Joaquin Ferrao is the Attorney Advisor with the Office of Inspector General for the U.S. Agency for International Development.
For over three decades federal agencies, including Inspector General Offices (“IG”), have been required to comply with the Freedom of Information Act (“FOIA”) and the Privacy Act. Since its existence, FOIA has led to the disclosure of waste, fraud, abuse, and wrongdoing in the federal government.1 For example FOIA has resulted in the identification of unsafe consumer goods, harmful drugs, and serious health hazards.2 These are precisely the types of activities that Congress intended that IGs would expose when they enacted the Inspector General Act (“IG Act”). Although the FOIA and the new Electronic FOIA were enacted to increase accountability in government, for the most part, neither IGs nor agencies have made FOIA implementation a priority.3
The FOIA and Privacy Act govern access to the millions of records and bytes of information that the government generates. A quick glance of the FOIA and the Privacy Act might leave some with the impression that the acts conflict. After all, the FOIA was enacted to facilitate and expand the public’s access to government records. In contrast, the Privacy Act was enacted to restrict access by third parties to personal information that the government collects on individuals. Frequently, however, when a member of the public makes a request pursuant to FOIA, Privacy Act considerations come into play. Regardless of how agencies determine whether a government record can be released, one thing is for certain, the format of records has changed dramatically in the last fifteen years.
Need For Access Grows
Until recently, most of the records that the government collected and released were in paper form. When computers invaded government offices many records began to appear electronically. This new development threatened to unravel the goals of FOIA. Several cases were litigated, and as a result, various courts ruled that certain electronic records were subject to the FOIA. However, the patchwork of cases created uncertainty and a lack of uniformity in the law. Moreover, there was no affirmative obligation to disclose certain information electronically for the public. Although the internet was becoming a common and inexpensive source for extracting information, the public, with some exceptions, did not have electronic access to government records.
At the same time the volume of electronic records generated by the government grew so fast that by the mid 1980’s most records were electronic, yet electronic access lagged. After years of wrangling, Congress and the Executive decided to take action. On October 2, 1996 President Clinton signed into law the Electronic Freedom of Information Act (“E-FOIA”)4. The E-FOIA was passed on a bipartisan basis and marked the first time that Congress addressed electronic access to records through meaningful legislation. The law also modified some of the requirements under the original FOIA. For example under the E-FOIA:
- Electronic records were explicitly made subject to the FOIA;
- The deadline for responding to FOIA requests was expanded from ten days to twenty days;
- Agencies were required to provide FOIA reports to Congress;
- Agencies were directed to establish a multi-tracking system for processing requests, and
- Expedited Processing was made available for certain requesters.5
Law Mandates Electronic Reading Rooms and Agency FOIA Guides
Nonetheless, one of most revolutionary provisions of the E-FOIA requires agencies to make electronically available by Nov. 1, 1997 any reading room record created after Nov. 1, 1996. Although the statute did not specify how the records should be made available, Congress clearly envisioned that departments establish web sites where the public could gain access to information through FOIA electronic reading rooms.6
Just what are reading room records? These are records that must be automatically disclosed by agencies independent of any request made by a member of the public. They include a range of public information like agency organizations and functions, rules of procedure, substantive rules and statements of general policy.7 They also include documents, which the agency considers authoritative indications of its positions on legal or policy questions.8 Nonetheless, if any of these records are exempt under FOIA, they can still be withheld and are not subject to reading room treatment.
Equally important, the E-FOIA requires that agencies make the following types of reading room records available electronically:
- Final opinions … as well as orders rendered in the adjudication of administrative cases;
- Specific agency policy statements and interpretations;
- Administrative staff manuals that affect the public; and
- Any records processed and disclosed that the agency determines have or are likely to become the subject of subsequent requests for substantially the same records.9
Some of these are not new requirements. FOIA has always required agencies to maintain public reading rooms where the public could inspect and copy certain information; including final opinions, certain administrative staff manuals, and specific agency policies.10
However, for the first time, agencies must anticipate if they are likely to or have received multiple requests for a document. Additionally, unofficial Department of Justice (“DOJ”) guidance suggest that if agencies receive two requests for documents that are releasable and expect to receive a third, then the agency should place the document, or redacted documents, in its electronic reading room.11 For redacted documents released under the FOIA, the amount of deleted information must be indicated at the place where the record was redacted. The E-FOIA extends that requirement to electronic records if technically feasible.12 Thus, agencies will need to be cognizant of these requirements when purchasing new technology.
Assuming that there are still some individuals who are internet-challenged, for these requestors, agencies must honor their request to provide a hard copy. In fact, the agency must honor a requestor’s choice among existing formats of a record; assuming there is no exceptional difficulty in providing the record in that format. Furthermore, if a requestor asks for a record in a different form or format, and the record is readily reproducible in that new form or format, the agency must comply with the request. Besides requested documents, records found in the electronic reading room must still be made available in a public reading room. However, agencies may fulfill that requirement by providing a computer and a printer with access to the electronic reading room assuming all their public reading room records are in electronic form.13
Another important requirement of E-FOIA is that agencies maintain a reference material or guide for requesting records or information. This document must be made available in the electronic reading room and must include:
- An index of all major information systems of the agency;
- A description of the agency’s major information and record locator systems; and
- A handbook for obtaining various types and categories of public information from the agency.14
Moreover, by December 31, 1999, agencies will be required to maintain an index of all FOIA processed records and provide the index online.15
These E-FOIA requirements will have the effect of making records more accessible to the general public. With increased access, there will be more scrutiny and accountability regarding what records the agencies create, collect, store, and release. In addition, federal employees should expect that reading room documents created by them would potentially receive mass electronic distribution. Thus, the E-FOIA may have a deterrent effect on inadequate performers. Indeed, in enacting the E-FOIA, Congress acknowledged that FOIA revelations may have a certain degree of preemptive effect, prompting a higher degree of probity and conscientiousness in the performance of government operations.16 Clearly, Congress views the E-FOIA as a mechanism to increase performance. Thus, IG offices should consider making internal E-FOIA implementation, as well as compliance within their respective agencies, more of a priority.
Interactions with Other Regulations
With the passage of the E-FOIA, agencies will be required to comply with other regulations such as OMB Circular A-130 (“A-130”). A-130 requires that agencies determine what records or information products are appropriate for an affirmative agency disclosure.17 This provision will force agencies to deal with complex issues. Under the 1996 directive, agencies were supposed to determine if documents (for example: audit reports or redacted investigation reports) would be available for copying or inspections. Since A-130 did not use mandatory language, many agencies put off the hard decisions. However, with the passage of E-FOIA, it is a mandatory requirement that frequently requested releasable records and reading room material be available electronically. Some agencies are now rushing to comply with the law. Therefore, many agencies are reevaluating the types of documents that should go on their webs as part of their affirmative disclosure requirements.
Another law, the Paperwork Reduction Act (“PRA”) of 1995, provides an administrative framework for agencies to affirmatively disclose information to the public through on-line methods, including the internet.18 More affirmative disclosures, pursuant to the PRA and A-130, should, in the long term, reduce the burden on agencies to respond to regular FOIA requests. Moreover, with the advent of the “paperless office” the trend of releasing more documents into cyberspace will continue.
Agencies Struggle to Comply with the E-FOIA
Even though the deadlines to comply with many of the E-FOIA provisions have long passed, agencies continue to struggle in implementing E-FOIA. Specifically, the requirement that agencies set up electronic reading rooms and create agency FOIA guidance materials has not fully been met. Public interest groups, such as OMB Watch, have called the E-FOIA compliance by agencies “overwhelmingly inadequate.”19 According to an OMB Watch Report, as of Jan. of 1998, no agency had fulfilled all of the requirements, 44 fulfilled some, and 13 had no electronic presence.20 Other groups, such as Public Citizen have filed lawsuits against seven agencies in federal district court for not complying with the E-FOIA requirements that mandate that agencies make available guides and indices that assist the public in obtaining agency records.21 However, groups like Public Citizen reserve their harshest criticism for OMB, which they say has not provided the leadership necessary to fully implement the E-FOIA. Some agencies counter that they are hampered by a lack of resources and technology to fully implement E-FOIA. Others have kept costs low while substantially complying with most of the E-FOIA requirements.22 Congress enacted the E-FOIA without allocating any additional resources. Nonetheless, the view from Congress is that the reading room requirement should actually free up resources to deal with other FOIA requests.
Challenges Ahead
The E-FOIA has generated a series of challenges for agencies wishing to comply with the letter and the spirit of the law. There are unresolved issues that were not directly addressed by Congress when the statute was enacted. These decisions are left up to individual agencies but often the lack of guidance causes delay in implementation of the E-FOIA. The following represents issues which agencies and IGs should consider.
Who should oversee the compliance? How should compliance be coordinated? While FOIA officers are well versed in the FOIA they are not necessarily familiar with developing customer friendly internet sites. There are also issues where legal counsel will have to review and determine what records the agency has to affirmatively disclose. Another issue may arise as to who will actually scan records into the electronic reading room.
E-FOIA implementation may raise record management issues. For example, when should reading room records be taken off the net? Currently Justice Department guidelines state that agencies should use their own “best judgement.”23 How will the FOIA process interface with the electronic management systems under development in various agencies?
How should agencies deal with requirements to make affirmative discretionary releases of information even if they are not technically required to do so under FOIA? What criteria should be used when attempting to release a document into cyberspace? An issue can arise if an agency makes discretionary disclosures of information that may be favorable for the agency. It would seem then that the agency may have an ethical obligation to make affirmative disclosures contained in the same type of documents that may be embarrassing or unfavorable.
If E-FOIA requires redacted documents be put into the electronic reading room, what technology can be used so that third persons cannot hack into the redacted parts? Should the resources to purchase this material come from the FOIA office or should the cost be spread throughout the agency.
Specifically, IGs should consider whether audit reports are appropriate for affirmative disclosure. IGs should also be aware that even investigations and inspections are subject to the requirement that frequently requested records be made available in the electronic reading room. On the other hand, E-FOIA does not change Privacy Act restrictions or FOIA exemptions regarding the release of certain records. Coordination between legal counsel, auditors, investigators, FOIA officers, webmasters, and management is crucial to insure compliance with the E-FOIA requirements.
***************
Footnotes
Electronic Freedom of Information Act Amendments of 1996, Pub. L. No. 104-231, §2(a)(3)-(4), 110 Stat. 3048 (1996). <back to text>
Id. <back to text>
See, OIP FOIA Update, Summer 1997. This update provides examples of agencies that have substantially complied with the requirements of the Electronic FOIA. <back to text>
Electronic Freedom of Information Act Amendments of 1996, Pub. L. No. 104-231, §1-12, 110 Stat. 3048 (codified as amended in 5 U.S.C. §552) (1996). <back to text>
Id. <back to text>
See, OIP FOIA Update, Fall 1996. <back to text>
See, 5 U.S.C. A. sec. 552 (a)(1)(A)-(E) (West Supp. 1997). <back to text>
See, OIP FOIA Update Summer 1992; Bristol Myer Co. v. FTC, 598 F.2d 18, 25-26 (D.C. Cir. 1978); Attorney Generals Memorandum the 1974 Amendments to the FOIA 19 (Feb. 1975). <back to text>
5 U.S.C.A. § 552(a)(2) including (a)(2)(D)-(E). <back to text>
See,5 U.S.C A. § 552(a). <back to text>
FOIA & Privacy Act Seminar, July 1998. <back to text>
OIP FOIA Update, Winter 1998. <back to text>
See, OIP FOIA update, Winter 1997. <back to text>
See, OIP FOIA Update, Fall 1996. <back to text>
Id. <back to text>
H.R. Rep. No. 795, 104th Cong., 2d Sess., pt. 1 at 6-7. <back to text>
See, 59 Fed. Reg. At 37920; OIP FOIA Update, Winter 1995. <back to text>
H.R. Rep. No. 795, 104th Cong., 2d Sess., pt. 1. <back to text>
Federal Agencies Hit Over Information Disclosure Law, Congressional Daily/ A.M., June 10, 1998. <back to text>
Jennifer J. Henderson & Patrice McDermott. Arming the People with the Power of Knowledge, OMB Watch Report, April 1998. <back to text>
Federal Agencies Violating the Freedom of Information Act, Lawsuit Alleges. Press Release, Public Citizen, Dec. 4, 1997. <back to text>
See, Nancy Ferris, Virtual Records, Government Executive, August 1997. Some agencies have substantially complied with the E-FOIA while at the same time have not incurred significant extra cost. <back to text>
OIP FOIA Update, Winter 1998. <back to text>
<