What data is public? The question is more urgent now

Robert Gellman

When should the government keep publicly available information off the Internet? Unfortunately, that is no longer a dumb question. Not after Sept. 11.

Let's consider two cases.

The first example comes under the Clean Air Act, which makes public the potential consequences of chemical spills. The idea is that the community surrounding a chemical plant should be informed enough to prepare for the worst-case scenario.

The chemical industry persuaded Congress that disclosure would pose security risks. Some believe the real goal was avoiding a public relations fiasco rather than a terrorist attack.

But the industry convinced Congress, which amended the law. Rules proposed by the Environmental Protection Agency would have allowed public access to the chemical data, but only to paper copies under strict access and copying limits. The policy seemed based on the belief that information should be accessible, but also that security is maintained if information is difficult to find and specifically not available on the Internet.

The Bush administration, in a move many viewed as catering to the chemical industry, withdrew the public access rules in March.

The result leaves significant information unavailable to affected communities altogether, but that isn't my point. Keep the original Clinton proposal in mind because of its treatment of the Internet as an unwanted dissemination medium for public information. This won't be the last no-Internet policy for government information.

The second example comes from the privacy world. When public records'for example voter registration rolls or court transcripts'are available on the Internet, what happens to privacy? Anyone can build detailed personal profiles based on the records, and some marketing companies already do. The information industry argues vociferously for the right to put public records about individuals on the Internet.

In 1989, the Supreme Court analyzed privacy and found a big difference between centralized records and those available only through searches of separate data systems, particularly paper systems.

The distinction holds true for the Internet. Clicking a mouse to get information is easier, and more threatening to privacy, than tramping through government offices or records warehouses.

These two examples bring us back to my original question. When should we keep publicly available information off the Internet?

I am tempted to conclude that industry and government can't have things both ways. If Internet access is a threat to security, it can be a threat to privacy as well'a truism that doesn't help guide policy. Printed books allow greater dissemination than hand-copied books, but limiting printing is absurd. Similarly, we cannot hope to keep information from the Internet for very long.

A better question is whether the information at stake should truly be public at all. Limiting access over the Internet isn't the answer to security or privacy.

We will always do better by first debating the wisdom of public availability for a record, rather than the distribution technology for a record. The existence of the Internet is a factor in that debate, but it isn't the only factor.

Robert Gellman is a Washington privacy and information policy consultant. E-mail him at rgellman@cais.com.

inside gcn

  • DOD launches full-scale bug bounty program

    DOD to launch full-scale bug bounty program

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above