AOH :: ELECTRIF.TXT|
Elec. Comm. & Civil Liberties
July 1992 Vol. 4; Issue 5
New Communications Technologies and Traditional Civil Liberties
|This document is Copyright (c) 1992 by Human Rights Watch. |
|It is reproduced in electronic form by permission of Human |
|Rights Watch. For printed versions of this document, contact|
|Human Rights Watch Publications, 485 Fifth Avenue, New York,|
|NY 10017. Printed copies are $3.00 with quantity discounts |
|available. This electronic copy of the document is being |
|made available as a service of Human Rights Watch and |
|The Electronic Frontier Foundation (eff.org). It originated |
|in the eff.org ftp library. Redistribution of this document |
|should always be accompanied by this header. |
INTRODUCTION: NEW COMMUNICATION TECHNOLOGIES
Since the personal computer ushered in a communication revolution
about 15 years ago, the accompanying technology has been likened to
everything from the printing press to Hyde Park Corner, from the
postal system to talk radio. Pungent as these analogies are, their
limitations point up the essential uniqueness of computer-mediated
communication. While the printing press made possible the mass
dissemination of information, computers can individualize information
and increase its flow a thousandfold. In the process, they change the
nature of communication itself.
Few Americans are unaffected by this revolution, whether they
rely on computers to do their taxes, write a novel, serve up money
from a bank machine, or make airplane reservations -- and then guide
the plane safely back to land. Those who are "on-line" "talk" to
people whom they may never meet face-to-face and form "virtual
communities" in "Cyberspace" -- a place without physical dimensions,
but with the capacity to store vast amounts of facts, conversation,
messages, written or voice mail and graphic images.
While it is axiomatic that these new capabilities can open up
faster, easier and more inclusive communication, they also call into
question long held assumptions about individual and communal rights.
Some are old questions in a new context: What, if any, is the role of
the government in regulating electronic communication? As more and
more information is recorded and stored automatically, how can the
right of privacy be balanced with the right to know? What happens to
individual protections when information is a salable commodity? Does
the form in which information is kept change the government's
obligation to inform its citizens?
Other questions arise from the new technologies: When borders can
be breached by a keystroke and texts and images can be reproduced and
modified without ever being published, what happens to definitions of
intellectual property, scholarship, conversation, publication,
community, even knowledge itself?
In 1983, Ithiel de Sola Pool began his seminal book, Technologies
of Freedom, with the warning that "Civil liberty functions today in a
changing technological context." As if to prove him right, the
government is now proposing a $2 billion investment in computer
networking technologies which will radically alter the way American
communicate. Because the technological context changes more rapidly
than the laws regulating it, the debate about how we want to live in
an electronic world is both volatile and urgent.
ELECTRONIC COMMUNICATION AND THE LAW
United States law has not treated all communication technology
alike. As Pool notes, regulatory policy is based on different
assumptions and varies among print, common carriage and broadcasting,
which were the three prominent modes of mass communication when he
wrote. Thus, lawmakers and jurists delineating free speech sought to
minimize traditional controls on printed speech by rejecting the types
of censorship associated with it, such as prior restraint, taxation
and seditious libel. But early regulators, with an eye to the social
good, had no qualms about requiring common carriers, such as the
postal and telegraph systems, to provide universal service without
discrimination. Their successors, assuming that the broadcast spectrum
was a scarce commodity, designed a regulatory system for radio and TV
based on government licensing, business advertising and a limited
number of channels. Later regulations included the Fairness Doctrine
(imposing on licensed broadcasters an obligation to cover issues
fairly), which regulated the content of speech. But as technologies
merge, traditional distinctions among the modes are no longer
applicable. Today, for instance, anyone regulating electronic bulletin
boards is looking at a cross between a publisher and a bookstore that
operates by means of the telephone, a common carrier.
Historically, the law has responded to, not anticipated,
technological changes, often reacting repressively when a new
technology challenges the status quo. As in the past, regulation of
electronic communication has been influenced more by market and
political forces than constitutional principles or legal issues. But
electronic communication policy is still fluid enough to allow for
questions about who should set the policy and to what end.
Among the most active participants in the policy discussion is
Computer Professionals for Social Responsibility (CPSR), a public
interest group formed to explore the impact of computers on society.
In March 1991, CPSR held the First Conference on Computers, Freedom &
Privacy in Burlingame, California. The concerns addressed at the
conference fell into three broad civil liberty categories: protecting
speech, protecting privacy, and gaining access to government
In an opening address, constitutional scholar Laurence Tribe
posed a question of his own: "When the lines along which our
Constitution is drawn warp or vanish, what happens to the Constitution
itself?" The sections of the Constitution Tribe was referring to in
relation to electronic communication are:
# the First Amendment, with its prohibition against laws
abridging freedom of speech, assembly, or the press;
# the Fourth Amendment, protecting people and their property from
unreasonable government intrusion;
# the Fifth Amendment, guaranteeing due process of law and
exemption from self-incrimination;
# the Ninth and Fourteenth Amendments, which reinforce other
rights and provisions in the Constitution.
In applying these long-standing guarantees in the burgeoning
electronic forum, Tribe recommends that policy makers look not at what
technology makes possible, but at the core values the Constitution
enshrines. The overarching principles of that document, he maintains,
are its protection of people rather than places, and its regulation of
the actions of the government, not of private individuals. Other
central values Tribe notes are the ban on governmental control of the
content of speech; the principle that a person's body and property
belong to that person and not the public; and the invariability of
constitutional principles despite accidents of technology.
To insure that these values prevail as technology changes, Tribe
proposes adding a 27th amendment to the Constitution to read:
"This Constitution's protections for the freedoms of speech,
press, petition and assembly, and its protections against unreasonable
searches and seizures and the deprivation of life, liberty or property
without due process of law, shall be construed as fully applicable
without regard to the technological method or medium through which
information content is generated, stored, altered, transmitted or
Who Regulates and How
Speakers at the conference did not argue with Tribe's goal of an
enlightened electronic communication policy on the part of the
government, but some disagreed over who should be responsible for
formulating that policy and whatever regulations accompany it.
Jerry Berman, a longtime privacy advocate who is now Director of
the Washington office of the Electronic Frontier Foundation, warned
that, in light of the courts' current record on civil liberties, any
strategy giving them primary power to settle electronic speech
disputes was dangerous. He argued instead for legislative controls.
Others worried that lawmakers, misunderstanding or
misinterpreting existing electronic speech problems, would push
through harsh and intrusive regulations. Steve McLellan, a special
assistant to the Washington Utilities Commission, cited efforts in his
state by phone companies wanting to institute caller ID systems. The
companies lobbied for authorization of that technology by portraying
it as customer protection, a way to combat obscene and crank phone
calls. The constitutional privacy issues got buried in politics until
the utilities commission announced that it would approve caller-ID
tariffs only if they provided for blocking mechanisms provided free
and at the discretion of the customer.
Yet another potential regulatory force was posited by Eli Noam,
Director of the Center for Telecommunications and Information Studies
at Columbia University. Noam suggested that computer- based
information networks will become quasi-political entities, not
subordinated to other jurisdictions, as they tax, set standards of
behavior and mediate conflicts among their members, and band together
to influence economic and social policy. Current Regulation
There are myriad laws on the federal and state levels with
potential impact in the electronic forum: the Privacy Protection Act,
Freedom of Information Act, Wiretap Act, Paperwork Reduction Act,
sunshine laws, obscenity laws, and laws regulating copyright,
trademark, interstate commerce, and product liability. As New York
attorney Lance Rose points out, this proliferation of laws tends to
reinforce the most restrictive standard -- because computer users and
service providers cannot inform themselves about all potentially
relevant rules, they are well-advised to stay within the boundaries of
the strictest regulation that may apply.
Congress has also passed legislation aimed directly at electronic
communication within the government, including:
# the Computer Matching and Privacy Protection Act of 1988,
which prohibits government agencies from combining discrete
computerized personal records as a basis for taking adverse action
against an individual until the results of the match have been
# the Computer Security Act of 1987, designed to improve the
security and privacy of federal computer systems;
# the Electronic Communication Protection Act of 1986, which
safeguards electronic communication from interception, disclosure and
random monitoring without a court order; and stipulates that a court
order must be time-limited and must specify the information sought;
# the Computer Fraud and Abuse Act of 1984 (revised in 1986),
which criminalizes unauthorized entry, and taking or alteration of
information from computers; authorizes fines and imprisonment up to 20
years under certain circumstances; and gives the Secret Service
authority to investigate potential offenses. In an effort to balance
the punitive aspects of the Act, Sen. Patrick Leahy (D-VT) introduced
an amendment to the 1991 crime bill that defines criminal liability in
electronic communication cases as intent to damage, rather than as the
technical concept of unauthorized access. The bill (S. 1322) will come
up for a vote again in 1992.
Both the Computer Fraud and Electronic Communication Protection
Acts include exceptions to their non-disclosure provisions for service
providers who "may divulge" the content of a communication to a law
enforcement agency if the contents "appear to pertain to the
commission of a crime." Bulletin board operators have voiced concern
over the ambiguity of this provision, questioning if it implies a duty
on their part to report on the content of their boards.
THE ELECTRONIC FRONTIER: SOME SKIRMISHES
It is by no means a foregone conclusion among potential
regulators of electronic speech that it is wholly protected by the
First Amendment, but even if that were agreed upon, the issue of how
to determine the limits of what is permissible, desirable and
necessary would still loom large. The discussion has been framed by a
set of paradigms, in which the electronic forum is portrayed as a mix
of the past - - the American frontier -- and a wholly new phenomenon,
The term Cyberspace comes from William Gibson's novel,
Neuromancer. It is the "place" telephone conversations and most
financial transactions exist, the home of cyberpunks, and the bane of
those who prefer to keep personal information private. Though subject
to legal and social pressures, there is still something untamed about
it, and so, a writer in Wyoming named John Perry Barlow coined the
term "the electronic frontier."
Hoping to seize the initiative in taming this territory, Barlow
teamed up with computer entrepreneur Mitch Kapor to create the
Electronic Frontier Foundation (EFF). Since it began in July 1990, the
EFF has provided guidance to legislators and courts about civil
liberties on the frontier, and legal assistance to those whose
liberties have been threatened.
Even with much of its territory up for grabs, Cyberspace has been
populated for some time, albeit by groups with widely divergent
perceptions of the communal good. On one side are "hackers," a
sometimes pejorative term, but used neutrally here to describe people
who gain unauthorized access to computers for whatever purpose. These
hackers see themselves as unfettered, adventuresome cowboys who, in
keeping with the frontier myth, are being fenced in by the settlers --
the business interests who have staked claim to the terrain -- and by
the law that tends to protect these established interests.
The cowboys defend computer hacking as a harmless pastime, as a
pioneering activity that expands the boundaries of what is
electronically possible, or as a political response to proprietary
interests and individual profit. The settlers attack it as criminal,
antisocial and malicious activity that costs everyone in money and
security. By some estimates, computer crime accounts for as much as $5
billion in losses to government and business yearly.
One of the most publicized cases of computer crime involved a
virus (a software program that can alter data or erase a computer's
memory) that was unleashed in 1988 over InterNet, an international
computer network. The virus, known as the Worm, was written by Robert
Morris, a graduate student at Cornell University, who claimed that he
had created it as a prank before it got loose and infected thousands
of government and academic computers. As a first-time offender, Morris
was given a light sentence, but the principle established by the case
has been allowed to remain: to get a conviction for computer abuse,
the government need only prove unauthorized access, not intent to
harm. This ruling has been compared to punishing a trespasser for the
more serious offense of burglary or arson.
The Morris virus not withstanding, the bulk of computer crime is
not committed by hackers, but involves credit card fraud or theft by
people within large companies, which are often reluctant to report it
and publicize their vulnerability. In setting up the Electronic
Frontier Foundation, Barlow and Kapor were reacting most directly to
Operation Sun Devil, a part of a federal effort to combat computer
crime, which had as its most visible targets young computer hackers
and their systems of communication.
On May 8, 1990, armed with 28 search warrants in 14 cities,
Secret Service agents seized at least 40 computers and over 50,000
disks of data from individuals they suspected of possessing illegally-
obtained information. Only seven arrests resulted, although the
government kept and searched the computers and software of more who
were not charged. Information obtained by CPSR under a Freedom of
Information request reveals that the Secret Service had been
monitoring on-line communication and keeping files on individuals who
had committed no crime for several years prior to the raids.
Steve Jackson Games
The February before the Sun Devil raids, a grand jury indicted
Craig Neidorf, a student and the publisher of an electronic magazine
called Phrack, for reprinting a document stolen from a Bell South
computer. Three hackers had already been sentenced to prison for
stealing the document, which concerned a 911 emergency system. The
phone company claimed the document was highly sensitive and set its
value at $79,499. When Neidorf's case came to trial that July,
however, it was revealed that the document was publicly available at a
cost of $30. The government dropped the charges, but the magazine had
already ceased publication, and Neidorf had incurred about $100,000 in
The Bell South file had been made available to bulletin board
systems (BBSs) around the country, including one operated by an
employee of Steve Jackson Games (SJG), a creator and publisher of
computer games in Austin, Texas. While looking for evidence against
the employee, Secret Service agents searched the bulletin board run by
Jackson and found the draft of a rule book for a fantasy game called
GURPS Cyberpunk. They decided it was a manual for breaking into
On March 1, 1990, agents raided SJG and seized computers, drafts
of the game, and all the information and private communication stored
on the computer used for the bulletin board. Jackson was never charged
with a crime, but none of his equipment or files was returned until
nearly four months later. He was forced to lay off half of his
employees and estimates that the raid cost him $125,000 in publishing
delays. This is a small-scale equivalent of seizing the printing
presses and files of The New York Times because the Pentagon papers
were found on their premises; such raids are expressly forbidden by
the Privacy Protection Act.
With the help of the Electronic Frontier Foundation, Jackson is
suing the Secret Service for violating his Constitutional rights.
Specifically, his lawyers are arguing that the request for the search
warrant caused a prior restraint of a publication, was misleading
because it did not tell the judge that SJG was a publisher, did not
meet the specificity requirement of the Fourth Amendment, and failed
to establish probable cause that criminal activity was taking place.
The case is in litigation.
Meanwhile, the EFF has been working on model search and seizure
guidelines, which they hope to persuade the American Bar Association
to adopt in place of its current guidelines for the issuance of search
warrants relating to business records. In an attempt to make searches
less intrusive and destructive, EFF recommends that:
1. computers used for publishing or electronic bulletin boards be
afforded the same First Amendment protections as other means of
2. in determining if just cause for seizure of equipment and
software exists, judges shift the emphasis from what is
technologically possible (e.g. an electronic trip wire that can erase
all data) to what is likely to happen;
3. the search of computer disks take place on a business's
premises, whenever possible;
4. under most circumstances, computers be seized only when they
are the instruments of a crime.
Electronic bulletin board systems are an increasingly pervasive
mode of electronic communication and probably the most vulnerable to
censorship. Part of the problem stems from a lack of definition. Are
bulletin boards publishers, common carriers, broadcasters, electronic
file cabinets, owners of intellectual property, private forums,
libraries, newsstands, a combination, or none of the above? How they
are categorized will determine if and how they are regulated.
BBSs are relatively new, dating from about 1978; today, as many
as 60,000 may be operating in the U.S. Though most are small and
specialized, the government operates several big ones, such as
InterNet, and businesses run others, including the two largest:
Prodigy (owned by IBM and Sears) and CompuServe (a subsidiary of H & R
Block). These BBSs allow individuals to "log on" to a host computer by
use of a modem and telephone lines. Once they are hooked up, users can
participate in electronic conferences, or conversations, send
electronic or E-mail to specific individuals, and "post" messages
directed at a general audience.
Most BBSs neither monitor nor control E-mail, but many edit or
otherwise restrict the messages on their bulletin boards. Some, such
as the Whole Earth 'Lectronic Link (the WELL) in Sausalito, CA, place
all responsibility for words posted on their system with the author,
removing only clearly illegal or libelous material. The WELL
community of about 5,000 members so far has regulated itself
effectively. Other systems are less tolerant.
In 1988, Stanford University attempted to block a jokes section
of the bulletin board Usenet after becoming aware of an ethnically
derogatory joke posted on it. The ban, though official policy, could
not be implemented technically, and the jokes continued to be
available throughout the campus. After a protest by students and
faculty, the ban was lifted.
Prodigy has been more successful in controlling the content of
its bulletin board. It claims the right to do so as a private company
contracting with customers to deliver a service, and as a publisher
selecting the content of its on-line publication much as an editor
edits a letters-to-the-editor page. Messages are first scanned by a
computer to catch words and phrases Prodigy deems offensive, then
vetted by employees before being posted.
This editing has made for considerable controversy in Prodigy's
three years of existence. In 1989, Prodigy cut out a section of its
bulletin board called "health spa" after a yeasty exchange between
homosexuals and fundamentalists. The next year, it banned messages
from members protesting its pricing and editorial policies. Then this
past year, the Anti-Defamation League publicly condemned the bulletin
board for carrying grossly anti-Semitic messages. Prodigy responded
that the messages were protected speech, but added the puzzling
explanation that it made a distinction between derogatory messages
aimed at individuals and those aimed at groups.
The question of what legal precedent to apply to bulletin boards
moved closer to resolution with a court ruling late in 1991. In Cubby
v. CompuServe, an electronic newsletter called Skuttlebut claimed that
it had been defamed by a competitor known as Rumorville, which
CompuServe publishes on its Journalism Forum. A federal judge in New
York likened electronic bulletin boards neither to publishers nor
common carriers, but to distributors of information such as
newsstands, bookstores and libraries to which a lower standard of
liability applies. He decided, therefore, that CompuServe could not be
held liable for statements published through its electronic library,
particularly because it had no reason to know what was contained
ELECTRONIC INFORMATION AND PRIVACY
Private facts about individuals are much easier to gather and
store on computer than on paper and are much more accessible to
unauthorized scrutiny. Thus, computer monitoring challenges
traditional expectations of privacy, exposes nearly every facet of an
individual's life to potential public view and commercial use, alters
the relationship between employers and employees, and opens the way
for unprecedented government surveillance of citizens. For these
reasons, concerns about the courts' vitiating the Fourth Amendment
intensify when computer-based communication and surveillance are
Gary Marx, professor of sociology at MIT, notes ten
characteristics of new kinds of computer- based monitoring that make
them particularly intrusive:
They transcend boundaries...that traditionally protect privacy.
They permit the inexpensive and immediate sharing and merging
and reproducing of information.
They permit combining discrete types of information.
They permit altering data.
They involve remote access which complicates accountability issues
They may be done invisibly
They can be done without the subject's knowledge or consent.
They are more intensive.
They reveal previously inaccessible information.
They are also more extensive and they cover broader areas.
Privacy and Property
At a meeting of Computer Professionals for Social Responsibility
held in Cambridge, MA October 1991, John Shattuck, Vice President for
Government, Community and Public Affairs at Harvard University, noted
that when the Bill of Rights was written, personal liberty was closely
linked to private property. Thus, the Fourth Amendment protected
concrete things and places from unreasonable government intrusion.
This idea was first upheld in relation to electronic technology
in 1928, when the Supreme Court ruled in Olmstead v. United States
that the Fourth Amendment did not apply to wiretapping because
telephone communication was not a material thing. (It was in his
dissent on this ruling that Justice Brandeis defined privacy as "the
right to be left alone.")
The principle of protection for tangible property remained
largely unchallenged until 1967. Then, in Katz v. United States, the
Supreme Court decided that the Fourth Amendment "protects people, not
places," and was, therefore, applicable to wiretapping and electronic
eavesdropping. This decision brought a person's ideas, politics and
communication under the Amendment's protection for the first time, and
set "reasonable expectation" as the standard by which to measure
privacy rights. According to Shattuck, it also began a revolution in
Fourth Amendment law.
From 1967 until the Electronic Communication Protection Act was
passed in 1986, the only electronic communication covered by law was
what could be heard. Nearly all computer-based communication remained
outside traditional and legal privacy protections, even as it was
becoming the dominant technology.
Much of digital communication in the U.S., including medical,
insurance, personnel and retail transactions still lacks firm legal
protection from intrusion, and the FBI recently proposed legislation
that would require that all new telephone systems be designed to allow
wiretapping, an ability the agency fears is endangered by new
technology. In the privacy arena, the United States still lags far
behind Canada, Australia and Western Europe, where at least six
countries have a constitutional right to privacy and data protection.
The Fourth Amendment and the Privacy Protection Act apply only to
the federal government, leaving commercial intrusion to be addressed
piecemeal over the past two decades. For instance, the Supreme Court
ruled in 1976 that there was no constitutional protection for personal
information held by a bank because bank customers do not own these
documents. In response, Congress passed the Right to Financial Privacy
Act two years later to create a statutory protection for bank records.
In 1977, the federal Privacy Protection Study Commission looked
at the Privacy Act, seen then as a flawed compromise, and issued over
100 recommendations, many of which died at birth. However, one
recommendation -- that the Privacy Act not be extended to the private
sector, which should be allowed to comply voluntarily -- was more or
less adopted by default.
Other laws have since been passed to control private access to
personal information, including the Fair Credit Reporting Act (1970),
the Debt Collection Act (1982), the Cable Communications Policy Act
(1984) and the Video Privacy Protection Act (1988). Recently, Rep.
Robert Wise (D- WV), chair of the Subcommittee on Government
Operations, tried to establish a Data Protection Commission, but
without giving it regulatory power.
As technology makes its easier to match databases and repackage
personal information in commercially valuable forms, unease increases
over the amount of information gathered and retained, where it comes
from, how accurate it is, what use is made of it, and how individuals
can control that use, especially when it is reused. Again, computers
exacerbate the problem because they create a pervasive and long-
lasting information trail that is decreasingly under the control of
the individual involved.
Often there is no direct relationship between individuals and the
keeper of information about them, as with credit bureaus. Other
businesses, such as telephone companies and airlines, collect
information routinely without external regulation of who sees the
records or how long they are kept. Even when there is an intimate
connection, as with medical information, the lack of legal protection
allows genetic information and records of job-related injuries, for
example, to end up in private databases that are available to
employers and insurance companies.
Control over one's personal facts becomes even more tenuous when
data collected by one organization are sold to another, which happens
regularly without the individual's consent. This "second use" takes
place primarily among businesses, but non-profit groups sell their
mailing lists, and government agencies compare databases with
businesses and each other: tax returns with welfare or student-loan
records, for example. In 1991, Governor William Weld of Massachusetts
proposed selling computer access to state Registry of Motor Vehicles
records to private companies, but was dissuaded by vocal legislative
opposition to the plan.
Privacy advocates are also troubled by deceptive data collection
techniques and inaccurate information that can be difficult and
expensive to correct. In July 1991, six state attorneys general sued
TRW, one of the three big credit-reporting companies, for failure to
correct major reporting errors. TRW eventually agreed to supply
individuals with free copies of their credit files on request; other
companies still charge for such reports.
Computers also provide a mechanism for fighting this Big Brother
scenario. In 1990, Lotus Marketplace worked with Equifax, another
consumer data collector, to put portions of its database onto compact
disk so that marketing information about individuals could be sold in
a convenient format to businesses. When the plan became public, it
occasioned an outcry of surprising proportions -- about 30,000
responses, many from people who had learned about the project through
electronic forums, and nearly all negative. In January 1991, Equifax
and Lotus bowed to the pressure and scrapped the project. Privacy
For the past several years, privacy advocates have been working
to pass policies and laws to protect individuals from the unwanted
intrusions into their personal lives that computers make easy and
well summed up in a 1989 paper written by Jerry Berman and Janlori
Goldman for the Benton Foundation:
1. Information collected for one purpose should not be used for a
different purpose without the individual's consent.
2. Policy should be developed with an eye towards new advances in
information technology and telecommunications.
3. Legal limits should be placed on the collection and use of
sensitive information -- the more sensitive the information, the more
rigorous the disclosure standard.
4. Individuals must be provided with easy access to their
records, including access to computerized records, for the purpose of
copying, correcting, or completing information in the records.
5. Exemptions for non-disclosure should be clearly justified and
narrowly tailored to suit the requester's need.
6. Legislation should include enforcement mechanisms, such as
injunctive relief, damages, criminal penalties, and reimbursement of
attorney's fees and costs.
Also in the private sector, computers are increasingly being used
to track employees' use of time, productivity, and communication with
each other and the public. According to Karen Nussbaum, Executive
Director of 9to5, the national organization of office workers, the
work of 26 million employees is monitored electronically, and the
evaluation and pay of 10 million is determined by computer-generated
statistics. This kind of monitoring is more intrusive than human
supervision, she points out, because it watches the personal habits of
employees and because it is constant.
As a form of surveillance, employers often reserve the right to
read the electronic mail of employees and may do so because the
Electronic Communications Privacy Act protects electronic mail only on
public networks. The E-mail systems of large corporations, including
Federal Express and American Airlines, automatically inform workers
that the company may read mail sent over the systems. Other companies
do not inform, but read anyway. When an employee of Epson America, a
California- based computer company, learned that this was the
company's practice and complained, she was fired the next day. Her
lawsuit charging wrongful termination is in litigation.
In the fall of 1991, Sen. Paul Simon (D-IL) introduced
legislation (S. 516) which would require that employees and customers
be notified if their electronic communication and telephone
conversations are being monitored, either in specific instances or as
a policy of their employer. Rep. Pat Williams (D-MT) has introduced
similar legislation in the House (HR. 1218), and both bills are in
committee. Government Surveillance
The United States government is the largest collector of
information about people in this country and perhaps the largest
keeper of personal information in the world. This information consists
mostly of separate records, such as tax and social security files, but
in a 1986 study, Congress's Office of Technology Assessment determined
that, because these files can be matched and combined, a de facto
national database on Americans already exists.
Other information is gathered by surveillance. The FBI's National
Crime Information System (NCIC) is a high-speed, computerized system
containing criminal justice information, including Secret Service
investigations, missing person files, and criminal histories or "rap
sheets." The system began in 1967 and now runs about one million
transactions each day. Information is maintained on a computer in
Washington, DC, which is connected to each state and to 60,000 offices
including those of sheriffs, prosecutors, courts, prisons, and
military investigators. For instance, a police officer using the NCIC
system to find out if a driver he or she has stopped is wanted for a
crime can call up fingerprints and photos on the database to make an
The NCIC is proud of the efficiency of its system and claims that
it has built in safeguards against inaccuracy and abuse. Civil
libertarians, however, have doubts. In addition questioning whether
arrests for current actions should be made on the basis of past
behavior, they point out that data on arrests may be stored separately
from data on convictions, and that computers make it harder to control
the spread of inaccurate, outdated or ambiguous information. They also
fear that the ease in using the system will encourage police to be
less discerning in stopping people for investigation.
There is concern too that the system can be used for purposes
other than criminal justice, with information shared when someone
applies for a government or military job or a professional license. In
1988, the FBI suggested connecting the NCIC to the computers of the
Department of Health and Human Services, the IRS, the Social Security
Administration and the Immigration and Naturalization Service; the
plan was eventually defeated. More recently, alarms were raised by
disclosures that the FBI conducted years of surveillance of political
opponents of the Reagan administration's Central American policy,
though they had committed no crime.
Library Awareness Program
On June 8, 1987, a clerk at Columbia University's Math/ Science
Library was approached by two FBI agents who asked for information
about "foreigners" using the library. This was, the agents said, part
of the Library Awareness Program under which the FBI tried to enlist
the assistance of librarians in monitoring the reading habits of
"suspicious" individuals, variously defined as people with Eastern
European or Russian-sounding names or accents, or coming from
countries hostile to the U.S.
It is still unclear how extensive the program is -- FBI officials
have given contradictory information -- but the American Library
Association (ALA) has verified 22 visits in various parts of the
country that appear to have had the same purpose, and, in one
statement, the FBI said the program was 25 years old. The FBI has also
requested computerized check-out records from technical and science
libraries and has asked private information providers, including Mead
Data Central and Charles E. Simon Co., to help monitor use of their
databases. Although public and university libraries do not have
classified information, the FBI has justified its interest in library
use by a version of the "information mosaic" theory: that discrete and
benign pieces of information can be put together to present a danger
to national security and therefore need to be controlled.
Monitoring library usage is illegal in 44 states and the District
of Columbia and violates an ALA policy, dating from 1970, that
prohibits the disclosure of information about patrons' reading habits.
In July 1987, the ALA wrote the FBI to inquire about the Library
Awareness Program, and the National Security Archive filed an FOIA
request asking for records about the program. The FBI responded that
it had no records under that name, and Quin Shea, who was then Special
Counsel to the Archive, says they probably didn't, since the real name
of the program is classified. The Archive filed a second FOIA request
that September, and the ALA filed its own requests in October and
In September 1988, the ALA Intellectual Freedom Committee met
with high-level representatives of the FBI. That same month, FBI
Director William Sessions wrote Rep. Don Edwards (D-CA) that the
program would be limited to technical libraries in the New York City
area, presumably where the concentration of spies is greatest, and
that cooperation of librarians would be voluntary. It was only in the
summer of 1989, after Edwards and other members of Congress had gotten
involved and the Archive had sued the FBI, that about 1200 pages of
documents were released. These showed, among other things, that some
librarians did cooperate. The Archive is again suing the FBI for the
release of more material.
ACCESS TO GOVERNMENT INFORMATION
Privacy advocates and policy makers have long emphasized the
importance of an individual's right to review information held about
him or her. But, though the federal government has been collecting
large amounts of information since the end of the last century, the
public's right to monitor that information and the government's
activities, has gained cache only fairly recently.
The Freedom of Information Act (FOIA) was passed in 1966, and
strengthened in 1974, followed in 1976 by the Sunshine Act. These laws
gave the public greater access to information about government
practices and decision making. Significantly, this swing toward
openness in government took place at the same time that technological
developments provided the government with ever greater information-
Information policy, the means by which government information is
made available, can be divided into three broad categories:
disclosure, access and dissemination. The past decade has seen
cutbacks in all three areas: for example, a 10% annual increase in
classification decisions since 1982; the elimination or privatization
of one in four government publications since 1981 under the Paperwork
Reduction Act; and foot dragging or outright hostility on Freedom of
Information requests. In addition, the computerization of government
operations has consistently been designed for bureaucratic efficiency
with little interest in increased openness or access. Electronic
Access and Freedom of Information
One major area of debate in information policy is the effect of
computerization on the FOIA. Theoretically at least, it is easier to
search and retrieve records by computer than by hand, thereby
lessening the burden on the responding agency and making them more
amenable to FOI requests. But it is also likely that the volume and
variety of requests will grow as the possibilities of information
searches become apparent.
The Act mandates that records of the executive branch of
government be available to the public on request, exempting only nine
narrowly-defined categories, and it is almost universally accepted by
now that electronic records are covered along with those on paper.
There have been legal decisions to the contrary, which have placed
privacy above disclosure concerns, but these have usually involved
requests for information to be used commercially.
However, since the FOIA was written with paper records in mind,
it left unaddressed the questions of what constitutes a record and a
reasonable search, and what format is required for making information
available. These and other disputes are currently being arbitrated by
the courts, Congress and the agencies involved. The balancing act
between access and privacy also becomes trickier with electronic
storage of information. In 1977, the Supreme Court looked at a state's
records of people who obtained prescription drugs legally and
determined that this centralized file included sufficient safeguards
to protect privacy, making it constitutional. Still, the Court found
that government collection of personal information did pose a threat
to privacy because "that central computer storage of the data thus
collected...vastly increases the potential for abuse of that
information." A similar privacy concern informed a more recent Supreme
Court decision in which the Reporters Committee for Freedom of the
Press was denied access to FBI criminal history records in
In addition to arguing against disclosure on privacy grounds, the
Justice Department has opposed requests for records analyzed and
combined by computer, maintaining that this is equivalent to creating
a new record, something the FOIA does not require an agency to do.
Independent studies, however, tend to conclude that this is more like
searching through an electronic filing cabinet and suggest that
disputes be settled by applying a standard of reasonable effort, a
term yet to be defined satisfactorily.
A third major area of dispute is the form in which the requested
information is made available. This problem arises in two different
situations: where the data exist in more than one format and a
requester has a preference, and where they do not exist in the format
requested. The first is more common and more controversial. In 1984, a
district court ruled that the government does not have to provide
information in a requested format in order to fulfill its FOIA
obligation (Dismukes v. Department of Interior, 603 F. Supp. 760 (DDC
1984)). But in Department of Justice v. Tax Analysts (492 U.S. 136
(1989)), the court determined that an agency can withhold a record
only if it falls under one of the delineated exemptions. This ruling
suggests that such a rationale would override Dismukes in a new court
In 1989, the Justice Department asked federal agencies how they
viewed their obligations under FOIA to provide electronic information.
The survey found wide variation among agencies, but a tendency against
# 76% of the respondents did not think the law required them to
create new, or modify existing, computer programs to search for
# 47% did not think they had to create new programs to separate
disclosable from classified information;
# 59% did not think the FOIA required them to comply with the
Sen. Leahy is attempting to codify these requirements through a
proposed Electronic Freedom of Information Improvement Act (S. 1939),
which will come up for a hearing this spring. This amendment to the
FOIA would require agencies to provide records in the form requested
and make a reasonable effort to provide them in electronic form, if
requested, even if they are not usually kept that way. It defines
"record" to include "...computer programs, machine readable materials
and computerized, digitized, and electronic information, regardless of
the medium by which it is stored..." "Search" is defined to include
automated examination to locate records.
While many researchers and journalists support Leahy's bill, some
public interest groups worry that, like other legislation targeting
electronic communication, this will draw unwelcome scrutiny to the
issue. Instead, they support an evolutionary process involving
education and specific appeals to agencies.
Transactional Data and the IRS
The manipulation of data in a usable format is a useful tool in
analyzing how government agencies really work. One particularly rich
vein is transactional information, data recorded by government
agencies in the course of their work. When this information is matched
with other statistics, it can be analyzed to reveal what might
otherwise be obscured about the activities of the government.
A successful practitioner of this kind of investigation is
investigative journalist David Burnham. In A Law Unto Itself: Power,
Politics and the IRS, Burnham reports that computerized files obtained
from the IRS revealed that audit rates vary widely among sections of
the country, as does the likelihood of property seizure for delinquent
taxes. He also discovered that there had been no increase in non-
compliance rates over the past 15 years, although the IRS used the
threat of increasing tax evasion as a basis for requesting new money
for enforcement. The IRS had failed to adjust for inflation or margin
of error in their calculations.
Burnham drew some of his conclusions from the work of Susan Long,
Director of the Center for Tax Studies at Syracuse University. Burnham
and Long founded the Transactional Records Access Clearinghouse (TRAC)
with the goal of forcing the release of government data not available
before. Long, who began her siege on the IRS in 1969, filed 13 FOIA
requests to that agency and frequently took it to court to force it to
open its records. She won a precedent-setting victory in Long v. IRS
(596 F. 2nd 362 (9th Cir. 1979), with a ruling that the FOIA
definition of "record" covered data on computer tapes. Her lawsuit,
concerned the Taxpayer Compliance Measurement Program (TCMP), which
measures the effectiveness of the IRS system and determines who will
be audited. Although the data produced were kept so secret that they
were withheld even from the Government Accounting Office, Long found
that the information had little effect on the IRS's audit coverage,
even when it pointed up regions or classes that were under- audited.
ENHANCING FREE EXPRESSION WITHIN THE ELECTRONIC FORUM
The dangers of assuming that because a technology is value-free
and neutral, the uses to which it is put will also be benign are well-
documented and real. But for all the new or magnified threats to
individual liberties arising from computer-assisted communication, the
electronic forum also offers the means to increase those liberties by
expanding the possibilities for talking and working together and for
building political and social alliances. Widespread and fairly
allocated computerized resources can offer: increased citizen
participation in and oversight of government affairs; assembly,
organizing and debate unrestricted by geographical distances or
boundaries; decentralized decision making; a challenge to news and
publishing monopolies; rapid international exchange of information;
and individually-tailored, focused information to combat the
information glut that interferes with communication.
Stewart Brand has said that information wants to be free, and
this may be nowhere more true than in electronic communication, which,
by its very design, abhors censorship and monopolies (though history
has proven that technology does not outsmart repression for long). It
is important that those concerned with civil liberties enter the
electronic forum with a mixture of optimism and vigilance and take
part in the debate on its future while that debate is still open.
FOR FURTHER INFORMATION:
Berman, Jerry and Janlori Goldman.
A Federal Right of Information Privacy: The Need for Reform.
Washington, DC: Benton Foundation, 1989.
Berman, Jerry. "The Right to Know: Public Access to Electronic
Public Information." Software Law Journal
Summer 1989:491-530 (reprinted by The Markle Foundation).
Burnham, David. A Law Unto Itself: Power, Politics and the IRS. NY:
Random House, 1989.
" " The Rise of the Computer State. NY: Random House, 1983.
Demac, Donna A. "The Electronic Book." American Writer Winter 1992.
Ermann, M. David et al. Computers, Ethics, & Society. NY: Oxford UP,
Index on Censorship July 1991. Section on computers and free speech.
"Is Computer Hacking a Crime? A Debate From the Electronic
Underground." Harper's March 1990:45-57.
Lacayo, Richard. "Nowhere to Hide." Time 11/11/91: 34-40.
Office of Information and Privacy. Department of Justice Report on
"Electronic Record" Issues Under the Freedom of Information Act.
Washington, DC, 1990.
Perritt, Henry H. Jr. (prepared report). Electronic Public Information
and the Public's Right to Know.
Washington, DC: Benton Foundation, 1990.
Pool, Ithiel de Sola. Technologies of Freedom. Cambridge, MA:
Harvard UP, 1983.
Proceedings of The First Conference on Computers, Freedom & Privacy.
Los Alamitos, CA: IEEE Computer
Society Press, 1991.
Reporters Committee for Freedom of the Press.
Access to Electronic Records. Washington, DC, 1990.
Rosenberg, Roni. Selected and Annotated Bibliography on
Computers and Privacy. Palo Alto: Computer
Professionals for Social Responsibility.
Scientific American. Special issue on communications, computers
and networks. Sept. 1991.
Shattuck, John and Muriel Morisey Spence. Government Information
Controls: Implications for Scholarship,
Science and Technology. Association of American Universities
occasional paper, 1988.
Westin, Alan. Privacy and Freedom. NY: Atheneum, 1967.
ACLU Project on Privacy and Technology
122 Maryland Avenue, NE
Washington, DC 20002
Computer Professionals for Social
P.O. Box 717
Palo Alto, CA 94302
general political and social issues
Electronic Frontier Foundation
155 Second Street
Cambridge, MA 02141
general political and legal issues
National Writers Union
13 Astor Place, 7th floor
New York, NY 10003
intellectual property issues
2000 P Street, Suite 700
Washington, DC 20036
Reporters Committee for Freedom of the Press
1735 Eye Street, NW, suite 504
Washington, DC 20006
access to government information
Transactional Records Access Clearinghouse
478 Newhouse II
Syracuse, NY 13244
access to government information
For more information, contact:
Gara LaMarche, (212) 972-8400 (o)
(718) 789-5808 (h)
* * *
This newsletter is a publication of the Fund for Free Expression,
which was created in 1975 to monitor and combat censorship around the
world and in the United States. It was researched and written by Nan
Levinson,a freelance writer based in Boston and the U.S. correspondent
for Index on Censorship.
The Chair of the Fund for Free Expression is Roland Algrant; Vice
Chairs, Aryeh Neier and Robert Wedgeworth; Executive Director, Gara
LaMarche; Associate, Lydia Lobenthal. The members are Alice Arlen,
Robert L. Bernstein, Tom A. Bernstein, Hortense Calisher, Geoffrey
Cowan, Dorothy Cullman, Patricia Derian, Adrian DeWind, Irene Diamond,
E.L. Doctorow, Norman Dorsen, Alan Finberg, Francis FitzGerald, Jack
Greenberg, Vartan Gregorian, S. Miller Harris, Alice H. Henkin, Pam
Hill, Joseph Hofheimer, Lawrence Hughes, Ellen Hume, Anne M. Johnson,
Mark Kaplan, Stephen Kass, William Koshland, Judith F. Krug, Jeri
Laber, Anthony Lewis, William Loverd, Wendy Luers, John Macro, III,
Michael Massing, Nancy Meiselas, Arthur Miller, The Rt. Rev. Paul
Moore, Jr., Toni Morrison, Peter Osnos, Bruce Rabb, Geoffrey Cobb
Ryan, John G. Ryden, Steven R. Shapiro, Jerome Shestack, Nadine
Strossen, Rose Styron, Hector Timerman, John Updike, Luisa Valenzuela,
Nicholas A. Veliotes, Kurt Vonnegut, Jr., Gregory Wallance and Roger
The Fund for Free Expression is a division of Human Rights Watch,
which also includes Africa Watch, Americas Watch, Asia Watch, Helsinki
Watch, Middle East Watch, and special projects on Prisoners' Rights
and Women's Rights. The Chair is Robert L. Bernstein and the Vice
Chair is Adrian W. DeWind. Aryeh Neier is Executive Director; Kenneth
Roth, Deputy Director; Holly J. Burkhalter, Washington Director; Susan
Osnos, Press Director.
Downloaded From P-80 International Information Systems 304-744-2253
The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986- AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to email@example.com.