Vol. XI, No. 3
Department of Justice Report on
"Electronic Record" FOIA Issues,
[The following is the second part of the "Department of Justice Report on 'Electronic Record' Issues under the Freedom of Information Act," published here in unabridged form. Part I of this report was published in the preceding issue of FOIA Update.]
Issue C: Format of Disclosure
Discussion of Issue
The issue of whether the Freedom of Information Act requires federal agencies to provide requested records in a particular specified form or format -- as a matter of requester preference -- is a FOIA issue of considerable potential importance within the "electronic" environment. This is an issue that can arise even in more conventional contexts, of course, as there are many different forms and formats in which records can be maintained. Beyond the basic "paper copy" form of a record, still used most commonly throughout the government overall, there are the more conventional alternate media of microfilm and microfiche. Yet these alternate media, in existence for decades, are used by both agencies and members of the public in relatively standard forms and configurations.
Within the "electronic" realm, however, records can take the widely varying forms of magnetic tapes, disks and other devices of advanced data storage. These media can vary greatly in their basic format, technical configuration and operational design -- which in turn can yield significant differences in compatibility with various automated data-processing systems.
Indeed, in the case of "electronic" media, a record's format and ultimate compatibility with a particular data-processing system can entirely govern its essential "readability" and, thus, its basic utility. Where a record does not exist in a format of preferred compatibility, it can be a costly and time-consuming enterprise to convert it into that preferred format for viable use. As federal agencies have become increasingly automated in their practices of records maintenance, to the point of maintaining records in varying database formats even within individual agencies and agency components, this issue of required form of disclosure has become a matter of increasing concern to both FOIA requesters and agencies alike.
This record format issue has two distinct aspects -- or, to put it another way, it can arise in two distinctly different situations. The first situation is where an agency responding to a FOIA request for an agency record already maintains that record (i.e., the information contained in it) in more than one distinct form or format. The multiple forms of the requested record might be different "electronic" forms (or formats), different "conventional" forms, or some combination of the two. In some cases, the record might exist in several different forms among which the requester would prefer to choose -- despite whatever reasons the agency may have for preferring to make a FOIA disclosure in one form over another.
In this situation, the question of form of disclosure might be raised either by the agency itself or by the FOIA requester. The issue is whether the requester is entitled under the FOIA to specify the disclosure form of his or her choice. An agency might say that it is most reasonable that it disclose a requested record in one form rather than another, given the circumstances involved, while a FOIA requester might say that there is no good reason why his or her particular preference (which could be a matter of considerable importance to that requester) should not be honored. Obviously, wherever the preferences of the agency and the FOIA requester coincide, this is not an issue.(24)
A second, less prominent situation could be presented where a requested record is maintained by an agency in only a single existing form. In such a situation, no question of alternative disclosure would ordinarily arise from the agency's perspective. Only if a FOIA requester were to raise some question of possible alternatives -- in an attempt, perhaps, to most conveniently achieve preferred format compatibility -- would any issue of disclosure form or format arise. The resulting issue in this situation would be whether the agency can be compelled through the FOIA to create a counterpart record for disclosure to a requester in the particular form or format that the requester desires.(25)
To date, only one FOIA decision has analyzed the issue of form of disclosure at any length. In Dismukes v. Department of the Interior, 603 F. Supp. 760, 761-63 (D.D.C. 1984), District Court Judge Joyce Hens Green did so and upheld an agency's choice of form of FOIA disclosure. The FOIA requester in that case sought to obtain "a copy of a computer tape" that listed the names and addresses of participants in oil and gas leasing lotteries held by the Interior Department. 603 F. Supp. at 760. The Interior Department, in response, offered to disclose all of the information sought -- but on microfiche cards, the form in which it routinely made such information available to the public as a matter of general public preference. See id. at 763.
Thus, the requested information in Dismukes existed in multiple forms -- it was "twice-recorded information," as Judge Green phrased it -- and the FOIA requester pressed his individual preference (for reasons of economy and compatibility) to obtain access in its computer-tape form. 603 F. Supp. at 762. Rejecting this attempt, Judge Green held that the agency's decision to disclose the information in the form most useful to the typical requester was reasonable and proper, so long as it did not diminish the quality of the information made available or "unreasonably hamper" the access of a FOIA requester in any way. Id. at 762-63.(26)
No court has yet considered any contention by a FOIA requester that an agency is obligated under the Act to provide a record maintained by the agency in only a single existing form to that requester in some entirely new counterpart form.(27)
Discussion of Responses
This third survey issue, regarding format of disclosure, evoked a strong majority position expressed by the agencies concerned with it. Forty-one of the 70 responding agencies (58.57%) responded in the negative on this issue, expressing opposition to a requirement that agencies provide records in the formats specified by FOIA requesters. Of the remaining respondents, 27 agencies (38.57%) expressed no position on the issue, while only two agencies (2.86%) responded positively toward such a disclosure requirement. Overall, though, the survey responses indicated very little agency experience in dealing with this issue to date.
Many of the agencies responding in the negative on this issue explained their positions by pointing to significant administrative considerations underlying the issue -- most particularly those of administrative burden and cost. The Office of Personnel Management, for example, expressed its concern that an "immense burden" could be placed on agencies by FOIA requesters if disclosures were required to be made in the particular formats specified by requesters. The Securities and Exchange Commission took the view that such a requirement "would waste agency resources." In all, more than a dozen agencies -- including the Department of the Interior and the Department of the Treasury -- expressed concerns about the potential administrative burdens, costs and diversion of scarce agency resources implicated by this issue.
The Department of the Treasury elaborated further on the cost considerations involved by pointing out a particular complication. It observed that the fees charged by an agency for FOIA services "do not cover full costs" and that, in any event, any FOIA fees recovered by an agency are credited to the general Treasury fund by operation of law and "cannot be deposited to [that] agency's account." It therefore concluded that the funds that might be required in order to comply with requester preferences "would be limited or nonexistent."(28) Similarly, the Department of the Air Force expressed its concern about "the potential for excessive unreimbursed costs."
At the same time, several of these agencies recognized a distinction between the situation in which the FOIA requester seeks to have the agency place records in a new format and that in which the requester seeks disclosure in an alternative format that already exists. Three of the 41 agencies responding in the negative on this issue -- the Department of Commerce, the Federal Emergency Management Agency and the United States Trade Representative -- specifically indicated their nonopposition to compelled disclosure in any format already in existence.
A fourth agency, the Nuclear Regulatory Commission, did not go quite so far, stating that it will provide records in existing alternative formats "when it can readily do so." This distinct matter of existing alternative forms of disclosure was addressed most specifically by the Securities and Exchange Commission, which stated: "There may be instances in which it is both desirable and economical for the agency to disclose the information in one [existing] form rather than another. This decision should be a matter entrusted to agency discretion."
Indeed, the perceived need for broad agency discretion was a recurring theme throughout the agency responses on this issue. Agencies repeatedly expressed the view, in one way or another, that the choice of format of FOIA disclosure should ultimately be left to their sound administrative discretion. The Environmental Protection Agency, for example, said that while it tries to honor a FOIA requester's format preference in disclosing its records, it "may ultimately exercise its discretion to determine in which format records are released." The National Archives and Records Administration stated it more pointedly: "[W]e have regularly adopted the position that [format of disclosure] is at the choice of the agency. We see no reason to alter this policy when responding to requests for electronic records."
Many agencies indicated, however, consistent with the Dismukes decision, that they do view their discretion in this area as bounded by reasonable standards. The Department of Education, for example, expressed the view that agencies should have "discretion to choose the format of disclosure so long as there is a reasonable basis for that choice." The Department of the Interior said that "[a]s a general rule, an agency should try to provide the material in a form that is usable by the requester unless it is administratively burdensome to do so."
Several of these agencies -- such as the Department of the Treasury, the Food and Drug Administration and the Merit Systems Protection Board -- identified overall "cost-effectiveness" as perhaps the most important factor reasonably governing the exercise of agency discretion in this area. The Department of Defense carefully pointed out that in some instances it might be "easier and cost-effective to the agency" to provide requested information in the particular form of the requester's preference.
The two responding agencies that appeared to be most willing to comply with a FOIA requester's specified format preference, responding in the affirmative toward such a requirement, were the Foreign Claims Settlement Commission and the United States Information Agency. The former expressed the position that "the FOIA mandates provision of requested records in the format sought by the requester if it is reasonably possible to do so." The latter took the view that "if it is within the capabilities of [an] agency," that agency "should be required to provide the type of computer software or specified form desired by a requester."
On the other hand, a number of agencies stated firm positions on this issue that left little room for complying with a FOIA requester's specified preferences, particularly within the realm of "electronic" records. The Department of the Treasury, for example, stated: "The public should be required to accept information in the form, manner and format in which it exists rather than have a requirement placed upon government to expend resources converting data for the requester's convenience."
Similar statements were made by the Securities and Exchange Commission, the Merit Systems Protection Board and the Office of Personnel Management, the latter of which said: "OPM is of the mind that as long as the requested information is disclosed, the intent of the FOIA has been met. As a result, a requester must take the requested information in the form [in which] it is maintained by the agency." Perhaps the most blunt such statement of position was given by the Public Health Service, which responded: "We release in the form most convenient to the government. Requesters should not dictate the form of response. Not only would it be very expensive, but the government would become a free electronic service bureau."
Issue D: Status of Computer Software
Discussion of Issue
A threshold legal question regarding the status and treatment of computer software under the Freedom of Information Act is whether an item of software, however defined, is an "agency record" within the purview of the Act. Under the FOIA, any "agency record" can be made the subject of a FOIA request, see 5 U.S.C. § 552(a)(3), and may be withheld from a requester by an agency only if (and to the extent that) its content is of such sensitivity that it falls within a FOIA exemption, see 5 U.S.C. § 552(b). If an item of computer software is not an "agency record" as that term is used as a matter of law under the FOIA, then it is not subject to the Act to begin with and any question of its sensitivity need not even be reached.(29)
Consideration of this threshold FOIA question regarding computer software -- which has two distinct aspects -- is made difficult by the fact that the Act does not define the term "agency record," let alone address whether something such as software is encompassed within it. Additionally, there has never been any judicial analysis or interpretation of the term "agency record" in connection with software under the FOIA. To date, no court has had occasion to consider whether requested software falls within this basic jurisdictional term.
Also complicating this issue, of course, is the fundamental definitional question of the exact meaning of the term "software" in the first place. In common parlance, computer "software" is generally understood to be the preprogrammed set of instructions according to which data is mechanically manipulated in a computer or in some type of automated data-processing equipment.(30) Usually it takes the form of a disk or tape that has been constructed or patterned in such a way as to achieve a precise result when used together with accompanying "hardware."(31) An item of software might exist only in such a form, or it might also be producible in some intelligible "paper printout" form, depending upon the character of both the software and its accompanying hardware system.
It is this somewhat mechanical character of computer software that leads to the question of whether it is an "agency record" in the first place. Put more precisely, the question is whether software is of such character that it is even a "record" in the true sense of that term. A "record" is generally understood to be a medium of one form or another on which information is recorded in order to preserve its content. See, e.g., DiViaio v. Kelley, 571 F.2d 538, 542 (10th Cir. 1978) (FOIA decision defining "record" as "that which is written or transcribed to perpetuate knowledge or events"). If computer software is of such character that it does not itself serve to record information, but rather serves merely as the means by which recorded information is manipulated within an automated data-processing system, then is it a "record" under the FOIA at all?
Any consideration of the proper treatment of computer software under the FOIA must confront this basic "record" question. Within any data-processing system, there is little question that the system's "computer tapes" and the bits of data retrieved from that system are "records" in the true sense of that term.(32) Nor should there be any reasonable doubt that the actual "hardware" components of the system are not. See, e.g., Nichols v. United States, 325 F. Supp. 130, 135-36 (D. Kan. 1971) (holding that items of physical evidence pertaining to assassination of President Kennedy "may not be classified as ["records"] within the meaning of the Act"), aff'd on other grounds, 460 F.2d 671 (10th Cir.), cert. denied, 409 U.S. 966 (1972).
Items of computer software, however, lie somewhere between these two realms. Thus, the question is whether they are most properly regarded as vessels of information (like data), on the one hand, or as mere tools (like hardware), on the other. And to the extent that there might possibly be significant variations in the character of different software items, the answer to this basic "record" question could conceivably vary from one item of software to the next.(33)
The next question to arise in analytical sequence in considering the status of computer software under the FOIA is whether a particular software item meets the legal requirements of the remainder of the "agency record" concept. Obviously, if it is found that an item of software is of such character that it is not even a "record" to begin with, then the FOIA inquiry is at an end. But if it is not so found, then there exists the next jurisdictional question of whether the agency's relationship to the requested "record" is legally sufficient to render it an "agency record" under the FOIA.
On this question there exists much FOIA case law in general, though none applying the "agency record" definition to any item of software in particular. It is a long-established principle under the FOIA that a "record" is an "agency record," and therefore is requestable from a particular federal agency, if it is both in that agency's possession and within its control. See Forsham v. Harris, 445 U.S. 169, 171, 173 (1980); Kissinger v. Reporters Comm. for Freedom of the Press, 445 U.S. 136, 151, 157 (1980). The Supreme Court reiterated as much just last year. See Department of Justice v. Tax Analysts, 109 S. Ct. 2841, 2847-48 (1989).
An agency's physical possession of a record sought under the FOIA usually is an undisputed matter of fact. See, e.g., Wolfe v. HHS, 711 F.2d 1077, 1080 (D.C. Cir. 1983). The legal matter of "control," on the other hand, sometimes is not so easily determined. See Bureau of Nat'l Affairs, Inc. v. Department of Justice, 742 F.2d 1484, 1490 (D.C. Cir. 1984). To determine the question of "control" for "agency record" purposes in this regard, consideration must be given to the circumstances under which an item of computer software came into an agency's possession. See, e.g., Paisley v. CIA, 712 F.2d 686, 694 (D.C. Cir. 1983) (looking to circumstances under which congressional documents were given to federal agency in order to determine agency "control" and "agency record" status).
Not all computer software is obtained by agencies under circumstances requiring such consideration. For items of software that are developed entirely by or within a federal agency, and in which the agency itself is the sole holder of any proprietary interest, no such "agency record" issue under the FOIA would ever arise. In such situations, there should be no doubt about the agency's complete control over the software in question.
On the other hand, any software that is obtained by a federal agency from some outside source, or in which any outside party holds a proprietary interest on any basis whatsoever, may raise a distinct "agency record" issue under the FOIA. Put most simply, the issue is whether that outside proprietary interest-holder has lawfully retained sufficient control over that software to render any requested FOIA disclosure beyond the agency's own legal power. Consideration of this issue requires an analysis of the factual circumstances and legal conditions involved in each particular case.
In some situations, an agency might obtain computer software, or be involved in its development, under circumstances in which it acquires unrestricted rights to use that software product and in which no such reservation of "control" is intended or could be implied. This type of factual situation, while possibly holding some basis for Exemption 4 applicability (see discussion below), does not present such an "agency record" barrier to requested FOIA disclosure.
Most commonly, a federal agency obtains the use of computer software through a contractual agreement that specifically limits the agency's use of the software and reserves all other control to its owner. In such a situation, a legal question would be presented as to whether that contractual provision yielded sufficient agency "control" over the software for it to be regarded as an "agency record" subject to possible disclosure under the FOIA. If the agency were found to lack such control, as a matter of law, then the FOIA would be inapplicable to the software in question on that basis. See, e.g., Goland v. CIA, 607 F.2d 339, 345-48 (D.C. Cir. 1978) (document over which outside party properly has reserved "control" is not "agency record" under FOIA), cert. denied, 445 U.S. 927 (1980).
Finally, if it is found that an item of computer software is indeed an "agency record" under the FOIA, that does not necessarily mean that it must be provided upon request under the Act. In such an event, consideration of the proper treatment of software under the FOIA would then focus on the possible applicability of the Act's exemptions. Indeed, an item of computer software, if deemed to be an "agency record," would be entitled to the same potential range of substantive exemption protection as any other requested record under the Act.
One such basis for FOIA exemption applicability, as alluded to above, is the proprietary interest that might be held in an item of software by a non-federal owner. While the possible copyrighted status of such an item does not, in and of itself, have any legal effect under the FOIA,(34) the "intrinsic value" of such an item can serve as a basis for protecting an outside party's proprietary interest under Exemption 4 of the Act, 5 U.S.C. § 552(b)(4).See FOIA Update, Winter 1985, at 3-4 ("OIP Guidance: Protecting Intrinsic Commercial Value"). No such protection exists under current law, however, for valuable items developed by the federal government. See 17 U.S.C. § 105 (1988) (precluding copyright protection for "any work of the United States Government").(35)
A second prominent exemption possibility with respect to computer software can be found in an important part of Exemption 2 of the Act, 5 U.S.C. § 552(b)(2), sometimes referred to as "high 2." As construed by the courts, this aspect of Exemption 2 can be employed to protect "predominantly internal" agency records wherever their disclosure would significantly risk "circumvention" of the law or of some legal requirement by members of the general public. See, e.g., National Treasury Employees Union v. United States Customs Service, 802 F.2d 525, 528-31 (D.C. Cir. 1986); Crooker v. Bureau of Alcohol, Tobacco & Firearms, 670 F.2d 1051, 1074 (D.C. Cir. 1981) (en banc); see also FOIA Update, Summer 1989, at 3-4 ("OIP Guidance: Protecting Vulnerability Assessments Through Application of Exemption Two").
This "circumvention" protection is available for possible application to any item of software -- such as codes and other security components -- that is found to be of such sensitivity. See FOIA Update, Summer 1989, at 4 (discussing application of Exemption 2 to computer-security information prepared under Computer Security Act of 1987).
Discussion of Responses
This fourth survey issue, regarding the status of computer software under the FOIA, yielded the sharpest division of opinion among the federal agencies concerned about the issue. At the same time, fully half of the 70 agencies responding to the survey expressed no position on this issue -- perhaps reflecting the limited agency experience with "electronic record" issues generally to date. On this issue, too, agencies indicated only little practical experience thus far.
Among those agencies taking a position on this computer software issue, there was no clear consensus on it. A total of 22 agencies (31.43%) expressed the view that software should be regarded as an "agency record" in at least some if not all circumstances, while 13 agencies (18.57%) took the position that it should not be so regarded because it is nothing more than a "tool" used for the manipulation of data. This lack of consensus on this issue exists not only among federal agencies, it exists within some agencies as well. The Department of the Treasury, for example, indicated in its response that it has regarded software as an "agency record" in some situations, but that its position on this issue is not a "unified" one within the agency due to strong differences of opinion on it among the agency's own components.
Some agencies raised the additional "agency record" concern regarding agency "control" over items of software acquired from outside vendors under limited licenses or other restrictions -- but most often this concern was expressed as a perceived need for ensuring the adequacy of substantive exemption protection for proprietary interests within the FOIA itself. In this regard, as well as regarding the protection of computer security, many agencies did not distinguish the "agency record" status of an item of software from the separate question of its ultimate disclosure or nondisclosure under the Act.
The agencies responding in the affirmative on this issue generally did so with little elaboration or explanation, except to indicate by their responses that they saw no need or basis for viewing the issue otherwise. Several major agencies -- most notably the Department of the Interior, the Department of Agriculture and the Department of Veterans Affairs -- fell into this category. The most common thread to this view of computer software seemed to be that it should be regarded as an "agency record" if, as one agency put it, "it comprises information."
The Federal Trade Commission, for example, responded that its only FOIA request for computer software within recent memory sought an item of software that it treated as an "agency record" because it was "equated to a procedural manual." The Department of the Air Force, while adhering to a more limited Department of Defense view that software can be an "agency record" depending upon the circumstances involved, suggested that sometimes software may be viewed as akin to "administrative staff manuals and instructions," and thus "likewise [be] an agency record subject to [the] FOIA."
Agencies under the Department of Defense uniformly adhered to the position, in accordance with a Department of Defense-wide regulation, that computer software can be an "agency record" in certain circumstances. Department of Defense Regulation 5400.7-R states that items of software are "agency records" under the FOIA, but only if "created or used as primary sources of information about organizations, policies, functions, decisions, or procedures of a DoD Component." 32 C.F.R. § 286.5(b)(2)(iii)(B) (1989).
Without elaborating on the meaning or application of the term "primary sources of information," the Department of Defense agencies responding to the survey consistently placed dispositive emphasis on the informational content of an item of software in determining its FOIA status. The Department of the Navy, for example, expressed the view that, unless it contains "primary source information," an item of software "is no more an agency record than any other implement used to facilitate data storage and retrieval (e.g., a looseleaf binder, file cabinet, or rolodex ring)."
The agencies responding flatly in the negative on this issue did so based upon their fundamental view of computer software as strictly an administrative "tool." Among the 13 agencies so responding were the Securities and Exchange Commission, the Office of Personnel Management, NASA, the Federal Communications Commission, the Federal Emergency Management Agency and the Department of State. Several of these agencies characterized software as nothing more than an "item of property," akin to a typewriter or a file cabinet.
For example, NASA responded that "it is important to make a distinction between a computer program as a working tool, and a computer data base which may merely be a media for storage, electronically, of information that would otherwise be considered an 'agency record.'" It expressed the belief that "a computer program, per se, should be considered a 'working tool' and as such should be treated no differently than the computer in or with which it is used; that is, as an item of property and not an 'agency record.'" In NASA's view, even "documentation describing the use of a computer program" should be treated as a "tool" to the extent that it consists of "source code[s], algorithm[s], process formulae, flow charts, program listings, and the like."
Along these same lines, the Office of Personnel Management took the position that "[s]oftware should not be considered an agency record because it is strictly 'the tool' by which the end product -- the data or requested information -- is maintained." To the Securities and Exchange Commission, software is "a tool for the processing and retrieval of information (i.e., a set of procedural instructions) rather than substantive government information." The Department of State likewise responded that, in its view, "computer programs . . . do not reflect the substantive business of the Department."
Even among the agencies that chose not to take a particular position on this issue, there were some expressions of skepticism about the disclosure of computer software under the FOIA. The Federal Reserve Board, for example, observed that it had "difficulty discerning how [the release of software] devoid of any substantive information, advances the public's right to know." Similarly, the Merit Systems Protection Board, speaking of agency-generated software, identified "the argument that such software is part of the government's physical property similar in nature to a typewriter."
Beyond the particular positions taken by agencies on this issue, certain recurring concerns were raised throughout their responses. Many agencies expressed concerns about protecting perceived private and governmental proprietary interests in computer software. Several of the agencies that opposed viewing software as an "agency record" did so based heavily upon the concern that federal agencies use commercially developed software that commonly carry strict licensing restrictions as well as perceived copyright protections against further use. Similarly, the Nuclear Regulatory Commission, which endorsed the view that software can be an "agency record," specifically caveated its position to exclude commercially developed software from its purview.
A few agencies -- including some that did not take a formal position on the issue, such as the Merit Systems Protection Board -- said that such software, if found to be an "agency record," should be protected under the FOIA's Exemption 4. The Securities and Exchange Commission, which opposed viewing software as an "agency record," pointed out that even if the software developed by it were deemed an "agency record" under the FOIA, such software would be "useless" to a FOIA requester without the accompanying "base codes" -- which the agency could not disclose because they are commercially produced and are used "pursuant to licensing agreements [and] belong to the vendor."
As for any governmental proprietary interest, the Federal Emergency Management Agency suggested that the government "should be able to maintain [a] proprietary interest" in agency-generated software that is "wholly government property." In this same vein, the Department of Defense expressed its view that because "[s]oftware is a valuable, commercially exploitable resource, [it] should not be given away for minimal FOIA costs as compared to the actual costs for development." Neither agency, however, nor any other agency responding on this issue, identified a specific legal basis for such a view.
A related concern expressed by some agencies is the potential impact on agency operations that might accompany the processing of requests for computer software under the FOIA. For example, the Farm Credit Administration, which opposed viewing software as an "agency record," expressed the fear that the potential costs of processing such FOIA requests might adversely affect the agency's ability to discharge its primary responsibilities.
Likewise, the Federal Communications Commission voiced the concern that its "scarce resources could be diverted to the dissemination of the software under the FOIA . . . in circumstances that are not economically beneficial to [the] agency." The Small Business Administration, while taking no formal position on the issue, expressed concerns about the financial impact of disclosing software to commercial requesters for a "modest fee" under the FOIA when it is so costly for the agency to acquire it in the first place.
Finally, a major cause of concern for numerous agencies was the feared impact that treating computer software as an "agency record" under the FOIA might have on the security of the government computer systems. Among the agencies expressing strong such security concerns were the Department of the Interior, which nevertheless responded in the affirmative on this issue; the Federal Reserve Board, which took no position on the issue; and the Selective Service System, the Office of Personnel Management and the Securities and Exchange Commission, all of which responded in the negative.
The Selective Service System specifically based its position on this issue on the perceived vulnerability of its computer systems to computer "hackers" if software were to be made available under the FOIA. The Office of Personnel Management rested its position on the concern that "[i]f agencies are required to release software as an agency record, they would . . . be exposing confidential internal programs to requesters who could create viruses which could infect such programs." Similarly, the Securities and Exchange Commission expressed its concerns that disclosure of computer programs "could pose a significant risk to computer security" and could "frustrate precisely those interests Congress intended to protect by enacting FOIA exemptions."CONCLUSION
The "electronic record" issues arising under the Freedom of Information Act are issues of exceptional complexity and difficulty that have only recently begun to emerge with great significance upon the FOIA scene. However, as the next century fast approaches, with continued rapid advances in all phases of information technology, it can be expected that federal agencies will confrontthese issues with increasing frequency in a variety of new situations.
As this report shows, federal agencies are not monolithic in their positions and views on these issues; there are distinctly different viewpoints on them among, and even within, federal agencies. As well, agencies naturally view such issues differently -- and from a very different perspective -- than do representatives of the general FOIA-requester community and perhaps also those who may look upon such issues from a more academic standpoint. These differences are a source of potential tension in FOIA administration, a tension not likely to abate until uniform administrative policies and practices regarding "electronic record" FOIA issues are developed and applied on a governmentwide basis.
Such policy development, virtually all would agree, will not be accomplished readily or easily. Ideally, though, it will be undertaken with the cooperative efforts of all persons and institutions concerned with these important issues. The information now compiled through the Department of Justice's "electronic record" survey, and presented in this report, should provide a firm foundation for such efforts.
* * * * *
24. Another ready resolution of potential differences between agencies and requesters in this regard may be found through the forwarding of records to the National Technical Information Service ("NTIS"), part of the Technology Administration of the Department of Commerce, for dissemination to the public under its special statutory record-distribution scheme. See generally Federal Information Dissemination Policies & Practices: Hearings Before the Gov't Information, Justice & Agriculture Subcomm. of the House Comm. on Gov't Operations, 101st Cong., 1st Sess. 402-08 (1989) (statement of NTIS Deputy Director); see also, e.g., id. at 518-20 (example of such NTIS referral); accord 5 U.S.C. § 552(a)(4)(A)(vi) (1988) (FOIA fee provision referencing other statutes); 52 Fed. Reg. 10011, 10017-18 (Mar. 27, 1987) (Office of Management and Budget FOIA Fee Guidelines referencing NTIS).
25. One relatively benign subcategory of this situation could be where an agency maintains a record exclusively in database form but the FOIA requester seeks to obtain it in "printout" form instead. Assuming a ready mechanical capability to comply with such a request, and no cost complication, it is not likely that any agency and FOIA requester will ever come to loggerheads in such a situation.
26. See also National Security Archive v. CIA, Civil No. 88-119, slip op. at 1-2 (D.D.C. July 26, 1988) (agency not required to provide requested records in "electronic data base" form where it already had responded to FOIA request by providing them in printout form), aff'd mem., No. 88-5298 (D.C. Cir. Feb. 6, 1989) (unpublished order) (affirming on "mootness" grounds); compare Timken Co. v. United States, 659 F. Supp. 239, 241-43 (Ct. Int'l Trade 1987) (in civil discovery context, agency ordered to produce computer tapes, not merely printouts, where requesting party could not make adequate use of latter); In re Air Crash Disaster at Detroit Airport, 130 F.R.D. 634, 636 (E.D. Mich. 1989) (same).
27. Two proposals on the subject of "electronic records," however, contain language that would extend an agency's FOIA obligations this far. The recommendations of the Administrative Conference and the American Bar Association each go so far as to state that agencies should be obliged to produce records in new forms or formats preferred by FOIA requesters wherever such records can be created "with reasonable effort." Admin. Conf. of the U.S. Recommendation 88-10 (subpart A.2), 1 C.F.R. § 305.88-10 (1989); American Bar Association Resolution No. 102, |3 (adopted Feb. 12-13, 1990), published in 15 Admin. L. News 1, 13 (Spring 1990). See also note 20 supra and accompanying text. Such an issue did arise in one FOIA lawsuit, International Computaprint Corp. v. Department of Commerce, Civil Action No. 87-1848 (D.D.C.), but the matter was dropped without being adjudicated.
28. Such reimbursement and budgetary concerns apply universally to all of the survey issues and were a common thread running throughout the agencies' responses. See also Office of Management and Budget Uniform Freedom of Information Act Fee Schedule and Guidelines, 52 Fed. Reg. 10011, 10019 (Mar. 27, 1987) (discussing routine deposit of FOIA fees in general Treasury account as provided by law).
29. See, e.g., Ryan v. Department of Justice, 617 F.2d 781, 784 (D.C. Cir. 1980) (recounting district court decision not to reach substantive exemption claims regarding requested records where "agency record" status found lacking).
30. It has been observed that "[t]he word 'software' is used for quite a wide range of concepts. It may mean simply the code or program which instructs a programmable machine. But more broadly, it may mean all the specifications, documentation, and other information recorded on both paper and magnetic media which are associated with such code." Kirk, "Software and the [British] Consumer Protection Act 1987," 6 Computer Law & Practice 1, 3 (1989). A basic definition of a "computer program" is "a sequence of instructions which cause a computer to perform particular operations." Id. A recent General Accounting Office study defined "computer software," in commonly accepted terms, as "the entire set of programs, procedures, and related documentation associated with a computer system." U.S. Gen. Accounting Office, Technology Transfer: Copyright Law Constrains Commercialization of Some Federal Software, 18 (June 1990). Thus, "[s]oftware" should be distinguished from its accompanying, "separable data bases." Id.
31. As one commentator has expressed it: "Software algorithms and computer hardware act together to perform specific processes; these two entities are lifeless without their counterpart." Friedland, "Computer Software Patentability: The Dilemma of Defining an Algorithm," 2 Software L. J. 537, 556 (1988).
32. See note 1 supra and accompanying text. There does exist one FOIA decision holding that a "computer tape" sought under the FOIA was not an "agency record" under the Act, SDC Development Corp. v. Mathews, 542 F.2d 1116 (9th Cir. 1976). In that case, the requester sought to obtain inexpensive FOIA access to a valuable National Library of Medicine database that regularly was sold to interested purchasers for the price of $50,000 under a special statutory scheme. See id. at 1117-18. The Ninth Circuit Court of Appeals refused to allow such circumvention through the FOIA, but it did so on the basis that the computer tape in question was not an "agency record" for FOIA purposes. See id. at 1120. This aberrational decision is best regarded not as a true "agency record" precedent, but rather as a "displacement-type" decision -- as the Office of Information and Privacy long has regarded it. See "Justice Department Guide to the Freedom of Information Act," published in Freedom of Information Case List (Sept. 1990), at 420; accord Ricchio v. Kline, 773 F.2d 1389, 1395 (D.C. Cir. 1985) (holding that FOIA can be "displaced" by provisions of other statutes); "Electronic Collection and Dissemination of Information by Federal Agencies: A Policy Overview," H.R. Rep. No. 560, 99th Cong., 2d Sess. 32-33, 35 (1986); see also note 24 supra.
33. Any "informational" content of computer software, for example, is not necessarily the same from one item of software to the next; that software characteristic might vary even according to the particular database system and accompanying "hardware" with which an item of software is used. By the same token, the interrelationship between some software items and their accompanying databases might be such that the databases are entirely unintelligible and unusable without that particular software. This makes the issue of the "agency record" status of computer software under the FOIA both more complex and more significant than it otherwise would be.
34. The Department of Justice has long stated, as a matter of statutory interpretation, that the Copyright Act of 1976, 17 U.S.C. § 101, is not a qualifying statutory nondisclosure provision under Exemption 3 of the FOIA, 5 U.S.C. § 552(b)(3), and that any possible protection of copyrighted items under the FOIA must be considered under Exemption 4 of the FOIA, 5 U.S.C. § 552(b)(4), instead. See FOIA Update, Fall 1983, at 3-5 ("OIP Guidance: Copyrighted Materials and the FOIA").
35. See also "Electronic Collection and Dissemination of Information by Federal Agencies: A Policy Overview," H.R. Rep. No. 560, 99th Cong., 2d Sess. 26-27 (1986) (describing unsuccessful efforts to amend FOIA with provision allowing assessment of "fair value fees"). But see also Federal Technology Transfer Act of 1986, 15 U.S.C. § 3710c,as amended by Act of October 24, 1988, Pub. L. No. 100-519, § 303 (1988) (special provision allowing federal employee/inventors to receive no less than 15% of royalties or other revenue received for any patented invention for which rights have been assigned to United States).
Go to: FOIA Update Home Page