Computer underground Digest Wed Apr 14 1993 Volume 5 : Issue 27 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Cooyp Editor: Etaoin Shrdlu, Senior CONTENTS, #5.27 (Apr 14 1993) File 1--EFF and CPSR testimony against 18 USC 1030 Sent. Revisions File 2--CPSR Comments on 1030 Guidelines File 3--EFF Response to Proposed Sentencing Guidelines File 4--LEGISLATIVE DATA ONLINE -- AB1624 needs support File 5--AB1624 MANDATES ONLINE PUBLIC ACCESS TO LEGISLATIVE RECORDS File 6--Some comments on AB1624 re online legislative access File 7--AB1624 UPDATE#1--Making Leg. Data available Online Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL0 and DL12 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG WHQ) 203-832-8441 NUP:Conspiracy CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in Luxembourg BBS (++352) 466893; ANONYMOUS FTP SITES: UNITED STATES: ftp.eff.org (192.88.144.4) in /pub/cud uglymouse.css.itd.umich.edu (141.211.182.53) in /pub/CuD/cud halcyon.com( 202.135.191.2) in /pub/mirror/cud AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. EUROPE: nic.funet.fi in pub/doc/cud. (Finland) ftp.warwick.ac.uk in pub/cud (United Kingdom) Back issues also may be obtained through mailservers at: mailserv@batpad.lgb.ca.us or server@blackwlf.mese.com COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Wed, Apr 12 93 122:12:21 CST From: Moderators Subject: File 1--EFF and CPSR testimony against 18 USC 1030 Sent. Revisions On March 22, '93, the U.S. Sentencing Commission held public hearings for input on revision in federal sentencing guidelines. CuD 5.09 reprinted the proposed revisions, and Jack King (gjk@well.sf.ca.us) wrote the following: The U.S. Dept. of Justice has asked the U.S. Sentencing Commission to promulgate a new federal sentencing guideline, Sec. 2F2.1, specifically addressing the Computer Fraud and Abuse Act of 1988 (18 USC 1030), with a base offense level of 6 and enhancements of 4 to 6 levels for violations of specific provisions of the statute. The new guideline practically guarantees some period of confinement, even for first offenders who plead guilty. For example, the guideline would provide that if the defendant obtained "protected" information (defined as "private information, non-public government information, or proprietary commercial information), the offense level would be increased by two; if the defendant disclosed protected information to any person, the offense level would be increased by four levels, and if the defendant distributed the information by means of "a general distribution system," the offense level would go up six levels. The proposed commentary explains that a "general distribution system" includes "electronic bulletin board and voice mail systems, newsletters and other publications, and any other form of group dissemination, by any means." So, in effect, a person who obtains information from the computer of another, and gives that information to another gets a base offense level of 10; if he used a 'zine or BBS to disseminate it, he would get a base offense level of 12. The federal guidelines prescribe 6-12 months in jail for a first offender with an offense level of 10, and 10-16 months for same with an offense level of 12. Pleading guilty can get the base offense level down by two levels; probation would then be an option for the first offender with an offense level of 10 (reduced to 8). But remember: there is no more federal parole. The time a defendant gets is the time s/he serves (minus a couple days a month "good time"). If, however, the offense caused an economic loss, the offense level would be increased according to the general fraud table (Sec. 2F1.1). The proposed commentary explains that computer offenses often cause intangible harms, such as individual privacy rights or by impairing computer operations, property values not readily translatable to the general fraud table. The proposed commentary also suggests that if the defendant has a prior conviction for "similar misconduct that is not adequately reflected in the criminal history score, an upward departure may be warranted." An upward departure may also be warranted, DOJ suggests, if "the defendant's conduct has affected or was likely to affect public service or confidence" in "public interests" such as common carriers, utilities, and institutions. Based on the way U.S. Attorneys and their computer experts have guesstimated economic "losses" in a few prior cases, a convicted tamperer can get whacked with a couple of years in the slammer, a whopping fine, full "restitution" and one to two years of supervised release (which is like going to a parole officer). (Actually, it *is* going to a parole officer, because although there is no more federal parole, they didn't get rid of all those parole officers. They have them supervise convicts' return to society.) Both the EFF and CPSR submitted objections to the proposed revisions. Their objections follow in the next two files. ------------------------------ Date: Wed, 24 Mar 1993 23:26:20 EST From: Dave Banisar Subject: File 2--CPSR Comments on 1030 Guidelines CPSR COMMENTS ON PROPOSED CHANGES TO COMPUTER CRIME SENTENCING GUIDELINES March 15, 1993 Chairman William W. Wilkins, Jr. US Sentencing Commission One Columbus Circle, NE Suite 2-500 South Lobby Washington, DC 20002-8002 Dear Mr. Chairman: We are writing to you regarding the proposed amendments to sentencing guidelines, policy statements, and commentary announced in the Federal Register, December 31, 1992 (57 FR 63832). We are specifically interested in addressing item 59, regarding the Computer Fraud and Abuse Act of 1988 (18 U.S.C. 1030). CPSR is national membership organization of professionals in the computing field. We have a particular interest in information technology, including the protection of civil liberties and privacy. We have sponsored a number of public conferences to explore the issues involving computers, freedom, and privacy. We have also testified before the House of Representatives and the Senate regarding the federal computer crime law. It is our position that the government must be careful not to extend broad criminal sanctions to areas where technology is rapidly evolving and terms are not well defined. We believe that such efforts, if not carefully considered, may ultimately jeopardize the use of new information technology to promote education, innovation, commerce, and public life. We also remain concerned that criminal sanctions involving the use of information technologies may unnecessarily threaten important personal freedoms, such as speech, assembly, and privacy. It is the experience of the computing profession that misguided criminal investigation and the failure of law enforcement to fully understand the use of computer technology will have a detrimental impact on the entire community of computer users. For example, you may wish to review the recent decision of Steve Jackson Games v. Secret Service, involving a challenge to the government's conduct of a particular computer crime investigation. The court found that the Secret Service's conduct "resulted in the seizure of property, products, business records, business documents, and electronic communications equipment of a corporation and four individuals that the statutes were intended to protect." The court, clearly concerned about the government's conduct, recommended "better education, investigation, and strict compliance with the statutes as written." Clearly, the decisions made by the Sentencing Commission regarding those factors that may increase or decrease a criminal sentence will have an important impact on how computer crime is understood and how the government conducts investigations. We therefore appreciate the opportunity to express our views on the propose changes to the guidelines for 18 U.S.C. 1030. For the reasons stated below, it our belief that the proposed guidelines regarding the Computer Fraud and Abuse Act now under consideration by the Sentencing Commission place emphasis upon the wrong factors, and may discourage the use of computer technology for such purposes as publication, communication, and access to government information. For these reasons, CPSR hopes that the current proposal will not be adopted. The Proposed Guidelines Will have a Chilling Effect on Constitutionally Protected Activities The proposed amendment would treat as an aggravating factor the alteration, obtaining, or disclosure of "Protected information." This term is defined in the proposed guidelines as "private information, non-public government information, or proprietary commercial information." The term is nowhere mentioned in the statute passed Congress. We oppose this addition. It has been the experience of the computer profession that efforts to create new categories of information restriction invariably have a chilling impact on the open exchange of computerized data. For example, National Security Decision Directive 145, which gave the government authority to peruse computer databases for so-called "sensitive but unclassified information," was widely opposed by the computing community, as well as many organizations including the Information Industry Association and the American Library Association. The reason was that the new designation allowed the government to extend classification authority and to restrict the free flow of information and ideas. Clearly, this proposal to increase the sentence for a violation of a particular federal statute is not as sweeping as a Presidential order. Nonetheless, we believe that the problems posed by efforts to create new categories of computer-based information for the purpose of criminal sentencing will raise similar concerns as did NSDD-145. It is not in the interest of those who rely on information systems for the purpose of public dissemination to encourage the development of such classifications. The proposed guidelines would also treat as an aggravating factor the alteration of public record information. This proposal may go directly against efforts to promote public access to electronic information and to encourage the use of computer networks for the conduct of government activities. For example, computer bulletin boards have been established by agencies, such as the Department of Commerce and Environmental Protection Agency, precisely for the purpose of encouraging public use of on-line services and to facilitate the administration of agency business. Much of the problem may well be with the use of the term "alter" without any further discussion of the nature of the alteration. Computer systems are by nature interactive. Any user of a computer system "alters" the data on the system. System operators may control the status of a particular file by designating it as a "read only" file or a "read-write" file. When a file is "read only," a user may access the file but is technically unable to alter the files contents. However a file that is "read-write" may allow users to both review files and to alter them. Certainly, there are many other factors that relate to computer system security, but this particular example demonstrates that in many instances altering a public file may in fact be the intended outcome of a system operator. Failing to distinguish between permissible and impermissible alterations of a computer file in the sentencing guidelines misses entirely the operation of many computer systems. The proposed amendment would also discourage the publication of information in electronic environments. The amendment recommends that the sentence be increased by 4 levels where "the defendant disclosed protected information to any person" and by six levels where "the defendant disclosed protected information to the public by means of a general distribution system." Both of these proposals would punish the act of publication where there is no economic advantage to the defendant nor any specific harm indicated. Such provisions could be used to discourage whistle-blowing in the first instance, and subsequent dissemination of computer messages by system operators in the second. For this reason, we strongly oppose the inclusion of comment 10 which states that a "general distribution system" includes electronic bulletin boards and voice mail systems. This particular comment could clearly have a chilling effect on operators of electronic bulletin boards who may become reluctant to disseminate information where such dissemination could be considered an aggravating factor for the purpose of the federal computer crime law. Current guidelines It is our view that the current guidelines are a reasonably fair articulation of the specific harms that might warrant additional stringency, at least in the area of computer crime. We believe that it is appropriate to impose additional sanction where there is "more than minimal planning" or "scheme to defraud more than one victim," as currently stated in the Guidelines. One of our concerns with the application of 18 U.S.C. 1030 after the decision in U.S. v. Morris, 928 F.2d 504 (2d Cir. 1991) is that the provision does not adequately distinguish between those acts where harm is intended and those where it is not. For this reason, provisions in the sentencing guidelines which help to identify specific harms, and not simply the disclosure of computerized information, may indeed be helpful to prosecutors who are pursuing computer fraud cases and to operators of electronic distribution systems. For similar reasons, we support the current $2F1.1(4) which allows an upward departure where the offense involves the "conscious or reckless risk of serious bodily injury." Again, it is appropriate to impose a greater penalty where there is risk of physical harm The Commission may wish to consider at some future date a provision which would allow an upward departure for the disclosure of personally identifiable data that is otherwise protected by federal or state statute. We believe that privacy violations remain an important non-economic harm that the Commission could address. For instance, the disclosure of credit reports, medical records, and criminal history records, by means of an unauthorized computer use (or where use exceeds authorization) may be an appropriate basis for the imposition of additional sanctions. We suggest that the Commission also consider whether a downward departure may be appropriate for those defendants who provide technical information about computer security that may diminish the risk of subsequent violations of the computer fraud statute. Such a provision may lead to improvements in computer security and the reduced likelihood of computer-related crime. We recognize that the Commission is currently considering factors that should be considered in the imposition of federal sentencing, and that this process should not be equated with the creation of new criminal acts. Nonetheless, the decisions of the Commission in this area may well influence subsequent legislation, and the ability of computer users to make use of information systems, to access government information, and to disseminate electronic records and files. It is for these reasons that we hope the Sentencing Commission will give careful consideration as to potential impact on the user community of these proposed changes to the federal sentencing guidelines. We appreciate the opportunity to provide these comments to the Commission and would be pleased to answer any questions you might have. Please contact me directly at 202/544-9240. Sincerely yours, Marc Rotenberg, director CPSR Washington office Enclosure ------------------------------ Date: Mon, Mar 22 92 22:50:29 PST From: Cliff Figallo Subject: File 3--EFF Response to Proposed Sentencing Guidelines March 15, 1993 United States Sentencing Commission One Columbus Circle, NE Suite 2-500, South Lobby Washington, DC 20002-9002 Attention: Public Information Re: Proposed Amendment #59 to the Sentencing Guidelines for United States Courts, which creates a new guideline applicable to violations of the Computer Fraud and Abuse Act of 1988 (18 U.S.C. 1030) Dear Commissioners: The Electronic Frontier Foundation (EFF) writes to state our opposition to the new proposed sentencing guideline applicable to violations of the Computer Fraud and Abuse Act of 1988, 18 U.S.C. 1030 (CFAA). We believe that, while the proposed guideline promotes the Justice Department's interest in punishing those who engage in computer fraud and abuse, the guideline is much too harsh for first time offenders and those who perpetrate offenses under the statute without malice aforethought. In addition, promulgation of a sentencing guideline at the present time is premature, as there have been very few published opinions where judges have issued sentences for violations of the CFAA. Finally, in this developing area of the law, judges should be permitted to craft sentences that are just in relation to the facts of the specific cases before them. The Proposed Guideline Is Too Harsh. The proposed CFAA sentencing guideline, with a base offense level of six and innumerable enhancements, would impose strict felony liability for harms that computer users cause through sheer inadvertence. This guideline would require imprisonment for first time offenders who caused no real harm and meant none. EFF is opposed to computer trespass and theft, and we do not condone any unauthorized tampering with computers -- indeed, EFF's unequivocal belief is that the security of private computer systems and networks is both desirable and necessary to the maintenance of a free society. However, it is entirely contrary to our notions of justice to brand a computer user who did not intend to do harm as a felon. Under the proposed guideline, even a user who painstakingly attempts to avoid causing harm, but who causes harm nonetheless, will almost assuredly be required to serve some time in prison. The proposed guideline, where the sentencing judge is given no discretion for crafting a just sentence based on the facts of the case, is too harsh on less culpable defendants, particularly first time offenders. As the Supreme Court has stated, the notion that a culpable mind is a necessary component of criminal guilt is "as universal and persistent in mature systems of law as belief in freedom of the human will and a consequent ability and duty of the normal individual to choose between good and evil." Morissette v. United States, 342 U.S. 246, 250 (1952). In the words of another court, "[u]sually the stigma of criminal conviction is not visited upon citizens who are not morally to blame because they did not know they were doing wrong." United States v. Marvin, 687 F.2d 1221, 1226 (8th Cir. 1982), cert. denied, 460 U.S. 1081 (1983). There Is Not Yet Enough Caselaw to Warrant a Guideline. The Sentencing Commission itself has recognized the importance of drafting guidelines based on a large number of reported decisions. In the introduction to the Sentencing Commission's Guidelines Manual, the Commission states: The Commission emphasizes that it drafted the initial guidelines with considerable caution. It examined the many hundreds of criminal statutes in the United States Code. It began with those that were the basis for a significant number of prosecutions and sought to place them in a rational order. It developed additional distinctions relevant to the application of these provisions, and it applied sentencing ranges to each resulting category. In doing so, it relied upon pre-guidelines sentencing practice as revealed by its own statistical analyses based on summary reports of some 40,000 convictions, a sample of 10,000 augmented pre-sentence reports, the parole guidelines, and policy judgments. United States Sentencing Commission, Guidelines Manual, Chap. 1, Part A (1991). At the present time, there are only five reported decisions that mention the court's sentencing for violations of the Computer Fraud and Abuse Act. See, United States v. Lewis, 872 F.2d 1030 (6th Cir. 1989); United States v. Morris, 928 F.2d 504 (2d Cir. 1991), cert. denied, 112 S. Ct. 72 (1991); United States v. Carron, 1991 U.S. App. LEXIS 4838 (9th Cir. 1991); United States v. Rice, 1992 U.S. App. LEXIS 9562 (1992); and United States v. DeMonte, 1992 U.S. App. LEXIS 11392 (6th Cir. 1992). New communications technologies, in their earliest infancy, are becoming the subject of precedent-setting litigation. Overly strict sentences imposed for computer-related fraud and abuse may have the effect of chilling these technologies even as they develop. Five decisions are not enough on which to base a guideline to be used in such an important and growing area of the law. The Commission itself has recognized that certain areas of federal criminal law and procedure are so new that policy statements, rather than inflexible guidelines, are preferable. See, e.g., United States Sentencing Commission, Guidelines Manual, Chap. 7, Part A (1990) (stating the Commission's choice to promulgate policy statements, rather than guidelines, for revocation of probation and supervised release "until federal judges, probation officers, practitioners, and others have the opportunity to evaluate and comment. . . ."). A flexible policy statement, rather than a specific sentencing guideline, is a more appropriate way to handle sentencing under the Computer Fraud and Abuse Act until there has been enough litigation on which to base a guideline. Judges Must Be Permitted to Craft Their Own Sentences for Cases Involving Special Circumstances. Individual sentencing decisions are best left to the discretion of the sentencing judge, who presumably is most familiar with the facts unique to each case. To promulgate an inflexible sentencing guideline, which would cover all crimes that could conceivably be prosecuted under the Computer Fraud and Abuse Act, is premature at this time. As discussed above, there have only been five reported decisions where the Computer Fraud and Abuse Act has been applied. In three of these reported CFAA cases, the judges involved used their discretion and fashioned unique sentences for the defendants based on the special facts of the case. See, Morris, 928 F.2d at 506 (where the judge placed Defendant Morris on probation for three years to perform 400 hours of community service, ordered him to pay fines of $10,050, and ordered him to pay for the cost of his supervision at a rate of $91 a month); Carron at 3 (where the judge found that Defendant Carron's criminal history justified a sentence of 12 months incarceration followed by 12 months of supervised release and restitution to the two injured credit card companies); and DeMonte at 4 (where the trial court judge held that Defendant DeMonte's "extraordinary and unusual level of cooperation" warranted a sentence of three years probation with no incarceration). Judges must be permitted to continue fashioning sentences that are just, based on the facts of a specific case. Computer communications are still in their infancy. Legal precedents, particularly the application of a sentencing guideline to violations of the Computer Fraud and Abuse Act, can radically affect the course of the computer technology's future, and with it the fate of an important tool for the exchange of ideas in a democratic society. When the law limits or inhibits the use of new technologies, a grave injustice is being perpetrated. The Electronic Frontier Foundation respectfully asks the Commission to hold off promulgating a sentencing guideline for the Computer Fraud and Abuse Act until there are enough prosecutions on which to base a guideline. Thank you in advance for your thoughtful consideration of our concerns. We would be pleased to provide the Commission with any further information that may be needed. Sincerely yours, Shari Steele Staff Attorney The Electronic Frontier Foundation is a privately funded, tax-exempt, nonprofit organization concerned with the civil liberties, technical and social problems posed by the applications of new computing and telecommunications technology. Its founders include Mitchell Kapor, a leading pioneer in computer software development who founded the Lotus Development Corporation and developed the Lotus 1-2-3 Spreadsheet software. ------------------------------ Date: Mon, 12 Apr 1993 09:21:42 -0700 From: Jim Warren Subject: File 4--LEGISLATIVE DATA ONLINE -- AB1624 needs support A bill has been introduced to require almost all legislative information to be made "available to the public by means of access through a computer modem" --including full text of all bills, amendments, bill analyses, bill history, bill status, veto messages, daily files of each house of the legislature, each house and committee schedule, etc. For the first time, citizens, reporters, community and interest groups, unions, corporations, city and county staff, attorneys, etc., could have *timely* and *economical* access to legislation-in-progress that impacts them. Like Hawaii's FYI system, AB1624 offers leadership for those states [and Congress] not yet providing timely, *economical*, online citizen access to their legislatures. This California bill was introduced March 4th by State Assembly Member Debra Bowen (D-Torrance/Marina del Rey area). The legislative information is already online internally, and is sold to a few high-priced information-distributors for $300,000-$500,000 per year. So far, -- like books in a millionaire's private library -- only well-funded lobbyists and special interests can afford the high per-byte and per-minute fees of those few private data-distributors (LegiTech, StateNet, etc.) that functionally monopolize online access to these electronic public records. The FIRST COMMITTEE ACTION will be Monday, 4/19 [new], by the Assembly Rules Committee (Chair: John Burton, D-San Francisco). As few as 20-30 letters and faxes -- BY FRIDAY, APRIL 16th -- would show *significant* support. One page stating some reasons in *your own words* is plenty. Hand-written is OK; type-written's preferable. Fax is fine given the short time-frame. Hon. John Burton, Chair, Assembly Rules Committee (D) [San Francisco area] State Capitol, Room 3152, Sacramento CA 95814, fax/916-324-4899 Hon. Debra Bowen, Assembly Member (D) [Venice/Marina Del Rey area] State Capitol, Room 3126, Sacramento CA 95814, fax/916-327-2201 [Note: Mary Winkley is the staff member most familiar with this bill.] FOR UPDATES ON THE BILL'S PROGRESS/STATUS Bowen's office can send updates by snailmail; perhaps in time to be useful. For email updates: I am in contact with them and will upload new info upon receipt. (Others can do the same.) I can also send an electronic copy of AB1624 (~500 words), plus a [personal] analysis of some of its issues, advantages, disadvantages and problems (~800 words). --jim, Jim Warren, jwarren@well.sf.ca.us [345 Swett Rd., Woodside CA 94062; voice/415-851-7075; fax/415-851-2814; MicroTimes "futures" columnist, Autodesk Board member; InfoWorld founder; 1991 Computers, Freedom & Privacy Conference organizer and Chair; blah blah.] Note: I have no official capacity; this is personal, volunteer citizen action. Please copy, repost, print and circulate this, freely, widely, quickly. ------------------------------ Date: Mon, 12 Apr 1993 09:25:58 -0700 From: Jim Warren Subject: File 5--AB1624 MANDATES ONLINE PUBLIC ACCESS TO LEGISLATIVE RECORDS Verbatim complete text of California State Assembly Bill 1624 (AB1624) [hand-retyped because electronic copies are not economically available to the public. --Jim Warren, jwarren@well.sf.ca.us] Sponsor: Hon. Debra Bowen, Assembly Member (D-Torrance/Marina del Rey area) State Capitol, Room 3126 Sacramento CA 95814 fax/916-327-2201 [Note: Mary Winkley is the Legislative Aide most familiar with this bill.] ----- BILL NUMBER: AB1624 INTRODUCED BY Assembly Member Debra Bowen March 4, 1993 An act to add Section 9027.5 to the Government Code, relating to the Legislature. LEGISLATIVE COUNSEL'S DIGEST AB 1624, as introduced, Bowen. Legislature: legislative information; access by computer modem. Under existing law, all meetings of a house of the Legislature or a committee thereof are required to be open and public, unless specifically exempted, and any meeting that is required to be open and public, including specified closed sessions, may be held only after full and timely notice to the public as provided by the Joint Rules of the Assembly and Senate. This bill would make legislative findings an declarations that the public should be informed to the fullest extent possible as to the time, place, and agenda of each meeting. This bill would require the Joint Rules Committee of the Senate and Assembly to make available to the State Library in electronic form on each day that either house of the Legislature is in session specified information concerning bills and the proceedings of the houses and committees of the Legislature. This bill would require the State Library to establish a system whereby this information is available to the public by means of access through a computer modem. Vote: majority. Appropriation: no. Fiscal committee: yes. State-mandated local program: no. BILL TEXT THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS: SECTION 1. Section 9027.5 is added to the Government Code, to read: 9027.5. (a) The Legislature finds and declares that the public should be informed to the fullest extent possible as to the time, place, and agenda for each meeting of the houses and committees of the Legislature. The Legislature further finds and declares that it is desirable to make timely information regarding these proceedings available to each member of the public, irrespective of where he or she resides. (b) The Joint Rules Committee of the Senate and Assembly shall make available to the State Library in electronic form on each day that either house of the Legislature is in session, all of the following information: (1) The most recent Assembly Daily File and Senate Daily File. (2) The text of each bill introduced in each current legislative session, including all amended forms of the bill, the bill history, and the bill status. (3) All bill analyses prepared in connection with each bill. (4) Vote information concerning each bill. (5) The veto message, if any, concerning each bill. (6) The daily legislative schedule, including the location and time set for all floor sessions and committee hearings. (c) The State Library shall establish a system whereby the information specified in subdivision (b) is available to the public by means of access through a computer modem. [END] ------------------------------ Date: Mon, 12 Apr 1993 09:24:13 -0700 From: Jim Warren Subject: File 6--Some comments on AB1624 re online legislative access *SOME* REASONS TO SUPPORT AB1624 MANDATING PUBLIC ONLINE ACCESS TO LEGISLATION California's AB1624, State Assembly Bill 1624, (Bowen D-Torrance area) would: Provide the public with timely, economical access to the public's business; Allow citizens to be *informed* participants in their governance; Reduce the public's feeling that they are being "done unto" by Sacramento insiders; that they have no chance of having timely information or access; Encourage more accurate news reporting by full-text access to bills; Reduce false and inaccurate rumors by allowing easy, economical access to accurate and complete legislative information; Enhance legislators' relations with their constituents by encouraging a fully-informed and timely-informed public; Improve legislation by allowing the public to identify potential problems and suggest useful improvements *before* poorly-phrased or ill-structured legislation is passed into law; Reduce the expense of printing, mailing or faxing bills and other online legislative information to constituents and local agencies; Reduce the time and phone costs that limited legislative staff must spend providing such information by phone or in person; Greatly facilitate research, review, search, retrieval, cross-referencing, indexing, etc., of copies of downloaded legislative data, customized by and for individuals and groups, limited only by their computer access and skills; Illustrate that the California Legislature knows how to use high-technology for the public good; Illustrate that the California Legislature believes that California is, in fact, a leader in high-technology and its application; Begin making California government as modern and accessible as other states that already offer such online legislative access -- for example, Hawaii; Etc. [Please forward additional ideas for inclusion in later versions] REASONS TO OPPOSE THE BILL High-profit private information distributors might have to add some value (more convenient access, improved formatting, cross indexing, etc.) in order to continue to make large profits selling the public's information assets. Some bureaucrats may find selling the public's data only to high-profit private distributors somewhat less profitable if they can't guarantee those "clients" functional monopoly of the public's computerized information. Lobbyists might have less ability to control publicly-undesired legislation and get it passed into law before the press or public can discover it. Some politicians might dislike having citizens able to easily obtain copies of legislation and track its progress without going through their offices. Some politicians may not *want* to enhance citizens' ability to know what they are doing, or be inconvenienced by citizen participation in government. LEGITIMATE CONCERNS THAT MUST BE OVERCOME 1. The Legislative Data Center (LDC) must remain absolutely secure against possible intrusion or harm by "crackers." Solution: LDC can perform their daily transfers to the State Library (or its contractor) by output-only transmission -- as they now do for their high-profit information-distributors. (In the worst case, they can output it on magtape and transfer for "sneakernet" transfer -- walking the tapes to the State Library). 2. There must not be increases in costs of equipment or staff. Solutions: The LDC now sends its data to Unix-based systems within the legislature. It clearly has the hardware to communicate with a Unix-based host-computer. If LDC staff do not have the time or skill to implement a secure, output-only link to such a host, then experts could contract to do the job for $1 (yes, one dollar). Or, such secure, output-only transmission could be trivially implemented on any of the Unix stations in the Assembly. If an extra Unix station or modem is needed, machines could readily be donated. 3. The State Library doesn't need to own or run an expensive public-access system. For preferred maximum access: The State Library could contract with a single host-computer connected to the Internet -- for $1 per year -- to provide global access, at least by anonymous FTP (File Transfer Protocol) and probably by telnet, WAIS, Gopher, WWW, etc. This is exactly how the U.S. Supreme Court now distributes its decisions, online, worldwide, at no cost to the Court. (They download decisions to the free, nonprofit Cleveland Freenet, which provides access to the million-plus computers and 15- to 20-million users on the global Internet. It, in turn, is partly or fully gatewayed to most other networks and commercial services, such as CompuServe, MCImail, America OnLine, etc.). The Internet, by *far*, provides the most extensive, economical and varied access. NEEDS NO MONEY; JUST ONE INSTRUCTION The only thing needed is for the California Legislature to instruct its Legislative Data Center to make its computerized legislative information publicly accessible online, for no more than the incremental cost of copying. Direct one-page letters to: Hon. John Burton, Chair, Assembly Rules Committee (D) [San Francisco area] State Capitol, Room 3152, Sacramento CA 95814, fax/916-324-4899 Hon. Debra Bowen, Assembly Member (D) [Venice/Marina Del Rey area] State Capitol, Room 3126, Sacramento CA 95814, fax/916-327-2201 ------------------------------ Date: Mon, 12 Apr 1993 09:28:13 -0700 From: Jim Warren Subject: File 7--AB1624 UPDATE#1--Making Leg. Data available Online 4/10/93 [after meeting on 4/9 with Mary Winkley, Legislative Aide to California Assembly Member Debra Bowen (D-Torrance/Marina del Rey area) ] AB1624 (Bowen) would require that essentially all information about California legislation-in-progress be made "available to the public by means of access through a computer modem." [bill's text available from jwarren@well.sf.ca.us] Perhaps this is an excellent illustration of why legislative information needs to be immediately available to the public, online: Things change *fast*! -- On 4/6, Ms. Winkley said AB1624 would first be considered by the Assembly Rules Committee (Chair, John Burton, D-San Francisco), 4/14 in closed session. On 4/8, she said she just found out that the schedule was changed and the Rules Committee would hear it on 4/19. On 4/9, she said she just found out that (1) the 4/19 meeting would be an open [public] meeting, and (2) Rules would not only be reviewing the bill to decide committees to which to assign it, but would also be acting as its first policy committee and conduct a formal hearing on the bill at that time. [ Thus, supporting notes are all-the-more needed, by FRIDAY, APRIL 16th, in time to impact the Monday (4/19) Rules Committee hearing. ] The 4/9 meeting was to discuss technical issues and alternatives and included staff from the Assembly Computer Services (ACS) and the Legislative Counsel's Legislative Data Center (LDC), as well as a volunteer from State Sen. Tom Hayden's office (which has a partly related bill, SB758) and me. Based on the 4/9 discussion, it appears likely that Assembly Member Bowen will consider amending AB1624 before it is first heard by Rules. The intent will be the same -- mandate broad, lowcost online public access --but implementation details/text may be changed and/or made more explicit. Write or fax to (phone calls are of little value in defeating opposition): Hon. John Burton, Chair, Assembly Rules Committee (D-San Francisco area) State Capitol, Room 3152, Sacramento CA 95814, fax/916-324-4899 Hon. Debra Bowen, Assembly Member (D-Torrance/Marina del Rey area) State Capitol, Room 3126, Sacramento CA 95814, fax/916-327-2201 ------------------------------ End of Computer Underground Digest #5.27 ************************************