Privacy

is far better fit to perform the task of compiling such a guide both from the standpoint of its already-existing expertise in the area and from the respect (or even fear) it seems to command from other federal agencies. OMB already collects a great deal of the information from all federal agencies that would be needed in order to compile such a guide, and in any event has available to it the use of the pervasive clearance power apparatus to secure any detailed information on most agency collection and dissemination transactions that might be necessary to make the guide authoritative, up-to-date and complete. The guide should also be of enormous help to OMB itself in its administration of the Reports Act mandate to coordinate collection efforts among the agencies. While in this report the data directory proposal is linked to the proposal for the creation of a right of access, I wish to make clear that the recommen dation on the data guide is severable, and should be adopted even if the Conference should wish to take no position on the access proposal at this time.

CONCLUSION

While at present interagency transfers of information in individually-identifiable form are effected by and large in an ad hoc and decentralized manner, the mere fact that this area is unregulated does not mean that all ad hoc interagency transfers are unlawful or necessarily undesirable. It does, however, mean that the legality and desirability of making particular transfers is left largely to happenstance. It also means that the transfer decision-making process is probably inconsistent within various field offices of the same agency because it is uncoordinated. And finally, it means that most agencies' transfer practices remain unknown and undiscoverable-and as a result suspect-by individuals asked or required to provide agencies with information about themselves or others, and by other agencies who might be desirous of making a perfectly lawful and economical additional use of data already held by an unknown second agency. Thus there are "problems" with present interagency transfer practice that can and should be solved. The recommendations in this report are designed to do that in a way that will involve a minimal incursion on legitimate agency information practices and no changes in existing laws. That is not to say that a rationalization of the present welter of statutes wouldn't be desirable or that future recommendations of changes in agency practice might not be appropriate in the future.

And to echo a theme sounded first at the beginning of this report, it seems important to remember that interagency transfers of information are only a small, perhaps even parochial, part of the universe of important issues that are raised by current governmental information practices-the propriety of collecting or recording some sorts of information at all, the propriety of the use of some information or even blacklists by agencies to make judgments that affect the lives of individuals significantly without giving the person affected notice of the basis of the decision, and the problems associated with the "dating" of information with an eye to removing it from records altogether at the end of its useful "life," to name a few. Thus there are many changes in current agency information practice that may be desirable or even necessary that are not touched on in this report simply because they are not warranted as a response to the narrow range of information practices I was charged with studying.

Nonetheless interagency transfers of information are an important part of current agency practice and their regularization along the lines suggested in this report should result in benefits in the form of public confidence in the integrity of government information activity. Agency response to these recommendations will form an appropriate point of departure for self-initiated efforts at a more general reform, perhaps along the comprehensive lines of that suggested in Records, Computers and the Rights of Citizens (the HEW Report of the Secretary's Advisory Committee on Automated Personal Data Systems), or the National Academy of Sciences-sponsored tome by Professors Westin and Baker on Data-banks in a Free Society. It is obvious, for example, that when agencies give notice at the time of data collection of the other agencies to whom the information will be available they may well want to give full notice at the same time of the nature of the agency's authority for collection, as well as details on its intended use. These recommendations, then, should be regarded as only a beginning of the process of achieving that openness that should be the mark of individual record-keeping by agencies in a government that belongs to its citizens.

Congress-for example, H.R. 9527 and H.R. 15613, both by Representative Koch of New York, during the 1st and 2d Sessions of the 92d Congress, respectively, and both of which would have created a new Freedom of Information Act section that provided not only for access at cost, but also that agencies must notify every person on whom the agency maintained a record that the agency did so, and notify the person each time the agency augmented his record with thirdparty information. Hearings were held on 15613 before Representative Moorehead's House Government Operations Subcommittee in May of 1972,

Pending legislative amendment of the Freedom of Information Act along the lines of the Fair Credit Reporting Act-a move that seems bound to comeand ignoring for the moment details of time, manner and place that could be expected to be best resolved on an agency-specific basis, it seems desirable for the Conference to go on record in favor of at least a rudimentary form of access to one's own records that could be implemented by agencies with no change in statutory law.

Agencies should undertake steps to promulgate public regulations specifying the conditions under which individuals would be given access to their own files. The regulations should include at least the following principles:

Individuals should be given a right on demand to discover at least once every year within a reasonable time after the demand whether they are the subject of an active non-investigatory file held by an agency and, if so, to be told on further demand the contents of their file, the identity of any other governmental organizations to which the information has been transferred, and the uses to which it was to have been put by the receiving agency, except to the extent that disclosing particular parts of the information in the file would compromise an imminent law enforcement proceeding against the individual, national security, or a pledge of confidentiality made to some third person.

Procedures should also be established to allow individuals to correct any factual misstatements contained about them in their records or to contest the accuracy of any information in a short statement to be appended to the data in question.

One of the main particulars in which the proposed recommendation on access differs from that embodied in the Koch "Citizen's Privacy" bills mentioned above is that the access would be triggered only on the demand of the individual who wishes to see his records. In order to facilitate intelligent demands for access and as a result, incidentally, to reduce the net number of demands made on agencies as a whole, agencies should publish periodically a catalogue of authority for their maintenance, the uses to which the information in the records is put, the limits on dissemination of the files to private and governmental organizations beyond the collecting agency, whether individuals have access to all or part of the information in their records, the name and address of the agency employee or office charge with the administration of agency information policy, and similar information that would be useful to an individual (or agency) desirous of informing himself on the information policy followed by a particular government agency. Professors Westin and Baker, in Databanks in a Free Society, have felicitously styled a proposed low-cost compendium of such agency catalogues a "Citizen's Guide to Files." "The emphasis in such a booklet," they state, would be on clearly written, detailed descriptions so that sensitive files of information would not be masked by the general nature of a description or lost in a trailing "et cetera."

The great value of . . . [the proposed guide] is that it would provide the citizen with a thorough, detailed, and nontechnical directory of the record systems that contain information about him, and the general rules under which it is being held and used. (p. 363)

Another benefit to be realized, of course, is the facilitation of interagency transfers of information within the statutory limits imposed on such transfers-transfers that could save time and money for both citizens and agencies. but which may be forgone at present simply because of agency ignorance of shared information needs borne of the sheer size and complexity of the federal information apparatus.

While Westin and Baker suggest that the initial preparation and periodic updatings of such a guide be undertaken by a legislative committee such as the Government Operations Committees of Congress, it is my judgment, as has been indicated at various points above, that the Office of Management and Budget, being charged as it is with the administration of the only general federal information collection and transfer statute-the Federal Reports Act

is far better fit to perform the task of compiling such a guide both from the standpoint of its already-existing expertise in the area and from the respect (or even fear) it seems to command from other federal agencies. OMB already collects a great deal of the information from all federal agencies that would be needed in order to compile such a guide, and in any event has available to it the use of the pervasive clearance power apparatus to secure any detailed information on most agency collection and dissemination transactions that might be necessary to make the guide authoritative, up-to-date and complete. The guide should also be of enormous help to OMB itself in its administration of the Reports Act mandate to coordinate collection efforts among the agencies. While in this report the data directory proposal is linked to the proposal for the creation of a right of access, I wish to make clear that the recommendation on the data guide is severable, and should be adopted even if the Conference should wish to take no position on the access proposal at this time.

CONCLUSION

REPORT ON LITE COMPUTER SEARCH OF U.S.C. PROVISIONS ON INTERAGENCY TRANS FERS OF INFORMATION, AUGUST 9, 1973

(Prepared by Mr. Frank Thomas and Mr. Carl S. Mallow, Chief of User Services Section, Air Force LITE Computer System, under the direction of Professor Alex W. Bell, University of Virginia Law School)

The statutes compiled in the following lists deal only with transfers and use of information knowingly furnished by individual entities outside of the government to entities within the government; no attempt was made to uncover statutes that deal with transfer of data that has been generated by the government itself, such as results of criminal or civil investigations or of government-sponsored experiments and research. While the scope of the search appears to have been fairly exhaustive, especially in the case of statutes restricting the use of information, there are undoubtedly more statutes on the subject than are sumarized in this report.

The search was performed by the Air Force's LITE computer using tapes of the entire United States Code on the basis of linguistic scanning instructions-such as "print out summaries of all statutes in which the phrase 'confidential information' appears," or "print out summaries of all statutes in which the words 'information,' 'disclosure,' and 'except' appear separated by no more than 10 other words." With the able assistance of Mr. Carl Mallow at the LITE center in Denver we cast over 100 "word nets" in 14 basic runs on the computer, trying each time to pare down the number of statutory "fish" we caught to only those directly relevant to this project.

Because of inevitable "holes" in our "nets," the searches may well have missed many statutes that govern interagency transfers of information. Moreover the search may have missed some statutes that are in fact used by agencies to control information transfers because of the attitude sometimes taken by agencies that information transfer policy may be governed by general statutes which on their face give only slight indication that they might be relevant to information transfer. A final gap in the coverage of this survey may be indicated by the fact that some statutes seemingly "assume' that restrictions on the dissemination of information generated under the statute will or should be imposed in situations in which the agency, the person furnishing the information, or "reasonable men" would consider the information to be confidential, without explicitly mandating the establishment of a procedure for such an ad hoc "classification" of the information generated under the statute.

Because of these gaps the statutes presented should be deemed to be more an exhaustive survey of the various techniques used to control the process of information transfer among agencies than to be a complete listing of all United States statutes governing interagency information transfers.

An attempt was made to place statutes and in many cases subsections of statutes into more or less archtypical categories in an effort to distill patterns of statutory regulation of interagency transfers of information. There are, as a result multiple listing of some of the statutes.

The "patterns" of regulation into which the statutes are now grouped are somewhat overlapping and may be for the most part either too amorphous or too ambiguous to be of much value. Nonetheless, one interesting, if not surprising, "pattern" emerged so strongly that it deserves mention at this point: the statutory restrictions on interagency transfers of information appear to be a crazy-quilt. While one might have thought that the computer searches would reveal a rational Congressional "policy" towards at least what sorts of information must always be exchanged and what sorts of information must never be exchanged, the statutory provisions indicate that there simply is no such consistent policy. Even information of the same "degree" of sensitivity-in that all reasonable men would agree that information of that sort should not be disseminated at all (or, perhaps, even collected in the first place) because of its high potential for harm or embarrassement to the individual or entity to whom it relates-is sometimes explicitly protected from disclosure to any person or agency, at other times is explicitly made "public," and at yet other times is left to the unfettered discretion of an agency whether to make it public or not without any discernible differences in the nature of the "public interest" that might require the different treatment. A highly significant fact is the failure of the search to turn up any consistent general definition of the term "confidenial," which seems to be the key word in most schemes of restriction on information dissemination.

The statutory regulation of information transfers, in other words, appears to be an extremely hodgepodge effort, with no real consistency as to subject matter or technique. This general lack of rationality makes one suspect that the subject of information transfer is often tacked on to a statute as an afterthought rather than as part of a comprehensive regulatory scheme, and that the subject is therefore ripe for legislative reform.

I A (1)

I. STATUTES AUTHORIZING TRANEFERS OF INFORMATION

These statutes are a small sampling of the many that deal with the transfer of information between agencies only in that they appear to require or empower agencies to co-operate with other agencies. Assuming the power to transfer information to other agencies does not have to be specifically delegated by the legislature, statutes like these could be said to "authorize" interagency transfers of information. These provisions in fact seem to be "throw-aways," put in statutes to make sure that there is no unnecessary duplication of effort without any thought given to their implications for transfers of individually-identifiable information. Does 15 U.S.C. 638, for example, "authorize" the SBA to transfer information to the FBI? Is such an authorization really necessary?

7 U.S.C. 16: The Secretary of Agriculture may co-operate with any department or agency of the federal government or any state agency (1922)

7 U.S.C. 1607: The Secretary of Agriculture is broadly authorized to co-operate with any department or agency of the federal government or with the states in carrying out his duties in regard to seeds (1939)

7 U.S.C. 1624: The Secretary of Agriculture is given general powers of co-operation with state, federal, and private entities in carrying out his duties on the marketing of agricultural products (1946)

15 U.S.C. 638: The Small Business Administration is authorized to co-operate with federal agencies in carrying out programs for the assistance of small businesses (1958)

16 U.S.C. 590: The Secretary of Agriculture may receive co-operation of any other federal agency in carrying out his duties concerning soil conservation (1935)

29 U.S.C. 527: The Secretary of Labor is authorized to co-operate with other agencies in carrying out his duties concerning labor-management reporting (1959)

30 U.S.C. 556: The Secretary of the Interior is authorized to co-operate with any person or agency, state or federal, in carrying out his duties concerning coal mine fires (1954)

42 U.S.C. 1857: HEW (now EPA) authorized to co-operate with other federal agencies and private organizations concerning air pollution control (1955) 42 U.S.C. 3756: LEAA is authorized to co-operate with the Department of Justice and other agencies

I A (2)

These statutes are concerned with general duties and possibilities of information sharing imposed by statute. They should be distinguished from statutes imposing general duties of co-operation and co-ordination but not mentioning information sharing explicitly.

It is interesting and probably significant that the mandatory language is generally accompanied by a fairly narrowly defined substantive problem thought to warrant the transfer that does not contemplate the use of the information in a way that could be detrimental to the subject of the information.

Although perhaps not technically within the scope of this grouping. 44 U.S.C. 3501 was included because it could conceivably be construed to condone, if not authorize, general information sharing of all sorts among federal agencies. Indeed, if 44 U.S.C. 3501 is not limited to statistical tabulations, it may be the answer in part to the problems noted concerning a lack of consistency or general overall constraints and directions concerning transfer of information between agencies: it may indicate that interagency co-operation and transfer is thought and desired by Congress to be the rule rather than the exception. Note also 44 U.S.C. 3507, which gives OMB extensive power to compel interagency transfers: by what standards is not clear, but see 44 U.S.C. 3508. Compare 12 U.S.C. 1141h. 2. U.S.C. 166: Any department or agency shall furnish such books, papers, documents, memoranda to the Congressional Research Service as the Service deems necessary to perform its task of informing Congress (1946)

« Previous Continue »

Books

Privacy: The Collection, Use, and Computerization of ..., Volume 14, Part 2