Walking a fine line on Web access

While preparing a report on security failures at U.S. nuclear weapons sites last fall, researchers at the Project on Government Oversight were astonished to find maps on government Web sites showing where plutonium and enriched uranium were stored.

The highly detailed maps "provided virtual target information" at 10 nuclear facilities, Danielle Brian wrote to Energy Secretary Spencer Abraham Oct. 3. The maps should be taken off the Internet, said Brian, executive director of the Project on Government Oversight.

By early November, the maps were gone, but Brian again wrote to Abraham in January. This time she complained that the Energy Department had gone too far. Instead of simply removing the maps, the department deleted lots of other material, including environmental impact statements intended to alert communities to potential dangers posed by the weapons sites.

Since its creation, the Internet has sparked debate over how "public" is too public, but the question took on real urgency after the Sept. 11 terrorist attacks. What has traditionally been public information — whether it's personal data from court documents or information on hazardous materials compiled by the Environmental Protection Agency — is much more public when it's online.

In January, the FBI's National Infrastructure Protection Center warned that the Internet has made "arcane and seemingly isolated information quickly and easily retrievable." Therefore, information useful for planning attacks on the U.S. infrastructure "is being accessed from sites around the world," the NIPC warned.

The FBI urged government and private Web site operators "to apply common sense in deciding what to publish on the Internet. The events of Sept. 11 have shed new light on our security considerations."

Perhaps the most dramatic reaction to the terrorist attacks came from the Nuclear Regulatory Commission (NRC), which completely shut down its Web site in early October.

The site included detailed information such as the longitude and latitude coordinates of 103 nuclear plants, technical data on plant operations, detailed engineering schematics of plant systems and components, and aerial photographs.

"We kind of prided ourselves that we were such an open agency," NRC spokeswoman Mindy Landau said. "We let the public see what we did," believing that openness helped instill public confidence in NRC decisions.

Immediately after the terrorist attacks, NRC was criticized for having too much information on the Internet. Then, after shutting down its Web site, the commission was criticized for having none.

The NRC Web site is back on the Internet now, minus information deemed potentially useful to terrorists, and the commission staff is working to develop a clearer policy on what information should be kept off-line.

But the Internet "will still be a cornerstone" in NRC's effort to maintain public confidence, Landau said.

Citizens need quick access to emergency information, and the NRC.Web site should provide it, she said. The NRC site should provide data on how well nuclear plants are performing and what enforcement actions have been taken at various plants, she said. "But there may be other information that people don't need to know."

The Federal Energy Regulatory Commission is also wrestling with Web content questions. In October, FERC removed "tens of thousands" of documents from the Internet and from public reading rooms, cutting off access to detailed information on hydropower plants, natural gas and oil pipelines, electric transmission lines and other "critical infrastructure."

Linwood Watson, acting FERC secretary, said the information was withdrawn after warnings from the FBI and the Justice Department of possible terrorist strikes against pipelines, power plants and other energy infrastructure.

But in a notice published in January, Watson said he was concerned about the public's right — and in some cases need — for access to some of the information.

"The implementation of the environmental laws may be impeded or the processing of certificate or license applications may be unduly complicated" if information that is now off-limits is not made available again to at least some members of the public, Watson wrote.

But FERC may be more selective in the future.

Access to information about critical energy infrastructure "should be restricted to those who have a legitimate need for the information," Watson said. And recipients of the information might be required to sign nondisclosure agreements.

Watson did not rule out distributing sensitive information via the Internet again, but he said FERC might require the use of passwords, personal identification numbers or digital signatures to limit distribution to those deemed to need the information.

Since Sept. 11, concern about public information has spread beyond the Internet. The U.S. Geological Survey asked the Government Printing Office to destroy copies of CD-ROMs that contained detailed information on reservoirs and other public water supplies. Destruction orders, which were sent to librarians at 335 federal depository libraries across the country, generated "a lot of discussion in the library community," GPO spokesman Andrew Sherman said.

"The idea of removing public documents from public access is difficult" for librarians, Sherman said. "Their job is to promote public access."

Librarians' alarm mounted when FBI agents began visiting libraries in Arkansas to ensure that the CD-ROMs had been destroyed and to ask for records on who had used the CD-ROMs.

But such incidents are rare, Sherman insisted. Since 1995, GPO has distributed 230,019 items in print, on microfiche and on CD-ROM. Only 20 have been recalled, most because they contained incorrect or outdated information.

The National Archives and Records Administration (NARA).announced it would tighten access to archival materials "to reduce the risk of providing access to materials that might support terrorist activity." But by late January, only two documents were off-limits to the public — one dealing with the presidential retreat, Camp David, and the other detailing emergency evacuation procedures.

"We don't expect there will be a whole lot of others," said Lori Lisowski, director of policy and communications staff at NARA.

But advocates for open government worry that the clampdown on public information is just beginning.

"Look for more government information to disappear in coming months and the likely classification of many more new documents for national security reasons," warns Mary Alice Baish, Washington, D.C., representative of the American Association of Law Libraries.

That possibility is troubling to some. "One of the core tenets of democracy is open government," she said. To hold the government accountable, the public must be allowed to know what the government is doing.

"We are witnessing a transformation in the idea of public information," said Steven Aftergood, director of the Project on Government Secrecy for the Federation of American Scientists. Until recently, public information was considered "an unalloyed good," but since Sept. 11, it is increasingly seen as "a possible threat," he said.

"That will affect future disclosure policies, which will affect the nature of public policy," he said. "There are always constraints on information in wartime," but in the war on terrorism, "it is governmentwide in ways we haven't seen before."

The Federation of American Scientists removed about 200 pages of information from its own Web site after concluding the information revealed too much about U.S. nuclear and intelligence facilities.

An oversight panel should be created so agency decisions to remove information from the Internet could be appealed, Aftergood said. Decisions to withhold public information should not be made "by some anonymous agency official" without the possibility for the public to challenge them.

But for now, agencies operate on their own. "There is no government policy on what should be removed from the Internet," said Gary Bass, executive director the public advocacy organization OMB Watch.

In meetings with the Office of Management and Budget and the EPA, Bass urged Bush administration officials to "begin addressing the policy gaps" on Internet information. But that has not begun, he said.

The effect of lost access to information can be significant, Bass said. The EPA's decision to take risk management plans off the Internet may keep terrorists from learning where a bomb can do the most damage, but it also keeps information from Americans.

If the toxic plume from a chemical spill would envelop a school or day-care center, "don't parents have a right to know that?" he asked.

Brian, the Project on Government Oversight director, argued the same point in her second letter to Energy Secretary Abraham. "Hiding safety and security problems from the public does not make them go away. It leaves communities unable to prepare for and deal with potential problems," she said. Information that was unnecessarily stripped from the DOE Web site should be "returned as expeditiously as possible."

So far, that hasn't happened.

***

Yanked from the Web

Federal agencies that have pulled data from their Web sites include:

Energy Department

* Removed maps showing where plutonium and enriched uranium are stored.

* Pulled environmental impact statements intended to alert communities to potential dangers posed by those weapons sites.

Nuclear Regulatory Commission

* Temporarily shut down entire Web site in October 2001.

Federal Energy Regulatory Commission

* Removed detailed information on hydropower plants, natural gas and oil pipelines, electric transmission lines and other "critical infrastructure."

National Archives and Records Administration

* Pulled documents pertaining to Camp David, the presidential retreat.

* Withdrew details of emergency evacuation procedures.

***

Gone, but not forgotten

Often, information taken off Web sites can still be found on the Internet. Data is stored in:

* The Internet Archive, a nonprofit venture that has stored about 10 billion Web pages in an effort to preserve the Web~s history.

* Search engines~ caches.

* Private organizations as varied as Investigative Reporters and Editors Inc., which maintains a database of aviation incidents, and www.azzam.com, a pro-Taliban site operating off the coast of West Africa.