The Freedom of Information Act

The Freedom of Information Act (FOIA) is a federal law that was ratified by the United States Congress in 1966 (Pozen, 2005, p.634). Under this law, the federal government agencies (i.e., FBI, CIA, etc.) are legally compelled to provide information to the public on a need basis (Kreimer, 2007, p.1149). Any individual, including U.S. citizens, academic institutions, and organizations (as well as foreign nationals) can file an FOIA request. In 1974, the Act was modified to enhance agency compliance. It was also revised in 1996 to allow better access to electronic information (National Security Archive, 2009, par 1).

Benefits associated with the Freedom of Information Act

FOIA requests are more suitable for those individuals and organizations that want to make large requests that comprise numerous dissimilar types of confidential and non-confidential documents. Whereas confidential documents are subject to Mandatory Declassification Review (MDR), the Freedom of Information Act covers confidential as well as non-confidential materials. In case an FOI request is denied, the requester can appeal the decision within the federal agency and then institute legal proceedings against the agency in the court of law. However, the requester is barred from instituting legal proceedings in the court if the duration for processing his/her MDR request has not expired. FOI requesters are thus advised to seek MDR only if they have ample knowledge about the record they need (National Security Archive, 2009, par 5).

Risks associated with the Freedom of Information Act

There are a number of problems that a requester can run into during the FOIA process. These include:

Delays. It is important to note that FOIA offices may take time to respond to an FOIA request since these offices receive numerous FOIA requests. Thus, requesters are advised to submit precise requests that will make it easy for the FOIA officers to locate the required document swiftly (National Security Archive, 2009, par 11).

Operational File Exemption. There are a number of federal agencies that are exempted from FOIA review requirements. These federal organizations that enjoy operational file exemptions include the National Security Agency (NSA), National Geospatial-Intelligence Agency (NGA), and National Reconnaissance Office (NRO). These organizations are allowed by this law to exempt whole or part of their operational files from being subjected to the search/review requirements as stipulated by FOIA (National Security Archive, 2009, par 12).

Dubious Secrecy. FOIA has homogenized language as well as precise directives for redaction processes. However, differences might emerge in relation to the decision to hold back information, both within and between federal agencies. These discrepancies may exist during the appeal process and follow through to a final decision (National Security Archive, 2009, par 13).

Recommendations on how to improve the Freedom of Information Act (FOIA)

Although the FOIA program provides a useful avenue with regard to information dispensation, it is highly decentralized and has numerous and different DOD Components missions, functions, organizations, and locations. As a result, there are a few selected areas that must be improved. These include organizational structure and manning; training; and backlogs/resources (Donley, 2006, p.11).

Organizational structure and manning. A majority of FOIA offices are located within numerous dissimilar institutional elements. For example, some FOIA Offices are found within a functional institution such as I.T. systems, which do not contribute to the overall mission of FOIA. Thus, the first step should be to ascertain the current locations of all FOIA offices in order to establish homogenous standards within the DOD. This will optimize the efficiency of all FOIA offices (Donley, 2006, p.11).

Staff training. According to one study, only 76% of Freedom of Information Act staffs have obtained some form of FOIA training. In addition, it has been established that senior FOIA leaders are not conversant with the FOIA requirements. Thus, there is an urgent need to develop a training program (i.e., FOIA Officer Certification Programme).

The residential training program must be tailored for staff attorneys, senior leaders, as well as FOIA personnel on a biennial basis (Donley, 2006, p.12).

Resources and backlog. FOIA Offices have limited manpower resources to handle numerous requests. It is imperative that the required manpower is determined to minimize the backlogs in the FOIA Offices, especially those with a backlog that exceeds 50 requests. Some of the remedial measures to be implemented include identification of FOIA Offices with backlogs that exceed 50 requests, provision of adequate resources to FOIA Offices with heavy backlogs; and development of a staffing program for the identified FOIA Offices (Donley, 2006, p.18).

Computer Abuse Law

Computer and internet usage has escalated in recent years, given the low costs associated with procuring a computer and internet connectivity. What’re more many people and different organizations nowadays prefer to carry out personal and/or business transactions via computers and automatic agents. However, given the anonymity associated with computer/internet usage, computer-related crimes are on the rise.

Computer abuse entails crimes committed against the computer, the information/materials enclosed therein (i.e., data and software), as well as its uses as a processing device. Examples of computer abuse include cyber sabotage, unlawful use of computer services, and hacking. On the other hand, cybercrime entails unlawful activities carried out via electronic communication media. One of the major concerns facing individuals and organizations relates to identity theft and cyber-fraud that are committed via the illegal use of online surveillance technology, spoofing, and hacking. There are also other types of criminal activities carried out via online platforms such as industrial espionage, cyber-terrorism, pornography, defamation, and sexual harassment (Kunz & Wilson, 2004, p.3).

Many countries have enacted several laws to curb computer-based crimes. It is worthy of mentioning that computer crimes are somewhat new phenomena associated with the digital era. What’s more, such crimes have an adverse impact on the role of computers and the internet as valuable resources that transcend physical frontiers with regard to communication and information sharing. It is against this backdrop that new unified legislations are urgently needed to protect and enhance a systematic digital environment. Computer crimes are simply novel ways to perpetuate conventional offenses via an electronic platform. As such, the current state laws are inadequate to curb the computer-based crimes (Kunz & Wilson, 2004, p.4; Doyle, 2010, p.1). The following section will compare computer and internet legislation in three states, namely: New York, Texas, and Washington D.C.

New York Legislative Model

The New York Penal Code [Article 156] reflects the state’s legislative effort to combat a wide range of computer abuses. For example, the Penal Code describes five distinct computer-related crimes: criminal possession of computer-related information, illegal duplication of computer-related information; computer interference; computer trespass; and unlawful use of a computer. In addition, New York’s Penal Code defines a computer as a device(s) that can mechanically execute logical, arithmetic, storage, or recovery operations on computer data. The New York statute also offers the defendant various avenues to defend himself/herself from computer-related accusations.

For example, according to N.Y. Penal Code § 156.50, the defendant can argue that he/she had [1] authority to use the computer; [2] the right to destroy or change in any way the computer program or data; [3] the permission to duplicate, reproduce or copy the computer program or computer data (Kain, 2008, p.16).

Thus, under this Penal Code, an individual is deemed guilty of computer abuse if he/she intentionally uses or gain access to a computer network, computer service, or computer device without prior consent from the owner. In other words, an individual commits a computer crime when he/she (without prior consent from the owner) accesses a computer device, computer network, or computer service with an intention to commit a crime or aid in the commission of computer-related crime. According to the New York Penal Code, computer abuse is divided into four degrees. Computer tampering (fourth-degree) is the most basic of the computer-related abuses.

It takes place when an individual unlawfully accesses a computer device, service, or computer network and deliberately adjusts it in any way or obliterates a computer program or computer data of another individual. The severity of the crime depends on the presence of exacerbating factors such as international destruction or alteration of computer material, prior convictions for an Article 156, and the effects of such destruction or alterations in the amount exceeding US$ 1,000 (Kain, 2008, p.16).

Texas Legislative Model

Texas is among states that have enacted computer security laws to address computer-related crimes. For example, the 69th Texas Legislature integrated Section 33 into the Texas Penal Code. This Legislation describes various forms of computer-related abuses as well as the relevant punishments for such crimes. For instance, computer damage that exceeded US$ 2,500 is deemed a third-degree crime. However, in 1989, the 71st Texas State Legislature introduced an amendment that widened the scope of computer-related offenses as well as penalties provided by Section 33. For instance, computer damage that exceeded US$ 750 is now deemed a criminal act (Revello, 1996, p.15).

In addition, Information Resource Management was ratified in 1989 under the 71st Legislation resulting in the formation of the Department of Information Resources (DIR). The newly ratified Act requires DIR to formulate and publish standards and guidelines relevant to the management of information resources. In pursuant to the Information Resource Management Act, DIR established a Texas Administrative Code, known as Information Security Standards [1 TAC 201.13b], which compels state agencies to protect the confidentiality of information owned by the state (Revello, 1996, p.15). What’s more, DIR employs 1TAC 201.13b to allocate the task for providing security to information technology assets, data information assets as well as risk management to senior administrators in every state agency.

According to the IRM Act, a state agency is described as any council, office, board, commission, or department within the judicial or executive branch of the Texas state government. In addition, the Act defines information resources as any software, equipment (i.e., the computer) or procedures that are invented to gather, process, and broadcast information. Thus, the abovementioned agencies are legally required to fight computer-related offenses that fall within the scope of definitions discussed above (Revello, 1996, p.16; Clayton, 2006, p.5).

The Washington Legislative Model

According to the Washington statute, computer abuse occurs when an individual, without prior consent, deliberately gains access to a computer (and information therein). For example, in State v. Olson case, the police (defendant) was found guilty, under the statute, for unlawfully accessing a computer and acquiring print-outs that identified codes of a local college when there was no ongoing investigation of those codes. However, the Court of Appeal annulled the conviction and stated that the defendant (as part of his work) had the power to access the computer and that he was not prohibited by the statute to use the information (Kain, 2008, p.4).

The state-based Legislation mentioned above demonstrates a lack of clear definition with regard to the nature and scope of computer-related crimes (Cheon et al., 2009, p.82; Almahroos, 2007, p.597; Brenner, 2001, par. 1). The following section will recommend a union legislative model that can be adopted by all states in order to combat computer-related offenses.

Combined Legislative Approach

The advantage of an omnibus law is that it addresses computer-related crimes comprehensively. Such a law can provide the impetus for cooperation and convergence as a joint statement for inter-state policy objectives. What’s more, a combined legislative model that is generally ratified can generate a consistent set of decrees and enforcement processes in various states. For example, the Cybercrime Convention may present an apt platform to promote dialogue and general consensus as well as information sharing among different states in order to produce effective inter-state legal solutions for computer crimes (Keyser, 2003, p.289; Archick, 2004, p.2).

The Cybercrime Convention is the only viable option that can effectively protect all states from computer-based crimes that are executed through the internet. The effectiveness of the Cybercrime Convention is subject to three salient aspects:

  • The synchronization of state-based Legislation on computer-based crimes. The main aim of the Cybercrime Convention is to produce consistency among signatory states with respect to the nature and scope of laws that criminalize computer crimes. For example, the Cybercrime Convention demands consistency with regard to the legal description of terms such as traffic data, service providers, computer data, and computer systems (Schjolberg & Ghernaouti-Helie, 2011, p.9).
  • The effectiveness of the Cybercrime Convention rests on the ability of signatory states to set up efficient local investigative processes and powers that address computer crimes as well as electronic evidence. It is thus imperative that all states have consistent powers for inspecting computer crimes as well as collecting evidence. These powers must include interception of content records, search and seizure, and disclosure of traffic records (Schjolberg & Ghernaouti-Helie, 2011, p.9).
  • The setting up of a rapid and efficient system of state collaboration with regard to the investigation and prosecution of computer crimes. In addition, the combined legislative approach will create a system that facilitates reciprocated support among signatory states. The role of reciprocated support in combating computer crimes cannot be understated, given that internet usage transcends state borders. For instance, a computer-related offense executed in New York may have adverse effects in Texas. Thus, a combined legislative model will provide a widespread avenue for punishing perpetrators of such crimes in different states (Schjolberg & Ghernaouti-Helie, 2011, p.9).

References

Almahroos, R. (2007). Phishing for the Answer: Recent Developments in Combating Phishing. Journal of Law and policy for the Information society, 3(3), 595-621.

Archick, K. (2004). Cybercrime: The Council of Europe Convention. Web.

Brenner, S. (2001). State Cybercrime Legislation in the United States of America: A Survey, 7 Rich. J.L. & TECH. Web.

Cheon et al. (2009). Analysis of Computer Crime in Singapore using Local English Newspapers. Singapore Journal of Library & Information Management, 38, 77 -102.

Clayton, R. (2006). Complexities in Criminalizing Denial of Service Attacks. Web.

Donley, M.B. (2006). Department of Defence (DoD) Freedom of Information Act (FOIA) Improvement plan for Executive Order (EO), 13392: Improving Agency Disclosure of Information. Web.

Doyle, C. (2010). Cybercrime: An Overview of the Federal Computer Fraud and Abuse Statute and Related Federal Criminal Laws. Web.

Kain, R. (2008). Independent Contractors and Computer Crimes: The Impossible Prosecution. Web.

Keyser, M. (2003). The Council of Europe Convention on Cybercrime. J. Transnational Law & Policy, 12(2), 287-326.

Kreimer, S. (2007). Rays of Sunlight in a Shadow War: FOIA, the Abuses of Anti Terrorism and the Strategy of Transparency. Lewis & Clark Review, 11(4), 1141 -1220.

Kunz, M., & Wilson, P. (2004). Computer Crime and Computer Fraud. Web.

National Security Archive. (2009). FOIA Basics. Web.

Pozen, D. (2005). The Mosaic Theory, National Security and the Freedom of Information Act. The Yale Law Journal, 115, 628-679.

Revello, R. (1996). A Descriptive Analysis of Computer Security Measures in Medium Sized Texas Counties. Web.

Schjolberg, S & Ghernaouti-Helie, S. (2011). A Global Treaty on Cybersecurity and Cybercrime.Web.