to be as easy as pushing a few keys on your keyboard. ... Nope, won't affect business at all because people have a short attention span. They will read it, cluck their tongues and by next week have forgotten. At my former employment I used to give seminars on how to collect bills. I gave these to employees of companies working collection. Afraid it would cut back the business they sent to our firm? Not at all. For a week or two, yes .. then they forget and go back to their old ways. Same thing here. ... Big firms, lawyers, bankers, law enfocement; they all get into the same information I use. Why shouldn't you be able to get into it also? You think if the laws are changed the lawyers won't somehow exempt themselves anyway? <grin> ... And as my ex-employer used to say, there is plenty of money to be made in collections and investigations by staying one hundred percent within the law ... no need to hack government data bases, no need to steal files from the credit bureau, no need to break into computers ... Someone wrote me and said getting into the NCIC was illegal (they were referring to my criminal histories database) ... hell, I get no where near NCIC .. I just use the combined efforts of researchers all over the USA who visit their courthouse daily to pull the new files for review; ditto with the Real Property transactions, tax records, voting records, etc .. ... but bear in mind if you try to censor the information you are treading dangerously into First Amendment stuff ... ... I thought it would make for great fun. Other than yours, the only letters I am answering on this are the ones which contain credit card numbers or EFT instructions ... and orders are coming in already. The neat thing about public information is you cannot be guilty of libel or slander when you distribute it as long as you do not embellish upon it. And my answers to inquiries go out ALWAYS as follows: "In consulting the XXX database, I noted the XXX database made the following statement(s) and/or allegation(s): (then the record) "If what was recorded in the XXX database is not correct, then the subject of the inquiry made at your request should notify the XXX database management of the error(s) and take appropriate action to correct the database record." It is never me claiming or alleging anything.... just telling you what I found out when I read the record. Same as the old credit bureau routine. Since I dont personally keep the rcords like the credit bureau does, it is not even within my power to correct the records. Obviously, that old First Amendment needs to be greatly modified, eh? Pat ----- End of excerpts from followup messages ----- Lauren here again. I think the above should give the flavor of the discussion and the related issues. We had some other discussions where I pointed out that the First Amendment wasn't really the issue, since it was not absolute, and that I felt some form of required "informed consent" (e.g., requiring firms to get written permission from customers from whom they obtain SS#, etc. before making it available to any commercial databases) would be a big help. But here's the *real* issue. If we assume that Pat is right in his statements that all of the information to which he has access is legally distributable, it goes far to pointing out what an utter disgrace the state of privacy and privacy laws in this country have become. Pat is certainly correct that many organizations already apparently have access to all of this data. All he's doing, seemingly, is trying to make a buck by providing "broader" access to the info. While one can argue that this is a very unfortunate thing to be doing, due to the range of new abuse that could potentially occur, it is also true that many crooks *already* have access to all this info, and that the information is already widely abused. Pat also suggests that there won't be any sustained opposition to such information releases--that most people have a very short attention span, will just read the message, and promptly forget about it. Is he right? The real problem is not with Pat's service, of course. The problem is that what should be private information is flowing around with such utter lack of sensible controls. If there were reasonable controls, it would be impossible for Pat's service, or many other similar services that cater to other customers out there, to be operational. There is certainly a philosophical underpinning to all of this. By analogy, Pat's view that everyone should have access to all the information available on everybody seems similar to the view that the way to solve the violent crime problem is to make sure that everyone in the country is carrying a gun at all times and is provided with plenty of ammunition. While some will no doubt agree with both of these concepts, hopefully many of us do not. It should now be crystal clear that the privacy situation in this country is in shambles. You can't just sit there, read this, and then file it off and forget it. Sooner or later, and most likely sooner, *you* are going to be affected. And just exactly what, my friends, are we going to do about it? --Lauren-- ------------------------------ Date: Thu, 30 Sep 93 14:31:41 EST From: "Tom Zmudzinski" <zmudzint@cc.ims.disa.mil> Subject: Key Escrow Panel at 16th NCSC 21 Sep 93; 14:00-15:30; Room 317 of the Baltimore Convention Center Track "E" (Tutorials & Presentations) -- KEY ESCROWING ISSUES { This is an incomplete "transcribble" of what was said, a personal precis if you will, not a court-ordered wiretap. ;{D } Cast: Mr. Len McNulty (National Security Standards & Technology), Dr. Clinton Brooks (Advisor to the Director, NSA), Mr. Al MacDonald (Special Assistant to the Assistant Director of Technical Services, FBI), Dr. Dorothy Denning (Georgetown University), Mr. Miles Schmidt (Manager of Security Advisory Group, NIST), Mr. Daniel Weitzner (Senior Staff Council, Electronic Frontier Foundation) { Transcribbler's Note: I've done the best I can with what I heard, but cross-checking against the Preliminary Participants List proved to be useless so there may be some misheard/spelled names & titles. } McNulty chaired the panel and gave a background briefing on the "Clipper Chip/Skipjack Algorithm" broughaha. Bottom line: NIST saw a requirement for high grade encryption for voice and data throughout the private sector but also saw the need to retain the ability to wiretap under court order. { Transcribbler's Note: Anyone needing background details (1) hasn't been paying attention to the media or fora and (2) can get them there. } Brooks gave the NSA side -- NIST came to NSA in search of help with the encryption. The policy folks wrangled long and hard over installing a backdoor, but concluded that any such weakening would be self-defeating. Brooks went into detail about the workings of the key escrow process. Bottom line: The algorithm HAS to be kept secret other wise someone could reverse-engineer a box that would interoperate with an escrowed Clipper. This box could then "lie" in the LEAF (Law Enforcement Access Field) and thus be invulnerable to court-ordered breakback. MacDonald gave the FBI's version -- Wiretap is a rarely used, last ditch technique necessary to protect the country and the private individual. MacDonald cited the use of wiretap in a "kiddy porn" kidnap/murder case. Unfortunately, he presented NO hard data on the pros & cons, just opinion. Bottom line: Wiretap is too useful a tool for Law Enforcement to give up without a fight, so they're fighting. Denning gave a synopsis of the work to date on breaking Skipjack. (The interim report is available on the Internet.) Bottom line: Recognizing that the analysis was done under considerable time pressure, it bears out NSA's claim that Skipjack is high quality (comparable to military grade) encryption. Weitzner presented the EFF position -- The EFF Electronic Privacy Working Group shares the Government's goal of providing the users with choice as to how (or if) they would protect their privacy. A truly voluntary, well functioning escrow system is appropriate to look at and test as one of the many alternatives that people who need security and privacy have to work with. They are not taking the position that no escrow system should be implemented at all (although there is an EFF faction that doubts that the government is the appropriate escrow agent). For the EFF, the critical test will be whether or not the US export restrictions on cryptography are relaxed. Bottom line: EFF wants to make certain that it is a truly voluntary system, not mandated by law. ( Various questions from the floor to the panel ) (Someone questioned the academic rigor of the Skipjack Analysis.) A: Analysis was as good as could be done in the time available. (Cliford Ockersmith, Intel, wanted to know why Intel had been excluded from manufacturing the Clipper chip.) A: They haven't been. (There IS an issue because Clipper is a hardware standard, and Intel doesn't want to retool to meet this standard.) (It appears that the only time Clipper is vulnerable is when it is being keyed.) A: The various parts of the Skipjack keys are NEVER in the clear outside of the box that does the keying, even during a legal breakback. (What happens to a chip once it's been brokenback?) A: The wiretap process includes notifying the chip owner that it has been wiretapped. (What about a gift certificate for a new chip in the letter?) A: [ laughter ] (Someone asked again about making the algorithm public.) A: [ see above ] Also, this is a voluntary standard, you don't have to use it. (Question about terrorists voluntarily using other high grade encryption.) A: No change from today. (Question about identifying with whom one is securely conversing.) A: Not part of Clipper. (Phone companies market Caller-Id.) (Unidentified person handed out "A Scientific Statement on Clipper Chip Technology and Alternatives" at the exits.) A: Thank you. [ adjourn ] ----------- The preceding has the legal status of hearsay, so don't quote anybody. ------------------------------ Date: Mon, 27 Sep 93 12:55:03 -0400 From: padgett@tccslr.dnet.mmc.com (A. Padgett Peterson, P.E. Information Security) Subject: Breaking DES (sorry, am not sure who the original poster was. > Michael Weiner presented a paper at Crypto93 that describes a fast DES key > search engine that uses a special inside-out DES chip that he designed. > This chip takes a single plaintext/ciphertext pair ... Pair of what ? Bytes ? Suspect a single byte pair might yeild multiple positives necessitating at least one more stage. > can build a special machine with 57000 of these chips for $1 million. This > machine can exhaust the DES key space in 7 hours, finding a key in 3.5 hours This translates to a 50 MHZ cycle and is certainly in the realm of DSPs or multiple scalable parallel processors (I generally use 40 Mhz for known commercial products). The biggest problem would be in the interconnection of 57000 processors. However given that financial institutions (a major user of DES and likely targets) frequently do not change keys often enough, probably an average cycle of 14 hours would be sufficient and allow a four-fold drop in the number of chips required. However, this scheme relies on a known plaintext attack. While gernerally valid, there are any number of methods to avoid this ranging from multiple encryption to garbage headers/trailers of random length. So far all known schemes for breaking DES have relied on this mechanism. Warmly, Padgett ------------------------------ Date: Mon, 27 Sep 93 08:38:02 PST From: mbeckman@mbeckman.mbeckman.com (Mel Beckman) Reply-To: mbeckman@mbeckman.com Subject: DMV vs. Loss of Consciousness [Subject field supplied by MODERATOR] [ A reminder -- please be sure to include substantive subject lines on messages to the digest. Please avoid simply using a reply which results in a Subject line that just quotes the Volume and Issue number of the digest. This will avoid my having to supply my own Subject fields for such messages. Thanks! -- MODERATOR ] In Digest 2.31 sinster@scintilla.santa-clara.ca.us (Darren Senn) writes: > I disagree. The problem definately _is_ with the law. To be specific, > paragraphs (a) and (f) are the problem: > > > From: Henry Unger <hunger@hitech.com> > [...] > > (a) [...] However, if a > > physician and surgeon reasonably and in good faith believes that > > the reporting of a patient will serve the public interest, he or > > she may report a patient's condition even if it may not be > > required under the state department's definition of disorders > > characterized by lapses of consciousness pursuant to subdivision > > (d). > [...] > > (f) A physician and surgeon who reports a patient diagnosed > > as a case of a disorder characterized by lapses of consciousness > > pursuant to this section shall not be civilly or criminally > > liable to any patient for making any report required or > > authorized by this section. (Amended by Stats 1987 ch 321 S1; > ^^^^^^^^^^ > > Stats 1990 ch 911 S2, eff. 1/1/91.) > > These two prevent any recourse on the part of the patient for dealing with > these overenthusiastic medical staffs. These excerpts have been posted already by myself and others, so this isn't a new argument. In other material I posted, I reported discussions I had with DMV officials who provided me with (and which I also posted) the DMV's official policy on LOC statute interpretation and policies. The DMV's own materials show that their policy is to *not* take DL action for innocuous LOCs. Further, anyone driver who feels he's been abused under these policies can appeal the decision with a California administrative law judge under the DMV's own policies. The law's provisions protecting physician's from penalties for making reports under the law are no different than similar provisions for child abuse, drug abuse, and police misconduct reports. They're their to let the physician do his job without becoming an attorney. There are laws that give the govt unreasonable authority to take away citizen's rights (the California Asset Forfeiture law, for example, happily not renewed in the last legislature and expiring on 12/31/93). THIS law, however, is not one of those. -mel ________________________________________________________________________ | Mel beckman | Internet: mbeckman@mbeckman.com | | Beckman Software Engineering | Compuserve: 75226,2257 | | Ventura, CA 93003 | Voice/fax: 805/647-1641 805/647-3125 | |______________________________|_______________________________________| ------------------------------ Date: Wed, 06 Oct 93 15:22:07 PDT From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Justice Department Issues New FOIA Policy [ From "ALAWON" (ALA Washington Office Newsline, An electronic publication of the American Library Association Washington Office), Volume 2, Number 44. -- MODERATOR ] *************************************************************************** JUSTICE DEPARTMENT ISSUES NEW FOIA POLICY On October 4, President Clinton and Attorney General Reno rescinded a 1981 rule which encouraged federal agencies to withhold information requested under the Freedom of Information Act (FOIA) whenever there was "a substantial legal basis" for doing so. In its place, agencies are directed to apply a "presumption of disclosure." A memorandum from President Clinton urged agencies to take a fresh look at their administration of the FOIA, to reduce backlogs of requests, and to enhance public access to information. (See below for the full text of the memorandum.) In a memorandum sent to heads of departments and agencies, Attorney General Reno stated that ...we must ensure that the principle of openness in government is applied in each and every disclosure and nondisclosure decision that is required under the Act....It shall be the policy of the Department of Justice to defend the assertion of a FOIA exemption only in those cases where the agency reasonably foresees that disclosure would be harmful to an interest protected by that exemption. Where an item of information might technically or arguably fall within an exemption, it ought not to be withheld from a FOIA requester unless it need be. At a Department of Justice briefing, Associate Attorney General Webster Hubbell acknowledged that there was a huge backlog of FOIA requests, and said the Department of Justice wanted to hear of the problems requestors were having. He said that the Department would review all pending FOIA lawsuits, but would not provide additional funding to fill FOIA requests. When asked about FOIA access to electronic records, John Podesta, White House Staff Secretary, replied that agencies would work with users to get information to them in a usable way. He added that OMB, the White House, and the Department of Justice were all committed to making information available. One person at the briefing asked about privacy issues, and noted that the FBI would not search for records on an individual because of concerns about privacy. Hubbell replied that the FBI should ask the individual first, but that the new FOIA regulations presumed disclosure. He added that the Department of Justice would discuss the matter with the FBI director. *************************************************************************** TEXT OF FOIA MEMO ISSUED BY THE WHITE HOUSE The White House Washington October 4, 1993 MEMORANDUM FOR HEADS OF DEPARTMENTS AND AGENCIES SUBJECT: The Freedom of Information Act I am writing to call your attention to a subject that is of great importance to the American public and to all Federal departments and agencies -- the administration of the Freedom of Information Act, as amended (the "Act"). The Act is a vital part of the participatory system of government. I am committed to enhancing its effectiveness in my Administration. For more than a quarter century now, the Freedom of Information Act has played a unique role in strengthening our democratic form of government. The statute was enacted based upon the fundamental principle that an informed citizenry is essential to the democratic process and that the more the American people know about their government the better they will be governed. Openness in government is essential to accountability and the Act has become an integral part of that process. The Freedom of Information Act, moreover, has been one of the primary means by which members of the public inform themselves about their government. As Vice President Gore made clear in the National Performance Review, the American people are the Federal Government's customers. Federal departments and agencies should handle requests for information in a customer-friendly manner. The use of the Act by ordinary citizens is not complicated, nor should it be. The existence of unnecessary bureaucratic hurdles has no place in its implementation. I therefore call upon all Federal departments and agencies to renew their commitment to the Freedom of Information Act, to its underlying principles of government openness, and to its sound administration. This is an appropriate time for all agencies to take a fresh look at their administration of the Act, to reduce backlogs of Freedom of Information Act requests, and to conform agency practice to the new litigation guidance issued by the Attorney General, which is attached. Further, I remind agencies that our commitment to openness requires more than merely responding to requests from the public. Each agency has a responsibility to distribute information on its own initiative, and to enhance public access through the use of electronic information systems. Taking these steps will ensure compliance with both the letter and the spirit of the Act. (signed) William J. Clinton ------------------------------ End of PRIVACY Forum Digest 02.32 ************************