Skip to content

Text-only Version
Home
In the News
Research Resources
Teaching Resources
Student Resources
Links
The Gallery
Staff

Contemporary Privacy Issues

Willis H. Ware

1. Introduction
2. Historical Development
3. United States Posture
4. Source of the Problem
5. Privacy as a Public Policy Issue
6. Contemporary Privacy
6.1 Current Example
7. Public Policy Again
7.1 An Illustration – CNI
8. The Broadened Public Issue
9. Possible Approaches to Protection
10. Related Effects
11. Privacy as Social Equity
12. New Privacy Versus Old
13. Context for New Privacy
14. Privacy Versus Public Distaste
15. The Future for Privacy
16. References

Historical Development

First, briefly review the development of privacy concepts and privacy law as it happened in this country. As history unfolds, it will become apparent that the United States has chosen a piecemeal approach in the form of individually targeted laws as opposed to the comprehensive federal-level approach that Europe has preferred. In this country, we have passed individual laws aimed at specific industries or problems. Typically the European country has created a data protection board and a data commissioner; together they license and control all database activities in the country.

As a conceptual topic, the first mention of privacy as it relates to computer-based data systems seems to have been in a 1965 paper addressing the impact of computer technology on communications and people and written by Paul Baran of The RAND Corporation (Baran, 1965). His closing paragraph contains the statement: “It may seem a paradox, but an open society dictates a right-of-privacy among its members, and we [computer professionals] will have thrust upon us much of the responsibility of preserving this right.” At about the same time, Alan Westin at Columbia University began his famous study of computer databanks under National Academy of Sciences sponsorship. It was published as “Databanks in a Free Society” (Westin and Baker, 1972).

At the Federal level, privacy law commenced with the Fair Credit Reporting Act of 1970. The credit reporting industry had been misbehaving and Congress had received so many complaints that it finally did something. The FCRA has been generally unchanged since then, although Congress plans to hold hearings on its revision. It is this law that lets the citizen see his record and cause errors to be corrected; and should there be a credit denial decision made about someone, the FCRA gives cost-free access to credit reports that were part of the decision.

Concurrently in the early 1970s, Congress had also started to talk about the use of the Social Security Number as a universal personal identifier. Secretary Elliot Richardson of the [then] Department of Health, Education and Welfare (DHEW) became concerned about all the personal information that the DHEW held not only in the Social Security Administration but also elsewhere. He impaneled a committee to look at the situation and to make recommendations for his action. The author was fortunate to be its chair.

The committee report, the well known “Records, Computers, and the Rights of Citizens” (Reference 3, 1973), introduced the concept of a Code of Fair Information Practices and outlined the content of such a code. The committee of course knew about the FCRA and its provisions, but the committee formulated a set of protective measures that it believed appropriate behavior for any record-keeper of personal information. Subsequently, the name “Code of Fair Information Practices” was conceived during an impromptu after-hours discussion by the group’s leadership. Not everything found its way into the Code as we now know it. For example, at one time there was a proposal on the table that would have required every access to a personal record for whatever purpose to be reported to the data subject.

The report became the intellectual basis of the Federal Privacy Act of 1974, signed by President Ford on 31 December 1974. Parenthetically, the Act was signed on the last day of the year because the president had gone to Colorado for the holidays and the bill (as the story is told) was flown to him for signature.

In addition to outlining the required behavior for all Federal agencies that hold personal information, the Act also created the Privacy Protection Study Commission (PPSC). The latter was a group of seven individuals appointed by the President and by Congress, was supported by a staff varying between 20 and 40 plus an equal number of consultants, and functioned for two years and a few months for a total budget of just over $2M. The author was again fortunate to have been appointed a Commissioner and also to serve as vice chairman of the activity. Many of the staff members have continued an interest in privacy as a social question.

There was an interesting near miss in the Privacy Act. By the time the United States addressed personal privacy, Sweden had already passed the world’s first privacy law and had created a data privacy board with wide powers. This model appealed to some people and, at one point, the draft law did indeed call for the formation of a Federal Privacy Board. There was much opposition on the grounds that the impact on private industry would be extreme and the behavior of the private sector was not well understood anyway. The compromise outcome was creation of the PPSC.

The Commission presented its main report and five appendices, “Personal Privacy in an Information Society,” to President Carter in mid-1977. In terms of value for money, the group of six reports was a best buy for the country. (Reference 4)

While the PPSC examined record-keeping practices in a number of industries and devoted a chapter in its reports to each, no Federal law eventuated. There have been voluntary adoptions of Fair Code practices, and some industries have developed a model privacy policy for voluntary adoption by their members. The primary driver in such actions was avoidance of new law and of government intrusion into the affairs of private industry. The Carter administration did not act promptly on the PPSC report; and by the time it had developed a position, time had run out. Subsequently, the eight years of the Reagan administration were ones of total indifference to privacy; and so far, the current administration has taken no action either.

The point of the brief history is to underscore the observation that the privacy movement at the Federal level commenced with a concern about a specific industry in the private sector – the credit reporting industry – but then with the passage of the 1974 Privacy Act moved largely to concerns about institutions of the public sector.

There were a few other specific laws during the 1970s. One, the Fair Credit Billing Act, gives the individual standing to contest mistakes in his bank card and other credit card accounts. The Family Educational Rights and Privacy Act relates to the ability to see one’s educational records. Various states passed laws in the image of the Federal laws, but sometimes more stringent and sometimes more extensive (for example, providing access to one’s personnel records). California put an amendment in its constitution saying simply that every resident of the state shall have an expectation of privacy.

At present, there are about 20 Federal laws dealing with various aspects of privacy and nearly every state has at least a few privacy laws. Almost every state has laws on medical records, wiretaps, use of polygraphs, and computer crime. The next most frequent law is on arrest records (Reference 5).

Back to the top

Go to: 3. United States Posture

Home > Research Resources > Computing and Privacy > Contemporary Privacy Issues
   

HOME | IN THE NEWS | RESEARCH RESOURCES
TEACHING RESOURCES | STUDENT RESOURCES
LINKS | THE GALLERY | STAFF

The Research Center on Computing & Society
at Southern Connecticut State University
501 Crescent Street • New Haven, CT 06515
Director: (203) 392-6790 • e-mail: webmaster@computerethics.org

© 2000 – 2007 – Research Center on Computing & Society