
    Donald R. KOSTYU, Plaintiff, v. UNITED STATES of America, Defendant.
    No. 87-72065.
    United States District Court, E.D. Michigan, S.D.
    June 18, 1990.
    
      Kay Schwartzberg, Detroit, Mich., for plaintiff.
    Stuart Gibson, Trial Atty., Tax Div., U.S. Dept, of Justice, Washington, D.C., for defendant.
   MEMORANDUM AND ORDER

COHN, District Judge.

I.

This is the fourth motion to dismiss or motion for summary judgment that defendants have filed in this Privacy Act case. Plaintiff, Donald Kostyu (Kostyu), alleges that the Internal Revenue Service (IRS) incorrectly named him as the leader of a violent tax protest group in an internal IRS publication entitled the Illegal Tax Protester Information Book — Document 7072 (Document 7072). Document 7072 was subsequently leaked to the public by means and for reasons which are as yet undetermined. Plaintiffs second amended complaint alleges that the Internal Revenue Service (IRS) and several of its individual employees violated various provisions of the Privacy Act (the Act), 5 U.S.C. § 552a, and that he is entitled to monetary relief. In its orders of June 26, 1988, March 8, 1989, and October 27, 1989, the Court dismissed all counts of plaintiffs amended complaint except count IX, which alleges that defendants failed to establish appropriate safeguards against the unauthorized disclosure of agency records in violation of section 3(e)(10) of the Act, 5 U.S.C. § 552a(e)(10). Now before the Court is defendants’ renewed motion for summary judgment as to count IX. Having reviewed the additional materials submitted by defendant, the Court is now satisfied that none of the alleged lapses in the agency’s security were willful and intentional and accordingly defendant’s motion for summary judgment will be granted. The reasons follow.

II.

A.

Count IX of plaintiff’s second amended complaint alleges that defendant violated section 3(e)(10) of the Privacy Act. Section 3(e)(10) provides that every agency which maintains a system of records shall:

establish appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained.

5 U.S.C. § 552a(e)(10). The only remaining issues in this case are whether the measures taken by the agency to safeguard its copies of Document 7072 were “appropriate” in light of any “anticipated threats or hazards to their security or integrity” and if not, whether the agency’s failure to do so was willful and intentional as defined in the Act.

B.

In its previous motion for summary judgment as to count IX, defendant presented evidence of the measures it took to safeguard copies of Document 7072 which were in the possession of Ruth Schweizer, an Intelligence Analyst in the IRS’ Office of Criminal Investigations. The Court found that this showing was insufficient to warrant the entry of summary judgment. Memorandum and Order of October 27, 1989 at 9-10. Apparently multiple copies of Document 7072 sent to regional IRS offices could not be accounted for and the Court noted that there was no evidence in the record as to what precautions, if any, were taken to safeguard those documents while in the custody of the regional offices. Id. at 9-11. Defendant has now submitted lengthy excerpts from the IRS’s Managers Security Handbook and the Physical Security Handbook detailing agency procedures for the classification of documents and the protection of records. These excerpts also reflect the efforts taken by the IRS to specifically comply with the requirements of section 3(e)(10) of the Privacy Act.

These Handbooks reflect that there are two main security classifications of IRS documents: Official Use Only (OUO) for routine confidential information and Limited Official Use (LOU) for more highly classified materials. Documents are classified LOU only when they “contain information of such important, delicate or sensitive nature that they should be treated confidentially, and restricted to those officials and their immediate subordinates who need to know such information” and “are intended for use by the highest officials within the Service or addressed to officials of the Department of Treasury.” IRM § 12(21), at 1272-136. As to OUO documents, the IRM notes that

[t]he limited distribution of Service documents, such as reports of investigation, memorandums, and correspondence, and the normal safeguarding of Service files as required by law to prevent unauthorized disclosures, make administrative classification unnecessary.

IRM § (12)31(1), at 1272-136. Agency regulations mandate differing levels of security for documents depending on their classification. Document 7072 was designated as OUO, as are most reports of investigations, IRM § 12(31), at 1272-136, and law enforcement manuals, IRM § 1(16)32.6, at 1(16)00-24.5. Plaintiff contends that classification of Document 7072 as OUO rather than LOU was more than grossly negligent and therefore a violation of the Privacy Act. The Court disagrees.

All non-public IRS materials, including those designated either OUO or LOU, are to be used and stored in work areas managed in accordance with the Minimum Protection Standards described in the IRS Manager’s Security Standards Handbook, IRM at 1(16)12-21 to 1(16)12-31. Among the minimum security standards maintained is a clean desk policy, which requires that documents be stored in locked containers when not in use, IRM § 327, at 1(16)12-23; the designation of sensitive work areas as “restricted areas,” IRC § 352, at 1(16)12-28; the use of ID cards to deny non-authorized personnel access to restricted areas, IRM § 342, at 1(16)12-27; and the use of key and combination locks to control access into restricted areas, IRM § 355, at 1(16)12-29. In addition, documents designated OUO must be packaged in opaque materials when shipped and secured so as to prevent breaking apart in transit. IRM § 1(16)32.53(2), at 1(16)00-24.4. There are to be no conspicuous markings on envelopes containing OUO documents identifying the materials as classified. Id. OUO information is to be reproduced only to meet operational needs. IRM § 1(16)32.53(4), at 1(16)00-24.4. Finally, when OUO documents are no longer required, they must be destroyed beyond all possibility of reconstruction. IRM § 1(16)32.53(5), at 1(16)00-24.4.

Documents designated LOU are ordinarily to be used only by the highest officials within the IRS or addressed to officials in the Department of the Treasury on a need-to-know basis. IRM § (12)21(2), at 1272-136. They must be stored in a locked steel filing cabinet. IRM § 1(16)32.52(l)(a), at 1(16)00-24.3. Any time the cabinet is unlocked, an authorized person will record the time and date, along with their initials. IRM § l(16)32.52(l)(b), at 1(16)00-24.3. At the close of the day, the container will be checked by someone other than the person who last locked it, and that person will record the time of the check along with his initials. IRM § l(16)32.52(l)(c), at 1(16)00-24.3. Anytime LOU documents are printed, the originator must arrange to maintain control over all copies and must contain a list of all officials authorized to receive it. IRM § 1(16)32.42, at 1(16)00-24.1. Shipment must be made by way of a traceable and receiptable method in a double-wrapped, non-forwardable container to be opened by the addressee only. IRM § 1(16)32.52(2), at 1(16)00-24.4. Employees having possession of LOU materials must return them upon separation from the IRS or changes of position. Id. Similarly, when a LOU document is no longer required, it must be returned to its point of issuance for signature or receipt release. Id. LOU documents may only be reproduced to meet the operational needs of the agency and all reproduced copies must be provided the same safeguards as the original. IRM § 1(16)32.52(4), at 1(16)00-24.4.

C.

In retrospect, it is possible that the classification of Document 7072 as OUO was inappropriate in light of the anticipated threats to its security and integrity. The Court has previously found that Document 7072 contained sensitive and defamatory material which could have been expected to seriously damage the reputation of persons named therein. Memorandum and Order, October 27, 1989. Moreover, given the well documented animosity between IRS field agents and suspected illegal tax protesters, the possibility of an agent’s illegally leaking incriminating materials to the media for political or other reasons should have been considered a possibility.

However, regardless of the objective wisdom of classifying Document 7072 as OUO rather than LOU, it is abundantly clear that the agency’s miscalculation, if any, did not approach the level of culpability necessary for liability to attach under the Act. As explained in greater detail in the Court’s October 27, 1989 Memorandum and Order, plaintiff would only be entitled to prevail in this damages action if he can demonstrate that defendant’s failure to take adequate precautions to safeguard Document 7072 was willful or intentional. 5 U.S.C. § 552a(g)(l). This has been interpreted to require a showing of fault “somewhat greater than gross negligence.” Having reviewed defendant’s additional submissions, the Court simply cannot say that the IRS' failure to classify Document 7072 as LOU rather than OUO rose to that level.

Document 7072 was a description of the various groups and individuals across the country involved in illegal tax protest activities. The Court has previously found that Document 7072 was promulgated to appraise and protect IRS agents against potential threats to their personal security posed by violent tax protesters. Memorandum and Order of March 8, 1989, at 7. Because of the nature of the information contained in this document, it was only useful if it could be widely disseminated among IRS field employees. This need for broad distribution made many of the more rigorous security precautions mandated by a LOU classification difficult or impracticable.

D.

By requiring a showing that any violation of the Act be willful and intentional, it is clear that Congress intended to reserve civil liability only for those lapses which constituted an extraordinary departure from standards of reasonable conduct. The Privacy Act does not make administrative agencies guarantors of the integrity and security of materials which they generate. Nor does the Act authorize the federal courts to act as micro-managers of the records practices of the administrative agencies. Rather the agencies are to decide for themselves how to manage their record security problems, within the broad parameters set out by the Act. The Senate Report accompanying the Act, stated that:

The Committee recognizes the variety of technical security needs of the many different agency systems and files containing personal information as well as the cost and range of possible technological methods of meeting those needs. The Committee, therefore, has not required in this subsection or in this Act a general set of technical standards for security of systems. Rather, the agency is merely required to establish those administrative and technical safeguards which it determines appropriate and finds technologically feasible for the adequate protection of the confidentiality of the particular information it keeps against purloining, unauthorized access, and political pressures to yield the information improperly to persons with no formal need for it.

S.Rep. No. 93-1183, reprinted in 1974 U.S. Code Cong. & Admin.News 6916, 6969. In so doing, the agencies have broad discretion to chose among alternative methods of securing their records commensurate with their needs, objectives, procedures, and resources.

The Act ... provides reasonable leeway for agency allotment of resources to implement this subsection. At the agency level, it allows for a certain amount of “risk management” whereby administrators weigh the importance and likelihood of the threats against the availability of security measures and considerations of cost.

S.Rep. No. 93-1183, reprinted in 1974 U.S. Code Cong. & Admin.News at 6969.

It is not for this Court to second guess the wisdom of defendant’s decision as to the appropriate level of security for Document 7072. It is enough that the precautions adopted were within the range of reasonableness defined by Congress. That plaintiff or the Court might have made a different decision in light of differing evaluations of the risks involved is of no moment. Neither the language nor the legislative history of the Act suggest that Congress intended to place such an onerous burden on administrative agencies.

III.

Accordingly, defendant’s motion for summary judgment as to count IX is GRANTED and the case is DISMISSED.

SO ORDERED. 
      
      . Both of these documents are published as part of the Internal Revenue Manual (IRM). All subsequent references to either publication will contain the IRM citation.
     
      
      . At the May 21, 1990 hearing on the parties’ cross-motions for summary judgment, plaintiff argued that the Court had already found as a matter of law that defendant’s security lapses were willful and intentional. Plaintiff based this position on certain oral comments made by the Court at the hearing on defendant’s previous motion for summary judgment as well as the Court's October 27 Memorandum and Order, in which it stated: "In light of the circumstances in this case, it is impossible to say that defendant’s conduct was not willful and intentional within the meaning of the Act.” As to the latter, it appears that the Court's unfortunate use of a double negative conveyed the misleading impression that it was granting plaintiff summary judgment on this issue. The Court meant only to observe that at that point, the state of the proofs were such that the possibility of some future showing of willfulness could not be ruled out and summary judgment for defendant was therefore inappropriate. As to the Court’s prior oral comments, suffice it to say that they were necessarily tentative and the Court speaks only through its written orders. Given the constantly shifting and developing state of the proofs in this case, re-evaluation of the Court's prior impressions as to the merits was both necessary and inevitable.
     
      
      . The Court’s ruling on the merits of this case is in no way meant to minimize the considerable diligence and tenacity with which plaintiff’s counsel approached this case nor diminish her outstanding performance at the most recent oral argument.
     