From: iia.ipo@his.com Date: Tue, 19 Apr 94 08:53:50 Subject: INFORMATION POLICY ONLINE-APRIL Reply-To: iiaipo@his.com iiiiii iiiiii a INFORMATION POLICY ONLINE ii ii aaa ii ii aaa An Internet Newsletter ii ii aaa published by the ii ii aaaaaaaaa Information Industry Association ii ii aaa 555 New Jersey Ave., N.W. ii ii aaa Washington, DC 20001 ii ii aaa Internet: iiiiii iiiiii aaaaaaa Volume 1, Number 2, April 1994 ----------------------------------------------------------------- ***************************************************************** IN THIS ISSUE: [1] How Washington Fights Crime [2] Health Care Reform Spotlights Privacy of Health Care Records [3] IIA Pushes Fair Information Practices Guidelines [4] Opperman on Internet [5] This Could (Really!) Be the Year for Telecommunications Legislation [6] Calif. Bill Would Require All State Govt. Information to Be Disseminated via Internet [7] Federal Software Copyright Proposal Revived [8] Seminar Announcement: "Copyright Protection and the Information Superhighway: Writing the Rules of the Road" [9] About "Information Policy Online" and the Information Industry Association ***************************************************************** [1] HOW WASHINGTON FIGHTS CRIME by Steve Metalitz Senior Vice President of IIA and Editor of Information Policy Online It is spring and an election year, so inevitably the thoughts of Washington policymakers turn to crime -- not committing it but fighting it. Crime bills are perennial political crowd pleasers. This year, there have been some particularly strange twists to this biennial federal ritual. >From both ends of Pennsylvania Avenue, efforts are underway to help the nation fight violent crime by... restricting the flow of information. Information companies, not usually thought of as major players in the crime policy fields, need to jump in to protest this notion. The Senate jumped the gun in this race last fall, when it passed the Driver's Privacy Protection Act (DPPA) as part of an omnibus crime measure. Because, in a few celebrated cases, criminals have located their victims by looking up their license plates in public records maintained by state motor vehicle agencies, Sen. Barbara Boxer (D-CA) persuaded her colleagues to order all states to shut off all public access to these records, with a few limited exceptions. The House of Representatives broke ranks by actually holding two hearings in February on the companion measure, sponsored by Rep. James Moran (D-VA). Efforts have been underway since then to moderate the impact of the legislation, which would set a disastrous precedent for restricting access to all kinds of public records held by state and local governments. The March 21 redraft of the DPPA takes some steps in the right direction. It would allow, for example, broader access to motor vehicle records for use in research, litigation, and security investigations, and would make the penalties for improper disclosure more realistic. But it leaves unchanged the basic premise: that these traditionally public records should be "presumed secret" and that the federal government should dictate which business uses of such records are permissible or forbidden. The House crime bill hit a last-minute snag just before Congress' spring recess. The revised version of DPPA will be offered as an amendment to the crime bill on the House floor, probably during the week of April 10. It is almost sure to pass, and the final text of the legislation will be written by a House- Senate conference committee later in the spring. Now would be an excellent time to acquaint your House member [write to him or her at U.S. House of Representatives, Washington, DC 20515] with the value of access to public records, and to urge him or her to share this concern with members of the House Judiciary Committee, from which the conference committee members will be drawn. A better publicized initiative to fight crime through information policy is the brainchild of federal law enforcement agencies. The Digital Telephony and Communications Privacy Improvement Act of 1994 is a recycled version of a Bush Administration idea -- to require all the nation's telecommunications systems to be designed to facilitate law enforcement interceptions of voice and data traffic in digital formats. While the Republicans proposed to make telephone ratepayers foot the bill for the cost retrofitting and design changes needed to achieve this goal, the current Democratic version would hand the check to the taxpayers. So far, Congress has been unenthusiastic about the digital telephony proposal -- in great part, because a broad alliance representing the computer and telecommunications industries, and public interest groups, have raised so many questions about it. Speaking at a hearing on March 18, FBI Director Louis Freeh portrayed an effort to prevent digital technology from working a "de facto repeal" of law enforcement's authority to fight crime and terrorism through court-ordered wiretapping, while coalition witnesses denounced federal attempts to impede the development of valuable communications technologies and to turn the telephone network into a gigantic surveillance apparatus. The digital telephony proposal exemplified a trend. Several pending federal initiatives have the stated aim of increasing government's ability to monitor traffic on today's and tomorrow's information networks. The proposals range from cutting-edge cryptography such as the "Clipper Chip" proposal [see story in last month's IPO] to simple "law enforcement exemptions to laws such as the Fair Credit Reporting Act that were passed to protect personal privacy. The motivation is to give law enforcement better tools for fighting crime, but the impact could spread far beyond, into the perceptions of consumers and businesses about the security or insecurity of information networks and technologies. Not surprisingly, while federal officials are eager to talk about fighting crime, they are not always so enthusiastic about discussing these broader issues. For example, while the inquiry by the National Telecommunications and Information Administration into privacy and telecommunications covers as extraordinary range of questions about how the private sector acquires, uses and disseminates information, issues of governmental access to personal information are explicitly off limits. In the NTIA inquiry, as well as in the debate over DPPA and digital telephony, the information industry will continue to offer a broader perspective on attempts to fight crime by restricting the flow of information. ***************************************************************** [2] HEALTH CARE REFORM SPOTLIGHTS PRIVACY OF HEALTH CARE RECORDS Representative Gary Condit (D-CA) has introduced long anticipated legislation regarding privacy guidelines for the use and disclosure of health care records. "Regardless of how the health delivery and payment system is restructured," said Condit, "there is and will continue to be a need for a code of fair information practices." He referred to several studies and an Equifax/Louis Harris public opinion poll as support for the necessity of introducing legislation addressing uniform health confidentiality legislation. The bill, H.R. 4077, specifies that it covers only "protected health information," which is defined as "any information, whether oral or recorded in any form or medium, that is created or received by a health use trustee or a public health trustee in a state and relates to the past, present, or future physical or mental health of an individual, or payment for the provision of health care to an individual and identifies the individual..." A health care trustee is a person who receives or creates protected health information. Although information companies generally support the legislation, it raises questions for them. What impact will this legislation have for other types of information regulated by the government? How broadly will the definition of "protected health information" be interpreted? Will this bill prevail or will it be one of the privacy guidelines in other health care reform legislation? Condit's version seems likely to prevail because the subcommittee he chairs, the Subcommittee on Information, Justice, Transportation, and Agriculture, has jurisdiction over any section of any bill that addresses health care information. One thing is certain: health care information collection and privacy continue to be legislatively "hot" topics. ***************************************************************** [3] IIA PUSHES FAIR INFORMATION PRACTICES GUIDELINES The Information Industry Association has adopted and is espousing Fair Information Practices Guidelines. The FIP Guidelines have three main audiences: - Policymakers at all levels of government contemplating regulation of corporate information practices to protect privacy [See previous story]; - Information companies who can use the guidelines to make their own privacy policies to address customers' concerns; and - Members of the public who have growing concern about the way companies handle personal information. The guidelines consist of five general principles. 1. Companies are encouraged to: a) establish a policy on fair information practices regarding personally identifiable information they collect, use and distribute; b) make this policy publicly available; c) review the policy periodically and update it if needed; and d) establish means and standards for monitoring compliance with the policy and establish accountability for it. 2. Companies are encouraged to: take reasonable and appropriate steps to protect personally identifiable information against risks such as loss, and unauthorized access, use, modification, disclosure or destruction. If such information is provided to third parties, companies are encouraged to require those third parties to have comparable protections. 3. Companies are encouraged to: promulgate policies and practices that address the conditions associated with their receipt of all personally identifiable information, including the following: a) When such information is requested directly from the individual, the company is encouraged to disclose to him/her how it intends to use the information. b) When a company obtains such information from other private sources, it should be used only for purposes consistent with the conditions under which it was obtained. c) Collection, use and distribution of personally identifiable information should be in accordance with all applicable laws and regulations, including those pertaining to records collected by a government entity and made available to the public. 4. Companies are encouraged to: take steps to attain and maintain the highest practicable level of information quality, consistent with industry practice and customer need. 5. Companies are encouraged to: establish and implement an inquiry and inspection procedure, under which an individual can: a) Learn if the company has personally identifiable information about him/her; b) Have the information communicated within a reasonable time and under reasonable conditions; c) Have the company correct or delete inaccurate or incomplete personally identifiable information, or, if appropriate, have the company identify the source of the information so that the individual can seek to have the inaccurate or incomplete information corrected or deleted; d) Receive a prompt explanation if the company cannot fulfill an inquiry and inspection request, or if the company elects not to change or delete personally identifiable information which the individual has challenged as inaccurate or incomplete. IIA publishes the Fair Information Practices Guidelines together with a commentary on each principle and an 18-point Fair Information Practices Checklist to help companies develop or improve their fair information practices or privacy/data protection policies. ***************************************************************** [4] OPPERMAN ON INTERNET Vance K. Opperman, member of the U.S. Advisory Council on the National Information Infrastructure, has established an Internet address: . For persons without access to the Internet, a post office box has been established: Opperman/Internet P.O. Box 64503 St. Paul, MN 55164-0503 Vance K. Opperman is President of West Publishing Company and a member of the Information Industry Association. ***************************************************************** [5] THIS COULD BE THE YEAR FOR TELECOMMUNICATIONS LEGISLATION Some might call it March madness, but last month hopes were raised that Congress will actually pass comprehensive telecommunications reform legislation. The two House committees charged with the issue reported out substantially similar versions of legislation that is expected to go before the full House in April. On the Senate side, the Commerce Committee continued its hearings on schedule. Both chambers appear to be making progress rapidly on the issues of greatest concern to information companies. In the House, the Energy & Commerce and the Judiciary Committees have both completed action on H.R. 3626 (the Brooks- Dingell bill) and H.R. 3636, legislation authored by Telecommunications Subcommittee Chairman Ed Markey. Before mark- up, three primary issues of importance to information providers arose. First, the issue of defining electronic publishing for the purpose of establishing RBOC (regional Bell operating companies) separate subsidiary requirements moved ahead. The original version of H.R. 3626 contained language which almost every information provider agreed was inadequate to guarantee that the information services marketplace remain competitive. After mark-ups were complete, the Judiciary Committee had agreed to a definition that is very similar to what is contained in the Senate bill, S. 1822. While Energy & Commerce members did not go quite so far, the general consensus in Washington is that Chairman John Dingell's (D-MI) acceptance of expanding the definition can only bode well for future actions. The second major issue that ended favorably for electronic publishers was a clear recognition that states are not allowed to regulate rates for information services. Chairman Markey, at his subcommittee mark-up in February, had introduced a new version of H.R. 3636 which would have changed longstanding FCC policy and allowed states to regulate the rates charged by information providers. In the final analysis, however, the bill maintained the status quo, so that the marketplace and not regulators will set the rates. Finally, both Committees acted to endorse strong requirements that RBOCs must provide customer proprietary network information to all electronic publishers on the same terms and conditions that they supply such information to any electronic publishers, including their own subsidiaries. Because of differences in the versions of the bills reported out by each Committee, Chairman Brooks and Chairman Dingell are expected to work together to iron out areas of conflict. It appears that they will take a consensus bill to the House floor for action before May 1. On the Senate side, work continues. The Committee plans to continue hearings on its legislation, S. 1822, through early spring, but it is not certain whether mark-up will occur prior to House floor action. However, Chairman Hollings has indicated that he too believes this will be the year when Congress enacts a comprehensive telecommunications reform measure. ***************************************************************** [6] CALIF. BILL WOULD REQUIRE ALL STATE GOVT. INFORMATION TO BE DISSEMINATED VIA INTERNET A bill introduced in the California legislation would require that state public information which is currently computerized be available to the public at no cost by computer. The bill would require the CA Office of Information Technology in the Department of Finance to develop a plan to make copies of all information that is computerized by any state agency and that is subject to disclosure under three existing statutes accessible to the public in computer-readable form. In its current form, the bill, AB 2451, prohibits agencies from charging fees as a condition of accessing the information. However, during the debate surrounding last year's legislation to make CA legislative information available via the Internet, some lawmakers suggested that there be a "two-tier" pricing scheme for the information made available electronically. Under a proposed two-tier pricing structure, members of the public would be charged one price for the information or receive it for free and commercial users would pay a higher fee. The proponents of two-tier pricing want to use the higher commercial fees to raise revenue. ***************************************************************** [7] FEDERAL SOFTWARE COPYRIGHT PROPOSAL REVIVED Buried deep within a mammoth bill to reform the way the military and federal civilian agencies buy products and services is a bad idea that could make the federal government's information less accessible to information companies and to the general public. The idea is to allow the federal government to claim copyright in computer software developed by its employees. That would overturn a century-old policy that helps ensure that federal data are accessible to all comers for all appropriate uses. In past years, the proposal to give the federal government copyright over computer programs has been limited to software developed in cooperative research and development agreements between federal laboratories and non-federal researchers. The current proposal is far broader. It would amend section 105 of the Copyright Act -- the longstanding prohibition on copyright in works of the U.S. government -- to make the government the copyright owner of ANY computer program developed by a federal employee on the job. Potentially, software that is needed to access census data, Library of Congress files, federal scientific and technical data -- even the planned Government Information Locator Service itself -- could be claimed by the federal government and licensed exclusively, creating a de facto monopoly over previously public information. Of all places, this sweeping government power play over public information popped up in S. 1587, the Federal Acquisition Streamlining Act, introduced by Sen. John Glenn (D-OH). In February, as the bill moved onto the fast track for Senate action, an industry coalition assembled to fight the federal copyright provision. In March, fifteen coalition members -- including all the leading software trade associations, library organizations, and some press and public interest groups -- wrote the chairs of the two committees considering the bill. Calling the federal software copyright plan "profoundly problematic," the signers urged the committees to drop this provision. It appears that no one involved with Congressional consideration of S. 1587 had ever focused on this particular provision of the complex procurement legislation, so it may be possible to have it removed as the bill moves toward enactment. The Administration has given mixed signals about the proposal, and the outcome remains unclear. Letters from information companies and concerned citizens to Senators, particularly those serving on the Armed Services or Governmental Affairs committees, would be timely NOW! ***************************************************************** [8] PRE-CONFERENCE SEMINAR AT INFO TELECOM '94 The Information Industry Association is sponsoring a pre- conference seminar at Info Telecom '94. TITLE: "Copyright Protection and the Information Superhighway: Writing the Rules of the Road" DATE: Monday, April 25, 1994 TIME: 1:00 to 5:00 p.m. PLACE: Ritz Carlton Hotel 2100 Massachusetts Ave., N.W. Washington, DC COST: $100 for IIA members; $195 for non-members The seminar will focus on two major questions: (1) What are the practical risks faced by content providers in an online networked environment? and (2) What technological and/or legal solutions are essential for proprietary rights holders to do business in the new networked information environment? Speakers include Howard Reblitz (CCH Inc.), Stephen L. Haynes (West Publishing), Joseph L. Ebersole (Law Offices of Joseph L. Ebersole), Henry Perritt (Villanova Law School), and Kenneth Allen (IIA). ************************************************************** [9] ABOUT "INFORMATION POLICY ONLINE" INFORMATION POLICY ONLINE (IIA-IPO) is an online newsletter published on the Internet by the Information Industry Association and distributed free of charge. The purpose of the Newsletter is to inform readers of events and activities affecting information policy, and to present an information industry viewpoint concerning these events and activities. IIA-IPO is copyrighted by the Information Industry Association; however, IIA-IPO is distributed without charge and may be freely reproduced and redistributed. Please acknowledge IIA-IPO as the source of the information when quoting or redistributing the newsletter. TO SUBSCRIBE TO IIA-IPO: Send the message "subscribe" to . ARCHIVES. IIA-IPO is archived. To get archived copies, ftp to with the message "GET FILENAME." Individual monthly issues are archived with file names "iia0394.zip" for March 1994, "iia0494.zip" for April 1994, etc. ----------------------------------------------------------------- ABOUT THE INFORMATION INDUSTRY ASSOCIATION THE INFORMATION INDUSTRY ASSOCIATION represents leading organizations involved in the generation, processing, distribution and use of information. IIA is home base for businesses offering the innovative products and services that make up the information marketplace.IIA fosters a responsive and responsible forum for promoting a competitive and growing information marketplace. ----------------------------------------------------------------- ----------------------------------------------------------------- President of the IIA: Kenneth B. Allen Editor of Information Policy Online: Steven J. Metalitz, IIA Vice President and General Counsel Consulting Editor: J. Timothy Sprehe, Sprehe Information Management Associates For messages to IIA-IPO: Voice: (202) 639-8262. Fax: (202) 638-4403. ----------------------------------------------------------------- *****************************************************************