ASAP '01 page 1

Paul McMasters, Freedom Forum:
Primary means of sharing power in a democracy is free flow of ideas from people to government and back.  Risk now is gloomy info lock down, constriction of free flow.  Some impulses in a crisis must be heeded - to shut down some flow.  Have restricted congressional access to secrets; Ashcroft memo sends wrong message; congressional cyber sec info act; DOD warned congress  leaders not to share public info with own constituents; agency web sites reduced info; 
Need to reexamine FOI policies in times like these.  All sanctioned by war on terror.
Government surveillance & wiretapping increased while government info to public reduced.  Vulnerable to democracy decay under these conditions.
Bush approval highest, government confidence highest since 1968; people tell pollsters they want less info, not more.
On info policy we think of relations, costs of compliance.  But need to think of democracy; law came on heels of red scare, another crisis..  Constitution 1st amendment demands that we keep flow -- free speech and press otherwise just [uninformed babble].
Free flow gives personal & national sec.  Agencies failed to share info; congressional failed to oversee; public failed to attend to info because inconvenience.
INfo is not just power, not just currency of conversation but also is security.
Need to if airports insecure, or vulnerable to biological attack -- only then leaders will act.  Absence of info is not absence of danger.
Wee will not forsake our principles because they have rained fire upon us.

ASAP '01 page 2

Privacy I.
Charlene Thomas IRS, deputy Privacy advocate. 

David Sobel, EPIC, cases on clipper chip, FBI digital surveillance proposal, ACLU v Reno Telecommunications decency act.
www.epic.org
Anti Terrorism bill complex and not explained well by media.  USA Patriot Act expands e-surveillance authority, limits judicial review, blurs law enforcement & intelligence surveillance distinction; extends transactional surveillance to Internet.  Ct supervision reduced -- imp because target has less oversight in e-surveillance.  Rolled back a lot of divisions created in 1970s after Watergate.  Pen register authority: from telephone environment; distinct from wiretap, because cannot listen to your line with only pen register authority -- just a list of numbers called or incoming.  Easy to obtain, no judicial discretion if relevance shown; now applies to Internet for routing, addressing and signaling info.  carnivore does the job of collecting this info.  EPIC seeking info on this via FOIA and lawsuit.
FBI says email header is equivalent to phone line # -- but in packet mode cannot separate this from other info.  Thus government gets access to all ISP traffic not ust headers -- and conducts its own filtering..  Documents show CARNIVORE could collect & archive all unfiltered traffic to test bed computer.  2000 independent review for DOJ Final Report showed it can conduct fine tuned searches, it can also record anything it monitors.  May 2000 document says Army wanted it for intrusions into Army nets.   Less oversight because the tech is classified and documents have SECRET stamps. 
Encountering encryption: US v Scarfo.  Surreptitious entry to install key logger system to capture password.  LEgal issues: wiretap? General search?  Highly classified, CIPA invoked.  Defense of this organized crime case was denied access to specific details of technique.  What's next? Magic Lantern and covert techniques?  CIPA normally limited to espionage cases, not mafia.  Magic is a trojan horse remotely transmitted to suspects computer without physical entry, and retrieves data remotely. 

Wayne Crews director Tech studies, CATO inst.  privacy & spam. 
Market has been moving towards greater privacy e.g. in Net commerce; 79% of people on a web site leave as soon as required to give personal info.  Most bus sites have privacy policies -- but people's privacy interest varies -- some post photos on amihot.com!  Do you opt out or in?  Bus wants opt out so can use your info until you opt out.  TiVo can track everything you watch on TV; credit card Cos track all your purchasing habits.  Social Sec # and Drivers Lic # -- routinely used without outcry.  National ID card getting a hearing and tech exists.  Child online privacy protection act to prevent commercial sites -- blocks young birthdates, but not older birth dates, so relies on honesty of shopper.  For acrtive beeping cell phone as you pass restaurant, industry opting opt-in legislation.  As screens get smaller including cell phones, how do we put opt-in policy on screen?  SUB7 allows another computer to control our computer.
Witness equips human rights organizations with cams so they can record government violations.  Tech exists to block cookies and spam -- cookie central, spam filtering sites..  Ekids site now separate from NET, protected by air gap.  Gov Net now proposed by 'richard CLark of Homeland Sec -- separate for government only, for greater security.  Internet itself is inherently not private.  Tech is better than law at protecting anonymity -- government is fundamentally not in the business of protecting privacy -- left to bus to do that. 

Sobel less optimistic about market approaches, burden on consumer.  ALso, if private Cos have data on you, Government now can get it. 

Charlene: Government does have PA protection but private sector does not. 
Patrice McD why are privacy rights of gun owners given special priority? 
Sobel - info collected for intelligence purposes without constraints then repurposed for law enforcement.

Sobel: government under broad definition of business, would have access to library patron data but not gun owners -- responds to one constituency more than others.  House considered sunset provisions but not for most imp permissions such as pen register surveillance. 

Robert Yates book, crisis in Leviathan, on issues of security in crisis. 
Sobel:
Legislative reaction was knee-jerk to separate 11, little check on existing ability of surveillance. 
FTC exporting legal authority to regulate privacy on Net -- but new Commissioner probably will find does not have existing authority.

ASAP '01 page 4

E-records
Mary Ronan, IRS, ex NARA, moderator

Sarah Cohen, Wash Post, Database editor: accesses e-foia databases for stories, ex St. Pete Times.  Use fed procurement data system often, Dept. Agriculture meat packing records, FDA monitoring of clinical trials.  Premise: it's other people's jobs to decide what it public or not.  As requester, do not know what is reasonable database search.  Problems of research: database to o big, too complex, inaccurate, what do you want exactly?  But in last ten years, anything that passed y2k is easy to use.  Actually, to copy is simple, select * into new data from old data..  Redactions always needed -- but requester can't specify.  The redact, After table drop column home_addr.  Easy to issue command but to positively select fields, must enter field names, much longer process.  Like process with a socument where requester gets whole document minus redactions.  You do need data map or data dic to tell you field contents.  Most requested databases have about 10K records, not too large.  A few are much larger or more antique.  Most agencies respond by telling you to make FOIA request first, instead of giving data dic first so request can be tailored.  From one database they found a field for guns originally owned by agency, then used in crime -- followed up for a story.  If database is difficult, $300 to a data service makes it understandable.  CS should not simplify database in advance, requester can do that -- just give whole database. 

Mark Greenwood, Ropes & Gray:
1994-, environmental law, info policy on risk assessment, ex EPA Toxics, "everybody's paid anyway."  "E-reporting and Record keeping at EPA." 
1998 Government Paperwork Elimination Act, for e-government but voluntary reporting from Cos, deadline Oct. 2003.  Cross Media Reporting rule, modeled on FDA 1997 rule.  But Cos required to keep in software audit trail of changes, migration of data over time.  If voluntary lower costs -- EPA found not cost effective more most Cos, only 400 would comply -- but e-records broadly defined as any record that even passed through a computer - - actually many businesses will have to comply.  Excel cannot do task, so need special software.  EPA experience is $1M startup per facility -- & ripples out to contractors etc., 1.2M facilities, so $48 Bn upfront cost total!
WHY do it? to get records accepted in Court -- but already accepts e-data; prevent fraud, but an issue in many cases; longevity but may not be needed for some perishable data.  Cos are poor historians, Government is better at archiving. 
So in name of burden reduction, EPA increased burden on Cos.  Need COTS software.

Gary Bass, OMB Watch: since 1980s, RTKnet access to government databases, esp environmental.   Lack of leadership from OMB across administrations on framework for public access.  Need e.g. unique Identifiers for those dealing with government so submitters can be cross referenced with law violators.  Can't link to databases via FirstGov.  Rider on Appropriations bill set roadblocks, data quality condition before publish database.  OMB has to deal with this with rule making, as do agencies.  New OMB Mark Forman may take charge.  Sen. Lieberman's e-government bill.  All pre Sep. 11 - then many web servers taken down. 
enormous amounts of info taken down across government webs.  Also at state & local level.  Also destroying CD-ROM on surface water supplies -- not just withholding but destruction.

Attorney General memo on FOIA changes, huge shift.  Discretion against disclosure.  Escorts now for public reading rooms.  State Dept. considering Loose Lips ad campaign for secrecy like W.W.II. 

No inventory of current changes kept by Government, let alone justification.  OMB watch trying but imperfect list.  Our RTK net still offers data removed from EPA net, now getting hate mail.  Did focus groups, decided RTK must prevail and burden of proof is on withholding.  Info before Sep. 11 was widely cached on Google and mirrored on NGO sites.  Benefits are critical factor -- terrorists could use any info wrongly -- e.g. football schedule.. 

Hammitt: cost of redacting data estimates can be very high, prohibitive.  Access often not designed into database.
Cohen: redacting database OK, but redacting images e.g. PDF is costly.
Some agencies have profit centers, reluctant to give away data.  Costs more trouble in state & local government than Feds..

Bass: EPA data quality improved with public access -- counters argument that you should not publish data that's inaccurate or incomplete. 

ASAP '01 page 6

On The Hill.
Jim Dempsey, CDT
Ex NS Archive.  Concerned that many measures having little to do with Sep. 11 attacks have been packaged as anti terror.  Some had failed as anti drug measures -- need to check how these improve actual security.  26 Nov. Patriot bill passed -- see CDT.org.  Web includes memos and analyses, very active site.  Act does not affect FOIA but does affect PA databases.  Law allows FBI to obtain from FISA business records authorization without need to mention particular person; see sect 215 -- little discussed in debate; sweeping effects but under the radar. 
B3 exemption to FOIA proposed by Reps Davis & Moran & Senators Kyl & Bennett -- for critical infrastructure info.  Environmental groups particular involved because long running Chemical industry backlash against environmental info openness.  Further exemptions for CIA were actually proposed for Conference report after both houses -- failed but shows arrogant use of crisis. 

Kevin Goldberg, Cohn & Marks
Critical Info Infrastructure Act: Cohn & Marks reps requesters, ASNE press. 

Official Secrets Act: criminal penalties for classify info; currently need intent to harm US, eliminated by bill.  Broadens.  Proponent Shelby argues info still restricted by relationship to defense, but language is missing.  Bill was in congressional 8 Sep., & derailed by Patrice & others -- Attorney General did not support this bill and CIA dropped its support from last year.  Did have increased dialog between access community & Hill.  No study of how much leaking actually occurs. 

Presidential Executive Order on presidential records act:  12 yr. release tested by request for 68K pp. on Reagan.  Executive Order allows former presidential to veto request;; plenty of former RR and Bush staff on current Bush staff.  PRA often cited as precedent in FOIA cases.

Congressional Records Openness Act has been proposed for past 3 yr., but not likely to pass. 

ASNE drafts policy questions for presidential candidates -- but this election, neither candidate responded.  PRA does have exemption for classified info.  Pentagon papers released by Sup Ct were 47 vols. 

Reporter Vanessa Leggett jailed for a long time for refusing to reveal info from source even though info obtained for grand jury by other means.

Unlike Reno, Ashcroft would not meet with ASNE personally. 
Policy is dramatic change from Reno guidelines. 
Bill to study privacy policy by commission has been around. 
SHould study how to plan databases for FOIA.  Needs resources.
Congressional records Act esp issue briefs from CRS avail via Reps but not open to public. 
CII Act would give manufacturers of computers Use immunity on info about vulnerabilities, if not blanket immunity. 
Rep Horn will intro bill to allow state & local officials access to classified info for local emergency preparedness.  Presently nobody has access to that info once voluntarily submitted. 
Y2K legislation for immunity used as precedent for this Davis Act -- BUT it was a disclosure act, not a secrets act.
Idea as openness would led to security increase. 
Last year's bill was in Intelligence Authorization bill, now called OSA or anti leaks bill.  Sep. 5 hearing cancelled was about language that was not really known. 

ASAP '01 page 7

Court Records: Why They're Open & Ought to Be.
Mod: Rebecca Daugherty, Reporters Committee
Ct records open because of 1st amendment, no secret trials, BUT now people looking to FOIA exemptions & practical obscurity to keep data private.

Hon. Rudolph Kass, MA Apps Ct
States are behind Feds.  Openness common law tradition predates 1st amendment -- English tradition.  Closed cts: inquests because often do not result in charges; misdemeanor cases perhaps should be closed but local papers often interested.  Juvenile cts closed.  Custody cases closed also and controversial, because abusive parents might regain custody.  Depositions closed, lobby conferences, sidebar discussions, cameras still barred widely. 
Examples of press cooperation with judges to keep personal material out of papers.
"practical obscurity" phrase from Reports' Committee.
WEb ct records -- would level playing fields for small firms that do not have so many paralegals -- at present requires drive and physical search.. 
MA Criminal Offense REcords Info has been taken on by newspapers -- who won. 

Dick Carelli, Judicial Conference Info Officer
Cts going electronic for several yr. but expect several yr. more.   Case management systems now online, accepting filings over internet, since judicial conference committee studied privacy and security issues in event of online.  Judicial Conference is policy making body. 
www.privacy.uscourts.gov   holds the submissions.
Policy does redact personal data; depends on civil criminal, bankruptcy cases.  Can display only last 4 digits of Soc. sec #.  Pacernet online service (fee paying) still there. 
see www.uscourts.gov, click e-access to cts, to CMECF project.
www.Pacer???.gov  =  net 
Carol Melamed, Wash Post General Counsel, looking at MD ct records to be online. 
Why is access to ct records imp for public?  States vary -- some online.  MD docket sheets including basic ID of parties and process stage of case.  ID by names, birth, ace, height & weight.  Attorney General proposed to remove public remote access.  Caused uproar.  Chief judge appointed committee.  But little chance of case files online.  Statutes and sealing orders controversial.  Why open? Cts power checked by tradition openness.  Often imp for historical info on people such as candidates or day care center operators.  Trends and biases can be determined from statistics. 

ASAP '01 page 8

Laura Kimberly, ISOO.  Sep. 11 caused restructure of ISOO & Executive Order 12958.  Only 12 staff for yr..  Oversee 65 agencies & industry, based on Executive Order on classification (Clinton) & got appeals authority for classification review.  Also national industrial sec reviewed (contractors) since 1991 by Executive Order from Bush 1.  Never given more resources until FY 2001, 12 new positions.  With Clinton Executive Order got more responsibilities without staff.  Role is policy oversight.  Review of Clinton Executive Order at NSC Policy Coordinating Committee for classification began in Aug. 

Declassification now taking a middle seat at least, during budget strictures declassification not seen as something that supports the war on terrorism.  Executive Order has been an unquestioned success -- 9M pages since 1995, a treasure trove.  ISOO wants auto declassification preserved, not gutted.  Depends on replacement for Garfinkel (21 yr.).  retiring Jan 30th. 

Henry McIntyre, DOD,
clears public statements prior to release; several programs but FOIA is most sensitive; staff often want to be given the actual decision instead of guidance.  FOIA supported but also internal info given to service members; info will not be classified to protect government from embarrassment or criticism.  Rumsfeld signed up for these principles again.  Initially reforming DOD was kept close-hauled but has given 100 press conferences and many more from staff.  SEc. merely told staff to be careful before release, since Sep. 11.  Since then realization that info could damage us.  One frequent requester organization removed DOD info from its own web site.  Our directorate has not really changed.

DOD new memo to protect lists of names of people working for DOD.  Law 130(b) allows protection of names of personnel overseas -- a (b)(6) exemption desired for those who don't fit 130(b).  Gulf war stories of families of those serving overseas receiving harassment crank calls & letters & e-mails. 

Tom Blanton NS Archive.  DOD runs really professional op.  ISOO in decade of declassification not only in USA but elsewhere from fall of USSR to WTC.  Great mountain of classification documents had built up by 1989.  See AFS.org for Steve Aftergood's web that removed material hundreds of pages.  Attorney General last week testified any critic was doing work of terrorists. 

US Government Identified Noriega as CIA asset when it prosecuted him.  Overrode ban on revealing assets.  Recently Bay of Pigs reunion showed not leaks but bad policy caused failure..  Recent review using hundreds of staff of declassified documents showed only ones questioned were 1950s basing of missiles in Italy, e.g..

Ashcroft memo will undermine secrets by crudely calling for interests in withholding without tying to nat sec.  Pre 11 separate Cheney like Hillary had been developing new energy policy without revealing who was contributing to policy. 

President Bush has just given even Nixon's grandchildren veto over release of presidential records. 

End of Long Telegram by Kennan called fr clinging to own methods -- do not allow ourselves to become like those we are containing.

DOD mail has been held in container trucks since 11 Sep., awaiting irradiation. 
Question Time: one new agency has received original classification authority.  ISOO would have to run it by NSC. 
Blanton, just lost another case -- litigation doesn't work to correct classification but don't want to do away with it.  Ct did reject Glomar response but till deferred to exec on decision.  Mort Halperin said you always lose but you always get documents. 

Aftergood -- Moynihan Commission Report valuable but recommendations systematically watered down until even the advisory bd enacted without people named to advisroy bd.  Deutch and Podesta were on board, but still [foiled].  Did propel Venona intercepts into declassification.

2,00 cases backlog at DOD, hired two contractors to respond to old dog FOIA requests from 1993-94.  NS Archive is good at supplying justification for release that can persuade boss.