University Computer Policy and Law Program
the program for Information Technology Ethics Education

Transcript of session

Introduction by Tracy Mitrano:
Good morning and welcome to the University computer Policy and Law Program. My name is Tracy Mitrano and I am the director of that program which is sponsored by the office of Information Technologies here at Cornell University. This morning and this afternoon we have a fabulous program on privacy in the electronic realm. We have three excellent speakers. They are going to set focus on three separate areas but we hope that by the end of the day we will have a comprehensive approach at least for the North American and over to the European Union, UK direction as to how various jurisdictions are handling privacy in this area. We are also looking forward to considerable conversation, controversy, and discussion on these issues. For those of you in the Internet audience, you are welcome and encouraged to write me at tbm3@cornell.edu and I would be happy to direct your questions to the speakers or the panel to our discussion today.

I'm going to very briefly introduce each of our three speakers simply by name and then I'm going to introduce in more detail Sol Bermann (Sol may I have the computer which I left over there?) who's going to be our first speaker this morning. The three speakers that we have today are first Sol Bermann, who's going to speak about Privacy and Access to Public Records: a Modest Proposal. Our second speaker is Peter Adler whose title for his talk is A Unified Approach to Security and Security Compliance. This portion will take us up to noontime. We will take a two-hour break and be back at two o'clock at which time we will hear a talk from Tony Brett at Oxford University on Data Protection in the United Kingdom. At three o'clock we will begin a panel discussion with our panelists who have presented today, as well as the Internet audience and anyone who would be here joining us physically.

So first off. I would like to introduce Sol Bermann to you. Sol is the associate director of the Center and we're here talking about the Center of the Moritz College of Law at the Ohio State University. Before returning to work at his law school alma mater Sol was the manager of the operations for the technology policy group and the conference coordinator of the Privacy Con series of privacy conferences. He is a recognized expert on privacy issues and the co-chair of the Supreme Court of Ohio's advocacy Committee On Technology, and the Court¹s Privacy and Public Access Subcommittee. I have gotten to know Sol because of his work with the International Association of Privacy Professionals and I can truly say that this is one of the individuals in the United States out of academia who is advancing questions of privacy for academia if not for all of American society. So please join me in welcoming Sol for the first talk of today's series.

Sol Bermann, Associate Director,
Center for Interdisciplinary Law and Policy Studies,
Moritz College of Law, Ohio State University

Thank you Tracy. Pardon me as I shuffle papers in front of you. I know it's bad form but I don't have fancy binders that they have on the Today Show and things like that. [Laughter] So you'll have to bear with me. Again, Tracy, thank you and thank Cornell University's Computer Policy and Law Program for having me out here. I appreciate your patience in getting me out here and allowing me to come in April as opposed to February. I think our walk over says why. I made a wise choice. You know, to say that I'm one of the pre-eminent people in academia in privacy is really very very kind. I don't know if that's true, but what I do want to bring is a bit more applied notions to the analysis of particularly privacy in public records, as well as the academic notions.

So let me briefly tell you how I got here. The genesis of this talk comes as a direct result of my work, as Tracy alluded to, over the past four or five years with the Supreme Court of Ohio's Subcommittee on Privacy and Public Access. Combining that applied approach that I've been working on, comes the academic. A version of this talk was given earlier in this year in February at Ohio State's John Glenn Institute for Public Service and Public Policy. John Glenn was in attendance and he did ask questions and at 85 the guy is as sharp as a tack. I felt like an utter moron as I'm trying to explain these policy issues to a guy who's run for president and circled the Earth for the first time and all these other things. But I'm digressing. It was a tremendous experience.

Back to how I got here. In May 2000, the Supreme Court of Ohio released their first study of the new century of their futures, where they wanted to go. One of the things they recommended was creating a state-wide courts network and a corresponding data repository. So what they're talking about is linking all courts in Ohio in all 88 counties and creating one centralized data repository for all the courts' records. To that end, they went ahead and formed the Supreme Court of Ohio Committee on Technology and the Courts. That committee quickly came to two conclusions. One, they have to figure out how we would connect the courts and what are the issues that we would have to address in connecting the courts. In other words, what are the policy ramifications? So as I said, first two major issues, connectivity how are we going to do it? Next they figured, well, if were going to actually have all this stuff online in a data repository, we have no policy behind that. Ohio has a strong history of open records. I would dare say that we are the top five in the country as far as open record laws. So most anything that you file as a public record, whether it's in the courts or with the government, that then goes into public records. You can go down to the courthouse, go down to your government recordholder and look it up.

So what do they do next? They formed a couple of subcommittees, one of those was a Subcommittee on Infrastructure and Interoperability. Obviously that addresses the access issues. The other they formed was The Privacy And Public Access Subcommittee, which is where I come in. The subcommittee is made up of a very diverse set of stakeholders ranging from people in academia like me, to many clerks of courts, judges at both the appellate and trial level, judges from various different courts including domestic relations, probate, as I said already trial and appellate. In addition to advocacy groups, the media, we had the editor of the Cleveland Plain Dealer was actually a member of the subcommittee, not just a editor, but THE editor of the Plain Dealer which is actually, I don't know how much it gets out here, a fairly important award-winning newspaper, even though it's in the Midwest in Cleveland.

So, what were we tasked to do? We were to look into identifying the current body of laws, regulations and rules which determine the current operating environment of the court. In addition we had to review data elements which are found in the public record. I'm going to be using the term "data elements" fairly frequently in this discussion. When I say "data elements" it's literally that: elements that make up a larger form or a larger record. One issue that we have from the get-go was getting people to understand that when I speak of a data element I might be speaking of a field in a form. Such as fill in your Social Security number. Fill in your financial account number. Fill in your date of birth. That's not talking about an entire record. Believe me after four or five years there are still people who didn't understand what I thought was a very basic and very simple point. Finally, after conducting a review of what was in the public record, we wanted to identify those elements that could help, I won't say help facilitate, but which ones were going to be dangerous to have out there, which ones could be sensitive, which ones would bother people. And again, ultimately, as identity theft and data theft became an issue, which ones might lend themselves to being stolen and being misused.

Let's talk a bit about why open records in the first place. At its base, open records are the citizens' way of keeping an eye on the workings of all branches of government. In fact, as I was rethinking this presentation, I considered this almost a fourth branch of government. Here in the US, for our Oxford visitor. We obviously have three branches of government. We have the judiciary, we have the legislative, and we have the executive. I consider this the fourth branch to be citizens. Part of our obligation as citizens, and being a check and balance in a fourth branch kind of way is to vote and to make your public voice known. But the other way is to act as a check and balance is to shine a light on the workings of government. That's what open records do. Open records promote government accountability by letting citizens look at how government is doing its job. Is it doing it efficiently? Is it doing it cleanly? Is it doing it in the public interest? Now to have open records there's a little bit of a trade-off. Some of your privacy may go away so you can keep an eye on public servants. So an example might be in many many states and certainly in Ohio, I could go online and find out how much a house was paid for. How much did this house cost? Why is it important? It might not be important for me to know how much a house cost across town unless that house was purchased by the mayor. If it was purchased by the mayor and the asking price for this million-dollar house and he only spent $200. You might think there's something shady going on. Just a quick example of how open records can shine a light on government.

One thing again that we emphasize in the committee over and over again, is that shining a light on government means shining a light on how government operates, making sure it operates fairly. Open records are not designed for a citizen to have the ability to snoop into the affairs of others. That's not their purpose. It may occasionally be the result. That's where we get to that trade-off between privacy and public records. The idea of open records again predates the Constitution. It's based on a history of public trials that goes back to our history in England and the avoidance of star chamber proceedings and things along those lines where what would happen behind closed doors would stay behind closed doors and we might not know why somebody was convicted or had their property taken away or their freedom taken away. But we just have to believe it at the say-so of the judge. Or whatever jury or whoever else. Openness promotes fairness, real and perceived. It promotes confidence in government, trust in the government, and trust as the government exercises its duty. Again, it's the fourth branch of government. It's how the citizen, aside from the vote, can provide checks and balances.

So that was then. Historically, public records have been protected by a notion called practical obscurity. What that means is it's typically been way too much of a pain in the rear for a citizen to go to the courthouse or go to the recordholder's office to dig out the public records because they have to go Monday through Friday 8-5, 9-5, during business hours and most people seem to have jobs. So it makes it awfully difficult to do so. It means you're taking time off work, or you are paying somebody to do it for you, like an attorney. So up until fairly recently, it was only the media and attorneys, and other people with resources, and maybe cranks with axes to grind that would troop all the way down to the public recordholder's office and say "Can you please look up x,y, and z for me?" That person then have to wait as an attendant would go off and either make copies or dig through boxes of records or say, "You'll have to come back in a week because that's at another storage facility."

It made things often difficult. On the other hand, on the up side some might say, it made it awfully difficult for your neighbor to snoop around about your divorce, or how much you paid for your house, or things along those lines. The point is that much public records law developed around the notion of these paper records and practical obscurity. We don't live in that era anymore.

This is now. So the last 50 plus years have seen the rise of electronic records and the Internet. Electronic records very much predate the Internet. Let's be very clear about that. This idea about greater access to records has been brewing really since the 60s and 70s. I would actually trace it back to the 40s. Because certainly in Nazi Germany they used the early computer punch card system and were very organized in how they went about distributing people through the Holocaust experience. Certainly in the 50s, 60s and up through the 80s, we saw a rise in computing. Large data sets and homemade databases and big mainframes and magnetic tape. All these things made life very organized in the Jetsons futurist world as we saw it then.

Now over time, the size of the computer, the speed you can access those electronic records, the complexities of the records themselves, the complexities of the searches you can go into, changed. Mainframes shrunk and shrunk and shrunk and shrunk it until we now have these. And things much smaller. So what does that mean? Now we have the rise of the Internet. With the Internet and particularly since the late 90s and into the 2000s we have public records that can be and are available 24 hours a day seven days a week. On the one hand that's great. It means we can to more efficient searching and shining the light on government from our home whenever we want. That's a very very good thing. Again the fourth branch of government - checks and balances. However there are obviously very real threats as well as many exaggerated once surrounding things like identity theft and the public snooping of private facts.

What it's come down to is that policy has not caught up with technology and technology has outstripped the law. We are caught behind. A 2004 GAO study by the federal government said that public sector agencies in 41 states reported visible social security numbers in at least one type of record. In many it was up to 10 records. 75% of counties hold records that display that Social Security number publicly. I would say that's probably a low estimate. I would say it's probably closer to 90. So obviously there is issue. Social Security numbers, because they are a de facto identifier, have become very very very sensitive and highly prized commodities. When I started my work with the subcommittee, members of the media and a couple members that were clerks of court said, basically, "Show me the money. Show me that any identity theft has actually been tacked to Social Security numbers that you can find online." As opposed to what often happens which is misdeeds done by evildoers within organizations, who fished through the trash and find things. As I will point out, there is proof in that pudding.

So just a sample of some headlines. As you can see these are all within the last month and a half. I could have probably put up another 50 or 60. There has been a boom in this issue. Again, we are finding that policy is catching up with the technology. Or at least a push. So what does this policy gap mean? Well again, Data Exposure, Counties across the US Posting Sensitive Data, Privacy and Security Motivate Moves to Curtail Access... I'm just going to take a snippet of quotes from some of the stories.

Here's a privacy advocate based in Richmond Virginia saying, "Sites like county clerks of court and other government database sites are spoon feeding criminals the information they need. No one appears to be seeing it. Nobody is changing the law.

"Web sites are a veritable treasure trove of information for identity thieves and other criminals."

"But on the other hand, there is a real need to keep the information flowing," says someone who works within the government, adding that there is a real need to protect data as well. "There is little evidence so far that publicly available information on government sites has contributed to identity theft. (I'll dispute that in a second.) For most identity thieves, the effort involved in sifting through millions of records simply is not worth it."

That was something that we butted up against in my work on the subcommittee. As we'll see when I get to some of the Ohio news stories, that's simply not true anymore. The other thing I want to point out is that if you look at the sample of sites here, we have Vermont, Florida, North Dakota, New Hampshire, Minnesota, I have, this is strictly for visual effect, these are all stories again within the last six weeks, from a variety of states including those but also Pennsylvania, Massachusetts, and then because it's near and dear to my heart because I happen to live there, Ohio.

So, the irony is that in my work with the subcommittee, working, we've not been exactly restrained in what we've been asked to say publicly, but it's been very narrow and attached to court records. Currently our proposal, which I'll discuss towards the end of the presentation, is before the Supreme Court of Ohio and they're determining what to do with it. But I was pushing for them to make a decision because at some point, something was going to give, what was going to give was a data breach or data leak of some sort. The first headline that you have there is Ohioans' Info Online. "Hundreds if not thousands of Ohio and Social Security numbers are posted on Secretary of State's web site." That came out on the third of March. The following day, separate issue. Identity theft suspects named. "A local ring of ID thieves used a Hamilton County government web site to access Social Security numbers and other data is that helped them steal nearly $500,000."

I think that punches a hole in the previous statement where they were saying that, "oh no, you can't say what's found on the Internet is actually leading to identity theft." Whoops yes it is. This is just the ones that were caught. This to me is just the drop in the bucket because you don't know where a lot of the identity thefts come from. Unless the identity thieves are caught and it can be shown where they got their data, a lot of the just goes and is paid for by credit card companies or yourself and you have to pay to get your financial name cleaned. But if the person is ever caught, we don't know where they got the data from. So identity thieves take stuff and where was the site from? It was actually from a court web site. So what happens in response? What I would say bad public policy. County's web site cleansed. Prosecutors Charge Eight with Identity Theft. Hamilton County officials ordered the removal of hundreds of documents from the county web site after learning that some contain Social Security numbers."

So we have a feast or famine going on. Either everything is going to be out there, or were going to take it all off because people can't play nicely. In yet another recent outing in Ohio, this is from a couple weeks later, Social Security Numbers Pulled off Web Site. This is in the different county in Ohio, one in northeast Ohio as opposed to Southwest Ohio. Same sort of set up, people were worried about identity theft. There were accusations made, and identity theft had indeed occurred. So the response is, "Let's yank it all." I find that bad public policy.

So what do you do? The good news is despite the amount of records that are out there, and despite the hubbub going on, I don't think it's too late to fix things and to fix them right. I don't think the proper response is to yank everything off. Just as I don't think necessarily the proper response will be to put everything on. But here are our choices. What can we do? We can maximize access. Provide the broadest access to public records by placing them on the Internet. Don't change a single thing from their current paper or electronic form. Obviously this minimizes privacy but it maximizes the amount of light shining on the workings of government. You can have a middle ground response. Review the data elements within the public record files, modify them to protect privacy interests. For example you might want to redact social security numbers to help prevent identity theft. Another middle ground that was discussed. Create a bifurcated record system. You limit online access to certain private or sensitive information but leave the complete paper record as it stands now, which includes that information, for review at the record holder's office. That's sort of similar of the idea of practical obscurity but you're giving a sort of truncated public record online. Finally you can maximize privacy which seems to be the trend in response. Yank it all. Don't put anything on the Internet. Maybe you leave records the same in the office, maybe you don't.

In examining these, with the subcommittee, we asked a couple fundamental questions. The first one was, should records on the Internet and their traditional paper/electronic counterparts be treated identically in terms of public access? In other words, should what we get online exactly match what you would get if you went down to the record holder's office? To which I say resoundingly ³yes!² It seems like a no-brainer to me, but I've been working on this for a long time, and I realize that I might be stuck in my ways. But it seems like a no-brainer. Why should you do this? Why should electronic records and their traditional counterparts be treated identically in terms of public access? Well, as my first point says, doing otherwise is to force the genie back in the bottle. All records are to be kept in electronic formats soon anyway. Why do we need boxes of moldering paper or their former electronic counterparts? Boxes and stacks and racks of moldering magnetic tape, store it somewhere in the remote warehouse where it's hard to access, and/or you lose the capability of accessing them through either technological obsolescence or the paper simply rots. Why are we trying to hold back the future?

Now some more practical reasons might be, "Why should citizens have to go down to the courthouse for the real record when doing so undermines access, and disadvantages many many communities, the rural community? If you live out in the middle of nowhere which is plenty of Ohio and actually plenty of upstate New York, it's going to be tough to get to that recordholder office. Not only to have to take the time off from your workday to do this, but you might have to drive 30, 40, 50 miles, figure out the right place to go, wait in line, wait to get the record, maybe come back to get the record. It also certainly helps the disabled community to be able to access things online, as many many particularly rural, in Ohio we have an 88 County Court system. Each court is independent. Are all of them ADA compliant at this point? I dare say no. Lower income people. Especially if you are having to work all day at a blue-collar job or you may not have the opportunity to take more than your 30 minute lunch, or you're 15 minute break, you don't have the opportunity to go to the courthouse without taking that time off.

This gives you the opportunity 24 hours a day seven days a week to see the same public records that the media, that rich attorneys, that anybody else who cares to who can make it to the courthouse and is empowered in that way to do, you can do. Finally, as I point out, attorneys or people representing themselves, have better access. The media, ultimately have better access. Yes, the New York Times, the Cleveland Plain Dealer, have plenty of reporters who can go and look stuff up at the recordholder. They have that sort of budget. But smaller media sources do not.

There are other practical reasons as well. There are cost savings. It's simply cheaper to keep one set of records rather than worrying about creating policy around the original or real set or whatever set you to put up on the Internet, or not. Finally, online records encourage more access which leads to greater accountability. I'm sure many of you remember the whole hubbub about James Frey and his appearance and all the public records surrounding what he really did in college on a smoking gun. That's an example of the power of the Internet. And having access to all the records. The media might never have gotten a hold of the story. People might not have held him accountable. While that's an example of the media figure being held accountable, or an arts figure, that same scrutiny can be leveled on public officials and the workings of government. That is why the record sets need to be the same.

So what do we ask next? What information currently in the court file should not be public? If we're going to have it the same, both online and off-line, in paper and in electronic, and on the Internet, there's got to be some give. I don't advocate putting everything everything everything out there. Identity theft via Social Security numbers has been proven now, beyond a shadow of a doubt. So what are we going to do to take care of things? Again it's a no-brainer. What we then have to examine is what should not be public? Now this is going to be tough. I'll make the last point first. This is where the rubber really meets the road. It is a state by state, branch by branch, could be county by county, court by court, city by city decision. It's really really tough. It depends on what your public records laws are. In the United States, there is no single set of public record law. There is no uniform data law. As Peter will discuss, there are some sectors such as health care, financial, more obscure things like driver's license, video rental records where there is specific legislation. But unlike the UK, unlike a good chunk of Europe and Asia and growing in South America, there is no holistic approach to public records. There is nothing in the Constitution that says, "Thou shalt have privacy." It's simply not there. It's been inferred and implied via the fourth amendment and some other penumbra decisions. But there is nothing giving you a right to privacy.

So how do we determine what shouldn't be public then? What we did was a very basic balancing test. The first question we asked is, "Does the data in question shine a light on the workings of government? Will having this piece of information allow citizens to do their checks and balances? Will it allow then to see that their government is working fairly for everybody, that they're being cost efficient, that they're not being deceptive?² If the answer is yes you ask another question. "Is the data in question of a sensitive nature? Is it like a Social Security number so that the disclosure of data can lead to individual harm? Can it lead to identity theft? Can it lead to someone stalking you? Can it lead to any other sort of misdeed?² If that answer is yes, you have to figure out if the privacy issues of an individual outweigh the public's need to know. And that I'm here to tell you is up to you. There are no easy answers. Again it gets back to the rubber meeting the road. The subcommittee worked for four years on this exact problem, asking ourselves these questions on numerous numerous numerous numerous data elements. It was hard work. It was messy work. It could be frustrating. There was many an argument. Again there are no easy answers, you just have to be willing to go through the process and do it right. And thankfully for the Supreme Court of Ohio, they charged us with, "We don't care how long it takes, we don't care what records law there is right now in the state of Ohio, we want you to do this right." It was refreshing to have that sort of empowerment.

So how do we get there? This gets back to where I was at the beginning. You create a diverse body to examine these things. Again, we, I am proud to say, were a very diverse body. The Supreme Court did a very good job of putting together a group of people who had diverse opinions, diverse pigs in the poke. Members of the media certainly looked at things differently than judges, who looked at things differently than clerks of court. Then having members of academia, members of advocacy groups like victims rights groups for instance. As well as people from the data industry itself. I don't know if many of you know, but Lexus is actually housed in Ohio. They would send members occasionally to see what we were doing. Our group was open to the public.

What did we do? We did identify the current body of law. I am happy to say that the Ohio Attorney General's office, while completely opposed to our process, completely opposed to our belief that what is online and off-line should be the same, did a great job of identifying the laws for us, and explaining where there was conflict and how this may or may not call for changes in Ohio's public records laws. We went through our data elements. That's where the clerk of courts came in. They know those forms better than anybody else. So they were able to highlight, okay on this form you are likely to see this and this and this. Finally, we then went through and we identified data elements that might facilitate identity theft or be too sensitive. What then? Well then we worked as a group to decide what should be public and what shouldn't be. I'm happy to say that there were very few elements that we ended up redacted from the public record. We looked at anywhere between 75 and a hundred individual data elements, which means we discussed them, parsed them out, voted on them whether to redact them from the public record or not. And basically those came down to two pieces of information that we were always unanimous on. Social Security numbers and financial account numbers should not be part of the public record. They don't shine a light on the workings of government.

Now that's not to say that identifiers are not important, and it's not to say that financial information is not important. I'll toss out the example of a divorce record. A divorce record is something that yes, our public has a right to see, because it shines a light on the workings of government. Is the judge doing a good job in how he's disposing of assets in a divorce? You might want to know that in a case where a husband is a millionaire and gives virtually nothing to the wife, you might wanna know that. You might want to know why. In that case you might want to know that the husband has $500,000 in a bank account in the Virgin Islands. Or let's take it out of there because that becomes more complicated, in a bank account in New York. Do we need to know the account number so that we can perhaps have some identity theft fun? No. But we might need to know the name of the bank and that's OK. Similarly with credit card information, you might need to know that he's also carrying $700,000 worth of credit card debt that can be shown to be attributed to the wife that he didn't know he purchased. So there's give-and-take that you as a citizen can now look and make your own judgment. Was the judge fair on this? Did he do his job properly? This is shining the light on the workings of government. It's the citizenry checking on the government. And again, what's the other part of that that might take place? If it's a judge that can be voted out of office because he is doing an unfair job, you can exercise your vote.

After going through the 75 to a hundred odd data elements, which is way more boring than it even sounds, minus the fights that would break out occasionally. We were then charged with drafting a privacy and access policy. We've done it. This is where I deviate from some of where we've moved with the Supreme Court. That policy to my knowledge is still caught up with the Supreme Court of Ohio's Chief Justice and his office. They are trying to determine how to best approach things next. What I advocated for was that this policy needs to be sent out for public comment. The Supreme Court charged us with creating the policy. What more do they need to review it? Didn't they trust us to do our job? So if I were the person in charge, I'd send it right out for public comment. I would want public discussion. I would hold it, much as they have with her interoperability and infrastructure groups, they've held town meetings around the state. I'd say the same thing. These are the citizens' records. They are not the government's records. They are the records of the citizens of the state. The citizens have a right to have a say in this matter. Next what do you do after the public comment? That's when you come back and look at things. You might modify your draft legislation. In Ohio I can tell you there is a strong push from the court system to say, ³These are our records, you cannot legislate these records² because in the US, again, we have the three branches of government and we don't want the Legislature telling the judicial system what they can do with their records. And to that I say, "I don't care what you guys do, just figure it out!" So by the time we left, we'd actually worked with a number of legislators saying, "Look, the court is more comfortable making these rules through what's called their governing rules, rules of governance for the courts, but, what would be great would be if you drafted legislation that supports the rules." At one time they were on board with this. I don't know that status now.

Finally, the other thing that has not been discussed because I haven't gotten that far, but something I strongly advocate for is, much like the rest of the world, there needs to be a structure in place to oversee an audit policy and implementation of these rules or of these laws. There needs to be data officers. Data officers at many many levels. I would advocate that virtually every county in the state of Ohio have someone who is tagged with promoting the protection of the data. They could be called the Chief Privacy Officer, professional, whatever you want to call them. There needs to be someone where there's a bottom line. And then in addition to these officers, there should be some privacy ombudsmen. These are people who, and I'm ripping this off utterly from the Canadian model, people that the public can go to and say, "Hey, there's a problem here. The data officer is stymying me. I want somewhere else to go and you can take up the charge.² This is someone who has some small bit of governmental control or power to say, "Alright let me dig into things because the public, again, has that right to know and there's been a problem."

Now I want to point out that the small amount of things that we redacted from the public record, also fits in on the national level of this. In Orange County, they did a study going back to 1970 looking for Social Security numbers, bank account numbers, credit card numbers and debit card numbers. Basically the stuff we decided should be redacted from Ohio's public record. So far 7 million pages covering 2.2 million documents recorded between June 2002 and April 2005 were inspected. Out of those pages in Orange County, 1.63% or 119,000 had information that needed to be redacted. On the one hand 119, 000 is not a trifling number. On the other hand, 2.2 million documents. So the percentage is going to be small. And where we got pushed back from certain members of the media, or even members of the judiciary saying, "Well if you're going to change Ohio's public records law, you are pulling the right public's right to know." That's not true. This is a small small group of things that we're looking at. The small group of data elements that we're looking at, do not shine a light on the workings of government.

So to wrap things up, public records law policy is at a crossroads. I would say it's maybe a little past the crossroads now and starting to go down the wrong path. The law is unclear, policy has not evolved with the technology, and, honestly, especially at the state and local level, people are stumbling. They don't know what to do. They don't know where to turn. And that turn is to go down that wrong path of, "Well if there's a problem we yank everything." That is not the solution. In order to best serve the citizen and government interest and access, accountability and privacy, public record law and policy should be modified. Information not necessary to shining a light on the workings of government should be redacted. Public records should be the same online and off-line. Pretty simple.

I just want to toss out a few web sites for you. I will be happy to e-mail you this presentation if you would like. I have cards. You can talk to Tracy. One thing that is not up here because I didn't want to bore you with it and it's a really ugly long URL, but I'm also happy to point you to the actual working document that I worked on with the Supreme Court of Ohio. What these are are some very good overview sites.

Tracy Mitrano:
If you would e-mail that information to us, your whole presentation Sol, and we'll put it up right underneath the video segment. [See PowerPoint slides of this talk]

Sol Bermann:
I would love to. So, if you want to get a hold of me, I am not so private about that information. [Laughter] If you have a questions in the meantime...