information the subcommittee was able to extract from the Department of the Interior. The need to proceed with publishing the survey results precluded the subcommittee from waiting any longer for a satisfactory response. Another even more disturbing example is the General Services Administration. First asked to respond to the survey in late 1970, the General Services Administration submitted a partial response in 1971. When, by the fall of 1972, the rest of the response had not been submitted, the chairman wrote again and requested a complete response to the survey questionnaire which asked for a description of both present and proposed systems.79 The General Services Administration's grudging reply reported "two GSA programs which may be of interest to you." Unknown and undisclosed to the Constitutional Rights Subcommittee or any other Congressional body, the General Services Administration was at that time (mid-1972) preparing to set up a massive computerized data bank known as FEDNET (also known as "New Equipment Program" and by a variety of other pseudonyms). This giant FEDNET system is designed to centralize the data processing and telecommunications operations of an unlimited number of Federal agencies, beginning with the Agriculture Department. FEDNET is, in short, a reincarnation of the National Data Center which, as discussed above, the executive branch was forced to abandon in the late 1960's because of strenuous public and Congressional opposition on privacy grounds. Although, for much the same reasons, FEDNET, per se, may well be similarly abandoned, the concept of a national data bank appears to live on. What is most instructive for the purposes of this study of Federal Data Banks and Constitutional Rights, is the General Services Administration's carefully guarded attempts to set up this system. Neither in response to the subcommittee survey nor in response to questions posed at Congressional oversight and appropriations hearings did the General Services Administration even mention its plans for the massive FEDNET national data bank. The General Services Administration's proposed creation of FEDNET points up the unfortunate fact that all too many Federal agencies tend to understate, if not outright hide, their data banks. The voluntary nature of this survey necessarily reflects this understatement and tendency to obfuscate. Nevertheless the varying degrees of thoroughness and candor displayed by the 54 agencies surveyed do serve a useful purpose in dramatizing the need for legislation to overcome this apparent reluctance on the part of Federal agencies to disclose to the Congress and the American people the nature and scope of their data banks containing personal information about individuals. Number of Records It is impossible to state precisely the number of individuals represented in the 858 reported data banks. As the figures in Table 1 demonstrate, information on the number of subjects in roughly 11 percent of the data banks is not available from the survey responses nor from any other readily accessible source. The 765 data banks for 79 A number of agencies such as the Veterans Administration submitted helpful information regarding proposed systems, as well as existing data banks which information about the number of records is available contain at least 1,245,699,494 records on individuals. The Federal data banks reported in the survey vary in size from a manual security clearance file containing ten records maintained by the Air Force Special Weapons Center to the Department of Commerce's computerized Decennial Census data bank containing 204,000,000 records. Computerization As the figures in Table 1 indicate, over 86 percent of the reported data banks are computerized. It is interesting to note that many of the more sensitive dossiers which pose the most serious dangers to individuals are kept in manual files, perhaps because the information is thought to be too sensitive to be entrusted to computers. Nevertheless, the trend appears to be toward more and more computerization of all types of government files in the future. Categories of Data Banks Table 2 summarizes the subcommittee staff's categorization of the 858 data banks into three major types: Administrative, Evaluative and Statistical. These three categories reflect the most common general purposes for which data banks are created: Administrative. These data banks were established to assist Statistical. These data banks were established to collect information about groups of subjects for management and planning purposes. The Decennial Census data bank maintained by the Department of Commerce is typical of this category. These categories are, of course, not necessarily mutually exclusive. In many cases it was necessary to make subjective judgments regarding the predominate type and purpose of various data banks. The figures in Table 2 show that most, roughly 69 percent, of the data banks are predominately Administrative. The Evaluative and Statistical categories each account for only about 15 percent and 16 percent, respectively of the 858 data banks reported in the survey. Blacklists At least 29 of the reported data banks appear to have been established to collect derogatory information about various sorts of "bad actors," individuals singled out for special treatment by Federal agencies. Over three-quarters of these files are computerized. They include: The Army's Worldwide Automated Military Police Operations and Information System; the Department of Housing and Urban Development's Debarred Bidders List; the Federal Communications Commission's Checklist; the Securities and Exchange Commission's Name and Relationship System; the State Department's Passport Lookout File; and the Department of Transportation's Deterrence of Air Piracy System, as well as the National Driver Register. The Department of Justice accounts for seven of these computerized "blacklists." including the Internal Security Division's files on "Civil Disobedience"; the Organized Crime Intelligence System; the Federal Bureau of Investigation's National Crime Information Center Wanted Persons file; as well as the FBI Known Professional Check Passer files and the three Law Enforcement Assistance Administration funded state-run files on Wanted Persons, Organized Crime and Civil Disorders. The Treasury Department maintains eight such computerized files: the Customs Bureau's TECS/CADPIN system, the four Internal Revenue Service Intelligence files, as well as the Secret Service files. Less than a quarter of these blacklists are kept in manual dossiers. They include: The Office of the Inspector General file in the Department of Agriculture; the Air Force's Unfavorable Information files; the Army's Counter-Intelligence Analysis Division files; the Internal Revenue Service's Special Service Staff files; the Federal Deposit Insurance Corporation's Section 8 and 19 files; the General Services Administration's Debarred Bidders Lists and the Small Business Administration's Investigative Records of so-called "character checks" on dubious applicants. No doubt there are many others. In addition to the files of individuals who are to be watched carefully in expectation of wrong-doing, there are numerous other files containing derogatory information which could be used to discriminate against the file subjects. Various files of drug addicts, such as the Department of Justice Drug Enforcement Administration's computerized Addict Files and the Special Action Office for Durg Abuse Prevention's computerized CODAP System, are examples of this type of file. They are not intended to be used against individual subjects, but nevertheless contain data which could be used to the detriment of file subjects. One other file of this general type also deserves special mention. It is the Defense Supply Agency's Security Files and Records, the index to which was in the process of being computerized at the time of the survey response (1970). This data bank was apparently set up to collect the records of allegations of wrong-doing which were later determined to be unfounded. Such a file of unsubstantiated charges of misconduct clearly could be used to the detriment of the exonerated subject individuals. Moreover, this analysis does not include the Army surveillance files which the Department of Defense destroyed in response to a lengthy Constitutional Rights Subcommittee investigation of military surveillance of civilian political activities. 80 The subcommittee's investigation discovered that in 1970 several hundreds of thousands of these political surveillance files were maintained by the Army. A large proportion of them were computerized. In addition, untold numbers of local surveillance files were maintained at lower levels of command. 80 For a complete description of the Army surveillance files see Hearings on Federal Data Banks, Computers and the Bill of Rights Before the Subcommittee on Constitutional Rights of the Senate Committee on the Judiciary, 92d Cong., 1st Sess., Part II (1971); Staff of the Subcommittee on Constitutional Rights of the Senate Committee on the Judiciary, 92d Cong., 2d Sess., Army Surveillance of Civilians: A Documentary Analysis (Comm. Print 1972); and Subcommittee on Constitutional Rights of the Senate Committee on the Judiciary, 93d Cong., 1st Sess. Military Surveillance of Civilian Politics (Comm. Print 1973). Statutory Authority Among the most important aspects of the subcommittee's survey of Federal data banks is its inquiry into the extent to which governmental information systems are authorized by explicit Congressional enactment. The subcommittee's inquiry into the statutory authority for various files on individuals maintained by Federal agencies is important in providing information regarding not only the legality of the systems, but also the availability of Congressional oversight and control. Moreover, the more explicit the legislation authorizing a given data system, the more clearly defined are the standards for evaluating the system. It is highly troubling, therefore, to find that 84 percent of the 544 data bank responses analyzed 81 are unable to cite explicit statutory authority. Fully 18 percent cite no statutory authority whatsoever. Table 3 summarizes the survey's overall findings regarding statutory authority. The four categories used in the table reflect variations in explicitness of legislative authorization. The express statutory authority category comprises the 87 data bank responses (16 percent of the total) which are able to cite a specific Federal statute explicitly authorizing a data bank to implement a specific program assigned by statute to the agency. The National Driver Register maintained by the Department of Transportation is a good example of a data bank which is specifically mandated by legislation. Another noteworthy example in this category is the Internal Revenue Service's Statistics of Income data bank which a Federal statute not only authorizes but requires. A number of legislative proposals would make such express statutory authority mandatory for all Federal data banks. In the category of derivative statutory authority are all those data banks which are considered essential to or necessarily required by specific programs which themselves derive from an express statutory mandate. Approximately 21 percent of the 544 responses analyzed fall into this category. Examples are the Department of Commerce's National Defense Executive Reserve data bank and the various files kept by the Railroad Retirement Board. Implied statutory authority provides considerably weaker justification for the establishment of data banks. In this category fall those data banks which, although not absolutely necessary, are thought_to be useful in carrying out a program set up by specific legislation. By far the largest number of data banks, fully 45 percent of the responses analyzed, cite implied statutory authority. Examples of this type of impliedly authorized data banks are ten of the thirteen data banks established by the Office of Economic Opportunity. The responses for these ten OEO data banks cite the agency's broad legislative mandate to "evaluate poverty" as statutory authority for data banks focusing on health, day care, education and the New Jersey negative income tax experiment. The Special Action Office for Drug Abuse Prevention cites somewhat stronger implied statutory authority for the CODAP system. The category which causes by far the greatest concern is that which comprises the 96 data banks (18 percent of those responding) for which the agencies cite no statutory authority whatsoever. Some of 81 Because of the volume and repetitiousness of the 382 responses relating to the Army's Administrative and Statistical data banks, only 68 representative data banks out of the 382 have been included in this subcommittee analysis. the agencies failed to answer the question relating to statutory authority. In regard to three of its Central Files, the White House replied that the question regarding statutory authority was "not applicable." There is considerable variety in the files which lack statutory authorization. But one type recurs in a number of agenciesthe Minority Group Statistics files for which the agencies cite various Executive Orders, Civil Service Commission regulations and Equal Employment Opportunity Commission guidelines, but no Federal statute. Subject Notification and Review Among the most worrisome of the Federal Government's recordkeeping practices is the maintenance of secret data banks and dossiers on unsuspecting individuals. The results of the survey demonstrate the widespread failure of Government agencies to notify subject individuals that personal information about them is being kept in Federal data banks. Over 42 percent of the 469 responses providing information state that subject individuals are not notified of their inclusion. Table 4 summarizes the survey's findings regarding the notification. of subjects that records about them are being kept in a data bank. Responses for roughly 14 percent of the 544 data banks analyzed 82 provide no information about subject notification. Of the 469 data bank responses which do provide information about subject notification, 199 (over 42 percent) report that subjects were given no notice of any kind that information about them is being kept in a data bank. Virtually all of the intelligence files, such as the Department of Justice Internal Security Division files, do not notify subjects of their inclusion. Responses from other data banks such as the Commerce Department's Executive Reserve, half of the Securities and Exchange Commission data banks, and the White House Talent Bank also report that the agencies fail to notify subjects in any way. In a number of cases, the agencies surveyed state that, although they do not expressly notify subjects of their inclusion in a data bank, subjects should infer their inclusion in a data bank from their dealings with the agency. Of the 469 data bank responses providing information, over a quarter (27 percent) fall into this category. Examples are the Veterans Administration systems which send computerized benefit checks to beneficiaries. A number of other agencies, such as the Selective Service System, state that because individual subjects provide most of the information, they can be expected to infer that the data collected will be placed in a data bank. Some agencies do expressly notify subjects of their inclusion in a data bank. Out of the 469 data bank responses which provide information about notification, under a third (30 percent) state that they expressly notify subjects that information about them will be placed in a data bank. Various means of notification are used, from the Internal Revenue Service's inclusion of a note about the computerized master file on Income Tax forms to the unique procedure of notification by press release employed by the Securities and Exchange Commission. Table 5 summarizes the survey responses regarding the opportunities for subjects to review their own files. Responses for roughly 16 percent of the 544 analyzed data banks fail to provide information about 82 See footnote p. 35. |