One defining element of access laws is an agency must have real or constructive possession of records before they can be deemed subject to the statute. The terms used in the federal Freedom of Information Act (FOIA) are "custody and control." The U.S. Supreme Court has ruled that this means an agency must have actual custody of the records or must exercise ultimate authority over their disposition.
In two FOIA disputes decided the same day in 1980, the court set out the guidance that has been followed ever since. In Forsham vs. Harris, a medical group disagreed with the findings of a study conducted at the University of Pittsburgh under a grant from the National Institutes of Health (NIH). The group requested the raw data upon which the study's conclusions were based. Under the terms of the grant, NIH had a right of possession to the data, but had never exercised that right and apparently had no intention of doing so. The court ruled that the data was not an agency record because "an agency must first either create or obtain a record as a prerequisite to it becoming an 'agency record' within the meaning of the FOIA."
The second case has a more interesting set of facts -- a point which has become increasingly important, since the decision in the case may be limited by its unique circumstances. It dealt with a request from the Reporters Committee for Freedom of the Press for access to Henry Kissinger's papers generated while he was national security advisor in the Nixon administration. When Kissinger became secretary of state, he took these papers with him to that agency. He then negotiated a deal with the Library of Congress to donate the records, with specific restrictions on when they would be made public. By the time this disposition was discovered by the press, the records had already been sent to the library. Essentially, the request instructed the State Department to negate Kissinger's arrangement with the library, retrieve the documents and process them under FOIA. The Supreme Court rejected that argument, finding that Kissinger's records as national security advisor were not subject to FOIA because the office of the president is not an agency for FOIA purposes, and since the State Department never exercised any authority over the records, it had no obligation to retrieve them, even if the records had been improperly removed in the first place. The court pointed out that "the papers were not in the control of the State Department at any time. They were not generated in the State Department. They never entered the State Department's files, and they were not used by the department for any purpose."
These principles were modified slightly in 1989, when the court noted that records became the property of an agency whenever they came into the possession of that agency during the regular course of business.
Electronic Issues In A Paper World
All three Supreme Court cases addressed paper records. But electronic formats are beginning to play havoc with legislative terms designed to resolve issues in a paper world. Possession becomes a considerably stickier question when records are networked or at least subject to use without physical possession.
Two recent cases have challenged what many assumed were the bedrock principles of custody and control established in the Forsham and Kissinger cases. And, not surprisingly, they both deal with electronic records, although not in a particularly cutting-edge fashion.
The first, Burka vs. Dept. of Health and Human Services, 87 F.3d 508 (D.C. Cir. 1996), dealt with access to a database of responses to a questionnaire on teen smoking. The database had been created by a contractor working for the National Cancer Institute (NCI), and the contractor had physical possession of the database at all times. But the U.S. Court of Appeals for the District of Columbia Circuit found that NCI exercised considerable control over how the database was created and used, that its staff had used the data, and that the contract called for the data to be given to NCI at the end of the contract.
Burka was followed by Chicago Tribune Company vs. Dept. of Health and Human Services. There, data from a government-sponsored project concerning breast cancer treatment was given to an NCI contractor for re-analysis after one of the project's participating physicians admitted allowing patients into the study who did not fit the eligibility criteria. NCI instructed the contractor to re-analyze the data after the fraudulent data had been removed, with an eye to confirming the study's original conclusions. A federal magistrate judge in Chicago took a great deal of care going over case law on possession and custody. She concluded that Kissinger did not stand for the proposition that an agency must physically possess the records at issue, but indicated that records could be constructively possessed by an agency if it exercised a significant control over their creation and use. Relying on Burka, the magistrate judge concluded that NCI had controlled the contractor's use of the records.
What has been most interesting about the Burka and Chicago Tribune cases is they have successfully challenged what appeared to be an accepted tenet of the law -- that an agency must have actual possession of records before it is required to process them in response to an FOIA request. Although Burka and Chicago Tribune dealt with computer records, they did not involve more speculative issues such as networked records. Nevertheless, the principles established in the two cases provide a strong basis on which to construct guidance on records not in the custody or control of the agency.
Whose Records Are They?
Another basic concept of access laws is that non-governmental entities should not be used to hide records that are essentially governmental. In other words, agencies cannot create a legal pretense that clearly public records -- like property records or initial arrest records -- are actually private, because their maintenance is performed under contract with a private company. If such record maintenance is contracted out, the obligations under the applicable access laws must follow, regardless of whether they are part of the contract or not.
That said, suppose an agency contracts with a private company to gather non-identifying statistical information, digitize that information, analyze it and then draw conclusions based on the analysis. All the records are in the physical possession of the contractor, but the electronic information is accessible through a computer hook-up from the agency. Agency personnel review the data on a regular basis and even have the ability to make corrections or changes. E-mail messages go back and forth concerning the methodology for analysis and the shape of the conclusions. The contractor writes the report and continues to maintain the data on site. Whose records are they?
Although these records are in the physical possession of the contractor, they are without any doubt agency records, even though they have never left the contractor's facility. In the electronic world, the concept of possession may break down, or, perhaps more appropriately, expand considerably.
One other problem that has been addressed already, but not to any great extent, is the issue of possession of networked databases. Another hypothetical: A government employee subscribes to a listserver because its content is pertinent to his or her work and the messages posted tend to be a good source of recent developments. The employee does not post himself, but occasionally downloads messages and, even when the information is not downloaded, often uses the information in memos prepared for agency use. The question is: Are the messages on the listserver agency records because they have come into the agency's possession during the normal course of business? Can a requester ask for the contents of the listserver? It is clear that the messages that are downloaded are agency records, although they may be exempt for one reason or another. It is less clear whether the contents of the listserver are agency records based solely on the participation of an agency employee in the list.
Several years ago, the Michigan attorney general answered this question in part -- although the factual pattern is somewhat different. Responding to a request for guidance from an agency which had access to a database maintained by another agency and used by a number of agencies, the attorney general said the database belonged to the agency or agencies that created and maintained it, and that merely because an agency had access to it did not mean the agency had an access obligation to disclose it. But the attorney general pointed out that once the agency downloaded all or part of the database, it became an agency record subject to disclosure.
The courts, and most agencies as well, have had little or no experience implementing some of these concepts in an electronic environment. But the day is fast approaching when these issues will need to be addressed. Those who will be making those decisions need to begin thinking about these issues now in an attempt to keep ahead of an accelerating curve.
Harry Hammitt is editor/publisher of Access Reports, a newsletter published in Lynchburg, Va., covering open government laws and information policy issues. E-mail: <75111.743@ compuserve.com>.
August Table of Contents