Willis H. Ware
1. Introduction
2. Historical Development
3. United States Posture
4. Source of the Problem
5. Privacy as a Public Policy Issue
6. Contemporary Privacy
6.1 Current Example
7. Public Policy Again
7.1 An Illustration – CNI
8. The Broadened Public Issue
9. Possible Approaches to Protection
10. Related Effects
11. Privacy as Social Equity
12. New Privacy Versus Old
13. Context for New Privacy
14. Privacy Versus Public Distaste
15. The Future for Privacy
16. References
First, briefly review the development of privacy concepts and privacy law as
it happened in this country. As history unfolds, it will become apparent that
the United States has chosen a piecemeal approach in the form of individually
targeted laws as opposed to the comprehensive federal-level approach that Europe
has preferred. In this country, we have passed individual laws aimed at specific
industries or problems. Typically the European country has created a data protection
board and a data commissioner; together they license and control all database
activities in the country.
As a conceptual topic, the first mention of privacy as it relates to computer-based
data systems seems to have been in a 1965 paper addressing the impact of computer
technology on communications and people and written by Paul Baran of The RAND
Corporation (Baran, 1965). His closing paragraph contains the statement: “It
may seem a paradox, but an open society dictates a right-of-privacy among its
members, and we [computer professionals] will have thrust upon us much of the
responsibility of preserving this right.” At about the same time, Alan
Westin at Columbia University began his famous study of computer databanks under
National Academy of Sciences sponsorship. It was published as “Databanks
in a Free Society” (Westin and Baker, 1972).
At the Federal level, privacy law commenced with the Fair Credit Reporting Act
of 1970. The credit reporting industry had been misbehaving and Congress had
received so many complaints that it finally did something. The FCRA has been
generally unchanged since then, although Congress plans to hold hearings on
its revision. It is this law that lets the citizen see his record and cause
errors to be corrected; and should there be a credit denial decision made about
someone, the FCRA gives cost-free access to credit reports that were part of
the decision.
Concurrently in the early 1970s, Congress had also started to talk about the
use of the Social Security Number as a universal personal identifier. Secretary
Elliot Richardson of the [then] Department of Health, Education and Welfare
(DHEW) became concerned about all the personal information that the DHEW held
not only in the Social Security Administration but also elsewhere. He impaneled
a committee to look at the situation and to make recommendations for his action.
The author was fortunate to be its chair.
The committee report, the well known “Records, Computers, and the Rights
of Citizens” (Reference 3, 1973), introduced the concept of a Code of Fair
Information Practices and outlined the content of such a code. The committee
of course knew about the FCRA and its provisions, but the committee formulated
a set of protective measures that it believed appropriate behavior for any recordkeeper
of personal information. Subsequently, the name “Code of Fair Information
Practices” was conceived during an impromptu after-hours discussion by
the group’s leadership. Not everything found its way into the Code as we
now know it. For example, at one time there was a proposal on the table that
would have required every access to a personal record for whatever purpose to
be reported to the data subject.
The report became the intellectual basis of the Federal Privacy Act of 1974,
signed by President Ford on 31 December 1974. Parenthetically, the Act was signed
on the last day of the year because the president had gone to Colorado for the
holidays and the bill (as the story is told) was flown to him for signature.
In addition to outlining the required behavior for all Federal agencies that
hold personal information, the Act also created the Privacy Protection Study
Commission (PPSC). The latter was a group of seven individuals appointed by
the President and by Congress, was supported by a staff varying between 20 and
40 plus an equal number of consultants, and functioned for two years and a few
months for a total budget of just over $2M. The author was again fortunate to
have been appointed a Commissioner and also to serve as vice chairman of the
activity. Many of the staff members have continued an interest in privacy as
a social question.
There was an interesting near miss in the Privacy Act. By the time the United
States addressed personal privacy, Sweden had already passed the world’s
first privacy law and had created a data privacy board with wide powers. This
model appealed to some people and, at one point, the draft law did indeed call
for the formation of a Federal Privacy Board. There was much opposition on the
grounds that the impact on private industry would be extreme and the behavior
of the private sector was not well understood anyway. The compromise outcome
was creation of the PPSC.
The Commission presented its main report and five appendices, “Personal
Privacy in an Information Society,” to President Carter in mid-1977. In
terms of value for money, the group of six reports was a best buy for the country.
(Reference 4)
While the PPSC examined recordkeeping practices in a number of industries and
devoted a chapter in its reports to each, no Federal law eventuated. There have
been voluntary adoptions of Fair Code practices, and some industries have developed
a model privacy policy for voluntary adoption by their members. The primary
driver in such actions was avoidance of new law and of government intrusion
into the affairs of private industry. The Carter administration did not act
promptly on the PPSC report; and by the time it had developed a position, time
had run out. Subsequently, the eight years of the Reagan administration were
ones of total indifference to privacy; and so far, the current administration
has taken no action either.
The point of the brief history is to underscore the observation that the privacy
movement at the Federal level commenced with a concern about a specific industry
in the private sector – the credit reporting industry – but then with
the passage of the 1974 Privacy Act moved largely to concerns about institutions
of the public sector.
There were a few other specific laws during the 1970s. One, the Fair Credit
Billing Act, gives the individual standing to contest mistakes in his bank card
and other credit card accounts. The Family Educational Rights and Privacy Act
relates to the ability to see one’s educational records. Various states
passed laws in the image of the Federal laws, but sometimes more stringent and
sometimes more extensive (for example, providing access to one’s personnel
records). California put an amendment in its constitution saying simply that
every resident of the state shall have an expectation of privacy.
At present, there are about 20 Federal laws dealing with various aspects of
privacy and nearly every state has at least a few privacy laws. Almost every
state has laws on medical records, wiretaps, use of polygraphs, and computer
crime. The next most frequent law is on arrest records (Reference 5).
Go to: 3. United States Posture
Home > Research Resources > Computing and Privacy > Contemporary Privacy Issues
HOME | IN
THE NEWS | RESEARCH
RESOURCES
TEACHING RESOURCES | STUDENT
RESOURCES | LINKS
The Research Center on Computing & Society
at Southern Connecticut State University
501 Crescent Street | New Haven, CT 06515
Director: (203) 392-6790 | e-mail: webmaster@computerethics.org
© 2000 – 2007 – Research Center on Computing & Society