Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 155
OCR for page 156
OCR for page 157
Engaging Privacy and Information Technology in a Digital Age tions of costs and benefits among the stakeholders involved in any policy issue. For example, James Q. Wilson distinguishes between “majoritarian,” “entrepreneurial,” “client,” and “interest group” politics in terms of whether the costs and benefits are broadly or narrowly distributed.6 In this framework, majoritarian politics describes outcomes in which both the costs and the benefits are widely distributed. Entrepreneurial politics describes outcomes in which the costs are concentrated, while the benefits are widely distributed. In the case of client politics, the benefits are concentrated while the costs are widely distributed. Finally, in the case of interest group politics, both the costs and the benefits are narrowly concentrated.7 Expectations regarding the distribution of costs and benefits help to determine the level of interest and involvement of stakeholders in the policy process. The mass media play a critical role in shaping the expectations of the general public about the ways in which the policies will affect their well-being. It is only in the case of interest group politics, where the benefits and the costs are narrowly distributed, that public concerns about a particular policy outcome are dormant. Theorists of policy change such as Baumgartner and Jones associate changes in U.S. political agendas within shifts in the legislative venues and evaluative orientations of policy entrepreneurs concerned about emergent and maturing technologies.8 Understanding cyclical and even irregular patterns of change in public policy requires considerable attention to the role of organized interests that are able to focus their resources on committees and in other venues where their chance of success is higher. Organized interests, especially those with a long-standing institutional claim on resources derived from existing government practice, tend to prefer to keep the discussion private, or limited to a manageable group of insiders. Multiple jurisdictions also provide many venues for different stakeholders to pursue their interests. Government policies affecting privacy are established at the administrative, legislative, and judicial levels in states, nations, and economic regions like the European Union, as well as at the international level.9 The fact that these policies can vary quite substantially from jurisdiction to jurisdiction means that information-inten- 6 James Q. Wilson, “The Politics of Regulation,” pp. 357-94 in James Q. Wilson, ed., The Politics of Regulation, Basic Books, New York, 1980. 7 Elizabeth E. Bailey, “The Evolving Politics of Telecommunications Regulation,” pp. 379-399 in Roger Noll and Monroe Price, eds., A Communications Cornucopia, Brookings Institution Press, Washington, D.C., 1998. 8 Frank Baumgartner and Bryan Jones, Agendas and Instability in American Politics, University of Chicago Press, 1993. 9 Colin J. Bennett and Charles D. Raab, The Governance of Privacy: Policy Instruments in Global Perspective, Ashgate Publishing, 2003.
OCR for page 158
OCR for page 159
OCR for page 160
OCR for page 161
Engaging Privacy and Information Technology in a Digital Age Amendment and VPPA is that certain types of information—specifically college student records and video rental profiles—enjoy a highly elevated, though not altogether logical, level of protection, whereas much highly sensitive information remains far more vulnerable. Regardless of the desirability or undesirability of these specific statutes, few features of the U.S. network of privacy protection could more fairly be faulted than its patchwork or piecemeal quality. As noted in the National Research Council report Global Networks and Local Values, “In practice, the U.S. norm [of privacy protection] is a patchwork of legislation and court decisions arising from episodic scandals and political pressures from both industry and privacy advocates.”19 As a result, the report continues, “highly specialized solutions have been crafted for different technologies (e.g., statutory regimes specific to the protection of postal mail, e-mail, and other Internet communications) and for different subject areas.” Although the United States might be credited with the development of privacy as an individual right,20 the legislative approach to the specification of this right, especially as it relates to the behavior of private firms, has been sectoral and piecemeal, rather than comprehensive.21 Critics suggest that as a result of this sectoral emphasis, the interests of data users will be more clearly understood and appreciated than the interests of individuals or groups of data subjects.22 The patchwork is further complicated by the fact that states are allowed to set higher standards for protecting privacy and may be more protective than national policy requires—at least as long as doing so does not abridge due process or equal protection or violate any other federal constitutional guarantee. To phrase the point quite simply, the U.S. constitution and federal laws generally set a floor but not a ceiling, so that state actions cannot fall below the floor but may surpass the ceiling. A recent and quite apt example of this dynamic comes from the regulation of the ways in which financial service providers secure the consent of their customers for the use and possible dissemination of certain personal information. Federal law, for the most part, adopts an “opt-out” approach, under which banks and other providers must inform their customers of potential data-sharing practices and can assume acquiescence from a customer’s silence—that is, from the customer’s refusal to 19 National Research Council, Global Networks and Local Values, National Academy Press, Washington, D.C., 2001, p. 141. 20 Irwin R. Kramer, “The Birth of Privacy Law: A Century Since Warren and Brandeis,” Catholic University Law Review 39:703-724, 1990. 21 David H. Flaherty, Protecting Privacy in Surveillance Societies, University of North Carolina Press, 1989. 22 Charles D. Raab and Colin J. Bennett, “The Distribution of Privacy Risks: Who Needs Protection?,” The Information Society 14:263-274, 1998.
OCR for page 162
Engaging Privacy and Information Technology in a Digital Age opt out by so informing the provider, as only 2 or 3 percent of customers have in fact done in response to such an invitation. If a single state wishes, however, to empower customers to a higher degree by requiring that they must affirmatively opt in before their consent to data sharing may be inferred, that is an option open to any state. To date, a number of states (Alaska, California, Vermont, Connecticut, Florida, Illinois, North Dakota) have required that banking and financial services customers be invited to opt in. But even if only one state takes such a position, it effectively requires financial service providers to treat their customers in that state very differently, and to make certain that they have evidence of opting in before any personal data are shared. Such state action may, of course, be challenged on grounds other than due process—for example, as a burden on interstate commerce or invasion of an area in which uniformity is essential even though Congress has not so mandated—but such challenges rarely succeed, since the federal courts often (or even mostly) defer to the judgment of state legislatures on the needs of their citizens. 5.2 PUBLIC OPINION AND THE ROLE OF PRIVACY ADVOCATES Public opinion is one obvious and important influence on the legislative formulation of many aspects of public policy, and privacy is no exception. A review of public opinion over the last decade performed for the committee suggests the following generalizations:23 The public expresses considerable concern over privacy; this concern appears to have increased over time. Moreover, much of the U.S. public appears to believe that privacy is a fundamental right that they ought to enjoy, and this belief seems to be independent of perceptions of threat. People are not concerned about privacy in general; they are concerned about protecting the privacy of sensitive information about themselves. Thus, for example, they are quite willing to agree to contact tracing in the case of AIDS patients, and they are ready to define AIDS as a community health rather than a privacy issue. Most people are not HIV-positive, and they are more concerned about the risks of being infected than about the privacy interests of patients. At the same time, most people are unwilling to have medical information about themselves disclosed without their permission, even when the information does not identify them 23 Amy Corning and Eleanor Singer, “Survey of U.S. Privacy Attitudes,” Survey Research Center, University of Michigan, 2003, a paper written under contract to the National Research Council for this project.
OCR for page 163
Engaging Privacy and Information Technology in a Digital Age by name. In that situation, the privacy value of the information outweighs the juxtaposed social value of “research.” Public opinion about privacy is not well crystallized; people tend to be highly responsive to the way questions are framed. For example, public support for individual monitoring or surveillance measures can be very high, particularly when questions emphasize the need to combat terrorism. Respondents also generally believe that government will use its powers appropriately. Yet when respondents are reminded that government powers may be abused, or that even properly used powers may reduce the rights and freedoms people enjoy, they appear to be quite concerned about such possibilities. Public opinion is responsive to salient events. For example, Alan Westin and others have explored the ways in which public attention to privacy concerns has tended to rise and fall in response to a number of changes in the policy environment.24 These changes included both long-term trends in the organization of the economy as well as short-term disruptions marked by critical events, such as those on September 11, 2001. Immediately after the September 11 attacks, the U.S. public expressed an increase in support for public policy measures with negative implications for privacy. However, this support has gradually waned in the attack-free years afterward. Similarly, public concerns about privacy jumped in the mid-1970s in the wake of the Watergate scandal and the Church Committee report, but tended downward in subsequent years.25 Public opinion is also responsive to technological developments. For example, concerns have risen with technology developments that make it easier, faster, and cheaper to store, process, and exchange vast amounts of individual-level data, and with the advent of new and expanding techniques for acquiring information about individuals such as data mining to link consumer purchases with demographic information and new techniques of surveillance. Despite manifest concerns about privacy, public opinion about privacy is generally not well informed. Because of this, and perhaps for other reasons, individuals do not generally take actions to protect their privacy even though they are highly concerned about personal privacy (e.g., they return warranty cards filled out with personal information even though such information is not needed to validate the warranty). Nevertheless, 24 Alan Westin, “Social and Political Dimensions of Privacy,” Journal of Social Issues 59(1):431-453, 2003. 25 Warrantless FBI Electronic Surveillance, Book III of the Final Report of the Select Committee to Study Governmental Operations with Respect to Intelligence Activities, United States Senate, U.S. Government Printing Office, Washington, D.C., April 23, 1976. (The Select Committee is popularly known as the Church Committee, after its chair, Frank Church, senator from Idaho.)
OCR for page 164
OCR for page 165
OCR for page 166
OCR for page 167
Engaging Privacy and Information Technology in a Digital Age agency, a special task force, a policy center, or an independent commission established with support from foundations or private sector coalitions. A substantial increase in apparent public concern occurred during the 1960s, driven in part by the appearance of such ominous studies as Alan Westin’s Privacy and Freedom (1969), Jerry Rosenberg’s The Death of Privacy (1969), and Arthur Miller’s The Assault on Privacy (1971). Reports can lay the groundwork for the passage of legislation. In each of the three policy phases identified by Westin, an influential report established the basis for a significant policy response. In the first phase, between 1960 and 1980, a report from the National Academy of Sciences titled Databanks in a Free Society: Computers, Record-Keeping and Privacy (Box 5.1) was followed by a report from an advisory committee to the Department of Health, Education, and Welfare that proposed the very influential framework on Fair Information Practices (FIP) that was later adopted by the Organisation for Economic Co-operation and Development.40 The Watergate scandal and related concerns about the abuses of civil liberties by elements within the intelligence community led to the establishment of a special Senate committee headed by Frank Church. The report generated by the far-ranging investigation of this committee41 helped to support the passage of the Foreign Intelligence Surveillance Act (1978),42 the Right to Financial Privacy Act (1978), and the Privacy Protection Act (1980) as an effort to establish more meaningful boundaries around the government’s intelligence activities. Although Westin describes the years between 1980 and 1989 as a period of relative calm, a series of reports by the Office of Technology Assessment and the General Accounting Office focused on the use of computers and information technology within the federal government that raised important privacy concerns. The Computer Matching and Privacy Protection Act and the Employee Polygraph Protection Act of 1988 were the results of those studies.43 In the third phase (1990-2002) described by Westin it was not a single investigation or comprehensive report that sparked a legislative response but instead what Westin characterizes as a “stream of national surveys” that focused on a rise in privacy concerns among the public.44 For example, content analyses designed to assess the presence and quality of the privacy notices of firms engaged in e-commerce were the result of a 40 Regan, Legislating Privacy, 1995. 41 Warrantless FBI Electronic Surveillance, Select Committee to Study Governmental Operations with Respect to Intelligence Activities, 1976. 42 Whitfield Diffie and Susan Landau, Privacy on the Line: The Politics of Wiretapping and Encryption, MIT Press, Cambridge, Mass., 1998. 43 Regan, Legislating Privacy, 1995. 44 Westin, “Social and Political Dimensions of Privacy,” 2003, p. 444.
OCR for page 168
Engaging Privacy and Information Technology in a Digital Age BOX 5.1 Databanks in a Free Society In the early 1970s, professors Alan Westin and Michael Baker directed a study investigating how the increasing use of computers was affecting U.S. record-keeping processes and what impact the resulting large-scale collections of data (or databanks) might have on privacy, civil liberties, and due process. Conducted under the aegis of the National Academy of Sciences’ Computer Science and Engineering Board, the study was prompted by—among other things—growing concerns about the increasing feasibility and efficiency of collecting and sharing large volumes of personal information, things made much simpler by the use of computer technology. The study, which included more than 50 project staff site visits to organizations with record-keeping operations, culminated in a final report written by Westin and Baker, Databanks in a Free Society: Computers, Record-Keeping and Privacy.1 The report had five major sections: (1) a brief context-setting discussion of computers and privacy concepts; (2) profiles of the record-keeping practices of 14 organizations from both the public and the private sector, including descriptions of organizational record-keeping practices before the application of computer technology, as well as information on the ways that computers were affecting or changing their record-keeping practices at that time; (3) presentation of the principal findings from the site visits; (4) a discussion of how organizational, legal, and socio-political factors affect the deployment of computer technology; and (5) a discussion of public policy issues in light of the report’s findings and forecasts, including several priority areas for civic action. The report described a “profound public misunderstanding” about the effects of using computers in large-scale record-keeping systems and suggested that U.S. public policy, legislation, and regulation (at that time) had not kept pace with the rapid spread of computer technology and growing public concern. The report also identified a number of policy areas deserving of higher priority by courts and legislatures—for example, citizens’ rights to see and contest the contents of their own records; rules for confidentiality and data sharing; limitations on the unnecessary collection of data; technological safeguards for information systems; and the use of Social Security numbers as universal identifiers. The report went on to suggest that the then-present 1970s was the right time for lawmakers to address many of the public policy, civil liberties, and due process issues being brought to light by changing record-keeping technology. The report has influenced much of the privacy work that has followed it and has been cited extensively, no doubt also informing the policy debate leading up to the passage of the Privacy Act of 1974 (5 U.S.C. Section 552a). 1Alan F. Westin and Michael A. Baker, Databanks in a Free Society: Computers, Record-Keeping and Privacy, Quadrangle Books, New York, 1972. Additional commentary can be found in Alan F. Westin and Michael A. Baker, “Databanks in a Free Society,” ACM SIGCAS Computers and Society 4(1):25-29, 1973.
OCR for page 169
OCR for page 170
Engaging Privacy and Information Technology in a Digital Age 5.4 JUDICIAL DECISIONS Periodically we are reminded of the special benefit we expect to derive from the separation of legislative, administrative, and judicial powers.48 Yet it is clear that the independent decisions and pronouncements of jurists have an enormous influence on the nature of statutory bars and constitutional limits on the actions of public and private actors. It is difficult to characterize the development of privacy policies through the courts as the same sort of process that is seen with regard to federal and state legislatures. Still, the courts have been the focus of political action involving privacy advocates as well as organized interests in search of relief from a statutorily enforced constraint. Public opinion can be expressed in many different ways, ranging from demonstrations in front of the Supreme Court to “friends of the court” amicus briefs, although the U.S. judiciary has long enjoyed relative independence from the vagaries of public opinion. Nevertheless, some believe that public opinion can at the very least pressure members of the judiciary to provide extended rationales for decisions that appear to conflict with popular views.49 It is also difficult to characterize the interactions between legal scholars who engage in extended debates over the meaning and importance of legislative and judicial activities that help to determine the legal status of privacy as a right and abuses as actionable torts. This difficulty extends to the efforts of authoritative bodies, such as the American Law Institute, that have codified the “right of privacy” in successive Restatement(s) of Torts.50 The action of the courts is also important to consider because of their corrective function in the face of executive branch opposition or indifference to the privacy agenda. Such opposition or indifference is rarely manifested in declaratory policy by responsible administration officials but can be seen in a lack of compliance with fair information practices. Under such circumstances, it is generally only the courts that can induce the agency or agencies involved to comply, and individual citizens and privacy advocates have had to sue government agencies in order to ensure that the rights of privacy established under the Privacy Act have meaning in practice.51 48 Jurgen Habermas, Between Facts and Norms: Contributions to a Discourse Theory of Law and Democracy, translated by William Rehg, MIT Press, Cambridge, Mass., 1998. 49 Habermas, Between Facts and Norms, 1998, p. 442. 50 An initial Restatement was published in 1937, but the identification of four separate but ultimately unequal torts was published in 1977, adding weight to the suggestions along these lines offered by William Prosser in 1960 (Cal. L. Rev. 48:383). 51 Flaherty, Protecting Privacy in Surveillance Societies, 1989, p. 315.
OCR for page 171
Engaging Privacy and Information Technology in a Digital Age Individual petitioners in search of relief or compensation for the harms visited upon them by others contribute to the development of the body of laws that are recognized as the torts of privacy. Individuals in pursuit of their own interests have been joined from time to time by “friends of the court” who argue in support of more general principles of law. These advocates may also intervene in the development of case law through their active pursuit of the interests of a broad class of citizens whom they claim to represent. They may act as members of a special interest coalition to challenge the actions of an administrative agency. It is when those decisions reach the Supreme Court that the political nature of the process becomes more clear. Because there are few restraints on the power of the justices to pursue their own ideological perspectives in supporting or opposing the decisions of their colleagues on the Court, the appointment of judges to the Supreme Court is a highly political act. For example, privacy advocate Robert Ellis Smith has argued that the appointment of William Rehnquist to the Court came just in time for him to demonstrate the extent of his opposition to a privacy agenda that had only been hinted at by his testimony before the Senate on presidential powers.52 Somewhat ironically, concerns about the private lives of some nominees to the Court have figured prominently in their review.53 Although political debate addresses one or another competing values, it is rare that the political debate explicitly addresses tradeoffs. Explicit discussion of tradeoffs does often take place during judicial review, where tensions between competing values, such as those between privacy and the freedom of speech, can be made explicit. It is also here that the almost metaphysical “balancing” among incommensurable values is thought to take place.54 5.5 THE FORMULATION OF CORPORATE POLICY While administrative, legislative, and judicial processes are largely open to public scrutiny, the deliberations of business and other private organizations tend to be more hidden behind a wall of proprietary interest.55 As a result, most individuals are relatively uninformed about the 52 Rehnquist’s testimony before the Senate Judiciary Subcommittee on Constitutional Rights is discussed by Robert Ellis Smith, Ben Franklin’s Web Site: Privacy and Curiosity from Plymouth Rock to the Internet, Privacy Journal, Providence, R.I., 2000, pp. 263-275. 53 The cases of Robert Bork and Clarence Thomas are especially relevant because of the privacy concerns that were raised during their consideration. 54 Cass Sunstein, “Incommensurability and Valuation in Law,” pp. 70-107 in C. Sunstein, ed., Free Markets and Social Justice, Oxford University Press, 1997. 55 H. Jeff Smith, Managing Privacy: Information Technology and Corporate America, University of North Carolina Press, 1994.
OCR for page 172
OCR for page 173
OCR for page 174
Engaging Privacy and Information Technology in a Digital Age This page intentionally left blank.
Representative terms from entire chapter: