
         -------------------------------------------------------------

         *  C  Y  B  E  R  S  P  A  C  E  *  A  N  D  *  I  T  '  S  *

         -------------------------------------------------------------

            L  E  G  A  L  *  I  M  P  L  I  C  A  T  I  O  N  S  *

         -------------------------------------------------------------


    July 1992                                              Vol. 4; Issue 5

                              ELECTRIFYING SPEECH
        New Communications Technologies and Traditional Civil Liberties

        =------------------------------------------------------------=
        |This document is Copyright (c) 1992 by Human Rights Watch.  |
        |It is reproduced in electronic form by permission of Human  |
        |Rights Watch. For printed versions of this document, contact|
        |Human Rights Watch Publications, 485 Fifth Avenue, New York,|
        |NY 10017. Printed copies are $3.00 with quantity discounts  |
        |available. This electronic copy of the document is being    |
        |made available as a service of Human Rights Watch and       |
        |The Electronic Frontier Foundation (eff.org). It originated |
        |in the eff.org ftp library. Redistribution of this document |
        |should always be accompanied by this header.                |
        =------------------------------------------------------------=


                 INTRODUCTION:  NEW COMMUNICATION TECHNOLOGIES

    Since the personal computer ushered in a communication revolution  about 15
years ago, the accompanying technology has been likened to  everything from the
printing press to Hyde Park  Corner,  from  the   postal  system to talk radio.
Pungent as these  analogies  are,  their   limitations  point  up the essential
uniqueness of computer-mediated  communication.  While  the printing press made
possible the mass  dissemination  of  information,  computers can individualize
information  and increase its flow a  thousandfold. In the process, they change
the  nature of communication itself.

    Few Americans are unaffected  by  this  revolution,  whether  they  rely on
computers to do their  taxes,  write  a  novel,  serve  up  money   from a bank
machine, or make airplane reservations -- and then guide  the plane safely back
to land. Those who are "on-line"  "talk"  to   people  whom they may never meet
face-to-face and form "virtual  communities" in "Cyberspace" -- a place without
physical dimensions,  but with the  capacity  to  store  vast amounts of facts,
conversation,  messages, written or voice mail and graphic images.

    While it is axiomatic  that  these  new  capabilities  can open up  faster,
easier and more inclusive  communication,  they  also  call into  question long
held assumptions about individual and communal rights.   Some are old questions
in a new context: What, if any,  is  the  role of  the government in regulating
electronic communication? As more and  more  information is recorded and stored
automatically, how can the  right  of  privacy  be  balanced  with the right to
know? What happens to   individual  protections  when  information is a salable
commodity? Does  the form in which  information is kept change the government's
obligation to inform its citizens?

    Other questions arise  from  the  new  technologies:  When  borders can  be
breached by a keystroke and texts  and  images  can be reproduced and  modified
without ever being  published,  what  happens  to  definitions of  intellectual
property, scholarship, conversation,  publication,   community,  even knowledge
itself?

    In 1983, Ithiel de  Sola  Pool  began  his  seminal  book, Technologies  of
Freedom, with the warning that  "Civil  liberty  functions today in a  changing
technological context." As  if  to  prove  him  right,  the   government is now
proposing a $2 billion  investment  in  computer  networking technologies which
will radically alter the way  American   communicate. Because the technological
context changes more rapidly  than the laws regulating it, the debate about how
we want to live in  an electronic world is both volatile and urgent.


                     ELECTRONIC COMMUNICATION AND THE LAW

[Note- this applies to US law-  remember  that there is NO written constitution
in the UK which says that any citizen has any rights!]

    United States law has not  treated  all communication technology  alike. As
Pool notes, regulatory policy  is  based  on  different  assumptions and varies
among print, common carriage and broadcasting,   which were the three prominent
modes of  mass  communication  when  he   wrote.  Thus,  lawmakers  and jurists
delineating free speech sought  to   minimize  traditional  controls on printed
speech by rejecting the types  of censorship  associated with it, such as prior
restraint, taxation  and seditious libel. But  early regulators, with an eye to
the social  good, had no qualms  about  requiring  common carriers, such as the
postal  and  telegraph   systems,   to   provide   universal   service  without
discrimination. Their successors, assuming that  the  broadcast spectrum  was a
scarce commodity, designed a  regulatory  system  for  radio  and  TV  based on
government licensing, business advertising and  a  limited  number of channels.
Later  regulations  included  the  Fairness  Doctrine   (imposing  on  licensed
broadcasters an  obligation  to  cover  issues   fairly),  which  regulated the
content of speech. But as  technologies   merge, traditional distinctions among
the modes are no  longer   applicable.  Today,  for instance, anyone regulating
electronic bulletin  boards is looking  at  a  cross  between a publisher and a
bookstore that  operates by means of the telephone, a common carrier.

    Historically, the law  has  responded  to,  not anticipated,  technological
changes, often reacting  repressively  when  a  new   technology challenges the
status quo. As in the  past,  regulation  of  electronic communication has been
influenced more by market and   political forces than constitutional principles
or legal issues. But  electronic communication  policy is still fluid enough to
allow for  questions about who should set the policy and to what end.


                               The Constitution

    Among the most active participants  in  the  policy discussion is  Computer
Professionals for Social Responsibility (CPSR), a public  interest group formed
to explore the impact of computers  on  society.   In March 1991, CPSR held the
First Conference on Computers,  Freedom  &   Privacy in Burlingame, California.
The concerns addressed at the  conference  fell  into three broad civil liberty
categories: protecting   speech,  protecting  privacy,  and  gaining  access to
government  information.

    In an opening  address,  constitutional  scholar  Laurence  Tribe   posed a
question of his own: "When  the  lines  along  which our  Constitution is drawn
warp or vanish, what happens to the Constitution  itself?"  The sections of the
Constitution Tribe was referring  to  in   relation to electronic communication
are:

#   the First Amendment, with its  prohibition  against laws  abridging freedom
    of speech, assembly, or the press;

#   the  Fourth  Amendment,   protecting   people   and   their  property  from
    unreasonable government intrusion;

#   the Fifth Amendment, guaranteeing due  process  of  law and  exemption from
    self-incrimination;

#   the Ninth and  Fourteenth  Amendments,  which  reinforce  other  rights and
    provisions in the Constitution.

    In applying these long-standing  guarantees  in  the burgeoning  electronic
forum, Tribe recommends that policy makers  look  not at what  technology makes
possible, but at the core  values  the Constitution  enshrines. The overarching
principles of that document, he maintains,  are its protection of people rather
than places, and its  regulation  of   the  actions  of  the government, not of
private  individuals.  Other   central  values  Tribe  notes  are  the  ban  on
governmental control of the  content of  speech;  the principle that a person's
body and  property   belong  to  that  person  and  not  the  public;  and  the
invariability of  constitutional principles despite accidents of technology.

    To insure that these values prevail  as technology changes, Tribe  proposes
adding a 27th amendment to the Constitution to read:
    "This Constitution's  protections  for  the  freedoms  of  speech,   press,
petition and assembly, and its  protections  against unreasonable  searches and
seizures and the deprivation of life,  liberty or property  without due process
of law,  shall  be  construed  as  fully  applicable   without  regard  to  the
technological method or medium through which  information content is generated,
stored, altered, transmitted or  controlled."


                             Who Regulates and How

    Speakers  at  the  conference  did  not  argue  with  Tribe's  goal  of  an
enlightened electronic communication policy on the part of the  government, but
some disagreed over who should be  responsible for  formulating that policy and
whatever regulations accompany it.

    Jerry Berman, a longtime  privacy  advocate  who  is  now  Director of  the
Washington office of the Electronic Frontier Foundation, warned  that, in light
of the courts' current record  on  civil  liberties,  any  strategy giving them
primary power to settle electronic  speech   disputes  was dangerous. He argued
instead for legislative controls.

    Others  worried  that   lawmakers,   misunderstanding  or   misinterpreting
existing electronic speech problems,  would  push   through harsh and intrusive
regulations. Steve McLellan, a special   assistant  to the Washington Utilities
Commission, cited efforts in his  state by phone companies wanting to institute
caller ID systems. The  companies lobbied  for authorization of that technology
by portraying  it as customer  protection,  a  way  to combat obscene and crank
phone  calls. The constitutional privacy  issues  got  buried in politics until
the utilities commission announced  that  it  would  approve caller-ID  tariffs
only if they  provided  for  blocking  mechanisms  provided  free   and  at the
discretion of the customer.

    Yet another potential regulatory force  was  posited by Eli Noam,  Director
of the Center  for  Telecommunications  and  Information  Studies   at Columbia
University. Noam suggested  that  computer-  based   information  networks will
become quasi-political entities, not   subordinated  to other jurisdictions, as
they tax, set standards of  behavior and mediate conflicts among their members,
and band together  to influence economic and social policy.  Current Regulation

    There are myriad laws  on  the  federal  and  state  levels with  potential
impact in  the  electronic  forum:  the  Privacy  Protection  Act,   Freedom of
Information  Act,  Wiretap  Act,  Paperwork   Reduction  Act,   sunshine  laws,
obscenity laws, and laws regulating copyright,  trademark, interstate commerce,
and product liability.  As  New  York   attorney  Lance  Rose  points out, this
proliferation of laws tends  to   reinforce  the  most  restrictive standard --
because computer users and   service  providers  cannot inform themselves about
all potentially  relevant  rules,  they  are  well-advised  to  stay within the
boundaries of  the strictest regulation that may apply.

    Congress  has  also  passed   legislation   aimed  directly  at  electronic
communication within the government, including:

#   the Computer Matching and Privacy Protection  Act of 1988,  which prohibits
    government agencies from combining  discrete  computerized personal records
    as a basis for  taking  adverse  action   against  an  individual until the
    results of the match have been  verified independently;
#   the Computer Security Act of  1987,  designed  to improve the  security and
    privacy of federal computer systems;
#   the Electronic Communication  Protection  Act  of  1986,  which  safeguards
    electronic  communication  from   interception,   disclosure   and   random
    monitoring without a court order; and  stipulates  that a court  order must
    be time-limited and must specify the information sought;
#   the Computer  Fraud  and  Abuse  Act  of  1984  (revised  in  1986),  which
    criminalizes unauthorized entry, and  taking  or alteration of  information
    from computers; authorizes fines  and  imprisonment  up  to 20  years under
    certain  circumstances;  and  gives   the   Secret  Service   authority  to
    investigate potential offenses.  In  an  effort  to  balance   the punitive
    aspects of the Act, Sen. Patrick  Leahy  (D-VT) introduced  an amendment to
    the  1991  crime  bill  that  defines  criminal  liability  in   electronic
    communication cases as intent  to  damage,  rather  than  as the  technical
    concept of unauthorized access. The bill (S. 1322) will come  up for a vote
    again in 1992.

    Both the  Computer  Fraud  and  Electronic  Communication  Protection  Acts
include exceptions to their  non-disclosure  provisions  for service  providers
who "may divulge" the content of  a  communication to a law  enforcement agency
if the contents "appear to  pertain  to  the   commission of a crime." Bulletin
board operators have voiced  concern   over  the  ambiguity  of this provision,
questioning if it implies a duty   on  their  part  to report on the content of
their boards.


                   THE ELECTRONIC FRONTIER: SOME SKIRMISHES

    It is by no  means  a  foregone  conclusion  among potential  regulators of
electronic speech that it is wholly protected by the  First Amendment, but even
if that were agreed upon, the issue of  how  to determine the limits of what is
permissible, desirable and  necessary  would  still  loom large. The discussion
has been framed by  a   set  of  paradigms,  in  which  the electronic forum is
portrayed as a mix  of the past -  -  the American frontier -- and a wholly new
phenomenon,  Cyberspace.

    The term Cyberspace comes from William  Gibson's novel,  Neuromancer. It is
the "place" telephone conversations and most  financial transactions exist, the
home of cyberpunks,  and  the  bane  of   those  who  prefer  to  keep personal
information private. Though subject  to  legal  and  social pressures, there is
still something untamed about  it, and so, a writer in Wyoming named John Perry
Barlow coined the  term "the electronic frontier."

    Hoping to seize the initiative in  taming this territory, Barlow  teamed up
with computer entrepreneur  Mitch  Kapor  to  create  the   Electronic Frontier
Foundation (EFF). Since it began in  July  1990, the  EFF has provided guidance
to legislators and courts about  civil   liberties  on  the frontier, and legal
assistance to those whose  liberties have been threatened.


                                 Frontier Law

    Even with  much  of  its  territory  up  for  grabs,  Cyberspace  has  been
populated for some time, albeit by groups with widely divergent  perceptions of
the communal good. On one side are "hackers," a  sometimes pejorative term, but
used neutrally  here  to  describe  people   who  gain  unauthorized  access to
computers for whatever purpose.  These   hackers  see themselves as unfettered,
adventuresome cowboys who, in  keeping with the frontier myth, are being fenced
in by the settlers --   the  business  interests  who  have staked claim to the
terrain -- and by  the law that tends to protect these established interests.

    The cowboys defend computer hacking as a harmless pastime, as a  pioneering
activity that expands the boundaries of what is  electronically possible, or as
a political response  to  proprietary   interests  and  individual  profit. The
settlers attack it as criminal,   antisocial  and malicious activity that costs
everyone in money and  security. By some estimates, computer crime accounts for
as much as $5  billion in losses to government and business yearly.

    One of the most publicized  cases  of  computer  crime involved a  virus (a
software program that can alter data  or  erase  a computer's  memory) that was
unleashed in 1988 over InterNet, an international  computer network. The virus,
known as the Worm, was written by Robert  Morris, a graduate student at Cornell
University, who claimed that he  had created it  as a prank before it got loose
and infected thousands  of government  and  academic computers. As a first-time
offender, Morris  was given a light  sentence, but the principle established by
the case  has been allowed to remain:  to  get a conviction for computer abuse,
the government need only prove unauthorized  access,  not intent to  harm. This
ruling has been  compared  to  punishing  a  trespasser  for  the  more serious
offense of burglary or arson.

    The Morris virus not  withstanding,  the  bulk  of  computer  crime is  not
committed by hackers, but involves credit card fraud or theft by  people within
large companies, which are often  reluctant  to  report it  and publicize their
vulnerability. In setting up  the  Electronic   Frontier Foundation, Barlow and
Kapor were reacting most directly to  Operation  Sun Devil, a part of a federal
effort to combat computer  crime, which  had  as its most visible targets young
computer hackers  and their systems of communication.

    On May 8, 1990, armed with 28 search warrants in 14 cities,  Secret Service
agents seized at  least  40  computers  and  over  50,000   disks  of data from
individuals they suspected of possessing illegally-  obtained information. Only
seven  arrests  resulted,  although  the   government  kept  and  searched  the
computers and software of more who   were  not charged. Information obtained by
CPSR under a Freedom of   Information  request  reveals that the Secret Service
had been  monitoring on-line communication and keeping files on individuals who
had committed no crime for several years prior to the raids.


                              Steve Jackson Games

    The February before the  Sun  Devil  raids,  a  grand  jury indicted  Craig
Neidorf, a student and the publisher  of an electronic magazine  called Phrack,
for reprinting a document stolen from a Bell South  computer. Three hackers had
already been sentenced to prison for   stealing the document, which concerned a
911 emergency system.  The   phone  company  claimed  the  document  was highly
sensitive and set its  value at $79,499. When Neidorf's case came to trial that
July,  however, it was revealed that  the  document was publicly available at a
cost of $30. The government dropped the  charges, but the magazine had  already
ceased publication, and Neidorf had incurred about $100,000 in  legal costs.

    The Bell South file  had  been  made  available  to bulletin board  systems
(BBSs) around the country,  including  one  operated  by  an  employee of Steve
Jackson Games (SJG), a  creator  and  publisher  of   computer games in Austin,
Texas. While looking for evidence against   the employee, Secret Service agents
searched the bulletin board run by  Jackson and  found the draft of a rule book
for a fantasy game called  GURPS  Cyberpunk.  They  decided it was a manual for
breaking into  computers.

    On March 1, 1990, agents raided  SJG  and  seized computers, drafts  of the
game, and all the information and private communication stored  on the computer
used for the bulletin board. Jackson was  never charged  with a crime, but none
of his equipment or files was returned  until  nearly four months later. He was
forced to lay off half of his   employees  and estimates that the raid cost him
$125,000 in publishing  delays. This is a small-scale equivalent of seizing the
printing  presses and files of The  New  York Times because the Pentagon papers
were found on  their  premises;  such  raids  are  expressly  forbidden by  the
Privacy Protection Act.

    With the help of the Electronic  Frontier Foundation, Jackson is  suing the
Secret Service for  violating  his  Constitutional  rights.   Specifically, his
lawyers are arguing that the  request  for  the  search  warrant caused a prior
restraint of a publication, was misleading   because  it did not tell the judge
that SJG was a publisher,  did  not   meet  the  specificity requirement of the
Fourth Amendment,  and  failed   to  establish  probable  cause  that  criminal
activity was taking place.  The  case  is  in  litigation.  [Actually he won it
about a week and a half ago- see "Steve Jackson wins" -EGBSS!}

    Meanwhile,  the  EFF  has  been   working   on  model  search  and  seizure
guidelines, which they hope to persuade  the American Bar Association  to adopt
in place of  its  current  guidelines  for  the  issuance  of  search  warrants
relating to business records. In  an  attempt  to make searches  less intrusive
and destructive, EFF recommends that:

1.  computers used for publishing  or  electronic  bulletin boards be  afforded
    the same First Amendment protections as other means of  publication;
2.  in determining if just cause for seizure of equipment and  software exists,
    judges shift the emphasis from  what  is  technologically possible (e.g. an
    electronic trip wire that can erase  all data) to what is likely to happen;
3.  the search of computer disks take place on a business's  premises, whenever
    possible;
4.  under most circumstances,  computers  be  seized  only  when  they  are the
    instruments of a crime.


                                Bulletin Boards

    Electronic bulletin board systems  are  an  increasingly pervasive  mode of
electronic communication and probably the  most vulnerable to  censorship. Part
of  the  problem  stems  from  a  lack  of  definition.  Are   bulletin  boards
publishers, common carriers, broadcasters, electronic  file cabinets, owners of
intellectual property, private forums,   libraries,  newsstands, a combination,
or none of the above? How they  are  categorized will determine if and how they
are regulated.

    BBSs are relatively new, dating from about  1978; today, as many  as 60,000
may be operating in  the  U.S.  Though  most  are  small  and  specialized, the
government operates several big  ones,  such  as   InterNet, and businesses run
others, including the  two  largest:   Prodigy  (owned  by  IBM  and Sears) and
CompuServe (a subsidiary of H & R  Block). These BBSs allow individuals to "log
on" to a host computer by  use  of  a  modem and telephone lines. Once they are
hooked up, users can  participate  in electronic conferences, or conversations,
send  electronic  or  E-mail  to  specific  individuals,  and  "post"  messages
directed at a general audience.

    Most BBSs neither monitor nor control  E-mail,  but many edit or  otherwise
restrict the messages on their bulletin boards.  Some, such  as the Whole Earth
'Lectronic Link (the WELL)  in  Sausalito,  CA,  place   all responsibility for
words posted on their system with the author,  removing only clearly illegal or
libelous material. The  WELL   community  of  about  5,000  members  so far has
regulated itself  effectively. Other systems are less tolerant.

    In 1988, Stanford University attempted  to  block  a  jokes section  of the
bulletin board Usenet after becoming  aware  of  an ethnically  derogatory joke
posted on it.  The  ban,  though  official  policy,  could   not be implemented
technically, and the jokes continued  to  be   available throughout the campus.
After a protest by students and  faculty, the ban was lifted.

    Prodigy has  been  more  successful  in  controlling  the  content  of  its
bulletin board. It claims the right to  do so as a private company  contracting
with customers to deliver a service, and  as a publisher  selecting the content
of its on-line publication  much  as  an  editor  edits a letters-to-the-editor
page. Messages are first scanned  by  a   computer  to  catch words and phrases
Prodigy deems offensive, then  vetted by employees before being posted.

    This editing has  made  for  considerable  controversy  in Prodigy's  three
years of existence. In 1989, Prodigy cut  out  a section of its  bulletin board
called  "health  spa"  after  a   yeasty   exchange  between   homosexuals  and
fundamentalists. The next year, it banned messages  from members protesting its
pricing and editorial  policies.  Then  this   past  year,  the Anti-Defamation
League publicly condemned the bulletin  board for carrying grossly anti-Semitic
messages. Prodigy responded  that the messages were protected speech, but added
the puzzling   explanation  that  it  made  a  distinction  between  derogatory
messages  aimed at individuals and those aimed at groups.

    The question of what legal  precedent  to  apply  to bulletin boards  moved
closer to resolution with a court ruling late in 1991. In Cubby  v. CompuServe,
an electronic newsletter called Skuttlebut claimed that  it had been defamed by
a competitor known as Rumorville, which  CompuServe publishes on its Journalism
Forum. A federal judge in New   York likened electronic bulletin boards neither
to publishers nor  common carriers, but  to distributors of information such as
newsstands, bookstores and libraries to  which  a  lower standard of  liability
applies. He decided, therefore, that CompuServe  could  not be  held liable for
statements published through its  electronic  library,  particularly because it
had no reason to know what was contained  there.


                      ELECTRONIC INFORMATION AND PRIVACY

    Private facts about individuals are  much  easier  to  gather and  store on
computer than on paper and are  much more accessible to  unauthorized scrutiny.
Thus, computer  monitoring  challenges   traditional  expectations  of privacy,
exposes nearly every facet of  an   individual's  life to potential public view
and commercial use, alters  the  relationship  between employers and employees,
and opens the way  for  unprecedented  government surveillance of citizens. For
these  reasons, concerns  about  the  courts'  vitiating  the  Fourth Amendment
intensify when computer-based communication and surveillance are  involved.

    Gary Marx, professor of sociology at MIT, notes ten  characteristics of new
kinds of computer- based monitoring that make  them particularly intrusive:
#   They transcend boundaries...that traditionally protect privacy.
#   They  permit  the  inexpensive  and  immediate  sharing  and  merging   and
    reproducing of information.
#   They permit combining discrete types of information.
#   They permit altering data.
#   They involve remote access which complicates accountability issues
#   They may be done invisibly
#   They can be done without the subject's knowledge or consent.
#   They are more intensive.
#   They reveal previously inaccessible information.
#   They are also more extensive and they cover broader areas.


                             Privacy and Property

    At a meeting of Computer  Professionals  for Social Responsibility  held in
Cambridge, MA October  1991,  John  Shattuck,  Vice  President for  Government,
Community and Public Affairs at Harvard  University,  noted  that when the Bill
of Rights  was  written,  personal  liberty  was  closely   linked  to  private
property. Thus, the Fourth Amendment protected  concrete things and places from
unreasonable government intrusion.

    This idea was first upheld in  relation  to electronic technology  in 1928,
when the Supreme Court ruled  in  Olmstead  v.  United  States  that the Fourth
Amendment did not apply to wiretapping because  telephone communication was not
a material thing. (It was in his   dissent on this ruling that Justice Brandeis
defined privacy as "the  right to be left alone.")

    The  principle  of  protection  for  tangible  property  remained   largely
unchallenged until 1967. Then, in  Katz  v.  United  States, the  Supreme Court
decided that the Fourth  Amendment  "protects  people,  not   places," and was,
therefore,  applicable  to  wiretapping  and  electronic   eavesdropping.  This
decision brought  a  person's  ideas,  politics  and   communication  under the
Amendment's protection for the first time, and  set "reasonable expectation" as
the standard by which to  measure   privacy  rights.  According to Shattuck, it
also began a revolution in  Fourth Amendment law.

    From 1967 until the Electronic Communication  Protection Act was  passed in
1986, the only electronic  communication  covered  by  law  was   what could be
heard. Nearly all computer-based   communication  remained  outside traditional
and  legal  privacy  protections,  even  as   it  was   becoming  the  dominant
technology.

    Much of digital communication in  the  U.S., including medical,  insurance,
personnel and retail  transactions  still  lacks  firm  legal   protection from
intrusion, and the FBI recently  proposed  legislation  that would require that
all new telephone systems be  designed  to  allow   wiretapping, an ability the
agency fears is endangered by new  technology. In the privacy arena, the United
States still lags far  behind  Canada,  Australia  and Western Europe, where at
least  six   countries  have  a  constitutional   right  to  privacy  and  data
protection.   Commercial Uses

    The Fourth Amendment and  the  Privacy  Protection  Act  apply only to  the
federal government, leaving  commercial  intrusion  to  be addressed  piecemeal
over the past two decades. For instance,  the Supreme Court  ruled in 1976 that
there was no constitutional protection for personal  information held by a bank
because bank customers  do  not  own  these   documents.  In response, Congress
passed the Right  to  Financial  Privacy   Act  two  years  later  to  create a
statutory protection for bank records.

    In 1977, the federal  Privacy  Protection  Study  Commission looked  at the
Privacy  Act,  seen  then  as  a   flawed  compromise,  and  issued  over   100
recommendations, many of which died  at  birth. However, one  recommendation --
that the Privacy Act not be  extended  to  the private  sector, which should be
allowed to comply voluntarily -- was more or  less adopted by default.

    Other laws have since been  passed  to  control private access to  personal
information,  including  the  Fair  Credit  Reporting  Act  (1970),   the  Debt
Collection Act (1982), the  Cable  Communications  Policy  Act   (1984) and the
Video Privacy Protection Act (1988). Recently, Rep.  Robert Wise (D- WV), chair
of the Subcommittee  on  Government   Operations,  tried  to  establish  a Data
Protection Commission, but  without giving it regulatory power.

    As technology makes its easier  to  match databases and repackage  personal
information in commercially valuable forms,  unease  increases  over the amount
of information gathered and retained, where it comes  from, how accurate it is,
what use is made of it, and  how  individuals  can control that use, especially
when it is reused. Again, computers  exacerbate the problem because they create
a pervasive and long- lasting information  trail that is decreasingly under the
control of  the individual involved.

    Often there is no direct  relationship  between individuals and the  keeper
of information about them, as with  credit  bureaus. Other  businesses, such as
telephone  companies  and  airlines,  collect   information  routinely  without
external regulation of who sees the   records  or  how long they are kept. Even
when there is an intimate  connection, as with medical information, the lack of
legal  protection   allows  genetic  information  and  records  of  job-related
injuries, for  example, to end up  in  private  databases that are available to
employers and insurance companies.

    Control over one's personal  facts  becomes  even  more  tenuous when  data
collected by one organization  are  sold  to  another, which happens  regularly
without the individual's  consent.  This  "second  use"  takes  place primarily
among  businesses,  but  non-profit  groups  sell  their   mailing  lists,  and
government agencies compare  databases  with   businesses  and  each other: tax
returns with welfare or student-loan   records,  for example. In 1991, Governor
William Weld  of  Massachusetts   proposed  selling  computer  access  to state
Registry of Motor Vehicles  records to  private companies, but was dissuaded by
vocal legislative  opposition to the plan.

    Privacy  advocates  are  also   troubled   by   deceptive  data  collection
techniques and inaccurate information that  can  be difficult and  expensive to
correct. In July 1991, six state attorneys  general sued  TRW, one of the three
big credit-reporting companies, for failure to  correct major reporting errors.
TRW eventually agreed to supply  individuals  with  free copies of their credit
files on request; other  companies still charge for such reports.

    Computers also provide a mechanism for fighting this Big Brother  scenario.
In  1990,  Lotus  Marketplace  worked  with  Equifax,  another   consumer  data
collector, to put portions of its database onto compact  disk so that marketing
information about  individuals  could  be  sold  in   a  convenient  format  to
businesses. When the plan became public, it  occasioned an outcry of surprising
proportions -- about 30,000  responses, many  from people who had learned about
the project through  electronic  forums,  and  nearly  all negative. In January
1991, Equifax  and Lotus bowed to the pressure and scrapped the project.


                             Privacy  Protections

    For the past several years,  privacy  advocates  have been working  to pass
policies and laws to  protect  individuals  from  the unwanted  intrusions into
their personal lives that computers make easy and  appealing to businesses. The
guiding principles for privacy  policy  are   well  summed  up  in a 1989 paper
written by Jerry Berman and Janlori  Goldman for the Benton Foundation:
1.  Information collected for one purpose should  not  be used for a  different
    purpose without the individual's consent.
2.  Policy should be developed with an eye towards new advances in  information
    technology and telecommunications.
3.  Legal limits should be  placed  on  the  collection  and  use of  sensitive
    information -- the more sensitive  the  information, the more  rigorous the
    disclosure standard.
4.  Individuals must be provided with easy  access to their  records, including
    access to computerized records, for the purpose of  copying, correcting, or
    completing information in the records.
5.  Exemptions for non-disclosure  should  be  clearly  justified and  narrowly
    tailored to suit the requester's need.
6.  Legislation should  include  enforcement  mechanisms,  such  as  injunctive
    relief, damages, criminal penalties, and  reimbursement of  attorney's fees
    and costs.


                              Watching Employees

    Also in the private sector, computers are increasingly being used  to track
employees' use of time, productivity,  and  communication  with  each other and
the public. According  to  Karen  Nussbaum,  Executive   Director  of 9to5, the
national organization of office workers, the   work  of 26 million employees is
monitored electronically,  and  the   evaluation  and  pay  of  10  million  is
determined by computer-generated  statistics. This  kind  of monitoring is more
intrusive than human   supervision,  she  points  out,  because  it watches the
personal habits of  employees and because it is constant.

    As a form of surveillance, employers  often  reserve the right to  read the
electronic  mail  of  employees  and   may   do   so  because  the   Electronic
Communications Privacy Act protects electronic  mail  only on  public networks.
The E-mail  systems  of  large  corporations,  including   Federal  Express and
American Airlines, automatically inform workers  that the company may read mail
sent over the systems. Other companies  do not inform, but read anyway. When an
employee of Epson America, a  California-  based computer company, learned that
this was the  company's practice and  complained,  she  was fired the next day.
Her  lawsuit charging wrongful termination is in litigation.

    In the fall of 1991,  Sen.  Paul  Simon  (D-IL) introduced  legislation (S.
516) which would require that  employees  and  customers   be notified if their
electronic communication  and  telephone   conversations  are  being monitored,
either in specific instances  or  as   a  policy  of  their  employer. Rep. Pat
Williams (D-MT) has introduced  similar  legislation  in  the House (HR. 1218),
and both bills are in  committee.


                            Government Surveillance

    The United States government is the largest collector of  information about
people in this country and perhaps  the largest  keeper of personal information
in the world. This information  consists   mostly  of separate records, such as
tax and social security  files,  but   in  a  1986  study, Congress's Office of
Technology Assessment determined  that, because these  files can be matched and
combined, a de facto  national database on Americans already exists.

     Other information is gathered by  surveillance.  The FBI's National  Crime
Information System (NCIC)  is  a  high-speed,  computerized  system  containing
criminal justice information, including Secret Service  investigations, missing
person files, and criminal histories or "rap  sheets." The system began in 1967
and  now  runs  about  one  million   transactions  each  day.  Information  is
maintained on a computer in  Washington,  DC,  which is connected to each state
and to  60,000  offices   including  those  of  sheriffs,  prosecutors, courts,
prisons, and  military investigators. For instance,  a police officer using the
NCIC  system to find out if a  driver  he  or  she  has stopped is wanted for a
crime can call up fingerprints and photos  on  the database to make an  on-the-
spot identification.

    The NCIC is proud of the efficiency  of  its system and claims that  it has
built in safeguards against inaccuracy and abuse. Civil  libertarians, however,
have doubts. In  addition  questioning  whether   arrests  for  current actions
should be made on the basis  of  past   behavior,  they  point out that data on
arrests may be stored separately  from  data on convictions, and that computers
make it harder to  control   the  spread  of  inaccurate, outdated or ambiguous
information. They also  fear that the  ease  in using the system will encourage
police to be  less discerning in stopping people for investigation.

    There is concern too that the system  can  be used for purposes  other than
criminal  justice,  with  information  shared   when  someone   applies  for  a
government or military  job  or  a  professional  license.  In   1988,  the FBI
suggested connecting the NCIC to the computers of the  Department of Health and
Human  Services,  the  IRS,  the   Social   Security   Administration  and  the
Immigration and Naturalization Service; the  plan was eventually defeated. More
recently, alarms were raised by   disclosures  that  the FBI conducted years of
surveillance of political   opponents  of  the  Reagan administration's Central
American policy,  though they had committed no crime.


                           Library Awareness Program

    On June 8, 1987, a  clerk  at  Columbia University's Math/ Science  Library
was approached by two FBI agents  who asked for information  about "foreigners"
using the library. This was, the  agents  said,  part  of the Library Awareness
Program under which the FBI tried  to  enlist   the assistance of librarians in
monitoring the reading habits  of   "suspicious" individuals, variously defined
as people with  Eastern   European  or  Russian-sounding  names  or accents, or
coming from  countries hostile to the U.S.  [Ha  ha  ha! So much for the end of
the Cold War! -EGBSS]

    It is still unclear how  extensive  the  program  is -- FBI officials  have
given contradictory information -- but  the American Library  Association (ALA)
has verified 22 visits in various parts of the  country that appear to have had
the same purpose, and, in one  statement, the FBI said the program was 25 years
old. The FBI has also  requested  computerized check-out records from technical
and science  libraries and has  asked  private information providers, including
Mead  Data Central and Charles  E.  Simon  Co.,  to  help  monitor use of their
databases. Although public and  university  libraries  do  not have  classified
information, the FBI has justified its interest in library  use by a version of
the  "information  mosaic"  theory:  that   discrete   and   benign  pieces  of
information can be put together to  present  a danger  to national security and
therefore need to be controlled.

    Monitoring library usage is  illegal  in  44  states  and  the District  of
Columbia and violates an  ALA  policy,  dating  from  1970, that  prohibits the
disclosure of information about patrons' reading habits.

    In July 1987, the ALA wrote the FBI to inquire about the Library  Awareness
Program, and the National Security  Archive  filed  an FOIA  request asking for
records about the program. The FBI responded that  it had no records under that
name, and Quin Shea, who was  then  Special   Counsel to the Archive, says they
probably didn't, since the real name  of the program is classified. The Archive
filed a second FOIA request  that September, and the ALA filed its own requests
in October and  December.

    In September 1988, the ALA  Intellectual  Freedom Committee met  with high-
level representatives of  the  FBI.  That  same  month,  FBI   Director William
Sessions wrote Rep. Don Edwards (D-CA)  that  the   program would be limited to
technical  libraries  in  the  New  York   City   area,  presumably  where  the
concentration of spies is greatest,  and   that cooperation of librarians would
be voluntary. It was only  in  the   summer  of  1989,  after Edwards and other
members of Congress had gotten  involved and the Archive had sued the FBI, that
about 1200 pages of  documents were released. These showed, among other things,
that some  librarians did cooperate. The Archive is again suing the FBI for the
release of more material.


                       ACCESS TO GOVERNMENT INFORMATION

    Privacy advocates and policy makers have long emphasized the  importance of
an individual's right to review information held about  him or her. But, though
the federal government has been collecting   large amounts of information since
the end of the last century,  the   public's  right to monitor that information
and the government's  activities, has gained cache only fairly recently.

    The Freedom of Information Act (FOIA) was passed in 1966, and  strengthened
in 1974, followed in 1976  by  the  Sunshine  Act.  These laws  gave the public
greater access to information about  government  practices and decision making.
Significantly, this swing toward  openness in government took place at the same
time that technological  developments provided the government with ever greater
information-  collecting abilities.

    Information policy, the  means  by  which  government  information is  made
available, can be divided into three  broad categories:  disclosure, access and
dissemination. The past decade  has  seen   cutbacks  in  all  three areas: for
example, a 10% annual  increase  in   classification  decisions since 1982; the
elimination or privatization  of one in four government publications since 1981
under the Paperwork  Reduction Act; and  foot dragging or outright hostility on
Freedom  of   Information  requests.   In   addition,  the  computerization  of
government   operations  has  consistently   been   designed  for  bureaucratic
efficiency  with little interest in  increased  openness or access.  Electronic
Access and Freedom of Information

    One  major  area  of  debate  in   information  policy  is  the  effect  of
computerization on the FOIA. Theoretically  at  least,  it is easier to  search
and retrieve records by computer than by hand, thereby  lessening the burden on
the responding agency and making them more  amenable to FOI requests. But it is
also likely  that  the  volume  and   variety  of  requests  will  grow  as the
possibilities of information  searches become apparent.

    The Act mandates that records  of  the  executive  branch of  government be
available to the  public  on  request,  exempting  only  nine  narrowly-defined
categories, and it  is  almost  universally  accepted  by   now that electronic
records are covered along with those on paper.  There have been legal decisions
to the contrary, which  have  placed   privacy  above  disclosure concerns, but
these have usually involved  requests for information to be used commercially.

    However, since the FOIA was written  with  paper  records in mind,  it left
unaddressed the questions  of  what  constitutes  a  record  and  a  reasonable
search, and what format is  required  for  making information  available. These
and other disputes are currently being  arbitrated by  the courts, Congress and
the agencies involved.  The  balancing  act   between  access  and privacy also
becomes trickier with electronic  storage of  information. In 1977, the Supreme
Court looked at a state's   records  of  people who obtained prescription drugs
legally  and   determined  that  this   centralized  file  included  sufficient
safeguards  to protect  privacy,  making  it  constitutional.  Still, the Court
found  that government collection of personal information did pose a threat  to
privacy  because   "that   central   computer   storage   of   the   data  thus
collected...vastly increases the potential for  abuse  of that  information." A
similar privacy concern informed a more recent Supreme  Court decision in which
the Reporters Committee for Freedom  of  the   Press  was  denied access to FBI
criminal history records in  computerized form.

    In addition to arguing against disclosure  on privacy grounds, the  Justice
Department has opposed requests for records analyzed and  combined by computer,
maintaining that this is equivalent  to  creating   a new record, something the
FOIA does not require an agency  to  do.  Independent studies, however, tend to
conclude that this is more like  searching through an electronic filing cabinet
and suggest that  disputes  be  settled  by  applying  a standard of reasonable
effort, a  term yet to be defined satisfactorily.

    A third  major  area  of  dispute  is  the  form  in  which  the  requested
information  is  made  available.   This   problem   arises  in  two  different
situations: where the data exist in more than one format and a  requester has a
preference, and where they do not exist  in the format  requested. The first is
more common and more controversial. In  1984,  a  district court ruled that the
government does not have to provide  information in a requested format in order
to fulfill its FOIA  obligation  (Dismukes  v.  Department  of Interior, 603 F.
Supp. 760 (DDC  1984)). But in Department  of Justice v. Tax Analysts (492 U.S.
136  (1989)), the court determined that  an  agency can withhold a record  only
if it falls under one of the  delineated exemptions. This ruling  suggests that
such a rationale would override Dismukes in a new court  case.

    In 1989, the Justice  Department  asked  federal  agencies how they  viewed
their obligations under FOIA  to  provide  electronic  information.  The survey
found wide variation among agencies, but a tendency against  disclosure:
#   76% of the respondents did not think  the law required them to  create new,
    or modify existing, computer programs to search for  requested information;
#   47% did not think they had to  create new programs to separate  disclosable
    from classified information;
#   59% did not think the  FOIA  required  them  to  comply with the  requested
    format.

    Sen. Leahy is attempting to  codify  these requirements through a  proposed
Electronic Freedom of Information Improvement  Act  (S. 1939),  which will come
up for a  hearing  this  spring.  This  amendment  to  the   FOIA would require
agencies to provide records in the form requested  and make a reasonable effort
to provide them in electronic form, if  requested, even if they are not usually
kept that way. It defines   "record"  to include "...computer programs, machine
readable materials  and  computerized,  digitized,  and electronic information,
regardless of  the medium by  which  it  is  stored..."  "Search" is defined to
include  automated examination to locate records.

    While many researchers and journalists  support  Leahy's bill, some  public
interest groups  worry  that,  like  other  legislation  targeting   electronic
communication, this will draw unwelcome  scrutiny  to the  issue. Instead, they
support an evolutionary process  involving   education  and specific appeals to
agencies.


                        Transactional Data and the IRS

    The manipulation of data in a usable  format is a useful tool in  analyzing
how  government  agencies  really   work.   One   particularly  rich   vein  is
transactional information, data recorded by  government  agencies in the course
of their work. When this information is  matched  with other statistics, it can
be analyzed to reveal what might  otherwise be obscured about the activities of
the government.

    A successful practitioner of this  kind  of investigation is  investigative
journalist David Burnham. In A Law  Unto  Itself: Power,  Politics and the IRS,
Burnham reports that computerized files  obtained   from  the IRS revealed that
audit rates vary widely among sections of   the country, as does the likelihood
of property seizure for delinquent   taxes.  He  also discovered that there had
been no increase in non-  compliance rates over the past 15 years, although the
IRS used the  threat of increasing  tax  evasion  as a basis for requesting new
money  for enforcement. The IRS had  failed  to  adjust for inflation or margin
of error in their calculations.

    Burnham drew some of his conclusions from the work of Susan Long,  Director
of the Center for Tax Studies at Syracuse University. Burnham  and Long founded
the Transactional Records Access Clearinghouse (TRAC)  with the goal of forcing
the release of government data not available  before. Long, who began her siege
on the IRS in 1969, filed 13 FOIA   requests to that agency and frequently took
it to court to force  it  to   open  its  records.  She won a precedent-setting
victory in Long v. IRS  (596 F. 2nd 362 (9th Cir. 1979), with a ruling that the
FOIA  definition of  "record"  covered  data  on  computer  tapes. Her lawsuit,
concerned the Taxpayer Compliance  Measurement  Program (TCMP), which  measures
the effectiveness of  the  IRS  system  and  determines  who  will  be audited.
Although the data produced were kept  so  secret  that they  were withheld even
from the Government Accounting  Office,  Long  found   that the information had
little effect on the IRS's audit coverage,   even when it pointed up regions or
classes that were under- audited.


             ENHANCING FREE EXPRESSION WITHIN THE ELECTRONIC FORUM

    The dangers of  assuming  that  because  a  technology  is  value-free  and
neutral, the uses to which it is  put  will also be benign are well- documented
and real. But for all  the  new  or  magnified threats to  individual liberties
arising from computer-assisted communication, the  electronic forum also offers
the means to  increase  those  liberties  by   expanding  the possibilities for
talking and working together and for   building political and social alliances.
Widespread and fairly  allocated  computerized  resources  can offer: increased
citizen  participation  in  and  oversight  of  government  affairs;  assembly,
organizing and debate unrestricted  by  geographical  distances or  boundaries;
decentralized decision making; a challenge  to news and  publishing monopolies;
rapid  international  exchange  of   information;   and  individually-tailored,
focused information  to  combat  the   information  glut  that  interferes with
communication.

    Stewart Brand has said that information wants  to be free, and  this may be
nowhere more true than in electronic communication, which,  by its very design,
abhors censorship and monopolies  (though  history   has proven that technology
does not outsmart repression for long).  It   is important that those concerned
with civil liberties enter the  electronic forum with a mixture of optimism and
vigilance and take  part in the debate on its future while that debate is still
open.


                           FOR FURTHER INFORMATION:

Berman, Jerry and Janlori Goldman.  A Federal Right of Information Privacy: The
Need for Reform.  Washington, DC: Benton Foundation, 1989.

Berman, Jerry.  "The  Right  to  Know:  Public  Access  to  Electronic   Public
Information." Software Law Journal Summer 1989:491-530 (reprinted by The Markle
Foundation).

Burnham, David. A Law Unto  Itself:  Power,  Politics  and the IRS. NY:  Random
House, 1989.

  "        " The Rise of the Computer State. NY: Random House, 1983.

Demac, Donna A. "The Electronic Book." American Writer Winter 1992.

Ermann, M. David et al. Computers, Ethics, & Society. NY: Oxford UP,  1990.

Index on Censorship July 1991. Section on computers and free speech.

"Is Computer Hacking  a  Crime?  A  Debate  From  the Electronic  Underground."
Harper's March 1990:45-57.

Lacayo, Richard. "Nowhere to Hide." Time 11/11/91: 34-40.

Office of Information and Privacy. Department of Justice Report on  "Electronic
Record" Issues Under the Freedom of Information Act.  Washington, DC, 1990.

Perritt, Henry H. Jr. (prepared report). Electronic Public Information  and the
Public's Right to Know. Washington, DC: Benton Foundation, 1990.

Pool, Ithiel de Sola.  Technologies  of  Freedom.  Cambridge,  MA:  Harvard UP,
1983.

Proceedings of The  First  Conference  on  Computers,  Freedom  &  Privacy. Los
Alamitos, CA: IEEE Computer Society Press, 1991.

Reporters Committee for Freedom of  the  Press.   Access to Electronic Records.
Washington, DC, 1990.

Rosenberg, Roni. Selected and Annotated Bibliography on  Computers and Privacy.
Palo Alto: Computer Professionals for Social Responsibility.

Scientific American. Special issue on  communications, computers  and networks.
Sept. 1991.

Shattuck, John and  Muriel  Morisey  Spence.  Government Information  Controls:
Implications for Scholarship, Science  and  Technology. Association of American
Universities  occasional paper, 1988.

Westin, Alan. Privacy and Freedom. NY: Atheneum, 1967.

 RESOURCES

ACLU Project on Privacy and Technology  122  Maryland Avenue, NE Washington, DC
20002 (202) 675-2320 privacy issues

Computer Professionals for Social Responsibility  National  Office P.O. Box 717
Palo Alto, CA 94302 415/322-3778 general political and social issues

Electronic Frontier Foundation 155 Second  Street  Cambridge, MA 02141 617/864-
0665 general political and legal issues

National Writers Union 13 Astor Place, 7th  floor New York, NY 10003 (212) 254-
0279 intellectual property issues

Public Citizen 2000 P Street,  Suite  700  Washington,  DC 20036 (202) 833-3000
privacy issues

Reporters Committee for Freedom of  the  Press  1735  Eye Street, NW, suite 504
Washington, DC 20006 (202) 466-6312 access to government information

Transactional Records Access Clearinghouse 478  Newhouse  II Syracuse, NY 13244
(315) 443-3563 access to government information

 For more information, contact: Gara  LaMarche,  (212)  972-8400 (o) (718) 789-
5808 (h)
                                   *   *   *

This newsletter is a publication of  the  Fund  for Free Expression,  which was
created in 1975 to monitor and combat  censorship  around the  world and in the
United States. It  was  researched  and  written  by  Nan  Levinson,a freelance
writer based in Boston and the U.S. correspondent  for Index on Censorship.

The Chair of the Fund  for  Free  Expression  is  Roland Algrant; Vice  Chairs,
Aryeh  Neier  and  Robert  Wedgeworth;   Executive  Director,  Gara   LaMarche;
Associate, Lydia Lobenthal. The members are  Alice Arlen,  Robert L. Bernstein,
Tom A. Bernstein, Hortense Calisher, Geoffrey  Cowan, Dorothy Cullman, Patricia
Derian, Adrian DeWind,  Irene  Diamond,   E.L.  Doctorow,  Norman  Dorsen, Alan
Finberg, Francis  FitzGerald,  Jack   Greenberg,  Vartan  Gregorian,  S. Miller
Harris, Alice H. Henkin, Pam   Hill,  Joseph  Hofheimer, Lawrence Hughes, Ellen
Hume, Anne M. Johnson,  Mark Kaplan,  Stephen Kass, William Koshland, Judith F.
Krug, Jeri  Laber, Anthony Lewis, William Loverd, Wendy Luers, John Macro, III,
Michael Massing, Nancy Meiselas, Arthur Miller,  The Rt. Rev. Paul  Moore, Jr.,
Toni Morrison, Peter Osnos, Bruce  Rabb,  Geoffrey  Cobb   Ryan, John G. Ryden,
Steven R. Shapiro,  Jerome  Shestack,  Nadine   Strossen,  Rose  Styron, Hector
Timerman, John Updike, Luisa Valenzuela,   Nicholas A. Veliotes, Kurt Vonnegut,
Jr., Gregory Wallance and Roger  Wilkins.

The Fund for Free Expression is a  division  of Human Rights Watch,  which also
includes Africa Watch, Americas Watch, Asia Watch, Helsinki  Watch, Middle East
Watch, and special projects on Prisoners' Rights  and Women's Rights. The Chair
is Robert L. Bernstein and the Vice  Chair  is Adrian W. DeWind. Aryeh Neier is
Executive Director;  Kenneth   Roth,  Deputy  Director;  Holly  J.  Burkhalter,
Washington Director; Susan  Osnos, Press Director.


                        ------------------------------
