TUCoPS :: Privacy :: priv_232.txt

Privacy Digest 2.32 10/10/93

PRIVACY Forum Digest       Sunday, 10 October 1993       Volume 02 : Issue 32

          Moderated by Lauren Weinstein (lauren@vortex.com)
            Vortex Technology, Woodland Hills, CA, U.S.A.
	
                     ===== PRIVACY FORUM =====

   	  The PRIVACY Forum digest is supported in part by the 
	      ACM Committee on Computers and Public Policy.


CONTENTS 
	Personal Privacy vs. the "Digital Detective"? [long]
	   (Lauren Weinstein; PRIVACY Forum Moderator)
	Key Escrow Panel at 16th NCSC (Tom Zmudzinski)
	Breaking DES (A. Padgett Peterson)
	DMV vs. Loss of Consciousness (Mel Beckman)
	Justice Department Issues New FOIA Policy
	   (Lauren Weinstein; PRIVACY Forum Moderator)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com".  All submissions included in this digest represent
the views of the individual authors and all submissions will be considered
to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  All PRIVACY Forum materials are also
available through the Internet Gopher system via a gopher server on
site "gopher.vortex.com".

For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@vortex.com, call (818) 225-2800, or FAX
to (818) 225-7203.
-----------------------------------------------------------------------------

VOLUME 02, ISSUE 32

   Quote for the day:

	"We want information."

			-- "Number 2" (various actors)
			   "The Prisoner" (1968-1969)

----------------------------------------------------------------------

Date:    Sun, 10 Oct 93 16:52 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Personal Privacy vs. the "Digital Detective"? 

Greetings.  This is going to be a somewhat complex message, but I feel
that it's an important one, so please try to bear along with me.

Also, I must ask that anyone who wishes to forward any information from this
message please forward the entire message and keep it intact and complete
with all attributions--any further excerpting from this material could be
extremely confusing, to say the least.

A few days ago, in my capacity as PRIVACY Forum moderator, I received an
e-mail submission from Patrick Townson, politely asking if I would consider
publishing it in the digest.  (Pat is moderator of the TELECOM digest; we
have various communications regarding digest matters from time to time.)

The submission was essentially an ad promoting a new service he is 
offering.  I informed him that my policy is not to run ads, though
particular products and services may be mentioned in the context
of informational or discussion messages submitted to the Forum.  

However, the particular ad in question is potentially of significant
importance to readers of PRIVACY Forum, and brings to a sharp focus
a number of issues which we've had bouncing around for sometime, with
seemingly little action.  So, I asked for and received permission from
Pat to publish excerpts from his ad, as well as excerpts from our
private communications that occurred after I read his original submission.
I've attempted to keep these excerpts in context, and I'll have additional
comments as we go along.  Once again, I'm sorry about the complexity of
this message. 

----
EXCERPTED MATERIAL BEGINS BELOW.  Omitted material is indicated by
"..." in the text.  The original complete message was widely distributed
on Usenet, as indicated by the "Newsgroups" field below.

			***************

From: ptownson@telecom.chi.il.us
Newsgroups: comp.society.privacy,alt.privacy,misc.consumers,
	misc.legal,misc.misc,chi.general
Subject: Digital Detective At Your Service
Date: Wed, 6 Oct 1993 15:35:00 CDT

                      DIGITAL DETECTIVE
		
...

I wish to announce my recent aquisition of some databases which are
primarily used by skip-tracing, investigative and government agencies
to locate people, any assets they may have, and other pertinent and
personal details of their lives.

These databases are being made available to anyone who wishes to have
access to them. The charges are simply being passed along, 'at cost'
based on what I am paying. 

...

SOCIAL SECURITY NUMBER TRACING:
===============================

You provide an SSN. I will advise you of all the names which have
been used with this SSN, and the addresses which go with each. Or
it can be the other way around: you supply an exact name and address
(it can sometimes be a former address), and I will supply you with
the SSN used by that person.

      Cost for each lookup, either direction is $60.00

PEOPLE FINDER:
==============

You provide a name. Any name okay, but very common names will
render a useless list. Middle initials and last known address is
requested if possible.  You'll receive a listing of every person who
has that name, along with other data:

     New address if they moved;
     Telephone number provided the number is published;
     Residence type;
     Length of residence;
     Gender;
     Date of birth;
     Up to four other household members and their dates of birth.

For additional information, People Finder also can provide a neighbor
listing which includes up to ten neighbors, their addresses, phone
numbers and residence types. 

...

It can be searched by telephone number only: You provide the phone
number, I will respond with the person's profile and neighbor listing.
Or it can be searched by address only, with the same results.

...

      Cost for each lookup is based on how extensive the search
      is. 

...

                Both address/phone trace      $90

...

CONSUMER CREDIT REPORTS:
========================

Consumer Credit reports availale from one bureau,     $60
Consumer Credit reports available from three bureaus, $100

I need two things:

  1. The name and address of the person, plus SSN if possible.
  2. A *signed* statement that your request is for bonafide,
     legal reasons, i.e. you are considering an extension of
     credit to the person, or possibly employing them, etc. I
     cannot proceed without this signed statement.

...

Has someone ever filed bankruptcy?  The database will tell you
if they have or not. Not all federal districts are yet installed
but for those that are in the database, I can get you the details:

...

Criminal History records available at $75-100 per jurisdiction you
request searched. 
      Want to know if someone has ever been in prison?
      Want to know if someone has ever been sued, or been a
        defendant in a criminal action?

...

Death Records can be provided in various formats:

      By SSN only - is the holder of that SSN deceased or not?  $30
      By name - a more detailed account of their demise         $40

Drivers Records can be pulled but the exact name and DOB
is essential; otherwise if you have the full driver's license
number, the search can be reversed, providing a name and DOB
plus address. (Then use People Finder address trace on them.)   $65

    [ Various other information types listed omitted.  -- MODERATOR ]

...

Information should be available to everyone, not just the lawyers
and bankers and government agencies. I'll provide information to
anyone, at anytime from the categories above. Hope to hear from
you soon with your requests.

Here's to successful snooping! Get the goods on your friends and
enemies alike. An imposter/fraud/con-artist on the net? Expose them
in a detailed message with stuff you get from the database. 

Patrick Townson
for DIGITAL DETECTIVE

			***************

      >>> End of excerpted material from original submission <<<

After reading the original ad, I had a number of exchanges with Pat
regarding the possible negative reactions to this service among
the PRIVACY Forum readership.  Here are some excerpts from
that discussion.

----- Excerpts from followup messages begin below -----

From Pat:

Say whatever you like. I would ask that you point out a couple of
pertinent things however:

1. All the information is gleaned from public sources. You'll find
very few non-pub phone numbers for example unless the person used it
someplace. And *yes* there are public sources of SSN's ... I know 
where, you don't know where, so you pay me to tell you where or at
least produce the results.

2. All information is available free of charge to anyone who wants to
go to the sources and get it himself. I'm placing myself in the middle
as the 'gopher' ...I'll go fetch the information if you pay me. When
I say 'free of charge if you get it yourself' I am not including the
occassional cost of making copies, etc. That much is assumed.

Regards criminal histories for example, if someone does not like the
information being given out, then their real beef is with the concept
of free, open to the public trials in the USA. In every courthouse in
America, anyone is free to walk in, sit down and observe a trial going
on. We do not have secret trials in the USA.  So I am free to observe
you on trial, and you are free to observe me on trial. It should
follow then that we are free to exchange information with each other
about trials we have observed. 

About 85 percent of the counties in the USA gladly supply transcripts
and summaries of judgments regards criminal cases in their jurisdiction
to anyone who asks for them (plus again, the copy costs etc). It is not
feasable for you to come to Chicago and visit our courthouse, nor for me
to visit the courthouses in California. So we cooperate with each other
by you looking up things for me there and me looking up things for you
here. It then should follow that a logical next step is to put it all
on a computer; all researchers contibute their data to the common
database. 

And so it goes. All I do is fetch the records you have created about
yourself as a service for people who don't want to go to the trouble
of fetching them for themselves.

3. Regards credit bureaus:  Anyone can be a commissioned sales agent
for the credit bureaus as long as they sign up with the bureaus to do
that. You'll note I refuse to pull bureau files without your signed
statement saying that you have a lawful purpose, ie an extension of
credit or possible employment, etc. This puts the burden on you. In
fact the bureaus themselves say in their contracts that they release
information to their clients making the assumption the client has a
lawful right to the information. If not, its your ass .. not theirs.
If a bureau is pulled on you, you later find out and ask me why,
I refer you to the person who purported to be lawfully inquiring.
Doing so, I've met the requirements of the law.

It is all public information except for the consumer credit reports,
and for those the people who own the data base which I use absolutely
insist on meeting all legal requirements.

4. Finally, it is only because we have computers that we can keep
records in the prolific way we do.  Do you also object to manual
record keeping?  Or is your complaint only that because it is
computerized it has become so much easier for the average person to
obtain?

Remember, YOU are the person who gave out your SSN (I do not do the
trace from government records but from public collections) ...

YOU are the person who registered your telephone number in a
directory of same with your address, etc. 

If you don't like people collecting information, don't give them any
to collect, and get the law changed so that like in Russia you can
be tried in secret and taken away in the middle of the night. Then
there won't be any information for the public to look at regards what
you were convicted of.

Please summarize the above as my response to negative comments.

Pat


[ Below, text after ">" is from Lauren, other text is from Pat ]:

Lauren:
> I'm not disagreeing with your statements that it's all (presumably)
> public information.  In effect, that's what needs to be stopped!

Pat:
Well, then you better go to work on getting the First Amendment
repealed or greatly modified addressing the issue of what people are 
permitted to say to other people, etc. If you feel I should be  forbidden
to speak about your SSN, so be it.  Get the law changed and make sure
it is constitutional.

> In any case, publicizing your service may well have the effect of helping to
> foster efforts to pass pending and future legislation to control the reuse
> and distribution of such info, simply because so many people would get so
> irate that such a service existed with such simple access.  

I want people to see how easy it is. I want enough people doing it
that the cost of accessing the databases comes down from sixty dollars
for an SSN to sixty cents!  I want getting all sorts of info on your
neighbors, enemies, employers and employees to be as easy as pushing
a few keys on your keyboard. 

...

Nope, won't affect business at all because people have a short
attention span. They will read it, cluck their tongues and by next
week have forgotten. At my former employment I used to give seminars
on how to collect bills. I gave these to employees of companies
working collection. Afraid it would cut back the business they sent to
our firm?  Not at all. For a week or two, yes .. then they forget and
go back to their old ways.  Same thing here.

...

Big firms, lawyers, bankers, law enfocement; they all get into the same
information I use. Why shouldn't you be able to get into it also?  You think
if the laws are changed the lawyers won't somehow exempt themselves anyway?
<grin> ... 

And as my ex-employer used to say, there is plenty of money to be made
in collections and investigations by staying one hundred percent within
the law ... no need to hack government data bases, no need to steal
files from the credit bureau, no need to break into computers ... 

Someone wrote me and said getting into the NCIC was illegal (they were
referring to my criminal histories database) ... hell, I get no where
near NCIC .. I just use the combined efforts of researchers all over
the USA who visit their courthouse daily to pull the new files for
review; ditto with the Real Property transactions, tax records, voting
records, etc .. 

... but bear in mind if you try to censor the information
you are treading dangerously into First Amendment stuff ...

...

I thought it would make for great fun. Other than yours, the only
letters I am answering on this are the ones which contain credit card
numbers or EFT instructions ... and orders are coming in already.

The neat thing about public information is you cannot be guilty of
libel or slander when you distribute it as long as you do not 
embellish upon it.  And my answers to inquiries go out ALWAYS as
follows:

  "In consulting the XXX database, I noted the XXX database
  made the following statement(s) and/or allegation(s):

    (then the record)

  "If what was recorded in the XXX database is not correct,
  then the subject of the inquiry made at your request should
  notify the XXX database management of the error(s) and take
  appropriate action to correct the database record."

It is never me claiming or alleging anything.... just telling
you what I found out when I read the record. Same as the old
credit bureau routine. Since I dont personally keep the rcords like
the credit bureau does, it is not even within my power to correct
the records.

Obviously, that old First Amendment needs to be greatly modified, eh?

Pat

----- End of excerpts from followup messages -----


Lauren here again.  I think the above should give the flavor of the
discussion and the related issues.  We had some other discussions where I
pointed out that the First Amendment wasn't really the issue, since it was
not absolute, and that I felt some form of required "informed consent"
(e.g., requiring firms to get written permission from customers from whom
they obtain SS#, etc. before making it available to any commercial
databases) would be a big help.

But here's the *real* issue.  If we assume that Pat is right in his
statements that all of the information to which he has access is
legally distributable, it goes far to pointing out what an utter
disgrace the state of privacy and privacy laws in this country
have become.   

Pat is certainly correct that many organizations already apparently have
access to all of this data.  All he's doing, seemingly, is trying to make a
buck by providing "broader" access to the info.  While one can argue that
this is a very unfortunate thing to be doing, due to the range of new abuse
that could potentially occur, it is also true that many crooks *already*
have access to all this info, and that the information is already widely
abused.

Pat also suggests that there won't be any sustained opposition to
such information releases--that most people have a very short attention
span, will just read the message, and promptly forget about it.
Is he right?

The real problem is not with Pat's service, of course.  The problem is that
what should be private information is flowing around with such utter lack of
sensible controls.  If there were reasonable controls, it would be
impossible for Pat's service, or many other similar services that cater to
other customers out there, to be operational.

There is certainly a philosophical underpinning to all of this.  By analogy,
Pat's view that everyone should have access to all the information available
on everybody seems similar to the view that the way to solve the violent
crime problem is to make sure that everyone in the country is carrying a gun
at all times and is provided with plenty of ammunition.  While some will no
doubt agree with both of these concepts, hopefully many of us do not.

It should now be crystal clear that the privacy situation in this country
is in shambles.  You can't just sit there, read this, and then file it
off and forget it.  Sooner or later, and most likely sooner, *you*
are going to be affected.

And just exactly what, my friends, are we going to do about it?

--Lauren--

------------------------------

Date:    Thu, 30 Sep 93 14:31:41 EST
From:    "Tom Zmudzinski" <zmudzint@cc.ims.disa.mil>
Subject: Key Escrow Panel at 16th NCSC

21 Sep 93; 14:00-15:30; Room 317 of the Baltimore Convention Center
Track "E" (Tutorials & Presentations) -- KEY ESCROWING ISSUES

{ This is an incomplete "transcribble" of what was said, a personal
  precis if you will, not a court-ordered wiretap. ;{D }

Cast: Mr. Len McNulty (National Security Standards & Technology),
Dr. Clinton Brooks (Advisor to the Director, NSA),
Mr. Al MacDonald (Special Assistant to the Assistant Director of
                  Technical Services, FBI),
Dr. Dorothy Denning (Georgetown University),
Mr. Miles Schmidt (Manager of Security Advisory Group, NIST),
Mr. Daniel Weitzner (Senior Staff Council, Electronic Frontier Foundation)

{ Transcribbler's Note: I've done the best I can with what I heard,
  but cross-checking against the Preliminary Participants List proved
  to be useless so there may be some misheard/spelled names & titles. }

McNulty chaired the panel and gave a background briefing on the "Clipper
Chip/Skipjack Algorithm" broughaha.  Bottom line: NIST saw a requirement
for high grade encryption for voice and data throughout the private sector
but also saw the need to retain the ability to wiretap under court order.

{ Transcribbler's Note: Anyone needing background details (1) hasn't been
  paying attention to the media or fora and (2) can get them there. }

Brooks gave the NSA side -- NIST came to NSA in search of help with the
encryption.  The policy folks wrangled long and hard over installing a
backdoor, but concluded that any such weakening would be self-defeating.
Brooks went into detail about the workings of the key escrow process.
Bottom line: The algorithm HAS to be kept secret other wise someone could
reverse-engineer a box that would interoperate with an escrowed Clipper.
This box could then "lie" in the LEAF (Law Enforcement Access Field) and
thus be invulnerable to court-ordered breakback.

MacDonald gave the FBI's version -- Wiretap is a rarely used, last ditch
technique necessary to protect the country and the private individual.
MacDonald cited the use of wiretap in a "kiddy porn" kidnap/murder case.
Unfortunately, he presented NO hard data on the pros & cons, just opinion.
Bottom line: Wiretap is too useful a tool for Law Enforcement to give up
without a fight, so they're fighting.

Denning gave a synopsis of the work to date on breaking Skipjack.  (The
interim report is available on the Internet.)  Bottom line:  Recognizing
that the analysis was done under considerable time pressure, it bears out
NSA's claim that Skipjack is high quality (comparable to military grade)
encryption.

Weitzner presented the EFF position -- The EFF Electronic Privacy Working
Group shares the Government's goal of providing the users with choice as
to how (or if) they would protect their privacy.  A truly voluntary, well
functioning escrow system is appropriate to look at and test as one of the
many alternatives that people who need security and privacy have to work
with.  They are not taking the position that no escrow system should be
implemented at all (although there is an EFF faction that doubts that the
government is the appropriate escrow agent).  For the EFF, the critical
test will be whether or not the US export restrictions on cryptography
are relaxed.  Bottom line: EFF wants to make certain that it is a truly
voluntary system, not mandated by law.

( Various questions from the floor to the panel )

(Someone questioned the academic rigor of the Skipjack Analysis.)
A: Analysis was as good as could be done in the time available.

(Cliford Ockersmith, Intel, wanted to know why Intel had been excluded
from manufacturing the Clipper chip.) A: They haven't been.  (There IS an
issue because Clipper is a hardware standard, and Intel doesn't want to
retool to meet this standard.)

(It appears that the only time Clipper is vulnerable is when it is being
keyed.) A: The various parts of the Skipjack keys are NEVER in the clear
outside of the box that does the keying, even during a legal breakback.

(What happens to a chip once it's been brokenback?) A: The wiretap process
includes notifying the chip owner that it has been wiretapped. (What about
a gift certificate for a new chip in the letter?) A: [ laughter ]

(Someone asked again about making the algorithm public.) A: [ see above ]
Also, this is a voluntary standard, you don't have to use it.

(Question about terrorists voluntarily using other high grade encryption.)
A: No change from today.

(Question about identifying with whom one is securely conversing.)
A: Not part of Clipper.  (Phone companies market Caller-Id.)

(Unidentified person handed out "A Scientific Statement on Clipper Chip
Technology and Alternatives" at the exits.) A: Thank you. [ adjourn ]

                          -----------

The preceding has the legal status of hearsay, so don't quote anybody.

------------------------------

Date:    Mon, 27 Sep 93 12:55:03 -0400
From:    padgett@tccslr.dnet.mmc.com 
	 (A. Padgett Peterson, P.E. Information Security)
Subject: Breaking DES

(sorry, am not sure who the original poster was.

> Michael Weiner presented a paper at Crypto93 that describes a fast DES key
> search engine that uses a special inside-out DES chip that he designed.
> This chip takes a single plaintext/ciphertext pair ...

Pair of what ? Bytes ? Suspect a single byte pair might yeild multiple 
positives necessitating at least one more stage.

> can build a special machine with 57000 of these chips for $1 million.  This
> machine can exhaust the DES key space in 7 hours, finding a key in 3.5 hours

This translates to a 50 MHZ cycle and is certainly in the realm of DSPs or
multiple scalable parallel processors (I generally use 40 Mhz for known
commercial products). The biggest problem would be in the interconnection 
of 57000 processors. However given that financial institutions (a major user
of DES and likely targets) frequently do not change keys often enough, 
probably an average cycle of 14 hours would be sufficient and allow a 
four-fold drop in the number of chips required.

However, this scheme relies on a known plaintext attack. While gernerally
valid, there are any number of methods to avoid this ranging from multiple
encryption to garbage headers/trailers of random length. So far all known
schemes for breaking DES have relied on this mechanism.

						Warmly,
							Padgett

------------------------------

Date:    Mon, 27 Sep 93 08:38:02 PST
From:    mbeckman@mbeckman.mbeckman.com (Mel Beckman)
Reply-To: mbeckman@mbeckman.com
Subject: DMV vs. Loss of Consciousness [Subject field supplied by MODERATOR]

	[ A reminder -- please be sure to include substantive subject
	  lines on messages to the digest.  Please avoid simply using
	  a reply which results in a Subject line that just quotes
	  the Volume and Issue number of the digest.  This will avoid
	  my having to supply my own Subject fields for such messages.
	  Thanks!  -- MODERATOR ]

In Digest 2.31 sinster@scintilla.santa-clara.ca.us (Darren Senn) writes:
> I disagree.  The problem definately _is_ with the law.  To be specific,
> paragraphs (a) and (f) are the problem:
> 
> > From:    Henry Unger <hunger@hitech.com>
> [...]
> >      (a) [...] However, if a
> > physician and surgeon reasonably and in good faith believes that
> > the reporting of a patient will serve the public interest, he or
> > she may report a patient's condition even if it may not be
> > required under the state department's definition of disorders
> > characterized by lapses of consciousness pursuant to subdivision
> > (d).
> [...]
> >      (f) A physician and surgeon who reports a patient diagnosed
> > as a case of a disorder characterized by lapses of consciousness
> > pursuant to this section shall not be civilly or criminally
> > liable to any patient for making any report required or
> > authorized by this section. (Amended by Stats 1987 ch 321 S1;
>   ^^^^^^^^^^
> > Stats 1990 ch 911 S2, eff. 1/1/91.)
> 
> These two prevent any recourse on the part of the patient for dealing with
> these overenthusiastic medical staffs.

These excerpts have been posted already by myself and others, so this isn't
a new argument. In other material I posted, I reported discussions I had
with DMV officials who provided me with (and which I also posted) the DMV's
official policy on LOC statute interpretation and policies. The DMV's own
materials show that their policy is to *not* take DL action for innocuous
LOCs. Further, anyone driver who feels he's been abused under these policies
can appeal the decision with a California administrative law judge under the
DMV's own policies. The law's provisions protecting physician's from
penalties for making reports under the law are no different than similar
provisions for child abuse, drug abuse, and police misconduct reports.
They're their to let the physician do his job without becoming an attorney. 

There are laws that give the govt unreasonable authority to take away
citizen's rights (the California Asset Forfeiture law, for example, happily
not renewed in the last legislature and expiring on 12/31/93). THIS law,
however, is not one of those.

  -mel
________________________________________________________________________
| Mel beckman                  |   Internet: mbeckman@mbeckman.com     |
| Beckman Software Engineering | Compuserve: 75226,2257                |
| Ventura, CA 93003            |  Voice/fax: 805/647-1641 805/647-3125 |
|______________________________|_______________________________________|

------------------------------

Date:    Wed, 06 Oct 93 15:22:07 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Justice Department Issues New FOIA Policy

   [ From "ALAWON" (ALA Washington Office Newsline,
     An electronic publication of the American Library 
     Association Washington Office), Volume 2, Number 44. -- MODERATOR ]

***************************************************************************

                 JUSTICE DEPARTMENT ISSUES NEW FOIA POLICY

On October 4, President Clinton and Attorney General Reno rescinded a 1981
rule which encouraged federal agencies to withhold information requested
under the Freedom of Information Act (FOIA) whenever there was "a
substantial legal basis" for doing so.  In its place, agencies are directed
to apply a "presumption of disclosure."  A memorandum from President
Clinton urged agencies to take a fresh look at their administration of the
FOIA, to reduce backlogs of requests, and to enhance public access to
information.  (See below for the full text of the memorandum.)

In a memorandum sent to heads of departments and agencies, Attorney General
Reno stated that
     ...we must ensure that the principle of openness in government is
     applied in each and every disclosure and nondisclosure decision that
     is required under the Act....It shall be the policy of the Department
     of Justice to defend the assertion of a FOIA exemption only in those
     cases where the agency reasonably foresees that disclosure would be
     harmful to an interest protected by that exemption.  Where an item of
     information might technically or arguably fall within an exemption, it
     ought not to be withheld from a FOIA requester unless it need be.

At a Department of Justice briefing, Associate Attorney General Webster
Hubbell acknowledged that there was a huge backlog of FOIA requests, and
said the Department of Justice wanted to hear of the problems requestors
were having.  He said that the Department would review all pending FOIA
lawsuits, but would not provide additional funding to fill FOIA requests.
When asked about FOIA access to electronic records, John Podesta, White
House Staff Secretary, replied that agencies would work with users to get
information to them in a usable way.  He added that OMB, the White House,
and the Department of Justice were all committed to making information
available.

One person at the briefing asked about privacy issues, and noted that the
FBI would not search for records on an individual because of concerns about
privacy.  Hubbell replied that the FBI should ask the individual first, but
that the new FOIA regulations presumed disclosure.  He added that the
Department of Justice would discuss the matter with the FBI director.

***************************************************************************

                TEXT OF FOIA MEMO ISSUED BY THE WHITE HOUSE

                              The White House
                                Washington
                              October 4, 1993

MEMORANDUM FOR HEADS OF DEPARTMENTS AND AGENCIES

SUBJECT:  The Freedom of Information Act

I am writing to call your attention to a subject that is of great
importance to the American public and to all Federal departments and
agencies -- the administration of the Freedom of Information Act, as
amended (the "Act").  The Act is a vital part of the participatory system
of government.  I am committed to enhancing its effectiveness in my
Administration.

For more than a quarter century now, the Freedom of Information Act has
played a unique role in strengthening our democratic form of government.
The statute was enacted based upon the fundamental principle that an
informed citizenry is essential to the democratic process and that the more
the American people know about their government the better they will be
governed.  Openness in government is essential to accountability and the
Act has become an integral part of that process.

The Freedom of Information Act, moreover, has been one of the primary means
by which members of the public inform themselves about their government.
As Vice President Gore made clear in the National Performance Review, the
American people are the Federal Government's customers.  Federal
departments and agencies should handle requests for information in a
customer-friendly manner.  The use of the Act by ordinary citizens is not
complicated, nor should it be.  The existence of unnecessary bureaucratic
hurdles has no place in its implementation.

I therefore call upon all Federal departments and agencies to renew their
commitment to the Freedom of Information Act, to its underlying principles
of government openness, and to its sound administration.  This is an
appropriate time for all agencies to take a fresh look at their
administration of the Act, to reduce backlogs of Freedom of Information Act
requests, and to conform agency practice to the new litigation guidance
issued by the Attorney General, which is attached.

Further, I remind agencies that our commitment to openness requires more
than merely responding to requests from the public.  Each agency has a
responsibility to distribute information on its own initiative, and to
enhance public access through the use of electronic information systems.
Taking these steps will ensure compliance with both the letter and the
spirit of the Act.

                           (signed) William J. Clinton

------------------------------

End of PRIVACY Forum Digest 02.32
************************

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH