PRIVACY Forum Digest Saturday, 6 March 1993 Volume 02 : Issue 07 Moderated by Lauren Weinstein (lauren@cv.vortex.com) Vortex Technology, Topanga, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy. CONTENTS PRIVACY Forum materials now available via Gopher (Lauren Weinstein; PRIVACY Forum Moderator) Telephone numbers vs reverse directories (A. Padgett Peterson) Blocking CallerID (Gregg A. TeHennepe) Privacy of Poilice Records (Rasch@DOCKMASTER.NCSC.MIL) Information America (Larry Seiler) Re: Information America (John Pettitt) Should the information industry be consentual? (Larry Seiler) Re: Should the information industry be consentual? (John Pettitt) Forwarding: Comments on the Clinton Technology Policy (Sarah M. Elkins) Credit Card Validation (Brinton Cooper) GPO Access - WINDO Update (James Love) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------- ------------ The PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. ALL submissions should be addressed to "privacy@cv.vortex.com" and must have RELEVANT "Subject:" lines. Submissions without appropriate and relevant "Subject:" lines may be ignored. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@cv.vortex.com". Mailing list problems should be reported to "list-maint@cv.vortex.com". All submissions included in this digest represent the views of the individual authors and all submissions will be considered to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "cv.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are also available through the Internet Gopher system via a gopher server on site "cv.vortex.com". For information regarding the availability of this digest via FAX, please send an inquiry to privacy-fax@cv.vortex.com, call (310) 455-9300, or FAX to (310) 455-2364. ----------------------------------------------------------------- ------------ VOLUME 02, ISSUE 07 Quote for the day: "Knowledge is Good." -- Emil Faber (Faber College Slogan) "National Lampoon's Animal House" (1978) ----------------------------------------------------------------- ----- Date: Sat, 6 Mar 93 19:28 PST From: lauren@cv.vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: PRIVACY Forum materials now available via Gopher Greetings. I'm pleased to announce that all PRIVACY Forum materials (including back issues and all other archival materials) are now available via the Internet Gopher system, via a gopher server here on site "cv.vortex.com". Gopher administrators should feel free to set up links to the cv.vortex.com gopher server as desired. --Lauren-- ------------------------------ Date: Sat, 20 Feb 93 09:31:28 -0500 From: padgett@tccslr.dnet.mmc.com (A. Padgett Peterson) Subject: Telephone numbers vs reverse directories >From: rogue@mica.berkeley.edu (Brett Glass) >Subject: Numbers and Addresses (Subject field supplied by MODERATOR) >Mr. Peterson might be interested in knowing that getting an >unlisted phone number, or excluding one's address from the >telephone book, in no way impedes marketers armed with a phone >number who wish to obtain your name and address. Several >commercial "matching" services now exist which use data from >magazine subscriber lists, business customer databases, and other >pools of personal data -- many of which include phone numbers. Guess the bottom lime is "never trust a single layer", in my case the second layer is a PO Box which is used for billing & commercial transactions. A final suggestion is the use of "canary traps" - creative mispellings of your name for different uses - to pinpoint what list information was garnered from. Finally a question: what happens when a marketeer gets multiple hits for the same name/number ? (different zip codes & cities even 8*). Coolish today but we Floridians know what to do when it drops into the 50s, Padgett ------------------------------ Date: Tue, 23 Feb 93 09:52:04 -0500 From: gateh@mvax.cc.conncoll.edu (Gregg A. TeHennepe) Subject: blocking CallerID CallerID is beginning to be implemented in the state of CT, and so, being a reader of this forum as well as RISKs, it was with some interest that I read the SNET's insert in my bill regarding the service. They provided little stickers with the key sequence to block on a per call basis, which I thought was handy, but what really surprised me was the policy regarding default ID blocking. Perhaps Privacy readers can let me know if this is unusual or not. The policy stated that, for a $1.00 a month fee, you could have your number blocked on all calls, *providing you completed a sworn and notorized affadavit to the effect that the CallerID feature was a threat to your personal sercurity*! I can understand charging a service fee for such a service, but to restrict access to the service in such a manner seems thoroughly unreasonable to me. If I can block on a per call basis, why should I not be able to pay to have blocking as a default? Personally I'm not all that concerned about the policy since I use the phone very little and will use the per call blocking feature when I need to (and that will probably be rarely). I am a little worried by the apparent reasoning behind the policy, tho, which seems not to be oriented in the interest of the customer. Cheers - Gregg Gregg TeHennepe | Comp & Info Services | Internet: gateh@mvax.cc.conncoll.edu Post/Hostmaster | Connecticut College | BITNET/CREN: gateh@conncoll ------------------------------ Date: Wed, 24 Feb 93 10:50 EST From: Rasch@DOCKMASTER.NCSC.MIL Subject: Privacy of Police Records I am working on a project involving issues of personal privacy and police and motor vehicle records. Specifically, a question has been raised about the legality of a private group which publishes newsletters and periodicals obtaining police reports, criminal history records, and licence plate checks from "friendly" law enforcement sources. I understand that this is a question of state law in most states. Can anyone advise where I might find a compendium of state privacy statutes which would cover the question of whether it it illegal to receive such information? ------------------------------ Date: Thu, 25 Feb 93 14:13:11 EST From: "Larry Seiler, x223-0588, MLO5-2 25-Feb-1993 1307" Subject: Information America A posting in the RISKS DIGEST 14.34 describes the "Information America" dial-in service: customers (paralegals and other investigators) dial in to obtain information about a named individual, the owner of a specified telephone number, and so forth. The database covers 111M Americans, 80M households, and 61M telephone numbers. According to the RISKS posting (derived from an article in Mondo), IA can trace people who have moved, and can provide current address/phone, lists of neighbors, and "personal profiles". I presume that the "personal profiles" are the sort of information that Lotus' Household Database CD would have provided: estimated income, buying habits, and other (sometimes speculative) data. A posting by John Pettitt in RISKS DIGEST 14.35 contains the following statement regarding IA's personal search/profile services: > As to the other services they provide, what is the problem ? We live in an > information society. If you don't want people using and tracking information, > don't give it to them (i.e., go live some place where there are no phones or > credit cards). > > [ P.S. I am CEO of a direct response marketing company so I'm biased :-) ] I find the above highly disturbing. The poster seems to imply that if I use a phone or a credit card, it gives those in the data business a right to use that data in any way they see fit. That's like saying that those who don't like peeping toms should live in houses without windows. I don't buy the argument that using a credit card gives anyone the right to sell information about what I purchased. I don't accept that applying for a loan gives a bank the right to sell data about my income. I personally don't care who knows where I live, but others do, and I believe they should have a right to privacy (if they are not charged with violating the law). I wonder how or if Mr. Pettit's own business would change if people *knew* how information about them was being used and could stop it if they didn't like it. Perhaps most people wouldn't object to his company's activities. In that case, why not support those who want data privacy? However, if a right to data privacy would impact his business, that raises other questions. Such as, why is his business more important than a right to privacy? Sincerely, Larry Seiler PS: I get about 4 unsolicited catalogs a day, plus numerous offers of loans and investments from people who apparently know more about my finances than I ever publicly disclose. So perhaps I too am biased. :-) However, for me unsolicited mail is not the problem -- the exchanging of data about me that I consider to be my property is the problem! ------------------------------ Date: Thu, 25 Feb 93 12:54:22 PST From: John Pettitt Subject: Re: Information America In reply to a posting I made to RISKS Lary Seiler writes: > I find the above highly disturbing. The poster seems to imply that if I > use a phone or a credit card, it gives those in the data business a right > to use that data in any way they see fit. That's like saying that those > who don't like peeping toms should live in houses without windows. > > I don't buy the argument that using a credit card gives anyone the right to > sell information about what I purchased. I don't accept that applying for > a loan gives a bank the right to sell data about my income. I personally > don't care who knows where I live, but others do, and I believe they should > have a right to privacy (if they are not charged with violating the law). Well maybe it's an extreme analogy but the basic issues is that it's not possible to control the flow of information. Attempts to do so limit the availablilty of information to those with money (=power). The current CLID debacle in california is a classic of this problem. (big guys have ANI on 800 numbers - small guys dont have caller ID). On the specific isue of credit card sales info. Selling that information gives citibank and amex an additional revenue stream and a protential price advantage. In a free market if you think you can charge more for a credit card that does not sell information and you can find customers then good luck to you. If you sign a loan form that says they will report to credit agencies then you have accepted the distribution of that information. If you don't like it find another bank. Now as it happens all banks report, I suspect this is due to the lack of a free market in banking. They have a duty to minimize risk which they do by sharing information. What would you like - safe savings or privacy you can't have both under the current system. As to my buisness - well if I could not sell data I would have to put up my prices for products. In general business advantage comes from having more and more accurate information that the next guy. This has been true since the pony express and or clipper ships. The faster you can respond to a market the more money you make. This is what makes the economy go round. Ristrict the flow of information and you restrict buisiness and reduce the GDP, tax base and ability to fund all the things government already has it's fingers into. What bad thing is going to happen to you if information on your spending habbits, income and phone calls is globaly available ? (and why has it not already happened since most of this IS available for a price). John (Taking an extreme view to provoke thought and question assuptions) ------------------------------ Date: Thu, 25 Feb 93 17:23:18 EST From: "Larry Seiler, x223-0588, MLO5-2 25-Feb-1993 1717" Subject: Should the information industry be consentual? Continuing the public discussion with John Pettitt... The real world is far too complex for extreme positions to be viable. I do not propose that we should shut down the information exchange business -- I propose that it should be recast on a "disclosure and consent" basis: every form that requests "personal information" would have to disclose how that information might be used, and consent would have to be solicited for any use other than by the business that collected it for purposes related to the reason it was collected. This could be very simple -- e.g. a line of fine print about how the data will be sold and a box to check to withold permission. Most people would probably allow the information to be sold -- especially if it saved them some money. At present, as John notes, nobody has a choice about it. The above paragraph refers to "personal information" without defining the term. This is deliberate, because I don't want to rathole on the details of what is personal and therefore deserving of privacy protections. I claim that SOME data is personal -- for example income. At present, only credit data has any restrictions on its exchange, and those restrictions come to very little in practice. After all, anyone with a "business need to know" and my SS# can look at my credit report, without my knowledge. Now, about the extreme view that John takes to provoke thought. Here are some extreme views of my own to spark some thought in the other direction. One of John's arguments is that business is more efficient if there is free and arbitrary flow of information. Well, an absolute dictatorship is the most efficient form of government. I don't accept efficiency as the sole grounds for judging whether a social system is good. I don't accept that an efficient system has to be non-consentual, either. Another of John's arguments is that if trying to restrict the flow of information simply limits it to those with money (=power). There are a huge variety of crimes that can be pretty freely indulged in by those with money and power -- the S&L crisis is one example. That doesn't make me think that we should give equal opportunities to all. John argues that those who don't want their credit card data revealed should use a credit card company that doesn't do that. Of course, there are none, nor are there any credit card companies that even inform their customers that they sell data. If it's so reasonable to sell the information, why don't they tell people that they do it? John argues that the banking industry has a duty to minimize risk and that's why they report. Not true! Minimizing risk requires *obtaining* information, not *selling* it. I am happy to grant my bank permission to investigate my finances -- and to grant John's company permission to provide the bank with any relevant information it may have. It is the releasing of this information WITHOUT MY CONSENT that I object to. The bank is free to deny my loan if I won't let them check up on me. And by the way, the loan form DOES NOT say that they will report my answers, it just says they'll *check* my answers. If they sell my answers, they do it without my permission and without informing me. John says that it's unfair for the big guys to have ANI on 800 number calls, when the small guys can't use caller ID. I agree -- California should cause caller ID blocking to block ANI on 800 and 900 calls, too! John says that if he could not sell data then he would have to raise the prices for his products. OK, but does he disclose to customers that he sells the data? Many people would be happy to take the lower prices, but some would not. At present, *nobody* has a choice. And finally, what bad thing is going to happen to me if information on my spending, income, and phone calls is globally available? The mind boggles. To start with, inaccurate information can cause a great deal of damage. Credit databases (for example) have been shown to have errors for as many as half of the people -- and serious errors for as many as 30%. Who knows how many errors the "personal profile" databases have? Unlike credit reports, you can't find out what they say about you, except indirectly. No, I wasn't hurt when somebody entered "Jewish" into some database somewhere and I started getting catalogs of Passover supplies and letters about voting for senators who are friends of Israel. But there are many cases of people being denied loans, being thrown off welfare roles, or losing their jobs due to errors in the databases. Funny, when a computer database contradicts something a human being says, most people consider the human guilty until convincingly proven innocent. Many won't even listen to evidence that the computer database might be wrong. But beyond that, there's something more fundamental. People peeking into my private business are like people standing on my porch and peeking in my windows. Why should I have to prove that I was hurt or might be hurt? Privacy is now considered to be a consitutionally guaranteed right (yes, I know the constitution doesn't use the word "privacy"). Why does the "information age" compel us all to give it up? Why can't people have a choice about what privacy to give up? If the economic advantages of surrendering privacy are so great, then most people will go for it. If the advantages are so clear, why is the information industry afraid to tell their customers what they are doing with personal data or to offer any choices? Enjoy, Larry PS -- No offense meant and none taken, I hope! I feel that this is an important issue and deserves vigorous discussion. Thanks for your replies. ------------------------------ Date: Thu, 25 Feb 93 15:32:59 PST From: John Pettitt Subject: Re: Should the information industry be consentual? Continuing the public discussion with Larry > > The real world is far too complex for extreme positions to be viable. Agreed. In fact I agree with much of what Larry says. I submit that he has yet to prove a case where free flow of _accurate_ information has caused a problem. Bad information is to nobodys advantage - it is worse than no information and has no commercial value. I would submit that a dictatorship is anything but efficent - competition makes things work well. I agree that information disclosure should be dragged out from under the rock. As to some sort of required request law well that is an interesting issue in itself. I would welcome a neutral law (one that did not default private) as it would allow me to pre-screen the potential customers and improve my hit rate. I do think the bedroom window analogy is rather extreme and emotive. On the ANI issue - I I am paying for a service (an 800 #) then I want to know that I am getting (I.E. where the call came from). Second if you want to break my evening by inging a bell in my house I wan't the electronic peep hole (Caller ID) to see who you are before I talk to you. These are both reasonable in a free world. Data collection and trading is going to happen no matter what - even if it moves off shore (a silly concept in the digital age). The sooner we face the reality and establish norms, conventions and taboos regarding data the better. A start would be to: 1) don't restrict the free flow of _accurate_ data 2) establish clear, enforced methods of trcking data 3) make provision for reaonable penalties for selling inaccurate data (#3 depends on getting the tort system under control - another of my pet subjects :-) The problem with all this it is completly impossible to enforce. Look at the UK "Data Protection Act" for an example of a law that is ignored by one and all and exempts the databases that can do real harm (law enforcement). If you can find a real case of harm by accurate information used lawfully and a way of enforcing privacy I would be happy to look at it. John No offence taken - I like a good argument, that why I read USENET ;-) [ I've suggested to John and Larry that they continue their discussion in private for now to encourage other readers to enter into the discussion. -- MODERATOR ] ------------------------------ Date: Mon, 1 Mar 1993 13:43:47 PST From: Sarah_M._Elkins.Wbst139@xerox.com Subject: forwarding: comments on the Clinton Technology Policy I thought these comments from the sci-tech-studies distribution might be of interest. Forwarded with permission. Regards, - Sarah (elkins.wbst139@xerox.com) ---------------------------------------------------------------- Sender: sci-tech-studies-relay@ucsd:edu:Xerox Date: 28 Feb 93 13:15:14 EST (Sunday) Subject: Clinton Technology Policy From: wpg@ethics.med.pitt To: sci-tech-studies@ucsd This is a comment on the technology policy statement announced by Clinton and Gore on 2/22/93. The policy inititiatives include the substance of the National High Performance Computer Technology Act that Gore had previously sponsored in the Senate (e.g., S. 1067 in the 101st Congress). Central to that act and the new initiative is the National Research and Education Network (NREN), a plan to increase the bandwidth of the internet and develop software for its utilization. I am concerned that the technology policy does not adequately address privacy or other concerns about the social implications of computing, including concerns raised by its proposed initiatives. In the hearings on the High Performance Computing Act, medical informatics was one of the applications envisioned for the NREN. It's also part of the Clinton technology policy. The (brief) discussion of medicine in the 2/22 statement is interesting: "This information infrastructure -- computers, computer data banks, fax machines, telephones, and video displays -- has as its lifeline a high-speed fiber-optic network capable of transmitting billions of bits of information in a second.... "The computing and networking technology that makes this possible is improving at an unprecedented rate, expanding both our imaginations for its use and its effectiveness. Through these technologies, a doctor who needs a second opinion could transmit a patient's entire medical record -- x-rays and ultrasound scans included -- to a colleague thousands of miles away, in less time than it takes to send a fax today." Well, imagine that ("Hey Sue, lookit chromosome 17 on this guy from the Farber! 20 bucks at 7 / 5 sez he's malignant in 5 years. Bet he hopes his insurer never sees this, har har."). Without having any expertise here, I find it plausible that network consults using computerized medical records would have many benefits for patients. But it's also clear that implementing a network-mediated record system that provided secure confidentiality would be a challenging engineering task. I mean social as well as computer engineering, it's the communication among people that is problematic here. I find much to like in the technology policy. Unfortunately, I see little evidence that privacy has been a priority in the current policy or the former High Performance Computing Act. I would appreciate hearing from others whether the policy adequately covers other aspects of socially responsible computing. The technology policy ought to include a statement of ethics concerning computerized information. I also believe that the NREN should follow the example of the NIH's Human Genome Project, which devotes 5% of its research budget to a program for studies of the Ethical, Legal, and Social Implications of human genetic research. -- [][][][][][][][][][][][] William Gardner [][][][][][][][][][][][][][][] [] /_ o / / Psychiatry Dept, School of Medicine 412-681-1102 [] [] /__) / / / University of Pittsburgh wpg@ethics.med.pitt.edu [] [][][][][][][][][][] Pittsburgh, PA 15213 [][][] FAX:412-624-0901 [][] ------------------------------ Date: Fri, 5 Mar 93 0:18:28 EST From: Brinton Cooper Subject: Credit Card Validation We've all heard horror stories about how one person fraudulently accessed another's credit card account (or utility account or phone account, etc) and, with malice, altered or canceled service or otherwise, posing as the customer, caused some change in the status of the account. Now, Citibank is asking (US Government employee) users of it's Diner's club cards to supply them with validation info. When activating a new (e.g., personal) account, changing address, or otherwise enquiring about one's file, the caller may be asked to supply such information in order to assure the credit company of the caller's legitimate identity. Information requested is: Name Acccount # Address Date of Birth Social Security Number (you were surprised, maybe?) Mother's Maiden Name (My hospital asks for this one, too.) Business and home phones Other Diner's accounts to which this info applies. Finally, you are asked if you would like "...to designate another person to manage your account..." On the one hand, this has the potential to expose what little privacy we have left. On the other hand, one can argue that it protects us from malicious persons. I don't yet know whether I shall comply. _Brint ------------------------------ Date: Wed, 3 Mar 1993 14:26:58 EDT From: LOVE%TEMPLEVM.BITNET@pucc.Princeton.EDU Subject: GPO ACCESS - WINDO UPDATE ----------------------------Original message---------------------------- Taxpayer Assets Project Information Policy Note February 28, 1993 UPDATE ON WINDO/GATEWAY LEGISLATION From: James Love Re: GPO Access (Proposed legislation to replace GPO WINDO/Gateway bills) Note: the WINDO/GATEWAY bills from last Congress (HR 2772; S. 2813) would have provided one-stop-shopping online access to federal databases and information systems through the Government Printing Office (GPO), priced at the incremental cost of dissemination for use in homes and offices, and free to 1,400 federal depository libraries). Both the House and Senate are soon expected to introduce legislation that would replace the GPO WINDO/GATEWAY bills that were considered in the last Congress. According to Congressional staff members, the bill will be called "GPO Access." The new name (which may change again) was only one of many substantive and symbolic changes to the legislation. Since the bill is still undergoing revisions, may be possible (in the next day or so) to provide comments to members of Congress before the legislation is introduced. The most important changes to the legislation concern the scope and ambition of the program. While we had expected Congressional democrats to ask for an even broader public access bill than were represented by the WINDO (hr 2772) and Gateway (S. 2813) bills, the opposite has happened. Despite the fact that the legislation is no longer facing the threat of a Bush veto or an end of session filibuster (which killed the bills last year), key supporters have decided to opt for a decidedly scaled down bill, based upon last year's HR 5983, which was largely written by the House republican minority (with considerable input from the commercial data vendors, through the Information Industry Association (IIA)). The politics of the bill are complex and surprising. The decision to go with the scaled down version of the bill was cemented early this year when representatives of the Washington Office of the American Library Association (including ALA lobbyist Tom Sussman) meet with Senator Ford and Representative Rose's staff to express their support for a strategy based upon last year's HR 5983, the republican minority's version of the bill that passed the House (but died in the Senate) at the end of last year's session. ALA's actions, which were taken without consultation with other citizen groups supporting the WINDO/GATEWAY legislation, immediately set a low standard for the scope of this year's bill. We were totally surprised by ALA's actions, as were many other groups, since ALA had been a vigorous and effective proponent of the original WINDO/GATEWAY bills. ALA representatives are privately telling people that while they still hope for broader access legislation, they are backing the "compromise bill," which was publicly backed (but privately opposed) last year by IIA, as necessary, to avoid a more lengthy fight over the legislation. If the negotiations with the House and Senate republicans hold up, the new bill will be backed by ranking Republicans on the Senate Rules and House Administration Committees, and passed by Congress on fast track consent calendars. We only obtained a draft of the legislation last week, and it is still a "work in progress." All changes must be approved by key Republican members of Senate Rules and House Administration. Gone from the WINDO/GATEWAY versions of the bill were any funding (S. 2813 would have provided $13 million over two years) to implement the legislation, and any findings which set out the Congressional intent regarding the need to provide citizens with broad access to most federal information systems. Also missing are any references to making the online system available through the Internet or the NREN. WHAT THE GPO ACCESS BILL WILL DO (subject to further changes) 1. Require the Government Printing Office (GPO) to provide public online access to: - the Federal Register - the Congressional Record - an electronic directory of Federal public information stored electronically, - other appropriate publications distributed by the Superintendent of Documents, and - information under the control of other federal departments or agencies, when requested by the department or agency. 2. Most users will pay user fees equal to the "incremental cost of dissemination of the information." This is a very important feature that was included in the WINDO/GATEWAY legislation. At present many federal agencies, including the National Technical Information Services (NTIS), make profits on electronic information products and services. Given the current federal government fiscal crisis, this strong limit on online prices is very welcome. 3. The 1,400 member federal Depository Library Program will have free access to the system, just as they presently have free access to thousands of federal publications in paper and microfiche formats. Issues to be resolved later are who will pay for Depository Library Program telecommunications costs, and whether or not GPO will use the online system to replace information products now provided in paper or microfiche formats. WHAT THE GPO ACCESS BILL DOESN'T DO - Provide any start-up or operational funding - Require GPO to provide online access through the Internet - The Gateway/WINDO bills would have given GPO broad authority to publish federal information online, but the new bill would restrict such authority to documents published by the Superintendent of Documents (A small subset of federal information stored electronically), or situations where the agency itself asked GPO to disseminate information stored in electronic formats. This change gives agencies more discretion in deciding whether or not to allow GPO to provide online access to their databases, including those cases where agencies want to maintain control over databases for financial reasons (to make profits). - Language that would have explicitly allowed GPO to reimburse agencies for their costs in providing public access was eliminated in the new bill. This is a potentially important issue, since many federal agencies will not work with GPO to provide public access to their own information systems, unless they are reimbursed for costs that they incur. - S. 2813 and HR 2772 would have required GPO to publish an annual report on the operation of the Gateway/WINDO and accept and consider *annual* comments from users on a wide range of issues. The new bill only makes a general requirement that GPO "consult" with users and data vendors. The annual notice requirement that was eliminated was designed to give citizens more say in how the service evolves, by creating a dynamic public record of citizen views on topics such as the product line, prices, standards and the quality of the service. Given the poor record of many federal agencies in dealing with rapidly changing technologies and addressing user concerns, this is an important omission. - The WINDO/GATEWAY bills would have required GPO to address standards issues, in order to simplify public access. The new bill doesn't raise the issue of standards. OTHER POLITICAL CONSIDERATIONS Supporters of a quick passage of the scaled down GPO Access legislation are concerned about a number of budget, turf and organizational issues. Examples are: - Congress is considering the elimination of the Joint Committee on Printing, which now has oversight of GPO. - There are proposals to break-up GPO or to transfer the entire agency to the Executive Branch, which would slow down action on the online program, and may reduce the federal support for the Federal Depository Library Program, or lead to a different (and higher) pricing policy. - The National Technical Information Service (NTIS) opposes an important role by GPO in the delivery of online services, since NTIS wants to provide these services at unconstrained prices. It does not appear as though the Clinton/Gore Administration has had much input on the GPO Access legislation, which is surprising since Vice President Gore was the prime sponsor of the GPO Gateway to Government (S. 2813) bill last year. (Michael Nelson will reportedly be moving from the Senate Commerce Committee to the White House to be working on these and related information policy issues.) Even the scaled down GPO Access bill will face opposition. According to House republicans, despite IIA's low key public pronouncements, the vendor trade group "hates" the bill. Opposition from NTIS is also anticipated. TAXPAYER ASSETS PROJECT VIEW We were baffled and disappointed the decision of ALA and Congress to proceed with a scaled down version of last year's bills. We had hoped that the election of the Clinton/Gore administration and the growing grass roots awareness of public access issues would lead to a stronger, rather than a weaker, bill. In our view, public expectations are rapidly rising, and the burden is now on Congress and the Administration to break with the past and take public access seriously. The GPO Access legislation provides incremental benefits over the status quo, but less than might seem. - The statutory mandate to provide online services is useful, but public access proponents have always argued that GPO already has the authority to create the WINDO/GATEWAY under the current statutes. In fact, GPO now offers hundreds of CD-ROM titles and the online GPO Federal Bulletin Board, a service that could (and should) be greatly expanded. - The three products that the GPO Access bill refers to are already online or under development GPO. GPO is now working on the development of a locator system and an online version of the Federal Register, and the Congressional Record is already online in the Congressional LEGIS system -- a system that is presently closed to the public, and which is not mentioned in the GPO Access bill. - The "incremental cost of dissemination" provision of the new bill is welcome, but GPO is already limited to prices that are 150 percent of dissemination costs. Several suggestions to strengthen last year's bills were ignored. Among them: - Expand the initial core products to include other online information systems that are already under the control of congress, such as the Federal Elections Commission (FEC) online database of campaign contributions, the House LEGIS system which provides online access to the full text of all bills before Congress, or the Library of Congress Scorpio system. - Create a special office of electronic dissemination in GPO. At present, GPO's electronic products and services are managed by Judy Russell, who is capable, but who is also responsible for managing the primarily paper and microfiche based federal Depository Library Program, a time consuming and complicated job. We believe that GPO's electronic dissemination program is important enough to warrant its own director, whose career would depend upon the success of the electronic dissemination program. The GPO Access bills will be considered by the following Congressional Committees: Senate Committee on Rules and Administration 202/224-6352 Chair, Senator Wendell Ford Ranking Minority, Senator Ted Stevens House Committee on House Administration 202/225-225-2061 Chair, Representative Charlie Rose Ranking Minority, Representative Bill Thomas ================================================================= James Love v. 215/658-0880 Taxpayer Assets Project f. 215/649-4066 12 Church Road internet love@essential.org Ardmore, PA 19003 ================================================================= ------------------------------ End of PRIVACY Forum Digest 02.07 ************************