In the Beginning… In the Fall of 2007 FEMA wanted to post videos on You Tube, but there were issues…
Web 2.0 Tool LegalRecords Retention Staff/ManagementIT SecurityPrivacyCoordination Branding The Issues:
Legal/Privacy Records Public Affairs IT Solution: Intra- Agency Coordination
Result: Negotiated with You Tube to Create the First Government You Tube Agreement Launched in May 2008 with a Comment Policy in place
All third party web 2.0 applications have a Terms of Service Agreement. Many contain clauses that are legally objectionable to Federal Agencies.
Common Problem Clauses Changes to the Terms of Service Indemnification Confidentiality Choice of Laws Use of Agency Name/Seal for marketing purposes Persistent Cookies
Changes to the Agreement Most Terms of Service Agreements have a clause which allows the Company to make changes to the agreement by posting them on their website without prior notification. This defeats the purposes of making changes to the agreement in the first instance. –Alternative: Propose a notification period with a time limit for the Agency to concur with proposed changes or terminate the agreement.
Indemnification Indemnification essentially means that the User will compensate the Company for any damages to 3 rd parties from the User’s activities. These “open-ended” liability clauses are common in Social Media Agreements but are unacceptable for Agencies. Indemnification violates appropriations law as the Government cannot agree to expend moneys in excess of appropriations or in unlimited amounts. –Alternative: Change the indemnification clause to invoke the Federal Tort Claims Act as a limit if an individual or organization wishes to file a Tort Claim against the Government for damages. FTCA only applies to acts within the scope of a government worker’s employment – not to personal acts.
Confidentiality Many agreements contain a clause that requires confidentiality of the agreement or protection of the Company’s trade secrets. The Freedom of Information Act (FOIA) requires the Government to release information when requested unless it falls under one of 9 FOIA release exemptions. –Alternative: Cite the FOIA and your Agency’s FOIA regulations in the confidentiality clause as an exception to the prohibition on the release of confidential or commercially sensitive information.
Choice of Law Many agreements have a clause which says “this agreement is subject to the laws and Courts of State X”. The Doctrine of Sovereign Immunity does not subject the Federal Government to State Court forums. –Alternative: Change the Choice of Laws clause to reflect “any competent Federal Court”. If the company wants to specify a Federal Court in a specific State that is acceptable.
Use of Agency Name/Seal Many agreements have a clause which allows the company to use the Agency’s name/seal for commercial purposes. Use of the Agency’s Name/Seal by a commercial entity can be interpreted as an endorsement of the service by the Federal Government. The Government does not endorse commercial products. –Alternative: Allow the company to use the Agency’s name/seal only to state it is a service user (which is a statement of fact) and add an express provision stating that the company may not represent or imply that the Government endorses the product.
Persistent Cookies Many social media sites use persistent cookies to track users. –OMB Memorandum 03-22, OMB Guidance for Implementing the Privacy Provisions of the E- Government Act 0f 2002, Attachment A § III(D)(2)(a)(v)(1)(a)-(b) (Sept. 26, 2003) (prohibits federal agency use of persistent cookies or other web tracking technologies except that agency heads may approve the use of persistent tracking technologies for a compelling need).
Persistent Cookies Alternatives : – Meet the criteria for a waiver – Use third party sites in ways that do not trigger the use of persistent cookies on government or contractor run websites.
Why brand a Government Agency? Validation of information Protection of the Agency seal
But, there was a need for Governance and Policy FEMA Policy Working Group IT SecurityLegalIT External Affairs Office of Policy FEMA Programs Records Management
FEMA’s Use of Web 2.0 Internal External Situational Awareness
Web 2.0 Strategy Appropriated Need Identify Tool Discuss with IT, Security, Legal, Privacy, Records Management, etc Develop a Plan to Address Issues Implement with SOPs Appropriated Need Identify Tool Discuss with IT, Security, Legal, Privacy, Records Management, etc Develop a Plan to Address Issues Implement with SOPs
FEMA Policy in Development –Broad guidance Allows for Issue Spotting –Develop solutions –Outlines Certain Prohibitions Endorsements Collection of PII information –Addresses Employee usage
Some Issues We Have Encountered: Endorsement Privacy Records Management Paperwork Reduction Act Free Speech FACA Cyber Security Employee Usage
Endorsement In 3 rd Party Agreements In Selecting a Service Links to Commercial Sites Use of 3 rd Party Graphics or Trademarks
Selecting A Service The Government must act impartially in all of its actions; which means it may not give preferential treatment to any organization or product as a general matter. –In a Social Media Context – you have to reach out to all similar social media applications. Example: If you want to post photographs, you should approach both Flickr and Picasa and any other available service.
Links to Commercial Sites Unless there is a need, Agencies should avoid linking to 3 rd party commercial sites. –Direct links to commercial sites may be construed as an endorsement of the product or service. Any links to 3 rd party sites should be accompanied by a bumper or similar style of disclaimer.
Use of 3 rd Party Graphic or Trademark Placement of a 3 rd Party’s Graphic or Trademark could be viewed by viewers as implying endorsement by the Government of the product or service. –Tip: Government Agencies should not place 3 rd party graphics or trademarks directly on their websites unless it is accompanied by an appropriate disclaimer.
Privacy –Persistent Cookies We do not embed third party applications that use persistent cookies on our sites. –Collection of PII Information We use strong disclaimers advising people not to give us PII information. –Moderate to avoid posting PII We have a Fan page as opposed to friends so we do not see individual’s personal pages. –Anonymous Posting We allow for and encourage anonymous posting using screen names on third party applications and posting anonymously on our blog. –Bringing PII information into Agency Records Do not collect information –Contractors must follow the Privacy Act As required by the FAR
Records Management Web 2.0 applications are Federal Records –Especially applications on a.gov site or on a third party site created by the Agency. –They are subject to FOIA, E-discovery, Federal Records Act. Agencies need to create or insure the existence of records schedules for web 2.0 media. –Until then they must retain all web 2.0 posts.
Paperwork Reduction Act Web 2.0 applications are not exempt from the Paperwork Reduction Act. –Rhetorical questions such as “What do you think?” could be seen as a collection of information. Allow for comments without asking questions or performing surveys.
Freedom of Speech/Moderating Forums Web 2.0 applications can be seen as a limited public forum. Which allows the Government to limit speech. May limit by: –Topic –Language (racist, sexual, obscene, etc) May not limit political speech. –Our policy is as long as the comment is on topic and does not use offensive language we will post it.
FACA Web 2.0 technology allows an agency to set up its own network or portals limiting who has access to the information. –This could trigger FACA. Avoid FACA issues by allowing all access to web 2.0 applications. –Or limiting access based on the FACA exceptions State and Local officials
Cyber Security Any use of Web 2.0 technology has Cyber Security issues. –Work with your cyber security office especially when placing third party application on your network. To protect information remind employees that they may not disclose non public information.
Employee Usage – Per 5 CFR §2635.701-705 –An employee may use Web 2.0 applications on their own time. This implies that the employee will not engage in personal Web 2.0 use at their workplace during business hours and will not use government equipment. »There is a limited personal use exception that allows for the use of government equipment, but it is limited. –An employee may not state or imply that their use of Web 2.0 applications is official. –An employee may not use his/her government title while using Web 2.0 applications.
–An employee may not release or discuss any non-public government information. This implies that employees are free to discuss all public government information, share all public information, and refer users to governmental websites for additional guidance if it is available. –An employee may not use his/her government email account for the personal use of Web 2.0 applications
Other Issues -There are many How to handle them: – Use the technology before signing off on any web 2.0 technology Set up a personal account and play with the application. –Identify the issues and develop solutions The law does not address this type of technology have to act in the “spirit” of the law.
The Way Forward Work together to develop the tools we need to support our mission. We want FEMA employees to use these tools
Jodi Cramer FEMA Office of Chief Counsel 202.646.4095 firstname.lastname@example.org