[Pages S14535-S14541]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
By Mr. KOHL (for himself and Mr. Torricelli):
S. 1901. A bill to establish the Privacy Protection Study Commission
to evaluate the efficacy of the Freedom of Information Act and the
Electronic Freedom of Information Act Amendments of 1996, to determine
whether new laws are necessary, and to provide advice and
recommendations; to the Committee on the Judiciary.
the privacy protection study commission act of 1999
Mr. KOHL. Mr. President, I rise today to introduce the Privacy
Protection Study Commission Act of 1999 with my colleague Senator
Torricelli. This legislation addresses privacy protection by creating
an expert Commission charged with the duty to explore privacy concerns.
We cannot underestimate the importance of this issue. Privacy matters,
and it will continue to matter more and more in this information age of
high speed data, Internet transactions, and lightning-quick
technological advances.
There exists a massive wealth of information in today's world, which
is increasingly stored electronically. In fact, experts estimate that
the average American is ``profiled'' in up to 150 commercial electronic
databases. That means that there is a great deal of data--in some
cases, very detailed and personal--out there and easily accessible
courtesy of the Internet revolution. With the click of a button it is
possible to examine all sorts of personal information, be it an
address, a criminal record, a credit history, a shopping performance,
or even a medical file.
Generally, the uses of this data are benign, even beneficial.
Occasionally, however, personal information is obtained
surreptitiously, and even peddled to third parties for profit or other
uses. This is especially troubling when, in many cases, people do not
even know that their own personal information is being ``shopped.''
Two schools of thought exist on how we should address these privacy
concerns. There are some who insist that we must do something and do it
quickly. Others urge us to rely entirely on ``self-regulation''--
according to them most companies will act reasonably and, if not,
consumers will demand privacy protection as a condition for their
continued business.
Both approaches have some merit, but also some problems. For example,
even though horror stories abound about violations of privacy, Congress
should not act by anecdote or on the basis of a few bad actors. Indeed,
enacting ``knee-jerk,'' ``quick-fix'' legislation could very well do
more harm than good. By the same token, however, self-regulation alone
is unlikely to be the silver bullet that solves all privacy concerns.
By itself, we have no assurance that it will bring the actors in line
with adequate privacy protection standards.
Because it is better to do it right--in terms of addressing the
myriad of complicated privacy concerns--than to do it fast, perhaps
what is needed is a cooling off period. Such a ``breather'' will ensure
that our action is based on a comprehensive understanding of the
issues, rather than a ``mishmash'' of political pressures and clever
soundbites.
For those reasons, and recognizing that there are no quick and easy
answers, I suggest that we step back to consider the issue of privacy
more thoughtfully. Let's admit that neither laws nor self-regulation
alone may be the solution. Let's also concede that no one is going to
divine the right approach overnight. But given the time and resources,
a ``Privacy Protection Study Commission'' composed of experts drawn
from the fields of law, civil rights and liberties, privacy matters,
business, or information technology, may offer insights on how to
address and ensure balanced privacy protection into the next
millennium.
The bill I am introducing today would do just that. The Commission
would be comprised of nine bright minds equally chosen by the Senate,
the House, and the Administration. As drafted, the Commission will be
granted the latitude to explore and fully examine the current
complexities of privacy protection. After 18 months, the Commission
will be required to report back to Congress with its findings and
proposals. If legislation is necessary, the Commission will be in the
best position to recommend a balanced course of action. And if
lawmaking is not warranted, the Commission's recognition of that fact
will help persuade a skeptical Congress and public.
This is not a brand new idea. Twenty-five years ago, Congress created
a Privacy Protection Commission to study privacy concerns as they
related to government uses of personal information. That Commission's
findings were seminal. A quarter of a century later, because so much
has changed, it is time to re-examine this issue on a much broader
scale. The uses of personal information that concerned the Commission
25 years ago have exploded today, especially in this era of e-commerce,
super databases, and mega-mergers. People are genuinely worried--
perhaps they shouldn't be--but their concerns are real.
For example, a Wall Street Journal survey revealed that Americans
today are more concerned about invasions of their personal privacy than
they are
[[Page S14536]]
about world war. Another poll cited in the Economist noted that 80
percent are worried about what happens to information collected about
them. William Afire summed it up best in a recent New York Times essay:
``We are dealing here with a political sleeper issue. People are
getting wise to being secretly examined and manipulated and it rubs
them the wrong way.''
One final note: given that privacy is not an easy issue and that it
appears in so many other contexts, I invite all interested parties to
help us improve our legislation to create a Commission. We need to
forge a middle ground consensus with our approach, and the door is open
to all who share this goal.
Mr. President, I ask unanimous consent that the previously cited
material be printed in the Record.
There being no objection, the material was ordered to be printed in
the Record as follows:
[From the Economist--May 1, 1999]
The End of Privacy
Remember, they are always watching you. Use cash when you
can. Do not give your phone number, social-security number or
address, unless you absolutely have to. Do not fill in
questionnaires or respond to telemarketers. Demand that
credit and datamarketing firms produce all information they
have on you, correct errors and remove you from marketing
lists. Check your medical records often. If you suspect a
government agency has a file on you, demand to see it. Block
caller ID on your phone, and keep your number unlisted. Never
use electronic tollbooths on roads. Never leave your mobile
phone on--your movements can be traced. Do not use store
credit or discount cards. If you must use the Internet,
encrypt your e-mail, reject all ``cookies'' and never give
your real name when registering at websites. Better still,
use somebody else's computer. At work, assume that calls,
voice mail, e-mail and computer use are all monitored.
This sounds like a paranoid ravings of the Unabomber. In
fact, it is advice being offered by the more zealous of
today's privacy campaigners. In an increasingly wired world,
people are continually creating information about themselves
that is recorded and often sold or pooled with information
from other sources. The goal of privacy advocates is not
extreme. Anyone who took these precautions would merely be
seeking a level of privacy available to all 20 years ago. And
yet such behaviour now would seem obsessive and paranoid
indeed.
That is a clue to how fast things have changed. To try to
restore the privacy that was universal in the 1970s is to
chase a chimera. Computer technology is developing so rapidly
that it is hard to predict how it will be applied. But some
trends are unmistakable. The volume of data recorded about
people will continue to expand dramatically (see pages 21-
23). Disputes about privacy will become more bitter. Attempts
to restrain the surveillance society through new laws will
intensify. Consumers will pay more for services that offer a
privacy pledge. And the market for privacy-protection
technology will grow.
Always observed
Yet there is a bold prediction: all these efforts to hold
back the rising tide of electronic intrusion into privacy
will fail. They may offer a brief respite for those
determined, whatever the trouble or cost, to protect
themselves. But 20 years hence most people will find that the
privacy they take for granted today will be just as elusive
as the privacy of the 1970s now seems. Some will shrug and
say: ``Who cares? I have nothing to hide.'' But many others
will be disturbed by the idea that most of their behaviour
leaves a permanent and easily traceable record. People will
have to start assuming that they simply have no privacy. This
will constitute one of the greatest social changes of modern
times.
Privacy is doomed for the same reason that it has been
eroded so fast over the past two decades. Presented with the
prospect of its loss, many might prefer to eschew even the
huge benefits that the new information economy promises. But
they will not, in practice, be offered that choice. Instead,
each benefit--safer streets, cheaper communications, more
entertainment, better government services, more convenient
shopping, a wider selection of products--will seem worth the
surrender of a bit more personal information. Privacy is a
residual value, hard to define or protect in the abstract.
The cumulative effect of these bargains--each attractive on
their own--will be the end of privacy.
For a similar reason, attempts to protect privacy through
new laws will fail--as they have done in the past. The
European Union's data protection directive, the most sweeping
recent attempt, gives individuals unprecedented control over
information about themselves. This could provide remedies
against the most egregious intrusions. But it is doubtful
whether the law can be applied in practice, if too many
people try to use it. Already the Europeans are hinting that
they will not enforce the strict terms of the directive
against America, which has less stringent protections.
Policing the proliferating number of databases and the
thriving trade in information would not only be costly in
itself, it would also impose huge burdens on the economy.
Moreover, such laws are based on a novel concept: that
individuals have a property right in information about
themselves. Broadly enforced, such a property right would be
antithetical to an open society. It would pose a threat not
only to commerce, but also to a free press and to much
political activity, to say nothing of everyday conversation.
It is more likely that laws will be used not to obstruct
the recording and collection of information, but to catch
those who use it to do harm. Fortunately, the same technology
that is destroying privacy also makes it easier to trap
stalkers, detect fraud, prosecute criminals and hold the
government to account. The result could be less privacy,
certainly--but also more security for the law-abiding.
Whatever new legal remedies emerge, opting out of
information-gathering is bound to become ever harder and less
attractive. If most urban streets are monitored by
intelligent video cameras that can identify criminals, who
will want to live on a street without one? If most people
carry their entire medical history on a plastic card that the
emergency services come to rely on, a refusal to carry the
card could be life-threatening. To get a foretaste of what is
to come, try hiring a car or booking a room at a top hotel
without a credit card.
leaders
In a way, the future may be like the past, when few except
the rich enjoyed much privacy. To earlier generations,
escaping the claustrophobic all-knowingness of a village for
the relative anonymity of the city was one of the more
liberating aspects of modern life. But the era of urban
anonymity already looks like a mere historical interlude.
There is, however one difference between past and future. In
the village, everybody knew everybody else's business. In the
future, nobody will know for certain who knows what about
them. That will be uncomfortable. But the best advice may be:
get used to it.
the surveillance society
New information technology offers huge benefits--higher
productivity, better crime prevention, improved medical care,
dazzling entertainment, more convenience. But it comes at a
price: less and less privacy
``The right to be left alone.'' For many this phrase, made
famous by Louis Brandeis, an American Supreme Court justice,
captures the essence of a notoriously slippery, but crucial
concept. Drawing the boundaries of privacy has always been
tricky. Most people have long accepted the need to provide
some information about themselves in order to vote, work,
shop, pursue a business, socialise or even borrow a library
book. But exercising control over who knows what about you
has also come to be seen as an essential feature of a
civilised society.
Totalitarian excesses have made ``Big Brother'' one of the
20th century's most frightening bogeyman. Some right of
privacy, however qualified, has been a major difference
between democracies and dictatorships. An explicit right to
privacy is now enshrined in scores of national constitutions
as well as in international human-rights treaties. Without
the ``right to be left alone,'' to shut out on occasion the
prying eyes and importunities of both government and society,
other political and civil liberties seem fragile. Today most
people in rich societies assume that, provided they obey the
law, they have a right to enjoy privacy whenever it suits
them.
They are wrong. Despite a raft of laws, treaties and
constitutional provisions, privacy has been eroded for
decades. This trend is now likely to accelerate sharply. The
cause is the same as that which alarmed Brandeis when he
first popularized his phrase in an article in 1890;
technological change. In his day it was the spread of
photography and cheap printing that posed the most immediate
threat to privacy. In our day it is the computer. The
quantity of information that is now available to governments
and companies about individuals would have horrified
Brandeis. But the power to gather and disseminate data
electronically is growing so fast that it raises an even more
unsettling question: in 20 years' time, will there be any
privacy left to protect?
Most privacy debates concern media intrusion, which is also
what bothered Brandeis. And yet the greatest threat to
privacy today comes not from the media, whose antics affect
few people, but from the mundane business of recording and
collecting an ever-expanding number of everyday transactions.
Most people know that information is collected about them,
but are not certain how much. Many are puzzled or annoyed by
unsolicited junk mail coming through their letter boxes. And
yet junk mail is just the visible tip of an information
iceberg. The volume of personal data in both commercial and
government databases has grown by leaps and bounds in recent
years along with advances in computer technology. The United
States, perhaps the most computerized society in the world,
is leading the way, but other countries are not far behind.
Advances in computing are having a twin effect. They are
not only making it possible to collect information that once
went largely unrecorded, but are also making it relatively
easy to store, analyze and retrieve this information in ways
which, until quite recently, were impossible.
Just consider the amount of information already being
collected as a matter of routine--any spending that involves
a credit or
[[Page S14537]]
bank debit card, most financial transactions, telephone
calls, all dealings with national or local government.
Supermarkets record every item being bought by customers who
use discount cards. Mobile-phone companies are busy
installing equipment that allows them to track the location
of anyone who has a phone switched on. Electronic toll-booths
and traffic-monitoring systems can record the movement of
individual vehicles. Pioneered in Britain, closed-circuit tv
cameras now scan increasingly large swathes of urban
landscapes in other countries too. The trade in consumer
information has hugely expanded in the past ten years. One
single company, Acxiom Corporation in Conway, Arkansas, has a
database combining public and consumer information that
covers 95% of American households. Is there anyone left on
the planet who does not know that their use of the Internet
is being recorded by somebody, somewhere?
Firms are as interested in their employees as in their
customers. A 1997 survey by the American Management
Association of 900 large companies found that nearly two-
thirds admitted to some form of electronic surveillance of
their own workers. Powerful new software makes it easy for
bosses to monitor and record not only all telephone
conversations, but every keystroke and e-mail message as
well.
Information is power, so its hardly surprising that
governments are as keen as companies to use data-processing
technology. They do this for many entirely legitimate
reasons--tracking benefit claimants, delivering better health
care, fighting crime, pursuing terrorists. But it inevitable
means more government surveillance.
A controversial law passed in 1994 to aid law enforcement
requires telecoms firms operating in America to install
equipment that allows the government to intercept and monitor
all telephone and data communications, although disputes
between the firms and the FBI have delayed its
implementation. Intelligence agencies from America, Britain,
Canada, Australia and New Zealand jointly monitor all
international satellite-telecommunications traffic via a
system called ``Echelon'' that can pick specific words or
phrases from hundreds of thousands of messages.
America, Britain, Canada and Australia are also compiling
national DNA databases of convicted criminals. Many other
countries are considering following suit. The idea of DNA
databases that cover entire populations is still highly
controversial, but those databases would be such a powerful
tool for fighting crime and disease that pressure for their
creation seems inevitable. Iceland's parliament has agreed a
plan to sell the DNA database of its population to a medical-
research firm, a move bitterly opposed by some on privacy
grounds.
To each a number
The general public may be only vaguely aware of the
mushrooming growth of information-gathering, but when they
are offered a glimpse, most people do not like what they see.
A survey by America's Federal Trade Commission found that 80%
of Americans are worried about what happens to information
collected about them. Skirmishes between privacy advocates
and those collecting information are occurring with
increasing frequency.
This year both intel and Microsoft have run into a storm of
criticism when it was revealed that their products--the chips
and software at the heart of most personal computers--
transmitted unique identification numbers whenever a
personal-computer user logged on to the Internet. Both
companies hastily offered software to allow users to turn the
identifying numbers off, but their critics maintain that any
software fix can be breached. In fact, a growing number of
electronic devices and software packages contain identifying
numbers to help them interact with each other.
In February an outcry greeted news that image Data, a small
New Hampshire firm, had received finance and technical
assistance from the American Secret Service to build a
national database of photographs used on drivers' licenses.
As a first step, the company had already bought the
photographs of more than 22m drivers from state governments
in South Carolina, Florida and Colorado. Image Data insists
that the database, which would allow retailers or police
across the country instantly to match a name and photograph,
is primarily designed to fight cheque and credit-card fraud.
But in response to more than 14,000 e-mail complaints, all
three state moved quickly to cancel the sale.
It is always hard to predict the impact of new technology,
but there are several developments already on the horizon
which, if the recent past is anything to go by, are bound to
be used for monitoring of one sort or another. The
paraphernalia of snooping, whether legal or not, is becoming
both frighteningly sophisticated and easily affordable.
Already, tiny microphones are capable of recording whispered
conversations from across the street. Conversations can even
be monitored from the normally imperceptible vibrations of
window glass. Some technologists think that the tiny
battlefield reconnaissance drones being developed by the
American armed forces will be easy to commercialize. Small
video cameras the size of a large wasp may some day be able
to fly into a room, attach themselves to a wall or ceiling
and record everything that goes on there.
Overt monitoring is likely to grow as well. Intelligent
software systems are already able to scan and identify
individuals from video images. Combined with the plummeting
price and size of cameras, such software should eventually
make video surveillance possible almost anywhere, at any
time. Street criminals might then be observed and traced with
ease.
The burgeoning field of ``biometrics'' will make possible
cheap and fool-proof systems that can identify people from
their voices, eyeballs, thumbprints or any other measurable
part of their anatomy. That could mean doing away with
today's cumbersome array of security passes, tickets and even
credit cards. Alternatively, pocket-sized ``smart' cards
might soon be able to store all of a person's medical or
credit history, among other things, together with physical
data needed to verify his or her identity.
In a few years' time utilities might be able to monitor the
performance of home appliances, sending repairmen or
replacements even before they break down. Local supermarkets
could check the contents of customers' refrigerators,
compiling a shopping list as they run out of supplies of
butter, cheese or milk. Or office workers might check up on
the children at home from their desktop computers.
But all of these benefits, from better medical care and
crime prevention to the more banal delights of the
``intelligent'' home, come with one obvious drawback--an
ever-widening trail of electronic data. Because the cost of
storing and analysing the data is also plummeting, almost any
action will leave a near-permanent record. However
ingeniously information-processing technology is used, what
seems certain is that threats to traditional notions of
privacy will proliferate.
This prospect provokes a range of responses, none of them
entirely adequate. More laws. Brandeis's article was a plea
for a right to sue for damages against intrusions of privacy.
It spawned a burst of privacy statutes in America and
elsewhere. And yet privacy lawsuits hardly ever succeed,
except in France, and even there they are rare. Courts find
it almost impossible to pin down a precise enough legal
definition of privacy.
America's consumer-credit laws, passed in the 1970s, give
individuals the right to example their credit records and to
demand corrections. The European Union has recently gone a
lot further. The EU Data Protection directive, which came
into force last October, aims to give people control over
their data, requiring ``unambiguous'' consent before a
company or agency can process it, and barring the use of the
data for any purpose other than that for which it was
originally collected. Each EU country, is pledged to appoint
a privacy commissioner to act on behalf of citizens whose
rights have been violated. The directive also bars the export
of data to countries that do not have comparably stringent
protections.
Most EU countries have yet to pass the domestic laws needs
to implement the directive, so it is difficult to say how it
will work in practice. But the Americans view it as
Draconian, and a trade row has blown up about the EU's
threat to stop data exports to the United States. A
compromise may be reached that enables American firms to
follow voluntary guidelines; but that merely could create
a big loophole. If, on the other hand, the EU insist on
barring data exports, not only might a trade war be
started but also the development of electronic commerce in
Europe could come screeching to a complete halt,
inflicting a huge cost on the EU's economy.
In any case, it is far from clear what effect the new law
will have even in Europe. More products or services may have
to be offered with the kind of legalistic bumf that is now
attached to computer software. But, as with software, most
consumers are likely to sign without reading it. The new law
may give individuals a valuable tool to fight against some of
the worst abuses, rather on the pattern of consumer-credit
laws. But, also as with those laws--and indeed, with
government freedom of information laws in general--
individuals will have to be determined and persistent to
exercise their rights. Corporate and government officials can
often find ways to delay or evade individual requests for
information. Policing the rising tide of data collection and
trading is probably beyond the capability of any government
without a crackdown so massive that it could stop the new
information economy in its tracks.
Market solutions. The Americans generally prefer to rely on
self-regulation and market pressures. Yet so far, self-
regulation has failed abysmally. A Federal Trade Commission
survey of 1,400 American Internet sites last year found that
only 2% had posted a privacy policy in line with that
advocated by the commission, although more have probably done
so since, not least in response to increased concern over
privacy. Studies of members of America's Direct Marketing
Association by independence researchers have found that more
than half did not abide even by the association's modest
guidelines.
If consumers were to become more alarmed about privacy,
however, market solutions could offer some protection. The
Internet, the frontline of the privacy battle-field, has
already spawned anonymous remailers, firms that forward e-
mail stripped of any identifying information. One website
(www.anonymizer.com) offers anonymous Internet browsing.
Electronic digital cash, for use or off the Internet, may
eventually provide some anonymity but, like today's physical
cash, it will probably be used only for smaller purchases.
[[Page S14538]]
Enter the infomediary
John Hagel and Marc Singer of McKinsey, a management
consulting firm, believe that from such services will emerge
``informediaries'', firms that become brokers of information
between consumers and other companies, giving consumers
privacy protection and also earning them some revenue for the
information they are willing to release about themselves. If
consumers were willing to pay for such brokerage,
infomediaries might succeed on the Internet. Such firms would
have the strongest possible stake in maintaining their
reputation for privacy protection. But it is hard to imagine
them thriving unless consumers are willing to funnel every
transaction they make through a single infomediary. Even if
this is possible--which is unclear--many consumers may not
want to rely so much on a single firm. Most, for example,
already have more than one credit card.
In the meantime, many companies already declare that they
will not sell information they collect about customers. But
many others find it possible profitable not to make--to--or
keep--this pledge. Consumers who want privacy must be ever
vigilant, which is more than most can manage. Even those
companies which advertise that they will not sell information
do not promise not to buy it. They almost certainly know more
about their customers than their customers realize. And in
any case, market solutions, including informediaries, are
unlikely to be able to deal with growing government databases
or increased surveillance in public areas.
Technology. The Internet has spawned a fierce war between
fans of encryption and governments, especially America's,
which argue that they must have access to the keys to
software codes used on the web in the interests of the law
enforcement. This quarrel has been rumbling on for years. But
given the easy availability of increasingly complex codes,
governments may just have to accept defeat, which would
provide more privacy not just for innocent web users, but for
criminals as well. Yet even encryption will only serve to
restore to Internet users the level of privacy that most
people have assumed they now enjoy in traditional (i.e.,
paper) mail.
Away from the web, the technological race between snoopers
and anti-snoopers will also undoubtedly continue. But
technology can only ever be a partial answer. Privacy will be
reduced not only by government or private snooping, but by
the constant recording of all sorts of information that
individuals must provide to receive products or benefits--
which is as true on as off the Internet.
Transparency. Despairing of efforts to protect privacy in
the face of the approaching technological deluge, David Brin,
an American physicist and science-fiction writer, proposes a
radical alternative--its complete abolition. In his book
``The Transparent Society'' (Addision-Wesley, $25) he argues
that in future the rich and powerful--and most ominously of
all, governments--will derive the greatest benefit from
privacy protection, rather than ordinary people. Instead,
says Mr. Brin, a clear, simple rule should be adopted:
everyone should have access to all information. Every citizen
should be able to tap into any database, corporate or
governmental, containing personal information. Images from
the video-surveillance cameras on city streets should be
accessible to everyone, not just the police.
The idea sounds disconcerting, he admits. But he argues
that privacy is doomed in any case. Transparency would enable
people to know who knows what about them, and for the ruled
to keep any eye on their rulers. Video cameras would record
not only criminals, but also abusive policemen. Corporate
chiefs would know that information about themselves is as
freely available as it is about their customers or workers.
Simple deterrence would then encourage restraint in
information gathering--and maybe even more courtesy.
Yet Mr. Brin does not explain what would happen to
transparency violators or whether there would be any limits.
What about national-security data or trade secrets? Police or
medical files? Criminals might find these of great interest.
What is more, transparency would be just as difficult to
enforce legally as privacy protection is now. Indeed, the
very idea of making privacy into a crime seems outlandish.
There is unlikely to be a single answer to the dilemma
posed by the conflict between privacy and the growing power
of information technology. But unless society collectively
turns away from the benefits that technology can offer--
surely the most unlikely outcome of all--privacy debates are
likely to become very more intense. In the brave new world of
the information age, the right to be left alone is certain to
come under siege as never before.
____
Nosy Parker Lives
[William Safire, Washington]
A state sells its driver's license records to a stalker; he
selects his victim--a Hollywood starlet--from the photos and
murders her.
A telephone company sells a list of calls; an extortionist
analyzes the pattern of calls and blackmails the owner of the
phone.
A hospital transfers patient records to an insurance
affiliate, which turns down a policy renewal.
A bank sells a financial disclosure statement to a
borrower's employer, who fires the employee for profligacy.
An Internet browser sells the records of a nettie's
searches to a lawyer's private investigator, who uses
``cookie''-generated evidence against the nettie in a
lawsuit.
Such invasions of privacy are no longer far-out
possibilities. The first listed above, the murder of Rebecca
Schaeffer, led to the Driver's Privacy Protection Act. That
Federal law enables motorists to ``opt out''--to direct that
information about them not be sold for commercial purposes.
But even that opt out puts the burden of protection on the
potential victim, and most people are too busy or lazy to
initiate self-protection. Far more effective would be what
privacy advocates call opt in--requiring the state or
business to request permission of individual customers before
selling their names to practioners of ``target marketing.''
In practical terms, the difference between opt in and opt
out is the difference between a door locked with a bolt and a
door left ajar. But in a divided appeals court--under the
strained rubric of commercial free speech--the intrusive
telecommunications giant US West won. Its private customers
and the public are the losers.
Corporate mergers and technologies of E-commerce and
electronic surveillance are pulverizing the walls of personal
privacy. Belatedly, Americans are awakening to their new
nakedness as targets of marketers.
Your bank account, you health record, your genetic code,
your personal and shopping habits and sexual interests are
your own business. That information has a value. If anybody
wants to pay for an intimate look inside your life, let them
make you an offer and you'll think about it. That's opt in.
You may decide to trade the desired information about
yourself for services like an E-mail box or stock quotes or
other inducement. But require them to ask you first.
We are dealing here with a political sleeper issue. People
are getting wise to being secretly examined and manipulated
and it rubs them the wrong way.
Politicians sense that a strange dissonance is agitating
their constituents. But most are leery of the issue because
it cuts across ideologies and party lines--not just encrypted
communication versus national security, but personal liberty
versus the free market.
That's why there has been such Sturm und Drang around the
Financial Services Act of 1999. Most pols think it is bogged
down only because of a turf war between the Treasury and the
Fed over who regulates the new bank-broker-insurance mergers.
It goes deeper.
The House passed a bill 343 to 86 to make ``pretext
calling'' by snoops pretending to be the customer a Federal
crime, plus an ``opt out'' that puts the burden on bank
customers to tell their banks not to disclose account
information to marketers. The bank lobby went along with
this.
The Senate passed a version without privacy protection
because Banking Chairman Phil Gramm said so. But in Senate-
House conference, Republican Richard Shelby of Alabama (who
already toughened drivers' protection at the behest of
Phyllis Schlafly's Eagle Forum and the A.C.L.U.) is pressing
for the House version. `` `Opt out' is weak,'' Shelby tells
me, ``but it's a start.''
The groundswelling resentment is in search of a public
champion. The start will gain momentum when some Presidential
candidate seizes the sleeper issue of the too-targeted
consumer. Laws need not always be the answer: to avert
regulation, smart businesses will complete to assure
customers' right to decide.
The libertarian principle is plain: excepting legitimate
needs of law enforcement and public interest, control of
information about an individual must rest with the person
himself. When the required permission is asked, he or she can
sell it or trade it--or tell the bank, the search engine and
the Motor Vehicle Bureau to keep their mouths shut.
____
Privately Held Concerns
[Oct. 22, 1999--Wall Street Journal]
Congress has been paddling 20 years to get a financial-
service overhaul bill, and now the canoe threatens to run
aground on one of those imaginary concerns that only sounds
good in press release--``consumer privacy.'' In the column
alongside, Paul Gigot describes the hardball politics behind
the financial reform bill's other sticking point--the
Community Reinvestment Act. Our subject here is Senator
Richard Shelby's strange idea of what, precisely, should
constitute ``consumer privacy'' in the new world. ``It's our
responsibility to identify what is out of bounds,' ''
declared the identity confused Republican as he surfaced this
phantom last spring.
Privacy concerns are a proper discussion point for the
information age, but financial reform would actually end to
alleviate some of them. If a single company were allowed to
sell insurance, portfolio advice and checking accounts, there
would be less incentive to peddle information to third
parties. Legislative reform and mergers in the financial
industry were all supposed to be aimed at the same goal,
using information efficiently within a single company to
serve customers. Yet to Mr. Shelby, this is a predatorial
act.
He's demanding language that would mean a Citigroup banker,
say, couldn't tell a Citigroup insurance agent that Mr. Jones
is a hot insurance prospect--unless Mr. Jones gives his
permission in writing first. Mr. Shelby threatens to withhold
his crucial
[[Page S14539]]
vote unless this deal-breaker is written into the law.
To inflict this inconvenience on Mr. Jones is weird enough:
He has already volunteered to have a relationship with
Citigroup. But even weirder is the urge to cripple a law
whose whole purpose is to modernize an industry structure
that forces consumers today to chase six different companies
around to get a full mix of financial services. In essence,
financial products all do the same thing: shift income in
time. You want to go to college now based on your future
earnings, so you take out a loan. You want to retire in 20
years based on your present earnings, so you get an IRA. And
if a single cry goes up from modern man, it's ``Simplify my
life.''
A vote last Friday seemed, to put Mr. Shelby's peeve to
rest. Under the current language, consumers would have an
``opt out'' if they don't want their information shared. But
Mr. Shelby won't let go, and joining his chorus are Ralph
Nader on the left, Phyllis Schlafly on the right and various
gnats buzzing around the interest-group honeypot.
He claims to be responding to constituent complaints about
telemarketing, not to mention a poll showing that 90% of
consumers respond favorably to the word ``privacy.'' Well,
duh. Consumers don't want their information made available
indiscriminately to strangers. But putting up barriers to
free exchange inside a company that a customer already has
chosen to do business with is a farfetched application of a
sensible idea.
Mr. Shelby was a key supporter of language that would push
banks to set up their insurance and securities operations as
affiliates under a holding company. Now he wants to stop
these affiliates from talking to each other. Maybe he's just
confused, but it sounds more like a favor to Alabama bankers
and insurance agents who want to make life a lot harder for
their New York competitors trying to open up local markets.
____
Growing Compatibility Issue: Computers and User Privacy
[By John Markoff, New York Times, March 3, 1999]
San Francisco, March 2--The Intel Corporation recently
blinked in a confrontation with privacy advocates protesting
the company's plans to ship its newest generation of
microprocessors with an embedded serial number that could be
used to identify a computer--and by extension its user.
But those on each side of the dispute acknowledge that it
was only an initial skirmish in a wider struggle. From
computers to cellular phones to digital video players,
everyday devices and software programs increasingly embed
telltale identifying numbers that let them interact.
Whether such digital fingerprints constitute an imminent
privacy threat or are simply part of the foundation of
advanced computer systems and networks is the subject of a
growing debate between the computer industry and privacy
groups. At its heart is a fundamental disagreement over the
role of electronic anonymity in a democratic society.
Privacy groups argue fiercely that the merger of computers
and the Internet has brought the specter of a new
surveillance society in which it will be difficult to find
any device that cannot be traced to the user when it is used.
But a growing alliance of computer industry executives,
engineers, law enforcement officials and scholars contend
that absolute anonymity is not only increasingly difficult to
obtain technically, but is also a potential threat to
democratic order because of the possibility of electronic
crime and terrorism.
``You already have zero privacy--get over it,'' Scott
McNealy, chairman and chief executive of Sun Microsystems,
said at a recent news conference held to introduce the
company's newest software, known as Jini, intended to
interconnect virtually all types of electronic devices from
computer to cameras. Privacy advocates contend that software
like Jini, which assigns an identification number to each
device each time it connects to a network, could be misused
as networks envelop almost everyone in society in a dense web
of devices that see, hear, and monitor behavior and location.
``Once information becomes available for one purpose there
is always pressure from other organizations to use it for
their purposes,'' said, Lauren Weinstein, editor of Privacy
Forum, an on-line journal.
This week, a programmer in Massachusetts found that
identifying numbers can easily be found in word processing
and spreadsheet files created with Microsoft's popular Word
and Excel programs and in the Windows 95 and 98 operating
systems.
Moreover, unlike the Intel serial number, which the
computer user can conceal, the numbers used by the Microsoft
programs--found in millions of personal computers--cannot be
controlled by the user.
The programmer, Richard M. Smith, president of Phar Lap
Software, a developer of computer programming tools in
Cambridge, Mass., noticed that the Windows operating system
contains a unique registration number stored on each personal
computer in a small data base known as the Windows registry.
His curiosity aroused, Mr. Smith investigated further and
found that the number that uniquely identifies his computer
to the network used in most office computing systems, known
as the Ethernet, was routinely copied to, each Microsoft Word
or Excel document he created.
The number is used to create a longer number, known as a
globally unique identifier. It is there, he said, to enable
computer users to create sophisticated documents comprising
work processing, spreadsheet, presentation and data base
information.
Each of those components in a document needs a separate
identity, and computer designers have found the Ethernet
number a convenient and widely available identifier, he said.
But such universal identifiers are of particular concern to
privacy advocated because they could be used to compile
information on individuals from many data bases.
``The infrastructure relies a lot on serial numbers,'' Mr.
Smith said. ``We've let the genie out of the bottle.''
Jeff Ressler, a Microsoft product manager, said that if a
computer did not have an Ethernet adapter then another
identifying number was generated that was likely to be
unique. ``We need a big number, which is a unique
identifier,'' he said. ``If we didn't have, it would be
impossible to make our software programs work together across
networks.''
Indeed, an increasing range of technologies have provisions
for identifying their users for either technical reasons
(such as connecting to a network) or commercial ones (such as
determining which ads to show to Web surfers). But engineers
and network designers argue that identify information is a
vital aspect of modern security design because it is
necessary to authenticate an individual in a network, thereby
preventing fraud or intrusion.
Last month at the introduction of Intel's powerful Pentium
III chip, Intel executives showed more than a dozen data
security uses for the serial number contained electronically
in each of the chips, ranging from limiting access to
protecting documents or software against piracy.
Intel, the largest chip maker, had recently backed down
somewhat after it was challenged by privacy advocates over
the identity feature, agreeing that at least some processors
for the consumer market would be made in a way that requires
the user to activate the feature.
Far from scaling back its vision, however, Intel said it
was planning an even wider range of features in its chips to
help companies protect copyrighted materials. It also pointed
to software applications that would use the embedded number
to identify participants in electronic chat rooms on the
Internet and thereby, for example, protect children from
Internet stalkers.
But in achieving those goals, it would also create a
universal identifier, which could be used by software
applications to track computer users wherever they surfed on
the World Wide Web. And that, despite the chip maker's
assertions that it is working to enhance security and
privacy, has led some privacy advocates to taunt Intel and
accused it of a ``Big Brother Inside'' strategy.
They contend that by uniquely identifying each computer it
will make it possible for marketers or Government and law
enforcement officials to track the activities of anyone
connected to a computer network more closely. They also say
that such a permanent identifier could be used in a similar
fashion to the data, known as ``cookies,'' that are placed on
a computer's hard drive by Web site to track the comings and
goings of Internet users.
putting privacy on the defensive
Intel's decision to forge ahead with identity features in
its chip technology may signal a turning point in the battle
over privacy in the electronic age. Until now, privacy
concerns have generally put industry's executives on the
defensive. Now questions are being raised about whether there
should be limits to privacy in an Inernet era.
``Judge Brandeis's definition of privacy was `the right to
be left alone,' not the right to operate in absolute
secrecy,'' said Paul Saffo, a researcher at the Institute for
the Future in Menlo Park, Calif.
Some Silicon Valley engineers and executives say that the
Intel critics are being naive and have failed to understand
that all devices connected to computer networks require
identification features simply to function correctly.
Moreover, they note that identifying numbers have for more
than two decades been a requirement for any computer
connected to an Ethernet network. (Although still found most
widely in office settings, Ethernet connections are
increasingly being used for high-speed Internet Service in
the home via digital telephone lines and cable modems.)
All of Apple Computer's popular iMac machines come with an
Ethernet connection that has a unique permanent number
installed in the factory. The number is used to identify the
computer to the local network.
While the Ethernet number is not broadcast over the
Internet at large, it could easily be discovered by a
software application like a Web browser and transmitted to a
remote Web site tracking the identities of its users, a
number of computer engineers said.
Moreover, they say that other kinds of networks require
identify numbers to protect against fraud. Each cellular
telephone currently has two numbers: the telephone number,
which can easily be changed, and an electronic serial number,
which is permanently put in place at the factory to protect
against theft or fraud.
The serial number is accessible to the cellular telephone
network, and as cellular telephones add Internet browsing and
E-mail capabilities, it will potentially have the same
[[Page S14540]]
identity capability as the Intel processor serial number.
Other examples include DIVX DVD disks, which come with a
serial number that permits tracking the use of each movie by
a centralized network-recording system managed by the
companies that sell the disks.
fearing the misuse of all those numbers
Industry executives say that as the line between
communications and computing becomes increasingly blurred,
every electronic device will require some kind of
identification to attach to the network
Making those numbers available to networks that need to
pass information or to find a mobile user while at the same
time denying the information to those who wish to gather
information into vast data bases may be an impossible task.
Privacy advocates argue that even if isolated numbers look
harmless, they are actually harbingers of a trend toward ever
more invasive surveillance networks.
``Whatever we can do to actually minimize the collection of
personal data is good,' said March Rotenberg, director of the
Electronic Privacy Information Center, one of three groups
trying to organize a boycott of Intel's chips.
The groups are concerned that the Government will require
ever more invasive hardware modifications to keep track of
individuals. Already they point to the 1994 Communications
Assistance for Law Enforcement Act, which requires that
telephone companies modify their network switches to make it
easier for Government wiretappers.
Also, the Federal Communications Commission is developing
regulations that will require every cellular telephone to be
able to report its precise location for ``911'' emergency
calls. Privacy groups are worried that this feature will be
used as a tracking technology by law enforcement officials.
``The ultimate danger is that the Government will mandate
that each chip have special logic added'' to track identifies
in cyberspace, said Vernor Vinge, a computer scientist at San
Diego State University. ``We're on a slide in that
direction.''
Mr. Vinge is the author of ``True Names'' (Tor Books,
1984), a widely cited science fiction novel in the early
1980's, that forecast a world in which anonymity in computer
networks is illegal.
Intel executives insist that their chip is being
misconstrued by privacy groups.
``We're going to start building security architecture into
our chips, and this is the first step,'' said Pat Gelsinger,
Intel vice president and general manager of desktop products.
``The discouraging part of this is our objective is to
accomplish privacy.
That quandry--that it is almost impossible to
compartmentalize information for one purpose so that it
cannot be misused--lies at the heart of the argument.
Moreover providing security while at the same time offering
anonymity has long been a technical and a political
challenge.
``We need to find ways to distinguish between security and
identity,'' said James X. Dempsey, a privacy expert at the
Center for Democracy and Technology, a Washington lobbying
organization.
So far the prospects are not encouraging. One technical
solution developed by a cryptographer, David Chaum, made it
possible for individuals to make electronic cash payments
anonymously in a network.
In the system Mr. Chaum designed, a user employs a
different number with each organization, thereby insuring
that there is no universal tracking capability.
But while Mr. Chaum's solution has been widely considered
ingenious, it has failed in the marketplace. Last year, his
company, Digicash Inc. based in Palo Alto, Calif., filed for
bankruptcy protection.
``Privacy never seems to sell,'' said Bruce Schneier, a
cryptographer and a computer industry consultant. ``Those who
are interested in privacy don't want to pay for it.''
____
Privacy Isn't Dead Yet
[By Amitai Etzioni]
It seems self-evident that information about your shoe size
does not need to be as well guarded as information about
tests ordered by your doctor. But with the Federal and state
governments' piecemeal approach to privacy protection, if we
release information about one facet of our lives, we
inadvertently expose much about the others.
During Senate hearings in 1987 about Robert Bork's fitness
to serve as a Supreme Court justice, a reporter found out
which videotapes Mr. Bork rented. The response was the
enactment of the Video Privacy Protection Act. Another law
prohibits the Social Security Administration (but hardly
anybody else) from releasing our Social Security numbers.
Still other laws limit what states can do with information
that we provide to motor vehicle departments.
Congress is now seeking to add some more panels to this
crazy quilt of narrowly drawn privacy laws. The House
recently endorsed a bill to prohibit banks and securities and
insurance companies owned by the same parent corporation from
sharing personal medical information. And Congress is
grappling with laws to prevent some information about our
mutual-fund holdings from being sold and bought as freely as
hot dogs.
But with superpowerful computers and vast databases in the
private sector, personal information can't be segmented in
this manner. For example, in 1996, a man in Los Angeles got
himself a store card, which gave him discounts and allowed
the store to trace what he purchased. After injuring his knee
in the store, he sued for damages. He was then told that if
he proceeded with his suit the store would use the fact that
he bought a lot of liquor to show that he must have fallen
because he was a drunkard.
Some health insurers try to ``cherry pick'' their clients,
seeking to cover only those who are least likely to have
genetic problems or contract costly diseases like AIDS. Some
laws prohibit insurers from asking people directly about
their sexual orientation. But companies sometimes refuse to
insure those whose vocation (designer?), place of residence
(Greenwich Village?) and marital status (single at 40-plus?)
suggest that they might pose high risks.
Especially comprehensive privacy invaders are ``cookies''--
surveillance files that many marketers implant in the
personal computers of people who visit their Web sites to
allow the marketers to track users' preferences and
transactions. Cookies, we are assured, merely inform
marketers about our wishes so that advertising can be better
directed, sparing us from a flood of junk mail.
Actually, by tracing the steps we take once we gain a new
piece of information, cookies reveal not only what we buy (a
thong from Victoria's Secret? Antidepressants?) but also how
we think. Nineteen eighty-four is here courtesy of Intel,
Microsoft and quite a few other corporations.
All this has led Scott McNealy, the chairman and chief
executive of Sun Microsystems, to state, ``You already have
zero privacy--get over it.'' This pronouncement of the death
of privacy is premature, but we will be able to keep it alive
only if we introduce general, all-encompassing protections
over segmented ones.
Some cyberspace anonymity can be provided by new
technologies like anti-cookie programs and encryption
software that allow us to encrypt all of our data. Corporate
self-regulation can also help. I.B.M., for example, said last
week that it would pull its advertising from Web sites that
don't have clear privacy policies. Other companies like
Disney and Kellogg have voluntarily agreed not to collect
information about children 12 or younger without the consent
of their parents. And some new Government regulation of
Internet commerce may soon be required, if only because the
European Union is insisting that any personal information
about the citizens of its member countries cannot be used
without the citizen's consent.
Especially sensitive information should get extra
protection. But such selective security can work only if all
the other information about a person is not freely accessible
elsewhere.
____
A Middle Ground in the Privacy War?
[By John Schwartz--March 29, 1999]
Jim Hightower, the former agriculture commissioner of
Texas, is fond of saying that ``there's nothing in the middle
of the road but yellow stripes and dead armadillos.''
It's punchy, and has become a rallying cry of sorts for
activists on all sides. But is it right? Amitai Etzioni, a
professor at George Washington University, thinks not. He
thinks he has found a workable middle ground between the
combatants in one of the fiercest fights in our high-tech
society: the right of privacy.
Etzioni has carved out a place for himself over the decades
as a leader in the ``communitarian'' movement.
Communitarianism works toward a civil society that transcends
both government regulation and commercial intrusion--a
society where the golden rule is as important as the rule of
law, and the notion that ``he who has the gold makes the
rules'' does not apply.
What does all that have to do with privacy? Etzioni has
written a new book, ``The Limits of Privacy,'' that applies
communitarian principles to this thorny issue.
For the most part, the debate over privacy is carried out
from two sides separated by a huge ideological gap--a gap so
vast that they seem to feel a need to shout just to get their
voices to carry across it. So Etzioni comes in with a theme
not often heard, that middle of the road that Hightower hates
so much.
What he wants to do is to forge a new privacy doctrine that
protects the individual from snooping corporations and
irresponsible government, but cedes individual privacy rights
when public health and safety are at stake--``a balance
between rights and the common good,'' he writes.
In the book, Etzioni tours a number of major privacy
issues, passing judgment as he goes along. Pro-privacy
decisions that prohibited mandatory testing infants for HIV,
for example, take the concept too far and put children at
risk, he says. Privacy advocates' campaigns against the
government's attempts to wiretap and unscramble encrypted
messages, he says, are misguided in the face of the evil that
walks the planet.
The prospect of some kind of national ID system, which many
privacy advocates view as anathema, he finds useful for
catching criminals, reducing fraud and ending the crime of
identity theft. The broad distribution of our medical records
for commercial gain, however, takes too much away from us for
little benefit to society.
I called Etzioni to ask about his book. He said civil
libertarians talk about the threat of government intrusion
into our lives, and government talks about the threat of
criminals, but that the more he got into his research, the
more it seemed that the two
[[Page S14541]]
sides were missing ``the number one enemy--it's a small group
of corporations that have more information about us than the
East German police ever had about the Germans.''
He's horrified, for example, by recent news that both
Microsoft Corp. and Intel Corp. have included identifier
codes in their products that could be used to track people's
online habits: ``They not only track what we are doing,'' he
says. ``They track what we think.''
His rethinking of privacy leads him to reject the notions
that led to a constitutional right of privacy, best expressed
in the landmark 1965 case Griswold v. Connecticut.
In that case, Justice William O. Douglas found a right of
privacy in the ``penumbra,'' or shadow border, of rights
granted by other constitutional amendments--such as freedom
of speech, freedom from unreasonable search and seizure,
freedom from having troops billeted in our homes.
Etzioni scoffs at this ``stretched interpretation of a
curious amalgam of sundry pieces of various constitutional
rights,'' and says we need only look to the simpler balancing
act we've developed in Fourth Amendment cases governing
search and seizure, which give us privacy protection by
requiring proper warrants before government can tape a phone
or search a home.
``We cannot say that we will not allow the FBI under any
conditions, because of a cyberpunk dream of a world without
government, to read any message.'' He finds such a view ``so
ideological, so extreme, that somebody has to talk for a
sense of balance.''
I was surprised to see, in the acknowledgements in his
book, warm thanks to Marc Rotenberg, who heads the Electronic
Privacy Information Center. Rotenberg is about as staunch a
privacy advocate as I know, and I can't imagine him finding
much common ground with Etzioni--but Etzioni told me that
``Marc is among all the people in this area the most
reasonable. One can talk to him.''
So I called Rotenberg, too. He said he deeply respects
Etzioni, but can't find much in the book to agree with. For
all the talk of balance, he say, ``we have invariably found
that when the rights of the individual are balanced against
the claims of the community, that the individual loses out.''
We're in the midst of a ``privacy crisis'' in which ``we
have been unable to come up with solutions to the privacy
challenges that new business practices and new technologies
are creating,'' Rotenberg told me.
The way to reach answers, he suggested, is not to seek
middle ground but to draw the lines more clearly, the way
judges do in deciding cases. When a criminal defendant
challenges a policeman's pat-down search in court, Rotenberg
explained, ``the guy with the small plastic bag of cocaine
either gets to walk or he doesn't. . . . Making those lines
fuzzier doesn't really take you any closer to finding
answers.''
As you can see, this is one argument that isn't settled.
But I'm glad that Etzioni has joined the conversation--both
for the trademark civility he brings to it, and for the
dialogue he will spark.
Mr. TORRICELLI. Mr. President, I rise today to introduce the Privacy
Protection Study Commission Act of 1999 with my colleague, Senator
Kohl. This legislation creates a Commission to comprehensively examine
privacy concerns. This Commission will provide Congress with
information to facilitate our decision making regarding how to best
address individual privacy protections.
The rise in the use of information technology--particularly the
Internet, has led to concerns regarding the security of personal
information. As many as 40 million people around the world have the
ability to access the Internet. The use of computers for personal and
business transactions has resulted in the availability of vast amounts
of financial, medical and other information in the public domain.
Information about online users is also collected by Web sites through
technology which tracks an individual's every interaction with the
Internet.
Despite the ease of availability of personal information, the United
States is one of the few countries in the world that does not have
comprehensive legal protection for personal information. This is in
part due to differences in opinion regarding the best way to address
the problem. While some argue that the Internet's size and constantly
changing technology demands government and industry self-regulation,
others advocate for strong legislative and regulatory protections. And,
still others note that such protections, although necessary, could lead
to unconstitutional consequences if drafted without a comprehensive
understanding of the issue. As a result, congressional efforts to
address privacy concerns have been patchwork in nature.
This is why Senator Kohl and I are proposing the creation of a
Commission with the purpose of thoughtfully considering the range of
issues involved in the privacy debate and the implications of self-
regulation, legislation, and federal regulation. The Commission will be
comprised of experts in the fields of law, civil rights, business, and
government. After 18 months, the Commission will deliver a report to
Congress recommending the necessary legislative protections are needed.
The Commission will have the authority to gather the necessary
information to reach conclusions that are balanced and fair.
Americans are genuinely concerned about individual privacy. The
Privacy Commission proposed by Senator Kohl and myself will enable
Congress and the public to evaluate the extent to which we should be
concerned and the proper way to address those concerns. The privacy
debate is multifaceted and I encourage my colleagues to join Senator
Kohl and myself in our efforts to gain a better understanding of it.
Senator Kohl and I look forward to working with all those interested in
furthering this debate and giving Americans a greater sense of
confidence in the security of their personal information.
______