PRIVACY Forum Digest Wednesday, 27 October 1993 Volume 02 : Issue 33 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy. CONTENTS PRIVACY Brief (Lauren Weinstein; PRIVACY Forum Moderator) Re: "Digital Detective" (David Dyer-Bennet) CPSR Alert 2.03 [Extract re: Medical Privacy -- MODERATOR] (Dave Banisar) Politics is private property in the panopticon society (Jeffrey S. Sorensen) Re: Personal Privacy vs. the "Digital Detective"? (Paul Robinson) ALAWON Vol. 2, No. 47 [OMB PLANS TO CONSOLIDATE POWER OVER FEDERAL INFORMATION -- MODERATOR] (ALA Washington Office) CPSR Crypto Resolution (Dave Banisar) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. ALL submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All submissions included in this digest represent the views of the individual authors and all submissions will be considered to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are also available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". For information regarding the availability of this digest via FAX, please send an inquiry to privacy-fax@vortex.com, call (818) 225-2800, or FAX to (818) 225-7203. ----------------------------------------------------------------------------- VOLUME 02, ISSUE 33 Quote for the day: "You are in a maze of twisty little passages, all alike." -- From the original "ADVENTURE" computer game, initially written in FORTRAN, and ported to virtually all computer architectures and operating systems. Original version by Will Crowther, most "current" (circa the late 70's) features by Don Woods. XYZZY! ---------------------------------------------------------------------- Privacy Brief (from the Moderator) --- A California jury has recently convicted a man of murder, some 30 years after the event, based solely on a computer fingerprint match. The prints lifted at the scene of the murder were fed through the new California fingerprint computer, which identifed the man, who was 18 at the time of the crime. He has steadfastly denied any knowledge of the murder, and claims to have been in military training at the time of the event. Apparently over the span of years most of the persons who could potentially testify at the trial can no longer be located or have died, and records involving the period are very sparse. The jury took only a few hours to convict, and jury members said later that in the absence of other evidence, they had to convict solely on the basis of the fingerprint match, regardless of the man's claims. He plans to appeal. Question: Is the use of computer technology to provide such a "match," long after most other evidence has been lost or is no longer available, a positive or negative development? ------------------------------ Date: Mon, 11 Oct 93 11:31:28 CDT From: ddb@anubis.network.com (David Dyer-Bennet) Subject: Re: "Digital Detective" [Subject field chosen by MODERATOR] lauren@vortex.com (Lauren Weinstein) said: > There is certainly a philosophical underpinning to all of this. By > analogy, Pat's view that everyone should have access to all the information > available on everybody seems similar to the view that the way to solve the > violent crime problem is to make sure that everyone in the country is > carrying a gun at all times and is provided with plenty of ammunition. > While some will no doubt agree with both of these concepts, hopefully many > of us do not. I strongly support the principle that there should be few or no individuals or organizations with privileged access to information (other than information they collect themselves). The information easily available to large corporations should be available to small coroporations and individuals. I support this on the basis of fairness, and also because the broad availability of the information will make it more likely that people will _know_ what information is available. Public policy on information is not likely to become sensible until people encounter the effects in their personal lives. Note that this does _not_ mean that I support the availability of much of the information that is in fact available. Since _you_ raised the always-controversial gun issue: there is a technical term for countries where there's always a policeman there when you need him. They are called "police states." It's clearly established in law and practice that the police have no legal duty or obligation to protect any particular individual (you can't sue if they take 30 minutes to show up, or drive past while you're being assaulted and don't do anything, or whatever). Protecting yourself is your right and duty. As is nearly always the case with a major political conflict, repression is not the answer. > It should now be crystal clear that the privacy situation in this country > is in shambles. You can't just sit there, read this, and then file it off > and forget it. Sooner or later, and most likely sooner, *you* are going to > be affected. I'm not sure I can't. The thing that I'm _sure_ I'm worried about is the lack of quality control in databases, and the lack of recourse against incorrect data in them. I might well be able to live with broad availability of information. Living in a goldfish bowl would be a tremendous and fundamental change in society, and I'm sure the transition would be exciting, but I'm not sure the result would be bad. Yes, my wife could easily find out where I really spend my time when I claim I'm working late, and my employer could discover which bars I hang out in (possibly deducing a non-mainstream lifestyle, say). But if everybody were out of the closet about what they _really_ did, there'd be a lot less hypocrisy around. Societal standards would have to change when it became apparent that Ward and June Cleaver don't live here any more. What's important is that the goldfish bowl be transparent _all over_, not just in front of the eyes of big corporations. It might be tolerable to live in a real goldfish bowl society; it would _not_ be tolerable to live in a society where your present and potential future employers could see everything about you, while preserving their own secrecy. (Yes, I'm ambivalent at best about living in the goldfish bowl. I'm sure the transition would be traumatic for nearly everybody, including Ward and June Cleaver. But it's not the end of the world _if it applies to everybody_.) -- David Dyer-Bennet Network Systems Corporation ddb@network.com Brooklyn Park, MN (612) 424-4888 x3333 ddb@tdkt.kksys.com My postings represent at most my own opinions. ------------------------------ Date: Mon, 11 Oct 1993 23:23:38 EST From: Dave Banisar Subject: CPSR Alert 2.03 [Extract re: Medical Privacy -- MODERATOR] [ I have extracted the following item from CPSR Alert 2.03 -- MODERATOR ] [3] Health Care Reform and Privacy The recently released President's Health Security Plan includes important new provisions on privacy protection. The plan recommends new federal legislation based on a Code of Fair Information Practices. Currently, there is no federal protection for medical records. The new proposal also includes a provision for a national medical identity card, which is described in the plan as "like ATM cards, the health security card allows access to information about health coverage through an integrated national network. The card itself contains a minimal amount of information." President Clinton was asked about the privacy implications of the medical security card at a town hall meeting in Sacramento, CA on October 4. He replied that the card will be used to ensure that in an emergency that a person could be identified and that it "will have the same sort of protections that a Social Security card would..." He recalled opposition to the past attempts to expand the use of the SSN and noted that the card was only "for the purposes of establishing that you belong to the health care system." Another important aspect of the proposal is the identifying number. The proposal calls for the establishment of "a system of universal identifiers for the health care system." The proposal notes that "The unique identifier may be the Social Security Number or a newly created number limited to the health care system...In either case, the national privacy policy explicitly forbids the linking of health care and other information through the identification number." This will be determined by the National Health Board. In April 1992 CPSR sent a letter to Hillary Clinton with the endorsement of over two dozen privacy and computer experts requesting that the SSN not be used as the identifier. The letter cited privacy, security, and fraud problems and pointed out that other countries, such as Canada, have created limited purpose identifiers for medical record information. Other Privacy Provisions o The creation of mechanisms for effective enforcement including significant penalties. o Establishing a privacy framework based on the Code of Fair Information Practices including a right to know about and approve the uses of the data, assurance of no secret data systems, right to review and correct data, assurances that the data is only collected for legitimate purposes. o Issue effective security standards and guidance for health care information o Establishing as Data Protection and Security Panel to set privacy and security standards and monitor implementation of the standards, sponsor of conduct research, studies and investigations, and developing of fair consent forms. The relevant privacy provisions of the health care plan are available at the CPSR Internet Library /medical_privacy/ clinton_health_reform_plan.txt. A copy of the letter sent to Hillary Clinton is also available as hillary_letter.txt ------------------------------ Date: Mon, 11 Oct 93 10:38:53 -0400 From: sorenjs@pb.com (Jeffrey S. Sorensen) Subject: politics is private property in the panopticon society [ This item is extracted from RISKS Forum Digest V15#11. -- MODERATOR ] The _New Haven Register_ had an AP story about the probe into the industrial spying performed by a group of cable system operators. This spying included surveilance, tracking down license plates and investigating long-distance call records. According to the cable companies all of this was done using publicly obtainable information. The money involved in the deals between cable and television has driven the cable companies to use such tactics because they are afraid that regulators are fraternizing with telephone company executives. I can almost see William Gibson's vision of the future unfolding before my eyes. I also see democracy being ground between the gears of industry and government. (Perhaps I should also mention the three part series of articles in _In These Times_ on the new pseudo-grass roots lobbying firms that sell the line "How many angry constituents do you want calling your legislators each day? Name your price.") According to the article, a company called _Scanners_ out of Denver will "fax a list of toll calls made by anyone, anywhere, for up to $125." (No doubt the company takes their name from the movie about people who make your blood boil and your veins pop out on your head.) It seems that while the content of calls is private and cannot be monitored without a court order, the billing information is not protected. The larger problem is that our law currently only provides us with a modicum of protection when we have a "reasonable expectation of privacy." At the same time, it is becoming increasingly clear that no reasonable person can ever expect to have any privacy. I wish that someone in the news media would get our legislators to WAKE UP by publishing a complete list of the legislators' calls. It worked in the Bork/Video-tape rental records case (or at the very least, a law addressing this was put on the books; I'm not sure it's enforced.) Jeffrey Sorensen sorenjs@pb.com ------------------------------ Date: Wed, 13 Oct 1993 11:31:12 -0400 (EDT) From: Paul Robinson Subject: Re: Personal Privacy vs. the "Digital Detective"? ----- For the benefit of other readers, comments from Lauren Weinstein (Lauren@vortex.com> are prefixed with "> ", comments from Patrick Townson are prefixed with ">> ": > A few days ago, in my capacity as PRIVACY Forum moderator, I received > an e-mail submission from Patrick Townson, politely asking if I would > consider publishing it in the digest. (Pat is moderator of the > TELECOM digest; we have various communications regarding digest > matters from time to time.) > > The submission was essentially an ad promoting a new service he is > offering. I informed him that my policy is not to run ads, though > particular products and services may be mentioned in the context > of informational or discussion messages submitted to the Forum. >> I wish to announce my recent aquisition of some databases which are >> primarily used by skip-tracing, investigative and government agencies >> to locate people, any assets they may have, and other pertinent and >> personal details of their lives. >> >> These databases are being made available to anyone who wishes to have >> access to them. The charges are simply being passed along, 'at cost' >> based on what I am paying. Seems a little higher than 'at cost'. I don't particularly care one way or another whether Pat makes money off this service or not (and if it's valuable, he should.) >> You provide an SSN. I will advise you of all the names which have >> been used with this SSN Let's see: drivers licenses, voting records, and possibly matches from credit reports. (I think that while giving out the information in a credit report requires permission, it may not be prohibited for a credit reporting company to use collected information to add to or correct other infomrmation files, e.g. putting SSAN into name collections. If it is not permitted, then this isn't one source for the base data.) If I sat down, I could probably think of a few more places to get this from. Oh yes, the Selective Service Registration requires filing by the Selective Service with every County Clerk of each male in that county who is registered. When I was visiting the Los Angeles County Courthous to renew my ficticious name registration, the list for that week or month was posted for anyone to look at. I don't remember if the list included the Social Security number or not. You now have to - courtesy of the Internal Revenue Service - have to file a notice with your social security number when you buy or sell a house. A former Commissioner of Social Security - Dorcas Hardy - had considered sharing their SSA database with some credit reporting companies. There was a rather serious opposition to this, and it was dropped, fortunately. >> You provide a name. Any name okay, but very common names will >> render a useless list. Middle initials and last known address is >> requested if possible. You'll receive a listing of every person who >> has that name, along with other data:... >> It can be searched by telephone number only: You provide the phone >> number, I will respond with the person's profile and neighbor listing. Two points - I remember this; some company in Florida or Texas or somewhere is providing this computerized service, and they get reports from courthouses and search firms around the country who supply them with local information. Also, R.L. Polk & Company does - or did - operate a city directory service where they published cross-index directories; I remember doing a lookup in a Polk guide more than 20 years ago. Look up a street and it will tell you the name of everyone there that they could find either by canvassing the neighborhood and asking people, or leaving post cards asking for a call back (cards were marked 'urgent') or reading the directory sign in apartment buildings if there was one. In one famous copyright case, a company was doing this, then using the phone book to verify the accuracy of their information. The courts ruled that while the information in a telephone book was protected (not the case now) it is not infringement to use one to verify an independently collected batch of information. And Polk even printed a number to call in their St. Louis office to specifically ask NOT to be listed. You had to give them your information in order to identify which listing not to be printed; it sounds strange, but it makes sense: unless they know which item not to print, they can't remove it. Lotus was planning to offer a similar service on CD ROM, until public complaints forced them to drop it (thousands of people asked not to be included. Technically, since the information is collected from public sources, Lotus didn't HAVE to remove the information.) I believe also Compuserve is now running a similar service for people searches. Here's another one: MIT runs a newsgroup scanner, either on 'Pit-Manager' or 'RTFM' or some place. (Or I may be wrong and it's some other school.) If anyone on Internet posts a message on any newsgroup (or I suppose, on any list that it receives) it captures the name and E-Mail address. So you can query that database for people's names or E-Mail addresses, and it even tells you the date that the particular name was seen. I don't know how often the cache is flushed, but it's one place to find recent E-Mail addresses. In one case I queried it for my account and it gave me a list of all the identifiers I had used. The Whois database used to do this for anyone who requested registration; now, you have to have a reason to be there, like contact point for a network or a domain. (I'm still there; if anyone does a 'WHOIS TDARCOS' they will get my name and address because I hold an Internet Class C Address block.) >> Consumer Credit reports availale from one bureau, $60 I once called one of the local offices of a national credit bureau. I pretended to be an employer, and asked them, if I was just interested in getting an occastional listing because I am checking perhaps 5 or 6 people a year as potential employees, and not doing enough business to justify a $15 a month subscription, was it possible for me to obtain reports even though I am not a subscriber. 'Certainly'. I have to send in a written statement indicateing (1) that I have a legally authorized reason to obtain the information, and (2) what that reason is, e.g. type of request, employment, credit, etc. (They send out a packet of information along with their forms to apply for srvice and the request for a non-subscrber pull.) The subscriber rate for pulls in commercial requests is $8 apiece, and the non-subscriber rate was $15. Employer requests are slightly higher because different information had to be requested. I used to work for a real-estate office that rented out property. The owner would routinely obtain credit reports - and reports of people who had been evicted, sued for unpaid rent, etc. - from a clearinghouse that handled information for that purpose; all they had to do was to collect the reports from the 50 or so courthouse in Southern California where evictions were filed. Also, if you were sending someone the preliminary 5-day ("Notice to Pay Rent or Quit"), you could report this to them. I think only the credit reports needed proof of a legitimate business reason. All the other stuff is out there if you want to dig for it. >> Information should be available to everyone, not just the lawyers >> and bankers and government agencies. I'll provide information to >> anyone, at anytime from the categories above. Hope to hear from >> you soon with your requests. All Pat is doing is making available to the general public, something that only the 'big boys' have had access to. This seems to sound like the exact same argument that erupted when Caller-ID became available to anyone, even though ANI has been available on 1-800 number calls for many years. Pay minimum and you get an ANI list at the time you get your bill. Pau more and you get it in real-time while the call is coming in. >> Regards criminal histories for example, if someone does not like the >> information being given out, then their real beef is with the concept >> of free, open to the public trials in the USA. In every courthouse in >> America, anyone is free to walk in, sit down and observe a trial going >> on. We do not have secret trials in the USA. Except for Juvenile Court where ther trials *are* secret. The public is not allowed to visit those trials, and the records on those are sealed. Ostensibly this is to "protect" the juvenile that is arrested. (Note that appeals, however, are NOT sealed because appeals make the court reporter cases, they do, however, only print the first name and first letter of the last name where a juvenile is a party in a case, which is why the famous "Born Innocent" case (Girl sues NBC over someone getting the idea of using a houshould object to commit rape from that movie), was known as "Oivia N. v. National Broadcasting Company". Otherwise this is correct; all court cases are open to the public. Sometimes the judges would prefer to railroad people in secret, as they sometimes ask why you are watching a case (I was asked by a judge once, I'm not sure whether it was because he was wondering if I was one of the litigants in a case or if he wanted to know why I was there. So I said that I was just there to watch.) > But here's the *real* issue. If we assume that Pat is right in his > statements that all of the information to which he has access is > legally distributable, it goes far to pointing out what an utter > disgrace the state of privacy and privacy laws in this country > have become. I don't know where 'have become' came from. Until recently - which means the last 20 years or less - communicating long distance was expensive and keeping records required huge manual files on paper. Now we have cheap national communications and computers can store information for about 1/5c per page (figuring 1 megabyte of disk at $1 and 1 page at 2048 characters). But the fact is that courthouse records have been open to the public for more than 200 years. It's only with the cheap transmission and storage capability that the issue of privacy has surfaced, since now, records tend to be cheap to keep around for long periods of time. > There is certainly a philosophical underpinning to all of this. By > analogy, Pat's view that everyone should have access to all the > information available on everybody seems similar to the view that the > way to solve the violent crime problem is to make sure that everyone in > the country is carrying a gun at all times and is provided with plenty > of ammunition. While some will no doubt agree with both of these > concepts, hopefully many of us do not. Funny you should say that. The places with the most restrictive gun laws, Washington and New York, have the worst gun homicide rates. Ones with controls but not as severe - Chicago, Los Angeles - are almost as bad. In Phoenix it is legal to wear a gun in public - wich almost nobody does - and thethe number of homiceds there are much less. (There are probably other causes such as the goverment telling people in the slums that they are vicitms and it's okay to feel that government is their only hope, and since the government doesn't really plan to put people in prison, it's okay to commit any crime since you probably won't do time.) In Switzerland by law every male is required to keep in their house, loaded, a FULLY AUTOMATIC machine gun which the government gives them. Gun homicides are rare there. > It should now be crystal clear that the privacy situation in this > country is in shambles. You can't just sit there, read this, and > then file it off and forget it. Sooner or later, and most likely > sooner, *you* are going to be affected. > > And just exactly what, my friends, are we going to do about it? Short of declaring a civil war and pulling another Magna Charta, I doubt there is much that can be done. But there is a wider issue: access to credit, to money, and other valuable things requires that those who offer access have reasonable assurances they will be repaid. Credit databses got started because people didn't always pay their bills or sometimes moved from town to town to escape judgements. The credit reporting laws came into effect because the people running the reporting agencies were not careful in how they handled the information they got. A future employer may have reason to want to know if a person who handles money is running large debts and not paying bills; this may indicate that they are a possible risk. A company that issues a mortgage wants to be certain it will be repaid; a person renting out a house or apartment wants to be certain their rents will be paid on time. Without access to the information, people may have to charge more. And in some places, getting people to take a check is almost impossible because getting information suitable for skip tracing if the person doesn't pay is restricted. Where there are restrictions in the access to data, the honest suffer when guilty people cannot be located. One man in California mentioned that even with a court judgement, because of fears of misuse, he can't get access to someone's address from their drivers' license, even though a private investigator or insurance company representative can. --- Paul Robinson - TDARCOS@MCIMAIL.COM ------------------------------ Date: Fri, 22 Oct 1993 17:05:12 -0400 From: ALA Washington Office Subject: ALAWON Vol. 2, No. 47 [OMB PLANS TO CONSOLIDATE POWER OVER FEDERAL INFORMATION -- MODERATOR ] ALAWON ALA Washington Office Newsline An electronic publication of the American Library Association Washington Office Volume 2, Number 47 October 22, 1993 In this issue: (310 lines) OMB PLANS TO CONSOLIDATE POWER OVER FEDERAL INFORMATION *************************************************************************** OMB PLANS TO CONSOLIDATE POWER OVER FEDERAL INFORMATION The Office of Management and Budget is planning to open a new front in the century-old battle between Congress and the Executive Branch over who controls the production and dissemination of government information. The ALA Washington Office has obtained a portion of the draft legislation that OMB plans to include in the "October package" that contains the Administration's National Performance Review recommendations. The Administration hopes that Congress will pass this package by the time it adjourns close to Thanksgiving. This proposed legislation repeals the statutory authority of the Joint Committee on Printing to "use any measures it considers necessary to remedy neglect, delay, duplication, or waste in the public printing and binding and the distribution of Government publications" (44 U.S.C. 103). JCP is the Committee that has worked with the library and public interest communities for over 150 years to enact a series of laws, starting with the 1895 Printing Act and continuing with the GPO Access Act (PL 103-40), to protect the public's access to government information. JCP stood up to OMB during previous Administrations and insisted that government information continue to be distributed without charge to the public through depository libraries. The Government Printing Office, overseen by the JCP, would be dismantled and much of its responsibilities and functions shifted to OMB, the General Services Administration and individual federal agencies. Each agency would procure its own printing and be responsible for dissemination. There is no enforcement mechanism included to make agencies provide their information to the depository program, since 44 U.S.C. 1701 (GPO's authority to disseminate) is eliminated. This bill also includes transfer of the printing of the _Federal Register_ to the executive branch and knocks the Public Printer off the Administrative Committee of the _Federal Register_. It is quite likely that the _Federal Register_, and many other Executive Branch publications, would no longer be sold through GPO. The text of the draft OMB bill follows: Description of the Draft Bill, the "Government Information Dissemination and Printing Improvement Act of 1993" The National Performance Review recognized that public access to federal information should be enhanced. It also recommended improving the printing practices of Executive agencies. To accomplish these goals, the proposed legislation would: * incorporate the information dissemination policies contained in revised OMB Circular A-130, particular [sic] as they relate to expanding electronic information dissemination. * reaffirm the role of the depository library program. * promote the establishment of a Government Information Locator Service which is being designed, under the auspices of the Administration's Information Infrastructure Task Force, to enhance the ability of the public to identify and acquire government information dissemination products. * remove Executive branch printing from the GPO monopoly over a two-year transition period following enactment. * (During a two year transition period, GPO would remain the mandatory source for Executive branch printing as defined by the GSA regulations. However, during this period Executive agencies would be authorized to procure printing jobs up to $2500 through open bidding.) * give GSA responsibility for promulgating printing policy. * ensure that agency procurements of printing services are conducted in accordance with the Federal Acquisition Regulation using full and open competition to acquire the best value products and services. * permit GPO to compete for agency printing business on an equal basis. DRAFT BILL To further the goals of the National Performance Review to improve the dissemination and printing of government information. Section 1. Short Title. This Act may be cited as the "Government Information Dissemination and Printing Improvement Act of 1993". Section 2. Authority and Functions of the Director of the Office of Management and Budget The Director of the Office of Management and Budget (the Director) shall develop policies and practices for agency dissemination and sharing of public information to ensure that agencies-- (a) make information dissemination products available on timely, equitable and cost effective terms; (b) encourage a diversity of public and private information dissemination products; (c) avoid establishing, or permitting others to establish, exclusive, restricted, or other distribution arrangements that interfere with the availability of information dissemination products on a timely and equitable basis; and, (d) set user charges for information dissemination products no higher than sufficient to recover the cost of dissemination, except where required by statute or specifically authorized by the Director. Section 3. Authority and Functions of the Administrator for General Services (a) The Administrator of General Services shall provide overall policy direction for the acquisition of printing by executive agencies, and may promulgate government-wide regulations as appropriate. The authority conferred upon the Administrator by this section shall be exercised subject to direction by the President and to fiscal and policy control exercised by the Office of Management and Budget. Authority so conferred upon the Administrator shall not be construed so as to impair or interfere with the determination by agencies of their individual printing requirements. (b) To the extent practicable and appropriate, the policies promulgated by the Administrator for the acquisition of printing by executive branch agencies shall be consistent with the principles contained in the Federal Acquisition Regulation, promulgated pursuant to 41 U.S.C. 405a. (c) The policies promulgated by the Administrator pursuant to this section shall -- (1) ensure that the Government Printing Office has the opportunity to compete on an equal basis for agency printing acquisitions; and (2) reaffirm agency responsibilities to cooperate with the Superintendent of Documents with regard to the distribution of government publications to the depository libraries, as required by Chapter 19, title 44 United States Code. Section 4. Federal agency responsibilities. The head of each agency shall -- (a) promote public access to public information by establishing and maintaining systems for dissemination of information that -- (1) ensure that the public has timely and equitable access to the agency's public information and that the agency disseminates public information in an efficient, cost effective, and economical manner; (2) plan and budget for information dissemination at the time information is created or collected, and at other appropriate steps during the information life cycle; and, (3) establish and maintain a comprehensive inventory of significant public information holdings in accordance with guidance issued by the Director under Section 5 of this Act. (b) When providing for the dissemination and sharing of significant public information -- (1) to the greatest extent practicable, disseminate in usable electronic formats (in whole and in part, and along with such available software in which the government may have license rights, indices, and documentation) public information maintained in electronic formats; and (2) before taking any action to initiate, terminate, or significantly modify the dissemination of public information-- (A) solicit and consider public comments on the proposed action; and (B) provide notice to the Superintendent of Documents and otherwise comply with the requirements of section 1710, title 44 United States Code. (c) In determining how to fulfill its public information dissemination functions, consider-- (1) whether dissemination is required by law; (2) whether dissemination is necessary for the proper performance of the functions of the agency; (3) whether disseminating public information would assist in public oversight of agency operations or would promote the general social or economic welfare of the United States; (4) whether an information dissemination product available from other Federal or nonfederal sources is equivalent to an agency information dissemination produce [sic] and reasonably fulfills the dissemination responsibilities of the agency; (5) dissemination methods that will maximize the utility of the information to the public, including dissemination through the Superintendent of Documents to the depository libraries; and (6) the economy and efficiency of Government operations. (d) Establish fees and other dissemination arrangements in a manner consistent with the policies and practices developed by the Director under Section 2 of this Act. Section 5. Establishment and Operation of Government Information Locator Service In order to assist agencies and the public in locating information and to promote information sharing and equitable access by the public, the Director shall-- (a) cause to be established and maintained a distributed agency-based electronic Government Information Locator Service supported by agency inventory systems which identify significant public information holdings; (b) require each agency having significant information dissemination products to establish and maintain a comprehensive inventory of such products, and shall prescribe the minimum contents of such inventories, subject to any technical standards developed pursuant to subsection (c); and, (c) establish an interagency committee, in cooperation with the Secretary of Commerce, the Archivist of the United States, the Administrator of General Services, the Public Printer, and the Librarian of Congress, to develop such technical standards for agency inventory systems. Section 6. Transition to Executive Branch Printing (a) The Government Printing Office will remain the mandatory source for Executive agency printing needs for two years after the effective date of this Act. (b) Notwithstanding subsection (a), Executive agencies are authorized to obtain printing services under $2500 from commercial sources or other printing sources operated by Executive agencies during this period. Section 7. Technical and conforming amendments. (a) Section 103, title 44 United States Code, is repealed. (b) Section 312, title 44 United States Code, is amended by striking the word "Government" and inserting the words "Congress or the Judiciary (other than the Supreme Court), and GAO" in the first sentence of the section. (c) Section 313, title 44 United States Code, is amended by inserting the words "for the use of Congress or the Judiciary (other than the Supreme Court), and GAO," after the words "otherwise" in the first paragraph thereof. (d) Sections 501, 503, 504, 508, 509, 510, 512, 513, and 514, title 44 United States Code, are repealed. (e) Chapter 11, title 44 United States Code, is repealed in its entirety. (f) Section 1502, title 44 United States Code, is amended by striking the words "and, together with the Public Printer," after the words "custody" in the first section. (g) Section 1503, title 44 United States Code, is amended by striking the sixth sentence, which reads, "The Office shall transmit immediately to the Government Printing Office for printing, as provided by this chapter, one duplicate original or certified copy of each document required or authorized to be published by section 1505 of this Title." (h) Section 1504, title 44 United States Code, is repealed. (i) Section 1506, title 44 United States Code, is amended by striking the words "Public Printer or Acting Public Printer," with "Administrator of GSA or his or her designee." (j) Section 1701, title 44 United States Code, is repealed. *************************************************************************** *************************************************************************** ALAWON (ISSN 1069-7799) is an irregular publication of the American Library Association Washington Office, 110 Maryland Avenue, N.E., Washington, DC 20002-5675. Internet: alawash@alawash.org; Phone: 202-547-4440; Fax: 202-547-7363. Editor and List Owner: Fred King (fdk@alawash.org). All or part of ALAWON may be redistributed, with appropriate credits. ALAWON is available free of charge and is available only in electronic form. To subscribe, send the message "subscribe ala-wo [your name]" to listserv@uicvm (Bitnet) or listserv@uicvm.uic.edu (internet). Back issues and other documents are available from the list server. To find out what's available, send the message "send ala-wo filelist" to the listserv. The ALA-WO filelist contains the list of files with the exact filename and filetype. To get a particular file, issue the command "send filename filetype" to the listserv. Do not include the quotes in your commands. ------------------------------ Date: Tue, 26 Oct 1993 21:40:51 EST From: Dave Banisar Subject: CPSR Crypto Resolution CPSR Cryptography Resolution Adopted by the CPSR Board of Directors, San Francisco, CA October 18, 1993 WHEREAS, Digital communications technology is becoming an increasingly significant component of our lives, affecting our educational, financial, political and social interaction; and The National Information Infrastructure requires high assurances of privacy to be useful; and Encryption technology provides the most effective technical means of ensuring the privacy and security of digital communications; and Restrictions on cryptography are likely to impose significant costs on scientific freedom, government accountability, and economic development; and The right of individuals to freely use encryption technology is consistent with the principles embodied in the Constitution of the United States; and The privacy and security of digital communications is essential to the preservation of a democratic society in our information age; and CPSR has played a leading role in many efforts to promote privacy protection for new communications technologies: BE IT RESOLVED THAT Computer Professionals for Social Responsibility supports the right of all individuals to design, distribute, obtain and use encryption technology and opposes any government attempt to interfere with the exercise of that right; and CPSR opposes the development of classified technical standards for the National Information Infrastructure. ------------------------------ End of PRIVACY Forum Digest 02.33 ************************