Clean up Net files before they are demanded
Here is a question: Can
a Freedom of Information Act requester obtain a copy of a federal employees cookie
file stored in the employees Web browser? A cookie file lets a Web server operator
tell a browser to store certain information and to give it back on subsequent visits to
the same server.
may contain information about a users activities on the Internet, passwords and
In Tennessee, the editor of a newspaper, the Putnam Pit, asked for cookie files on
government computers in the town of Cookeville. The request was rejected under the
states open records law. The state attorney general ruled that the files are exempt
from disclosure as temporary records or working files. Under the federal FOIA, no directly
comparable exemption exists.
Nevertheless, there may be grounds for denying access to at least part of a cookie
file. For example, a denial would be in order if the file contains a password that permits
access to a restricted Web site.
But other information in a cookie file might not be so easily withholdable. And the
cookie file is not the only file that reflects local network usage. In fact, more
interesting files exist. Browsers maintain caches of downloaded images. These cached files
could also be requested, and it would take a file-by-file review to determine if any could
Who knows how many X-rated images could be found in federal computer caches.
Other examples are the history and bookmark files maintained by browsers. The history
file identifies every Web page a user has accessed. A bookmark file contains a list of the
sites whose addresses were saved for future reference by the user. These two files contain
a wealth of data about Web use.
So are these files available under FOIA? There is no easy answer.
It is hard to argue that the files are wholly personal, because they are on a
government computer that is supposed to be used for official business.
You could use FOIAs internal personnel rules and practices exemption and
intra-agency memorandum exemption to argue for withholding in certain circumstances. But
the arguments would be pretty weak.
A blanket ruling that all files on all federal computers are exempt from disclosure
seems unsupportable. Just a request for the records would be troublesome. Imagine if a
requester asked for the cookie, history, bookmark and cache files of every senior
executive service employee at the Justice Department.
Dont look for help from the 1996 Electronic FOIA amendments. The law brought the
FOIA into the computer age, but not into the network age.
Even worse, the law requires an agency to make reasonable efforts to search for an
electronic recordexcept when such efforts would significantly interfere with the
operation of the agencys systems.
This exception is one of the worst features of E-FOIA and is likely to become the last
refuge of a rogue or a lazy FOIA officer.
So whether the files are disclosable or not, the first task would be to collect all of
the files from all of the computers used by those in the senior executive service.
Depending on the nature of the departments computer network, that could require a
computer-by-computer review. And although cookie, history and bookmark files are
relatively small, caches can contain many megabytes worth of files.
I expect that some agenciesand surely Justicewill try to use the procedural
I doubt that the argument will work, at least for narrowly focused requests. It will be
hard to argue that retrieving one or even 10 history files will significantly interfere
Federal employees should think about the trail they leave when surfing the Internet at
work. Browsers give users tools to control the information maintained in bookmark, cookie
and history files as well as caches. Any federal employee doing something on the Net that
would not look good in a Washington Post article should learn how to use those tools.
On the other side, enterprising reporters should make their FOIA requests before too
many federal employees learn how to hide their Internet trails. It may be a race to see
who can act first, the requesters or the erasers.
Robert Gellman, former chief counsel to the House Government Operations
Subcommittee on Information, Justice, Transportation and Agriculture, is a Washington
privacy and information policy consultant. His e-mail address is email@example.com.