What They Do Know Can Hurt You
The biggest impact of the Richardson report wasn't in the United States but in Europe. In the years after the report was published, practically every European country passed laws based on these principles. Many created data-protection commissions and commissioners to enforce the laws. Some believe that one reason for Europe's interest in electronic privacy was its experience with Nazi Germany in the thirties and forties. Hitler's secret police used the records of governments and private organizations in the countries he invaded to round up people who posed the greatest threat to German occupation; postwar Europe realized the danger of allowing potentially threatening private information to be collected, even by democratic governments that might be responsive to public opinion.
But here in the United States, the idea of institutionalized data protection faltered. President Jimmy Carter showed interest in improving medical privacy, but he was quickly overtaken by economic and political events. Carter lost the election of 1980 to Ronald Reagan, whose aides saw privacy protection as yet another failed Carter initiative. Although several privacy-protection laws were signed during the Reagan/Bush era, the leadership for these bills came from Congress, not the White House. The lack of leadership stifled any chance of passing a nationwide data-protection act. Such an act would give people the right to know if their name and personal information is stored in a database, to see the information and to demand that incorrect information be removed.
In fact, while most people in the federal government were ignoring the cause of privacy, some were actually pursuing an antiprivacy agenda. In the early eighties, the government initiated numerous "computer matching" programs designed to catch fraud and abuse. Unfortunately, because of erroneous data these programs often penalized innocent people. In 1994 Congress passed the Communications Assistance to Law Enforcement Act, which gave the government dramatic new powers for wiretapping digital communications. In 1996 Congress passed two laws, one requiring states to display Social Security numbers on driver's licenses and another requiring that all medical patients in the United States be issued unique numerical identifiers, even if they pay their own bills. Fortunately, the implementation of those 1996 laws has been delayed, thanks largely to a citizen backlash and the resulting inaction by Congress and the executive branch.
Continuing the assault, both the Bush and Clinton administrations waged an all-out war against the rights of computer users to engage in private and secure communications. Starting in 1991, both administrations floated proposals for use of "Clipper" encryption systems that would have given the government access to encrypted personal communications. Only recently did the Clinton Administration finally relent in its seven-year war against computer privacy. President Clinton also backed the Communications Decency Act (CDA), which made it a crime to transmit sexually explicit information to minors--and, as a result, might have required Internet providers to deploy far-reaching monitoring and censorship systems. When a court in Philadelphia found the CDA unconstitutional, the Clinton Administration appealed the decision all the way to the Supreme Court--and lost.
One important step toward reversing the current direction of government would be to create a permanent federal oversight agency charged with protecting privacy. Such an agency would:
§ Watch over the government's tendency to sacrifice people's privacy for other goals and perform governmentwide reviews of new federal programs for privacy violations before they're launched.
§ Enforce the government's few existing privacy laws.
§ Be a guardian for individual privacy and liberty in the business world, showing businesses how they can protect privacy and profits at the same time.
§ Be an ombudsman for the American public and rein in the worst excesses that our society has created.
Evan Hendricks, editor of the Washington-based newsletter Privacy Times, estimates that a fifty-person privacy-protection agency could be created with an annual budget of less than $5 million--a tiny drop in the federal budget.