FOI Conference

2001 FOI update: Federal legislation

By Kevin Goldberg

The past year has produced a mixed bag in terms of FOIA and privacy-related bills introduced in Congress. Federal legislators continue to invoke national security as a means of restricting access to public information. Multiple bills sought to exempt from FOIA access documents that are provided to the government by private companies. While Congress was successful in passing legislation that would allow for criminal punishment of those who leak classified information — in effect creating an "Official Secrets Act" — President Clinton killed the bill with a last-minute veto.

Congress reacted to a groundswell of public sentiment in favor of protecting the personal information of Internet users by introducing several pieces of legislation to secure financial and medical information. None were enacted into law.

However, Congress again chose to protect itself first, ignoring bills that would have put its own documents on the Internet. In the early part of the 107th Congress, the Senate appeared ready to introduce a resolution intended to accomplish this goal.

What remains to be seen is the course Congress will take in 2001. Will it continue with attempts to restructure FOIA and protect personal privacy through piecemeal legislation? Or will Congress engage in some review of the present and future status of privacy and how it is affected by FOIA by enacting legislation to create a commission to study those issues?

Here's an overview of congressional action on FOI issues during the past year.

Classified information
Congress continued to keep a watchful eye over classified information and information related to sensitive defense interests. One bill introduced during the 106th Congress engendered a vociferous reaction from the public and press, which led to a presidential veto after congressional passage.

This piece of legislation, one section of a larger piece of legislation funding the intelligence activities of government, would have made small, but important, changes in current law. It would have criminalized the disclosure of classified information by government employees and others; the current law criminalizes disclosure and use. While the legislation contained no criminal sanctions against the press, it would have cut off an avenue of access to by specifically prohibiting its release (even though another statute — the current Section 798 — prohibits the release of much of the same information already).

The bill also would have covered a broader range of classified information than current law, applying to all classified information. Furthermore, it would not require that the disclosure be prejudicial to the national security of the United States or for the benefit of any foreign government, as required by the current Section 798. This also would have increased the Act's reach in terms of punishable disclosures.

S. 2507 was referred to the Senate Select Committee on Intelligence, which reported the measure on May 4, 2000. The Senate passed it on Oct. 2, 2000. The House version of the Fiscal Year 2000 Intelligence Authorization Act did not contain a similar provision affecting the distribution of classified information. On Oct. 10, the conference committee resolved the differences in these bills to include Section 303 (renumbered as Section 304) in the final version. This was approved by both Houses on Oct. 12 and sent to the president in the form of the House version of this Intelligence Authorization Act (H.R. 4392). President Clinton vetoed the bill on Nov. 4, 2000.

Defense Authorization Act
Another bill related to classified information was Section 1073 of the Fiscal Year 2001 Defense Authorization Act (HR 5408). This provision was enacted into law as part of that bill on Oct. 30, 2000. It created a new Section 130c in the title of the U.S. Code dealing with the Armed Forces, which allows national security officials to withhold from public disclosure sensitive information of foreign governments. Under this provision, information is considered sensitive if the information was provided by, made available by, or produced in cooperation with a foreign government; if the foreign government is withholding the information from public disclosure; and if one of the following conditions are met:

The foreign government requests, in writing, that the information be withheld.
The information was provided or made available to the United States on the condition that it not be released to the public.
The information is an item of information or category of information that the national security official concerned has specified as being information the release of which would have an adverse effect on the ability of the United States government to obtain the same or similar information in the future.

Finally, the Senate, in S. 2549, its version of the Defense Authorization Act, sought to exempt the operational files of the Defense Intelligence Agency from FOIA. Section 1045 of that bill would have affected both classified and declassified files held by the agency. Although the CIA had held such an exemption since 1984, no such exemption existed for files of the DIA. This section was rejected in conference and, therefore, did not become law.

Protection of critical infrastructure
Two bills were introduced which sought to protect the critical infrastructure of industries in the United States by restricting access provided to the government by private corporations. Neither became law.

HR 4246 was introduced on April 12, 2000, by Rep. Tom Davis, R-Va. It sought to encourage the secure disclosure and protected exchange of information about cyber security problems, solutions, test practices and test results, and related matters in connection with critical infrastructure protection. The bill attempted to achieve its goal through three means:

An antitrust exemption, which would protect companies from being sued as a result of engaging in conduct leading to an agreement for the purpose of avoiding a cyber security related problem.
The creation of special working groups to engage outside organizations in discussions to address security and exchange information about cyber security.
An FOIA exemption for information covered by the act.

The FOIA exemption would have applied to information shared by private entities with the government regarding the critical infrastructure. Critical infrastructure information was defined as any information relating to facilities or services so vital to the nation or its economy that their disruption, incapacity, or destruction would have a debilitating impact on the defense, security, long-term economic prosperity, or health or safety of the United States.

Any entity sharing critical infrastructure information with the government in the form of a cyber security statement would have been allowed to request that the information be exempted from FOIA. A cyber security statement was defined as any communication by a party to another concerning an assessment, projection, or estimate concerning the cyber security of that entity, its computer systems, software programs or similar facilities, or the implementation or verification of its cyber security, including any review or comment on the cyber security of the facilities. The term cyber security related to the vulnerability of any computing system, software program, or critical infrastructure to interference or incapacitation at the hands of outside agents.

The exemption also applied to information received by the government as part of a special data-gathering request. A special data gathering would occur when any federal agency or authority expressly designated a request for the voluntary provision of information relating to cyber security.

There proposal cited two instances in which critical infrastructure information falling under one of these categories could be disclosed to the public: when the information was obtained independently of the party's submitting the information to the government or when the submitting party expressly consented to the disclosure.

The bill was referred to the House Government Reform Committee and the House Judiciary Committee. A hearing was held in the subcommittee on Government Management, Information and Technology of the Government Reform Committee. No vote was held on the bill.

A third bill, aimed directly at protection of critical infrastructure by preventing computer crime, was introduced by Sen. Jon Kyl, R-Ariz., on Oct. 11, 2000. The Cyber Security Enhancement Act (S. 3188), would have allowed companies to submit information regarding weaknesses in their online systems, as well as information on threats and attacks. This information would have been exempt from public access; companies that shared cyber security information with each other would have received exemptions from antitrust laws. The bill, which was referred to the Senate Judiciary Committee, did not receive a hearing.

There is every indication that a cyber security bill will be introduced again in the 107th Congress. However, a number of organizations are working on language that can be used to remove some access concerns while allowing the bill to assuage the concerns of private companies that information provided will not be misused.

Privacy commission studies
Three bills were introduced in the 106th Congress which would have created a federally funded commission to hold hearings and conduct research into the future of privacy in the age of technology. Though none passed, they have been resurrected in the 107th Congress in an effort to ensure that any steps taken to protect personal privacy at the expense of access are the result of well-reasoned policies.

The three bills were HR 4049, S 1901 and S 3040. The two Senate bills died at the committee level without receiving a hearing. S 1901, sponsored by Sen. Herb Kohl, D-Wis., who introduced it on Nov. 10, 2000, sought to establish the Privacy Protection Study Commission to evaluate the efficacy of the Freedom of Information Act and the Electronic Freedom of Information Act Amendments of 1996. The point of the review was to determine whether new laws are necessary and to provide advice and recommendations. S 3040, introduced on September 13, 2000 by Sen. Fred Thompson, R-Tenn., sought to create a Committee for the Comprehensive Study of Privacy Protection, which would have been charged with similar tasks.

The House version was introduced on March 21, 2000 by Rep. Asa Hutchinson, R-Ark. It was referred to the House Government Reform Committee. Hearings were held in the Subcommittee on Government Management, Information and Technology on three days, April 12, May 15 and May 16, 2000, during which testimony was taken from a number of witnesses.

Some witnesses opposed the commission because they believed it was a stalling tactic; they preferred that Congress direct its efforts at existing legislation in the area of personal privacy rather than creating a commission. Other witnesses said the commission was necessary for the same reason that the Privacy Protection Study Commission of 1977 was needed — clear policies must be delineated before specific action is taken. Even those who supported the commission questioned whether the amount of funding would be enough and, whether it would be able to draft the required final report in its 18-month lifetime, and whether the selection and composition of the commission was workable.

The subcommittee approved the bill on June 14, 2000, and the Government Reform Committee followed suit on June 29. However, it did not receive the necessary two-thirds votes of the House to pass under suspension of the rules.

Rep. Hutchinson has reintroduced his bill in the 107th Congress. HR 583 was introduced on February 13, 2001 and referred to the Government Reform Committee.

EFOIA oversight
On June 14, 2000, the House Subcommittee on Government Management, Information and Technology held a one-day oversight hearing on the status of the Electronic Freedom of Information Act, four years after that Act's enactment. The subcommittee heard testimony from a number of witnesses representing a broad spectrum of organizations with an interest in FOIA. Among the groups represented at the hearing were the Office of Management and Budget, the United States Department of Justice, OMB Watch, the Reporters Committee for Freedom of the Press, and the Society of Professional Journalists.

Government representatives defended the steps taken to make information more accessible to the public. They pointed to the proliferation of government Web sites offering information to the public, the number of documents posted on those Web sites, and the guidance offered requesters.

Those representing the requester community pointed out a number of shortfalls in the Act's implementation, however. They said that agencies were not complying fully with the requirements of EFOIA and that there was insufficient oversight to keep enforce compliance. They also presented examples of problems encountered by the press in using EFOIA, such as the inability to process data in a useful format, continued delays in responding to requests, and resistance to providing information in a particular format.

Though the House has not announced what it will do to follow up on this hearing, the Government Accounting Office has received funding to undertake its own review of FOIA's effectiveness and EFOIA implementation.

Access to congressional documents
Three bills were introduced during the 106th Congress that would have increased access to congressional documents, including Congressional Research Service issue briefs, lobbyist disclosure reports, and gift disclosure reports. None received consideration by their committees of referral.

A Senate resolution proposed by Sens. John McCain, R-Ariz., and Patrick Leahy, D-Vt., would provide access to these same documents through various Senate Web sites. The resolution, which governs Senate procedure, would direct release of documents through a new Senate database, accessible through the Senate Sergeant-at-Arms' Web site. Documents that would be accessible include CRS Issue briefs (long considered one of the best sources of analysis of legislative issues), CRS Reports available to members of Congress, and CRS Authorization of Appropriations Products.

Information would not have to be placed on the Web site if it is confidential, as determined by the CRS Director or the head of the federal department or agency that provided the information, or if the documents are the product of a confidential research request by an individual, office or committee.

The Sergeant-at-Arms is also given the power, in consultation with the CRS Director, to redact from any posted document personal information about an employee of CRS and information that may infringe a protected copyright.

The resolution also states that the Secretary of the Senate, through the Senate Office of Public Records, must provide certain public documents through a web site created by the secretary's office and accessible through the United States Senate web site. These include Lobbyist Disclosure Reports, which will not be available until 90 days after they are received, and Gift Rule Disclosure Reports, which will not be available until five days after they are received. Without requiring their disclosure, the resolution also expresses the sense of the Senate that each committee shall provide Internet access to publicly available committee information, documents and proceedings.

Bills related to financial information
In addition to the nine bills introduced during its first session, the 106th Congress continued to work on bills seeking to protect financial information during its second session. Popularly named the Financial Information Privacy Act, these bills were introduced on May 4, 2000, by Rep. John LaFalce, D-N.Y., and Sen. Patrick Leahy, D-Vt. Both sought to strengthen consumers' control over the use and disclosure of their personal financial and health information by financial institutions. HR 4380 was referred to the House Committee on Banking and Financial Services and the House Committee on Commerce, neither of which took any action on the bill. S 2513, which was referred to the Senate Committee on Banking, Housing and Urban Affairs, met the same fate.

Sen. Leahy intended to reintroduce a version of his bill in the current session; it is more focused on the protection of health information. It will seek to close gaps left by health care privacy regulations released by the Clinton administration in 1999. Those regulations guaranteed patients the right to access their own medical records and restricted employer access to health care information. However, Leahy does not believe they went far enough to prevent the sale and marketing of personal information. His bill will create a private right of action to sue third party companies that misuse or sell patient information. It will also create an opt-in measure that will force marketers to obtain consumer consent before calling patients regarding treatment information.

Medical information measures
On Sept. 7, 2000, Rep. Tom Bliley, R-Va., introduced HR 5122, which would have opened the National Practitioner Data Bank to the public. This data bank was created by Congress in 1990 as an aid to state regulators, hospitals and other medical employers to monitor the performance of doctors. It kept track of malpractice and disciplinary actions filed against these doctors but remained hidden from public view at the behest of the American Medical Association. In the intervening time, the data bank has not achieved its desired purpose, as the lack of public review has allowed doctors to remain free from oversight under this system. The Hartford Courant reported that 60% of all hospitals never reported a doctor to the data bank and that the annual number of reports is less than that which would be expected, supporting the belief that many cases went unreported. The Courant also dug up a number of actual occurrences in which a doctor was dismissed from a hospital but the action was not reported.

Although Bliley justified his legislation as something necessary to "give consumers the tools they need to make informed decisions about their doctors," the American Medical Association continued to fight public access to the data bank. The bill was referred to the Committee on Commerce but did not receive a hearing.

Measures affecting historical documents
Continuing a recent trend, Congress considered three bills that would have granted special access to records documenting government interaction with foreign governments on sensitive matters. These bills have been opposed by some access advocates who fear that special interests will use them to create new exemptions n the FOIA.

The Japanese Imperial Army Disclosure Act (HR 3561), introduced on Feb. 1, 2000, by Rep. Brian Bilbray, R-Calif., would have required the disclosure under the Freedom of Information Act of documents regarding certain persons and records of the Japanese Imperial Army. It was referred to two House committees, the Government Reform Committee and the Select Intelligence Committee, but neither took any action.

The Nazi and Japanese War Crimes Disclosure Act of 2000 (HR 5390) would have extended the existence of the interagency working group established by the Nazi War Crimes Disclosure Act, enacted in 1998, and applied that act to records relating to the Imperial Government of Japan. The Nazi War Crimes Disclosure Act increased access to records held by the United States government.

HR 5390 was introduced on Oct. 5, 2000, by Rep. Bilbray and was referred to the House Government Reform Committee. No action was taken. A virtually identical bill, introduced on October 10, 2000 by Rep. Carolyn Maloney, D-N.Y., was referred to the Government Reform Committee, which took no action.

Cameras in the courtroom
One bill that made headway during the 106th Congress was S. 721, which would have allowed photographing, broadcasting, televising and recording of federal court proceedings for a three-year experimental period. The bill, introduced on March 25, 1999, by Sens. Charles Grassley, R-Iowa, and Charles Schumer, D-N.Y., did not pass the Senate, although a hearing was held on Sept. 6, 2000, in the subcommittee on Administrative Oversight and the Courts of the Senate Judiciary Committee.

Commemoration of James Madison's 250th birthday
On Sept. 12, 2000, Rep. Tom Bliley, R-Va., introduced a resolution, referred to the House Committee on Government Reform, commemorating the birth of James Madison on March 16. The resolution recognized the historical significance of Madison's birth, as well as his contributions to the nation and requested that the president issue a proclamation recognizing the 250th anniversary and calling upon the people of the United States to observe the life and legacy of James Madison with appropriate ceremonies and activities. The House approved the resolution on Oct. 2, 2000, and the Senate approval followed on Oct. 25, 2000.

In addition, on September 28, 2000, Sen. Jeff Sessions, R-Ala., introduced S 3137, a bill to establish a commission to commemorate the 250th anniversary of Madison's birth. The bill was passed by the Senate on Oct. 25, 2000 and by the House on Dec. 4. President Clinton signed the bill into law on Dec. 19, 2000. S 3137 directs the Government Printing Office to compile and publish a substantial number of copies of a book containing a selection of the most important of Madison's writings, along with tributes to him by members of the commission. It requires the coordination of one or more symposia, at least one of which must be held on March 16, 2001, devoted to promoting a better understanding of Madison's contribution to American political culture.

Kevin Goldberg of the Washington, D.C., law firm of Cohn & Marks is legal counsel for the American Society of Newspaper Editors.