agencies to allow citizens the use of technical means and devices to find out how agencies are treating their cases, for instance. Technology is applied, in other words, in a very one-sided way, from a management perspective-managing a caseload as opposed to a personal perspective, where we would like to get access to agency data.

The last trend I have noticed is the inability to conform to existing law and regulation to assure the accountability of systems to managers and to Congress. I have noticed this in the IRS and the FBI systems that I have worked on in particular, a desire to rush ahead to build systems before we have the regulatory apparatus established, and that bothers me.

It means that we have systems operating now, and will shortly, systems operating beyond the law.

Now, I have come to the general conclusion that it is not the technology per se that is the villain, the technology can't be separated from its uses. It is a little silly to talk about nuclear technology, for instance, without talking about the bomb. Nevertheless, the principal problem is having the courage and making the investment to learn how to control and regulate the technology to assure it can be held accountable to us.

Now, in the seventies we made a start at that with the Privacy Act of 1974 and the related family of legislation. But since then changes in technology have made that positive start technologically obsolete.

Since 1974, we have developed microcomputers that can sit on this desk top, as powerful as the main frame computers I used as a graduate student in the mid-1960's. Within 5 years, I can put on this desk a computer equal in capability to a good sized mini computer today. In a decade I can put the Library of Congress on this desk and give you the connections to speak to other libraries of the world in the giga bit range, that is in the billions of bits per second range of telecommunications.

That is how much the technology has changed in 10 years and will change in the next 10 years.

Now, along with that change, the appetite of large bureaucracies, both public and private, has clearly been stimulated. There is no longer a meaningful distinction between physical surveillance, electronic surveillance, and data surveillance.

You give me the right telephone numbers, a few of my graduate students, my IBM XT personal computer, and I will tell you where many of you were last night. In a few hours I can find out some very interesting details about your military, medical, Social Security, and employment records.

Now, if I can do that with a reasonably modest computer that operates at far less than a million instructions per second, these capabilities are clearly available to most large public bureaucracies and private organizations as well.

Mr. KASTENMEIER. May I interrupt to see if I understand you? [Laughter.]

On what basis would you have access to that information?

Mr. LAUDON. I asked you for the telephone numbers. I said if you give me the telephone numbers. It would take me a few hours of observation to find out the telephone numbers myself. But if you

could give me the telephone numbers, it would only take me a few hours to generate the codes of access to the systems in order to get that information. I would need a computer here in a few hours, though, to run through the combination of codes.

What right of access? The point is that it could be done without any formal right of access. The systems are that old.

Mr. KASTENMEIER. Would that be considered a theft?

Mr. LAUDON. Yes, a diverson of services and illegal entry.

Mr. KASTENMEIER. But you earlier indicated that there are many people managing systems that are actually operating outside the law in that connection.

Mr. LAUDON. I think there are some public sector Federal systems operating beyond the law, yes; right now. But my point was the breakdown between physical surveillance and data surveillance. With the right telephone numbers, in a few hours I can perform the same functions of physical surveillance of your person simply through data banks, simply because of the interconnections that exist between established data banks, and that capability is widespread. It is something that a few graduate students could do in an afternoon and, therefore, I assume that it is well within the means of IT&T or GE in a few hours to do the same thing.

So my point was not how easy it is to enter systems; my point was that the power of information in those systems is so great that people of modest capabilities, organizations of even modest capabilities, could put together in a few hours.

Mr. KASTENMEIER. Just to add to my understanding of computers and how they are operating in this connection, let me use a case in the graph here. We have a medical information system-we will assume it is a hospital and we will assume that voluntarily they provide an insurance company information because it seems legitimate. At a later point in time, the insurance company independently gives access to its computer system to a Federal agency, which the hospital had never intended to be a recipient of information about its patients. But for whatever reasons, the insurance company makes that information accessible to the third partiesMr. LAUDON. To the Social Security Administration.

Mr. KASTENMEIER [continuing]. To Social Security. Then really the ethical protection of information at the source is defeated because of remote and subsequent transactions.

Mr. LAUDON. To me one of the interesting aspects of the transaction you just highlighted is the extent to which we don't know that that already goes on. That particular transaction is which the Social Security Administration gains access to insurers' records having to do with a specific patient, is indeed a reasonably common transaction, because Social Security has a need for that information because it has to compensate the hospital often and it needs third-party insurance carrier information in order to do that.

There are a host of other transactions on this chart, the size and nature of which we are unsure. One of the points I very much wanted to make today was that the complexity of the data flows in the world is one of the major reasons why I think the information technology genie is out of the bottle. And significant improvements have to be made in the Privacy Act and related legislation in order to put the technology genie back where we had it.

In the particular case that you refer to, complex transactions between two and three, and perhaps four organizations, it is interesting to note that we don't have the expertise in our society to find out precisely how many of those kinds of transactions are going on. Mr. KASTENMEIER. There is also another, I suppose, technical aspect. Some information may be available on a transitory basis from one system to another. And that may be qualitatively different if the recipient system downloads that information when the original system thought it was only available on a transitory, ephemeral basis. Retention and the development of additional data bases with sensitive information may also, I think, constitute a complicating fact.

Mr. LAUDON. It gets also more complicated if you mention downloading, if you consider downloading large files from a hospital to an insurance carrier, within the insurance carrier downloading that information to micro computers or small mini computers where it is worked on on small diskettes-what happens is eventually control is lost over the flow of that information, so that it becomes impossible to trace.

We ran into this problem and have continually run into the problem, at the IRS and at the FBI, trying to keep track of secondary and tertiary disseminations of data; trying to find out, and to answer the simple question: Who had what information at what point, when, and what did it look like? Can you trace this flow of information through organizations?

In many States, in certain areas like criminal records, they have given up. They basically tell State legislators and courts that we can't tell what happened to information once we sent it down to an agency, and it was subsequently disseminated within that agency. Now we would like to make a correction in the record. Maybe there was a mistake in the record, we would like to correct it.

Who do we talk to to correct that record? Who got it? Who made a judgment based on it that perhaps it should be corrected?

Well, here is an excellent example where we are operating technology beyond our management control, because we can't correct that record. If somebody lost a job because of a bad arrest on an arrest record in California, and we would like to rectify the situation, good luck; we can't do that. We are being forced to keep information on pieces of information. In order to keep track of information you have to know who had it, who saw it when. As it turns out that is more complicated than what we are willing to pay for. Therefore, we don't have those management capabilities.

That is an excellent example of what I mean when I say we are operating systems beyond our control and accountability. And I think Congress ought to be aware of that when it passes legislation which, for instance, asks us to build systems which can keep track of the flow of information for security reasons or for due process reasons. Building those systems is expensive and tends not to be done.

So the information could be sitting in a drawer somewhere, it could have been disseminated to a user somewhere, but nobody will know it. It could be on somebody's home micro computer, but nobody will know. There is no way of tracing that information currently, at least not in the way we build systems today.

I also want to point out in my testimony that there is literally only a handful of scholars in this country who work in this area. No major school of public administration can be of much assistance to you because they don't have any programs in national information systems, or even information systems. Only a handful of the business schools in this country have such major programs which would permit Congress to turn to an on-line group of experts for advice on how to build responsible systems. That expertise is not to be found in universities.

In my written testimony I called for a National Defense Information Systems Education and Research Act-one purpose of which is to help create the expertise in our schools of public administration. I also called for a Privacy Protection Commission, just to give Americans a sense that some group has authority and interest in keeping track of these complex interactions among systems; in protecting their rights in the information age just as protect their consumer rights.

We need to amend in particular the "routine use" clause of the Privacy Act so that data surveillance can be more closely monitored. The routine use clause, with some of the strongest language in the Privacy Act, in which Congress specifically said that information collected for one purpose should not be used for another purpose unless specifically authorized by Congress. There was a very clear-cut statement.

There is no way, it seems to me, that that could be so misinterpreted, but it is, and has been for the last 10 years, by administrations on both sides. That clause, the routine use clause, has essentially been thrown out, and that opens up the whole Pandora's box of general purpose national information systems.

If that clause is not amended, then hearings such as this will, it seems to me, be irrelevant, because the gates will be open for a flood of systems based on the principles of modern data base management and technology, which is indeed to use information collected for one purpose to use it for another purpose.

Mr. KASTENMEIER. In your view, Professor Laudon, is that statutory language being misused or ignored, or does it in fact need to be amended to achieve the purpose you seek?

Mr. LAUDON. I don't have an answer to that question. I have fought with myself about ways that language could be strengthened, but it already seems to me so clear. And the willingness of the executive branch to abuse it seems to be simply a decision made by them and has nothing to do with the lack of clarity in the original legislation.

On the other hand, I would point out that that clause is so powerful, because it goes right to the heart of why we build systems. I mean, we build systems in the Federal Government, as in the private sector, in order to be efficient managers of data, and efficient users of data.

It does happen to be efficient to take information collected in one place and use it in another place. That happens to be in the private sector one of the major advantages of modern systems: the ability to transport information across organizational boundaries.

Therefore, the routine use clause makes a powerful statement. It says that the Federal Government will not avail itself of the most

advanced principle in the grab bag of data processing technology. We will forsake that efficiency in order to preserve a democratic republic.

That was a very courageous statement. I am not sure how maintainable that is going to be, and increasingly there is going to be a lot of pressure on that. The Privacy Act does say that you can have the most efficient taxation system in the world; within the IRS you can transfer all the information you want and you can use the most advanced technology, but you can't use tax data to support the Selective Service System, you can't do that. And that kind of efficiency we foresake, Congress said in 1974.

So the question you raise is can we go on? Can we be an efficient government without foresaking that routine use clause? And my answer to that is yes, we can, I think we can, I think we can design systems.

Now, there are going to be exceptions to routine use. The legislation in 1974 clearly says that Congress may authorize exceptions, and it did, the next day. It authorized the Parent Locator Service in 1974 to combine tax information and other information.

So there are certain circumstances under the right oversight mechanism where we will have to, perhaps, allow exceptions. Maybe the exceptions will grow in number; nevertheless, I will have some confidence if we have an oversight mechanism-a Privacy Protection Commission.

Mr. KASTENMEIER. In your view, we need oversight. Does the 1974 Privacy Act have any penalty clause associated with misuse or unauthorized use within the frame of reference of this statute? Mr. LAUDON. Yes; it does have, but the penalties are rather minimal. It is a misdemeanor offense, I think, punishable by a thousand dollars or less, for abusing the Privacy Act. Of course, that only applies to Federal agencies; but many States have similar laws in the privacy area. But in general, one would say that-I have never in 10 years seen a prosecution at any level for a violation of the Privacy Act.

In conclusion, I can say that it seems to me that in the recent past, in the last 5 years, that we have tended to overestimate the gains in efficiency to be obtained by allowing information technology to have such a free rein. That has been my experience when you look at systems very closely. The FBI systems and IRS systems have been installed-some of those which are most objectionable in a civil liberties ground, are barely justifiable on a cost effective and cost efficiency basis.

Therefore, it has been disappointing for me at times-expecting great advances in efficiency, to find out that great costs in civil liberties had been incurred for very small advances in management efficiency.

I think there are alternative ways and alternative systems to achieving many of the same goals that the executive branch has outlined in its system development proposals.

I think we have to search for proper mechanisms for achieving those goals, and that we should not forsake our liberty out of fear for our security, or decrease our freedom in the pursuit of efficiency. I don't think we have to do that.

That concludes my testimony.