In two FOIA disputes decided the same day in 1980, the court set out the guidance that has been followed ever since. In Forsham vs. Harris, a medical group disagreed with the findings of a study conducted at the University of Pittsburgh under a grant from the National Institutes of Health (NIH). The group requested the raw data upon which the study's conclusions were based. Under the terms of the grant, NIH had a right of possession to the data, but had never exercised that right and apparently had no intention of doing so. The court ruled that the data was not an agency record because "an agency must first either create or obtain a record as a prerequisite to it becoming an 'agency record' within the meaning of the FOIA."
These principles were modified slightly in 1989, when the court noted that records became the property of an agency whenever they came into the possession of that agency during the regular course of business.
Electronic Issues In A Paper World
All three Supreme Court cases addressed paper records. But electronic formats are beginning to play havoc with legislative terms designed to resolve issues in a paper world. Possession becomes a considerably stickier question when records are networked or at least subject to use without physical possession.
Two recent cases have challenged what many assumed were the bedrock principles of custody and control established in the Forsham and Kissinger cases. And, not surprisingly, they both deal with electronic records, although not in a particularly cutting-edge fashion.
The first, Burka vs. Dept. of Health and Human Services, 87 F.3d 508 (D.C. Cir. 1996), dealt with access to a database of responses to a questionnaire on teen smoking. The database had been created by a contractor working for the National Cancer Institute (NCI), and the contractor had physical possession of the database at all times. But the U.S. Court of Appeals for the District of Columbia Circuit found that NCI exercised considerable control over how the database was created and used, that its staff had used the data, and that the contract called for the data to be given to NCI at the end of the contract.
Burka was followed by Chicago Tribune Company vs. Dept. of Health and Human Services. There, data from a government-sponsored project concerning breast cancer treatment was given to an NCI contractor for re-analysis after one of the project's participating physicians admitted allowing patients into the study who did not fit the eligibility criteria. NCI instructed the contractor to re-analyze the data after the fraudulent data had been removed, with an eye to confirming the study's original conclusions. A federal magistrate judge in Chicago took a great deal of care going over case law on possession and custody. She concluded that Kissinger did not stand for the proposition that an agency must physically possess the records at issue, but indicated that records could be constructively possessed by an agency if it exercised a significant control over their creation and use. Relying on Burka, the magistrate judge concluded that NCI had controlled the contractor's use of the records.
What has been most interesting about the Burka and Chicago Tribune cases is they have successfully challenged what appeared to be an accepted tenet of the law -- that an agency must have actual possession of records before it is required to process them in response to an FOIA request. Although Burka and Chicago Tribune dealt with computer records, they did not involve more speculative issues such as networked records. Nevertheless, the principles established in the two cases provide a strong basis on which to construct guidance on records not in the custody or control of the agency.
Whose Records Are They?
Another basic concept of access laws is that non-governmental entities should not be used to hide records that are essentially governmental. In other words, agencies cannot create a legal pretense that clearly public records -- like property records or initial arrest records -- are actually private, because their maintenance is performed under contract with a private company. If such record maintenance is contracted out, the obligations under the applicable access laws must follow, regardless of whether they are part of the contract or not.
That said, suppose an agency contracts with a private company to gather non-identifying statistical information, digitize that information, analyze it and then draw conclusions based on the analysis. All the records are in the physical possession of the contractor, but the electronic information is accessible through a computer hook-up from the agency. Agency personnel review the data on a regular basis and even have the ability to make corrections or changes. E-mail messages go back and forth concerning the methodology for analysis and the shape of the conclusions. The contractor writes the report and continues to maintain the data on site. Whose records are they?
Although these records are in the physical possession of the contractor, they are without any doubt agency records, even though they have never left the contractor's facility. In the electronic world, the concept of possession may break down, or, perhaps more appropriately, expand considerably.
One other problem that has been addressed already, but not to any great extent, is the issue of possession of networked databases. Another hypothetical: A government employee subscribes to a listserver because its content is pertinent to his or her work and the messages posted tend to be a good source of recent developments. The employee does not post himself, but occasionally downloads messages and, even when the information is not downloaded, often uses the information in memos prepared for agency use. The question is: Are the messages on the listserver agency records because they have come into the agency's possession during the normal course of business? Can a requester ask for the contents of the listserver? It is clear that the messages that are downloaded are agency records, although they may be exempt for one reason or another. It is less clear whether the contents of the listserver are agency records based solely on the participation of an agency employee in the list.
Several years ago, the Michigan attorney general answered this question in part -- although the factual pattern is somewhat different. Responding to a request for guidance from an agency which had access to a database maintained by another agency and used by a number of agencies, the attorney general said the database belonged to the agency or agencies that created and maintained it, and that merely because an agency had access to it did not mean the agency had an access obligation to disclose it. But the attorney general pointed out that once the agency downloaded all or part of the database, it became an agency record subject to disclosure.
The courts, and most agencies as well, have had little or no experience implementing some of these concepts in an electronic environment. But the day is fast approaching when these issues will need to be addressed. Those who will be making those decisions need to begin thinking about these issues now in an attempt to keep ahead of an accelerating curve.
Harry Hammitt is editor/publisher of Access Reports, a newsletter published in Lynchburg, Va., covering open government laws and information policy issues. E-mail: <75111.743@ compuserve.com>.
August Table of Contents