SUBCOMMITTEE ON LEGISLATION HOUSE PERMANENT SELECT COMMITTEE ON INTELLIGENCE TESTIMONY OF GENERAL COUNSEL, NATIONAL SECURITY AGENCY April 5, 19.79 Mr. Chairman and Members of the Committee, I appreciate this opportunity to inform this Subcommittee about the impact that administering the Freedom of Information Act (FOIA) and the Privacy Act is having on the National Security Agency. I will first briefly describe the volume of requests under the Acts and the cost of compliance. I then would like to outline the manner in which requests are handled within the Agency and the statutory provisions that figure most prominently in NSA's processing of FOIA and Privacy Act requests. Finally, I would like to describe particular problems arising in the application of the FOIA to NSA's signals intelligence activiities. Volume and Cost of Requests Under the Acts The FOIA provides that any person has a right to access to all records of any federal agency, except such records or portions of records as may be covered by one of nine exemptions enumerated in the Act. The exemptions must be asserted individually for each covered record or portion of a record. Consequently, the fact that a record will almost certainly fall within a statutory exemption does not relieve the Agency from the obligation to search for it and review it. The Privacy Act operates somewhat differently. Its purpose is to give citizens more control over what information is collected by the Federal Government about them and how that information is used. Under the Act, agencies are required to report publicly all "systems of records" maintained on individuals. The Act requires that the information collected in these systems of records be accurate, complete, relevant, and timely. It mandates that information be used only for the announced purposes for which it was collected. It requires agencies to maintain records of disclosures of personal information. Finally, the Privacy Act permits citizens or aliens lawfully admitted for permanent residence to have access to personal information about them in agencies' systems of records and to amend inaccuracies that they find there. This right of amendment is enforceable in Court. The Privacy Act, like the FOIA, contains specific exemptions from release for certain kinds of information. however, more limited than under the FOIA. These are, Under the FOIA all of NSA's records are subject to a request for inspection by any person, whether or not a citizen or permanent resident alien. While all classified information, and certain additional information, is exempt from disclosure, the FOIA obligates the Agency to conduct a reasonable search for documents that are adequately described. The Act then places on the Agency the burden of justifying the withholding of any documents it may find. Under the Privacy Act requests may be made only by citizens and permanent resident aliens, only for records concerning the requesting party and only for records located in a "system of records" - i.e., a system in which records are retrievable by name or per sonal identifier. Because of the more restricted scope of the Privacy Act, it has so far presented the Agency with considerably fewer problems than the FOIA. The records organized in "systems of records" within NSA, as statutorily defined, are personnel, security and administrative records. NSA's intelligence records are not filed by name or other individual identifier. The costs to the Agency of administering the Acts, although substantial, have not yet become a matter of pressing concern. In calendar year 1978, the cost to the Agency of administering the FOIA was about $524,000. (This includes only direct costs of searching, preparing responses and handling administrative appeals. It does not include the costs to the government of defending litigation against the Agency under the FOIA.) The number of requests processed was 704. That was the second consecutive year in which the cost was over a half million dollars. The number of requests in calendar year 1978 exceeded the previous year's by more than one-third. 3 In calendar year 1978, the cost of administering the Privacy Act was about $125,000, up by 12% over the previous year. The number of requests processed for access to, or amendment of, records was 318, an 88% increase over the comparable figure for 1977. Handling of Requests; statutory exemptions to the Chief, Policy Staff, who is the initial decision authority under both Acts. On the basis of his knowledge of Agency activities, the Chief, Policy Staff, forwards copies of each request to those organizations within the Agency that are likely to have files that may contain the kinds of records requested. Privacy Act requests that cite specific NSA systems of records are forwarded to the custodians of those files. Privacy Act requests citing no system of records are forwarded to custodians of all systems of records that might contain information about an individual fitting the description the requester provides. FOIA requests are forwarded to the organizations maintaining files that may contain the records requested. The effort expended by the Agency in locating records and reviewing them yields relatively little in terms of the actual volume of information disclosed. The vast bulk of NSA records contains intelligence information or information about the Agency and its activities that would be harmful to the national security if disclosed. Such information is withheld. Consequently, the release of the records occurs, for the most part, only when persons currently or formerly affiliated with the Agency ask under the Privacy Act for records, found in Agency personnel or administrative files, containing personal information about themselves. Agency records located in response to requests under the FOIA for information about a particular subject or individual are usually classified intelligence documents that are covered by statutory exemptions from release. Under the FOIA, there are two principal bases on (1) (A) specifically authorized under This is known as the "(b)(1) exemption." 5 |